cobaltstrike | a8228ea2b758d879a5379d3e0db35f6ac818b1f6615014723f966f7b32ed6781

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-01-2025 00:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

7a05b6153212efecbebbce39713b581b
SHA1

484d76a7d5d820950af930e9e211846652e02d86
SHA256

a8228ea2b758d879a5379d3e0db35f6ac818b1f6615014723f966f7b32ed6781
SHA512

6cf686087babcf4f392b87bb46616c411a26bfb757653397ed6acbadc0db600d6877cdbe25b47bc640f5530af42cd32b6cac60647b2fd8055ba88491c48b31aa
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUC:T+q56utgpPF8u/7C

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 36 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015db6-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015dc0-15.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015e64-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ed2-26.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016334-45.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016db5-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd0-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eb8-70.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707c-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-105.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001757f-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-164.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-159.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-155.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-149.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018696-128.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-161.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-152.dat	cobalt_reflective_dll
behavioral1/files/0x0015000000018676-125.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174c3-115.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a6-110.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001746a-100.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017403-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017400-91.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f3-85.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edb-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de4-60.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001613e-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016009-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f96-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1196-0-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-6.dat	xmrig
behavioral1/files/0x0008000000015db6-8.dat	xmrig
behavioral1/files/0x0007000000015dc0-15.dat	xmrig
behavioral1/files/0x0008000000015e64-18.dat	xmrig
behavioral1/files/0x0007000000015ed2-26.dat	xmrig
behavioral1/files/0x0008000000016334-45.dat	xmrig
behavioral1/files/0x0006000000016db5-50.dat	xmrig
behavioral1/files/0x0006000000016dd0-55.dat	xmrig
behavioral1/files/0x0006000000016de8-65.dat	xmrig
behavioral1/files/0x0006000000016eb8-70.dat	xmrig
behavioral1/files/0x000600000001707c-80.dat	xmrig
behavioral1/files/0x0006000000017488-105.dat	xmrig
behavioral1/files/0x000600000001757f-120.dat	xmrig
behavioral1/memory/2572-177-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/1196-1440-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2732-197-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2628-195-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2812-193-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2776-191-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2788-189-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2816-187-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/1196-186-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/memory/2992-185-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2768-183-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/1196-182-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2864-181-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2756-179-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/1196-178-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/memory/264-175-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/1892-173-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019217-164.dat	xmrig
behavioral1/files/0x0006000000018f65-159.dat	xmrig
behavioral1/files/0x0006000000018c34-157.dat	xmrig
behavioral1/files/0x00050000000191d2-155.dat	xmrig
behavioral1/files/0x000600000001904c-149.dat	xmrig
behavioral1/files/0x0006000000018c44-142.dat	xmrig
behavioral1/files/0x0005000000018697-138.dat	xmrig
behavioral1/memory/1400-137-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/files/0x00050000000187a2-134.dat	xmrig
behavioral1/files/0x0005000000018696-128.dat	xmrig
behavioral1/files/0x00050000000191f6-161.dat	xmrig
behavioral1/files/0x00060000000190e1-152.dat	xmrig
behavioral1/files/0x0015000000018676-125.dat	xmrig
behavioral1/files/0x00060000000174c3-115.dat	xmrig
behavioral1/files/0x00060000000174a6-110.dat	xmrig
behavioral1/files/0x000600000001746a-100.dat	xmrig
behavioral1/files/0x0006000000017403-95.dat	xmrig
behavioral1/files/0x0006000000017400-91.dat	xmrig
behavioral1/files/0x00060000000173f3-85.dat	xmrig
behavioral1/files/0x0006000000016edb-75.dat	xmrig
behavioral1/files/0x0006000000016de4-60.dat	xmrig
behavioral1/files/0x000700000001613e-41.dat	xmrig
behavioral1/files/0x0007000000016009-36.dat	xmrig
behavioral1/files/0x0007000000015f96-30.dat	xmrig
behavioral1/memory/2776-4038-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2992-4042-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2864-4045-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2812-4044-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/1892-4043-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2572-4041-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2788-4040-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2628-4039-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2768-4026-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1400	ijhsfTe.exe
1892	HXucjWH.exe
264	AEsmvbV.exe
2572	mdMromC.exe
2756	ylOeckb.exe
2864	OWgTjIX.exe
2768	zGWQvxB.exe
2992	GNnfXMY.exe
2816	ysGZXCT.exe
2788	SfZPNko.exe
2776	ZSKKuVe.exe
2812	QbQPRdB.exe
2628	jHyilUM.exe
2732	PoPLzfN.exe
2660	wNsGugf.exe
1636	zVITDki.exe
1572	AYYFeKm.exe
748	MMqDYaH.exe
2936	afSpzNI.exe
2016	FBcoBzj.exe
2364	PitvdWt.exe
2912	XRRaCju.exe
1804	psqllXD.exe
2680	XHaAqYF.exe
1084	tvdIfff.exe
2332	uCyoXXp.exe
2108	vwYMQjb.exe
2192	iEAjMgl.exe
740	VjyFHsj.exe
640	ypeAAos.exe
1528	xBRPWoO.exe
3068	EhVwTdj.exe
2188	DvRgMfk.exe
2152	IHmkyVU.exe
852	WEiCgXj.exe
3024	HMKnPDx.exe
1288	Kqjvynf.exe
2092	PtNzaDj.exe
2232	JmhGGrE.exe
2060	LJTdCDL.exe
2292	OQnYNoJ.exe
2336	NrDgGkz.exe
3000	hqzkrST.exe
1768	yMqHKAg.exe
2356	dSYcsNw.exe
2384	ZlAjsXG.exe
1748	rExxqMW.exe
3060	mfIxzAy.exe
1956	yXdzOfI.exe
1484	AsKetwd.exe
1516	dWJguME.exe
2456	VLdSkRJ.exe
712	mQblPgU.exe
2832	noGrFKe.exe
2764	PiauNEz.exe
2168	LKikiPR.exe
2800	bkxeJMN.exe
2668	mOFBVrk.exe
2052	ZXNGkwE.exe
1808	yxJrKgK.exe
2012	OAroNXT.exe
2700	FXUtQgC.exe
1072	IHiTYEE.exe
576	wkxppce.exe

