cobaltstrike | 4238b67d6b82a6448ee17e6de2033aed5b4d486147b5d8f19495a0d214f57cf6

Analysis

max time kernel
149s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
28-01-2025 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0870d757db268e7d43a8647a70892ceb
SHA1

15c24c9eae1349dd7e6e94df93e3adcb983e9adc
SHA256

4238b67d6b82a6448ee17e6de2033aed5b4d486147b5d8f19495a0d214f57cf6
SHA512

058b83b599c8df05a785b8d1217fd28ca6872ae7888ce0bac72560543bd6899441c0afeb8430c28f610cd2c0f7ee5078bed43e5669893550f25917338038ef75
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUp:T+q56utgpPF8u/7p

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012263-6.dat	cobalt_reflective_dll
behavioral1/files/0x0028000000016fe5-8.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000186b7-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b28-23.dat	cobalt_reflective_dll
behavioral1/files/0x00150000000170f8-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b50-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b54-41.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b64-51.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019489-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-91.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-70.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018b59-46.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2248-0-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/files/0x000b000000012263-6.dat	xmrig
behavioral1/files/0x0028000000016fe5-8.dat	xmrig
behavioral1/memory/2712-15-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2260-16-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x00080000000186b7-10.dat	xmrig
behavioral1/memory/2356-21-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2248-20-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b28-23.dat	xmrig
behavioral1/files/0x00150000000170f8-32.dat	xmrig
behavioral1/files/0x0007000000018b50-35.dat	xmrig
behavioral1/files/0x0007000000018b54-41.dat	xmrig
behavioral1/files/0x0008000000018b64-51.dat	xmrig
behavioral1/files/0x0006000000019489-56.dat	xmrig
behavioral1/files/0x0005000000019643-60.dat	xmrig
behavioral1/files/0x000500000001975a-65.dat	xmrig
behavioral1/files/0x00050000000197fd-76.dat	xmrig
behavioral1/files/0x0005000000019820-80.dat	xmrig
behavioral1/files/0x0005000000019bf5-91.dat	xmrig
behavioral1/files/0x0005000000019bf6-95.dat	xmrig
behavioral1/files/0x0005000000019c3c-105.dat	xmrig
behavioral1/files/0x0005000000019bf9-100.dat	xmrig
behavioral1/files/0x0005000000019d61-111.dat	xmrig
behavioral1/files/0x0005000000019d6d-120.dat	xmrig
behavioral1/files/0x0005000000019fdd-136.dat	xmrig
behavioral1/files/0x000500000001a03c-141.dat	xmrig
behavioral1/files/0x000500000001a0b6-151.dat	xmrig
behavioral1/files/0x000500000001a309-156.dat	xmrig
behavioral1/memory/2892-588-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2688-600-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/1376-604-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2476-602-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2460-590-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2804-596-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2248-793-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2632-598-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2356-921-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/3008-594-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2116-592-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2876-585-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2788-586-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3f6-166.dat	xmrig
behavioral1/files/0x000500000001a3ab-161.dat	xmrig
behavioral1/files/0x000500000001a049-146.dat	xmrig
behavioral1/files/0x0005000000019fd4-131.dat	xmrig
behavioral1/files/0x0005000000019e92-126.dat	xmrig
behavioral1/files/0x0005000000019d62-115.dat	xmrig
behavioral1/files/0x000500000001998d-85.dat	xmrig
behavioral1/files/0x0005000000019761-70.dat	xmrig
behavioral1/files/0x0009000000018b59-46.dat	xmrig
behavioral1/memory/2712-1623-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2260-1622-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2876-1678-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2356-1687-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2892-1710-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2460-1727-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/3008-1729-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2116-1728-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2804-1758-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2476-1793-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/1376-1798-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2632-1792-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2688-1782-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2788-1824-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2260	PuswYFF.exe
2712	pNCTMgx.exe
2356	fjUJtkW.exe
2876	iUWSnzd.exe
2788	MEqSJff.exe
2892	VtkEFpQ.exe
2460	fTAWgNd.exe
2116	shweClo.exe
3008	tJmPcsG.exe
2804	BxZSTMO.exe
2632	JJnXWDd.exe
2688	PVdveME.exe
2476	VFdhxOp.exe
1376	RPKCORz.exe
1348	YpjFnbS.exe
1616	MBlkcQH.exe
2928	GLQNrZt.exe
3000	NGmOkAx.exe
2988	vrIYJPA.exe
1320	FxxfouX.exe
236	RikzTbJ.exe
1728	QZyFDLs.exe
308	VUEBtmy.exe
1468	attHDxl.exe
844	VZOvZeK.exe
2672	jDZYgcN.exe
1444	QmqHrWI.exe
1452	ecVHyqP.exe
1936	sZjwaGl.exe
1756	GnqmBqT.exe
2172	HaruqxJ.exe
3052	uTMmFvs.exe
1916	dcTbYjn.exe
2096	HsGIyqA.exe
2380	ErzQbLK.exe
3048	fiuAiaC.exe
900	EWyeLxs.exe
1536	pvGCqud.exe
764	WeQyjvc.exe
2516	SMIxJIC.exe
1700	cFBSwAn.exe
1860	YtPnXZa.exe
956	efWVDLt.exe
1764	Zwpnfvy.exe
1556	BJMACTp.exe
1892	fKnUeLj.exe
2200	DAPjsRd.exe
2348	Qoavmpl.exe
1960	LJseNLL.exe
2584	mYKutZy.exe
2300	EDtjnTY.exe
1524	BclpykG.exe
2056	dYMYUzV.exe
2532	msNHpME.exe
1508	ycdPdIb.exe
2556	RbmqzuC.exe
1600	KxkIeVI.exe
2716	QCYaSXB.exe
3036	dvinqWz.exe
1640	qzKNXst.exe
2480	UwttVAV.exe
2812	PXAmUiM.exe
2064	GlInzzx.exe
2264	OwewarB.exe

