cobaltstrike | ab834dd25723d64868e6536ff78458b17aca42c76bcb0123381ec07786c7c984

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-01-2025 06:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

70d2591685a986333d81df0bc8cb7d3e
SHA1

35f9f2a02f483f991e5dbb7760d155720738b635
SHA256

ab834dd25723d64868e6536ff78458b17aca42c76bcb0123381ec07786c7c984
SHA512

b515856416b7e1935938b3d5cd4a6c8b015ef19552823fb34be3f113335ca9ea2bfe81342d36bce4e619c7519fb3e913e340ed6fa520992a9581cab2801a0dd9
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUb:T+q56utgpPF8u/7b

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000015cfd-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d07-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d19-27.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000012102-6.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019238-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193ec-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019417-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c8-167.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d4-164.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938b-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019399-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019280-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941a-175.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b7-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925d-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019220-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191fd-115.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190c9-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878d-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001867d-112.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018657-102.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015da1-100.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d68-76.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186c8-71.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018662-70.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c9b-54.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d70-53.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-89.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190c6-87.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d48-35.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2756-0-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015cfd-12.dat	xmrig
behavioral1/files/0x0008000000015d07-11.dat	xmrig
behavioral1/memory/2700-13-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2840-23-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d19-27.dat	xmrig
behavioral1/memory/2756-19-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/3024-18-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x0008000000012102-6.dat	xmrig
behavioral1/memory/840-90-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x0005000000019238-126.dat	xmrig
behavioral1/memory/3024-634-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2812-1336-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2108-1329-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2840-1301-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2756-631-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193ec-174.dat	xmrig
behavioral1/files/0x0005000000019417-171.dat	xmrig
behavioral1/files/0x00050000000193c8-167.dat	xmrig
behavioral1/files/0x00050000000193d4-164.dat	xmrig
behavioral1/files/0x00050000000193c1-158.dat	xmrig
behavioral1/files/0x000500000001938b-153.dat	xmrig
behavioral1/files/0x0005000000019399-150.dat	xmrig
behavioral1/files/0x0005000000019280-144.dat	xmrig
behavioral1/files/0x0005000000019263-138.dat	xmrig
behavioral1/files/0x000500000001941a-175.dat	xmrig
behavioral1/files/0x00050000000193b7-157.dat	xmrig
behavioral1/files/0x0005000000019278-142.dat	xmrig
behavioral1/files/0x000500000001925d-134.dat	xmrig
behavioral1/files/0x0005000000019240-130.dat	xmrig
behavioral1/files/0x0005000000019220-122.dat	xmrig
behavioral1/files/0x0005000000019217-118.dat	xmrig
behavioral1/files/0x00050000000191fd-115.dat	xmrig
behavioral1/files/0x00060000000190c9-114.dat	xmrig
behavioral1/files/0x000500000001878d-113.dat	xmrig
behavioral1/files/0x000500000001867d-112.dat	xmrig
behavioral1/memory/2548-110-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2756-108-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2576-107-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x0014000000018657-102.dat	xmrig
behavioral1/files/0x0008000000015da1-100.dat	xmrig
behavioral1/memory/2280-99-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2052-98-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/1020-77-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d68-76.dat	xmrig
behavioral1/files/0x00050000000186c8-71.dat	xmrig
behavioral1/files/0x000d000000018662-70.dat	xmrig
behavioral1/files/0x0008000000016c9b-54.dat	xmrig
behavioral1/files/0x0007000000015d70-53.dat	xmrig
behavioral1/files/0x00050000000191f3-89.dat	xmrig
behavioral1/files/0x00060000000190c6-87.dat	xmrig
behavioral1/files/0x0007000000015d48-35.dat	xmrig
behavioral1/memory/2596-66-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2812-46-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2108-39-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2576-3862-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/3024-3863-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2812-3864-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/840-3866-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2700-3865-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2108-3870-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/1020-3869-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2840-3871-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2548-3872-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2700	OIsxDeP.exe
3024	PpCezJc.exe
2840	LujkGnl.exe
2108	KBAISkZ.exe
2812	KuTwNNs.exe
2576	claUZTj.exe
2596	FfdICCL.exe
1020	cbOZSyD.exe
840	AzDbeqt.exe
2548	GObWyVW.exe
2052	oECCNbR.exe
2280	yfkkZZY.exe
2272	tPznvMV.exe
560	RmXQkDM.exe
1408	dWMASmo.exe
2148	zdlageQ.exe
2144	BWRgSlU.exe
672	vTMrVHQ.exe
2972	SWRpDEP.exe
2720	CAVUzKE.exe
2612	uXBuuva.exe
352	wRJMXbJ.exe
308	bxEOHcg.exe
2208	gQOTnqe.exe
2036	InYBopw.exe
444	IRLxspm.exe
1932	CqmJJQV.exe
1324	WMXEikz.exe
1192	vwDOvbm.exe
1468	TQFzYeh.exe
2624	VXjnzep.exe
1660	iqoxjQL.exe
1924	fFApfLv.exe
808	wghFzhv.exe
3060	JFDiigV.exe
2244	FspkrNc.exe
1360	nUOztow.exe
1000	cJZuxal.exe
1860	BDCXCDL.exe
2040	OwUIbEK.exe
3020	dOGwZIo.exe
1532	YseOWNS.exe
2632	woPpnLl.exe
2816	vNrlxHj.exe
2584	ZngleIl.exe
1976	PkCIsJu.exe
2220	dvGAihM.exe
2120	GLinKWW.exe
2020	kffIkvb.exe
2832	YXRmfGJ.exe
2504	ELKDofq.exe
1248	XLAwQhb.exe
1508	iSMbfkf.exe
328	fwdCnun.exe
1188	PHyGZfh.exe
1224	KNbKGma.exe
912	DTRJiwK.exe
1652	uPdMdpx.exe
2628	JhWsgJP.exe
2472	GYaCfor.exe
1636	xbKbGka.exe
2292	hpdDxfh.exe
2384	TXWDwDy.exe
2192	fyQAbVf.exe

