cobaltstrike | 4ce1665030b98ac8482aa1aaa84c41ca4dc9b528124bc28d1f61e664bf3d54bd

Analysis

max time kernel
153s
max time network
130s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
28-01-2025 18:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

69cd8dcc437421a5c573cfd457915aa1
SHA1

9cba554db624472c3a2e5992f7a9c07719dc1145
SHA256

4ce1665030b98ac8482aa1aaa84c41ca4dc9b528124bc28d1f61e664bf3d54bd
SHA512

e5ffadde5202d01b1205601c3fdde01b450eac8fc4b00ea24c65532224aeae927958cbab2300459ae0d7da9e3626992cfdeb72137bfa4a8b5bfccadf4f14652c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUY:T+q56utgpPF8u/7Y

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012262-3.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000015e9a-9.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000162e9-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016458-22.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001658d-29.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001660b-40.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000167e3-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d2c-52.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-59.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019326-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019394-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019470-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019489-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948c-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-195.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-199.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-189.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-185.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-163.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019480-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c7-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b8-99.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a0-92.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-76.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2852-0-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x000c000000012262-3.dat	xmrig
behavioral1/memory/3068-8-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x0014000000015e9a-9.dat	xmrig
behavioral1/memory/3064-14-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/files/0x00080000000162e9-11.dat	xmrig
behavioral1/memory/1736-21-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x0007000000016458-22.dat	xmrig
behavioral1/memory/2852-27-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2636-28-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x000700000001658d-29.dat	xmrig
behavioral1/memory/2708-36-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/3068-35-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x000900000001660b-40.dat	xmrig
behavioral1/memory/2828-41-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x00090000000167e3-45.dat	xmrig
behavioral1/memory/1072-50-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/3064-49-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d2c-52.dat	xmrig
behavioral1/memory/1988-57-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-59.dat	xmrig
behavioral1/memory/1920-63-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019326-65.dat	xmrig
behavioral1/memory/2708-69-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2196-70-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/1728-78-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x0005000000019394-81.dat	xmrig
behavioral1/memory/1072-84-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/3000-85-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/1260-101-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/files/0x0005000000019470-113.dat	xmrig
behavioral1/files/0x0005000000019489-123.dat	xmrig
behavioral1/memory/2196-126-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/files/0x0005000000019490-134.dat	xmrig
behavioral1/files/0x00050000000194eb-145.dat	xmrig
behavioral1/memory/1728-148-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a3-140.dat	xmrig
behavioral1/files/0x000500000001948c-129.dat	xmrig
behavioral1/memory/3000-149-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001950f-158.dat	xmrig
behavioral1/files/0x0005000000019547-168.dat	xmrig
behavioral1/memory/3064-577-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/1736-578-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2636-579-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/1260-243-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ad-195.dat	xmrig
behavioral1/files/0x00050000000195af-199.dat	xmrig
behavioral1/files/0x00050000000195ab-189.dat	xmrig
behavioral1/files/0x00050000000195a9-185.dat	xmrig
behavioral1/files/0x00050000000195a7-179.dat	xmrig
behavioral1/memory/1572-176-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001957c-173.dat	xmrig
behavioral1/files/0x0005000000019515-163.dat	xmrig
behavioral1/files/0x00050000000194ef-152.dat	xmrig
behavioral1/files/0x0005000000019480-118.dat	xmrig
behavioral1/files/0x00050000000193c7-108.dat	xmrig
behavioral1/memory/1920-100-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193b8-99.dat	xmrig
behavioral1/memory/1572-94-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/1988-93-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a0-92.dat	xmrig
behavioral1/memory/2828-77-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x000500000001932a-76.dat	xmrig
behavioral1/memory/2708-582-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3068	vvRFBGO.exe
3064	veRcSPO.exe
1736	rBoTQBc.exe
2636	UaweKek.exe
2708	mJxZlCo.exe
2828	qQPdVxr.exe
1072	MSFnUCt.exe
1988	misTXze.exe
1920	aeRjUMt.exe
2196	FZiXhxu.exe
1728	pEClkSR.exe
3000	SZxotGw.exe
1572	JaycknJ.exe
1260	BUXopnR.exe
2956	MqTrWsD.exe
2976	SCZwOyt.exe
1916	OOweNVs.exe
1088	jQPJkoP.exe
2268	OqzpMWK.exe
1904	VagMAhT.exe
2160	AmdFLqF.exe
2168	fFChwyi.exe
2068	CSSUudG.exe
2484	RxEXnKi.exe
1700	YhXCjsk.exe
1360	rgSEOVA.exe
872	OThVRub.exe
736	PZUBugT.exe
580	udGcYHS.exe
2028	aptIMhl.exe
1340	NAqmoVU.exe
3060	MDMijPG.exe
2556	YBQBNlS.exe
3004	DSBRCsL.exe
640	HJFzSUu.exe
324	PTkiBrp.exe
564	DSDrhgk.exe
2548	BuBWGVz.exe
828	NMCStwI.exe
2228	WrxnMej.exe
1488	MzQLYvx.exe
1968	EBWyCpy.exe
2280	NJXvoqx.exe
1808	tiDkVcR.exe
1144	thXnhKZ.exe
868	QdpXylV.exe
1816	DFyExsQ.exe
2304	IgSveay.exe
992	JxVAxEM.exe
1596	HnXkPOk.exe
2784	yxBjvji.exe
2764	ecfyYlt.exe
2896	xUvOabQ.exe
2684	PrroJoN.exe
1712	kYKzEMU.exe
2588	OEMYjmc.exe
2700	GbjkuHn.exe
1616	OvIdJTP.exe
2176	tbjZQcf.exe
2080	zsbHYpF.exe
3012	jDmtZYH.exe
592	GONDZbV.exe
2936	xQcITfx.exe
2404	iyRfOiD.exe