Loads dropped DLL 64 IoCs

pid	Process
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2248-0-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x000b000000012263-6.dat	upx
behavioral1/files/0x0028000000016fe5-8.dat	upx
behavioral1/memory/2712-15-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2260-16-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x00080000000186b7-10.dat	upx
behavioral1/memory/2356-21-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x0007000000018b28-23.dat	upx
behavioral1/files/0x00150000000170f8-32.dat	upx
behavioral1/files/0x0007000000018b50-35.dat	upx
behavioral1/files/0x0007000000018b54-41.dat	upx
behavioral1/files/0x0008000000018b64-51.dat	upx
behavioral1/files/0x0006000000019489-56.dat	upx
behavioral1/files/0x0005000000019643-60.dat	upx
behavioral1/files/0x000500000001975a-65.dat	upx
behavioral1/files/0x00050000000197fd-76.dat	upx
behavioral1/files/0x0005000000019820-80.dat	upx
behavioral1/files/0x0005000000019bf5-91.dat	upx
behavioral1/files/0x0005000000019bf6-95.dat	upx
behavioral1/files/0x0005000000019c3c-105.dat	upx
behavioral1/files/0x0005000000019bf9-100.dat	upx
behavioral1/files/0x0005000000019d61-111.dat	upx
behavioral1/files/0x0005000000019d6d-120.dat	upx
behavioral1/files/0x0005000000019fdd-136.dat	upx
behavioral1/files/0x000500000001a03c-141.dat	upx
behavioral1/files/0x000500000001a0b6-151.dat	upx
behavioral1/files/0x000500000001a309-156.dat	upx
behavioral1/memory/2892-588-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2688-600-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/1376-604-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2476-602-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2460-590-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2804-596-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2248-793-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2632-598-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2356-921-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/3008-594-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2116-592-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2876-585-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2788-586-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x000500000001a3f6-166.dat	upx
behavioral1/files/0x000500000001a3ab-161.dat	upx
behavioral1/files/0x000500000001a049-146.dat	upx
behavioral1/files/0x0005000000019fd4-131.dat	upx
behavioral1/files/0x0005000000019e92-126.dat	upx
behavioral1/files/0x0005000000019d62-115.dat	upx
behavioral1/files/0x000500000001998d-85.dat	upx
behavioral1/files/0x0005000000019761-70.dat	upx
behavioral1/files/0x0009000000018b59-46.dat	upx
behavioral1/memory/2712-1623-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2260-1622-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2876-1678-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2356-1687-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2892-1710-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2460-1727-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/3008-1729-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2116-1728-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2804-1758-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2476-1793-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/1376-1798-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2632-1792-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2688-1782-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2788-1824-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dkjDMEu.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wcevtgE.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wzuqYBX.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdJotKi.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WrqisWu.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yFOuCSx.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CWZyOvU.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pmQzooR.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OvpoheX.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bGzFJST.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uwKwYnD.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ToBZWug.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZiGnZqb.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AMetrus.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GiaorJm.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OCQLGyr.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dPlvHqm.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMeYwKY.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WNWKQos.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbkEiRm.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOAUwLo.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SATjboG.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mmkFwrU.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lXyucWR.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qwNeGvB.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mqLXhVp.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyoQwYx.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qwAIhmh.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgfjoQH.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PniJwYA.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XtyQpJg.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zQkvURI.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\POTpdBe.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVMESzI.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DmEophX.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ODCRQKz.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzhRqfb.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SAvehtW.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UqvDoqa.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oJzdxGy.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpLjzft.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qBBgYNk.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hrQuYnh.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCRZUim.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hsJbBPQ.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNBvQSp.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ggLfOIl.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\stOiDdk.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jeevqON.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gtESjYj.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ELYCgPw.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YeNwrWu.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ljRVGFQ.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPKCORz.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRXGHFr.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yLfJFLu.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MUpChsE.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IcUmBcy.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cRWeKcH.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lTwhYpN.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WDdZNBq.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rnMNzYS.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ULpaTaE.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YAJmxup.exe	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2260	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2248 wrote to memory of 2260	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2248 wrote to memory of 2260	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2248 wrote to memory of 2712	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2248 wrote to memory of 2712	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2248 wrote to memory of 2712	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2248 wrote to memory of 2356	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2248 wrote to memory of 2356	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2248 wrote to memory of 2356	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2248 wrote to memory of 2876	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2248 wrote to memory of 2876	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2248 wrote to memory of 2876	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2248 wrote to memory of 2788	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2248 wrote to memory of 2788	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2248 wrote to memory of 2788	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2248 wrote to memory of 2892	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2248 wrote to memory of 2892	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2248 wrote to memory of 2892	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2248 wrote to memory of 2460	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2248 wrote to memory of 2460	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2248 wrote to memory of 2460	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2248 wrote to memory of 2116	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2248 wrote to memory of 2116	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2248 wrote to memory of 2116	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2248 wrote to memory of 3008	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2248 wrote to memory of 3008	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2248 wrote to memory of 3008	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2248 wrote to memory of 2804	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2248 wrote to memory of 2804	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2248 wrote to memory of 2804	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2248 wrote to memory of 2632	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2248 wrote to memory of 2632	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2248 wrote to memory of 2632	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2248 wrote to memory of 2688	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2248 wrote to memory of 2688	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2248 wrote to memory of 2688	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2248 wrote to memory of 2476	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2248 wrote to memory of 2476	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2248 wrote to memory of 2476	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2248 wrote to memory of 1376	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2248 wrote to memory of 1376	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2248 wrote to memory of 1376	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2248 wrote to memory of 1348	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2248 wrote to memory of 1348	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2248 wrote to memory of 1348	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2248 wrote to memory of 1616	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2248 wrote to memory of 1616	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2248 wrote to memory of 1616	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2248 wrote to memory of 2928	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2248 wrote to memory of 2928	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2248 wrote to memory of 2928	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2248 wrote to memory of 3000	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2248 wrote to memory of 3000	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2248 wrote to memory of 3000	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2248 wrote to memory of 2988	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2248 wrote to memory of 2988	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2248 wrote to memory of 2988	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2248 wrote to memory of 1320	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2248 wrote to memory of 1320	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2248 wrote to memory of 1320	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2248 wrote to memory of 236	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2248 wrote to memory of 236	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2248 wrote to memory of 236	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2248 wrote to memory of 1728	2248	2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-28_0870d757db268e7d43a8647a70892ceb_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Windows\System\PuswYFF.exe
  C:\Windows\System\PuswYFF.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\pNCTMgx.exe
  C:\Windows\System\pNCTMgx.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\fjUJtkW.exe
  C:\Windows\System\fjUJtkW.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\iUWSnzd.exe
  C:\Windows\System\iUWSnzd.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\MEqSJff.exe
  C:\Windows\System\MEqSJff.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\VtkEFpQ.exe
  C:\Windows\System\VtkEFpQ.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\fTAWgNd.exe
  C:\Windows\System\fTAWgNd.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\shweClo.exe
  C:\Windows\System\shweClo.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\tJmPcsG.exe
  C:\Windows\System\tJmPcsG.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\BxZSTMO.exe
  C:\Windows\System\BxZSTMO.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\JJnXWDd.exe
  C:\Windows\System\JJnXWDd.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\PVdveME.exe
  C:\Windows\System\PVdveME.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\VFdhxOp.exe
  C:\Windows\System\VFdhxOp.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\RPKCORz.exe
  C:\Windows\System\RPKCORz.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\YpjFnbS.exe
  C:\Windows\System\YpjFnbS.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\MBlkcQH.exe
  C:\Windows\System\MBlkcQH.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\GLQNrZt.exe
  C:\Windows\System\GLQNrZt.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\NGmOkAx.exe
  C:\Windows\System\NGmOkAx.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\vrIYJPA.exe
  C:\Windows\System\vrIYJPA.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\FxxfouX.exe
  C:\Windows\System\FxxfouX.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\RikzTbJ.exe
  C:\Windows\System\RikzTbJ.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\QZyFDLs.exe
  C:\Windows\System\QZyFDLs.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\VUEBtmy.exe
  C:\Windows\System\VUEBtmy.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\attHDxl.exe
  C:\Windows\System\attHDxl.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\VZOvZeK.exe
  C:\Windows\System\VZOvZeK.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\jDZYgcN.exe
  C:\Windows\System\jDZYgcN.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\QmqHrWI.exe
  C:\Windows\System\QmqHrWI.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\ecVHyqP.exe
  C:\Windows\System\ecVHyqP.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\sZjwaGl.exe
  C:\Windows\System\sZjwaGl.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\GnqmBqT.exe
  C:\Windows\System\GnqmBqT.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\HaruqxJ.exe
  C:\Windows\System\HaruqxJ.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\uTMmFvs.exe
  C:\Windows\System\uTMmFvs.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\dcTbYjn.exe
  C:\Windows\System\dcTbYjn.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\HsGIyqA.exe
