cobaltstrike | 057e9737eea5a983ded916c4734fb5efbf5d37dc7e9b2762db52d690569a0a9b

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-01-2025 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

1464c72148cfe2432838235d2bec2aa0
SHA1

ec1f6ae0fc4b8a8de5211e0142927eafef4ad864
SHA256

057e9737eea5a983ded916c4734fb5efbf5d37dc7e9b2762db52d690569a0a9b
SHA512

61be5b708a2b040ccaaaddf75154e640e8648ff5804d7ec3cdc4d13ca420ee86d3dcfc67503b537d849799575ad3f2aa9643ff94415e1fa74c5b404ac180b940
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUq:T+q56utgpPF8u/7q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012272-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015fa6-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016141-20.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016de9-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016399-27.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000160da-15.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df8-64.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-151.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-191.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-186.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-181.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-176.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-167.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-136.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-141.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-121.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017570-116.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015df1-111.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174f8-107.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174b4-99.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707f-91.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f02-83.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edc-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df5-62.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001660e-58.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000162e4-55.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2448-0-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x000d000000012272-3.dat	xmrig
behavioral1/memory/2448-6-0x0000000002420000-0x0000000002774000-memory.dmp	xmrig
behavioral1/files/0x0008000000015fa6-11.dat	xmrig
behavioral1/memory/2076-14-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016141-20.dat	xmrig
behavioral1/files/0x0008000000016de9-39.dat	xmrig
behavioral1/memory/2652-29-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016399-27.dat	xmrig
behavioral1/files/0x00070000000160da-15.dat	xmrig
behavioral1/files/0x0006000000016df8-64.dat	xmrig
behavioral1/memory/2840-63-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2676-68-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/3048-93-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x000d000000018683-131.dat	xmrig
behavioral1/files/0x000500000001871c-151.dat	xmrig
behavioral1/files/0x0006000000018be7-161.dat	xmrig
behavioral1/memory/1864-951-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/3048-769-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/3040-571-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2448-473-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2600-400-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2676-225-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019237-191.dat	xmrig
behavioral1/files/0x0005000000019203-186.dat	xmrig
behavioral1/files/0x0006000000019056-181.dat	xmrig
behavioral1/files/0x0006000000018fdf-176.dat	xmrig
behavioral1/files/0x0006000000018d7b-167.dat	xmrig
behavioral1/files/0x0006000000018d83-170.dat	xmrig
behavioral1/files/0x0005000000018745-157.dat	xmrig
behavioral1/files/0x000500000001870c-146.dat	xmrig
behavioral1/files/0x0005000000018697-136.dat	xmrig
behavioral1/files/0x00060000000175f7-126.dat	xmrig
behavioral1/files/0x0005000000018706-141.dat	xmrig
behavioral1/files/0x00060000000175f1-121.dat	xmrig
behavioral1/files/0x0006000000017570-116.dat	xmrig
behavioral1/files/0x0009000000015df1-111.dat	xmrig
behavioral1/files/0x00060000000174f8-107.dat	xmrig
behavioral1/memory/2840-100-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/files/0x00060000000174b4-99.dat	xmrig
behavioral1/memory/2824-97-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2672-92-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x000600000001707f-91.dat	xmrig
behavioral1/memory/2692-88-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/3040-84-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x0006000000016f02-83.dat	xmrig
behavioral1/memory/2600-77-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016edc-76.dat	xmrig
behavioral1/memory/2652-73-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016df5-62.dat	xmrig
behavioral1/memory/2824-59-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/files/0x000900000001660e-58.dat	xmrig
behavioral1/memory/2672-57-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2448-56-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x00070000000162e4-55.dat	xmrig
behavioral1/memory/2472-54-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2692-52-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2792-50-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/972-48-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2792-3527-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2076-3532-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2652-3533-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2676-3544-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2692-3539-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2472	HXrxelr.exe
2076	zzodikw.exe
2652	TrCYIRe.exe
972	UXTZGCz.exe
2792	wJXQQKI.exe
2692	bBvdXCk.exe
2672	IJdPfQF.exe
2824	xKURwXS.exe
2840	yXpcxPt.exe
2676	GsesYeE.exe
2600	HSCFOzC.exe
3040	QUbnFIb.exe
3048	VElRzsW.exe
1864	rBMkGsG.exe
2804	yKlBVKk.exe
2004	XkXVddA.exe
1660	jLjlqOi.exe
2868	BnAiImz.exe
580	DkqmeVm.exe
1280	sHFLshb.exe
2900	ypNXHRX.exe
280	MYWoatd.exe
1620	vLZyEqt.exe
3020	agAPNqs.exe
2908	mcyHkkZ.exe
1736	nApPFrn.exe
1624	rmTHNoi.exe
2508	SCDYrEJ.exe
648	eijgjNe.exe
1708	ZcfFQDv.exe
2180	YhBtdnQ.exe
1088	DKGrrIC.exe
3060	qCAQpTu.exe
1780	jPKuXmO.exe
1340	nIVKeKI.exe
1648	MZPnnYk.exe
1244	bmiPPyE.exe
2396	nJBYLDd.exe
2244	PAMEbyn.exe
868	NVcIypP.exe
2084	kZcdhLA.exe
2444	qZRvqGv.exe
892	PRIxeKK.exe
1628	ZpRgahk.exe
1748	FIYYcXY.exe
2976	CUPQtwP.exe
2436	BDhFnNI.exe
1588	HYhvbOg.exe
1688	kamizew.exe
2480	nJqVfTO.exe
2260	RbEusJg.exe
2008	htNZnSR.exe
2780	HgSXsEy.exe
2588	XbZOYrl.exe
2584	tTnKWaa.exe
3044	qSYAyqs.exe
1984	ihJHFJG.exe
2236	MDVSzMF.exe
1720	AsWVJQy.exe
2372	gPqkpHr.exe
2904	cjSBUMk.exe
320	HdEKXrg.exe
1508	HuDfdUr.exe
2912	EpaxSyW.exe