Loads dropped DLL 64 IoCs

pid	Process
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2756-0-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/files/0x0008000000015cfd-12.dat	upx
behavioral1/files/0x0008000000015d07-11.dat	upx
behavioral1/memory/2700-13-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2840-23-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x0008000000015d19-27.dat	upx
behavioral1/memory/3024-18-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x0008000000012102-6.dat	upx
behavioral1/memory/840-90-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x0005000000019238-126.dat	upx
behavioral1/memory/3024-634-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2812-1336-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2108-1329-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2840-1301-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2756-631-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/files/0x00050000000193ec-174.dat	upx
behavioral1/files/0x0005000000019417-171.dat	upx
behavioral1/files/0x00050000000193c8-167.dat	upx
behavioral1/files/0x00050000000193d4-164.dat	upx
behavioral1/files/0x00050000000193c1-158.dat	upx
behavioral1/files/0x000500000001938b-153.dat	upx
behavioral1/files/0x0005000000019399-150.dat	upx
behavioral1/files/0x0005000000019280-144.dat	upx
behavioral1/files/0x0005000000019263-138.dat	upx
behavioral1/files/0x000500000001941a-175.dat	upx
behavioral1/files/0x00050000000193b7-157.dat	upx
behavioral1/files/0x0005000000019278-142.dat	upx
behavioral1/files/0x000500000001925d-134.dat	upx
behavioral1/files/0x0005000000019240-130.dat	upx
behavioral1/files/0x0005000000019220-122.dat	upx
behavioral1/files/0x0005000000019217-118.dat	upx
behavioral1/files/0x00050000000191fd-115.dat	upx
behavioral1/files/0x00060000000190c9-114.dat	upx
behavioral1/files/0x000500000001878d-113.dat	upx
behavioral1/files/0x000500000001867d-112.dat	upx
behavioral1/memory/2548-110-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2576-107-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x0014000000018657-102.dat	upx
behavioral1/files/0x0008000000015da1-100.dat	upx
behavioral1/memory/2280-99-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2052-98-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/1020-77-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x0007000000015d68-76.dat	upx
behavioral1/files/0x00050000000186c8-71.dat	upx
behavioral1/files/0x000d000000018662-70.dat	upx
behavioral1/files/0x0008000000016c9b-54.dat	upx
behavioral1/files/0x0007000000015d70-53.dat	upx
behavioral1/files/0x00050000000191f3-89.dat	upx
behavioral1/files/0x00060000000190c6-87.dat	upx
behavioral1/files/0x0007000000015d48-35.dat	upx
behavioral1/memory/2596-66-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2812-46-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2108-39-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2576-3862-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/3024-3863-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2812-3864-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/840-3866-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2700-3865-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2108-3870-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/1020-3869-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2840-3871-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2548-3872-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2280-3874-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2052-3873-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tRoFebt.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\exUiIim.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Czaziqg.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KtGsZpK.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JIHnWGE.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lvoNJBK.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZeoSJhT.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZKbrOIx.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\imiziim.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\StEtpUl.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KLbPmlY.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYhErTk.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gdUuprw.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\elsAoBl.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MDDOLid.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OEOAqPs.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ggVPIoo.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wghFzhv.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZBrpjtH.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dNiBbUK.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DvOWSWZ.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OyAIrYo.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPJImyz.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xBixrCu.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZlTYHLV.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XAeiHtK.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BgtNHjc.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BTOsEAd.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oemBtbE.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PfpZbwQ.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBNbBeo.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iSMbfkf.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ulZjGrG.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMQVSNe.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMighjp.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qiqeuiw.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OCsoLnq.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjRFQrz.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pVWQJes.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ppsWFln.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NCMvaLu.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cQzObGU.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TOwWuVS.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GYaCfor.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xdGWjsa.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kMiJQqq.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gxvkxjl.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ihFKZJa.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aaxgDAZ.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SOpDkqQ.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dWMASmo.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YsxWsSt.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zRpjedK.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPNRmwz.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TfelEtd.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdvZYXX.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TaveTpX.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tetEtaY.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TPBXMXC.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RsvlwJP.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LuqVbvD.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dsFtAjZ.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dRKZFey.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTYIJih.exe	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2700	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2756 wrote to memory of 2700	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2756 wrote to memory of 2700	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2756 wrote to memory of 3024	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2756 wrote to memory of 3024	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2756 wrote to memory of 3024	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2756 wrote to memory of 2840	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2756 wrote to memory of 2840	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2756 wrote to memory of 2840	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2756 wrote to memory of 2108	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2756 wrote to memory of 2108	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2756 wrote to memory of 2108	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2756 wrote to memory of 2812	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2756 wrote to memory of 2812	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2756 wrote to memory of 2812	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2756 wrote to memory of 2548	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2756 wrote to memory of 2548	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2756 wrote to memory of 2548	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2756 wrote to memory of 2576	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2756 wrote to memory of 2576	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2756 wrote to memory of 2576	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2756 wrote to memory of 2272	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2756 wrote to memory of 2272	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2756 wrote to memory of 2272	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2756 wrote to memory of 2596	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2756 wrote to memory of 2596	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2756 wrote to memory of 2596	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2756 wrote to memory of 560	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2756 wrote to memory of 560	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2756 wrote to memory of 560	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2756 wrote to memory of 1020	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2756 wrote to memory of 1020	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2756 wrote to memory of 1020	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2756 wrote to memory of 1408	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2756 wrote to memory of 1408	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2756 wrote to memory of 1408	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2756 wrote to memory of 840	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2756 wrote to memory of 840	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2756 wrote to memory of 840	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2756 wrote to memory of 2148	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2756 wrote to memory of 2148	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2756 wrote to memory of 2148	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2756 wrote to memory of 2052	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2756 wrote to memory of 2052	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2756 wrote to memory of 2052	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2756 wrote to memory of 2144	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2756 wrote to memory of 2144	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2756 wrote to memory of 2144	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2756 wrote to memory of 2280	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2756 wrote to memory of 2280	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2756 wrote to memory of 2280	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2756 wrote to memory of 672	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2756 wrote to memory of 672	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2756 wrote to memory of 672	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2756 wrote to memory of 2972	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2756 wrote to memory of 2972	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2756 wrote to memory of 2972	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2756 wrote to memory of 2720	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2756 wrote to memory of 2720	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2756 wrote to memory of 2720	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2756 wrote to memory of 2612	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2756 wrote to memory of 2612	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2756 wrote to memory of 2612	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2756 wrote to memory of 352	2756	2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-28_70d2591685a986333d81df0bc8cb7d3e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Windows\System\OIsxDeP.exe
  C:\Windows\System\OIsxDeP.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\PpCezJc.exe
  C:\Windows\System\PpCezJc.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\LujkGnl.exe
  C:\Windows\System\LujkGnl.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\KBAISkZ.exe
  C:\Windows\System\KBAISkZ.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\KuTwNNs.exe
  C:\Windows\System\KuTwNNs.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\GObWyVW.exe
  C:\Windows\System\GObWyVW.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\claUZTj.exe
  C:\Windows\System\claUZTj.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\tPznvMV.exe
  C:\Windows\System\tPznvMV.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\FfdICCL.exe
  C:\Windows\System\FfdICCL.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\RmXQkDM.exe
  C:\Windows\System\RmXQkDM.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\cbOZSyD.exe
  C:\Windows\System\cbOZSyD.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\dWMASmo.exe
  C:\Windows\System\dWMASmo.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\AzDbeqt.exe
  C:\Windows\System\AzDbeqt.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\zdlageQ.exe
  C:\Windows\System\zdlageQ.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\oECCNbR.exe
  C:\Windows\System\oECCNbR.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\BWRgSlU.exe
  C:\Windows\System\BWRgSlU.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\yfkkZZY.exe
  C:\Windows\System\yfkkZZY.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\vTMrVHQ.exe
  C:\Windows\System\vTMrVHQ.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\SWRpDEP.exe
  C:\Windows\System\SWRpDEP.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\CAVUzKE.exe
  C:\Windows\System\CAVUzKE.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\uXBuuva.exe
  C:\Windows\System\uXBuuva.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\wRJMXbJ.exe
  C:\Windows\System\wRJMXbJ.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\bxEOHcg.exe
  C:\Windows\System\bxEOHcg.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\gQOTnqe.exe
  C:\Windows\System\gQOTnqe.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\InYBopw.exe
  C:\Windows\System\InYBopw.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\dvGAihM.exe
  C:\Windows\System\dvGAihM.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\IRLxspm.exe
  C:\Windows\System\IRLxspm.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\kffIkvb.exe
  C:\Windows\System\kffIkvb.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\CqmJJQV.exe
  C:\Windows\System\CqmJJQV.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\ELKDofq.exe
  C:\Windows\System\ELKDofq.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\WMXEikz.exe
  C:\Windows\System\WMXEikz.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\iSMbfkf.exe
  C:\Windows\System\iSMbfkf.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\vwDOvbm.exe
  C:\Windows\System\vwDOvbm.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\fwdCnun.exe
