cobaltstrike | 9c191efc2a3690d2419117db4ec79fe57e967da3844ba76c5532a2410e73482a

Analysis

max time kernel
150s
max time network
22s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 12:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ebc712128e15101788d0af2805af5cf4
SHA1

5fcac984fd15a087f00b737b0211109ea51b9eb3
SHA256

9c191efc2a3690d2419117db4ec79fe57e967da3844ba76c5532a2410e73482a
SHA512

f494a75a5edb8c743d4e7d8b309302a24b4409ac11b455d5963a86d85e4f97c2fe94e434541cb7736d105352714f5c107ada716d3d5ce88dde8b306e76412f00
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUU:T+q56utgpPF8u/7U

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fd-6.dat	cobalt_reflective_dll
behavioral1/files/0x0011000000019606-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019608-12.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001960a-26.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001961c-32.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019667-36.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019926-56.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d3-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4db-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e4-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ef-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a50b-196.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4f7-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4f1-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ed-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4eb-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e8-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e6-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e2-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e0-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4de-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d9-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d7-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d5-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d1-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cd-102.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cb-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c9-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c7-77.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019c3c-71.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019c34-63.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000196a1-47.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2368-1-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-6.dat	xmrig
behavioral1/memory/1448-9-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x0011000000019606-10.dat	xmrig
behavioral1/memory/2852-14-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019608-12.dat	xmrig
behavioral1/files/0x000700000001960a-26.dat	xmrig
behavioral1/memory/2860-27-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2972-23-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2224-35-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2368-33-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x000700000001961c-32.dat	xmrig
behavioral1/files/0x0006000000019667-36.dat	xmrig
behavioral1/memory/2732-40-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019926-56.dat	xmrig
behavioral1/memory/2568-72-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2368-87-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/1700-88-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2072-86-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/1332-96-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4d3-114.dat	xmrig
behavioral1/files/0x000500000001a4db-136.dat	xmrig
behavioral1/files/0x000500000001a4e4-157.dat	xmrig
behavioral1/files/0x000500000001a4ef-181.dat	xmrig
behavioral1/memory/1332-630-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/1700-449-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/1556-258-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2568-205-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/files/0x000500000001a50b-196.dat	xmrig
behavioral1/files/0x000500000001a4f7-191.dat	xmrig
behavioral1/files/0x000500000001a4f1-186.dat	xmrig
behavioral1/files/0x000500000001a4ed-177.dat	xmrig
behavioral1/files/0x000500000001a4eb-171.dat	xmrig
behavioral1/files/0x000500000001a4e8-167.dat	xmrig
behavioral1/files/0x000500000001a4e6-161.dat	xmrig
behavioral1/files/0x000500000001a4e2-151.dat	xmrig
behavioral1/files/0x000500000001a4e0-147.dat	xmrig
behavioral1/files/0x000500000001a4de-141.dat	xmrig
behavioral1/files/0x000500000001a4d9-132.dat	xmrig
behavioral1/files/0x000500000001a4d7-126.dat	xmrig
behavioral1/files/0x000500000001a4d5-122.dat	xmrig
behavioral1/files/0x000500000001a4d1-112.dat	xmrig
behavioral1/memory/2204-104-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2752-103-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4cd-102.dat	xmrig
behavioral1/memory/2996-95-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4cb-94.dat	xmrig
behavioral1/files/0x000500000001a4c9-85.dat	xmrig
behavioral1/memory/1556-79-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2732-78-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4c7-77.dat	xmrig
behavioral1/files/0x0008000000019c3c-71.dat	xmrig
behavioral1/memory/2752-65-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2860-64-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/files/0x0008000000019c34-63.dat	xmrig
behavioral1/memory/2996-57-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2072-49-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2852-48-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000196a1-47.dat	xmrig
behavioral1/memory/2972-54-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2204-2094-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/1448-3733-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2860-3742-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2852-3739-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1448	xmhnWrR.exe
2852	QkXaotg.exe
2972	weSWipo.exe
2860	cLqNSCP.exe
2224	IYTDqmZ.exe
2732	aIZTkHw.exe
2072	TpoqbUh.exe
2996	hVjznNQ.exe
2752	exKoKmq.exe
2568	jcQJbNX.exe
1556	OwjxpLQ.exe
1700	zazBktS.exe
1332	SBYjBuQ.exe
2204	tMqcYQT.exe
2916	gerpcTZ.exe
1948	ozQKQlD.exe
1256	yoMdePx.exe
2540	XJGaSva.exe
2884	sdHewyB.exe
2016	XiOLcWT.exe
1652	KXxvoJb.exe
2196	hudSozt.exe
2556	GqMALyp.exe
2348	MBMsBwx.exe
2428	reaKYDL.exe
2192	bpNyksY.exe
976	RPoQtAo.exe
2060	fjNzlbC.exe
756	ObZnXRt.exe
2084	dUBYdoj.exe
2636	BEMDmQd.exe
692	mxlqFow.exe
340	HaJqXJX.exe
2384	ezAwyRF.exe
2572	UmMiGSc.exe
2296	HbMPqXY.exe
2228	DStqJRF.exe
2936	wOHevgL.exe
2488	QXtVUHU.exe
1884	SopqUvQ.exe
2352	rXbGokv.exe
2032	lmYsVLG.exe
1748	cLgmagy.exe
1188	jcKqmzt.exe
1968	zrJlhIT.exe
1072	QoeSlTy.exe
2052	VxjkLzF.exe
336	EMuaUZn.exe
1056	lQfKzCq.exe
676	QMhVqBd.exe
2536	xfwUqGL.exe
1584	JaIfVUz.exe
2096	rcfmSaI.exe
1984	gDtbPkO.exe
2712	TUShiOB.exe
3020	QdwsowL.exe
2708	WaBQBcn.exe
2876	Nifctiy.exe
1352	QMHoYyd.exe
2236	VOOQsgA.exe
2164	zhgKJNH.exe
2280	vYqLBIP.exe
948	IudYFEP.exe
2900	DLSzEVA.exe