Loads dropped DLL 64 IoCs

pid	Process
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2852-0-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x000c000000012262-3.dat	upx
behavioral1/memory/3068-8-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x0014000000015e9a-9.dat	upx
behavioral1/memory/3064-14-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/files/0x00080000000162e9-11.dat	upx
behavioral1/memory/1736-21-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x0007000000016458-22.dat	upx
behavioral1/memory/2852-27-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2636-28-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x000700000001658d-29.dat	upx
behavioral1/memory/2708-36-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/3068-35-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x000900000001660b-40.dat	upx
behavioral1/memory/2828-41-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x00090000000167e3-45.dat	upx
behavioral1/memory/1072-50-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/3064-49-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/files/0x0007000000016d2c-52.dat	upx
behavioral1/memory/1988-57-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x0002000000018334-59.dat	upx
behavioral1/memory/1920-63-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x0005000000019326-65.dat	upx
behavioral1/memory/2708-69-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2196-70-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/1728-78-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x0005000000019394-81.dat	upx
behavioral1/memory/1072-84-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/3000-85-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/1260-101-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x0005000000019470-113.dat	upx
behavioral1/files/0x0005000000019489-123.dat	upx
behavioral1/memory/2196-126-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/files/0x0005000000019490-134.dat	upx
behavioral1/files/0x00050000000194eb-145.dat	upx
behavioral1/memory/1728-148-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x00050000000194a3-140.dat	upx
behavioral1/files/0x000500000001948c-129.dat	upx
behavioral1/memory/3000-149-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/files/0x000500000001950f-158.dat	upx
behavioral1/files/0x0005000000019547-168.dat	upx
behavioral1/memory/3064-577-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/1736-578-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2636-579-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/1260-243-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x00050000000195ad-195.dat	upx
behavioral1/files/0x00050000000195af-199.dat	upx
behavioral1/files/0x00050000000195ab-189.dat	upx
behavioral1/files/0x00050000000195a9-185.dat	upx
behavioral1/files/0x00050000000195a7-179.dat	upx
behavioral1/memory/1572-176-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x000500000001957c-173.dat	upx
behavioral1/files/0x0005000000019515-163.dat	upx
behavioral1/files/0x00050000000194ef-152.dat	upx
behavioral1/files/0x0005000000019480-118.dat	upx
behavioral1/files/0x00050000000193c7-108.dat	upx
behavioral1/memory/1920-100-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x00050000000193b8-99.dat	upx
behavioral1/memory/1572-94-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/1988-93-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x00050000000193a0-92.dat	upx
behavioral1/memory/2828-77-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x000500000001932a-76.dat	upx
behavioral1/memory/2708-582-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\udUIcmK.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wNWawmI.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BLUhcRP.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vPwCOUF.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MVnMZSZ.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nyxgykY.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qlXUyzB.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ySXavXk.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdtMLbe.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HjxKHpM.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HivYxFa.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RdvvNyf.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jFujTTM.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMohZUd.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UZMJJli.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbjxrGX.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dtOEhzN.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MWqwUjx.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyJcsOK.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UmxzHMy.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TWlvare.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oLGNirJ.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyWntEQ.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FGpCVug.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RIzwrvo.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vOIZgqk.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OumVbiS.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BITQWPf.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzpgfGc.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IHeGYKw.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BfIVdIQ.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dCLaGcD.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uTTfGlw.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PjLzHAN.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eXENVBF.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNJOdhq.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pqWEiEu.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sTYeBFT.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBhUZXk.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WHyzhiB.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NcarOTp.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yMXVObu.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dytbbGo.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YWVyWFt.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KVxqnzh.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GKCQmcG.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\flJRWRy.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IPaJkVh.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fELflhE.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzRrJQw.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nOOJilR.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMPqkBm.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jkucOML.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BUXopnR.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGYEDOT.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mByCuOm.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gidHVCm.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XLmzxXw.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jItQqJs.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eOQhuQZ.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EmyYAwv.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MSFnUCt.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RlwolDJ.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\puoXOVz.exe	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 3068	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2852 wrote to memory of 3068	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2852 wrote to memory of 3068	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2852 wrote to memory of 3064	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2852 wrote to memory of 3064	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2852 wrote to memory of 3064	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2852 wrote to memory of 1736	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2852 wrote to memory of 1736	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2852 wrote to memory of 1736	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2852 wrote to memory of 2636	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2852 wrote to memory of 2636	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2852 wrote to memory of 2636	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2852 wrote to memory of 2708	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2852 wrote to memory of 2708	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2852 wrote to memory of 2708	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2852 wrote to memory of 2828	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2852 wrote to memory of 2828	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2852 wrote to memory of 2828	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2852 wrote to memory of 1072	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2852 wrote to memory of 1072	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2852 wrote to memory of 1072	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2852 wrote to memory of 1988	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2852 wrote to memory of 1988	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2852 wrote to memory of 1988	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2852 wrote to memory of 1920	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2852 wrote to memory of 1920	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2852 wrote to memory of 1920	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2852 wrote to memory of 2196	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2852 wrote to memory of 2196	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2852 wrote to memory of 2196	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2852 wrote to memory of 1728	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2852 wrote to memory of 1728	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2852 wrote to memory of 1728	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2852 wrote to memory of 3000	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2852 wrote to memory of 3000	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2852 wrote to memory of 3000	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2852 wrote to memory of 1572	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2852 wrote to memory of 1572	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2852 wrote to memory of 1572	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2852 wrote to memory of 1260	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2852 wrote to memory of 1260	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2852 wrote to memory of 1260	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2852 wrote to memory of 2956	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2852 wrote to memory of 2956	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2852 wrote to memory of 2956	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2852 wrote to memory of 2976	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2852 wrote to memory of 2976	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2852 wrote to memory of 2976	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2852 wrote to memory of 1916	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2852 wrote to memory of 1916	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2852 wrote to memory of 1916	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2852 wrote to memory of 1088	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2852 wrote to memory of 1088	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2852 wrote to memory of 1088	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2852 wrote to memory of 2268	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2852 wrote to memory of 2268	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2852 wrote to memory of 2268	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2852 wrote to memory of 1904	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2852 wrote to memory of 1904	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2852 wrote to memory of 1904	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2852 wrote to memory of 2160	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2852 wrote to memory of 2160	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2852 wrote to memory of 2160	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2852 wrote to memory of 2168	2852	2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-28_69cd8dcc437421a5c573cfd457915aa1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Windows\System\vvRFBGO.exe
  C:\Windows\System\vvRFBGO.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\veRcSPO.exe
  C:\Windows\System\veRcSPO.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\rBoTQBc.exe
  C:\Windows\System\rBoTQBc.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\UaweKek.exe
  C:\Windows\System\UaweKek.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\mJxZlCo.exe
  C:\Windows\System\mJxZlCo.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\qQPdVxr.exe
  C:\Windows\System\qQPdVxr.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\MSFnUCt.exe
  C:\Windows\System\MSFnUCt.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\misTXze.exe
  C:\Windows\System\misTXze.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\aeRjUMt.exe
  C:\Windows\System\aeRjUMt.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\FZiXhxu.exe
  C:\Windows\System\FZiXhxu.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\pEClkSR.exe
  C:\Windows\System\pEClkSR.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\SZxotGw.exe
  C:\Windows\System\SZxotGw.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\JaycknJ.exe
  C:\Windows\System\JaycknJ.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\BUXopnR.exe
  C:\Windows\System\BUXopnR.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\MqTrWsD.exe
  C:\Windows\System\MqTrWsD.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\SCZwOyt.exe
  C:\Windows\System\SCZwOyt.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\OOweNVs.exe
  C:\Windows\System\OOweNVs.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\jQPJkoP.exe
  C:\Windows\System\jQPJkoP.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\OqzpMWK.exe
  C:\Windows\System\OqzpMWK.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\VagMAhT.exe
  C:\Windows\System\VagMAhT.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\AmdFLqF.exe
  C:\Windows\System\AmdFLqF.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\fFChwyi.exe
  C:\Windows\System\fFChwyi.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\CSSUudG.exe
  C:\Windows\System\CSSUudG.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\RxEXnKi.exe
  C:\Windows\System\RxEXnKi.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\YhXCjsk.exe
  C:\Windows\System\YhXCjsk.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\rgSEOVA.exe
  C:\Windows\System\rgSEOVA.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\OThVRub.exe
  C:\Windows\System\OThVRub.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\PZUBugT.exe
  C:\Windows\System\PZUBugT.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\udGcYHS.exe
  C:\Windows\System\udGcYHS.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\aptIMhl.exe
  C:\Windows\System\aptIMhl.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\NAqmoVU.exe
  C:\Windows\System\NAqmoVU.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\MDMijPG.exe
  C:\Windows\System\MDMijPG.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\YBQBNlS.exe