  C:\Windows\System\HsGIyqA.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\ErzQbLK.exe
  C:\Windows\System\ErzQbLK.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\fiuAiaC.exe
  C:\Windows\System\fiuAiaC.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\EWyeLxs.exe
  C:\Windows\System\EWyeLxs.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\pvGCqud.exe
  C:\Windows\System\pvGCqud.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\WeQyjvc.exe
  C:\Windows\System\WeQyjvc.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\SMIxJIC.exe
  C:\Windows\System\SMIxJIC.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\cFBSwAn.exe
  C:\Windows\System\cFBSwAn.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\YtPnXZa.exe
  C:\Windows\System\YtPnXZa.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\efWVDLt.exe
  C:\Windows\System\efWVDLt.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\BJMACTp.exe
  C:\Windows\System\BJMACTp.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\Zwpnfvy.exe
  C:\Windows\System\Zwpnfvy.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\fKnUeLj.exe
  C:\Windows\System\fKnUeLj.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\DAPjsRd.exe
  C:\Windows\System\DAPjsRd.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\Qoavmpl.exe
  C:\Windows\System\Qoavmpl.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\LJseNLL.exe
  C:\Windows\System\LJseNLL.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\mYKutZy.exe
  C:\Windows\System\mYKutZy.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\EDtjnTY.exe
  C:\Windows\System\EDtjnTY.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\dYMYUzV.exe
  C:\Windows\System\dYMYUzV.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\BclpykG.exe
  C:\Windows\System\BclpykG.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\qzKNXst.exe
  C:\Windows\System\qzKNXst.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\msNHpME.exe
  C:\Windows\System\msNHpME.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\UwttVAV.exe
  C:\Windows\System\UwttVAV.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\ycdPdIb.exe
  C:\Windows\System\ycdPdIb.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\GlInzzx.exe
  C:\Windows\System\GlInzzx.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\RbmqzuC.exe
  C:\Windows\System\RbmqzuC.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\OwewarB.exe
  C:\Windows\System\OwewarB.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\KxkIeVI.exe
  C:\Windows\System\KxkIeVI.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\NcDuKQW.exe
  C:\Windows\System\NcDuKQW.exe
  2⤵
  PID:928
- C:\Windows\System\QCYaSXB.exe
  C:\Windows\System\QCYaSXB.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\qRvLEiv.exe
  C:\Windows\System\qRvLEiv.exe
  2⤵
  PID:2760
- C:\Windows\System\dvinqWz.exe
  C:\Windows\System\dvinqWz.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\IXrEOaK.exe
  C:\Windows\System\IXrEOaK.exe
  2⤵
  PID:2176
- C:\Windows\System\PXAmUiM.exe
  C:\Windows\System\PXAmUiM.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\mlTzBHx.exe
  C:\Windows\System\mlTzBHx.exe
  2⤵
  PID:2228
- C:\Windows\System\ooiMbVG.exe
  C:\Windows\System\ooiMbVG.exe
  2⤵
  PID:2612
- C:\Windows\System\LHllPMn.exe
  C:\Windows\System\LHllPMn.exe
  2⤵
  PID:2952
- C:\Windows\System\jelaPJL.exe
  C:\Windows\System\jelaPJL.exe
  2⤵
  PID:2996
- C:\Windows\System\iKDJRFY.exe
  C:\Windows\System\iKDJRFY.exe
  2⤵
  PID:1788
- C:\Windows\System\iIPOMCu.exe
  C:\Windows\System\iIPOMCu.exe
  2⤵
  PID:1732
- C:\Windows\System\jncRXaf.exe
  C:\Windows\System\jncRXaf.exe
  2⤵
  PID:1632
- C:\Windows\System\NZCFCYJ.exe
  C:\Windows\System\NZCFCYJ.exe
  2⤵
  PID:2436
- C:\Windows\System\qHXYodj.exe
  C:\Windows\System\qHXYodj.exe
  2⤵
  PID:1064
- C:\Windows\System\whfnPzJ.exe
  C:\Windows\System\whfnPzJ.exe
  2⤵
  PID:1856
- C:\Windows\System\kdyHZHL.exe
  C:\Windows\System\kdyHZHL.exe
  2⤵
  PID:872
- C:\Windows\System\ZHFvuaU.exe
  C:\Windows\System\ZHFvuaU.exe
  2⤵
  PID:2368
- C:\Windows\System\cYGVZiD.exe
  C:\Windows\System\cYGVZiD.exe
  2⤵
  PID:2452
- C:\Windows\System\rUkWMzV.exe
  C:\Windows\System\rUkWMzV.exe
  2⤵
  PID:2580
- C:\Windows\System\ARCPmaM.exe
  C:\Windows\System\ARCPmaM.exe
  2⤵
  PID:2588
- C:\Windows\System\BmVDDLn.exe
  C:\Windows\System\BmVDDLn.exe
  2⤵
  PID:588
- C:\Windows\System\hwWcwXj.exe
  C:\Windows\System\hwWcwXj.exe
  2⤵
  PID:2400
- C:\Windows\System\nnFYoZi.exe
  C:\Windows\System\nnFYoZi.exe
  2⤵
  PID:1092
- C:\Windows\System\ROdoQDF.exe
  C:\Windows\System\ROdoQDF.exe
  2⤵
  PID:2068
- C:\Windows\System\loozQkl.exe
  C:\Windows\System\loozQkl.exe
  2⤵
  PID:2468
- C:\Windows\System\YAvylKk.exe
  C:\Windows\System\YAvylKk.exe
  2⤵
  PID:2496
- C:\Windows\System\xIrZtCt.exe
  C:\Windows\System\xIrZtCt.exe
  2⤵
  PID:2860
- C:\Windows\System\WkskVfO.exe
  C:\Windows\System\WkskVfO.exe
  2⤵
  PID:936
- C:\Windows\System\RtViYYM.exe
  C:\Windows\System\RtViYYM.exe
  2⤵
  PID:1612
- C:\Windows\System\FXGTxxu.exe
  C:\Windows\System\FXGTxxu.exe
  2⤵
  PID:2448
- C:\Windows\System\KbsCfzk.exe
  C:\Windows\System\KbsCfzk.exe
  2⤵
  PID:580
- C:\Windows\System\VNAhQua.exe
  C:\Windows\System\VNAhQua.exe
  2⤵
  PID:1548
- C:\Windows\System\GpfOAKn.exe
  C:\Windows\System\GpfOAKn.exe
  2⤵
  PID:428
- C:\Windows\System\gXfTVYG.exe
  C:\Windows\System\gXfTVYG.exe
  2⤵
  PID:2372
- C:\Windows\System\nObbahk.exe
  C:\Windows\System\nObbahk.exe
  2⤵
  PID:2292
- C:\Windows\System\cnuTCaJ.exe
  C:\Windows\System\cnuTCaJ.exe
  2⤵
  PID:2740
- C:\Windows\System\NguLkXk.exe
  C:\Windows\System\NguLkXk.exe
  2⤵
  PID:2904
- C:\Windows\System\CQReuBp.exe
  C:\Windows\System\CQReuBp.exe
  2⤵
  PID:1576
- C:\Windows\System\mjfANcK.exe
  C:\Windows\System\mjfANcK.exe
  2⤵
  PID:2900
- C:\Windows\System\DJpUVKX.exe
  C:\Windows\System\DJpUVKX.exe
  2⤵
  PID:2392
- C:\Windows\System\lwVBprw.exe
  C:\Windows\System\lwVBprw.exe
  2⤵
  PID:2752
- C:\Windows\System\VzqVdoK.exe
  C:\Windows\System\VzqVdoK.exe
  2⤵
  PID:2600
- C:\Windows\System\vGzkTxv.exe
  C:\Windows\System\vGzkTxv.exe
  2⤵
  PID:1692
- C:\Windows\System\lfHyHjK.exe
  C:\Windows\System\lfHyHjK.exe
  2⤵
  PID:1988
- C:\Windows\System\xCnXfYL.exe
  C:\Windows\System\xCnXfYL.exe
  2⤵
  PID:1476
- C:\Windows\System\xiGQvrd.exe
  C:\Windows\System\xiGQvrd.exe
  2⤵
  PID:1932
- C:\Windows\System\pmvjeum.exe
  C:\Windows\System\pmvjeum.exe
  2⤵
  PID:2376
- C:\Windows\System\gTnzoxt.exe
  C:\Windows\System\gTnzoxt.exe
  2⤵
  PID:1628
- C:\Windows\System\nnvKElz.exe
  C:\Windows\System\nnvKElz.exe
  2⤵
  PID:2112
- C:\Windows\System\rmIgfXT.exe
  C:\Windows\System\rmIgfXT.exe
  2⤵
  PID:2492
- C:\Windows\System\saeAXrS.exe
  C:\Windows\System\saeAXrS.exe
  2⤵
  PID:912
- C:\Windows\System\GFBZoNi.exe
  C:\Windows\System\GFBZoNi.exe
  2⤵
  PID:924
- C:\Windows\System\aQdgLhv.exe
  C:\Windows\System\aQdgLhv.exe
  2⤵
  PID:948
- C:\Windows\System\JADGwZw.exe
  C:\Windows\System\JADGwZw.exe
  2⤵
  PID:2440
- C:\Windows\System\aBkCKue.exe
  C:\Windows\System\aBkCKue.exe
  2⤵
  PID:604
- C:\Windows\System\bczhFaJ.exe
  C:\Windows\System\bczhFaJ.exe
  2⤵
  PID:2304
- C:\Windows\System\YfgFXWI.exe
  C:\Windows\System\YfgFXWI.exe
  2⤵
  PID:1480
- C:\Windows\System\yIyRRDt.exe
  C:\Windows\System\yIyRRDt.exe
  2⤵
  PID:2604
- C:\Windows\System\puqQcbv.exe
  C:\Windows\System\puqQcbv.exe
  2⤵
  PID:1704
- C:\Windows\System\PCMfhqw.exe
  C:\Windows\System\PCMfhqw.exe
  2⤵
  PID:2652
- C:\Windows\System\ItqyMts.exe
  C:\Windows\System\ItqyMts.exe
  2⤵
  PID:880
- C:\Windows\System\qZETrKx.exe
  C:\Windows\System\qZETrKx.exe
  2⤵
  PID:2552
- C:\Windows\System\hgAgNxk.exe
  C:\Windows\System\hgAgNxk.exe
  2⤵
  PID:2720
- C:\Windows\System\iYWIEcj.exe
  C:\Windows\System\iYWIEcj.exe
  2⤵
  PID:1384
- C:\Windows\System\rFjjdti.exe
  C:\Windows\System\rFjjdti.exe
  2⤵
  PID:2844
- C:\Windows\System\AAHMzUj.exe
  C:\Windows\System\AAHMzUj.exe
  2⤵
  PID:2020
- C:\Windows\System\bqpINJe.exe
  C:\Windows\System\bqpINJe.exe
  2⤵
  PID:1296
- C:\Windows\System\JQiZspj.exe
  C:\Windows\System\JQiZspj.exe
  2⤵
  PID:2108
- C:\Windows\System\FGennkz.exe
  C:\Windows\System\FGennkz.exe
  2⤵
  PID:832
- C:\Windows\System\BwVSlHL.exe
  C:\Windows\System\BwVSlHL.exe
  2⤵
  PID:972
- C:\Windows\System\eBQFRlm.exe
  C:\Windows\System\eBQFRlm.exe
  2⤵
  PID:1496
- C:\Windows\System\dODIqhR.exe
  C:\Windows\System\dODIqhR.exe
  2⤵
  PID:2852
- C:\Windows\System\vXuEYYg.exe
  C:\Windows\System\vXuEYYg.exe
  2⤵
  PID:860
- C:\Windows\System\mOhbzvw.exe
  C:\Windows\System\mOhbzvw.exe
  2⤵
  PID:1472
- C:\Windows\System\qoxQdqv.exe
  C:\Windows\System\qoxQdqv.exe
  2⤵
  PID:2592
- C:\Windows\System\qBBgYNk.exe
  C:\Windows\System\qBBgYNk.exe
  2⤵
  PID:2060
- C:\Windows\System\LoEEpGu.exe
  C:\Windows\System\LoEEpGu.exe
  2⤵
  PID:1712
- C:\Windows\System\RzlfMdY.exe
  C:\Windows\System\RzlfMdY.exe
  2⤵
  PID:560
- C:\Windows\System\UgEhjtS.exe
  C:\Windows\System\UgEhjtS.exe
  2⤵
  PID:624
- C:\Windows\System\nYCGqsx.exe
  C:\Windows\System\nYCGqsx.exe
  2⤵
  PID:3076
- C:\Windows\System\NPcMXTi.exe
  C:\Windows\System\NPcMXTi.exe
  2⤵
  PID:3096
- C:\Windows\System\qiNvZxH.exe
  C:\Windows\System\qiNvZxH.exe
  2⤵
  PID:3116
- C:\Windows\System\wCMlqdP.exe
  C:\Windows\System\wCMlqdP.exe
  2⤵
  PID:3132
- C:\Windows\System\gUoMHdV.exe
  C:\Windows\System\gUoMHdV.exe
  2⤵
  PID:3156
- C:\Windows\System\gdwGYcH.exe
  C:\Windows\System\gdwGYcH.exe
  2⤵
  PID:3180
- C:\Windows\System\xYTvZya.exe
  C:\Windows\System\xYTvZya.exe
  2⤵
  PID:3200
- C:\Windows\System\jgBsBIo.exe
  C:\Windows\System\jgBsBIo.exe
  2⤵
  PID:3220
- C:\Windows\System\VcUlLPB.exe
  C:\Windows\System\VcUlLPB.exe
  2⤵
  PID:3240
- C:\Windows\System\JFMAduF.exe
  C:\Windows\System\JFMAduF.exe
  2⤵
  PID:3256
- C:\Windows\System\HVPMngT.exe
  C:\Windows\System\HVPMngT.exe
  2⤵
  PID:3280
- C:\Windows\System\pZdmTVm.exe
  C:\Windows\System\pZdmTVm.exe
  2⤵
  PID:3300
- C:\Windows\System\NUpoyPQ.exe
  C:\Windows\System\NUpoyPQ.exe
  2⤵
  PID:3320
- C:\Windows\System\vmTFcPg.exe
  C:\Windows\System\vmTFcPg.exe
  2⤵
  PID:3336
- C:\Windows\System\rLcApcf.exe
  C:\Windows\System\rLcApcf.exe
  2⤵
  PID:3356
- C:\Windows\System\SEAcIFo.exe
  C:\Windows\System\SEAcIFo.exe
  2⤵
  PID:3376
- C:\Windows\System\IZUPSuw.exe
  C:\Windows\System\IZUPSuw.exe
  2⤵
  PID:3392
- C:\Windows\System\BsMgBhm.exe
  C:\Windows\System\BsMgBhm.exe
  2⤵
  PID:3412
- C:\Windows\System\pCrPIOo.exe
  C:\Windows\System\pCrPIOo.exe
  2⤵
  PID:3432
- C:\Windows\System\BlQaeSD.exe
  C:\Windows\System\BlQaeSD.exe
  2⤵
  PID:3460
- C:\Windows\System\pdoStXL.exe
  C:\Windows\System\pdoStXL.exe
  2⤵
  PID:3484
- C:\Windows\System\oMEuaEH.exe
  C:\Windows\System\oMEuaEH.exe
  2⤵
  PID:3500
- C:\Windows\System\NHlzuOe.exe
  C:\Windows\System\NHlzuOe.exe
  2⤵
  PID:3516
- C:\Windows\System\rSGpmkQ.exe
  C:\Windows\System\rSGpmkQ.exe
  2⤵
  PID:3540
- C:\Windows\System\wAhhBpc.exe
  C:\Windows\System\wAhhBpc.exe
  2⤵
  PID:3560
- C:\Windows\System\WrqisWu.exe
  C:\Windows\System\WrqisWu.exe
  2⤵
  PID:3576
- C:\Windows\System\ygzaJgy.exe
  C:\Windows\System\ygzaJgy.exe
  2⤵
  PID:3600
- C:\Windows\System\ZlOlrxm.exe
  C:\Windows\System\ZlOlrxm.exe
  2⤵
  PID:3616
- C:\Windows\System\TkCdoGy.exe
  C:\Windows\System\TkCdoGy.exe
  2⤵
  PID:3632
- C:\Windows\System\GBWyOfK.exe
  C:\Windows\System\GBWyOfK.exe
  2⤵
  PID:3652
- C:\Windows\System\icBeaDc.exe
  C:\Windows\System\icBeaDc.exe
  2⤵
  PID:3676
- C:\Windows\System\GvrrYHX.exe
  C:\Windows\System\GvrrYHX.exe
  2⤵
  PID:3792
- C:\Windows\System\MNDtgZs.exe
  C:\Windows\System\MNDtgZs.exe
  2⤵
  PID:3808
- C:\Windows\System\foogGwo.exe
  C:\Windows\System\foogGwo.exe
  2⤵
  PID:3824
- C:\Windows\System\csJmzPm.exe
  C:\Windows\System\csJmzPm.exe
  2⤵
  PID:3844
- C:\Windows\System\RdBgqOI.exe
  C:\Windows\System\RdBgqOI.exe
  2⤵
  PID:3864
- C:\Windows\System\nZWIULb.exe
  C:\Windows\System\nZWIULb.exe
  2⤵
  PID:3908
- C:\Windows\System\WcLBaZP.exe
  C:\Windows\System\WcLBaZP.exe
  2⤵
  PID:3924
- C:\Windows\System\JgbiCKS.exe
  C:\Windows\System\JgbiCKS.exe
  2⤵
  PID:3940
- C:\Windows\System\ENdPPta.exe
  C:\Windows\System\ENdPPta.exe
  2⤵
  PID:3960
- C:\Windows\System\rbBDlCJ.exe
  C:\Windows\System\rbBDlCJ.exe
  2⤵
  PID:3976
- C:\Windows\System\WiNwXYi.exe
  C:\Windows\System\WiNwXYi.exe
  2⤵
  PID:4004
- C:\Windows\System\ivyeIoA.exe
  C:\Windows\System\ivyeIoA.exe
  2⤵
  PID:4020
- C:\Windows\System\zdEnEiS.exe
  C:\Windows\System\zdEnEiS.exe
  2⤵
  PID:4036
- C:\Windows\System\ZGeTGrM.exe
  C:\Windows\System\ZGeTGrM.exe
  2⤵
  PID:4060
- C:\Windows\System\VGFhIBb.exe
  C:\Windows\System\VGFhIBb.exe
  2⤵
  PID:4088
- C:\Windows\System\frSEXQA.exe
  C:\Windows\System\frSEXQA.exe
  2⤵
  PID:2120
- C:\Windows\System\OvzkUGg.exe
  C:\Windows\System\OvzkUGg.exe
  2⤵
  PID:1608
- C:\Windows\System\uqWRQwu.exe
  C:\Windows\System\uqWRQwu.exe
  2⤵
  PID:3012
- C:\Windows\System\yFOuCSx.exe
  C:\Windows\System\yFOuCSx.exe
  2⤵
  PID:836
- C:\Windows\System\HzhRqfb.exe
  C:\Windows\System\HzhRqfb.exe
  2⤵
  PID:964
- C:\Windows\System\xmMcRwh.exe
  C:\Windows\System\xmMcRwh.exe
  2⤵
  PID:1604
- C:\Windows\System\EXgjdFp.exe
  C:\Windows\System\EXgjdFp.exe
  2⤵
  PID:2748
- C:\Windows\System\VLDpqkO.exe
  C:\Windows\System\VLDpqkO.exe
  2⤵
  PID:2104
- C:\Windows\System\vcPEGGg.exe
  C:\Windows\System\vcPEGGg.exe
  2⤵
  PID:3188
- C:\Windows\System\pAFrqCr.exe
  C:\Windows\System\pAFrqCr.exe
  2⤵
  PID:3236
- C:\Windows\System\ieReDdY.exe
  C:\Windows\System\ieReDdY.exe
  2⤵
  PID:3124
- C:\Windows\System\rkjUevs.exe
  C:\Windows\System\rkjUevs.exe
  2⤵
  PID:3272
- C:\Windows\System\HNJacqp.exe
  C:\Windows\System\HNJacqp.exe
  2⤵
  PID:3344
- C:\Windows\System\CZEEtFA.exe
  C:\Windows\System\CZEEtFA.exe
  2⤵
  PID:3212
- C:\Windows\System\blNfzsq.exe
  C:\Windows\System\blNfzsq.exe
  2⤵
  PID:3388
- C:\Windows\System\SKVqklP.exe
  C:\Windows\System\SKVqklP.exe
  2⤵
  PID:3332
- C:\Windows\System\PnBYRYd.exe
  C:\Windows\System\PnBYRYd.exe
  2⤵
  PID:3400
- C:\Windows\System\iWMHEkP.exe
  C:\Windows\System\iWMHEkP.exe
  2⤵
  PID:3440
- C:\Windows\System\dkjDMEu.exe
  C:\Windows\System\dkjDMEu.exe
  2⤵
  PID:3472
- C:\Windows\System\lYrXdkp.exe
  C:\Windows\System\lYrXdkp.exe
  2⤵
  PID:3512
- C:\Windows\System\dQLRVpc.exe
  C:\Windows\System\dQLRVpc.exe
  2⤵
  PID:3524
- C:\Windows\System\BpBZSFU.exe
  C:\Windows\System\BpBZSFU.exe
  2⤵
  PID:3596
- C:\Windows\System\etxORtG.exe
  C:\Windows\System\etxORtG.exe
  2⤵
  PID:3456
- C:\Windows\System\NSShdCs.exe
  C:\Windows\System\NSShdCs.exe
  2⤵
  PID:3532
- C:\Windows\System\ZhOHctT.exe
  C:\Windows\System\ZhOHctT.exe
  2⤵
  PID:3644
- C:\Windows\System\FADZVsn.exe
  C:\Windows\System\FADZVsn.exe
  2⤵
  PID:2780
- C:\Windows\System\JfRcnZk.exe
  C:\Windows\System\JfRcnZk.exe
  2⤵
  PID:3572
- C:\Windows\System\hrQuYnh.exe
  C:\Windows\System\hrQuYnh.exe
  2⤵
  PID:3872
- C:\Windows\System\siezRfY.exe
  C:\Windows\System\siezRfY.exe
  2⤵
  PID:3820
- C:\Windows\System\RCrcLzm.exe
  C:\Windows\System\RCrcLzm.exe
  2⤵
  PID:3780
- C:\Windows\System\bvtQHQa.exe
  C:\Windows\System\bvtQHQa.exe
  2⤵
  PID:3900
- C:\Windows\System\jznxQLl.exe
  C:\Windows\System\jznxQLl.exe
  2⤵
  PID:3932
- C:\Windows\System\psPEruD.exe
  C:\Windows\System\psPEruD.exe
  2⤵
  PID:4048
- C:\Windows\System\rgSmtMg.exe
  C:\Windows\System\rgSmtMg.exe
  2⤵
  PID:2132
- C:\Windows\System\WVASQVt.exe
  C:\Windows\System\WVASQVt.exe
  2⤵
  PID:4032
- C:\Windows\System\IgFgCwh.exe
  C:\Windows\System\IgFgCwh.exe
  2⤵
  PID:4072
- C:\Windows\System\eEbwyCj.exe
  C:\Windows\System\eEbwyCj.exe
  2⤵
  PID:1120
- C:\Windows\System\eVZKneo.exe
  C:\Windows\System\eVZKneo.exe
  2⤵
  PID:868
- C:\Windows\System\lXyucWR.exe
  C:\Windows\System\lXyucWR.exe
  2⤵
  PID:2032
- C:\Windows\System\cwMmSXX.exe
  C:\Windows\System\cwMmSXX.exe
  2⤵
  PID:3092
- C:\Windows\System\LrFZlTK.exe