Loads dropped DLL 64 IoCs

pid	Process
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2368-1-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-6.dat	upx
behavioral1/memory/1448-9-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x0011000000019606-10.dat	upx
behavioral1/memory/2852-14-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x0007000000019608-12.dat	upx
behavioral1/files/0x000700000001960a-26.dat	upx
behavioral1/memory/2860-27-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2972-23-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2224-35-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2368-33-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x000700000001961c-32.dat	upx
behavioral1/files/0x0006000000019667-36.dat	upx
behavioral1/memory/2732-40-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x0006000000019926-56.dat	upx
behavioral1/memory/2568-72-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/1700-88-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2072-86-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/1332-96-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/files/0x000500000001a4d3-114.dat	upx
behavioral1/files/0x000500000001a4db-136.dat	upx
behavioral1/files/0x000500000001a4e4-157.dat	upx
behavioral1/files/0x000500000001a4ef-181.dat	upx
behavioral1/memory/1332-630-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/1700-449-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/1556-258-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2568-205-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/files/0x000500000001a50b-196.dat	upx
behavioral1/files/0x000500000001a4f7-191.dat	upx
behavioral1/files/0x000500000001a4f1-186.dat	upx
behavioral1/files/0x000500000001a4ed-177.dat	upx
behavioral1/files/0x000500000001a4eb-171.dat	upx
behavioral1/files/0x000500000001a4e8-167.dat	upx
behavioral1/files/0x000500000001a4e6-161.dat	upx
behavioral1/files/0x000500000001a4e2-151.dat	upx
behavioral1/files/0x000500000001a4e0-147.dat	upx
behavioral1/files/0x000500000001a4de-141.dat	upx
behavioral1/files/0x000500000001a4d9-132.dat	upx
behavioral1/files/0x000500000001a4d7-126.dat	upx
behavioral1/files/0x000500000001a4d5-122.dat	upx
behavioral1/files/0x000500000001a4d1-112.dat	upx
behavioral1/memory/2204-104-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2752-103-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x000500000001a4cd-102.dat	upx
behavioral1/memory/2996-95-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x000500000001a4cb-94.dat	upx
behavioral1/files/0x000500000001a4c9-85.dat	upx
behavioral1/memory/1556-79-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2732-78-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x000500000001a4c7-77.dat	upx
behavioral1/files/0x0008000000019c3c-71.dat	upx
behavioral1/memory/2752-65-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2860-64-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/files/0x0008000000019c34-63.dat	upx
behavioral1/memory/2996-57-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2072-49-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2852-48-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x00060000000196a1-47.dat	upx
behavioral1/memory/2972-54-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2204-2094-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/1448-3733-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2860-3742-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2852-3739-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2972-3748-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\oFDljVL.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\USxhazd.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qNekMDl.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KeNSfJB.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GMNzbGz.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HaJqXJX.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JJeGssR.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DUfsZyI.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ENjjdng.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZuiVuok.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JLMZjKZ.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FuQIHNB.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WctLXWP.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MnMSpIk.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbjLWpk.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iYVAFnJ.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpVIseP.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VrRBDin.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FcSlVtj.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pmoKsxu.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\evrrLqT.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aiFqrih.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sPBgUXG.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MLneAQR.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LKPICpr.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xnGprYe.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ytSWNWt.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmpFyJo.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UIscYin.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BnbIORl.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mHoFART.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OKLQGWB.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZiYduOs.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mjlKEJa.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DfKpyNZ.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yPnmZoG.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nFyzAyT.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjGGbYQ.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gRLZgvi.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zIQDSgp.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGWfzIC.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UyGTOLR.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fIEaDbx.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgIprTV.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vTjylXQ.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YFRxJyu.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VWjTYxg.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWSxUqm.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQOOEYi.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AkQtSWW.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MGbFsOK.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uyJQeWL.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ivSYxLO.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHbKNxx.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OvpFsno.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hMQsfxO.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLcsqOY.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UihWNAy.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KpHrZIw.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KAYGQZz.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GHPLuHW.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TCxcAVJ.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mvlIcVh.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WCAAaLm.exe	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 1448	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2368 wrote to memory of 1448	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2368 wrote to memory of 1448	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2368 wrote to memory of 2852	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2368 wrote to memory of 2852	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2368 wrote to memory of 2852	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2368 wrote to memory of 2972	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2368 wrote to memory of 2972	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2368 wrote to memory of 2972	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2368 wrote to memory of 2860	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2368 wrote to memory of 2860	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2368 wrote to memory of 2860	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2368 wrote to memory of 2224	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2368 wrote to memory of 2224	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2368 wrote to memory of 2224	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2368 wrote to memory of 2732	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2368 wrote to memory of 2732	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2368 wrote to memory of 2732	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2368 wrote to memory of 2072	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2368 wrote to memory of 2072	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2368 wrote to memory of 2072	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2368 wrote to memory of 2996	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2368 wrote to memory of 2996	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2368 wrote to memory of 2996	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2368 wrote to memory of 2752	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2368 wrote to memory of 2752	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2368 wrote to memory of 2752	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2368 wrote to memory of 2568	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2368 wrote to memory of 2568	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2368 wrote to memory of 2568	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2368 wrote to memory of 1556	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2368 wrote to memory of 1556	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2368 wrote to memory of 1556	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2368 wrote to memory of 1700	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2368 wrote to memory of 1700	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2368 wrote to memory of 1700	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2368 wrote to memory of 1332	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2368 wrote to memory of 1332	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2368 wrote to memory of 1332	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2368 wrote to memory of 2204	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2368 wrote to memory of 2204	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2368 wrote to memory of 2204	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2368 wrote to memory of 2916	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2368 wrote to memory of 2916	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2368 wrote to memory of 2916	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2368 wrote to memory of 1948	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2368 wrote to memory of 1948	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2368 wrote to memory of 1948	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2368 wrote to memory of 1256	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2368 wrote to memory of 1256	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2368 wrote to memory of 1256	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2368 wrote to memory of 2540	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2368 wrote to memory of 2540	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2368 wrote to memory of 2540	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2368 wrote to memory of 2884	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2368 wrote to memory of 2884	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2368 wrote to memory of 2884	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2368 wrote to memory of 2016	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2368 wrote to memory of 2016	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2368 wrote to memory of 2016	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2368 wrote to memory of 1652	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2368 wrote to memory of 1652	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2368 wrote to memory of 1652	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2368 wrote to memory of 2196	2368	2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_ebc712128e15101788d0af2805af5cf4_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\System\xmhnWrR.exe
  C:\Windows\System\xmhnWrR.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\QkXaotg.exe
  C:\Windows\System\QkXaotg.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\weSWipo.exe
  C:\Windows\System\weSWipo.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\cLqNSCP.exe
  C:\Windows\System\cLqNSCP.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\IYTDqmZ.exe
  C:\Windows\System\IYTDqmZ.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\aIZTkHw.exe
  C:\Windows\System\aIZTkHw.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\TpoqbUh.exe
  C:\Windows\System\TpoqbUh.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\hVjznNQ.exe
  C:\Windows\System\hVjznNQ.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\exKoKmq.exe
  C:\Windows\System\exKoKmq.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\jcQJbNX.exe
  C:\Windows\System\jcQJbNX.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\OwjxpLQ.exe
  C:\Windows\System\OwjxpLQ.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\zazBktS.exe
  C:\Windows\System\zazBktS.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\SBYjBuQ.exe
  C:\Windows\System\SBYjBuQ.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\tMqcYQT.exe
  C:\Windows\System\tMqcYQT.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\gerpcTZ.exe
  C:\Windows\System\gerpcTZ.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\ozQKQlD.exe
  C:\Windows\System\ozQKQlD.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\yoMdePx.exe
  C:\Windows\System\yoMdePx.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\XJGaSva.exe
  C:\Windows\System\XJGaSva.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\sdHewyB.exe
  C:\Windows\System\sdHewyB.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\XiOLcWT.exe
  C:\Windows\System\XiOLcWT.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\KXxvoJb.exe
  C:\Windows\System\KXxvoJb.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\hudSozt.exe
  C:\Windows\System\hudSozt.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\GqMALyp.exe
  C:\Windows\System\GqMALyp.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\MBMsBwx.exe
  C:\Windows\System\MBMsBwx.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\reaKYDL.exe
  C:\Windows\System\reaKYDL.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\bpNyksY.exe
  C:\Windows\System\bpNyksY.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\RPoQtAo.exe
  C:\Windows\System\RPoQtAo.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\fjNzlbC.exe
  C:\Windows\System\fjNzlbC.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\ObZnXRt.exe
  C:\Windows\System\ObZnXRt.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\dUBYdoj.exe
  C:\Windows\System\dUBYdoj.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\BEMDmQd.exe
  C:\Windows\System\BEMDmQd.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\mxlqFow.exe
  C:\Windows\System\mxlqFow.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\HaJqXJX.exe
  C:\Windows\System\HaJqXJX.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\ezAwyRF.exe