Loads dropped DLL 64 IoCs

pid	Process
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2448-0-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x000d000000012272-3.dat	upx
behavioral1/memory/2448-6-0x0000000002420000-0x0000000002774000-memory.dmp	upx
behavioral1/files/0x0008000000015fa6-11.dat	upx
behavioral1/memory/2076-14-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x0007000000016141-20.dat	upx
behavioral1/files/0x0008000000016de9-39.dat	upx
behavioral1/memory/2652-29-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x0007000000016399-27.dat	upx
behavioral1/files/0x00070000000160da-15.dat	upx
behavioral1/files/0x0006000000016df8-64.dat	upx
behavioral1/memory/2840-63-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2676-68-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/3048-93-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x000d000000018683-131.dat	upx
behavioral1/files/0x000500000001871c-151.dat	upx
behavioral1/files/0x0006000000018be7-161.dat	upx
behavioral1/memory/1864-951-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/3048-769-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/3040-571-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2600-400-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2676-225-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/files/0x0005000000019237-191.dat	upx
behavioral1/files/0x0005000000019203-186.dat	upx
behavioral1/files/0x0006000000019056-181.dat	upx
behavioral1/files/0x0006000000018fdf-176.dat	upx
behavioral1/files/0x0006000000018d7b-167.dat	upx
behavioral1/files/0x0006000000018d83-170.dat	upx
behavioral1/files/0x0005000000018745-157.dat	upx
behavioral1/files/0x000500000001870c-146.dat	upx
behavioral1/files/0x0005000000018697-136.dat	upx
behavioral1/files/0x00060000000175f7-126.dat	upx
behavioral1/files/0x0005000000018706-141.dat	upx
behavioral1/files/0x00060000000175f1-121.dat	upx
behavioral1/files/0x0006000000017570-116.dat	upx
behavioral1/files/0x0009000000015df1-111.dat	upx
behavioral1/files/0x00060000000174f8-107.dat	upx
behavioral1/memory/2840-100-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/files/0x00060000000174b4-99.dat	upx
behavioral1/memory/2824-97-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2672-92-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x000600000001707f-91.dat	upx
behavioral1/memory/2692-88-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/3040-84-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x0006000000016f02-83.dat	upx
behavioral1/memory/2600-77-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x0006000000016edc-76.dat	upx
behavioral1/memory/2652-73-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x0006000000016df5-62.dat	upx
behavioral1/memory/2824-59-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/files/0x000900000001660e-58.dat	upx
behavioral1/memory/2672-57-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2448-56-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x00070000000162e4-55.dat	upx
behavioral1/memory/2472-54-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2692-52-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2792-50-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/972-48-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2792-3527-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2076-3532-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2652-3533-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2676-3544-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2692-3539-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/972-3546-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zUlsyZW.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sOBUNfr.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ucAsmQy.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CcakHFg.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YEJBuZD.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tyNGJCR.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\haNKtzN.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qOjKHFB.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hwFUtRy.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yHwfmaK.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXnKvKH.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aIdSIWz.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FfVARKO.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yxqsnfb.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lKOhLqB.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aJZSBRs.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSJifEn.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ctBSWbT.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mdCPyoM.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLwobCd.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IgPUwLp.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vJycAVk.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXdpzCo.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TYiNFFI.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYzBVpT.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\phctYCo.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYvyhYO.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpgpUVp.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aBbwRcZ.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RgOxqzd.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\paSgqDP.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMSHZUN.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ehyUgJW.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\keziQPC.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JILLoLv.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pafZVwX.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rsbfGfY.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HlscCpv.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IchVLGQ.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RzoJILU.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMgXfSp.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oOljDIK.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkiukVd.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jZFCHFx.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RlmfRGw.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whcpreM.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JtZTKYc.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IxzjHRK.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tjaPSCy.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cmynoot.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HEEJyeX.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uUqndIH.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKYivfv.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TQorNaZ.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wdufXFk.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zfkzKqp.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrYpcdq.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpYrnNI.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yJpeXMw.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GfdANRL.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XvscCeL.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jVFHIWL.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FIYYcXY.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OgikQMu.exe	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 2472	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2448 wrote to memory of 2472	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2448 wrote to memory of 2472	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2448 wrote to memory of 2076	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2448 wrote to memory of 2076	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2448 wrote to memory of 2076	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2448 wrote to memory of 972	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2448 wrote to memory of 972	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2448 wrote to memory of 972	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2448 wrote to memory of 2652	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2448 wrote to memory of 2652	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2448 wrote to memory of 2652	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2448 wrote to memory of 2672	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2448 wrote to memory of 2672	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2448 wrote to memory of 2672	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2448 wrote to memory of 2792	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2448 wrote to memory of 2792	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2448 wrote to memory of 2792	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2448 wrote to memory of 2824	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2448 wrote to memory of 2824	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2448 wrote to memory of 2824	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2448 wrote to memory of 2692	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2448 wrote to memory of 2692	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2448 wrote to memory of 2692	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2448 wrote to memory of 2840	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2448 wrote to memory of 2840	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2448 wrote to memory of 2840	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2448 wrote to memory of 2676	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2448 wrote to memory of 2676	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2448 wrote to memory of 2676	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2448 wrote to memory of 2600	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2448 wrote to memory of 2600	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2448 wrote to memory of 2600	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2448 wrote to memory of 3040	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2448 wrote to memory of 3040	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2448 wrote to memory of 3040	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2448 wrote to memory of 3048	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2448 wrote to memory of 3048	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2448 wrote to memory of 3048	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2448 wrote to memory of 1864	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2448 wrote to memory of 1864	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2448 wrote to memory of 1864	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2448 wrote to memory of 2804	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2448 wrote to memory of 2804	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2448 wrote to memory of 2804	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2448 wrote to memory of 2004	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2448 wrote to memory of 2004	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2448 wrote to memory of 2004	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2448 wrote to memory of 1660	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2448 wrote to memory of 1660	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2448 wrote to memory of 1660	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2448 wrote to memory of 2868	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2448 wrote to memory of 2868	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2448 wrote to memory of 2868	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2448 wrote to memory of 580	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2448 wrote to memory of 580	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2448 wrote to memory of 580	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2448 wrote to memory of 1280	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2448 wrote to memory of 1280	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2448 wrote to memory of 1280	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2448 wrote to memory of 2900	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2448 wrote to memory of 2900	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2448 wrote to memory of 2900	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2448 wrote to memory of 280	2448	2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-28_1464c72148cfe2432838235d2bec2aa0_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Windows\System\HXrxelr.exe
  C:\Windows\System\HXrxelr.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\zzodikw.exe
  C:\Windows\System\zzodikw.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\UXTZGCz.exe
  C:\Windows\System\UXTZGCz.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\TrCYIRe.exe
  C:\Windows\System\TrCYIRe.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\IJdPfQF.exe
  C:\Windows\System\IJdPfQF.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\wJXQQKI.exe
  C:\Windows\System\wJXQQKI.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\xKURwXS.exe
  C:\Windows\System\xKURwXS.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\bBvdXCk.exe
  C:\Windows\System\bBvdXCk.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\yXpcxPt.exe
  C:\Windows\System\yXpcxPt.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\GsesYeE.exe
  C:\Windows\System\GsesYeE.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\HSCFOzC.exe
  C:\Windows\System\HSCFOzC.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\QUbnFIb.exe
  C:\Windows\System\QUbnFIb.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\VElRzsW.exe
  C:\Windows\System\VElRzsW.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\rBMkGsG.exe
  C:\Windows\System\rBMkGsG.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\yKlBVKk.exe
  C:\Windows\System\yKlBVKk.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\XkXVddA.exe
  C:\Windows\System\XkXVddA.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\jLjlqOi.exe
  C:\Windows\System\jLjlqOi.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\BnAiImz.exe
  C:\Windows\System\BnAiImz.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\DkqmeVm.exe
  C:\Windows\System\DkqmeVm.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\sHFLshb.exe
  C:\Windows\System\sHFLshb.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\ypNXHRX.exe
  C:\Windows\System\ypNXHRX.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\MYWoatd.exe
  C:\Windows\System\MYWoatd.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\vLZyEqt.exe
  C:\Windows\System\vLZyEqt.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\agAPNqs.exe
  C:\Windows\System\agAPNqs.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\mcyHkkZ.exe
  C:\Windows\System\mcyHkkZ.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\nApPFrn.exe
  C:\Windows\System\nApPFrn.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\rmTHNoi.exe
  C:\Windows\System\rmTHNoi.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\SCDYrEJ.exe
  C:\Windows\System\SCDYrEJ.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\eijgjNe.exe
  C:\Windows\System\eijgjNe.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\ZcfFQDv.exe
  C:\Windows\System\ZcfFQDv.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\YhBtdnQ.exe
  C:\Windows\System\YhBtdnQ.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\DKGrrIC.exe
  C:\Windows\System\DKGrrIC.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\qCAQpTu.exe