  C:\Windows\System\LrFZlTK.exe
  2⤵
  PID:3252
- C:\Windows\System\ZFxzAdn.exe
  C:\Windows\System\ZFxzAdn.exe
  2⤵
  PID:3448
- C:\Windows\System\ptpnjnv.exe
  C:\Windows\System\ptpnjnv.exe
  2⤵
  PID:3452
- C:\Windows\System\kXYVtvf.exe
  C:\Windows\System\kXYVtvf.exe
  2⤵
  PID:1740
- C:\Windows\System\ItrnkZU.exe
  C:\Windows\System\ItrnkZU.exe
  2⤵
  PID:2776
- C:\Windows\System\idxMlDY.exe
  C:\Windows\System\idxMlDY.exe
  2⤵
  PID:3228
- C:\Windows\System\jgPxfDq.exe
  C:\Windows\System\jgPxfDq.exe
  2⤵
  PID:3608
- C:\Windows\System\YyYApqJ.exe
  C:\Windows\System\YyYApqJ.exe
  2⤵
  PID:2736
- C:\Windows\System\mgheGFi.exe
  C:\Windows\System\mgheGFi.exe
  2⤵
  PID:3816
- C:\Windows\System\tfmnjZp.exe
  C:\Windows\System\tfmnjZp.exe
  2⤵
  PID:3408
- C:\Windows\System\JfNVphD.exe
  C:\Windows\System\JfNVphD.exe
  2⤵
  PID:2924
- C:\Windows\System\blOcJXL.exe
  C:\Windows\System\blOcJXL.exe
  2⤵
  PID:3840
- C:\Windows\System\qRggyUN.exe
  C:\Windows\System\qRggyUN.exe
  2⤵
  PID:3684
- C:\Windows\System\JhFKzkU.exe
  C:\Windows\System\JhFKzkU.exe
  2⤵
  PID:3916
- C:\Windows\System\awSYCFw.exe
  C:\Windows\System\awSYCFw.exe
  2⤵
  PID:4044
- C:\Windows\System\ojMeMVg.exe
  C:\Windows\System\ojMeMVg.exe
  2⤵
  PID:3640
- C:\Windows\System\QOTwKqb.exe
  C:\Windows\System\QOTwKqb.exe
  2⤵
  PID:4052
- C:\Windows\System\hNhonWn.exe
  C:\Windows\System\hNhonWn.exe
  2⤵
  PID:4028
- C:\Windows\System\LTjraST.exe
  C:\Windows\System\LTjraST.exe
  2⤵
  PID:1972
- C:\Windows\System\TDWGQEe.exe
  C:\Windows\System\TDWGQEe.exe
  2⤵
  PID:112
- C:\Windows\System\sKsnUuF.exe
  C:\Windows\System\sKsnUuF.exe
  2⤵
  PID:3312
- C:\Windows\System\YFOBDcg.exe
  C:\Windows\System\YFOBDcg.exe
  2⤵
  PID:3568
- C:\Windows\System\qQDAqcF.exe
  C:\Windows\System\qQDAqcF.exe
  2⤵
  PID:3208
- C:\Windows\System\cyzZUCL.exe
  C:\Windows\System\cyzZUCL.exe
  2⤵
  PID:3424
- C:\Windows\System\PPxajRN.exe
  C:\Windows\System\PPxajRN.exe
  2⤵
  PID:4016
- C:\Windows\System\clEMiUR.exe
  C:\Windows\System\clEMiUR.exe
  2⤵
  PID:2088
- C:\Windows\System\aZGjyuk.exe
  C:\Windows\System\aZGjyuk.exe
  2⤵
  PID:4100
- C:\Windows\System\sqtLpvj.exe
  C:\Windows\System\sqtLpvj.exe
  2⤵
  PID:4116
- C:\Windows\System\fMiqsHp.exe
  C:\Windows\System\fMiqsHp.exe
  2⤵
  PID:4132
- C:\Windows\System\ybnZzuW.exe
  C:\Windows\System\ybnZzuW.exe
  2⤵
  PID:4232
- C:\Windows\System\AORIqGP.exe
  C:\Windows\System\AORIqGP.exe
  2⤵
  PID:4252
- C:\Windows\System\SAvehtW.exe
  C:\Windows\System\SAvehtW.exe
  2⤵
  PID:4272
- C:\Windows\System\JVVflUr.exe
  C:\Windows\System\JVVflUr.exe
  2⤵
  PID:4288
- C:\Windows\System\uCdhzrs.exe
  C:\Windows\System\uCdhzrs.exe
  2⤵
  PID:4308
- C:\Windows\System\XynZWJn.exe
  C:\Windows\System\XynZWJn.exe
  2⤵
  PID:4328
- C:\Windows\System\OPRupIv.exe
  C:\Windows\System\OPRupIv.exe
  2⤵
  PID:4348
- C:\Windows\System\GTgAJaP.exe
  C:\Windows\System\GTgAJaP.exe
  2⤵
  PID:4372
- C:\Windows\System\NLkOxAr.exe
  C:\Windows\System\NLkOxAr.exe
  2⤵
  PID:4388
- C:\Windows\System\CNMaDdB.exe
  C:\Windows\System\CNMaDdB.exe
  2⤵
  PID:4404
- C:\Windows\System\bHkVjaU.exe
  C:\Windows\System\bHkVjaU.exe
  2⤵
  PID:4420
- C:\Windows\System\BJFAQCr.exe
  C:\Windows\System\BJFAQCr.exe
  2⤵
  PID:4440
- C:\Windows\System\iUGZQcd.exe
  C:\Windows\System\iUGZQcd.exe
  2⤵
  PID:4464
- C:\Windows\System\fGkqRLi.exe
  C:\Windows\System\fGkqRLi.exe
  2⤵
  PID:4480
- C:\Windows\System\gLTHdAY.exe
  C:\Windows\System\gLTHdAY.exe
  2⤵
  PID:4500
- C:\Windows\System\SsobEuS.exe
  C:\Windows\System\SsobEuS.exe
  2⤵
  PID:4524
- C:\Windows\System\FhzkIRA.exe
  C:\Windows\System\FhzkIRA.exe
  2⤵
  PID:4540
- C:\Windows\System\yyMzVPP.exe
  C:\Windows\System\yyMzVPP.exe
  2⤵
  PID:4556
- C:\Windows\System\kfGEpdt.exe
  C:\Windows\System\kfGEpdt.exe
  2⤵
  PID:4596
- C:\Windows\System\gbAqEDD.exe
  C:\Windows\System\gbAqEDD.exe
  2⤵
  PID:4616
- C:\Windows\System\AzFqJxm.exe
  C:\Windows\System\AzFqJxm.exe
  2⤵
  PID:4636
- C:\Windows\System\VnpFNuN.exe
  C:\Windows\System\VnpFNuN.exe
  2⤵
  PID:4652
- C:\Windows\System\YKFLkTL.exe
  C:\Windows\System\YKFLkTL.exe
  2⤵
  PID:4672
- C:\Windows\System\KSUmCXA.exe
  C:\Windows\System\KSUmCXA.exe
  2⤵
  PID:4696
- C:\Windows\System\chxhsER.exe
  C:\Windows\System\chxhsER.exe
  2⤵
  PID:4712
- C:\Windows\System\WVnFsKt.exe
  C:\Windows\System\WVnFsKt.exe
  2⤵
  PID:4728
- C:\Windows\System\cTiYoxv.exe
  C:\Windows\System\cTiYoxv.exe
  2⤵
  PID:4744
- C:\Windows\System\TeOSDfu.exe
  C:\Windows\System\TeOSDfu.exe
  2⤵
  PID:4760
- C:\Windows\System\CMjgBFB.exe
  C:\Windows\System\CMjgBFB.exe
  2⤵
  PID:4784
- C:\Windows\System\kvMoRvI.exe
  C:\Windows\System\kvMoRvI.exe
  2⤵
  PID:4812
- C:\Windows\System\qajKKyG.exe
  C:\Windows\System\qajKKyG.exe
  2⤵
  PID:4832
- C:\Windows\System\OFtCVnf.exe
  C:\Windows\System\OFtCVnf.exe
  2⤵
  PID:4856
- C:\Windows\System\LTbgiSF.exe
  C:\Windows\System\LTbgiSF.exe
  2⤵
  PID:4884
- C:\Windows\System\ivGNflI.exe
  C:\Windows\System\ivGNflI.exe
  2⤵
  PID:4904
- C:\Windows\System\OmnVriv.exe
  C:\Windows\System\OmnVriv.exe
  2⤵
  PID:4920
- C:\Windows\System\ppKqRad.exe
  C:\Windows\System\ppKqRad.exe
  2⤵
  PID:4936
- C:\Windows\System\gXdRMEu.exe
  C:\Windows\System\gXdRMEu.exe
  2⤵
  PID:4956
- C:\Windows\System\OquIqYV.exe
  C:\Windows\System\OquIqYV.exe
  2⤵
  PID:4980
- C:\Windows\System\xgurHAn.exe
  C:\Windows\System\xgurHAn.exe
  2⤵
  PID:4996
- C:\Windows\System\ocJLHEi.exe
  C:\Windows\System\ocJLHEi.exe
  2⤵
  PID:5012
- C:\Windows\System\TZFlBFR.exe
  C:\Windows\System\TZFlBFR.exe
  2⤵
  PID:5028
- C:\Windows\System\YjvofUD.exe
  C:\Windows\System\YjvofUD.exe
  2⤵
  PID:5060
- C:\Windows\System\kTNbXDV.exe
  C:\Windows\System\kTNbXDV.exe
  2⤵
  PID:5084
- C:\Windows\System\mIFdgvO.exe
  C:\Windows\System\mIFdgvO.exe
  2⤵
  PID:5104
- C:\Windows\System\tmPjArH.exe
  C:\Windows\System\tmPjArH.exe
  2⤵
  PID:3128
- C:\Windows\System\xbecsog.exe
  C:\Windows\System\xbecsog.exe
  2⤵
  PID:2628
- C:\Windows\System\OIAmSZV.exe
  C:\Windows\System\OIAmSZV.exe
  2⤵
  PID:1484
- C:\Windows\System\GBiuqtp.exe
  C:\Windows\System\GBiuqtp.exe
  2⤵
  PID:1680
- C:\Windows\System\BJJCpdn.exe
  C:\Windows\System\BJJCpdn.exe
  2⤵
  PID:3288
- C:\Windows\System\yOlEdVG.exe
  C:\Windows\System\yOlEdVG.exe
  2⤵
  PID:3628
- C:\Windows\System\jtQcLnm.exe
  C:\Windows\System\jtQcLnm.exe
  2⤵
  PID:3832
- C:\Windows\System\DRtcbaO.exe
  C:\Windows\System\DRtcbaO.exe
  2⤵
  PID:3316
- C:\Windows\System\XnHtmUE.exe
  C:\Windows\System\XnHtmUE.exe
  2⤵
  PID:3892
- C:\Windows\System\HjyhlJT.exe
  C:\Windows\System\HjyhlJT.exe
  2⤵
  PID:4140
- C:\Windows\System\wwbyvcG.exe
  C:\Windows\System\wwbyvcG.exe
  2⤵
  PID:3648
- C:\Windows\System\DnRcfMu.exe
  C:\Windows\System\DnRcfMu.exe
  2⤵
  PID:3276
- C:\Windows\System\NKhUioo.exe
  C:\Windows\System\NKhUioo.exe
  2⤵
  PID:4168
- C:\Windows\System\neLkLDO.exe
  C:\Windows\System\neLkLDO.exe
  2⤵
  PID:4184
- C:\Windows\System\cSTwfQL.exe
  C:\Windows\System\cSTwfQL.exe
  2⤵
  PID:4204
- C:\Windows\System\OYQgCuJ.exe
  C:\Windows\System\OYQgCuJ.exe
  2⤵
  PID:3088
- C:\Windows\System\UNMVUrO.exe
  C:\Windows\System\UNMVUrO.exe
  2⤵
  PID:4248
- C:\Windows\System\KmzwNcZ.exe
  C:\Windows\System\KmzwNcZ.exe
  2⤵
  PID:4316
- C:\Windows\System\zwSOpaz.exe
  C:\Windows\System\zwSOpaz.exe
  2⤵
  PID:4144
- C:\Windows\System\ytxTPoP.exe
  C:\Windows\System\ytxTPoP.exe
  2⤵
  PID:4396
- C:\Windows\System\HtQxTHd.exe
  C:\Windows\System\HtQxTHd.exe
  2⤵
  PID:4436
- C:\Windows\System\uIcymoy.exe
  C:\Windows\System\uIcymoy.exe
  2⤵
  PID:4512
- C:\Windows\System\REdnDju.exe
  C:\Windows\System\REdnDju.exe
  2⤵
  PID:4340
- C:\Windows\System\HnZVWhJ.exe
  C:\Windows\System\HnZVWhJ.exe
  2⤵
  PID:4552
- C:\Windows\System\EDnnzqZ.exe
  C:\Windows\System\EDnnzqZ.exe
  2⤵
  PID:2824
- C:\Windows\System\HlqzyEY.exe
  C:\Windows\System\HlqzyEY.exe
  2⤵
  PID:4684
- C:\Windows\System\pfkeXhU.exe
  C:\Windows\System\pfkeXhU.exe
  2⤵
  PID:4460
- C:\Windows\System\bdGXCLp.exe
  C:\Windows\System\bdGXCLp.exe
  2⤵
  PID:4532
- C:\Windows\System\EPMGoNp.exe
  C:\Windows\System\EPMGoNp.exe
  2⤵
  PID:4452
- C:\Windows\System\GLFSqjx.exe
  C:\Windows\System\GLFSqjx.exe
  2⤵
  PID:4572
- C:\Windows\System\mTiTeDj.exe
  C:\Windows\System\mTiTeDj.exe
  2⤵
  PID:4804
- C:\Windows\System\vohSRUt.exe
  C:\Windows\System\vohSRUt.exe
  2⤵
  PID:4624
- C:\Windows\System\zBnTEKL.exe
  C:\Windows\System\zBnTEKL.exe
  2⤵
  PID:5004
- C:\Windows\System\hQCDWaw.exe
  C:\Windows\System\hQCDWaw.exe
  2⤵
  PID:4824
- C:\Windows\System\fiASHnR.exe
  C:\Windows\System\fiASHnR.exe
  2⤵
  PID:4768
- C:\Windows\System\pbvRPlI.exe
  C:\Windows\System\pbvRPlI.exe
  2⤵
  PID:4880
- C:\Windows\System\NCilDAm.exe
  C:\Windows\System\NCilDAm.exe
  2⤵
  PID:5036
- C:\Windows\System\TKaZadi.exe
  C:\Windows\System\TKaZadi.exe
  2⤵
  PID:4988
- C:\Windows\System\APtUtiK.exe
  C:\Windows\System\APtUtiK.exe
  2⤵
  PID:5056
- C:\Windows\System\nDIgHgi.exe
  C:\Windows\System\nDIgHgi.exe
  2⤵
  PID:4948
- C:\Windows\System\RBRHUXe.exe
  C:\Windows\System\RBRHUXe.exe
  2⤵
  PID:2796
- C:\Windows\System\MorgtTx.exe
  C:\Windows\System\MorgtTx.exe
  2⤵
  PID:2608
- C:\Windows\System\bWHmirr.exe
  C:\Windows\System\bWHmirr.exe
  2⤵
  PID:3552
- C:\Windows\System\rVsZidS.exe
  C:\Windows\System\rVsZidS.exe
  2⤵
  PID:4180
- C:\Windows\System\nsNvGID.exe
  C:\Windows\System\nsNvGID.exe
  2⤵
  PID:4280
- C:\Windows\System\OPIpweN.exe
  C:\Windows\System\OPIpweN.exe
  2⤵
  PID:4364
- C:\Windows\System\sGHwzMG.exe
  C:\Windows\System\sGHwzMG.exe
  2⤵
  PID:2328
- C:\Windows\System\YNBKkrH.exe
  C:\Windows\System\YNBKkrH.exe
  2⤵
  PID:336
- C:\Windows\System\HeqmwWP.exe
  C:\Windows\System\HeqmwWP.exe
  2⤵
  PID:4680
- C:\Windows\System\VmCkPoe.exe
  C:\Windows\System\VmCkPoe.exe
  2⤵
  PID:4756
- C:\Windows\System\IsCbTzK.exe
  C:\Windows\System\IsCbTzK.exe
  2⤵
  PID:5112
- C:\Windows\System\zlCLqwP.exe
  C:\Windows\System\zlCLqwP.exe
  2⤵
  PID:3152
- C:\Windows\System\ENaVPos.exe
  C:\Windows\System\ENaVPos.exe
  2⤵
  PID:3108
- C:\Windows\System\EfolFaf.exe
  C:\Windows\System\EfolFaf.exe
  2⤵
  PID:4808
- C:\Windows\System\ekBhDrk.exe
  C:\Windows\System\ekBhDrk.exe
  2⤵
  PID:3296
- C:\Windows\System\XbkEiRm.exe
  C:\Windows\System\XbkEiRm.exe
  2⤵
  PID:1676
- C:\Windows\System\ZsRjBDK.exe
  C:\Windows\System\ZsRjBDK.exe
  2⤵
  PID:4300
- C:\Windows\System\WVwHQop.exe
  C:\Windows\System\WVwHQop.exe
  2⤵
  PID:4548
- C:\Windows\System\hHVakUJ.exe
  C:\Windows\System\hHVakUJ.exe
  2⤵
  PID:4416
- C:\Windows\System\WniIOjk.exe
  C:\Windows\System\WniIOjk.exe
  2⤵
  PID:4632
- C:\Windows\System\gnxcezg.exe
  C:\Windows\System\gnxcezg.exe
  2⤵
  PID:4872
- C:\Windows\System\jpmvuzV.exe
  C:\Windows\System\jpmvuzV.exe
  2⤵
  PID:4900
- C:\Windows\System\mXYKapq.exe
  C:\Windows\System\mXYKapq.exe
  2⤵
  PID:4668
- C:\Windows\System\BquyDEF.exe
  C:\Windows\System\BquyDEF.exe
  2⤵
  PID:4704
- C:\Windows\System\IkHPSLy.exe
  C:\Windows\System\IkHPSLy.exe
  2⤵
  PID:5092
- C:\Windows\System\wsZUIWX.exe
  C:\Windows\System\wsZUIWX.exe
  2⤵
  PID:5024
- C:\Windows\System\ZMbdNFJ.exe
  C:\Windows\System\ZMbdNFJ.exe
  2⤵
  PID:4080
- C:\Windows\System\fcGZQcd.exe
  C:\Windows\System\fcGZQcd.exe
  2⤵
  PID:4296
- C:\Windows\System\cLiEZlp.exe
  C:\Windows\System\cLiEZlp.exe
  2⤵
  PID:4476
- C:\Windows\System\AgyXXih.exe
  C:\Windows\System\AgyXXih.exe
  2⤵
  PID:4492
- C:\Windows\System\pbaJdyY.exe
  C:\Windows\System\pbaJdyY.exe
  2⤵
  PID:1020
- C:\Windows\System\ONKCOME.exe
  C:\Windows\System\ONKCOME.exe
  2⤵
  PID:3148
- C:\Windows\System\WRYiuuO.exe
  C:\Windows\System\WRYiuuO.exe
  2⤵
  PID:4796
- C:\Windows\System\mdqWGzu.exe
  C:\Windows\System\mdqWGzu.exe
  2⤵
  PID:4432
- C:\Windows\System\UvdsgTE.exe
  C:\Windows\System\UvdsgTE.exe
  2⤵
  PID:2432
- C:\Windows\System\oQARtQc.exe
  C:\Windows\System\oQARtQc.exe
  2⤵
  PID:4628
- C:\Windows\System\KMtGUUK.exe
  C:\Windows\System\KMtGUUK.exe
  2⤵
  PID:1964
- C:\Windows\System\HDVBSbk.exe
  C:\Windows\System\HDVBSbk.exe
  2⤵
  PID:2548
- C:\Windows\System\ecSUHXk.exe
  C:\Windows\System\ecSUHXk.exe
  2⤵
  PID:1596
- C:\Windows\System\mFNjJGY.exe
  C:\Windows\System\mFNjJGY.exe
  2⤵
  PID:4708
- C:\Windows\System\CJbtZXY.exe
  C:\Windows\System\CJbtZXY.exe
  2⤵
  PID:1696
- C:\Windows\System\STgzqxU.exe
  C:\Windows\System\STgzqxU.exe
  2⤵
  PID:4720
- C:\Windows\System\QrPMvYS.exe
  C:\Windows\System\QrPMvYS.exe
  2⤵
  PID:3372
- C:\Windows\System\KBjsADN.exe
  C:\Windows\System\KBjsADN.exe
  2⤵
  PID:4844
- C:\Windows\System\vQFCRDk.exe
  C:\Windows\System\vQFCRDk.exe
  2⤵
  PID:4820
- C:\Windows\System\dWmMvbe.exe
  C:\Windows\System\dWmMvbe.exe
  2⤵
  PID:4564
- C:\Windows\System\BISVdyr.exe
  C:\Windows\System\BISVdyr.exe
  2⤵
  PID:2792
- C:\Windows\System\ZqpgBux.exe
  C:\Windows\System\ZqpgBux.exe
  2⤵
  PID:5080
- C:\Windows\System\oEkNYrI.exe
  C:\Windows\System\oEkNYrI.exe
  2⤵
  PID:5132
- C:\Windows\System\LQmToSk.exe
  C:\Windows\System\LQmToSk.exe
  2⤵
  PID:5152
- C:\Windows\System\fQrtKoz.exe
  C:\Windows\System\fQrtKoz.exe
  2⤵
  PID:5204
- C:\Windows\System\pBaCnpg.exe
  C:\Windows\System\pBaCnpg.exe
  2⤵
  PID:5220
- C:\Windows\System\LXZQnSB.exe
  C:\Windows\System\LXZQnSB.exe
  2⤵
  PID:5236
- C:\Windows\System\khtFxuh.exe
  C:\Windows\System\khtFxuh.exe
  2⤵
  PID:5256
- C:\Windows\System\jSbeAey.exe
  C:\Windows\System\jSbeAey.exe
  2⤵
  PID:5272
- C:\Windows\System\swTpTwh.exe
  C:\Windows\System\swTpTwh.exe
  2⤵
  PID:5308
- C:\Windows\System\CQqmbke.exe
  C:\Windows\System\CQqmbke.exe
  2⤵
  PID:5324
- C:\Windows\System\qwNeGvB.exe
  C:\Windows\System\qwNeGvB.exe
  2⤵
  PID:5340
- C:\Windows\System\OypXXGl.exe
  C:\Windows\System\OypXXGl.exe
  2⤵
  PID:5356
- C:\Windows\System\RaIYqYy.exe
  C:\Windows\System\RaIYqYy.exe
  2⤵
  PID:5388
- C:\Windows\System\UttlkRb.exe
  C:\Windows\System\UttlkRb.exe
  2⤵
  PID:5404
- C:\Windows\System\WJGHWJN.exe
  C:\Windows\System\WJGHWJN.exe
  2⤵
  PID:5420
- C:\Windows\System\iannFDV.exe
  C:\Windows\System\iannFDV.exe
  2⤵
  PID:5436
- C:\Windows\System\trEfWIz.exe
  C:\Windows\System\trEfWIz.exe
  2⤵
  PID:5460
- C:\Windows\System\jLTYvOK.exe
  C:\Windows\System\jLTYvOK.exe
  2⤵
  PID:5476
- C:\Windows\System\HvVummX.exe
  C:\Windows\System\HvVummX.exe
  2⤵
  PID:5492
- C:\Windows\System\BbKfBFn.exe
  C:\Windows\System\BbKfBFn.exe
  2⤵
  PID:5512
- C:\Windows\System\MYbYnvQ.exe
  C:\Windows\System\MYbYnvQ.exe
  2⤵
  PID:5528
- C:\Windows\System\mthofEf.exe
  C:\Windows\System\mthofEf.exe
  2⤵
  PID:5548
- C:\Windows\System\JYQOrWh.exe
  C:\Windows\System\JYQOrWh.exe
  2⤵
  PID:5564
- C:\Windows\System\YYAkqTd.exe
  C:\Windows\System\YYAkqTd.exe
  2⤵
  PID:5580
- C:\Windows\System\OFeNLmb.exe
  C:\Windows\System\OFeNLmb.exe
  2⤵
  PID:5596
- C:\Windows\System\NvYFbRx.exe
  C:\Windows\System\NvYFbRx.exe
  2⤵
  PID:5616
- C:\Windows\System\LRXGHFr.exe
  C:\Windows\System\LRXGHFr.exe
  2⤵
  PID:5632
- C:\Windows\System\CkJlKTw.exe
  C:\Windows\System\CkJlKTw.exe
  2⤵
  PID:5648
- C:\Windows\System\mQtcMXQ.exe
  C:\Windows\System\mQtcMXQ.exe
  2⤵
  PID:5664
- C:\Windows\System\kZFEBuB.exe
  C:\Windows\System\kZFEBuB.exe
  2⤵
  PID:5680
- C:\Windows\System\VhipfcP.exe
  C:\Windows\System\VhipfcP.exe
  2⤵
  PID:5696
- C:\Windows\System\rYFkGcx.exe
  C:\Windows\System\rYFkGcx.exe
  2⤵
  PID:5736
- C:\Windows\System\oHudBne.exe
  C:\Windows\System\oHudBne.exe
  2⤵
  PID:5760
- C:\Windows\System\gsbZlIi.exe
  C:\Windows\System\gsbZlIi.exe
  2⤵
  PID:5808
- C:\Windows\System\CJasGco.exe
  C:\Windows\System\CJasGco.exe
  2⤵
  PID:5824
- C:\Windows\System\WmNYRUW.exe
  C:\Windows\System\WmNYRUW.exe
  2⤵
  PID:5852
- C:\Windows\System\xRmpkcc.exe
  C:\Windows\System\xRmpkcc.exe
  2⤵
  PID:5868
- C:\Windows\System\xvqBhzJ.exe
  C:\Windows\System\xvqBhzJ.exe
  2⤵
  PID:5884
- C:\Windows\System\IDDjEKT.exe
  C:\Windows\System\IDDjEKT.exe
  2⤵
  PID:5904
- C:\Windows\System\FGKBDcn.exe
  C:\Windows\System\FGKBDcn.exe