  C:\Windows\System\ezAwyRF.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\UmMiGSc.exe
  C:\Windows\System\UmMiGSc.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\HbMPqXY.exe
  C:\Windows\System\HbMPqXY.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\DStqJRF.exe
  C:\Windows\System\DStqJRF.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\wOHevgL.exe
  C:\Windows\System\wOHevgL.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\QXtVUHU.exe
  C:\Windows\System\QXtVUHU.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\SopqUvQ.exe
  C:\Windows\System\SopqUvQ.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\rXbGokv.exe
  C:\Windows\System\rXbGokv.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\lmYsVLG.exe
  C:\Windows\System\lmYsVLG.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\cLgmagy.exe
  C:\Windows\System\cLgmagy.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\jcKqmzt.exe
  C:\Windows\System\jcKqmzt.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\zrJlhIT.exe
  C:\Windows\System\zrJlhIT.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\QoeSlTy.exe
  C:\Windows\System\QoeSlTy.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\VxjkLzF.exe
  C:\Windows\System\VxjkLzF.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\EMuaUZn.exe
  C:\Windows\System\EMuaUZn.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\lQfKzCq.exe
  C:\Windows\System\lQfKzCq.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\QMhVqBd.exe
  C:\Windows\System\QMhVqBd.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\xfwUqGL.exe
  C:\Windows\System\xfwUqGL.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\JaIfVUz.exe
  C:\Windows\System\JaIfVUz.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\rcfmSaI.exe
  C:\Windows\System\rcfmSaI.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\gDtbPkO.exe
  C:\Windows\System\gDtbPkO.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\TUShiOB.exe
  C:\Windows\System\TUShiOB.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\QdwsowL.exe
  C:\Windows\System\QdwsowL.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\WaBQBcn.exe
  C:\Windows\System\WaBQBcn.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\Nifctiy.exe
  C:\Windows\System\Nifctiy.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\QMHoYyd.exe
  C:\Windows\System\QMHoYyd.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\VOOQsgA.exe
  C:\Windows\System\VOOQsgA.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\zhgKJNH.exe
  C:\Windows\System\zhgKJNH.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\vYqLBIP.exe
  C:\Windows\System\vYqLBIP.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\IudYFEP.exe
  C:\Windows\System\IudYFEP.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\DLSzEVA.exe
  C:\Windows\System\DLSzEVA.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\CivllVv.exe
  C:\Windows\System\CivllVv.exe
  2⤵
  PID:760
- C:\Windows\System\QfWdStH.exe
  C:\Windows\System\QfWdStH.exe
  2⤵
  PID:2396
- C:\Windows\System\cZghvkx.exe
  C:\Windows\System\cZghvkx.exe
  2⤵
  PID:1880
- C:\Windows\System\CHXwjNG.exe
  C:\Windows\System\CHXwjNG.exe
  2⤵
  PID:2988
- C:\Windows\System\iMIePkH.exe
  C:\Windows\System\iMIePkH.exe
  2⤵
  PID:1040
- C:\Windows\System\mcKWkzQ.exe
  C:\Windows\System\mcKWkzQ.exe
  2⤵
  PID:1648
- C:\Windows\System\MoiTILU.exe
  C:\Windows\System\MoiTILU.exe
  2⤵
  PID:2504
- C:\Windows\System\ajLUEIx.exe
  C:\Windows\System\ajLUEIx.exe
  2⤵
  PID:1512
- C:\Windows\System\xnGprYe.exe
  C:\Windows\System\xnGprYe.exe
  2⤵
  PID:1516
- C:\Windows\System\FveytCM.exe
  C:\Windows\System\FveytCM.exe
  2⤵
  PID:1768
- C:\Windows\System\WiFtLWp.exe
  C:\Windows\System\WiFtLWp.exe
  2⤵
  PID:2100
- C:\Windows\System\eAcJwvZ.exe
  C:\Windows\System\eAcJwvZ.exe
  2⤵
  PID:1704
- C:\Windows\System\uCzCiOl.exe
  C:\Windows\System\uCzCiOl.exe
  2⤵
  PID:1368
- C:\Windows\System\AtskEer.exe
  C:\Windows\System\AtskEer.exe
  2⤵
  PID:2516
- C:\Windows\System\GBalQKc.exe
  C:\Windows\System\GBalQKc.exe
  2⤵
  PID:764
- C:\Windows\System\CBOKteS.exe
  C:\Windows\System\CBOKteS.exe
  2⤵
  PID:1896
- C:\Windows\System\vNRsnlC.exe
  C:\Windows\System\vNRsnlC.exe
  2⤵
  PID:376
- C:\Windows\System\FbhNqOV.exe
  C:\Windows\System\FbhNqOV.exe
  2⤵
  PID:872
- C:\Windows\System\wJtmoNT.exe
  C:\Windows\System\wJtmoNT.exe
  2⤵
  PID:1964
- C:\Windows\System\hMQpROX.exe
  C:\Windows\System\hMQpROX.exe
  2⤵
  PID:1548
- C:\Windows\System\RYwRmbL.exe
  C:\Windows\System\RYwRmbL.exe
  2⤵
  PID:2848
- C:\Windows\System\uWhSZpX.exe
  C:\Windows\System\uWhSZpX.exe
  2⤵
  PID:2728
- C:\Windows\System\FKCfqIL.exe
  C:\Windows\System\FKCfqIL.exe
  2⤵
  PID:2840
- C:\Windows\System\aqmZoYZ.exe
  C:\Windows\System\aqmZoYZ.exe
  2⤵
  PID:2820
- C:\Windows\System\gVhgLNP.exe
  C:\Windows\System\gVhgLNP.exe
  2⤵
  PID:404
- C:\Windows\System\HcTXxYO.exe
  C:\Windows\System\HcTXxYO.exe
  2⤵
  PID:2804
- C:\Windows\System\AcxoiOO.exe
  C:\Windows\System\AcxoiOO.exe
  2⤵
  PID:1288
- C:\Windows\System\sWupwxG.exe
  C:\Windows\System\sWupwxG.exe
  2⤵
  PID:2012
- C:\Windows\System\nDjNrHx.exe
  C:\Windows\System\nDjNrHx.exe
  2⤵
  PID:2888
- C:\Windows\System\NSfWcyY.exe
  C:\Windows\System\NSfWcyY.exe
  2⤵
  PID:2336
- C:\Windows\System\QTZpkPP.exe
  C:\Windows\System\QTZpkPP.exe
  2⤵
  PID:824
- C:\Windows\System\wqYBbNZ.exe
  C:\Windows\System\wqYBbNZ.exe
  2⤵
  PID:1612
- C:\Windows\System\MByYjwl.exe
  C:\Windows\System\MByYjwl.exe
  2⤵
  PID:1416
- C:\Windows\System\jGTBbvU.exe
  C:\Windows\System\jGTBbvU.exe
  2⤵
  PID:2668
- C:\Windows\System\ytSWNWt.exe
  C:\Windows\System\ytSWNWt.exe
  2⤵
  PID:2964
- C:\Windows\System\SiEFdSb.exe
  C:\Windows\System\SiEFdSb.exe
  2⤵
  PID:2500
- C:\Windows\System\UbLUiaa.exe
  C:\Windows\System\UbLUiaa.exe
  2⤵
  PID:1228
- C:\Windows\System\cFPBFjG.exe
  C:\Windows\System\cFPBFjG.exe
  2⤵
  PID:548
- C:\Windows\System\bTAngMt.exe
  C:\Windows\System\bTAngMt.exe
  2⤵
  PID:1580
- C:\Windows\System\gaYDkLy.exe
  C:\Windows\System\gaYDkLy.exe
  2⤵
  PID:2436
- C:\Windows\System\hvQAEUY.exe
  C:\Windows\System\hvQAEUY.exe
  2⤵
  PID:2984
- C:\Windows\System\yWUoEUu.exe
  C:\Windows\System\yWUoEUu.exe
  2⤵
  PID:2212
- C:\Windows\System\riHFoXh.exe
  C:\Windows\System\riHFoXh.exe
  2⤵
  PID:1604
- C:\Windows\System\BWUcCTW.exe
  C:\Windows\System\BWUcCTW.exe
  2⤵
  PID:1932
- C:\Windows\System\AoEBslh.exe
  C:\Windows\System\AoEBslh.exe
  2⤵
  PID:2200
- C:\Windows\System\wGBDZLc.exe
  C:\Windows\System\wGBDZLc.exe
  2⤵
  PID:3088
- C:\Windows\System\wCQsYeo.exe
  C:\Windows\System\wCQsYeo.exe
  2⤵
  PID:3108
- C:\Windows\System\ZRUJZBc.exe
  C:\Windows\System\ZRUJZBc.exe
  2⤵
  PID:3128
- C:\Windows\System\XPSMRIS.exe
  C:\Windows\System\XPSMRIS.exe
  2⤵
  PID:3148
- C:\Windows\System\fCghZRk.exe
  C:\Windows\System\fCghZRk.exe
  2⤵
  PID:3168
- C:\Windows\System\WLntpez.exe
  C:\Windows\System\WLntpez.exe
  2⤵
  PID:3192
- C:\Windows\System\vwoogMP.exe
  C:\Windows\System\vwoogMP.exe
  2⤵
  PID:3216
- C:\Windows\System\szPiYTu.exe
  C:\Windows\System\szPiYTu.exe
  2⤵
  PID:3236
- C:\Windows\System\SnQCmXI.exe
  C:\Windows\System\SnQCmXI.exe
  2⤵
  PID:3256
- C:\Windows\System\QpQhBKh.exe
  C:\Windows\System\QpQhBKh.exe
  2⤵
  PID:3276
- C:\Windows\System\wGOpOZM.exe
  C:\Windows\System\wGOpOZM.exe
  2⤵
  PID:3296
- C:\Windows\System\SvJIQAR.exe
  C:\Windows\System\SvJIQAR.exe
  2⤵
  PID:3316
- C:\Windows\System\RfHkuhj.exe
  C:\Windows\System\RfHkuhj.exe
  2⤵
  PID:3336
- C:\Windows\System\pgiXKft.exe
  C:\Windows\System\pgiXKft.exe
  2⤵
  PID:3356
- C:\Windows\System\dHAQyxq.exe
  C:\Windows\System\dHAQyxq.exe
  2⤵
  PID:3376
- C:\Windows\System\WBGEXUQ.exe
  C:\Windows\System\WBGEXUQ.exe
  2⤵
  PID:3396
- C:\Windows\System\qbITzQd.exe
  C:\Windows\System\qbITzQd.exe
  2⤵
  PID:3416
- C:\Windows\System\MglRUjx.exe
  C:\Windows\System\MglRUjx.exe
  2⤵
  PID:3436
- C:\Windows\System\ZqXweJD.exe
  C:\Windows\System\ZqXweJD.exe
  2⤵
  PID:3456
- C:\Windows\System\eEPTDoR.exe
  C:\Windows\System\eEPTDoR.exe
  2⤵
  PID:3476
- C:\Windows\System\TPSGBhf.exe
  C:\Windows\System\TPSGBhf.exe
  2⤵
  PID:3496
- C:\Windows\System\sQViAlQ.exe
  C:\Windows\System\sQViAlQ.exe
  2⤵
  PID:3516
- C:\Windows\System\JFquPNW.exe
  C:\Windows\System\JFquPNW.exe
  2⤵
  PID:3536
- C:\Windows\System\ufArhki.exe
  C:\Windows\System\ufArhki.exe
  2⤵
  PID:3556
- C:\Windows\System\bapwymD.exe
  C:\Windows\System\bapwymD.exe
  2⤵
  PID:3576
- C:\Windows\System\ZdOqvyv.exe
  C:\Windows\System\ZdOqvyv.exe
  2⤵
  PID:3596
- C:\Windows\System\tuGnGRH.exe
  C:\Windows\System\tuGnGRH.exe
  2⤵
  PID:3616
- C:\Windows\System\NrgISDm.exe
  C:\Windows\System\NrgISDm.exe
  2⤵
  PID:3636
- C:\Windows\System\JhghcKr.exe
  C:\Windows\System\JhghcKr.exe
  2⤵
  PID:3656
- C:\Windows\System\okqatbn.exe
  C:\Windows\System\okqatbn.exe
  2⤵
  PID:3676
- C:\Windows\System\OLLdjtE.exe
  C:\Windows\System\OLLdjtE.exe
  2⤵
  PID:3696
- C:\Windows\System\AgeustP.exe
  C:\Windows\System\AgeustP.exe
  2⤵
  PID:3716
- C:\Windows\System\CEIHTjk.exe
  C:\Windows\System\CEIHTjk.exe
  2⤵
  PID:3736
- C:\Windows\System\styhDuL.exe
  C:\Windows\System\styhDuL.exe
  2⤵
  PID:3756
- C:\Windows\System\yQubHVS.exe
  C:\Windows\System\yQubHVS.exe
  2⤵
  PID:3776
- C:\Windows\System\BMDvWnD.exe
  C:\Windows\System\BMDvWnD.exe
  2⤵
  PID:3796
- C:\Windows\System\VZnFvic.exe
  C:\Windows\System\VZnFvic.exe
  2⤵
  PID:3816
- C:\Windows\System\rVsktqD.exe
  C:\Windows\System\rVsktqD.exe
  2⤵
  PID:3840
- C:\Windows\System\PxENVbH.exe
  C:\Windows\System\PxENVbH.exe
  2⤵
  PID:3856
- C:\Windows\System\GaivUoF.exe
  C:\Windows\System\GaivUoF.exe
  2⤵
  PID:3880
- C:\Windows\System\nlyRGYB.exe
  C:\Windows\System\nlyRGYB.exe
  2⤵
  PID:3896
- C:\Windows\System\YkVIwHe.exe
  C:\Windows\System\YkVIwHe.exe
  2⤵
  PID:3916
- C:\Windows\System\XTsPAza.exe
  C:\Windows\System\XTsPAza.exe
  2⤵
  PID:3936
- C:\Windows\System\aDOeRwz.exe
  C:\Windows\System\aDOeRwz.exe
  2⤵
  PID:3964
- C:\Windows\System\SeMCbSZ.exe
  C:\Windows\System\SeMCbSZ.exe
  2⤵
  PID:3984
- C:\Windows\System\ISuSPmp.exe
  C:\Windows\System\ISuSPmp.exe
  2⤵
  PID:4004
- C:\Windows\System\vPEfGHk.exe
  C:\Windows\System\vPEfGHk.exe
  2⤵
  PID:4024
- C:\Windows\System\fvJIznD.exe
  C:\Windows\System\fvJIznD.exe
  2⤵
  PID:4044
- C:\Windows\System\aPivWIU.exe
  C:\Windows\System\aPivWIU.exe
  2⤵
  PID:4064
- C:\Windows\System\AYPWECB.exe
  C:\Windows\System\AYPWECB.exe
  2⤵
  PID:4084
- C:\Windows\System\JnOduhX.exe
  C:\Windows\System\JnOduhX.exe
  2⤵
  PID:1020
- C:\Windows\System\NettrjG.exe
  C:\Windows\System\NettrjG.exe
  2⤵
  PID:1640
- C:\Windows\System\oqbGYfh.exe
  C:\Windows\System\oqbGYfh.exe
  2⤵
  PID:1408
- C:\Windows\System\uMTLQUt.exe
  C:\Windows\System\uMTLQUt.exe
  2⤵
  PID:980
- C:\Windows\System\FjuOqKi.exe
  C:\Windows\System\FjuOqKi.exe
  2⤵
  PID:1724
- C:\Windows\System\AlNPgVX.exe
  C:\Windows\System\AlNPgVX.exe
  2⤵
  PID:1892
- C:\Windows\System\VGdXZvR.exe
  C:\Windows\System\VGdXZvR.exe
  2⤵
  PID:3012
- C:\Windows\System\ulhwrQC.exe
  C:\Windows\System\ulhwrQC.exe
  2⤵
  PID:2000
- C:\Windows\System\MtreUBd.exe
  C:\Windows\System\MtreUBd.exe
  2⤵
  PID:1656
- C:\Windows\System\DomNXcC.exe
  C:\Windows\System\DomNXcC.exe
  2⤵
  PID:3076
- C:\Windows\System\WXDpfSz.exe
  C:\Windows\System\WXDpfSz.exe
  2⤵
  PID:3080
- C:\Windows\System\AOiJGbP.exe
  C:\Windows\System\AOiJGbP.exe
  2⤵
  PID:3124
- C:\Windows\System\PXXFgPf.exe
  C:\Windows\System\PXXFgPf.exe
  2⤵
  PID:3184
- C:\Windows\System\wFOiRNH.exe
  C:\Windows\System\wFOiRNH.exe
  2⤵
  PID:2360
- C:\Windows\System\GjCwoPG.exe
  C:\Windows\System\GjCwoPG.exe
  2⤵
  PID:3228
- C:\Windows\System\vyAkMun.exe
  C:\Windows\System\vyAkMun.exe
  2⤵
  PID:3268
- C:\Windows\System\FirVHLf.exe
  C:\Windows\System\FirVHLf.exe
  2⤵
  PID:3312
- C:\Windows\System\ZRXKWmL.exe
  C:\Windows\System\ZRXKWmL.exe
  2⤵
  PID:3328
- C:\Windows\System\twOaceN.exe
  C:\Windows\System\twOaceN.exe
  2⤵
  PID:3392
- C:\Windows\System\WgBbJwP.exe
  C:\Windows\System\WgBbJwP.exe
  2⤵
  PID:3424
- C:\Windows\System\prXcpFv.exe
  C:\Windows\System\prXcpFv.exe
  2⤵
  PID:3464
- C:\Windows\System\tPzzjCr.exe
  C:\Windows\System\tPzzjCr.exe
  2⤵
  PID:3188
- C:\Windows\System\IpoRkNG.exe
  C:\Windows\System\IpoRkNG.exe
  2⤵
  PID:3492
- C:\Windows\System\SYJYebm.exe
  C:\Windows\System\SYJYebm.exe
  2⤵
  PID:3544
- C:\Windows\System\GTcHsNP.exe
  C:\Windows\System\GTcHsNP.exe
  2⤵
  PID:3592
- C:\Windows\System\yCHjuMi.exe
  C:\Windows\System\yCHjuMi.exe
  2⤵
  PID:3628
- C:\Windows\System\LjHFcrh.exe
  C:\Windows\System\LjHFcrh.exe
  2⤵
  PID:3608
- C:\Windows\System\BIRQLez.exe
  C:\Windows\System\BIRQLez.exe
  2⤵
  PID:3672
- C:\Windows\System\dNmeQha.exe
  C:\Windows\System\dNmeQha.exe
  2⤵
  PID:3692
- C:\Windows\System\fxzRixu.exe
  C:\Windows\System\fxzRixu.exe
  2⤵
  PID:3724
- C:\Windows\System\plIqMEv.exe
  C:\Windows\System\plIqMEv.exe
  2⤵
  PID:3788
- C:\Windows\System\sUvSCun.exe
  C:\Windows\System\sUvSCun.exe
  2⤵
  PID:3804
- C:\Windows\System\txXehwF.exe
  C:\Windows\System\txXehwF.exe
  2⤵
  PID:3864
- C:\Windows\System\kokbrgu.exe
  C:\Windows\System\kokbrgu.exe
  2⤵
  PID:3852
- C:\Windows\System\VGNcYWZ.exe
  C:\Windows\System\VGNcYWZ.exe
  2⤵
  PID:3944
- C:\Windows\System\dnWTZgk.exe
  C:\Windows\System\dnWTZgk.exe
  2⤵
  PID:3960
- C:\Windows\System\xpzzCcB.exe
  C:\Windows\System\xpzzCcB.exe
  2⤵
  PID:3980
- C:\Windows\System\RzwYHOn.exe
  C:\Windows\System\RzwYHOn.exe
  2⤵
  PID:4020
- C:\Windows\System\gSGBwKF.exe
  C:\Windows\System\gSGBwKF.exe
  2⤵
  PID:4052
- C:\Windows\System\vAEVNwR.exe
  C:\Windows\System\vAEVNwR.exe
  2⤵
  PID:4076
- C:\Windows\System\fIwOVUn.exe
  C:\Windows\System\fIwOVUn.exe
  2⤵
  PID:1616
- C:\Windows\System\edrzJhR.exe
  C:\Windows\System\edrzJhR.exe
  2⤵
  PID:2472
- C:\Windows\System\soxczIL.exe
  C:\Windows\System\soxczIL.exe
  2⤵
  PID:1240
- C:\Windows\System\ZayVELH.exe
  C:\Windows\System\ZayVELH.exe
  2⤵
  PID:3952
- C:\Windows\System\LFnbRzb.exe
  C:\Windows\System\LFnbRzb.exe
  2⤵
  PID:2564
- C:\Windows\System\ldkveWm.exe
  C:\Windows\System\ldkveWm.exe
  2⤵
  PID:2520
- C:\Windows\System\mpSWlRb.exe
  C:\Windows\System\mpSWlRb.exe
  2⤵
  PID:3140
- C:\Windows\System\vgAkQKK.exe
  C:\Windows\System\vgAkQKK.exe
  2⤵
  PID:3180
- C:\Windows\System\lTLCxqE.exe
  C:\Windows\System\lTLCxqE.exe
  2⤵
  PID:3264
- C:\Windows\System\DcjIcNH.exe
  C:\Windows\System\DcjIcNH.exe
  2⤵
  PID:3344
- C:\Windows\System\IoFKBFG.exe
  C:\Windows\System\IoFKBFG.exe
  2⤵
  PID:3324
- C:\Windows\System\cCSnTBE.exe
  C:\Windows\System\cCSnTBE.exe
  2⤵
  PID:3372
- C:\Windows\System\CItxXbL.exe
  C:\Windows\System\CItxXbL.exe
  2⤵
  PID:3412
- C:\Windows\System\FvPLsaU.exe
  C:\Windows\System\FvPLsaU.exe
  2⤵
  PID:3504
- C:\Windows\System\aGWfJrf.exe
  C:\Windows\System\aGWfJrf.exe
  2⤵
  PID:3584
- C:\Windows\System\pBPVZuI.exe
  C:\Windows\System\pBPVZuI.exe
  2⤵
  PID:3644
- C:\Windows\System\qVZmlYi.exe
  C:\Windows\System\qVZmlYi.exe
  2⤵
  PID:3684
- C:\Windows\System\RjdKaaS.exe
  C:\Windows\System\RjdKaaS.exe
  2⤵
  PID:3752
- C:\Windows\System\UluSKyG.exe
  C:\Windows\System\UluSKyG.exe
  2⤵
  PID:3824
- C:\Windows\System\gEDhOEF.exe
  C:\Windows\System\gEDhOEF.exe
  2⤵
  PID:3848
- C:\Windows\System\FznLrqP.exe
  C:\Windows\System\FznLrqP.exe
  2⤵
  PID:3908
- C:\Windows\System\eXaFvmy.exe
  C:\Windows\System\eXaFvmy.exe
  2⤵
  PID:3992
- C:\Windows\System\oyfTfdX.exe
  C:\Windows\System\oyfTfdX.exe
  2⤵
  PID:4032
- C:\Windows\System\wMHxQdj.exe
  C:\Windows\System\wMHxQdj.exe
  2⤵
  PID:4056
- C:\Windows\System\IkZZxvU.exe
  C:\Windows\System\IkZZxvU.exe
  2⤵
  PID:2140
- C:\Windows\System\XiRhgGH.exe
  C:\Windows\System\XiRhgGH.exe
  2⤵
  PID:576
- C:\Windows\System\KNqVZRs.exe
  C:\Windows\System\KNqVZRs.exe
  2⤵
  PID:2952
- C:\Windows\System\tzQmYJC.exe
  C:\Windows\System\tzQmYJC.exe
  2⤵
  PID:3136