  C:\Windows\System\YBQBNlS.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\DSBRCsL.exe
  C:\Windows\System\DSBRCsL.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\HJFzSUu.exe
  C:\Windows\System\HJFzSUu.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\PTkiBrp.exe
  C:\Windows\System\PTkiBrp.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\DSDrhgk.exe
  C:\Windows\System\DSDrhgk.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\BuBWGVz.exe
  C:\Windows\System\BuBWGVz.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\NMCStwI.exe
  C:\Windows\System\NMCStwI.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\WrxnMej.exe
  C:\Windows\System\WrxnMej.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\MzQLYvx.exe
  C:\Windows\System\MzQLYvx.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\EBWyCpy.exe
  C:\Windows\System\EBWyCpy.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\NJXvoqx.exe
  C:\Windows\System\NJXvoqx.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\tiDkVcR.exe
  C:\Windows\System\tiDkVcR.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\thXnhKZ.exe
  C:\Windows\System\thXnhKZ.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\QdpXylV.exe
  C:\Windows\System\QdpXylV.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\DFyExsQ.exe
  C:\Windows\System\DFyExsQ.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\IgSveay.exe
  C:\Windows\System\IgSveay.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\JxVAxEM.exe
  C:\Windows\System\JxVAxEM.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\HnXkPOk.exe
  C:\Windows\System\HnXkPOk.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\yxBjvji.exe
  C:\Windows\System\yxBjvji.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\ecfyYlt.exe
  C:\Windows\System\ecfyYlt.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\xUvOabQ.exe
  C:\Windows\System\xUvOabQ.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\PrroJoN.exe
  C:\Windows\System\PrroJoN.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\kYKzEMU.exe
  C:\Windows\System\kYKzEMU.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\OEMYjmc.exe
  C:\Windows\System\OEMYjmc.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\GbjkuHn.exe
  C:\Windows\System\GbjkuHn.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\OvIdJTP.exe
  C:\Windows\System\OvIdJTP.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\tbjZQcf.exe
  C:\Windows\System\tbjZQcf.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\zsbHYpF.exe
  C:\Windows\System\zsbHYpF.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\jDmtZYH.exe
  C:\Windows\System\jDmtZYH.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\GONDZbV.exe
  C:\Windows\System\GONDZbV.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\xQcITfx.exe
  C:\Windows\System\xQcITfx.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\iyRfOiD.exe
  C:\Windows\System\iyRfOiD.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\RGQpafS.exe
  C:\Windows\System\RGQpafS.exe
  2⤵
  PID:2136
- C:\Windows\System\URxplQC.exe
  C:\Windows\System\URxplQC.exe
  2⤵
  PID:1776
- C:\Windows\System\ATGvZOM.exe
  C:\Windows\System\ATGvZOM.exe
  2⤵
  PID:2452
- C:\Windows\System\tNJOdhq.exe
  C:\Windows\System\tNJOdhq.exe
  2⤵
  PID:2144
- C:\Windows\System\IxFDldU.exe
  C:\Windows\System\IxFDldU.exe
  2⤵
  PID:1300
- C:\Windows\System\LepvUEz.exe
  C:\Windows\System\LepvUEz.exe
  2⤵
  PID:2520
- C:\Windows\System\IIczfAd.exe
  C:\Windows\System\IIczfAd.exe
  2⤵
  PID:1980
- C:\Windows\System\KMMZjFl.exe
  C:\Windows\System\KMMZjFl.exe
  2⤵
  PID:2560
- C:\Windows\System\ibBvbun.exe
  C:\Windows\System\ibBvbun.exe
  2⤵
  PID:528
- C:\Windows\System\HwYykty.exe
  C:\Windows\System\HwYykty.exe
  2⤵
  PID:848
- C:\Windows\System\qsWgQEc.exe
  C:\Windows\System\qsWgQEc.exe
  2⤵
  PID:536
- C:\Windows\System\oYOyhcA.exe
  C:\Windows\System\oYOyhcA.exe
  2⤵
  PID:1812
- C:\Windows\System\iTjLnRD.exe
  C:\Windows\System\iTjLnRD.exe
  2⤵
  PID:1292
- C:\Windows\System\DDBqNCu.exe
  C:\Windows\System\DDBqNCu.exe
  2⤵
  PID:1040
- C:\Windows\System\MANegIH.exe
  C:\Windows\System\MANegIH.exe
  2⤵
  PID:928
- C:\Windows\System\ZzRibLi.exe
  C:\Windows\System\ZzRibLi.exe
  2⤵
  PID:812
- C:\Windows\System\BISuhzh.exe
  C:\Windows\System\BISuhzh.exe
  2⤵
  PID:1516
- C:\Windows\System\LCkUkeK.exe
  C:\Windows\System\LCkUkeK.exe
  2⤵
  PID:2104
- C:\Windows\System\CdEcIOz.exe
  C:\Windows\System\CdEcIOz.exe
  2⤵
  PID:1008
- C:\Windows\System\oLtuwWx.exe
  C:\Windows\System\oLtuwWx.exe
  2⤵
  PID:1112
- C:\Windows\System\gppvbMf.exe
  C:\Windows\System\gppvbMf.exe
  2⤵
  PID:1504
- C:\Windows\System\wurACAT.exe
  C:\Windows\System\wurACAT.exe
  2⤵
  PID:1252
- C:\Windows\System\HsxaFjg.exe
  C:\Windows\System\HsxaFjg.exe
  2⤵
  PID:1720
- C:\Windows\System\QGBBUdh.exe
  C:\Windows\System\QGBBUdh.exe
  2⤵
  PID:1688
- C:\Windows\System\mivEBvh.exe
  C:\Windows\System\mivEBvh.exe
  2⤵
  PID:2736
- C:\Windows\System\lrmkguk.exe
  C:\Windows\System\lrmkguk.exe
  2⤵
  PID:2744
- C:\Windows\System\vgHCINP.exe
  C:\Windows\System\vgHCINP.exe
  2⤵
  PID:2800
- C:\Windows\System\zRQlOKB.exe
  C:\Windows\System\zRQlOKB.exe
  2⤵
  PID:1612
- C:\Windows\System\vOIZgqk.exe
  C:\Windows\System\vOIZgqk.exe
  2⤵
  PID:2120
- C:\Windows\System\JsGInks.exe
  C:\Windows\System\JsGInks.exe
  2⤵
  PID:1492
- C:\Windows\System\pCvyNNK.exe
  C:\Windows\System\pCvyNNK.exe
  2⤵
  PID:2916
- C:\Windows\System\NPgYdkB.exe
  C:\Windows\System\NPgYdkB.exe
  2⤵
  PID:2992
- C:\Windows\System\pFyIKAG.exe
  C:\Windows\System\pFyIKAG.exe
  2⤵
  PID:764
- C:\Windows\System\XqJSZnc.exe
  C:\Windows\System\XqJSZnc.exe
  2⤵
  PID:520
- C:\Windows\System\GtvPXAP.exe
  C:\Windows\System\GtvPXAP.exe
  2⤵
  PID:2152
- C:\Windows\System\WLnJwXA.exe
  C:\Windows\System\WLnJwXA.exe
  2⤵
  PID:2392
- C:\Windows\System\qVqqLsX.exe
  C:\Windows\System\qVqqLsX.exe
  2⤵
  PID:2572
- C:\Windows\System\VcrkFpD.exe
  C:\Windows\System\VcrkFpD.exe
  2⤵
  PID:1908
- C:\Windows\System\mQfTZJq.exe
  C:\Windows\System\mQfTZJq.exe
  2⤵
  PID:2716
- C:\Windows\System\SdBMAuw.exe
  C:\Windows\System\SdBMAuw.exe
  2⤵
  PID:1852
- C:\Windows\System\laJohpd.exe
  C:\Windows\System\laJohpd.exe
  2⤵
  PID:328
- C:\Windows\System\MjzHwld.exe
  C:\Windows\System\MjzHwld.exe
  2⤵
  PID:1704
- C:\Windows\System\TAlIbET.exe
  C:\Windows\System\TAlIbET.exe
  2⤵
  PID:2464
- C:\Windows\System\YQNXKpj.exe
  C:\Windows\System\YQNXKpj.exe
  2⤵
  PID:2040
- C:\Windows\System\OgoecLs.exe
  C:\Windows\System\OgoecLs.exe
  2⤵
  PID:548
- C:\Windows\System\evcabGN.exe
  C:\Windows\System\evcabGN.exe
  2⤵
  PID:2456
- C:\Windows\System\KHMSHNl.exe
  C:\Windows\System\KHMSHNl.exe
  2⤵
  PID:2788
- C:\Windows\System\QREPaEt.exe
  C:\Windows\System\QREPaEt.exe
  2⤵
  PID:2616
- C:\Windows\System\WHyzhiB.exe
  C:\Windows\System\WHyzhiB.exe
  2⤵
  PID:2940
- C:\Windows\System\iOUGAKt.exe
  C:\Windows\System\iOUGAKt.exe
  2⤵
  PID:2020
- C:\Windows\System\LeWqDBk.exe
  C:\Windows\System\LeWqDBk.exe
  2⤵
  PID:1940
- C:\Windows\System\PiLgEvj.exe
  C:\Windows\System\PiLgEvj.exe
  2⤵
  PID:2384
- C:\Windows\System\CGpFpJi.exe
  C:\Windows\System\CGpFpJi.exe
  2⤵
  PID:2184
- C:\Windows\System\fNrGDQz.exe
  C:\Windows\System\fNrGDQz.exe
  2⤵
  PID:2396
- C:\Windows\System\WIqldtB.exe
  C:\Windows\System\WIqldtB.exe
  2⤵
  PID:2064
- C:\Windows\System\MGJalXE.exe
  C:\Windows\System\MGJalXE.exe
  2⤵
  PID:1772
- C:\Windows\System\cDITKFB.exe
  C:\Windows\System\cDITKFB.exe
  2⤵
  PID:3076
- C:\Windows\System\hOTjxwy.exe
  C:\Windows\System\hOTjxwy.exe
  2⤵
  PID:3096
- C:\Windows\System\jMbnpvK.exe
  C:\Windows\System\jMbnpvK.exe
  2⤵
  PID:3116
- C:\Windows\System\fygjOKW.exe
  C:\Windows\System\fygjOKW.exe
  2⤵
  PID:3136
- C:\Windows\System\flJRWRy.exe
  C:\Windows\System\flJRWRy.exe
  2⤵
  PID:3156
- C:\Windows\System\qbUUiZz.exe
  C:\Windows\System\qbUUiZz.exe
  2⤵
  PID:3176
- C:\Windows\System\AxEbkkb.exe
  C:\Windows\System\AxEbkkb.exe
  2⤵
  PID:3196
- C:\Windows\System\klCbrjZ.exe
  C:\Windows\System\klCbrjZ.exe
  2⤵
  PID:3216
- C:\Windows\System\puWmHjS.exe
  C:\Windows\System\puWmHjS.exe
  2⤵
  PID:3236
- C:\Windows\System\UixnBZR.exe
  C:\Windows\System\UixnBZR.exe
  2⤵
  PID:3256
- C:\Windows\System\TcsbmMa.exe
  C:\Windows\System\TcsbmMa.exe
  2⤵
  PID:3276
- C:\Windows\System\rSLQEPV.exe
  C:\Windows\System\rSLQEPV.exe
  2⤵
  PID:3296
- C:\Windows\System\NztQeUD.exe
  C:\Windows\System\NztQeUD.exe
  2⤵
  PID:3316
- C:\Windows\System\ZoawXxb.exe
  C:\Windows\System\ZoawXxb.exe
  2⤵
  PID:3336
- C:\Windows\System\KuqNdbq.exe
  C:\Windows\System\KuqNdbq.exe
  2⤵
  PID:3356
- C:\Windows\System\BLUhcRP.exe
  C:\Windows\System\BLUhcRP.exe
  2⤵
  PID:3384
- C:\Windows\System\IFgyZbJ.exe
  C:\Windows\System\IFgyZbJ.exe
  2⤵
  PID:3404
- C:\Windows\System\wauIZyo.exe
  C:\Windows\System\wauIZyo.exe
  2⤵
  PID:3424
- C:\Windows\System\dPmatPd.exe
  C:\Windows\System\dPmatPd.exe
  2⤵
  PID:3444
- C:\Windows\System\jQtqIXI.exe
  C:\Windows\System\jQtqIXI.exe
  2⤵
  PID:3464
- C:\Windows\System\frVuWcr.exe
  C:\Windows\System\frVuWcr.exe
  2⤵
  PID:3484
- C:\Windows\System\CKJWEKU.exe
  C:\Windows\System\CKJWEKU.exe
  2⤵
  PID:3504
- C:\Windows\System\Jvarhqd.exe
  C:\Windows\System\Jvarhqd.exe
  2⤵
  PID:3524
- C:\Windows\System\rTBgaFF.exe
  C:\Windows\System\rTBgaFF.exe
  2⤵
  PID:3544
- C:\Windows\System\JreYFuC.exe
  C:\Windows\System\JreYFuC.exe
  2⤵
  PID:3564
- C:\Windows\System\yjZKCbk.exe
  C:\Windows\System\yjZKCbk.exe
  2⤵
  PID:3584
- C:\Windows\System\HomPASL.exe
  C:\Windows\System\HomPASL.exe
  2⤵
  PID:3604
- C:\Windows\System\EYIuMdu.exe
  C:\Windows\System\EYIuMdu.exe
  2⤵
  PID:3624
- C:\Windows\System\vyqgISE.exe
  C:\Windows\System\vyqgISE.exe
  2⤵
  PID:3644
- C:\Windows\System\XnCZEMw.exe
  C:\Windows\System\XnCZEMw.exe
  2⤵
  PID:3664
- C:\Windows\System\iDaxnLL.exe
  C:\Windows\System\iDaxnLL.exe
  2⤵
  PID:3684
- C:\Windows\System\KlKPOAK.exe
  C:\Windows\System\KlKPOAK.exe
  2⤵
  PID:3704
- C:\Windows\System\AkWwfNx.exe
  C:\Windows\System\AkWwfNx.exe
  2⤵
  PID:3728
- C:\Windows\System\yKOhiEG.exe
  C:\Windows\System\yKOhiEG.exe
  2⤵
  PID:3748
- C:\Windows\System\OjdmPNI.exe
  C:\Windows\System\OjdmPNI.exe
  2⤵
  PID:3768
- C:\Windows\System\fFvqtaX.exe
  C:\Windows\System\fFvqtaX.exe
  2⤵
  PID:3788
- C:\Windows\System\KlHIdtA.exe
  C:\Windows\System\KlHIdtA.exe
  2⤵
  PID:3812
- C:\Windows\System\xIWeSZE.exe
  C:\Windows\System\xIWeSZE.exe
  2⤵
  PID:3976
- C:\Windows\System\XLmzxXw.exe
  C:\Windows\System\XLmzxXw.exe
  2⤵
  PID:3992
- C:\Windows\System\IJMtogK.exe
  C:\Windows\System\IJMtogK.exe
  2⤵
  PID:4008
- C:\Windows\System\ElXUqJq.exe
  C:\Windows\System\ElXUqJq.exe
  2⤵
  PID:4028
- C:\Windows\System\fgljyjE.exe
  C:\Windows\System\fgljyjE.exe
  2⤵
  PID:4044
- C:\Windows\System\JnKHJQD.exe
  C:\Windows\System\JnKHJQD.exe
  2⤵
  PID:4068
- C:\Windows\System\fTRemOe.exe
  C:\Windows\System\fTRemOe.exe
  2⤵
  PID:4092
- C:\Windows\System\xnsRTDA.exe
  C:\Windows\System\xnsRTDA.exe
  2⤵
  PID:2288
- C:\Windows\System\JzufHbQ.exe
  C:\Windows\System\JzufHbQ.exe
  2⤵
  PID:656
- C:\Windows\System\wFBWpwh.exe
  C:\Windows\System\wFBWpwh.exe
  2⤵
  PID:920
- C:\Windows\System\teVZNEv.exe
  C:\Windows\System\teVZNEv.exe
  2⤵
  PID:1668
- C:\Windows\System\znNTsdl.exe
  C:\Windows\System\znNTsdl.exe
  2⤵
  PID:1236
- C:\Windows\System\zonDfCG.exe
  C:\Windows\System\zonDfCG.exe
  2⤵
  PID:1264
- C:\Windows\System\BbPwznP.exe
  C:\Windows\System\BbPwznP.exe
  2⤵
  PID:1840
- C:\Windows\System\oCdMbgd.exe
  C:\Windows\System\oCdMbgd.exe
  2⤵
  PID:1536
- C:\Windows\System\yVBRJUV.exe
  C:\Windows\System\yVBRJUV.exe
  2⤵
  PID:1756
- C:\Windows\System\SdVHTGc.exe
  C:\Windows\System\SdVHTGc.exe
  2⤵
  PID:3104
- C:\Windows\System\amzSsxq.exe
  C:\Windows\System\amzSsxq.exe
  2⤵
  PID:3124
- C:\Windows\System\wQyOLiz.exe
  C:\Windows\System\wQyOLiz.exe
  2⤵
  PID:3184
- C:\Windows\System\VWNjEnO.exe
  C:\Windows\System\VWNjEnO.exe
  2⤵
  PID:3168
- C:\Windows\System\BxRwmaY.exe
  C:\Windows\System\BxRwmaY.exe
  2⤵
  PID:3264
- C:\Windows\System\OGvJEYt.exe
  C:\Windows\System\OGvJEYt.exe
  2⤵
  PID:3284
- C:\Windows\System\OrZzboI.exe
  C:\Windows\System\OrZzboI.exe
  2⤵
  PID:3324
- C:\Windows\System\PrjwZMa.exe
  C:\Windows\System\PrjwZMa.exe
  2⤵
  PID:3352
- C:\Windows\System\kWNZYGM.exe
  C:\Windows\System\kWNZYGM.exe
  2⤵
  PID:3396
- C:\Windows\System\aBgWERS.exe
  C:\Windows\System\aBgWERS.exe
  2⤵
  PID:3440
- C:\Windows\System\eHTHPke.exe
  C:\Windows\System\eHTHPke.exe
  2⤵
  PID:3452
- C:\Windows\System\fHYTtGn.exe
  C:\Windows\System\fHYTtGn.exe
  2⤵
  PID:3492
- C:\Windows\System\cjBpaGA.exe
  C:\Windows\System\cjBpaGA.exe
  2⤵
  PID:3496
- C:\Windows\System\oSTGjTO.exe
  C:\Windows\System\oSTGjTO.exe
  2⤵
  PID:3556
- C:\Windows\System\kMwaTiO.exe
  C:\Windows\System\kMwaTiO.exe
  2⤵
  PID:3600
- C:\Windows\System\uSnVTqW.exe
  C:\Windows\System\uSnVTqW.exe
  2⤵
  PID:3636
- C:\Windows\System\HuluriI.exe
  C:\Windows\System\HuluriI.exe
  2⤵
  PID:3692
- C:\Windows\System\AAmDscZ.exe
  C:\Windows\System\AAmDscZ.exe
  2⤵
  PID:3724
- C:\Windows\System\KXIqIAt.exe
  C:\Windows\System\KXIqIAt.exe
  2⤵
  PID:3756
- C:\Windows\System\OumVbiS.exe
  C:\Windows\System\OumVbiS.exe
  2⤵
  PID:3808
- C:\Windows\System\YqBruQd.exe
  C:\Windows\System\YqBruQd.exe
  2⤵
  PID:2344
- C:\Windows\System\VcTKpHO.exe
  C:\Windows\System\VcTKpHO.exe
  2⤵
  PID:2128
- C:\Windows\System\SfQbqnj.exe
  C:\Windows\System\SfQbqnj.exe
  2⤵
  PID:2108
- C:\Windows\System\KtGlkYX.exe
  C:\Windows\System\KtGlkYX.exe
  2⤵
  PID:2816
- C:\Windows\System\BfIVdIQ.exe
  C:\Windows\System\BfIVdIQ.exe
  2⤵
  PID:1484
- C:\Windows\System\EJRpCGj.exe
  C:\Windows\System\EJRpCGj.exe
  2⤵
  PID:3036
- C:\Windows\System\gigKhBb.exe
  C:\Windows\System\gigKhBb.exe
  2⤵
  PID:3884
- C:\Windows\System\OYVdiuT.exe
  C:\Windows\System\OYVdiuT.exe
  2⤵
  PID:2508
- C:\Windows\System\FqBKCvA.exe
  C:\Windows\System\FqBKCvA.exe
  2⤵
  PID:1692
- C:\Windows\System\MIqEgec.exe
  C:\Windows\System\MIqEgec.exe
  2⤵
  PID:2336
- C:\Windows\System\HFugjmB.exe
  C:\Windows\System\HFugjmB.exe
  2⤵
  PID:2140
- C:\Windows\System\ztiMYLy.exe
  C:\Windows\System\ztiMYLy.exe
  2⤵
  PID:1928
- C:\Windows\System\rjkoWhS.exe
  C:\Windows\System\rjkoWhS.exe
  2⤵
  PID:2884
- C:\Windows\System\YiMCqPW.exe
  C:\Windows\System\YiMCqPW.exe
  2⤵
  PID:1120
- C:\Windows\System\wxlFBLB.exe
  C:\Windows\System\wxlFBLB.exe
  2⤵
  PID:320
- C:\Windows\System\GiELXFD.exe
  C:\Windows\System\GiELXFD.exe
  2⤵
  PID:2372
- C:\Windows\System\sXjggqw.exe
  C:\Windows\System\sXjggqw.exe
  2⤵
  PID:2004
- C:\Windows\System\epvpuTM.exe
  C:\Windows\System\epvpuTM.exe
  2⤵
  PID:2444
- C:\Windows\System\BPZAyrI.exe
  C:\Windows\System\BPZAyrI.exe
  2⤵
  PID:388
- C:\Windows\System\JKeNbBD.exe
  C:\Windows\System\JKeNbBD.exe
  2⤵
  PID:2092
- C:\Windows\System\PmTDsAq.exe
  C:\Windows\System\PmTDsAq.exe
  2⤵
  PID:944
- C:\Windows\System\uKJPEqK.exe
  C:\Windows\System\uKJPEqK.exe
  2⤵
  PID:3944
- C:\Windows\System\LTnEdcp.exe
  C:\Windows\System\LTnEdcp.exe
  2⤵
  PID:4016
- C:\Windows\System\IPaJkVh.exe
  C:\Windows\System\IPaJkVh.exe
  2⤵
  PID:4064
- C:\Windows\System\ufrJmGH.exe
  C:\Windows\System\ufrJmGH.exe
  2⤵
  PID:744
- C:\Windows\System\dxDacRg.exe
  C:\Windows\System\dxDacRg.exe
  2⤵
  PID:4080
- C:\Windows\System\ZqgRblx.exe
  C:\Windows\System\ZqgRblx.exe
  2⤵
  PID:3948
- C:\Windows\System\ZjVMcgq.exe
  C:\Windows\System\ZjVMcgq.exe
  2⤵
  PID:3960
- C:\Windows\System\vgUBEdA.exe
  C:\Windows\System\vgUBEdA.exe
  2⤵
  PID:2648
- C:\Windows\System\BmjGgzq.exe
  C:\Windows\System\BmjGgzq.exe
  2⤵
  PID:1148
- C:\Windows\System\jasKkKt.exe
  C:\Windows\System\jasKkKt.exe
  2⤵
  PID:880
- C:\Windows\System\PdadqiO.exe
  C:\Windows\System\PdadqiO.exe
  2⤵
  PID:4088
- C:\Windows\System\CGeMjoV.exe
  C:\Windows\System\CGeMjoV.exe
  2⤵
  PID:3088
- C:\Windows\System\XnMqslE.exe
  C:\Windows\System\XnMqslE.exe