  C:\Windows\System\qCAQpTu.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\jPKuXmO.exe
  C:\Windows\System\jPKuXmO.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\nIVKeKI.exe
  C:\Windows\System\nIVKeKI.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\MZPnnYk.exe
  C:\Windows\System\MZPnnYk.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\bmiPPyE.exe
  C:\Windows\System\bmiPPyE.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\nJBYLDd.exe
  C:\Windows\System\nJBYLDd.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\PAMEbyn.exe
  C:\Windows\System\PAMEbyn.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\NVcIypP.exe
  C:\Windows\System\NVcIypP.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\kZcdhLA.exe
  C:\Windows\System\kZcdhLA.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\qZRvqGv.exe
  C:\Windows\System\qZRvqGv.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\PRIxeKK.exe
  C:\Windows\System\PRIxeKK.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\ZpRgahk.exe
  C:\Windows\System\ZpRgahk.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\FIYYcXY.exe
  C:\Windows\System\FIYYcXY.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\CUPQtwP.exe
  C:\Windows\System\CUPQtwP.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\BDhFnNI.exe
  C:\Windows\System\BDhFnNI.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\HYhvbOg.exe
  C:\Windows\System\HYhvbOg.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\kamizew.exe
  C:\Windows\System\kamizew.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\nJqVfTO.exe
  C:\Windows\System\nJqVfTO.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\RbEusJg.exe
  C:\Windows\System\RbEusJg.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\htNZnSR.exe
  C:\Windows\System\htNZnSR.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\HgSXsEy.exe
  C:\Windows\System\HgSXsEy.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\XbZOYrl.exe
  C:\Windows\System\XbZOYrl.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\tTnKWaa.exe
  C:\Windows\System\tTnKWaa.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\qSYAyqs.exe
  C:\Windows\System\qSYAyqs.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\ihJHFJG.exe
  C:\Windows\System\ihJHFJG.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\MDVSzMF.exe
  C:\Windows\System\MDVSzMF.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\AsWVJQy.exe
  C:\Windows\System\AsWVJQy.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\gPqkpHr.exe
  C:\Windows\System\gPqkpHr.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\cjSBUMk.exe
  C:\Windows\System\cjSBUMk.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\HdEKXrg.exe
  C:\Windows\System\HdEKXrg.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\HuDfdUr.exe
  C:\Windows\System\HuDfdUr.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\EpaxSyW.exe
  C:\Windows\System\EpaxSyW.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\TFCohiJ.exe
  C:\Windows\System\TFCohiJ.exe
  2⤵
  PID:1128
- C:\Windows\System\HcQpRcj.exe
  C:\Windows\System\HcQpRcj.exe
  2⤵
  PID:1384
- C:\Windows\System\HtaoEGz.exe
  C:\Windows\System\HtaoEGz.exe
  2⤵
  PID:1940
- C:\Windows\System\AWCPYel.exe
  C:\Windows\System\AWCPYel.exe
  2⤵
  PID:1728
- C:\Windows\System\PNnkXow.exe
  C:\Windows\System\PNnkXow.exe
  2⤵
  PID:2624
- C:\Windows\System\ConWfMS.exe
  C:\Windows\System\ConWfMS.exe
  2⤵
  PID:1724
- C:\Windows\System\EYgQyVD.exe
  C:\Windows\System\EYgQyVD.exe
  2⤵
  PID:2300
- C:\Windows\System\GMjqrnS.exe
  C:\Windows\System\GMjqrnS.exe
  2⤵
  PID:1492
- C:\Windows\System\KHtMMLI.exe
  C:\Windows\System\KHtMMLI.exe
  2⤵
  PID:2332
- C:\Windows\System\pgpWpcm.exe
  C:\Windows\System\pgpWpcm.exe
  2⤵
  PID:2460
- C:\Windows\System\IkkkpyQ.exe
  C:\Windows\System\IkkkpyQ.exe
  2⤵
  PID:2228
- C:\Windows\System\cNvZfqH.exe
  C:\Windows\System\cNvZfqH.exe
  2⤵
  PID:3004
- C:\Windows\System\zoHIbOT.exe
  C:\Windows\System\zoHIbOT.exe
  2⤵
  PID:896
- C:\Windows\System\Mfgzvpt.exe
  C:\Windows\System\Mfgzvpt.exe
  2⤵
  PID:1560
- C:\Windows\System\OPccUKd.exe
  C:\Windows\System\OPccUKd.exe
  2⤵
  PID:856
- C:\Windows\System\ZxHUZcz.exe
  C:\Windows\System\ZxHUZcz.exe
  2⤵
  PID:2276
- C:\Windows\System\TeISMcQ.exe
  C:\Windows\System\TeISMcQ.exe
  2⤵
  PID:2728
- C:\Windows\System\QltgosZ.exe
  C:\Windows\System\QltgosZ.exe
  2⤵
  PID:2552
- C:\Windows\System\ORMWnNH.exe
  C:\Windows\System\ORMWnNH.exe
  2⤵
  PID:2604
- C:\Windows\System\bdNGxGk.exe
  C:\Windows\System\bdNGxGk.exe
  2⤵
  PID:824
- C:\Windows\System\LkflmSU.exe
  C:\Windows\System\LkflmSU.exe
  2⤵
  PID:3012
- C:\Windows\System\ugIQkQj.exe
  C:\Windows\System\ugIQkQj.exe
  2⤵
  PID:1284
- C:\Windows\System\iuLYCLM.exe
  C:\Windows\System\iuLYCLM.exe
  2⤵
  PID:1932
- C:\Windows\System\mTAWquu.exe
  C:\Windows\System\mTAWquu.exe
  2⤵
  PID:444
- C:\Windows\System\jMkTCeG.exe
  C:\Windows\System\jMkTCeG.exe
  2⤵
  PID:2000
- C:\Windows\System\NehBMMB.exe
  C:\Windows\System\NehBMMB.exe
  2⤵
  PID:924
- C:\Windows\System\DPNNCiw.exe
  C:\Windows\System\DPNNCiw.exe
  2⤵
  PID:1532
- C:\Windows\System\DxKBMAa.exe
  C:\Windows\System\DxKBMAa.exe
  2⤵
  PID:2504
- C:\Windows\System\JqWVbqW.exe
  C:\Windows\System\JqWVbqW.exe
  2⤵
  PID:348
- C:\Windows\System\TUFzNWw.exe
  C:\Windows\System\TUFzNWw.exe
  2⤵
  PID:1012
- C:\Windows\System\teSaroh.exe
  C:\Windows\System\teSaroh.exe
  2⤵
  PID:2028
- C:\Windows\System\HXBnjzU.exe
  C:\Windows\System\HXBnjzU.exe
  2⤵
  PID:2360
- C:\Windows\System\LfBtzoT.exe
  C:\Windows\System\LfBtzoT.exe
  2⤵
  PID:2820
- C:\Windows\System\RgOxqzd.exe
  C:\Windows\System\RgOxqzd.exe
  2⤵
  PID:1700
- C:\Windows\System\tuzUrzH.exe
  C:\Windows\System\tuzUrzH.exe
  2⤵
  PID:3076
- C:\Windows\System\ubljBae.exe
  C:\Windows\System\ubljBae.exe
  2⤵
  PID:3096
- C:\Windows\System\wvdYsid.exe
  C:\Windows\System\wvdYsid.exe
  2⤵
  PID:3120
- C:\Windows\System\HfqddVa.exe
  C:\Windows\System\HfqddVa.exe
  2⤵
  PID:3140
- C:\Windows\System\GKEjarN.exe
  C:\Windows\System\GKEjarN.exe
  2⤵
  PID:3160
- C:\Windows\System\iQDYGki.exe
  C:\Windows\System\iQDYGki.exe
  2⤵
  PID:3176
- C:\Windows\System\AhjyQxt.exe
  C:\Windows\System\AhjyQxt.exe
  2⤵
  PID:3196
- C:\Windows\System\aoJeFPf.exe
  C:\Windows\System\aoJeFPf.exe
  2⤵
  PID:3216
- C:\Windows\System\NSiATVm.exe
  C:\Windows\System\NSiATVm.exe
  2⤵
  PID:3240
- C:\Windows\System\IwRCZad.exe
  C:\Windows\System\IwRCZad.exe
  2⤵
  PID:3260
- C:\Windows\System\lLGNTfU.exe
  C:\Windows\System\lLGNTfU.exe
  2⤵
  PID:3280
- C:\Windows\System\CIrfkrf.exe
  C:\Windows\System\CIrfkrf.exe
  2⤵
  PID:3296
- C:\Windows\System\EHeWRxk.exe
  C:\Windows\System\EHeWRxk.exe
  2⤵
  PID:3320
- C:\Windows\System\CHRPMUN.exe
  C:\Windows\System\CHRPMUN.exe
  2⤵
  PID:3340
- C:\Windows\System\SoddLYN.exe
  C:\Windows\System\SoddLYN.exe
  2⤵
  PID:3364
- C:\Windows\System\czifveU.exe
  C:\Windows\System\czifveU.exe
  2⤵
  PID:3384
- C:\Windows\System\zghBcPt.exe
  C:\Windows\System\zghBcPt.exe
  2⤵
  PID:3404
- C:\Windows\System\VKTVCXR.exe
  C:\Windows\System\VKTVCXR.exe
  2⤵
  PID:3424
- C:\Windows\System\xCBmNhV.exe
  C:\Windows\System\xCBmNhV.exe
  2⤵
  PID:3444
- C:\Windows\System\zShdwDO.exe
  C:\Windows\System\zShdwDO.exe
  2⤵
  PID:3460
- C:\Windows\System\sjOIIlO.exe
  C:\Windows\System\sjOIIlO.exe
  2⤵
  PID:3484
- C:\Windows\System\NRcOyyW.exe
  C:\Windows\System\NRcOyyW.exe
  2⤵
  PID:3504
- C:\Windows\System\CvnnXyY.exe
  C:\Windows\System\CvnnXyY.exe
  2⤵
  PID:3524
- C:\Windows\System\jQWgYol.exe
  C:\Windows\System\jQWgYol.exe
  2⤵
  PID:3540
- C:\Windows\System\ZjZQYRe.exe
  C:\Windows\System\ZjZQYRe.exe
  2⤵
  PID:3564
- C:\Windows\System\prVQzCW.exe
  C:\Windows\System\prVQzCW.exe
  2⤵
  PID:3580
- C:\Windows\System\ZcspEyM.exe
  C:\Windows\System\ZcspEyM.exe
  2⤵
  PID:3608
- C:\Windows\System\UqqAUkJ.exe
  C:\Windows\System\UqqAUkJ.exe
  2⤵
  PID:3628
- C:\Windows\System\hOCmlhX.exe
  C:\Windows\System\hOCmlhX.exe
  2⤵
  PID:3648
- C:\Windows\System\RdiWngG.exe
  C:\Windows\System\RdiWngG.exe
  2⤵
  PID:3668
- C:\Windows\System\WGgGeDc.exe
  C:\Windows\System\WGgGeDc.exe
  2⤵
  PID:3688
- C:\Windows\System\ppjPLze.exe
  C:\Windows\System\ppjPLze.exe
  2⤵
  PID:3708
- C:\Windows\System\XHIJSRa.exe
  C:\Windows\System\XHIJSRa.exe
  2⤵
  PID:3728
- C:\Windows\System\czGdRVq.exe
  C:\Windows\System\czGdRVq.exe
  2⤵
  PID:3748
- C:\Windows\System\YxLCNHD.exe
  C:\Windows\System\YxLCNHD.exe
  2⤵
  PID:3768
- C:\Windows\System\XFTEkKG.exe
  C:\Windows\System\XFTEkKG.exe
  2⤵
  PID:3788
- C:\Windows\System\uQoDeUO.exe
  C:\Windows\System\uQoDeUO.exe
  2⤵
  PID:3808
- C:\Windows\System\FLdVSfN.exe
  C:\Windows\System\FLdVSfN.exe
  2⤵
  PID:3828
- C:\Windows\System\RoEdDAG.exe
  C:\Windows\System\RoEdDAG.exe
  2⤵
  PID:3848
- C:\Windows\System\VZGRBos.exe
  C:\Windows\System\VZGRBos.exe
  2⤵
  PID:3864
- C:\Windows\System\ufjFQQW.exe
  C:\Windows\System\ufjFQQW.exe
  2⤵
  PID:3884
- C:\Windows\System\PlveyJJ.exe
  C:\Windows\System\PlveyJJ.exe
  2⤵
  PID:3908
- C:\Windows\System\xroQiUH.exe
  C:\Windows\System\xroQiUH.exe
  2⤵
  PID:3928
- C:\Windows\System\gVHGuKu.exe
  C:\Windows\System\gVHGuKu.exe
  2⤵
  PID:3948
- C:\Windows\System\ieLWlHo.exe
  C:\Windows\System\ieLWlHo.exe
  2⤵
  PID:3968
- C:\Windows\System\lHYYUZj.exe
  C:\Windows\System\lHYYUZj.exe
  2⤵
  PID:3988
- C:\Windows\System\ePMnOXc.exe
  C:\Windows\System\ePMnOXc.exe
  2⤵
  PID:4008
- C:\Windows\System\vcJdvYj.exe
  C:\Windows\System\vcJdvYj.exe
  2⤵
  PID:4024
- C:\Windows\System\yyIDTTD.exe
  C:\Windows\System\yyIDTTD.exe
  2⤵
  PID:4044
- C:\Windows\System\RBQoizD.exe
  C:\Windows\System\RBQoizD.exe
  2⤵
  PID:4068
- C:\Windows\System\dlnpcqB.exe
  C:\Windows\System\dlnpcqB.exe
  2⤵
  PID:4088
- C:\Windows\System\EpKwsUj.exe
  C:\Windows\System\EpKwsUj.exe
  2⤵
  PID:1564
- C:\Windows\System\BsGKFEQ.exe
  C:\Windows\System\BsGKFEQ.exe
  2⤵
  PID:2748
- C:\Windows\System\scfLebw.exe
  C:\Windows\System\scfLebw.exe
  2⤵
  PID:2668
- C:\Windows\System\WkiukVd.exe
  C:\Windows\System\WkiukVd.exe
  2⤵
  PID:1416
- C:\Windows\System\JtnkGnf.exe
  C:\Windows\System\JtnkGnf.exe
  2⤵
  PID:1524
- C:\Windows\System\pQKZbzj.exe
  C:\Windows\System\pQKZbzj.exe
  2⤵
  PID:1860
- C:\Windows\System\vmhJHVu.exe
  C:\Windows\System\vmhJHVu.exe
  2⤵
  PID:2400
- C:\Windows\System\BLkovZO.exe
  C:\Windows\System\BLkovZO.exe
  2⤵
  PID:1684
- C:\Windows\System\MrYpcdq.exe
  C:\Windows\System\MrYpcdq.exe
  2⤵
  PID:2812
- C:\Windows\System\IqyXOWl.exe
  C:\Windows\System\IqyXOWl.exe
  2⤵
  PID:2240
- C:\Windows\System\ElqFdlp.exe
  C:\Windows\System\ElqFdlp.exe
  2⤵
  PID:3092
- C:\Windows\System\YXdFyWx.exe
  C:\Windows\System\YXdFyWx.exe
  2⤵
  PID:3184
- C:\Windows\System\ZWgykoQ.exe
  C:\Windows\System\ZWgykoQ.exe
  2⤵
  PID:3172
- C:\Windows\System\LYskQYP.exe
  C:\Windows\System\LYskQYP.exe
  2⤵
  PID:3232
- C:\Windows\System\snDXBsJ.exe
  C:\Windows\System\snDXBsJ.exe
  2⤵
  PID:3276
- C:\Windows\System\dubPUsu.exe
  C:\Windows\System\dubPUsu.exe
  2⤵
  PID:3316
- C:\Windows\System\WXYttgF.exe
  C:\Windows\System\WXYttgF.exe
  2⤵
  PID:3328
- C:\Windows\System\ccASDUm.exe
  C:\Windows\System\ccASDUm.exe
  2⤵
  PID:3332
- C:\Windows\System\YcstcKY.exe
  C:\Windows\System\YcstcKY.exe
  2⤵
  PID:3376
- C:\Windows\System\yALuMUn.exe
  C:\Windows\System\yALuMUn.exe
  2⤵
  PID:3432
- C:\Windows\System\WLjLzHw.exe
  C:\Windows\System\WLjLzHw.exe
  2⤵
  PID:3456
- C:\Windows\System\cXaqsTX.exe
  C:\Windows\System\cXaqsTX.exe
  2⤵
  PID:3500
- C:\Windows\System\btpLdos.exe
  C:\Windows\System\btpLdos.exe
  2⤵
  PID:3548
- C:\Windows\System\GwKoaFR.exe
  C:\Windows\System\GwKoaFR.exe
  2⤵
  PID:3536
- C:\Windows\System\GiqKTCF.exe
  C:\Windows\System\GiqKTCF.exe
  2⤵
  PID:3600
- C:\Windows\System\ZuGWweq.exe
  C:\Windows\System\ZuGWweq.exe
  2⤵
  PID:3640
- C:\Windows\System\fPUsIwP.exe
  C:\Windows\System\fPUsIwP.exe
  2⤵
  PID:3664
- C:\Windows\System\KkrEJsV.exe
  C:\Windows\System\KkrEJsV.exe
  2⤵
  PID:3716
- C:\Windows\System\yLMCtYC.exe
  C:\Windows\System\yLMCtYC.exe
  2⤵
  PID:3700
- C:\Windows\System\uqFJcDN.exe
  C:\Windows\System\uqFJcDN.exe
  2⤵
  PID:3760
- C:\Windows\System\hVtRiRj.exe
  C:\Windows\System\hVtRiRj.exe
  2⤵
  PID:3784
- C:\Windows\System\bxdGkQk.exe
  C:\Windows\System\bxdGkQk.exe
  2⤵
  PID:3840
- C:\Windows\System\hvVvCHq.exe
  C:\Windows\System\hvVvCHq.exe
  2⤵
  PID:3820
- C:\Windows\System\myxeotf.exe
  C:\Windows\System\myxeotf.exe
  2⤵
  PID:3956
- C:\Windows\System\VaymqdQ.exe
  C:\Windows\System\VaymqdQ.exe
  2⤵
  PID:3964
- C:\Windows\System\JUOGmox.exe
  C:\Windows\System\JUOGmox.exe
  2⤵
  PID:3900
- C:\Windows\System\TFSwfqe.exe
  C:\Windows\System\TFSwfqe.exe
  2⤵
  PID:4032
- C:\Windows\System\XfTIqKu.exe
  C:\Windows\System\XfTIqKu.exe
  2⤵
  PID:4076
- C:\Windows\System\MmYgiCP.exe
  C:\Windows\System\MmYgiCP.exe
  2⤵
  PID:2628
- C:\Windows\System\oFVSoWs.exe
  C:\Windows\System\oFVSoWs.exe
  2⤵
  PID:4064
- C:\Windows\System\FbFGfxF.exe
  C:\Windows\System\FbFGfxF.exe
  2⤵
  PID:1240
- C:\Windows\System\CVcMXHC.exe
  C:\Windows\System\CVcMXHC.exe
  2⤵
  PID:1636
- C:\Windows\System\zdcIHCR.exe
  C:\Windows\System\zdcIHCR.exe
  2⤵
  PID:2204
- C:\Windows\System\xpDdLhi.exe
  C:\Windows\System\xpDdLhi.exe
  2⤵
  PID:1800
- C:\Windows\System\PPwGMVp.exe
  C:\Windows\System\PPwGMVp.exe
  2⤵
  PID:1592
- C:\Windows\System\FyIMqHi.exe
  C:\Windows\System\FyIMqHi.exe
  2⤵
  PID:2124
- C:\Windows\System\LXpfLgh.exe
  C:\Windows\System\LXpfLgh.exe
  2⤵
  PID:3136
- C:\Windows\System\CWtZGRC.exe
  C:\Windows\System\CWtZGRC.exe
  2⤵
  PID:3188
- C:\Windows\System\stvaDZM.exe
  C:\Windows\System\stvaDZM.exe
  2⤵
  PID:3356
- C:\Windows\System\TbwtHsb.exe
  C:\Windows\System\TbwtHsb.exe
  2⤵
  PID:3352
- C:\Windows\System\qHFlMGo.exe
  C:\Windows\System\qHFlMGo.exe
  2⤵
  PID:3412
- C:\Windows\System\XBflLCe.exe
  C:\Windows\System\XBflLCe.exe
  2⤵
  PID:3492
- C:\Windows\System\yTMbpTu.exe
  C:\Windows\System\yTMbpTu.exe
  2⤵
  PID:3472
- C:\Windows\System\SrsbqlM.exe
  C:\Windows\System\SrsbqlM.exe
  2⤵
  PID:3560
- C:\Windows\System\ZzHbjVN.exe
  C:\Windows\System\ZzHbjVN.exe
  2⤵
  PID:3592
- C:\Windows\System\cwjuNoE.exe
  C:\Windows\System\cwjuNoE.exe
  2⤵
  PID:3680
- C:\Windows\System\DNPYmDs.exe
  C:\Windows\System\DNPYmDs.exe
  2⤵
  PID:3740
- C:\Windows\System\xUdVHgS.exe
  C:\Windows\System\xUdVHgS.exe
  2⤵
  PID:3800
- C:\Windows\System\KBIymNi.exe
  C:\Windows\System\KBIymNi.exe
  2⤵
  PID:3916
- C:\Windows\System\ErdvmmP.exe
  C:\Windows\System\ErdvmmP.exe
  2⤵
  PID:3996
- C:\Windows\System\oTmqBTB.exe
  C:\Windows\System\oTmqBTB.exe
  2⤵
  PID:3904
- C:\Windows\System\csXmiBk.exe
  C:\Windows\System\csXmiBk.exe
  2⤵
  PID:3940
- C:\Windows\System\WLwxgVt.exe
  C:\Windows\System\WLwxgVt.exe
  2⤵
  PID:4016
- C:\Windows\System\AyceFku.exe
  C:\Windows\System\AyceFku.exe
  2⤵
  PID:1808
- C:\Windows\System\MiIskgW.exe
  C:\Windows\System\MiIskgW.exe
  2⤵
  PID:1132
- C:\Windows\System\jNBMViL.exe
  C:\Windows\System\jNBMViL.exe
  2⤵
  PID:1924
- C:\Windows\System\fRgKFUm.exe
  C:\Windows\System\fRgKFUm.exe
  2⤵
  PID:3156
- C:\Windows\System\hKdxcpP.exe
  C:\Windows\System\hKdxcpP.exe
  2⤵
  PID:3208
- C:\Windows\System\hNLBTpV.exe
  C:\Windows\System\hNLBTpV.exe
  2⤵
  PID:3400
- C:\Windows\System\kiZqaKh.exe
  C:\Windows\System\kiZqaKh.exe
  2⤵
  PID:3312
- C:\Windows\System\aCNtDLk.exe
  C:\Windows\System\aCNtDLk.exe
  2⤵
  PID:3516
- C:\Windows\System\jdbIayh.exe
  C:\Windows\System\jdbIayh.exe
  2⤵
  PID:3616
- C:\Windows\System\sxGiTFy.exe
  C:\Windows\System\sxGiTFy.exe
  2⤵
  PID:3684
- C:\Windows\System\Hlnzigf.exe
  C:\Windows\System\Hlnzigf.exe
  2⤵
  PID:3720
- C:\Windows\System\CYxEPmL.exe
  C:\Windows\System\CYxEPmL.exe
  2⤵
  PID:3824
- C:\Windows\System\wymJGBW.exe
  C:\Windows\System\wymJGBW.exe
  2⤵
  PID:4104
- C:\Windows\System\GVXMdKD.exe
  C:\Windows\System\GVXMdKD.exe
  2⤵
  PID:4124
- C:\Windows\System\TfXmMrv.exe
  C:\Windows\System\TfXmMrv.exe