  C:\Windows\System\fwdCnun.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\TQFzYeh.exe
  C:\Windows\System\TQFzYeh.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\KNbKGma.exe
  C:\Windows\System\KNbKGma.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\VXjnzep.exe
  C:\Windows\System\VXjnzep.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\DTRJiwK.exe
  C:\Windows\System\DTRJiwK.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\iqoxjQL.exe
  C:\Windows\System\iqoxjQL.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\uPdMdpx.exe
  C:\Windows\System\uPdMdpx.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\fFApfLv.exe
  C:\Windows\System\fFApfLv.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\GYaCfor.exe
  C:\Windows\System\GYaCfor.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\wghFzhv.exe
  C:\Windows\System\wghFzhv.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\xbKbGka.exe
  C:\Windows\System\xbKbGka.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\JFDiigV.exe
  C:\Windows\System\JFDiigV.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\hpdDxfh.exe
  C:\Windows\System\hpdDxfh.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\FspkrNc.exe
  C:\Windows\System\FspkrNc.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\TXWDwDy.exe
  C:\Windows\System\TXWDwDy.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\nUOztow.exe
  C:\Windows\System\nUOztow.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\fyQAbVf.exe
  C:\Windows\System\fyQAbVf.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\cJZuxal.exe
  C:\Windows\System\cJZuxal.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\DpKphib.exe
  C:\Windows\System\DpKphib.exe
  2⤵
  PID:2024
- C:\Windows\System\BDCXCDL.exe
  C:\Windows\System\BDCXCDL.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\xXymAHm.exe
  C:\Windows\System\xXymAHm.exe
  2⤵
  PID:880
- C:\Windows\System\OwUIbEK.exe
  C:\Windows\System\OwUIbEK.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\ORuFrsP.exe
  C:\Windows\System\ORuFrsP.exe
  2⤵
  PID:3068
- C:\Windows\System\dOGwZIo.exe
  C:\Windows\System\dOGwZIo.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\pDIvTMC.exe
  C:\Windows\System\pDIvTMC.exe
  2⤵
  PID:1644
- C:\Windows\System\YseOWNS.exe
  C:\Windows\System\YseOWNS.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\GJNinvY.exe
  C:\Windows\System\GJNinvY.exe
  2⤵
  PID:2676
- C:\Windows\System\woPpnLl.exe
  C:\Windows\System\woPpnLl.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\OLVZfzf.exe
  C:\Windows\System\OLVZfzf.exe
  2⤵
  PID:2716
- C:\Windows\System\vNrlxHj.exe
  C:\Windows\System\vNrlxHj.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\IZtsChd.exe
  C:\Windows\System\IZtsChd.exe
  2⤵
  PID:1700
- C:\Windows\System\ZngleIl.exe
  C:\Windows\System\ZngleIl.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\tRGEtHD.exe
  C:\Windows\System\tRGEtHD.exe
  2⤵
  PID:2708
- C:\Windows\System\PkCIsJu.exe
  C:\Windows\System\PkCIsJu.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\jKuqREy.exe
  C:\Windows\System\jKuqREy.exe
  2⤵
  PID:2532
- C:\Windows\System\GLinKWW.exe
  C:\Windows\System\GLinKWW.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\QqovKuV.exe
  C:\Windows\System\QqovKuV.exe
  2⤵
  PID:1616
- C:\Windows\System\YXRmfGJ.exe
  C:\Windows\System\YXRmfGJ.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\UwtVfsB.exe
  C:\Windows\System\UwtVfsB.exe
  2⤵
  PID:2956
- C:\Windows\System\XLAwQhb.exe
  C:\Windows\System\XLAwQhb.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\HmBUiWV.exe
  C:\Windows\System\HmBUiWV.exe
  2⤵
  PID:1688
- C:\Windows\System\PHyGZfh.exe
  C:\Windows\System\PHyGZfh.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\AFgnsoW.exe
  C:\Windows\System\AFgnsoW.exe
  2⤵
  PID:1864
- C:\Windows\System\JhWsgJP.exe
  C:\Windows\System\JhWsgJP.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\UxkyHDl.exe
  C:\Windows\System\UxkyHDl.exe
  2⤵
  PID:2284
- C:\Windows\System\hdmOtNL.exe
  C:\Windows\System\hdmOtNL.exe
  2⤵
  PID:2460
- C:\Windows\System\RsvlwJP.exe
  C:\Windows\System\RsvlwJP.exe
  2⤵
  PID:1920
- C:\Windows\System\rxmmzjW.exe
  C:\Windows\System\rxmmzjW.exe
  2⤵
  PID:2128
- C:\Windows\System\lvoNJBK.exe
  C:\Windows\System\lvoNJBK.exe
  2⤵
  PID:2076
- C:\Windows\System\IyPHCRG.exe
  C:\Windows\System\IyPHCRG.exe
  2⤵
  PID:2752
- C:\Windows\System\uqaOczY.exe
  C:\Windows\System\uqaOczY.exe
  2⤵
  PID:2560
- C:\Windows\System\YDfjBre.exe
  C:\Windows\System\YDfjBre.exe
  2⤵
  PID:1876
- C:\Windows\System\wVhYPNV.exe
  C:\Windows\System\wVhYPNV.exe
  2⤵
  PID:2096
- C:\Windows\System\irBwaNv.exe
  C:\Windows\System\irBwaNv.exe
  2⤵
  PID:2224
- C:\Windows\System\fJtFxqV.exe
  C:\Windows\System\fJtFxqV.exe
  2⤵
  PID:3088
- C:\Windows\System\JLBcLBy.exe
  C:\Windows\System\JLBcLBy.exe
  2⤵
  PID:3104
- C:\Windows\System\YJVgINA.exe
  C:\Windows\System\YJVgINA.exe
  2⤵
  PID:3120
- C:\Windows\System\FShazrN.exe
  C:\Windows\System\FShazrN.exe
  2⤵
  PID:3136
- C:\Windows\System\tWhnPum.exe
  C:\Windows\System\tWhnPum.exe
  2⤵
  PID:3152
- C:\Windows\System\zMhiVLB.exe
  C:\Windows\System\zMhiVLB.exe
  2⤵
  PID:3168
- C:\Windows\System\jgkDIMX.exe
  C:\Windows\System\jgkDIMX.exe
  2⤵
  PID:3184
- C:\Windows\System\AEIXmOG.exe
  C:\Windows\System\AEIXmOG.exe
  2⤵
  PID:3200
- C:\Windows\System\JDQZaUg.exe
  C:\Windows\System\JDQZaUg.exe
  2⤵
  PID:3216
- C:\Windows\System\wYJVsvb.exe
  C:\Windows\System\wYJVsvb.exe
  2⤵
  PID:3232
- C:\Windows\System\runssHC.exe
  C:\Windows\System\runssHC.exe
  2⤵
  PID:3248
- C:\Windows\System\KTrYmnm.exe
  C:\Windows\System\KTrYmnm.exe
  2⤵
  PID:3264
- C:\Windows\System\kSWbQIR.exe
  C:\Windows\System\kSWbQIR.exe
  2⤵
  PID:3280
- C:\Windows\System\AcuXGMI.exe
  C:\Windows\System\AcuXGMI.exe
  2⤵
  PID:3296
- C:\Windows\System\jYkaVnM.exe
  C:\Windows\System\jYkaVnM.exe
  2⤵
  PID:3312
- C:\Windows\System\BGaYZjq.exe
  C:\Windows\System\BGaYZjq.exe
  2⤵
  PID:3328
- C:\Windows\System\CvSjoUl.exe
  C:\Windows\System\CvSjoUl.exe
  2⤵
  PID:3344
- C:\Windows\System\MsudqCU.exe
  C:\Windows\System\MsudqCU.exe
  2⤵
  PID:3360
- C:\Windows\System\QRsBvbR.exe
  C:\Windows\System\QRsBvbR.exe
  2⤵
  PID:3376
- C:\Windows\System\YDKsfHo.exe
  C:\Windows\System\YDKsfHo.exe
  2⤵
  PID:3392
- C:\Windows\System\iZxPEiN.exe
  C:\Windows\System\iZxPEiN.exe
  2⤵
  PID:3408
- C:\Windows\System\VohfLlu.exe
  C:\Windows\System\VohfLlu.exe
  2⤵
  PID:3424
- C:\Windows\System\swkYgHN.exe
  C:\Windows\System\swkYgHN.exe
  2⤵
  PID:3440
- C:\Windows\System\DFSIBFk.exe
  C:\Windows\System\DFSIBFk.exe
  2⤵
  PID:3456
- C:\Windows\System\LVsOPMH.exe
  C:\Windows\System\LVsOPMH.exe
  2⤵
  PID:3472
- C:\Windows\System\ZLVEWzN.exe
  C:\Windows\System\ZLVEWzN.exe
  2⤵
  PID:3488
- C:\Windows\System\TgGlmKc.exe
  C:\Windows\System\TgGlmKc.exe
  2⤵
  PID:3504
- C:\Windows\System\JrKAzpr.exe
  C:\Windows\System\JrKAzpr.exe
  2⤵
  PID:3520
- C:\Windows\System\YsxWsSt.exe
  C:\Windows\System\YsxWsSt.exe
  2⤵
  PID:3536
- C:\Windows\System\wuFBnIw.exe
  C:\Windows\System\wuFBnIw.exe
  2⤵
  PID:3552
- C:\Windows\System\mUShmPB.exe
  C:\Windows\System\mUShmPB.exe
  2⤵
  PID:3568
- C:\Windows\System\zRpjedK.exe
  C:\Windows\System\zRpjedK.exe
  2⤵
  PID:3584
- C:\Windows\System\PUbnQrC.exe
  C:\Windows\System\PUbnQrC.exe
  2⤵
  PID:3600
- C:\Windows\System\JpXlczG.exe
  C:\Windows\System\JpXlczG.exe
  2⤵
  PID:3616
- C:\Windows\System\YEImGoj.exe
  C:\Windows\System\YEImGoj.exe
  2⤵
  PID:3632
- C:\Windows\System\VsRVqMK.exe
  C:\Windows\System\VsRVqMK.exe
  2⤵
  PID:3648
- C:\Windows\System\anPaLhl.exe
  C:\Windows\System\anPaLhl.exe
  2⤵
  PID:3664
- C:\Windows\System\ccFmWgt.exe
  C:\Windows\System\ccFmWgt.exe
  2⤵
  PID:3680
- C:\Windows\System\UyriTIm.exe
  C:\Windows\System\UyriTIm.exe
  2⤵
  PID:3696
- C:\Windows\System\eZGDbvo.exe
  C:\Windows\System\eZGDbvo.exe
  2⤵
  PID:3712
- C:\Windows\System\bGmZjtz.exe
  C:\Windows\System\bGmZjtz.exe
  2⤵
  PID:3728
- C:\Windows\System\vUPTVKd.exe
  C:\Windows\System\vUPTVKd.exe
  2⤵
  PID:3744
- C:\Windows\System\fNfbAuy.exe
  C:\Windows\System\fNfbAuy.exe
  2⤵
  PID:3760
- C:\Windows\System\gazeBpz.exe
  C:\Windows\System\gazeBpz.exe
  2⤵
  PID:3776
- C:\Windows\System\hIKGNjQ.exe
  C:\Windows\System\hIKGNjQ.exe
  2⤵
  PID:3792
- C:\Windows\System\RPNRmwz.exe
  C:\Windows\System\RPNRmwz.exe
  2⤵
  PID:3808
- C:\Windows\System\uBBHuvy.exe
  C:\Windows\System\uBBHuvy.exe
  2⤵
  PID:3824
- C:\Windows\System\KLbPmlY.exe
  C:\Windows\System\KLbPmlY.exe
  2⤵
  PID:3840
- C:\Windows\System\eKkRklB.exe
  C:\Windows\System\eKkRklB.exe
  2⤵
  PID:3856
- C:\Windows\System\PEVlPrI.exe
  C:\Windows\System\PEVlPrI.exe
  2⤵
  PID:3872
- C:\Windows\System\VvAFWaw.exe
  C:\Windows\System\VvAFWaw.exe
  2⤵
  PID:3888
- C:\Windows\System\TKYLahz.exe
  C:\Windows\System\TKYLahz.exe
  2⤵
  PID:3904
- C:\Windows\System\cZCFfpV.exe
  C:\Windows\System\cZCFfpV.exe
  2⤵
  PID:3920
- C:\Windows\System\HyfhrZk.exe
  C:\Windows\System\HyfhrZk.exe
  2⤵
  PID:3936
- C:\Windows\System\iriRaoG.exe
  C:\Windows\System\iriRaoG.exe
  2⤵
  PID:3952
- C:\Windows\System\jfFpNDy.exe
  C:\Windows\System\jfFpNDy.exe
  2⤵
  PID:3968
- C:\Windows\System\dZtqMzJ.exe
  C:\Windows\System\dZtqMzJ.exe
  2⤵
  PID:3984
- C:\Windows\System\CNrGSlS.exe
  C:\Windows\System\CNrGSlS.exe
  2⤵
  PID:4000
- C:\Windows\System\feiSHRX.exe
  C:\Windows\System\feiSHRX.exe
  2⤵
  PID:4020
- C:\Windows\System\epqeofw.exe
  C:\Windows\System\epqeofw.exe
  2⤵
  PID:4036
- C:\Windows\System\saGvZps.exe
  C:\Windows\System\saGvZps.exe
  2⤵
  PID:4052
- C:\Windows\System\bazkHhd.exe
  C:\Windows\System\bazkHhd.exe
  2⤵
  PID:4068
- C:\Windows\System\PzDKzFC.exe
  C:\Windows\System\PzDKzFC.exe
  2⤵
  PID:4084
- C:\Windows\System\THuweZU.exe
  C:\Windows\System\THuweZU.exe
  2⤵
  PID:1656
- C:\Windows\System\eWsLVsE.exe
  C:\Windows\System\eWsLVsE.exe
  2⤵
  PID:952
- C:\Windows\System\IoVGfog.exe
  C:\Windows\System\IoVGfog.exe
  2⤵
  PID:2516
- C:\Windows\System\PutFQOv.exe
  C:\Windows\System\PutFQOv.exe
  2⤵
  PID:1440
- C:\Windows\System\JrMvoeS.exe
  C:\Windows\System\JrMvoeS.exe
  2⤵
  PID:1760
- C:\Windows\System\sLbwvgf.exe
  C:\Windows\System\sLbwvgf.exe
  2⤵
  PID:1600
- C:\Windows\System\VNWarfd.exe
  C:\Windows\System\VNWarfd.exe
  2⤵
  PID:316
- C:\Windows\System\xKxisCa.exe
  C:\Windows\System\xKxisCa.exe
  2⤵
  PID:344
- C:\Windows\System\tRoFebt.exe
  C:\Windows\System\tRoFebt.exe
  2⤵
  PID:2228
- C:\Windows\System\EjSZwND.exe
  C:\Windows\System\EjSZwND.exe
  2⤵
  PID:2152
- C:\Windows\System\zuBylzN.exe
  C:\Windows\System\zuBylzN.exe
  2⤵
  PID:2736
- C:\Windows\System\nDyvmtc.exe
  C:\Windows\System\nDyvmtc.exe
  2⤵
  PID:2164
- C:\Windows\System\cfmJyGH.exe
  C:\Windows\System\cfmJyGH.exe
  2⤵
  PID:1772
- C:\Windows\System\flYqpNV.exe
  C:\Windows\System\flYqpNV.exe
  2⤵
  PID:2496
- C:\Windows\System\ssfdPHr.exe
  C:\Windows\System\ssfdPHr.exe
  2⤵
  PID:872
- C:\Windows\System\tDPRrCP.exe
  C:\Windows\System\tDPRrCP.exe
  2⤵
  PID:3400
- C:\Windows\System\TdUGUWZ.exe
  C:\Windows\System\TdUGUWZ.exe
  2⤵
  PID:3432
- C:\Windows\System\TeMngMQ.exe
  C:\Windows\System\TeMngMQ.exe
  2⤵
  PID:3496
- C:\Windows\System\EDjklMN.exe
  C:\Windows\System\EDjklMN.exe
  2⤵
  PID:3420
- C:\Windows\System\OJsAUES.exe
  C:\Windows\System\OJsAUES.exe
  2⤵
  PID:3452
- C:\Windows\System\UXsjKer.exe
  C:\Windows\System\UXsjKer.exe
  2⤵
  PID:3560
- C:\Windows\System\iwTmfTN.exe
  C:\Windows\System\iwTmfTN.exe
  2⤵
  PID:3608
- C:\Windows\System\obghJcb.exe
  C:\Windows\System\obghJcb.exe
  2⤵
  PID:3660
- C:\Windows\System\OZekfME.exe
  C:\Windows\System\OZekfME.exe
  2⤵
  PID:3644
- C:\Windows\System\XAeiHtK.exe
  C:\Windows\System\XAeiHtK.exe
  2⤵
  PID:3848
- C:\Windows\System\vmrRoqv.exe
  C:\Windows\System\vmrRoqv.exe
  2⤵
  PID:3320
- C:\Windows\System\GELcfLY.exe
  C:\Windows\System\GELcfLY.exe
  2⤵
  PID:3368
- C:\Windows\System\rReYnYx.exe
  C:\Windows\System\rReYnYx.exe
  2⤵
  PID:876
- C:\Windows\System\dsLzsys.exe
  C:\Windows\System\dsLzsys.exe
  2⤵
  PID:292
- C:\Windows\System\zIuekEM.exe
  C:\Windows\System\zIuekEM.exe
  2⤵
  PID:3512
- C:\Windows\System\CtpNinY.exe
  C:\Windows\System\CtpNinY.exe
  2⤵
  PID:3612
- C:\Windows\System\afSXEJg.exe
  C:\Windows\System\afSXEJg.exe
  2⤵
  PID:3836
- C:\Windows\System\DsJtCUi.exe
  C:\Windows\System\DsJtCUi.exe
  2⤵
  PID:3916
- C:\Windows\System\AzBSjcf.exe
  C:\Windows\System\AzBSjcf.exe
  2⤵
  PID:3932
- C:\Windows\System\DlvIout.exe
  C:\Windows\System\DlvIout.exe
  2⤵
  PID:4044
- C:\Windows\System\bZIiLaw.exe
  C:\Windows\System\bZIiLaw.exe
  2⤵
  PID:2068
- C:\Windows\System\elsAoBl.exe
  C:\Windows\System\elsAoBl.exe
  2⤵
  PID:1908
- C:\Windows\System\IGQBfbK.exe
  C:\Windows\System\IGQBfbK.exe
  2⤵
  PID:2928
- C:\Windows\System\XHYrEro.exe
  C:\Windows\System\XHYrEro.exe
  2⤵
  PID:3960
- C:\Windows\System\MDDOLid.exe
  C:\Windows\System\MDDOLid.exe
  2⤵
  PID:3028
- C:\Windows\System\PzjUVLm.exe
  C:\Windows\System\PzjUVLm.exe
  2⤵
  PID:2604
- C:\Windows\System\CGdWpDF.exe
  C:\Windows\System\CGdWpDF.exe
  2⤵
  PID:3996
- C:\Windows\System\kWlvEbt.exe
  C:\Windows\System\kWlvEbt.exe
  2⤵
  PID:4092
- C:\Windows\System\RkVqybr.exe
  C:\Windows\System\RkVqybr.exe
  2⤵
  PID:2484
- C:\Windows\System\UWMjIGk.exe
  C:\Windows\System\UWMjIGk.exe
  2⤵
  PID:2156
- C:\Windows\System\msigAxr.exe
  C:\Windows\System\msigAxr.exe
  2⤵
  PID:3096
- C:\Windows\System\FPeVJkg.exe
  C:\Windows\System\FPeVJkg.exe
  2⤵
  PID:3132
- C:\Windows\System\hBhZCQr.exe
  C:\Windows\System\hBhZCQr.exe
  2⤵
  PID:3160
- C:\Windows\System\XsgCEol.exe
  C:\Windows\System\XsgCEol.exe
  2⤵
  PID:3448
- C:\Windows\System\BjRJwcr.exe
  C:\Windows\System\BjRJwcr.exe
  2⤵
  PID:3628
- C:\Windows\System\aKqSqhj.exe
  C:\Windows\System\aKqSqhj.exe
  2⤵
  PID:3724
- C:\Windows\System\rqsbVPL.exe
  C:\Windows\System\rqsbVPL.exe
  2⤵
  PID:3736
- C:\Windows\System\vBHUGNY.exe
  C:\Windows\System\vBHUGNY.exe
  2⤵
  PID:3784
- C:\Windows\System\fXsFiKu.exe
  C:\Windows\System\fXsFiKu.exe
  2⤵
  PID:3816
- C:\Windows\System\VHkkZCr.exe
  C:\Windows\System\VHkkZCr.exe
  2⤵
  PID:3272
- C:\Windows\System\fiLDRwh.exe
  C:\Windows\System\fiLDRwh.exe
  2⤵
  PID:3304
- C:\Windows\System\geiaSIe.exe
  C:\Windows\System\geiaSIe.exe
  2⤵
  PID:3256
- C:\Windows\System\RPJImyz.exe
  C:\Windows\System\RPJImyz.exe
  2⤵
  PID:3040
- C:\Windows\System\EPOFZCz.exe
  C:\Windows\System\EPOFZCz.exe
  2⤵
  PID:2092
- C:\Windows\System\ZZolfGv.exe
  C:\Windows\System\ZZolfGv.exe
  2⤵
  PID:2016
- C:\Windows\System\BgtNHjc.exe
  C:\Windows\System\BgtNHjc.exe
  2⤵
  PID:3852
- C:\Windows\System\YPtSjtJ.exe
  C:\Windows\System\YPtSjtJ.exe
  2⤵
  PID:3880
- C:\Windows\System\ZBrpjtH.exe
  C:\Windows\System\ZBrpjtH.exe
  2⤵
  PID:3980
- C:\Windows\System\IyUXbOI.exe
  C:\Windows\System\IyUXbOI.exe
  2⤵
  PID:3592
- C:\Windows\System\qgerdwF.exe
  C:\Windows\System\qgerdwF.exe
  2⤵
  PID:3036
- C:\Windows\System\tXpyrnV.exe
  C:\Windows\System\tXpyrnV.exe
  2⤵
  PID:2248
- C:\Windows\System\pLsuPrE.exe
  C:\Windows\System\pLsuPrE.exe
  2⤵
  PID:1536
- C:\Windows\System\VnWXmRS.exe
  C:\Windows\System\VnWXmRS.exe
  2⤵
  PID:4016
- C:\Windows\System\izMdzkW.exe
  C:\Windows\System\izMdzkW.exe
  2⤵
  PID:2836
- C:\Windows\System\tlLQTqJ.exe
  C:\Windows\System\tlLQTqJ.exe
  2⤵
  PID:3544
- C:\Windows\System\PKzEbpn.exe
  C:\Windows\System\PKzEbpn.exe
  2⤵
  PID:3756
- C:\Windows\System\MqxbQjG.exe
  C:\Windows\System\MqxbQjG.exe
  2⤵
  PID:3800
- C:\Windows\System\jIMBrBB.exe
  C:\Windows\System\jIMBrBB.exe
  2⤵
  PID:3336
- C:\Windows\System\fTudvMD.exe
  C:\Windows\System\fTudvMD.exe
  2⤵
  PID:688
- C:\Windows\System\oxdCSCI.exe
  C:\Windows\System\oxdCSCI.exe
  2⤵
  PID:3804
- C:\Windows\System\fMTPXkV.exe
  C:\Windows\System\fMTPXkV.exe
  2⤵
  PID:2976
- C:\Windows\System\ndqEAWC.exe
  C:\Windows\System\ndqEAWC.exe
  2⤵
  PID:3356