Loads dropped DLL 64 IoCs

pid	Process
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1196-0-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x0007000000012118-6.dat	upx
behavioral1/files/0x0008000000015db6-8.dat	upx
behavioral1/files/0x0007000000015dc0-15.dat	upx
behavioral1/files/0x0008000000015e64-18.dat	upx
behavioral1/files/0x0007000000015ed2-26.dat	upx
behavioral1/files/0x0008000000016334-45.dat	upx
behavioral1/files/0x0006000000016db5-50.dat	upx
behavioral1/files/0x0006000000016dd0-55.dat	upx
behavioral1/files/0x0006000000016de8-65.dat	upx
behavioral1/files/0x0006000000016eb8-70.dat	upx
behavioral1/files/0x000600000001707c-80.dat	upx
behavioral1/files/0x0006000000017488-105.dat	upx
behavioral1/files/0x000600000001757f-120.dat	upx
behavioral1/memory/2572-177-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/1196-1440-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2732-197-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2628-195-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2812-193-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2776-191-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2788-189-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2816-187-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2992-185-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2768-183-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2864-181-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2756-179-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/264-175-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/1892-173-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/files/0x0005000000019217-164.dat	upx
behavioral1/files/0x0006000000018f65-159.dat	upx
behavioral1/files/0x0006000000018c34-157.dat	upx
behavioral1/files/0x00050000000191d2-155.dat	upx
behavioral1/files/0x000600000001904c-149.dat	upx
behavioral1/files/0x0006000000018c44-142.dat	upx
behavioral1/files/0x0005000000018697-138.dat	upx
behavioral1/memory/1400-137-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/files/0x00050000000187a2-134.dat	upx
behavioral1/files/0x0005000000018696-128.dat	upx
behavioral1/files/0x00050000000191f6-161.dat	upx
behavioral1/files/0x00060000000190e1-152.dat	upx
behavioral1/files/0x0015000000018676-125.dat	upx
behavioral1/files/0x00060000000174c3-115.dat	upx
behavioral1/files/0x00060000000174a6-110.dat	upx
behavioral1/files/0x000600000001746a-100.dat	upx
behavioral1/files/0x0006000000017403-95.dat	upx
behavioral1/files/0x0006000000017400-91.dat	upx
behavioral1/files/0x00060000000173f3-85.dat	upx
behavioral1/files/0x0006000000016edb-75.dat	upx
behavioral1/files/0x0006000000016de4-60.dat	upx
behavioral1/files/0x000700000001613e-41.dat	upx
behavioral1/files/0x0007000000016009-36.dat	upx
behavioral1/files/0x0007000000015f96-30.dat	upx
behavioral1/memory/2776-4038-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2992-4042-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2864-4045-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2812-4044-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/1892-4043-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2572-4041-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2788-4040-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2628-4039-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2768-4026-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2756-4024-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2732-4046-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\AiMKHMn.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NZeXGWF.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sBFWAWF.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cyINXxR.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gexsGQt.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\URWFxrj.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mLivvpM.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JWvyFBV.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvFjKim.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cPJZBUx.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rixwhWf.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TaAnVUW.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KBChRmh.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pDpzaeX.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPuxGkB.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSoGQWu.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PNajUxr.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oEQbVOX.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCFSdFr.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uXVJHxC.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vFahZYc.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tAdwDzP.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CNUxVpn.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IUUYhgq.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ImfDTru.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jyMURkb.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nMZUpTd.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QKYKVQK.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rlhiNKu.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NaoIiSk.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LDBQfSm.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yoMuADD.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ozkGpae.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ToLTmur.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dchrupd.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EcsUljA.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eUbKWhP.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YVcigNn.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jlzcFPZ.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mFXHQuN.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qeXqIcw.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eDJZmJF.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dPPNKGv.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\daavNIX.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NmREcBV.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UwFnUZP.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VyxeaYk.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XrBCRhB.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gouIoIk.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTgElVL.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cBCjPEr.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KDrsrZM.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gsXtoIQ.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\chdKGOz.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MXgJxCj.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\olONPHc.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xBRPWoO.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lqnPAlZ.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqbhFlq.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rwOrrgb.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNIjkuT.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQblPgU.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HFNUwgd.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QXKLKru.exe	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 1400	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1196 wrote to memory of 1400	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1196 wrote to memory of 1400	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1196 wrote to memory of 1892	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1196 wrote to memory of 1892	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1196 wrote to memory of 1892	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1196 wrote to memory of 264	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1196 wrote to memory of 264	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1196 wrote to memory of 264	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1196 wrote to memory of 2572	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1196 wrote to memory of 2572	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1196 wrote to memory of 2572	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1196 wrote to memory of 2756	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1196 wrote to memory of 2756	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1196 wrote to memory of 2756	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1196 wrote to memory of 2864	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1196 wrote to memory of 2864	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1196 wrote to memory of 2864	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1196 wrote to memory of 2768	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1196 wrote to memory of 2768	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1196 wrote to memory of 2768	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1196 wrote to memory of 2992	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1196 wrote to memory of 2992	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1196 wrote to memory of 2992	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1196 wrote to memory of 2816	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1196 wrote to memory of 2816	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1196 wrote to memory of 2816	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1196 wrote to memory of 2788	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1196 wrote to memory of 2788	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1196 wrote to memory of 2788	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1196 wrote to memory of 2776	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1196 wrote to memory of 2776	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1196 wrote to memory of 2776	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1196 wrote to memory of 2812	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1196 wrote to memory of 2812	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1196 wrote to memory of 2812	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1196 wrote to memory of 2628	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1196 wrote to memory of 2628	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1196 wrote to memory of 2628	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1196 wrote to memory of 2732	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1196 wrote to memory of 2732	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1196 wrote to memory of 2732	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1196 wrote to memory of 2660	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1196 wrote to memory of 2660	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1196 wrote to memory of 2660	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1196 wrote to memory of 1636	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1196 wrote to memory of 1636	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1196 wrote to memory of 1636	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1196 wrote to memory of 1572	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1196 wrote to memory of 1572	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1196 wrote to memory of 1572	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1196 wrote to memory of 748	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1196 wrote to memory of 748	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1196 wrote to memory of 748	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1196 wrote to memory of 2936	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1196 wrote to memory of 2936	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1196 wrote to memory of 2936	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1196 wrote to memory of 2016	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1196 wrote to memory of 2016	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1196 wrote to memory of 2016	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1196 wrote to memory of 2364	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1196 wrote to memory of 2364	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1196 wrote to memory of 2364	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1196 wrote to memory of 2912	1196	2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-28_7a05b6153212efecbebbce39713b581b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Windows\System\ijhsfTe.exe
  C:\Windows\System\ijhsfTe.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\HXucjWH.exe
  C:\Windows\System\HXucjWH.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\AEsmvbV.exe
  C:\Windows\System\AEsmvbV.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\mdMromC.exe
  C:\Windows\System\mdMromC.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\ylOeckb.exe
  C:\Windows\System\ylOeckb.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\OWgTjIX.exe
  C:\Windows\System\OWgTjIX.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\zGWQvxB.exe
  C:\Windows\System\zGWQvxB.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\GNnfXMY.exe
  C:\Windows\System\GNnfXMY.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\ysGZXCT.exe
  C:\Windows\System\ysGZXCT.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\SfZPNko.exe
  C:\Windows\System\SfZPNko.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\ZSKKuVe.exe
  C:\Windows\System\ZSKKuVe.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\QbQPRdB.exe
  C:\Windows\System\QbQPRdB.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\jHyilUM.exe
  C:\Windows\System\jHyilUM.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\PoPLzfN.exe
  C:\Windows\System\PoPLzfN.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\wNsGugf.exe
  C:\Windows\System\wNsGugf.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\zVITDki.exe
  C:\Windows\System\zVITDki.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\AYYFeKm.exe
  C:\Windows\System\AYYFeKm.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\MMqDYaH.exe
  C:\Windows\System\MMqDYaH.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\afSpzNI.exe
  C:\Windows\System\afSpzNI.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\FBcoBzj.exe
  C:\Windows\System\FBcoBzj.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\PitvdWt.exe
  C:\Windows\System\PitvdWt.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\XRRaCju.exe
  C:\Windows\System\XRRaCju.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\psqllXD.exe
  C:\Windows\System\psqllXD.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\XHaAqYF.exe
  C:\Windows\System\XHaAqYF.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\tvdIfff.exe
  C:\Windows\System\tvdIfff.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\EhVwTdj.exe
  C:\Windows\System\EhVwTdj.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\uCyoXXp.exe
  C:\Windows\System\uCyoXXp.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\DvRgMfk.exe
  C:\Windows\System\DvRgMfk.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\vwYMQjb.exe
  C:\Windows\System\vwYMQjb.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\IHmkyVU.exe
  C:\Windows\System\IHmkyVU.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\iEAjMgl.exe
  C:\Windows\System\iEAjMgl.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\WEiCgXj.exe
  C:\Windows\System\WEiCgXj.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\VjyFHsj.exe
  C:\Windows\System\VjyFHsj.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\HMKnPDx.exe