  2⤵
  PID:4144
- C:\Windows\System\FDJnuTj.exe
  C:\Windows\System\FDJnuTj.exe
  2⤵
  PID:4164
- C:\Windows\System\ANCwjur.exe
  C:\Windows\System\ANCwjur.exe
  2⤵
  PID:4184
- C:\Windows\System\EuqgmzS.exe
  C:\Windows\System\EuqgmzS.exe
  2⤵
  PID:4204
- C:\Windows\System\QYoYQHY.exe
  C:\Windows\System\QYoYQHY.exe
  2⤵
  PID:4224
- C:\Windows\System\HEEJyeX.exe
  C:\Windows\System\HEEJyeX.exe
  2⤵
  PID:4244
- C:\Windows\System\UayWFQs.exe
  C:\Windows\System\UayWFQs.exe
  2⤵
  PID:4264
- C:\Windows\System\kreBIlg.exe
  C:\Windows\System\kreBIlg.exe
  2⤵
  PID:4284
- C:\Windows\System\chhRvvn.exe
  C:\Windows\System\chhRvvn.exe
  2⤵
  PID:4304
- C:\Windows\System\JltHyah.exe
  C:\Windows\System\JltHyah.exe
  2⤵
  PID:4324
- C:\Windows\System\oNstbDm.exe
  C:\Windows\System\oNstbDm.exe
  2⤵
  PID:4344
- C:\Windows\System\gXOMsCV.exe
  C:\Windows\System\gXOMsCV.exe
  2⤵
  PID:4364
- C:\Windows\System\BbvyZID.exe
  C:\Windows\System\BbvyZID.exe
  2⤵
  PID:4384
- C:\Windows\System\QgxKgXN.exe
  C:\Windows\System\QgxKgXN.exe
  2⤵
  PID:4404
- C:\Windows\System\iQSGXva.exe
  C:\Windows\System\iQSGXva.exe
  2⤵
  PID:4424
- C:\Windows\System\tGNSjJo.exe
  C:\Windows\System\tGNSjJo.exe
  2⤵
  PID:4444
- C:\Windows\System\uYOzmpS.exe
  C:\Windows\System\uYOzmpS.exe
  2⤵
  PID:4464
- C:\Windows\System\LnzRTnA.exe
  C:\Windows\System\LnzRTnA.exe
  2⤵
  PID:4484
- C:\Windows\System\jMUsziX.exe
  C:\Windows\System\jMUsziX.exe
  2⤵
  PID:4504
- C:\Windows\System\jzBIBQr.exe
  C:\Windows\System\jzBIBQr.exe
  2⤵
  PID:4524
- C:\Windows\System\cwsnpRb.exe
  C:\Windows\System\cwsnpRb.exe
  2⤵
  PID:4544
- C:\Windows\System\mvCAALm.exe
  C:\Windows\System\mvCAALm.exe
  2⤵
  PID:4564
- C:\Windows\System\TbgpmGH.exe
  C:\Windows\System\TbgpmGH.exe
  2⤵
  PID:4584
- C:\Windows\System\sMHeGfC.exe
  C:\Windows\System\sMHeGfC.exe
  2⤵
  PID:4604
- C:\Windows\System\fbLXjIr.exe
  C:\Windows\System\fbLXjIr.exe
  2⤵
  PID:4624
- C:\Windows\System\noDwOOq.exe
  C:\Windows\System\noDwOOq.exe
  2⤵
  PID:4644
- C:\Windows\System\JnHCGhj.exe
  C:\Windows\System\JnHCGhj.exe
  2⤵
  PID:4664
- C:\Windows\System\IxcfLzS.exe
  C:\Windows\System\IxcfLzS.exe
  2⤵
  PID:4684
- C:\Windows\System\iXDWqSL.exe
  C:\Windows\System\iXDWqSL.exe
  2⤵
  PID:4708
- C:\Windows\System\CuJkyqZ.exe
  C:\Windows\System\CuJkyqZ.exe
  2⤵
  PID:4728
- C:\Windows\System\KDSzqwi.exe
  C:\Windows\System\KDSzqwi.exe
  2⤵
  PID:4748
- C:\Windows\System\PeXHBlE.exe
  C:\Windows\System\PeXHBlE.exe
  2⤵
  PID:4768
- C:\Windows\System\DhGMNbh.exe
  C:\Windows\System\DhGMNbh.exe
  2⤵
  PID:4788
- C:\Windows\System\pCCkqvZ.exe
  C:\Windows\System\pCCkqvZ.exe
  2⤵
  PID:4808
- C:\Windows\System\JbFrDal.exe
  C:\Windows\System\JbFrDal.exe
  2⤵
  PID:4828
- C:\Windows\System\obzDOpU.exe
  C:\Windows\System\obzDOpU.exe
  2⤵
  PID:4848
- C:\Windows\System\fEsoRkP.exe
  C:\Windows\System\fEsoRkP.exe
  2⤵
  PID:4868
- C:\Windows\System\nTcfGwn.exe
  C:\Windows\System\nTcfGwn.exe
  2⤵
  PID:4888
- C:\Windows\System\ogjtYQQ.exe
  C:\Windows\System\ogjtYQQ.exe
  2⤵
  PID:4908
- C:\Windows\System\dlBGjFx.exe
  C:\Windows\System\dlBGjFx.exe
  2⤵
  PID:4928
- C:\Windows\System\XzwXbIT.exe
  C:\Windows\System\XzwXbIT.exe
  2⤵
  PID:4948
- C:\Windows\System\DhrIZRo.exe
  C:\Windows\System\DhrIZRo.exe
  2⤵
  PID:4968
- C:\Windows\System\wVoiCWh.exe
  C:\Windows\System\wVoiCWh.exe
  2⤵
  PID:4988
- C:\Windows\System\WLfGvZl.exe
  C:\Windows\System\WLfGvZl.exe
  2⤵
  PID:5008
- C:\Windows\System\PUQGGKh.exe
  C:\Windows\System\PUQGGKh.exe
  2⤵
  PID:5028
- C:\Windows\System\EgCpLwu.exe
  C:\Windows\System\EgCpLwu.exe
  2⤵
  PID:5048
- C:\Windows\System\JGarrOD.exe
  C:\Windows\System\JGarrOD.exe
  2⤵
  PID:5068
- C:\Windows\System\qTFWaxz.exe
  C:\Windows\System\qTFWaxz.exe
  2⤵
  PID:5088
- C:\Windows\System\LTnzklQ.exe
  C:\Windows\System\LTnzklQ.exe
  2⤵
  PID:5108
- C:\Windows\System\aQQLQIE.exe
  C:\Windows\System\aQQLQIE.exe
  2⤵
  PID:3876
- C:\Windows\System\QzkYWVr.exe
  C:\Windows\System\QzkYWVr.exe
  2⤵
  PID:3984
- C:\Windows\System\HVSvSJG.exe
  C:\Windows\System\HVSvSJG.exe
  2⤵
  PID:400
- C:\Windows\System\EAcpnZc.exe
  C:\Windows\System\EAcpnZc.exe
  2⤵
  PID:3236
- C:\Windows\System\jqHLDrk.exe
  C:\Windows\System\jqHLDrk.exe
  2⤵
  PID:3108
- C:\Windows\System\nusQMZi.exe
  C:\Windows\System\nusQMZi.exe
  2⤵
  PID:3420
- C:\Windows\System\LVpfIBI.exe
  C:\Windows\System\LVpfIBI.exe
  2⤵
  PID:3468
- C:\Windows\System\gASSNgf.exe
  C:\Windows\System\gASSNgf.exe
  2⤵
  PID:3636
- C:\Windows\System\ANgNciE.exe
  C:\Windows\System\ANgNciE.exe
  2⤵
  PID:3924
- C:\Windows\System\Wvcrgmd.exe
  C:\Windows\System\Wvcrgmd.exe
  2⤵
  PID:4120
- C:\Windows\System\XtNDHBB.exe
  C:\Windows\System\XtNDHBB.exe
  2⤵
  PID:4152
- C:\Windows\System\JewHjTL.exe
  C:\Windows\System\JewHjTL.exe
  2⤵
  PID:4156
- C:\Windows\System\RrXpAJN.exe
  C:\Windows\System\RrXpAJN.exe
  2⤵
  PID:4216
- C:\Windows\System\HXrhHch.exe
  C:\Windows\System\HXrhHch.exe
  2⤵
  PID:4236
- C:\Windows\System\woRQNYL.exe
  C:\Windows\System\woRQNYL.exe
  2⤵
  PID:4280
- C:\Windows\System\wHMpfIW.exe
  C:\Windows\System\wHMpfIW.exe
  2⤵
  PID:4312
- C:\Windows\System\ZkPuYTf.exe
  C:\Windows\System\ZkPuYTf.exe
  2⤵
  PID:4316
- C:\Windows\System\rRvOGdA.exe
  C:\Windows\System\rRvOGdA.exe
  2⤵
  PID:4380
- C:\Windows\System\KsgwnTx.exe
  C:\Windows\System\KsgwnTx.exe
  2⤵
  PID:4396
- C:\Windows\System\EDAGblk.exe
  C:\Windows\System\EDAGblk.exe
  2⤵
  PID:4456
- C:\Windows\System\PARWPNH.exe
  C:\Windows\System\PARWPNH.exe
  2⤵
  PID:4492
- C:\Windows\System\RCOdnZL.exe
  C:\Windows\System\RCOdnZL.exe
  2⤵
  PID:4512
- C:\Windows\System\TsQRcGE.exe
  C:\Windows\System\TsQRcGE.exe
  2⤵
  PID:4536
- C:\Windows\System\BQyBOtI.exe
  C:\Windows\System\BQyBOtI.exe
  2⤵
  PID:4580
- C:\Windows\System\uPJUcEF.exe
  C:\Windows\System\uPJUcEF.exe
  2⤵
  PID:4620
- C:\Windows\System\TuwcMSn.exe
  C:\Windows\System\TuwcMSn.exe
  2⤵
  PID:4660
- C:\Windows\System\ejWChaD.exe
  C:\Windows\System\ejWChaD.exe
  2⤵
  PID:4672
- C:\Windows\System\FvUmemR.exe
  C:\Windows\System\FvUmemR.exe
  2⤵
  PID:4676
- C:\Windows\System\jeMXidz.exe
  C:\Windows\System\jeMXidz.exe
  2⤵
  PID:4724
- C:\Windows\System\FWFPyUa.exe
  C:\Windows\System\FWFPyUa.exe
  2⤵
  PID:4780
- C:\Windows\System\iXzNckf.exe
  C:\Windows\System\iXzNckf.exe
  2⤵
  PID:4824
- C:\Windows\System\jzSLEjb.exe
  C:\Windows\System\jzSLEjb.exe
  2⤵
  PID:4856
- C:\Windows\System\FfVARKO.exe
  C:\Windows\System\FfVARKO.exe
  2⤵
  PID:4876
- C:\Windows\System\YwRXxuO.exe
  C:\Windows\System\YwRXxuO.exe
  2⤵
  PID:4880
- C:\Windows\System\cdVlNxP.exe
  C:\Windows\System\cdVlNxP.exe
  2⤵
  PID:4920
- C:\Windows\System\ttvkDWF.exe
  C:\Windows\System\ttvkDWF.exe
  2⤵
  PID:4960
- C:\Windows\System\ZREHScY.exe
  C:\Windows\System\ZREHScY.exe
  2⤵
  PID:5004
- C:\Windows\System\NxTnLQE.exe
  C:\Windows\System\NxTnLQE.exe
  2⤵
  PID:5044
- C:\Windows\System\SOOhwrr.exe
  C:\Windows\System\SOOhwrr.exe
  2⤵
  PID:5096
- C:\Windows\System\HvujoOf.exe
  C:\Windows\System\HvujoOf.exe
  2⤵
  PID:5100
- C:\Windows\System\JILLoLv.exe
  C:\Windows\System\JILLoLv.exe
  2⤵
  PID:1044
- C:\Windows\System\SyvzEOX.exe
  C:\Windows\System\SyvzEOX.exe
  2⤵
  PID:3168
- C:\Windows\System\PjTssGa.exe
  C:\Windows\System\PjTssGa.exe
  2⤵
  PID:3480
- C:\Windows\System\ikmYZZm.exe
  C:\Windows\System\ikmYZZm.exe
  2⤵
  PID:3392
- C:\Windows\System\uIrWgMF.exe
  C:\Windows\System\uIrWgMF.exe
  2⤵
  PID:3804
- C:\Windows\System\bzxUdcE.exe
  C:\Windows\System\bzxUdcE.exe
  2⤵
  PID:3860
- C:\Windows\System\LKDGwHD.exe
  C:\Windows\System\LKDGwHD.exe
  2⤵
  PID:4140
- C:\Windows\System\CVyekqB.exe
  C:\Windows\System\CVyekqB.exe
  2⤵
  PID:4232
- C:\Windows\System\LrCNHvt.exe
  C:\Windows\System\LrCNHvt.exe
  2⤵
  PID:4300
- C:\Windows\System\pBsprto.exe
  C:\Windows\System\pBsprto.exe
  2⤵
  PID:4340
- C:\Windows\System\ahzVOSq.exe
  C:\Windows\System\ahzVOSq.exe
  2⤵
  PID:4416
- C:\Windows\System\bgUtApA.exe
  C:\Windows\System\bgUtApA.exe
  2⤵
  PID:4400
- C:\Windows\System\OsELKYW.exe
  C:\Windows\System\OsELKYW.exe
  2⤵
  PID:4472
- C:\Windows\System\pFfAXjk.exe
  C:\Windows\System\pFfAXjk.exe
  2⤵
  PID:4532
- C:\Windows\System\gIMmVBT.exe
  C:\Windows\System\gIMmVBT.exe
  2⤵
  PID:4640
- C:\Windows\System\hkKoTSd.exe
  C:\Windows\System\hkKoTSd.exe
  2⤵
  PID:4680
- C:\Windows\System\XgYcsmt.exe
  C:\Windows\System\XgYcsmt.exe
  2⤵
  PID:4756
- C:\Windows\System\CTrPeXy.exe
  C:\Windows\System\CTrPeXy.exe
  2⤵
  PID:2696
- C:\Windows\System\jkzQKQh.exe
  C:\Windows\System\jkzQKQh.exe
  2⤵
  PID:4800
- C:\Windows\System\QEDYCYX.exe
  C:\Windows\System\QEDYCYX.exe
  2⤵
  PID:4904
- C:\Windows\System\rYiuXFi.exe
  C:\Windows\System\rYiuXFi.exe
  2⤵
  PID:4844
- C:\Windows\System\CLbPBXa.exe
  C:\Windows\System\CLbPBXa.exe
  2⤵
  PID:4944
- C:\Windows\System\tMDPfNq.exe
  C:\Windows\System\tMDPfNq.exe
  2⤵
  PID:5000
- C:\Windows\System\qmCWyLl.exe
  C:\Windows\System\qmCWyLl.exe
  2⤵
  PID:5084
- C:\Windows\System\lEhoBzy.exe
  C:\Windows\System\lEhoBzy.exe
  2⤵
  PID:2320
- C:\Windows\System\SdWtdBU.exe
  C:\Windows\System\SdWtdBU.exe
  2⤵
  PID:3308
- C:\Windows\System\KDQaoXd.exe
  C:\Windows\System\KDQaoXd.exe
  2⤵
  PID:2852
- C:\Windows\System\BGQpRQP.exe
  C:\Windows\System\BGQpRQP.exe
  2⤵
  PID:3644
- C:\Windows\System\kQctkxO.exe
  C:\Windows\System\kQctkxO.exe
  2⤵
  PID:4252
- C:\Windows\System\MCmOSuI.exe
  C:\Windows\System\MCmOSuI.exe
  2⤵
  PID:4136
- C:\Windows\System\iCSrHkz.exe
  C:\Windows\System\iCSrHkz.exe
  2⤵
  PID:4360
- C:\Windows\System\JoRfTVW.exe
  C:\Windows\System\JoRfTVW.exe
  2⤵
  PID:4392
- C:\Windows\System\dnHcGVq.exe
  C:\Windows\System\dnHcGVq.exe
  2⤵
  PID:4556
- C:\Windows\System\ZWsWixl.exe
  C:\Windows\System\ZWsWixl.exe
  2⤵
  PID:2736
- C:\Windows\System\BUwkdqO.exe
  C:\Windows\System\BUwkdqO.exe
  2⤵
  PID:2164
- C:\Windows\System\haNKtzN.exe
  C:\Windows\System\haNKtzN.exe
  2⤵
  PID:2660
- C:\Windows\System\qvXLADL.exe
  C:\Windows\System\qvXLADL.exe
  2⤵
  PID:2856
- C:\Windows\System\RDwVpYa.exe
  C:\Windows\System\RDwVpYa.exe
  2⤵
  PID:792
- C:\Windows\System\jENRQcS.exe
  C:\Windows\System\jENRQcS.exe
  2⤵
  PID:2828
- C:\Windows\System\CwgSFki.exe
  C:\Windows\System\CwgSFki.exe
  2⤵
  PID:4840
- C:\Windows\System\shdBfQN.exe
  C:\Windows\System\shdBfQN.exe
  2⤵
  PID:5076
- C:\Windows\System\YFTdrIt.exe
  C:\Windows\System\YFTdrIt.exe
  2⤵
  PID:316
- C:\Windows\System\yZbaaoq.exe
  C:\Windows\System\yZbaaoq.exe
  2⤵
  PID:4100
- C:\Windows\System\TgMweZT.exe
  C:\Windows\System\TgMweZT.exe
  2⤵
  PID:3656
- C:\Windows\System\xyZsTGW.exe
  C:\Windows\System\xyZsTGW.exe
  2⤵
  PID:4220
- C:\Windows\System\cJykees.exe
  C:\Windows\System\cJykees.exe
  2⤵
  PID:4412
- C:\Windows\System\fxMSXyt.exe
  C:\Windows\System\fxMSXyt.exe
  2⤵
  PID:4516
- C:\Windows\System\IzIgnzk.exe
  C:\Windows\System\IzIgnzk.exe
  2⤵
  PID:4612
- C:\Windows\System\WoesbMb.exe
  C:\Windows\System\WoesbMb.exe
  2⤵
  PID:4700
- C:\Windows\System\LIGkodc.exe
  C:\Windows\System\LIGkodc.exe
  2⤵
  PID:4816
- C:\Windows\System\PWugonr.exe
  C:\Windows\System\PWugonr.exe
  2⤵
  PID:5136
- C:\Windows\System\UqpFxQO.exe
  C:\Windows\System\UqpFxQO.exe
  2⤵
  PID:5156
- C:\Windows\System\ngNhIml.exe
  C:\Windows\System\ngNhIml.exe
  2⤵
  PID:5176
- C:\Windows\System\nSsJjNb.exe
  C:\Windows\System\nSsJjNb.exe
  2⤵
  PID:5196
- C:\Windows\System\LAwAEBZ.exe
  C:\Windows\System\LAwAEBZ.exe
  2⤵
  PID:5216
- C:\Windows\System\RPDANro.exe
  C:\Windows\System\RPDANro.exe
  2⤵
  PID:5236
- C:\Windows\System\KqnCACb.exe
  C:\Windows\System\KqnCACb.exe
  2⤵
  PID:5256
- C:\Windows\System\CkggmZa.exe
  C:\Windows\System\CkggmZa.exe
  2⤵
  PID:5276
- C:\Windows\System\UylGWrQ.exe
  C:\Windows\System\UylGWrQ.exe
  2⤵
  PID:5296
- C:\Windows\System\oIyNCDN.exe
  C:\Windows\System\oIyNCDN.exe
  2⤵
  PID:5316
- C:\Windows\System\ZfUALDW.exe
  C:\Windows\System\ZfUALDW.exe
  2⤵
  PID:5336
- C:\Windows\System\yleJqkS.exe
  C:\Windows\System\yleJqkS.exe
  2⤵
  PID:5356
- C:\Windows\System\aeUGJdT.exe
  C:\Windows\System\aeUGJdT.exe
  2⤵
  PID:5376
- C:\Windows\System\dNGtfxE.exe
  C:\Windows\System\dNGtfxE.exe
  2⤵
  PID:5396
- C:\Windows\System\iuymHYq.exe
  C:\Windows\System\iuymHYq.exe
  2⤵
  PID:5416
- C:\Windows\System\EBeFZrb.exe
  C:\Windows\System\EBeFZrb.exe
  2⤵
  PID:5436
- C:\Windows\System\BHqoWNY.exe
  C:\Windows\System\BHqoWNY.exe
  2⤵
  PID:5456
- C:\Windows\System\EHxJSVH.exe
  C:\Windows\System\EHxJSVH.exe
  2⤵
  PID:5476
- C:\Windows\System\LacJOlt.exe
  C:\Windows\System\LacJOlt.exe
  2⤵
  PID:5496
- C:\Windows\System\DGMqeoE.exe
  C:\Windows\System\DGMqeoE.exe
  2⤵
  PID:5516
- C:\Windows\System\hKjmDhX.exe
  C:\Windows\System\hKjmDhX.exe
  2⤵
  PID:5536
- C:\Windows\System\bGxeazF.exe
  C:\Windows\System\bGxeazF.exe
  2⤵
  PID:5556
- C:\Windows\System\DGOmsUm.exe
  C:\Windows\System\DGOmsUm.exe
  2⤵
  PID:5576
- C:\Windows\System\vUtGGaY.exe
  C:\Windows\System\vUtGGaY.exe
  2⤵
  PID:5596
- C:\Windows\System\kYHlojW.exe
  C:\Windows\System\kYHlojW.exe
  2⤵
  PID:5616
- C:\Windows\System\pbEDhLE.exe
  C:\Windows\System\pbEDhLE.exe
  2⤵
  PID:5636
- C:\Windows\System\uBHQaHJ.exe
  C:\Windows\System\uBHQaHJ.exe
  2⤵
  PID:5652
- C:\Windows\System\kBrLnuC.exe
  C:\Windows\System\kBrLnuC.exe
  2⤵
  PID:5672
- C:\Windows\System\JzREuoC.exe
  C:\Windows\System\JzREuoC.exe
  2⤵
  PID:5696
- C:\Windows\System\wWdTTjM.exe
  C:\Windows\System\wWdTTjM.exe
  2⤵
  PID:5716
- C:\Windows\System\XzEQEUv.exe
  C:\Windows\System\XzEQEUv.exe
  2⤵
  PID:5736
- C:\Windows\System\tVoaKXD.exe
  C:\Windows\System\tVoaKXD.exe
  2⤵
  PID:5756
- C:\Windows\System\YYvyhYO.exe
  C:\Windows\System\YYvyhYO.exe
  2⤵
  PID:5776
- C:\Windows\System\oZyhXje.exe
  C:\Windows\System\oZyhXje.exe
  2⤵
  PID:5796
- C:\Windows\System\gRdFiRW.exe
  C:\Windows\System\gRdFiRW.exe
  2⤵
  PID:5816
- C:\Windows\System\pzcCosy.exe
  C:\Windows\System\pzcCosy.exe
  2⤵
  PID:5836
- C:\Windows\System\Zxudews.exe
  C:\Windows\System\Zxudews.exe
  2⤵
  PID:5856
- C:\Windows\System\TCnWygG.exe
  C:\Windows\System\TCnWygG.exe
  2⤵
  PID:5876
- C:\Windows\System\YWNcDXS.exe
  C:\Windows\System\YWNcDXS.exe
  2⤵
  PID:5896
- C:\Windows\System\kAPDkbq.exe
  C:\Windows\System\kAPDkbq.exe
  2⤵
  PID:5916
- C:\Windows\System\wziJcFW.exe
  C:\Windows\System\wziJcFW.exe
  2⤵
  PID:5936
- C:\Windows\System\USrCdkA.exe
  C:\Windows\System\USrCdkA.exe
  2⤵
  PID:5956
- C:\Windows\System\CbvhtRc.exe
  C:\Windows\System\CbvhtRc.exe
  2⤵
  PID:5976
- C:\Windows\System\EkVMdkb.exe
  C:\Windows\System\EkVMdkb.exe
  2⤵
  PID:5996
- C:\Windows\System\GcdROKt.exe
  C:\Windows\System\GcdROKt.exe
  2⤵
  PID:6016
- C:\Windows\System\bfrRsch.exe
  C:\Windows\System\bfrRsch.exe
  2⤵
  PID:6036
- C:\Windows\System\STPGBZK.exe
  C:\Windows\System\STPGBZK.exe
  2⤵
  PID:6052
- C:\Windows\System\uOuAmHS.exe
  C:\Windows\System\uOuAmHS.exe
  2⤵
  PID:6076
- C:\Windows\System\WRDsvHU.exe
  C:\Windows\System\WRDsvHU.exe
  2⤵
  PID:6092
- C:\Windows\System\tgeBVPV.exe
  C:\Windows\System\tgeBVPV.exe
  2⤵
  PID:6112
- C:\Windows\System\oYEMHfl.exe
  C:\Windows\System\oYEMHfl.exe
  2⤵
  PID:6132
- C:\Windows\System\fVtoRcW.exe
  C:\Windows\System\fVtoRcW.exe
  2⤵
  PID:2720
- C:\Windows\System\cUbUSOi.exe
  C:\Windows\System\cUbUSOi.exe
  2⤵
  PID:4936
- C:\Windows\System\NJpUyLq.exe
  C:\Windows\System\NJpUyLq.exe
  2⤵
  PID:5080
- C:\Windows\System\mggjHNm.exe
  C:\Windows\System\mggjHNm.exe
  2⤵
  PID:3436
- C:\Windows\System\SStbEFv.exe
  C:\Windows\System\SStbEFv.exe
  2⤵
  PID:4200
- C:\Windows\System\VEtRKWO.exe
  C:\Windows\System\VEtRKWO.exe
  2⤵
  PID:4476
- C:\Windows\System\dwUxLgo.exe
  C:\Windows\System\dwUxLgo.exe
  2⤵
  PID:2732
- C:\Windows\System\bDrYaaB.exe
  C:\Windows\System\bDrYaaB.exe
  2⤵
  PID:2832
- C:\Windows\System\zmKnGAc.exe
  C:\Windows\System\zmKnGAc.exe
  2⤵
  PID:4744
- C:\Windows\System\pbbNtIi.exe
  C:\Windows\System\pbbNtIi.exe
  2⤵
  PID:5132