  2⤵
  PID:3148
- C:\Windows\System\QUREPoN.exe
  C:\Windows\System\QUREPoN.exe
  2⤵
  PID:3252
- C:\Windows\System\HIHowgc.exe
  C:\Windows\System\HIHowgc.exe
  2⤵
  PID:3332
- C:\Windows\System\wmcbZsI.exe
  C:\Windows\System\wmcbZsI.exe
  2⤵
  PID:3400
- C:\Windows\System\PSOmcCU.exe
  C:\Windows\System\PSOmcCU.exe
  2⤵
  PID:3372
- C:\Windows\System\aSlpQSv.exe
  C:\Windows\System\aSlpQSv.exe
  2⤵
  PID:3480
- C:\Windows\System\WkfcjQi.exe
  C:\Windows\System\WkfcjQi.exe
  2⤵
  PID:3520
- C:\Windows\System\dYsnHcd.exe
  C:\Windows\System\dYsnHcd.exe
  2⤵
  PID:3580
- C:\Windows\System\VHBQoTe.exe
  C:\Windows\System\VHBQoTe.exe
  2⤵
  PID:3616
- C:\Windows\System\wlgHPlz.exe
  C:\Windows\System\wlgHPlz.exe
  2⤵
  PID:3680
- C:\Windows\System\ewfTmNt.exe
  C:\Windows\System\ewfTmNt.exe
  2⤵
  PID:3784
- C:\Windows\System\HjxKHpM.exe
  C:\Windows\System\HjxKHpM.exe
  2⤵
  PID:3760
- C:\Windows\System\bGhHEPk.exe
  C:\Windows\System\bGhHEPk.exe
  2⤵
  PID:3672
- C:\Windows\System\eScFRQP.exe
  C:\Windows\System\eScFRQP.exe
  2⤵
  PID:3676
- C:\Windows\System\ZCHlmrf.exe
  C:\Windows\System\ZCHlmrf.exe
  2⤵
  PID:2580
- C:\Windows\System\qRiBgvx.exe
  C:\Windows\System\qRiBgvx.exe
  2⤵
  PID:2000
- C:\Windows\System\pkRzzjU.exe
  C:\Windows\System\pkRzzjU.exe
  2⤵
  PID:2388
- C:\Windows\System\SOhrhHu.exe
  C:\Windows\System\SOhrhHu.exe
  2⤵
  PID:3912
- C:\Windows\System\KGaOOno.exe
  C:\Windows\System\KGaOOno.exe
  2⤵
  PID:2088
- C:\Windows\System\WphbQqF.exe
  C:\Windows\System\WphbQqF.exe
  2⤵
  PID:3916
- C:\Windows\System\Omlwvfj.exe
  C:\Windows\System\Omlwvfj.exe
  2⤵
  PID:3924
- C:\Windows\System\rioVjTP.exe
  C:\Windows\System\rioVjTP.exe
  2⤵
  PID:856
- C:\Windows\System\ocFFDlC.exe
  C:\Windows\System\ocFFDlC.exe
  2⤵
  PID:1992
- C:\Windows\System\toIvRlP.exe
  C:\Windows\System\toIvRlP.exe
  2⤵
  PID:952
- C:\Windows\System\xIcDqQV.exe
  C:\Windows\System\xIcDqQV.exe
  2⤵
  PID:3932
- C:\Windows\System\ufiaCEi.exe
  C:\Windows\System\ufiaCEi.exe
  2⤵
  PID:2316
- C:\Windows\System\AhVIGwl.exe
  C:\Windows\System\AhVIGwl.exe
  2⤵
  PID:916
- C:\Windows\System\lUYKCFO.exe
  C:\Windows\System\lUYKCFO.exe
  2⤵
  PID:3964
- C:\Windows\System\yGWRauj.exe
  C:\Windows\System\yGWRauj.exe
  2⤵
  PID:2808
- C:\Windows\System\SXLBfyX.exe
  C:\Windows\System\SXLBfyX.exe
  2⤵
  PID:676
- C:\Windows\System\gPURGsy.exe
  C:\Windows\System\gPURGsy.exe
  2⤵
  PID:2988
- C:\Windows\System\aASgALc.exe
  C:\Windows\System\aASgALc.exe
  2⤵
  PID:3084
- C:\Windows\System\HiRBUvA.exe
  C:\Windows\System\HiRBUvA.exe
  2⤵
  PID:3312
- C:\Windows\System\Gknsjyi.exe
  C:\Windows\System\Gknsjyi.exe
  2⤵
  PID:3476
- C:\Windows\System\BRrdbte.exe
  C:\Windows\System\BRrdbte.exe
  2⤵
  PID:1076
- C:\Windows\System\SzpdeXM.exe
  C:\Windows\System\SzpdeXM.exe
  2⤵
  PID:3660
- C:\Windows\System\cFbSzHY.exe
  C:\Windows\System\cFbSzHY.exe
  2⤵
  PID:3656
- C:\Windows\System\NXVukNZ.exe
  C:\Windows\System\NXVukNZ.exe
  2⤵
  PID:3552
- C:\Windows\System\ajgLuci.exe
  C:\Windows\System\ajgLuci.exe
  2⤵
  PID:3592
- C:\Windows\System\olTQRBG.exe
  C:\Windows\System\olTQRBG.exe
  2⤵
  PID:904
- C:\Windows\System\jETyrGl.exe
  C:\Windows\System\jETyrGl.exe
  2⤵
  PID:2324
- C:\Windows\System\MWqwUjx.exe
  C:\Windows\System\MWqwUjx.exe
  2⤵
  PID:1680
- C:\Windows\System\uKziCne.exe
  C:\Windows\System\uKziCne.exe
  2⤵
  PID:1544
- C:\Windows\System\AwNcvjs.exe
  C:\Windows\System\AwNcvjs.exe
  2⤵
  PID:2812
- C:\Windows\System\nKdaRzf.exe
  C:\Windows\System\nKdaRzf.exe
  2⤵
  PID:1404
- C:\Windows\System\caRWeug.exe
  C:\Windows\System\caRWeug.exe
  2⤵
  PID:4056
- C:\Windows\System\UKFQpWo.exe
  C:\Windows\System\UKFQpWo.exe
  2⤵
  PID:2840
- C:\Windows\System\JlctTFK.exe
  C:\Windows\System\JlctTFK.exe
  2⤵
  PID:4040
- C:\Windows\System\cklntlY.exe
  C:\Windows\System\cklntlY.exe
  2⤵
  PID:860
- C:\Windows\System\XFRrEnm.exe
  C:\Windows\System\XFRrEnm.exe
  2⤵
  PID:1328
- C:\Windows\System\rJjdmxE.exe
  C:\Windows\System\rJjdmxE.exe
  2⤵
  PID:3272
- C:\Windows\System\fsSnUaH.exe
  C:\Windows\System\fsSnUaH.exe
  2⤵
  PID:3472
- C:\Windows\System\XebBhsN.exe
  C:\Windows\System\XebBhsN.exe
  2⤵
  PID:3512
- C:\Windows\System\EMVtBNH.exe
  C:\Windows\System\EMVtBNH.exe
  2⤵
  PID:3776
- C:\Windows\System\FeBsQTu.exe
  C:\Windows\System\FeBsQTu.exe
  2⤵
  PID:3696
- C:\Windows\System\hScszBC.exe
  C:\Windows\System\hScszBC.exe
  2⤵
  PID:3860
- C:\Windows\System\XSFqWqW.exe
  C:\Windows\System\XSFqWqW.exe
  2⤵
  PID:632
- C:\Windows\System\HYGqonU.exe
  C:\Windows\System\HYGqonU.exe
  2⤵
  PID:2888
- C:\Windows\System\ToYDbgS.exe
  C:\Windows\System\ToYDbgS.exe
  2⤵
  PID:648
- C:\Windows\System\eJlqBbD.exe
  C:\Windows\System\eJlqBbD.exe
  2⤵
  PID:1644
- C:\Windows\System\BpLzCHR.exe
  C:\Windows\System\BpLzCHR.exe
  2⤵
  PID:4060
- C:\Windows\System\lywvxgf.exe
  C:\Windows\System\lywvxgf.exe
  2⤵
  PID:3436
- C:\Windows\System\XqTVcMG.exe
  C:\Windows\System\XqTVcMG.exe
  2⤵
  PID:3988
- C:\Windows\System\MdOAOhp.exe
  C:\Windows\System\MdOAOhp.exe
  2⤵
  PID:3412
- C:\Windows\System\oHrsRrP.exe
  C:\Windows\System\oHrsRrP.exe
  2⤵
  PID:3800
- C:\Windows\System\jWXfgEg.exe
  C:\Windows\System\jWXfgEg.exe
  2⤵
  PID:3928
- C:\Windows\System\ALOyidl.exe
  C:\Windows\System\ALOyidl.exe
  2⤵
  PID:3940
- C:\Windows\System\nqPyJER.exe
  C:\Windows\System\nqPyJER.exe
  2⤵
  PID:3364
- C:\Windows\System\HwhEiGD.exe
  C:\Windows\System\HwhEiGD.exe
  2⤵
  PID:2076
- C:\Windows\System\MkOVTZq.exe
  C:\Windows\System\MkOVTZq.exe
  2⤵
  PID:1248
- C:\Windows\System\ORvCoNm.exe
  C:\Windows\System\ORvCoNm.exe
  2⤵
  PID:1976
- C:\Windows\System\WmMisOG.exe
  C:\Windows\System\WmMisOG.exe
  2⤵
  PID:2192
- C:\Windows\System\BrfHSPC.exe
  C:\Windows\System\BrfHSPC.exe
  2⤵
  PID:2920
- C:\Windows\System\qZQXCmm.exe
  C:\Windows\System\qZQXCmm.exe
  2⤵
  PID:2332
- C:\Windows\System\JTsdtwy.exe
  C:\Windows\System\JTsdtwy.exe
  2⤵
  PID:2440
- C:\Windows\System\RTviWiM.exe
  C:\Windows\System\RTviWiM.exe
  2⤵
  PID:612
- C:\Windows\System\xmNGjsh.exe
  C:\Windows\System\xmNGjsh.exe
  2⤵
  PID:4052
- C:\Windows\System\YuTYhzR.exe
  C:\Windows\System\YuTYhzR.exe
  2⤵
  PID:3632
- C:\Windows\System\JqLxEpU.exe
  C:\Windows\System\JqLxEpU.exe
  2⤵
  PID:4112
- C:\Windows\System\nZgjFUE.exe
  C:\Windows\System\nZgjFUE.exe
  2⤵
  PID:4136
- C:\Windows\System\vRTUWvF.exe
  C:\Windows\System\vRTUWvF.exe
  2⤵
  PID:4152
- C:\Windows\System\TdkJOhz.exe
  C:\Windows\System\TdkJOhz.exe
  2⤵
  PID:4172
- C:\Windows\System\lklBonQ.exe
  C:\Windows\System\lklBonQ.exe
  2⤵
  PID:4196
- C:\Windows\System\moDVIeb.exe
  C:\Windows\System\moDVIeb.exe
  2⤵
  PID:4212
- C:\Windows\System\fELflhE.exe
  C:\Windows\System\fELflhE.exe
  2⤵
  PID:4232
- C:\Windows\System\WYOCYSF.exe
  C:\Windows\System\WYOCYSF.exe
  2⤵
  PID:4252
- C:\Windows\System\JiVRxLA.exe
  C:\Windows\System\JiVRxLA.exe
  2⤵
  PID:4276
- C:\Windows\System\OPKoEwd.exe
  C:\Windows\System\OPKoEwd.exe
  2⤵
  PID:4296
- C:\Windows\System\YkQZDFC.exe
  C:\Windows\System\YkQZDFC.exe
  2⤵
  PID:4312
- C:\Windows\System\NfqTdNr.exe
  C:\Windows\System\NfqTdNr.exe
  2⤵
  PID:4328
- C:\Windows\System\mbEruuz.exe
  C:\Windows\System\mbEruuz.exe
  2⤵
  PID:4352
- C:\Windows\System\JgGIljY.exe
  C:\Windows\System\JgGIljY.exe
  2⤵
  PID:4376
- C:\Windows\System\gyJcsOK.exe
  C:\Windows\System\gyJcsOK.exe
  2⤵
  PID:4396
- C:\Windows\System\ZWdkfEo.exe
  C:\Windows\System\ZWdkfEo.exe
  2⤵
  PID:4416
- C:\Windows\System\rMYDcQO.exe
  C:\Windows\System\rMYDcQO.exe
  2⤵
  PID:4436
- C:\Windows\System\zZaEgSx.exe
  C:\Windows\System\zZaEgSx.exe
  2⤵
  PID:4460
- C:\Windows\System\vuosJXV.exe
  C:\Windows\System\vuosJXV.exe
  2⤵
  PID:4476
- C:\Windows\System\LywuPwV.exe
  C:\Windows\System\LywuPwV.exe
  2⤵
  PID:4500
- C:\Windows\System\wLcpXOW.exe
  C:\Windows\System\wLcpXOW.exe
  2⤵
  PID:4516
- C:\Windows\System\vPwCOUF.exe
  C:\Windows\System\vPwCOUF.exe
  2⤵
  PID:4536
- C:\Windows\System\VVnBWXC.exe
  C:\Windows\System\VVnBWXC.exe
  2⤵
  PID:4556
- C:\Windows\System\KSBqRaF.exe
  C:\Windows\System\KSBqRaF.exe
  2⤵
  PID:4572
- C:\Windows\System\HzVyVlw.exe
  C:\Windows\System\HzVyVlw.exe
  2⤵
  PID:4596
- C:\Windows\System\LLGZIrG.exe
  C:\Windows\System\LLGZIrG.exe
  2⤵
  PID:4612
- C:\Windows\System\EjbTkaJ.exe
  C:\Windows\System\EjbTkaJ.exe
  2⤵
  PID:4632
- C:\Windows\System\nIfodmG.exe
  C:\Windows\System\nIfodmG.exe
  2⤵
  PID:4648
- C:\Windows\System\lepYloB.exe
  C:\Windows\System\lepYloB.exe
  2⤵
  PID:4668
- C:\Windows\System\bhbNXcB.exe
  C:\Windows\System\bhbNXcB.exe
  2⤵
  PID:4684
- C:\Windows\System\EDwcARB.exe
  C:\Windows\System\EDwcARB.exe
  2⤵
  PID:4720
- C:\Windows\System\nmtbsRd.exe
  C:\Windows\System\nmtbsRd.exe
  2⤵
  PID:4736
- C:\Windows\System\cXwHqCC.exe
  C:\Windows\System\cXwHqCC.exe
  2⤵
  PID:4756
- C:\Windows\System\ZVuqQNf.exe
  C:\Windows\System\ZVuqQNf.exe
  2⤵
  PID:4772
- C:\Windows\System\tXuoNvu.exe
  C:\Windows\System\tXuoNvu.exe
  2⤵
  PID:4788
- C:\Windows\System\LtuwQDv.exe
  C:\Windows\System\LtuwQDv.exe
  2⤵
  PID:4816
- C:\Windows\System\rmEZnKD.exe
  C:\Windows\System\rmEZnKD.exe
  2⤵
  PID:4832
- C:\Windows\System\KkgNfKR.exe
  C:\Windows\System\KkgNfKR.exe
  2⤵
  PID:4856
- C:\Windows\System\NyOeMZZ.exe
  C:\Windows\System\NyOeMZZ.exe
  2⤵
  PID:4872
- C:\Windows\System\zjqObKS.exe
  C:\Windows\System\zjqObKS.exe
  2⤵
  PID:4888
- C:\Windows\System\MClYXRK.exe
  C:\Windows\System\MClYXRK.exe
  2⤵
  PID:4916
- C:\Windows\System\ANAjpZO.exe
  C:\Windows\System\ANAjpZO.exe
  2⤵
  PID:4940
- C:\Windows\System\sFQRRsG.exe
  C:\Windows\System\sFQRRsG.exe
  2⤵
  PID:4956
- C:\Windows\System\fqwARrv.exe
  C:\Windows\System\fqwARrv.exe
  2⤵
  PID:4984
- C:\Windows\System\EbaRgpc.exe
  C:\Windows\System\EbaRgpc.exe
  2⤵
  PID:5004
- C:\Windows\System\qXvpdpr.exe
  C:\Windows\System\qXvpdpr.exe
  2⤵
  PID:5020
- C:\Windows\System\mVQloJP.exe
  C:\Windows\System\mVQloJP.exe
  2⤵
  PID:5040
- C:\Windows\System\qopoXDW.exe
  C:\Windows\System\qopoXDW.exe
  2⤵
  PID:5064
- C:\Windows\System\dwipGqv.exe
  C:\Windows\System\dwipGqv.exe
  2⤵
  PID:5084
- C:\Windows\System\BITQWPf.exe
  C:\Windows\System\BITQWPf.exe
  2⤵
  PID:5104
- C:\Windows\System\woRnild.exe
  C:\Windows\System\woRnild.exe
  2⤵
  PID:1512
- C:\Windows\System\upPRbXu.exe
  C:\Windows\System\upPRbXu.exe
  2⤵
  PID:4100
- C:\Windows\System\phIwViN.exe
  C:\Windows\System\phIwViN.exe
  2⤵
  PID:4148
- C:\Windows\System\rOdyFyt.exe
  C:\Windows\System\rOdyFyt.exe
  2⤵
  PID:4192
- C:\Windows\System\tnycjlv.exe
  C:\Windows\System\tnycjlv.exe
  2⤵
  PID:4244
- C:\Windows\System\ctTdIZf.exe
  C:\Windows\System\ctTdIZf.exe
  2⤵
  PID:4260
- C:\Windows\System\ozpKVdn.exe
  C:\Windows\System\ozpKVdn.exe
  2⤵
  PID:4288
- C:\Windows\System\unNJeAS.exe
  C:\Windows\System\unNJeAS.exe
  2⤵
  PID:4324
- C:\Windows\System\ctqSFnZ.exe
  C:\Windows\System\ctqSFnZ.exe
  2⤵
  PID:4348
- C:\Windows\System\VNzlkNR.exe
  C:\Windows\System\VNzlkNR.exe
  2⤵
  PID:4432
- C:\Windows\System\DUCLhbO.exe
  C:\Windows\System\DUCLhbO.exe
  2⤵
  PID:4452
- C:\Windows\System\xXHEIqU.exe
  C:\Windows\System\xXHEIqU.exe
  2⤵
  PID:4508
- C:\Windows\System\EzHbNcT.exe
  C:\Windows\System\EzHbNcT.exe
  2⤵
  PID:4532
- C:\Windows\System\RZhKFbF.exe
  C:\Windows\System\RZhKFbF.exe
  2⤵
  PID:4548
- C:\Windows\System\fvIeMuG.exe
  C:\Windows\System\fvIeMuG.exe
  2⤵
  PID:4640
- C:\Windows\System\TbBXuSq.exe
  C:\Windows\System\TbBXuSq.exe
  2⤵
  PID:4592
- C:\Windows\System\sBYiLcA.exe
  C:\Windows\System\sBYiLcA.exe
  2⤵
  PID:4676
- C:\Windows\System\AwUdyZl.exe
  C:\Windows\System\AwUdyZl.exe
  2⤵
  PID:4584
- C:\Windows\System\bYMObwu.exe
  C:\Windows\System\bYMObwu.exe
  2⤵
  PID:4656
- C:\Windows\System\SQIqisR.exe
  C:\Windows\System\SQIqisR.exe
  2⤵
  PID:4700
- C:\Windows\System\aPbcqES.exe
  C:\Windows\System\aPbcqES.exe
  2⤵
  PID:4768
- C:\Windows\System\hVTqepy.exe
  C:\Windows\System\hVTqepy.exe
  2⤵
  PID:4812
- C:\Windows\System\AsmCJwH.exe
  C:\Windows\System\AsmCJwH.exe
  2⤵
  PID:4752
- C:\Windows\System\mUFFtUR.exe
  C:\Windows\System\mUFFtUR.exe
  2⤵
  PID:4840
- C:\Windows\System\DKFeIjZ.exe
  C:\Windows\System\DKFeIjZ.exe
  2⤵
  PID:4880
- C:\Windows\System\doIyntf.exe
  C:\Windows\System\doIyntf.exe
  2⤵
  PID:4864
- C:\Windows\System\CgTeXJK.exe
  C:\Windows\System\CgTeXJK.exe
  2⤵
  PID:4936
- C:\Windows\System\dQpDagq.exe
  C:\Windows\System\dQpDagq.exe
  2⤵
  PID:4948
- C:\Windows\System\guhxRSg.exe
  C:\Windows\System\guhxRSg.exe
  2⤵
  PID:4976
- C:\Windows\System\UAfyzPv.exe
  C:\Windows\System\UAfyzPv.exe
  2⤵
  PID:4996
- C:\Windows\System\niaDieH.exe
  C:\Windows\System\niaDieH.exe
  2⤵
  PID:5048
- C:\Windows\System\QRXgguz.exe
  C:\Windows\System\QRXgguz.exe
  2⤵
  PID:5060
- C:\Windows\System\bpzOrbz.exe
  C:\Windows\System\bpzOrbz.exe
  2⤵
  PID:4104
- C:\Windows\System\lBjKWgo.exe
  C:\Windows\System\lBjKWgo.exe
  2⤵
  PID:4164
- C:\Windows\System\aMohZUd.exe
  C:\Windows\System\aMohZUd.exe
  2⤵
  PID:4184
- C:\Windows\System\CsBdOTe.exe
  C:\Windows\System\CsBdOTe.exe
  2⤵
  PID:4224
- C:\Windows\System\zCReVFH.exe
  C:\Windows\System\zCReVFH.exe
  2⤵
  PID:4384
- C:\Windows\System\NNapuYP.exe
  C:\Windows\System\NNapuYP.exe
  2⤵
  PID:4372
- C:\Windows\System\BDsDokb.exe
  C:\Windows\System\BDsDokb.exe
  2⤵
  PID:1708
- C:\Windows\System\IPliFKN.exe
  C:\Windows\System\IPliFKN.exe
  2⤵
  PID:996
- C:\Windows\System\ocwgWXW.exe
  C:\Windows\System\ocwgWXW.exe
  2⤵
  PID:4368
- C:\Windows\System\WzfbNtm.exe
  C:\Windows\System\WzfbNtm.exe
  2⤵
  PID:4696
- C:\Windows\System\CIHqNFG.exe
  C:\Windows\System\CIHqNFG.exe
  2⤵
  PID:4732
- C:\Windows\System\PHYvHTg.exe
  C:\Windows\System\PHYvHTg.exe
  2⤵
  PID:4808
- C:\Windows\System\CQRQiey.exe
  C:\Windows\System\CQRQiey.exe
  2⤵
  PID:4848
- C:\Windows\System\tsyXHJU.exe
  C:\Windows\System\tsyXHJU.exe
  2⤵
  PID:4900
- C:\Windows\System\YkQvWMf.exe
  C:\Windows\System\YkQvWMf.exe
  2⤵
  PID:4968
- C:\Windows\System\lpXTGpR.exe
  C:\Windows\System\lpXTGpR.exe
  2⤵
  PID:5032
- C:\Windows\System\SwQVPCq.exe
  C:\Windows\System\SwQVPCq.exe
  2⤵
  PID:1428
- C:\Windows\System\rwqbQtl.exe
  C:\Windows\System\rwqbQtl.exe
  2⤵
  PID:4124
- C:\Windows\System\fSJUdnU.exe
  C:\Windows\System\fSJUdnU.exe
  2⤵
  PID:4168
- C:\Windows\System\NAXUNKr.exe
  C:\Windows\System\NAXUNKr.exe
  2⤵
  PID:4344
- C:\Windows\System\kTnACEI.exe
  C:\Windows\System\kTnACEI.exe
  2⤵
  PID:4488
- C:\Windows\System\SRsShEI.exe
  C:\Windows\System\SRsShEI.exe
  2⤵
  PID:4392
- C:\Windows\System\nHgSxdv.exe
  C:\Windows\System\nHgSxdv.exe
  2⤵
  PID:4456
- C:\Windows\System\teJmwJp.exe
  C:\Windows\System\teJmwJp.exe
  2⤵
  PID:4528
- C:\Windows\System\wHCkBeU.exe
  C:\Windows\System\wHCkBeU.exe
  2⤵
  PID:4624
- C:\Windows\System\khDwcaJ.exe
  C:\Windows\System\khDwcaJ.exe
  2⤵
  PID:4628
- C:\Windows\System\MJtMpeg.exe
  C:\Windows\System\MJtMpeg.exe
  2⤵
  PID:4764
- C:\Windows\System\DSfVkwL.exe
  C:\Windows\System\DSfVkwL.exe
  2⤵
  PID:4748
- C:\Windows\System\UZMJJli.exe
  C:\Windows\System\UZMJJli.exe
  2⤵
  PID:4964
- C:\Windows\System\OddQjuw.exe
  C:\Windows\System\OddQjuw.exe
  2⤵
  PID:5016
- C:\Windows\System\AGYEDOT.exe
  C:\Windows\System\AGYEDOT.exe
  2⤵
  PID:5100
- C:\Windows\System\xdHzrtr.exe
  C:\Windows\System\xdHzrtr.exe
  2⤵
  PID:4292
- C:\Windows\System\cRQdBAU.exe
  C:\Windows\System\cRQdBAU.exe
  2⤵
  PID:4340
- C:\Windows\System\LcdYOgd.exe
  C:\Windows\System\LcdYOgd.exe
  2⤵
  PID:1532
- C:\Windows\System\whHxpMz.exe
  C:\Windows\System\whHxpMz.exe
  2⤵
  PID:4524
- C:\Windows\System\xkZHMLm.exe
  C:\Windows\System\xkZHMLm.exe
  2⤵
  PID:4608
- C:\Windows\System\raRegPq.exe
  C:\Windows\System\raRegPq.exe
  2⤵
  PID:4160
- C:\Windows\System\vhrwutz.exe
  C:\Windows\System\vhrwutz.exe
  2⤵
  PID:2240
- C:\Windows\System\yeicxDw.exe
  C:\Windows\System\yeicxDw.exe
  2⤵
  PID:4784
- C:\Windows\System\CDKgNMT.exe
  C:\Windows\System\CDKgNMT.exe
  2⤵
  PID:5156
- C:\Windows\System\KlEhGlZ.exe