  C:\Windows\System\HMKnPDx.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\ypeAAos.exe
  C:\Windows\System\ypeAAos.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\Kqjvynf.exe
  C:\Windows\System\Kqjvynf.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\xBRPWoO.exe
  C:\Windows\System\xBRPWoO.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\PtNzaDj.exe
  C:\Windows\System\PtNzaDj.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\JmhGGrE.exe
  C:\Windows\System\JmhGGrE.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\OQnYNoJ.exe
  C:\Windows\System\OQnYNoJ.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\LJTdCDL.exe
  C:\Windows\System\LJTdCDL.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\NrDgGkz.exe
  C:\Windows\System\NrDgGkz.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\hqzkrST.exe
  C:\Windows\System\hqzkrST.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\dSYcsNw.exe
  C:\Windows\System\dSYcsNw.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\yMqHKAg.exe
  C:\Windows\System\yMqHKAg.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\ZlAjsXG.exe
  C:\Windows\System\ZlAjsXG.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\rExxqMW.exe
  C:\Windows\System\rExxqMW.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\mfIxzAy.exe
  C:\Windows\System\mfIxzAy.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\yXdzOfI.exe
  C:\Windows\System\yXdzOfI.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\AsKetwd.exe
  C:\Windows\System\AsKetwd.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\dWJguME.exe
  C:\Windows\System\dWJguME.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\VLdSkRJ.exe
  C:\Windows\System\VLdSkRJ.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\mQblPgU.exe
  C:\Windows\System\mQblPgU.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\noGrFKe.exe
  C:\Windows\System\noGrFKe.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\PiauNEz.exe
  C:\Windows\System\PiauNEz.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\LKikiPR.exe
  C:\Windows\System\LKikiPR.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\bkxeJMN.exe
  C:\Windows\System\bkxeJMN.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\mOFBVrk.exe
  C:\Windows\System\mOFBVrk.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\ZXNGkwE.exe
  C:\Windows\System\ZXNGkwE.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\yxJrKgK.exe
  C:\Windows\System\yxJrKgK.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\OAroNXT.exe
  C:\Windows\System\OAroNXT.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\FXUtQgC.exe
  C:\Windows\System\FXUtQgC.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\IHiTYEE.exe
  C:\Windows\System\IHiTYEE.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\wkxppce.exe
  C:\Windows\System\wkxppce.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\PrSpEOm.exe
  C:\Windows\System\PrSpEOm.exe
  2⤵
  PID:1220
- C:\Windows\System\IdjaquH.exe
  C:\Windows\System\IdjaquH.exe
  2⤵
  PID:848
- C:\Windows\System\FzKzIub.exe
  C:\Windows\System\FzKzIub.exe
  2⤵
  PID:3012
- C:\Windows\System\xsdPRgk.exe
  C:\Windows\System\xsdPRgk.exe
  2⤵
  PID:948
- C:\Windows\System\sKnmeNY.exe
  C:\Windows\System\sKnmeNY.exe
  2⤵
  PID:2924
- C:\Windows\System\WNwbefk.exe
  C:\Windows\System\WNwbefk.exe
  2⤵
  PID:2240
- C:\Windows\System\BKZqKZQ.exe
  C:\Windows\System\BKZqKZQ.exe
  2⤵
  PID:1420
- C:\Windows\System\RBmQdvo.exe
  C:\Windows\System\RBmQdvo.exe
  2⤵
  PID:2804
- C:\Windows\System\AjUNbpw.exe
  C:\Windows\System\AjUNbpw.exe
  2⤵
  PID:1656
- C:\Windows\System\ywMWkcj.exe
  C:\Windows\System\ywMWkcj.exe
  2⤵
  PID:2392
- C:\Windows\System\VCAKCqL.exe
  C:\Windows\System\VCAKCqL.exe
  2⤵
  PID:2084
- C:\Windows\System\IcebEhA.exe
  C:\Windows\System\IcebEhA.exe
  2⤵
  PID:2128
- C:\Windows\System\mNLgGBU.exe
  C:\Windows\System\mNLgGBU.exe
  2⤵
  PID:2380
- C:\Windows\System\LJABUZy.exe
  C:\Windows\System\LJABUZy.exe
  2⤵
  PID:1740
- C:\Windows\System\KBChRmh.exe
  C:\Windows\System\KBChRmh.exe
  2⤵
  PID:2516
- C:\Windows\System\ncuMvrD.exe
  C:\Windows\System\ncuMvrD.exe
  2⤵
  PID:1712
- C:\Windows\System\JBsidbd.exe
  C:\Windows\System\JBsidbd.exe
  2⤵
  PID:1416
- C:\Windows\System\TUaaLdj.exe
  C:\Windows\System\TUaaLdj.exe
  2⤵
  PID:1508
- C:\Windows\System\zzwCKlZ.exe
  C:\Windows\System\zzwCKlZ.exe
  2⤵
  PID:540
- C:\Windows\System\iwfmiyG.exe
  C:\Windows\System\iwfmiyG.exe
  2⤵
  PID:2720
- C:\Windows\System\ekjrasr.exe
  C:\Windows\System\ekjrasr.exe
  2⤵
  PID:2736
- C:\Windows\System\OhhDDwJ.exe
  C:\Windows\System\OhhDDwJ.exe
  2⤵
  PID:1008
- C:\Windows\System\Etlsiih.exe
  C:\Windows\System\Etlsiih.exe
  2⤵
  PID:2176
- C:\Windows\System\cCTBdZe.exe
  C:\Windows\System\cCTBdZe.exe
  2⤵
  PID:2068
- C:\Windows\System\HBMiyYE.exe
  C:\Windows\System\HBMiyYE.exe
  2⤵
  PID:2808
- C:\Windows\System\zyCNYZA.exe
  C:\Windows\System\zyCNYZA.exe
  2⤵
  PID:1972
- C:\Windows\System\tGLKdbk.exe
  C:\Windows\System\tGLKdbk.exe
  2⤵
  PID:2244
- C:\Windows\System\IeIymXa.exe
  C:\Windows\System\IeIymXa.exe
  2⤵
  PID:2504
- C:\Windows\System\AniaZPA.exe
  C:\Windows\System\AniaZPA.exe
  2⤵
  PID:2156
- C:\Windows\System\NaoIiSk.exe
  C:\Windows\System\NaoIiSk.exe
  2⤵
  PID:2032
- C:\Windows\System\cuPHRAN.exe
  C:\Windows\System\cuPHRAN.exe
  2⤵
  PID:1432
- C:\Windows\System\PQIvwWY.exe
  C:\Windows\System\PQIvwWY.exe
  2⤵
  PID:1876
- C:\Windows\System\jkgJmoW.exe
  C:\Windows\System\jkgJmoW.exe
  2⤵
  PID:3088
- C:\Windows\System\GLCdNaI.exe
  C:\Windows\System\GLCdNaI.exe
  2⤵
  PID:3108
- C:\Windows\System\herqUme.exe
  C:\Windows\System\herqUme.exe
  2⤵
  PID:3132
- C:\Windows\System\GPtGlrc.exe
  C:\Windows\System\GPtGlrc.exe
  2⤵
  PID:3156
- C:\Windows\System\vCyYxeh.exe
  C:\Windows\System\vCyYxeh.exe
  2⤵
  PID:3176
- C:\Windows\System\HETTHsr.exe
  C:\Windows\System\HETTHsr.exe
  2⤵
  PID:3196
- C:\Windows\System\GwjthjQ.exe
  C:\Windows\System\GwjthjQ.exe
  2⤵
  PID:3216
- C:\Windows\System\ASwZHJM.exe
  C:\Windows\System\ASwZHJM.exe
  2⤵
  PID:3236
- C:\Windows\System\ZDNKCRl.exe
  C:\Windows\System\ZDNKCRl.exe
  2⤵
  PID:3256
- C:\Windows\System\BsGZSRY.exe
  C:\Windows\System\BsGZSRY.exe
  2⤵
  PID:3276
- C:\Windows\System\ULWjAry.exe
  C:\Windows\System\ULWjAry.exe
  2⤵
  PID:3296
- C:\Windows\System\NZqBwZc.exe
  C:\Windows\System\NZqBwZc.exe
  2⤵
  PID:3316
- C:\Windows\System\jHZRRUE.exe
  C:\Windows\System\jHZRRUE.exe
  2⤵
  PID:3336
- C:\Windows\System\dFNXqtw.exe
  C:\Windows\System\dFNXqtw.exe
  2⤵
  PID:3356
- C:\Windows\System\CxBbDAD.exe
  C:\Windows\System\CxBbDAD.exe
  2⤵
  PID:3376
- C:\Windows\System\GTWkMfB.exe
  C:\Windows\System\GTWkMfB.exe
  2⤵
  PID:3396
- C:\Windows\System\opzErti.exe
  C:\Windows\System\opzErti.exe
  2⤵
  PID:3416
- C:\Windows\System\tWJAUxE.exe
  C:\Windows\System\tWJAUxE.exe
  2⤵
  PID:3436
- C:\Windows\System\cfahMag.exe
  C:\Windows\System\cfahMag.exe
  2⤵
  PID:3456
- C:\Windows\System\LDBQfSm.exe
  C:\Windows\System\LDBQfSm.exe
  2⤵
  PID:3476
- C:\Windows\System\puGjivy.exe
  C:\Windows\System\puGjivy.exe
  2⤵
  PID:3496
- C:\Windows\System\nQQDNhr.exe
  C:\Windows\System\nQQDNhr.exe
  2⤵
  PID:3516
- C:\Windows\System\lOdjiTm.exe
  C:\Windows\System\lOdjiTm.exe
  2⤵
  PID:3536
- C:\Windows\System\SmySQPV.exe
  C:\Windows\System\SmySQPV.exe
  2⤵
  PID:3556
- C:\Windows\System\xVQJAZj.exe
  C:\Windows\System\xVQJAZj.exe
  2⤵
  PID:3576
- C:\Windows\System\RWQAeXj.exe
  C:\Windows\System\RWQAeXj.exe
  2⤵
  PID:3596
- C:\Windows\System\DqHTDhR.exe
  C:\Windows\System\DqHTDhR.exe
  2⤵
  PID:3616
- C:\Windows\System\KvDaUjd.exe
  C:\Windows\System\KvDaUjd.exe
  2⤵
  PID:3636
- C:\Windows\System\hZxHVab.exe
  C:\Windows\System\hZxHVab.exe
  2⤵
  PID:3656
- C:\Windows\System\plxikxT.exe
  C:\Windows\System\plxikxT.exe
  2⤵
  PID:3676
- C:\Windows\System\WqeufVc.exe
  C:\Windows\System\WqeufVc.exe
  2⤵
  PID:3696
- C:\Windows\System\JUAYdpw.exe
  C:\Windows\System\JUAYdpw.exe
  2⤵
  PID:3716
- C:\Windows\System\upFRpwQ.exe
  C:\Windows\System\upFRpwQ.exe
  2⤵
  PID:3736
- C:\Windows\System\lniIsIp.exe
  C:\Windows\System\lniIsIp.exe
  2⤵
  PID:3756
- C:\Windows\System\aiNVXLk.exe
  C:\Windows\System\aiNVXLk.exe
  2⤵
  PID:3776
- C:\Windows\System\GSpVObw.exe
  C:\Windows\System\GSpVObw.exe
  2⤵
  PID:3796
- C:\Windows\System\iTdqesZ.exe
  C:\Windows\System\iTdqesZ.exe
  2⤵
  PID:3816
- C:\Windows\System\XBEqOLq.exe
  C:\Windows\System\XBEqOLq.exe
  2⤵
  PID:3836
- C:\Windows\System\lqnPAlZ.exe
  C:\Windows\System\lqnPAlZ.exe
  2⤵
  PID:3856
- C:\Windows\System\RhOpCjL.exe
  C:\Windows\System\RhOpCjL.exe
  2⤵
  PID:3876
- C:\Windows\System\tAdwDzP.exe
  C:\Windows\System\tAdwDzP.exe
  2⤵
  PID:3896
- C:\Windows\System\SqbhFlq.exe
  C:\Windows\System\SqbhFlq.exe
  2⤵
  PID:3916
- C:\Windows\System\QLjDdVE.exe
  C:\Windows\System\QLjDdVE.exe
  2⤵
  PID:3936
- C:\Windows\System\TKPiPFw.exe
  C:\Windows\System\TKPiPFw.exe
  2⤵
  PID:3956
- C:\Windows\System\JWQGYoE.exe
  C:\Windows\System\JWQGYoE.exe
  2⤵
  PID:3976
- C:\Windows\System\BTNlNzw.exe
  C:\Windows\System\BTNlNzw.exe
  2⤵
  PID:3996
- C:\Windows\System\uAEzMck.exe
  C:\Windows\System\uAEzMck.exe
  2⤵
  PID:4016
- C:\Windows\System\uHgeVGA.exe
  C:\Windows\System\uHgeVGA.exe
  2⤵
  PID:4036
- C:\Windows\System\fcTzpjV.exe
  C:\Windows\System\fcTzpjV.exe
  2⤵
  PID:4056
- C:\Windows\System\CTDRRtX.exe
  C:\Windows\System\CTDRRtX.exe
  2⤵
  PID:4076
- C:\Windows\System\ICvGkXt.exe
  C:\Windows\System\ICvGkXt.exe
  2⤵
  PID:2704
- C:\Windows\System\xYgvrZi.exe
  C:\Windows\System\xYgvrZi.exe
  2⤵
  PID:1552
- C:\Windows\System\RCnXiAX.exe
  C:\Windows\System\RCnXiAX.exe
  2⤵
  PID:2512
- C:\Windows\System\MWcadNN.exe
  C:\Windows\System\MWcadNN.exe
  2⤵
  PID:2496
- C:\Windows\System\tlUzopJ.exe
  C:\Windows\System\tlUzopJ.exe
  2⤵
  PID:2896
- C:\Windows\System\BfugSzp.exe
  C:\Windows\System\BfugSzp.exe
  2⤵
  PID:2840
- C:\Windows\System\UkaqSlG.exe
  C:\Windows\System\UkaqSlG.exe
  2⤵
  PID:2948
- C:\Windows\System\CKNnnyB.exe
  C:\Windows\System\CKNnnyB.exe
  2⤵
  PID:1944
- C:\Windows\System\bROhKRv.exe
  C:\Windows\System\bROhKRv.exe
  2⤵
  PID:2620
- C:\Windows\System\jidqEZB.exe
  C:\Windows\System\jidqEZB.exe
  2⤵
  PID:1152
- C:\Windows\System\iGylkIU.exe
  C:\Windows\System\iGylkIU.exe
  2⤵
  PID:676
- C:\Windows\System\kPtOPDJ.exe
  C:\Windows\System\kPtOPDJ.exe
  2⤵
  PID:1868
- C:\Windows\System\XqEZyYf.exe
  C:\Windows\System\XqEZyYf.exe
  2⤵
  PID:872
- C:\Windows\System\bwkRlTE.exe
  C:\Windows\System\bwkRlTE.exe
  2⤵
  PID:3100
- C:\Windows\System\jylQCkW.exe
  C:\Windows\System\jylQCkW.exe
  2⤵
  PID:3148
- C:\Windows\System\ZXPbJDW.exe
  C:\Windows\System\ZXPbJDW.exe
  2⤵
  PID:3124
- C:\Windows\System\EPEoWmC.exe
  C:\Windows\System\EPEoWmC.exe
  2⤵
  PID:3164
- C:\Windows\System\tZjMMka.exe
  C:\Windows\System\tZjMMka.exe
  2⤵
  PID:3232
- C:\Windows\System\pDpzaeX.exe
  C:\Windows\System\pDpzaeX.exe
  2⤵
  PID:3252
- C:\Windows\System\CNUxVpn.exe
  C:\Windows\System\CNUxVpn.exe
  2⤵
  PID:3284
- C:\Windows\System\qERrvXV.exe
  C:\Windows\System\qERrvXV.exe
  2⤵
  PID:3308
- C:\Windows\System\RHPSeUf.exe
  C:\Windows\System\RHPSeUf.exe
  2⤵
  PID:3352
- C:\Windows\System\EDymHzQ.exe
  C:\Windows\System\EDymHzQ.exe
  2⤵
  PID:3368
- C:\Windows\System\ZluPJoQ.exe
  C:\Windows\System\ZluPJoQ.exe
  2⤵
  PID:3424
- C:\Windows\System\UrJWIfI.exe
  C:\Windows\System\UrJWIfI.exe
  2⤵
  PID:3452
- C:\Windows\System\amGlvht.exe
  C:\Windows\System\amGlvht.exe
  2⤵
  PID:3504
- C:\Windows\System\sGpnnKf.exe
  C:\Windows\System\sGpnnKf.exe
  2⤵
  PID:3488
- C:\Windows\System\aqExPfi.exe
  C:\Windows\System\aqExPfi.exe
  2⤵
  PID:3528
- C:\Windows\System\nBQIAXZ.exe
  C:\Windows\System\nBQIAXZ.exe
  2⤵
  PID:3592
- C:\Windows\System\ZpNdHAT.exe
  C:\Windows\System\ZpNdHAT.exe
  2⤵
  PID:3632
- C:\Windows\System\LlYbpvY.exe
  C:\Windows\System\LlYbpvY.exe
  2⤵
  PID:3652
- C:\Windows\System\icIUAoT.exe
  C:\Windows\System\icIUAoT.exe
  2⤵
  PID:3684
- C:\Windows\System\AwYCxLb.exe
  C:\Windows\System\AwYCxLb.exe
  2⤵
  PID:3708
- C:\Windows\System\fwwYSSB.exe
  C:\Windows\System\fwwYSSB.exe
  2⤵
  PID:3752
- C:\Windows\System\kPuxGkB.exe
  C:\Windows\System\kPuxGkB.exe
  2⤵
  PID:3784
- C:\Windows\System\xSRGAoq.exe
  C:\Windows\System\xSRGAoq.exe
  2⤵
  PID:3824
- C:\Windows\System\tEHrzdL.exe
  C:\Windows\System\tEHrzdL.exe
  2⤵
  PID:3872
- C:\Windows\System\dhTtsht.exe
  C:\Windows\System\dhTtsht.exe
  2⤵
  PID:3892
- C:\Windows\System\NXZzfud.exe
  C:\Windows\System\NXZzfud.exe
  2⤵
  PID:3924
- C:\Windows\System\MyLMGtt.exe
  C:\Windows\System\MyLMGtt.exe
  2⤵
  PID:3948
- C:\Windows\System\xeaQoEx.exe
  C:\Windows\System\xeaQoEx.exe
  2⤵
  PID:3992
- C:\Windows\System\onUvCJZ.exe
  C:\Windows\System\onUvCJZ.exe
  2⤵
  PID:4008
- C:\Windows\System\JWvKbun.exe
  C:\Windows\System\JWvKbun.exe
  2⤵
  PID:4048
- C:\Windows\System\jFueZpR.exe
  C:\Windows\System\jFueZpR.exe
  2⤵
  PID:4092
- C:\Windows\System\XnVUGfM.exe
  C:\Windows\System\XnVUGfM.exe
  2⤵
  PID:2352
- C:\Windows\System\RoMVkjW.exe
  C:\Windows\System\RoMVkjW.exe
  2⤵
  PID:1772
- C:\Windows\System\fYYPzeO.exe
  C:\Windows\System\fYYPzeO.exe
  2⤵
  PID:1880
- C:\Windows\System\yQxnnHq.exe
  C:\Windows\System\yQxnnHq.exe
  2⤵
  PID:2432
- C:\Windows\System\fdJPAaM.exe
  C:\Windows\System\fdJPAaM.exe
  2⤵
  PID:2172
- C:\Windows\System\eMwObZp.exe
  C:\Windows\System\eMwObZp.exe
  2⤵
  PID:2460
- C:\Windows\System\MThngkp.exe
  C:\Windows\System\MThngkp.exe
  2⤵
  PID:2412
- C:\Windows\System\rurjhFy.exe
  C:\Windows\System\rurjhFy.exe
  2⤵
  PID:3096
- C:\Windows\System\wpIuuIC.exe
  C:\Windows\System\wpIuuIC.exe
  2⤵
  PID:3080
- C:\Windows\System\oxHGsRQ.exe
  C:\Windows\System\oxHGsRQ.exe
  2⤵
  PID:3168
- C:\Windows\System\nXahIcP.exe
  C:\Windows\System\nXahIcP.exe
  2⤵
  PID:3228
- C:\Windows\System\PfrFgRr.exe
  C:\Windows\System\PfrFgRr.exe
  2⤵
  PID:3312
- C:\Windows\System\zTgsKdU.exe
  C:\Windows\System\zTgsKdU.exe
  2⤵
  PID:3384
- C:\Windows\System\vufbjdp.exe
  C:\Windows\System\vufbjdp.exe
  2⤵
  PID:3404
- C:\Windows\System\xevUdJy.exe
  C:\Windows\System\xevUdJy.exe
  2⤵
  PID:3468
- C:\Windows\System\CDUxfwj.exe
  C:\Windows\System\CDUxfwj.exe
  2⤵
  PID:3484
- C:\Windows\System\xcErDNd.exe
  C:\Windows\System\xcErDNd.exe
  2⤵
  PID:3564
- C:\Windows\System\OGgcVAj.exe
  C:\Windows\System\OGgcVAj.exe
  2⤵
  PID:3644
- C:\Windows\System\oJWagby.exe
  C:\Windows\System\oJWagby.exe
  2⤵
  PID:3688
- C:\Windows\System\ujoNFrJ.exe
  C:\Windows\System\ujoNFrJ.exe
  2⤵
  PID:3704
- C:\Windows\System\OFEojSo.exe
  C:\Windows\System\OFEojSo.exe
  2⤵
  PID:4112
- C:\Windows\System\SLdHUfP.exe
  C:\Windows\System\SLdHUfP.exe
  2⤵
  PID:4132
- C:\Windows\System\YTncbej.exe
  C:\Windows\System\YTncbej.exe
  2⤵
  PID:4152
- C:\Windows\System\LpToGOv.exe
  C:\Windows\System\LpToGOv.exe
  2⤵
  PID:4172
- C:\Windows\System\pJGYdIy.exe
  C:\Windows\System\pJGYdIy.exe
  2⤵
  PID:4192
- C:\Windows\System\bJVaBgQ.exe
  C:\Windows\System\bJVaBgQ.exe
  2⤵
  PID:4212
- C:\Windows\System\MpfRtmB.exe
  C:\Windows\System\MpfRtmB.exe
  2⤵
  PID:4232
- C:\Windows\System\uaFFodU.exe
  C:\Windows\System\uaFFodU.exe
  2⤵
  PID:4252
- C:\Windows\System\CgZEYZY.exe
  C:\Windows\System\CgZEYZY.exe
  2⤵
  PID:4272
- C:\Windows\System\ggqFTka.exe
  C:\Windows\System\ggqFTka.exe
  2⤵
  PID:4292
- C:\Windows\System\TsXZlrE.exe
  C:\Windows\System\TsXZlrE.exe
  2⤵
  PID:4312
- C:\Windows\System\dupTHQQ.exe
  C:\Windows\System\dupTHQQ.exe
  2⤵
  PID:4332
- C:\Windows\System\ZHoSXTy.exe
  C:\Windows\System\ZHoSXTy.exe
  2⤵
  PID:4352
- C:\Windows\System\gDFIZWn.exe
  C:\Windows\System\gDFIZWn.exe
  2⤵
  PID:4372
- C:\Windows\System\NOmuJII.exe
  C:\Windows\System\NOmuJII.exe
  2⤵
  PID:4392
- C:\Windows\System\ZCJKwRz.exe
  C:\Windows\System\ZCJKwRz.exe
  2⤵
  PID:4412
- C:\Windows\System\XAHTqIW.exe
  C:\Windows\System\XAHTqIW.exe
  2⤵
  PID:4432
- C:\Windows\System\xYfUDIt.exe
  C:\Windows\System\xYfUDIt.exe