- C:\Windows\System\tqeDKhh.exe
  C:\Windows\System\tqeDKhh.exe
  2⤵
  PID:3200
- C:\Windows\System\WSTPiWz.exe
  C:\Windows\System\WSTPiWz.exe
  2⤵
  PID:2832
- C:\Windows\System\aKkoLHf.exe
  C:\Windows\System\aKkoLHf.exe
  2⤵
  PID:3304
- C:\Windows\System\TNoRABG.exe
  C:\Windows\System\TNoRABG.exe
  2⤵
  PID:3404
- C:\Windows\System\szWzJtK.exe
  C:\Windows\System\szWzJtK.exe
  2⤵
  PID:3512
- C:\Windows\System\OnWWMBj.exe
  C:\Windows\System\OnWWMBj.exe
  2⤵
  PID:3564
- C:\Windows\System\cwerSrv.exe
  C:\Windows\System\cwerSrv.exe
  2⤵
  PID:3748
- C:\Windows\System\NaAmiyW.exe
  C:\Windows\System\NaAmiyW.exe
  2⤵
  PID:3792
- C:\Windows\System\CGoJJIg.exe
  C:\Windows\System\CGoJJIg.exe
  2⤵
  PID:3772
- C:\Windows\System\azNkVPs.exe
  C:\Windows\System\azNkVPs.exe
  2⤵
  PID:3924
- C:\Windows\System\HVcQZHo.exe
  C:\Windows\System\HVcQZHo.exe
  2⤵
  PID:4080
- C:\Windows\System\qAMuzOl.exe
  C:\Windows\System\qAMuzOl.exe
  2⤵
  PID:1472
- C:\Windows\System\vTVKhjo.exe
  C:\Windows\System\vTVKhjo.exe
  2⤵
  PID:1628
- C:\Windows\System\IFpHNEH.exe
  C:\Windows\System\IFpHNEH.exe
  2⤵
  PID:1924
- C:\Windows\System\ZzsnEyf.exe
  C:\Windows\System\ZzsnEyf.exe
  2⤵
  PID:3232
- C:\Windows\System\BQSnFcm.exe
  C:\Windows\System\BQSnFcm.exe
  2⤵
  PID:4104
- C:\Windows\System\xZPIkaL.exe
  C:\Windows\System\xZPIkaL.exe
  2⤵
  PID:4120
- C:\Windows\System\MnmurQh.exe
  C:\Windows\System\MnmurQh.exe
  2⤵
  PID:4144
- C:\Windows\System\CcuvAwz.exe
  C:\Windows\System\CcuvAwz.exe
  2⤵
  PID:4164
- C:\Windows\System\IurqKwS.exe
  C:\Windows\System\IurqKwS.exe
  2⤵
  PID:4184
- C:\Windows\System\HkFLUzD.exe
  C:\Windows\System\HkFLUzD.exe
  2⤵
  PID:4204
- C:\Windows\System\bTrdeFD.exe
  C:\Windows\System\bTrdeFD.exe
  2⤵
  PID:4224
- C:\Windows\System\sAyTvCQ.exe
  C:\Windows\System\sAyTvCQ.exe
  2⤵
  PID:4244
- C:\Windows\System\EEsRibO.exe
  C:\Windows\System\EEsRibO.exe
  2⤵
  PID:4264
- C:\Windows\System\mpXIzpP.exe
  C:\Windows\System\mpXIzpP.exe
  2⤵
  PID:4284
- C:\Windows\System\vqdKhdW.exe
  C:\Windows\System\vqdKhdW.exe
  2⤵
  PID:4304
- C:\Windows\System\xlCkkcN.exe
  C:\Windows\System\xlCkkcN.exe
  2⤵
  PID:4324
- C:\Windows\System\hLqlCJI.exe
  C:\Windows\System\hLqlCJI.exe
  2⤵
  PID:4344
- C:\Windows\System\YYvihhM.exe
  C:\Windows\System\YYvihhM.exe
  2⤵
  PID:4364
- C:\Windows\System\WnHPSfH.exe
  C:\Windows\System\WnHPSfH.exe
  2⤵
  PID:4384
- C:\Windows\System\AeknUBZ.exe
  C:\Windows\System\AeknUBZ.exe
  2⤵
  PID:4404
- C:\Windows\System\aiPyMaC.exe
  C:\Windows\System\aiPyMaC.exe
  2⤵
  PID:4428
- C:\Windows\System\ybuTfIH.exe
  C:\Windows\System\ybuTfIH.exe
  2⤵
  PID:4448
- C:\Windows\System\bfTfKSl.exe
  C:\Windows\System\bfTfKSl.exe
  2⤵
  PID:4468
- C:\Windows\System\dJIazFv.exe
  C:\Windows\System\dJIazFv.exe
  2⤵
  PID:4488
- C:\Windows\System\tZEbmPH.exe
  C:\Windows\System\tZEbmPH.exe
  2⤵
  PID:4508
- C:\Windows\System\LajXAFZ.exe
  C:\Windows\System\LajXAFZ.exe
  2⤵
  PID:4528
- C:\Windows\System\HOINpPQ.exe
  C:\Windows\System\HOINpPQ.exe
  2⤵
  PID:4548
- C:\Windows\System\WnKBbAp.exe
  C:\Windows\System\WnKBbAp.exe
  2⤵
  PID:4568
- C:\Windows\System\IIrBcQN.exe
  C:\Windows\System\IIrBcQN.exe
  2⤵
  PID:4588
- C:\Windows\System\QpZZlJV.exe
  C:\Windows\System\QpZZlJV.exe
  2⤵
  PID:4608
- C:\Windows\System\NnyGxdE.exe
  C:\Windows\System\NnyGxdE.exe
  2⤵
  PID:4628
- C:\Windows\System\iZRUOvD.exe
  C:\Windows\System\iZRUOvD.exe
  2⤵
  PID:4648
- C:\Windows\System\XNwSsfk.exe
  C:\Windows\System\XNwSsfk.exe
  2⤵
  PID:4668
- C:\Windows\System\iyrdTWr.exe
  C:\Windows\System\iyrdTWr.exe
  2⤵
  PID:4688
- C:\Windows\System\yoYxJzi.exe
  C:\Windows\System\yoYxJzi.exe
  2⤵
  PID:4708
- C:\Windows\System\qiDVLml.exe
  C:\Windows\System\qiDVLml.exe
  2⤵
  PID:4728
- C:\Windows\System\oqnvWec.exe
  C:\Windows\System\oqnvWec.exe
  2⤵
  PID:4748
- C:\Windows\System\xwAcgIr.exe
  C:\Windows\System\xwAcgIr.exe
  2⤵
  PID:4768
- C:\Windows\System\EhBAkjx.exe
  C:\Windows\System\EhBAkjx.exe
  2⤵
  PID:4788
- C:\Windows\System\hVioaVI.exe
  C:\Windows\System\hVioaVI.exe
  2⤵
  PID:4808
- C:\Windows\System\JDGZApO.exe
  C:\Windows\System\JDGZApO.exe
  2⤵
  PID:4828
- C:\Windows\System\EOKSXWy.exe
  C:\Windows\System\EOKSXWy.exe
  2⤵
  PID:4848
- C:\Windows\System\lttSBNx.exe
  C:\Windows\System\lttSBNx.exe
  2⤵
  PID:4868
- C:\Windows\System\AIDCFlw.exe
  C:\Windows\System\AIDCFlw.exe
  2⤵
  PID:4888
- C:\Windows\System\GGbhEQD.exe
  C:\Windows\System\GGbhEQD.exe
  2⤵
  PID:4908
- C:\Windows\System\REhaykt.exe
  C:\Windows\System\REhaykt.exe
  2⤵
  PID:4928
- C:\Windows\System\PMzfJmC.exe
  C:\Windows\System\PMzfJmC.exe
  2⤵
  PID:4948
- C:\Windows\System\WriPiAP.exe
  C:\Windows\System\WriPiAP.exe
  2⤵
  PID:4968
- C:\Windows\System\xtZshoA.exe
  C:\Windows\System\xtZshoA.exe
  2⤵
  PID:4988
- C:\Windows\System\zJrrVLV.exe
  C:\Windows\System\zJrrVLV.exe
  2⤵
  PID:5008
- C:\Windows\System\JXbFZtE.exe
  C:\Windows\System\JXbFZtE.exe
  2⤵
  PID:5028
- C:\Windows\System\jVUMYBE.exe
  C:\Windows\System\jVUMYBE.exe
  2⤵
  PID:5048
- C:\Windows\System\nbUVxQk.exe
  C:\Windows\System\nbUVxQk.exe
  2⤵
  PID:5068
- C:\Windows\System\GwXKpZX.exe
  C:\Windows\System\GwXKpZX.exe
  2⤵
  PID:5088
- C:\Windows\System\LYwINxc.exe
  C:\Windows\System\LYwINxc.exe
  2⤵
  PID:5108
- C:\Windows\System\oTpAUWN.exe
  C:\Windows\System\oTpAUWN.exe
  2⤵
  PID:2992
- C:\Windows\System\LHswweJ.exe
  C:\Windows\System\LHswweJ.exe
  2⤵
  PID:3448
- C:\Windows\System\VdUMjYw.exe
  C:\Windows\System\VdUMjYw.exe
  2⤵
  PID:3712
- C:\Windows\System\mZcBgFc.exe
  C:\Windows\System\mZcBgFc.exe
  2⤵
  PID:3876
- C:\Windows\System\xxhKeyH.exe
  C:\Windows\System\xxhKeyH.exe
  2⤵
  PID:3836
- C:\Windows\System\zeiMOaK.exe
  C:\Windows\System\zeiMOaK.exe
  2⤵
  PID:4040
- C:\Windows\System\yeXkVog.exe
  C:\Windows\System\yeXkVog.exe
  2⤵
  PID:1292
- C:\Windows\System\fomjvTq.exe
  C:\Windows\System\fomjvTq.exe
  2⤵
  PID:3084
- C:\Windows\System\yNBcJrl.exe
  C:\Windows\System\yNBcJrl.exe
  2⤵
  PID:4132
- C:\Windows\System\aUOkZjn.exe
  C:\Windows\System\aUOkZjn.exe
  2⤵
  PID:4172
- C:\Windows\System\IhHIsKy.exe
  C:\Windows\System\IhHIsKy.exe
  2⤵
  PID:4192
- C:\Windows\System\jTWokWO.exe
  C:\Windows\System\jTWokWO.exe
  2⤵
  PID:4216
- C:\Windows\System\IeKmZwD.exe
  C:\Windows\System\IeKmZwD.exe
  2⤵
  PID:4236
- C:\Windows\System\aggzeeW.exe
  C:\Windows\System\aggzeeW.exe
  2⤵
  PID:4300
- C:\Windows\System\UBJiPmO.exe
  C:\Windows\System\UBJiPmO.exe
  2⤵
  PID:4320
- C:\Windows\System\VSeFrvI.exe
  C:\Windows\System\VSeFrvI.exe
  2⤵
  PID:4372
- C:\Windows\System\NKefHPE.exe
  C:\Windows\System\NKefHPE.exe
  2⤵
  PID:4376
- C:\Windows\System\jdnYMJd.exe
  C:\Windows\System\jdnYMJd.exe
  2⤵
  PID:4396
- C:\Windows\System\CqqnnPA.exe
  C:\Windows\System\CqqnnPA.exe
  2⤵
  PID:4440
- C:\Windows\System\VOEyshE.exe
  C:\Windows\System\VOEyshE.exe
  2⤵
  PID:4476
- C:\Windows\System\AhYnafq.exe
  C:\Windows\System\AhYnafq.exe
  2⤵
  PID:4516
- C:\Windows\System\mUOTNyn.exe
  C:\Windows\System\mUOTNyn.exe
  2⤵
  PID:4520
- C:\Windows\System\QAJtqWj.exe
  C:\Windows\System\QAJtqWj.exe
  2⤵
  PID:4584
- C:\Windows\System\WqxQIib.exe
  C:\Windows\System\WqxQIib.exe
  2⤵
  PID:4600
- C:\Windows\System\qXCxTAG.exe
  C:\Windows\System\qXCxTAG.exe
  2⤵
  PID:4644
- C:\Windows\System\ebaPJMN.exe
  C:\Windows\System\ebaPJMN.exe
  2⤵
  PID:4696
- C:\Windows\System\BjjORQQ.exe
  C:\Windows\System\BjjORQQ.exe
  2⤵
  PID:4736
- C:\Windows\System\ooQCoGH.exe
  C:\Windows\System\ooQCoGH.exe
  2⤵
  PID:4740
- C:\Windows\System\jqWgRiC.exe
  C:\Windows\System\jqWgRiC.exe
  2⤵
  PID:4784
- C:\Windows\System\Nujifut.exe
  C:\Windows\System\Nujifut.exe
  2⤵
  PID:4804
- C:\Windows\System\zsauPQl.exe
  C:\Windows\System\zsauPQl.exe
  2⤵
  PID:4840
- C:\Windows\System\LaymtYl.exe
  C:\Windows\System\LaymtYl.exe
  2⤵
  PID:4876
- C:\Windows\System\sBYqmRp.exe
  C:\Windows\System\sBYqmRp.exe
  2⤵
  PID:4900
- C:\Windows\System\AgVIRGB.exe
  C:\Windows\System\AgVIRGB.exe
  2⤵
  PID:4920
- C:\Windows\System\SFRJcNg.exe
  C:\Windows\System\SFRJcNg.exe
  2⤵
  PID:4964
- C:\Windows\System\ZlrmUCT.exe
  C:\Windows\System\ZlrmUCT.exe
  2⤵
  PID:5004
- C:\Windows\System\SifSYqN.exe
  C:\Windows\System\SifSYqN.exe
  2⤵
  PID:5044
- C:\Windows\System\qCTZMIl.exe
  C:\Windows\System\qCTZMIl.exe
  2⤵
  PID:3000
- C:\Windows\System\ivpqQcn.exe
  C:\Windows\System\ivpqQcn.exe
  2⤵
  PID:5104
- C:\Windows\System\jAIldun.exe
  C:\Windows\System\jAIldun.exe
  2⤵
  PID:3528
- C:\Windows\System\DymQNCm.exe
  C:\Windows\System\DymQNCm.exe
  2⤵
  PID:3452
- C:\Windows\System\UARkDfp.exe
  C:\Windows\System\UARkDfp.exe
  2⤵
  PID:3912
- C:\Windows\System\uaqaDbU.exe
  C:\Windows\System\uaqaDbU.exe
  2⤵
  PID:2268
- C:\Windows\System\ylfkdhW.exe
  C:\Windows\System\ylfkdhW.exe
  2⤵
  PID:1712
- C:\Windows\System\yhEYmhB.exe
  C:\Windows\System\yhEYmhB.exe
  2⤵
  PID:2796
- C:\Windows\System\DqMcBRM.exe
  C:\Windows\System\DqMcBRM.exe
  2⤵
  PID:4156
- C:\Windows\System\mjlKEJa.exe
  C:\Windows\System\mjlKEJa.exe
  2⤵
  PID:4220
- C:\Windows\System\hvBaYun.exe
  C:\Windows\System\hvBaYun.exe
  2⤵
  PID:4272
- C:\Windows\System\wedpikt.exe
  C:\Windows\System\wedpikt.exe
  2⤵
  PID:4332
- C:\Windows\System\CgasqYn.exe
  C:\Windows\System\CgasqYn.exe
  2⤵
  PID:656
- C:\Windows\System\ZUzXxXl.exe
  C:\Windows\System\ZUzXxXl.exe
  2⤵
  PID:4356
- C:\Windows\System\FprlbXQ.exe
  C:\Windows\System\FprlbXQ.exe
  2⤵
  PID:4436
- C:\Windows\System\PPHcUhY.exe
  C:\Windows\System\PPHcUhY.exe
  2⤵
  PID:4480
- C:\Windows\System\fYvmwCH.exe
  C:\Windows\System\fYvmwCH.exe
  2⤵
  PID:4616
- C:\Windows\System\lAURzTr.exe
  C:\Windows\System\lAURzTr.exe
  2⤵
  PID:4620
- C:\Windows\System\zJDGbRl.exe
  C:\Windows\System\zJDGbRl.exe
  2⤵
  PID:4660
- C:\Windows\System\ZOeNrGW.exe
  C:\Windows\System\ZOeNrGW.exe
  2⤵
  PID:4744
- C:\Windows\System\ftpSKHg.exe
  C:\Windows\System\ftpSKHg.exe
  2⤵
  PID:4760
- C:\Windows\System\fqUapVd.exe
  C:\Windows\System\fqUapVd.exe
  2⤵
  PID:4844
- C:\Windows\System\QXSDoRo.exe
  C:\Windows\System\QXSDoRo.exe
  2⤵
  PID:4896
- C:\Windows\System\nESVnwK.exe
  C:\Windows\System\nESVnwK.exe
  2⤵
  PID:4936
- C:\Windows\System\vuQlOAh.exe
  C:\Windows\System\vuQlOAh.exe
  2⤵
  PID:4996
- C:\Windows\System\DfKpyNZ.exe
  C:\Windows\System\DfKpyNZ.exe
  2⤵
  PID:5020
- C:\Windows\System\rCFSpmf.exe
  C:\Windows\System\rCFSpmf.exe
  2⤵
  PID:5096
- C:\Windows\System\DzIHcWf.exe
  C:\Windows\System\DzIHcWf.exe
  2⤵
  PID:3288
- C:\Windows\System\NPmfOLJ.exe
  C:\Windows\System\NPmfOLJ.exe
  2⤵
  PID:1788
- C:\Windows\System\JoRqBQA.exe
  C:\Windows\System\JoRqBQA.exe
  2⤵
  PID:4100
- C:\Windows\System\KRnQPaZ.exe
  C:\Windows\System\KRnQPaZ.exe
  2⤵
  PID:4136
- C:\Windows\System\pGIWTTS.exe
  C:\Windows\System\pGIWTTS.exe
  2⤵
  PID:4252
- C:\Windows\System\VTAMuJY.exe
  C:\Windows\System\VTAMuJY.exe
  2⤵
  PID:4280
- C:\Windows\System\iVfKDpQ.exe
  C:\Windows\System\iVfKDpQ.exe
  2⤵
  PID:4360
- C:\Windows\System\vasTFKe.exe
  C:\Windows\System\vasTFKe.exe
  2⤵
  PID:4420
- C:\Windows\System\VACCPbm.exe
  C:\Windows\System\VACCPbm.exe
  2⤵
  PID:4500
- C:\Windows\System\zKiVlbw.exe
  C:\Windows\System\zKiVlbw.exe
  2⤵
  PID:5132
- C:\Windows\System\XOArImy.exe
  C:\Windows\System\XOArImy.exe
  2⤵
  PID:5152
- C:\Windows\System\nUHroxB.exe
  C:\Windows\System\nUHroxB.exe
  2⤵
  PID:5172
- C:\Windows\System\GUvHiks.exe
  C:\Windows\System\GUvHiks.exe
  2⤵
  PID:5192
- C:\Windows\System\ilddXDE.exe
  C:\Windows\System\ilddXDE.exe
  2⤵
  PID:5212
- C:\Windows\System\BTAbbLF.exe
  C:\Windows\System\BTAbbLF.exe
  2⤵
  PID:5232
- C:\Windows\System\VGQiYJl.exe
  C:\Windows\System\VGQiYJl.exe
  2⤵
  PID:5252
- C:\Windows\System\FePfomF.exe
  C:\Windows\System\FePfomF.exe
  2⤵
  PID:5272
- C:\Windows\System\fDUkVmY.exe
  C:\Windows\System\fDUkVmY.exe
  2⤵
  PID:5292
- C:\Windows\System\AnbhghY.exe
  C:\Windows\System\AnbhghY.exe
  2⤵
  PID:5312
- C:\Windows\System\wvWfaGg.exe
  C:\Windows\System\wvWfaGg.exe
  2⤵
  PID:5332
- C:\Windows\System\eWvPOPU.exe
  C:\Windows\System\eWvPOPU.exe
  2⤵
  PID:5356
- C:\Windows\System\WEzbxYa.exe
  C:\Windows\System\WEzbxYa.exe
  2⤵
  PID:5376
- C:\Windows\System\SkxWjuu.exe
  C:\Windows\System\SkxWjuu.exe
  2⤵
  PID:5396
- C:\Windows\System\PDqjImy.exe
  C:\Windows\System\PDqjImy.exe
  2⤵
  PID:5416
- C:\Windows\System\zLvZsAz.exe
  C:\Windows\System\zLvZsAz.exe
  2⤵
  PID:5436
- C:\Windows\System\AqdNHIR.exe
  C:\Windows\System\AqdNHIR.exe
  2⤵
  PID:5456
- C:\Windows\System\VWCIWpH.exe
  C:\Windows\System\VWCIWpH.exe
  2⤵
  PID:5476
- C:\Windows\System\naOkkuD.exe
  C:\Windows\System\naOkkuD.exe
  2⤵
  PID:5496
- C:\Windows\System\klspGCd.exe
  C:\Windows\System\klspGCd.exe
  2⤵
  PID:5516
- C:\Windows\System\WJnjyQi.exe
  C:\Windows\System\WJnjyQi.exe
  2⤵
  PID:5536
- C:\Windows\System\UeEMuAf.exe
  C:\Windows\System\UeEMuAf.exe
  2⤵
  PID:5556
- C:\Windows\System\CiobRcy.exe
  C:\Windows\System\CiobRcy.exe
  2⤵
  PID:5576
- C:\Windows\System\jouQXxD.exe
  C:\Windows\System\jouQXxD.exe
  2⤵
  PID:5596
- C:\Windows\System\cNwpPRG.exe
  C:\Windows\System\cNwpPRG.exe
  2⤵
  PID:5616
- C:\Windows\System\AXqotqE.exe
  C:\Windows\System\AXqotqE.exe
  2⤵
  PID:5636
- C:\Windows\System\oBjGOpB.exe
  C:\Windows\System\oBjGOpB.exe
  2⤵
  PID:5656
- C:\Windows\System\pVXZpma.exe
  C:\Windows\System\pVXZpma.exe
  2⤵
  PID:5676
- C:\Windows\System\fkSLBiS.exe
  C:\Windows\System\fkSLBiS.exe
  2⤵
  PID:5696
- C:\Windows\System\YHueWTp.exe
  C:\Windows\System\YHueWTp.exe
  2⤵
  PID:5720
- C:\Windows\System\smpCyeb.exe
  C:\Windows\System\smpCyeb.exe
  2⤵
  PID:5740
- C:\Windows\System\MalsrkF.exe
  C:\Windows\System\MalsrkF.exe
  2⤵
  PID:5760
- C:\Windows\System\dSLgNzf.exe
  C:\Windows\System\dSLgNzf.exe
  2⤵
  PID:5780
- C:\Windows\System\BlVsrfr.exe
  C:\Windows\System\BlVsrfr.exe
  2⤵
  PID:5800
- C:\Windows\System\vIPHjIl.exe
  C:\Windows\System\vIPHjIl.exe
  2⤵
  PID:5820
- C:\Windows\System\FgNlRuj.exe
  C:\Windows\System\FgNlRuj.exe
  2⤵
  PID:5840
- C:\Windows\System\ovJeBvz.exe
  C:\Windows\System\ovJeBvz.exe
  2⤵
  PID:5860
- C:\Windows\System\CkfXeOJ.exe
  C:\Windows\System\CkfXeOJ.exe
  2⤵
  PID:5880
- C:\Windows\System\QZeBWmP.exe
  C:\Windows\System\QZeBWmP.exe
  2⤵
  PID:5900
- C:\Windows\System\gRhAJrN.exe
  C:\Windows\System\gRhAJrN.exe
  2⤵
  PID:5920
- C:\Windows\System\MboeOng.exe
  C:\Windows\System\MboeOng.exe
  2⤵
  PID:5940
- C:\Windows\System\EFAVcvB.exe
  C:\Windows\System\EFAVcvB.exe
  2⤵
  PID:5960
- C:\Windows\System\mgWHwKC.exe
  C:\Windows\System\mgWHwKC.exe
  2⤵
  PID:5980
- C:\Windows\System\kyfXFoa.exe
  C:\Windows\System\kyfXFoa.exe
  2⤵
  PID:6000
- C:\Windows\System\aXykYDs.exe
  C:\Windows\System\aXykYDs.exe
  2⤵
  PID:6020
- C:\Windows\System\lZoLHFg.exe
  C:\Windows\System\lZoLHFg.exe
  2⤵
  PID:6040
- C:\Windows\System\mRsuNmp.exe
  C:\Windows\System\mRsuNmp.exe
  2⤵
  PID:6060
- C:\Windows\System\sbYzQYI.exe
  C:\Windows\System\sbYzQYI.exe
  2⤵
  PID:6080
- C:\Windows\System\dDCcNbA.exe
  C:\Windows\System\dDCcNbA.exe
  2⤵
  PID:6100
- C:\Windows\System\DkdKuRu.exe
  C:\Windows\System\DkdKuRu.exe
  2⤵
  PID:6120
- C:\Windows\System\XVfBZwI.exe
  C:\Windows\System\XVfBZwI.exe
  2⤵
  PID:6140
- C:\Windows\System\iQcDuly.exe
  C:\Windows\System\iQcDuly.exe
  2⤵
  PID:4676
- C:\Windows\System\uyIDsXz.exe
  C:\Windows\System\uyIDsXz.exe
  2⤵
  PID:4680
- C:\Windows\System\FdDPuNT.exe
  C:\Windows\System\FdDPuNT.exe
  2⤵
  PID:1716
- C:\Windows\System\dEBpZuT.exe
  C:\Windows\System\dEBpZuT.exe
  2⤵
  PID:4820
- C:\Windows\System\GAcRfGM.exe
  C:\Windows\System\GAcRfGM.exe
  2⤵
  PID:4944
- C:\Windows\System\HpyxjMI.exe
  C:\Windows\System\HpyxjMI.exe
  2⤵
  PID:5060
- C:\Windows\System\MzvWojd.exe
  C:\Windows\System\MzvWojd.exe
  2⤵
  PID:3348
- C:\Windows\System\DvASITN.exe
  C:\Windows\System\DvASITN.exe
  2⤵
  PID:3664
- C:\Windows\System\LPqXxyW.exe
  C:\Windows\System\LPqXxyW.exe
  2⤵
  PID:3996
- C:\Windows\System\RTREziw.exe