- C:\Windows\System\xqxQPVn.exe
  C:\Windows\System\xqxQPVn.exe
  2⤵
  PID:4076
- C:\Windows\System\DXQiGUF.exe
  C:\Windows\System\DXQiGUF.exe
  2⤵
  PID:4028
- C:\Windows\System\BMADlgr.exe
  C:\Windows\System\BMADlgr.exe
  2⤵
  PID:1052
- C:\Windows\System\yZoDPMi.exe
  C:\Windows\System\yZoDPMi.exe
  2⤵
  PID:3276
- C:\Windows\System\sFzrHVy.exe
  C:\Windows\System\sFzrHVy.exe
  2⤵
  PID:3388
- C:\Windows\System\elDGjSA.exe
  C:\Windows\System\elDGjSA.exe
  2⤵
  PID:4108
- C:\Windows\System\AIgkcvC.exe
  C:\Windows\System\AIgkcvC.exe
  2⤵
  PID:4124
- C:\Windows\System\kWUPzXN.exe
  C:\Windows\System\kWUPzXN.exe
  2⤵
  PID:4140
- C:\Windows\System\fYpwioe.exe
  C:\Windows\System\fYpwioe.exe
  2⤵
  PID:4168
- C:\Windows\System\cqsEuoq.exe
  C:\Windows\System\cqsEuoq.exe
  2⤵
  PID:4184
- C:\Windows\System\qfrfusT.exe
  C:\Windows\System\qfrfusT.exe
  2⤵
  PID:4200
- C:\Windows\System\htNmmEY.exe
  C:\Windows\System\htNmmEY.exe
  2⤵
  PID:4240
- C:\Windows\System\rfwNrbW.exe
  C:\Windows\System\rfwNrbW.exe
  2⤵
  PID:4256
- C:\Windows\System\JGgyFaz.exe
  C:\Windows\System\JGgyFaz.exe
  2⤵
  PID:4272
- C:\Windows\System\QiLOuIJ.exe
  C:\Windows\System\QiLOuIJ.exe
  2⤵
  PID:4288
- C:\Windows\System\mtJqWZh.exe
  C:\Windows\System\mtJqWZh.exe
  2⤵
  PID:4308
- C:\Windows\System\cSPNnbc.exe
  C:\Windows\System\cSPNnbc.exe
  2⤵
  PID:4324
- C:\Windows\System\xgVVajo.exe
  C:\Windows\System\xgVVajo.exe
  2⤵
  PID:4340
- C:\Windows\System\Mvxfzzp.exe
  C:\Windows\System\Mvxfzzp.exe
  2⤵
  PID:4356
- C:\Windows\System\VsRhFop.exe
  C:\Windows\System\VsRhFop.exe
  2⤵
  PID:4376
- C:\Windows\System\diQpMCQ.exe
  C:\Windows\System\diQpMCQ.exe
  2⤵
  PID:4400
- C:\Windows\System\TfelEtd.exe
  C:\Windows\System\TfelEtd.exe
  2⤵
  PID:4416
- C:\Windows\System\qiqeuiw.exe
  C:\Windows\System\qiqeuiw.exe
  2⤵
  PID:4432
- C:\Windows\System\jJVkwPn.exe
  C:\Windows\System\jJVkwPn.exe
  2⤵
  PID:4452
- C:\Windows\System\gTkOfFM.exe
  C:\Windows\System\gTkOfFM.exe
  2⤵
  PID:4468
- C:\Windows\System\rCMNzUS.exe
  C:\Windows\System\rCMNzUS.exe
  2⤵
  PID:4488
- C:\Windows\System\rCHsnTS.exe
  C:\Windows\System\rCHsnTS.exe
  2⤵
  PID:4504
- C:\Windows\System\nHFHIeh.exe
  C:\Windows\System\nHFHIeh.exe
  2⤵
  PID:4520
- C:\Windows\System\CWhNizJ.exe
  C:\Windows\System\CWhNizJ.exe
  2⤵
  PID:4536
- C:\Windows\System\KSKunEf.exe
  C:\Windows\System\KSKunEf.exe
  2⤵
  PID:4552
- C:\Windows\System\TvQemBc.exe
  C:\Windows\System\TvQemBc.exe
  2⤵
  PID:4612
- C:\Windows\System\JvfOxZv.exe
  C:\Windows\System\JvfOxZv.exe
  2⤵
  PID:4640
- C:\Windows\System\IOZSwgz.exe
  C:\Windows\System\IOZSwgz.exe
  2⤵
  PID:4700
- C:\Windows\System\gqpRZGP.exe
  C:\Windows\System\gqpRZGP.exe
  2⤵
  PID:4724
- C:\Windows\System\GyYODoa.exe
  C:\Windows\System\GyYODoa.exe
  2⤵
  PID:4744
- C:\Windows\System\xnAMrvS.exe
  C:\Windows\System\xnAMrvS.exe
  2⤵
  PID:4764
- C:\Windows\System\MnvlRot.exe
  C:\Windows\System\MnvlRot.exe
  2⤵
  PID:4784
- C:\Windows\System\zzedhfW.exe
  C:\Windows\System\zzedhfW.exe
  2⤵
  PID:4800
- C:\Windows\System\lmFNOCY.exe
  C:\Windows\System\lmFNOCY.exe
  2⤵
  PID:4824
- C:\Windows\System\vsXfwbz.exe
  C:\Windows\System\vsXfwbz.exe
  2⤵
  PID:4844
- C:\Windows\System\PTJIVfA.exe
  C:\Windows\System\PTJIVfA.exe
  2⤵
  PID:4864
- C:\Windows\System\TQzPhhe.exe
  C:\Windows\System\TQzPhhe.exe
  2⤵
  PID:4880
- C:\Windows\System\mvQjIIh.exe
  C:\Windows\System\mvQjIIh.exe
  2⤵
  PID:4904
- C:\Windows\System\EDXOGZI.exe
  C:\Windows\System\EDXOGZI.exe
  2⤵
  PID:4920
- C:\Windows\System\ZnaKKPD.exe
  C:\Windows\System\ZnaKKPD.exe
  2⤵
  PID:4940
- C:\Windows\System\QCFzljp.exe
  C:\Windows\System\QCFzljp.exe
  2⤵
  PID:4960
- C:\Windows\System\nYXMBsy.exe
  C:\Windows\System\nYXMBsy.exe
  2⤵
  PID:4984
- C:\Windows\System\HSeYlwM.exe
  C:\Windows\System\HSeYlwM.exe
  2⤵
  PID:5004
- C:\Windows\System\KiwctqM.exe
  C:\Windows\System\KiwctqM.exe
  2⤵
  PID:5024
- C:\Windows\System\MPMLkCQ.exe
  C:\Windows\System\MPMLkCQ.exe
  2⤵
  PID:5044
- C:\Windows\System\SXdzQKH.exe
  C:\Windows\System\SXdzQKH.exe
  2⤵
  PID:5064
- C:\Windows\System\jUJxVIg.exe
  C:\Windows\System\jUJxVIg.exe
  2⤵
  PID:5084
- C:\Windows\System\YEPKXAi.exe
  C:\Windows\System\YEPKXAi.exe
  2⤵
  PID:5104
- C:\Windows\System\lAfhPtF.exe
  C:\Windows\System\lAfhPtF.exe
  2⤵
  PID:1464
- C:\Windows\System\VToJDOD.exe
  C:\Windows\System\VToJDOD.exe
  2⤵
  PID:1580
- C:\Windows\System\bWmXIPy.exe
  C:\Windows\System\bWmXIPy.exe
  2⤵
  PID:3224
- C:\Windows\System\oxzyvUU.exe
  C:\Windows\System\oxzyvUU.exe
  2⤵
  PID:3896
- C:\Windows\System\JGeKmdt.exe
  C:\Windows\System\JGeKmdt.exe
  2⤵
  PID:3176
- C:\Windows\System\BXAfAIv.exe
  C:\Windows\System\BXAfAIv.exe
  2⤵
  PID:4156
- C:\Windows\System\sJebfOz.exe
  C:\Windows\System\sJebfOz.exe
  2⤵
  PID:3720
- C:\Windows\System\yfaldgF.exe
  C:\Windows\System\yfaldgF.exe
  2⤵
  PID:4280
- C:\Windows\System\gxkUjxt.exe
  C:\Windows\System\gxkUjxt.exe
  2⤵
  PID:3948
- C:\Windows\System\fMBPOBR.exe
  C:\Windows\System\fMBPOBR.exe
  2⤵
  PID:3912
- C:\Windows\System\ukzmAUV.exe
  C:\Windows\System\ukzmAUV.exe
  2⤵
  PID:4316
- C:\Windows\System\IoJpwxy.exe
  C:\Windows\System\IoJpwxy.exe
  2⤵
  PID:4384
- C:\Windows\System\zTzpQbq.exe
  C:\Windows\System\zTzpQbq.exe
  2⤵
  PID:4424
- C:\Windows\System\MDwnMKx.exe
  C:\Windows\System\MDwnMKx.exe
  2⤵
  PID:4528
- C:\Windows\System\EWUWJbs.exe
  C:\Windows\System\EWUWJbs.exe
  2⤵
  PID:4580
- C:\Windows\System\BrXUnZE.exe
  C:\Windows\System\BrXUnZE.exe
  2⤵
  PID:4592
- C:\Windows\System\OomnCvp.exe
  C:\Windows\System\OomnCvp.exe
  2⤵
  PID:4104
- C:\Windows\System\qEWxGTG.exe
  C:\Windows\System\qEWxGTG.exe
  2⤵
  PID:3384
- C:\Windows\System\AYxTJNf.exe
  C:\Windows\System\AYxTJNf.exe
  2⤵
  PID:4216
- C:\Windows\System\HHRUpYs.exe
  C:\Windows\System\HHRUpYs.exe
  2⤵
  PID:4236
- C:\Windows\System\wpxvZOE.exe
  C:\Windows\System\wpxvZOE.exe
  2⤵
  PID:4304
- C:\Windows\System\LvjNmkn.exe
  C:\Windows\System\LvjNmkn.exe
  2⤵
  PID:4372
- C:\Windows\System\NzgmIjg.exe
  C:\Windows\System\NzgmIjg.exe
  2⤵
  PID:4448
- C:\Windows\System\DoVGExX.exe
  C:\Windows\System\DoVGExX.exe
  2⤵
  PID:4516
- C:\Windows\System\uClgSZP.exe
  C:\Windows\System\uClgSZP.exe
  2⤵
  PID:4628
- C:\Windows\System\wnFWEyI.exe
  C:\Windows\System\wnFWEyI.exe
  2⤵
  PID:4660
- C:\Windows\System\CFFinFo.exe
  C:\Windows\System\CFFinFo.exe
  2⤵
  PID:4676
- C:\Windows\System\HmTerdd.exe
  C:\Windows\System\HmTerdd.exe
  2⤵
  PID:4636
- C:\Windows\System\MmTRxpb.exe
  C:\Windows\System\MmTRxpb.exe
  2⤵
  PID:4732
- C:\Windows\System\IYQSFJK.exe
  C:\Windows\System\IYQSFJK.exe
  2⤵
  PID:4776
- C:\Windows\System\iqfAFPg.exe
  C:\Windows\System\iqfAFPg.exe
  2⤵
  PID:4760
- C:\Windows\System\yVdpIuk.exe
  C:\Windows\System\yVdpIuk.exe
  2⤵
  PID:4796
- C:\Windows\System\uaUJkgW.exe
  C:\Windows\System\uaUJkgW.exe
  2⤵
  PID:4856
- C:\Windows\System\BepyYML.exe
  C:\Windows\System\BepyYML.exe
  2⤵
  PID:4872
- C:\Windows\System\kEXhXvc.exe
  C:\Windows\System\kEXhXvc.exe
  2⤵
  PID:4972
- C:\Windows\System\SeHSric.exe
  C:\Windows\System\SeHSric.exe
  2⤵
  PID:4976
- C:\Windows\System\vYhDAef.exe
  C:\Windows\System\vYhDAef.exe
  2⤵
  PID:4992
- C:\Windows\System\LuqVbvD.exe
  C:\Windows\System\LuqVbvD.exe
  2⤵
  PID:5052
- C:\Windows\System\tBxFiVJ.exe
  C:\Windows\System\tBxFiVJ.exe
  2⤵
  PID:5036
- C:\Windows\System\huCzJUJ.exe
  C:\Windows\System\huCzJUJ.exe
  2⤵
  PID:2372
- C:\Windows\System\OPeoqRq.exe
  C:\Windows\System\OPeoqRq.exe
  2⤵
  PID:5112
- C:\Windows\System\KtBOvZQ.exe
  C:\Windows\System\KtBOvZQ.exe
  2⤵
  PID:4080
- C:\Windows\System\xvfpBGx.exe
  C:\Windows\System\xvfpBGx.exe
  2⤵
  PID:4152
- C:\Windows\System\xFuugKw.exe
  C:\Windows\System\xFuugKw.exe
  2⤵
  PID:4148
- C:\Windows\System\ApwezmN.exe
  C:\Windows\System\ApwezmN.exe
  2⤵
  PID:4248
- C:\Windows\System\xdGWjsa.exe
  C:\Windows\System\xdGWjsa.exe
  2⤵
  PID:2668
- C:\Windows\System\mHsBGUR.exe
  C:\Windows\System\mHsBGUR.exe
  2⤵
  PID:4100
- C:\Windows\System\nApeBvG.exe
  C:\Windows\System\nApeBvG.exe
  2⤵
  PID:4464
- C:\Windows\System\eZNvYwb.exe
  C:\Windows\System\eZNvYwb.exe
  2⤵
  PID:4396
- C:\Windows\System\bNHEtXt.exe
  C:\Windows\System\bNHEtXt.exe
  2⤵
  PID:4132
- C:\Windows\System\PrExTOe.exe
  C:\Windows\System\PrExTOe.exe
  2⤵
  PID:4600
- C:\Windows\System\mkJxwzG.exe
  C:\Windows\System\mkJxwzG.exe
  2⤵
  PID:4180
- C:\Windows\System\pEeGKSs.exe
  C:\Windows\System\pEeGKSs.exe
  2⤵
  PID:4336
- C:\Windows\System\fuAZDTy.exe
  C:\Windows\System\fuAZDTy.exe
  2⤵
  PID:4296
- C:\Windows\System\RGDBnGW.exe
  C:\Windows\System\RGDBnGW.exe
  2⤵
  PID:4512
- C:\Windows\System\ZgghMev.exe
  C:\Windows\System\ZgghMev.exe
  2⤵
  PID:4440
- C:\Windows\System\unPwgjE.exe
  C:\Windows\System\unPwgjE.exe
  2⤵
  PID:4684
- C:\Windows\System\yOMAahx.exe
  C:\Windows\System\yOMAahx.exe
  2⤵
  PID:4772
- C:\Windows\System\GAkEZHw.exe
  C:\Windows\System\GAkEZHw.exe
  2⤵
  PID:4736
- C:\Windows\System\enesnqv.exe
  C:\Windows\System\enesnqv.exe
  2⤵
  PID:4852
- C:\Windows\System\nRLOkxg.exe
  C:\Windows\System\nRLOkxg.exe
  2⤵
  PID:4980
- C:\Windows\System\jSFpouj.exe
  C:\Windows\System\jSFpouj.exe
  2⤵
  PID:2892
- C:\Windows\System\uITZVSM.exe
  C:\Windows\System\uITZVSM.exe
  2⤵
  PID:5016
- C:\Windows\System\TQevBDZ.exe
  C:\Windows\System\TQevBDZ.exe
  2⤵
  PID:5092
- C:\Windows\System\OqdOTQb.exe
  C:\Windows\System\OqdOTQb.exe
  2⤵
  PID:2828
- C:\Windows\System\cXoIhcM.exe
  C:\Windows\System\cXoIhcM.exe
  2⤵
  PID:5032
- C:\Windows\System\EOkaHjx.exe
  C:\Windows\System\EOkaHjx.exe
  2⤵
  PID:5080
- C:\Windows\System\SOqILxA.exe
  C:\Windows\System\SOqILxA.exe
  2⤵
  PID:2340
- C:\Windows\System\fHqhSOi.exe
  C:\Windows\System\fHqhSOi.exe
  2⤵
  PID:4192
- C:\Windows\System\hqLxAIh.exe
  C:\Windows\System\hqLxAIh.exe
  2⤵
  PID:3144
- C:\Windows\System\qLMRYqW.exe
  C:\Windows\System\qLMRYqW.exe
  2⤵
  PID:1964
- C:\Windows\System\Gynrxiy.exe
  C:\Windows\System\Gynrxiy.exe
  2⤵
  PID:4388
- C:\Windows\System\JvRdMfW.exe
  C:\Windows\System\JvRdMfW.exe
  2⤵
  PID:4268
- C:\Windows\System\wNUcbIU.exe
  C:\Windows\System\wNUcbIU.exe
  2⤵
  PID:472
- C:\Windows\System\suuiXvv.exe
  C:\Windows\System\suuiXvv.exe
  2⤵
  PID:4228
- C:\Windows\System\ycREWtC.exe
  C:\Windows\System\ycREWtC.exe
  2⤵
  PID:4664
- C:\Windows\System\PezAPTG.exe
  C:\Windows\System\PezAPTG.exe
  2⤵
  PID:4652
- C:\Windows\System\oPgamAr.exe
  C:\Windows\System\oPgamAr.exe
  2⤵
  PID:4836
- C:\Windows\System\vajEwgD.exe
  C:\Windows\System\vajEwgD.exe
  2⤵
  PID:4952
- C:\Windows\System\GpNdiOU.exe
  C:\Windows\System\GpNdiOU.exe
  2⤵
  PID:3516
- C:\Windows\System\zpNeuNm.exe
  C:\Windows\System\zpNeuNm.exe
  2⤵
  PID:4900
- C:\Windows\System\geYOaog.exe
  C:\Windows\System\geYOaog.exe
  2⤵
  PID:4348
- C:\Windows\System\wHKBqZf.exe
  C:\Windows\System\wHKBqZf.exe
  2⤵
  PID:4444
- C:\Windows\System\pzBPksP.exe
  C:\Windows\System\pzBPksP.exe
  2⤵
  PID:5096
- C:\Windows\System\ATfjaKO.exe
  C:\Windows\System\ATfjaKO.exe
  2⤵
  PID:4860
- C:\Windows\System\UMSJJXR.exe
  C:\Windows\System\UMSJJXR.exe
  2⤵
  PID:2728
- C:\Windows\System\zSJsPWt.exe
  C:\Windows\System\zSJsPWt.exe
  2⤵
  PID:2864
- C:\Windows\System\rIUTHct.exe
  C:\Windows\System\rIUTHct.exe
  2⤵
  PID:3772
- C:\Windows\System\ZwFznzl.exe
  C:\Windows\System\ZwFznzl.exe
  2⤵
  PID:2876
- C:\Windows\System\ErUqTZa.exe
  C:\Windows\System\ErUqTZa.exe
  2⤵
  PID:4716
- C:\Windows\System\XBRbirD.exe
  C:\Windows\System\XBRbirD.exe
  2⤵
  PID:5132
- C:\Windows\System\cATKTfn.exe
  C:\Windows\System\cATKTfn.exe
  2⤵
  PID:5148
- C:\Windows\System\GoHGmdY.exe
  C:\Windows\System\GoHGmdY.exe
  2⤵
  PID:5172
- C:\Windows\System\SIBAsXl.exe
  C:\Windows\System\SIBAsXl.exe
  2⤵
  PID:5192
- C:\Windows\System\YqtdJOM.exe
  C:\Windows\System\YqtdJOM.exe
  2⤵
  PID:5212
- C:\Windows\System\DjamVvE.exe
  C:\Windows\System\DjamVvE.exe
  2⤵
  PID:5228
- C:\Windows\System\mfVowCl.exe
  C:\Windows\System\mfVowCl.exe
  2⤵
  PID:5248
- C:\Windows\System\gKJYDXW.exe
  C:\Windows\System\gKJYDXW.exe
  2⤵
  PID:5264
- C:\Windows\System\FLyejMt.exe
  C:\Windows\System\FLyejMt.exe
  2⤵
  PID:5288
- C:\Windows\System\XmKoLjw.exe
  C:\Windows\System\XmKoLjw.exe
  2⤵
  PID:5308
- C:\Windows\System\biECIXY.exe
  C:\Windows\System\biECIXY.exe
  2⤵
  PID:5328
- C:\Windows\System\iQIlowe.exe
  C:\Windows\System\iQIlowe.exe
  2⤵
  PID:5352
- C:\Windows\System\xAkexLK.exe
  C:\Windows\System\xAkexLK.exe
  2⤵
  PID:5368
- C:\Windows\System\sRQzOrM.exe
  C:\Windows\System\sRQzOrM.exe
  2⤵
  PID:5388
- C:\Windows\System\liVINxF.exe
  C:\Windows\System\liVINxF.exe
  2⤵
  PID:5404
- C:\Windows\System\AjecrWv.exe
  C:\Windows\System\AjecrWv.exe
  2⤵
  PID:5424
- C:\Windows\System\KLYtiIj.exe
  C:\Windows\System\KLYtiIj.exe
  2⤵
  PID:5440
- C:\Windows\System\IWzcEQz.exe
  C:\Windows\System\IWzcEQz.exe
  2⤵
  PID:5456
- C:\Windows\System\IgQXkbD.exe
  C:\Windows\System\IgQXkbD.exe
  2⤵
  PID:5472
- C:\Windows\System\HiDowLw.exe
  C:\Windows\System\HiDowLw.exe
  2⤵
  PID:5488
- C:\Windows\System\pVWQJes.exe
  C:\Windows\System\pVWQJes.exe
  2⤵
  PID:5504
- C:\Windows\System\yctIDHi.exe
  C:\Windows\System\yctIDHi.exe
  2⤵
  PID:5520
- C:\Windows\System\fcTLvhJ.exe
  C:\Windows\System\fcTLvhJ.exe
  2⤵
  PID:5536
- C:\Windows\System\JQOYiWN.exe
  C:\Windows\System\JQOYiWN.exe
  2⤵
  PID:5552
- C:\Windows\System\zdXxdep.exe
  C:\Windows\System\zdXxdep.exe
  2⤵
  PID:5568
- C:\Windows\System\DfkpfDW.exe
  C:\Windows\System\DfkpfDW.exe
  2⤵
  PID:5584
- C:\Windows\System\vcfOydu.exe
  C:\Windows\System\vcfOydu.exe
  2⤵
  PID:5600
- C:\Windows\System\ieyXjDw.exe
  C:\Windows\System\ieyXjDw.exe
  2⤵
  PID:5616
- C:\Windows\System\MjyOsyF.exe
  C:\Windows\System\MjyOsyF.exe
  2⤵
  PID:5636
- C:\Windows\System\uAMtted.exe
  C:\Windows\System\uAMtted.exe
  2⤵
  PID:5652
- C:\Windows\System\CRUrTjs.exe
  C:\Windows\System\CRUrTjs.exe
  2⤵
  PID:5684
- C:\Windows\System\UgKoMXH.exe
  C:\Windows\System\UgKoMXH.exe
  2⤵
  PID:5700
- C:\Windows\System\NCUNXMW.exe
  C:\Windows\System\NCUNXMW.exe
  2⤵
  PID:5728
- C:\Windows\System\hpqPwZs.exe
  C:\Windows\System\hpqPwZs.exe
  2⤵
  PID:5748
- C:\Windows\System\CnKqytn.exe
  C:\Windows\System\CnKqytn.exe
  2⤵
  PID:5764
- C:\Windows\System\nWUSNBF.exe
  C:\Windows\System\nWUSNBF.exe
  2⤵
  PID:5780
- C:\Windows\System\LfIgFxF.exe
  C:\Windows\System\LfIgFxF.exe
  2⤵
  PID:5796
- C:\Windows\System\OEOAqPs.exe
  C:\Windows\System\OEOAqPs.exe
  2⤵
  PID:5812
- C:\Windows\System\iehSTla.exe
  C:\Windows\System\iehSTla.exe
  2⤵
  PID:5836
- C:\Windows\System\XPBgesc.exe
  C:\Windows\System\XPBgesc.exe
  2⤵
  PID:5852
- C:\Windows\System\ppsWFln.exe
  C:\Windows\System\ppsWFln.exe
  2⤵
  PID:5868
- C:\Windows\System\VyojDCh.exe
  C:\Windows\System\VyojDCh.exe
  2⤵
  PID:5884
- C:\Windows\System\NmXABZS.exe
  C:\Windows\System\NmXABZS.exe
  2⤵
  PID:5900
- C:\Windows\System\WPgaNNl.exe
  C:\Windows\System\WPgaNNl.exe
  2⤵
  PID:5916
- C:\Windows\System\fXRlRDJ.exe
  C:\Windows\System\fXRlRDJ.exe
  2⤵
  PID:5932
- C:\Windows\System\xBixrCu.exe
  C:\Windows\System\xBixrCu.exe
  2⤵
  PID:5948
- C:\Windows\System\pnOdahQ.exe
  C:\Windows\System\pnOdahQ.exe
  2⤵
  PID:5968
- C:\Windows\System\UwIROYn.exe
  C:\Windows\System\UwIROYn.exe
  2⤵
  PID:5984
- C:\Windows\System\LLROvVE.exe
  C:\Windows\System\LLROvVE.exe
  2⤵
  PID:6000
- C:\Windows\System\qCTuwlP.exe
  C:\Windows\System\qCTuwlP.exe
  2⤵
  PID:6016
- C:\Windows\System\zkwTxFV.exe
  C:\Windows\System\zkwTxFV.exe
  2⤵
  PID:6032
- C:\Windows\System\jcuEJtL.exe
  C:\Windows\System\jcuEJtL.exe
  2⤵
  PID:6052
- C:\Windows\System\ZuxBPiD.exe
  C:\Windows\System\ZuxBPiD.exe
  2⤵
  PID:6068
- C:\Windows\System\THLYTxQ.exe
  C:\Windows\System\THLYTxQ.exe
  2⤵
  PID:6084
- C:\Windows\System\sjiQJZI.exe
  C:\Windows\System\sjiQJZI.exe
  2⤵
  PID:6104
- C:\Windows\System\SZYEMUm.exe
  C:\Windows\System\SZYEMUm.exe
  2⤵
  PID:6120
- C:\Windows\System\slFWJSX.exe