  2⤵
  PID:5920
- C:\Windows\System\EsMspUG.exe
  C:\Windows\System\EsMspUG.exe
  2⤵
  PID:5952
- C:\Windows\System\HFucXMV.exe
  C:\Windows\System\HFucXMV.exe
  2⤵
  PID:5968
- C:\Windows\System\jOwaGvV.exe
  C:\Windows\System\jOwaGvV.exe
  2⤵
  PID:5988
- C:\Windows\System\XtyQpJg.exe
  C:\Windows\System\XtyQpJg.exe
  2⤵
  PID:6004
- C:\Windows\System\DeFrbNT.exe
  C:\Windows\System\DeFrbNT.exe
  2⤵
  PID:6020
- C:\Windows\System\PezkzJp.exe
  C:\Windows\System\PezkzJp.exe
  2⤵
  PID:6048
- C:\Windows\System\wcevtgE.exe
  C:\Windows\System\wcevtgE.exe
  2⤵
  PID:6068
- C:\Windows\System\vjLrKWK.exe
  C:\Windows\System\vjLrKWK.exe
  2⤵
  PID:6084
- C:\Windows\System\kyVuLml.exe
  C:\Windows\System\kyVuLml.exe
  2⤵
  PID:6104
- C:\Windows\System\rmgLwit.exe
  C:\Windows\System\rmgLwit.exe
  2⤵
  PID:6120
- C:\Windows\System\ZETYwQw.exe
  C:\Windows\System\ZETYwQw.exe
  2⤵
  PID:4284
- C:\Windows\System\VvgsqVY.exe
  C:\Windows\System\VvgsqVY.exe
  2⤵
  PID:4932
- C:\Windows\System\HgCqnpO.exe
  C:\Windows\System\HgCqnpO.exe
  2⤵
  PID:3952
- C:\Windows\System\mgxBTbw.exe
  C:\Windows\System\mgxBTbw.exe
  2⤵
  PID:5140
- C:\Windows\System\IQKFWwr.exe
  C:\Windows\System\IQKFWwr.exe
  2⤵
  PID:4976
- C:\Windows\System\aOkcRYZ.exe
  C:\Windows\System\aOkcRYZ.exe
  2⤵
  PID:5248
- C:\Windows\System\oMhQrAZ.exe
  C:\Windows\System\oMhQrAZ.exe
  2⤵
  PID:5292
- C:\Windows\System\lcxRmAH.exe
  C:\Windows\System\lcxRmAH.exe
  2⤵
  PID:5304
- C:\Windows\System\ZNLIlwS.exe
  C:\Windows\System\ZNLIlwS.exe
  2⤵
  PID:3428
- C:\Windows\System\ezUXzmQ.exe
  C:\Windows\System\ezUXzmQ.exe
  2⤵
  PID:2240
- C:\Windows\System\nYMiGmt.exe
  C:\Windows\System\nYMiGmt.exe
  2⤵
  PID:5380
- C:\Windows\System\nUiCoGR.exe
  C:\Windows\System\nUiCoGR.exe
  2⤵
  PID:5412
- C:\Windows\System\qCjmGLe.exe
  C:\Windows\System\qCjmGLe.exe
  2⤵
  PID:5452
- C:\Windows\System\jeevqON.exe
  C:\Windows\System\jeevqON.exe
  2⤵
  PID:4496
- C:\Windows\System\qyZepxN.exe
  C:\Windows\System\qyZepxN.exe
  2⤵
  PID:4968
- C:\Windows\System\asDLPEW.exe
  C:\Windows\System\asDLPEW.exe
  2⤵
  PID:4892
- C:\Windows\System\fojJfLf.exe
  C:\Windows\System\fojJfLf.exe
  2⤵
  PID:5196
- C:\Windows\System\NOXaunR.exe
  C:\Windows\System\NOXaunR.exe
  2⤵
  PID:5200
- C:\Windows\System\FNdejsf.exe
  C:\Windows\System\FNdejsf.exe
  2⤵
  PID:5628
- C:\Windows\System\JlKgpCA.exe
  C:\Windows\System\JlKgpCA.exe
  2⤵
  PID:5348
- C:\Windows\System\TuMdfPl.exe
  C:\Windows\System\TuMdfPl.exe
  2⤵
  PID:5676
- C:\Windows\System\JJqthFV.exe
  C:\Windows\System\JJqthFV.exe
  2⤵
  PID:5756
- C:\Windows\System\JtNTbYY.exe
  C:\Windows\System\JtNTbYY.exe
  2⤵
  PID:5472
- C:\Windows\System\bLMoWMK.exe
  C:\Windows\System\bLMoWMK.exe
  2⤵
  PID:5896
- C:\Windows\System\fAxsXgQ.exe
  C:\Windows\System\fAxsXgQ.exe
  2⤵
  PID:5540
- C:\Windows\System\EMHKsPr.exe
  C:\Windows\System\EMHKsPr.exe
  2⤵
  PID:5572
- C:\Windows\System\nAResZC.exe
  C:\Windows\System\nAResZC.exe
  2⤵
  PID:5948
- C:\Windows\System\LMFKiOf.exe
  C:\Windows\System\LMFKiOf.exe
  2⤵
  PID:6012
- C:\Windows\System\ODaZxhs.exe
  C:\Windows\System\ODaZxhs.exe
  2⤵
  PID:6056
- C:\Windows\System\dsnfkyA.exe
  C:\Windows\System\dsnfkyA.exe
  2⤵
  PID:6096
- C:\Windows\System\Hpxoofv.exe
  C:\Windows\System\Hpxoofv.exe
  2⤵
  PID:6132
- C:\Windows\System\XbUyePL.exe
  C:\Windows\System\XbUyePL.exe
  2⤵
  PID:5672
- C:\Windows\System\GiDtdZk.exe
  C:\Windows\System\GiDtdZk.exe
  2⤵
  PID:6136
- C:\Windows\System\TihaCDR.exe
  C:\Windows\System\TihaCDR.exe
  2⤵
  PID:5728
- C:\Windows\System\AFATrXz.exe
  C:\Windows\System\AFATrXz.exe
  2⤵
  PID:5780
- C:\Windows\System\MHJjlHp.exe
  C:\Windows\System\MHJjlHp.exe
  2⤵
  PID:5804
- C:\Windows\System\pDeTXYO.exe
  C:\Windows\System\pDeTXYO.exe
  2⤵
  PID:6112
- C:\Windows\System\PlHQJUB.exe
  C:\Windows\System\PlHQJUB.exe
  2⤵
  PID:3788
- C:\Windows\System\OTvtnZl.exe
  C:\Windows\System\OTvtnZl.exe
  2⤵
  PID:3720
- C:\Windows\System\RwNLCVM.exe
  C:\Windows\System\RwNLCVM.exe
  2⤵
  PID:5996
- C:\Windows\System\DOyyYsa.exe
  C:\Windows\System\DOyyYsa.exe
  2⤵
  PID:6036
- C:\Windows\System\XZZWeWR.exe
  C:\Windows\System\XZZWeWR.exe
  2⤵
  PID:6080
- C:\Windows\System\yLfJFLu.exe
  C:\Windows\System\yLfJFLu.exe
  2⤵
  PID:3700
- C:\Windows\System\sOBxZbG.exe
  C:\Windows\System\sOBxZbG.exe
  2⤵
  PID:2820
- C:\Windows\System\mnpJcXc.exe
  C:\Windows\System\mnpJcXc.exe
  2⤵
  PID:3740
- C:\Windows\System\aAUUBrj.exe
  C:\Windows\System\aAUUBrj.exe
  2⤵
  PID:3776
- C:\Windows\System\JsdMOUN.exe
  C:\Windows\System\JsdMOUN.exe
  2⤵
  PID:3764
- C:\Windows\System\sXMQouc.exe
  C:\Windows\System\sXMQouc.exe
  2⤵
  PID:5724
- C:\Windows\System\eeRrWai.exe
  C:\Windows\System\eeRrWai.exe
  2⤵
  PID:3192
- C:\Windows\System\GjtDxuC.exe
  C:\Windows\System\GjtDxuC.exe
  2⤵
  PID:4852
- C:\Windows\System\mLMnyyb.exe
  C:\Windows\System\mLMnyyb.exe
  2⤵
  PID:984
- C:\Windows\System\VzkVpey.exe
  C:\Windows\System\VzkVpey.exe
  2⤵
  PID:2808
- C:\Windows\System\aHPHSHq.exe
  C:\Windows\System\aHPHSHq.exe
  2⤵
  PID:1808
- C:\Windows\System\msrIFUt.exe
  C:\Windows\System\msrIFUt.exe
  2⤵
  PID:5288
- C:\Windows\System\mgCVfXy.exe
  C:\Windows\System\mgCVfXy.exe
  2⤵
  PID:4196
- C:\Windows\System\xqvYoPl.exe
  C:\Windows\System\xqvYoPl.exe
  2⤵
  PID:2920
- C:\Windows\System\OOHryTO.exe
  C:\Windows\System\OOHryTO.exe
  2⤵
  PID:5180
- C:\Windows\System\qjmUnAO.exe
  C:\Windows\System\qjmUnAO.exe
  2⤵
  PID:5448
- C:\Windows\System\jfLlleI.exe
  C:\Windows\System\jfLlleI.exe
  2⤵
  PID:2684
- C:\Windows\System\CWZyOvU.exe
  C:\Windows\System\CWZyOvU.exe
  2⤵
  PID:1996
- C:\Windows\System\NotbKws.exe
  C:\Windows\System\NotbKws.exe
  2⤵
  PID:2192
- C:\Windows\System\bjbFbvh.exe
  C:\Windows\System\bjbFbvh.exe
  2⤵
  PID:4108
- C:\Windows\System\GwoRZTM.exe
  C:\Windows\System\GwoRZTM.exe
  2⤵
  PID:5688
- C:\Windows\System\uSPgHzE.exe
  C:\Windows\System\uSPgHzE.exe
  2⤵
  PID:5264
- C:\Windows\System\TNEZvdA.exe
  C:\Windows\System\TNEZvdA.exe
  2⤵
  PID:3696
- C:\Windows\System\EQkGeqc.exe
  C:\Windows\System\EQkGeqc.exe
  2⤵
  PID:1952
- C:\Windows\System\vDzLNIJ.exe
  C:\Windows\System\vDzLNIJ.exe
  2⤵
  PID:5892
- C:\Windows\System\ScCDsBE.exe
  C:\Windows\System\ScCDsBE.exe
  2⤵
  PID:5504
- C:\Windows\System\XDaOJSe.exe
  C:\Windows\System\XDaOJSe.exe
  2⤵
  PID:6060
- C:\Windows\System\PnAEclf.exe
  C:\Windows\System\PnAEclf.exe
  2⤵
  PID:6128
- C:\Windows\System\rIvbOmc.exe
  C:\Windows\System\rIvbOmc.exe
  2⤵
  PID:5712
- C:\Windows\System\mqAKbbK.exe
  C:\Windows\System\mqAKbbK.exe
  2⤵
  PID:5800
- C:\Windows\System\TtJXVTa.exe
  C:\Windows\System\TtJXVTa.exe
  2⤵
  PID:5768
- C:\Windows\System\vtrlUTQ.exe
  C:\Windows\System\vtrlUTQ.exe
  2⤵
  PID:5836
- C:\Windows\System\OubfHvU.exe
  C:\Windows\System\OubfHvU.exe
  2⤵
  PID:5876
- C:\Windows\System\DKIgJUs.exe
  C:\Windows\System\DKIgJUs.exe
  2⤵
  PID:6032
- C:\Windows\System\JFSUSxX.exe
  C:\Windows\System\JFSUSxX.exe
  2⤵
  PID:5020
- C:\Windows\System\zHwMXMI.exe
  C:\Windows\System\zHwMXMI.exe
  2⤵
  PID:4112
- C:\Windows\System\mIaGyLy.exe
  C:\Windows\System\mIaGyLy.exe
  2⤵
  PID:3736
- C:\Windows\System\VvFmvmS.exe
  C:\Windows\System\VvFmvmS.exe
  2⤵
  PID:4428
- C:\Windows\System\mWchMTM.exe
  C:\Windows\System\mWchMTM.exe
  2⤵
  PID:2128
- C:\Windows\System\zNIgUhq.exe
  C:\Windows\System\zNIgUhq.exe
  2⤵
  PID:2692
- C:\Windows\System\jXmFCFk.exe
  C:\Windows\System\jXmFCFk.exe
  2⤵
  PID:1924
- C:\Windows\System\XMMnEhS.exe
  C:\Windows\System\XMMnEhS.exe
  2⤵
  PID:5244
- C:\Windows\System\FeBZJYj.exe
  C:\Windows\System\FeBZJYj.exe
  2⤵
  PID:5560
- C:\Windows\System\QSYAiee.exe
  C:\Windows\System\QSYAiee.exe
  2⤵
  PID:5128
- C:\Windows\System\VsvTNOx.exe
  C:\Windows\System\VsvTNOx.exe
  2⤵
  PID:2560
- C:\Windows\System\VlRfllG.exe
  C:\Windows\System\VlRfllG.exe
  2⤵
  PID:5744
- C:\Windows\System\IOoEpMz.exe
  C:\Windows\System\IOoEpMz.exe
  2⤵
  PID:1016
- C:\Windows\System\KLxoCUs.exe
  C:\Windows\System\KLxoCUs.exe
  2⤵
  PID:4772
- C:\Windows\System\nscFOzG.exe
  C:\Windows\System\nscFOzG.exe
  2⤵
  PID:5320
- C:\Windows\System\VdptrPF.exe
  C:\Windows\System\VdptrPF.exe
  2⤵
  PID:5704
- C:\Windows\System\skzrovc.exe
  C:\Windows\System\skzrovc.exe
  2⤵
  PID:5984
- C:\Windows\System\CZKvrtb.exe
  C:\Windows\System\CZKvrtb.exe
  2⤵
  PID:4220
- C:\Windows\System\YLKwjNl.exe
  C:\Windows\System\YLKwjNl.exe
  2⤵
  PID:4736
- C:\Windows\System\hnYHAUZ.exe
  C:\Windows\System\hnYHAUZ.exe
  2⤵
  PID:5964
- C:\Windows\System\IDHzCbU.exe
  C:\Windows\System\IDHzCbU.exe
  2⤵
  PID:2344
- C:\Windows\System\ZFpMpXR.exe
  C:\Windows\System\ZFpMpXR.exe
  2⤵
  PID:3768
- C:\Windows\System\FhweuAq.exe
  C:\Windows\System\FhweuAq.exe
  2⤵
  PID:3748
- C:\Windows\System\OiWAgsH.exe
  C:\Windows\System\OiWAgsH.exe
  2⤵
  PID:4800
- C:\Windows\System\KyDkmOr.exe
  C:\Windows\System\KyDkmOr.exe
  2⤵
  PID:2252
- C:\Windows\System\DuAEnuV.exe
  C:\Windows\System\DuAEnuV.exe
  2⤵
  PID:5336
- C:\Windows\System\XNpDdmC.exe
  C:\Windows\System\XNpDdmC.exe
  2⤵
  PID:5052
- C:\Windows\System\fwQaBmY.exe
  C:\Windows\System\fwQaBmY.exe
  2⤵
  PID:5864
- C:\Windows\System\IFhkvTk.exe
  C:\Windows\System\IFhkvTk.exe
  2⤵
  PID:5748
- C:\Windows\System\MrSdtQZ.exe
  C:\Windows\System\MrSdtQZ.exe
  2⤵
  PID:5228
- C:\Windows\System\oZsnKEg.exe
  C:\Windows\System\oZsnKEg.exe
  2⤵
  PID:5980
- C:\Windows\System\sIdczTs.exe
  C:\Windows\System\sIdczTs.exe
  2⤵
  PID:6064
- C:\Windows\System\CkwJKDp.exe
  C:\Windows\System\CkwJKDp.exe
  2⤵
  PID:6116
- C:\Windows\System\qfqgkDC.exe
  C:\Windows\System\qfqgkDC.exe
  2⤵
  PID:5916
- C:\Windows\System\eehJZsu.exe
  C:\Windows\System\eehJZsu.exe
  2⤵
  PID:5796
- C:\Windows\System\auTGbld.exe
  C:\Windows\System\auTGbld.exe
  2⤵
  PID:3968
- C:\Windows\System\hwckYYH.exe
  C:\Windows\System\hwckYYH.exe
  2⤵
  PID:5444
- C:\Windows\System\JhKNCjM.exe
  C:\Windows\System\JhKNCjM.exe
  2⤵
  PID:5188
- C:\Windows\System\wvwEoBo.exe
  C:\Windows\System\wvwEoBo.exe
  2⤵
  PID:5940
- C:\Windows\System\IUaifNl.exe
  C:\Windows\System\IUaifNl.exe
  2⤵
  PID:4568
- C:\Windows\System\GvODspG.exe
  C:\Windows\System\GvODspG.exe
  2⤵
  PID:4776
- C:\Windows\System\kBejWqv.exe
  C:\Windows\System\kBejWqv.exe
  2⤵
  PID:5536
- C:\Windows\System\VNZUwVd.exe
  C:\Windows\System\VNZUwVd.exe
  2⤵
  PID:5168
- C:\Windows\System\YhPBkqi.exe
  C:\Windows\System\YhPBkqi.exe
  2⤵
  PID:6160
- C:\Windows\System\wesqomm.exe
  C:\Windows\System\wesqomm.exe
  2⤵
  PID:6176
- C:\Windows\System\bCriWmm.exe
  C:\Windows\System\bCriWmm.exe
  2⤵
  PID:6192
- C:\Windows\System\KIHQrMT.exe
  C:\Windows\System\KIHQrMT.exe
  2⤵
  PID:6208
- C:\Windows\System\hIoPfRR.exe
  C:\Windows\System\hIoPfRR.exe
  2⤵
  PID:6228
- C:\Windows\System\IjGTPEc.exe
  C:\Windows\System\IjGTPEc.exe
  2⤵
  PID:6248
- C:\Windows\System\JCJSYdJ.exe
  C:\Windows\System\JCJSYdJ.exe
  2⤵
  PID:6264
- C:\Windows\System\TfvhhzK.exe
  C:\Windows\System\TfvhhzK.exe
  2⤵
  PID:6280
- C:\Windows\System\nRkaJyc.exe
  C:\Windows\System\nRkaJyc.exe
  2⤵
  PID:6296
- C:\Windows\System\VKpjlsI.exe
  C:\Windows\System\VKpjlsI.exe
  2⤵
  PID:6320
- C:\Windows\System\QycKPSd.exe
  C:\Windows\System\QycKPSd.exe
  2⤵
  PID:6336
- C:\Windows\System\hxnESPN.exe
  C:\Windows\System\hxnESPN.exe
  2⤵
  PID:6464
- C:\Windows\System\uyLvmnG.exe
  C:\Windows\System\uyLvmnG.exe
  2⤵
  PID:6480
- C:\Windows\System\DpkzoVO.exe
  C:\Windows\System\DpkzoVO.exe
  2⤵
  PID:6508
- C:\Windows\System\KfvQiAm.exe
  C:\Windows\System\KfvQiAm.exe
  2⤵
  PID:6524
- C:\Windows\System\JCtxrzz.exe
  C:\Windows\System\JCtxrzz.exe
  2⤵
  PID:6540
- C:\Windows\System\MwTzrWi.exe
  C:\Windows\System\MwTzrWi.exe
  2⤵
  PID:6556
- C:\Windows\System\dydwjmp.exe
  C:\Windows\System\dydwjmp.exe
  2⤵
  PID:6572
- C:\Windows\System\rLGRzDf.exe
  C:\Windows\System\rLGRzDf.exe
  2⤵
  PID:6588
- C:\Windows\System\zntpDsp.exe
  C:\Windows\System\zntpDsp.exe
  2⤵
  PID:6608
- C:\Windows\System\uEDULaW.exe
  C:\Windows\System\uEDULaW.exe
  2⤵
  PID:6652
- C:\Windows\System\FMMeVgZ.exe
  C:\Windows\System\FMMeVgZ.exe
  2⤵
  PID:6668
- C:\Windows\System\ccdecqT.exe
  C:\Windows\System\ccdecqT.exe
  2⤵
  PID:6684
- C:\Windows\System\rOEMhFz.exe
  C:\Windows\System\rOEMhFz.exe
  2⤵
  PID:6700
- C:\Windows\System\OlGMyVO.exe
  C:\Windows\System\OlGMyVO.exe
  2⤵
  PID:6732
- C:\Windows\System\FsKLXiH.exe
  C:\Windows\System\FsKLXiH.exe
  2⤵
  PID:6752
- C:\Windows\System\cCRZUim.exe
  C:\Windows\System\cCRZUim.exe
  2⤵
  PID:6768
- C:\Windows\System\eZuEmyo.exe
  C:\Windows\System\eZuEmyo.exe
  2⤵
  PID:6788
- C:\Windows\System\BQHHNPe.exe
  C:\Windows\System\BQHHNPe.exe
  2⤵
  PID:6808
- C:\Windows\System\jJhFTHx.exe
  C:\Windows\System\jJhFTHx.exe
  2⤵
  PID:6824
- C:\Windows\System\GncofIW.exe
  C:\Windows\System\GncofIW.exe
  2⤵
  PID:6848
- C:\Windows\System\ZnOJUkB.exe
  C:\Windows\System\ZnOJUkB.exe
  2⤵
  PID:6868
- C:\Windows\System\Jeoyvyz.exe
  C:\Windows\System\Jeoyvyz.exe
  2⤵
  PID:6888
- C:\Windows\System\Ydphxrv.exe
  C:\Windows\System\Ydphxrv.exe
  2⤵
  PID:6912
- C:\Windows\System\ofgjXLr.exe
  C:\Windows\System\ofgjXLr.exe
  2⤵
  PID:6932
- C:\Windows\System\skZLniK.exe
  C:\Windows\System\skZLniK.exe
  2⤵
  PID:6948
- C:\Windows\System\gruzwOm.exe
  C:\Windows\System\gruzwOm.exe
  2⤵
  PID:6972
- C:\Windows\System\cksZTeF.exe
  C:\Windows\System\cksZTeF.exe
  2⤵
  PID:6992
- C:\Windows\System\dpgHeeD.exe
  C:\Windows\System\dpgHeeD.exe
  2⤵
  PID:7008
- C:\Windows\System\afgVcnK.exe
  C:\Windows\System\afgVcnK.exe
  2⤵
  PID:7032
- C:\Windows\System\EeaAqrL.exe
  C:\Windows\System\EeaAqrL.exe
  2⤵
  PID:7048
- C:\Windows\System\ONTHAwr.exe
  C:\Windows\System\ONTHAwr.exe
  2⤵
  PID:7076
- C:\Windows\System\eGBLZnQ.exe
  C:\Windows\System\eGBLZnQ.exe
  2⤵
  PID:7096
- C:\Windows\System\zdbBdJq.exe
  C:\Windows\System\zdbBdJq.exe
  2⤵
  PID:7112
- C:\Windows\System\DfcvmNT.exe
  C:\Windows\System\DfcvmNT.exe
  2⤵
  PID:7128
- C:\Windows\System\poyYMCl.exe
  C:\Windows\System\poyYMCl.exe
  2⤵
  PID:7156
- C:\Windows\System\YtUQkiS.exe
  C:\Windows\System\YtUQkiS.exe
  2⤵
  PID:3756
- C:\Windows\System\KlHMVjy.exe
  C:\Windows\System\KlHMVjy.exe
  2⤵
  PID:4648
- C:\Windows\System\OnaRXYQ.exe
  C:\Windows\System\OnaRXYQ.exe
  2⤵
  PID:5708
- C:\Windows\System\ggpQEwA.exe
  C:\Windows\System\ggpQEwA.exe
  2⤵
  PID:6188
- C:\Windows\System\xqjqgyv.exe
  C:\Windows\System\xqjqgyv.exe
  2⤵
  PID:5484
- C:\Windows\System\cNPdWqb.exe
  C:\Windows\System\cNPdWqb.exe
  2⤵
  PID:6204
- C:\Windows\System\TDStmGa.exe
  C:\Windows\System\TDStmGa.exe
  2⤵
  PID:6260
- C:\Windows\System\HwpNGoT.exe
  C:\Windows\System\HwpNGoT.exe
  2⤵
  PID:6272
- C:\Windows\System\pFywzAV.exe
  C:\Windows\System\pFywzAV.exe
  2⤵
  PID:6344
- C:\Windows\System\mFZMNXW.exe
  C:\Windows\System\mFZMNXW.exe
  2⤵
  PID:6332
- C:\Windows\System\KzxpCJo.exe
  C:\Windows\System\KzxpCJo.exe
  2⤵
  PID:6368
- C:\Windows\System\cHcfMpK.exe
  C:\Windows\System\cHcfMpK.exe
  2⤵
  PID:6392
- C:\Windows\System\QgUtQQV.exe
  C:\Windows\System\QgUtQQV.exe
  2⤵
  PID:6408
- C:\Windows\System\QuYNpVN.exe
  C:\Windows\System\QuYNpVN.exe
  2⤵
  PID:5776
- C:\Windows\System\wvBemOy.exe
  C:\Windows\System\wvBemOy.exe
  2⤵
  PID:6440
- C:\Windows\System\gyLPOki.exe
  C:\Windows\System\gyLPOki.exe
  2⤵
  PID:6216
- C:\Windows\System\gtESjYj.exe
  C:\Windows\System\gtESjYj.exe
  2⤵
  PID:6312
- C:\Windows\System\qnMpCfq.exe
  C:\Windows\System\qnMpCfq.exe
  2⤵
  PID:6456
- C:\Windows\System\UASGoSb.exe
  C:\Windows\System\UASGoSb.exe
  2⤵
  PID:6504
- C:\Windows\System\eIprXFE.exe
  C:\Windows\System\eIprXFE.exe
  2⤵
  PID:6532
- C:\Windows\System\pjALHPV.exe
  C:\Windows\System\pjALHPV.exe
  2⤵
  PID:6644
- C:\Windows\System\GLODEce.exe
  C:\Windows\System\GLODEce.exe
  2⤵
  PID:6616
- C:\Windows\System\nWTyCGC.exe
  C:\Windows\System\nWTyCGC.exe
  2⤵
  PID:6664
- C:\Windows\System\lthYcRq.exe
  C:\Windows\System\lthYcRq.exe
