cobaltstrike | ffa37346141d3751cf7d49eb7a6d5a1095f3f8708373b47f6fadc43adc397522

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 12:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

c3fb1400035de96043b0175ecc72e641
SHA1

dad8841c1f5a9f66d5f895e054d2a39d59f59e32
SHA256

ffa37346141d3751cf7d49eb7a6d5a1095f3f8708373b47f6fadc43adc397522
SHA512

99ddc3ac6a9c0866db8dccb200b618076bc756c75920f4ddc6d6561752e01f27bbb1ef1d8ae0ee8a879f63dd4fa35002edbdd3dd1f081f00c9fc1c79e1d1b6d9
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUb:T+q56utgpPF8u/7b

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0005000000010300-3.dat	cobalt_reflective_dll
behavioral1/files/0x0015000000017403-8.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001746a-10.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174a6-23.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001757f-29.dat	cobalt_reflective_dll
behavioral1/files/0x0016000000018676-41.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018696-46.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000187a2-61.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d7-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019640-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953e-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019513-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-178.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019485-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947d-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019479-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-86.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019278-71.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018697-57.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2100-0-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000010300-3.dat	xmrig
behavioral1/memory/1624-7-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/files/0x0015000000017403-8.dat	xmrig
behavioral1/memory/3036-14-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x000800000001746a-10.dat	xmrig
behavioral1/memory/2548-20-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2100-17-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x00080000000174a6-23.dat	xmrig
behavioral1/memory/2632-28-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x000700000001757f-29.dat	xmrig
behavioral1/memory/2064-36-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2100-30-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2532-43-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x0016000000018676-41.dat	xmrig
behavioral1/memory/1624-38-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/3036-44-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x0006000000018696-46.dat	xmrig
behavioral1/memory/2540-52-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2100-50-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2548-47-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x00070000000187a2-61.dat	xmrig
behavioral1/memory/976-66-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2064-65-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/3012-59-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x0005000000019319-78.dat	xmrig
behavioral1/memory/2884-79-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2520-73-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x0005000000019377-95.dat	xmrig
behavioral1/files/0x00050000000193a4-106.dat	xmrig
behavioral1/files/0x0005000000019446-128.dat	xmrig
behavioral1/files/0x0005000000019450-133.dat	xmrig
behavioral1/files/0x00050000000194d7-168.dat	xmrig
behavioral1/memory/1916-546-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/992-1054-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2100-453-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2884-364-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2520-206-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x0005000000019640-194.dat	xmrig
behavioral1/files/0x000500000001953e-188.dat	xmrig
behavioral1/files/0x0005000000019513-183.dat	xmrig
behavioral1/files/0x000500000001950e-178.dat	xmrig
behavioral1/files/0x00050000000194df-173.dat	xmrig
behavioral1/files/0x0005000000019485-163.dat	xmrig
behavioral1/files/0x000500000001947d-158.dat	xmrig
behavioral1/files/0x0005000000019479-153.dat	xmrig
behavioral1/files/0x000500000001946a-148.dat	xmrig
behavioral1/files/0x0005000000019465-143.dat	xmrig
behavioral1/files/0x000500000001945b-138.dat	xmrig
behavioral1/files/0x0005000000019433-123.dat	xmrig
behavioral1/files/0x00050000000193c1-118.dat	xmrig
behavioral1/files/0x00050000000193b3-113.dat	xmrig
behavioral1/memory/584-103-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/976-102-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x0005000000019387-101.dat	xmrig
behavioral1/memory/992-96-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/1916-88-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2540-87-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x0005000000019365-86.dat	xmrig
behavioral1/memory/2100-84-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2100-83-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2532-72-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x0006000000019278-71.dat	xmrig
behavioral1/memory/2632-58-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1624	FCAgNRh.exe
3036	iRRMQIx.exe
2548	MmTEszB.exe
2632	unpUnti.exe
2064	QNqswLG.exe
2532	bmVSxxe.exe
2540	ApcsCzE.exe
3012	tIlRHzW.exe
976	nODirxm.exe
2520	DqGZYgX.exe
2884	rScFHQh.exe
1916	doJwFAY.exe
992	zMKqpoL.exe
584	DIFWQjV.exe
1616	CZDGMoc.exe
1888	cmokOqi.exe
792	SeEPoHs.exe
1912	nzyxLJN.exe
1032	irCJjRN.exe
1652	vsEpTeX.exe
2832	FBDNXdE.exe
1868	dSYidcX.exe
2828	FASFfCH.exe
2992	cNxjmRQ.exe
2160	thUwlMk.exe
2300	gJvsmOR.exe
2044	MenaQxu.exe
2756	gkpRQEF.exe
1084	IdwBvcx.exe
1596	gZmFfVP.exe
2144	XyzDPgY.exe
2268	yyMZHFB.exe
2988	JkAkMRO.exe
3060	yUZBNju.exe
1524	jAmLhSO.exe
768	XmzozOi.exe
484	SZbAeHH.exe
604	ysicpOy.exe
856	BcjYnok.exe
1628	RrYhWEB.exe
316	VWhGygw.exe
1088	wYFbGNs.exe
1960	lcKAAcX.exe
288	mTWCUYT.exe
1000	bLAiduP.exe
2928	PejWYYL.exe
2840	kQDUzOp.exe
1668	sdQMqOz.exe
2020	kThKOba.exe
1752	TZXEUEm.exe
2376	AKzfdVY.exe
2600	KYZWrUl.exe
1584	ZaEEBeg.exe
2796	NrhEPYN.exe
2560	BEDSzsx.exe
3008	fUVXpzI.exe
2860	HpfjyAW.exe
2940	SHpkGHF.exe
2524	DwNGfOH.exe
2436	lCirBob.exe
2660	GzbZPCa.exe
2636	myXPWUn.exe
2444	qFMgRWG.exe
2720	gSUjGKK.exe