  C:\Windows\System\slFWJSX.exe
  2⤵
  PID:6136
- C:\Windows\System\JwbwoQM.exe
  C:\Windows\System\JwbwoQM.exe
  2⤵
  PID:4792
- C:\Windows\System\lpGIFXj.exe
  C:\Windows\System\lpGIFXj.exe
  2⤵
  PID:4460
- C:\Windows\System\aDsHEqX.exe
  C:\Windows\System\aDsHEqX.exe
  2⤵
  PID:4484
- C:\Windows\System\UIyMOMf.exe
  C:\Windows\System\UIyMOMf.exe
  2⤵
  PID:4712
- C:\Windows\System\osAttld.exe
  C:\Windows\System\osAttld.exe
  2⤵
  PID:4164
- C:\Windows\System\mTbqhNU.exe
  C:\Windows\System\mTbqhNU.exe
  2⤵
  PID:5144
- C:\Windows\System\lKwKRyf.exe
  C:\Windows\System\lKwKRyf.exe
  2⤵
  PID:5184
- C:\Windows\System\oUbMfPt.exe
  C:\Windows\System\oUbMfPt.exe
  2⤵
  PID:5220
- C:\Windows\System\QDJJHsC.exe
  C:\Windows\System\QDJJHsC.exe
  2⤵
  PID:5260
- C:\Windows\System\VFnctCt.exe
  C:\Windows\System\VFnctCt.exe
  2⤵
  PID:5296
- C:\Windows\System\iZBgrwh.exe
  C:\Windows\System\iZBgrwh.exe
  2⤵
  PID:5336
- C:\Windows\System\oHOtdkS.exe
  C:\Windows\System\oHOtdkS.exe
  2⤵
  PID:5272
- C:\Windows\System\cMBLIWa.exe
  C:\Windows\System\cMBLIWa.exe
  2⤵
  PID:4532
- C:\Windows\System\dueuIXR.exe
  C:\Windows\System\dueuIXR.exe
  2⤵
  PID:1856
- C:\Windows\System\MJeaRIH.exe
  C:\Windows\System\MJeaRIH.exe
  2⤵
  PID:4604
- C:\Windows\System\iGKUdPc.exe
  C:\Windows\System\iGKUdPc.exe
  2⤵
  PID:5200
- C:\Windows\System\RcLdLcy.exe
  C:\Windows\System\RcLdLcy.exe
  2⤵
  PID:4572
- C:\Windows\System\oYPSxAf.exe
  C:\Windows\System\oYPSxAf.exe
  2⤵
  PID:5360
- C:\Windows\System\ykVnwHS.exe
  C:\Windows\System\ykVnwHS.exe
  2⤵
  PID:2900
- C:\Windows\System\asmBsNk.exe
  C:\Windows\System\asmBsNk.exe
  2⤵
  PID:5416
- C:\Windows\System\UcbDtrW.exe
  C:\Windows\System\UcbDtrW.exe
  2⤵
  PID:5892
- C:\Windows\System\RLkrBBG.exe
  C:\Windows\System\RLkrBBG.exe
  2⤵
  PID:5996
- C:\Windows\System\LBpRuhR.exe
  C:\Windows\System\LBpRuhR.exe
  2⤵
  PID:6060
- C:\Windows\System\brypyUz.exe
  C:\Windows\System\brypyUz.exe
  2⤵
  PID:4624
- C:\Windows\System\pVstwhy.exe
  C:\Windows\System\pVstwhy.exe
  2⤵
  PID:5020
- C:\Windows\System\cyWBONf.exe
  C:\Windows\System\cyWBONf.exe
  2⤵
  PID:4912
- C:\Windows\System\LxbVhGC.exe
  C:\Windows\System\LxbVhGC.exe
  2⤵
  PID:5844
- C:\Windows\System\mZUigfp.exe
  C:\Windows\System\mZUigfp.exe
  2⤵
  PID:5908
- C:\Windows\System\yTSbTcR.exe
  C:\Windows\System\yTSbTcR.exe
  2⤵
  PID:5980
- C:\Windows\System\eBIraeY.exe
  C:\Windows\System\eBIraeY.exe
  2⤵
  PID:6044
- C:\Windows\System\MCTsdad.exe
  C:\Windows\System\MCTsdad.exe
  2⤵
  PID:4620
- C:\Windows\System\LCydtBa.exe
  C:\Windows\System\LCydtBa.exe
  2⤵
  PID:1784
- C:\Windows\System\KPeIePX.exe
  C:\Windows\System\KPeIePX.exe
  2⤵
  PID:5304
- C:\Windows\System\hwlDtFO.exe
  C:\Windows\System\hwlDtFO.exe
  2⤵
  PID:5348
- C:\Windows\System\vIMzihr.exe
  C:\Windows\System\vIMzihr.exe
  2⤵
  PID:5164
- C:\Windows\System\exUiIim.exe
  C:\Windows\System\exUiIim.exe
  2⤵
  PID:5364
- C:\Windows\System\qUoZjsL.exe
  C:\Windows\System\qUoZjsL.exe
  2⤵
  PID:5128
- C:\Windows\System\gpFgXjd.exe
  C:\Windows\System\gpFgXjd.exe
  2⤵
  PID:5484
- C:\Windows\System\byxhxCn.exe
  C:\Windows\System\byxhxCn.exe
  2⤵
  PID:2936
- C:\Windows\System\QAsrTjH.exe
  C:\Windows\System\QAsrTjH.exe
  2⤵
  PID:5244
- C:\Windows\System\dNiBbUK.exe
  C:\Windows\System\dNiBbUK.exe
  2⤵
  PID:5612
- C:\Windows\System\hQDCzvy.exe
  C:\Windows\System\hQDCzvy.exe
  2⤵
  PID:5236
- C:\Windows\System\UICSqwb.exe
  C:\Windows\System\UICSqwb.exe
  2⤵
  PID:5668
- C:\Windows\System\DPlWdjz.exe
  C:\Windows\System\DPlWdjz.exe
  2⤵
  PID:5436
- C:\Windows\System\BrfpcFG.exe
  C:\Windows\System\BrfpcFG.exe
  2⤵
  PID:5500
- C:\Windows\System\TnhdEzK.exe
  C:\Windows\System\TnhdEzK.exe
  2⤵
  PID:5560
- C:\Windows\System\CyqEIan.exe
  C:\Windows\System\CyqEIan.exe
  2⤵
  PID:5596
- C:\Windows\System\nDxGQdI.exe
  C:\Windows\System\nDxGQdI.exe
  2⤵
  PID:5660
- C:\Windows\System\XqVeIuL.exe
  C:\Windows\System\XqVeIuL.exe
  2⤵
  PID:5788
- C:\Windows\System\bGxAhBx.exe
  C:\Windows\System\bGxAhBx.exe
  2⤵
  PID:5828
- C:\Windows\System\SlxCBox.exe
  C:\Windows\System\SlxCBox.exe
  2⤵
  PID:5864
- C:\Windows\System\eslDaCu.exe
  C:\Windows\System\eslDaCu.exe
  2⤵
  PID:968
- C:\Windows\System\dImbrfS.exe
  C:\Windows\System\dImbrfS.exe
  2⤵
  PID:6092
- C:\Windows\System\SpyTzfY.exe
  C:\Windows\System\SpyTzfY.exe
  2⤵
  PID:6132
- C:\Windows\System\xYtAnqU.exe
  C:\Windows\System\xYtAnqU.exe
  2⤵
  PID:2556
- C:\Windows\System\yBWuiPs.exe
  C:\Windows\System\yBWuiPs.exe
  2⤵
  PID:5140
- C:\Windows\System\ENRiTwN.exe
  C:\Windows\System\ENRiTwN.exe
  2⤵
  PID:900
- C:\Windows\System\niCgogr.exe
  C:\Windows\System\niCgogr.exe
  2⤵
  PID:5808
- C:\Windows\System\rXEUkCM.exe
  C:\Windows\System\rXEUkCM.exe
  2⤵
  PID:6116
- C:\Windows\System\hlOoWjZ.exe
  C:\Windows\System\hlOoWjZ.exe
  2⤵
  PID:5180
- C:\Windows\System\JATGCxO.exe
  C:\Windows\System\JATGCxO.exe
  2⤵
  PID:6040
- C:\Windows\System\ynTcsCg.exe
  C:\Windows\System\ynTcsCg.exe
  2⤵
  PID:5300
- C:\Windows\System\lzNmQJe.exe
  C:\Windows\System\lzNmQJe.exe
  2⤵
  PID:5204
- C:\Windows\System\QehBmKq.exe
  C:\Windows\System\QehBmKq.exe
  2⤵
  PID:5512
- C:\Windows\System\bAtwbHN.exe
  C:\Windows\System\bAtwbHN.exe
  2⤵
  PID:1540
- C:\Windows\System\pWvJiqn.exe
  C:\Windows\System\pWvJiqn.exe
  2⤵
  PID:5480
- C:\Windows\System\aEKdQBr.exe
  C:\Windows\System\aEKdQBr.exe
  2⤵
  PID:5608
- C:\Windows\System\KSWjAly.exe
  C:\Windows\System\KSWjAly.exe
  2⤵
  PID:5432
- C:\Windows\System\xrBAsco.exe
  C:\Windows\System\xrBAsco.exe
  2⤵
  PID:5632
- C:\Windows\System\BwpiCKQ.exe
  C:\Windows\System\BwpiCKQ.exe
  2⤵
  PID:5496
- C:\Windows\System\qiyMosk.exe
  C:\Windows\System\qiyMosk.exe
  2⤵
  PID:5992
- C:\Windows\System\tMiaSIm.exe
  C:\Windows\System\tMiaSIm.exe
  2⤵
  PID:5876
- C:\Windows\System\JTmuzFX.exe
  C:\Windows\System\JTmuzFX.exe
  2⤵
  PID:2672
- C:\Windows\System\lmMHyRZ.exe
  C:\Windows\System\lmMHyRZ.exe
  2⤵
  PID:5592
- C:\Windows\System\gAdLSJm.exe
  C:\Windows\System\gAdLSJm.exe
  2⤵
  PID:5756
- C:\Windows\System\TeVUlug.exe
  C:\Windows\System\TeVUlug.exe
  2⤵
  PID:5928
- C:\Windows\System\GBlVyLH.exe
  C:\Windows\System\GBlVyLH.exe
  2⤵
  PID:5772
- C:\Windows\System\tOJqVkJ.exe
  C:\Windows\System\tOJqVkJ.exe
  2⤵
  PID:5376
- C:\Windows\System\LYtcROn.exe
  C:\Windows\System\LYtcROn.exe
  2⤵
  PID:5316
- C:\Windows\System\fMfTGkP.exe
  C:\Windows\System\fMfTGkP.exe
  2⤵
  PID:604
- C:\Windows\System\qoYJosJ.exe
  C:\Windows\System\qoYJosJ.exe
  2⤵
  PID:5400
- C:\Windows\System\QJAaNTi.exe
  C:\Windows\System\QJAaNTi.exe
  2⤵
  PID:5860
- C:\Windows\System\ldVQtff.exe
  C:\Windows\System\ldVQtff.exe
  2⤵
  PID:2968
- C:\Windows\System\rTIPznY.exe
  C:\Windows\System\rTIPznY.exe
  2⤵
  PID:5648
- C:\Windows\System\MyLIOeP.exe
  C:\Windows\System\MyLIOeP.exe
  2⤵
  PID:5396
- C:\Windows\System\oFqhxAZ.exe
  C:\Windows\System\oFqhxAZ.exe
  2⤵
  PID:2776
- C:\Windows\System\aiQAeqy.exe
  C:\Windows\System\aiQAeqy.exe
  2⤵
  PID:4212
- C:\Windows\System\AapmXyT.exe
  C:\Windows\System\AapmXyT.exe
  2⤵
  PID:5564
- C:\Windows\System\YtDFsun.exe
  C:\Windows\System\YtDFsun.exe
  2⤵
  PID:4956
- C:\Windows\System\EAMEnVX.exe
  C:\Windows\System\EAMEnVX.exe
  2⤵
  PID:5680
- C:\Windows\System\xxmsmxB.exe
  C:\Windows\System\xxmsmxB.exe
  2⤵
  PID:5924
- C:\Windows\System\BeEyXIr.exe
  C:\Windows\System\BeEyXIr.exe
  2⤵
  PID:6160
- C:\Windows\System\xWwGdHv.exe
  C:\Windows\System\xWwGdHv.exe
  2⤵
  PID:6176
- C:\Windows\System\HksAWiI.exe
  C:\Windows\System\HksAWiI.exe
  2⤵
  PID:6196
- C:\Windows\System\CUoUiQL.exe
  C:\Windows\System\CUoUiQL.exe
  2⤵
  PID:6212
- C:\Windows\System\HErGPBu.exe
  C:\Windows\System\HErGPBu.exe
  2⤵
  PID:6228
- C:\Windows\System\btcxeyd.exe
  C:\Windows\System\btcxeyd.exe
  2⤵
  PID:6244
- C:\Windows\System\YLsYZWV.exe
  C:\Windows\System\YLsYZWV.exe
  2⤵
  PID:6260
- C:\Windows\System\mQFdWYv.exe
  C:\Windows\System\mQFdWYv.exe
  2⤵
  PID:6276
- C:\Windows\System\xdKdNyo.exe
  C:\Windows\System\xdKdNyo.exe
  2⤵
  PID:6296
- C:\Windows\System\zjaKkow.exe
  C:\Windows\System\zjaKkow.exe
  2⤵
  PID:6312
- C:\Windows\System\UbEAbCD.exe
  C:\Windows\System\UbEAbCD.exe
  2⤵
  PID:6328
- C:\Windows\System\OjBvwPf.exe
  C:\Windows\System\OjBvwPf.exe
  2⤵
  PID:6344
- C:\Windows\System\rRtJBbI.exe
  C:\Windows\System\rRtJBbI.exe
  2⤵
  PID:6360
- C:\Windows\System\UepaFDd.exe
  C:\Windows\System\UepaFDd.exe
  2⤵
  PID:6376
- C:\Windows\System\MFNnlXv.exe
  C:\Windows\System\MFNnlXv.exe
  2⤵
  PID:6392
- C:\Windows\System\jHTELrD.exe
  C:\Windows\System\jHTELrD.exe
  2⤵
  PID:6408
- C:\Windows\System\wlomxpy.exe
  C:\Windows\System\wlomxpy.exe
  2⤵
  PID:6424
- C:\Windows\System\JOWIBQD.exe
  C:\Windows\System\JOWIBQD.exe
  2⤵
  PID:6444
- C:\Windows\System\PKADsoP.exe
  C:\Windows\System\PKADsoP.exe
  2⤵
  PID:6460
- C:\Windows\System\WxlpVdJ.exe
  C:\Windows\System\WxlpVdJ.exe
  2⤵
  PID:6488
- C:\Windows\System\YhXjunI.exe
  C:\Windows\System\YhXjunI.exe
  2⤵
  PID:6508
- C:\Windows\System\ylhfoGn.exe
  C:\Windows\System\ylhfoGn.exe
  2⤵
  PID:6524
- C:\Windows\System\SVFkkLb.exe
  C:\Windows\System\SVFkkLb.exe
  2⤵
  PID:6540
- C:\Windows\System\cJBAmID.exe
  C:\Windows\System\cJBAmID.exe
  2⤵
  PID:6556
- C:\Windows\System\THYMjuI.exe
  C:\Windows\System\THYMjuI.exe
  2⤵
  PID:6572
- C:\Windows\System\MayGdSd.exe
  C:\Windows\System\MayGdSd.exe
  2⤵
  PID:6588
- C:\Windows\System\KICgBAB.exe
  C:\Windows\System\KICgBAB.exe
  2⤵
  PID:6604
- C:\Windows\System\SvzaiWF.exe
  C:\Windows\System\SvzaiWF.exe
  2⤵
  PID:6620
- C:\Windows\System\WaDUakE.exe
  C:\Windows\System\WaDUakE.exe
  2⤵
  PID:6640
- C:\Windows\System\oemBtbE.exe
  C:\Windows\System\oemBtbE.exe
  2⤵
  PID:6660
- C:\Windows\System\zcZVqdQ.exe
  C:\Windows\System\zcZVqdQ.exe
  2⤵
  PID:6680
- C:\Windows\System\uYhvrXS.exe
  C:\Windows\System\uYhvrXS.exe
  2⤵
  PID:6696
- C:\Windows\System\QlmSSob.exe
  C:\Windows\System\QlmSSob.exe
  2⤵
  PID:6712
- C:\Windows\System\WpTWLLM.exe
  C:\Windows\System\WpTWLLM.exe
  2⤵
  PID:6728
- C:\Windows\System\yUXvgaM.exe
  C:\Windows\System\yUXvgaM.exe
  2⤵
  PID:6744
- C:\Windows\System\TloZCTy.exe
  C:\Windows\System\TloZCTy.exe
  2⤵
  PID:6760
- C:\Windows\System\RnqklnY.exe
  C:\Windows\System\RnqklnY.exe
  2⤵
  PID:6776
- C:\Windows\System\zcebuKs.exe
  C:\Windows\System\zcebuKs.exe
  2⤵
  PID:6792
- C:\Windows\System\tXwWBqi.exe
  C:\Windows\System\tXwWBqi.exe
  2⤵
  PID:6808
- C:\Windows\System\EGylYXg.exe
  C:\Windows\System\EGylYXg.exe
  2⤵
  PID:6824
- C:\Windows\System\PTAJzbX.exe
  C:\Windows\System\PTAJzbX.exe
  2⤵
  PID:6840
- C:\Windows\System\hHXbyQP.exe
  C:\Windows\System\hHXbyQP.exe
  2⤵
  PID:6856
- C:\Windows\System\ayCKAbR.exe
  C:\Windows\System\ayCKAbR.exe
  2⤵
  PID:6872
- C:\Windows\System\KJgiCUD.exe
  C:\Windows\System\KJgiCUD.exe
  2⤵
  PID:6892
- C:\Windows\System\KeWIPDi.exe
  C:\Windows\System\KeWIPDi.exe
  2⤵
  PID:6912
- C:\Windows\System\VijJjCV.exe
  C:\Windows\System\VijJjCV.exe
  2⤵
  PID:6928
- C:\Windows\System\YHbeuxM.exe
  C:\Windows\System\YHbeuxM.exe
  2⤵
  PID:6944
- C:\Windows\System\BMflhBx.exe
  C:\Windows\System\BMflhBx.exe
  2⤵
  PID:6960
- C:\Windows\System\wPEaxUU.exe
  C:\Windows\System\wPEaxUU.exe
  2⤵
  PID:6976
- C:\Windows\System\PmGsaBo.exe
  C:\Windows\System\PmGsaBo.exe
  2⤵
  PID:6992
- C:\Windows\System\QMIsltL.exe
  C:\Windows\System\QMIsltL.exe
  2⤵
  PID:7016
- C:\Windows\System\rXMXmKL.exe
  C:\Windows\System\rXMXmKL.exe
  2⤵
  PID:7032
- C:\Windows\System\ZySaZOk.exe
  C:\Windows\System\ZySaZOk.exe
  2⤵
  PID:7048
- C:\Windows\System\slrvkEx.exe
  C:\Windows\System\slrvkEx.exe
  2⤵
  PID:7064
- C:\Windows\System\xGSHPwI.exe
  C:\Windows\System\xGSHPwI.exe
  2⤵
  PID:7084
- C:\Windows\System\yPIoyuF.exe
  C:\Windows\System\yPIoyuF.exe
  2⤵
  PID:7100
- C:\Windows\System\JfxzyYU.exe
  C:\Windows\System\JfxzyYU.exe
  2⤵
  PID:7116
- C:\Windows\System\nssBVZf.exe
  C:\Windows\System\nssBVZf.exe
  2⤵
  PID:7132
- C:\Windows\System\VtOxxDg.exe
  C:\Windows\System\VtOxxDg.exe
  2⤵
  PID:7152
- C:\Windows\System\JHljgxe.exe
  C:\Windows\System\JHljgxe.exe
  2⤵
  PID:2772
- C:\Windows\System\KYRsrRi.exe
  C:\Windows\System\KYRsrRi.exe
  2⤵
  PID:6400
- C:\Windows\System\luVDsiJ.exe
  C:\Windows\System\luVDsiJ.exe
  2⤵
  PID:6440
- C:\Windows\System\NCMvaLu.exe
  C:\Windows\System\NCMvaLu.exe
  2⤵
  PID:6188
- C:\Windows\System\hCdnLXS.exe
  C:\Windows\System\hCdnLXS.exe
  2⤵
  PID:6252
- C:\Windows\System\aJgpuVW.exe
  C:\Windows\System\aJgpuVW.exe
  2⤵
  PID:6288
- C:\Windows\System\tpcqVoF.exe
  C:\Windows\System\tpcqVoF.exe
  2⤵
  PID:6320
- C:\Windows\System\KALBCRt.exe
  C:\Windows\System\KALBCRt.exe
  2⤵
  PID:2656
- C:\Windows\System\xCHORvM.exe
  C:\Windows\System\xCHORvM.exe
  2⤵
  PID:6480
- C:\Windows\System\YBMPsPi.exe
  C:\Windows\System\YBMPsPi.exe
  2⤵
  PID:6384
- C:\Windows\System\GJEVVhB.exe
  C:\Windows\System\GJEVVhB.exe
  2⤵
  PID:6256
- C:\Windows\System\OOUezuY.exe
  C:\Windows\System\OOUezuY.exe
  2⤵
  PID:6532
- C:\Windows\System\wtRTWyN.exe
  C:\Windows\System\wtRTWyN.exe
  2⤵
  PID:6536
- C:\Windows\System\vOuGTBj.exe
  C:\Windows\System\vOuGTBj.exe
  2⤵
  PID:6596
- C:\Windows\System\oGscnhk.exe
  C:\Windows\System\oGscnhk.exe
  2⤵
  PID:6584
- C:\Windows\System\LmXbvdD.exe
  C:\Windows\System\LmXbvdD.exe
  2⤵
  PID:6652
- C:\Windows\System\kMiJQqq.exe
  C:\Windows\System\kMiJQqq.exe
  2⤵
  PID:6628
- C:\Windows\System\DVoAFYY.exe
  C:\Windows\System\DVoAFYY.exe
  2⤵
  PID:6668
- C:\Windows\System\ttEhXqx.exe
  C:\Windows\System\ttEhXqx.exe
  2⤵
  PID:6708
- C:\Windows\System\chsohQM.exe
  C:\Windows\System\chsohQM.exe
  2⤵
  PID:6768
- C:\Windows\System\FlPpolE.exe
  C:\Windows\System\FlPpolE.exe
  2⤵
  PID:6804
- C:\Windows\System\QIXQGue.exe
  C:\Windows\System\QIXQGue.exe
  2⤵
  PID:6832
- C:\Windows\System\wxpzsyn.exe
  C:\Windows\System\wxpzsyn.exe
  2⤵
  PID:6752
- C:\Windows\System\ZzLPRda.exe
  C:\Windows\System\ZzLPRda.exe
  2⤵
  PID:6816
- C:\Windows\System\WzZrwRi.exe
  C:\Windows\System\WzZrwRi.exe
  2⤵
  PID:6848
- C:\Windows\System\SnBBKOP.exe
  C:\Windows\System\SnBBKOP.exe
  2⤵
  PID:6880
- C:\Windows\System\YdkShWr.exe
  C:\Windows\System\YdkShWr.exe
  2⤵
  PID:6904
- C:\Windows\System\xclehrE.exe
  C:\Windows\System\xclehrE.exe
  2⤵
  PID:2872
- C:\Windows\System\cDARXWh.exe
  C:\Windows\System\cDARXWh.exe
  2⤵
  PID:7000
- C:\Windows\System\XAKYgZM.exe
  C:\Windows\System\XAKYgZM.exe
  2⤵
  PID:7040
- C:\Windows\System\gMAOhLi.exe
  C:\Windows\System\gMAOhLi.exe
  2⤵
  PID:6924
- C:\Windows\System\EpoMbBO.exe
  C:\Windows\System\EpoMbBO.exe
  2⤵
  PID:6984
- C:\Windows\System\zGaCIrZ.exe
  C:\Windows\System\zGaCIrZ.exe
  2⤵
  PID:7112
- C:\Windows\System\BayKJCe.exe
  C:\Windows\System\BayKJCe.exe
  2⤵
  PID:7144
- C:\Windows\System\HhWDLJR.exe
  C:\Windows\System\HhWDLJR.exe
  2⤵
  PID:7060
- C:\Windows\System\UJRSWYB.exe
  C:\Windows\System\UJRSWYB.exe
  2⤵
  PID:7128
- C:\Windows\System\rDhMqPZ.exe
  C:\Windows\System\rDhMqPZ.exe
  2⤵
  PID:6100
- C:\Windows\System\ErSixcn.exe
  C:\Windows\System\ErSixcn.exe
  2⤵
  PID:2984
- C:\Windows\System\EWFufGZ.exe
  C:\Windows\System\EWFufGZ.exe
  2⤵
  PID:2640
- C:\Windows\System\UAiZLJe.exe
  C:\Windows\System\UAiZLJe.exe
  2⤵
  PID:2988
- C:\Windows\System\iuHVDbh.exe
  C:\Windows\System\iuHVDbh.exe
  2⤵
  PID:5696
- C:\Windows\System\BQVMTBt.exe
  C:\Windows\System\BQVMTBt.exe
  2⤵
  PID:2884
- C:\Windows\System\hjKEOBY.exe
  C:\Windows\System\hjKEOBY.exe
  2⤵
  PID:2196
- C:\Windows\System\mIXlHRs.exe
  C:\Windows\System\mIXlHRs.exe
  2⤵
  PID:1960
- C:\Windows\System\FuOzAJO.exe
  C:\Windows\System\FuOzAJO.exe
  2⤵
  PID:6236
- C:\Windows\System\KJGaLwg.exe
  C:\Windows\System\KJGaLwg.exe
  2⤵
  PID:6368
- C:\Windows\System\iBePKCI.exe
  C:\Windows\System\iBePKCI.exe
  2⤵
  PID:6432
- C:\Windows\System\eGmQWof.exe
  C:\Windows\System\eGmQWof.exe
  2⤵
  PID:6152
- C:\Windows\System\TLEomem.exe