  C:\Windows\System\RTREziw.exe
  2⤵
  PID:4200
- C:\Windows\System\Wnpggun.exe
  C:\Windows\System\Wnpggun.exe
  2⤵
  PID:4296
- C:\Windows\System\BMFIUqX.exe
  C:\Windows\System\BMFIUqX.exe
  2⤵
  PID:776
- C:\Windows\System\wRyocLm.exe
  C:\Windows\System\wRyocLm.exe
  2⤵
  PID:5140
- C:\Windows\System\gnYRXTR.exe
  C:\Windows\System\gnYRXTR.exe
  2⤵
  PID:5164
- C:\Windows\System\xPZkAxH.exe
  C:\Windows\System\xPZkAxH.exe
  2⤵
  PID:1936
- C:\Windows\System\MenVHrQ.exe
  C:\Windows\System\MenVHrQ.exe
  2⤵
  PID:5240
- C:\Windows\System\CnsAUSj.exe
  C:\Windows\System\CnsAUSj.exe
  2⤵
  PID:5248
- C:\Windows\System\hZdkllb.exe
  C:\Windows\System\hZdkllb.exe
  2⤵
  PID:5264
- C:\Windows\System\qLVkHwc.exe
  C:\Windows\System\qLVkHwc.exe
  2⤵
  PID:5300
- C:\Windows\System\oCeHNto.exe
  C:\Windows\System\oCeHNto.exe
  2⤵
  PID:2176
- C:\Windows\System\JxqTNJd.exe
  C:\Windows\System\JxqTNJd.exe
  2⤵
  PID:5364
- C:\Windows\System\DrDoZXz.exe
  C:\Windows\System\DrDoZXz.exe
  2⤵
  PID:5404
- C:\Windows\System\lpjgxRh.exe
  C:\Windows\System\lpjgxRh.exe
  2⤵
  PID:5432
- C:\Windows\System\vTjylXQ.exe
  C:\Windows\System\vTjylXQ.exe
  2⤵
  PID:5484
- C:\Windows\System\TTFRPsB.exe
  C:\Windows\System\TTFRPsB.exe
  2⤵
  PID:5504
- C:\Windows\System\opgERzi.exe
  C:\Windows\System\opgERzi.exe
  2⤵
  PID:5528
- C:\Windows\System\tzORqfV.exe
  C:\Windows\System\tzORqfV.exe
  2⤵
  PID:5548
- C:\Windows\System\TgaERMb.exe
  C:\Windows\System\TgaERMb.exe
  2⤵
  PID:5588
- C:\Windows\System\ttmkspv.exe
  C:\Windows\System\ttmkspv.exe
  2⤵
  PID:5624
- C:\Windows\System\efBCLbt.exe
  C:\Windows\System\efBCLbt.exe
  2⤵
  PID:5648
- C:\Windows\System\QWhGngP.exe
  C:\Windows\System\QWhGngP.exe
  2⤵
  PID:5692
- C:\Windows\System\rfJZLpf.exe
  C:\Windows\System\rfJZLpf.exe
  2⤵
  PID:5716
- C:\Windows\System\cVWMkkR.exe
  C:\Windows\System\cVWMkkR.exe
  2⤵
  PID:5748
- C:\Windows\System\TRvBmLx.exe
  C:\Windows\System\TRvBmLx.exe
  2⤵
  PID:5772
- C:\Windows\System\uHbOPAR.exe
  C:\Windows\System\uHbOPAR.exe
  2⤵
  PID:5816
- C:\Windows\System\jrjRebW.exe
  C:\Windows\System\jrjRebW.exe
  2⤵
  PID:5836
- C:\Windows\System\KwhuDdA.exe
  C:\Windows\System\KwhuDdA.exe
  2⤵
  PID:5872
- C:\Windows\System\hMQsfxO.exe
  C:\Windows\System\hMQsfxO.exe
  2⤵
  PID:5916
- C:\Windows\System\kWLAKej.exe
  C:\Windows\System\kWLAKej.exe
  2⤵
  PID:5932
- C:\Windows\System\PskSDUv.exe
  C:\Windows\System\PskSDUv.exe
  2⤵
  PID:5952
- C:\Windows\System\CArJbYN.exe
  C:\Windows\System\CArJbYN.exe
  2⤵
  PID:6008
- C:\Windows\System\aPhyeuo.exe
  C:\Windows\System\aPhyeuo.exe
  2⤵
  PID:6048
- C:\Windows\System\gNxlGlW.exe
  C:\Windows\System\gNxlGlW.exe
  2⤵
  PID:6068
- C:\Windows\System\PQWkbLh.exe
  C:\Windows\System\PQWkbLh.exe
  2⤵
  PID:6092
- C:\Windows\System\WctLXWP.exe
  C:\Windows\System\WctLXWP.exe
  2⤵
  PID:6136
- C:\Windows\System\WFwspUA.exe
  C:\Windows\System\WFwspUA.exe
  2⤵
  PID:4596
- C:\Windows\System\WNYTDYr.exe
  C:\Windows\System\WNYTDYr.exe
  2⤵
  PID:4864
- C:\Windows\System\oxSVbnn.exe
  C:\Windows\System\oxSVbnn.exe
  2⤵
  PID:4980
- C:\Windows\System\KzuzFtL.exe
  C:\Windows\System\KzuzFtL.exe
  2⤵
  PID:5056
- C:\Windows\System\YENmFuP.exe
  C:\Windows\System\YENmFuP.exe
  2⤵
  PID:1380
- C:\Windows\System\McyzbDH.exe
  C:\Windows\System\McyzbDH.exe
  2⤵
  PID:2756
- C:\Windows\System\KPuhPdZ.exe
  C:\Windows\System\KPuhPdZ.exe
  2⤵
  PID:2092
- C:\Windows\System\ROOHPLB.exe
  C:\Windows\System\ROOHPLB.exe
  2⤵
  PID:4464
- C:\Windows\System\jsEndKd.exe
  C:\Windows\System\jsEndKd.exe
  2⤵
  PID:5200
- C:\Windows\System\KbkUfIf.exe
  C:\Windows\System\KbkUfIf.exe
  2⤵
  PID:2912
- C:\Windows\System\PQcIfhQ.exe
  C:\Windows\System\PQcIfhQ.exe
  2⤵
  PID:5280
- C:\Windows\System\AZroSVN.exe
  C:\Windows\System\AZroSVN.exe
  2⤵
  PID:2064
- C:\Windows\System\IhljFVk.exe
  C:\Windows\System\IhljFVk.exe
  2⤵
  PID:5348
- C:\Windows\System\XZzcGQl.exe
  C:\Windows\System\XZzcGQl.exe
  2⤵
  PID:5424
- C:\Windows\System\HiTvwZe.exe
  C:\Windows\System\HiTvwZe.exe
  2⤵
  PID:5508
- C:\Windows\System\cCMkPyv.exe
  C:\Windows\System\cCMkPyv.exe
  2⤵
  PID:5532
- C:\Windows\System\wrlMWGg.exe
  C:\Windows\System\wrlMWGg.exe
  2⤵
  PID:5592
- C:\Windows\System\FdCcsTJ.exe
  C:\Windows\System\FdCcsTJ.exe
  2⤵
  PID:5628
- C:\Windows\System\EpNZioc.exe
  C:\Windows\System\EpNZioc.exe
  2⤵
  PID:2128
- C:\Windows\System\nUCCHjD.exe
  C:\Windows\System\nUCCHjD.exe
  2⤵
  PID:5736
- C:\Windows\System\EuXiuMi.exe
  C:\Windows\System\EuXiuMi.exe
  2⤵
  PID:2044
- C:\Windows\System\EVZYctU.exe
  C:\Windows\System\EVZYctU.exe
  2⤵
  PID:5792
- C:\Windows\System\ZWZaiXN.exe
  C:\Windows\System\ZWZaiXN.exe
  2⤵
  PID:5908
- C:\Windows\System\icOrEft.exe
  C:\Windows\System\icOrEft.exe
  2⤵
  PID:5968
- C:\Windows\System\aajuTae.exe
  C:\Windows\System\aajuTae.exe
  2⤵
  PID:2960
- C:\Windows\System\eKYCAwo.exe
  C:\Windows\System\eKYCAwo.exe
  2⤵
  PID:6012
- C:\Windows\System\kHnCIEg.exe
  C:\Windows\System\kHnCIEg.exe
  2⤵
  PID:6096
- C:\Windows\System\bALmDrk.exe
  C:\Windows\System\bALmDrk.exe
  2⤵
  PID:6116
- C:\Windows\System\wwuGRFG.exe
  C:\Windows\System\wwuGRFG.exe
  2⤵
  PID:3060
- C:\Windows\System\UKNBYiW.exe
  C:\Windows\System\UKNBYiW.exe
  2⤵
  PID:2464
- C:\Windows\System\WqSSrgW.exe
  C:\Windows\System\WqSSrgW.exe
  2⤵
  PID:3888
- C:\Windows\System\UQvowsi.exe
  C:\Windows\System\UQvowsi.exe
  2⤵
  PID:5384
- C:\Windows\System\edvENYm.exe
  C:\Windows\System\edvENYm.exe
  2⤵
  PID:5128
- C:\Windows\System\CViNVaC.exe
  C:\Windows\System\CViNVaC.exe
  2⤵
  PID:5268
- C:\Windows\System\NCsXRyG.exe
  C:\Windows\System\NCsXRyG.exe
  2⤵
  PID:5344
- C:\Windows\System\lqgqevg.exe
  C:\Windows\System\lqgqevg.exe
  2⤵
  PID:5464
- C:\Windows\System\uSFAwKA.exe
  C:\Windows\System\uSFAwKA.exe
  2⤵
  PID:5524
- C:\Windows\System\MivoVxK.exe
  C:\Windows\System\MivoVxK.exe
  2⤵
  PID:2976
- C:\Windows\System\yjAOgHd.exe
  C:\Windows\System\yjAOgHd.exe
  2⤵
  PID:5612
- C:\Windows\System\jtGhDgR.exe
  C:\Windows\System\jtGhDgR.exe
  2⤵
  PID:2968
- C:\Windows\System\olwKPMe.exe
  C:\Windows\System\olwKPMe.exe
  2⤵
  PID:5852
- C:\Windows\System\wzDDrbn.exe
  C:\Windows\System\wzDDrbn.exe
  2⤵
  PID:5868
- C:\Windows\System\WYxhwks.exe
  C:\Windows\System\WYxhwks.exe
  2⤵
  PID:5912
- C:\Windows\System\ipqcYkT.exe
  C:\Windows\System\ipqcYkT.exe
  2⤵
  PID:6076
- C:\Windows\System\GFdCCBk.exe
  C:\Windows\System\GFdCCBk.exe
  2⤵
  PID:4564
- C:\Windows\System\tMprUog.exe
  C:\Windows\System\tMprUog.exe
  2⤵
  PID:4836
- C:\Windows\System\eNNuvIu.exe
  C:\Windows\System\eNNuvIu.exe
  2⤵
  PID:4240
- C:\Windows\System\nSOnyhj.exe
  C:\Windows\System\nSOnyhj.exe
  2⤵
  PID:5220
- C:\Windows\System\aqyWqLR.exe
  C:\Windows\System\aqyWqLR.exe
  2⤵
  PID:2264
- C:\Windows\System\JSMWxhQ.exe
  C:\Windows\System\JSMWxhQ.exe
  2⤵
  PID:5492
- C:\Windows\System\wWnBBVq.exe
  C:\Windows\System\wWnBBVq.exe
  2⤵
  PID:5488
- C:\Windows\System\LlLDfUP.exe
  C:\Windows\System\LlLDfUP.exe
  2⤵
  PID:5704
- C:\Windows\System\KlGUzGB.exe
  C:\Windows\System\KlGUzGB.exe
  2⤵
  PID:6148
- C:\Windows\System\JSASDAi.exe
  C:\Windows\System\JSASDAi.exe
  2⤵
  PID:6168
- C:\Windows\System\DnQgTzv.exe
  C:\Windows\System\DnQgTzv.exe
  2⤵
  PID:6188
- C:\Windows\System\SnGLlSh.exe
  C:\Windows\System\SnGLlSh.exe
  2⤵
  PID:6208
- C:\Windows\System\auOeKQD.exe
  C:\Windows\System\auOeKQD.exe
  2⤵
  PID:6228
- C:\Windows\System\LVglAcv.exe
  C:\Windows\System\LVglAcv.exe
  2⤵
  PID:6248
- C:\Windows\System\rtkIGXJ.exe
  C:\Windows\System\rtkIGXJ.exe
  2⤵
  PID:6268
- C:\Windows\System\yPnmZoG.exe
  C:\Windows\System\yPnmZoG.exe
  2⤵
  PID:6288
- C:\Windows\System\UVkuIMl.exe
  C:\Windows\System\UVkuIMl.exe
  2⤵
  PID:6308
- C:\Windows\System\bZZHpYj.exe
  C:\Windows\System\bZZHpYj.exe
  2⤵
  PID:6328
- C:\Windows\System\GGDbArZ.exe
  C:\Windows\System\GGDbArZ.exe
  2⤵
  PID:6348
- C:\Windows\System\gMLiOtl.exe
  C:\Windows\System\gMLiOtl.exe
  2⤵
  PID:6368
- C:\Windows\System\tzWSTQo.exe
  C:\Windows\System\tzWSTQo.exe
  2⤵
  PID:6388
- C:\Windows\System\isjDNgp.exe
  C:\Windows\System\isjDNgp.exe
  2⤵
  PID:6408
- C:\Windows\System\ttdKmli.exe
  C:\Windows\System\ttdKmli.exe
  2⤵
  PID:6428
- C:\Windows\System\WWmaiXx.exe
  C:\Windows\System\WWmaiXx.exe
  2⤵
  PID:6448
- C:\Windows\System\DhViykp.exe
  C:\Windows\System\DhViykp.exe
  2⤵
  PID:6468
- C:\Windows\System\mJUTOEF.exe
  C:\Windows\System\mJUTOEF.exe
  2⤵
  PID:6488
- C:\Windows\System\fFWaiaU.exe
  C:\Windows\System\fFWaiaU.exe
  2⤵
  PID:6508
- C:\Windows\System\WmlRTut.exe
  C:\Windows\System\WmlRTut.exe
  2⤵
  PID:6528
- C:\Windows\System\STmDvmN.exe
  C:\Windows\System\STmDvmN.exe
  2⤵
  PID:6548
- C:\Windows\System\SdPZDPS.exe
  C:\Windows\System\SdPZDPS.exe
  2⤵
  PID:6568
- C:\Windows\System\RveAFMZ.exe
  C:\Windows\System\RveAFMZ.exe
  2⤵
  PID:6588
- C:\Windows\System\jRGBrrK.exe
  C:\Windows\System\jRGBrrK.exe
  2⤵
  PID:6608
- C:\Windows\System\BIELayk.exe
  C:\Windows\System\BIELayk.exe
  2⤵
  PID:6628
- C:\Windows\System\wXSswPS.exe
  C:\Windows\System\wXSswPS.exe
  2⤵
  PID:6648
- C:\Windows\System\fvjVYad.exe
  C:\Windows\System\fvjVYad.exe
  2⤵
  PID:6672
- C:\Windows\System\JUJchZY.exe
  C:\Windows\System\JUJchZY.exe
  2⤵
  PID:6692
- C:\Windows\System\TxZXnWg.exe
  C:\Windows\System\TxZXnWg.exe
  2⤵
  PID:6712
- C:\Windows\System\hvyCCTx.exe
  C:\Windows\System\hvyCCTx.exe
  2⤵
  PID:6732
- C:\Windows\System\MvCZBsf.exe
  C:\Windows\System\MvCZBsf.exe
  2⤵
  PID:6752
- C:\Windows\System\rELycQG.exe
  C:\Windows\System\rELycQG.exe
  2⤵
  PID:6772
- C:\Windows\System\UGiRRrL.exe
  C:\Windows\System\UGiRRrL.exe
  2⤵
  PID:6792
- C:\Windows\System\PbJglNx.exe
  C:\Windows\System\PbJglNx.exe
  2⤵
  PID:6812
- C:\Windows\System\lYdoIDF.exe
  C:\Windows\System\lYdoIDF.exe
  2⤵
  PID:6832
- C:\Windows\System\zKibQni.exe
  C:\Windows\System\zKibQni.exe
  2⤵
  PID:6852
- C:\Windows\System\tEGSpDM.exe
  C:\Windows\System\tEGSpDM.exe
  2⤵
  PID:6872
- C:\Windows\System\ehcMsPV.exe
  C:\Windows\System\ehcMsPV.exe
  2⤵
  PID:6892
- C:\Windows\System\PRTaSZA.exe
  C:\Windows\System\PRTaSZA.exe
  2⤵
  PID:6912
- C:\Windows\System\PehxZrL.exe
  C:\Windows\System\PehxZrL.exe
  2⤵
  PID:6932
- C:\Windows\System\lwjIUel.exe
  C:\Windows\System\lwjIUel.exe
  2⤵
  PID:6952
- C:\Windows\System\uDOIGTs.exe
  C:\Windows\System\uDOIGTs.exe
  2⤵
  PID:6972
- C:\Windows\System\aAmSflX.exe
  C:\Windows\System\aAmSflX.exe
  2⤵
  PID:6992
- C:\Windows\System\NBRoqtq.exe
  C:\Windows\System\NBRoqtq.exe
  2⤵
  PID:7016
- C:\Windows\System\pmoKsxu.exe
  C:\Windows\System\pmoKsxu.exe
  2⤵
  PID:7036
- C:\Windows\System\Zzecmkj.exe
  C:\Windows\System\Zzecmkj.exe
  2⤵
  PID:7056
- C:\Windows\System\fFGrCFR.exe
  C:\Windows\System\fFGrCFR.exe
  2⤵
  PID:7076
- C:\Windows\System\SiYGtBa.exe
  C:\Windows\System\SiYGtBa.exe
  2⤵
  PID:7096
- C:\Windows\System\WjdFfQi.exe
  C:\Windows\System\WjdFfQi.exe
  2⤵
  PID:7116
- C:\Windows\System\CCEvOHs.exe
  C:\Windows\System\CCEvOHs.exe
  2⤵
  PID:7136
- C:\Windows\System\WrqaGHP.exe
  C:\Windows\System\WrqaGHP.exe
  2⤵
  PID:7156
- C:\Windows\System\sEkyFgg.exe
  C:\Windows\System\sEkyFgg.exe
  2⤵
  PID:5892
- C:\Windows\System\lFGkAeA.exe
  C:\Windows\System\lFGkAeA.exe
  2⤵
  PID:6128
- C:\Windows\System\GVuptcb.exe
  C:\Windows\System\GVuptcb.exe
  2⤵
  PID:4764
- C:\Windows\System\XIgzNZH.exe
  C:\Windows\System\XIgzNZH.exe
  2⤵
  PID:4984
- C:\Windows\System\wWgIWqT.exe
  C:\Windows\System\wWgIWqT.exe
  2⤵
  PID:5204
- C:\Windows\System\meGhMQY.exe
  C:\Windows\System\meGhMQY.exe
  2⤵
  PID:5564
- C:\Windows\System\hLGZFhD.exe
  C:\Windows\System\hLGZFhD.exe
  2⤵
  PID:5644
- C:\Windows\System\TeEkhie.exe
  C:\Windows\System\TeEkhie.exe
  2⤵
  PID:6164
- C:\Windows\System\uEsYfWf.exe
  C:\Windows\System\uEsYfWf.exe
  2⤵
  PID:2956
- C:\Windows\System\xvRpMfs.exe
  C:\Windows\System\xvRpMfs.exe
  2⤵
  PID:6224
- C:\Windows\System\ZtavINf.exe
  C:\Windows\System\ZtavINf.exe
  2⤵
  PID:6256
- C:\Windows\System\NPSFhJR.exe
  C:\Windows\System\NPSFhJR.exe
  2⤵
  PID:6296
- C:\Windows\System\kakAmVX.exe
  C:\Windows\System\kakAmVX.exe
  2⤵
  PID:6324
- C:\Windows\System\DBglpuH.exe
  C:\Windows\System\DBglpuH.exe
  2⤵
  PID:6356
- C:\Windows\System\BHDCBgu.exe
  C:\Windows\System\BHDCBgu.exe
  2⤵
  PID:6384
- C:\Windows\System\qDCQRCN.exe
  C:\Windows\System\qDCQRCN.exe
  2⤵
  PID:6424
- C:\Windows\System\XEkvKax.exe
  C:\Windows\System\XEkvKax.exe
  2⤵
  PID:6444
- C:\Windows\System\zpaMYTz.exe
  C:\Windows\System\zpaMYTz.exe
  2⤵
  PID:6484
- C:\Windows\System\kwAbXcg.exe
  C:\Windows\System\kwAbXcg.exe
  2⤵
  PID:6516
- C:\Windows\System\fdFikKS.exe
  C:\Windows\System\fdFikKS.exe
  2⤵
  PID:6520
- C:\Windows\System\dfGMUPY.exe
  C:\Windows\System\dfGMUPY.exe
  2⤵
  PID:6580
- C:\Windows\System\xkDkPkW.exe
  C:\Windows\System\xkDkPkW.exe
  2⤵
  PID:6624
- C:\Windows\System\UQvozbD.exe
  C:\Windows\System\UQvozbD.exe
  2⤵
  PID:6656
- C:\Windows\System\WcPPPUL.exe
  C:\Windows\System\WcPPPUL.exe
  2⤵
  PID:6700
- C:\Windows\System\fauzgHu.exe
  C:\Windows\System\fauzgHu.exe
  2⤵
  PID:6720
- C:\Windows\System\IOlgUJk.exe
  C:\Windows\System\IOlgUJk.exe
  2⤵
  PID:6760
- C:\Windows\System\lIxcamZ.exe
  C:\Windows\System\lIxcamZ.exe
  2⤵
  PID:6764
- C:\Windows\System\QXjSMgb.exe
  C:\Windows\System\QXjSMgb.exe
  2⤵
  PID:6804
- C:\Windows\System\xpqWXKo.exe
  C:\Windows\System\xpqWXKo.exe
  2⤵
  PID:6860
- C:\Windows\System\oSRQHjs.exe
  C:\Windows\System\oSRQHjs.exe
  2⤵
  PID:6884
- C:\Windows\System\pdXpkZy.exe
  C:\Windows\System\pdXpkZy.exe
  2⤵
  PID:6948
- C:\Windows\System\iEJdBud.exe
  C:\Windows\System\iEJdBud.exe
  2⤵
  PID:6980
- C:\Windows\System\gTSuRls.exe
  C:\Windows\System\gTSuRls.exe
  2⤵
  PID:6984
- C:\Windows\System\ewdaHJN.exe
  C:\Windows\System\ewdaHJN.exe
  2⤵
  PID:7032
- C:\Windows\System\qHLScNv.exe
  C:\Windows\System\qHLScNv.exe
  2⤵
  PID:7048
- C:\Windows\System\QoDMtHa.exe
  C:\Windows\System\QoDMtHa.exe
  2⤵
  PID:7112
- C:\Windows\System\sUVrNQV.exe
  C:\Windows\System\sUVrNQV.exe
  2⤵
  PID:3004
- C:\Windows\System\MbuFwcD.exe
  C:\Windows\System\MbuFwcD.exe
  2⤵
  PID:7152
- C:\Windows\System\DHITkyO.exe
  C:\Windows\System\DHITkyO.exe
  2⤵
  PID:5896
- C:\Windows\System\RkOMJly.exe
  C:\Windows\System\RkOMJly.exe
  2⤵
  PID:2216
- C:\Windows\System\WnMzNcO.exe
  C:\Windows\System\WnMzNcO.exe
  2⤵
  PID:6028
- C:\Windows\System\jNLiqeP.exe
  C:\Windows\System\jNLiqeP.exe
  2⤵
  PID:5368
- C:\Windows\System\MJGBVeD.exe
  C:\Windows\System\MJGBVeD.exe
  2⤵
  PID:5756
- C:\Windows\System\SDLkqUe.exe
  C:\Windows\System\SDLkqUe.exe
  2⤵
  PID:6184
- C:\Windows\System\xpkQRbT.exe
  C:\Windows\System\xpkQRbT.exe
  2⤵
  PID:6260
- C:\Windows\System\DOZGVZO.exe
  C:\Windows\System\DOZGVZO.exe
  2⤵
  PID:6336
- C:\Windows\System\DDSLRRy.exe
  C:\Windows\System\DDSLRRy.exe
  2⤵
  PID:6344
- C:\Windows\System\LvommRC.exe
  C:\Windows\System\LvommRC.exe
  2⤵
  PID:6376
- C:\Windows\System\YyjzqPe.exe
  C:\Windows\System\YyjzqPe.exe
  2⤵
  PID:6460
- C:\Windows\System\tJyRCNm.exe
  C:\Windows\System\tJyRCNm.exe
  2⤵
  PID:6504
- C:\Windows\System\RkAztcE.exe
  C:\Windows\System\RkAztcE.exe
  2⤵
  PID:6604
- C:\Windows\System\xVNafiv.exe
  C:\Windows\System\xVNafiv.exe
  2⤵
  PID:6660
- C:\Windows\System\hfaSBEk.exe
  C:\Windows\System\hfaSBEk.exe
  2⤵
  PID:6640
- C:\Windows\System\lJfYPtZ.exe
  C:\Windows\System\lJfYPtZ.exe
  2⤵
  PID:6744
- C:\Windows\System\pjdbXYf.exe
  C:\Windows\System\pjdbXYf.exe
  2⤵
  PID:2704
- C:\Windows\System\QSKHbAd.exe
  C:\Windows\System\QSKHbAd.exe
  2⤵
  PID:6820
- C:\Windows\System\nAxnTFp.exe
  C:\Windows\System\nAxnTFp.exe
  2⤵
  PID:6888
- C:\Windows\System\McyvbqW.exe
  C:\Windows\System\McyvbqW.exe
  2⤵
  PID:6908
- C:\Windows\System\XlqohWa.exe
  C:\Windows\System\XlqohWa.exe
  2⤵
  PID:7008
- C:\Windows\System\KSbvNoi.exe
  C:\Windows\System\KSbvNoi.exe
  2⤵
  PID:7064
- C:\Windows\System\nZcWdai.exe