  2⤵
  PID:4452
- C:\Windows\System\rfZaBjt.exe
  C:\Windows\System\rfZaBjt.exe
  2⤵
  PID:4472
- C:\Windows\System\XQgZiux.exe
  C:\Windows\System\XQgZiux.exe
  2⤵
  PID:4492
- C:\Windows\System\AhZcROA.exe
  C:\Windows\System\AhZcROA.exe
  2⤵
  PID:4512
- C:\Windows\System\WdHQMNU.exe
  C:\Windows\System\WdHQMNU.exe
  2⤵
  PID:4532
- C:\Windows\System\edahvgQ.exe
  C:\Windows\System\edahvgQ.exe
  2⤵
  PID:4552
- C:\Windows\System\mKrVNEH.exe
  C:\Windows\System\mKrVNEH.exe
  2⤵
  PID:4572
- C:\Windows\System\rnehWgy.exe
  C:\Windows\System\rnehWgy.exe
  2⤵
  PID:4592
- C:\Windows\System\WNeICky.exe
  C:\Windows\System\WNeICky.exe
  2⤵
  PID:4612
- C:\Windows\System\OEaCyaZ.exe
  C:\Windows\System\OEaCyaZ.exe
  2⤵
  PID:4636
- C:\Windows\System\NFvaAcy.exe
  C:\Windows\System\NFvaAcy.exe
  2⤵
  PID:4656
- C:\Windows\System\eluQdqo.exe
  C:\Windows\System\eluQdqo.exe
  2⤵
  PID:4676
- C:\Windows\System\ZwRpkKg.exe
  C:\Windows\System\ZwRpkKg.exe
  2⤵
  PID:4700
- C:\Windows\System\RLIWqRQ.exe
  C:\Windows\System\RLIWqRQ.exe
  2⤵
  PID:4720
- C:\Windows\System\sNgEvdB.exe
  C:\Windows\System\sNgEvdB.exe
  2⤵
  PID:4740
- C:\Windows\System\TIfMMpW.exe
  C:\Windows\System\TIfMMpW.exe
  2⤵
  PID:4760
- C:\Windows\System\RLCDFmc.exe
  C:\Windows\System\RLCDFmc.exe
  2⤵
  PID:4780
- C:\Windows\System\zAjMFqi.exe
  C:\Windows\System\zAjMFqi.exe
  2⤵
  PID:4800
- C:\Windows\System\ymdTYSz.exe
  C:\Windows\System\ymdTYSz.exe
  2⤵
  PID:4820
- C:\Windows\System\rwcFpEM.exe
  C:\Windows\System\rwcFpEM.exe
  2⤵
  PID:4840
- C:\Windows\System\hNBsmgr.exe
  C:\Windows\System\hNBsmgr.exe
  2⤵
  PID:4860
- C:\Windows\System\brejjSY.exe
  C:\Windows\System\brejjSY.exe
  2⤵
  PID:4880
- C:\Windows\System\TOHJYpu.exe
  C:\Windows\System\TOHJYpu.exe
  2⤵
  PID:4900
- C:\Windows\System\gsXtoIQ.exe
  C:\Windows\System\gsXtoIQ.exe
  2⤵
  PID:4920
- C:\Windows\System\IUUYhgq.exe
  C:\Windows\System\IUUYhgq.exe
  2⤵
  PID:4940
- C:\Windows\System\kiSOAEm.exe
  C:\Windows\System\kiSOAEm.exe
  2⤵
  PID:4960
- C:\Windows\System\HiOkFKw.exe
  C:\Windows\System\HiOkFKw.exe
  2⤵
  PID:4980
- C:\Windows\System\GBXERAl.exe
  C:\Windows\System\GBXERAl.exe
  2⤵
  PID:5000
- C:\Windows\System\ynGCgKj.exe
  C:\Windows\System\ynGCgKj.exe
  2⤵
  PID:5020
- C:\Windows\System\iBaQVHq.exe
  C:\Windows\System\iBaQVHq.exe
  2⤵
  PID:5040
- C:\Windows\System\MlyakMH.exe
  C:\Windows\System\MlyakMH.exe
  2⤵
  PID:5060
- C:\Windows\System\oMCqkTz.exe
  C:\Windows\System\oMCqkTz.exe
  2⤵
  PID:5080
- C:\Windows\System\URWFxrj.exe
  C:\Windows\System\URWFxrj.exe
  2⤵
  PID:5100
- C:\Windows\System\WzxIhuw.exe
  C:\Windows\System\WzxIhuw.exe
  2⤵
  PID:3768
- C:\Windows\System\WJBTlIW.exe
  C:\Windows\System\WJBTlIW.exe
  2⤵
  PID:3808
- C:\Windows\System\lVgkgEl.exe
  C:\Windows\System\lVgkgEl.exe
  2⤵
  PID:3868
- C:\Windows\System\AwSVNMt.exe
  C:\Windows\System\AwSVNMt.exe
  2⤵
  PID:3952
- C:\Windows\System\czJRgaX.exe
  C:\Windows\System\czJRgaX.exe
  2⤵
  PID:4004
- C:\Windows\System\PHBWulA.exe
  C:\Windows\System\PHBWulA.exe
  2⤵
  PID:4044
- C:\Windows\System\jGpSRnn.exe
  C:\Windows\System\jGpSRnn.exe
  2⤵
  PID:972
- C:\Windows\System\CTabiAQ.exe
  C:\Windows\System\CTabiAQ.exe
  2⤵
  PID:2036
- C:\Windows\System\wHHfHLU.exe
  C:\Windows\System\wHHfHLU.exe
  2⤵
  PID:1112
- C:\Windows\System\phaTgRb.exe
  C:\Windows\System\phaTgRb.exe
  2⤵
  PID:2180
- C:\Windows\System\hBUOiiP.exe
  C:\Windows\System\hBUOiiP.exe
  2⤵
  PID:2324
- C:\Windows\System\WkJcLey.exe
  C:\Windows\System\WkJcLey.exe
  2⤵
  PID:3184
- C:\Windows\System\SXDjMmo.exe
  C:\Windows\System\SXDjMmo.exe
  2⤵
  PID:3244
- C:\Windows\System\lxvGPGa.exe
  C:\Windows\System\lxvGPGa.exe
  2⤵
  PID:3344
- C:\Windows\System\rTdiVfa.exe
  C:\Windows\System\rTdiVfa.exe
  2⤵
  PID:3304
- C:\Windows\System\RTptFIV.exe
  C:\Windows\System\RTptFIV.exe
  2⤵
  PID:3444
- C:\Windows\System\nMZejda.exe
  C:\Windows\System\nMZejda.exe
  2⤵
  PID:3608
- C:\Windows\System\VycAYGu.exe
  C:\Windows\System\VycAYGu.exe
  2⤵
  PID:3732
- C:\Windows\System\qIjoWSE.exe
  C:\Windows\System\qIjoWSE.exe
  2⤵
  PID:4108
- C:\Windows\System\YRamGle.exe
  C:\Windows\System\YRamGle.exe
  2⤵
  PID:4160
- C:\Windows\System\ZwvboyV.exe
  C:\Windows\System\ZwvboyV.exe
  2⤵
  PID:4164
- C:\Windows\System\NOWUTVD.exe
  C:\Windows\System\NOWUTVD.exe
  2⤵
  PID:4208
- C:\Windows\System\IzaUUmt.exe
  C:\Windows\System\IzaUUmt.exe
  2⤵
  PID:4240
- C:\Windows\System\vkuDVhk.exe
  C:\Windows\System\vkuDVhk.exe
  2⤵
  PID:4264
- C:\Windows\System\czVSQIC.exe
  C:\Windows\System\czVSQIC.exe
  2⤵
  PID:4308
- C:\Windows\System\suYvvQf.exe
  C:\Windows\System\suYvvQf.exe
  2⤵
  PID:4340
- C:\Windows\System\dSoGQWu.exe
  C:\Windows\System\dSoGQWu.exe
  2⤵
  PID:4364
- C:\Windows\System\ZmPPrCi.exe
  C:\Windows\System\ZmPPrCi.exe
  2⤵
  PID:4404
- C:\Windows\System\mQhmxsW.exe
  C:\Windows\System\mQhmxsW.exe
  2⤵
  PID:4428
- C:\Windows\System\YVcigNn.exe
  C:\Windows\System\YVcigNn.exe
  2⤵
  PID:4468
- C:\Windows\System\bkrONHM.exe
  C:\Windows\System\bkrONHM.exe
  2⤵
  PID:4508
- C:\Windows\System\ImfDTru.exe
  C:\Windows\System\ImfDTru.exe
  2⤵
  PID:4548
- C:\Windows\System\RTCyOlF.exe
  C:\Windows\System\RTCyOlF.exe
  2⤵
  PID:4580
- C:\Windows\System\ugAIkys.exe
  C:\Windows\System\ugAIkys.exe
  2⤵
  PID:4604
- C:\Windows\System\UwFnUZP.exe
  C:\Windows\System\UwFnUZP.exe
  2⤵
  PID:4648
- C:\Windows\System\AuUbcDl.exe
  C:\Windows\System\AuUbcDl.exe
  2⤵
  PID:4672
- C:\Windows\System\GQVGfFZ.exe
  C:\Windows\System\GQVGfFZ.exe
  2⤵
  PID:4736
- C:\Windows\System\ObRUYea.exe
  C:\Windows\System\ObRUYea.exe
  2⤵
  PID:4748
- C:\Windows\System\rOpZyjm.exe
  C:\Windows\System\rOpZyjm.exe
  2⤵
  PID:4808
- C:\Windows\System\MNIZKjR.exe
  C:\Windows\System\MNIZKjR.exe
  2⤵
  PID:4812
- C:\Windows\System\jusRkva.exe
  C:\Windows\System\jusRkva.exe
  2⤵
  PID:4832
- C:\Windows\System\ziNBupD.exe
  C:\Windows\System\ziNBupD.exe
  2⤵
  PID:4876
- C:\Windows\System\UEPCDtB.exe
  C:\Windows\System\UEPCDtB.exe
  2⤵
  PID:4936
- C:\Windows\System\lKXnnKs.exe
  C:\Windows\System\lKXnnKs.exe
  2⤵
  PID:4976
- C:\Windows\System\JaLncWk.exe
  C:\Windows\System\JaLncWk.exe
  2⤵
  PID:4996
- C:\Windows\System\CdmNRrC.exe
  C:\Windows\System\CdmNRrC.exe
  2⤵
  PID:5028
- C:\Windows\System\ORrnZgr.exe
  C:\Windows\System\ORrnZgr.exe
  2⤵
  PID:5052
- C:\Windows\System\VUEEMGJ.exe
  C:\Windows\System\VUEEMGJ.exe
  2⤵
  PID:5096
- C:\Windows\System\aNlYqWW.exe
  C:\Windows\System\aNlYqWW.exe
  2⤵
  PID:3812
- C:\Windows\System\hoIfUds.exe
  C:\Windows\System\hoIfUds.exe
  2⤵
  PID:4692
- C:\Windows\System\chdKGOz.exe
  C:\Windows\System\chdKGOz.exe
  2⤵
  PID:3984
- C:\Windows\System\sXgAmlw.exe
  C:\Windows\System\sXgAmlw.exe
  2⤵
  PID:4028
- C:\Windows\System\odyuiuh.exe
  C:\Windows\System\odyuiuh.exe
  2⤵
  PID:2420
- C:\Windows\System\jNFykGG.exe
  C:\Windows\System\jNFykGG.exe
  2⤵
  PID:2676
- C:\Windows\System\rvcIdey.exe
  C:\Windows\System\rvcIdey.exe
  2⤵
  PID:2672
- C:\Windows\System\WqwjTFc.exe
  C:\Windows\System\WqwjTFc.exe
  2⤵
  PID:3192
- C:\Windows\System\ISjfiYw.exe
  C:\Windows\System\ISjfiYw.exe
  2⤵
  PID:3288
- C:\Windows\System\eJARapY.exe
  C:\Windows\System\eJARapY.exe
  2⤵
  PID:3412
- C:\Windows\System\nlYrkIA.exe
  C:\Windows\System\nlYrkIA.exe
  2⤵
  PID:3604
- C:\Windows\System\fKRLjXL.exe
  C:\Windows\System\fKRLjXL.exe
  2⤵
  PID:4128
- C:\Windows\System\UHzQOJD.exe
  C:\Windows\System\UHzQOJD.exe
  2⤵
  PID:4168
- C:\Windows\System\WhwisLD.exe
  C:\Windows\System\WhwisLD.exe
  2⤵
  PID:4244
- C:\Windows\System\uWoihZS.exe
  C:\Windows\System\uWoihZS.exe
  2⤵
  PID:4260
- C:\Windows\System\bPPfexq.exe
  C:\Windows\System\bPPfexq.exe
  2⤵
  PID:4284
- C:\Windows\System\wPPmLVa.exe
  C:\Windows\System\wPPmLVa.exe
  2⤵
  PID:4368
- C:\Windows\System\euaKtCP.exe
  C:\Windows\System\euaKtCP.exe
  2⤵
  PID:4444
- C:\Windows\System\kbMljyF.exe
  C:\Windows\System\kbMljyF.exe
  2⤵
  PID:4520
- C:\Windows\System\juJYEhW.exe
  C:\Windows\System\juJYEhW.exe
  2⤵
  PID:4568
- C:\Windows\System\HJAwVjt.exe
  C:\Windows\System\HJAwVjt.exe
  2⤵
  PID:4588
- C:\Windows\System\DcQvWkg.exe
  C:\Windows\System\DcQvWkg.exe
  2⤵
  PID:4696
- C:\Windows\System\nmMgSTQ.exe
  C:\Windows\System\nmMgSTQ.exe
  2⤵
  PID:4728
- C:\Windows\System\vSAqGGX.exe
  C:\Windows\System\vSAqGGX.exe
  2⤵
  PID:4816
- C:\Windows\System\wvnnkvd.exe
  C:\Windows\System\wvnnkvd.exe
  2⤵
  PID:4836
- C:\Windows\System\BgoIGKp.exe
  C:\Windows\System\BgoIGKp.exe
  2⤵
  PID:4892
- C:\Windows\System\jcncqrO.exe
  C:\Windows\System\jcncqrO.exe
  2⤵
  PID:4932
- C:\Windows\System\mmTHUbX.exe
  C:\Windows\System\mmTHUbX.exe
  2⤵
  PID:4972
- C:\Windows\System\jfMYkFU.exe
  C:\Windows\System\jfMYkFU.exe
  2⤵
  PID:5032
- C:\Windows\System\NcMfzbz.exe
  C:\Windows\System\NcMfzbz.exe
  2⤵
  PID:5112
- C:\Windows\System\lJDBdxn.exe
  C:\Windows\System\lJDBdxn.exe
  2⤵
  PID:4052
- C:\Windows\System\yoUJLmB.exe
  C:\Windows\System\yoUJLmB.exe
  2⤵
  PID:4068
- C:\Windows\System\bwIoBWj.exe
  C:\Windows\System\bwIoBWj.exe
  2⤵
  PID:2696
- C:\Windows\System\hAJIyOl.exe
  C:\Windows\System\hAJIyOl.exe
  2⤵
  PID:5124
- C:\Windows\System\RQjqAbw.exe
  C:\Windows\System\RQjqAbw.exe
  2⤵
  PID:5144
- C:\Windows\System\SKUqSBj.exe
  C:\Windows\System\SKUqSBj.exe
  2⤵
  PID:5164
- C:\Windows\System\wcTHEGm.exe
  C:\Windows\System\wcTHEGm.exe
  2⤵
  PID:5184
- C:\Windows\System\kpEHAnQ.exe
  C:\Windows\System\kpEHAnQ.exe
  2⤵
  PID:5204
- C:\Windows\System\HlgVndw.exe
  C:\Windows\System\HlgVndw.exe
  2⤵
  PID:5224
- C:\Windows\System\FqtjsvD.exe
  C:\Windows\System\FqtjsvD.exe
  2⤵
  PID:5244
- C:\Windows\System\OggjFek.exe
  C:\Windows\System\OggjFek.exe
  2⤵
  PID:5264
- C:\Windows\System\dTXlkrQ.exe
  C:\Windows\System\dTXlkrQ.exe
  2⤵
  PID:5284
- C:\Windows\System\THvMZsb.exe
  C:\Windows\System\THvMZsb.exe
  2⤵
  PID:5304
- C:\Windows\System\GtGbuYr.exe
  C:\Windows\System\GtGbuYr.exe
  2⤵
  PID:5324
- C:\Windows\System\EXQBJDW.exe
  C:\Windows\System\EXQBJDW.exe
  2⤵
  PID:5344
- C:\Windows\System\gjNGLqm.exe
  C:\Windows\System\gjNGLqm.exe
  2⤵
  PID:5364
- C:\Windows\System\SQrqBoW.exe
  C:\Windows\System\SQrqBoW.exe
  2⤵
  PID:5384
- C:\Windows\System\tZdIaTY.exe
  C:\Windows\System\tZdIaTY.exe
  2⤵
  PID:5404
- C:\Windows\System\MjkyKeJ.exe
  C:\Windows\System\MjkyKeJ.exe
  2⤵
  PID:5424
- C:\Windows\System\QxOGSmc.exe
  C:\Windows\System\QxOGSmc.exe
  2⤵
  PID:5444
- C:\Windows\System\KxAducc.exe
  C:\Windows\System\KxAducc.exe
  2⤵
  PID:5464
- C:\Windows\System\tmaGNnk.exe
  C:\Windows\System\tmaGNnk.exe
  2⤵
  PID:5484
- C:\Windows\System\UYLycqr.exe
  C:\Windows\System\UYLycqr.exe
  2⤵
  PID:5504
- C:\Windows\System\rHZIMBf.exe
  C:\Windows\System\rHZIMBf.exe
  2⤵
  PID:5524
- C:\Windows\System\LtQakfO.exe
  C:\Windows\System\LtQakfO.exe
  2⤵
  PID:5544
- C:\Windows\System\Ubmtdhl.exe
  C:\Windows\System\Ubmtdhl.exe
  2⤵
  PID:5564
- C:\Windows\System\BMsSgNb.exe
  C:\Windows\System\BMsSgNb.exe
  2⤵
  PID:5584
- C:\Windows\System\DkHTTpx.exe
  C:\Windows\System\DkHTTpx.exe
  2⤵
  PID:5608
- C:\Windows\System\bEkcIcu.exe
  C:\Windows\System\bEkcIcu.exe
  2⤵
  PID:5628
- C:\Windows\System\hcxpRnM.exe
  C:\Windows\System\hcxpRnM.exe
  2⤵
  PID:5648
- C:\Windows\System\XSaiSXC.exe
  C:\Windows\System\XSaiSXC.exe
  2⤵
  PID:5668
- C:\Windows\System\PGBGQeG.exe
  C:\Windows\System\PGBGQeG.exe
  2⤵
  PID:5688
- C:\Windows\System\ykAGsCQ.exe
  C:\Windows\System\ykAGsCQ.exe
  2⤵
  PID:5708
- C:\Windows\System\YWIMQpH.exe
  C:\Windows\System\YWIMQpH.exe
  2⤵
  PID:5728
- C:\Windows\System\hWtpRYi.exe
  C:\Windows\System\hWtpRYi.exe
  2⤵
  PID:5748
- C:\Windows\System\RPHuYKy.exe
  C:\Windows\System\RPHuYKy.exe
  2⤵
  PID:5768
- C:\Windows\System\yoMuADD.exe
  C:\Windows\System\yoMuADD.exe
  2⤵
  PID:5788
- C:\Windows\System\ciZcJTt.exe
  C:\Windows\System\ciZcJTt.exe
  2⤵
  PID:5808
- C:\Windows\System\KMlUOSf.exe
  C:\Windows\System\KMlUOSf.exe
  2⤵
  PID:5828
- C:\Windows\System\igPDTch.exe
  C:\Windows\System\igPDTch.exe
  2⤵
  PID:5848
- C:\Windows\System\FtKXJiM.exe
  C:\Windows\System\FtKXJiM.exe
  2⤵
  PID:5868
- C:\Windows\System\DvDUmDD.exe
  C:\Windows\System\DvDUmDD.exe
  2⤵
  PID:5888
- C:\Windows\System\nGZMuVJ.exe
  C:\Windows\System\nGZMuVJ.exe
  2⤵
  PID:5908
- C:\Windows\System\Gdycmhl.exe
  C:\Windows\System\Gdycmhl.exe
  2⤵
  PID:5928
- C:\Windows\System\uucVvRw.exe
  C:\Windows\System\uucVvRw.exe
  2⤵
  PID:5948
- C:\Windows\System\gosRIii.exe
  C:\Windows\System\gosRIii.exe
  2⤵
  PID:5968
- C:\Windows\System\bnHaoRB.exe
  C:\Windows\System\bnHaoRB.exe
  2⤵
  PID:5988
- C:\Windows\System\XCrWOPe.exe
  C:\Windows\System\XCrWOPe.exe
  2⤵
  PID:6008
- C:\Windows\System\DDMqRIf.exe
  C:\Windows\System\DDMqRIf.exe
  2⤵
  PID:6028
- C:\Windows\System\FbbEzuz.exe
  C:\Windows\System\FbbEzuz.exe
  2⤵
  PID:6048
- C:\Windows\System\ziJVzWv.exe
  C:\Windows\System\ziJVzWv.exe
  2⤵
  PID:6068
- C:\Windows\System\MtWDtXS.exe
  C:\Windows\System\MtWDtXS.exe
  2⤵
  PID:6088
- C:\Windows\System\BmGcWpa.exe
  C:\Windows\System\BmGcWpa.exe
  2⤵
  PID:6112
- C:\Windows\System\bFSHdUF.exe
  C:\Windows\System\bFSHdUF.exe
  2⤵
  PID:6132
- C:\Windows\System\MpixJjw.exe
  C:\Windows\System\MpixJjw.exe
  2⤵
  PID:3188
- C:\Windows\System\YYQlXYj.exe
  C:\Windows\System\YYQlXYj.exe
  2⤵
  PID:4100
- C:\Windows\System\LhsHFka.exe
  C:\Windows\System\LhsHFka.exe
  2⤵
  PID:4104
- C:\Windows\System\GbqPBUg.exe
  C:\Windows\System\GbqPBUg.exe
  2⤵
  PID:4184
- C:\Windows\System\buJwrtF.exe
  C:\Windows\System\buJwrtF.exe
  2⤵
  PID:4228
- C:\Windows\System\ENRrLCT.exe
  C:\Windows\System\ENRrLCT.exe
  2⤵
  PID:4948
- C:\Windows\System\slVdxTS.exe
  C:\Windows\System\slVdxTS.exe
  2⤵
  PID:4488
- C:\Windows\System\WvKUuVs.exe
  C:\Windows\System\WvKUuVs.exe
  2⤵
  PID:4544
- C:\Windows\System\iwAKswA.exe
  C:\Windows\System\iwAKswA.exe
  2⤵
  PID:4628
- C:\Windows\System\pqtEWmr.exe
  C:\Windows\System\pqtEWmr.exe
  2⤵
  PID:4796
- C:\Windows\System\KXTNPxX.exe
  C:\Windows\System\KXTNPxX.exe
  2⤵
  PID:4868
- C:\Windows\System\WfOBQDJ.exe
  C:\Windows\System\WfOBQDJ.exe
  2⤵
  PID:4988
- C:\Windows\System\ixMbhxw.exe
  C:\Windows\System\ixMbhxw.exe
  2⤵
  PID:5056
- C:\Windows\System\rkpCUdG.exe
  C:\Windows\System\rkpCUdG.exe
  2⤵
  PID:3908
- C:\Windows\System\XKifGdI.exe
  C:\Windows\System\XKifGdI.exe
  2⤵
  PID:3972
- C:\Windows\System\zOfrnKv.exe
  C:\Windows\System\zOfrnKv.exe
  2⤵
  PID:3120
- C:\Windows\System\iKJOsls.exe
  C:\Windows\System\iKJOsls.exe
  2⤵
  PID:5152
- C:\Windows\System\gjrXzut.exe
  C:\Windows\System\gjrXzut.exe
  2⤵
  PID:5200
- C:\Windows\System\KaDineD.exe
  C:\Windows\System\KaDineD.exe
  2⤵
  PID:5232
- C:\Windows\System\wFQqTkb.exe
  C:\Windows\System\wFQqTkb.exe
  2⤵
  PID:5252
- C:\Windows\System\wmEoVmk.exe
  C:\Windows\System\wmEoVmk.exe
  2⤵
  PID:5276
- C:\Windows\System\ozkGpae.exe
  C:\Windows\System\ozkGpae.exe
  2⤵
  PID:5320
- C:\Windows\System\PhYxHmJ.exe
  C:\Windows\System\PhYxHmJ.exe
  2⤵
  PID:5336
- C:\Windows\System\HkTrAEA.exe
  C:\Windows\System\HkTrAEA.exe
  2⤵
  PID:5392
- C:\Windows\System\RYtuZFq.exe
  C:\Windows\System\RYtuZFq.exe
  2⤵
  PID:5420
- C:\Windows\System\MhCbgxR.exe
  C:\Windows\System\MhCbgxR.exe
  2⤵
  PID:5452
- C:\Windows\System\ScZSEmH.exe
  C:\Windows\System\ScZSEmH.exe
  2⤵
  PID:5476
- C:\Windows\System\UNnMaGj.exe
  C:\Windows\System\UNnMaGj.exe
  2⤵
  PID:5520
- C:\Windows\System\qOnLvks.exe
  C:\Windows\System\qOnLvks.exe
  2⤵
  PID:5560
- C:\Windows\System\PFYLYlN.exe
  C:\Windows\System\PFYLYlN.exe
  2⤵
  PID:5576
- C:\Windows\System\SrCGVGl.exe
  C:\Windows\System\SrCGVGl.exe
  2⤵
  PID:5624
- C:\Windows\System\nCFSdFr.exe
  C:\Windows\System\nCFSdFr.exe
  2⤵
  PID:5656
- C:\Windows\System\MXgJxCj.exe
  C:\Windows\System\MXgJxCj.exe
  2⤵
  PID:5680
- C:\Windows\System\zONETWE.exe
  C:\Windows\System\zONETWE.exe
  2⤵
  PID:5720
- C:\Windows\System\zcoccJU.exe
  C:\Windows\System\zcoccJU.exe