Loads dropped DLL 64 IoCs

pid	Process
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2100-0-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x0005000000010300-3.dat	upx
behavioral1/memory/1624-7-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x0015000000017403-8.dat	upx
behavioral1/memory/3036-14-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x000800000001746a-10.dat	upx
behavioral1/memory/2548-20-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x00080000000174a6-23.dat	upx
behavioral1/memory/2632-28-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x000700000001757f-29.dat	upx
behavioral1/memory/2064-36-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2100-30-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2532-43-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x0016000000018676-41.dat	upx
behavioral1/memory/1624-38-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/3036-44-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x0006000000018696-46.dat	upx
behavioral1/memory/2540-52-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2548-47-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x00070000000187a2-61.dat	upx
behavioral1/memory/976-66-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2064-65-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/3012-59-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x0005000000019319-78.dat	upx
behavioral1/memory/2884-79-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2520-73-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x0005000000019377-95.dat	upx
behavioral1/files/0x00050000000193a4-106.dat	upx
behavioral1/files/0x0005000000019446-128.dat	upx
behavioral1/files/0x0005000000019450-133.dat	upx
behavioral1/files/0x00050000000194d7-168.dat	upx
behavioral1/memory/1916-546-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/992-1054-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2884-364-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2520-206-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x0005000000019640-194.dat	upx
behavioral1/files/0x000500000001953e-188.dat	upx
behavioral1/files/0x0005000000019513-183.dat	upx
behavioral1/files/0x000500000001950e-178.dat	upx
behavioral1/files/0x00050000000194df-173.dat	upx
behavioral1/files/0x0005000000019485-163.dat	upx
behavioral1/files/0x000500000001947d-158.dat	upx
behavioral1/files/0x0005000000019479-153.dat	upx
behavioral1/files/0x000500000001946a-148.dat	upx
behavioral1/files/0x0005000000019465-143.dat	upx
behavioral1/files/0x000500000001945b-138.dat	upx
behavioral1/files/0x0005000000019433-123.dat	upx
behavioral1/files/0x00050000000193c1-118.dat	upx
behavioral1/files/0x00050000000193b3-113.dat	upx
behavioral1/memory/584-103-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/976-102-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x0005000000019387-101.dat	upx
behavioral1/memory/992-96-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/1916-88-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2540-87-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x0005000000019365-86.dat	upx
behavioral1/memory/2532-72-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x0006000000019278-71.dat	upx
behavioral1/memory/2632-58-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x0008000000018697-57.dat	upx
behavioral1/memory/584-1107-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/3036-3028-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/1624-3026-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2632-3113-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kBUUVaN.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GfhGwWx.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lZOmWMr.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KtNIGGC.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AceQCSI.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vvYdMXz.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tuHgnMy.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mBCNbzA.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sJicGvP.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vFRnIbt.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IiPcHKz.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxoCJky.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RtAXHjL.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FhhBzyS.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bNGkium.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZpoUpGi.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KDrBNYc.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hKSpcCC.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\inbRnBj.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GALNHOJ.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wtPSjXy.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GprSWav.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CUabQSI.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fbHNPWG.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\umzdpJD.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gPqFSAs.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vswTmrv.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mTWCUYT.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VdzyfqR.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NylWqtr.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JRWBsJE.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qhKnxXj.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDmYjvd.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkkDpRe.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zMKqpoL.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZodfAcc.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PoTznNc.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ndZRdjs.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BwwJcLs.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zFpqPKi.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCNDmqV.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFMgRWG.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BWxIXAS.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nWHeLqp.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oyhOQNl.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PJaCQFa.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyycJlw.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bIBorLg.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eovlfpz.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NEvaRwK.