  C:\Windows\System\nZcWdai.exe
  2⤵
  PID:7044
- C:\Windows\System\VQxDHZy.exe
  C:\Windows\System\VQxDHZy.exe
  2⤵
  PID:7128
- C:\Windows\System\ZtBlZMt.exe
  C:\Windows\System\ZtBlZMt.exe
  2⤵
  PID:2808
- C:\Windows\System\cnbDqKq.exe
  C:\Windows\System\cnbDqKq.exe
  2⤵
  PID:5308
- C:\Windows\System\mEkvVDz.exe
  C:\Windows\System\mEkvVDz.exe
  2⤵
  PID:6112
- C:\Windows\System\zfSVIYl.exe
  C:\Windows\System\zfSVIYl.exe
  2⤵
  PID:5688
- C:\Windows\System\yjtrMKx.exe
  C:\Windows\System\yjtrMKx.exe
  2⤵
  PID:6244
- C:\Windows\System\QGxElmy.exe
  C:\Windows\System\QGxElmy.exe
  2⤵
  PID:6280
- C:\Windows\System\ZkEhpKc.exe
  C:\Windows\System\ZkEhpKc.exe
  2⤵
  PID:6420
- C:\Windows\System\oXSRayd.exe
  C:\Windows\System\oXSRayd.exe
  2⤵
  PID:6496
- C:\Windows\System\GQgJlqt.exe
  C:\Windows\System\GQgJlqt.exe
  2⤵
  PID:6544
- C:\Windows\System\eLzocfL.exe
  C:\Windows\System\eLzocfL.exe
  2⤵
  PID:6724
- C:\Windows\System\OFEZuLW.exe
  C:\Windows\System\OFEZuLW.exe
  2⤵
  PID:6808
- C:\Windows\System\OmmjcHX.exe
  C:\Windows\System\OmmjcHX.exe
  2⤵
  PID:1744
- C:\Windows\System\YVAZviY.exe
  C:\Windows\System\YVAZviY.exe
  2⤵
  PID:6844
- C:\Windows\System\bXPXUZk.exe
  C:\Windows\System\bXPXUZk.exe
  2⤵
  PID:7012
- C:\Windows\System\zKZyKCk.exe
  C:\Windows\System\zKZyKCk.exe
  2⤵
  PID:7108
- C:\Windows\System\zNHWvEz.exe
  C:\Windows\System\zNHWvEz.exe
  2⤵
  PID:7052
- C:\Windows\System\BuXVScf.exe
  C:\Windows\System\BuXVScf.exe
  2⤵
  PID:5340
- C:\Windows\System\nMXmIrF.exe
  C:\Windows\System\nMXmIrF.exe
  2⤵
  PID:5728
- C:\Windows\System\poIXSrZ.exe
  C:\Windows\System\poIXSrZ.exe
  2⤵
  PID:6416
- C:\Windows\System\tDDhQHm.exe
  C:\Windows\System\tDDhQHm.exe
  2⤵
  PID:1524
- C:\Windows\System\sDcHuuz.exe
  C:\Windows\System\sDcHuuz.exe
  2⤵
  PID:6500
- C:\Windows\System\IenWoVS.exe
  C:\Windows\System\IenWoVS.exe
  2⤵
  PID:6560
- C:\Windows\System\SiYnobo.exe
  C:\Windows\System\SiYnobo.exe
  2⤵
  PID:6788
- C:\Windows\System\sbJyLWC.exe
  C:\Windows\System\sbJyLWC.exe
  2⤵
  PID:6920
- C:\Windows\System\dgjxHnT.exe
  C:\Windows\System\dgjxHnT.exe
  2⤵
  PID:2744
- C:\Windows\System\yKnctwq.exe
  C:\Windows\System\yKnctwq.exe
  2⤵
  PID:1940
- C:\Windows\System\TWnbIyc.exe
  C:\Windows\System\TWnbIyc.exe
  2⤵
  PID:2460
- C:\Windows\System\jQKFcGM.exe
  C:\Windows\System\jQKFcGM.exe
  2⤵
  PID:1876
- C:\Windows\System\uQmLNaC.exe
  C:\Windows\System\uQmLNaC.exe
  2⤵
  PID:6160
- C:\Windows\System\GrWWNPN.exe
  C:\Windows\System\GrWWNPN.exe
  2⤵
  PID:6616
- C:\Windows\System\PklnFYA.exe
  C:\Windows\System\PklnFYA.exe
  2⤵
  PID:6740
- C:\Windows\System\kXgjuth.exe
  C:\Windows\System\kXgjuth.exe
  2⤵
  PID:6644
- C:\Windows\System\gqnjxbM.exe
  C:\Windows\System\gqnjxbM.exe
  2⤵
  PID:7184
- C:\Windows\System\QyMYtjP.exe
  C:\Windows\System\QyMYtjP.exe
  2⤵
  PID:7232
- C:\Windows\System\PHxmXdb.exe
  C:\Windows\System\PHxmXdb.exe
  2⤵
  PID:7272
- C:\Windows\System\KLVdKVx.exe
  C:\Windows\System\KLVdKVx.exe
  2⤵
  PID:7288
- C:\Windows\System\jJyxVEq.exe
  C:\Windows\System\jJyxVEq.exe
  2⤵
  PID:7312
- C:\Windows\System\jCZCEiT.exe
  C:\Windows\System\jCZCEiT.exe
  2⤵
  PID:7332
- C:\Windows\System\AUkbAwt.exe
  C:\Windows\System\AUkbAwt.exe
  2⤵
  PID:7352
- C:\Windows\System\qVQomZy.exe
  C:\Windows\System\qVQomZy.exe
  2⤵
  PID:7376
- C:\Windows\System\idTBDRy.exe
  C:\Windows\System\idTBDRy.exe
  2⤵
  PID:7392
- C:\Windows\System\yiFBuLB.exe
  C:\Windows\System\yiFBuLB.exe
  2⤵
  PID:7412
- C:\Windows\System\oxcpkCj.exe
  C:\Windows\System\oxcpkCj.exe
  2⤵
  PID:7428
- C:\Windows\System\UXvfPqh.exe
  C:\Windows\System\UXvfPqh.exe
  2⤵
  PID:7448
- C:\Windows\System\yrGuFTr.exe
  C:\Windows\System\yrGuFTr.exe
  2⤵
  PID:7464
- C:\Windows\System\MWXaGEo.exe
  C:\Windows\System\MWXaGEo.exe
  2⤵
  PID:7496
- C:\Windows\System\ClAmXMN.exe
  C:\Windows\System\ClAmXMN.exe
  2⤵
  PID:7512
- C:\Windows\System\suDElka.exe
  C:\Windows\System\suDElka.exe
  2⤵
  PID:7528
- C:\Windows\System\nFpefOe.exe
  C:\Windows\System\nFpefOe.exe
  2⤵
  PID:7556
- C:\Windows\System\cxreRcV.exe
  C:\Windows\System\cxreRcV.exe
  2⤵
  PID:7580
- C:\Windows\System\WwiKfEK.exe
  C:\Windows\System\WwiKfEK.exe
  2⤵
  PID:7596
- C:\Windows\System\VMgjGKM.exe
  C:\Windows\System\VMgjGKM.exe
  2⤵
  PID:7612
- C:\Windows\System\qfQLWfY.exe
  C:\Windows\System\qfQLWfY.exe
  2⤵
  PID:7628
- C:\Windows\System\hDkYvPh.exe
  C:\Windows\System\hDkYvPh.exe
  2⤵
  PID:7652
- C:\Windows\System\FtmMFoL.exe
  C:\Windows\System\FtmMFoL.exe
  2⤵
  PID:7672
- C:\Windows\System\HCbhTbQ.exe
  C:\Windows\System\HCbhTbQ.exe
  2⤵
  PID:7704
- C:\Windows\System\EBJBeKw.exe
  C:\Windows\System\EBJBeKw.exe
  2⤵
  PID:7724
- C:\Windows\System\AgZoVVJ.exe
  C:\Windows\System\AgZoVVJ.exe
  2⤵
  PID:7740
- C:\Windows\System\BxvJKyw.exe
  C:\Windows\System\BxvJKyw.exe
  2⤵
  PID:7760
- C:\Windows\System\ctGMcHq.exe
  C:\Windows\System\ctGMcHq.exe
  2⤵
  PID:7784
- C:\Windows\System\njipDJW.exe
  C:\Windows\System\njipDJW.exe
  2⤵
  PID:7804
- C:\Windows\System\VxoWnvn.exe
  C:\Windows\System\VxoWnvn.exe
  2⤵
  PID:7820
- C:\Windows\System\xATwNEv.exe
  C:\Windows\System\xATwNEv.exe
  2⤵
  PID:7836
- C:\Windows\System\itQyEsg.exe
  C:\Windows\System\itQyEsg.exe
  2⤵
  PID:7852
- C:\Windows\System\xZFKvxa.exe
  C:\Windows\System\xZFKvxa.exe
  2⤵
  PID:7868
- C:\Windows\System\GsQFuyQ.exe
  C:\Windows\System\GsQFuyQ.exe
  2⤵
  PID:7884
- C:\Windows\System\ZTFOHPa.exe
  C:\Windows\System\ZTFOHPa.exe
  2⤵
  PID:7900
- C:\Windows\System\mTfFCxv.exe
  C:\Windows\System\mTfFCxv.exe
  2⤵
  PID:7916
- C:\Windows\System\lekiILp.exe
  C:\Windows\System\lekiILp.exe
  2⤵
  PID:7932
- C:\Windows\System\tqEQLgI.exe
  C:\Windows\System\tqEQLgI.exe
  2⤵
  PID:7952
- C:\Windows\System\YxhbQIT.exe
  C:\Windows\System\YxhbQIT.exe
  2⤵
  PID:7996
- C:\Windows\System\FHOylaM.exe
  C:\Windows\System\FHOylaM.exe
  2⤵
  PID:8024
- C:\Windows\System\jrMJHrT.exe
  C:\Windows\System\jrMJHrT.exe
  2⤵
  PID:8044
- C:\Windows\System\RouVzxz.exe
  C:\Windows\System\RouVzxz.exe
  2⤵
  PID:8064
- C:\Windows\System\iYVAFnJ.exe
  C:\Windows\System\iYVAFnJ.exe
  2⤵
  PID:8084
- C:\Windows\System\DEFMvrG.exe
  C:\Windows\System\DEFMvrG.exe
  2⤵
  PID:8100
- C:\Windows\System\BBlsPGu.exe
  C:\Windows\System\BBlsPGu.exe
  2⤵
  PID:8124
- C:\Windows\System\VkNVBpG.exe
  C:\Windows\System\VkNVBpG.exe
  2⤵
  PID:8140
- C:\Windows\System\qGlVmon.exe
  C:\Windows\System\qGlVmon.exe
  2⤵
  PID:8156
- C:\Windows\System\qtVNNEo.exe
  C:\Windows\System\qtVNNEo.exe
  2⤵
  PID:6940
- C:\Windows\System\ObhrSxb.exe
  C:\Windows\System\ObhrSxb.exe
  2⤵
  PID:6848
- C:\Windows\System\zUggLyn.exe
  C:\Windows\System\zUggLyn.exe
  2⤵
  PID:1208
- C:\Windows\System\TleJoPN.exe
  C:\Windows\System\TleJoPN.exe
  2⤵
  PID:7024
- C:\Windows\System\svaFHXO.exe
  C:\Windows\System\svaFHXO.exe
  2⤵
  PID:3272
- C:\Windows\System\fLcsqOY.exe
  C:\Windows\System\fLcsqOY.exe
  2⤵
  PID:5124
- C:\Windows\System\axfGjIL.exe
  C:\Windows\System\axfGjIL.exe
  2⤵
  PID:264
- C:\Windows\System\CmfQQmx.exe
  C:\Windows\System\CmfQQmx.exe
  2⤵
  PID:2124
- C:\Windows\System\SOORHLz.exe
  C:\Windows\System\SOORHLz.exe
  2⤵
  PID:7192
- C:\Windows\System\ynQcVeD.exe
  C:\Windows\System\ynQcVeD.exe
  2⤵
  PID:2168
- C:\Windows\System\oYqnNyC.exe
  C:\Windows\System\oYqnNyC.exe
  2⤵
  PID:7240
- C:\Windows\System\UkqfDFc.exe
  C:\Windows\System\UkqfDFc.exe
  2⤵
  PID:1484
- C:\Windows\System\XYtBXHs.exe
  C:\Windows\System\XYtBXHs.exe
  2⤵
  PID:2776
- C:\Windows\System\GoQiMxl.exe
  C:\Windows\System\GoQiMxl.exe
  2⤵
  PID:7256
- C:\Windows\System\ucqoYqm.exe
  C:\Windows\System\ucqoYqm.exe
  2⤵
  PID:1592
- C:\Windows\System\fwAtoPf.exe
  C:\Windows\System\fwAtoPf.exe
  2⤵
  PID:2304
- C:\Windows\System\WQrXVVM.exe
  C:\Windows\System\WQrXVVM.exe
  2⤵
  PID:1848
- C:\Windows\System\EmeDwQc.exe
  C:\Windows\System\EmeDwQc.exe
  2⤵
  PID:7300
- C:\Windows\System\JFTtZmX.exe
  C:\Windows\System\JFTtZmX.exe
  2⤵
  PID:7304
- C:\Windows\System\ORdNzQp.exe
  C:\Windows\System\ORdNzQp.exe
  2⤵
  PID:7344
- C:\Windows\System\jkQrgBk.exe
  C:\Windows\System\jkQrgBk.exe
  2⤵
  PID:7384
- C:\Windows\System\IAkpvmW.exe
  C:\Windows\System\IAkpvmW.exe
  2⤵
  PID:7408
- C:\Windows\System\jrwEiSv.exe
  C:\Windows\System\jrwEiSv.exe
  2⤵
  PID:7472
- C:\Windows\System\HcmQwZj.exe
  C:\Windows\System\HcmQwZj.exe
  2⤵
  PID:7480
- C:\Windows\System\nIKftUs.exe
  C:\Windows\System\nIKftUs.exe
  2⤵
  PID:7576
- C:\Windows\System\KRsuUJi.exe
  C:\Windows\System\KRsuUJi.exe
  2⤵
  PID:7604
- C:\Windows\System\SDfWbWd.exe
  C:\Windows\System\SDfWbWd.exe
  2⤵
  PID:7680
- C:\Windows\System\fZeClRE.exe
  C:\Windows\System\fZeClRE.exe
  2⤵
  PID:7620
- C:\Windows\System\iAwcbuU.exe
  C:\Windows\System\iAwcbuU.exe
  2⤵
  PID:7688
- C:\Windows\System\nJZgxhc.exe
  C:\Windows\System\nJZgxhc.exe
  2⤵
  PID:1488
- C:\Windows\System\CiwYpcS.exe
  C:\Windows\System\CiwYpcS.exe
  2⤵
  PID:7772
- C:\Windows\System\muYaaYs.exe
  C:\Windows\System\muYaaYs.exe
  2⤵
  PID:7748
- C:\Windows\System\saoTuRE.exe
  C:\Windows\System\saoTuRE.exe
  2⤵
  PID:7812
- C:\Windows\System\QpSbUih.exe
  C:\Windows\System\QpSbUih.exe
  2⤵
  PID:7876
- C:\Windows\System\nIJrpSW.exe
  C:\Windows\System\nIJrpSW.exe
  2⤵
  PID:7896
- C:\Windows\System\wJPgmdJ.exe
  C:\Windows\System\wJPgmdJ.exe
  2⤵
  PID:7892
- C:\Windows\System\rhAdEIB.exe
  C:\Windows\System\rhAdEIB.exe
  2⤵
  PID:7796
- C:\Windows\System\uWMwkUN.exe
  C:\Windows\System\uWMwkUN.exe
  2⤵
  PID:8008
- C:\Windows\System\NMdJlRL.exe
  C:\Windows\System\NMdJlRL.exe
  2⤵
  PID:8052
- C:\Windows\System\VvqfJqH.exe
  C:\Windows\System\VvqfJqH.exe
  2⤵
  PID:8096
- C:\Windows\System\UbujfKo.exe
  C:\Windows\System\UbujfKo.exe
  2⤵
  PID:7988
- C:\Windows\System\MUwyYLu.exe
  C:\Windows\System\MUwyYLu.exe
  2⤵
  PID:8172
- C:\Windows\System\gnBzzcG.exe
  C:\Windows\System\gnBzzcG.exe
  2⤵
  PID:8036
- C:\Windows\System\QYnaRnb.exe
  C:\Windows\System\QYnaRnb.exe
  2⤵
  PID:8108
- C:\Windows\System\NwsYAcR.exe
  C:\Windows\System\NwsYAcR.exe
  2⤵
  PID:8072
- C:\Windows\System\CNVbnib.exe
  C:\Windows\System\CNVbnib.exe
  2⤵
  PID:8188
- C:\Windows\System\xagkHeA.exe
  C:\Windows\System\xagkHeA.exe
  2⤵
  PID:7200
- C:\Windows\System\XEivOBX.exe
  C:\Windows\System\XEivOBX.exe
  2⤵
  PID:2208
- C:\Windows\System\uqizRBc.exe
  C:\Windows\System\uqizRBc.exe
  2⤵
  PID:1928
- C:\Windows\System\VMaawvL.exe
  C:\Windows\System\VMaawvL.exe
  2⤵
  PID:3052
- C:\Windows\System\WZAAyQL.exe
  C:\Windows\System\WZAAyQL.exe
  2⤵
  PID:2932
- C:\Windows\System\ZMYtpqN.exe
  C:\Windows\System\ZMYtpqN.exe
  2⤵
  PID:7180
- C:\Windows\System\uyelnjA.exe
  C:\Windows\System\uyelnjA.exe
  2⤵
  PID:1080
- C:\Windows\System\jkqCkea.exe
  C:\Windows\System\jkqCkea.exe
  2⤵
  PID:7244
- C:\Windows\System\PolXcBy.exe
  C:\Windows\System\PolXcBy.exe
  2⤵
  PID:7348
- C:\Windows\System\uDVSzxM.exe
  C:\Windows\System\uDVSzxM.exe
  2⤵
  PID:7488
- C:\Windows\System\tkpEIww.exe
  C:\Windows\System\tkpEIww.exe
  2⤵
  PID:532
- C:\Windows\System\tIeUPlY.exe
  C:\Windows\System\tIeUPlY.exe
  2⤵
  PID:7536
- C:\Windows\System\SecknOD.exe
  C:\Windows\System\SecknOD.exe
  2⤵
  PID:7360
- C:\Windows\System\LxsHBwP.exe
  C:\Windows\System\LxsHBwP.exe
  2⤵
  PID:7460
- C:\Windows\System\YjtgETk.exe
  C:\Windows\System\YjtgETk.exe
  2⤵
  PID:7644
- C:\Windows\System\gNOZYky.exe
  C:\Windows\System\gNOZYky.exe
  2⤵
  PID:7692
- C:\Windows\System\cQhOJJU.exe
  C:\Windows\System\cQhOJJU.exe
  2⤵
  PID:7732
- C:\Windows\System\jrtJHIE.exe
  C:\Windows\System\jrtJHIE.exe
  2⤵
  PID:7720
- C:\Windows\System\ThGURLL.exe
  C:\Windows\System\ThGURLL.exe
  2⤵
  PID:7944
- C:\Windows\System\XXIEMCy.exe
  C:\Windows\System\XXIEMCy.exe
  2⤵
  PID:7828
- C:\Windows\System\Otwsrnm.exe
  C:\Windows\System\Otwsrnm.exe
  2⤵
  PID:7972
- C:\Windows\System\ZUBjtgg.exe
  C:\Windows\System\ZUBjtgg.exe
  2⤵
  PID:8180
- C:\Windows\System\kZuEVvE.exe
  C:\Windows\System\kZuEVvE.exe
  2⤵
  PID:7968
- C:\Windows\System\EOLtaMP.exe
  C:\Windows\System\EOLtaMP.exe
  2⤵
  PID:8120
- C:\Windows\System\gDVBBYf.exe
  C:\Windows\System\gDVBBYf.exe
  2⤵
  PID:3024
- C:\Windows\System\RStdFDQ.exe
  C:\Windows\System\RStdFDQ.exe
  2⤵
  PID:1544
- C:\Windows\System\GFMKzpC.exe
  C:\Windows\System\GFMKzpC.exe
  2⤵
  PID:6236
- C:\Windows\System\YYTfnVS.exe
  C:\Windows\System\YYTfnVS.exe
  2⤵
  PID:1960
- C:\Windows\System\AzBydaJ.exe
  C:\Windows\System\AzBydaJ.exe
  2⤵
  PID:2300
- C:\Windows\System\JJeGssR.exe
  C:\Windows\System\JJeGssR.exe
  2⤵
  PID:560
- C:\Windows\System\kiGwogj.exe
  C:\Windows\System\kiGwogj.exe
  2⤵
  PID:7424
- C:\Windows\System\QcZzYNt.exe
  C:\Windows\System\QcZzYNt.exe
  2⤵
  PID:7552
- C:\Windows\System\ehliCCX.exe
  C:\Windows\System\ehliCCX.exe
  2⤵
  PID:7172
- C:\Windows\System\FkPFnNL.exe
  C:\Windows\System\FkPFnNL.exe
  2⤵
  PID:7524
- C:\Windows\System\nxOcoDw.exe
  C:\Windows\System\nxOcoDw.exe
  2⤵
  PID:7588
- C:\Windows\System\AsOveqR.exe
  C:\Windows\System\AsOveqR.exe
  2⤵
  PID:7700
- C:\Windows\System\MPNXGoF.exe
  C:\Windows\System\MPNXGoF.exe
  2⤵
  PID:7908
- C:\Windows\System\KpHrZIw.exe
  C:\Windows\System\KpHrZIw.exe
  2⤵
  PID:8020
- C:\Windows\System\xcXjAhW.exe
  C:\Windows\System\xcXjAhW.exe
  2⤵
  PID:8148
- C:\Windows\System\zKCaaaw.exe
  C:\Windows\System\zKCaaaw.exe
  2⤵
  PID:7980
- C:\Windows\System\bqekyZv.exe
  C:\Windows\System\bqekyZv.exe
  2⤵
  PID:7284
- C:\Windows\System\EYUWwAa.exe
  C:\Windows\System\EYUWwAa.exe
  2⤵
  PID:3040
- C:\Windows\System\uEjsNhv.exe
  C:\Windows\System\uEjsNhv.exe
  2⤵
  PID:7640
- C:\Windows\System\eYanoId.exe
  C:\Windows\System\eYanoId.exe
  2⤵
  PID:7792
- C:\Windows\System\cVBFeYm.exe
  C:\Windows\System\cVBFeYm.exe
  2⤵
  PID:7504
- C:\Windows\System\KvSPtwc.exe
  C:\Windows\System\KvSPtwc.exe
  2⤵
  PID:7752
- C:\Windows\System\ASrAmiS.exe
  C:\Windows\System\ASrAmiS.exe
  2⤵
  PID:8092
- C:\Windows\System\WDoPmaP.exe
  C:\Windows\System\WDoPmaP.exe
  2⤵
  PID:8208
- C:\Windows\System\WNfoyYU.exe
  C:\Windows\System\WNfoyYU.exe
  2⤵
  PID:8236
- C:\Windows\System\YeHfNtK.exe
  C:\Windows\System\YeHfNtK.exe
  2⤵
  PID:8272
- C:\Windows\System\bySIklM.exe
  C:\Windows\System\bySIklM.exe
  2⤵
  PID:8300
- C:\Windows\System\mEUEsLx.exe
  C:\Windows\System\mEUEsLx.exe
  2⤵
  PID:8316
- C:\Windows\System\tPHZBvQ.exe
  C:\Windows\System\tPHZBvQ.exe
  2⤵
  PID:8344
- C:\Windows\System\rbNlNBw.exe
  C:\Windows\System\rbNlNBw.exe
  2⤵
  PID:8368
- C:\Windows\System\IYRBZeN.exe
  C:\Windows\System\IYRBZeN.exe
  2⤵
  PID:8384
- C:\Windows\System\hGjmbLZ.exe
  C:\Windows\System\hGjmbLZ.exe
  2⤵
  PID:8400
- C:\Windows\System\RWwqyGB.exe
  C:\Windows\System\RWwqyGB.exe
  2⤵
  PID:8436
- C:\Windows\System\nMKjOVx.exe
  C:\Windows\System\nMKjOVx.exe
  2⤵
  PID:8452
- C:\Windows\System\AgeysUF.exe
  C:\Windows\System\AgeysUF.exe
  2⤵
  PID:8468
- C:\Windows\System\QSfbthr.exe
  C:\Windows\System\QSfbthr.exe
  2⤵
  PID:8492
- C:\Windows\System\uZfbxBl.exe
  C:\Windows\System\uZfbxBl.exe
  2⤵
  PID:8516
- C:\Windows\System\XeAyRgd.exe
  C:\Windows\System\XeAyRgd.exe
  2⤵
  PID:8532
- C:\Windows\System\GBfKuBQ.exe
  C:\Windows\System\GBfKuBQ.exe
  2⤵
  PID:8552
- C:\Windows\System\gbcqXVS.exe
  C:\Windows\System\gbcqXVS.exe
  2⤵
  PID:8568
- C:\Windows\System\FdNtiNp.exe
  C:\Windows\System\FdNtiNp.exe
  2⤵
  PID:8584
- C:\Windows\System\jzYPgkf.exe
  C:\Windows\System\jzYPgkf.exe
  2⤵
  PID:8600
- C:\Windows\System\oUpEyop.exe
  C:\Windows\System\oUpEyop.exe
  2⤵
  PID:8616
- C:\Windows\System\SJlaHJr.exe
  C:\Windows\System\SJlaHJr.exe
  2⤵
  PID:8632
- C:\Windows\System\QlkZcNf.exe
  C:\Windows\System\QlkZcNf.exe
  2⤵
  PID:8648
- C:\Windows\System\tnxPQmG.exe
  C:\Windows\System\tnxPQmG.exe
  2⤵
  PID:8668
- C:\Windows\System\pqjXXhA.exe
  C:\Windows\System\pqjXXhA.exe
  2⤵
  PID:8688
- C:\Windows\System\raAIdjg.exe
  C:\Windows\System\raAIdjg.exe
  2⤵
  PID:8704
- C:\Windows\System\SQndMjA.exe
  C:\Windows\System\SQndMjA.exe