  C:\Windows\System\KlEhGlZ.exe
  2⤵
  PID:5172
- C:\Windows\System\GqTAKib.exe
  C:\Windows\System\GqTAKib.exe
  2⤵
  PID:5192
- C:\Windows\System\IvUwKmU.exe
  C:\Windows\System\IvUwKmU.exe
  2⤵
  PID:5224
- C:\Windows\System\dzRrJQw.exe
  C:\Windows\System\dzRrJQw.exe
  2⤵
  PID:5240
- C:\Windows\System\lljWXuo.exe
  C:\Windows\System\lljWXuo.exe
  2⤵
  PID:5260
- C:\Windows\System\tnnwrgP.exe
  C:\Windows\System\tnnwrgP.exe
  2⤵
  PID:5276
- C:\Windows\System\GhQNUaj.exe
  C:\Windows\System\GhQNUaj.exe
  2⤵
  PID:5296
- C:\Windows\System\OHbYAZh.exe
  C:\Windows\System\OHbYAZh.exe
  2⤵
  PID:5312
- C:\Windows\System\cfOXhpl.exe
  C:\Windows\System\cfOXhpl.exe
  2⤵
  PID:5332
- C:\Windows\System\shPmWov.exe
  C:\Windows\System\shPmWov.exe
  2⤵
  PID:5360
- C:\Windows\System\oLbcsKu.exe
  C:\Windows\System\oLbcsKu.exe
  2⤵
  PID:5380
- C:\Windows\System\csWHAIv.exe
  C:\Windows\System\csWHAIv.exe
  2⤵
  PID:5400
- C:\Windows\System\myuHSff.exe
  C:\Windows\System\myuHSff.exe
  2⤵
  PID:5420
- C:\Windows\System\fIxyRuY.exe
  C:\Windows\System\fIxyRuY.exe
  2⤵
  PID:5436
- C:\Windows\System\UzWhZXO.exe
  C:\Windows\System\UzWhZXO.exe
  2⤵
  PID:5460
- C:\Windows\System\JcoSGcn.exe
  C:\Windows\System\JcoSGcn.exe
  2⤵
  PID:5484
- C:\Windows\System\gQxCfNq.exe
  C:\Windows\System\gQxCfNq.exe
  2⤵
  PID:5500
- C:\Windows\System\XNUDsPY.exe
  C:\Windows\System\XNUDsPY.exe
  2⤵
  PID:5520
- C:\Windows\System\WnlUCFT.exe
  C:\Windows\System\WnlUCFT.exe
  2⤵
  PID:5540
- C:\Windows\System\fIfwPXE.exe
  C:\Windows\System\fIfwPXE.exe
  2⤵
  PID:5564
- C:\Windows\System\IKwYCIj.exe
  C:\Windows\System\IKwYCIj.exe
  2⤵
  PID:5580
- C:\Windows\System\CgWQVDD.exe
  C:\Windows\System\CgWQVDD.exe
  2⤵
  PID:5596
- C:\Windows\System\wZPIeEg.exe
  C:\Windows\System\wZPIeEg.exe
  2⤵
  PID:5620
- C:\Windows\System\kHcvmjA.exe
  C:\Windows\System\kHcvmjA.exe
  2⤵
  PID:5644
- C:\Windows\System\qbCIOxw.exe
  C:\Windows\System\qbCIOxw.exe
  2⤵
  PID:5660
- C:\Windows\System\kFMIcLT.exe
  C:\Windows\System\kFMIcLT.exe
  2⤵
  PID:5680
- C:\Windows\System\fIOwszS.exe
  C:\Windows\System\fIOwszS.exe
  2⤵
  PID:5696
- C:\Windows\System\iJchodv.exe
  C:\Windows\System\iJchodv.exe
  2⤵
  PID:5712
- C:\Windows\System\CzpgfGc.exe
  C:\Windows\System\CzpgfGc.exe
  2⤵
  PID:5736
- C:\Windows\System\caHUkDb.exe
  C:\Windows\System\caHUkDb.exe
  2⤵
  PID:5752
- C:\Windows\System\YoyhBiS.exe
  C:\Windows\System\YoyhBiS.exe
  2⤵
  PID:5772
- C:\Windows\System\ZigTDqd.exe
  C:\Windows\System\ZigTDqd.exe
  2⤵
  PID:5788
- C:\Windows\System\wsgphNi.exe
  C:\Windows\System\wsgphNi.exe
  2⤵
  PID:5828
- C:\Windows\System\vuQjDeb.exe
  C:\Windows\System\vuQjDeb.exe
  2⤵
  PID:5844
- C:\Windows\System\XpxvTPt.exe
  C:\Windows\System\XpxvTPt.exe
  2⤵
  PID:5864
- C:\Windows\System\HivYxFa.exe
  C:\Windows\System\HivYxFa.exe
  2⤵
  PID:5888
- C:\Windows\System\VKIxPeI.exe
  C:\Windows\System\VKIxPeI.exe
  2⤵
  PID:5904
- C:\Windows\System\Phensuy.exe
  C:\Windows\System\Phensuy.exe
  2⤵
  PID:5928
- C:\Windows\System\WeXplhJ.exe
  C:\Windows\System\WeXplhJ.exe
  2⤵
  PID:5944
- C:\Windows\System\XexLUGx.exe
  C:\Windows\System\XexLUGx.exe
  2⤵
  PID:5968
- C:\Windows\System\mfiqJJs.exe
  C:\Windows\System\mfiqJJs.exe
  2⤵
  PID:5984
- C:\Windows\System\tlsDTpP.exe
  C:\Windows\System\tlsDTpP.exe
  2⤵
  PID:6008
- C:\Windows\System\pYSAwYA.exe
  C:\Windows\System\pYSAwYA.exe
  2⤵
  PID:6024
- C:\Windows\System\RANdmPx.exe
  C:\Windows\System\RANdmPx.exe
  2⤵
  PID:6040
- C:\Windows\System\gljjspz.exe
  C:\Windows\System\gljjspz.exe
  2⤵
  PID:6056
- C:\Windows\System\vhuqxfM.exe
  C:\Windows\System\vhuqxfM.exe
  2⤵
  PID:6084
- C:\Windows\System\PMJGSXo.exe
  C:\Windows\System\PMJGSXo.exe
  2⤵
  PID:6104
- C:\Windows\System\yRWJcqy.exe
  C:\Windows\System\yRWJcqy.exe
  2⤵
  PID:6120
- C:\Windows\System\rUtySBM.exe
  C:\Windows\System\rUtySBM.exe
  2⤵
  PID:6140
- C:\Windows\System\qQsWzgE.exe
  C:\Windows\System\qQsWzgE.exe
  2⤵
  PID:4496
- C:\Windows\System\oKQtccT.exe
  C:\Windows\System\oKQtccT.exe
  2⤵
  PID:5000
- C:\Windows\System\xBaKfvk.exe
  C:\Windows\System\xBaKfvk.exe
  2⤵
  PID:4180
- C:\Windows\System\buljcpZ.exe
  C:\Windows\System\buljcpZ.exe
  2⤵
  PID:5128
- C:\Windows\System\iJWvTak.exe
  C:\Windows\System\iJWvTak.exe
  2⤵
  PID:5144
- C:\Windows\System\YRvozEY.exe
  C:\Windows\System\YRvozEY.exe
  2⤵
  PID:5180
- C:\Windows\System\goMaxMZ.exe
  C:\Windows\System\goMaxMZ.exe
  2⤵
  PID:5208
- C:\Windows\System\OknOcQO.exe
  C:\Windows\System\OknOcQO.exe
  2⤵
  PID:5232
- C:\Windows\System\VwVwkgs.exe
  C:\Windows\System\VwVwkgs.exe
  2⤵
  PID:5304
- C:\Windows\System\StjGSjH.exe
  C:\Windows\System\StjGSjH.exe
  2⤵
  PID:5344
- C:\Windows\System\PFDyunX.exe
  C:\Windows\System\PFDyunX.exe
  2⤵
  PID:5356
- C:\Windows\System\vSKxfDq.exe
  C:\Windows\System\vSKxfDq.exe
  2⤵
  PID:5368
- C:\Windows\System\drsbxFg.exe
  C:\Windows\System\drsbxFg.exe
  2⤵
  PID:5408
- C:\Windows\System\iZwzYdl.exe
  C:\Windows\System\iZwzYdl.exe
  2⤵
  PID:5444
- C:\Windows\System\ohPCakj.exe
  C:\Windows\System\ohPCakj.exe
  2⤵
  PID:5480
- C:\Windows\System\ftjXjDI.exe
  C:\Windows\System\ftjXjDI.exe
  2⤵
  PID:5496
- C:\Windows\System\fcqhOTW.exe
  C:\Windows\System\fcqhOTW.exe
  2⤵
  PID:5576
- C:\Windows\System\QNqhYiU.exe
  C:\Windows\System\QNqhYiU.exe
  2⤵
  PID:5616
- C:\Windows\System\qUVZBFg.exe
  C:\Windows\System\qUVZBFg.exe
  2⤵
  PID:5672
- C:\Windows\System\mHNuPjS.exe
  C:\Windows\System\mHNuPjS.exe
  2⤵
  PID:5652
- C:\Windows\System\kPaOSBI.exe
  C:\Windows\System\kPaOSBI.exe
  2⤵
  PID:5784
- C:\Windows\System\iLKybwV.exe
  C:\Windows\System\iLKybwV.exe
  2⤵
  PID:5768
- C:\Windows\System\gSNAHIX.exe
  C:\Windows\System\gSNAHIX.exe
  2⤵
  PID:5692
- C:\Windows\System\rYAjUfI.exe
  C:\Windows\System\rYAjUfI.exe
  2⤵
  PID:5184
- C:\Windows\System\EiQtIKi.exe
  C:\Windows\System\EiQtIKi.exe
  2⤵
  PID:5840
- C:\Windows\System\JpmtxsN.exe
  C:\Windows\System\JpmtxsN.exe
  2⤵
  PID:5856
- C:\Windows\System\HBHLhzB.exe
  C:\Windows\System\HBHLhzB.exe
  2⤵
  PID:5880
- C:\Windows\System\DKPYVsN.exe
  C:\Windows\System\DKPYVsN.exe
  2⤵
  PID:5916
- C:\Windows\System\VaDSZTN.exe
  C:\Windows\System\VaDSZTN.exe
  2⤵
  PID:5952
- C:\Windows\System\JacukJt.exe
  C:\Windows\System\JacukJt.exe
  2⤵
  PID:5980
- C:\Windows\System\UnvulKP.exe
  C:\Windows\System\UnvulKP.exe
  2⤵
  PID:6016
- C:\Windows\System\pwuyDoN.exe
  C:\Windows\System\pwuyDoN.exe
  2⤵
  PID:6068
- C:\Windows\System\ZjOpMAV.exe
  C:\Windows\System\ZjOpMAV.exe
  2⤵
  PID:6092
- C:\Windows\System\ltwBplb.exe
  C:\Windows\System\ltwBplb.exe
  2⤵
  PID:6128
- C:\Windows\System\yaWXjoW.exe
  C:\Windows\System\yaWXjoW.exe
  2⤵
  PID:4388
- C:\Windows\System\qQQJBQm.exe
  C:\Windows\System\qQQJBQm.exe
  2⤵
  PID:5132
- C:\Windows\System\TrNaMnC.exe
  C:\Windows\System\TrNaMnC.exe
  2⤵
  PID:4932
- C:\Windows\System\uURvhwU.exe
  C:\Windows\System\uURvhwU.exe
  2⤵
  PID:5164
- C:\Windows\System\fsYCYlQ.exe
  C:\Windows\System\fsYCYlQ.exe
  2⤵
  PID:4680
- C:\Windows\System\YYlpOyi.exe
  C:\Windows\System\YYlpOyi.exe
  2⤵
  PID:5292
- C:\Windows\System\FNIEFou.exe
  C:\Windows\System\FNIEFou.exe
  2⤵
  PID:5388
- C:\Windows\System\rPDbTKZ.exe
  C:\Windows\System\rPDbTKZ.exe
  2⤵
  PID:5392
- C:\Windows\System\PPlziCc.exe
  C:\Windows\System\PPlziCc.exe
  2⤵
  PID:5416
- C:\Windows\System\SZjgoyq.exe
  C:\Windows\System\SZjgoyq.exe
  2⤵
  PID:5516
- C:\Windows\System\etoDAud.exe
  C:\Windows\System\etoDAud.exe
  2⤵
  PID:5796
- C:\Windows\System\AuZNObp.exe
  C:\Windows\System\AuZNObp.exe
  2⤵
  PID:5556
- C:\Windows\System\BrLTuCo.exe
  C:\Windows\System\BrLTuCo.exe
  2⤵
  PID:5608
- C:\Windows\System\WDtlRnI.exe
  C:\Windows\System\WDtlRnI.exe
  2⤵
  PID:5704
- C:\Windows\System\ZiEZxdU.exe
  C:\Windows\System\ZiEZxdU.exe
  2⤵
  PID:5728
- C:\Windows\System\SdPbKpy.exe
  C:\Windows\System\SdPbKpy.exe
  2⤵
  PID:5824
- C:\Windows\System\qalenlQ.exe
  C:\Windows\System\qalenlQ.exe
  2⤵
  PID:1676
- C:\Windows\System\FQBALci.exe
  C:\Windows\System\FQBALci.exe
  2⤵
  PID:5876
- C:\Windows\System\jxneFsR.exe
  C:\Windows\System\jxneFsR.exe
  2⤵
  PID:5924
- C:\Windows\System\YQwYopv.exe
  C:\Windows\System\YQwYopv.exe
  2⤵
  PID:5996
- C:\Windows\System\VXLzYgo.exe
  C:\Windows\System\VXLzYgo.exe
  2⤵
  PID:6036
- C:\Windows\System\kNMaMdx.exe
  C:\Windows\System\kNMaMdx.exe
  2⤵
  PID:6080
- C:\Windows\System\cKYdFgK.exe
  C:\Windows\System\cKYdFgK.exe
  2⤵
  PID:6116
- C:\Windows\System\LarecXx.exe
  C:\Windows\System\LarecXx.exe
  2⤵
  PID:4208
- C:\Windows\System\OawPnYv.exe
  C:\Windows\System\OawPnYv.exe
  2⤵
  PID:4412
- C:\Windows\System\tjpdlWT.exe
  C:\Windows\System\tjpdlWT.exe
  2⤵
  PID:5252
- C:\Windows\System\MtQamaG.exe
  C:\Windows\System\MtQamaG.exe
  2⤵
  PID:5348
- C:\Windows\System\xmwrTEN.exe
  C:\Windows\System\xmwrTEN.exe
  2⤵
  PID:5432
- C:\Windows\System\arfnJfZ.exe
  C:\Windows\System\arfnJfZ.exe
  2⤵
  PID:5508
- C:\Windows\System\SPgYtAO.exe
  C:\Windows\System\SPgYtAO.exe
  2⤵
  PID:5604
- C:\Windows\System\ZULFtor.exe
  C:\Windows\System\ZULFtor.exe
  2⤵
  PID:5640
- C:\Windows\System\iVzTsvT.exe
  C:\Windows\System\iVzTsvT.exe
  2⤵
  PID:5708
- C:\Windows\System\cEXKAsE.exe
  C:\Windows\System\cEXKAsE.exe
  2⤵
  PID:5816
- C:\Windows\System\kwpCLyP.exe
  C:\Windows\System\kwpCLyP.exe
  2⤵
  PID:5872
- C:\Windows\System\EzbvdCq.exe
  C:\Windows\System\EzbvdCq.exe
  2⤵
  PID:6112
- C:\Windows\System\YVxyGyh.exe
  C:\Windows\System\YVxyGyh.exe
  2⤵
  PID:4716
- C:\Windows\System\LaNFoEZ.exe
  C:\Windows\System\LaNFoEZ.exe
  2⤵
  PID:6000
- C:\Windows\System\USyAJEi.exe
  C:\Windows\System\USyAJEi.exe
  2⤵
  PID:4364
- C:\Windows\System\UIUCtPg.exe
  C:\Windows\System\UIUCtPg.exe
  2⤵
  PID:5220
- C:\Windows\System\UyubUnN.exe
  C:\Windows\System\UyubUnN.exe
  2⤵
  PID:5668
- C:\Windows\System\HoUvHxc.exe
  C:\Windows\System\HoUvHxc.exe
  2⤵
  PID:5760
- C:\Windows\System\LyNxNKV.exe
  C:\Windows\System\LyNxNKV.exe
  2⤵
  PID:5724
- C:\Windows\System\zAFFFrv.exe
  C:\Windows\System\zAFFFrv.exe
  2⤵
  PID:6048
- C:\Windows\System\vFlrvoS.exe
  C:\Windows\System\vFlrvoS.exe
  2⤵
  PID:5956
- C:\Windows\System\OlggIss.exe
  C:\Windows\System\OlggIss.exe
  2⤵
  PID:4320
- C:\Windows\System\nOOJilR.exe
  C:\Windows\System\nOOJilR.exe
  2⤵
  PID:5200
- C:\Windows\System\VOfYuRZ.exe
  C:\Windows\System\VOfYuRZ.exe
  2⤵
  PID:5764
- C:\Windows\System\XGMtXnu.exe
  C:\Windows\System\XGMtXnu.exe
  2⤵
  PID:5548
- C:\Windows\System\peTLIFh.exe
  C:\Windows\System\peTLIFh.exe
  2⤵
  PID:5272
- C:\Windows\System\dytbbGo.exe
  C:\Windows\System\dytbbGo.exe
  2⤵
  PID:5352
- C:\Windows\System\KaNPOuK.exe
  C:\Windows\System\KaNPOuK.exe
  2⤵
  PID:2672
- C:\Windows\System\ImyEZRD.exe
  C:\Windows\System\ImyEZRD.exe
  2⤵
  PID:5920
- C:\Windows\System\hsfIUYS.exe
  C:\Windows\System\hsfIUYS.exe
  2⤵
  PID:3288
- C:\Windows\System\VPuvUtN.exe
  C:\Windows\System\VPuvUtN.exe
  2⤵
  PID:5072
- C:\Windows\System\FHriGDY.exe
  C:\Windows\System\FHriGDY.exe
  2⤵
  PID:6156
- C:\Windows\System\AOJRAmd.exe
  C:\Windows\System\AOJRAmd.exe
  2⤵
  PID:6172
- C:\Windows\System\HitIpdr.exe
  C:\Windows\System\HitIpdr.exe
  2⤵
  PID:6196
- C:\Windows\System\tHdODzC.exe
  C:\Windows\System\tHdODzC.exe
  2⤵
  PID:6212
- C:\Windows\System\BmNxCso.exe
  C:\Windows\System\BmNxCso.exe
  2⤵
  PID:6236
- C:\Windows\System\LKoECZQ.exe
  C:\Windows\System\LKoECZQ.exe
  2⤵
  PID:6256
- C:\Windows\System\RJTutXB.exe
  C:\Windows\System\RJTutXB.exe
  2⤵
  PID:6276
- C:\Windows\System\FineYsL.exe
  C:\Windows\System\FineYsL.exe
  2⤵
  PID:6296
- C:\Windows\System\thvuAPm.exe
  C:\Windows\System\thvuAPm.exe
  2⤵
  PID:6312
- C:\Windows\System\TlHPyGA.exe
  C:\Windows\System\TlHPyGA.exe
  2⤵
  PID:6332
- C:\Windows\System\qcQfeRN.exe
  C:\Windows\System\qcQfeRN.exe
  2⤵
  PID:6356
- C:\Windows\System\tKjjrnV.exe
  C:\Windows\System\tKjjrnV.exe
  2⤵
  PID:6376
- C:\Windows\System\CljDhgn.exe
  C:\Windows\System\CljDhgn.exe
  2⤵
  PID:6392
- C:\Windows\System\CwOwUmx.exe
  C:\Windows\System\CwOwUmx.exe
  2⤵
  PID:6412
- C:\Windows\System\dLNkgjp.exe
  C:\Windows\System\dLNkgjp.exe
  2⤵
  PID:6440
- C:\Windows\System\NzsmcFr.exe
  C:\Windows\System\NzsmcFr.exe
  2⤵
  PID:6456
- C:\Windows\System\aZRFWUp.exe
  C:\Windows\System\aZRFWUp.exe
  2⤵
  PID:6480
- C:\Windows\System\eAcuAmK.exe
  C:\Windows\System\eAcuAmK.exe
  2⤵
  PID:6504
- C:\Windows\System\KGgjuyp.exe
  C:\Windows\System\KGgjuyp.exe
  2⤵
  PID:6520
- C:\Windows\System\XEPBUYI.exe
  C:\Windows\System\XEPBUYI.exe
  2⤵
  PID:6540
- C:\Windows\System\HLFNopm.exe
  C:\Windows\System\HLFNopm.exe
  2⤵
  PID:6556
- C:\Windows\System\iszGWSo.exe
  C:\Windows\System\iszGWSo.exe
  2⤵
  PID:6584
- C:\Windows\System\NTCuOPl.exe
  C:\Windows\System\NTCuOPl.exe
  2⤵
  PID:6604
- C:\Windows\System\MASZCab.exe
  C:\Windows\System\MASZCab.exe
  2⤵
  PID:6620
- C:\Windows\System\oLGNirJ.exe
  C:\Windows\System\oLGNirJ.exe
  2⤵
  PID:6644
- C:\Windows\System\lfFbFEN.exe
  C:\Windows\System\lfFbFEN.exe
  2⤵
  PID:6660
- C:\Windows\System\teoRAAm.exe
  C:\Windows\System\teoRAAm.exe
  2⤵
  PID:6676
- C:\Windows\System\yvNgCRM.exe
  C:\Windows\System\yvNgCRM.exe
  2⤵
  PID:6696
- C:\Windows\System\zPQFsqD.exe
  C:\Windows\System\zPQFsqD.exe
  2⤵
  PID:6720
- C:\Windows\System\MHYtRvh.exe
  C:\Windows\System\MHYtRvh.exe
  2⤵
  PID:6740
- C:\Windows\System\hGFKuSp.exe
  C:\Windows\System\hGFKuSp.exe
  2⤵
  PID:6756
- C:\Windows\System\aSiKJqn.exe
  C:\Windows\System\aSiKJqn.exe
  2⤵
  PID:6780
- C:\Windows\System\wsOEbeU.exe
  C:\Windows\System\wsOEbeU.exe
  2⤵
  PID:6804
- C:\Windows\System\kRBRtql.exe
  C:\Windows\System\kRBRtql.exe
  2⤵
  PID:6820
- C:\Windows\System\NcarOTp.exe
  C:\Windows\System\NcarOTp.exe
  2⤵
  PID:6840
- C:\Windows\System\MelLton.exe
  C:\Windows\System\MelLton.exe
  2⤵
  PID:6860
- C:\Windows\System\gKSVUyK.exe
  C:\Windows\System\gKSVUyK.exe
  2⤵
  PID:6880
- C:\Windows\System\QYJeKQi.exe
  C:\Windows\System\QYJeKQi.exe
  2⤵
  PID:6904
- C:\Windows\System\VwlAgGb.exe
  C:\Windows\System\VwlAgGb.exe
  2⤵
  PID:6920
- C:\Windows\System\DhfOIEP.exe
  C:\Windows\System\DhfOIEP.exe
  2⤵
  PID:6940
- C:\Windows\System\xtBeGPO.exe
  C:\Windows\System\xtBeGPO.exe
  2⤵
  PID:6964
- C:\Windows\System\ADagBGe.exe
  C:\Windows\System\ADagBGe.exe
  2⤵
  PID:6984
- C:\Windows\System\FUCDtjQ.exe
  C:\Windows\System\FUCDtjQ.exe
  2⤵
  PID:7004
- C:\Windows\System\JerjFra.exe
  C:\Windows\System\JerjFra.exe
  2⤵
  PID:7020
- C:\Windows\System\qobesLu.exe
  C:\Windows\System\qobesLu.exe
  2⤵
  PID:7044
- C:\Windows\System\PRcFENx.exe
  C:\Windows\System\PRcFENx.exe
  2⤵
  PID:7084
- C:\Windows\System\MPmosNX.exe
  C:\Windows\System\MPmosNX.exe
  2⤵
  PID:7104
- C:\Windows\System\IelVjZo.exe
  C:\Windows\System\IelVjZo.exe
  2⤵
  PID:7128
- C:\Windows\System\odQSBwn.exe
  C:\Windows\System\odQSBwn.exe
  2⤵
  PID:7148
- C:\Windows\System\pTFjIDd.exe
  C:\Windows\System\pTFjIDd.exe
  2⤵
  PID:5572
- C:\Windows\System\gfCyDVa.exe
  C:\Windows\System\gfCyDVa.exe
  2⤵
  PID:6164
- C:\Windows\System\NjCEboV.exe
  C:\Windows\System\NjCEboV.exe
  2⤵
  PID:6188
- C:\Windows\System\wneHuFN.exe
  C:\Windows\System\wneHuFN.exe
  2⤵
  PID:6232
- C:\Windows\System\JeQqQPr.exe
  C:\Windows\System\JeQqQPr.exe
  2⤵
  PID:6252
- C:\Windows\System\CtuGWmQ.exe
  C:\Windows\System\CtuGWmQ.exe
  2⤵
  PID:6288
- C:\Windows\System\uzVHGQk.exe
  C:\Windows\System\uzVHGQk.exe
  2⤵
  PID:6320
- C:\Windows\System\ZJecYnw.exe
  C:\Windows\System\ZJecYnw.exe
  2⤵
  PID:6364
- C:\Windows\System\xeORola.exe
  C:\Windows\System\xeORola.exe
  2⤵
  PID:6400
- C:\Windows\System\JoDAvfZ.exe
  C:\Windows\System\JoDAvfZ.exe
  2⤵
  PID:6404
- C:\Windows\System\kFkGycW.exe
  C:\Windows\System\kFkGycW.exe
  2⤵
  PID:6452
- C:\Windows\System\joYkzxj.exe
  C:\Windows\System\joYkzxj.exe
  2⤵
  PID:6496
- C:\Windows\System\KlkMGZY.exe
  C:\Windows\System\KlkMGZY.exe
  2⤵
  PID:6528
- C:\Windows\System\WBhfdpI.exe