- C:\Windows\System\fDxTsXx.exe
  C:\Windows\System\fDxTsXx.exe
  2⤵
  PID:5184
- C:\Windows\System\OgikQMu.exe
  C:\Windows\System\OgikQMu.exe
  2⤵
  PID:5168
- C:\Windows\System\kbGOLKF.exe
  C:\Windows\System\kbGOLKF.exe
  2⤵
  PID:5228
- C:\Windows\System\LrqpctZ.exe
  C:\Windows\System\LrqpctZ.exe
  2⤵
  PID:5252
- C:\Windows\System\BLvgFUU.exe
  C:\Windows\System\BLvgFUU.exe
  2⤵
  PID:5308
- C:\Windows\System\rPFotRr.exe
  C:\Windows\System\rPFotRr.exe
  2⤵
  PID:5348
- C:\Windows\System\cJzqkyL.exe
  C:\Windows\System\cJzqkyL.exe
  2⤵
  PID:5384
- C:\Windows\System\WpyCfuL.exe
  C:\Windows\System\WpyCfuL.exe
  2⤵
  PID:5424
- C:\Windows\System\RXbHxxV.exe
  C:\Windows\System\RXbHxxV.exe
  2⤵
  PID:5464
- C:\Windows\System\qUmBcqW.exe
  C:\Windows\System\qUmBcqW.exe
  2⤵
  PID:5468
- C:\Windows\System\hZajvft.exe
  C:\Windows\System\hZajvft.exe
  2⤵
  PID:5492
- C:\Windows\System\QuiWtRg.exe
  C:\Windows\System\QuiWtRg.exe
  2⤵
  PID:5552
- C:\Windows\System\TxeFKVs.exe
  C:\Windows\System\TxeFKVs.exe
  2⤵
  PID:5592
- C:\Windows\System\iyqPfsV.exe
  C:\Windows\System\iyqPfsV.exe
  2⤵
  PID:5568
- C:\Windows\System\pdpHZAj.exe
  C:\Windows\System\pdpHZAj.exe
  2⤵
  PID:5612
- C:\Windows\System\GdcYVKs.exe
  C:\Windows\System\GdcYVKs.exe
  2⤵
  PID:5704
- C:\Windows\System\kzsUiEx.exe
  C:\Windows\System\kzsUiEx.exe
  2⤵
  PID:5712
- C:\Windows\System\ajKFjer.exe
  C:\Windows\System\ajKFjer.exe
  2⤵
  PID:5732
- C:\Windows\System\oZjRpdY.exe
  C:\Windows\System\oZjRpdY.exe
  2⤵
  PID:5784
- C:\Windows\System\yeJQRVc.exe
  C:\Windows\System\yeJQRVc.exe
  2⤵
  PID:5768
- C:\Windows\System\upImAJa.exe
  C:\Windows\System\upImAJa.exe
  2⤵
  PID:5812
- C:\Windows\System\NBHeqJl.exe
  C:\Windows\System\NBHeqJl.exe
  2⤵
  PID:5844
- C:\Windows\System\qQbqElX.exe
  C:\Windows\System\qQbqElX.exe
  2⤵
  PID:5912
- C:\Windows\System\QzAYlhm.exe
  C:\Windows\System\QzAYlhm.exe
  2⤵
  PID:5892
- C:\Windows\System\pzdPGwJ.exe
  C:\Windows\System\pzdPGwJ.exe
  2⤵
  PID:5984
- C:\Windows\System\HxOejVd.exe
  C:\Windows\System\HxOejVd.exe
  2⤵
  PID:5972
- C:\Windows\System\FPvgcfH.exe
  C:\Windows\System\FPvgcfH.exe
  2⤵
  PID:6064
- C:\Windows\System\NPoaOdx.exe
  C:\Windows\System\NPoaOdx.exe
  2⤵
  PID:6008
- C:\Windows\System\zUlsyZW.exe
  C:\Windows\System\zUlsyZW.exe
  2⤵
  PID:6048
- C:\Windows\System\PYYrMsF.exe
  C:\Windows\System\PYYrMsF.exe
  2⤵
  PID:2596
- C:\Windows\System\zcjFkmu.exe
  C:\Windows\System\zcjFkmu.exe
  2⤵
  PID:5064
- C:\Windows\System\HjkgmGx.exe
  C:\Windows\System\HjkgmGx.exe
  2⤵
  PID:1324
- C:\Windows\System\UYjQByn.exe
  C:\Windows\System\UYjQByn.exe
  2⤵
  PID:4112
- C:\Windows\System\aXlPZqw.exe
  C:\Windows\System\aXlPZqw.exe
  2⤵
  PID:4440
- C:\Windows\System\tFDfVlo.exe
  C:\Windows\System\tFDfVlo.exe
  2⤵
  PID:2368
- C:\Windows\System\jvvzZQt.exe
  C:\Windows\System\jvvzZQt.exe
  2⤵
  PID:5148
- C:\Windows\System\DGmCJyo.exe
  C:\Windows\System\DGmCJyo.exe
  2⤵
  PID:5212
- C:\Windows\System\laxyQPa.exe
  C:\Windows\System\laxyQPa.exe
  2⤵
  PID:5172
- C:\Windows\System\gVtgAqp.exe
  C:\Windows\System\gVtgAqp.exe
  2⤵
  PID:5268
- C:\Windows\System\WvAmJmr.exe
  C:\Windows\System\WvAmJmr.exe
  2⤵
  PID:5364
- C:\Windows\System\hDWXikD.exe
  C:\Windows\System\hDWXikD.exe
  2⤵
  PID:5412
- C:\Windows\System\VfBEOMH.exe
  C:\Windows\System\VfBEOMH.exe
  2⤵
  PID:5444
- C:\Windows\System\grRSOgn.exe
  C:\Windows\System\grRSOgn.exe
  2⤵
  PID:5448
- C:\Windows\System\hmBjVMN.exe
  C:\Windows\System\hmBjVMN.exe
  2⤵
  PID:5584
- C:\Windows\System\mNTOVwP.exe
  C:\Windows\System\mNTOVwP.exe
  2⤵
  PID:5628
- C:\Windows\System\KKJmQkz.exe
  C:\Windows\System\KKJmQkz.exe
  2⤵
  PID:1776
- C:\Windows\System\gkwFpeF.exe
  C:\Windows\System\gkwFpeF.exe
  2⤵
  PID:5648
- C:\Windows\System\PqtAkOw.exe
  C:\Windows\System\PqtAkOw.exe
  2⤵
  PID:5728
- C:\Windows\System\bYWFxKc.exe
  C:\Windows\System\bYWFxKc.exe
  2⤵
  PID:5828
- C:\Windows\System\SNPtiRl.exe
  C:\Windows\System\SNPtiRl.exe
  2⤵
  PID:5864
- C:\Windows\System\lKWjxLG.exe
  C:\Windows\System\lKWjxLG.exe
  2⤵
  PID:3116
- C:\Windows\System\PRSEjCt.exe
  C:\Windows\System\PRSEjCt.exe
  2⤵
  PID:5948
- C:\Windows\System\BdYYtXX.exe
  C:\Windows\System\BdYYtXX.exe
  2⤵
  PID:5988
- C:\Windows\System\eZwltWn.exe
  C:\Windows\System\eZwltWn.exe
  2⤵
  PID:6108
- C:\Windows\System\rnOWhtH.exe
  C:\Windows\System\rnOWhtH.exe
  2⤵
  PID:6104
- C:\Windows\System\RFoRbEJ.exe
  C:\Windows\System\RFoRbEJ.exe
  2⤵
  PID:6084
- C:\Windows\System\ZWpESZm.exe
  C:\Windows\System\ZWpESZm.exe
  2⤵
  PID:4240
- C:\Windows\System\jBOpYeA.exe
  C:\Windows\System\jBOpYeA.exe
  2⤵
  PID:1460
- C:\Windows\System\VbROrUU.exe
  C:\Windows\System\VbROrUU.exe
  2⤵
  PID:5128
- C:\Windows\System\cpvzHgz.exe
  C:\Windows\System\cpvzHgz.exe
  2⤵
  PID:5152
- C:\Windows\System\HzFqNRW.exe
  C:\Windows\System\HzFqNRW.exe
  2⤵
  PID:5224
- C:\Windows\System\vWDWcxt.exe
  C:\Windows\System\vWDWcxt.exe
  2⤵
  PID:5344
- C:\Windows\System\yDSBnuN.exe
  C:\Windows\System\yDSBnuN.exe
  2⤵
  PID:3604
- C:\Windows\System\zZfynBD.exe
  C:\Windows\System\zZfynBD.exe
  2⤵
  PID:5372
- C:\Windows\System\AoodAxe.exe
  C:\Windows\System\AoodAxe.exe
  2⤵
  PID:5524
- C:\Windows\System\sWjfyMc.exe
  C:\Windows\System\sWjfyMc.exe
  2⤵
  PID:5644
- C:\Windows\System\ySYpGCW.exe
  C:\Windows\System\ySYpGCW.exe
  2⤵
  PID:5604
- C:\Windows\System\fbeWVzW.exe
  C:\Windows\System\fbeWVzW.exe
  2⤵
  PID:5884
- C:\Windows\System\iWIjSnx.exe
  C:\Windows\System\iWIjSnx.exe
  2⤵
  PID:5764
- C:\Windows\System\BKOtpPl.exe
  C:\Windows\System\BKOtpPl.exe
  2⤵
  PID:6028
- C:\Windows\System\UrPyjIV.exe
  C:\Windows\System\UrPyjIV.exe
  2⤵
  PID:2340
- C:\Windows\System\qDLZZFm.exe
  C:\Windows\System\qDLZZFm.exe
  2⤵
  PID:4964
- C:\Windows\System\tMxXguK.exe
  C:\Windows\System\tMxXguK.exe
  2⤵
  PID:2636
- C:\Windows\System\doobqTH.exe
  C:\Windows\System\doobqTH.exe
  2⤵
  PID:620
- C:\Windows\System\pPBEmHN.exe
  C:\Windows\System\pPBEmHN.exe
  2⤵
  PID:5264
- C:\Windows\System\agyuIoW.exe
  C:\Windows\System\agyuIoW.exe
  2⤵
  PID:5332
- C:\Windows\System\JSZFnMc.exe
  C:\Windows\System\JSZFnMc.exe
  2⤵
  PID:5484
- C:\Windows\System\rSLXClr.exe
  C:\Windows\System\rSLXClr.exe
  2⤵
  PID:1668
- C:\Windows\System\oyQMuYa.exe
  C:\Windows\System\oyQMuYa.exe
  2⤵
  PID:5528
- C:\Windows\System\YONslRR.exe
  C:\Windows\System\YONslRR.exe
  2⤵
  PID:5752
- C:\Windows\System\oGZxERi.exe
  C:\Windows\System\oGZxERi.exe
  2⤵
  PID:5848
- C:\Windows\System\NPSzjFT.exe
  C:\Windows\System\NPSzjFT.exe
  2⤵
  PID:3896
- C:\Windows\System\tpeTkLg.exe
  C:\Windows\System\tpeTkLg.exe
  2⤵
  PID:2752
- C:\Windows\System\mrQEWRG.exe
  C:\Windows\System\mrQEWRG.exe
  2⤵
  PID:4496
- C:\Windows\System\mJcqwqY.exe
  C:\Windows\System\mJcqwqY.exe
  2⤵
  PID:2796
- C:\Windows\System\koQFODK.exe
  C:\Windows\System\koQFODK.exe
  2⤵
  PID:5452
- C:\Windows\System\wtLLrmX.exe
  C:\Windows\System\wtLLrmX.exe
  2⤵
  PID:6156
- C:\Windows\System\kYjkCDG.exe
  C:\Windows\System\kYjkCDG.exe
  2⤵
  PID:6176
- C:\Windows\System\clImuGB.exe
  C:\Windows\System\clImuGB.exe
  2⤵
  PID:6196
- C:\Windows\System\muDCHbv.exe
  C:\Windows\System\muDCHbv.exe
  2⤵
  PID:6216
- C:\Windows\System\xHYQZiD.exe
  C:\Windows\System\xHYQZiD.exe
  2⤵
  PID:6236
- C:\Windows\System\NEkZybB.exe
  C:\Windows\System\NEkZybB.exe
  2⤵
  PID:6256
- C:\Windows\System\kYNEFES.exe
  C:\Windows\System\kYNEFES.exe
  2⤵
  PID:6276
- C:\Windows\System\uKzIOEM.exe
  C:\Windows\System\uKzIOEM.exe
  2⤵
  PID:6296
- C:\Windows\System\EGXUdfN.exe
  C:\Windows\System\EGXUdfN.exe
  2⤵
  PID:6316
- C:\Windows\System\WMmehSk.exe
  C:\Windows\System\WMmehSk.exe
  2⤵
  PID:6336
- C:\Windows\System\hzTGOYG.exe
  C:\Windows\System\hzTGOYG.exe
  2⤵
  PID:6356
- C:\Windows\System\oPOCDdr.exe
  C:\Windows\System\oPOCDdr.exe
  2⤵
  PID:6376
- C:\Windows\System\twJJSTO.exe
  C:\Windows\System\twJJSTO.exe
  2⤵
  PID:6396
- C:\Windows\System\WILrngn.exe
  C:\Windows\System\WILrngn.exe
  2⤵
  PID:6416
- C:\Windows\System\mdFClPg.exe
  C:\Windows\System\mdFClPg.exe
  2⤵
  PID:6436
- C:\Windows\System\kbUEKID.exe
  C:\Windows\System\kbUEKID.exe
  2⤵
  PID:6456
- C:\Windows\System\KaPfdVu.exe
  C:\Windows\System\KaPfdVu.exe
  2⤵
  PID:6476
- C:\Windows\System\siogfOu.exe
  C:\Windows\System\siogfOu.exe
  2⤵
  PID:6496
- C:\Windows\System\McXfgLM.exe
  C:\Windows\System\McXfgLM.exe
  2⤵
  PID:6516
- C:\Windows\System\qPuEqRn.exe
  C:\Windows\System\qPuEqRn.exe
  2⤵
  PID:6536
- C:\Windows\System\dAhTPEB.exe
  C:\Windows\System\dAhTPEB.exe
  2⤵
  PID:6556
- C:\Windows\System\YUfdzbq.exe
  C:\Windows\System\YUfdzbq.exe
  2⤵
  PID:6576
- C:\Windows\System\wPSFvVR.exe
  C:\Windows\System\wPSFvVR.exe
  2⤵
  PID:6596
- C:\Windows\System\SqElfGK.exe
  C:\Windows\System\SqElfGK.exe
  2⤵
  PID:6616
- C:\Windows\System\qvHLfRh.exe
  C:\Windows\System\qvHLfRh.exe
  2⤵
  PID:6636
- C:\Windows\System\NVgJEJD.exe
  C:\Windows\System\NVgJEJD.exe
  2⤵
  PID:6656
- C:\Windows\System\nlQbUCX.exe
  C:\Windows\System\nlQbUCX.exe
  2⤵
  PID:6676
- C:\Windows\System\ESPfvmB.exe
  C:\Windows\System\ESPfvmB.exe
  2⤵
  PID:6696
- C:\Windows\System\orwLIRO.exe
  C:\Windows\System\orwLIRO.exe
  2⤵
  PID:6716
- C:\Windows\System\SwiMoIY.exe
  C:\Windows\System\SwiMoIY.exe
  2⤵
  PID:6736
- C:\Windows\System\zJhCTlT.exe
  C:\Windows\System\zJhCTlT.exe
  2⤵
  PID:6756
- C:\Windows\System\WbqRWUZ.exe
  C:\Windows\System\WbqRWUZ.exe
  2⤵
  PID:6776
- C:\Windows\System\rOAZjHu.exe
  C:\Windows\System\rOAZjHu.exe
  2⤵
  PID:6796
- C:\Windows\System\ArCLUwJ.exe
  C:\Windows\System\ArCLUwJ.exe
  2⤵
  PID:6816
- C:\Windows\System\nxeGGVy.exe
  C:\Windows\System\nxeGGVy.exe
  2⤵
  PID:6836
- C:\Windows\System\MCJLzlB.exe
  C:\Windows\System\MCJLzlB.exe
  2⤵
  PID:6856
- C:\Windows\System\xhLqCPS.exe
  C:\Windows\System\xhLqCPS.exe
  2⤵
  PID:6876
- C:\Windows\System\qiOFaOL.exe
  C:\Windows\System\qiOFaOL.exe
  2⤵
  PID:6896
- C:\Windows\System\LUKHIiP.exe
  C:\Windows\System\LUKHIiP.exe
  2⤵
  PID:6916
- C:\Windows\System\MpRRais.exe
  C:\Windows\System\MpRRais.exe
  2⤵
  PID:6936
- C:\Windows\System\DleDWtR.exe
  C:\Windows\System\DleDWtR.exe
  2⤵
  PID:6956
- C:\Windows\System\aMpQkAk.exe
  C:\Windows\System\aMpQkAk.exe
  2⤵
  PID:6976
- C:\Windows\System\yZFYnuf.exe
  C:\Windows\System\yZFYnuf.exe
  2⤵
  PID:6996
- C:\Windows\System\KnUakRs.exe
  C:\Windows\System\KnUakRs.exe
  2⤵
  PID:7016
- C:\Windows\System\GOdyDEE.exe
  C:\Windows\System\GOdyDEE.exe
  2⤵
  PID:7036
- C:\Windows\System\pZqKXCA.exe
  C:\Windows\System\pZqKXCA.exe
  2⤵
  PID:7056
- C:\Windows\System\mBFJIwc.exe
  C:\Windows\System\mBFJIwc.exe
  2⤵
  PID:7076
- C:\Windows\System\RquUEDH.exe
  C:\Windows\System\RquUEDH.exe
  2⤵
  PID:7092
- C:\Windows\System\UzyinDt.exe
  C:\Windows\System\UzyinDt.exe
  2⤵
  PID:7120
- C:\Windows\System\XaaeSCd.exe
  C:\Windows\System\XaaeSCd.exe
  2⤵
  PID:7136
- C:\Windows\System\bdRdeSD.exe
  C:\Windows\System\bdRdeSD.exe
  2⤵
  PID:7152
- C:\Windows\System\vDPUpBm.exe
  C:\Windows\System\vDPUpBm.exe
  2⤵
  PID:1236
- C:\Windows\System\fFWuRuw.exe
  C:\Windows\System\fFWuRuw.exe
  2⤵
  PID:5928
- C:\Windows\System\cNHWFUu.exe
  C:\Windows\System\cNHWFUu.exe
  2⤵
  PID:852
- C:\Windows\System\bIlgOLy.exe
  C:\Windows\System\bIlgOLy.exe
  2⤵
  PID:2548
- C:\Windows\System\bedocIK.exe
  C:\Windows\System\bedocIK.exe
  2⤵
  PID:5312
- C:\Windows\System\mPbZIpD.exe
  C:\Windows\System\mPbZIpD.exe
  2⤵
  PID:5668
- C:\Windows\System\HzFWTUK.exe
  C:\Windows\System\HzFWTUK.exe
  2⤵
  PID:6192
- C:\Windows\System\dxjfVtz.exe
  C:\Windows\System\dxjfVtz.exe
  2⤵
  PID:6204
- C:\Windows\System\fSGxKsc.exe
  C:\Windows\System\fSGxKsc.exe
  2⤵
  PID:6212
- C:\Windows\System\efrvSbM.exe
  C:\Windows\System\efrvSbM.exe
  2⤵
  PID:6272
- C:\Windows\System\FzIjbmG.exe
  C:\Windows\System\FzIjbmG.exe
  2⤵
  PID:6304
- C:\Windows\System\qYnqQoj.exe
  C:\Windows\System\qYnqQoj.exe
  2⤵
  PID:6308
- C:\Windows\System\tgvpVoC.exe
  C:\Windows\System\tgvpVoC.exe
  2⤵
  PID:6352
- C:\Windows\System\xMWTfcl.exe
  C:\Windows\System\xMWTfcl.exe
  2⤵
  PID:6372
- C:\Windows\System\ZmFtqVu.exe
  C:\Windows\System\ZmFtqVu.exe
  2⤵
  PID:6452
- C:\Windows\System\kMkjJYm.exe
  C:\Windows\System\kMkjJYm.exe
  2⤵
  PID:6504
- C:\Windows\System\IBkJYeu.exe
  C:\Windows\System\IBkJYeu.exe
  2⤵
  PID:6508
- C:\Windows\System\JDXhdfW.exe
  C:\Windows\System\JDXhdfW.exe
  2⤵
  PID:6548
- C:\Windows\System\lnJBPCI.exe
  C:\Windows\System\lnJBPCI.exe
  2⤵
  PID:2724
- C:\Windows\System\EvWRkkU.exe
  C:\Windows\System\EvWRkkU.exe
  2⤵
  PID:6572
- C:\Windows\System\JeYyLTc.exe
  C:\Windows\System\JeYyLTc.exe
  2⤵
  PID:2664
- C:\Windows\System\ZSzdNIJ.exe
  C:\Windows\System\ZSzdNIJ.exe
  2⤵
  PID:6624
- C:\Windows\System\mhVdrFD.exe
  C:\Windows\System\mhVdrFD.exe
  2⤵
  PID:1480
- C:\Windows\System\jGSePEp.exe
  C:\Windows\System\jGSePEp.exe
  2⤵
  PID:6648
- C:\Windows\System\llXBqhQ.exe
  C:\Windows\System\llXBqhQ.exe
  2⤵
  PID:6704
- C:\Windows\System\UFUJzWn.exe
  C:\Windows\System\UFUJzWn.exe
  2⤵
  PID:6708
- C:\Windows\System\UfQXehn.exe
  C:\Windows\System\UfQXehn.exe
  2⤵
  PID:6724
- C:\Windows\System\wGdehne.exe
  C:\Windows\System\wGdehne.exe
  2⤵
  PID:6752
- C:\Windows\System\ASgDeUv.exe
  C:\Windows\System\ASgDeUv.exe
  2⤵
  PID:6792
- C:\Windows\System\TSYVEsd.exe
  C:\Windows\System\TSYVEsd.exe
  2⤵
  PID:548
- C:\Windows\System\QlubYJo.exe
  C:\Windows\System\QlubYJo.exe
  2⤵
  PID:2920
- C:\Windows\System\tVyrmgy.exe
  C:\Windows\System\tVyrmgy.exe
  2⤵
  PID:3696
- C:\Windows\System\RhjHbTy.exe
  C:\Windows\System\RhjHbTy.exe
  2⤵
  PID:2632
- C:\Windows\System\vwIaLSj.exe
  C:\Windows\System\vwIaLSj.exe
  2⤵
  PID:1572
- C:\Windows\System\MYyWafx.exe
  C:\Windows\System\MYyWafx.exe
  2⤵
  PID:6848
- C:\Windows\System\FzaAqPg.exe
  C:\Windows\System\FzaAqPg.exe
  2⤵
  PID:1104
- C:\Windows\System\ULWFJKY.exe
  C:\Windows\System\ULWFJKY.exe
  2⤵
  PID:1356
- C:\Windows\System\cprDtVz.exe
  C:\Windows\System\cprDtVz.exe
  2⤵
  PID:2756
- C:\Windows\System\AxBnkii.exe
  C:\Windows\System\AxBnkii.exe
  2⤵
  PID:6984
- C:\Windows\System\lOcaShe.exe
  C:\Windows\System\lOcaShe.exe
  2⤵
  PID:1528
- C:\Windows\System\OWLMmgo.exe
  C:\Windows\System\OWLMmgo.exe
  2⤵
  PID:1768
- C:\Windows\System\cQcmODv.exe
  C:\Windows\System\cQcmODv.exe
  2⤵
  PID:7028
- C:\Windows\System\lVVrWMW.exe
  C:\Windows\System\lVVrWMW.exe
  2⤵
  PID:1792
- C:\Windows\System\sDHoqbC.exe
  C:\Windows\System\sDHoqbC.exe
  2⤵
  PID:1696
- C:\Windows\System\LZOOGsE.exe
  C:\Windows\System\LZOOGsE.exe
  2⤵
  PID:7068
- C:\Windows\System\aJZSBRs.exe
  C:\Windows\System\aJZSBRs.exe
  2⤵
  PID:7084
- C:\Windows\System\ApnncCR.exe
  C:\Windows\System\ApnncCR.exe
  2⤵
  PID:7116
- C:\Windows\System\tvyhQPP.exe
  C:\Windows\System\tvyhQPP.exe
  2⤵
  PID:7132
- C:\Windows\System\fZjoKEf.exe
  C:\Windows\System\fZjoKEf.exe
  2⤵
  PID:6152
- C:\Windows\System\uorFcUw.exe
  C:\Windows\System\uorFcUw.exe
  2⤵
  PID:6264
- C:\Windows\System\PRhGBNE.exe
  C:\Windows\System\PRhGBNE.exe
  2⤵
  PID:6392
- C:\Windows\System\fknLdYi.exe
  C:\Windows\System\fknLdYi.exe
  2⤵
  PID:6228
- C:\Windows\System\BZByeqo.exe
  C:\Windows\System\BZByeqo.exe
  2⤵
  PID:1556
- C:\Windows\System\fjqxZdO.exe
  C:\Windows\System\fjqxZdO.exe
  2⤵
  PID:6328
- C:\Windows\System\vkiojfZ.exe
  C:\Windows\System\vkiojfZ.exe
  2⤵
  PID:2768
- C:\Windows\System\trttuCo.exe
  C:\Windows\System\trttuCo.exe
  2⤵
  PID:6544
- C:\Windows\System\mydkQvz.exe
  C:\Windows\System\mydkQvz.exe
  2⤵
  PID:6728
- C:\Windows\System\yvnxotl.exe
  C:\Windows\System\yvnxotl.exe
  2⤵
  PID:6808
- C:\Windows\System\jKraDud.exe
  C:\Windows\System\jKraDud.exe
  2⤵
  PID:1716
- C:\Windows\System\qOjKHFB.exe
  C:\Windows\System\qOjKHFB.exe
  2⤵
  PID:6948
- C:\Windows\System\JjzNWKK.exe
  C:\Windows\System\JjzNWKK.exe
  2⤵
  PID:6612
- C:\Windows\System\yaSqUTj.exe
  C:\Windows\System\yaSqUTj.exe
  2⤵
  PID:1612
- C:\Windows\System\JKrAbPE.exe