  2⤵
  PID:5756
- C:\Windows\System\WCzMtDn.exe
  C:\Windows\System\WCzMtDn.exe
  2⤵
  PID:5796
- C:\Windows\System\nlciyyy.exe
  C:\Windows\System\nlciyyy.exe
  2⤵
  PID:5836
- C:\Windows\System\lXHHJhI.exe
  C:\Windows\System\lXHHJhI.exe
  2⤵
  PID:5864
- C:\Windows\System\hdTbGWV.exe
  C:\Windows\System\hdTbGWV.exe
  2⤵
  PID:5896
- C:\Windows\System\VBZcwyG.exe
  C:\Windows\System\VBZcwyG.exe
  2⤵
  PID:5920
- C:\Windows\System\fprgsgl.exe
  C:\Windows\System\fprgsgl.exe
  2⤵
  PID:5964
- C:\Windows\System\BlUUdwl.exe
  C:\Windows\System\BlUUdwl.exe
  2⤵
  PID:5984
- C:\Windows\System\qAGVRFY.exe
  C:\Windows\System\qAGVRFY.exe
  2⤵
  PID:6036
- C:\Windows\System\AuIzUIG.exe
  C:\Windows\System\AuIzUIG.exe
  2⤵
  PID:6056
- C:\Windows\System\xuBCmTU.exe
  C:\Windows\System\xuBCmTU.exe
  2⤵
  PID:6080
- C:\Windows\System\AzEjMoC.exe
  C:\Windows\System\AzEjMoC.exe
  2⤵
  PID:6128
- C:\Windows\System\rBPUWkU.exe
  C:\Windows\System\rBPUWkU.exe
  2⤵
  PID:3328
- C:\Windows\System\kMSFJzM.exe
  C:\Windows\System\kMSFJzM.exe
  2⤵
  PID:4188
- C:\Windows\System\jZXcpZW.exe
  C:\Windows\System\jZXcpZW.exe
  2⤵
  PID:4344
- C:\Windows\System\SbTaHVo.exe
  C:\Windows\System\SbTaHVo.exe
  2⤵
  PID:4388
- C:\Windows\System\AqqqXvE.exe
  C:\Windows\System\AqqqXvE.exe
  2⤵
  PID:4524
- C:\Windows\System\hNIxZcE.exe
  C:\Windows\System\hNIxZcE.exe
  2⤵
  PID:4732
- C:\Windows\System\ndsKNnZ.exe
  C:\Windows\System\ndsKNnZ.exe
  2⤵
  PID:4992
- C:\Windows\System\oXITzEn.exe
  C:\Windows\System\oXITzEn.exe
  2⤵
  PID:4912
- C:\Windows\System\fZEhfdU.exe
  C:\Windows\System\fZEhfdU.exe
  2⤵
  PID:3844
- C:\Windows\System\VjxkLKE.exe
  C:\Windows\System\VjxkLKE.exe
  2⤵
  PID:5136
- C:\Windows\System\NZeXGWF.exe
  C:\Windows\System\NZeXGWF.exe
  2⤵
  PID:5220
- C:\Windows\System\txbYKxw.exe
  C:\Windows\System\txbYKxw.exe
  2⤵
  PID:5216
- C:\Windows\System\FhEziGE.exe
  C:\Windows\System\FhEziGE.exe
  2⤵
  PID:5260
- C:\Windows\System\hwyrhGM.exe
  C:\Windows\System\hwyrhGM.exe
  2⤵
  PID:5380
- C:\Windows\System\NxNwedY.exe
  C:\Windows\System\NxNwedY.exe
  2⤵
  PID:5396
- C:\Windows\System\FplGtgW.exe
  C:\Windows\System\FplGtgW.exe
  2⤵
  PID:5460
- C:\Windows\System\ofzCwXJ.exe
  C:\Windows\System\ofzCwXJ.exe
  2⤵
  PID:5552
- C:\Windows\System\LOALwwX.exe
  C:\Windows\System\LOALwwX.exe
  2⤵
  PID:5604
- C:\Windows\System\XGSFWrs.exe
  C:\Windows\System\XGSFWrs.exe
  2⤵
  PID:5644
- C:\Windows\System\MjJsHSN.exe
  C:\Windows\System\MjJsHSN.exe
  2⤵
  PID:5784
- C:\Windows\System\TvFjKim.exe
  C:\Windows\System\TvFjKim.exe
  2⤵
  PID:5740
- C:\Windows\System\bZmXFGa.exe
  C:\Windows\System\bZmXFGa.exe
  2⤵
  PID:5780
- C:\Windows\System\LdJlAQg.exe
  C:\Windows\System\LdJlAQg.exe
  2⤵
  PID:5880
- C:\Windows\System\ZnhVZeL.exe
  C:\Windows\System\ZnhVZeL.exe
  2⤵
  PID:5944
- C:\Windows\System\noucxvb.exe
  C:\Windows\System\noucxvb.exe
  2⤵
  PID:6004
- C:\Windows\System\CsWxHRo.exe
  C:\Windows\System\CsWxHRo.exe
  2⤵
  PID:6040
- C:\Windows\System\nIroYmB.exe
  C:\Windows\System\nIroYmB.exe
  2⤵
  PID:6104
- C:\Windows\System\xobHmKh.exe
  C:\Windows\System\xobHmKh.exe
  2⤵
  PID:6084
- C:\Windows\System\MAgdETm.exe
  C:\Windows\System\MAgdETm.exe
  2⤵
  PID:4300
- C:\Windows\System\ngLLiXf.exe
  C:\Windows\System\ngLLiXf.exe
  2⤵
  PID:4500
- C:\Windows\System\KRxqnBt.exe
  C:\Windows\System\KRxqnBt.exe
  2⤵
  PID:4620
- C:\Windows\System\XhEGWBM.exe
  C:\Windows\System\XhEGWBM.exe
  2⤵
  PID:4848
- C:\Windows\System\HJQKHmy.exe
  C:\Windows\System\HJQKHmy.exe
  2⤵
  PID:5132
- C:\Windows\System\tGfontK.exe
  C:\Windows\System\tGfontK.exe
  2⤵
  PID:5192
- C:\Windows\System\NGHIfML.exe
  C:\Windows\System\NGHIfML.exe
  2⤵
  PID:6160
- C:\Windows\System\IOHEVop.exe
  C:\Windows\System\IOHEVop.exe
  2⤵
  PID:6180
- C:\Windows\System\hknkaol.exe
  C:\Windows\System\hknkaol.exe
  2⤵
  PID:6200
- C:\Windows\System\qWNEdZM.exe
  C:\Windows\System\qWNEdZM.exe
  2⤵
  PID:6220
- C:\Windows\System\FLOjjkA.exe
  C:\Windows\System\FLOjjkA.exe
  2⤵
  PID:6240
- C:\Windows\System\qYNqCxd.exe
  C:\Windows\System\qYNqCxd.exe
  2⤵
  PID:6260
- C:\Windows\System\NdFVwQp.exe
  C:\Windows\System\NdFVwQp.exe
  2⤵
  PID:6280
- C:\Windows\System\cWcQQVw.exe
  C:\Windows\System\cWcQQVw.exe
  2⤵
  PID:6300
- C:\Windows\System\HbmPVTQ.exe
  C:\Windows\System\HbmPVTQ.exe
  2⤵
  PID:6320
- C:\Windows\System\wPloTKf.exe
  C:\Windows\System\wPloTKf.exe
  2⤵
  PID:6340
- C:\Windows\System\SzMwRGM.exe
  C:\Windows\System\SzMwRGM.exe
  2⤵
  PID:6360
- C:\Windows\System\xDgjNYP.exe
  C:\Windows\System\xDgjNYP.exe
  2⤵
  PID:6380
- C:\Windows\System\VMrFDjy.exe
  C:\Windows\System\VMrFDjy.exe
  2⤵
  PID:6400
- C:\Windows\System\VyxeaYk.exe
  C:\Windows\System\VyxeaYk.exe
  2⤵
  PID:6420
- C:\Windows\System\kXTpUUs.exe
  C:\Windows\System\kXTpUUs.exe
  2⤵
  PID:6440
- C:\Windows\System\RaBiggF.exe
  C:\Windows\System\RaBiggF.exe
  2⤵
  PID:6460
- C:\Windows\System\uHteiyA.exe
  C:\Windows\System\uHteiyA.exe
  2⤵
  PID:6480
- C:\Windows\System\MGjFwUo.exe
  C:\Windows\System\MGjFwUo.exe
  2⤵
  PID:6504
- C:\Windows\System\nmayKoi.exe
  C:\Windows\System\nmayKoi.exe
  2⤵
  PID:6528
- C:\Windows\System\KLnZlpt.exe
  C:\Windows\System\KLnZlpt.exe
  2⤵
  PID:6548
- C:\Windows\System\QqGgyYV.exe
  C:\Windows\System\QqGgyYV.exe
  2⤵
  PID:6568
- C:\Windows\System\xtCLjhY.exe
  C:\Windows\System\xtCLjhY.exe
  2⤵
  PID:6588
- C:\Windows\System\BVyJTzs.exe
  C:\Windows\System\BVyJTzs.exe
  2⤵
  PID:6608
- C:\Windows\System\JKFPGvM.exe
  C:\Windows\System\JKFPGvM.exe
  2⤵
  PID:6628
- C:\Windows\System\ZJEdyEh.exe
  C:\Windows\System\ZJEdyEh.exe
  2⤵
  PID:6648
- C:\Windows\System\DBtPFzY.exe
  C:\Windows\System\DBtPFzY.exe
  2⤵
  PID:6668
- C:\Windows\System\xbxmsxH.exe
  C:\Windows\System\xbxmsxH.exe
  2⤵
  PID:6704
- C:\Windows\System\TUvEHOT.exe
  C:\Windows\System\TUvEHOT.exe
  2⤵
  PID:6724
- C:\Windows\System\ZNfQpsi.exe
  C:\Windows\System\ZNfQpsi.exe
  2⤵
  PID:6744
- C:\Windows\System\RmFvQwa.exe
  C:\Windows\System\RmFvQwa.exe
  2⤵
  PID:6764
- C:\Windows\System\uXVJHxC.exe
  C:\Windows\System\uXVJHxC.exe
  2⤵
  PID:6784
- C:\Windows\System\YRljMEf.exe
  C:\Windows\System\YRljMEf.exe
  2⤵
  PID:6804
- C:\Windows\System\xzUvRgC.exe
  C:\Windows\System\xzUvRgC.exe
  2⤵
  PID:6824
- C:\Windows\System\eZYxZTR.exe
  C:\Windows\System\eZYxZTR.exe
  2⤵
  PID:6844
- C:\Windows\System\bYzPOSo.exe
  C:\Windows\System\bYzPOSo.exe
  2⤵
  PID:6864
- C:\Windows\System\aQRDgUy.exe
  C:\Windows\System\aQRDgUy.exe
  2⤵
  PID:6884
- C:\Windows\System\nMEBqsN.exe
  C:\Windows\System\nMEBqsN.exe
  2⤵
  PID:6904
- C:\Windows\System\ZPAcYqz.exe
  C:\Windows\System\ZPAcYqz.exe
  2⤵
  PID:6924
- C:\Windows\System\ayusbwK.exe
  C:\Windows\System\ayusbwK.exe
  2⤵
  PID:6944
- C:\Windows\System\mwXgsMi.exe
  C:\Windows\System\mwXgsMi.exe
  2⤵
  PID:6964
- C:\Windows\System\sBFWAWF.exe
  C:\Windows\System\sBFWAWF.exe
  2⤵
  PID:6984
- C:\Windows\System\rlMpQMV.exe
  C:\Windows\System\rlMpQMV.exe
  2⤵
  PID:7004
- C:\Windows\System\nKytCJr.exe
  C:\Windows\System\nKytCJr.exe
  2⤵
  PID:7024
- C:\Windows\System\vbRpvTC.exe
  C:\Windows\System\vbRpvTC.exe
  2⤵
  PID:7044
- C:\Windows\System\AgmAPdj.exe
  C:\Windows\System\AgmAPdj.exe
  2⤵
  PID:7064
- C:\Windows\System\zbXBVNL.exe
  C:\Windows\System\zbXBVNL.exe
  2⤵
  PID:7084
- C:\Windows\System\tGoijBQ.exe
  C:\Windows\System\tGoijBQ.exe
  2⤵
  PID:7104
- C:\Windows\System\zYjANmZ.exe
  C:\Windows\System\zYjANmZ.exe
  2⤵
  PID:7124
- C:\Windows\System\IdacjzW.exe
  C:\Windows\System\IdacjzW.exe
  2⤵
  PID:7144
- C:\Windows\System\tmHzhdz.exe
  C:\Windows\System\tmHzhdz.exe
  2⤵
  PID:7164
- C:\Windows\System\jlzcFPZ.exe
  C:\Windows\System\jlzcFPZ.exe
  2⤵
  PID:5296
- C:\Windows\System\mVSxJAJ.exe
  C:\Windows\System\mVSxJAJ.exe
  2⤵
  PID:5432
- C:\Windows\System\XApzERW.exe
  C:\Windows\System\XApzERW.exe
  2⤵
  PID:5512
- C:\Windows\System\QowFbSQ.exe
  C:\Windows\System\QowFbSQ.exe
  2⤵
  PID:5580
- C:\Windows\System\LILpBul.exe
  C:\Windows\System\LILpBul.exe
  2⤵
  PID:5616
- C:\Windows\System\SJvWpGY.exe
  C:\Windows\System\SJvWpGY.exe
  2⤵
  PID:5824
- C:\Windows\System\nQZQUYc.exe
  C:\Windows\System\nQZQUYc.exe
  2⤵
  PID:5924
- C:\Windows\System\phHyxIP.exe
  C:\Windows\System\phHyxIP.exe
  2⤵
  PID:6024
- C:\Windows\System\epqBiXR.exe
  C:\Windows\System\epqBiXR.exe
  2⤵
  PID:6076
- C:\Windows\System\jOrXMgK.exe
  C:\Windows\System\jOrXMgK.exe
  2⤵
  PID:3624
- C:\Windows\System\VQPiras.exe
  C:\Windows\System\VQPiras.exe
  2⤵
  PID:4148
- C:\Windows\System\RpSFoXk.exe
  C:\Windows\System\RpSFoXk.exe
  2⤵
  PID:5036
- C:\Windows\System\wiqIteo.exe
  C:\Windows\System\wiqIteo.exe
  2⤵
  PID:5212
- C:\Windows\System\jREaUZM.exe
  C:\Windows\System\jREaUZM.exe
  2⤵
  PID:6168
- C:\Windows\System\jfsgHrc.exe
  C:\Windows\System\jfsgHrc.exe
  2⤵
  PID:6216
- C:\Windows\System\fAcFwCU.exe
  C:\Windows\System\fAcFwCU.exe
  2⤵
  PID:6288
- C:\Windows\System\QZtCrfv.exe
  C:\Windows\System\QZtCrfv.exe
  2⤵
  PID:6332
- C:\Windows\System\CchclFi.exe
  C:\Windows\System\CchclFi.exe
  2⤵
  PID:6416
- C:\Windows\System\vfsmCzH.exe
  C:\Windows\System\vfsmCzH.exe
  2⤵
  PID:6492
- C:\Windows\System\hylojYB.exe
  C:\Windows\System\hylojYB.exe
  2⤵
  PID:6540
- C:\Windows\System\OflbqRV.exe
  C:\Windows\System\OflbqRV.exe
  2⤵
  PID:6624
- C:\Windows\System\RDzmjoP.exe
  C:\Windows\System\RDzmjoP.exe
  2⤵
  PID:6188
- C:\Windows\System\czmdVhX.exe
  C:\Windows\System\czmdVhX.exe
  2⤵
  PID:6232
- C:\Windows\System\wUhbAIb.exe
  C:\Windows\System\wUhbAIb.exe
  2⤵
  PID:6316
- C:\Windows\System\SKZePYf.exe
  C:\Windows\System\SKZePYf.exe
  2⤵
  PID:6388
- C:\Windows\System\cvwoxmE.exe
  C:\Windows\System\cvwoxmE.exe
  2⤵
  PID:6468
- C:\Windows\System\HrxDxwP.exe
  C:\Windows\System\HrxDxwP.exe
  2⤵
  PID:6516
- C:\Windows\System\sARoFDH.exe
  C:\Windows\System\sARoFDH.exe
  2⤵
  PID:6604
- C:\Windows\System\ognXzJk.exe
  C:\Windows\System\ognXzJk.exe
  2⤵
  PID:6676
- C:\Windows\System\jZDEUJy.exe
  C:\Windows\System\jZDEUJy.exe
  2⤵
  PID:6716
- C:\Windows\System\CBIanqy.exe
  C:\Windows\System\CBIanqy.exe
  2⤵
  PID:6760
- C:\Windows\System\RlZqPZn.exe
  C:\Windows\System\RlZqPZn.exe
  2⤵
  PID:6772
- C:\Windows\System\PIAITuz.exe
  C:\Windows\System\PIAITuz.exe
  2⤵
  PID:6832
- C:\Windows\System\EyXJxLM.exe
  C:\Windows\System\EyXJxLM.exe
  2⤵
  PID:6836
- C:\Windows\System\ufJmBLP.exe
  C:\Windows\System\ufJmBLP.exe
  2⤵
  PID:6860
- C:\Windows\System\nIpsJEa.exe
  C:\Windows\System\nIpsJEa.exe
  2⤵
  PID:6900
- C:\Windows\System\vFkyhkB.exe
  C:\Windows\System\vFkyhkB.exe
  2⤵
  PID:6952
- C:\Windows\System\xKHXOdQ.exe
  C:\Windows\System\xKHXOdQ.exe
  2⤵
  PID:6980
- C:\Windows\System\NWntATC.exe
  C:\Windows\System\NWntATC.exe
  2⤵
  PID:7012
- C:\Windows\System\dcHCSUV.exe
  C:\Windows\System\dcHCSUV.exe
  2⤵
  PID:7036
- C:\Windows\System\VSqHKLl.exe
  C:\Windows\System\VSqHKLl.exe
  2⤵
  PID:7060
- C:\Windows\System\wDwoDYw.exe
  C:\Windows\System\wDwoDYw.exe
  2⤵
  PID:7100
- C:\Windows\System\odJmWXL.exe
  C:\Windows\System\odJmWXL.exe
  2⤵
  PID:7160
- C:\Windows\System\RCNdsVI.exe
  C:\Windows\System\RCNdsVI.exe
  2⤵
  PID:5440
- C:\Windows\System\XXuRhmB.exe
  C:\Windows\System\XXuRhmB.exe
  2⤵
  PID:5172
- C:\Windows\System\cPJZBUx.exe
  C:\Windows\System\cPJZBUx.exe
  2⤵
  PID:5572
- C:\Windows\System\WjtQBeT.exe
  C:\Windows\System\WjtQBeT.exe
  2⤵
  PID:5776
- C:\Windows\System\VjyUmeO.exe
  C:\Windows\System\VjyUmeO.exe
  2⤵
  PID:5940
- C:\Windows\System\PUNfgTC.exe
  C:\Windows\System\PUNfgTC.exe
  2⤵
  PID:6120
- C:\Windows\System\FpZlDZo.exe
  C:\Windows\System\FpZlDZo.exe
  2⤵
  PID:4328
- C:\Windows\System\rixwhWf.exe
  C:\Windows\System\rixwhWf.exe
  2⤵
  PID:3744
- C:\Windows\System\AdHvFFc.exe
  C:\Windows\System\AdHvFFc.exe
  2⤵
  PID:2296
- C:\Windows\System\IEImuTm.exe
  C:\Windows\System\IEImuTm.exe
  2⤵
  PID:6152
- C:\Windows\System\sSWYEwe.exe
  C:\Windows\System\sSWYEwe.exe
  2⤵
  PID:6328
- C:\Windows\System\aWOgjme.exe
  C:\Windows\System\aWOgjme.exe
  2⤵
  PID:6452
- C:\Windows\System\RsHwYBt.exe
  C:\Windows\System\RsHwYBt.exe
  2⤵
  PID:6660
- C:\Windows\System\dWBjsdi.exe
  C:\Windows\System\dWBjsdi.exe
  2⤵
  PID:6664
- C:\Windows\System\QkHKNjS.exe
  C:\Windows\System\QkHKNjS.exe
  2⤵
  PID:6236
- C:\Windows\System\HqwtFzO.exe
  C:\Windows\System\HqwtFzO.exe
  2⤵
  PID:6352
- C:\Windows\System\UOtedWB.exe
  C:\Windows\System\UOtedWB.exe
  2⤵
  PID:6356
- C:\Windows\System\JGwqSGo.exe
  C:\Windows\System\JGwqSGo.exe
  2⤵
  PID:6512
- C:\Windows\System\bJLJouN.exe
  C:\Windows\System\bJLJouN.exe
  2⤵
  PID:6736
- C:\Windows\System\sRSBMCk.exe
  C:\Windows\System\sRSBMCk.exe
  2⤵
  PID:6644
- C:\Windows\System\mxqPeqj.exe
  C:\Windows\System\mxqPeqj.exe
  2⤵
  PID:1632
- C:\Windows\System\TzeJvRQ.exe
  C:\Windows\System\TzeJvRQ.exe
  2⤵
  PID:6940
- C:\Windows\System\XrBCRhB.exe
  C:\Windows\System\XrBCRhB.exe
  2⤵
  PID:6956
- C:\Windows\System\TWSFZfH.exe
  C:\Windows\System\TWSFZfH.exe
  2⤵
  PID:7120
- C:\Windows\System\BZWwpdK.exe
  C:\Windows\System\BZWwpdK.exe
  2⤵
  PID:6916
- C:\Windows\System\CRSNopc.exe
  C:\Windows\System\CRSNopc.exe
  2⤵
  PID:6996
- C:\Windows\System\OFGIOSK.exe
  C:\Windows\System\OFGIOSK.exe
  2⤵
  PID:7116
- C:\Windows\System\QDfzEWQ.exe
  C:\Windows\System\QDfzEWQ.exe
  2⤵
  PID:5760
- C:\Windows\System\VGjhhDs.exe
  C:\Windows\System\VGjhhDs.exe
  2⤵
  PID:5176
- C:\Windows\System\EZdXXnX.exe
  C:\Windows\System\EZdXXnX.exe
  2⤵
  PID:5108
- C:\Windows\System\FemLFPC.exe
  C:\Windows\System\FemLFPC.exe
  2⤵
  PID:6336
- C:\Windows\System\ZfSzyGK.exe
  C:\Windows\System\ZfSzyGK.exe
  2⤵
  PID:6656
- C:\Windows\System\lNoXDmw.exe
  C:\Windows\System\lNoXDmw.exe
  2⤵
  PID:6256
- C:\Windows\System\olONPHc.exe
  C:\Windows\System\olONPHc.exe
  2⤵
  PID:7184
- C:\Windows\System\OFKoYXy.exe
  C:\Windows\System\OFKoYXy.exe
  2⤵
  PID:7204
- C:\Windows\System\LaDrHlq.exe
  C:\Windows\System\LaDrHlq.exe
  2⤵
  PID:7224
- C:\Windows\System\DeXPyji.exe
  C:\Windows\System\DeXPyji.exe
  2⤵
  PID:7244
- C:\Windows\System\zSDGCxz.exe
  C:\Windows\System\zSDGCxz.exe
  2⤵
  PID:7264
- C:\Windows\System\roVHEGx.exe
  C:\Windows\System\roVHEGx.exe
  2⤵
  PID:7284
- C:\Windows\System\xwQNcId.exe
  C:\Windows\System\xwQNcId.exe
  2⤵
  PID:7304
- C:\Windows\System\TOzVQiu.exe
  C:\Windows\System\TOzVQiu.exe
  2⤵
  PID:7320
- C:\Windows\System\kOtQUuf.exe
  C:\Windows\System\kOtQUuf.exe
  2⤵
  PID:7344
- C:\Windows\System\ipKNvpV.exe
  C:\Windows\System\ipKNvpV.exe
  2⤵
  PID:7364
- C:\Windows\System\fpNHlDn.exe
  C:\Windows\System\fpNHlDn.exe
  2⤵
  PID:7384
- C:\Windows\System\YhKRzUr.exe
  C:\Windows\System\YhKRzUr.exe
  2⤵
  PID:7404
- C:\Windows\System\GYGIlMd.exe
  C:\Windows\System\GYGIlMd.exe
  2⤵
  PID:7420
- C:\Windows\System\OtQkBgS.exe
  C:\Windows\System\OtQkBgS.exe
  2⤵
  PID:7444
- C:\Windows\System\KtrylbL.exe
  C:\Windows\System\KtrylbL.exe
  2⤵
  PID:7468
- C:\Windows\System\Gkwgfto.exe
  C:\Windows\System\Gkwgfto.exe
  2⤵
  PID:7488
- C:\Windows\System\LvOzmDJ.exe
  C:\Windows\System\LvOzmDJ.exe
  2⤵
  PID:7508
- C:\Windows\System\RYdxCvq.exe
  C:\Windows\System\RYdxCvq.exe
  2⤵
  PID:7524
- C:\Windows\System\pYXsoZw.exe
  C:\Windows\System\pYXsoZw.exe
  2⤵
  PID:7548
- C:\Windows\System\GnZIQGx.exe
  C:\Windows\System\GnZIQGx.exe
  2⤵
  PID:7568
- C:\Windows\System\jyMURkb.exe
  C:\Windows\System\jyMURkb.exe
  2⤵
  PID:7588
- C:\Windows\System\ofNHBgJ.exe
  C:\Windows\System\ofNHBgJ.exe
  2⤵
  PID:7608
- C:\Windows\System\xfVNBBz.exe
  C:\Windows\System\xfVNBBz.exe
  2⤵
  PID:7624
- C:\Windows\System\vwLZjfQ.exe
  C:\Windows\System\vwLZjfQ.exe
  2⤵
  PID:7648
- C:\Windows\System\LUpmXtP.exe
  C:\Windows\System\LUpmXtP.exe
  2⤵
  PID:7668
- C:\Windows\System\mLivvpM.exe
  C:\Windows\System\mLivvpM.exe
  2⤵
  PID:7688
- C:\Windows\System\HmGDvfl.exe
  C:\Windows\System\HmGDvfl.exe
  2⤵
  PID:7708
- C:\Windows\System\IXPeyqy.exe
  C:\Windows\System\IXPeyqy.exe