  2⤵
  PID:6676
- C:\Windows\System\BAGsUEu.exe
  C:\Windows\System\BAGsUEu.exe
  2⤵
  PID:6744
- C:\Windows\System\cgggfie.exe
  C:\Windows\System\cgggfie.exe
  2⤵
  PID:6760
- C:\Windows\System\dEPfvVx.exe
  C:\Windows\System\dEPfvVx.exe
  2⤵
  PID:6796
- C:\Windows\System\PMrcoTF.exe
  C:\Windows\System\PMrcoTF.exe
  2⤵
  PID:6816
- C:\Windows\System\LtsJuyS.exe
  C:\Windows\System\LtsJuyS.exe
  2⤵
  PID:6856
- C:\Windows\System\kihKrjJ.exe
  C:\Windows\System\kihKrjJ.exe
  2⤵
  PID:6876
- C:\Windows\System\xFVSCbH.exe
  C:\Windows\System\xFVSCbH.exe
  2⤵
  PID:6844
- C:\Windows\System\BLdgapu.exe
  C:\Windows\System\BLdgapu.exe
  2⤵
  PID:6924
- C:\Windows\System\SSsJjYV.exe
  C:\Windows\System\SSsJjYV.exe
  2⤵
  PID:6908
- C:\Windows\System\zkjFuYk.exe
  C:\Windows\System\zkjFuYk.exe
  2⤵
  PID:6956
- C:\Windows\System\AkgwjXu.exe
  C:\Windows\System\AkgwjXu.exe
  2⤵
  PID:7000
- C:\Windows\System\jvRMaff.exe
  C:\Windows\System\jvRMaff.exe
  2⤵
  PID:6984
- C:\Windows\System\wXNjkih.exe
  C:\Windows\System\wXNjkih.exe
  2⤵
  PID:7020
- C:\Windows\System\WnaXLzi.exe
  C:\Windows\System\WnaXLzi.exe
  2⤵
  PID:7056
- C:\Windows\System\dIHKHuT.exe
  C:\Windows\System\dIHKHuT.exe
  2⤵
  PID:7104
- C:\Windows\System\zeIIvnr.exe
  C:\Windows\System\zeIIvnr.exe
  2⤵
  PID:7108
- C:\Windows\System\vgRcMWm.exe
  C:\Windows\System\vgRcMWm.exe
  2⤵
  PID:7152
- C:\Windows\System\HOvgyGG.exe
  C:\Windows\System\HOvgyGG.exe
  2⤵
  PID:7164
- C:\Windows\System\cypbYGz.exe
  C:\Windows\System\cypbYGz.exe
  2⤵
  PID:1980
- C:\Windows\System\AYMgjtO.exe
  C:\Windows\System\AYMgjtO.exe
  2⤵
  PID:6184
- C:\Windows\System\JbfIGKI.exe
  C:\Windows\System\JbfIGKI.exe
  2⤵
  PID:6200
- C:\Windows\System\jeFIBtW.exe
  C:\Windows\System\jeFIBtW.exe
  2⤵
  PID:5428
- C:\Windows\System\GhSuHQF.exe
  C:\Windows\System\GhSuHQF.exe
  2⤵
  PID:6360
- C:\Windows\System\EEnVUij.exe
  C:\Windows\System\EEnVUij.exe
  2⤵
  PID:6304
- C:\Windows\System\ILzTgDU.exe
  C:\Windows\System\ILzTgDU.exe
  2⤵
  PID:6376
- C:\Windows\System\tsOxRBM.exe
  C:\Windows\System\tsOxRBM.exe
  2⤵
  PID:6388
- C:\Windows\System\eSqhdxR.exe
  C:\Windows\System\eSqhdxR.exe
  2⤵
  PID:6240
- C:\Windows\System\UBalzpP.exe
  C:\Windows\System\UBalzpP.exe
  2⤵
  PID:6348
- C:\Windows\System\FTYtVii.exe
  C:\Windows\System\FTYtVii.exe
  2⤵
  PID:5488
- C:\Windows\System\LkqKwWA.exe
  C:\Windows\System\LkqKwWA.exe
  2⤵
  PID:6400
- C:\Windows\System\FWDTwkF.exe
  C:\Windows\System\FWDTwkF.exe
  2⤵
  PID:6552
- C:\Windows\System\FkHbOKG.exe
  C:\Windows\System\FkHbOKG.exe
  2⤵
  PID:6632
- C:\Windows\System\NNInwUA.exe
  C:\Windows\System\NNInwUA.exe
  2⤵
  PID:6492
- C:\Windows\System\LMXlqLO.exe
  C:\Windows\System\LMXlqLO.exe
  2⤵
  PID:6596
- C:\Windows\System\NvrGUTC.exe
  C:\Windows\System\NvrGUTC.exe
  2⤵
  PID:6520
- C:\Windows\System\IIvRkEk.exe
  C:\Windows\System\IIvRkEk.exe
  2⤵
  PID:6864
- C:\Windows\System\foKBvSe.exe
  C:\Windows\System\foKBvSe.exe
  2⤵
  PID:6840
- C:\Windows\System\YssxYsD.exe
  C:\Windows\System\YssxYsD.exe
  2⤵
  PID:6884
- C:\Windows\System\UwbYott.exe
  C:\Windows\System\UwbYott.exe
  2⤵
  PID:6920
- C:\Windows\System\SNwiGfI.exe
  C:\Windows\System\SNwiGfI.exe
  2⤵
  PID:7040
- C:\Windows\System\sQPFuSQ.exe
  C:\Windows\System\sQPFuSQ.exe
  2⤵
  PID:7124
- C:\Windows\System\OqKDWas.exe
  C:\Windows\System\OqKDWas.exe
  2⤵
  PID:3760
- C:\Windows\System\bdOvhTs.exe
  C:\Windows\System\bdOvhTs.exe
  2⤵
  PID:7060
- C:\Windows\System\QQBuGpT.exe
  C:\Windows\System\QQBuGpT.exe
  2⤵
  PID:7024
- C:\Windows\System\FGBNuWU.exe
  C:\Windows\System\FGBNuWU.exe
  2⤵
  PID:6244
- C:\Windows\System\xRJnSyq.exe
  C:\Windows\System\xRJnSyq.exe
  2⤵
  PID:6384
- C:\Windows\System\SLQAjAm.exe
  C:\Windows\System\SLQAjAm.exe
  2⤵
  PID:5692
- C:\Windows\System\GsZiHCO.exe
  C:\Windows\System\GsZiHCO.exe
  2⤵
  PID:4336
- C:\Windows\System\QfxARqh.exe
  C:\Windows\System\QfxARqh.exe
  2⤵
  PID:6476
- C:\Windows\System\BZpBeaE.exe
  C:\Windows\System\BZpBeaE.exe
  2⤵
  PID:6660
- C:\Windows\System\HkajdGj.exe
  C:\Windows\System\HkajdGj.exe
  2⤵
  PID:6580
- C:\Windows\System\efZFptv.exe
  C:\Windows\System\efZFptv.exe
  2⤵
  PID:6784
- C:\Windows\System\jwunBoY.exe
  C:\Windows\System\jwunBoY.exe
  2⤵
  PID:6720
- C:\Windows\System\alinqKr.exe
  C:\Windows\System\alinqKr.exe
  2⤵
  PID:6748
- C:\Windows\System\vOhIcbO.exe
  C:\Windows\System\vOhIcbO.exe
  2⤵
  PID:7068
- C:\Windows\System\DgrbDpb.exe
  C:\Windows\System\DgrbDpb.exe
  2⤵
  PID:7084
- C:\Windows\System\ecUmrgW.exe
  C:\Windows\System\ecUmrgW.exe
  2⤵
  PID:7148
- C:\Windows\System\siwNOPm.exe
  C:\Windows\System\siwNOPm.exe
  2⤵
  PID:6364
- C:\Windows\System\nKDTsod.exe
  C:\Windows\System\nKDTsod.exe
  2⤵
  PID:5500
- C:\Windows\System\ASqGnGt.exe
  C:\Windows\System\ASqGnGt.exe
  2⤵
  PID:6708
- C:\Windows\System\mkGhSwu.exe
  C:\Windows\System\mkGhSwu.exe
  2⤵
  PID:6636
- C:\Windows\System\LKMyJcN.exe
  C:\Windows\System\LKMyJcN.exe
  2⤵
  PID:6900
- C:\Windows\System\IyjKepI.exe
  C:\Windows\System\IyjKepI.exe
  2⤵
  PID:7016
- C:\Windows\System\vKAYQIT.exe
  C:\Windows\System\vKAYQIT.exe
  2⤵
  PID:6568
- C:\Windows\System\OBNngdz.exe
  C:\Windows\System\OBNngdz.exe
  2⤵
  PID:6496
- C:\Windows\System\NpddSod.exe
  C:\Windows\System\NpddSod.exe
  2⤵
  PID:7144
- C:\Windows\System\EdpNwdq.exe
  C:\Windows\System\EdpNwdq.exe
  2⤵
  PID:6604
- C:\Windows\System\sYunkBC.exe
  C:\Windows\System\sYunkBC.exe
  2⤵
  PID:6940
- C:\Windows\System\iaGSHIl.exe
  C:\Windows\System\iaGSHIl.exe
  2⤵
  PID:7180
- C:\Windows\System\FKRnoVu.exe
  C:\Windows\System\FKRnoVu.exe
  2⤵
  PID:7196
- C:\Windows\System\IlIuIfb.exe
  C:\Windows\System\IlIuIfb.exe
  2⤵
  PID:7212
- C:\Windows\System\lUAdUvD.exe
  C:\Windows\System\lUAdUvD.exe
  2⤵
  PID:7228
- C:\Windows\System\dMIVcYB.exe
  C:\Windows\System\dMIVcYB.exe
  2⤵
  PID:7244
- C:\Windows\System\gzqHCzo.exe
  C:\Windows\System\gzqHCzo.exe
  2⤵
  PID:7260
- C:\Windows\System\ywINrlr.exe
  C:\Windows\System\ywINrlr.exe
  2⤵
  PID:7276
- C:\Windows\System\ZySBjTs.exe
  C:\Windows\System\ZySBjTs.exe
  2⤵
  PID:7292
- C:\Windows\System\kUJjCYJ.exe
  C:\Windows\System\kUJjCYJ.exe
  2⤵
  PID:7312
- C:\Windows\System\eLhoDzI.exe
  C:\Windows\System\eLhoDzI.exe
  2⤵
  PID:7328
- C:\Windows\System\gJfaVuf.exe
  C:\Windows\System\gJfaVuf.exe
  2⤵
  PID:7344
- C:\Windows\System\zTHPdwa.exe
  C:\Windows\System\zTHPdwa.exe
  2⤵
  PID:7360
- C:\Windows\System\UqvDoqa.exe
  C:\Windows\System\UqvDoqa.exe
  2⤵
  PID:7376
- C:\Windows\System\ynizRas.exe
  C:\Windows\System\ynizRas.exe
  2⤵
  PID:7392
- C:\Windows\System\oqbCDQg.exe
  C:\Windows\System\oqbCDQg.exe
  2⤵
  PID:7408
- C:\Windows\System\WZbKVeH.exe
  C:\Windows\System\WZbKVeH.exe
  2⤵
  PID:7424
- C:\Windows\System\amJhxdV.exe
  C:\Windows\System\amJhxdV.exe
  2⤵
  PID:7440
- C:\Windows\System\xeqDbFI.exe
  C:\Windows\System\xeqDbFI.exe
  2⤵
  PID:7456
- C:\Windows\System\iLSfHcm.exe
  C:\Windows\System\iLSfHcm.exe
  2⤵
  PID:7472
- C:\Windows\System\qBQVpjK.exe
  C:\Windows\System\qBQVpjK.exe
  2⤵
  PID:7488
- C:\Windows\System\RydigLy.exe
  C:\Windows\System\RydigLy.exe
  2⤵
  PID:7504
- C:\Windows\System\EdCEjNV.exe
  C:\Windows\System\EdCEjNV.exe
  2⤵
  PID:7520
- C:\Windows\System\limUytb.exe
  C:\Windows\System\limUytb.exe
  2⤵
  PID:7536
- C:\Windows\System\nXoHbil.exe
  C:\Windows\System\nXoHbil.exe
  2⤵
  PID:7552
- C:\Windows\System\mesYIIL.exe
  C:\Windows\System\mesYIIL.exe
  2⤵
  PID:7568
- C:\Windows\System\PyENVHG.exe
  C:\Windows\System\PyENVHG.exe
  2⤵
  PID:7584
- C:\Windows\System\PuuZRmH.exe
  C:\Windows\System\PuuZRmH.exe
  2⤵
  PID:7600
- C:\Windows\System\ELYCgPw.exe
  C:\Windows\System\ELYCgPw.exe
  2⤵
  PID:7616
- C:\Windows\System\fPCzaHO.exe
  C:\Windows\System\fPCzaHO.exe
  2⤵
  PID:7632
- C:\Windows\System\jOCbaHY.exe
  C:\Windows\System\jOCbaHY.exe
  2⤵
  PID:7648
- C:\Windows\System\vAjAFMq.exe
  C:\Windows\System\vAjAFMq.exe
  2⤵
  PID:7664
- C:\Windows\System\ZkcNhAH.exe
  C:\Windows\System\ZkcNhAH.exe
  2⤵
  PID:7680
- C:\Windows\System\Hvckqoa.exe
  C:\Windows\System\Hvckqoa.exe
  2⤵
  PID:7720
- C:\Windows\System\eqUNzIY.exe
  C:\Windows\System\eqUNzIY.exe
  2⤵
  PID:7756
- C:\Windows\System\NCGjxEu.exe
  C:\Windows\System\NCGjxEu.exe
  2⤵
  PID:7772
- C:\Windows\System\NytDItL.exe
  C:\Windows\System\NytDItL.exe
  2⤵
  PID:7828
- C:\Windows\System\dRIhHTm.exe
  C:\Windows\System\dRIhHTm.exe
  2⤵
  PID:7844
- C:\Windows\System\dAxgBFp.exe
  C:\Windows\System\dAxgBFp.exe
  2⤵
  PID:7876
- C:\Windows\System\ZWWTagu.exe
  C:\Windows\System\ZWWTagu.exe
  2⤵
  PID:7892
- C:\Windows\System\vGSDaJx.exe
  C:\Windows\System\vGSDaJx.exe
  2⤵
  PID:7908
- C:\Windows\System\EQrqMGP.exe
  C:\Windows\System\EQrqMGP.exe
  2⤵
  PID:7924
- C:\Windows\System\scWQqqG.exe
  C:\Windows\System\scWQqqG.exe
  2⤵
  PID:7940
- C:\Windows\System\ENqxxdV.exe
  C:\Windows\System\ENqxxdV.exe
  2⤵
  PID:7956
- C:\Windows\System\KqDWTCZ.exe
  C:\Windows\System\KqDWTCZ.exe
  2⤵
  PID:7972
- C:\Windows\System\WTKIPuO.exe
  C:\Windows\System\WTKIPuO.exe
  2⤵
  PID:7988
- C:\Windows\System\tvvFmHV.exe
  C:\Windows\System\tvvFmHV.exe
  2⤵
  PID:8004
- C:\Windows\System\mkhKfoL.exe
  C:\Windows\System\mkhKfoL.exe
  2⤵
  PID:8020
- C:\Windows\System\oBWEskg.exe
  C:\Windows\System\oBWEskg.exe
  2⤵
  PID:8040
- C:\Windows\System\yZdjjui.exe
  C:\Windows\System\yZdjjui.exe
  2⤵
  PID:8056
- C:\Windows\System\lieJOpF.exe
  C:\Windows\System\lieJOpF.exe
  2⤵
  PID:8072
- C:\Windows\System\NfRAHzF.exe
  C:\Windows\System\NfRAHzF.exe
  2⤵
  PID:8092
- C:\Windows\System\oNBvQSp.exe
  C:\Windows\System\oNBvQSp.exe
  2⤵
  PID:8108
- C:\Windows\System\lDHhvtr.exe
  C:\Windows\System\lDHhvtr.exe
  2⤵
  PID:8124
- C:\Windows\System\BGJGbTt.exe
  C:\Windows\System\BGJGbTt.exe
  2⤵
  PID:8144
- C:\Windows\System\qibUTGj.exe
  C:\Windows\System\qibUTGj.exe
  2⤵
  PID:8160
- C:\Windows\System\xSUHRbE.exe
  C:\Windows\System\xSUHRbE.exe
  2⤵
  PID:8176
- C:\Windows\System\CXxGKPG.exe
  C:\Windows\System\CXxGKPG.exe
  2⤵
  PID:6292
- C:\Windows\System\qwAIhmh.exe
  C:\Windows\System\qwAIhmh.exe
  2⤵
  PID:7204
- C:\Windows\System\KqkZwhm.exe
  C:\Windows\System\KqkZwhm.exe
  2⤵
  PID:7192
- C:\Windows\System\rSZJkMe.exe
  C:\Windows\System\rSZJkMe.exe
  2⤵
  PID:7240
- C:\Windows\System\NhnBUyV.exe
  C:\Windows\System\NhnBUyV.exe
  2⤵
  PID:7304
- C:\Windows\System\RQGwudn.exe
  C:\Windows\System\RQGwudn.exe
  2⤵
  PID:7336
- C:\Windows\System\GmWLlzg.exe
  C:\Windows\System\GmWLlzg.exe
  2⤵
  PID:7368
- C:\Windows\System\hxqsidc.exe
  C:\Windows\System\hxqsidc.exe
  2⤵
  PID:7464
- C:\Windows\System\QnkcpiX.exe
  C:\Windows\System\QnkcpiX.exe
  2⤵
  PID:7324
- C:\Windows\System\IiwlUzc.exe
  C:\Windows\System\IiwlUzc.exe
  2⤵
  PID:7416
- C:\Windows\System\KOPkHZy.exe
  C:\Windows\System\KOPkHZy.exe
  2⤵
  PID:7480
- C:\Windows\System\ifqiWah.exe
  C:\Windows\System\ifqiWah.exe
  2⤵
  PID:7500
- C:\Windows\System\oJzdxGy.exe
  C:\Windows\System\oJzdxGy.exe
  2⤵
  PID:7564
- C:\Windows\System\BgSefpu.exe
  C:\Windows\System\BgSefpu.exe
  2⤵
  PID:6624
- C:\Windows\System\pWvmmgp.exe
  C:\Windows\System\pWvmmgp.exe
  2⤵
  PID:7596
- C:\Windows\System\COXlCXf.exe
  C:\Windows\System\COXlCXf.exe
  2⤵
  PID:7640
- C:\Windows\System\bmCpyVL.exe
  C:\Windows\System\bmCpyVL.exe
  2⤵
  PID:7688
- C:\Windows\System\PJnuzwi.exe
  C:\Windows\System\PJnuzwi.exe
  2⤵
  PID:7704
- C:\Windows\System\OLrdsFB.exe
  C:\Windows\System\OLrdsFB.exe
  2⤵
  PID:7716
- C:\Windows\System\ILJVrmS.exe
  C:\Windows\System\ILJVrmS.exe
  2⤵
  PID:7736
- C:\Windows\System\aQjhIYb.exe
  C:\Windows\System\aQjhIYb.exe
  2⤵
  PID:7752
- C:\Windows\System\ZRxbxJw.exe
  C:\Windows\System\ZRxbxJw.exe
  2⤵
  PID:7784
- C:\Windows\System\SRfVRje.exe
  C:\Windows\System\SRfVRje.exe
  2⤵
  PID:7800
- C:\Windows\System\kvTPpDC.exe
  C:\Windows\System\kvTPpDC.exe
  2⤵
  PID:7816
- C:\Windows\System\OSEpGwE.exe
  C:\Windows\System\OSEpGwE.exe
  2⤵
  PID:7860
- C:\Windows\System\tpCrJef.exe
  C:\Windows\System\tpCrJef.exe
  2⤵
  PID:7888
- C:\Windows\System\jmDKtAr.exe
  C:\Windows\System\jmDKtAr.exe
  2⤵
  PID:7936
- C:\Windows\System\pasNaBS.exe
  C:\Windows\System\pasNaBS.exe
  2⤵
  PID:7840
- C:\Windows\System\vQBigEV.exe
  C:\Windows\System\vQBigEV.exe
  2⤵
  PID:7980
- C:\Windows\System\bkHMYUd.exe
  C:\Windows\System\bkHMYUd.exe
  2⤵
  PID:8048
- C:\Windows\System\OsdbfbC.exe
  C:\Windows\System\OsdbfbC.exe
  2⤵
  PID:8116
- C:\Windows\System\OlbzIeC.exe
  C:\Windows\System\OlbzIeC.exe
  2⤵
  PID:8052
- C:\Windows\System\qxxKphC.exe
  C:\Windows\System\qxxKphC.exe
  2⤵
  PID:8156
- C:\Windows\System\tDmQWNs.exe
  C:\Windows\System\tDmQWNs.exe
  2⤵
  PID:7208
- C:\Windows\System\EPZJbqw.exe
  C:\Windows\System\EPZJbqw.exe
  2⤵
  PID:8036
- C:\Windows\System\ZQxsaCP.exe
  C:\Windows\System\ZQxsaCP.exe
  2⤵
  PID:8104
- C:\Windows\System\zJIUHfo.exe
  C:\Windows\System\zJIUHfo.exe
  2⤵
  PID:8140
- C:\Windows\System\jeWjjKp.exe
  C:\Windows\System\jeWjjKp.exe
  2⤵
  PID:8172
- C:\Windows\System\XRxuGeC.exe
  C:\Windows\System\XRxuGeC.exe
  2⤵
  PID:7268
- C:\Windows\System\xNGjwGN.exe
  C:\Windows\System\xNGjwGN.exe
  2⤵
  PID:7320
- C:\Windows\System\ATuuHBG.exe
  C:\Windows\System\ATuuHBG.exe
  2⤵
  PID:7436
- C:\Windows\System\BrrdZam.exe
  C:\Windows\System\BrrdZam.exe
  2⤵
  PID:7356
- C:\Windows\System\BydRvOW.exe
  C:\Windows\System\BydRvOW.exe
  2⤵
  PID:7608
- C:\Windows\System\hxVcasz.exe
  C:\Windows\System\hxVcasz.exe
  2⤵
  PID:7612
- C:\Windows\System\DuISACx.exe
  C:\Windows\System\DuISACx.exe
  2⤵
  PID:7628
- C:\Windows\System\kDOPNrh.exe
  C:\Windows\System\kDOPNrh.exe
  2⤵
  PID:7696
- C:\Windows\System\hqPerhM.exe
  C:\Windows\System\hqPerhM.exe
  2⤵
  PID:7744
- C:\Windows\System\GoUiDgZ.exe
  C:\Windows\System\GoUiDgZ.exe
  2⤵
  PID:7904
- C:\Windows\System\IqiJNJF.exe
  C:\Windows\System\IqiJNJF.exe
  2⤵
  PID:7948
- C:\Windows\System\AitPFwf.exe
  C:\Windows\System\AitPFwf.exe
  2⤵
  PID:8120
- C:\Windows\System\WDdZNBq.exe
  C:\Windows\System\WDdZNBq.exe
  2⤵
  PID:6416
- C:\Windows\System\QsIPeys.exe
  C:\Windows\System\QsIPeys.exe
  2⤵
  PID:7780
- C:\Windows\System\lOClQyj.exe
  C:\Windows\System\lOClQyj.exe
  2⤵
  PID:7484
- C:\Windows\System\cNNuHUN.exe
  C:\Windows\System\cNNuHUN.exe
  2⤵
  PID:7852
- C:\Windows\System\rWzBQzL.exe
  C:\Windows\System\rWzBQzL.exe
  2⤵
  PID:8152
- C:\Windows\System\ODMmYuv.exe
  C:\Windows\System\ODMmYuv.exe
  2⤵
  PID:7856
- C:\Windows\System\cUIyCQX.exe
  C:\Windows\System\cUIyCQX.exe
  2⤵
  PID:7576
- C:\Windows\System\qjCjews.exe
  C:\Windows\System\qjCjews.exe
  2⤵
  PID:7768
- C:\Windows\System\zROavif.exe
  C:\Windows\System\zROavif.exe
  2⤵
  PID:7968
- C:\Windows\System\aFKMAEj.exe
  C:\Windows\System\aFKMAEj.exe
  2⤵
  PID:8084
- C:\Windows\System\yYEVmus.exe
  C:\Windows\System\yYEVmus.exe
  2⤵
  PID:8100
- C:\Windows\System\GUaKuqq.exe
  C:\Windows\System\GUaKuqq.exe
  2⤵
  PID:7388
- C:\Windows\System\cnBhyeL.exe
  C:\Windows\System\cnBhyeL.exe
  2⤵
  PID:7384
- C:\Windows\System\KznexvO.exe
  C:\Windows\System\KznexvO.exe
  2⤵
  PID:7812
- C:\Windows\System\WrIdcOV.exe
  C:\Windows\System\WrIdcOV.exe
  2⤵
  PID:7872
- C:\Windows\System\HQrUOBy.exe
  C:\Windows\System\HQrUOBy.exe
  2⤵
  PID:8068
- C:\Windows\System\KUtWzrC.exe
  C:\Windows\System\KUtWzrC.exe
  2⤵
  PID:7692
- C:\Windows\System\ApYJExt.exe
  C:\Windows\System\ApYJExt.exe
  2⤵
  PID:8196
- C:\Windows\System\dMcfjRD.exe
  C:\Windows\System\dMcfjRD.exe
  2⤵
  PID:8212
- C:\Windows\System\ZQoVtqT.exe
  C:\Windows\System\ZQoVtqT.exe
  2⤵
  PID:8228
- C:\Windows\System\RVqhaVb.exe
  C:\Windows\System\RVqhaVb.exe
  2⤵
  PID:8244
- C:\Windows\System\KKGIytK.exe
  C:\Windows\System\KKGIytK.exe
  2⤵
  PID:8260
- C:\Windows\System\mCCtZev.exe
  C:\Windows\System\mCCtZev.exe
  2⤵
  PID:8280
- C:\Windows\System\gsmjcby.exe
  C:\Windows\System\gsmjcby.exe
  2⤵
  PID:8300
- C:\Windows\System\RcHJAfX.exe
  C:\Windows\System\RcHJAfX.exe
  2⤵