  C:\Windows\System\TLEomem.exe
  2⤵
  PID:6080
- C:\Windows\System\cJXXjLp.exe
  C:\Windows\System\cJXXjLp.exe
  2⤵
  PID:6504
- C:\Windows\System\XynEouD.exe
  C:\Windows\System\XynEouD.exe
  2⤵
  PID:6616
- C:\Windows\System\HDOJnvO.exe
  C:\Windows\System\HDOJnvO.exe
  2⤵
  PID:5956
- C:\Windows\System\PWBhgtg.exe
  C:\Windows\System\PWBhgtg.exe
  2⤵
  PID:6452
- C:\Windows\System\qlbSaJd.exe
  C:\Windows\System\qlbSaJd.exe
  2⤵
  PID:7012
- C:\Windows\System\ZLkHQdU.exe
  C:\Windows\System\ZLkHQdU.exe
  2⤵
  PID:6704
- C:\Windows\System\VohZqGm.exe
  C:\Windows\System\VohZqGm.exe
  2⤵
  PID:7072
- C:\Windows\System\ulZjGrG.exe
  C:\Windows\System\ulZjGrG.exe
  2⤵
  PID:5820
- C:\Windows\System\OYpaqqF.exe
  C:\Windows\System\OYpaqqF.exe
  2⤵
  PID:324
- C:\Windows\System\FMeIFfi.exe
  C:\Windows\System\FMeIFfi.exe
  2⤵
  PID:5720
- C:\Windows\System\BSlcnbN.exe
  C:\Windows\System\BSlcnbN.exe
  2⤵
  PID:6336
- C:\Windows\System\tsXmitk.exe
  C:\Windows\System\tsXmitk.exe
  2⤵
  PID:6340
- C:\Windows\System\VkMaRZm.exe
  C:\Windows\System\VkMaRZm.exe
  2⤵
  PID:6476
- C:\Windows\System\burTOTu.exe
  C:\Windows\System\burTOTu.exe
  2⤵
  PID:6224
- C:\Windows\System\kWCwMyc.exe
  C:\Windows\System\kWCwMyc.exe
  2⤵
  PID:3596
- C:\Windows\System\UnfDRlR.exe
  C:\Windows\System\UnfDRlR.exe
  2⤵
  PID:5832
- C:\Windows\System\DbLyFKM.exe
  C:\Windows\System\DbLyFKM.exe
  2⤵
  PID:5804
- C:\Windows\System\RybMhHw.exe
  C:\Windows\System\RybMhHw.exe
  2⤵
  PID:6580
- C:\Windows\System\ZzFvvTg.exe
  C:\Windows\System\ZzFvvTg.exe
  2⤵
  PID:956
- C:\Windows\System\jSOXwBL.exe
  C:\Windows\System\jSOXwBL.exe
  2⤵
  PID:6936
- C:\Windows\System\FKPXuJi.exe
  C:\Windows\System\FKPXuJi.exe
  2⤵
  PID:6836
- C:\Windows\System\gzcaUKZ.exe
  C:\Windows\System\gzcaUKZ.exe
  2⤵
  PID:6952
- C:\Windows\System\EiSvJZT.exe
  C:\Windows\System\EiSvJZT.exe
  2⤵
  PID:6852
- C:\Windows\System\LnPonEl.exe
  C:\Windows\System\LnPonEl.exe
  2⤵
  PID:1640
- C:\Windows\System\FRzFOys.exe
  C:\Windows\System\FRzFOys.exe
  2⤵
  PID:2948
- C:\Windows\System\EmoMJLR.exe
  C:\Windows\System\EmoMJLR.exe
  2⤵
  PID:2908
- C:\Windows\System\dsFtAjZ.exe
  C:\Windows\System\dsFtAjZ.exe
  2⤵
  PID:2648
- C:\Windows\System\fbAyizr.exe
  C:\Windows\System\fbAyizr.exe
  2⤵
  PID:1124
- C:\Windows\System\rlydEYL.exe
  C:\Windows\System\rlydEYL.exe
  2⤵
  PID:6308
- C:\Windows\System\lVgOkgz.exe
  C:\Windows\System\lVgOkgz.exe
  2⤵
  PID:6472
- C:\Windows\System\bPkprEU.exe
  C:\Windows\System\bPkprEU.exe
  2⤵
  PID:6372
- C:\Windows\System\bkYwLHx.exe
  C:\Windows\System\bkYwLHx.exe
  2⤵
  PID:2932
- C:\Windows\System\yOwrAfe.exe
  C:\Windows\System\yOwrAfe.exe
  2⤵
  PID:6676
- C:\Windows\System\sKtGuoj.exe
  C:\Windows\System\sKtGuoj.exe
  2⤵
  PID:6568
- C:\Windows\System\fxQSQjg.exe
  C:\Windows\System\fxQSQjg.exe
  2⤵
  PID:6688
- C:\Windows\System\oHCwBjp.exe
  C:\Windows\System\oHCwBjp.exe
  2⤵
  PID:5712
- C:\Windows\System\KpMuyvk.exe
  C:\Windows\System\KpMuyvk.exe
  2⤵
  PID:6888
- C:\Windows\System\AzeCRoi.exe
  C:\Windows\System\AzeCRoi.exe
  2⤵
  PID:7056
- C:\Windows\System\hmsRdhR.exe
  C:\Windows\System\hmsRdhR.exe
  2⤵
  PID:6868
- C:\Windows\System\BxuVxoG.exe
  C:\Windows\System\BxuVxoG.exe
  2⤵
  PID:7184
- C:\Windows\System\jhqvgSS.exe
  C:\Windows\System\jhqvgSS.exe
  2⤵
  PID:7200
- C:\Windows\System\sjaFlJh.exe
  C:\Windows\System\sjaFlJh.exe
  2⤵
  PID:7216
- C:\Windows\System\Lefngwd.exe
  C:\Windows\System\Lefngwd.exe
  2⤵
  PID:7232
- C:\Windows\System\eOyAYth.exe
  C:\Windows\System\eOyAYth.exe
  2⤵
  PID:7248
- C:\Windows\System\szYWxog.exe
  C:\Windows\System\szYWxog.exe
  2⤵
  PID:7264
- C:\Windows\System\YNHWUFX.exe
  C:\Windows\System\YNHWUFX.exe
  2⤵
  PID:7280
- C:\Windows\System\AXRehyd.exe
  C:\Windows\System\AXRehyd.exe
  2⤵
  PID:7296
- C:\Windows\System\cQzObGU.exe
  C:\Windows\System\cQzObGU.exe
  2⤵
  PID:7312
- C:\Windows\System\IGisyNI.exe
  C:\Windows\System\IGisyNI.exe
  2⤵
  PID:7328
- C:\Windows\System\HtxHGba.exe
  C:\Windows\System\HtxHGba.exe
  2⤵
  PID:7344
- C:\Windows\System\AefwAAc.exe
  C:\Windows\System\AefwAAc.exe
  2⤵
  PID:7360
- C:\Windows\System\eLYkxbt.exe
  C:\Windows\System\eLYkxbt.exe
  2⤵
  PID:7376
- C:\Windows\System\aqollgP.exe
  C:\Windows\System\aqollgP.exe
  2⤵
  PID:7392
- C:\Windows\System\umwXUTx.exe
  C:\Windows\System\umwXUTx.exe
  2⤵
  PID:7408
- C:\Windows\System\BkEpvQR.exe
  C:\Windows\System\BkEpvQR.exe
  2⤵
  PID:7424
- C:\Windows\System\RTLVlVX.exe
  C:\Windows\System\RTLVlVX.exe
  2⤵
  PID:7440
- C:\Windows\System\SEAUShd.exe
  C:\Windows\System\SEAUShd.exe
  2⤵
  PID:7456
- C:\Windows\System\aTFYGvx.exe
  C:\Windows\System\aTFYGvx.exe
  2⤵
  PID:7472
- C:\Windows\System\jAPQiQB.exe
  C:\Windows\System\jAPQiQB.exe
  2⤵
  PID:7488
- C:\Windows\System\HwBcYWt.exe
  C:\Windows\System\HwBcYWt.exe
  2⤵
  PID:7504
- C:\Windows\System\qJABmNn.exe
  C:\Windows\System\qJABmNn.exe
  2⤵
  PID:7520
- C:\Windows\System\HQOkMSd.exe
  C:\Windows\System\HQOkMSd.exe
  2⤵
  PID:7536
- C:\Windows\System\vwBVslS.exe
  C:\Windows\System\vwBVslS.exe
  2⤵
  PID:7552
- C:\Windows\System\NiVvoJn.exe
  C:\Windows\System\NiVvoJn.exe
  2⤵
  PID:7568
- C:\Windows\System\FPKnYxb.exe
  C:\Windows\System\FPKnYxb.exe
  2⤵
  PID:7584
- C:\Windows\System\LvWJceX.exe
  C:\Windows\System\LvWJceX.exe
  2⤵
  PID:7600
- C:\Windows\System\DfPOfbk.exe
  C:\Windows\System\DfPOfbk.exe
  2⤵
  PID:7616
- C:\Windows\System\spWnXNo.exe
  C:\Windows\System\spWnXNo.exe
  2⤵
  PID:7632
- C:\Windows\System\jkUsOqv.exe
  C:\Windows\System\jkUsOqv.exe
  2⤵
  PID:7648
- C:\Windows\System\vXbfoTf.exe
  C:\Windows\System\vXbfoTf.exe
  2⤵
  PID:7664
- C:\Windows\System\AxGxfea.exe
  C:\Windows\System\AxGxfea.exe
  2⤵
  PID:7680
- C:\Windows\System\mbewoPA.exe
  C:\Windows\System\mbewoPA.exe
  2⤵
  PID:7696
- C:\Windows\System\IpmLJjl.exe
  C:\Windows\System\IpmLJjl.exe
  2⤵
  PID:7712
- C:\Windows\System\cNQQaaM.exe
  C:\Windows\System\cNQQaaM.exe
  2⤵
  PID:7728
- C:\Windows\System\KONXlfZ.exe
  C:\Windows\System\KONXlfZ.exe
  2⤵
  PID:7744
- C:\Windows\System\yOAXAjU.exe
  C:\Windows\System\yOAXAjU.exe
  2⤵
  PID:7760
- C:\Windows\System\ffjAQVR.exe
  C:\Windows\System\ffjAQVR.exe
  2⤵
  PID:7776
- C:\Windows\System\DvOWSWZ.exe
  C:\Windows\System\DvOWSWZ.exe
  2⤵
  PID:7792
- C:\Windows\System\BypRhoW.exe
  C:\Windows\System\BypRhoW.exe
  2⤵
  PID:7808
- C:\Windows\System\bEyPPGw.exe
  C:\Windows\System\bEyPPGw.exe
  2⤵
  PID:7824
- C:\Windows\System\ZtlxtAd.exe
  C:\Windows\System\ZtlxtAd.exe
  2⤵
  PID:7840
- C:\Windows\System\anzwRiM.exe
  C:\Windows\System\anzwRiM.exe
  2⤵
  PID:7856
- C:\Windows\System\pEHzikZ.exe
  C:\Windows\System\pEHzikZ.exe
  2⤵
  PID:7872
- C:\Windows\System\HLbXxXC.exe
  C:\Windows\System\HLbXxXC.exe
  2⤵
  PID:7888
- C:\Windows\System\XMFHdlP.exe
  C:\Windows\System\XMFHdlP.exe
  2⤵
  PID:7904
- C:\Windows\System\sddHoCJ.exe
  C:\Windows\System\sddHoCJ.exe
  2⤵
  PID:7920
- C:\Windows\System\ceIVxQH.exe
  C:\Windows\System\ceIVxQH.exe
  2⤵
  PID:7936
- C:\Windows\System\iEoWLXU.exe
  C:\Windows\System\iEoWLXU.exe
  2⤵
  PID:7952
- C:\Windows\System\pVDMLXq.exe
  C:\Windows\System\pVDMLXq.exe
  2⤵
  PID:7968
- C:\Windows\System\zhzVtJW.exe
  C:\Windows\System\zhzVtJW.exe
  2⤵
  PID:7984
- C:\Windows\System\YeEQita.exe
  C:\Windows\System\YeEQita.exe
  2⤵
  PID:8000
- C:\Windows\System\Jkjxalb.exe
  C:\Windows\System\Jkjxalb.exe
  2⤵
  PID:8016
- C:\Windows\System\JRAENew.exe
  C:\Windows\System\JRAENew.exe
  2⤵
  PID:8032
- C:\Windows\System\KbxVbgh.exe
  C:\Windows\System\KbxVbgh.exe
  2⤵
  PID:8048
- C:\Windows\System\uKpFnOl.exe
  C:\Windows\System\uKpFnOl.exe
  2⤵
  PID:8064
- C:\Windows\System\vwHPlVm.exe
  C:\Windows\System\vwHPlVm.exe
  2⤵
  PID:8080
- C:\Windows\System\CxNnAYg.exe
  C:\Windows\System\CxNnAYg.exe
  2⤵
  PID:8096
- C:\Windows\System\pdlLIRd.exe
  C:\Windows\System\pdlLIRd.exe
  2⤵
  PID:8116
- C:\Windows\System\jJeVszT.exe
  C:\Windows\System\jJeVszT.exe
  2⤵
  PID:8132
- C:\Windows\System\qYZGmUl.exe
  C:\Windows\System\qYZGmUl.exe
  2⤵
  PID:8148
- C:\Windows\System\ifBuPYW.exe
  C:\Windows\System\ifBuPYW.exe
  2⤵
  PID:8164
- C:\Windows\System\IdUCwtl.exe
  C:\Windows\System\IdUCwtl.exe
  2⤵
  PID:8180
- C:\Windows\System\TOwWuVS.exe
  C:\Windows\System\TOwWuVS.exe
  2⤵
  PID:6304
- C:\Windows\System\dvIAkku.exe
  C:\Windows\System\dvIAkku.exe
  2⤵
  PID:6156
- C:\Windows\System\FCLyQlf.exe
  C:\Windows\System\FCLyQlf.exe
  2⤵
  PID:7080
- C:\Windows\System\WusiOAI.exe
  C:\Windows\System\WusiOAI.exe
  2⤵
  PID:7096
- C:\Windows\System\GoNSFnQ.exe
  C:\Windows\System\GoNSFnQ.exe
  2⤵
  PID:1972
- C:\Windows\System\ivjiRTy.exe
  C:\Windows\System\ivjiRTy.exe
  2⤵
  PID:7208
- C:\Windows\System\jXEDSSR.exe
  C:\Windows\System\jXEDSSR.exe
  2⤵
  PID:7228
- C:\Windows\System\hbkXoVD.exe
  C:\Windows\System\hbkXoVD.exe
  2⤵
  PID:7292
- C:\Windows\System\OHCTPuB.exe
  C:\Windows\System\OHCTPuB.exe
  2⤵
  PID:7356
- C:\Windows\System\BCtudiC.exe
  C:\Windows\System\BCtudiC.exe
  2⤵
  PID:7372
- C:\Windows\System\EuvTpTw.exe
  C:\Windows\System\EuvTpTw.exe
  2⤵
  PID:7384
- C:\Windows\System\WbjyQtB.exe
  C:\Windows\System\WbjyQtB.exe
  2⤵
  PID:7448
- C:\Windows\System\VDtTwSX.exe
  C:\Windows\System\VDtTwSX.exe
  2⤵
  PID:7336
- C:\Windows\System\ENyfpuu.exe
  C:\Windows\System\ENyfpuu.exe
  2⤵
  PID:7544
- C:\Windows\System\rrqHQnR.exe
  C:\Windows\System\rrqHQnR.exe
  2⤵
  PID:7436
- C:\Windows\System\YeUMIyY.exe
  C:\Windows\System\YeUMIyY.exe
  2⤵
  PID:7500
- C:\Windows\System\MTZsPzd.exe
  C:\Windows\System\MTZsPzd.exe
  2⤵
  PID:7592
- C:\Windows\System\QMxeOlY.exe
  C:\Windows\System\QMxeOlY.exe
  2⤵
  PID:7612
- C:\Windows\System\TkRxsfw.exe
  C:\Windows\System\TkRxsfw.exe
  2⤵
  PID:7660
- C:\Windows\System\IJcrytX.exe
  C:\Windows\System\IJcrytX.exe
  2⤵
  PID:7724
- C:\Windows\System\AUMnkeJ.exe
  C:\Windows\System\AUMnkeJ.exe
  2⤵
  PID:7740
- C:\Windows\System\UvLIErZ.exe
  C:\Windows\System\UvLIErZ.exe
  2⤵
  PID:7752
- C:\Windows\System\ZeoSJhT.exe
  C:\Windows\System\ZeoSJhT.exe
  2⤵
  PID:7832
- C:\Windows\System\dasZwHt.exe
  C:\Windows\System\dasZwHt.exe
  2⤵
  PID:584
- C:\Windows\System\fMwZCZO.exe
  C:\Windows\System\fMwZCZO.exe
  2⤵
  PID:7928
- C:\Windows\System\moTTsSo.exe
  C:\Windows\System\moTTsSo.exe
  2⤵
  PID:1628
- C:\Windows\System\HptXARJ.exe
  C:\Windows\System\HptXARJ.exe
  2⤵
  PID:7852
- C:\Windows\System\tSAMVqc.exe
  C:\Windows\System\tSAMVqc.exe
  2⤵
  PID:8172
- C:\Windows\System\aHFDxcY.exe
  C:\Windows\System\aHFDxcY.exe
  2⤵
  PID:6220
- C:\Windows\System\nWWZrMe.exe
  C:\Windows\System\nWWZrMe.exe
  2⤵
  PID:7980
- C:\Windows\System\SekKPyy.exe
  C:\Windows\System\SekKPyy.exe
  2⤵
  PID:8044
- C:\Windows\System\ZawvWep.exe
  C:\Windows\System\ZawvWep.exe
  2⤵
  PID:8144
- C:\Windows\System\icmoYSA.exe
  C:\Windows\System\icmoYSA.exe
  2⤵
  PID:7180
- C:\Windows\System\yJptJzF.exe
  C:\Windows\System\yJptJzF.exe
  2⤵
  PID:7240
- C:\Windows\System\uyQIiDo.exe
  C:\Windows\System\uyQIiDo.exe
  2⤵
  PID:7244
- C:\Windows\System\RLxCTxv.exe
  C:\Windows\System\RLxCTxv.exe
  2⤵
  PID:1672
- C:\Windows\System\LGudVhk.exe
  C:\Windows\System\LGudVhk.exe
  2⤵
  PID:7304
- C:\Windows\System\ihFKZJa.exe
  C:\Windows\System\ihFKZJa.exe
  2⤵
  PID:7528
- C:\Windows\System\UQJsMCR.exe
  C:\Windows\System\UQJsMCR.exe
  2⤵
  PID:7420
- C:\Windows\System\QEfpnCv.exe
  C:\Windows\System\QEfpnCv.exe
  2⤵
  PID:7496
- C:\Windows\System\MOHpRSU.exe
  C:\Windows\System\MOHpRSU.exe
  2⤵
  PID:7564
- C:\Windows\System\SDSgYGF.exe
  C:\Windows\System\SDSgYGF.exe
  2⤵
  PID:7704
- C:\Windows\System\aaxgDAZ.exe
  C:\Windows\System\aaxgDAZ.exe
  2⤵
  PID:7672
- C:\Windows\System\epzSmSh.exe
  C:\Windows\System\epzSmSh.exe
  2⤵
  PID:7864
- C:\Windows\System\aseYrbt.exe
  C:\Windows\System\aseYrbt.exe
  2⤵
  PID:7628
- C:\Windows\System\RdvhnQi.exe
  C:\Windows\System\RdvhnQi.exe
  2⤵
  PID:7768
- C:\Windows\System\KfiSRsC.exe
  C:\Windows\System\KfiSRsC.exe
  2⤵
  PID:8028
- C:\Windows\System\QHIVvkn.exe
  C:\Windows\System\QHIVvkn.exe
  2⤵
  PID:8128
- C:\Windows\System\dTwhBHf.exe
  C:\Windows\System\dTwhBHf.exe
  2⤵
  PID:8088
- C:\Windows\System\hYCOIXz.exe
  C:\Windows\System\hYCOIXz.exe
  2⤵
  PID:7192
- C:\Windows\System\iNIDJlT.exe
  C:\Windows\System\iNIDJlT.exe
  2⤵
  PID:7788
- C:\Windows\System\FChVNvN.exe
  C:\Windows\System\FChVNvN.exe
  2⤵
  PID:7848
- C:\Windows\System\XAfQzZG.exe
  C:\Windows\System\XAfQzZG.exe
  2⤵
  PID:4820
- C:\Windows\System\luAeeqn.exe
  C:\Windows\System\luAeeqn.exe
  2⤵
  PID:8040
- C:\Windows\System\hQyNPMa.exe
  C:\Windows\System\hQyNPMa.exe
  2⤵
  PID:8112
- C:\Windows\System\XpnQgmH.exe
  C:\Windows\System\XpnQgmH.exe
  2⤵
  PID:2332
- C:\Windows\System\fCxcXoY.exe
  C:\Windows\System\fCxcXoY.exe
  2⤵
  PID:7608
- C:\Windows\System\yAUfYIi.exe
  C:\Windows\System\yAUfYIi.exe
  2⤵
  PID:7720
- C:\Windows\System\tRvIfrl.exe
  C:\Windows\System\tRvIfrl.exe
  2⤵
  PID:8024
- C:\Windows\System\MhtSHzQ.exe
  C:\Windows\System\MhtSHzQ.exe
  2⤵
  PID:7784
- C:\Windows\System\GMowrKt.exe
  C:\Windows\System\GMowrKt.exe
  2⤵
  PID:8076
- C:\Windows\System\qiWjMpp.exe
  C:\Windows\System\qiWjMpp.exe
  2⤵
  PID:7416
- C:\Windows\System\ggpcgse.exe
  C:\Windows\System\ggpcgse.exe
  2⤵
  PID:2032
- C:\Windows\System\ovvbxPu.exe
  C:\Windows\System\ovvbxPu.exe
  2⤵
  PID:8188
- C:\Windows\System\czoGLww.exe
  C:\Windows\System\czoGLww.exe
  2⤵
  PID:7816
- C:\Windows\System\FNsjumE.exe
  C:\Windows\System\FNsjumE.exe
  2⤵
  PID:8108
- C:\Windows\System\LTxpmNo.exe
  C:\Windows\System\LTxpmNo.exe
  2⤵
  PID:7804
- C:\Windows\System\OHJtHuT.exe
  C:\Windows\System\OHJtHuT.exe
  2⤵
  PID:7916
- C:\Windows\System\VNBxxYz.exe
  C:\Windows\System\VNBxxYz.exe
  2⤵
  PID:6972
- C:\Windows\System\htrzGdI.exe
  C:\Windows\System\htrzGdI.exe
  2⤵
  PID:7432
- C:\Windows\System\NoEvwsc.exe
  C:\Windows\System\NoEvwsc.exe
  2⤵
  PID:8160
- C:\Windows\System\dbZdzqz.exe
  C:\Windows\System\dbZdzqz.exe
  2⤵
  PID:7480
- C:\Windows\System\vEemJdT.exe
  C:\Windows\System\vEemJdT.exe
  2⤵
  PID:7196
- C:\Windows\System\CwffhwD.exe
  C:\Windows\System\CwffhwD.exe
  2⤵
  PID:8208
- C:\Windows\System\YemPWqg.exe
  C:\Windows\System\YemPWqg.exe
  2⤵
  PID:8224
- C:\Windows\System\rqsALmV.exe
  C:\Windows\System\rqsALmV.exe
  2⤵
  PID:8240
- C:\Windows\System\STJuPyZ.exe
  C:\Windows\System\STJuPyZ.exe
  2⤵
  PID:8256
- C:\Windows\System\HAAwcBl.exe
  C:\Windows\System\HAAwcBl.exe
  2⤵
  PID:8272
- C:\Windows\System\hZvXIXY.exe
  C:\Windows\System\hZvXIXY.exe
  2⤵
  PID:8288
- C:\Windows\System\Wddyxbi.exe
  C:\Windows\System\Wddyxbi.exe
  2⤵
  PID:8304
- C:\Windows\System\JDJhfKy.exe
  C:\Windows\System\JDJhfKy.exe
  2⤵
  PID:8320
- C:\Windows\System\zgfMdmh.exe
  C:\Windows\System\zgfMdmh.exe
  2⤵
  PID:8340
- C:\Windows\System\YseTXKH.exe
  C:\Windows\System\YseTXKH.exe
  2⤵
  PID:8356
- C:\Windows\System\ZQdwyWG.exe
  C:\Windows\System\ZQdwyWG.exe
  2⤵
  PID:8372
- C:\Windows\System\tTyIIlB.exe
  C:\Windows\System\tTyIIlB.exe
  2⤵
  PID:8388
- C:\Windows\System\TokyAQy.exe
  C:\Windows\System\TokyAQy.exe
  2⤵
  PID:8404
- C:\Windows\System\XxPnlNH.exe
  C:\Windows\System\XxPnlNH.exe
  2⤵
  PID:8420
- C:\Windows\System\Czaziqg.exe
  C:\Windows\System\Czaziqg.exe
  2⤵
  PID:8440
- C:\Windows\System\RJdTdgo.exe
  C:\Windows\System\RJdTdgo.exe
  2⤵
  PID:8460
- C:\Windows\System\jFiHTco.exe
  C:\Windows\System\jFiHTco.exe
  2⤵
  PID:8476
- C:\Windows\System\piuYBat.exe
  C:\Windows\System\piuYBat.exe
  2⤵
  PID:8492
- C:\Windows\System\ZbpjiNu.exe
  C:\Windows\System\ZbpjiNu.exe
  2⤵
  PID:8524
- C:\Windows\System\SiIYgDE.exe
  C:\Windows\System\SiIYgDE.exe
  2⤵
  PID:8544
- C:\Windows\System\PFdNaLZ.exe
  C:\Windows\System\PFdNaLZ.exe
  2⤵
  PID:8560
- C:\Windows\System\TtwFMue.exe
  C:\Windows\System\TtwFMue.exe
  2⤵
  PID:8580
- C:\Windows\System\fCxlCze.exe
  C:\Windows\System\fCxlCze.exe
  2⤵
  PID:8600
- C:\Windows\System\JUZhBtK.exe
  C:\Windows\System\JUZhBtK.exe
  2⤵