  2⤵
  PID:7728
- C:\Windows\System\pgTdBvG.exe
  C:\Windows\System\pgTdBvG.exe
  2⤵
  PID:7744
- C:\Windows\System\iQhfjGu.exe
  C:\Windows\System\iQhfjGu.exe
  2⤵
  PID:7764
- C:\Windows\System\YzZJOXD.exe
  C:\Windows\System\YzZJOXD.exe
  2⤵
  PID:7784
- C:\Windows\System\WHbeNtv.exe
  C:\Windows\System\WHbeNtv.exe
  2⤵
  PID:7808
- C:\Windows\System\CMazoaJ.exe
  C:\Windows\System\CMazoaJ.exe
  2⤵
  PID:7824
- C:\Windows\System\orVQbQi.exe
  C:\Windows\System\orVQbQi.exe
  2⤵
  PID:7848
- C:\Windows\System\tJgExQJ.exe
  C:\Windows\System\tJgExQJ.exe
  2⤵
  PID:7868
- C:\Windows\System\ZIZdxQK.exe
  C:\Windows\System\ZIZdxQK.exe
  2⤵
  PID:7888
- C:\Windows\System\CRIpcpo.exe
  C:\Windows\System\CRIpcpo.exe
  2⤵
  PID:7908
- C:\Windows\System\OgcVSkw.exe
  C:\Windows\System\OgcVSkw.exe
  2⤵
  PID:7928
- C:\Windows\System\PAfEyOZ.exe
  C:\Windows\System\PAfEyOZ.exe
  2⤵
  PID:7948
- C:\Windows\System\AUixSPV.exe
  C:\Windows\System\AUixSPV.exe
  2⤵
  PID:7968
- C:\Windows\System\vQQOGSq.exe
  C:\Windows\System\vQQOGSq.exe
  2⤵
  PID:7988
- C:\Windows\System\ZPfkdBW.exe
  C:\Windows\System\ZPfkdBW.exe
  2⤵
  PID:8008
- C:\Windows\System\KQPpRVp.exe
  C:\Windows\System\KQPpRVp.exe
  2⤵
  PID:8024
- C:\Windows\System\QDKXGcB.exe
  C:\Windows\System\QDKXGcB.exe
  2⤵
  PID:8048
- C:\Windows\System\DWxyEPc.exe
  C:\Windows\System\DWxyEPc.exe
  2⤵
  PID:8068
- C:\Windows\System\WKvlnif.exe
  C:\Windows\System\WKvlnif.exe
  2⤵
  PID:8092
- C:\Windows\System\uwvWaLX.exe
  C:\Windows\System\uwvWaLX.exe
  2⤵
  PID:8112
- C:\Windows\System\nnpOaSg.exe
  C:\Windows\System\nnpOaSg.exe
  2⤵
  PID:8132
- C:\Windows\System\aArnCTu.exe
  C:\Windows\System\aArnCTu.exe
  2⤵
  PID:8152
- C:\Windows\System\vKkjOfh.exe
  C:\Windows\System\vKkjOfh.exe
  2⤵
  PID:8172
- C:\Windows\System\lYgRJhP.exe
  C:\Windows\System\lYgRJhP.exe
  2⤵
  PID:6448
- C:\Windows\System\TjiHARD.exe
  C:\Windows\System\TjiHARD.exe
  2⤵
  PID:6428
- C:\Windows\System\jMaezhp.exe
  C:\Windows\System\jMaezhp.exe
  2⤵
  PID:6596
- C:\Windows\System\jiPKeiO.exe
  C:\Windows\System\jiPKeiO.exe
  2⤵
  PID:6348
- C:\Windows\System\zMFkwfX.exe
  C:\Windows\System\zMFkwfX.exe
  2⤵
  PID:6720
- C:\Windows\System\JlrSkYh.exe
  C:\Windows\System\JlrSkYh.exe
  2⤵
  PID:6812
- C:\Windows\System\HFNUwgd.exe
  C:\Windows\System\HFNUwgd.exe
  2⤵
  PID:7040
- C:\Windows\System\vJVrZeL.exe
  C:\Windows\System\vJVrZeL.exe
  2⤵
  PID:5256
- C:\Windows\System\bDXAxPV.exe
  C:\Windows\System\bDXAxPV.exe
  2⤵
  PID:7072
- C:\Windows\System\pHJGoAF.exe
  C:\Windows\System\pHJGoAF.exe
  2⤵
  PID:5660
- C:\Windows\System\GVZlFGL.exe
  C:\Windows\System\GVZlFGL.exe
  2⤵
  PID:5996
- C:\Windows\System\VYVMHzT.exe
  C:\Windows\System\VYVMHzT.exe
  2⤵
  PID:6148
- C:\Windows\System\dCyMOHI.exe
  C:\Windows\System\dCyMOHI.exe
  2⤵
  PID:5800
- C:\Windows\System\vkcTVMh.exe
  C:\Windows\System\vkcTVMh.exe
  2⤵
  PID:7200
- C:\Windows\System\GdytGfZ.exe
  C:\Windows\System\GdytGfZ.exe
  2⤵
  PID:7232
- C:\Windows\System\QXKLKru.exe
  C:\Windows\System\QXKLKru.exe
  2⤵
  PID:7252
- C:\Windows\System\pvGMojc.exe
  C:\Windows\System\pvGMojc.exe
  2⤵
  PID:7276
- C:\Windows\System\PnzGqRc.exe
  C:\Windows\System\PnzGqRc.exe
  2⤵
  PID:7296
- C:\Windows\System\nuzhfwm.exe
  C:\Windows\System\nuzhfwm.exe
  2⤵
  PID:7332
- C:\Windows\System\LGgkvxO.exe
  C:\Windows\System\LGgkvxO.exe
  2⤵
  PID:7392
- C:\Windows\System\AIBdAiy.exe
  C:\Windows\System\AIBdAiy.exe
  2⤵
  PID:7016
- C:\Windows\System\nMZUpTd.exe
  C:\Windows\System\nMZUpTd.exe
  2⤵
  PID:7416
- C:\Windows\System\hyLUKfS.exe
  C:\Windows\System\hyLUKfS.exe
  2⤵
  PID:7484
- C:\Windows\System\MJLElDi.exe
  C:\Windows\System\MJLElDi.exe
  2⤵
  PID:7504
- C:\Windows\System\IEbraQg.exe
  C:\Windows\System\IEbraQg.exe
  2⤵
  PID:7560
- C:\Windows\System\cRstpRe.exe
  C:\Windows\System\cRstpRe.exe
  2⤵
  PID:7604
- C:\Windows\System\WKQfspH.exe
  C:\Windows\System\WKQfspH.exe
  2⤵
  PID:7644
- C:\Windows\System\hUCSJRl.exe
  C:\Windows\System\hUCSJRl.exe
  2⤵
  PID:7640
- C:\Windows\System\dSnJbnK.exe
  C:\Windows\System\dSnJbnK.exe
  2⤵
  PID:7664
- C:\Windows\System\CayLGjq.exe
  C:\Windows\System\CayLGjq.exe
  2⤵
  PID:7716
- C:\Windows\System\HARyNbj.exe
  C:\Windows\System\HARyNbj.exe
  2⤵
  PID:7760
- C:\Windows\System\UvREPXG.exe
  C:\Windows\System\UvREPXG.exe
  2⤵
  PID:7804
- C:\Windows\System\hdpmZAF.exe
  C:\Windows\System\hdpmZAF.exe
  2⤵
  PID:7844
- C:\Windows\System\zBKnQmK.exe
  C:\Windows\System\zBKnQmK.exe
  2⤵
  PID:7816
- C:\Windows\System\oTRkuNq.exe
  C:\Windows\System\oTRkuNq.exe
  2⤵
  PID:7884
- C:\Windows\System\LZmkCQj.exe
  C:\Windows\System\LZmkCQj.exe
  2⤵
  PID:7920
- C:\Windows\System\HjOQnTT.exe
  C:\Windows\System\HjOQnTT.exe
  2⤵
  PID:7956
- C:\Windows\System\CrzUWCY.exe
  C:\Windows\System\CrzUWCY.exe
  2⤵
  PID:8004
- C:\Windows\System\NYVgFqm.exe
  C:\Windows\System\NYVgFqm.exe
  2⤵
  PID:7976
- C:\Windows\System\KySBzSX.exe
  C:\Windows\System\KySBzSX.exe
  2⤵
  PID:8076
- C:\Windows\System\gmcPhSk.exe
  C:\Windows\System\gmcPhSk.exe
  2⤵
  PID:8064
- C:\Windows\System\mFXHQuN.exe
  C:\Windows\System\mFXHQuN.exe
  2⤵
  PID:8160
- C:\Windows\System\SWufDQK.exe
  C:\Windows\System\SWufDQK.exe
  2⤵
  PID:8164
- C:\Windows\System\zSdMHXC.exe
  C:\Windows\System\zSdMHXC.exe
  2⤵
  PID:6308
- C:\Windows\System\waSBnBa.exe
  C:\Windows\System\waSBnBa.exe
  2⤵
  PID:6436
- C:\Windows\System\xexiNBH.exe
  C:\Windows\System\xexiNBH.exe
  2⤵
  PID:6524
- C:\Windows\System\nfBDeBz.exe
  C:\Windows\System\nfBDeBz.exe
  2⤵
  PID:6796
- C:\Windows\System\sMTHobm.exe
  C:\Windows\System\sMTHobm.exe
  2⤵
  PID:7156
- C:\Windows\System\iYHHyWE.exe
  C:\Windows\System\iYHHyWE.exe
  2⤵
  PID:7092
- C:\Windows\System\KxRySbF.exe
  C:\Windows\System\KxRySbF.exe
  2⤵
  PID:7152
- C:\Windows\System\tlIrDdh.exe
  C:\Windows\System\tlIrDdh.exe
  2⤵
  PID:6376
- C:\Windows\System\hUHAOUJ.exe
  C:\Windows\System\hUHAOUJ.exe
  2⤵
  PID:7212
- C:\Windows\System\DmiJVvl.exe
  C:\Windows\System\DmiJVvl.exe
  2⤵
  PID:7176
- C:\Windows\System\nMTCoYM.exe
  C:\Windows\System\nMTCoYM.exe
  2⤵
  PID:7256
- C:\Windows\System\FFYBiwX.exe
  C:\Windows\System\FFYBiwX.exe
  2⤵
  PID:7372
- C:\Windows\System\focitoV.exe
  C:\Windows\System\focitoV.exe
  2⤵
  PID:7396
- C:\Windows\System\gcWAEoF.exe
  C:\Windows\System\gcWAEoF.exe
  2⤵
  PID:7516
- C:\Windows\System\SVbrvQH.exe
  C:\Windows\System\SVbrvQH.exe
  2⤵
  PID:7532
- C:\Windows\System\dmapTHJ.exe
  C:\Windows\System\dmapTHJ.exe
  2⤵
  PID:7540
- C:\Windows\System\LavLVJx.exe
  C:\Windows\System\LavLVJx.exe
  2⤵
  PID:7632
- C:\Windows\System\BtrUScw.exe
  C:\Windows\System\BtrUScw.exe
  2⤵
  PID:7680
- C:\Windows\System\YBdguqw.exe
  C:\Windows\System\YBdguqw.exe
  2⤵
  PID:7796
- C:\Windows\System\SPJoRUp.exe
  C:\Windows\System\SPJoRUp.exe
  2⤵
  PID:7836
- C:\Windows\System\LyGGRmU.exe
  C:\Windows\System\LyGGRmU.exe
  2⤵
  PID:7896
- C:\Windows\System\pvdjrQs.exe
  C:\Windows\System\pvdjrQs.exe
  2⤵
  PID:7860
- C:\Windows\System\oFoMQpV.exe
  C:\Windows\System\oFoMQpV.exe
  2⤵
  PID:7940
- C:\Windows\System\gdwwQiO.exe
  C:\Windows\System\gdwwQiO.exe
  2⤵
  PID:8032
- C:\Windows\System\wLEViec.exe
  C:\Windows\System\wLEViec.exe
  2⤵
  PID:8120
- C:\Windows\System\fmswWRz.exe
  C:\Windows\System\fmswWRz.exe
  2⤵
  PID:6372
- C:\Windows\System\yuXSOOx.exe
  C:\Windows\System\yuXSOOx.exe
  2⤵
  PID:6192
- C:\Windows\System\LeqiAiW.exe
  C:\Windows\System\LeqiAiW.exe
  2⤵
  PID:6792
- C:\Windows\System\rFWLqRM.exe
  C:\Windows\System\rFWLqRM.exe
  2⤵
  PID:6800
- C:\Windows\System\hlKYVQf.exe
  C:\Windows\System\hlKYVQf.exe
  2⤵
  PID:7080
- C:\Windows\System\GLUWtrA.exe
  C:\Windows\System\GLUWtrA.exe
  2⤵
  PID:6172
- C:\Windows\System\INWXSyr.exe
  C:\Windows\System\INWXSyr.exe
  2⤵
  PID:7300
- C:\Windows\System\TjHZOSx.exe
  C:\Windows\System\TjHZOSx.exe
  2⤵
  PID:8200
- C:\Windows\System\JUoWlJs.exe
  C:\Windows\System\JUoWlJs.exe
  2⤵
  PID:8220
- C:\Windows\System\EMvCUZU.exe
  C:\Windows\System\EMvCUZU.exe
  2⤵
  PID:8240
- C:\Windows\System\bzhfwqH.exe
  C:\Windows\System\bzhfwqH.exe
  2⤵
  PID:8256
- C:\Windows\System\aqKbCwi.exe
  C:\Windows\System\aqKbCwi.exe
  2⤵
  PID:8276
- C:\Windows\System\xdhwUBg.exe
  C:\Windows\System\xdhwUBg.exe
  2⤵
  PID:8292
- C:\Windows\System\QYPJwJo.exe
  C:\Windows\System\QYPJwJo.exe
  2⤵
  PID:8312
- C:\Windows\System\qGTCPFB.exe
  C:\Windows\System\qGTCPFB.exe
  2⤵
  PID:8328
- C:\Windows\System\NZdEuhX.exe
  C:\Windows\System\NZdEuhX.exe
  2⤵
  PID:8344
- C:\Windows\System\KDzCWGa.exe
  C:\Windows\System\KDzCWGa.exe
  2⤵
  PID:8360
- C:\Windows\System\hIvyaxA.exe
  C:\Windows\System\hIvyaxA.exe
  2⤵
  PID:8376
- C:\Windows\System\DFoWgnq.exe
  C:\Windows\System\DFoWgnq.exe
  2⤵
  PID:8392
- C:\Windows\System\eSNHiGS.exe
  C:\Windows\System\eSNHiGS.exe
  2⤵
  PID:8408
- C:\Windows\System\HVFViRz.exe
  C:\Windows\System\HVFViRz.exe
  2⤵
  PID:8424
- C:\Windows\System\RBPVIww.exe
  C:\Windows\System\RBPVIww.exe
  2⤵
  PID:8440
- C:\Windows\System\acoPJfT.exe
  C:\Windows\System\acoPJfT.exe
  2⤵
  PID:8460
- C:\Windows\System\ngXztiS.exe
  C:\Windows\System\ngXztiS.exe
  2⤵
  PID:8480
- C:\Windows\System\EEYZDZh.exe
  C:\Windows\System\EEYZDZh.exe
  2⤵
  PID:8504
- C:\Windows\System\IVrdwtA.exe
  C:\Windows\System\IVrdwtA.exe
  2⤵
  PID:8544
- C:\Windows\System\WGnIBIn.exe
  C:\Windows\System\WGnIBIn.exe
  2⤵
  PID:8568
- C:\Windows\System\udOXhdE.exe
  C:\Windows\System\udOXhdE.exe
  2⤵
  PID:8592
- C:\Windows\System\wnFZWua.exe
  C:\Windows\System\wnFZWua.exe
  2⤵
  PID:8608
- C:\Windows\System\EDkulPu.exe
  C:\Windows\System\EDkulPu.exe
  2⤵
  PID:8640
- C:\Windows\System\McHQpvp.exe
  C:\Windows\System\McHQpvp.exe
  2⤵
  PID:8660
- C:\Windows\System\vszIOUW.exe
  C:\Windows\System\vszIOUW.exe
  2⤵
  PID:8680
- C:\Windows\System\pqQoIki.exe
  C:\Windows\System\pqQoIki.exe
  2⤵
  PID:8696
- C:\Windows\System\qeXqIcw.exe
  C:\Windows\System\qeXqIcw.exe
  2⤵
  PID:8716
- C:\Windows\System\VecBvKa.exe
  C:\Windows\System\VecBvKa.exe
  2⤵
  PID:8732
- C:\Windows\System\veIeetZ.exe
  C:\Windows\System\veIeetZ.exe
  2⤵
  PID:8752
- C:\Windows\System\PFVDkBR.exe
  C:\Windows\System\PFVDkBR.exe
  2⤵
  PID:8768
- C:\Windows\System\UjgIozs.exe
  C:\Windows\System\UjgIozs.exe
  2⤵
  PID:8788
- C:\Windows\System\OXiuXXi.exe
  C:\Windows\System\OXiuXXi.exe
  2⤵
  PID:8808
- C:\Windows\System\fDxIzwP.exe
  C:\Windows\System\fDxIzwP.exe
  2⤵
  PID:8832
- C:\Windows\System\gEIdLEM.exe
  C:\Windows\System\gEIdLEM.exe
  2⤵
  PID:8852
- C:\Windows\System\nXqUCFs.exe
  C:\Windows\System\nXqUCFs.exe
  2⤵
  PID:8876
- C:\Windows\System\ugIXkZJ.exe
  C:\Windows\System\ugIXkZJ.exe
  2⤵
  PID:8892
- C:\Windows\System\JkXTIDF.exe
  C:\Windows\System\JkXTIDF.exe
  2⤵
  PID:8912
- C:\Windows\System\xZUcafl.exe
  C:\Windows\System\xZUcafl.exe
  2⤵
  PID:8932
- C:\Windows\System\SiCHhHv.exe
  C:\Windows\System\SiCHhHv.exe
  2⤵
  PID:8960
- C:\Windows\System\RxVCHLN.exe
  C:\Windows\System\RxVCHLN.exe
  2⤵
  PID:8980
- C:\Windows\System\OiAhtDX.exe
  C:\Windows\System\OiAhtDX.exe
  2⤵
  PID:9000
- C:\Windows\System\IPjWuuF.exe
  C:\Windows\System\IPjWuuF.exe
  2⤵
  PID:9024
- C:\Windows\System\IHspFlE.exe
  C:\Windows\System\IHspFlE.exe
  2⤵
  PID:9048
- C:\Windows\System\BhziLOG.exe
  C:\Windows\System\BhziLOG.exe
  2⤵
  PID:9068
- C:\Windows\System\ZgrkiNv.exe
  C:\Windows\System\ZgrkiNv.exe
  2⤵
  PID:9088
- C:\Windows\System\oaJGyKe.exe
  C:\Windows\System\oaJGyKe.exe
  2⤵
  PID:9104
- C:\Windows\System\RnkLJGV.exe
  C:\Windows\System\RnkLJGV.exe
  2⤵
  PID:9128
- C:\Windows\System\cyINXxR.exe
  C:\Windows\System\cyINXxR.exe
  2⤵
  PID:9148
- C:\Windows\System\FHazHYs.exe
  C:\Windows\System\FHazHYs.exe
  2⤵
  PID:9168
- C:\Windows\System\YqYGPPY.exe
  C:\Windows\System\YqYGPPY.exe
  2⤵
  PID:9188
- C:\Windows\System\fSgprtS.exe
  C:\Windows\System\fSgprtS.exe
  2⤵
  PID:9208
- C:\Windows\System\QMyrwQl.exe
  C:\Windows\System\QMyrwQl.exe
  2⤵
  PID:7360
- C:\Windows\System\UexJnXK.exe
  C:\Windows\System\UexJnXK.exe
  2⤵
  PID:7432
- C:\Windows\System\GhiEwOy.exe
  C:\Windows\System\GhiEwOy.exe
  2⤵
  PID:7464
- C:\Windows\System\GPKqbrv.exe
  C:\Windows\System\GPKqbrv.exe
  2⤵
  PID:7636
- C:\Windows\System\ISCDwxe.exe
  C:\Windows\System\ISCDwxe.exe
  2⤵
  PID:7564
- C:\Windows\System\MBgmOSD.exe
  C:\Windows\System\MBgmOSD.exe
  2⤵
  PID:7840
- C:\Windows\System\wDVAiAO.exe
  C:\Windows\System\wDVAiAO.exe
  2⤵
  PID:7900
- C:\Windows\System\uYXNsoK.exe
  C:\Windows\System\uYXNsoK.exe
  2⤵
  PID:8088
- C:\Windows\System\YwXKZoB.exe
  C:\Windows\System\YwXKZoB.exe
  2⤵
  PID:8020
- C:\Windows\System\kQMnRhY.exe
  C:\Windows\System\kQMnRhY.exe
  2⤵
  PID:8148
- C:\Windows\System\NoBvWwK.exe
  C:\Windows\System\NoBvWwK.exe
  2⤵
  PID:6472
- C:\Windows\System\izoUYfq.exe
  C:\Windows\System\izoUYfq.exe
  2⤵
  PID:8180
- C:\Windows\System\jAZGhwK.exe
  C:\Windows\System\jAZGhwK.exe
  2⤵
  PID:2000
- C:\Windows\System\DMEYsZM.exe
  C:\Windows\System\DMEYsZM.exe
  2⤵
  PID:7172
- C:\Windows\System\ROXhNaw.exe
  C:\Windows\System\ROXhNaw.exe
  2⤵
  PID:2980
- C:\Windows\System\OBWUvvA.exe
  C:\Windows\System\OBWUvvA.exe
  2⤵
  PID:1932
- C:\Windows\System\JvPbDta.exe
  C:\Windows\System\JvPbDta.exe
  2⤵
  PID:4768
- C:\Windows\System\NjIogXZ.exe
  C:\Windows\System\NjIogXZ.exe
  2⤵
  PID:1664
- C:\Windows\System\nBmzQGN.exe
  C:\Windows\System\nBmzQGN.exe
  2⤵
  PID:684
- C:\Windows\System\YYJpMmM.exe
  C:\Windows\System\YYJpMmM.exe
  2⤵
  PID:1680
- C:\Windows\System\CxhDgPi.exe
  C:\Windows\System\CxhDgPi.exe
  2⤵
  PID:8228
- C:\Windows\System\qSCvGTa.exe
  C:\Windows\System\qSCvGTa.exe
  2⤵
  PID:736
- C:\Windows\System\IeePTIW.exe
  C:\Windows\System\IeePTIW.exe
  2⤵
  PID:8248
- C:\Windows\System\NBTrESV.exe
  C:\Windows\System\NBTrESV.exe
  2⤵
  PID:8252
- C:\Windows\System\klRvqHf.exe
  C:\Windows\System\klRvqHf.exe
  2⤵
  PID:8336
- C:\Windows\System\TaAnVUW.exe
  C:\Windows\System\TaAnVUW.exe
  2⤵
  PID:8512
- C:\Windows\System\EslDLNC.exe
  C:\Windows\System\EslDLNC.exe
  2⤵
  PID:8524
- C:\Windows\System\dtDNiZl.exe
  C:\Windows\System\dtDNiZl.exe
  2⤵
  PID:8536
- C:\Windows\System\KNNzonf.exe
  C:\Windows\System\KNNzonf.exe
  2⤵
  PID:8452
- C:\Windows\System\rjkHSPj.exe
  C:\Windows\System\rjkHSPj.exe
  2⤵
  PID:8620
- C:\Windows\System\HoJmJha.exe
  C:\Windows\System\HoJmJha.exe
  2⤵
  PID:8668
- C:\Windows\System\oeDNvmU.exe
  C:\Windows\System\oeDNvmU.exe
  2⤵
  PID:8496
- C:\Windows\System\bijwMQb.exe
  C:\Windows\System\bijwMQb.exe
  2⤵
  PID:8688
- C:\Windows\System\pjkmyom.exe
  C:\Windows\System\pjkmyom.exe
  2⤵
  PID:8824
- C:\Windows\System\ZnCAwwA.exe
  C:\Windows\System\ZnCAwwA.exe
  2⤵
  PID:8868
- C:\Windows\System\JZvupKx.exe
  C:\Windows\System\JZvupKx.exe
  2⤵
  PID:8724
- C:\Windows\System\lcWteLu.exe
  C:\Windows\System\lcWteLu.exe
  2⤵
  PID:8796
- C:\Windows\System\ilnurwe.exe
  C:\Windows\System\ilnurwe.exe
  2⤵
  PID:8948
- C:\Windows\System\YxrcrOl.exe
  C:\Windows\System\YxrcrOl.exe
  2⤵
  PID:8848
- C:\Windows\System\hcaWvGu.exe
  C:\Windows\System\hcaWvGu.exe
  2⤵
  PID:8884
- C:\Windows\System\nxrUxSn.exe
  C:\Windows\System\nxrUxSn.exe
  2⤵
  PID:8968
- C:\Windows\System\kNmNmeb.exe
  C:\Windows\System\kNmNmeb.exe
  2⤵
  PID:9044
- C:\Windows\System\XNiEvHS.exe
  C:\Windows\System\XNiEvHS.exe
  2⤵
  PID:9020
- C:\Windows\System\HpnmKfy.exe
  C:\Windows\System\HpnmKfy.exe
  2⤵
  PID:9084
- C:\Windows\System\WgjthIM.exe
  C:\Windows\System\WgjthIM.exe
  2⤵
  PID:9060
- C:\Windows\System\MMjywEF.exe
  C:\Windows\System\MMjywEF.exe
  2⤵
  PID:9100
- C:\Windows\System\JWvyFBV.exe
  C:\Windows\System\JWvyFBV.exe
  2⤵
  PID:9140
- C:\Windows\System\XqTJXQK.exe
  C:\Windows\System\XqTJXQK.exe
  2⤵
  PID:7456
- C:\Windows\System\PndlzIB.exe
  C:\Windows\System\PndlzIB.exe
  2⤵
  PID:2892
- C:\Windows\System\OMDwJJg.exe
  C:\Windows\System\OMDwJJg.exe
  2⤵
  PID:1924
- C:\Windows\System\rIBcfEa.exe
  C:\Windows\System\rIBcfEa.exe
  2⤵
  PID:8144