  C:\Windows\System\WBhfdpI.exe
  2⤵
  PID:6580
- C:\Windows\System\LZxnNct.exe
  C:\Windows\System\LZxnNct.exe
  2⤵
  PID:6596
- C:\Windows\System\IVIsraG.exe
  C:\Windows\System\IVIsraG.exe
  2⤵
  PID:6616
- C:\Windows\System\DVBynxo.exe
  C:\Windows\System\DVBynxo.exe
  2⤵
  PID:6656
- C:\Windows\System\AlaPUKt.exe
  C:\Windows\System\AlaPUKt.exe
  2⤵
  PID:6684
- C:\Windows\System\kkqaBdg.exe
  C:\Windows\System\kkqaBdg.exe
  2⤵
  PID:6732
- C:\Windows\System\MVnMZSZ.exe
  C:\Windows\System\MVnMZSZ.exe
  2⤵
  PID:6752
- C:\Windows\System\uzLnDVD.exe
  C:\Windows\System\uzLnDVD.exe
  2⤵
  PID:6792
- C:\Windows\System\VhWlCiC.exe
  C:\Windows\System\VhWlCiC.exe
  2⤵
  PID:6832
- C:\Windows\System\wrQqWUG.exe
  C:\Windows\System\wrQqWUG.exe
  2⤵
  PID:6872
- C:\Windows\System\CcCLKFj.exe
  C:\Windows\System\CcCLKFj.exe
  2⤵
  PID:6892
- C:\Windows\System\gJbkLQk.exe
  C:\Windows\System\gJbkLQk.exe
  2⤵
  PID:6916
- C:\Windows\System\ueopEUP.exe
  C:\Windows\System\ueopEUP.exe
  2⤵
  PID:6952
- C:\Windows\System\JoomhZk.exe
  C:\Windows\System\JoomhZk.exe
  2⤵
  PID:6980
- C:\Windows\System\OlyTGFq.exe
  C:\Windows\System\OlyTGFq.exe
  2⤵
  PID:7012
- C:\Windows\System\XlASaPO.exe
  C:\Windows\System\XlASaPO.exe
  2⤵
  PID:7016
- C:\Windows\System\yebjJGk.exe
  C:\Windows\System\yebjJGk.exe
  2⤵
  PID:7096
- C:\Windows\System\ZpPHOoy.exe
  C:\Windows\System\ZpPHOoy.exe
  2⤵
  PID:7124
- C:\Windows\System\lrJPZfZ.exe
  C:\Windows\System\lrJPZfZ.exe
  2⤵
  PID:7144
- C:\Windows\System\QbqgOKd.exe
  C:\Windows\System\QbqgOKd.exe
  2⤵
  PID:6148
- C:\Windows\System\pqWEiEu.exe
  C:\Windows\System\pqWEiEu.exe
  2⤵
  PID:6220
- C:\Windows\System\JjaIrpS.exe
  C:\Windows\System\JjaIrpS.exe
  2⤵
  PID:6208
- C:\Windows\System\oMqTqKQ.exe
  C:\Windows\System\oMqTqKQ.exe
  2⤵
  PID:6324
- C:\Windows\System\EDvWdkj.exe
  C:\Windows\System\EDvWdkj.exe
  2⤵
  PID:6372
- C:\Windows\System\fqqmQgj.exe
  C:\Windows\System\fqqmQgj.exe
  2⤵
  PID:6432
- C:\Windows\System\JkLocRJ.exe
  C:\Windows\System\JkLocRJ.exe
  2⤵
  PID:6488
- C:\Windows\System\woXGbsa.exe
  C:\Windows\System\woXGbsa.exe
  2⤵
  PID:6552
- C:\Windows\System\rnznWUy.exe
  C:\Windows\System\rnznWUy.exe
  2⤵
  PID:6636
- C:\Windows\System\pmNqYSt.exe
  C:\Windows\System\pmNqYSt.exe
  2⤵
  PID:6652
- C:\Windows\System\AHCKtVW.exe
  C:\Windows\System\AHCKtVW.exe
  2⤵
  PID:6692
- C:\Windows\System\KQFEvMK.exe
  C:\Windows\System\KQFEvMK.exe
  2⤵
  PID:6764
- C:\Windows\System\hLZoKIK.exe
  C:\Windows\System\hLZoKIK.exe
  2⤵
  PID:6788
- C:\Windows\System\hwbBklE.exe
  C:\Windows\System\hwbBklE.exe
  2⤵
  PID:6936
- C:\Windows\System\XJBODrA.exe
  C:\Windows\System\XJBODrA.exe
  2⤵
  PID:6976
- C:\Windows\System\dXGNvaG.exe
  C:\Windows\System\dXGNvaG.exe
  2⤵
  PID:6868
- C:\Windows\System\kYqXPlD.exe
  C:\Windows\System\kYqXPlD.exe
  2⤵
  PID:6500
- C:\Windows\System\tGqNFZX.exe
  C:\Windows\System\tGqNFZX.exe
  2⤵
  PID:7036
- C:\Windows\System\YxHoIir.exe
  C:\Windows\System\YxHoIir.exe
  2⤵
  PID:7136
- C:\Windows\System\PjMYvak.exe
  C:\Windows\System\PjMYvak.exe
  2⤵
  PID:6180
- C:\Windows\System\znQbVHH.exe
  C:\Windows\System\znQbVHH.exe
  2⤵
  PID:6308
- C:\Windows\System\jXKeQUK.exe
  C:\Windows\System\jXKeQUK.exe
  2⤵
  PID:6352
- C:\Windows\System\sleLVNR.exe
  C:\Windows\System\sleLVNR.exe
  2⤵
  PID:6516
- C:\Windows\System\fKRNqUJ.exe
  C:\Windows\System\fKRNqUJ.exe
  2⤵
  PID:6564
- C:\Windows\System\gvlRXuP.exe
  C:\Windows\System\gvlRXuP.exe
  2⤵
  PID:6716
- C:\Windows\System\edXJkWB.exe
  C:\Windows\System\edXJkWB.exe
  2⤵
  PID:6800
- C:\Windows\System\YtfdOqC.exe
  C:\Windows\System\YtfdOqC.exe
  2⤵
  PID:6828
- C:\Windows\System\SkIkENs.exe
  C:\Windows\System\SkIkENs.exe
  2⤵
  PID:6932
- C:\Windows\System\ymavhAW.exe
  C:\Windows\System\ymavhAW.exe
  2⤵
  PID:6912
- C:\Windows\System\ZbLuGOM.exe
  C:\Windows\System\ZbLuGOM.exe
  2⤵
  PID:7116
- C:\Windows\System\ouFVmys.exe
  C:\Windows\System\ouFVmys.exe
  2⤵
  PID:5472
- C:\Windows\System\JOPwUYP.exe
  C:\Windows\System\JOPwUYP.exe
  2⤵
  PID:6284
- C:\Windows\System\MqJnosz.exe
  C:\Windows\System\MqJnosz.exe
  2⤵
  PID:6428
- C:\Windows\System\eaLmLVX.exe
  C:\Windows\System\eaLmLVX.exe
  2⤵
  PID:6628
- C:\Windows\System\MVugogV.exe
  C:\Windows\System\MVugogV.exe
  2⤵
  PID:6856
- C:\Windows\System\bVkJgHB.exe
  C:\Windows\System\bVkJgHB.exe
  2⤵
  PID:6816
- C:\Windows\System\EDYGYYE.exe
  C:\Windows\System\EDYGYYE.exe
  2⤵
  PID:7092
- C:\Windows\System\CfTbyfW.exe
  C:\Windows\System\CfTbyfW.exe
  2⤵
  PID:6424
- C:\Windows\System\pyscSYd.exe
  C:\Windows\System\pyscSYd.exe
  2⤵
  PID:7140
- C:\Windows\System\ScDSaTg.exe
  C:\Windows\System\ScDSaTg.exe
  2⤵
  PID:6772
- C:\Windows\System\fEkJxvl.exe
  C:\Windows\System\fEkJxvl.exe
  2⤵
  PID:7028
- C:\Windows\System\pXeCgkq.exe
  C:\Windows\System\pXeCgkq.exe
  2⤵
  PID:7160
- C:\Windows\System\hFYPwBw.exe
  C:\Windows\System\hFYPwBw.exe
  2⤵
  PID:6736
- C:\Windows\System\UUDIFwh.exe
  C:\Windows\System\UUDIFwh.exe
  2⤵
  PID:7112
- C:\Windows\System\tRNtyfP.exe
  C:\Windows\System\tRNtyfP.exe
  2⤵
  PID:6848
- C:\Windows\System\xULWsCY.exe
  C:\Windows\System\xULWsCY.exe
  2⤵
  PID:6384
- C:\Windows\System\LOHebMz.exe
  C:\Windows\System\LOHebMz.exe
  2⤵
  PID:7172
- C:\Windows\System\HkbwLfJ.exe
  C:\Windows\System\HkbwLfJ.exe
  2⤵
  PID:7188
- C:\Windows\System\gKMdExR.exe
  C:\Windows\System\gKMdExR.exe
  2⤵
  PID:7212
- C:\Windows\System\acVoGhD.exe
  C:\Windows\System\acVoGhD.exe
  2⤵
  PID:7228
- C:\Windows\System\smZnxWC.exe
  C:\Windows\System\smZnxWC.exe
  2⤵
  PID:7248
- C:\Windows\System\fXZzgFV.exe
  C:\Windows\System\fXZzgFV.exe
  2⤵
  PID:7276
- C:\Windows\System\DNTlzCK.exe
  C:\Windows\System\DNTlzCK.exe
  2⤵
  PID:7292
- C:\Windows\System\VztNUxA.exe
  C:\Windows\System\VztNUxA.exe
  2⤵
  PID:7312
- C:\Windows\System\fDJlhlA.exe
  C:\Windows\System\fDJlhlA.exe
  2⤵
  PID:7332
- C:\Windows\System\AvePoil.exe
  C:\Windows\System\AvePoil.exe
  2⤵
  PID:7348
- C:\Windows\System\weSwiqi.exe
  C:\Windows\System\weSwiqi.exe
  2⤵
  PID:7372
- C:\Windows\System\BdeUtJu.exe
  C:\Windows\System\BdeUtJu.exe
  2⤵
  PID:7388
- C:\Windows\System\yvbsuOH.exe
  C:\Windows\System\yvbsuOH.exe
  2⤵
  PID:7408
- C:\Windows\System\scNQUDr.exe
  C:\Windows\System\scNQUDr.exe
  2⤵
  PID:7428
- C:\Windows\System\gCBerjL.exe
  C:\Windows\System\gCBerjL.exe
  2⤵
  PID:7456
- C:\Windows\System\OSAIrlO.exe
  C:\Windows\System\OSAIrlO.exe
  2⤵
  PID:7476
- C:\Windows\System\dpKLOsQ.exe
  C:\Windows\System\dpKLOsQ.exe
  2⤵
  PID:7492
- C:\Windows\System\JtHPgMM.exe
  C:\Windows\System\JtHPgMM.exe
  2⤵
  PID:7516
- C:\Windows\System\yCfGqTj.exe
  C:\Windows\System\yCfGqTj.exe
  2⤵
  PID:7540
- C:\Windows\System\FypPlMY.exe
  C:\Windows\System\FypPlMY.exe
  2⤵
  PID:7576
- C:\Windows\System\drjJhpE.exe
  C:\Windows\System\drjJhpE.exe
  2⤵
  PID:7596
- C:\Windows\System\njPZNSp.exe
  C:\Windows\System\njPZNSp.exe
  2⤵
  PID:7616
- C:\Windows\System\UmxzHMy.exe
  C:\Windows\System\UmxzHMy.exe
  2⤵
  PID:7636
- C:\Windows\System\YLphGPg.exe
  C:\Windows\System\YLphGPg.exe
  2⤵
  PID:7652
- C:\Windows\System\pGwLspS.exe
  C:\Windows\System\pGwLspS.exe
  2⤵
  PID:7672
- C:\Windows\System\xCxsqbg.exe
  C:\Windows\System\xCxsqbg.exe
  2⤵
  PID:7696
- C:\Windows\System\gPNTEoq.exe
  C:\Windows\System\gPNTEoq.exe
  2⤵
  PID:7712
- C:\Windows\System\qwtxTSQ.exe
  C:\Windows\System\qwtxTSQ.exe
  2⤵
  PID:7736
- C:\Windows\System\LLSOSfo.exe
  C:\Windows\System\LLSOSfo.exe
  2⤵
  PID:7752
- C:\Windows\System\gHqeUjA.exe
  C:\Windows\System\gHqeUjA.exe
  2⤵
  PID:7768
- C:\Windows\System\PTUkpjt.exe
  C:\Windows\System\PTUkpjt.exe
  2⤵
  PID:7784
- C:\Windows\System\UQFsTQl.exe
  C:\Windows\System\UQFsTQl.exe
  2⤵
  PID:7804
- C:\Windows\System\jwjNSFi.exe
  C:\Windows\System\jwjNSFi.exe
  2⤵
  PID:7820
- C:\Windows\System\vCoMPVN.exe
  C:\Windows\System\vCoMPVN.exe
  2⤵
  PID:7836
- C:\Windows\System\ndItHFf.exe
  C:\Windows\System\ndItHFf.exe
  2⤵
  PID:7852
- C:\Windows\System\RZowjhu.exe
  C:\Windows\System\RZowjhu.exe
  2⤵
  PID:7872
- C:\Windows\System\oFPimeP.exe
  C:\Windows\System\oFPimeP.exe
  2⤵
  PID:7888
- C:\Windows\System\VGvWbLA.exe
  C:\Windows\System\VGvWbLA.exe
  2⤵
  PID:7904
- C:\Windows\System\gLaRDIJ.exe
  C:\Windows\System\gLaRDIJ.exe
  2⤵
  PID:7920
- C:\Windows\System\kNAyocg.exe
  C:\Windows\System\kNAyocg.exe
  2⤵
  PID:7936
- C:\Windows\System\wtZUGeG.exe
  C:\Windows\System\wtZUGeG.exe
  2⤵
  PID:7952
- C:\Windows\System\JQaRlgV.exe
  C:\Windows\System\JQaRlgV.exe
  2⤵
  PID:7968
- C:\Windows\System\AipZXfq.exe
  C:\Windows\System\AipZXfq.exe
  2⤵
  PID:7984
- C:\Windows\System\JHCxDjC.exe
  C:\Windows\System\JHCxDjC.exe
  2⤵
  PID:8004
- C:\Windows\System\fQVxPQt.exe
  C:\Windows\System\fQVxPQt.exe
  2⤵
  PID:8024
- C:\Windows\System\GyNadYA.exe
  C:\Windows\System\GyNadYA.exe
  2⤵
  PID:8040
- C:\Windows\System\uEKdWhk.exe
  C:\Windows\System\uEKdWhk.exe
  2⤵
  PID:8056
- C:\Windows\System\xlkPdTC.exe
  C:\Windows\System\xlkPdTC.exe
  2⤵
  PID:8076
- C:\Windows\System\XLgNudm.exe
  C:\Windows\System\XLgNudm.exe
  2⤵
  PID:8092
- C:\Windows\System\wFYvmji.exe
  C:\Windows\System\wFYvmji.exe
  2⤵
  PID:8116
- C:\Windows\System\bHEvSRo.exe
  C:\Windows\System\bHEvSRo.exe
  2⤵
  PID:8144
- C:\Windows\System\pHpnVLw.exe
  C:\Windows\System\pHpnVLw.exe
  2⤵
  PID:8168
- C:\Windows\System\UHoVsjh.exe
  C:\Windows\System\UHoVsjh.exe
  2⤵
  PID:8188
- C:\Windows\System\eSpfcPO.exe
  C:\Windows\System\eSpfcPO.exe
  2⤵
  PID:6948
- C:\Windows\System\MRDEAoy.exe
  C:\Windows\System\MRDEAoy.exe
  2⤵
  PID:7204
- C:\Windows\System\VkVYnaK.exe
  C:\Windows\System\VkVYnaK.exe
  2⤵
  PID:7220
- C:\Windows\System\WEndUhk.exe
  C:\Windows\System\WEndUhk.exe
  2⤵
  PID:7264
- C:\Windows\System\nYnBHOX.exe
  C:\Windows\System\nYnBHOX.exe
  2⤵
  PID:7300
- C:\Windows\System\fZykohp.exe
  C:\Windows\System\fZykohp.exe
  2⤵
  PID:7324
- C:\Windows\System\rjvNVUv.exe
  C:\Windows\System\rjvNVUv.exe
  2⤵
  PID:7344
- C:\Windows\System\jVzSBlq.exe
  C:\Windows\System\jVzSBlq.exe
  2⤵
  PID:7420
- C:\Windows\System\PDaIcXC.exe
  C:\Windows\System\PDaIcXC.exe
  2⤵
  PID:7368
- C:\Windows\System\SubMdwJ.exe
  C:\Windows\System\SubMdwJ.exe
  2⤵
  PID:7356
- C:\Windows\System\wKaAAAy.exe
  C:\Windows\System\wKaAAAy.exe
  2⤵
  PID:7464
- C:\Windows\System\HmNlWUm.exe
  C:\Windows\System\HmNlWUm.exe
  2⤵
  PID:7500
- C:\Windows\System\ALFVKYn.exe
  C:\Windows\System\ALFVKYn.exe
  2⤵
  PID:7524
- C:\Windows\System\ZDcZCec.exe
  C:\Windows\System\ZDcZCec.exe
  2⤵
  PID:7548
- C:\Windows\System\ufLeHCe.exe
  C:\Windows\System\ufLeHCe.exe
  2⤵
  PID:7508
- C:\Windows\System\ZAPiZik.exe
  C:\Windows\System\ZAPiZik.exe
  2⤵
  PID:7572
- C:\Windows\System\tPcVxkq.exe
  C:\Windows\System\tPcVxkq.exe
  2⤵
  PID:7588
- C:\Windows\System\orBMnLe.exe
  C:\Windows\System\orBMnLe.exe
  2⤵
  PID:7632
- C:\Windows\System\QpZbIQx.exe
  C:\Windows\System\QpZbIQx.exe
  2⤵
  PID:7684
- C:\Windows\System\UamoRHw.exe
  C:\Windows\System\UamoRHw.exe
  2⤵
  PID:7692
- C:\Windows\System\vglngiC.exe
  C:\Windows\System\vglngiC.exe
  2⤵
  PID:7728
- C:\Windows\System\MXRAqVe.exe
  C:\Windows\System\MXRAqVe.exe
  2⤵
  PID:7792
- C:\Windows\System\sZCxiuV.exe
  C:\Windows\System\sZCxiuV.exe
  2⤵
  PID:7748
- C:\Windows\System\sTYeBFT.exe
  C:\Windows\System\sTYeBFT.exe
  2⤵
  PID:7860
- C:\Windows\System\pVhYkeX.exe
  C:\Windows\System\pVhYkeX.exe
  2⤵
  PID:7844
- C:\Windows\System\DAUcnWY.exe
  C:\Windows\System\DAUcnWY.exe
  2⤵
  PID:7880
- C:\Windows\System\RuxiSdp.exe
  C:\Windows\System\RuxiSdp.exe
  2⤵
  PID:7928
- C:\Windows\System\jMaraYz.exe
  C:\Windows\System\jMaraYz.exe
  2⤵
  PID:7992
- C:\Windows\System\CTeVSoA.exe
  C:\Windows\System\CTeVSoA.exe
  2⤵
  PID:7996
- C:\Windows\System\yTtvyhW.exe
  C:\Windows\System\yTtvyhW.exe
  2⤵
  PID:8016
- C:\Windows\System\LWjDXwh.exe
  C:\Windows\System\LWjDXwh.exe
  2⤵
  PID:8052
- C:\Windows\System\CsVDrHu.exe
  C:\Windows\System\CsVDrHu.exe
  2⤵
  PID:8088
- C:\Windows\System\adNWVQs.exe
  C:\Windows\System\adNWVQs.exe
  2⤵
  PID:8112
- C:\Windows\System\VDNBoPu.exe
  C:\Windows\System\VDNBoPu.exe
  2⤵
  PID:8136
- C:\Windows\System\xrhEeJX.exe
  C:\Windows\System\xrhEeJX.exe
  2⤵
  PID:8140
- C:\Windows\System\kzNKgyA.exe
  C:\Windows\System\kzNKgyA.exe
  2⤵
  PID:7184
- C:\Windows\System\sIZVJFx.exe
  C:\Windows\System\sIZVJFx.exe
  2⤵
  PID:7196
- C:\Windows\System\opkWwNz.exe
  C:\Windows\System\opkWwNz.exe
  2⤵
  PID:7272
- C:\Windows\System\JiraNdu.exe
  C:\Windows\System\JiraNdu.exe
  2⤵
  PID:7304
- C:\Windows\System\csPLLLf.exe
  C:\Windows\System\csPLLLf.exe
  2⤵
  PID:7360
- C:\Windows\System\xJrsiTE.exe
  C:\Windows\System\xJrsiTE.exe
  2⤵
  PID:7444
- C:\Windows\System\aUiugFn.exe
  C:\Windows\System\aUiugFn.exe
  2⤵
  PID:7868
- C:\Windows\System\HfUaQFE.exe
  C:\Windows\System\HfUaQFE.exe
  2⤵
  PID:2832
- C:\Windows\System\XkSEuEb.exe
  C:\Windows\System\XkSEuEb.exe
  2⤵
  PID:7560
- C:\Windows\System\CBhUZXk.exe
  C:\Windows\System\CBhUZXk.exe
  2⤵
  PID:7664
- C:\Windows\System\BkpWfWh.exe
  C:\Windows\System\BkpWfWh.exe
  2⤵
  PID:7624
- C:\Windows\System\nRkZbsk.exe
  C:\Windows\System\nRkZbsk.exe
  2⤵
  PID:7668
- C:\Windows\System\mOZaLtX.exe
  C:\Windows\System\mOZaLtX.exe
  2⤵
  PID:7760
- C:\Windows\System\ugFswVm.exe
  C:\Windows\System\ugFswVm.exe
  2⤵
  PID:7864
- C:\Windows\System\KvhpEzG.exe
  C:\Windows\System\KvhpEzG.exe
  2⤵
  PID:7912
- C:\Windows\System\EmRjGPr.exe
  C:\Windows\System\EmRjGPr.exe
  2⤵
  PID:7960
- C:\Windows\System\nSsQNgh.exe
  C:\Windows\System\nSsQNgh.exe
  2⤵
  PID:8012
- C:\Windows\System\xHCHnbM.exe
  C:\Windows\System\xHCHnbM.exe
  2⤵
  PID:8156
- C:\Windows\System\rAcFLcX.exe
  C:\Windows\System\rAcFLcX.exe
  2⤵
  PID:8176
- C:\Windows\System\RdvvNyf.exe
  C:\Windows\System\RdvvNyf.exe
  2⤵
  PID:7340
- C:\Windows\System\cwhLOQM.exe
  C:\Windows\System\cwhLOQM.exe
  2⤵
  PID:7488
- C:\Windows\System\ZjDUrzr.exe
  C:\Windows\System\ZjDUrzr.exe
  2⤵
  PID:7528
- C:\Windows\System\kmMedxd.exe
  C:\Windows\System\kmMedxd.exe
  2⤵
  PID:7648
- C:\Windows\System\gxigsGb.exe
  C:\Windows\System\gxigsGb.exe
  2⤵
  PID:7964
- C:\Windows\System\hnAdfDe.exe
  C:\Windows\System\hnAdfDe.exe
  2⤵
  PID:8032
- C:\Windows\System\PEHHHUe.exe
  C:\Windows\System\PEHHHUe.exe
  2⤵
  PID:8084
- C:\Windows\System\Kwkudra.exe
  C:\Windows\System\Kwkudra.exe
  2⤵
  PID:6956
- C:\Windows\System\RMuTHfW.exe
  C:\Windows\System\RMuTHfW.exe
  2⤵
  PID:7436
- C:\Windows\System\NyLYngJ.exe
  C:\Windows\System\NyLYngJ.exe
  2⤵
  PID:7604
- C:\Windows\System\oZeUgvy.exe
  C:\Windows\System\oZeUgvy.exe
  2⤵
  PID:7440
- C:\Windows\System\aXAbLKD.exe
  C:\Windows\System\aXAbLKD.exe
  2⤵
  PID:7976
- C:\Windows\System\zjmYJNo.exe
  C:\Windows\System\zjmYJNo.exe
  2⤵
  PID:7948
- C:\Windows\System\TkbxYGJ.exe
  C:\Windows\System\TkbxYGJ.exe
  2⤵
  PID:7256
- C:\Windows\System\yJYirjP.exe
  C:\Windows\System\yJYirjP.exe
  2⤵
  PID:8128
- C:\Windows\System\PAVHQFw.exe
  C:\Windows\System\PAVHQFw.exe
  2⤵
  PID:7568
- C:\Windows\System\vfJHEOX.exe
  C:\Windows\System\vfJHEOX.exe
  2⤵
  PID:7764
- C:\Windows\System\mXEmRbp.exe
  C:\Windows\System\mXEmRbp.exe
  2⤵
  PID:8064
- C:\Windows\System\aANIhvp.exe
  C:\Windows\System\aANIhvp.exe
  2⤵
  PID:3876
- C:\Windows\System\MPMNPfX.exe
  C:\Windows\System\MPMNPfX.exe
  2⤵
  PID:7504
- C:\Windows\System\FiwyRWC.exe
  C:\Windows\System\FiwyRWC.exe
  2⤵
  PID:7900
- C:\Windows\System\KvMMfhE.exe
  C:\Windows\System\KvMMfhE.exe
  2⤵
  PID:7400
- C:\Windows\System\aTockne.exe
  C:\Windows\System\aTockne.exe
  2⤵
  PID:8204
- C:\Windows\System\RlwolDJ.exe
  C:\Windows\System\RlwolDJ.exe
  2⤵
  PID:8220
- C:\Windows\System\iPCVvLF.exe
  C:\Windows\System\iPCVvLF.exe
  2⤵
  PID:8236
- C:\Windows\System\cLeaMMm.exe
  C:\Windows\System\cLeaMMm.exe
  2⤵
  PID:8252
- C:\Windows\System\OiavbAl.exe
  C:\Windows\System\OiavbAl.exe
  2⤵
  PID:8268
- C:\Windows\System\fBOJdqV.exe
  C:\Windows\System\fBOJdqV.exe