  C:\Windows\System\JKrAbPE.exe
  2⤵
  PID:6872
- C:\Windows\System\eosBUkk.exe
  C:\Windows\System\eosBUkk.exe
  2⤵
  PID:6924
- C:\Windows\System\AZOKQTL.exe
  C:\Windows\System\AZOKQTL.exe
  2⤵
  PID:6444
- C:\Windows\System\lsiZako.exe
  C:\Windows\System\lsiZako.exe
  2⤵
  PID:2940
- C:\Windows\System\MFkFDBB.exe
  C:\Windows\System\MFkFDBB.exe
  2⤵
  PID:2296
- C:\Windows\System\baxLFHX.exe
  C:\Windows\System\baxLFHX.exe
  2⤵
  PID:6628
- C:\Windows\System\TLWctdh.exe
  C:\Windows\System\TLWctdh.exe
  2⤵
  PID:6972
- C:\Windows\System\jGuFHja.exe
  C:\Windows\System\jGuFHja.exe
  2⤵
  PID:1148
- C:\Windows\System\OdblNor.exe
  C:\Windows\System\OdblNor.exe
  2⤵
  PID:1704
- C:\Windows\System\vRYvNwA.exe
  C:\Windows\System\vRYvNwA.exe
  2⤵
  PID:7164
- C:\Windows\System\VDyetIA.exe
  C:\Windows\System\VDyetIA.exe
  2⤵
  PID:6332
- C:\Windows\System\NMaUzpV.exe
  C:\Windows\System\NMaUzpV.exe
  2⤵
  PID:1976
- C:\Windows\System\fuPuWMI.exe
  C:\Windows\System\fuPuWMI.exe
  2⤵
  PID:2872
- C:\Windows\System\xmPedmd.exe
  C:\Windows\System\xmPedmd.exe
  2⤵
  PID:6248
- C:\Windows\System\eNYLnUa.exe
  C:\Windows\System\eNYLnUa.exe
  2⤵
  PID:1036
- C:\Windows\System\dpqbtHy.exe
  C:\Windows\System\dpqbtHy.exe
  2⤵
  PID:1876
- C:\Windows\System\nNoEpwG.exe
  C:\Windows\System\nNoEpwG.exe
  2⤵
  PID:2620
- C:\Windows\System\NfHxvQy.exe
  C:\Windows\System\NfHxvQy.exe
  2⤵
  PID:6604
- C:\Windows\System\toAIuBo.exe
  C:\Windows\System\toAIuBo.exe
  2⤵
  PID:6908
- C:\Windows\System\vMlstEC.exe
  C:\Windows\System\vMlstEC.exe
  2⤵
  PID:6784
- C:\Windows\System\fKakZRg.exe
  C:\Windows\System\fKakZRg.exe
  2⤵
  PID:2964
- C:\Windows\System\borhZgo.exe
  C:\Windows\System\borhZgo.exe
  2⤵
  PID:6608
- C:\Windows\System\FmjWnwo.exe
  C:\Windows\System\FmjWnwo.exe
  2⤵
  PID:6928
- C:\Windows\System\ZhfPBOk.exe
  C:\Windows\System\ZhfPBOk.exe
  2⤵
  PID:6744
- C:\Windows\System\nDvaFSW.exe
  C:\Windows\System\nDvaFSW.exe
  2⤵
  PID:916
- C:\Windows\System\DmmwvTU.exe
  C:\Windows\System\DmmwvTU.exe
  2⤵
  PID:7144
- C:\Windows\System\BeALfhH.exe
  C:\Windows\System\BeALfhH.exe
  2⤵
  PID:6568
- C:\Windows\System\flCyXpF.exe
  C:\Windows\System\flCyXpF.exe
  2⤵
  PID:7032
- C:\Windows\System\VGsPmrE.exe
  C:\Windows\System\VGsPmrE.exe
  2⤵
  PID:6364
- C:\Windows\System\EPgmDBC.exe
  C:\Windows\System\EPgmDBC.exe
  2⤵
  PID:6032
- C:\Windows\System\lVvkOuM.exe
  C:\Windows\System\lVvkOuM.exe
  2⤵
  PID:7108
- C:\Windows\System\rAavUAW.exe
  C:\Windows\System\rAavUAW.exe
  2⤵
  PID:6952
- C:\Windows\System\lJisQnX.exe
  C:\Windows\System\lJisQnX.exe
  2⤵
  PID:716
- C:\Windows\System\eAPODbz.exe
  C:\Windows\System\eAPODbz.exe
  2⤵
  PID:6864
- C:\Windows\System\oGrPFFG.exe
  C:\Windows\System\oGrPFFG.exe
  2⤵
  PID:6244
- C:\Windows\System\aRhHWzx.exe
  C:\Windows\System\aRhHWzx.exe
  2⤵
  PID:6812
- C:\Windows\System\GXxTKAa.exe
  C:\Windows\System\GXxTKAa.exe
  2⤵
  PID:6588
- C:\Windows\System\taKHChy.exe
  C:\Windows\System\taKHChy.exe
  2⤵
  PID:6184
- C:\Windows\System\TYqUWxH.exe
  C:\Windows\System\TYqUWxH.exe
  2⤵
  PID:7012
- C:\Windows\System\RFioktf.exe
  C:\Windows\System\RFioktf.exe
  2⤵
  PID:6484
- C:\Windows\System\dZQfsSm.exe
  C:\Windows\System\dZQfsSm.exe
  2⤵
  PID:6668
- C:\Windows\System\DMJjMrJ.exe
  C:\Windows\System\DMJjMrJ.exe
  2⤵
  PID:5388
- C:\Windows\System\ntvOCyR.exe
  C:\Windows\System\ntvOCyR.exe
  2⤵
  PID:6168
- C:\Windows\System\ufWVrfL.exe
  C:\Windows\System\ufWVrfL.exe
  2⤵
  PID:7048
- C:\Windows\System\DJFWZgx.exe
  C:\Windows\System\DJFWZgx.exe
  2⤵
  PID:7024
- C:\Windows\System\togdKhD.exe
  C:\Windows\System\togdKhD.exe
  2⤵
  PID:6688
- C:\Windows\System\FMlNKfK.exe
  C:\Windows\System\FMlNKfK.exe
  2⤵
  PID:6888
- C:\Windows\System\PWHwRYM.exe
  C:\Windows\System\PWHwRYM.exe
  2⤵
  PID:2128
- C:\Windows\System\sYlNWrh.exe
  C:\Windows\System\sYlNWrh.exe
  2⤵
  PID:7180
- C:\Windows\System\hHkumhH.exe
  C:\Windows\System\hHkumhH.exe
  2⤵
  PID:7196
- C:\Windows\System\myOVDrM.exe
  C:\Windows\System\myOVDrM.exe
  2⤵
  PID:7212
- C:\Windows\System\wchIpjy.exe
  C:\Windows\System\wchIpjy.exe
  2⤵
  PID:7228
- C:\Windows\System\vGTLqJo.exe
  C:\Windows\System\vGTLqJo.exe
  2⤵
  PID:7244
- C:\Windows\System\hjTSiST.exe
  C:\Windows\System\hjTSiST.exe
  2⤵
  PID:7260
- C:\Windows\System\QtzlyEc.exe
  C:\Windows\System\QtzlyEc.exe
  2⤵
  PID:7276
- C:\Windows\System\nXvqeZe.exe
  C:\Windows\System\nXvqeZe.exe
  2⤵
  PID:7292
- C:\Windows\System\VgUSqvy.exe
  C:\Windows\System\VgUSqvy.exe
  2⤵
  PID:7308
- C:\Windows\System\xtevzot.exe
  C:\Windows\System\xtevzot.exe
  2⤵
  PID:7324
- C:\Windows\System\KEiCdRP.exe
  C:\Windows\System\KEiCdRP.exe
  2⤵
  PID:7340
- C:\Windows\System\QoIJTBv.exe
  C:\Windows\System\QoIJTBv.exe
  2⤵
  PID:7356
- C:\Windows\System\TCHCvOw.exe
  C:\Windows\System\TCHCvOw.exe
  2⤵
  PID:7372
- C:\Windows\System\UdJAznY.exe
  C:\Windows\System\UdJAznY.exe
  2⤵
  PID:7388
- C:\Windows\System\WsTbHgo.exe
  C:\Windows\System\WsTbHgo.exe
  2⤵
  PID:7404
- C:\Windows\System\okZKOfX.exe
  C:\Windows\System\okZKOfX.exe
  2⤵
  PID:7420
- C:\Windows\System\siakitn.exe
  C:\Windows\System\siakitn.exe
  2⤵
  PID:7436
- C:\Windows\System\uewGgZi.exe
  C:\Windows\System\uewGgZi.exe
  2⤵
  PID:7452
- C:\Windows\System\BdoqFZS.exe
  C:\Windows\System\BdoqFZS.exe
  2⤵
  PID:7468
- C:\Windows\System\RAIWbMo.exe
  C:\Windows\System\RAIWbMo.exe
  2⤵
  PID:7484
- C:\Windows\System\EvBklCt.exe
  C:\Windows\System\EvBklCt.exe
  2⤵
  PID:7500
- C:\Windows\System\GmxxmMa.exe
  C:\Windows\System\GmxxmMa.exe
  2⤵
  PID:7516
- C:\Windows\System\sBRNudf.exe
  C:\Windows\System\sBRNudf.exe
  2⤵
  PID:7532
- C:\Windows\System\QcKmjdv.exe
  C:\Windows\System\QcKmjdv.exe
  2⤵
  PID:7548
- C:\Windows\System\HbACNQl.exe
  C:\Windows\System\HbACNQl.exe
  2⤵
  PID:7564
- C:\Windows\System\SFPhoRN.exe
  C:\Windows\System\SFPhoRN.exe
  2⤵
  PID:7580
- C:\Windows\System\BzGLlxu.exe
  C:\Windows\System\BzGLlxu.exe
  2⤵
  PID:7596
- C:\Windows\System\ZjzOonK.exe
  C:\Windows\System\ZjzOonK.exe
  2⤵
  PID:7612
- C:\Windows\System\EXfttDg.exe
  C:\Windows\System\EXfttDg.exe
  2⤵
  PID:7628
- C:\Windows\System\LqfJkRc.exe
  C:\Windows\System\LqfJkRc.exe
  2⤵
  PID:7644
- C:\Windows\System\JXECEaD.exe
  C:\Windows\System\JXECEaD.exe
  2⤵
  PID:7660
- C:\Windows\System\RiZWTOp.exe
  C:\Windows\System\RiZWTOp.exe
  2⤵
  PID:7676
- C:\Windows\System\rEuIkzu.exe
  C:\Windows\System\rEuIkzu.exe
  2⤵
  PID:7692
- C:\Windows\System\LnkBFuX.exe
  C:\Windows\System\LnkBFuX.exe
  2⤵
  PID:7708
- C:\Windows\System\lhpjpJk.exe
  C:\Windows\System\lhpjpJk.exe
  2⤵
  PID:7724
- C:\Windows\System\eukBTei.exe
  C:\Windows\System\eukBTei.exe
  2⤵
  PID:7740
- C:\Windows\System\NGyjYer.exe
  C:\Windows\System\NGyjYer.exe
  2⤵
  PID:7756
- C:\Windows\System\Nwwcnoq.exe
  C:\Windows\System\Nwwcnoq.exe
  2⤵
  PID:7772
- C:\Windows\System\LXxzaMc.exe
  C:\Windows\System\LXxzaMc.exe
  2⤵
  PID:7792
- C:\Windows\System\EakkWVV.exe
  C:\Windows\System\EakkWVV.exe
  2⤵
  PID:7808
- C:\Windows\System\xuzMFWR.exe
  C:\Windows\System\xuzMFWR.exe
  2⤵
  PID:7824
- C:\Windows\System\LjAXCxz.exe
  C:\Windows\System\LjAXCxz.exe
  2⤵
  PID:7840
- C:\Windows\System\BtZJMRB.exe
  C:\Windows\System\BtZJMRB.exe
  2⤵
  PID:7856
- C:\Windows\System\rDOObFr.exe
  C:\Windows\System\rDOObFr.exe
  2⤵
  PID:7872
- C:\Windows\System\xvVTrGM.exe
  C:\Windows\System\xvVTrGM.exe
  2⤵
  PID:7888
- C:\Windows\System\suUVSvE.exe
  C:\Windows\System\suUVSvE.exe
  2⤵
  PID:7904
- C:\Windows\System\zMArFnc.exe
  C:\Windows\System\zMArFnc.exe
  2⤵
  PID:7920
- C:\Windows\System\qlYYgka.exe
  C:\Windows\System\qlYYgka.exe
  2⤵
  PID:7936
- C:\Windows\System\SVkvbHy.exe
  C:\Windows\System\SVkvbHy.exe
  2⤵
  PID:7952
- C:\Windows\System\AvDmDON.exe
  C:\Windows\System\AvDmDON.exe
  2⤵
  PID:7968
- C:\Windows\System\aiEBFoU.exe
  C:\Windows\System\aiEBFoU.exe
  2⤵
  PID:7984
- C:\Windows\System\WPzNNLP.exe
  C:\Windows\System\WPzNNLP.exe
  2⤵
  PID:8000
- C:\Windows\System\rtkAEBG.exe
  C:\Windows\System\rtkAEBG.exe
  2⤵
  PID:8016
- C:\Windows\System\QDCGzQi.exe
  C:\Windows\System\QDCGzQi.exe
  2⤵
  PID:8032
- C:\Windows\System\PKsziXK.exe
  C:\Windows\System\PKsziXK.exe
  2⤵
  PID:8048
- C:\Windows\System\AEFgtVC.exe
  C:\Windows\System\AEFgtVC.exe
  2⤵
  PID:8064
- C:\Windows\System\qpShSBd.exe
  C:\Windows\System\qpShSBd.exe
  2⤵
  PID:8080
- C:\Windows\System\vDNqFAw.exe
  C:\Windows\System\vDNqFAw.exe
  2⤵
  PID:8096
- C:\Windows\System\faPTXJz.exe
  C:\Windows\System\faPTXJz.exe
  2⤵
  PID:8112
- C:\Windows\System\wdufXFk.exe
  C:\Windows\System\wdufXFk.exe
  2⤵
  PID:8128
- C:\Windows\System\UUNEqta.exe
  C:\Windows\System\UUNEqta.exe
  2⤵
  PID:8144
- C:\Windows\System\QouGLFt.exe
  C:\Windows\System\QouGLFt.exe
  2⤵
  PID:8164
- C:\Windows\System\tghVQhl.exe
  C:\Windows\System\tghVQhl.exe
  2⤵
  PID:8180
- C:\Windows\System\kZFFuYC.exe
  C:\Windows\System\kZFFuYC.exe
  2⤵
  PID:6852
- C:\Windows\System\qgOcgTV.exe
  C:\Windows\System\qgOcgTV.exe
  2⤵
  PID:7176
- C:\Windows\System\irIsDlo.exe
  C:\Windows\System\irIsDlo.exe
  2⤵
  PID:7204
- C:\Windows\System\zeBOoDX.exe
  C:\Windows\System\zeBOoDX.exe
  2⤵
  PID:7288
- C:\Windows\System\kohmZtQ.exe
  C:\Windows\System\kohmZtQ.exe
  2⤵
  PID:7348
- C:\Windows\System\ayykTmK.exe
  C:\Windows\System\ayykTmK.exe
  2⤵
  PID:7508
- C:\Windows\System\ncFukKb.exe
  C:\Windows\System\ncFukKb.exe
  2⤵
  PID:7416
- C:\Windows\System\JuYNluo.exe
  C:\Windows\System\JuYNluo.exe
  2⤵
  PID:7540
- C:\Windows\System\hdnbguY.exe
  C:\Windows\System\hdnbguY.exe
  2⤵
  PID:7396
- C:\Windows\System\QptBszA.exe
  C:\Windows\System\QptBszA.exe
  2⤵
  PID:7460
- C:\Windows\System\iUxLYlH.exe
  C:\Windows\System\iUxLYlH.exe
  2⤵
  PID:7524
- C:\Windows\System\ldPgMoZ.exe
  C:\Windows\System\ldPgMoZ.exe
  2⤵
  PID:7272
- C:\Windows\System\zirnWzt.exe
  C:\Windows\System\zirnWzt.exe
  2⤵
  PID:7332
- C:\Windows\System\TgclZnh.exe
  C:\Windows\System\TgclZnh.exe
  2⤵
  PID:7588
- C:\Windows\System\Zoetwpq.exe
  C:\Windows\System\Zoetwpq.exe
  2⤵
  PID:7652
- C:\Windows\System\dyFCYEj.exe
  C:\Windows\System\dyFCYEj.exe
  2⤵
  PID:7604
- C:\Windows\System\VQVxVLG.exe
  C:\Windows\System\VQVxVLG.exe
  2⤵
  PID:7608
- C:\Windows\System\cjYKdTm.exe
  C:\Windows\System\cjYKdTm.exe
  2⤵
  PID:7672
- C:\Windows\System\jSbNoxM.exe
  C:\Windows\System\jSbNoxM.exe
  2⤵
  PID:7764
- C:\Windows\System\wQzHTxs.exe
  C:\Windows\System\wQzHTxs.exe
  2⤵
  PID:7748
- C:\Windows\System\OEktnzY.exe
  C:\Windows\System\OEktnzY.exe
  2⤵
  PID:7800
- C:\Windows\System\jkOrFrE.exe
  C:\Windows\System\jkOrFrE.exe
  2⤵
  PID:7832
- C:\Windows\System\VpJEnxC.exe
  C:\Windows\System\VpJEnxC.exe
  2⤵
  PID:7896
- C:\Windows\System\CPiYRAG.exe
  C:\Windows\System\CPiYRAG.exe
  2⤵
  PID:7916
- C:\Windows\System\rodhoEP.exe
  C:\Windows\System\rodhoEP.exe
  2⤵
  PID:7884
- C:\Windows\System\iDWhJWq.exe
  C:\Windows\System\iDWhJWq.exe
  2⤵
  PID:8028
- C:\Windows\System\bGMRaIe.exe
  C:\Windows\System\bGMRaIe.exe
  2⤵
  PID:7996
- C:\Windows\System\lFmwGOq.exe
  C:\Windows\System\lFmwGOq.exe
  2⤵
  PID:8088
- C:\Windows\System\eSDjnXL.exe
  C:\Windows\System\eSDjnXL.exe
  2⤵
  PID:8152
- C:\Windows\System\dvOvyiv.exe
  C:\Windows\System\dvOvyiv.exe
  2⤵
  PID:8008
- C:\Windows\System\cZKIjgq.exe
  C:\Windows\System\cZKIjgq.exe
  2⤵
  PID:8160
- C:\Windows\System\tRNgYjg.exe
  C:\Windows\System\tRNgYjg.exe
  2⤵
  PID:8108
- C:\Windows\System\ngxZPee.exe
  C:\Windows\System\ngxZPee.exe
  2⤵
  PID:6384
- C:\Windows\System\bUmKBce.exe
  C:\Windows\System\bUmKBce.exe
  2⤵
  PID:8172
- C:\Windows\System\anvOdon.exe
  C:\Windows\System\anvOdon.exe
  2⤵
  PID:2592
- C:\Windows\System\lwuipWe.exe
  C:\Windows\System\lwuipWe.exe
  2⤵
  PID:7352
- C:\Windows\System\OZdzBMC.exe
  C:\Windows\System\OZdzBMC.exe
  2⤵
  PID:7544
- C:\Windows\System\dGbxMqs.exe
  C:\Windows\System\dGbxMqs.exe
  2⤵
  PID:7284
- C:\Windows\System\zGFzOaS.exe
  C:\Windows\System\zGFzOaS.exe
  2⤵
  PID:7624
- C:\Windows\System\GQkmtyQ.exe
  C:\Windows\System\GQkmtyQ.exe
  2⤵
  PID:7736
- C:\Windows\System\WqUtgYz.exe
  C:\Windows\System\WqUtgYz.exe
  2⤵
  PID:7236
- C:\Windows\System\hFsAVJp.exe
  C:\Windows\System\hFsAVJp.exe
  2⤵
  PID:7668
- C:\Windows\System\ZgNcAtH.exe
  C:\Windows\System\ZgNcAtH.exe
  2⤵
  PID:7268
- C:\Windows\System\LUKjPzE.exe
  C:\Windows\System\LUKjPzE.exe
  2⤵
  PID:7864
- C:\Windows\System\ItoKtRt.exe
  C:\Windows\System\ItoKtRt.exe
  2⤵
  PID:7912
- C:\Windows\System\xSGOVhS.exe
  C:\Windows\System\xSGOVhS.exe
  2⤵
  PID:7948
- C:\Windows\System\XTQMSuB.exe
  C:\Windows\System\XTQMSuB.exe
  2⤵
  PID:8120
- C:\Windows\System\mEjsbzl.exe
  C:\Windows\System\mEjsbzl.exe
  2⤵
  PID:8060
- C:\Windows\System\IhFBadT.exe
  C:\Windows\System\IhFBadT.exe
  2⤵
  PID:8076
- C:\Windows\System\pKxwBZC.exe
  C:\Windows\System\pKxwBZC.exe
  2⤵
  PID:7976
- C:\Windows\System\AOYkuzG.exe
  C:\Windows\System\AOYkuzG.exe
  2⤵
  PID:7492
- C:\Windows\System\PIlHtMJ.exe
  C:\Windows\System\PIlHtMJ.exe
  2⤵
  PID:7364
- C:\Windows\System\cOksmZh.exe
  C:\Windows\System\cOksmZh.exe
  2⤵
  PID:7636
- C:\Windows\System\EBPwWDL.exe
  C:\Windows\System\EBPwWDL.exe
  2⤵
  PID:7700
- C:\Windows\System\ajugSLM.exe
  C:\Windows\System\ajugSLM.exe
  2⤵
  PID:7848
- C:\Windows\System\gEkBxXh.exe
  C:\Windows\System\gEkBxXh.exe
  2⤵
  PID:8056
- C:\Windows\System\HOtfHvu.exe
  C:\Windows\System\HOtfHvu.exe
  2⤵
  PID:7412
- C:\Windows\System\NbVFPyY.exe
  C:\Windows\System\NbVFPyY.exe
  2⤵
  PID:7172
- C:\Windows\System\srfmwLs.exe
  C:\Windows\System\srfmwLs.exe
  2⤵
  PID:7684
- C:\Windows\System\LZnndAs.exe
  C:\Windows\System\LZnndAs.exe
  2⤵
  PID:7620
- C:\Windows\System\UFhyaPd.exe
  C:\Windows\System\UFhyaPd.exe
  2⤵
  PID:5724
- C:\Windows\System\sFYKzmq.exe
  C:\Windows\System\sFYKzmq.exe
  2⤵
  PID:8196
- C:\Windows\System\LyMbhgK.exe
  C:\Windows\System\LyMbhgK.exe
  2⤵
  PID:8212
- C:\Windows\System\JUIvWZA.exe
  C:\Windows\System\JUIvWZA.exe
  2⤵
  PID:8228
- C:\Windows\System\JfnqAEC.exe
  C:\Windows\System\JfnqAEC.exe
  2⤵
  PID:8244
- C:\Windows\System\aklhBuV.exe
  C:\Windows\System\aklhBuV.exe
  2⤵
  PID:8260
- C:\Windows\System\ggKZbrd.exe
  C:\Windows\System\ggKZbrd.exe
  2⤵
  PID:8276
- C:\Windows\System\AVMCHkc.exe
  C:\Windows\System\AVMCHkc.exe
  2⤵
  PID:8292
- C:\Windows\System\BAIRwWS.exe
  C:\Windows\System\BAIRwWS.exe
  2⤵
  PID:8308
- C:\Windows\System\wtdcWTG.exe
  C:\Windows\System\wtdcWTG.exe
  2⤵
  PID:8324
- C:\Windows\System\wQypkNU.exe
  C:\Windows\System\wQypkNU.exe
  2⤵
  PID:8340
- C:\Windows\System\Wcifbhg.exe
  C:\Windows\System\Wcifbhg.exe
  2⤵
  PID:8356
- C:\Windows\System\HToQTvw.exe
  C:\Windows\System\HToQTvw.exe
  2⤵
  PID:8372
- C:\Windows\System\YicZqhl.exe
  C:\Windows\System\YicZqhl.exe
  2⤵
  PID:8388
- C:\Windows\System\csHRbxM.exe
  C:\Windows\System\csHRbxM.exe
  2⤵
  PID:8404
- C:\Windows\System\zBZunci.exe
  C:\Windows\System\zBZunci.exe
  2⤵
  PID:8420
- C:\Windows\System\PBcvwQH.exe
  C:\Windows\System\PBcvwQH.exe
  2⤵
  PID:8436
- C:\Windows\System\eJZEvgA.exe
  C:\Windows\System\eJZEvgA.exe
  2⤵
  PID:8456
- C:\Windows\System\OEkuPMt.exe
  C:\Windows\System\OEkuPMt.exe
  2⤵
  PID:8472
- C:\Windows\System\NUhcLHK.exe
  C:\Windows\System\NUhcLHK.exe
  2⤵
  PID:8488
- C:\Windows\System\tPtXitG.exe
  C:\Windows\System\tPtXitG.exe
  2⤵
  PID:8504
- C:\Windows\System\NQfVjTN.exe
  C:\Windows\System\NQfVjTN.exe
  2⤵
  PID:8520
- C:\Windows\System\dKrOTHB.exe
  C:\Windows\System\dKrOTHB.exe
  2⤵
  PID:8536
- C:\Windows\System\XRbzrdf.exe
  C:\Windows\System\XRbzrdf.exe
  2⤵
  PID:8552
- C:\Windows\System\chuOyUk.exe
  C:\Windows\System\chuOyUk.exe
  2⤵
  PID:8568
- C:\Windows\System\NLPpqSg.exe
  C:\Windows\System\NLPpqSg.exe
  2⤵
  PID:8584
- C:\Windows\System\nuJqybV.exe
  C:\Windows\System\nuJqybV.exe
  2⤵
  PID:8600
- C:\Windows\System\GWpQgWu.exe
  C:\Windows\System\GWpQgWu.exe
  2⤵
  PID:8616
- C:\Windows\System\ybpFyQU.exe
  C:\Windows\System\ybpFyQU.exe