- C:\Windows\System\GONJyBU.exe
  C:\Windows\System\GONJyBU.exe
  2⤵
  PID:8104
- C:\Windows\System\dAIpNio.exe
  C:\Windows\System\dAIpNio.exe
  2⤵
  PID:8184
- C:\Windows\System\hqYxpGj.exe
  C:\Windows\System\hqYxpGj.exe
  2⤵
  PID:2908
- C:\Windows\System\IMUHBiI.exe
  C:\Windows\System\IMUHBiI.exe
  2⤵
  PID:7272
- C:\Windows\System\MecHHiJ.exe
  C:\Windows\System\MecHHiJ.exe
  2⤵
  PID:892
- C:\Windows\System\etWWzAd.exe
  C:\Windows\System\etWWzAd.exe
  2⤵
  PID:8208
- C:\Windows\System\momuSXU.exe
  C:\Windows\System\momuSXU.exe
  2⤵
  PID:8212
- C:\Windows\System\viLjhoQ.exe
  C:\Windows\System\viLjhoQ.exe
  2⤵
  PID:8340
- C:\Windows\System\fkvECaK.exe
  C:\Windows\System\fkvECaK.exe
  2⤵
  PID:8304
- C:\Windows\System\mZfONIB.exe
  C:\Windows\System\mZfONIB.exe
  2⤵
  PID:8488
- C:\Windows\System\uCgGpzQ.exe
  C:\Windows\System\uCgGpzQ.exe
  2⤵
  PID:2344
- C:\Windows\System\jXblSLn.exe
  C:\Windows\System\jXblSLn.exe
  2⤵
  PID:8820
- C:\Windows\System\gouIoIk.exe
  C:\Windows\System\gouIoIk.exe
  2⤵
  PID:8804
- C:\Windows\System\gLSkUYm.exe
  C:\Windows\System\gLSkUYm.exe
  2⤵
  PID:8764
- C:\Windows\System\ReCxzJb.exe
  C:\Windows\System\ReCxzJb.exe
  2⤵
  PID:8840
- C:\Windows\System\eEhMKIp.exe
  C:\Windows\System\eEhMKIp.exe
  2⤵
  PID:8988
- C:\Windows\System\PEOMXrM.exe
  C:\Windows\System\PEOMXrM.exe
  2⤵
  PID:8992
- C:\Windows\System\puizWpZ.exe
  C:\Windows\System\puizWpZ.exe
  2⤵
  PID:9016
- C:\Windows\System\aJjNnmY.exe
  C:\Windows\System\aJjNnmY.exe
  2⤵
  PID:2820
- C:\Windows\System\gInBQlf.exe
  C:\Windows\System\gInBQlf.exe
  2⤵
  PID:868
- C:\Windows\System\oFufHCN.exe
  C:\Windows\System\oFufHCN.exe
  2⤵
  PID:9144
- C:\Windows\System\jIzYZyp.exe
  C:\Windows\System\jIzYZyp.exe
  2⤵
  PID:8532
- C:\Windows\System\pXzIbue.exe
  C:\Windows\System\pXzIbue.exe
  2⤵
  PID:7328
- C:\Windows\System\nxDYHAy.exe
  C:\Windows\System\nxDYHAy.exe
  2⤵
  PID:7496
- C:\Windows\System\TqRWdBg.exe
  C:\Windows\System\TqRWdBg.exe
  2⤵
  PID:7556
- C:\Windows\System\lDwSmIw.exe
  C:\Windows\System\lDwSmIw.exe
  2⤵
  PID:7832
- C:\Windows\System\pLTuizJ.exe
  C:\Windows\System\pLTuizJ.exe
  2⤵
  PID:1532
- C:\Windows\System\WwOgEIb.exe
  C:\Windows\System\WwOgEIb.exe
  2⤵
  PID:796
- C:\Windows\System\XwMUGco.exe
  C:\Windows\System\XwMUGco.exe
  2⤵
  PID:7820
- C:\Windows\System\VwgrBAC.exe
  C:\Windows\System\VwgrBAC.exe
  2⤵
  PID:8044
- C:\Windows\System\fNvdVQa.exe
  C:\Windows\System\fNvdVQa.exe
  2⤵
  PID:8168
- C:\Windows\System\gyWMRvs.exe
  C:\Windows\System\gyWMRvs.exe
  2⤵
  PID:7436
- C:\Windows\System\cckNyJH.exe
  C:\Windows\System\cckNyJH.exe
  2⤵
  PID:2024
- C:\Windows\System\WxsYAvP.exe
  C:\Windows\System\WxsYAvP.exe
  2⤵
  PID:8232
- C:\Windows\System\gcagNWq.exe
  C:\Windows\System\gcagNWq.exe
  2⤵
  PID:564
- C:\Windows\System\vFahZYc.exe
  C:\Windows\System\vFahZYc.exe
  2⤵
  PID:8404
- C:\Windows\System\cbKWaGC.exe
  C:\Windows\System\cbKWaGC.exe
  2⤵
  PID:2824
- C:\Windows\System\nmZCFCx.exe
  C:\Windows\System\nmZCFCx.exe
  2⤵
  PID:556
- C:\Windows\System\BacQCzI.exe
  C:\Windows\System\BacQCzI.exe
  2⤵
  PID:8384
- C:\Windows\System\ocYPoxv.exe
  C:\Windows\System\ocYPoxv.exe
  2⤵
  PID:8476
- C:\Windows\System\uFhPxwu.exe
  C:\Windows\System\uFhPxwu.exe
  2⤵
  PID:2920
- C:\Windows\System\TSbwuNy.exe
  C:\Windows\System\TSbwuNy.exe
  2⤵
  PID:1524
- C:\Windows\System\gPohCfe.exe
  C:\Windows\System\gPohCfe.exe
  2⤵
  PID:2204
- C:\Windows\System\ntxnmyv.exe
  C:\Windows\System\ntxnmyv.exe
  2⤵
  PID:8492
- C:\Windows\System\CBzAyTh.exe
  C:\Windows\System\CBzAyTh.exe
  2⤵
  PID:2616
- C:\Windows\System\CkfnIvZ.exe
  C:\Windows\System\CkfnIvZ.exe
  2⤵
  PID:8760
- C:\Windows\System\jMjWZZz.exe
  C:\Windows\System\jMjWZZz.exe
  2⤵
  PID:8956
- C:\Windows\System\IpBlJOb.exe
  C:\Windows\System\IpBlJOb.exe
  2⤵
  PID:9196
- C:\Windows\System\vicLfOc.exe
  C:\Windows\System\vicLfOc.exe
  2⤵
  PID:8928
- C:\Windows\System\iMyHpEb.exe
  C:\Windows\System\iMyHpEb.exe
  2⤵
  PID:7620
- C:\Windows\System\rwOrrgb.exe
  C:\Windows\System\rwOrrgb.exe
  2⤵
  PID:9200
- C:\Windows\System\ycwWUOO.exe
  C:\Windows\System\ycwWUOO.exe
  2⤵
  PID:1064
- C:\Windows\System\qHxRtYx.exe
  C:\Windows\System\qHxRtYx.exe
  2⤵
  PID:9204
- C:\Windows\System\gaYiAhO.exe
  C:\Windows\System\gaYiAhO.exe
  2⤵
  PID:6700
- C:\Windows\System\ZHVoEQv.exe
  C:\Windows\System\ZHVoEQv.exe
  2⤵
  PID:2644
- C:\Windows\System\eDJZmJF.exe
  C:\Windows\System\eDJZmJF.exe
  2⤵
  PID:2904
- C:\Windows\System\ymHQCfD.exe
  C:\Windows\System\ymHQCfD.exe
  2⤵
  PID:2608
- C:\Windows\System\zRJJdGW.exe
  C:\Windows\System\zRJJdGW.exe
  2⤵
  PID:8356
- C:\Windows\System\fsBfIRM.exe
  C:\Windows\System\fsBfIRM.exe
  2⤵
  PID:1896
- C:\Windows\System\ZrcIVMm.exe
  C:\Windows\System\ZrcIVMm.exe
  2⤵
  PID:2976
- C:\Windows\System\geSYLCi.exe
  C:\Windows\System\geSYLCi.exe
  2⤵
  PID:8400
- C:\Windows\System\DuOdpSK.exe
  C:\Windows\System\DuOdpSK.exe
  2⤵
  PID:9160
- C:\Windows\System\KHQGcst.exe
  C:\Windows\System\KHQGcst.exe
  2⤵
  PID:2140
- C:\Windows\System\WIlHTRZ.exe
  C:\Windows\System\WIlHTRZ.exe
  2⤵
  PID:9112
- C:\Windows\System\rGcQhpk.exe
  C:\Windows\System\rGcQhpk.exe
  2⤵
  PID:1396
- C:\Windows\System\dPPNKGv.exe
  C:\Windows\System\dPPNKGv.exe
  2⤵
  PID:2640
- C:\Windows\System\rPAsEkX.exe
  C:\Windows\System\rPAsEkX.exe
  2⤵
  PID:9008
- C:\Windows\System\FxDKHcS.exe
  C:\Windows\System\FxDKHcS.exe
  2⤵
  PID:8624
- C:\Windows\System\BovMMbU.exe
  C:\Windows\System\BovMMbU.exe
  2⤵
  PID:9184
- C:\Windows\System\msvBnNS.exe
  C:\Windows\System\msvBnNS.exe
  2⤵
  PID:2216
- C:\Windows\System\ssbVAjc.exe
  C:\Windows\System\ssbVAjc.exe
  2⤵
  PID:8780
- C:\Windows\System\HPkyAyL.exe
  C:\Windows\System\HPkyAyL.exe
  2⤵
  PID:2224
- C:\Windows\System\iqDGonO.exe
  C:\Windows\System\iqDGonO.exe
  2⤵
  PID:7740
- C:\Windows\System\VfnvSQD.exe
  C:\Windows\System\VfnvSQD.exe
  2⤵
  PID:8416
- C:\Windows\System\dbSUIBR.exe
  C:\Windows\System\dbSUIBR.exe
  2⤵
  PID:7916
- C:\Windows\System\GTeBweG.exe
  C:\Windows\System\GTeBweG.exe
  2⤵
  PID:2340
- C:\Windows\System\vvnnNXQ.exe
  C:\Windows\System\vvnnNXQ.exe
  2⤵
  PID:2196
- C:\Windows\System\SQOVAHk.exe
  C:\Windows\System\SQOVAHk.exe
  2⤵
  PID:1576
- C:\Windows\System\hpkCRtw.exe
  C:\Windows\System\hpkCRtw.exe
  2⤵
  PID:2916
- C:\Windows\System\oEImjqp.exe
  C:\Windows\System\oEImjqp.exe
  2⤵
  PID:1480
- C:\Windows\System\NNbnuUI.exe
  C:\Windows\System\NNbnuUI.exe
  2⤵
  PID:8352
- C:\Windows\System\eenLmPf.exe
  C:\Windows\System\eenLmPf.exe
  2⤵
  PID:2528
- C:\Windows\System\mzSbgFK.exe
  C:\Windows\System\mzSbgFK.exe
  2⤵
  PID:3020
- C:\Windows\System\dFaygAE.exe
  C:\Windows\System\dFaygAE.exe
  2⤵
  PID:8908
- C:\Windows\System\AvzrKjY.exe
  C:\Windows\System\AvzrKjY.exe
  2⤵
  PID:2636
- C:\Windows\System\leeuVvq.exe
  C:\Windows\System\leeuVvq.exe
  2⤵
  PID:9232
- C:\Windows\System\eWXRWFw.exe
  C:\Windows\System\eWXRWFw.exe
  2⤵
  PID:9248
- C:\Windows\System\HnIQggE.exe
  C:\Windows\System\HnIQggE.exe
  2⤵
  PID:9264
- C:\Windows\System\YBHJxdN.exe
  C:\Windows\System\YBHJxdN.exe
  2⤵
  PID:9280
- C:\Windows\System\cWFXlxC.exe
  C:\Windows\System\cWFXlxC.exe
  2⤵
  PID:9296
- C:\Windows\System\iTnKxVu.exe
  C:\Windows\System\iTnKxVu.exe
  2⤵
  PID:9312
- C:\Windows\System\ytrMhHF.exe
  C:\Windows\System\ytrMhHF.exe
  2⤵
  PID:9328
- C:\Windows\System\Wxpzkgq.exe
  C:\Windows\System\Wxpzkgq.exe
  2⤵
  PID:9344
- C:\Windows\System\EjEdwWU.exe
  C:\Windows\System\EjEdwWU.exe
  2⤵
  PID:9360
- C:\Windows\System\GyDerWA.exe
  C:\Windows\System\GyDerWA.exe
  2⤵
  PID:9376
- C:\Windows\System\ylucebf.exe
  C:\Windows\System\ylucebf.exe
  2⤵
  PID:9392
- C:\Windows\System\tsUmitU.exe
  C:\Windows\System\tsUmitU.exe
  2⤵
  PID:9412
- C:\Windows\System\ejgDdgL.exe
  C:\Windows\System\ejgDdgL.exe
  2⤵
  PID:9428
- C:\Windows\System\FgygxYL.exe
  C:\Windows\System\FgygxYL.exe
  2⤵
  PID:9444
- C:\Windows\System\mIjYKUG.exe
  C:\Windows\System\mIjYKUG.exe
  2⤵
  PID:9460
- C:\Windows\System\YcJYXHB.exe
  C:\Windows\System\YcJYXHB.exe
  2⤵
  PID:9476
- C:\Windows\System\MWgYTRE.exe
  C:\Windows\System\MWgYTRE.exe
  2⤵
  PID:9492
- C:\Windows\System\vRWupLC.exe
  C:\Windows\System\vRWupLC.exe
  2⤵
  PID:9508
- C:\Windows\System\VaPRRQI.exe
  C:\Windows\System\VaPRRQI.exe
  2⤵
  PID:9524
- C:\Windows\System\rjzhnEJ.exe
  C:\Windows\System\rjzhnEJ.exe
  2⤵
  PID:9568
- C:\Windows\System\geyeSBk.exe
  C:\Windows\System\geyeSBk.exe
  2⤵
  PID:9652
- C:\Windows\System\MQbqDTC.exe
  C:\Windows\System\MQbqDTC.exe
  2⤵
  PID:9668
- C:\Windows\System\GlFBEBr.exe
  C:\Windows\System\GlFBEBr.exe
  2⤵
  PID:9684
- C:\Windows\System\bdCNdDM.exe
  C:\Windows\System\bdCNdDM.exe
  2⤵
  PID:9700
- C:\Windows\System\bHWtvLT.exe
  C:\Windows\System\bHWtvLT.exe
  2⤵
  PID:9716
- C:\Windows\System\SxLHezi.exe
  C:\Windows\System\SxLHezi.exe
  2⤵
  PID:9732
- C:\Windows\System\ZRrETvg.exe
  C:\Windows\System\ZRrETvg.exe
  2⤵
  PID:9748
- C:\Windows\System\gexsGQt.exe
  C:\Windows\System\gexsGQt.exe
  2⤵
  PID:9764
- C:\Windows\System\PMPCmDK.exe
  C:\Windows\System\PMPCmDK.exe
  2⤵
  PID:9780
- C:\Windows\System\edAHwPx.exe
  C:\Windows\System\edAHwPx.exe
  2⤵
  PID:9796
- C:\Windows\System\tOlDzfC.exe
  C:\Windows\System\tOlDzfC.exe
  2⤵
  PID:9812
- C:\Windows\System\ZUWKANR.exe
  C:\Windows\System\ZUWKANR.exe
  2⤵
  PID:9828
- C:\Windows\System\aJVrSMp.exe
  C:\Windows\System\aJVrSMp.exe
  2⤵
  PID:9844
- C:\Windows\System\yOujVoi.exe
  C:\Windows\System\yOujVoi.exe
  2⤵
  PID:9860
- C:\Windows\System\TWvodqt.exe
  C:\Windows\System\TWvodqt.exe
  2⤵
  PID:9876
- C:\Windows\System\JrvLpSs.exe
  C:\Windows\System\JrvLpSs.exe
  2⤵
  PID:9892
- C:\Windows\System\MKYinCX.exe
  C:\Windows\System\MKYinCX.exe
  2⤵
  PID:9908
- C:\Windows\System\JZlXNMA.exe
  C:\Windows\System\JZlXNMA.exe
  2⤵
  PID:9924
- C:\Windows\System\dUlKHkt.exe
  C:\Windows\System\dUlKHkt.exe
  2⤵
  PID:9940
- C:\Windows\System\AbgTlxG.exe
  C:\Windows\System\AbgTlxG.exe
  2⤵
  PID:9956
- C:\Windows\System\hcuZgwM.exe
  C:\Windows\System\hcuZgwM.exe
  2⤵
  PID:9972
- C:\Windows\System\LCbQSFW.exe
  C:\Windows\System\LCbQSFW.exe
  2⤵
  PID:9988
- C:\Windows\System\cCYgUhx.exe
  C:\Windows\System\cCYgUhx.exe
  2⤵
  PID:10020
- C:\Windows\System\TuRnmyD.exe
  C:\Windows\System\TuRnmyD.exe
  2⤵
  PID:10044
- C:\Windows\System\NaAqJFU.exe
  C:\Windows\System\NaAqJFU.exe
  2⤵
  PID:10068
- C:\Windows\System\yGndwyE.exe
  C:\Windows\System\yGndwyE.exe
  2⤵
  PID:10152
- C:\Windows\System\yNzpqYM.exe
  C:\Windows\System\yNzpqYM.exe
  2⤵
  PID:10208
- C:\Windows\System\gLJzqXr.exe
  C:\Windows\System\gLJzqXr.exe
  2⤵
  PID:8556
- C:\Windows\System\RcnCMKk.exe
  C:\Windows\System\RcnCMKk.exe
  2⤵
  PID:2400
- C:\Windows\System\yLRhscb.exe
  C:\Windows\System\yLRhscb.exe
  2⤵
  PID:9240
- C:\Windows\System\GiRoTYn.exe
  C:\Windows\System\GiRoTYn.exe
  2⤵
  PID:9272
- C:\Windows\System\piEYNOx.exe
  C:\Windows\System\piEYNOx.exe
  2⤵
  PID:9340
- C:\Windows\System\DeFZlvV.exe
  C:\Windows\System\DeFZlvV.exe
  2⤵
  PID:9388
- C:\Windows\System\uOWQWqo.exe
  C:\Windows\System\uOWQWqo.exe
  2⤵
  PID:9424
- C:\Windows\System\WbTdjBv.exe
  C:\Windows\System\WbTdjBv.exe
  2⤵
  PID:9400
- C:\Windows\System\lAvPqBR.exe
  C:\Windows\System\lAvPqBR.exe
  2⤵
  PID:9440
- C:\Windows\System\yWocDKP.exe
  C:\Windows\System\yWocDKP.exe
  2⤵
  PID:9516
- C:\Windows\System\GUWXNeT.exe
  C:\Windows\System\GUWXNeT.exe
  2⤵
  PID:9532
- C:\Windows\System\Umabhfy.exe
  C:\Windows\System\Umabhfy.exe
  2⤵
  PID:9552
- C:\Windows\System\SiBOnXj.exe
  C:\Windows\System\SiBOnXj.exe
  2⤵
  PID:9564
- C:\Windows\System\fetYNnY.exe
  C:\Windows\System\fetYNnY.exe
  2⤵
  PID:9588
- C:\Windows\System\cOLUJss.exe
  C:\Windows\System\cOLUJss.exe
  2⤵
  PID:9604
- C:\Windows\System\yVmVyAs.exe
  C:\Windows\System\yVmVyAs.exe
  2⤵
  PID:9620
- C:\Windows\System\KuQuhIR.exe
  C:\Windows\System\KuQuhIR.exe
  2⤵
  PID:9636
- C:\Windows\System\MekKKAI.exe
  C:\Windows\System\MekKKAI.exe
  2⤵
  PID:9680
- C:\Windows\System\LggDkOZ.exe
  C:\Windows\System\LggDkOZ.exe
  2⤵
  PID:9692
- C:\Windows\System\prASdTq.exe
  C:\Windows\System\prASdTq.exe
  2⤵
  PID:9728
- C:\Windows\System\hkbECuM.exe
  C:\Windows\System\hkbECuM.exe
  2⤵
  PID:9808
- C:\Windows\System\rsvUGHm.exe
  C:\Windows\System\rsvUGHm.exe
  2⤵
  PID:9756
- C:\Windows\System\otJtzPB.exe
  C:\Windows\System\otJtzPB.exe
  2⤵
  PID:9788
- C:\Windows\System\byFlYYS.exe
  C:\Windows\System\byFlYYS.exe
  2⤵
  PID:9824
- C:\Windows\System\nodkoEt.exe
  C:\Windows\System\nodkoEt.exe
  2⤵
  PID:9888
- C:\Windows\System\NXPdDEe.exe
  C:\Windows\System\NXPdDEe.exe
  2⤵
  PID:9932
- C:\Windows\System\dXQVwKw.exe
  C:\Windows\System\dXQVwKw.exe
  2⤵
  PID:9964
- C:\Windows\System\Deobirf.exe
  C:\Windows\System\Deobirf.exe
  2⤵
  PID:9996
- C:\Windows\System\iQqEZcl.exe
  C:\Windows\System\iQqEZcl.exe
  2⤵
  PID:10012
- C:\Windows\System\OWpGhTG.exe
  C:\Windows\System\OWpGhTG.exe
  2⤵
  PID:10036
- C:\Windows\System\rmsOlKx.exe
  C:\Windows\System\rmsOlKx.exe
  2⤵
  PID:10056
- C:\Windows\System\YCqrkPj.exe
  C:\Windows\System\YCqrkPj.exe
  2⤵
  PID:10088
- C:\Windows\System\eerVVCl.exe
  C:\Windows\System\eerVVCl.exe
  2⤵
  PID:10164
- C:\Windows\System\ASOxegt.exe
  C:\Windows\System\ASOxegt.exe
  2⤵
  PID:10100
- C:\Windows\System\yYMYuuv.exe
  C:\Windows\System\yYMYuuv.exe
  2⤵
  PID:10116
- C:\Windows\System\RixuCsf.exe
  C:\Windows\System\RixuCsf.exe
  2⤵
  PID:10080
- C:\Windows\System\EObHzlQ.exe
  C:\Windows\System\EObHzlQ.exe
  2⤵
  PID:10180
- C:\Windows\System\ciykzuV.exe
  C:\Windows\System\ciykzuV.exe
  2⤵
  PID:10184
- C:\Windows\System\zPoODfn.exe
  C:\Windows\System\zPoODfn.exe
  2⤵
  PID:10200
- C:\Windows\System\ihKshau.exe
  C:\Windows\System\ihKshau.exe
  2⤵
  PID:10224
- C:\Windows\System\hvzdsPv.exe
  C:\Windows\System\hvzdsPv.exe
  2⤵
  PID:9176
- C:\Windows\System\uMkNLOf.exe
  C:\Windows\System\uMkNLOf.exe
  2⤵
  PID:880
- C:\Windows\System\VOxVZgd.exe
  C:\Windows\System\VOxVZgd.exe
  2⤵
  PID:9356
- C:\Windows\System\QKYKVQK.exe
  C:\Windows\System\QKYKVQK.exe
  2⤵
  PID:9384
- C:\Windows\System\CjfqMAK.exe
  C:\Windows\System\CjfqMAK.exe
  2⤵
  PID:9456
- C:\Windows\System\ATiltwx.exe
  C:\Windows\System\ATiltwx.exe
  2⤵
  PID:9372
- C:\Windows\System\PDlZxdM.exe
  C:\Windows\System\PDlZxdM.exe
  2⤵
  PID:9436
- C:\Windows\System\UsAuMaS.exe
  C:\Windows\System\UsAuMaS.exe
  2⤵
  PID:9560
- C:\Windows\System\mWSrXCH.exe
  C:\Windows\System\mWSrXCH.exe
  2⤵
  PID:9540
- C:\Windows\System\rlhiNKu.exe
  C:\Windows\System\rlhiNKu.exe
  2⤵
  PID:9648
- C:\Windows\System\DUYUPWd.exe
  C:\Windows\System\DUYUPWd.exe
  2⤵
  PID:9708
- C:\Windows\System\XjZyUXy.exe
  C:\Windows\System\XjZyUXy.exe
  2⤵
  PID:9744
- C:\Windows\System\cwRnZej.exe
  C:\Windows\System\cwRnZej.exe
  2⤵
  PID:9772
- C:\Windows\System\MWlofQj.exe
  C:\Windows\System\MWlofQj.exe
  2⤵
  PID:9868
- C:\Windows\System\gblRFUl.exe
  C:\Windows\System\gblRFUl.exe
  2⤵
  PID:9948
- C:\Windows\System\CBMoPuE.exe
  C:\Windows\System\CBMoPuE.exe
  2⤵
  PID:980
- C:\Windows\System\iXCHeTA.exe
  C:\Windows\System\iXCHeTA.exe
  2⤵
  PID:10160
- C:\Windows\System\ArJbfCn.exe
  C:\Windows\System\ArJbfCn.exe
  2⤵
  PID:10028
- C:\Windows\System\MteWhUl.exe
  C:\Windows\System\MteWhUl.exe
  2⤵
  PID:10096
- C:\Windows\System\zdOYpxC.exe
  C:\Windows\System\zdOYpxC.exe
  2⤵
  PID:10112
- C:\Windows\System\AlrXKBG.exe
  C:\Windows\System\AlrXKBG.exe
  2⤵
  PID:10192
- C:\Windows\System\dchrupd.exe
  C:\Windows\System\dchrupd.exe
  2⤵
  PID:10124
- C:\Windows\System\sbBpEkL.exe
  C:\Windows\System\sbBpEkL.exe
  2⤵
  PID:10228
- C:\Windows\System\mZMcMZw.exe
  C:\Windows\System\mZMcMZw.exe
  2⤵
  PID:2968
- C:\Windows\System\KYeVIKs.exe
  C:\Windows\System\KYeVIKs.exe
  2⤵
  PID:9408
- C:\Windows\System\tZDKojf.exe
  C:\Windows\System\tZDKojf.exe
  2⤵
  PID:9596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AEsmvbV.exe