  2⤵
  PID:8720
- C:\Windows\System\mRhWQfW.exe
  C:\Windows\System\mRhWQfW.exe
  2⤵
  PID:8752
- C:\Windows\System\gCoQcUu.exe
  C:\Windows\System\gCoQcUu.exe
  2⤵
  PID:8772
- C:\Windows\System\cQJeLix.exe
  C:\Windows\System\cQJeLix.exe
  2⤵
  PID:8788
- C:\Windows\System\JfSXAEm.exe
  C:\Windows\System\JfSXAEm.exe
  2⤵
  PID:8804
- C:\Windows\System\UMklxGh.exe
  C:\Windows\System\UMklxGh.exe
  2⤵
  PID:8820
- C:\Windows\System\HVaooLu.exe
  C:\Windows\System\HVaooLu.exe
  2⤵
  PID:8836
- C:\Windows\System\ruXuFYg.exe
  C:\Windows\System\ruXuFYg.exe
  2⤵
  PID:8852
- C:\Windows\System\cpCaUhJ.exe
  C:\Windows\System\cpCaUhJ.exe
  2⤵
  PID:8872
- C:\Windows\System\OcwKJaS.exe
  C:\Windows\System\OcwKJaS.exe
  2⤵
  PID:8892
- C:\Windows\System\DhnRton.exe
  C:\Windows\System\DhnRton.exe
  2⤵
  PID:8920
- C:\Windows\System\NgFMNqx.exe
  C:\Windows\System\NgFMNqx.exe
  2⤵
  PID:8936
- C:\Windows\System\fqEIPKH.exe
  C:\Windows\System\fqEIPKH.exe
  2⤵
  PID:8952
- C:\Windows\System\laqXNVH.exe
  C:\Windows\System\laqXNVH.exe
  2⤵
  PID:8976
- C:\Windows\System\gZQaJzH.exe
  C:\Windows\System\gZQaJzH.exe
  2⤵
  PID:9008
- C:\Windows\System\QKikbZT.exe
  C:\Windows\System\QKikbZT.exe
  2⤵
  PID:9060
- C:\Windows\System\PnBnlbe.exe
  C:\Windows\System\PnBnlbe.exe
  2⤵
  PID:9080
- C:\Windows\System\WKmQayp.exe
  C:\Windows\System\WKmQayp.exe
  2⤵
  PID:9100
- C:\Windows\System\GQUodmK.exe
  C:\Windows\System\GQUodmK.exe
  2⤵
  PID:9116
- C:\Windows\System\LnIdTlh.exe
  C:\Windows\System\LnIdTlh.exe
  2⤵
  PID:9136
- C:\Windows\System\sSUjaoN.exe
  C:\Windows\System\sSUjaoN.exe
  2⤵
  PID:9164
- C:\Windows\System\KPgfUnx.exe
  C:\Windows\System\KPgfUnx.exe
  2⤵
  PID:9180
- C:\Windows\System\GuQaABB.exe
  C:\Windows\System\GuQaABB.exe
  2⤵
  PID:9196
- C:\Windows\System\KppYozD.exe
  C:\Windows\System\KppYozD.exe
  2⤵
  PID:9212
- C:\Windows\System\bHlWOlD.exe
  C:\Windows\System\bHlWOlD.exe
  2⤵
  PID:7372
- C:\Windows\System\aTpdDBg.exe
  C:\Windows\System\aTpdDBg.exe
  2⤵
  PID:1608
- C:\Windows\System\XbIWMvK.exe
  C:\Windows\System\XbIWMvK.exe
  2⤵
  PID:7592
- C:\Windows\System\JozGHkt.exe
  C:\Windows\System\JozGHkt.exe
  2⤵
  PID:8136
- C:\Windows\System\mCnScYJ.exe
  C:\Windows\System\mCnScYJ.exe
  2⤵
  PID:8016
- C:\Windows\System\efGZqEp.exe
  C:\Windows\System\efGZqEp.exe
  2⤵
  PID:2448
- C:\Windows\System\XWlbnhV.exe
  C:\Windows\System\XWlbnhV.exe
  2⤵
  PID:7780
- C:\Windows\System\wNwYBAf.exe
  C:\Windows\System\wNwYBAf.exe
  2⤵
  PID:6864
- C:\Windows\System\EwUcNZi.exe
  C:\Windows\System\EwUcNZi.exe
  2⤵
  PID:7964
- C:\Windows\System\AIGAUqz.exe
  C:\Windows\System\AIGAUqz.exe
  2⤵
  PID:8204
- C:\Windows\System\nTAqqRU.exe
  C:\Windows\System\nTAqqRU.exe
  2⤵
  PID:8284
- C:\Windows\System\vEyaTwA.exe
  C:\Windows\System\vEyaTwA.exe
  2⤵
  PID:8324
- C:\Windows\System\RiuNBPC.exe
  C:\Windows\System\RiuNBPC.exe
  2⤵
  PID:7540
- C:\Windows\System\ijzTIwA.exe
  C:\Windows\System\ijzTIwA.exe
  2⤵
  PID:8360
- C:\Windows\System\evrrLqT.exe
  C:\Windows\System\evrrLqT.exe
  2⤵
  PID:8380
- C:\Windows\System\MpznoBf.exe
  C:\Windows\System\MpznoBf.exe
  2⤵
  PID:8416
- C:\Windows\System\GNncOZh.exe
  C:\Windows\System\GNncOZh.exe
  2⤵
  PID:8444
- C:\Windows\System\BXTQREJ.exe
  C:\Windows\System\BXTQREJ.exe
  2⤵
  PID:8564
- C:\Windows\System\YfHRePx.exe
  C:\Windows\System\YfHRePx.exe
  2⤵
  PID:8656
- C:\Windows\System\sYkMWUw.exe
  C:\Windows\System\sYkMWUw.exe
  2⤵
  PID:8680
- C:\Windows\System\tmpFyJo.exe
  C:\Windows\System\tmpFyJo.exe
  2⤵
  PID:8760
- C:\Windows\System\LcVlCCH.exe
  C:\Windows\System\LcVlCCH.exe
  2⤵
  PID:8700
- C:\Windows\System\HBkBMgy.exe
  C:\Windows\System\HBkBMgy.exe
  2⤵
  PID:8768
- C:\Windows\System\KdKSyBe.exe
  C:\Windows\System\KdKSyBe.exe
  2⤵
  PID:8816
- C:\Windows\System\nHkpeIb.exe
  C:\Windows\System\nHkpeIb.exe
  2⤵
  PID:8868
- C:\Windows\System\bCCEAzQ.exe
  C:\Windows\System\bCCEAzQ.exe
  2⤵
  PID:8904
- C:\Windows\System\vpsPFMx.exe
  C:\Windows\System\vpsPFMx.exe
  2⤵
  PID:8948
- C:\Windows\System\duRGYOM.exe
  C:\Windows\System\duRGYOM.exe
  2⤵
  PID:8964
- C:\Windows\System\eYOMUQe.exe
  C:\Windows\System\eYOMUQe.exe
  2⤵
  PID:8992
- C:\Windows\System\TxaFxpD.exe
  C:\Windows\System\TxaFxpD.exe
  2⤵
  PID:9004
- C:\Windows\System\UIscYin.exe
  C:\Windows\System\UIscYin.exe
  2⤵
  PID:9036
- C:\Windows\System\RVeyPrn.exe
  C:\Windows\System\RVeyPrn.exe
  2⤵
  PID:9076
- C:\Windows\System\TmgGAJN.exe
  C:\Windows\System\TmgGAJN.exe
  2⤵
  PID:9108
- C:\Windows\System\NjaAONW.exe
  C:\Windows\System\NjaAONW.exe
  2⤵
  PID:9128
- C:\Windows\System\tpLvFJz.exe
  C:\Windows\System\tpLvFJz.exe
  2⤵
  PID:9172
- C:\Windows\System\LIBAtLf.exe
  C:\Windows\System\LIBAtLf.exe
  2⤵
  PID:7320
- C:\Windows\System\VaQeqAd.exe
  C:\Windows\System\VaQeqAd.exe
  2⤵
  PID:8228
- C:\Windows\System\uIvgDaM.exe
  C:\Windows\System\uIvgDaM.exe
  2⤵
  PID:7404
- C:\Windows\System\WddAlLo.exe
  C:\Windows\System\WddAlLo.exe
  2⤵
  PID:7984
- C:\Windows\System\WJCfeKV.exe
  C:\Windows\System\WJCfeKV.exe
  2⤵
  PID:1740
- C:\Windows\System\haiGyIO.exe
  C:\Windows\System\haiGyIO.exe
  2⤵
  PID:8396
- C:\Windows\System\dbYwVsu.exe
  C:\Windows\System\dbYwVsu.exe
  2⤵
  PID:8248
- C:\Windows\System\tLrgtjx.exe
  C:\Windows\System\tLrgtjx.exe
  2⤵
  PID:8364
- C:\Windows\System\HRGLlky.exe
  C:\Windows\System\HRGLlky.exe
  2⤵
  PID:8480
- C:\Windows\System\cRHXFxa.exe
  C:\Windows\System\cRHXFxa.exe
  2⤵
  PID:8508
- C:\Windows\System\mtqeTnL.exe
  C:\Windows\System\mtqeTnL.exe
  2⤵
  PID:8548
- C:\Windows\System\WQCmfjD.exe
  C:\Windows\System\WQCmfjD.exe
  2⤵
  PID:8608
- C:\Windows\System\kqfNXCb.exe
  C:\Windows\System\kqfNXCb.exe
  2⤵
  PID:8592
- C:\Windows\System\YFRxJyu.exe
  C:\Windows\System\YFRxJyu.exe
  2⤵
  PID:8664
- C:\Windows\System\BEDxHXm.exe
  C:\Windows\System\BEDxHXm.exe
  2⤵
  PID:8732
- C:\Windows\System\eeknBaN.exe
  C:\Windows\System\eeknBaN.exe
  2⤵
  PID:8828
- C:\Windows\System\IowDwjM.exe
  C:\Windows\System\IowDwjM.exe
  2⤵
  PID:8916
- C:\Windows\System\DLLGcfO.exe
  C:\Windows\System\DLLGcfO.exe
  2⤵
  PID:8944
- C:\Windows\System\RNtHzGt.exe
  C:\Windows\System\RNtHzGt.exe
  2⤵
  PID:9020
- C:\Windows\System\FrcfYTJ.exe
  C:\Windows\System\FrcfYTJ.exe
  2⤵
  PID:8428
- C:\Windows\System\DldEZcd.exe
  C:\Windows\System\DldEZcd.exe
  2⤵
  PID:9056
- C:\Windows\System\nEaQADa.exe
  C:\Windows\System\nEaQADa.exe
  2⤵
  PID:9148
- C:\Windows\System\emYAgvL.exe
  C:\Windows\System\emYAgvL.exe
  2⤵
  PID:7268
- C:\Windows\System\bjRbedE.exe
  C:\Windows\System\bjRbedE.exe
  2⤵
  PID:8432
- C:\Windows\System\bEiexcD.exe
  C:\Windows\System\bEiexcD.exe
  2⤵
  PID:7104
- C:\Windows\System\CQugrZO.exe
  C:\Windows\System\CQugrZO.exe
  2⤵
  PID:8256
- C:\Windows\System\lUXgnLI.exe
  C:\Windows\System\lUXgnLI.exe
  2⤵
  PID:9176
- C:\Windows\System\oAkMSTw.exe
  C:\Windows\System\oAkMSTw.exe
  2⤵
  PID:8504
- C:\Windows\System\NRCDpcf.exe
  C:\Windows\System\NRCDpcf.exe
  2⤵
  PID:8576
- C:\Windows\System\YnWCxdj.exe
  C:\Windows\System\YnWCxdj.exe
  2⤵
  PID:8800
- C:\Windows\System\KzrjknU.exe
  C:\Windows\System\KzrjknU.exe
  2⤵
  PID:8540
- C:\Windows\System\hgZhVKJ.exe
  C:\Windows\System\hgZhVKJ.exe
  2⤵
  PID:8968
- C:\Windows\System\LueYeuJ.exe
  C:\Windows\System\LueYeuJ.exe
  2⤵
  PID:7520
- C:\Windows\System\XtAGCSK.exe
  C:\Windows\System\XtAGCSK.exe
  2⤵
  PID:8696
- C:\Windows\System\MDPhCsv.exe
  C:\Windows\System\MDPhCsv.exe
  2⤵
  PID:9016
- C:\Windows\System\OxQKQFT.exe
  C:\Windows\System\OxQKQFT.exe
  2⤵
  PID:7664
- C:\Windows\System\tXWrVsV.exe
  C:\Windows\System\tXWrVsV.exe
  2⤵
  PID:9192
- C:\Windows\System\SjRTrRC.exe
  C:\Windows\System\SjRTrRC.exe
  2⤵
  PID:9152
- C:\Windows\System\OsPhOFi.exe
  C:\Windows\System\OsPhOFi.exe
  2⤵
  PID:7340
- C:\Windows\System\MGQJXeC.exe
  C:\Windows\System\MGQJXeC.exe
  2⤵
  PID:8640
- C:\Windows\System\lvwhAja.exe
  C:\Windows\System\lvwhAja.exe
  2⤵
  PID:8900
- C:\Windows\System\dsESwlL.exe
  C:\Windows\System\dsESwlL.exe
  2⤵
  PID:8932
- C:\Windows\System\qFSdGnb.exe
  C:\Windows\System\qFSdGnb.exe
  2⤵
  PID:8812
- C:\Windows\System\JeRZwHd.exe
  C:\Windows\System\JeRZwHd.exe
  2⤵
  PID:8484
- C:\Windows\System\wEloKil.exe
  C:\Windows\System\wEloKil.exe
  2⤵
  PID:8488
- C:\Windows\System\asNyhZy.exe
  C:\Windows\System\asNyhZy.exe
  2⤵
  PID:8864
- C:\Windows\System\VcmfCeZ.exe
  C:\Windows\System\VcmfCeZ.exe
  2⤵
  PID:8972
- C:\Windows\System\AXcctXY.exe
  C:\Windows\System\AXcctXY.exe
  2⤵
  PID:9160
- C:\Windows\System\PvNbDtW.exe
  C:\Windows\System\PvNbDtW.exe
  2⤵
  PID:8832
- C:\Windows\System\cFbRfJp.exe
  C:\Windows\System\cFbRfJp.exe
  2⤵
  PID:8784
- C:\Windows\System\fyGtZbl.exe
  C:\Windows\System\fyGtZbl.exe
  2⤵
  PID:8736
- C:\Windows\System\aItEvaF.exe
  C:\Windows\System\aItEvaF.exe
  2⤵
  PID:8988
- C:\Windows\System\edoKqpo.exe
  C:\Windows\System\edoKqpo.exe
  2⤵
  PID:9208
- C:\Windows\System\pmWIUqA.exe
  C:\Windows\System\pmWIUqA.exe
  2⤵
  PID:9220
- C:\Windows\System\yhxjDUF.exe
  C:\Windows\System\yhxjDUF.exe
  2⤵
  PID:9244
- C:\Windows\System\QHzgEyR.exe
  C:\Windows\System\QHzgEyR.exe
  2⤵
  PID:9264
- C:\Windows\System\TNspqoM.exe
  C:\Windows\System\TNspqoM.exe
  2⤵
  PID:9280
- C:\Windows\System\OHoPomh.exe
  C:\Windows\System\OHoPomh.exe
  2⤵
  PID:9300
- C:\Windows\System\nbToXDB.exe
  C:\Windows\System\nbToXDB.exe
  2⤵
  PID:9316
- C:\Windows\System\KeWtDMp.exe
  C:\Windows\System\KeWtDMp.exe
  2⤵
  PID:9336
- C:\Windows\System\MsoktHC.exe
  C:\Windows\System\MsoktHC.exe
  2⤵
  PID:9368
- C:\Windows\System\YFMdIQd.exe
  C:\Windows\System\YFMdIQd.exe
  2⤵
  PID:9388
- C:\Windows\System\aLUuFAy.exe
  C:\Windows\System\aLUuFAy.exe
  2⤵
  PID:9408
- C:\Windows\System\dLcDQNE.exe
  C:\Windows\System\dLcDQNE.exe
  2⤵
  PID:9428
- C:\Windows\System\FNreJFy.exe
  C:\Windows\System\FNreJFy.exe
  2⤵
  PID:9444
- C:\Windows\System\ZnTtcFp.exe
  C:\Windows\System\ZnTtcFp.exe
  2⤵
  PID:9468
- C:\Windows\System\LHvUUiB.exe
  C:\Windows\System\LHvUUiB.exe
  2⤵
  PID:9484
- C:\Windows\System\zWRleBQ.exe
  C:\Windows\System\zWRleBQ.exe
  2⤵
  PID:9504
- C:\Windows\System\wAfScLH.exe
  C:\Windows\System\wAfScLH.exe
  2⤵
  PID:9524
- C:\Windows\System\diQvDKH.exe
  C:\Windows\System\diQvDKH.exe
  2⤵
  PID:9544
- C:\Windows\System\TlbKOan.exe
  C:\Windows\System\TlbKOan.exe
  2⤵
  PID:9568
- C:\Windows\System\YoRebrL.exe
  C:\Windows\System\YoRebrL.exe
  2⤵
  PID:9588
- C:\Windows\System\PpAEFee.exe
  C:\Windows\System\PpAEFee.exe
  2⤵
  PID:9608
- C:\Windows\System\tPodHEk.exe
  C:\Windows\System\tPodHEk.exe
  2⤵
  PID:9624
- C:\Windows\System\lYCbwIt.exe
  C:\Windows\System\lYCbwIt.exe
  2⤵
  PID:9648
- C:\Windows\System\FKCEFIw.exe
  C:\Windows\System\FKCEFIw.exe
  2⤵
  PID:9668
- C:\Windows\System\kzPEpSU.exe
  C:\Windows\System\kzPEpSU.exe
  2⤵
  PID:9684
- C:\Windows\System\BfuntHP.exe
  C:\Windows\System\BfuntHP.exe
  2⤵
  PID:9708
- C:\Windows\System\xhycSmX.exe
  C:\Windows\System\xhycSmX.exe
  2⤵
  PID:9728
- C:\Windows\System\zPFCGrB.exe
  C:\Windows\System\zPFCGrB.exe
  2⤵
  PID:9748
- C:\Windows\System\fdQKXAX.exe
  C:\Windows\System\fdQKXAX.exe
  2⤵
  PID:9768
- C:\Windows\System\mgzJajG.exe
  C:\Windows\System\mgzJajG.exe
  2⤵
  PID:9784
- C:\Windows\System\dHRCMPL.exe
  C:\Windows\System\dHRCMPL.exe
  2⤵
  PID:9816
- C:\Windows\System\KIaLZPP.exe
  C:\Windows\System\KIaLZPP.exe
  2⤵
  PID:9836
- C:\Windows\System\wZvBrYA.exe
  C:\Windows\System\wZvBrYA.exe
  2⤵
  PID:9852
- C:\Windows\System\DohtuHB.exe
  C:\Windows\System\DohtuHB.exe
  2⤵
  PID:9872
- C:\Windows\System\sWAJTOL.exe
  C:\Windows\System\sWAJTOL.exe
  2⤵
  PID:9888
- C:\Windows\System\QzFzBmk.exe
  C:\Windows\System\QzFzBmk.exe
  2⤵
  PID:9908
- C:\Windows\System\HHWaTMR.exe
  C:\Windows\System\HHWaTMR.exe
  2⤵
  PID:9924
- C:\Windows\System\SDgrlbV.exe
  C:\Windows\System\SDgrlbV.exe
  2⤵
  PID:9948
- C:\Windows\System\jHZQoKw.exe
  C:\Windows\System\jHZQoKw.exe
  2⤵
  PID:9968
- C:\Windows\System\SpZUHAK.exe
  C:\Windows\System\SpZUHAK.exe
  2⤵
  PID:9992
- C:\Windows\System\IuhnzHo.exe
  C:\Windows\System\IuhnzHo.exe
  2⤵
  PID:10012
- C:\Windows\System\adNdXsD.exe
  C:\Windows\System\adNdXsD.exe
  2⤵
  PID:10036
- C:\Windows\System\NzRChvo.exe
  C:\Windows\System\NzRChvo.exe
  2⤵
  PID:10052
- C:\Windows\System\qSTVCCK.exe
  C:\Windows\System\qSTVCCK.exe
  2⤵
  PID:10072
- C:\Windows\System\iaHdwog.exe
  C:\Windows\System\iaHdwog.exe
  2⤵
  PID:10092
- C:\Windows\System\SppvBpA.exe
  C:\Windows\System\SppvBpA.exe
  2⤵
  PID:10108
- C:\Windows\System\ZRqpBwQ.exe
  C:\Windows\System\ZRqpBwQ.exe
  2⤵
  PID:10128
- C:\Windows\System\GfRAwhF.exe
  C:\Windows\System\GfRAwhF.exe
  2⤵
  PID:10144
- C:\Windows\System\HiLsdKT.exe
  C:\Windows\System\HiLsdKT.exe
  2⤵
  PID:10164
- C:\Windows\System\okrhrxw.exe
  C:\Windows\System\okrhrxw.exe
  2⤵
  PID:10196
- C:\Windows\System\ggUSfjG.exe
  C:\Windows\System\ggUSfjG.exe
  2⤵
  PID:10216
- C:\Windows\System\TKVKYdG.exe
  C:\Windows\System\TKVKYdG.exe
  2⤵
  PID:10232
- C:\Windows\System\rEXfYvQ.exe
  C:\Windows\System\rEXfYvQ.exe
  2⤵
  PID:9204
- C:\Windows\System\nyIYwlh.exe
  C:\Windows\System\nyIYwlh.exe
  2⤵
  PID:9252
- C:\Windows\System\fNPbeqf.exe
  C:\Windows\System\fNPbeqf.exe
  2⤵
  PID:9288
- C:\Windows\System\xqVnyvl.exe
  C:\Windows\System\xqVnyvl.exe
  2⤵
  PID:9272
- C:\Windows\System\jeWuhSF.exe
  C:\Windows\System\jeWuhSF.exe
  2⤵
  PID:9344
- C:\Windows\System\PxtkyGm.exe
  C:\Windows\System\PxtkyGm.exe
  2⤵
  PID:9356
- C:\Windows\System\DFMDjmw.exe
  C:\Windows\System\DFMDjmw.exe
  2⤵
  PID:9380
- C:\Windows\System\fQgnlNZ.exe
  C:\Windows\System\fQgnlNZ.exe
  2⤵
  PID:9460
- C:\Windows\System\rfZprid.exe
  C:\Windows\System\rfZprid.exe
  2⤵
  PID:9536
- C:\Windows\System\SQsGJws.exe
  C:\Windows\System\SQsGJws.exe
  2⤵
  PID:9436
- C:\Windows\System\oHpHbpn.exe
  C:\Windows\System\oHpHbpn.exe
  2⤵
  PID:9480
- C:\Windows\System\GqXufBF.exe
  C:\Windows\System\GqXufBF.exe
  2⤵
  PID:9656
- C:\Windows\System\ldOkvys.exe
  C:\Windows\System\ldOkvys.exe
  2⤵
  PID:9560
- C:\Windows\System\nTiCNMk.exe
  C:\Windows\System\nTiCNMk.exe
  2⤵
  PID:9564
- C:\Windows\System\IvHyOKs.exe
  C:\Windows\System\IvHyOKs.exe
  2⤵
  PID:9640
- C:\Windows\System\zkNTGqQ.exe
  C:\Windows\System\zkNTGqQ.exe
  2⤵
  PID:9740
- C:\Windows\System\CNISDiU.exe
  C:\Windows\System\CNISDiU.exe
  2⤵
  PID:9780
- C:\Windows\System\QymKUdN.exe
  C:\Windows\System\QymKUdN.exe
  2⤵
  PID:9792
- C:\Windows\System\FPxFEcq.exe
  C:\Windows\System\FPxFEcq.exe
  2⤵
  PID:9812
- C:\Windows\System\pBrtZtH.exe
  C:\Windows\System\pBrtZtH.exe
  2⤵
  PID:9844
- C:\Windows\System\hPOOLUy.exe
  C:\Windows\System\hPOOLUy.exe
  2⤵
  PID:9868
- C:\Windows\System\zzqDXYo.exe
  C:\Windows\System\zzqDXYo.exe
  2⤵
  PID:9880
- C:\Windows\System\WzqSElv.exe
  C:\Windows\System\WzqSElv.exe
  2⤵
  PID:9976
- C:\Windows\System\DZJMUaK.exe
  C:\Windows\System\DZJMUaK.exe
  2⤵
  PID:9964
- C:\Windows\System\cBCDZrO.exe
  C:\Windows\System\cBCDZrO.exe
  2⤵
  PID:9988
- C:\Windows\System\EFWxLwP.exe
  C:\Windows\System\EFWxLwP.exe
  2⤵
  PID:10008
- C:\Windows\System\xcYfoeG.exe
  C:\Windows\System\xcYfoeG.exe
  2⤵
  PID:10100
- C:\Windows\System\FZTlhMQ.exe
  C:\Windows\System\FZTlhMQ.exe
  2⤵
  PID:10116
- C:\Windows\System\QzMvfGG.exe
  C:\Windows\System\QzMvfGG.exe
  2⤵
  PID:10156
- C:\Windows\System\ydvbzMb.exe
  C:\Windows\System\ydvbzMb.exe
  2⤵
  PID:10172
- C:\Windows\System\UIpmhDi.exe
  C:\Windows\System\UIpmhDi.exe
  2⤵
  PID:10204
- C:\Windows\System\benxJyS.exe
  C:\Windows\System\benxJyS.exe
  2⤵
  PID:10228
- C:\Windows\System\EfkXIIu.exe
  C:\Windows\System\EfkXIIu.exe
  2⤵
  PID:9324
- C:\Windows\System\QhtLVlf.exe
  C:\Windows\System\QhtLVlf.exe
  2⤵
  PID:9400
- C:\Windows\System\kJLyPmW.exe
  C:\Windows\System\kJLyPmW.exe
  2⤵
  PID:9452
- C:\Windows\System\VuNhcct.exe
  C:\Windows\System\VuNhcct.exe
  2⤵
  PID:9308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BEMDmQd.exe