  2⤵
  PID:8632
- C:\Windows\System\pSSZkeE.exe
  C:\Windows\System\pSSZkeE.exe
  2⤵
  PID:8648
- C:\Windows\System\kwLOczQ.exe
  C:\Windows\System\kwLOczQ.exe
  2⤵
  PID:8664
- C:\Windows\System\smCopUY.exe
  C:\Windows\System\smCopUY.exe
  2⤵
  PID:8684
- C:\Windows\System\JqgFiRM.exe
  C:\Windows\System\JqgFiRM.exe
  2⤵
  PID:8700
- C:\Windows\System\ZuGBcNP.exe
  C:\Windows\System\ZuGBcNP.exe
  2⤵
  PID:8716
- C:\Windows\System\ZeCXQxm.exe
  C:\Windows\System\ZeCXQxm.exe
  2⤵
  PID:8740
- C:\Windows\System\inFabHZ.exe
  C:\Windows\System\inFabHZ.exe
  2⤵
  PID:8756
- C:\Windows\System\xutUDWZ.exe
  C:\Windows\System\xutUDWZ.exe
  2⤵
  PID:8776
- C:\Windows\System\NwoCWwa.exe
  C:\Windows\System\NwoCWwa.exe
  2⤵
  PID:8792
- C:\Windows\System\fNYRFsU.exe
  C:\Windows\System\fNYRFsU.exe
  2⤵
  PID:8812
- C:\Windows\System\rGfUHrG.exe
  C:\Windows\System\rGfUHrG.exe
  2⤵
  PID:8828
- C:\Windows\System\zARfqYz.exe
  C:\Windows\System\zARfqYz.exe
  2⤵
  PID:8844
- C:\Windows\System\hgFjZwz.exe
  C:\Windows\System\hgFjZwz.exe
  2⤵
  PID:8860
- C:\Windows\System\rDmCGkZ.exe
  C:\Windows\System\rDmCGkZ.exe
  2⤵
  PID:8880
- C:\Windows\System\tSGfGTk.exe
  C:\Windows\System\tSGfGTk.exe
  2⤵
  PID:8900
- C:\Windows\System\cAptsUF.exe
  C:\Windows\System\cAptsUF.exe
  2⤵
  PID:8916
- C:\Windows\System\RNYZfeM.exe
  C:\Windows\System\RNYZfeM.exe
  2⤵
  PID:8944
- C:\Windows\System\EGkKhoa.exe
  C:\Windows\System\EGkKhoa.exe
  2⤵
  PID:9056
- C:\Windows\System\hsTsHxC.exe
  C:\Windows\System\hsTsHxC.exe
  2⤵
  PID:9100
- C:\Windows\System\fIkNyfn.exe
  C:\Windows\System\fIkNyfn.exe
  2⤵
  PID:9192
- C:\Windows\System\HcPBIJS.exe
  C:\Windows\System\HcPBIJS.exe
  2⤵
  PID:9208
- C:\Windows\System\VzEqLRT.exe
  C:\Windows\System\VzEqLRT.exe
  2⤵
  PID:8040
- C:\Windows\System\qNcKExy.exe
  C:\Windows\System\qNcKExy.exe
  2⤵
  PID:8284
- C:\Windows\System\qnjVtbX.exe
  C:\Windows\System\qnjVtbX.exe
  2⤵
  PID:8136
- C:\Windows\System\FgnmSrx.exe
  C:\Windows\System\FgnmSrx.exe
  2⤵
  PID:8300
- C:\Windows\System\xPwzpiQ.exe
  C:\Windows\System\xPwzpiQ.exe
  2⤵
  PID:7992
- C:\Windows\System\wZrxzIP.exe
  C:\Windows\System\wZrxzIP.exe
  2⤵
  PID:8348
- C:\Windows\System\eFLCLRX.exe
  C:\Windows\System\eFLCLRX.exe
  2⤵
  PID:8396
- C:\Windows\System\zsCYmGD.exe
  C:\Windows\System\zsCYmGD.exe
  2⤵
  PID:8464
- C:\Windows\System\PGGpVvw.exe
  C:\Windows\System\PGGpVvw.exe
  2⤵
  PID:8496
- C:\Windows\System\CcakHFg.exe
  C:\Windows\System\CcakHFg.exe
  2⤵
  PID:8560
- C:\Windows\System\xSxayhF.exe
  C:\Windows\System\xSxayhF.exe
  2⤵
  PID:8624
- C:\Windows\System\tximQik.exe
  C:\Windows\System\tximQik.exe
  2⤵
  PID:8448
- C:\Windows\System\XrccXAL.exe
  C:\Windows\System\XrccXAL.exe
  2⤵
  PID:8516
- C:\Windows\System\pIEvsow.exe
  C:\Windows\System\pIEvsow.exe
  2⤵
  PID:8580
- C:\Windows\System\NdZPQaO.exe
  C:\Windows\System\NdZPQaO.exe
  2⤵
  PID:8660
- C:\Windows\System\TBcshEE.exe
  C:\Windows\System\TBcshEE.exe
  2⤵
  PID:8480
- C:\Windows\System\JrSswxx.exe
  C:\Windows\System\JrSswxx.exe
  2⤵
  PID:8708
- C:\Windows\System\btQiTwv.exe
  C:\Windows\System\btQiTwv.exe
  2⤵
  PID:8728
- C:\Windows\System\ksxmIJE.exe
  C:\Windows\System\ksxmIJE.exe
  2⤵
  PID:8748
- C:\Windows\System\eBGDyPC.exe
  C:\Windows\System\eBGDyPC.exe
  2⤵
  PID:8800
- C:\Windows\System\fFiWCsa.exe
  C:\Windows\System\fFiWCsa.exe
  2⤵
  PID:8808
- C:\Windows\System\kPkyLeD.exe
  C:\Windows\System\kPkyLeD.exe
  2⤵
  PID:8840
- C:\Windows\System\CmsWaho.exe
  C:\Windows\System\CmsWaho.exe
  2⤵
  PID:8872
- C:\Windows\System\pvNoOZU.exe
  C:\Windows\System\pvNoOZU.exe
  2⤵
  PID:8888
- C:\Windows\System\QSvDpOI.exe
  C:\Windows\System\QSvDpOI.exe
  2⤵
  PID:8928
- C:\Windows\System\IaHKAEs.exe
  C:\Windows\System\IaHKAEs.exe
  2⤵
  PID:8952
- C:\Windows\System\UHlYPtu.exe
  C:\Windows\System\UHlYPtu.exe
  2⤵
  PID:8964
- C:\Windows\System\xtloKtn.exe
  C:\Windows\System\xtloKtn.exe
  2⤵
  PID:8984
- C:\Windows\System\AAXAivS.exe
  C:\Windows\System\AAXAivS.exe
  2⤵
  PID:9000
- C:\Windows\System\cjGjfUY.exe
  C:\Windows\System\cjGjfUY.exe
  2⤵
  PID:9016
- C:\Windows\System\wkLQpnh.exe
  C:\Windows\System\wkLQpnh.exe
  2⤵
  PID:9036
- C:\Windows\System\UcanHeR.exe
  C:\Windows\System\UcanHeR.exe
  2⤵
  PID:9024
- C:\Windows\System\iEOaKIL.exe
  C:\Windows\System\iEOaKIL.exe
  2⤵
  PID:9072
- C:\Windows\System\RjffaIx.exe
  C:\Windows\System\RjffaIx.exe
  2⤵
  PID:9088
- C:\Windows\System\gAlajXN.exe
  C:\Windows\System\gAlajXN.exe
  2⤵
  PID:9116
- C:\Windows\System\AShWcGV.exe
  C:\Windows\System\AShWcGV.exe
  2⤵
  PID:9132
- C:\Windows\System\UOmcQIz.exe
  C:\Windows\System\UOmcQIz.exe
  2⤵
  PID:9148
- C:\Windows\System\dOKzjJl.exe
  C:\Windows\System\dOKzjJl.exe
  2⤵
  PID:9160
- C:\Windows\System\TqCUkct.exe
  C:\Windows\System\TqCUkct.exe
  2⤵
  PID:9172
- C:\Windows\System\KtYTZFX.exe
  C:\Windows\System\KtYTZFX.exe
  2⤵
  PID:7820
- C:\Windows\System\PTCfeFP.exe
  C:\Windows\System\PTCfeFP.exe
  2⤵
  PID:8236
- C:\Windows\System\PhqWSWB.exe
  C:\Windows\System\PhqWSWB.exe
  2⤵
  PID:8912
- C:\Windows\System\vwlApgE.exe
  C:\Windows\System\vwlApgE.exe
  2⤵
  PID:8316
- C:\Windows\System\NrJTCGt.exe
  C:\Windows\System\NrJTCGt.exe
  2⤵
  PID:9084
- C:\Windows\System\PvFcIcC.exe
  C:\Windows\System\PvFcIcC.exe
  2⤵
  PID:7320
- C:\Windows\System\aanEFOA.exe
  C:\Windows\System\aanEFOA.exe
  2⤵
  PID:8320
- C:\Windows\System\oOgwUGt.exe
  C:\Windows\System\oOgwUGt.exe
  2⤵
  PID:8612
- C:\Windows\System\DfybXli.exe
  C:\Windows\System\DfybXli.exe
  2⤵
  PID:8548
- C:\Windows\System\knXNaZo.exe
  C:\Windows\System\knXNaZo.exe
  2⤵
  PID:8804
- C:\Windows\System\giijSRO.exe
  C:\Windows\System\giijSRO.exe
  2⤵
  PID:8896
- C:\Windows\System\OutelLu.exe
  C:\Windows\System\OutelLu.exe
  2⤵
  PID:8992
- C:\Windows\System\YmcHlqr.exe
  C:\Windows\System\YmcHlqr.exe
  2⤵
  PID:9008
- C:\Windows\System\QijNHKV.exe
  C:\Windows\System\QijNHKV.exe
  2⤵
  PID:9032
- C:\Windows\System\ZzhtNVM.exe
  C:\Windows\System\ZzhtNVM.exe
  2⤵
  PID:8936
- C:\Windows\System\aHiZaPf.exe
  C:\Windows\System\aHiZaPf.exe
  2⤵
  PID:9156
- C:\Windows\System\Aladkqh.exe
  C:\Windows\System\Aladkqh.exe
  2⤵
  PID:9204
- C:\Windows\System\PTsYUCp.exe
  C:\Windows\System\PTsYUCp.exe
  2⤵
  PID:8272
- C:\Windows\System\yxRVLvs.exe
  C:\Windows\System\yxRVLvs.exe
  2⤵
  PID:8208
- C:\Windows\System\wemtpsM.exe
  C:\Windows\System\wemtpsM.exe
  2⤵
  PID:8364
- C:\Windows\System\jVGJtSQ.exe
  C:\Windows\System\jVGJtSQ.exe
  2⤵
  PID:8576
- C:\Windows\System\MlAaBOe.exe
  C:\Windows\System\MlAaBOe.exe
  2⤵
  PID:8592
- C:\Windows\System\ZcRVQLe.exe
  C:\Windows\System\ZcRVQLe.exe
  2⤵
  PID:8768
- C:\Windows\System\vQeJToV.exe
  C:\Windows\System\vQeJToV.exe
  2⤵
  PID:8924
- C:\Windows\System\FlIXEdR.exe
  C:\Windows\System\FlIXEdR.exe
  2⤵
  PID:9028
- C:\Windows\System\nSEgdlU.exe
  C:\Windows\System\nSEgdlU.exe
  2⤵
  PID:9048
- C:\Windows\System\znvSMmz.exe
  C:\Windows\System\znvSMmz.exe
  2⤵
  PID:8940
- C:\Windows\System\qsSRNZI.exe
  C:\Windows\System\qsSRNZI.exe
  2⤵
  PID:9124
- C:\Windows\System\mWsNTzt.exe
  C:\Windows\System\mWsNTzt.exe
  2⤵
  PID:8532
- C:\Windows\System\PMWoSQG.exe
  C:\Windows\System\PMWoSQG.exe
  2⤵
  PID:8240
- C:\Windows\System\HYsHaBs.exe
  C:\Windows\System\HYsHaBs.exe
  2⤵
  PID:8676
- C:\Windows\System\yBtVeRB.exe
  C:\Windows\System\yBtVeRB.exe
  2⤵
  PID:9112
- C:\Windows\System\ihxELVB.exe
  C:\Windows\System\ihxELVB.exe
  2⤵
  PID:9096
- C:\Windows\System\rETTasC.exe
  C:\Windows\System\rETTasC.exe
  2⤵
  PID:8252
- C:\Windows\System\BHmtQjc.exe
  C:\Windows\System\BHmtQjc.exe
  2⤵
  PID:8204
- C:\Windows\System\jxdNqvy.exe
  C:\Windows\System\jxdNqvy.exe
  2⤵
  PID:8656
- C:\Windows\System\ejKoTNg.exe
  C:\Windows\System\ejKoTNg.exe
  2⤵
  PID:8968
- C:\Windows\System\uUqndIH.exe
  C:\Windows\System\uUqndIH.exe
  2⤵
  PID:8432
- C:\Windows\System\WdQrglF.exe
  C:\Windows\System\WdQrglF.exe
  2⤵
  PID:8680
- C:\Windows\System\ftQhFFX.exe
  C:\Windows\System\ftQhFFX.exe
  2⤵
  PID:9184
- C:\Windows\System\uwkpBKn.exe
  C:\Windows\System\uwkpBKn.exe
  2⤵
  PID:8256
- C:\Windows\System\WOIAZSn.exe
  C:\Windows\System\WOIAZSn.exe
  2⤵
  PID:9236
- C:\Windows\System\VnDfnOa.exe
  C:\Windows\System\VnDfnOa.exe
  2⤵
  PID:9260
- C:\Windows\System\mMnOAGo.exe
  C:\Windows\System\mMnOAGo.exe
  2⤵
  PID:9280
- C:\Windows\System\XmlkNSa.exe
  C:\Windows\System\XmlkNSa.exe
  2⤵
  PID:9296
- C:\Windows\System\DnAaQwn.exe
  C:\Windows\System\DnAaQwn.exe
  2⤵
  PID:9316
- C:\Windows\System\kLbZZcA.exe
  C:\Windows\System\kLbZZcA.exe
  2⤵
  PID:9340
- C:\Windows\System\JEfYUDz.exe
  C:\Windows\System\JEfYUDz.exe
  2⤵
  PID:9360
- C:\Windows\System\efEDbLV.exe
  C:\Windows\System\efEDbLV.exe
  2⤵
  PID:9384
- C:\Windows\System\rbwVfCl.exe
  C:\Windows\System\rbwVfCl.exe
  2⤵
  PID:9408
- C:\Windows\System\oBaAAdQ.exe
  C:\Windows\System\oBaAAdQ.exe
  2⤵
  PID:9428
- C:\Windows\System\gxpsskS.exe
  C:\Windows\System\gxpsskS.exe
  2⤵
  PID:9444
- C:\Windows\System\TjYEZUt.exe
  C:\Windows\System\TjYEZUt.exe
  2⤵
  PID:9464
- C:\Windows\System\QBxZkMg.exe
  C:\Windows\System\QBxZkMg.exe
  2⤵
  PID:9484
- C:\Windows\System\wnYLxdV.exe
  C:\Windows\System\wnYLxdV.exe
  2⤵
  PID:9504
- C:\Windows\System\unYzJxX.exe
  C:\Windows\System\unYzJxX.exe
  2⤵
  PID:9520
- C:\Windows\System\RzjFcZd.exe
  C:\Windows\System\RzjFcZd.exe
  2⤵
  PID:9552
- C:\Windows\System\kiBuXEW.exe
  C:\Windows\System\kiBuXEW.exe
  2⤵
  PID:9568
- C:\Windows\System\LzQjAYM.exe
  C:\Windows\System\LzQjAYM.exe
  2⤵
  PID:9588
- C:\Windows\System\iYdEChR.exe
  C:\Windows\System\iYdEChR.exe
  2⤵
  PID:9604
- C:\Windows\System\rdccUTk.exe
  C:\Windows\System\rdccUTk.exe
  2⤵
  PID:9632
- C:\Windows\System\dfDgNnZ.exe
  C:\Windows\System\dfDgNnZ.exe
  2⤵
  PID:9648
- C:\Windows\System\qIZmAnp.exe
  C:\Windows\System\qIZmAnp.exe
  2⤵
  PID:9664
- C:\Windows\System\vwYgNjR.exe
  C:\Windows\System\vwYgNjR.exe
  2⤵
  PID:9688
- C:\Windows\System\SOVUQUg.exe
  C:\Windows\System\SOVUQUg.exe
  2⤵
  PID:9716
- C:\Windows\System\DVKkXgm.exe
  C:\Windows\System\DVKkXgm.exe
  2⤵
  PID:9736
- C:\Windows\System\NxhtfBE.exe
  C:\Windows\System\NxhtfBE.exe
  2⤵
  PID:9752
- C:\Windows\System\wYxiiBi.exe
  C:\Windows\System\wYxiiBi.exe
  2⤵
  PID:9776
- C:\Windows\System\rHCWrAX.exe
  C:\Windows\System\rHCWrAX.exe
  2⤵
  PID:9792
- C:\Windows\System\DWcZoLb.exe
  C:\Windows\System\DWcZoLb.exe
  2⤵
  PID:9808
- C:\Windows\System\fYoEGNG.exe
  C:\Windows\System\fYoEGNG.exe
  2⤵
  PID:9832
- C:\Windows\System\BLSiZKm.exe
  C:\Windows\System\BLSiZKm.exe
  2⤵
  PID:9848
- C:\Windows\System\FbKEzGT.exe
  C:\Windows\System\FbKEzGT.exe
  2⤵
  PID:9868
- C:\Windows\System\TBDLhHV.exe
  C:\Windows\System\TBDLhHV.exe
  2⤵
  PID:9888
- C:\Windows\System\nKeRnOP.exe
  C:\Windows\System\nKeRnOP.exe
  2⤵
  PID:9920
- C:\Windows\System\hdBwMNx.exe
  C:\Windows\System\hdBwMNx.exe
  2⤵
  PID:9936
- C:\Windows\System\ALOKgvP.exe
  C:\Windows\System\ALOKgvP.exe
  2⤵
  PID:9952
- C:\Windows\System\nZJEVfK.exe
  C:\Windows\System\nZJEVfK.exe
  2⤵
  PID:9972
- C:\Windows\System\hmyCxHY.exe
  C:\Windows\System\hmyCxHY.exe
  2⤵
  PID:9992
- C:\Windows\System\hTWUZoT.exe
  C:\Windows\System\hTWUZoT.exe
  2⤵
  PID:10016
- C:\Windows\System\qAXWvBs.exe
  C:\Windows\System\qAXWvBs.exe
  2⤵
  PID:10036
- C:\Windows\System\NWVKCaA.exe
  C:\Windows\System\NWVKCaA.exe
  2⤵
  PID:10052
- C:\Windows\System\ZcbJOlF.exe
  C:\Windows\System\ZcbJOlF.exe
  2⤵
  PID:10072
- C:\Windows\System\QdHMqlV.exe
  C:\Windows\System\QdHMqlV.exe
  2⤵
  PID:10092
- C:\Windows\System\GGjleJM.exe
  C:\Windows\System\GGjleJM.exe
  2⤵
  PID:10124
- C:\Windows\System\pYLAhqi.exe
  C:\Windows\System\pYLAhqi.exe
  2⤵
  PID:10144
- C:\Windows\System\ZNzxuOL.exe
  C:\Windows\System\ZNzxuOL.exe
  2⤵
  PID:10160
- C:\Windows\System\EEGSbfn.exe
  C:\Windows\System\EEGSbfn.exe
  2⤵
  PID:10176
- C:\Windows\System\xZRVqeF.exe
  C:\Windows\System\xZRVqeF.exe
  2⤵
  PID:10200
- C:\Windows\System\fUgyYGb.exe
  C:\Windows\System\fUgyYGb.exe
  2⤵
  PID:10224
- C:\Windows\System\ypVDMRs.exe
  C:\Windows\System\ypVDMRs.exe
  2⤵
  PID:9220
- C:\Windows\System\WrAVCQw.exe
  C:\Windows\System\WrAVCQw.exe
  2⤵
  PID:9164
- C:\Windows\System\cFKTSis.exe
  C:\Windows\System\cFKTSis.exe
  2⤵
  PID:9268
- C:\Windows\System\Khyffxs.exe
  C:\Windows\System\Khyffxs.exe
  2⤵
  PID:9312
- C:\Windows\System\dWlYaeb.exe
  C:\Windows\System\dWlYaeb.exe
  2⤵
  PID:9356
- C:\Windows\System\WhoZVvs.exe
  C:\Windows\System\WhoZVvs.exe
  2⤵
  PID:9336
- C:\Windows\System\kRVDMZE.exe
  C:\Windows\System\kRVDMZE.exe
  2⤵
  PID:9380
- C:\Windows\System\XYvIbmO.exe
  C:\Windows\System\XYvIbmO.exe
  2⤵
  PID:9416
- C:\Windows\System\pwwbJDL.exe
  C:\Windows\System\pwwbJDL.exe
  2⤵
  PID:9480
- C:\Windows\System\TTtUHHU.exe
  C:\Windows\System\TTtUHHU.exe
  2⤵
  PID:9512
- C:\Windows\System\QvMUmug.exe
  C:\Windows\System\QvMUmug.exe
  2⤵
  PID:9528
- C:\Windows\System\yxqsnfb.exe
  C:\Windows\System\yxqsnfb.exe
  2⤵
  PID:9596
- C:\Windows\System\DwxeBCU.exe
  C:\Windows\System\DwxeBCU.exe
  2⤵
  PID:9616
- C:\Windows\System\OCZFmuM.exe
  C:\Windows\System\OCZFmuM.exe
  2⤵
  PID:9640
- C:\Windows\System\vhRGiil.exe
  C:\Windows\System\vhRGiil.exe
  2⤵
  PID:9672
- C:\Windows\System\CAGnrcO.exe
  C:\Windows\System\CAGnrcO.exe
  2⤵
  PID:9696
- C:\Windows\System\JNQequJ.exe
  C:\Windows\System\JNQequJ.exe
  2⤵
  PID:9732
- C:\Windows\System\AWlKtUS.exe
  C:\Windows\System\AWlKtUS.exe
  2⤵
  PID:9764
- C:\Windows\System\uAKVzlz.exe
  C:\Windows\System\uAKVzlz.exe
  2⤵
  PID:9788
- C:\Windows\System\sCJLCfw.exe
  C:\Windows\System\sCJLCfw.exe
  2⤵
  PID:9816
- C:\Windows\System\ehCITuQ.exe
  C:\Windows\System\ehCITuQ.exe
  2⤵
  PID:9856
- C:\Windows\System\lWEkZYJ.exe
  C:\Windows\System\lWEkZYJ.exe
  2⤵
  PID:9904
- C:\Windows\System\hlwOxin.exe
  C:\Windows\System\hlwOxin.exe
  2⤵
  PID:9932
- C:\Windows\System\NneTuIt.exe
  C:\Windows\System\NneTuIt.exe
  2⤵
  PID:10008
- C:\Windows\System\tFGujtR.exe
  C:\Windows\System\tFGujtR.exe
  2⤵
  PID:9948
- C:\Windows\System\rCLrTIo.exe
  C:\Windows\System\rCLrTIo.exe
  2⤵
  PID:10044
- C:\Windows\System\uXCGAem.exe
  C:\Windows\System\uXCGAem.exe
  2⤵
  PID:10060
- C:\Windows\System\qKtDlUF.exe
  C:\Windows\System\qKtDlUF.exe
  2⤵
  PID:10104
- C:\Windows\System\kOGQLXI.exe
  C:\Windows\System\kOGQLXI.exe
  2⤵
  PID:10136
- C:\Windows\System\WkwLcOR.exe
  C:\Windows\System\WkwLcOR.exe
  2⤵
  PID:10172
- C:\Windows\System\lHQfqlu.exe
  C:\Windows\System\lHQfqlu.exe
  2⤵
  PID:10184
- C:\Windows\System\qTPhVhk.exe
  C:\Windows\System\qTPhVhk.exe
  2⤵
  PID:9232
- C:\Windows\System\CXKJhLL.exe
  C:\Windows\System\CXKJhLL.exe
  2⤵
  PID:9304
- C:\Windows\System\rbpBGsA.exe
  C:\Windows\System\rbpBGsA.exe
  2⤵
  PID:9348
- C:\Windows\System\EcSQbnI.exe
  C:\Windows\System\EcSQbnI.exe
  2⤵
  PID:9404
- C:\Windows\System\qtOVeCD.exe
  C:\Windows\System\qtOVeCD.exe
  2⤵
  PID:9436
- C:\Windows\System\mexhnsv.exe
  C:\Windows\System\mexhnsv.exe
  2⤵
  PID:9460
- C:\Windows\System\ovIZuoK.exe
  C:\Windows\System\ovIZuoK.exe
  2⤵
  PID:9500
- C:\Windows\System\uqjRAoz.exe
  C:\Windows\System\uqjRAoz.exe
  2⤵
  PID:9576
- C:\Windows\System\yLTVeEL.exe
  C:\Windows\System\yLTVeEL.exe
  2⤵
  PID:9612
- C:\Windows\System\nSberug.exe
  C:\Windows\System\nSberug.exe
  2⤵
  PID:9684
- C:\Windows\System\wvlZobq.exe
  C:\Windows\System\wvlZobq.exe
  2⤵
  PID:9744
- C:\Windows\System\pFUzEcp.exe
  C:\Windows\System\pFUzEcp.exe
  2⤵
  PID:9772
- C:\Windows\System\glBrehZ.exe
  C:\Windows\System\glBrehZ.exe
  2⤵
  PID:9880
- C:\Windows\System\vJwzLpr.exe
  C:\Windows\System\vJwzLpr.exe
  2⤵
  PID:9844
- C:\Windows\System\OYdcNsz.exe
  C:\Windows\System\OYdcNsz.exe
  2⤵
  PID:9928
- C:\Windows\System\eVfcxIm.exe
  C:\Windows\System\eVfcxIm.exe
  2⤵
  PID:10000
- C:\Windows\System\EDHMNhr.exe
  C:\Windows\System\EDHMNhr.exe
  2⤵
  PID:10024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BnAiImz.exe