Filesize
6.0MB

MD5
3c2e0bd3240f5c8ac661cc5e051c6f5a

SHA1
b8bfc92801097e5d5d59f8bdf6fb58e7f929d097

SHA256
e824fa46aa21d9e287d34aa0d7c5b4ee2ef46c0c8e70dd675d4e8a1138e51bd6

SHA512
a6fa26e2f57ec042b79dd1e7924e4ee00543dc9d25cb2e4d73a72d7d141da2265e3af99a82e78b62770d8e6a3e89267060a8aa81062cb928c127f07ff17959ab

Download Submit
C:\Windows\system\AYYFeKm.exe

Filesize
6.0MB

MD5
2ec99e9d07d41189a62ada2109a40dbe

SHA1
e9176c2f143a96b3d5cb1b4d1c28ee2c45e4070c

SHA256
6814d23a1e7b068d33cdc301a5dff6b42a1bc9951e73766714d636d6a545bd1e

SHA512
ffca416b4520520f9e1e53eeccd7ce8eac2bacb1af9c2122ab1f883bf792894848644a0be6cb32290523ce4488d25a0c73b9ef9d5ec6b1c5ac6245a3d2d0cfae

Download Submit
C:\Windows\system\FBcoBzj.exe

Filesize
6.0MB

MD5
b998314eb65622928c753f1141e9deb1

SHA1
b1d4892d4b048855c48af7d43cfcc99eecb1327f

SHA256
7a7c99b16de915c82b5a7b4c7ceaddf5bab5212cd4bc7b632e869a290555f253

SHA512
9d2a08039d29bed6b5822a81585d5ed4b80150ea4c10656edf5c93789cf9a9d924fc7e0cefaa0ff86e2a7bea1718b947803d80c2a46d9d8b864336146f0c314a

Download Submit
C:\Windows\system\GNnfXMY.exe

Filesize
6.0MB

MD5
573a19098e57c46f55a5acd25008ac4f

SHA1
e511d964048d6e7fe399fa114f60bb2efe27a92e

SHA256
fb2300de281f21829767c9527518c78e30dfd7b4c797cd909e3371a078bcd89e

SHA512
c69cdcb3b759074c37677d4b3ec182b16b37d3b1f0eb51676e76fbaf15f0920abd65d77757a9465d560150f8cb5b3a9e37b4fd787ad5920bf01817af0c418d35

Download Submit
C:\Windows\system\MMqDYaH.exe

Filesize
6.0MB

MD5
a2a2b8777e9f303a6b9f031ca46710fa

SHA1
1651ed05dfcc1db5d90b424787b639619956fd2d

SHA256
34e4202c67f5b46579329cdbba2689e26b0097f2e8b846f04d91c0c43658a73c

SHA512
d5f24715ffa6456434cf87ce35ca790d594f6e229a720203908cf93494dc9cc050cf64f1577cc694b6ca3a2b2345cfd3b81c839fa237e22e1e71ea70532f28b8

Download Submit
C:\Windows\system\OWgTjIX.exe

Filesize
6.0MB

MD5
ec778eebf3a9f5418020f8b605709105

SHA1
410df1aa75742fa0b4524291b27692dde88c21bc

SHA256
147589fe3e3f55edf3d6b8f79e68971154093b40c306e733e8faab3fb5adb640

SHA512
fc8bc31b9c05c9e9357881bff3b9f98103d16dc5d21283859ead5359357f2dca45e22ae28ea024003c4e036e9b9253e3c5360cba3ab60aee9f188bfbf3281bd8

Download Submit
C:\Windows\system\PitvdWt.exe

Filesize
6.0MB

MD5
3052f4f3de88ebb63511c7e4e8d1e91a

SHA1
42af6f17f047fb32c42bc1c1cb5cca15074cfdea

SHA256
c86727b0ad6e2c9e8b555108fc8304db73d849d50403d34d846c811fd80ec52e

SHA512
0310feff2edcef09193ed799a1053b4d6fa5ccb3cf56c1ace88c5f54236ae811a50d0cba641ed3b94c1784dc3bec4a24cdc9009d74d56431eda1dca5aa95dd58

Download Submit
C:\Windows\system\PoPLzfN.exe

Filesize
6.0MB

MD5
45e04a2ac73703a1a646a217d5dd2a54

SHA1
2c49dcc098b4625d71f35dd75a5ba9703f4fe74f

SHA256
251643fd4bdf5dc617ad309822747d66354cf40493de9a5b92c182b527fb092d

SHA512
97c3b035f0fc66affcce1a4488430d5f2ca8eb3f9ba5833fc49384ae0b53b42bd5b8118647be84a4dbe96f1e83a7eafb1276fa82cf9a1381a47f7125794872db

Download Submit
C:\Windows\system\QbQPRdB.exe

Filesize
6.0MB

MD5
0e6538660839b43f20eb77eccf634b5c

SHA1
982abc9bd52f1f73d968045999aa96a372dbfcb3

SHA256
f0abf10b3d979d4d1d1a497f9e71ed7778528a5b71ff88b2a9a5c88224710e9e

SHA512
3eee15763b41e8a880740cf0aa54ce23a83227f3089981881420857299bd5e7e623a04414b4e74b3f1a0f3f7fab4f775e7f226208671ca839f227738753bc930

Download Submit
C:\Windows\system\SfZPNko.exe

Filesize
6.0MB

MD5
3e18b3b362864d69b6a01a0cca7e8ac7

SHA1
a30ca13abe69f34acf498a908c9d41aca0df1c1e

SHA256
d543acf7dcee8c73f972085505af840bb2ce0bfa25627979878d7d60a0650065

SHA512
7e1e26c5525bd15505a544c233f8ad6a85bfa84c886b96440eedfe3473dfabc31367b147f13406ab348baadca50b3e6f0b269aebb3b6ce5786c68e95985095bf

Download Submit
C:\Windows\system\XHaAqYF.exe

Filesize
6.0MB

MD5
b9bd2bee59cf7b6cf8d7b14d3bd7f8da

SHA1
bcb64b1b611441cd512ab19d3a30fe59a756d91e

SHA256
fcc93bfc006eb0b2389264625774132e43df647156c2bd483fe35e7909627c1c

SHA512
5a142e642c2ccdbed074ff7498726252027b7a0d810207dd3a4164083d79eb984adf31c74624adb98477911911f162fc4131f6966d78167de13fe339a98525e4

Download Submit
C:\Windows\system\XRRaCju.exe

Filesize
6.0MB

MD5
3b35606b8cff550e9bdb1787c595fc5c

SHA1
46506aa02ee9f1690d954a99c4626365a4f562c8

SHA256
555552fc471d71f6c7c294e1368fc61a033793967063c12386e7426b8e8da0f1

SHA512
999206bfc9e96a8062797b399d1f8765036777210686afcc229671b3de37e31ba46819fcc38f0d1d70e7798d1c09986cf1af026fceda7bf90de5d77c85f7e573

Download Submit
C:\Windows\system\ZSKKuVe.exe

Filesize
6.0MB

MD5
4e1e9c8a209ab83c8b97a2f44c00006d

SHA1
f7ea8b1110530ee3798d77d806704c2872843fcd

SHA256
809ef10c7762cdba667a627a5fdf935bff7f992ccd7d261bb37bb0288cc6c9e6

SHA512
43cbdb95e7a19748f5ca23c0e8be81d844ec18f6c7250b12d2b8f256f80c0d6f9d6167cf574164d10a1c24085d03ca885ebcbf4f8fda31cda05d907366a633e6

Download Submit
C:\Windows\system\afSpzNI.exe

Filesize
6.0MB

MD5
327c680ddc93162d4925267e6103bb22

SHA1
5a4185dc46f44da67118e94807302d21f6913705

SHA256
aae1039d7637477218376950ed6faf0086b7e6fa8c66e3c7acf9748d278fe09b

SHA512
e185556751f7349f77e25dc03000ca7593cdac4ea53ddade6e6b52372dbcd0acc09fdedd09a29d4dbf832563a6351c73b454f093b457de6b4848e3bdd739c7db

Download Submit
C:\Windows\system\iEAjMgl.exe

Filesize
6.0MB

MD5
590d8a0cce35988f6a7ef34696ee3142

SHA1
a0abd0c01564daf0abc01ea018cd60eca2055c60

SHA256
6ed019cc86bf1fd7eb8b7e187e84a786166189d8a22d90e67c7b557264203517

SHA512
ca94e26fce99453e05dd7249ef99a7cd8efe57464557308aef9af0cd2518e9440daa9f7aaf4993b0927998b7c48df39bd7f0a62efe5c1adcffbdc6bf81027a3e

Download Submit
C:\Windows\system\ijhsfTe.exe

Filesize
6.0MB

MD5
bd2df4c511602ca55bf60054006a71b1

SHA1
807cf453450acc4d29d13efe21f7c88c4970f948

SHA256
827bc11cc9f32b15cf4f70fd87f6475c91b6edb0cdb0bbe8850332e412aa7097

SHA512
cb3aa9b9c123dc39f59083e524369a118261feccd0ac9d7811a8d3085813a76588d7f92c97fb7b0597f0cbc64a96670c2085cdc6c847ee05e0223ca325f4100b

Download Submit
C:\Windows\system\jHyilUM.exe

Filesize
6.0MB

MD5
3cc8e70afa6259a594a933aeb941eead

SHA1
faf610e945f188b9fe73c5eba89eb3d14ced8953

SHA256
5d4a89fed3232ad23a303e3b707cb4ae434e82ed54c92252e216474d82988bd4

SHA512
db49181fdb05086ccfc667e2e3adc3f652af5bdfb5ba217dde32c3a064cec1789c13ddd178fed3b52571cdec52faa855a030a47c3503f6c8d26df909e76148f0

Download Submit
C:\Windows\system\psqllXD.exe

Filesize
6.0MB

MD5
a7425fa7b730349e7526d6ae3aed7cb6

SHA1
e13f5c517979b488b67d4641ba63f142fe18c100

SHA256
cd831910cfbc9add376cd8d49a901ae98b7b28abfe46cab587932224c47a06f9

SHA512
85e4a77720062ee19d411ccd27911759110151cde99385e3eefc4f01eaeaa6828622625febf89b9e7d6587ae1a0ddc3521fea18dc7ee4d36289428ba9fcbf6a6

Download Submit
C:\Windows\system\tvdIfff.exe

Filesize
6.0MB

MD5
620474120eb0be5575ecab73bde85dce

SHA1
d2c66d35b6eeabae6eba787d85771c9dddb7225d

SHA256
af8a34f6cbb906efef19f5a7fb8677d587a5655a8479a5d22f82dcaf575e7e61

SHA512
58eaca08bdb3256f51ef874302eb8e25a0484752fb7c5d8e04faa00974029cb4c4cb3979e290d645d279e3f5854934db054250baff7656a955b0df84420309ec

Download Submit
C:\Windows\system\uCyoXXp.exe

Filesize
6.0MB

MD5
ad4cd3f5039a83956507ce0c1b47b9b7

SHA1
7b41af6e6f6fd49375c943fd6d929e68f51beb52

SHA256
fd33a3e2cce8890fd609c71bd2c4dc71e98c87571e98130e9bc744a8517cf772

SHA512
4bf4ef268109f2a8f3b3fc6a8f0a994320baca1d907a8f7be4b7c3f096c142db34b4764a6f391b271ceada8baee7ac016ebad973de7814678ebfdfaa9ffa405f

Download Submit
C:\Windows\system\vwYMQjb.exe

Filesize
6.0MB

MD5
a45416329c2c4ced34e9b784874c3828

SHA1
4ffd20e56011c75afbf7bd5c05b8e20d4eff086a

SHA256
711188fac6e46096af39ef6117ee77ebbad610c6ee81f99e3d654d769c4ca8e1

SHA512
57fcc9a5923703f8ba1485822618f51416f7e41069994411df8bffb0e2c2f6b10eeb4a3f6013800d57e5753b65e175a114b0f790028f958757d482e41d4f2fab

Download Submit
C:\Windows\system\wNsGugf.exe

Filesize
6.0MB

MD5
b0da225cfdb59f79d98c47380ce5ea68

SHA1
c50d2bf90afbad15961d8a4278158d1f59b216d3

SHA256
d857ea040d4d0fff92ca7ad0cb3fadae8d87484674cdc4a26eb376906e1a2aaf

SHA512
d674e30eeeb1f48462dd48a0fbd8e36b966e18a24b5207e1d7f830201756ce325e0227cbd949598341580b2e697f300165a13ccd7be147b1043df5ebe7ce3d03

Download Submit
C:\Windows\system\ylOeckb.exe

Filesize
6.0MB

MD5
3fe44b576e976efd2bcc33609d67d983

SHA1
554a104f54a4e85ef33021f973e7bd7610a1bfe4

SHA256
56ab74ad1fd2dc5db9959391a8e928474c79e741cd7d746242c3f4f5ee0f1810

SHA512
0d1a133039c7883d5adc10b420a112652baf6c13b838cbcde73b8b22dadb8aaee0332da1c0478b3d55c7b67d4bf9ae64c6c726cbe19acb8cf4d84c0299c7d612

Download Submit
C:\Windows\system\ysGZXCT.exe

Filesize
6.0MB

MD5
428c6bcabe2c693d235179ed8229eae4

SHA1
de48a48a89753909f2623f04c7dc11a0ce5f2a67

SHA256
59d72f5af61554713670069f4db0ea52bcb81da30e42f18d83cdabef9349718f

SHA512
8b8084e3a5163524932d19510e84c20cb62c72e4454f2b20494f65e51a86042b38dfc83cb0dbe04d7647432c49ad2f142cdfde48ac1ff44ca4595f7196806890

Download Submit
C:\Windows\system\zGWQvxB.exe

Filesize
6.0MB

MD5
cf723c7b3b323fc06e60c1b932b1bdbf

SHA1
da9ab9953256fea67a70c64e666d94babcb22f10

SHA256
191c7e808dbd58b278923c0b7fe1de5daefdb9df742c9570e774fe6a7b29c3da

SHA512
1ea5946e217acf1095b859eca917c9d814041680e057ed56f3b73f81057d222080700de7225054591b5fedf387a8ae99e9dcba81dfce66c0707539acab9fd5c4

Download Submit
C:\Windows\system\zVITDki.exe

Filesize
6.0MB

MD5
7d4b593f49ab44f2b6143fe368ce9d9a

SHA1
c9dd1ea699802f34f093f71be5307224d274cb42

SHA256
18f9ef5ae6d13804b7c07e0a34324b1a1b03cafea17dd06f73d2e82791722e2c

SHA512
5c29811127166e90375742ca1caee8569c23566bda2acf6798c855cdb7bd662698f2101a57aad78635877c772f076a8634055cced8a1cbfeb61f0b9a67a1f23f

Download Submit
\Windows\system\DvRgMfk.exe

Filesize
6.0MB

MD5
9d6a672b27bbb85360d11ed6879453a7

SHA1
38811d2407de4483781f037061fb03fee2013758

SHA256
9ac2c5d172641a14cd5010e4c27f30758098344a405efa6965a10637e979e94f

SHA512
afb66301307dc22592b472e5a62b5112c451a897dbb95c9fc9e89f8c4bf876eb0addf5a7821f4d4a1f647531038126bb823ccb029e2de090cddd83afb123608b

Download Submit
\Windows\system\EhVwTdj.exe

Filesize
6.0MB

MD5
52f2f97c2e0b1956da872589c04c36d4

SHA1
73afe35ce528c79aa251ebb6ea19fff519b55928

SHA256
a3150c089be872b24fb0a523749433fc2d1a75ddc10eb3292230d3813848088d

SHA512
fbd50f071e59932bf0c9faa4bd483286ea304e2d69e720464b5c8c4fa2e2fe21f566a769c45a99783aaf96d3924db9f40f147ba161aefec3021652c8b398b14a

Download Submit
\Windows\system\HMKnPDx.exe

Filesize
6.0MB

MD5
1cd1bc2bff410206f9671c6d4428f6f3

SHA1
7462acb9d9e110cf92b7d8b2c4a0a40717525f58

SHA256
b485df53b787ffab5d81d691c5dc0b94548612a114e90c6d6b10965c3966a65a

SHA512
8a4bbd9a0a48a7941b4e8a83d671e357dae9a740a4779a47e8044198ad8aee0983b5ed46f81072c71a476cbe2d908b34033c747d3a2597ab992a64786a68d3ef

Download Submit
\Windows\system\HXucjWH.exe

Filesize
6.0MB

MD5
1a7f69f04d4749629877f5105ea2ec84

SHA1
914a0868e0a7647a6e8f36c69b0734cbe5f1a95e

SHA256
a20df99cfb580488ddafe1915212eebb8d0f51d98771f533aec5c2849157a0aa

SHA512
70bfd31740f581d5d7c3629cf885706c130206ddf63fecb92eff25c7ad433c6a551db6ab5df2e19095f56aec8bb4fe7aba78a3ea8c2185ad8df5e0c8f39072aa

Download Submit
\Windows\system\IHmkyVU.exe

Filesize
6.0MB

MD5
96381b1d2011728e9257714fe74d210b

SHA1
3a08e410e9da51214bd4863c506bea681e11b2c9

SHA256
7858b13aee5fcf15bf6763dda01998c7e05ccab4ac6bea9b8187c17a07cc0b61

SHA512
dfb32e8239bb1bd92d7a66cb9f6c4032ea7f66fbd95b4bf59bc8c8a8604d8a6bb268987bc63f10a7e1e7bc57eb16bf9b3c8b7ac2f304553cad8e9fe26d6119f6

Download Submit
\Windows\system\Kqjvynf.exe

Filesize
6.0MB

MD5
86c89ab175ae38a18f2510374758d346

SHA1
2269949cd1a1bbffbb75f6b75c5945026908bc30

SHA256
bc9ef2b4ae9cac03490b2af676af7afe730e137cb01294dc3d4618c98a11279b

SHA512
7eb0e741d7ce04ab1b8664797454eb24f503f65c66263cafd0988bcf6399d54ca319cb07fe93ffca61f0ddbe3dc0ffe31088e9f5514d062aa4ff4e7d4919a9d1

Download Submit
\Windows\system\VjyFHsj.exe

Filesize
6.0MB

MD5
41f736fea43d02ffa19ca32fd13cc4ea

SHA1
a4bc6986dddc3c2396a9000c7abcf1921130983c

SHA256
6b327fa40354f326671a4efe5f996ffc85397628f7e907960380ff68fe743612

SHA512
e24ee89f074ebec762e7546529d07e925d41dd4f5d86f559cf297b470da2f839df1e7255e6bb66f051cf435301aa54c80d22af5c1b9a5138f91ee449aebcf231

Download Submit
\Windows\system\WEiCgXj.exe

Filesize
6.0MB

MD5
a9a891de48743307fd3ab31dcc866e6b

SHA1
b6a41ab116ac6939b6d2b5cddbe1c591e20103fe

SHA256
f855988c3a3f8b1b4c2b5e4a7b520739faa5ca3cd3c9a481b06dda8368a89d20

SHA512
c01343d96213633c11982b7a1bff850c7c812700e7b759a85d9f1eee147aad3029ad99cfd4eb6502aba27be26368b725bf6a481b861c8ba74731025b8eaf6a9c

Download Submit
\Windows\system\mdMromC.exe

Filesize
6.0MB

MD5
c4ac85b5dbd2036f4aec2ddad246ecd2

SHA1
dceb63fa12b1a0e257169830c03ada5372164fe9

SHA256
e5778ef649ff96bf11c5092c2a7de766d8a98a2e4bf55ee611384397bc1c2107

SHA512
acd70257083ce5e6055b64eba44c4d0da440c8fbe7d06807f986c27721c6d16d7e9b039c6ca1e98403b383e5c83d6499cf272bed111ae7c9b8e9fb3ae496d49e

Download Submit
\Windows\system\ypeAAos.exe

Filesize
6.0MB

MD5
485f25b1ee996bdb7c9976eba7a7dec9

SHA1
ff4129b9e02ea9983b4283a3824695c0bd2bcf8b

SHA256
d324a9d4251e56d0a01d3ab93da5859ac05c3d34a27d75af0c9c34043c0440c6

SHA512
1593e9167b367c906986f6ca7e36c600ea94e3754eeca652874a0f9cff35ddd7fcd7b7e8552802f8967d7e8264d41956a88ae833582717cb503b652a17e75671

Download Submit
memory/264-175-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1196-1589-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1196-196-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1196-182-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/1196-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1196-180-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1196-1737-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1196-178-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1196-176-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1196-184-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1196-174-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1196-1592-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1196-1591-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1196-186-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1196-1590-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1196-188-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1196-0-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1196-190-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1196-1440-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1196-199-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1196-192-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1196-198-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1196-194-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1400-137-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/1892-4043-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1892-173-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-4041-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2572-177-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2628-195-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2628-4039-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2732-4046-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2732-197-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2756-4024-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2756-179-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2768-4026-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-183-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-191-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-4038-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-189-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2788-4040-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2812-4044-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2812-193-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2816-187-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2864-4045-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-181-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-4042-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2992-185-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download