  PID:8620
- C:\Windows\System\ieBbTCl.exe
  C:\Windows\System\ieBbTCl.exe
  2⤵
  PID:8640
- C:\Windows\System\cfvmxXX.exe
  C:\Windows\System\cfvmxXX.exe
  2⤵
  PID:8668
- C:\Windows\System\JryjUvQ.exe
  C:\Windows\System\JryjUvQ.exe
  2⤵
  PID:8688
- C:\Windows\System\AZZdfkG.exe
  C:\Windows\System\AZZdfkG.exe
  2⤵
  PID:8712
- C:\Windows\System\DfVxeLp.exe
  C:\Windows\System\DfVxeLp.exe
  2⤵
  PID:8728
- C:\Windows\System\nPHvvpK.exe
  C:\Windows\System\nPHvvpK.exe
  2⤵
  PID:8744
- C:\Windows\System\gQhhjdz.exe
  C:\Windows\System\gQhhjdz.exe
  2⤵
  PID:8760
- C:\Windows\System\WRBsZwY.exe
  C:\Windows\System\WRBsZwY.exe
  2⤵
  PID:8800
- C:\Windows\System\BrktTjK.exe
  C:\Windows\System\BrktTjK.exe
  2⤵
  PID:8816
- C:\Windows\System\osyUvid.exe
  C:\Windows\System\osyUvid.exe
  2⤵
  PID:8832
- C:\Windows\System\odqnrRU.exe
  C:\Windows\System\odqnrRU.exe
  2⤵
  PID:8852
- C:\Windows\System\fQWuTXh.exe
  C:\Windows\System\fQWuTXh.exe
  2⤵
  PID:8868
- C:\Windows\System\yRGRsNv.exe
  C:\Windows\System\yRGRsNv.exe
  2⤵
  PID:8884
- C:\Windows\System\gxvkxjl.exe
  C:\Windows\System\gxvkxjl.exe
  2⤵
  PID:8916
- C:\Windows\System\IsIborJ.exe
  C:\Windows\System\IsIborJ.exe
  2⤵
  PID:8932
- C:\Windows\System\xuQERxx.exe
  C:\Windows\System\xuQERxx.exe
  2⤵
  PID:8948
- C:\Windows\System\kAdyklt.exe
  C:\Windows\System\kAdyklt.exe
  2⤵
  PID:8968
- C:\Windows\System\jxuHmdX.exe
  C:\Windows\System\jxuHmdX.exe
  2⤵
  PID:8984
- C:\Windows\System\dYGztgl.exe
  C:\Windows\System\dYGztgl.exe
  2⤵
  PID:9004
- C:\Windows\System\ihwZyTR.exe
  C:\Windows\System\ihwZyTR.exe
  2⤵
  PID:9020
- C:\Windows\System\LJZOCOZ.exe
  C:\Windows\System\LJZOCOZ.exe
  2⤵
  PID:9036
- C:\Windows\System\fwbMwWq.exe
  C:\Windows\System\fwbMwWq.exe
  2⤵
  PID:9052
- C:\Windows\System\VGewbqr.exe
  C:\Windows\System\VGewbqr.exe
  2⤵
  PID:9072
- C:\Windows\System\tgoZvCs.exe
  C:\Windows\System\tgoZvCs.exe
  2⤵
  PID:9088
- C:\Windows\System\ZnZkRWG.exe
  C:\Windows\System\ZnZkRWG.exe
  2⤵
  PID:9104
- C:\Windows\System\dQuxcnd.exe
  C:\Windows\System\dQuxcnd.exe
  2⤵
  PID:9120
- C:\Windows\System\ZKbrOIx.exe
  C:\Windows\System\ZKbrOIx.exe
  2⤵
  PID:9136
- C:\Windows\System\eDcYohW.exe
  C:\Windows\System\eDcYohW.exe
  2⤵
  PID:9152
- C:\Windows\System\ElTKBOy.exe
  C:\Windows\System\ElTKBOy.exe
  2⤵
  PID:9176
- C:\Windows\System\EZQRYUD.exe
  C:\Windows\System\EZQRYUD.exe
  2⤵
  PID:9192
- C:\Windows\System\ooXoMCP.exe
  C:\Windows\System\ooXoMCP.exe
  2⤵
  PID:9208
- C:\Windows\System\OjLdcUP.exe
  C:\Windows\System\OjLdcUP.exe
  2⤵
  PID:8220
- C:\Windows\System\WWEvpla.exe
  C:\Windows\System\WWEvpla.exe
  2⤵
  PID:8280
- C:\Windows\System\VnVtiqg.exe
  C:\Windows\System\VnVtiqg.exe
  2⤵
  PID:7692
- C:\Windows\System\pJMTUVA.exe
  C:\Windows\System\pJMTUVA.exe
  2⤵
  PID:7800
- C:\Windows\System\cDWlGCF.exe
  C:\Windows\System\cDWlGCF.exe
  2⤵
  PID:8264
- C:\Windows\System\dpGfYbT.exe
  C:\Windows\System\dpGfYbT.exe
  2⤵
  PID:8316
- C:\Windows\System\xECNVms.exe
  C:\Windows\System\xECNVms.exe
  2⤵
  PID:8336
- C:\Windows\System\FQjbAht.exe
  C:\Windows\System\FQjbAht.exe
  2⤵
  PID:8412
- C:\Windows\System\BEwAEBd.exe
  C:\Windows\System\BEwAEBd.exe
  2⤵
  PID:8400
- C:\Windows\System\URfxzQP.exe
  C:\Windows\System\URfxzQP.exe
  2⤵
  PID:8432
- C:\Windows\System\ndpzeeX.exe
  C:\Windows\System\ndpzeeX.exe
  2⤵
  PID:8484
- C:\Windows\System\pndcGDe.exe
  C:\Windows\System\pndcGDe.exe
  2⤵
  PID:8504
- C:\Windows\System\unqqHnu.exe
  C:\Windows\System\unqqHnu.exe
  2⤵
  PID:8488
- C:\Windows\System\RJQIkkY.exe
  C:\Windows\System\RJQIkkY.exe
  2⤵
  PID:8572
- C:\Windows\System\qGWGkpw.exe
  C:\Windows\System\qGWGkpw.exe
  2⤵
  PID:8616
- C:\Windows\System\EQActZE.exe
  C:\Windows\System\EQActZE.exe
  2⤵
  PID:8520
- C:\Windows\System\vNpFzoY.exe
  C:\Windows\System\vNpFzoY.exe
  2⤵
  PID:8632
- C:\Windows\System\CsTWCsw.exe
  C:\Windows\System\CsTWCsw.exe
  2⤵
  PID:8696
- C:\Windows\System\ZzNpxjI.exe
  C:\Windows\System\ZzNpxjI.exe
  2⤵
  PID:8676
- C:\Windows\System\wpOkKDS.exe
  C:\Windows\System\wpOkKDS.exe
  2⤵
  PID:8680
- C:\Windows\System\eGxoyNT.exe
  C:\Windows\System\eGxoyNT.exe
  2⤵
  PID:8752
- C:\Windows\System\ICwYFgB.exe
  C:\Windows\System\ICwYFgB.exe
  2⤵
  PID:8780
- C:\Windows\System\uKSadwV.exe
  C:\Windows\System\uKSadwV.exe
  2⤵
  PID:8796
- C:\Windows\System\fhWdzKu.exe
  C:\Windows\System\fhWdzKu.exe
  2⤵
  PID:8892
- C:\Windows\System\tTizbMK.exe
  C:\Windows\System\tTizbMK.exe
  2⤵
  PID:8956
- C:\Windows\System\xiqMnQr.exe
  C:\Windows\System\xiqMnQr.exe
  2⤵
  PID:9068
- C:\Windows\System\CXLCZNt.exe
  C:\Windows\System\CXLCZNt.exe
  2⤵
  PID:8232
- C:\Windows\System\gCxzTcZ.exe
  C:\Windows\System\gCxzTcZ.exe
  2⤵
  PID:8512
- C:\Windows\System\eZcaCYT.exe
  C:\Windows\System\eZcaCYT.exe
  2⤵
  PID:8612
- C:\Windows\System\SmMHGyd.exe
  C:\Windows\System\SmMHGyd.exe
  2⤵
  PID:8472
- C:\Windows\System\TdqQlyw.exe
  C:\Windows\System\TdqQlyw.exe
  2⤵
  PID:8652
- C:\Windows\System\tVQmsJK.exe
  C:\Windows\System\tVQmsJK.exe
  2⤵
  PID:8568
- C:\Windows\System\SuUtaQd.exe
  C:\Windows\System\SuUtaQd.exe
  2⤵
  PID:8592
- C:\Windows\System\vnWNnes.exe
  C:\Windows\System\vnWNnes.exe
  2⤵
  PID:8720
- C:\Windows\System\arXYuuc.exe
  C:\Windows\System\arXYuuc.exe
  2⤵
  PID:8660
- C:\Windows\System\CQxidRZ.exe
  C:\Windows\System\CQxidRZ.exe
  2⤵
  PID:8860
- C:\Windows\System\tMwpUJP.exe
  C:\Windows\System\tMwpUJP.exe
  2⤵
  PID:8768
- C:\Windows\System\vtwxnQI.exe
  C:\Windows\System\vtwxnQI.exe
  2⤵
  PID:8812
- C:\Windows\System\wbDNfJk.exe
  C:\Windows\System\wbDNfJk.exe
  2⤵
  PID:7996
- C:\Windows\System\oVIKhwz.exe
  C:\Windows\System\oVIKhwz.exe
  2⤵
  PID:8940
- C:\Windows\System\ddZuJVB.exe
  C:\Windows\System\ddZuJVB.exe
  2⤵
  PID:8980
- C:\Windows\System\FaqXclu.exe
  C:\Windows\System\FaqXclu.exe
  2⤵
  PID:9032
- C:\Windows\System\idwpGtT.exe
  C:\Windows\System\idwpGtT.exe
  2⤵
  PID:9188
- C:\Windows\System\ovgzkQb.exe
  C:\Windows\System\ovgzkQb.exe
  2⤵
  PID:8536
- C:\Windows\System\EowQgdb.exe
  C:\Windows\System\EowQgdb.exe
  2⤵
  PID:8252
- C:\Windows\System\EPcZqtl.exe
  C:\Windows\System\EPcZqtl.exe
  2⤵
  PID:7772
- C:\Windows\System\YMSYBmi.exe
  C:\Windows\System\YMSYBmi.exe
  2⤵
  PID:8456
- C:\Windows\System\AFxOjQe.exe
  C:\Windows\System\AFxOjQe.exe
  2⤵
  PID:8708
- C:\Windows\System\LKvZNHI.exe
  C:\Windows\System\LKvZNHI.exe
  2⤵
  PID:8904
- C:\Windows\System\cIdmKwy.exe
  C:\Windows\System\cIdmKwy.exe
  2⤵
  PID:8960
- C:\Windows\System\cgmsJHq.exe
  C:\Windows\System\cgmsJHq.exe
  2⤵
  PID:9064
- C:\Windows\System\HICUJhe.exe
  C:\Windows\System\HICUJhe.exe
  2⤵
  PID:1500
- C:\Windows\System\pSuyfPX.exe
  C:\Windows\System\pSuyfPX.exe
  2⤵
  PID:9128
- C:\Windows\System\brcQPSw.exe
  C:\Windows\System\brcQPSw.exe
  2⤵
  PID:9200
- C:\Windows\System\rRLTuPe.exe
  C:\Windows\System\rRLTuPe.exe
  2⤵
  PID:7324
- C:\Windows\System\GXKVhTv.exe
  C:\Windows\System\GXKVhTv.exe
  2⤵
  PID:8908
- C:\Windows\System\mPKhEfW.exe
  C:\Windows\System\mPKhEfW.exe
  2⤵
  PID:8368
- C:\Windows\System\diYdhNQ.exe
  C:\Windows\System\diYdhNQ.exe
  2⤵
  PID:8912
- C:\Windows\System\ZfqDLtN.exe
  C:\Windows\System\ZfqDLtN.exe
  2⤵
  PID:8588
- C:\Windows\System\xtpXFwz.exe
  C:\Windows\System\xtpXFwz.exe
  2⤵
  PID:8740
- C:\Windows\System\OCsoLnq.exe
  C:\Windows\System\OCsoLnq.exe
  2⤵
  PID:8928
- C:\Windows\System\ASvMLWQ.exe
  C:\Windows\System\ASvMLWQ.exe
  2⤵
  PID:9080
- C:\Windows\System\fFaRJUF.exe
  C:\Windows\System\fFaRJUF.exe
  2⤵
  PID:9144
- C:\Windows\System\otcyGAX.exe
  C:\Windows\System\otcyGAX.exe
  2⤵
  PID:9100
- C:\Windows\System\GHMCiOT.exe
  C:\Windows\System\GHMCiOT.exe
  2⤵
  PID:9028
- C:\Windows\System\KymQmyD.exe
  C:\Windows\System\KymQmyD.exe
  2⤵
  PID:8312
- C:\Windows\System\TXBSJdn.exe
  C:\Windows\System\TXBSJdn.exe
  2⤵
  PID:8452
- C:\Windows\System\JeTYmGD.exe
  C:\Windows\System\JeTYmGD.exe
  2⤵
  PID:9184
- C:\Windows\System\zvgBaGy.exe
  C:\Windows\System\zvgBaGy.exe
  2⤵
  PID:8332
- C:\Windows\System\wPllBUo.exe
  C:\Windows\System\wPllBUo.exe
  2⤵
  PID:9048
- C:\Windows\System\zUgqTPY.exe
  C:\Windows\System\zUgqTPY.exe
  2⤵
  PID:8664
- C:\Windows\System\WArajKK.exe
  C:\Windows\System\WArajKK.exe
  2⤵
  PID:8556
- C:\Windows\System\CNqFSoQ.exe
  C:\Windows\System\CNqFSoQ.exe
  2⤵
  PID:8608
- C:\Windows\System\NuoQvyX.exe
  C:\Windows\System\NuoQvyX.exe
  2⤵
  PID:9232
- C:\Windows\System\HXmIDAd.exe
  C:\Windows\System\HXmIDAd.exe
  2⤵
  PID:9248
- C:\Windows\System\uCAjVzo.exe
  C:\Windows\System\uCAjVzo.exe
  2⤵
  PID:9268
- C:\Windows\System\rfQbWyy.exe
  C:\Windows\System\rfQbWyy.exe
  2⤵
  PID:9284
- C:\Windows\System\UokTLCF.exe
  C:\Windows\System\UokTLCF.exe
  2⤵
  PID:9300
- C:\Windows\System\dsxjoAO.exe
  C:\Windows\System\dsxjoAO.exe
  2⤵
  PID:9316
- C:\Windows\System\mvXPrMQ.exe
  C:\Windows\System\mvXPrMQ.exe
  2⤵
  PID:9332
- C:\Windows\System\xEXATiH.exe
  C:\Windows\System\xEXATiH.exe
  2⤵
  PID:9364
- C:\Windows\System\hoIJBVX.exe
  C:\Windows\System\hoIJBVX.exe
  2⤵
  PID:9380
- C:\Windows\System\maRkVix.exe
  C:\Windows\System\maRkVix.exe
  2⤵
  PID:9396
- C:\Windows\System\tYdSaMI.exe
  C:\Windows\System\tYdSaMI.exe
  2⤵
  PID:9412
- C:\Windows\System\jpuaCwZ.exe
  C:\Windows\System\jpuaCwZ.exe
  2⤵
  PID:9428
- C:\Windows\System\virPdMU.exe
  C:\Windows\System\virPdMU.exe
  2⤵
  PID:9444
- C:\Windows\System\zUzjYbw.exe
  C:\Windows\System\zUzjYbw.exe
  2⤵
  PID:9460
- C:\Windows\System\xmjQxQT.exe
  C:\Windows\System\xmjQxQT.exe
  2⤵
  PID:9476
- C:\Windows\System\nnmHZPi.exe
  C:\Windows\System\nnmHZPi.exe
  2⤵
  PID:9492
- C:\Windows\System\ibXaaGt.exe
  C:\Windows\System\ibXaaGt.exe
  2⤵
  PID:9508
- C:\Windows\System\sAmonOE.exe
  C:\Windows\System\sAmonOE.exe
  2⤵
  PID:9524
- C:\Windows\System\IuQTUyW.exe
  C:\Windows\System\IuQTUyW.exe
  2⤵
  PID:9540
- C:\Windows\System\uvdteep.exe
  C:\Windows\System\uvdteep.exe
  2⤵
  PID:9560
- C:\Windows\System\swVRucC.exe
  C:\Windows\System\swVRucC.exe
  2⤵
  PID:9576
- C:\Windows\System\gMQVSNe.exe
  C:\Windows\System\gMQVSNe.exe
  2⤵
  PID:9704
- C:\Windows\System\DfnNplp.exe
  C:\Windows\System\DfnNplp.exe
  2⤵
  PID:9720
- C:\Windows\System\CqFLLvy.exe
  C:\Windows\System\CqFLLvy.exe
  2⤵
  PID:9736
- C:\Windows\System\bfcgucu.exe
  C:\Windows\System\bfcgucu.exe
  2⤵
  PID:9752
- C:\Windows\System\grUXyOk.exe
  C:\Windows\System\grUXyOk.exe
  2⤵
  PID:9768
- C:\Windows\System\SPLEOjw.exe
  C:\Windows\System\SPLEOjw.exe
  2⤵
  PID:9784
- C:\Windows\System\PfpZbwQ.exe
  C:\Windows\System\PfpZbwQ.exe
  2⤵
  PID:9800
- C:\Windows\System\cyydNtZ.exe
  C:\Windows\System\cyydNtZ.exe
  2⤵
  PID:9816
- C:\Windows\System\asylvQw.exe
  C:\Windows\System\asylvQw.exe
  2⤵
  PID:9832
- C:\Windows\System\tsILhGm.exe
  C:\Windows\System\tsILhGm.exe
  2⤵
  PID:10012
- C:\Windows\System\HjACWqD.exe
  C:\Windows\System\HjACWqD.exe
  2⤵
  PID:10036
- C:\Windows\System\QceWPhN.exe
  C:\Windows\System\QceWPhN.exe
  2⤵
  PID:10056
- C:\Windows\System\IVLKaiF.exe
  C:\Windows\System\IVLKaiF.exe
  2⤵
  PID:10076
- C:\Windows\System\qLFBdCI.exe
  C:\Windows\System\qLFBdCI.exe
  2⤵
  PID:10092
- C:\Windows\System\ZrmDEVV.exe
  C:\Windows\System\ZrmDEVV.exe
  2⤵
  PID:10108
- C:\Windows\System\JDZnoRk.exe
  C:\Windows\System\JDZnoRk.exe
  2⤵
  PID:10124
- C:\Windows\System\mZlPxwY.exe
  C:\Windows\System\mZlPxwY.exe
  2⤵
  PID:10140
- C:\Windows\System\tyTpIem.exe
  C:\Windows\System\tyTpIem.exe
  2⤵
  PID:10156
- C:\Windows\System\jxlyOQT.exe
  C:\Windows\System\jxlyOQT.exe
  2⤵
  PID:10172
- C:\Windows\System\njzXiBG.exe
  C:\Windows\System\njzXiBG.exe
  2⤵
  PID:10188
- C:\Windows\System\uuKVivJ.exe
  C:\Windows\System\uuKVivJ.exe
  2⤵
  PID:10204
- C:\Windows\System\zVhAtxQ.exe
  C:\Windows\System\zVhAtxQ.exe
  2⤵
  PID:10220
- C:\Windows\System\IfVsOsJ.exe
  C:\Windows\System\IfVsOsJ.exe
  2⤵
  PID:10236
- C:\Windows\System\duPZTmZ.exe
  C:\Windows\System\duPZTmZ.exe
  2⤵
  PID:8284
- C:\Windows\System\KMSIAMQ.exe
  C:\Windows\System\KMSIAMQ.exe
  2⤵
  PID:9224
- C:\Windows\System\UYseQuW.exe
  C:\Windows\System\UYseQuW.exe
  2⤵
  PID:9228
- C:\Windows\System\OYkQYTw.exe
  C:\Windows\System\OYkQYTw.exe
  2⤵
  PID:9276
- C:\Windows\System\sVAvGRe.exe
  C:\Windows\System\sVAvGRe.exe
  2⤵
  PID:9308
- C:\Windows\System\hZXVAML.exe
  C:\Windows\System\hZXVAML.exe
  2⤵
  PID:9340
- C:\Windows\System\eCeWMUi.exe
  C:\Windows\System\eCeWMUi.exe
  2⤵
  PID:9356
- C:\Windows\System\iICBUiK.exe
  C:\Windows\System\iICBUiK.exe
  2⤵
  PID:9420
- C:\Windows\System\CFedVSc.exe
  C:\Windows\System\CFedVSc.exe
  2⤵
  PID:9404
- C:\Windows\System\fygcvzk.exe
  C:\Windows\System\fygcvzk.exe
  2⤵
  PID:9484
- C:\Windows\System\dRKZFey.exe
  C:\Windows\System\dRKZFey.exe
  2⤵
  PID:9468
- C:\Windows\System\NqVZDtM.exe
  C:\Windows\System\NqVZDtM.exe
  2⤵
  PID:9500
- C:\Windows\System\eKJBikP.exe
  C:\Windows\System\eKJBikP.exe
  2⤵
  PID:9548
- C:\Windows\System\xWrTpSl.exe
  C:\Windows\System\xWrTpSl.exe
  2⤵
  PID:9584
- C:\Windows\System\ksBjfMm.exe
  C:\Windows\System\ksBjfMm.exe
  2⤵
  PID:9592
- C:\Windows\System\Lojaffi.exe
  C:\Windows\System\Lojaffi.exe
  2⤵
  PID:9616
- C:\Windows\System\kyKpDwx.exe
  C:\Windows\System\kyKpDwx.exe
  2⤵
  PID:9640
- C:\Windows\System\bjRmJsi.exe
  C:\Windows\System\bjRmJsi.exe
  2⤵
  PID:9656
- C:\Windows\System\KDwtkUL.exe
  C:\Windows\System\KDwtkUL.exe
  2⤵
  PID:9672
- C:\Windows\System\wrvEZWB.exe
  C:\Windows\System\wrvEZWB.exe
  2⤵
  PID:9684
- C:\Windows\System\LqGnVFp.exe
  C:\Windows\System\LqGnVFp.exe
  2⤵
  PID:9796
- C:\Windows\System\rKruvgy.exe
  C:\Windows\System\rKruvgy.exe
  2⤵
  PID:9744
- C:\Windows\System\VurYwbn.exe
  C:\Windows\System\VurYwbn.exe
  2⤵
  PID:9912
- C:\Windows\System\xCrUCGx.exe
  C:\Windows\System\xCrUCGx.exe
  2⤵
  PID:9936
- C:\Windows\System\SIbIDkj.exe
  C:\Windows\System\SIbIDkj.exe
  2⤵
  PID:9952
- C:\Windows\System\ibQPwKI.exe
  C:\Windows\System\ibQPwKI.exe
  2⤵
  PID:9964
- C:\Windows\System\lJADfag.exe
  C:\Windows\System\lJADfag.exe
  2⤵
  PID:9984
- C:\Windows\System\kZpmgzE.exe
  C:\Windows\System\kZpmgzE.exe
  2⤵
  PID:9996
- C:\Windows\System\VreMeHU.exe
  C:\Windows\System\VreMeHU.exe
  2⤵
  PID:10028
- C:\Windows\System\jlCLruV.exe
  C:\Windows\System\jlCLruV.exe
  2⤵
  PID:10072
- C:\Windows\System\wUMfrIu.exe
  C:\Windows\System\wUMfrIu.exe
  2⤵
  PID:10168
- C:\Windows\System\JjnUsTC.exe
  C:\Windows\System\JjnUsTC.exe
  2⤵
  PID:10232
- C:\Windows\System\ZcZFCYd.exe
  C:\Windows\System\ZcZFCYd.exe
  2⤵
  PID:9264
- C:\Windows\System\nQYIYeZ.exe
  C:\Windows\System\nQYIYeZ.exe
  2⤵
  PID:10180
- C:\Windows\System\CKNMGgT.exe
  C:\Windows\System\CKNMGgT.exe
  2⤵
  PID:9516
- C:\Windows\System\HVgBQZL.exe
  C:\Windows\System\HVgBQZL.exe
  2⤵
  PID:8428
- C:\Windows\System\grmgTav.exe
  C:\Windows\System\grmgTav.exe
  2⤵
  PID:9612
- C:\Windows\System\HUaXrIi.exe
  C:\Windows\System\HUaXrIi.exe
  2⤵
  PID:9376
- C:\Windows\System\TfvNZwb.exe
  C:\Windows\System\TfvNZwb.exe
  2⤵
  PID:9924
- C:\Windows\System\OJHRZme.exe
  C:\Windows\System\OJHRZme.exe
  2⤵
  PID:10228
- C:\Windows\System\TPelRmY.exe
  C:\Windows\System\TPelRmY.exe
  2⤵
  PID:8300
- C:\Windows\System\cTNhjkS.exe
  C:\Windows\System\cTNhjkS.exe
  2⤵
  PID:9260
- C:\Windows\System\qaIgfzY.exe
  C:\Windows\System\qaIgfzY.exe
  2⤵
  PID:9168
- C:\Windows\System\APZQVNM.exe
  C:\Windows\System\APZQVNM.exe
  2⤵
  PID:10212
- C:\Windows\System\rjHknnI.exe
  C:\Windows\System\rjHknnI.exe
  2⤵
  PID:9632
- C:\Windows\System\LGGvnfs.exe
  C:\Windows\System\LGGvnfs.exe
  2⤵
  PID:9532
- C:\Windows\System\DgxJUgE.exe
  C:\Windows\System\DgxJUgE.exe
  2⤵
  PID:9648
- C:\Windows\System\kZjHXob.exe
  C:\Windows\System\kZjHXob.exe
  2⤵
  PID:9628
- C:\Windows\System\YQXuHdH.exe
  C:\Windows\System\YQXuHdH.exe
  2⤵
  PID:9664
- C:\Windows\System\kYhErTk.exe
  C:\Windows\System\kYhErTk.exe
  2⤵
  PID:9780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AzDbeqt.exe