Filesize
6.0MB

MD5
d0ec9cd48b5e7108a29f31a114b43695

SHA1
a5d538ae6de9286552e763ad181f4e034f0da21e

SHA256
6fb8aa917c25cb55f7951c85bc8ca4705a6e4090bb72eaf0fda54940cc6ae304

SHA512
023064dd10f827d793d945e4058f8eecd0f8abedfaf726c2837728c481956e0e69fcb230ce06767b1787a18a6d0668ee82be7d469056b71331f14e385750e731

Download Submit
C:\Windows\system\DKGrrIC.exe

Filesize
6.0MB

MD5
5bf7ca2ba06d39b769a5866e3e22b94a

SHA1
7d0d41fa8a1a08039544537dba6709c150fc3d70

SHA256
9f05f6f8b95300fc6e61b662f79ceb1b10ade20b31dc5fd0e118a623100b0481

SHA512
184ce2772e25faeafaf2dfc513dd21561198e41312922a5068071faf30d58747640a8a78a7d5a60cf9ca4dac23afbc5014c72dfd0a8c5182bf2cae3d99eab505

Download Submit
C:\Windows\system\DkqmeVm.exe

Filesize
6.0MB

MD5
64af4b6bc9f534fae6f171238225773f

SHA1
a59fbd32bac657570e8dc6c53126e678843c4728

SHA256
a43cc771e9685b6863c0018ce88c45a33fd034045801f426118381eb5068ba8f

SHA512
7f8280451b0ac95982f539c6b91e4e41461d90ce4b4a52f60d6f343aa341f162c789a380cdd331a8d677263e6c0a75fae551a658e3877bd4cad6f35c1e5ae4e6

Download Submit
C:\Windows\system\HSCFOzC.exe

Filesize
6.0MB

MD5
048dece0a01e98c62c0673f1096f9bbc

SHA1
21ec9b63eb2d1ecaab37230715a091b255ddce8c

SHA256
c63025baaa8f5983e94e2a83e4f63f7b39a8418dcb850cfd3ea101f2d92e3865

SHA512
d66af72035fa952a42675e56cc32a3786dd3f5fa58da9df9d4a10ae06014efc1277bc9b0afba82549c364f12a708df10158d7102f7826e2f5b5b23c03867d171

Download Submit
C:\Windows\system\IJdPfQF.exe

Filesize
6.0MB

MD5
ab6e3d23e6410d71845d9e187a403eff

SHA1
75240bc6239bcb31f2a8d5d6f5908aedae0915fa

SHA256
36722f5fe43daa026a7f16ea8e9fc74d9ac3b952cfb5ee30c30e48f8aa6dc11a

SHA512
92efca0968b8fd0dc0cb8dc150114d0f6aad9b535ec5ecca387c6a93e6fcac5c3daf6902c2fd82b8a8719c786083222343cb8995c0a072e68403e444bd5c9b56

Download Submit
C:\Windows\system\MYWoatd.exe

Filesize
6.0MB

MD5
14f7bea705b8db5a1624b1996473272b

SHA1
eb769f199e78a4253a2e0037a2850f1101ae9a30

SHA256
15bbad3375224f48da62fb44af30a455e9a726a69c24f2351e70b020a55a9f24

SHA512
5f6871f24df77699e023090c409b9ef9aa74718721d95c3266a94399c31df4e0866a381c7d3ceedc388e09ed12ee4fc0a6303a05198004815466e6ce9ea0aa11

Download Submit
C:\Windows\system\QUbnFIb.exe

Filesize
6.0MB

MD5
13c01013e7172009b82650eb2a0638ad

SHA1
402d3fbb5a7361db951f73d0c17692b44bc3a08d

SHA256
161f9eabcee362e756b822537b416a47cb93077d1b249209213fa2f0e145c3f5

SHA512
e434ac071d20cc7db04cccf0695dcaabb4dfac75e2f78214d0d1bed0693901346223d01368d64928c16c8bea9931d25c4db7480575ae12ef7a2951cb3d83cac3

Download Submit
C:\Windows\system\SCDYrEJ.exe

Filesize
6.0MB

MD5
9761f23b721976715bd6aa933a28f3fb

SHA1
319c49acf3ffb7f27c7a14c0eec51ee0ff19f8bc

SHA256
b4cd4c8cb6370589a3ff8b9cc04489a476b4ef6dc605a8a5b131f0135ba171d4

SHA512
01e814beb423e5bc9845b4be6318543a1d4c39821e4db2bec8704810bc982273df628e22754ef588d2e9874013880753e2709cd5b118df06e1de4f3a0c85d22b

Download Submit
C:\Windows\system\VElRzsW.exe

Filesize
6.0MB

MD5
16aa447e3ef8f8551540d92a428ce283

SHA1
4959675c6dead0237e1c98874ac27c171d9a8f79

SHA256
f71a71f889f41bbb97a96608429af1bf359663eb242e0a63fe500fe520e753d7

SHA512
4925f29e2d7152feae53cf9f4cedd995dc11e15337a900f764298dfa49cc45ee430b716b02c34755c31d24fb44cc453bff4146acd1b17d9c73f9bc08e0c9bce7

Download Submit
C:\Windows\system\XkXVddA.exe

Filesize
6.0MB

MD5
fb49d9e59cecda4d1ad0e84ddda369e8

SHA1
5be0bf0ee1f06d13f8bb1deb2c2644a337fc383d

SHA256
fbaa22cfae39a864901ca78eefcc7db055c013a308c529ccc488253f5014f3c3

SHA512
1a4ce7d7daaf44bb110fec446104583d0029f164be09df6092026cfecb8202e84641c5ee897adcf5e3c34db603b750e90eba3ecbbdd7e2783ea52b98481d57d4

Download Submit
C:\Windows\system\YhBtdnQ.exe

Filesize
6.0MB

MD5
4afa8888a96562df93acf860459eb9eb

SHA1
60de36e2b58b5c0993a7825e9fc81585299ffc7a

SHA256
fa17d3c066fca37e79d5f9fbcb2e221557d2ad9de763ce6f1f822a9472721bb7

SHA512
e3aa5959d40a2dc3cd8a109e309557c016548d966381b5dafed3fb1df2a82f71bfa4a09356fcbfd53a751fd268fa9474fcec06e581a21ff7e50af3793ad93ce1

Download Submit
C:\Windows\system\ZNGAFsc.exe

Filesize
8B

MD5
41fea72a72efa48fbcc647f8398a26d8

SHA1
8116382221fee13c5ef842bf9d65af24e3b66654

SHA256
aaf85485adfaaaadc187a0eda66b256daac647a9cb8228ae0ffbfd4db5c304b8

SHA512
9a35afb0f236caee2c5ec06298a439851a8fbedd6f0c0abf9e48ac4ee72dbd9ffb8ddb27620ab19306efe4d2c5800e06c5b4e233712fddbfb164f15cde8ae035

Download Submit
C:\Windows\system\ZcfFQDv.exe

Filesize
6.0MB

MD5
b234d8d9f453e48203a7de5e13b73e33

SHA1
0ef7bf30c3f4a5932f5bffc14608d3fe8308d271

SHA256
0966b98c63d0189cfd3a1f6151f4ccaf6b35ad72d803554bc3adb0947fd003e1

SHA512
1d82592bba24027330832d18ef6e0c1c116c37b0bd3375cdf2bec107cf57141469d2bcbab453287bc934a654c6d94450a3cd49b476441879fd5276682f758cc7

Download Submit
C:\Windows\system\agAPNqs.exe

Filesize
6.0MB

MD5
56306897e47e7e0395ac4d0004f2d5dc

SHA1
a31dd9fb3de72eff6d516a5d7d058d5f9581d178

SHA256
5e36640c8fc035f3482c76007874398fafd82fdf949e276a402e36cc05b1df13

SHA512
bfb08521291f460b3bff606707d1260d35cb615c5c49cc11f0d3e6a2c36e4f4090fbbe421cd4cfd09be3cec1596ae3a35fba53ce56131f3cb36e9586aa507087

Download Submit
C:\Windows\system\eijgjNe.exe

Filesize
6.0MB

MD5
95cc7991299027836d1fb8ed07e65da0

SHA1
af0f50baf4c6c2b050ca940eaac50dc246905218

SHA256
5cbb19032140690508f19918c67bdcd1115e4b83116ea9cbae5c6269083a90fc

SHA512
0bfb447c34dfec79915094d3de21ec8f399da8b28e3b803ee8ffdc110b0eb2167607975d13e88bf0ec3664c9381a326d1de7401d4182614d30a8bce3b52f0a33

Download Submit
C:\Windows\system\jLjlqOi.exe

Filesize
6.0MB

MD5
e0356fedcb5d14bbe5876f035f1dde27

SHA1
d36244844c54a51308dee3097dea57275aa37418

SHA256
1ef5ddd644b5eeec80cf2f4633aa01e34768d571334de1c85fa7984f836b2d4e

SHA512
4a8615cf28178139885c8586766a24c6d45c2319a4b1dc4732b734f435dea2b9b8bbb77cc712e7de9d2d0dc30535544ccf1092ea63d7e0aaaafcae9837be1793

Download Submit
C:\Windows\system\mcyHkkZ.exe

Filesize
6.0MB

MD5
7b22119b6dc0420adf47b2c52cb297b1

SHA1
c4925f4db93adface90255ee8df48199e220429c

SHA256
963502d3d61730dc75544574ee90c9389f502747fe83b787903bbab6432f2a22

SHA512
1424857ca2263e894851b49b1c9d467d9dd000aed4339b225846df668c01326a9d839f9d51250a82ddd5121a9bd6ba9decf8acae5ec80cac4fcc81430fcdd84d

Download Submit
C:\Windows\system\nApPFrn.exe

Filesize
6.0MB

MD5
36a3fd14045bf0e23679b80c5b46588b

SHA1
7ff69ef376097bb875734d74d13893263bc28a06

SHA256
0aa07501a31faed731307c020bee7c34f17e466f900b86637473b57424818e44

SHA512
b7e09160981f31b9d71d59279b47d094b532d19b1528f7b155e34225373e585aa6e8a30901b06238037ad1241eeadc0664aa603956cdb7b3bf94c5ed8e17db78

Download Submit
C:\Windows\system\rBMkGsG.exe

Filesize
6.0MB

MD5
da8f6a6b549cd27fa58db07b82ce89d0

SHA1
18befe49979e4193ef1b3aca201b3beeb8fa89d9

SHA256
02f17185d4175bc300d4978f45ccd68be3ab549165fb10d096c4fd2b1a90368e

SHA512
de5a2662e92d35dd5f780499437d04f269a36bf7918e276fa1680ba44d077d53caed8b69422ec1a9be4e6324a4271e267fc6d8a5e00152b2b66f731ea5a3a40f

Download Submit
C:\Windows\system\rmTHNoi.exe

Filesize
6.0MB

MD5
df6de04c1d3d83993eeb14e29e21ef4b

SHA1
1fe0909c2cd86dba3bed03d555c276892b8dff66

SHA256
4ad012b1a7d737432d4fa2a140fe5d92a63a78474b358c887debea9e91fcd014

SHA512
b0b3b471dd86dfda5093ee96fd3c435ec274814b4e372172d5b7287681d89eaddc005a9f22b9be9baa89c9c9edaed93b035b1d21cbbed14631e0eb864d74d36d

Download Submit
C:\Windows\system\sHFLshb.exe

Filesize
6.0MB

MD5
e041a9cf6e6feb979e6b046d5a1a85a1

SHA1
693a8d6fc92facb885be78597d0adec03dbbda19

SHA256
aef25d60f4d1e5838ec6bb41a39c9863d172c8945ba010a6266e04f334a100bc

SHA512
120c3911c30d346ebf9d03ccf670e0309f605b6d27744513114b7ee6e708553337b390d5781676202cd5cdadf3f965954a63e0adc75827d8a9bf5c43562f9ee2

Download Submit
C:\Windows\system\vLZyEqt.exe

Filesize
6.0MB

MD5
da36349ebcb8147612eff3a4778a18a2

SHA1
694c7531eb44890674cf3f0be3699f2f2812e279

SHA256
4e7f387f30755db1b38356c464ed10c64b0a03db5fcc8b28673ec483b717b5f5

SHA512
99c940b020e1095c703fae60d9fb7a43b15ca75b953d17c55aefbc0386ddf703f3ac548db06509c9df4766b63934672114d0a78e58a00e407169f91374612588

Download Submit
C:\Windows\system\xKURwXS.exe

Filesize
6.0MB

MD5
53a0c042fdc343d934d4902b509db708

SHA1
3e5e1628839727565c1f7ed64a5afed319ee2ea9

SHA256
e4bc627e93a71e5826e8289c4b35c38b8b115d0f9d32ca0899e7ee6dc800ecf5

SHA512
125efa281d9e0cbffb6c05338e44f8919493e64c18f05f8d4d4c9ff76fd7dd690d6658956be3febfb3bcf4a7f7e0e0eb3f64df708ffdf5eb15e06a856efebbf9

Download Submit
C:\Windows\system\yKlBVKk.exe

Filesize
6.0MB

MD5
57b56116dbba1201c93be9d7284f435a

SHA1
62c6afa7e8af7f8173c8e4799cd5fed0276a2f14

SHA256
afd6b42aa396f82ef1254b87611c19267a96394ed59784972678602c868b16f7

SHA512
ae3770e76a979933aee6cb6cbe2ee6b5cbfbcb2b6e3521c52c167cc6604769e828ece12f0f6d865a6c461b94aa599576eb9b9e227a95ae46c7b641a6b4816cf2

Download Submit
C:\Windows\system\yXpcxPt.exe

Filesize
6.0MB

MD5
fc46fcea53f24a7b8b57752e0aec6805

SHA1
69fbb9f17b69078837b65d1b5452aa16e56c0d2c

SHA256
9a96327559df1ed037d6b76b677da59c8b6e7323fe059fd05605af445c388fc1

SHA512
0a18cdfd74205869cc42fbf5e189ff6b314e40099464d2a6727918a91b523df62ff39b22bbe8b19fe7eed32b224af54120351fadbedeab429f1423d07a3f4916

Download Submit
C:\Windows\system\ypNXHRX.exe

Filesize
6.0MB

MD5
e8cf25b7a483d80273aac53f609355ef

SHA1
77dd387d95b5c72a0f12951096dc6d8be5dabc90

SHA256
b63b38bbb1b57661a39d157e1abac72cf6230bc87f54eecace29b969b87439b5

SHA512
50cd87a938d12d9d7e244bf3961445f5afde89bb10a134284a8362159b8cbb26a3932748d8d0b86744900b00dc776289cae9953ac0936608f0f6fc4b5f1a65e5

Download Submit
C:\Windows\system\zzodikw.exe

Filesize
6.0MB

MD5
5d68d62a9724ff024ff73bb54b27c493

SHA1
bcf24dc661cca6fce700cf4d70db6d192fb427f9

SHA256
ae5a47d747956ec68750b1a68a2fde1f4c38ec1760fb08eea9566ee75742aec4

SHA512
11c1ccebb137b00cf29ed069c53d0488be0edfb3e446787ce6926c073fc4dd7dfe6f74e8a751bd8ff70a7f0cea93b0e1ed35a358bb0dd87cda909da84209b1ce

Download Submit
\Windows\system\GsesYeE.exe

Filesize
6.0MB

MD5
fe0b7894c9c8863bbb7c06d244eee23c

SHA1
eebd93fd5444f2e77c78f094876aa245ea407662

SHA256
cfd24d1877776df0559e8d445a7a28618e7d3d88da375fabe32a7ebcc3433f73

SHA512
fb33ab14334897fd9cb96e3b013dcc852f1741874715f91c0aec0176ccf2040e7f5497eb70d0f4795bb800781edf13ad3b72daed7202c5c451f473767bf22abb

Download Submit
\Windows\system\HXrxelr.exe

Filesize
6.0MB

MD5
d6641ff330ceac67e793ec568129c09e

SHA1
58a2f4df9af9756fc14f3d4fa95806f85bedd156

SHA256
216e65a097e513a498d7f17668b030cdcd73c1fb15bb5d4defa539eebf940a44

SHA512
64869c8157b42bebe121897960443cfc0a21a225cb8d4ede9f28f1a0c8db5780573255d4e6684b455fc0cca7894fb783360ae330a2bdd313105561983ad9459f

Download Submit
\Windows\system\TrCYIRe.exe

Filesize
6.0MB

MD5
17f9efad0f1ae1113032c818af50d887

SHA1
71782e3b5ab9e8afa251f1d68c4929fcf5cef62d

SHA256
d9179d1423762db3aeaed7765748813adf09a858565ed7f880471fca776040c0

SHA512
85a5af53041b3b1ab9a9f3c90274f7ac6be895ba9ce1023daaaa5f3a18c3461c3ae76ea844b63f9a7a6861515903ec8df2307dd9a17c4b1b1d8c7ff131d9588b

Download Submit
\Windows\system\UXTZGCz.exe

Filesize
6.0MB

MD5
6b23fac742e9dea27f7aee27ab5d3e16

SHA1
ba493d2d00921d66080e029560da3f19582133f3

SHA256
584b9e563f0e1347bfa0684b85f44c51e17e587c3385398ee5c8d9fa88af41c4

SHA512
117b7d64e5ef3e8c3255ea36700d6b8687b65342ba54376c4b15892658fb8836ca5dee5cfe3fe77f8705292676e26f80bef3501b6951e244585c4412dbebc0e7

Download Submit
\Windows\system\bBvdXCk.exe

Filesize
6.0MB

MD5
5ded86b1155207d4d79d0d90b9f4efed

SHA1
f8c5859c685f7f651490e06d06e5577061f8d94b

SHA256
f69e2b5566672d21b0a6551b0382b1e46cc2c3e266afdced812703e8ee4a70cd

SHA512
769a33c39a7f5a48e1f4755de6847afe13766c946f9833ec3340b8115e3ee589dae49f4fef2462b5178574ef4a4869c6ab0b2b237f3cb96d9c7ffb9cb81b107c

Download Submit
\Windows\system\wJXQQKI.exe

Filesize
6.0MB

MD5
43f357ceb638b7c11feaf72a22489896

SHA1
a82222d7d11b1716b655b51e93ba98a33d7cadc0

SHA256
6e2922245ddd9a19a1ac7a1e82384b6e5e21c443d1ada852a6c3da13f9641c3e

SHA512
b5cb16f95cdc2b95f3affa4b2afa96b979e064d826d76286ba2ea7a1681434a48a313291cd1953506d73bf5e51c4fbb30105d30c727b6e0430014c27e37f4796

Download Submit
memory/972-48-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/972-3546-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/1864-3561-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/1864-951-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2076-14-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-3532-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-866-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2448-18-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2448-308-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-19-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2448-473-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2448-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2448-104-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2448-51-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2448-678-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2448-6-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2448-65-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2448-34-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2448-89-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2448-56-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2448-38-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2448-0-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2448-81-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2448-46-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2448-1005-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2448-74-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2472-3549-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2472-54-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3574-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-77-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-400-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-73-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3533-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-29-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-57-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3559-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-92-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-3544-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-225-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-68-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-52-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3539-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-88-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-50-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3527-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2824-59-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3550-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2824-97-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2840-63-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-100-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3576-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-84-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/3040-3566-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/3040-571-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/3048-769-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/3048-93-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3575-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download