  PID:8316
- C:\Windows\System\hmXEPVf.exe
  C:\Windows\System\hmXEPVf.exe
  2⤵
  PID:8332
- C:\Windows\System\atYiSdf.exe
  C:\Windows\System\atYiSdf.exe
  2⤵
  PID:8348
- C:\Windows\System\KGThHXn.exe
  C:\Windows\System\KGThHXn.exe
  2⤵
  PID:8364
- C:\Windows\System\CkYfFQz.exe
  C:\Windows\System\CkYfFQz.exe
  2⤵
  PID:8380
- C:\Windows\System\bABuepg.exe
  C:\Windows\System\bABuepg.exe
  2⤵
  PID:8396
- C:\Windows\System\SNXmbNl.exe
  C:\Windows\System\SNXmbNl.exe
  2⤵
  PID:8412
- C:\Windows\System\izLVCSh.exe
  C:\Windows\System\izLVCSh.exe
  2⤵
  PID:8428
- C:\Windows\System\smBpBTR.exe
  C:\Windows\System\smBpBTR.exe
  2⤵
  PID:8444
- C:\Windows\System\jOpYxRS.exe
  C:\Windows\System\jOpYxRS.exe
  2⤵
  PID:8460
- C:\Windows\System\GpLjzft.exe
  C:\Windows\System\GpLjzft.exe
  2⤵
  PID:8476
- C:\Windows\System\gQOOHLX.exe
  C:\Windows\System\gQOOHLX.exe
  2⤵
  PID:8492
- C:\Windows\System\dkDgqTx.exe
  C:\Windows\System\dkDgqTx.exe
  2⤵
  PID:8508
- C:\Windows\System\amHKyyc.exe
  C:\Windows\System\amHKyyc.exe
  2⤵
  PID:8524
- C:\Windows\System\yjUSsBC.exe
  C:\Windows\System\yjUSsBC.exe
  2⤵
  PID:8540
- C:\Windows\System\LMtnLYm.exe
  C:\Windows\System\LMtnLYm.exe
  2⤵
  PID:8556
- C:\Windows\System\bXsbgaN.exe
  C:\Windows\System\bXsbgaN.exe
  2⤵
  PID:8572
- C:\Windows\System\PCHCCMP.exe
  C:\Windows\System\PCHCCMP.exe
  2⤵
  PID:8592
- C:\Windows\System\XxkaTDo.exe
  C:\Windows\System\XxkaTDo.exe
  2⤵
  PID:8608
- C:\Windows\System\hsJbBPQ.exe
  C:\Windows\System\hsJbBPQ.exe
  2⤵
  PID:8624
- C:\Windows\System\EGLaMNl.exe
  C:\Windows\System\EGLaMNl.exe
  2⤵
  PID:8640
- C:\Windows\System\RMumaKd.exe
  C:\Windows\System\RMumaKd.exe
  2⤵
  PID:8656
- C:\Windows\System\mVbyEBg.exe
  C:\Windows\System\mVbyEBg.exe
  2⤵
  PID:8672
- C:\Windows\System\RYGzaZv.exe
  C:\Windows\System\RYGzaZv.exe
  2⤵
  PID:8688
- C:\Windows\System\xBQnIGP.exe
  C:\Windows\System\xBQnIGP.exe
  2⤵
  PID:8704
- C:\Windows\System\jZIjLdK.exe
  C:\Windows\System\jZIjLdK.exe
  2⤵
  PID:8720
- C:\Windows\System\AysYQUW.exe
  C:\Windows\System\AysYQUW.exe
  2⤵
  PID:8736
- C:\Windows\System\LWCVXcF.exe
  C:\Windows\System\LWCVXcF.exe
  2⤵
  PID:8752
- C:\Windows\System\VMyAWhL.exe
  C:\Windows\System\VMyAWhL.exe
  2⤵
  PID:8768
- C:\Windows\System\ikpDpoS.exe
  C:\Windows\System\ikpDpoS.exe
  2⤵
  PID:8784
- C:\Windows\System\fotOKWX.exe
  C:\Windows\System\fotOKWX.exe
  2⤵
  PID:8800
- C:\Windows\System\abMwrQU.exe
  C:\Windows\System\abMwrQU.exe
  2⤵
  PID:8816
- C:\Windows\System\pDOEXso.exe
  C:\Windows\System\pDOEXso.exe
  2⤵
  PID:8836
- C:\Windows\System\ujzmflU.exe
  C:\Windows\System\ujzmflU.exe
  2⤵
  PID:8852
- C:\Windows\System\PuPTIZw.exe
  C:\Windows\System\PuPTIZw.exe
  2⤵
  PID:8868
- C:\Windows\System\SfeAHwb.exe
  C:\Windows\System\SfeAHwb.exe
  2⤵
  PID:8884
- C:\Windows\System\TZIZQAy.exe
  C:\Windows\System\TZIZQAy.exe
  2⤵
  PID:8900
- C:\Windows\System\ZAqTyWs.exe
  C:\Windows\System\ZAqTyWs.exe
  2⤵
  PID:8916
- C:\Windows\System\bGSvLXu.exe
  C:\Windows\System\bGSvLXu.exe
  2⤵
  PID:8932
- C:\Windows\System\CEvZkPg.exe
  C:\Windows\System\CEvZkPg.exe
  2⤵
  PID:9012
- C:\Windows\System\YPlObZm.exe
  C:\Windows\System\YPlObZm.exe
  2⤵
  PID:9028
- C:\Windows\System\kETcioF.exe
  C:\Windows\System\kETcioF.exe
  2⤵
  PID:9044
- C:\Windows\System\tlFthkF.exe
  C:\Windows\System\tlFthkF.exe
  2⤵
  PID:9060
- C:\Windows\System\ulfqFDv.exe
  C:\Windows\System\ulfqFDv.exe
  2⤵
  PID:9076
- C:\Windows\System\VgnwCkc.exe
  C:\Windows\System\VgnwCkc.exe
  2⤵
  PID:9092
- C:\Windows\System\nbrmeDo.exe
  C:\Windows\System\nbrmeDo.exe
  2⤵
  PID:9108
- C:\Windows\System\NHwGTFC.exe
  C:\Windows\System\NHwGTFC.exe
  2⤵
  PID:9124
- C:\Windows\System\ZnrVGBg.exe
  C:\Windows\System\ZnrVGBg.exe
  2⤵
  PID:9140
- C:\Windows\System\BooOhEr.exe
  C:\Windows\System\BooOhEr.exe
  2⤵
  PID:9156
- C:\Windows\System\WQOcUMp.exe
  C:\Windows\System\WQOcUMp.exe
  2⤵
  PID:9172
- C:\Windows\System\BFdZKFp.exe
  C:\Windows\System\BFdZKFp.exe
  2⤵
  PID:9188
- C:\Windows\System\OGITCHS.exe
  C:\Windows\System\OGITCHS.exe
  2⤵
  PID:9204
- C:\Windows\System\jumOtvq.exe
  C:\Windows\System\jumOtvq.exe
  2⤵
  PID:8208
- C:\Windows\System\uJKrvmy.exe
  C:\Windows\System\uJKrvmy.exe
  2⤵
  PID:7284
- C:\Windows\System\eEwKUPb.exe
  C:\Windows\System\eEwKUPb.exe
  2⤵
  PID:7836
- C:\Windows\System\WEgfZVE.exe
  C:\Windows\System\WEgfZVE.exe
  2⤵
  PID:8252
- C:\Windows\System\PniJwYA.exe
  C:\Windows\System\PniJwYA.exe
  2⤵
  PID:8240
- C:\Windows\System\DsjmvvM.exe
  C:\Windows\System\DsjmvvM.exe
  2⤵
  PID:8136
- C:\Windows\System\LWfGmle.exe
  C:\Windows\System\LWfGmle.exe
  2⤵
  PID:8312
- C:\Windows\System\JZjoBVa.exe
  C:\Windows\System\JZjoBVa.exe
  2⤵
  PID:8296
- C:\Windows\System\NEobqNu.exe
  C:\Windows\System\NEobqNu.exe
  2⤵
  PID:8360
- C:\Windows\System\mdahYhW.exe
  C:\Windows\System\mdahYhW.exe
  2⤵
  PID:8404
- C:\Windows\System\YeNwrWu.exe
  C:\Windows\System\YeNwrWu.exe
  2⤵
  PID:8420
- C:\Windows\System\eWfNMUV.exe
  C:\Windows\System\eWfNMUV.exe
  2⤵
  PID:8500
- C:\Windows\System\yHQfXIf.exe
  C:\Windows\System\yHQfXIf.exe
  2⤵
  PID:8532
- C:\Windows\System\JAbdACi.exe
  C:\Windows\System\JAbdACi.exe
  2⤵
  PID:8456
- C:\Windows\System\VtYbOaB.exe
  C:\Windows\System\VtYbOaB.exe
  2⤵
  PID:8520
- C:\Windows\System\ascJcIy.exe
  C:\Windows\System\ascJcIy.exe
  2⤵
  PID:8600
- C:\Windows\System\BFTgXti.exe
  C:\Windows\System\BFTgXti.exe
  2⤵
  PID:8664
- C:\Windows\System\juvmYXt.exe
  C:\Windows\System\juvmYXt.exe
  2⤵
  PID:8620
- C:\Windows\System\dVxMadJ.exe
  C:\Windows\System\dVxMadJ.exe
  2⤵
  PID:8728
- C:\Windows\System\XUOLNJd.exe
  C:\Windows\System\XUOLNJd.exe
  2⤵
  PID:8716
- C:\Windows\System\RSHATAV.exe
  C:\Windows\System\RSHATAV.exe
  2⤵
  PID:8744
- C:\Windows\System\HEcjCGK.exe
  C:\Windows\System\HEcjCGK.exe
  2⤵
  PID:8796
- C:\Windows\System\fBdqGXv.exe
  C:\Windows\System\fBdqGXv.exe
  2⤵
  PID:8780
- C:\Windows\System\zArqWUp.exe
  C:\Windows\System\zArqWUp.exe
  2⤵
  PID:8832
- C:\Windows\System\WhMrngk.exe
  C:\Windows\System\WhMrngk.exe
  2⤵
  PID:2572
- C:\Windows\System\zmIrFBh.exe
  C:\Windows\System\zmIrFBh.exe
  2⤵
  PID:8828
- C:\Windows\System\BZwqwyD.exe
  C:\Windows\System\BZwqwyD.exe
  2⤵
  PID:8844
- C:\Windows\System\LJCHZjG.exe
  C:\Windows\System\LJCHZjG.exe
  2⤵
  PID:8908
- C:\Windows\System\PAdihgr.exe
  C:\Windows\System\PAdihgr.exe
  2⤵
  PID:8928
- C:\Windows\System\dkUyewc.exe
  C:\Windows\System\dkUyewc.exe
  2⤵
  PID:8960
- C:\Windows\System\EVSNeCY.exe
  C:\Windows\System\EVSNeCY.exe
  2⤵
  PID:8976
- C:\Windows\System\IRnfJYV.exe
  C:\Windows\System\IRnfJYV.exe
  2⤵
  PID:8992
- C:\Windows\System\QiXhMEG.exe
  C:\Windows\System\QiXhMEG.exe
  2⤵
  PID:9000
- C:\Windows\System\ftJKDMz.exe
  C:\Windows\System\ftJKDMz.exe
  2⤵
  PID:9036
- C:\Windows\System\KTdUEAZ.exe
  C:\Windows\System\KTdUEAZ.exe
  2⤵
  PID:9052
- C:\Windows\System\SDdKZpv.exe
  C:\Windows\System\SDdKZpv.exe
  2⤵
  PID:9068
- C:\Windows\System\NBYfJZF.exe
  C:\Windows\System\NBYfJZF.exe
  2⤵
  PID:9148
- C:\Windows\System\rdlyUFy.exe
  C:\Windows\System\rdlyUFy.exe
  2⤵
  PID:9132
- C:\Windows\System\niClNDm.exe
  C:\Windows\System\niClNDm.exe
  2⤵
  PID:9164
- C:\Windows\System\qLLtftP.exe
  C:\Windows\System\qLLtftP.exe
  2⤵
  PID:9196
- C:\Windows\System\hedeyWo.exe
  C:\Windows\System\hedeyWo.exe
  2⤵
  PID:7188
- C:\Windows\System\yPUFPIC.exe
  C:\Windows\System\yPUFPIC.exe
  2⤵
  PID:8308
- C:\Windows\System\XvAEelT.exe
  C:\Windows\System\XvAEelT.exe
  2⤵
  PID:8344
- C:\Windows\System\ZiEkgTL.exe
  C:\Windows\System\ZiEkgTL.exe
  2⤵
  PID:8392
- C:\Windows\System\dtvWssd.exe
  C:\Windows\System\dtvWssd.exe
  2⤵
  PID:8484
- C:\Windows\System\uRLTXKB.exe
  C:\Windows\System\uRLTXKB.exe
  2⤵
  PID:8516
- C:\Windows\System\NJUHkqA.exe
  C:\Windows\System\NJUHkqA.exe
  2⤵
  PID:8700
- C:\Windows\System\wxszThw.exe
  C:\Windows\System\wxszThw.exe
  2⤵
  PID:8648
- C:\Windows\System\eYPsoQu.exe
  C:\Windows\System\eYPsoQu.exe
  2⤵
  PID:8732
- C:\Windows\System\DZpZDEi.exe
  C:\Windows\System\DZpZDEi.exe
  2⤵
  PID:1140
- C:\Windows\System\FGGerAp.exe
  C:\Windows\System\FGGerAp.exe
  2⤵
  PID:8776
- C:\Windows\System\KMXPjzy.exe
  C:\Windows\System\KMXPjzy.exe
  2⤵
  PID:8876
- C:\Windows\System\pMlyKzN.exe
  C:\Windows\System\pMlyKzN.exe
  2⤵
  PID:8968
- C:\Windows\System\ZgSRJXu.exe
  C:\Windows\System\ZgSRJXu.exe
  2⤵
  PID:2136
- C:\Windows\System\MHieWWf.exe
  C:\Windows\System\MHieWWf.exe
  2⤵
  PID:9024
- C:\Windows\System\ZebIuKI.exe
  C:\Windows\System\ZebIuKI.exe
  2⤵
  PID:8956
- C:\Windows\System\FeKPbWG.exe
  C:\Windows\System\FeKPbWG.exe
  2⤵
  PID:9008
- C:\Windows\System\EHeIWQc.exe
  C:\Windows\System\EHeIWQc.exe
  2⤵
  PID:9168
- C:\Windows\System\LoJdeSg.exe
  C:\Windows\System\LoJdeSg.exe
  2⤵
  PID:9200
- C:\Windows\System\RGMbtTY.exe
  C:\Windows\System\RGMbtTY.exe
  2⤵
  PID:7236
- C:\Windows\System\PcuURyt.exe
  C:\Windows\System\PcuURyt.exe
  2⤵
  PID:8568
- C:\Windows\System\InIFPxp.exe
  C:\Windows\System\InIFPxp.exe
  2⤵
  PID:8328
- C:\Windows\System\pFAwYVc.exe
  C:\Windows\System\pFAwYVc.exe
  2⤵
  PID:8696
- C:\Windows\System\CmPHsMU.exe
  C:\Windows\System\CmPHsMU.exe
  2⤵
  PID:1544
- C:\Windows\System\wgugHZP.exe
  C:\Windows\System\wgugHZP.exe
  2⤵
  PID:8896
- C:\Windows\System\jcGLiEO.exe
  C:\Windows\System\jcGLiEO.exe
  2⤵
  PID:8944
- C:\Windows\System\uehdVAP.exe
  C:\Windows\System\uehdVAP.exe
  2⤵
  PID:7996
- C:\Windows\System\iAMKdSy.exe
  C:\Windows\System\iAMKdSy.exe
  2⤵
  PID:8408
- C:\Windows\System\nrJbfYu.exe
  C:\Windows\System\nrJbfYu.exe
  2⤵
  PID:8792
- C:\Windows\System\cBoTmyA.exe
  C:\Windows\System\cBoTmyA.exe
  2⤵
  PID:8452
- C:\Windows\System\rwNVFWl.exe
  C:\Windows\System\rwNVFWl.exe
  2⤵
  PID:8204
- C:\Windows\System\cbvFmII.exe
  C:\Windows\System\cbvFmII.exe
  2⤵
  PID:9088
- C:\Windows\System\LelJaGh.exe
  C:\Windows\System\LelJaGh.exe
  2⤵
  PID:8552
- C:\Windows\System\SJEAPrp.exe
  C:\Windows\System\SJEAPrp.exe
  2⤵
  PID:8588
- C:\Windows\System\ljRVGFQ.exe
  C:\Windows\System\ljRVGFQ.exe
  2⤵
  PID:8236
- C:\Windows\System\WDevvSA.exe
  C:\Windows\System\WDevvSA.exe
  2⤵
  PID:7868
- C:\Windows\System\IElgbEJ.exe
  C:\Windows\System\IElgbEJ.exe
  2⤵
  PID:9224
- C:\Windows\System\DtQvpQh.exe
  C:\Windows\System\DtQvpQh.exe
  2⤵
  PID:9240
- C:\Windows\System\poqECrz.exe
  C:\Windows\System\poqECrz.exe
  2⤵
  PID:9256
- C:\Windows\System\KUCDOjA.exe
  C:\Windows\System\KUCDOjA.exe
  2⤵
  PID:9272
- C:\Windows\System\RxmGxzG.exe
  C:\Windows\System\RxmGxzG.exe
  2⤵
  PID:9288
- C:\Windows\System\bBDgUQX.exe
  C:\Windows\System\bBDgUQX.exe
  2⤵
  PID:9304
- C:\Windows\System\vWQxjHM.exe
  C:\Windows\System\vWQxjHM.exe
  2⤵
  PID:9320
- C:\Windows\System\CMUxnip.exe
  C:\Windows\System\CMUxnip.exe
  2⤵
  PID:9336
- C:\Windows\System\ijFZvkT.exe
  C:\Windows\System\ijFZvkT.exe
  2⤵
  PID:9352
- C:\Windows\System\VdFmCrI.exe
  C:\Windows\System\VdFmCrI.exe
  2⤵
  PID:9368
- C:\Windows\System\aRNBsBW.exe
  C:\Windows\System\aRNBsBW.exe
  2⤵
  PID:9384
- C:\Windows\System\VmAlDZx.exe
  C:\Windows\System\VmAlDZx.exe
  2⤵
  PID:9400
- C:\Windows\System\BCpKQmk.exe
  C:\Windows\System\BCpKQmk.exe
  2⤵
  PID:9416
- C:\Windows\System\TjROCbV.exe
  C:\Windows\System\TjROCbV.exe
  2⤵
  PID:9432
- C:\Windows\System\xAZrFNi.exe
  C:\Windows\System\xAZrFNi.exe
  2⤵
  PID:9448
- C:\Windows\System\UCejyfS.exe
  C:\Windows\System\UCejyfS.exe
  2⤵
  PID:9464
- C:\Windows\System\yrEPktL.exe
  C:\Windows\System\yrEPktL.exe
  2⤵
  PID:9480
- C:\Windows\System\mqLXhVp.exe
  C:\Windows\System\mqLXhVp.exe
  2⤵
  PID:9496
- C:\Windows\System\DtqBtjF.exe
  C:\Windows\System\DtqBtjF.exe
  2⤵
  PID:9512
- C:\Windows\System\NYGGChV.exe
  C:\Windows\System\NYGGChV.exe
  2⤵
  PID:9528
- C:\Windows\System\uaOxQVi.exe
  C:\Windows\System\uaOxQVi.exe
  2⤵
  PID:9544
- C:\Windows\System\JfOppyX.exe
  C:\Windows\System\JfOppyX.exe
  2⤵
  PID:9560
- C:\Windows\System\dhsIXXo.exe
  C:\Windows\System\dhsIXXo.exe
  2⤵
  PID:9576
- C:\Windows\System\hSmednf.exe
  C:\Windows\System\hSmednf.exe
  2⤵
  PID:9592
- C:\Windows\System\FBJttDi.exe
  C:\Windows\System\FBJttDi.exe
  2⤵
  PID:9608
- C:\Windows\System\lophBPX.exe
  C:\Windows\System\lophBPX.exe
  2⤵
  PID:9624
- C:\Windows\System\TFQddyW.exe
  C:\Windows\System\TFQddyW.exe
  2⤵
  PID:9640
- C:\Windows\System\FiZkeBI.exe
  C:\Windows\System\FiZkeBI.exe
  2⤵
  PID:9656
- C:\Windows\System\egTcibq.exe
  C:\Windows\System\egTcibq.exe
  2⤵
  PID:9672
- C:\Windows\System\FUDeLkI.exe
  C:\Windows\System\FUDeLkI.exe
  2⤵
  PID:9688
- C:\Windows\System\iqwwYri.exe
  C:\Windows\System\iqwwYri.exe
  2⤵
  PID:9704
- C:\Windows\System\VcKRRkT.exe
  C:\Windows\System\VcKRRkT.exe
  2⤵
  PID:9724
- C:\Windows\System\AQoCrMt.exe
  C:\Windows\System\AQoCrMt.exe
  2⤵
  PID:9740
- C:\Windows\System\aqOlUxb.exe
  C:\Windows\System\aqOlUxb.exe
  2⤵
  PID:9756
- C:\Windows\System\lQIQPwt.exe
  C:\Windows\System\lQIQPwt.exe
  2⤵
  PID:9776
- C:\Windows\System\uLWsBsf.exe
  C:\Windows\System\uLWsBsf.exe
  2⤵
  PID:9792
- C:\Windows\System\XRUIcoy.exe
  C:\Windows\System\XRUIcoy.exe
  2⤵
  PID:9808
- C:\Windows\System\djkStIe.exe
  C:\Windows\System\djkStIe.exe
  2⤵
  PID:9824
- C:\Windows\System\jUHchYD.exe
  C:\Windows\System\jUHchYD.exe
  2⤵
  PID:9840
- C:\Windows\System\zTamdAx.exe
  C:\Windows\System\zTamdAx.exe
  2⤵
  PID:9856
- C:\Windows\System\GiaorJm.exe
  C:\Windows\System\GiaorJm.exe
  2⤵
  PID:9872
- C:\Windows\System\EnTujjo.exe
  C:\Windows\System\EnTujjo.exe
  2⤵
  PID:9892
- C:\Windows\System\QcerWGW.exe
  C:\Windows\System\QcerWGW.exe
  2⤵
  PID:9908
- C:\Windows\System\fsTjTIv.exe
  C:\Windows\System\fsTjTIv.exe
  2⤵
  PID:9924
- C:\Windows\System\qaYvzwE.exe
  C:\Windows\System\qaYvzwE.exe
  2⤵
  PID:9940
- C:\Windows\System\xtWQfQD.exe
  C:\Windows\System\xtWQfQD.exe
  2⤵
  PID:9956
- C:\Windows\System\oOONWBE.exe
  C:\Windows\System\oOONWBE.exe
  2⤵
  PID:9972
- C:\Windows\System\zIzlACt.exe
  C:\Windows\System\zIzlACt.exe
  2⤵
  PID:9988
- C:\Windows\System\QpkQqqf.exe
  C:\Windows\System\QpkQqqf.exe
  2⤵
  PID:10004
- C:\Windows\System\TQZtTCd.exe
  C:\Windows\System\TQZtTCd.exe
  2⤵
  PID:10020
- C:\Windows\System\jcdsnbD.exe
  C:\Windows\System\jcdsnbD.exe
  2⤵
  PID:10036
- C:\Windows\System\aPKdwhS.exe
  C:\Windows\System\aPKdwhS.exe
  2⤵
  PID:10052
- C:\Windows\System\GdEhxEM.exe
  C:\Windows\System\GdEhxEM.exe
  2⤵
  PID:10068
- C:\Windows\System\ahTsLRA.exe
  C:\Windows\System\ahTsLRA.exe
  2⤵
  PID:10084
- C:\Windows\System\tReiQgh.exe
  C:\Windows\System\tReiQgh.exe
  2⤵
  PID:10100
- C:\Windows\System\sWbCkAc.exe
  C:\Windows\System\sWbCkAc.exe
  2⤵
  PID:10116
- C:\Windows\System\XcEyvgC.exe
  C:\Windows\System\XcEyvgC.exe
  2⤵
  PID:10132
- C:\Windows\System\uGrwcat.exe
  C:\Windows\System\uGrwcat.exe
  2⤵
  PID:10152
- C:\Windows\System\wNarjQq.exe
  C:\Windows\System\wNarjQq.exe
  2⤵
  PID:10168
- C:\Windows\System\GGbAWqQ.exe
  C:\Windows\System\GGbAWqQ.exe
  2⤵
  PID:10184
- C:\Windows\System\jTUXtMi.exe
  C:\Windows\System\jTUXtMi.exe
  2⤵
  PID:10204
- C:\Windows\System\VzaeIUO.exe
  C:\Windows\System\VzaeIUO.exe
  2⤵
  PID:10220
- C:\Windows\System\mhKcbro.exe
  C:\Windows\System\mhKcbro.exe
  2⤵
  PID:10236
- C:\Windows\System\zLYNiho.exe
  C:\Windows\System\zLYNiho.exe
  2⤵
  PID:9252
- C:\Windows\System\ppnbdPO.exe
  C:\Windows\System\ppnbdPO.exe
  2⤵
  PID:9284
- C:\Windows\System\TSthZLG.exe
  C:\Windows\System\TSthZLG.exe
  2⤵
  PID:9312
- C:\Windows\System\DdMxtCW.exe
  C:\Windows\System\DdMxtCW.exe
  2⤵
  PID:2148
- C:\Windows\System\NpILmWx.exe
  C:\Windows\System\NpILmWx.exe
  2⤵
  PID:9268
- C:\Windows\System\uQPznfC.exe
  C:\Windows\System\uQPznfC.exe
  2⤵
  PID:9364
- C:\Windows\System\biGItIR.exe
  C:\Windows\System\biGItIR.exe
  2⤵
  PID:9296
- C:\Windows\System\RBvkpJN.exe
  C:\Windows\System\RBvkpJN.exe
  2⤵
  PID:9408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BxZSTMO.exe