Filesize
6.0MB

MD5
f84c30c6e5623e05e8e8b57b0c69fc9d

SHA1
cd4a35b0757a870704cd46823893850ccd3b8aed

SHA256
ee3ce3f326e66862ad2c241114964d91a9c4be686930f489d40621de4768b627

SHA512
99ffe533b32b0c7205353a94982660e6ea6ec6a991853088cd1500b5d38acc4cdd3f3c35f2f79b31eedcbb8d0476ca3c4c9b0496446a1cf798799fafd6b03113

Download Submit
C:\Windows\system\BWRgSlU.exe

Filesize
6.0MB

MD5
31bdd1c4427d018fe51087d42f8723c1

SHA1
e290d2284fee091a1dd45f8c462b7b7f9b7ac3c3

SHA256
42a459e2cbf964e98d321e415bc4b0d68c68b639a1b7419cc5b025ee4bb53708

SHA512
78564dcbafb25bdaff7ae61d97071cf09faca87280e3542cabd563ed305daa438003907afd34517eb4292031c1ebe60d771e155359d6a9fb965d3bcee58975b8

Download Submit
C:\Windows\system\CAVUzKE.exe

Filesize
6.0MB

MD5
33002d54c2d2252283bea0166ca9664c

SHA1
5a5b31dc1204d9a738d7864dfec6778322e74710

SHA256
51e8308c223f632eacb9a6802452fdb44bdf57aac6aca6455b2d3376fb745e88

SHA512
b3bd521d2ab9656cca8a54f4b52d543fadf296de241e333474e149d185cd6b9966cecf6732577c309246f5f1e09af181eac0b9bf302c205c07c09ee67e6fca3f

Download Submit
C:\Windows\system\CqmJJQV.exe

Filesize
6.0MB

MD5
886fb0af8d6055c54aa9f90a6a7072c9

SHA1
e6a17411933042e71863357887a1e999778fe1da

SHA256
1d912b17d02f9d648bef18dd69fe9d06b2b73936f414552d8b1ef67fae389fb4

SHA512
e8b3468e15d55402ff977c41e5d5be3760eee8ade73ebdc14641fe451c51e354dc6b0716f58b30986eb4fda366ec0c5bf6d9ff8d6012fe08f943e448af771955

Download Submit
C:\Windows\system\FfdICCL.exe

Filesize
6.0MB

MD5
46dc92db6cf5f5d95b30e4161c289dbc

SHA1
a392ec1f1d38602bc1763f5d408b7d065c604760

SHA256
29a96bc05271d28ea0da3006093308c7f054b4f5bebeee6ffd58f20a23b6e25b

SHA512
e3a17975d2da316bdfbdbef623674640ca837e435481f313be92198a8a27c9c970435bfa3f949474cf5e523e302f193ed14ce9ca5af1fdf41f7bd96aa0d35a53

Download Submit
C:\Windows\system\GObWyVW.exe

Filesize
6.0MB

MD5
06d5a14314aea39107c2f0ce41c64c91

SHA1
7d67523c3f3c11e837db285c3b6a6e4ebfa54815

SHA256
0db59bda03e52f1c3ef56cc9be0acc3e45a967ce7d455079042d2090286bb7c0

SHA512
fde6756631bf5c883e9b2a81899b491890c4d91c118c537a57bd788a1e3acc5bf17b17225f58445d28b7dc67af1d5a3e99ad89b10c73ec4cce6fe073580c8a4b

Download Submit
C:\Windows\system\IRLxspm.exe

Filesize
6.0MB

MD5
a17cba18d6c426f881bd5c1403c170a6

SHA1
526901ba2764b4620908be446ae85f2b4c34102b

SHA256
7818d6d614b5e745e15530b3191a1320891fe77e6b97f98c8448da431232840e

SHA512
a3336425f38c9a6d00e222aadbfcc39ba1ff8c41bf7212fc16990674a461c4e80678f3c7cd9536c9fb1ba457868092e0e5329892c15da0d574a67ce8b9e46730

Download Submit
C:\Windows\system\InYBopw.exe

Filesize
6.0MB

MD5
ffab073d9a517c2cb28004bbfba08074

SHA1
55e125bbb74dd7915b7147d23ecfeb5ab0abef21

SHA256
f058cbacad306f09fdd16d596a990b61a78f9e4f1bcd83779792b1732e13756d

SHA512
b2c6b8398143c1d94ffe17b460ae81c3ab05c75953169e3840640180928ec7f0bed3e4ad3dbc8ddc68105d64b4a3b55e53c06b0e95d2f7be9dd079f5b01a6979

Download Submit
C:\Windows\system\KBAISkZ.exe

Filesize
6.0MB

MD5
ec5b84b0289be00ff9ca5a8624dc0b8e

SHA1
d3899f97874b0d52020f171f33c9fb5347829c12

SHA256
ce39a8c2bf8bebb309586789bbecb8caf009514bb47645d3d62a0595aa0004b8

SHA512
1f6e06052ad825f25174d45ff473a0ac37273a0af3bf91b744ec6f7c1171daca6338504e629a2cd8a6978dc3f82bb0dab922894f7925e9ff1920112627a507e4

Download Submit
C:\Windows\system\KuTwNNs.exe

Filesize
6.0MB

MD5
e4d97379f63da62e794c27a67dede930

SHA1
e279924bd0e23e57c5f68c8e1d2910d0f8d62225

SHA256
9be84712af2ff6080847be9b327328416c911c04a349b9f22cae7b7b8ab264a9

SHA512
5b3d24d43481c6941ffecb62da644cdf51fd9fcc9d66b23bade14e91858f1d8b8fb147a47e110bbb9aed6cadb92316a88cc56b29f604a094ba489c43bcea61d5

Download Submit
C:\Windows\system\LujkGnl.exe

Filesize
6.0MB

MD5
107edb41c38dcedceb7722718af416a4

SHA1
376a08db17456868b7da25a57f2f6b9b67b28fc0

SHA256
81528ecb1580925f2c2a7b7105b1154a1b1f484df89fa521cb5ac07a4e0dc45d

SHA512
06e2903d15b11c8ee1bb09aa25eb698ac5186dd7a34798fdad6ec9aa1affe2689955be54dc9d24e5af7fa6a24342c020fd9bb82b8cc1f1d81cf8dca584c39622

Download Submit
C:\Windows\system\OIsxDeP.exe

Filesize
6.0MB

MD5
d41376741fac469608b53d89c0762b65

SHA1
ec19a5e14a45fca0916dd3574e5cc06d7d8242c6

SHA256
01202d6948d8d5c48c52d795a82db96cc50ebd6b6475f07c258182d780b89f4a

SHA512
0b46b0b7f1a4ba2e1458bf8de4b9f5116a74d3ff78e0a016345859f140f31d8c7605a2e74048939f09c1469c9e89836a09a565bb090c710e00d30f1819645a5a

Download Submit
C:\Windows\system\PpCezJc.exe

Filesize
6.0MB

MD5
729bfde241fcba52cb50a9506ee222b3

SHA1
11baa97c5b43c66321b611490e85c840c0b2a152

SHA256
8202f6fbd00d4663460fecb5fd9c190425cdf3e36de905df66def8c53af8b09e

SHA512
946020457ecd209878092bf79bad1f0575826520121fde3e445291fec432e30d437c5ade5a1df2169a0d8edafcd758992868b6dfe83031861af73b35957ee902

Download Submit
C:\Windows\system\RmXQkDM.exe

Filesize
6.0MB

MD5
5e5ee4d3b3e62c9b07aec2a497f913c0

SHA1
3a57bd969080c7ce2a7854eb9e126a8a37c20874

SHA256
118a5a7dd2493cb8cff41b182ea130e5a6b44a6e3d1eec5c900bedfadf24c1e5

SHA512
410294c6f2ff49e6b0081aa3804d88eb81bb10b3555ed874076f31914692bbd125dd69730adf80f5bc6e76aca0c564dcb2ed3523991f4cde7b360d1efdce9172

Download Submit
C:\Windows\system\SWRpDEP.exe

Filesize
6.0MB

MD5
ab986c8f1b2619a346e910d4dad5ed74

SHA1
d674221041b883889ecedefb23fcab5198d597b2

SHA256
85cb6fae1459f7127e6fdad193859f0ff02da96af077a67bdcedbb3e373add45

SHA512
d5c6c403c58feb91d3b904ca1d83628a4ef6840ec44097810b7e2412fc95d348ea9c64dd7d4f795a8a3fcf11a369ce1503c6663a28d42247f14755a0c5e0bc90

Download Submit
C:\Windows\system\WMXEikz.exe

Filesize
6.0MB

MD5
806bf42087225992f28f704f65011890

SHA1
cbc222b24ff3729ed50d89aea71c5bed0fdfaaa5

SHA256
e5097aefb4d1c1f0c98c9abcaaa4686931fcc04adcf5b15a7aab32521376841d

SHA512
1cfd73a567bfe896e3c033281ba3456782fb2ac7660cb7e1212296926b470a807b70f3df4b82a0dab5963767fe9f594a8561a70b145cd4f2a1dca504b7b86252

Download Submit
C:\Windows\system\bxEOHcg.exe

Filesize
6.0MB

MD5
fc621df397e4c82f26b59c7053feba7a

SHA1
71eb83ae88b19d1bd5c3af062004b45a999b1bbf

SHA256
856af897103c22a489488128028b44949d3a74291f42bebb16a1b2f01fadb4af

SHA512
84aee954314d2caf3818ba7d691fd436febb7768b0fb079a7b2768028dd03027643c9ea5854465804adf565acd42dd1f158092c0a1abd1cd5b6fe6e149164ed7

Download Submit
C:\Windows\system\cbOZSyD.exe

Filesize
6.0MB

MD5
dba11c38033139b8f915872c03b4c6f4

SHA1
73e8700bddaca1221e618ea09899a116958f9961

SHA256
6e6aa4fe453d061eb299da0bb05658650aca463f69a7c2a21410d47cf052041d

SHA512
f1a27096be8a24d1bfeca4ca3b7c8b5b6ddb16c19456315e8509539d72dac0f344056ba2520f71d00edf6e322ca3b3f0050a059fb940b143ed9e581c2b839593

Download Submit
C:\Windows\system\claUZTj.exe

Filesize
6.0MB

MD5
9c843646f394b30450c5ed307c3a721d

SHA1
ad01c9146f8ede084a351883e8f73123baf27def

SHA256
fcf6f629312e59d0baf454b43a82b6d77e0de2cc70bc36afb34674c230cf5f09

SHA512
5469aa0812511ba69794edf1f35ccbad154e34bb0eb53d08eebd9bb6cc6a186024949b45c351248a230a2010423c80cbbb98213876bd60bd7a836744134d8b29

Download Submit
C:\Windows\system\dWMASmo.exe

Filesize
6.0MB

MD5
c727ff07a8d8043cd60786f47dbf3860

SHA1
d24954ac863ea9056ef5c3af6f3ee4cb81328aa1

SHA256
28a8023e4387a28212885dc195e872df09a3d21afc74482912538d8a50286778

SHA512
6326ff8756b20fdac455967a6ad7230ab247a97c0a69c1947a9e06eb2de06dab5c51008f8717ef82225b236571a4900ce2fd3cd920288688be8a2dbd075b14ae

Download Submit
C:\Windows\system\gQOTnqe.exe

Filesize
6.0MB

MD5
5cd0ddaf75fc6c35df38c39bdd2f9dbf

SHA1
5b427ef2458ef1acfca5cfd1f4cd39f44b0998c4

SHA256
d13d73ed2e554aa3df5dee25c94e508dbca170787dd5b1a97ea37c24701d9c31

SHA512
a914faf72791f6305aaadc8f762eb893692a34a0e75f4281729919629620f8239546433549c99299e7ce1d79e69c78eb160dd89b5aeacead9d53b1ce9909035d

Download Submit
C:\Windows\system\oECCNbR.exe

Filesize
6.0MB

MD5
62b59b140d2ac3d23ead2e863d06c070

SHA1
3621d86d9f96d89d08e1cab61ad9b49358341818

SHA256
872232395682d114c72e1c154be0f8e5aa03c168e0323c66d92361ab1e56d74e

SHA512
85de6ef8ba4ca04614f49cc66f9fd481ce8854af104a3c340ee3720057d724cbf4992f2cd938489e81c1effadb3f9f2868f18741c172c9d43b85a027d073266c

Download Submit
C:\Windows\system\tPznvMV.exe

Filesize
6.0MB

MD5
bd6eae2f450c606d795e0569af20d306

SHA1
dacbb428b0bf30d79ee9930d7475dfebc3d3c662

SHA256
e9b02c738072ad6907e9d4c45dae35f623720ae1048cd3d2fcdd0ee009f57fc9

SHA512
041a7f059b9d42d47f12730d40f18750baf2c758fc1353d5028ae514a5ba825bb3ec26a6530ac9d3f8ef83df8da24a034cbee0f3f8f021ca5df43b3616358dec

Download Submit
C:\Windows\system\uXBuuva.exe

Filesize
6.0MB

MD5
f29c08472edab7657c61ea05cf2d75c1

SHA1
6569b0c4d799b78fa9304c792d0cfe52b839058f

SHA256
1765fb0a27efd8863720c8cd2690a640c400a5f10dc54e10a61dcce0df46236d

SHA512
2baf4db834eb749a93ecc21d23611bb035f9966d606c88e75c3c2e6ece95e95ea8d4195b74335a0ff837a9f94d72587c6c0f0176f8177fbc55c65cacf0acf126

Download Submit
C:\Windows\system\vTMrVHQ.exe

Filesize
6.0MB

MD5
8a048c47629d22a0f74768b4db902479

SHA1
96bcf86b5b96e8b8817deb6d2094627a0634f5d1

SHA256
f449b4b2e0ba1f110801d0f0e0022da11e25c18855d7e381e5e0dfe6ac7b9834

SHA512
b23447b2ed99a4e320decd69525f79df3f70e21ec1171938e67e4e1c1d0519378069e1d284347b250e2d86a4e634a5996e1abe943c701fad28adb8f5aaf37f79

Download Submit
C:\Windows\system\vwDOvbm.exe

Filesize
6.0MB

MD5
7e2c2b49d18cb9f9b2e58b661f8be9b1

SHA1
37c157ae3a79f5c415e63c7951cf777bf28f9863

SHA256
089bbe44df4763e0036baf1c2014c23760f8d21f940d0de00829c0e6bd009a53

SHA512
d71ebf6d7ce3dd03066ed5062d0cc76adfacad4196f706fbbbfb63e4261ab40809ac76ebebdb81393ab73c36a48886cfea564624a3a74c88137783cf14737a2e

Download Submit
C:\Windows\system\wRJMXbJ.exe

Filesize
6.0MB

MD5
b2de65ed6432c5a1901647999e00b185

SHA1
2fdcfb0b86e9c6d61fb2fca4f2d96589c95d5f35

SHA256
b88d02543f6c3e7509ecef5aafe543f2691a9c5f159e3606c7c68c7209ddd8fa

SHA512
a737a1a1620732aa37d3ac44730e08b5f35c860caa46ec83ec1e0a04fa6e15ff438cfb4fbc5a49f8ca24c177c7ee0be14c6d5d90afd5207c84a800f5440aa1b5

Download Submit
C:\Windows\system\yfkkZZY.exe

Filesize
6.0MB

MD5
17235d77dab657da374b65c1674af894

SHA1
11a417188e1b990730aa1be291f2f15fc28cdb6d

SHA256
696cbadc186b8fa7fd2d2b10b2cf2d9df7e7c1a569c52e120b57924a5f97c237

SHA512
6ea414cbe1b822bb333b8e8d1dc73e29270272194865a69625142c44ecf05d40f2b80423ca61bd899e77978ab346916ea17dc0c82b9e328309d26586873e6eed

Download Submit
C:\Windows\system\zdlageQ.exe

Filesize
6.0MB

MD5
86ba86938fc80e012800a6c3ba540274

SHA1
55fc09ace869b80256ec803bf6494815e813b1a9

SHA256
9aa72f820c146b9157b8ed8ca0272ed66e0aa03b1ae226a58cc82abce57d9a19

SHA512
f287bcf462799e54188f383946ca4a0bb8ca1744bea9a6f34d9b0d8f601f44679cf447ed4bbe9726030a2bfc6b8d96b560f7a30ea1a1fc61c5a9651ba67ec3d2

Download Submit
\Windows\system\ELKDofq.exe

Filesize
6.0MB

MD5
32fb0afd6684dd3c5f4fc8db4054e44d

SHA1
54656894dee9fb90696ee36f1c011af3aefc9d85

SHA256
fd1c22d77eb1e0a94a659a34b4a2dfa543f516d086d2fc77fd7c07ead8d479e4

SHA512
c46a32d94eec9f2ba5082f1d29ff9543b021c31fbaa9f1979b752275634b3f0e256ede525518ee526afece8f6881b9dc6c97cd158b01e628db210a57db565246

Download Submit
\Windows\system\TQFzYeh.exe

Filesize
6.0MB

MD5
c6dc92f314fbffe6b93badb6d551e350

SHA1
ccf51e0f0267a1645b4c8d740c1a5f83ce15e2f0

SHA256
f20dd418ad51cef0a3900862b01525fb3967902cff95dae9fd85d00088bfe56c

SHA512
2e149e1176cafaca6153447df0d9a1e2cd2680bf2045ebd3ebd5b9b2a3300fd617ddfb8286aa34c52b2f4fca93bcdca5455a5f8c7f529fabbbde2cf784e0aa41

Download Submit
\Windows\system\dvGAihM.exe

Filesize
6.0MB

MD5
7fd8e5e3c35d168ac7b6de4598a21536

SHA1
be1b53b8073cc4fd697b3cfc3f5364031c5bca0e

SHA256
15cb98ed16866ccfd8f3f242b06e60da5ede883a6002a9f3cdc419fc8b3918b6

SHA512
463c6ae18c5765735f1c401dbe7ab3601b6add6477fbff0916cd1ddbf2d2f38dbd63f8cee7b32039ede4f99dfe2b444fb643ae7b198c0ea6350963c2227b0c42

Download Submit
\Windows\system\fwdCnun.exe

Filesize
6.0MB

MD5
6af4430d2cfc6e144301adceb237e918

SHA1
8b8e2a1682b776483b76f41cebc77a1c11358c62

SHA256
0e9ef6c2eb71d5947cac396e390485d58a18d5ef49b18f91209d5a77efe4e319

SHA512
863bcd54e5a0175e0fc55c3b58be8eac3765fc6c181991b067e7d36ca71becfb25fcbdca7ca38a121a2a14cefc793db26f4920e3290a6ec167bcc93abcf5edcd

Download Submit
\Windows\system\iSMbfkf.exe

Filesize
6.0MB

MD5
310497d66e1094e76a3ac7712fdef97e

SHA1
1bdf93fa3d384226d2a20751b1efe43d714d71a5

SHA256
09ab25b9c1d84cd37aad2e302c071835dd2f17e7089131bc86eca0b10babb94a

SHA512
ab8086ce738f1571714fc204aaf271da33616949671c2a34c4186e4d1ce3523d6decc7ee692ad771f69e29cfe733887e0ac0366cb746551b0fb41359421a2b68

Download Submit
\Windows\system\kffIkvb.exe

Filesize
6.0MB

MD5
9ccd29b6ed88c1040d10c03b5f6e793a

SHA1
05d9512069a1d4591ea02c0d357a91e55272b809

SHA256
2c6e43732f3f71b3b00ba1bf1f2e97c9aeceed134b5ed2fd4e59271336945cc0

SHA512
1683e7d53ea9b3ce67a1ddc1cf049516f352db84411fa0f3e3b8e8f025ac451d96631dac6c193b75dbc3b301914efa759b3d2154dbec21f39de3c6ab358f5116

Download Submit
memory/840-90-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/840-3866-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1020-3869-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/1020-77-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2052-3873-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2052-98-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2108-3870-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-39-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-1329-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-3874-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2280-99-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2548-110-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2548-3872-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3862-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2576-107-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3867-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2596-66-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2700-3865-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2700-13-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2756-0-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-109-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2756-94-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2756-111-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2756-631-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-75-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2756-73-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1456-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2756-19-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2756-1318-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2756-97-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2756-52-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2756-8-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2756-108-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2756-103-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-20-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-31-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2756-104-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2756-105-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2756-106-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3864-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-46-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1336-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-23-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3871-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-1301-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-3863-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/3024-18-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/3024-634-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download