  2⤵
  PID:8296
- C:\Windows\System\idxywhH.exe
  C:\Windows\System\idxywhH.exe
  2⤵
  PID:8316
- C:\Windows\System\MPcuHNx.exe
  C:\Windows\System\MPcuHNx.exe
  2⤵
  PID:8332
- C:\Windows\System\XNSmMEM.exe
  C:\Windows\System\XNSmMEM.exe
  2⤵
  PID:8352
- C:\Windows\System\SChcPcU.exe
  C:\Windows\System\SChcPcU.exe
  2⤵
  PID:8372
- C:\Windows\System\wNkkBdw.exe
  C:\Windows\System\wNkkBdw.exe
  2⤵
  PID:8388
- C:\Windows\System\jrIHgWa.exe
  C:\Windows\System\jrIHgWa.exe
  2⤵
  PID:8408
- C:\Windows\System\ahEXdFo.exe
  C:\Windows\System\ahEXdFo.exe
  2⤵
  PID:8424
- C:\Windows\System\HyxTaru.exe
  C:\Windows\System\HyxTaru.exe
  2⤵
  PID:8456
- C:\Windows\System\cQvbvBX.exe
  C:\Windows\System\cQvbvBX.exe
  2⤵
  PID:8476
- C:\Windows\System\tKyvEZQ.exe
  C:\Windows\System\tKyvEZQ.exe
  2⤵
  PID:8492
- C:\Windows\System\omstjro.exe
  C:\Windows\System\omstjro.exe
  2⤵
  PID:8516
- C:\Windows\System\GeLkLDg.exe
  C:\Windows\System\GeLkLDg.exe
  2⤵
  PID:8732
- C:\Windows\System\KbjZEyz.exe
  C:\Windows\System\KbjZEyz.exe
  2⤵
  PID:8752
- C:\Windows\System\jFujTTM.exe
  C:\Windows\System\jFujTTM.exe
  2⤵
  PID:8776
- C:\Windows\System\zmmTGmh.exe
  C:\Windows\System\zmmTGmh.exe
  2⤵
  PID:8792
- C:\Windows\System\DPvtEhV.exe
  C:\Windows\System\DPvtEhV.exe
  2⤵
  PID:8812
- C:\Windows\System\YWVyWFt.exe
  C:\Windows\System\YWVyWFt.exe
  2⤵
  PID:8836
- C:\Windows\System\DjfIqTQ.exe
  C:\Windows\System\DjfIqTQ.exe
  2⤵
  PID:8852
- C:\Windows\System\fXcXWGn.exe
  C:\Windows\System\fXcXWGn.exe
  2⤵
  PID:8872
- C:\Windows\System\wpelsjf.exe
  C:\Windows\System\wpelsjf.exe
  2⤵
  PID:8896
- C:\Windows\System\AUWMzzt.exe
  C:\Windows\System\AUWMzzt.exe
  2⤵
  PID:8912
- C:\Windows\System\uyXWerB.exe
  C:\Windows\System\uyXWerB.exe
  2⤵
  PID:8932
- C:\Windows\System\iakBZQS.exe
  C:\Windows\System\iakBZQS.exe
  2⤵
  PID:8952
- C:\Windows\System\mCRxyiZ.exe
  C:\Windows\System\mCRxyiZ.exe
  2⤵
  PID:8972
- C:\Windows\System\QpuUtpJ.exe
  C:\Windows\System\QpuUtpJ.exe
  2⤵
  PID:8996
- C:\Windows\System\ZTIGvLS.exe
  C:\Windows\System\ZTIGvLS.exe
  2⤵
  PID:9012
- C:\Windows\System\mOPSDbz.exe
  C:\Windows\System\mOPSDbz.exe
  2⤵
  PID:9028
- C:\Windows\System\vCbzlsR.exe
  C:\Windows\System\vCbzlsR.exe
  2⤵
  PID:9048
- C:\Windows\System\ydPrDaT.exe
  C:\Windows\System\ydPrDaT.exe
  2⤵
  PID:9068
- C:\Windows\System\ZYdXLKX.exe
  C:\Windows\System\ZYdXLKX.exe
  2⤵
  PID:9084
- C:\Windows\System\fYwOCfP.exe
  C:\Windows\System\fYwOCfP.exe
  2⤵
  PID:9104
- C:\Windows\System\KEfbkCQ.exe
  C:\Windows\System\KEfbkCQ.exe
  2⤵
  PID:9128
- C:\Windows\System\QVfXhod.exe
  C:\Windows\System\QVfXhod.exe
  2⤵
  PID:9152
- C:\Windows\System\ZDUhxWK.exe
  C:\Windows\System\ZDUhxWK.exe
  2⤵
  PID:9176
- C:\Windows\System\iSgiUkU.exe
  C:\Windows\System\iSgiUkU.exe
  2⤵
  PID:9196
- C:\Windows\System\dcsxhCa.exe
  C:\Windows\System\dcsxhCa.exe
  2⤵
  PID:9212
- C:\Windows\System\ynSzmoQ.exe
  C:\Windows\System\ynSzmoQ.exe
  2⤵
  PID:8228
- C:\Windows\System\OpUmUDM.exe
  C:\Windows\System\OpUmUDM.exe
  2⤵
  PID:8260
- C:\Windows\System\DyEZuuf.exe
  C:\Windows\System\DyEZuuf.exe
  2⤵
  PID:8308
- C:\Windows\System\ONInUzi.exe
  C:\Windows\System\ONInUzi.exe
  2⤵
  PID:8292
- C:\Windows\System\OJrlxVi.exe
  C:\Windows\System\OJrlxVi.exe
  2⤵
  PID:8360
- C:\Windows\System\iakkCTl.exe
  C:\Windows\System\iakkCTl.exe
  2⤵
  PID:8384
- C:\Windows\System\gfQeEQS.exe
  C:\Windows\System\gfQeEQS.exe
  2⤵
  PID:8404
- C:\Windows\System\buUhRJH.exe
  C:\Windows\System\buUhRJH.exe
  2⤵
  PID:8468
- C:\Windows\System\WxZEzvc.exe
  C:\Windows\System\WxZEzvc.exe
  2⤵
  PID:8448
- C:\Windows\System\IetpFoi.exe
  C:\Windows\System\IetpFoi.exe
  2⤵
  PID:8512
- C:\Windows\System\ezsAGTA.exe
  C:\Windows\System\ezsAGTA.exe
  2⤵
  PID:8544
- C:\Windows\System\YysktrN.exe
  C:\Windows\System\YysktrN.exe
  2⤵
  PID:8564
- C:\Windows\System\cBgsttx.exe
  C:\Windows\System\cBgsttx.exe
  2⤵
  PID:8580
- C:\Windows\System\TjaVIDV.exe
  C:\Windows\System\TjaVIDV.exe
  2⤵
  PID:8600
- C:\Windows\System\WKotWXu.exe
  C:\Windows\System\WKotWXu.exe
  2⤵
  PID:8620
- C:\Windows\System\mOQWsZU.exe
  C:\Windows\System\mOQWsZU.exe
  2⤵
  PID:8636
- C:\Windows\System\LQSdjLU.exe
  C:\Windows\System\LQSdjLU.exe
  2⤵
  PID:8672
- C:\Windows\System\CRyoUzP.exe
  C:\Windows\System\CRyoUzP.exe
  2⤵
  PID:8688
- C:\Windows\System\cAhTGki.exe
  C:\Windows\System\cAhTGki.exe
  2⤵
  PID:8708
- C:\Windows\System\jhzDdhZ.exe
  C:\Windows\System\jhzDdhZ.exe
  2⤵
  PID:8724
- C:\Windows\System\GtPkzNB.exe
  C:\Windows\System\GtPkzNB.exe
  2⤵
  PID:8748
- C:\Windows\System\coPOtyw.exe
  C:\Windows\System\coPOtyw.exe
  2⤵
  PID:8788
- C:\Windows\System\NgOhKQR.exe
  C:\Windows\System\NgOhKQR.exe
  2⤵
  PID:8820
- C:\Windows\System\wLwbCBw.exe
  C:\Windows\System\wLwbCBw.exe
  2⤵
  PID:8844
- C:\Windows\System\koHHDhj.exe
  C:\Windows\System\koHHDhj.exe
  2⤵
  PID:8892
- C:\Windows\System\LjjpOxt.exe
  C:\Windows\System\LjjpOxt.exe
  2⤵
  PID:8920
- C:\Windows\System\OgRhidj.exe
  C:\Windows\System\OgRhidj.exe
  2⤵
  PID:8960
- C:\Windows\System\XQlPLTN.exe
  C:\Windows\System\XQlPLTN.exe
  2⤵
  PID:8988
- C:\Windows\System\Trwguec.exe
  C:\Windows\System\Trwguec.exe
  2⤵
  PID:9064
- C:\Windows\System\wWlUBEZ.exe
  C:\Windows\System\wWlUBEZ.exe
  2⤵
  PID:9004
- C:\Windows\System\hOZiLMh.exe
  C:\Windows\System\hOZiLMh.exe
  2⤵
  PID:9044
- C:\Windows\System\cnoQhwQ.exe
  C:\Windows\System\cnoQhwQ.exe
  2⤵
  PID:9116
- C:\Windows\System\OXZkgKf.exe
  C:\Windows\System\OXZkgKf.exe
  2⤵
  PID:9168
- C:\Windows\System\IYthmrG.exe
  C:\Windows\System\IYthmrG.exe
  2⤵
  PID:9188
- C:\Windows\System\pUDSvpI.exe
  C:\Windows\System\pUDSvpI.exe
  2⤵
  PID:8200
- C:\Windows\System\QhRgQmj.exe
  C:\Windows\System\QhRgQmj.exe
  2⤵
  PID:8264
- C:\Windows\System\ZYkoQTj.exe
  C:\Windows\System\ZYkoQTj.exe
  2⤵
  PID:8328
- C:\Windows\System\GWNODvo.exe
  C:\Windows\System\GWNODvo.exe
  2⤵
  PID:8344
- C:\Windows\System\bitOHYY.exe
  C:\Windows\System\bitOHYY.exe
  2⤵
  PID:8432
- C:\Windows\System\VAVpiOA.exe
  C:\Windows\System\VAVpiOA.exe
  2⤵
  PID:8440
- C:\Windows\System\epQJhSN.exe
  C:\Windows\System\epQJhSN.exe
  2⤵
  PID:8484
- C:\Windows\System\enZtLLO.exe
  C:\Windows\System\enZtLLO.exe
  2⤵
  PID:8508
- C:\Windows\System\YpAvcxs.exe
  C:\Windows\System\YpAvcxs.exe
  2⤵
  PID:8576
- C:\Windows\System\exDjMJp.exe
  C:\Windows\System\exDjMJp.exe
  2⤵
  PID:8616
- C:\Windows\System\XDZAQxU.exe
  C:\Windows\System\XDZAQxU.exe
  2⤵
  PID:8648
- C:\Windows\System\UBQSlFL.exe
  C:\Windows\System\UBQSlFL.exe
  2⤵
  PID:8660
- C:\Windows\System\orEifdB.exe
  C:\Windows\System\orEifdB.exe
  2⤵
  PID:8676
- C:\Windows\System\uBpndpc.exe
  C:\Windows\System\uBpndpc.exe
  2⤵
  PID:8680
- C:\Windows\System\RbUnrjA.exe
  C:\Windows\System\RbUnrjA.exe
  2⤵
  PID:8692
- C:\Windows\System\oMBrNNQ.exe
  C:\Windows\System\oMBrNNQ.exe
  2⤵
  PID:8768
- C:\Windows\System\hOaOFhe.exe
  C:\Windows\System\hOaOFhe.exe
  2⤵
  PID:8744
- C:\Windows\System\QAPvzlE.exe
  C:\Windows\System\QAPvzlE.exe
  2⤵
  PID:8828
- C:\Windows\System\EtpuUvQ.exe
  C:\Windows\System\EtpuUvQ.exe
  2⤵
  PID:8868
- C:\Windows\System\rxfAtrb.exe
  C:\Windows\System\rxfAtrb.exe
  2⤵
  PID:8948
- C:\Windows\System\YLsOAuu.exe
  C:\Windows\System\YLsOAuu.exe
  2⤵
  PID:8924
- C:\Windows\System\LvpzMez.exe
  C:\Windows\System\LvpzMez.exe
  2⤵
  PID:9024
- C:\Windows\System\OmnnWme.exe
  C:\Windows\System\OmnnWme.exe
  2⤵
  PID:9036
- C:\Windows\System\KWEyPWj.exe
  C:\Windows\System\KWEyPWj.exe
  2⤵
  PID:9080
- C:\Windows\System\OTazOCG.exe
  C:\Windows\System\OTazOCG.exe
  2⤵
  PID:9164
- C:\Windows\System\eWHKTqN.exe
  C:\Windows\System\eWHKTqN.exe
  2⤵
  PID:9160
- C:\Windows\System\urFvJdh.exe
  C:\Windows\System\urFvJdh.exe
  2⤵
  PID:8324
- C:\Windows\System\aOTkCVV.exe
  C:\Windows\System\aOTkCVV.exe
  2⤵
  PID:8276
- C:\Windows\System\wpNrFQI.exe
  C:\Windows\System\wpNrFQI.exe
  2⤵
  PID:8488
- C:\Windows\System\OPTEgIj.exe
  C:\Windows\System\OPTEgIj.exe
  2⤵
  PID:8504
- C:\Windows\System\YLoUPZJ.exe
  C:\Windows\System\YLoUPZJ.exe
  2⤵
  PID:8656
- C:\Windows\System\puoXOVz.exe
  C:\Windows\System\puoXOVz.exe
  2⤵
  PID:8668
- C:\Windows\System\cMWqGyS.exe
  C:\Windows\System\cMWqGyS.exe
  2⤵
  PID:8808
- C:\Windows\System\WYzjSQU.exe
  C:\Windows\System\WYzjSQU.exe
  2⤵
  PID:8884
- C:\Windows\System\TfRCHgi.exe
  C:\Windows\System\TfRCHgi.exe
  2⤵
  PID:8968
- C:\Windows\System\fIHjlPJ.exe
  C:\Windows\System\fIHjlPJ.exe
  2⤵
  PID:9040
- C:\Windows\System\CbXyQnK.exe
  C:\Windows\System\CbXyQnK.exe
  2⤵
  PID:9192
- C:\Windows\System\vMszKZG.exe
  C:\Windows\System\vMszKZG.exe
  2⤵
  PID:9056
- C:\Windows\System\pDqevda.exe
  C:\Windows\System\pDqevda.exe
  2⤵
  PID:8280
- C:\Windows\System\TWlvare.exe
  C:\Windows\System\TWlvare.exe
  2⤵
  PID:8400
- C:\Windows\System\qkGwlsJ.exe
  C:\Windows\System\qkGwlsJ.exe
  2⤵
  PID:8556
- C:\Windows\System\AmtCymb.exe
  C:\Windows\System\AmtCymb.exe
  2⤵
  PID:8632
- C:\Windows\System\dxeAFln.exe
  C:\Windows\System\dxeAFln.exe
  2⤵
  PID:8704
- C:\Windows\System\eNOBRaK.exe
  C:\Windows\System\eNOBRaK.exe
  2⤵
  PID:9172
- C:\Windows\System\wcRqwta.exe
  C:\Windows\System\wcRqwta.exe
  2⤵
  PID:8304
- C:\Windows\System\EOqUaND.exe
  C:\Windows\System\EOqUaND.exe
  2⤵
  PID:8436
- C:\Windows\System\AatChiC.exe
  C:\Windows\System\AatChiC.exe
  2⤵
  PID:8904
- C:\Windows\System\QPPPeDS.exe
  C:\Windows\System\QPPPeDS.exe
  2⤵
  PID:9124
- C:\Windows\System\RfEuBGF.exe
  C:\Windows\System\RfEuBGF.exe
  2⤵
  PID:8740
- C:\Windows\System\rQHbNiQ.exe
  C:\Windows\System\rQHbNiQ.exe
  2⤵
  PID:8608
- C:\Windows\System\SeFanpR.exe
  C:\Windows\System\SeFanpR.exe
  2⤵
  PID:8980
- C:\Windows\System\tDOoXsy.exe
  C:\Windows\System\tDOoXsy.exe
  2⤵
  PID:9232
- C:\Windows\System\lFhbWYU.exe
  C:\Windows\System\lFhbWYU.exe
  2⤵
  PID:9256
- C:\Windows\System\aLoNDPO.exe
  C:\Windows\System\aLoNDPO.exe
  2⤵
  PID:9276
- C:\Windows\System\WxPWqza.exe
  C:\Windows\System\WxPWqza.exe
  2⤵
  PID:9432
- C:\Windows\System\wvnoHQH.exe
  C:\Windows\System\wvnoHQH.exe
  2⤵
  PID:9448
- C:\Windows\System\xoQmeOj.exe
  C:\Windows\System\xoQmeOj.exe
  2⤵
  PID:9468
- C:\Windows\System\cgeTYft.exe
  C:\Windows\System\cgeTYft.exe
  2⤵
  PID:9484
- C:\Windows\System\fsglczD.exe
  C:\Windows\System\fsglczD.exe
  2⤵
  PID:9512
- C:\Windows\System\XpfCFfc.exe
  C:\Windows\System\XpfCFfc.exe
  2⤵
  PID:9532
- C:\Windows\System\rwmcBnj.exe
  C:\Windows\System\rwmcBnj.exe
  2⤵
  PID:9552
- C:\Windows\System\RLQbARH.exe
  C:\Windows\System\RLQbARH.exe
  2⤵
  PID:9568
- C:\Windows\System\YgruSOO.exe
  C:\Windows\System\YgruSOO.exe
  2⤵
  PID:9592
- C:\Windows\System\WqhFceN.exe
  C:\Windows\System\WqhFceN.exe
  2⤵
  PID:9612
- C:\Windows\System\gtvlOue.exe
  C:\Windows\System\gtvlOue.exe
  2⤵
  PID:9632
- C:\Windows\System\TJaaWNl.exe
  C:\Windows\System\TJaaWNl.exe
  2⤵
  PID:9648
- C:\Windows\System\KcyYbJt.exe
  C:\Windows\System\KcyYbJt.exe
  2⤵
  PID:9672
- C:\Windows\System\SdxdPxt.exe
  C:\Windows\System\SdxdPxt.exe
  2⤵
  PID:9688
- C:\Windows\System\IyfNWEw.exe
  C:\Windows\System\IyfNWEw.exe
  2⤵
  PID:9712
- C:\Windows\System\OpnpVyC.exe
  C:\Windows\System\OpnpVyC.exe
  2⤵
  PID:9728
- C:\Windows\System\LcteMav.exe
  C:\Windows\System\LcteMav.exe
  2⤵
  PID:9748
- C:\Windows\System\eCqIWld.exe
  C:\Windows\System\eCqIWld.exe
  2⤵
  PID:9768
- C:\Windows\System\gbGzLUR.exe
  C:\Windows\System\gbGzLUR.exe
  2⤵
  PID:9784
- C:\Windows\System\uDhaaQl.exe
  C:\Windows\System\uDhaaQl.exe
  2⤵
  PID:9804
- C:\Windows\System\NblFDCa.exe
  C:\Windows\System\NblFDCa.exe
  2⤵
  PID:9836
- C:\Windows\System\gyWntEQ.exe
  C:\Windows\System\gyWntEQ.exe
  2⤵
  PID:9852
- C:\Windows\System\CbHTrnq.exe
  C:\Windows\System\CbHTrnq.exe
  2⤵
  PID:9872
- C:\Windows\System\InoVcMw.exe
  C:\Windows\System\InoVcMw.exe
  2⤵
  PID:9892
- C:\Windows\System\nbMVfpQ.exe
  C:\Windows\System\nbMVfpQ.exe
  2⤵
  PID:9916
- C:\Windows\System\EPBhztS.exe
  C:\Windows\System\EPBhztS.exe
  2⤵
  PID:9936
- C:\Windows\System\TAfvqXM.exe
  C:\Windows\System\TAfvqXM.exe
  2⤵
  PID:9952
- C:\Windows\System\CjXprrq.exe
  C:\Windows\System\CjXprrq.exe
  2⤵
  PID:9972
- C:\Windows\System\skUDsBG.exe
  C:\Windows\System\skUDsBG.exe
  2⤵
  PID:9996
- C:\Windows\System\rqeGwne.exe
  C:\Windows\System\rqeGwne.exe
  2⤵
  PID:10012
- C:\Windows\System\rIfjUnh.exe
  C:\Windows\System\rIfjUnh.exe
  2⤵
  PID:10032
- C:\Windows\System\DDvEAFg.exe
  C:\Windows\System\DDvEAFg.exe
  2⤵
  PID:10056
- C:\Windows\System\sQedpRV.exe
  C:\Windows\System\sQedpRV.exe
  2⤵
  PID:10076
- C:\Windows\System\fARvxhE.exe
  C:\Windows\System\fARvxhE.exe
  2⤵
  PID:10092
- C:\Windows\System\hkpYbKy.exe
  C:\Windows\System\hkpYbKy.exe
  2⤵
  PID:10116
- C:\Windows\System\TMxmBKj.exe
  C:\Windows\System\TMxmBKj.exe
  2⤵
  PID:10132
- C:\Windows\System\YvraqHT.exe
  C:\Windows\System\YvraqHT.exe
  2⤵
  PID:10152
- C:\Windows\System\ObXARJa.exe
  C:\Windows\System\ObXARJa.exe
  2⤵
  PID:10176
- C:\Windows\System\LqHORXX.exe
  C:\Windows\System\LqHORXX.exe
  2⤵
  PID:10192
- C:\Windows\System\PpjvzrH.exe
  C:\Windows\System\PpjvzrH.exe
  2⤵
  PID:10212
- C:\Windows\System\bjbnWNm.exe
  C:\Windows\System\bjbnWNm.exe
  2⤵
  PID:10236
- C:\Windows\System\VsjWHFD.exe
  C:\Windows\System\VsjWHFD.exe
  2⤵
  PID:9220
- C:\Windows\System\xlPXUvL.exe
  C:\Windows\System\xlPXUvL.exe
  2⤵
  PID:9248
- C:\Windows\System\nknoHwJ.exe
  C:\Windows\System\nknoHwJ.exe
  2⤵
  PID:9284
- C:\Windows\System\XrjOGMh.exe
  C:\Windows\System\XrjOGMh.exe
  2⤵
  PID:9308
- C:\Windows\System\aMXmOLM.exe
  C:\Windows\System\aMXmOLM.exe
  2⤵
  PID:9332
- C:\Windows\System\FIozGIW.exe
  C:\Windows\System\FIozGIW.exe
  2⤵
  PID:9348
- C:\Windows\System\bYYaoBD.exe
  C:\Windows\System\bYYaoBD.exe
  2⤵
  PID:9368
- C:\Windows\System\UWxOedM.exe
  C:\Windows\System\UWxOedM.exe
  2⤵
  PID:9388
- C:\Windows\System\sLQkbwD.exe
  C:\Windows\System\sLQkbwD.exe
  2⤵
  PID:9412
- C:\Windows\System\RTAcJKD.exe
  C:\Windows\System\RTAcJKD.exe
  2⤵
  PID:9424
- C:\Windows\System\Eugmihc.exe
  C:\Windows\System\Eugmihc.exe
  2⤵
  PID:9440
- C:\Windows\System\AoYDPaY.exe
  C:\Windows\System\AoYDPaY.exe
  2⤵
  PID:9508
- C:\Windows\System\kpxsccm.exe
  C:\Windows\System\kpxsccm.exe
  2⤵
  PID:9528
- C:\Windows\System\CbFkSPm.exe
  C:\Windows\System\CbFkSPm.exe
  2⤵
  PID:9576
- C:\Windows\System\FGpCVug.exe
  C:\Windows\System\FGpCVug.exe
  2⤵
  PID:9584
- C:\Windows\System\zomkDAD.exe
  C:\Windows\System\zomkDAD.exe
  2⤵
  PID:9624
- C:\Windows\System\aaDQcxh.exe
  C:\Windows\System\aaDQcxh.exe
  2⤵
  PID:9428
- C:\Windows\System\dYQlFAv.exe
  C:\Windows\System\dYQlFAv.exe
  2⤵
  PID:9684
- C:\Windows\System\AHKdZtH.exe
  C:\Windows\System\AHKdZtH.exe
  2⤵
  PID:9724
- C:\Windows\System\JngfTRg.exe
  C:\Windows\System\JngfTRg.exe
  2⤵
  PID:9780
- C:\Windows\System\dVBOzPv.exe
  C:\Windows\System\dVBOzPv.exe
  2⤵
  PID:9828
- C:\Windows\System\anPXuzP.exe
  C:\Windows\System\anPXuzP.exe
  2⤵
  PID:9800
- C:\Windows\System\raIrFWt.exe
  C:\Windows\System\raIrFWt.exe
  2⤵
  PID:9848
- C:\Windows\System\azoijnl.exe
  C:\Windows\System\azoijnl.exe
  2⤵
  PID:9904
- C:\Windows\System\iwBKTqK.exe
  C:\Windows\System\iwBKTqK.exe
  2⤵
  PID:9928
- C:\Windows\System\PjLzHAN.exe
  C:\Windows\System\PjLzHAN.exe
  2⤵
  PID:9964
- C:\Windows\System\iRlowip.exe
  C:\Windows\System\iRlowip.exe
  2⤵
  PID:9992
- C:\Windows\System\CkYecFU.exe
  C:\Windows\System\CkYecFU.exe
  2⤵
  PID:10004
- C:\Windows\System\ZBobWjM.exe
  C:\Windows\System\ZBobWjM.exe
  2⤵
  PID:10068
- C:\Windows\System\nniXrJx.exe
  C:\Windows\System\nniXrJx.exe
  2⤵
  PID:10108
- C:\Windows\System\JmolpSn.exe
  C:\Windows\System\JmolpSn.exe
  2⤵
  PID:10140
- C:\Windows\System\YCQKvpB.exe
  C:\Windows\System\YCQKvpB.exe
  2⤵
  PID:10168
- C:\Windows\System\MAyaAvp.exe
  C:\Windows\System\MAyaAvp.exe
  2⤵
  PID:10200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AmdFLqF.exe