Filesize
6.0MB

MD5
5cdff5129052f4bfda99327f21cc257b

SHA1
11bcc1a32acd7b6c5e82257cb0bddbace2715424

SHA256
1b5d752a5faf26b71e721ab9fef5469bf291dee82dce82217bfb4562d1ce00c3

SHA512
328f7ca962c50df8a6c5d2176101c911982e31702587490d1302525b936d51a355521c643e13fe7f565ea02998ff9c5edca504a4736681dfa152e9dfc94061b3

Download Submit
C:\Windows\system\FxxfouX.exe

Filesize
6.0MB

MD5
d2e04cdf0560bf67c9440549d89cb774

SHA1
6aa25015bccea8e4b3f6d3d4c8f4ad792a972425

SHA256
4dbd6924e04953be2739b976e28bb4cf82869fef9ed264d9229ff15684d700f9

SHA512
0ebea5bb17d6e4f9fee388bac489aeb37d88064e61e5683d588ad5d1513fd03f4f6b658825df577c1f09da4a4c7c277152ec6b0fda5092610616298d2578cc09

Download Submit
C:\Windows\system\GLQNrZt.exe

Filesize
6.0MB

MD5
1692277d4b53731c6d988966fc0ea6ed

SHA1
97dc5dc0815700b8288977c4083c3c345bfc9e70

SHA256
1857e742761a699a0ee4b7b861d8a1f21faf90adbcf8013a68774060015d61fd

SHA512
9a853976295756af4a6c8ae1b12293bc860c47259e546c7e4d1584944208b884f0fcdae8014aecc1a5da716ead8d03b2b3dfedfc2cdc0a68ef64fe819b91f6b2

Download Submit
C:\Windows\system\GnqmBqT.exe

Filesize
6.0MB

MD5
7ad97f4dd6f1cc041052120eb5d934d1

SHA1
cd885ffdc93d8d282d19ec2ff8a9b7a3acea5ee9

SHA256
c8c53fb0db47de34fcba26615f891f4b3b2f1e60ecd2445b68a0b5db5e919b76

SHA512
8bc67fcb8b5c0470b231a6335cd6dbe587a741d9916b708dd5f00b1e0c2a9f918fa7b39a393d95ee64f7a0e7603419d27847fb752ccbb47187744f80a21d7979

Download Submit
C:\Windows\system\HaruqxJ.exe

Filesize
6.0MB

MD5
cdf4c9f09018f69667a58b5cae3f57a7

SHA1
49b8c5821952015b7180fcd76ed3a90cdee8871c

SHA256
29af1837e7038b30feacd8a77308c42ca2a7f427392671a2f1182e90ee2ce1b4

SHA512
b3f7d8eedc61032c0106e19844b2fa8b038c47012461ab480be298aef9c2114c49561315e9b7c4990b88dde96d49fdc52ad1b7eaa43fb8ff9fb1aa4321972dfe

Download Submit
C:\Windows\system\JJnXWDd.exe

Filesize
6.0MB

MD5
cd77bcdbb0df6872cd40bbae5bf3dc9b

SHA1
856914345521aa1fc9372ac203ee50a91e68b7b1

SHA256
efa3a11a2f492131fd445d02408ab7471dbd6d4a0f9855d2a06457442b04e4ce

SHA512
4954d8375722aa587c8ea300a82e35b7e9e6a55f38ba45aabb516607bbadd2d27a4fc4b6ae4059e0035164d628a3e0fb8d469d257da873c55c0ec23361357546

Download Submit
C:\Windows\system\MBlkcQH.exe

Filesize
6.0MB

MD5
1ad307f26f73a38d5a5354be583fb9bc

SHA1
c114b821fe98400b6d9191dede8596c1b6be92ad

SHA256
00f7f05b404b4ac7fee085eed3762c920da9ea6ca6b12763f2b02b3239d7e941

SHA512
c280b49303cda52b57eb3b637fb6fd1a721ea861cc233d4247ae0a7b03da451df4c9c2bfc797d0196d6554a419baa30fdbfa4d9e63f37562120b9a321e8cb7ad

Download Submit
C:\Windows\system\MEqSJff.exe

Filesize
6.0MB

MD5
3a88d9eb184d00d803b07393329b08bc

SHA1
f3d2716b548b6221e5a4833d71fdc1d51e91af9f

SHA256
f26d88b8ef7523e6631e7c5f0cf1bd137b0f56af4c315a507f1388e7ac9644d3

SHA512
14635e3605d83aed625f65b654039b69ceaba916e88972e3c8b849e65dba64cf767f2f7455b377ddac4584db2b59caceb1960296d3ff248f82f44687bee6870a

Download Submit
C:\Windows\system\NGmOkAx.exe

Filesize
6.0MB

MD5
576f8a01663a0e978919da4f8eb144fd

SHA1
a25f85f8c517055e03e929715eaa626e300ba2de

SHA256
03df6b33373385478c728e1e3d7e84ede8f8a60187e9048fc0eb53f48527da63

SHA512
55ac5cef54bf9cfc48468a17cbcbc944556aaaf6c3a28fa35d5b391665760f652ac41c53f5288066d7b0b3f8cee68e390d12c1646522073b94fc912719af9319

Download Submit
C:\Windows\system\PVdveME.exe

Filesize
6.0MB

MD5
687f2e43526b6951c8f0f0574c8c877b

SHA1
6324fa4b62ad7eadf9a6aa642a59773fa98a6740

SHA256
5c5f2844d61a9e8ea84703245a5397f77d5a1a11f6fb6362d8a129d0dc1d5b64

SHA512
1bd8b2927df4a386ee67590e3fb1d65f17dcc4fb9c251611852c8fb2794beb15a146f597d0b796420e6c726933dd6b74526a022125f894f7efbb61c4d1cc1709

Download Submit
C:\Windows\system\PuswYFF.exe

Filesize
6.0MB

MD5
b48548fa479fb7852fcf785f68f98272

SHA1
0aae1a41445a7fe81176d58030761ad36ec5b464

SHA256
905e8b41e6c3343b82486632e0decd2ae7ea387cabf3196c8b73fe4109b4215b

SHA512
87241b9728e4d3586b01befc1ef1145f72a8cf180dd6cfcf5c4ebd7d99d3624f9fd1acbdcc9a0d99794d135a2884293544eab3e2caa6ed978516492dc4804f32

Download Submit
C:\Windows\system\QZyFDLs.exe

Filesize
6.0MB

MD5
4bbb894e234276dc918e9e0f11b59fb2

SHA1
d7661705ecccbe1156efe429d9daf3ff03c2d630

SHA256
fc23a38a94cc30c22ce0dd7baba3915508fa2278db6a769ffacccc0b4367028d

SHA512
82150d05e0ff5d768ffb21ca78bbc858e998cc248e193efe9765295b169f15a9267272a952a937df8e246fb0e3baf3881eee84c0a3ae34c5fcef7f6bd85acba9

Download Submit
C:\Windows\system\QmqHrWI.exe

Filesize
6.0MB

MD5
ff330af11b14db0790c5c1d6e0981def

SHA1
10337cdc30195c155db30bca73edaf37c927dd51

SHA256
5e98319eb162d87abd8f91f6aecc95a44460835d4e0d4ff3d496d8bbffc704f9

SHA512
6f2ed0b82a54bcf94edeab0e1f6438c5d3c969acf4352bdea8aa258aaf9439b319674a2a26593de4ddce97d7c5d92b1976df248173c51ac89ee0d716bd32463b

Download Submit
C:\Windows\system\RPKCORz.exe

Filesize
6.0MB

MD5
6ed913d390102ed685e543a27016fbb3

SHA1
3e650d1ddcff168ee2c770436d850b9c6cadcabb

SHA256
f3d23de8f4a16435b5262576a614228be8edc914e12a1860665e6d39d832eac7

SHA512
e386dc6c9ff611b7ded74d8706bc4c2d17940cb3b4eb17405cabb4b0c244497ada601f18f622a14ec0e219b87b858b6a605af5a2ef5fb61a271ead4b6e3b5483

Download Submit
C:\Windows\system\RikzTbJ.exe

Filesize
6.0MB

MD5
70602fc9fa611781a6c14f36ea107738

SHA1
57bbd06e7d969a505a45d91713ca1ee1f61fb504

SHA256
50a491c623e3430ccff6359ef1871d7440efec0964ea08cff084cbfc190bcaa4

SHA512
ed9437670528b580187530c5a35fc7b0dfa9de48de5a8058fffb3cf218277baf5085eef6bda03c2afdb671fb77204f3458f2c506cbd42a93815e1f1d893f7df9

Download Submit
C:\Windows\system\VFdhxOp.exe

Filesize
6.0MB

MD5
8e70b4c4c89ba4fed4ed47c2a0ac790b

SHA1
b8daad17eea4e09489def8ed2fe22c84d933126a

SHA256
2eaabd83c88056c1dc30bbc04342e9ad2441872d1fc91ee8137868fcc3d59c57

SHA512
e635a6f8bd4d0efe6a62f3c729542db10e4dbb9e1007cb5a9fe8d0aeeb6485bcfc37de7c88858d3fec3c8f3b0f0614bcb218ca44d26d152b278bcc0eb1b3d0d0

Download Submit
C:\Windows\system\VUEBtmy.exe

Filesize
6.0MB

MD5
345a3b864755b46f595d4cec3ab8f470

SHA1
848c11cf43a1ada1155da9d9aae1de069d50d8c6

SHA256
2890d60863eef5ff5415bdf5892cd00c80d82377f0159adfed118a9eb272b22e

SHA512
8cf39af67652dfb136712e5c6f4ffeba6baf339dd4368677acc7d03beeba2c63d09e128e827f04f3438d2cf9d083095ffbcd10f540e6f7e5f56c5cfbfe7ea745

Download Submit
C:\Windows\system\VZOvZeK.exe

Filesize
6.0MB

MD5
0d7a00f4f6282590bc9a22438eebeca7

SHA1
46c091c6a8ef297b173368e8fbb018649a48ffe9

SHA256
165e482ab6f47c2f10195733a57fbcf776bf62cc6a4801c94c410aa870e36354

SHA512
52d1e168e5fe95674a398727ebeb64c50f1e8dbb1a7db5bc14d541991a61d3efebd0fb305721db9a4eff2fa000b443237669056f962df1053bdd538e046557b5

Download Submit
C:\Windows\system\VtkEFpQ.exe

Filesize
6.0MB

MD5
52be061852e1ceca7eca53aef2bad994

SHA1
691d72391afe27db6835482481224fe3bcab129e

SHA256
e3825b0e30d2ba63cde31b8d6a2570b7a9d6c12a705ab34f210c55b1e8655eeb

SHA512
01f73b06cce484751948fe9ab6f3f4cedd84f675f1b75b732f1764dc3f1edd5d891e97056ef83140b1d332c0fae811f8e9e5e7b714dee3b25b582063e03acada

Download Submit
C:\Windows\system\YpjFnbS.exe

Filesize
6.0MB

MD5
a3882647377b0d1a181840773614a9b7

SHA1
a0f1198011bdb07d5e54f579495e8429c6e2b0b7

SHA256
163968cb25c9edba4bcc8feb046667160fb44af55fb169e36e8a596751f89a0c

SHA512
21fe4f2c7d1c351ef0fa1dfbb897881ace9bccc44223097a46fe021c16c7b469295d937825d9ca83ea60f3b6c366c901131b30a6b7e10545d7c8c7b2ff615965

Download Submit
C:\Windows\system\attHDxl.exe

Filesize
6.0MB

MD5
092face814a095e44f1c046cd6f10268

SHA1
c59b83043ba6df9e7228a21c2fb792c49d73df54

SHA256
5f69c35d07084ab88fc8f6f4c3cdb8c11eb8c93533d7a68a062e3ce148f3c182

SHA512
c7abd09e2e8b3e644f5b5d6a7a444b098405e03bb8b6172e40900c7d291330217ef358d859dba6c070512b9908c64a8254279f99b85234036b9848fac6b8024a

Download Submit
C:\Windows\system\ecVHyqP.exe

Filesize
6.0MB

MD5
c4a36fc068a68f9e80799ac5ef0752a1

SHA1
3d0e409f5f30082fb35b1208c8dd5bae1181d5e9

SHA256
99e1363ab8a54793a0469dda7e563bb3f6a52d550c90ae751b67110c06592112

SHA512
d98b8196c83a7465881e44d1def3ea1921be303a8450cf24e2102d7029c890af27fdea8ba6b6acfa1c063a2b16a6092ed7100ffa8c00b33fed91c9b1a71321b8

Download Submit
C:\Windows\system\fTAWgNd.exe

Filesize
6.0MB

MD5
f26b4558f58a35840cdb8423532c99c1

SHA1
3772b289899b1986adfc741e532f8e4c8f01b307

SHA256
99548eeed97c9b3013fe96ea779222a6b0c39f2c11ce6a004d29dbfc857ac48c

SHA512
01e43abc9460f648a9705781b2ba1a8b0f620f837319b8e459ee5fe916b757438b1fcd0194442bcdda46b7f58dbd3cc552b744e76dfd726d9804f765e23b97c2

Download Submit
C:\Windows\system\fjUJtkW.exe

Filesize
6.0MB

MD5
86d8725b39d1d2eb03c5c705d01e0d85

SHA1
af0341b634ebdf7a7667a1f55c97bdd83dba2d71

SHA256
de75bb4555acd7a7c036ea5e10a50e55fffad40c0753bdab9a4bced2ea1ede20

SHA512
7f427eb72d78e854c6a8e179ffdbd5fcdb2e6a49147a20a220fa3d263a1a69194d29892e03e137e8a0dbed49b7b3dbb24f1102baf3e715f2a7f6218527cc00bc

Download Submit
C:\Windows\system\jDZYgcN.exe

Filesize
6.0MB

MD5
854fc3c4ec9dd27779c9f8aeeafb1034

SHA1
03acec42fd15e52bbb1cb045a4b1c2c9bf809d24

SHA256
dd6b1cf910d8157e73efdfe982610115f6d610092e67c204ba76928f775088c8

SHA512
a98957b39e1c7e643e339f36892fa402272cd6943e01e8aa1e209667d504852a364a7eb4ddf1e9cbfbf303a0a9751682bcea7732158bb80e0b19e5cdcbd99374

Download Submit
C:\Windows\system\sZjwaGl.exe

Filesize
6.0MB

MD5
095b8ae9fa802d9f2c0d463ed5ce35cd

SHA1
8bfbccc19d5ca1eb416d5cba9bd585efe91c471d

SHA256
7e11fd6129cff8d5f5ebc3337d74faa505bf5f9d5be19ff84671558d5cc6f0df

SHA512
fdc05b236f8b30de000ae72ebc67b8d2277fe39b8070f145321455645c20302c53cbbc958d8445dbc77c48e92f083edfe1258af561da3a7da0e1c4c839447e05

Download Submit
C:\Windows\system\shweClo.exe

Filesize
6.0MB

MD5
f24b16d20a54163095fe2d5c1aa15c65

SHA1
976665fea90ed2d0580c3edfe59baaa7ace6b2ee

SHA256
377965f740c9eda2b255c20da92f91528ce8c58b32c3215821e84c556953aae8

SHA512
44e26ce15b1d55ff3897bc3a6496809c73a312e2ba6fb14cb4f2b6326617a28d773d178bb41a651f9f2eba683184f8423b27a487a9f82a5a17ac0fad4f47b4f8

Download Submit
C:\Windows\system\tJmPcsG.exe

Filesize
6.0MB

MD5
5e9c9d602812f0a390b9a9610311c62c

SHA1
ff13be798f04eeec092e2a2e81a5b15c6144b9d3

SHA256
0388b214850f98de72e4f20dd6b00f2c4e14996e303d5d81d7f15a15c9528e8b

SHA512
b9eb8b34216dcfea0f1f6f3fdb4e7c540c7fbf65f9243887e4749f3a1d39f1e09c4b090d7fb0074fd00ddd1e9b129a82417427205591ee5a388ae53159b771e7

Download Submit
C:\Windows\system\uTMmFvs.exe

Filesize
6.0MB

MD5
05b9f9394c8f76111865f439d89bf609

SHA1
23026a623e35126a85623c07677a7f7d7862ceeb

SHA256
17c0e0b3949f6698798aee9effc624b8935d21ee658b9c0c109e97a1bca40c18

SHA512
84a2b1a5373f0a8dde2eb617418b27cf7bebd40de90b421ff2231ad3af9edbba046cb9e1f8af72fba9f3f990365e29ca39253031e2703bcb52f36b995c216c43

Download Submit
C:\Windows\system\vrIYJPA.exe

Filesize
6.0MB

MD5
78b303aa37d6be0b22a2b9c61d7bc769

SHA1
e46c4ad3012209575a7456a23efdd3cfb0af7611

SHA256
5d0495bc2d5f681cfaec9bb5db3a1c834f3b615cde6ee1503bb2c36295c050d7

SHA512
fc9435531721bea5bf5ba56cd083966727901217ec07f412f758dce31e6afb474e3e614a6aeb2f61e0fb15eeb91e72588bda71f824f46d52b626a410ad81f6fa

Download Submit
\Windows\system\iUWSnzd.exe

Filesize
6.0MB

MD5
e8ceaebcc32dec4a320e5e379be96c48

SHA1
201704794e3646301438540a58169b4b9ebf3aed

SHA256
647839fd0b5fda571b0f3aa14c9d7c77ef6e278f929e50572f46364df90ba900

SHA512
70f61b4aec7953b2c09125822b2652528b17c97c066380464ba0a7efcc898099758f0d6e75f176ef1d5e72a9a681be169a5a5c93c439f47df5517c0a23e14060

Download Submit
\Windows\system\pNCTMgx.exe

Filesize
6.0MB

MD5
e77e9688f3b8067e00dab82dc4c601d4

SHA1
632ea03f0cfba07923e3360a6f41e8857daafc7b

SHA256
a5b6b9835d07c777e7e400d890e2cdcf8974eec55b668b27a805511cc0c45d8d

SHA512
277f64fe833c8f8ba67c6f2ac1176f97ec90e2ad051bcdc8c7d2eea0d49a6617afe228effeb23949c158709d73f2efcd59445a1e55d98cbe4125e3457059a933

Download Submit
memory/1376-1798-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/1376-604-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1728-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2116-592-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2248-851-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2248-605-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2248-601-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2248-599-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2248-597-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2248-12-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2248-14-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2248-793-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2248-0-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1074-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1063-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1056-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1042-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1035-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1089-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1031-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1071-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1059-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1039-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2248-20-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1024-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2248-587-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2248-798-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2248-595-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-606-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2248-593-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2248-603-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2248-591-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2248-589-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2260-1622-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2260-16-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2356-21-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2356-1687-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2356-921-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2460-590-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2460-1727-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2476-1793-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2476-602-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2632-598-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2632-1792-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2688-600-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1782-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2712-15-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-1623-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1824-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-586-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-596-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-1758-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-585-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2876-1678-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2892-1710-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-588-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-1729-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-594-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download