Filesize
6.0MB

MD5
25c78628db0a2e1792d80501215c59c5

SHA1
98c188d9c5747896504ac38f54ac9ae0f30f8cd5

SHA256
eadc923dba4b09df261a1e0f5410bc218172f07bd230251194255b5eebf36b60

SHA512
70c710e0dc0f25362eab90e111f9ec9b3d154163ead924d5bab084b12669e29be8fee75a695db12252ed6c4360d4cc5f5ce67c927980392f079d929220f4c745

Download Submit
C:\Windows\system\GqMALyp.exe

Filesize
6.0MB

MD5
c4887a2e90a33ff04e32ce420d4b723f

SHA1
b9e15f953952d27a10dfc68f804796929dba5c3e

SHA256
7755375a52d9d49c2e1c029ed25405f0da0fa77529f80123c8cc94e3e83ec952

SHA512
b4ec090cf795059d952f68e4b27300d26861463fd9bf42c2337e3bfc8130259909f6e5249642cc09f5d9b85d4012401f62e9491d0c67788855fc5562a29ce100

Download Submit
C:\Windows\system\IYTDqmZ.exe

Filesize
6.0MB

MD5
085a367047c8e364d106b47e8f99eae8

SHA1
91b876aaca7f1bb13808edff028f5fa8895e55cd

SHA256
f8aa8452a7b419c9c6e8bb49022e5b46aae0bce29de650a1128bba767a78c2c6

SHA512
d7d704be70d014d493f1e358c44ff29fbc7e29335384cd8e63d16b0100d1de622386e1ce3aa70091dab827b437f58c76d19d9091a404c51e08860ddf84b8f69a

Download Submit
C:\Windows\system\KXxvoJb.exe

Filesize
6.0MB

MD5
2e3c1c96838aa25ab8d5b33d82ade5c2

SHA1
c9e5f0b7b098b1b9999003eddbe24c9e6beca5f5

SHA256
8d5cb382f3bfdf4e2254f89e621984d4efc6c9100b495f5d3eec25f4388590d6

SHA512
7a42f8d04e399e07fa70613e7cbf6c458d8a5644438d89fb445e90660915f33d19d9078e2ba1105ba12bbaf49742d1426dcefea092d32cf1735d3816170aa58b

Download Submit
C:\Windows\system\MBMsBwx.exe

Filesize
6.0MB

MD5
025189d0ede92f675cb72c879cef9591

SHA1
6557455d264a814c36597a500ce41defcce599eb

SHA256
c269de8090718da9725551269f10c38046dea514390501a6d599cc23ac700a01

SHA512
6b1bf2d62813a8f889a5067264f3e0f9803ada1313cbb2fe3697317843dcb8d626e9c3c7b8612bd525aedde6437341d0f2fdf804279c53353f014284eabf8aa6

Download Submit
C:\Windows\system\ObZnXRt.exe

Filesize
6.0MB

MD5
e2daf3fd59a774e468d73a0bfeafba06

SHA1
aabcd9f2526cb61f0a1a837b415d5b982c3e21a2

SHA256
1c9bbe63eda8cb0d871785eac97b9f4319106cd994371ffbd80e020b1fb6831c

SHA512
671aabddc1bdc6612f2f56a29aa81edf2972ead64e3121d467eba87b02b092b4878554488751e782c135a8aaf7330c73950b1780a7c61b286f5d9816a9eb0f86

Download Submit
C:\Windows\system\OwjxpLQ.exe

Filesize
6.0MB

MD5
bac9ae71eb255e20eb443d61407f268a

SHA1
1e105eda404a49731f3ba4f1eb0b3a44558c4203

SHA256
c27444fe78db22b802d70476b7633e28ea9cf4af66800937f6c5354857e9b75a

SHA512
1ca8176ad285d58bcd011416b98584534e6ddff40650e3c4afa1c851a82f811a3a1a2318e07e466aacb1eaf71d7f866bd89e6c3af14daf6d0366f936eac3a50d

Download Submit
C:\Windows\system\RPoQtAo.exe

Filesize
6.0MB

MD5
bbaa0ccfd68fa90a3ad686aac0f70d38

SHA1
1a8921561d23b53f1ee268137b5e3c816152b205

SHA256
84896a93aaccf7e078f630aa6c65e2dcecfdfd68e1b63f5de2b0c9dd3cc421bf

SHA512
2cdca04c0d59405bcb5ade37527f137155b15d655ff4a1cbd5f59a1a2d1ebfa44d440a204c0028de7c6eebb606c6111ab1e4dca29046f7b81f7fe34b4a610912

Download Submit
C:\Windows\system\SBYjBuQ.exe

Filesize
6.0MB

MD5
1dae42fc334f89672872ff7183037772

SHA1
ab76a423b03e4216faa9b55cb6f67a7c8992d747

SHA256
4198b9862952a118376994ed89375cbe8ddb8d6780abb752f76fc76a00b2f0d4

SHA512
53bf44fc8b48c5cb7d5dce707564d5372933dd6d10b8938470becbb4472f16921912db4907efc47c61a6a106271eed29f89624e5b84da48e200dfc5a91d66de5

Download Submit
C:\Windows\system\TpoqbUh.exe

Filesize
6.0MB

MD5
708fae5c68281b49294fcf0e3b9cf41c

SHA1
e3c5d9705fd247d98e2af5f618d9e488872e6c09

SHA256
8428c1e17e4516d8002f4920b3b4202062d5973e96549ac1cab1071b8e41b6f8

SHA512
e8c0b1f355b0b9098c2576fe7ded652784063ea108c44f51693484cfafd148e402d5ca1c3399a1bbf2afd7ab85628ec48c81c36f8c0b450564c46b31678d47e4

Download Submit
C:\Windows\system\XJGaSva.exe

Filesize
6.0MB

MD5
ec9b4706dfbe55bec0038d2a97ffc8a4

SHA1
e95b75edc2ecd9e77687dcb32ac2a98b33de0deb

SHA256
330e3a1c37d5cef5b7ac8f2aff4e3e9386607eae3284c889e78c28f8e75c9d00

SHA512
e94f011183a886625d4655f2463fef51e3117ad0805b94253dcda0647a004115043ce5080f2c78e0ef1b3bfacae890a44450c157162a40b55722116acbec7a05

Download Submit
C:\Windows\system\XiOLcWT.exe

Filesize
6.0MB

MD5
46322f7ef424b1bbadb593c4d21ed3df

SHA1
7b00c0cd17b5f44cec8118bc28770b962af3f15d

SHA256
c3630a43397b6049a6997b72d0e04ae4a6b72c398f40ff5d24f8c3478854c946

SHA512
eb680339559ce19d103b2f9d9198977b59766268f1a40dee953498e10c1627cee435aeef711223c27ade0bedf3d5c0c888f408627302829f70e4d64ae1446773

Download Submit
C:\Windows\system\bpNyksY.exe

Filesize
6.0MB

MD5
53fb6defb085e9c2db412f8493dbd475

SHA1
5b8257e362ad5da2fced6408387419220a651c99

SHA256
284dc2cb623b3445db91a28849a5bfaa09b85c962ad4d0af39798a69ea9f9f6a

SHA512
432ce49eb58d160ec84b9f37ebe74272abb9077e02e11dd1eb96d1fd30e4267c58e529498ba75577aba294c643f2a083288b0824401941cd971247504c5404cd

Download Submit
C:\Windows\system\cLqNSCP.exe

Filesize
6.0MB

MD5
64f4dd5f338d57385fe78553755605e7

SHA1
17bb977f7c871989222f4d8f2f983c65a0f5b2f2

SHA256
3309288450e5adb1fbfd639175736248832ce85365d414645e1db28a0007bb15

SHA512
d04767e56fc97faa607632462b9820534492e9908e444f486522ebefd77f3a7e209cf45039bcb58747ec348022086b7b223f91a678102b64ab009fa40ec42d15

Download Submit
C:\Windows\system\dUBYdoj.exe

Filesize
6.0MB

MD5
4ce01d9ebd979af7dd12db993544f2c3

SHA1
752cd0d287583e88389e6a65c69ed9c15c973002

SHA256
67b2cb73213a23dc288816b98c5792a4100dbddc2450659d8ccdbd4a4ac45845

SHA512
616761323b5319d9f5c03f5beda93c065f673509b2a29605258161f88b824c65bc7acdbcfda84a8562f22a5dc5dc5bf1b11900628b03aa882eb80a189482e028

Download Submit
C:\Windows\system\exKoKmq.exe

Filesize
6.0MB

MD5
5dca2dcd1e2a97a9ff7c36f23427fb05

SHA1
66d38ebfb807b454e6b22fd9a742a348e9f6b6ab

SHA256
87ca8556f4709e26e3847e4d45f9326e3dc5c83a6e809ec54a31a76ef2b04a64

SHA512
58305e0c29aee0373ff85edaf1426b42fc74b4652ae4bb1a23f591f2809bd7574cc84c7a9d610852cf974de9c5287c6a3d5d21fb5d93d102ebbfd7e5da30ec7d

Download Submit
C:\Windows\system\fjNzlbC.exe

Filesize
6.0MB

MD5
a4112d7d6e2702b9be6437d81c13815b

SHA1
8c880500a74eaa5cddef163a538ffb3e1f5da2fd

SHA256
dc6906455b12e99be45ffa3874a6fdc4897264c83efb3bb58bec7b69d87fd95c

SHA512
4b0df43b9e7d01cc4a405d589ddac70d4fd9e4efb2858485aeaabb426a621f9e96f15475889bffde17a6c762597dcbc227dbede469bd86c3819a84c4c6634fa8

Download Submit
C:\Windows\system\gerpcTZ.exe

Filesize
6.0MB

MD5
cd0f91096a9d88bc4f67ec71c4e41bdb

SHA1
ca42d82266060f056d6c4c8c4d4b135d1d5fad57

SHA256
fdaa49793da16b4be35f480d308dcc905d13efdb2c1faf6a04f4c288c2579f8c

SHA512
78bacd440662571df5e853ad9d5686a04f5cf83aa11247ed87beb71f0dd40af147c7ebb94187fefb18508cac9882b2ee339f7993f7159cc0a1c7e81d5012ca91

Download Submit
C:\Windows\system\hVjznNQ.exe

Filesize
6.0MB

MD5
2c22d339fe10d53d1636b94456765d47

SHA1
09aa0227cdaf4e614d6c266d3ff6837255a58da1

SHA256
195cb557430d92f46f29ba25bfc5d75e531507b2b06ed2ab711c828475086a0a

SHA512
7275c0da7a380d9189caf2c646869e4ae9fbd6946c446897e7114b34c68d69720b622be7803f329ec64069bec2b58da61f9da836d0028dc6c71082fa35815dde

Download Submit
C:\Windows\system\hudSozt.exe

Filesize
6.0MB

MD5
ba5dec25b7de10f496fd5b83bf4c30f2

SHA1
93d9fc4551f55bcb99cb3d74a954070740b19cbf

SHA256
a0b27ec79ebac4d32ce1d7550944c32c78f105cc2087ed678623cc9dcaff2737

SHA512
3c2fb56918af43961c88e6b764efddb0c6812603eafeb70e72b7e32a8135285903cf9dc03e4919a6fa48810a6259549399306ec013a1d6de897076eb9a81e6f7

Download Submit
C:\Windows\system\jcQJbNX.exe

Filesize
6.0MB

MD5
41a2e36b470d1a6b2629fce744981954

SHA1
3cbe74c14b61823ca2e12c7fea4b0468b4eeb488

SHA256
48a9171027d95484f4c264dfdfff79592e90f492d981392a11c3795aeced0871

SHA512
87d08fed951211a94069ef550268a58795dc4586830e3f45ef54a8ec09f217bdf0d1a39393ccd72c27a40c568089fc01d516b4066603f16daca0d29d07dd3af0

Download Submit
C:\Windows\system\mxlqFow.exe

Filesize
6.0MB

MD5
4f2034c4ea6b6085082063708a18c151

SHA1
f35c7875a29ed13eaa3626b085cc43030811e12f

SHA256
79734068c8a7e665840a64f5cec6bc964d48b5f984e3130b2ebee410cd042864

SHA512
08f9cc2283d7627decc3d19a50b141d33e2e8d8793ad5d1eb5a5dacc2e5c4396953610d48bdaef13bab6f823850fb803cafea630f0be685d99945ef76feef9bd

Download Submit
C:\Windows\system\reaKYDL.exe

Filesize
6.0MB

MD5
8dc60f14c485843da393342bf1c4b66d

SHA1
327f7ff103b1c01b21c0efd205ad4e4cfd11c058

SHA256
cbaf8e4eab7651f72a7b2dcf52efe65e16ed29d36f96f8b863922112bb5d2f5d

SHA512
b6a68bf14391294d2ae60150a0d452b4134a15c2524e92ab2fce49b5930652b1e0aa643698b97151551636e85ce6166ddf518461f3cde677d4a617039f13cf9e

Download Submit
C:\Windows\system\sdHewyB.exe

Filesize
6.0MB

MD5
ccc0d65e9903dcc256e400416bdb7dee

SHA1
11c21cd629b5ef1b7d2a52eee226dfe520bd2ba3

SHA256
5dab40eb57ab772d1d9695a9949b084463ed2396c8bb4c129768b350634ae0f3

SHA512
dc417592e58fd40fef421f536f5a4699139626b7bc3094384b4126e11337fdffe6e8fb5336969c3b2cecc79ccc92ec8678a8ec584442913fa49e83a9867e6232

Download Submit
C:\Windows\system\tMqcYQT.exe

Filesize
6.0MB

MD5
ee847c8adc3a9a5ed5fe0087ad0fd43b

SHA1
eb85193fb35803d4f616f35d4670846308262cc5

SHA256
e8f8227baed2bc6d9af76e77acfc78eed79232e8cf2001746d37747b6fa1cca2

SHA512
0306e03a9735faad6d2122d5fdfd29d205091b270547c89bab9c026e8a6eb9f5501b8d0666ffc36cc8b748d0afb4bbe0dd9288e77b2ae5c5861e3a20118d0d1e

Download Submit
C:\Windows\system\tMveWKd.exe

Filesize
8B

MD5
febf99df58219c0be3df605839308be8

SHA1
fe08ce1d9706203d07fbc982e915a9748183cc3f

SHA256
2ce4a59836f0a031aec5d0d6f8f98a0ee6897953a52c2d5078ad2f6387c5fe28

SHA512
072f48361a96aff933e48813373ee8cb32016fd515623751cbbe6de4b7f708e17b737377255763f3861e774f66800a839af33790f30e4cf89e33517cb8d62729

Download Submit
C:\Windows\system\weSWipo.exe

Filesize
6.0MB

MD5
974bdf252925be3c6a0187d6265e1777

SHA1
3da623ef7a485d77a160921d96482c2950781049

SHA256
dcbef82e94a8333344ee3780d21f63668188365563204acf00bc0f062e5aef15

SHA512
1d57c9a4c6378b9818e69ec984ec701161353583f382bcf98255d0cd49c1e788d3bb6f8f5da7788a8199aff86462c407f3153ab4b67c995e16f427dacaa2dc10

Download Submit
C:\Windows\system\xmhnWrR.exe

Filesize
6.0MB

MD5
06b9de5c034cfc98f6cc40c14d7c7f18

SHA1
df4d3ce8af1370a0d5714b4a000f4a41d6e610ab

SHA256
d6ee07452de187c0f9b682bcb1d518570cfbddfd979bbd2369fdb3e06eb608a5

SHA512
99f2a1d0ee9ce280e145d7d596934949751360d2bb6b283890df0b9e7207a091b45539f3299610907ec535f1fb3f21d6bfd9006e397c54f3d780f5b61d0db7f3

Download Submit
C:\Windows\system\yoMdePx.exe

Filesize
6.0MB

MD5
176bb296b86d035d9ee818a3b59d7735

SHA1
69ef09a5a5ef036d106bf868399eb47df5520d28

SHA256
10f16522d460cfa42bbdc05e55aaec156ac0a956c4f8486c236b55d80d0efec2

SHA512
1fdd278bc56f2a87237c6d35c4c59f7a1e91829d8e3f6fd92f4ad98a51bb7cf179a7ccfead7b4494485f3ff9a607c5e606f9154b9a2fc4ee60494495d26ac8e0

Download Submit
C:\Windows\system\zazBktS.exe

Filesize
6.0MB

MD5
30029e6f66c7b6b92e15ace0f70fcab3

SHA1
4c1e266323e6a76c00d076b8f2c5282760912d77

SHA256
48aaf134b06441d2bc7099e0c80c4f8c5b44775a9e7390fa57e2c611ccedc966

SHA512
d6325f1db7858718a780bdba006e193b92034dc810cb785b7e0653d33dc8b3ac57191c617301f0aeacac654bf3fbe2800f6e162ae81e33c93520ba32c5fa91fd

Download Submit
\Windows\system\QkXaotg.exe

Filesize
6.0MB

MD5
abc94b890a9c91df93b410c9b7511e33

SHA1
b2ce0b8e1a26e359df2a7303a1b553f1c0efea59

SHA256
16d0c6f9477af92153ed3a6db719776ad8ffff51af0a09fcd7d1099d48e1d7aa

SHA512
db3f05401a6fd696d519e1aabb63ef0756c3dc9e95afcd0fa2e49eb08f3a8c3289f1356ee36d8418b604da2bf441c36dd67a6ac6b6db91238d1c93d6b8edca39

Download Submit
\Windows\system\aIZTkHw.exe

Filesize
6.0MB

MD5
4c3a40dbfee199f52c80fae2ac81a08c

SHA1
e1a2e8fc4a5326f835d5779a8effbb8f15dfd656

SHA256
13c0b862dde0af59bd69acef8450c16f6b5f67c30b5ac6184cb90a045fdb0e0a

SHA512
a2ff54849af166400b95228158b53f562525db1bc093a5cb814ca9df2f4972e76ceb4a5b5c4ec2fd2f2030d01d27af1026574d0cd03f77140b245386cf3081cd

Download Submit
\Windows\system\ozQKQlD.exe

Filesize
6.0MB

MD5
ee098e12189528e8b3e53e0f21115f8d

SHA1
ecf7a89a2a95076af1fe0f3a0f9bdc1e1db25971

SHA256
65a0baec12dd547b421caf78ddc424d3208117545d0f5f99c4cb6ae4bc95231e

SHA512
bc655428e691f5b66235183da6296622859dcce8d9beee9b589902af25fe9e7f68cac429ebda535a1e0df1b9cb659be57b06b0b12c660a40e09823572d9cc063

Download Submit
memory/1332-96-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1332-630-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1332-3776-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1448-9-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/1448-3733-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/1556-3773-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1556-258-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1556-79-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1700-88-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/1700-449-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/1700-3771-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2072-3759-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2072-86-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2072-49-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2204-104-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2204-2094-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2204-3775-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2224-5223-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2224-35-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2368-55-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-108-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-2102-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-100-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2368-99-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2368-37-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-91-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-541-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-29-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2368-44-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-33-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2368-75-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-18-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2368-68-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-707-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2368-109-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-8-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2368-60-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2368-87-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-235-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-0-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2568-205-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3766-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2568-72-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3756-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-78-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-40-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-65-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3772-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2752-103-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3739-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-14-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-48-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3742-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-27-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-64-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-3748-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2972-54-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2972-23-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2996-3762-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-57-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-95-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download