Filesize
6.0MB

MD5
09c60f2d9aac51aa31cd9aa4e9cbc05d

SHA1
d1176387ebf3bc3b580c682d1f6f633ae21d6a13

SHA256
d0c3c27052ee0bf8ccb3bb35a27f9bc7dbd0bc88bfecbab934f23399bbbef014

SHA512
602ad59af6187e1ac8b98d3f33adec252b8ea7e01ea71b638c15c14301855d68b4ac70dbbd05a3a06b93f869a89042be26b3d168458e87bae5082484fc8fd2f7

Download Submit
C:\Windows\system\BUXopnR.exe

Filesize
6.0MB

MD5
e4847abee8b2c3388e2edc7e756ab85c

SHA1
361cfef308f2328591e076d3d538b03a70cd6b4b

SHA256
4222452c1305572560338130109878d7621f2c09fb673608719fafb462ea32be

SHA512
f50e1cb609776b6869e5a4d4333c15eaf05283400c009124615a233fe5278740d28695ca0f6011238d6bd0e4541260a5ace10dc2920e716419533da18c4a4ee3

Download Submit
C:\Windows\system\CSSUudG.exe

Filesize
6.0MB

MD5
46cf773d7704a19559d089fa7d24748b

SHA1
03b438f514910d694a892c3f38ec16d57ce6628d

SHA256
3a019adbe137870c811596434adcbc5929d5640ec6e76bd560f7fdf62a31f8c6

SHA512
bc53f50da77ae03159fc2aa1cfe6eed7f8b8b7de54d362a6f7c6e200592a2e87c12a9dcdbadc78807c0afc332ffd28b0acbfc33bfd746d63db1b4c5f640246aa

Download Submit
C:\Windows\system\JaycknJ.exe

Filesize
6.0MB

MD5
53e2c595748787407478c68f0574d220

SHA1
504a490d6a227a1e55e023bfaf721a701fada046

SHA256
4c7d66f5aea8b277ae26742d6d7f2d9c53c816ee6d4a91241c68d5317da05d08

SHA512
54935754b2b2cd6aa3dc48bc30184c9d77822edecca80be51f2b03953232e81bbde7ab2829bdfb6c124cea55dcee2872158945adccb229a7b68045616cc1a986

Download Submit
C:\Windows\system\MDMijPG.exe

Filesize
6.0MB

MD5
1cc4098cdad3d9d8571e4908816e26cc

SHA1
b610ffd5f33e4df156f457d905c50b14c59e7532

SHA256
56dc832c38a4074eb20383733567a2c1a514b01f5149f055734e753c2a36eca8

SHA512
2dde7239103d6df86a63387ae31469002e0cd55eb12eeefec4ec3c7474c96620c86c7834044862065e7c6f026258854c0a719f90238bfed3930ea4de0ad502ab

Download Submit
C:\Windows\system\MqTrWsD.exe

Filesize
6.0MB

MD5
83ed407e834d1255ed2120015fc17c64

SHA1
197aaa9577cfc4a0858b0bfe427392f29395c8c5

SHA256
c927426693036c1416f1000c6ed525848a9ecdecac17d228d5f9359b2bcc2267

SHA512
3973762a1988a851cc55cdea1622cd6af2090552b95cdd821ac405dc2e5b47bf9106c46a8cdaf279993a7f166a78b191df62eecd3442616206f07d48f53e3b6c

Download Submit
C:\Windows\system\NAqmoVU.exe

Filesize
6.0MB

MD5
e50f5b25f6024e469ed44ff3041788b2

SHA1
59bb4f9229da2bc75297e0085db2d467ca07c7ac

SHA256
efa9cd9df76d4a18e6c1473dfc1ae3d99583c5dc18da8ca55cd927cb9362ef69

SHA512
8b1283fed83cd38ee54fb803c6f672fa1f60e3ac0b491e165cc645b04437050f6f0c2daf35897e2fc2ad2f4d7748c086dcec64eccc5574ac7ef1165634895e7e

Download Submit
C:\Windows\system\OOweNVs.exe

Filesize
6.0MB

MD5
fbde6b84e6ef646f1a37e57186c7a582

SHA1
7aad2ec9c248dee168b78b5f8a5e62642930234c

SHA256
c851a1728a4713ef5746e4fa936b5e763f3fdd4cec630d0ead446988294006f9

SHA512
7101a5dd1eedb638f94f4c44c00cdae68e49d58a44aa78f0bdffe8c91f2778027a6a2507b518204a17423361534cbb4fb2b103e07a6dbedd06b325bdeed4bf04

Download Submit
C:\Windows\system\OThVRub.exe

Filesize
6.0MB

MD5
a47eb250b70563892882c56057c796c2

SHA1
b9da74c1081e09d4779e6ceaf81fd1914d8ddeab

SHA256
8261678cadc2971c1c0514d329ee8cd0eb1b9fc112940247cdf6de4e72dd516b

SHA512
ee49e81393413a56d51b1858c7fd25e25cd6de3c4f80c313abdddf782e532ea73c147fefa61a6e2a9d90c1120988ce2aa06ab3a88efe0a23be7df1bdd5d30c40

Download Submit
C:\Windows\system\OqzpMWK.exe

Filesize
6.0MB

MD5
c76b0229209e85fa21cc18c5245f7e33

SHA1
59348fc46a00d3e1387e3109ea0380bf0eb0ccdc

SHA256
2e1898295d4defe0c3ffb1f093603c2ff41417e6cbdc7301d374c831484f3b53

SHA512
4d901a066906a5ad82b6534d63ef9618a5d14e8b6d5698e228bb227ae55e504fc3b90558d4978a13bae536da600a36ad821fe16dc513a6dfb4c116a081c3f8a7

Download Submit
C:\Windows\system\PZUBugT.exe

Filesize
6.0MB

MD5
b97af2c45e10a678cc9f83c7372261ed

SHA1
f747edb504235bfc88845b2af2a75dcf83d3b00d

SHA256
032d0d950ca114cb7995fccc68badd23f809b76fba69dc01d14a1f9002abf14c

SHA512
f6bbcfa1ef182ec7a9ac7a39f8db4cbe6674b9cdfef494cea16631e21688bab1b84918e276674c8c5c5aa82e8970850df86a3b55bd7e7b35a753923e4059aaec

Download Submit
C:\Windows\system\RxEXnKi.exe

Filesize
6.0MB

MD5
628b4f25ade2c6bde55acf4c69dfa391

SHA1
8da08f3dbc8861a9986d42baf87d1eb17c354c8c

SHA256
c3bd97580e1262004f8e945949bb1dfc2e9b2258c1a2e1c6bfe3909debfb0801

SHA512
d1841e61e4ba9f688a081e3443c00fbb083dc6034be781b0279973a79000be39ca62d1f75f08977265f70bd2888f8b8f8ada11b8dedf33f0c45cb951a3dac6b6

Download Submit
C:\Windows\system\SCZwOyt.exe

Filesize
6.0MB

MD5
667c2a32242df0fcddca146b3e9d4dd7

SHA1
00cb956b97dbc2469659b8fb760a28135ca3e494

SHA256
c855573959eb1ea1cfaeabf90c15797d5012e790cc5210af43bed990b9845c7c

SHA512
a440fd9589e1e8fad0beee3c0a805efd9f46635f2e0dbf70ea4abcf0a8f0eadbc0de059b189158bb2ff8a9f82a010304e98b3e147424145045719d0de4ff3e03

Download Submit
C:\Windows\system\VagMAhT.exe

Filesize
6.0MB

MD5
3845c401f2f9167855439d2d85f7667b

SHA1
8b21bfeae5ddce3a50575b41a5bd3b5fc11d9563

SHA256
6194f17765ab83490e4d7c155db81039f89d4da2ebf2765e73b33e620715e162

SHA512
b9369b4d7fd4aa0a38b5083481a97596d2efe312ad59749379b85e9fda36697044f98e182a72b033d420d090d9f3163131e0590b982cc193daebeed6098d1a90

Download Submit
C:\Windows\system\YhXCjsk.exe

Filesize
6.0MB

MD5
4a54eba49b0e765711f9fd8ef73f4075

SHA1
c58f1baea99b0f822abf262fa20385dbb1a2928a

SHA256
97e2fc6ae935b7de6ce89bb10be0e7caea3ad3a0990b27ff4b797d88e28a3504

SHA512
99678f0d39dbf8a6b65f00a0cfd3de3506044b775970b640587ced90a006ef4d51cfea09ace02cd5bf80c21368a644857f9847c93e5a1094ff14f61b4d401843

Download Submit
C:\Windows\system\aptIMhl.exe

Filesize
6.0MB

MD5
6fc21ea966277c23f2e7044b818f82b8

SHA1
fda98a56e011491a9874191d19cd425507184721

SHA256
7bf13ea8de78a27f6e13be79f9f0e84717871eab2a59e772bf0103c487d76f25

SHA512
169f4178fe68634b2dd79a435b66509d5d96ac040aec70c1c965d46df055fec6a7b9001500e8824c8e6ad84c0e0f2ea814291794018f9f016d2e4380f4ca9264

Download Submit
C:\Windows\system\fFChwyi.exe

Filesize
6.0MB

MD5
b0d8df5d9802ddca4525544cdd223894

SHA1
5639285dd76d9bde48736b00f475bcb5be80d4c7

SHA256
0af957e1d6ad8527717c25904dcd33749c522b17a1fbd34958c1e811865bc525

SHA512
1aeb01e855ed8ce1a57356f41ad82734d6b383e093c4754022290fe3b5a8e4da396b47ede074ee066e7190ff627013082824ca1faddfeacdd4b91c6d4daf5915

Download Submit
C:\Windows\system\jQPJkoP.exe

Filesize
6.0MB

MD5
828c7d69c56b27796ccfc1bad2de4f9b

SHA1
ac5bc6501c6691d04929a36c56468aed39900d30

SHA256
75508e06b064723eb23de12c6b228affe68a9612931d3c9be7c55da2e386d4d9

SHA512
4a313788020217133a1cbd497f5f00d2899bba594091f96bbd8cb90236b095c454e636e0f31376aa6b3c0052465c3c775243729d64e2eefe4a19c9ba56ebdd38

Download Submit
C:\Windows\system\pEClkSR.exe

Filesize
6.0MB

MD5
662b9e58ad88b796860b68c3d2479d1a

SHA1
adde79cedc75cbed56c89dfd57901f813c36a7e2

SHA256
f98e714685163a9b279a019ae374634c790d41efc5b9dc6a23d8dc3aa2e4d880

SHA512
537c3831c297b5a0520544329e501d0163a3b5aea23add3fcacb7a4b049789ed03f5544a3ed2788b7c514f4890eb0216cf99ae242174a83157f8429cea1c8a4b

Download Submit
C:\Windows\system\qQPdVxr.exe

Filesize
6.0MB

MD5
09fbd976c4bc6775e59061ecbe076d4d

SHA1
e8c07791892187beae1922a9ef92ee985341442e

SHA256
1a7a25d7265bb2c7607246c89d7a29f2b0a12ef7983427c450a09c882cda2803

SHA512
5d74a2388ed4e18aacec76c53f21296d23b102a1eef5b054810dace2536a4de1a1b7fb27f796d10c6e3fe969a163aec19adb4e5e2eae4d22e8f786d74e87d3b2

Download Submit
C:\Windows\system\rBoTQBc.exe

Filesize
6.0MB

MD5
be8f1643a33a19281f010f6df6ca83e5

SHA1
ed580ee26792907f0334bd22c8e5c1d2279508ef

SHA256
e97564342c8de3f0686434ebe598aea379c788f5ad39137c44fe2d0aa945b180

SHA512
1c4fec146b260b592ba0407204a319e73d60835968e0c09f7eea036f4909de99ec2dfb7ee98f5048feeb7652ef2d84965add7840366d67d439e97c404fd89415

Download Submit
C:\Windows\system\rgSEOVA.exe

Filesize
6.0MB

MD5
009e3a2f8a57fdca48debbabd18798ea

SHA1
660e5d3b688983053083d6ed7cbc6ee4e00a104b

SHA256
4007788347697a5f5461f8f319cb2f08b7a536f5057e68b44a8db4e7b20bc49e

SHA512
cfb77f8f69b845abc32f954088d977dcfae33daacc69467fa36448a1b585bddfcf559b38bfaaa3adc0cb25a9d6f2d522c1f3d85cf18882dcc1c35bda0c7603f9

Download Submit
C:\Windows\system\udGcYHS.exe

Filesize
6.0MB

MD5
e8feec5fa5ba5c83feaa801d804c525f

SHA1
c30ed5194944d5424a944771e5903c35a557ea92

SHA256
fb3223b9f49ea6e322ebfed98e206362ff872580500094ab23b7aac71492be0a

SHA512
572c14dd62dbbfb99640d3a75db63129101252cd4cec27d784b42c5b9744e639695ed082a278afdcd35f9dda9db6319ddb05495422d655440d7641dc5fed63c5

Download Submit
\Windows\system\FZiXhxu.exe

Filesize
6.0MB

MD5
383448bd7bfb9ddb0e49d962ab8d26ad

SHA1
a4d0a27b7e28aaf9f7628c3cca21abf30d6b7306

SHA256
a35a8a2cb8e459486764ef3058b98515fc6eb42ca61e53c0a8c973aaf65d4456

SHA512
a2f6487ef9fd29a474fc49b4068f1c1401fdb7998158d1bd8d4b1ca399200a37de825e711646372889ce202041c1f203fce6c4502b2ff50a99a1dff4dc8e7bde

Download Submit
\Windows\system\MSFnUCt.exe

Filesize
6.0MB

MD5
7f85de955a8073f3db3a1d007beb145b

SHA1
c45a277aa87cea57d7c2e851977669a3c84b0b8a

SHA256
c7d3428afd6e238c0d4234a4f51bb309ef95fa383281b56e826d4dec4cff829f

SHA512
d4e3450f5ef93e1b2ca3168fde17f26063251381a2b14bb74d60aa6d79389bd7b1df8e7a88d189eff0fccdeb4484ce523ea4bcc815349c3dd77f1f475820af88

Download Submit
\Windows\system\SZxotGw.exe

Filesize
6.0MB

MD5
24554d1b1aad3c0733297a4f04535274

SHA1
e806915e222ca2c912600d9507278a480297264b

SHA256
1d2fd5685a491877a5d39e8ec86aca05b6dc37afc3b6110b795b9959c55cb133

SHA512
55fe4fb377e8cb12cef962353a47c26b38ca16bbe655cdec11b9b141ae519b78890dfe5246b0634eb6e22d919be6fa15d327528fbb1fd643f8a564bc81d2f4ae

Download Submit
\Windows\system\UaweKek.exe

Filesize
6.0MB

MD5
bd8f3ab80bc54270aa953bae8e2ecae5

SHA1
2ba120c4e31b52306d3fc43611037a41afd829d4

SHA256
6077d578fbe789586ee3717da4d2c83af1abda88cefba727c11997b16e3233eb

SHA512
a2449fcc710e83385ee5b722bd282a6fb3326561eebd98c31474e0de0d975e8746b025e8e467f66a399112a70b7dafd335b83e44bb86741cb30c1e775c381141

Download Submit
\Windows\system\aeRjUMt.exe

Filesize
6.0MB

MD5
acca3d704cbd6d82222aff473af7354f

SHA1
5e3f7da39a3b4e4f5567cfcdf2f16decc6f4615d

SHA256
97cc78479612f7effb238a3f5f20ce44029cd955e4e8b5367be18eb350de8c3e

SHA512
3221435ec56fe4946628033dc2cf4c8359c46878fac61d0b29d4697c7824d35e369ef8667c62f79bc52750118f3e6b63fb6feb07c8832a50d0a26751557d5c7a

Download Submit
\Windows\system\mJxZlCo.exe

Filesize
6.0MB

MD5
35d483ae54de0193c5b22df1b2fdb2ab

SHA1
85277ab1bed98566ec16e7c7b4abe6d21375a8c6

SHA256
a3ab51863259b16eff78e7a65113376f176ed88f9a758b705ac3bbd3799c5a01

SHA512
aa00a98e0854ba479811d11a85c474fbcc8b8faedb06ef48a416d3cdae25dbd7c4218b8932d48d611c768ade23fc50a9729c0c6855525313cda5a6f74bd41c94

Download Submit
\Windows\system\misTXze.exe

Filesize
6.0MB

MD5
7473577f920880653e10204d7b01b00d

SHA1
dffe49ae3cd9a167679b1a4a2661062c4950dd00

SHA256
0e75150f834f939528ead0ff7838c38c5ce7e2b37e992520a9bf57f1a6ebfb39

SHA512
4370e6b4eb07beaf84423c685da920f5c7f01275216c92610b5d16b1d365305b819084358c9b4cb790983d6d3c0b3541797f9d579afec3eb42c2770450ed7479

Download Submit
\Windows\system\veRcSPO.exe

Filesize
6.0MB

MD5
1c5d13ace4fe292808c9cdcaa176ad5a

SHA1
ec721e12c1e932093e441fd7554428f0bbd7c6ea

SHA256
70c82cb28b40164e14388f651d9a3e82165fefb90c182ba6ed9dc6e76ce323eb

SHA512
ef02606609c6b4782af03704e020c44c8280d5a5dcfc501f4da61628cb57b49863ec6406a1769f13270f5f163058e6ba9287967fb828d0c41e0bd653145b8c87

Download Submit
\Windows\system\vvRFBGO.exe

Filesize
6.0MB

MD5
a7a12809fa48c00e547e80e3b656fa44

SHA1
24cb3bed1184a6cd1b7f68a2bbd4457ad501239e

SHA256
01f8e4c71de09cf3c70da59d96feadbcd3925c6ef2dba81d99384af3def44516

SHA512
e962fa576bbac14b4c31dd0e9357de85ecc89db8c1dd8656746d12d57e116e979f928bd72338d8a15e8dc711e3252ca57f673d826baab1c34d4d147b4bbfe7ac

Download Submit
memory/1072-50-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1072-84-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1072-614-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1260-243-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1260-696-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1260-101-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1572-686-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1572-176-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1572-94-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1728-677-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/1728-148-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/1728-78-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/1736-21-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1736-578-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1920-63-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1920-648-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1920-100-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-57-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-93-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-622-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-672-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2196-126-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2196-70-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2636-28-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2636-579-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2708-69-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-36-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-582-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-77-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2828-41-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2828-581-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2852-89-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2852-27-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2852-106-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-105-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2852-155-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-20-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2852-66-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2852-34-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-0-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2852-90-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-32-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-38-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2852-53-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-74-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2852-292-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-137-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/3000-149-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-682-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-85-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-49-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/3064-577-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/3064-14-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/3068-583-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-8-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-35-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download