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cMbopfr.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LiFokbo.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jDXeaxM.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nfPYQvG.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYrXbIv.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MWFzaPE.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FvysLju.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KWejmVj.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\frxbMhX.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dOnpfcL.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GyBgWdm.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tzKgdpA.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNHGTSG.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gVGDLfd.exe	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 1624	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2100 wrote to memory of 1624	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2100 wrote to memory of 1624	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2100 wrote to memory of 3036	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2100 wrote to memory of 3036	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2100 wrote to memory of 3036	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2100 wrote to memory of 2548	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2100 wrote to memory of 2548	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2100 wrote to memory of 2548	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2100 wrote to memory of 2632	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2100 wrote to memory of 2632	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2100 wrote to memory of 2632	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2100 wrote to memory of 2064	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2100 wrote to memory of 2064	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2100 wrote to memory of 2064	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2100 wrote to memory of 2532	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2100 wrote to memory of 2532	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2100 wrote to memory of 2532	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2100 wrote to memory of 2540	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2100 wrote to memory of 2540	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2100 wrote to memory of 2540	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2100 wrote to memory of 3012	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2100 wrote to memory of 3012	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2100 wrote to memory of 3012	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2100 wrote to memory of 976	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2100 wrote to memory of 976	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2100 wrote to memory of 976	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2100 wrote to memory of 2520	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2100 wrote to memory of 2520	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2100 wrote to memory of 2520	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2100 wrote to memory of 2884	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2100 wrote to memory of 2884	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2100 wrote to memory of 2884	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2100 wrote to memory of 1916	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2100 wrote to memory of 1916	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2100 wrote to memory of 1916	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2100 wrote to memory of 992	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2100 wrote to memory of 992	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2100 wrote to memory of 992	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2100 wrote to memory of 584	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2100 wrote to memory of 584	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2100 wrote to memory of 584	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2100 wrote to memory of 1616	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2100 wrote to memory of 1616	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2100 wrote to memory of 1616	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2100 wrote to memory of 1888	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2100 wrote to memory of 1888	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2100 wrote to memory of 1888	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2100 wrote to memory of 792	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2100 wrote to memory of 792	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2100 wrote to memory of 792	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2100 wrote to memory of 1912	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2100 wrote to memory of 1912	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2100 wrote to memory of 1912	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2100 wrote to memory of 1032	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2100 wrote to memory of 1032	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2100 wrote to memory of 1032	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2100 wrote to memory of 1652	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2100 wrote to memory of 1652	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2100 wrote to memory of 1652	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2100 wrote to memory of 2832	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2100 wrote to memory of 2832	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2100 wrote to memory of 2832	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2100 wrote to memory of 1868	2100	2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_c3fb1400035de96043b0175ecc72e641_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\System\FCAgNRh.exe
  C:\Windows\System\FCAgNRh.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\iRRMQIx.exe
  C:\Windows\System\iRRMQIx.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\MmTEszB.exe
  C:\Windows\System\MmTEszB.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\unpUnti.exe
  C:\Windows\System\unpUnti.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\QNqswLG.exe
  C:\Windows\System\QNqswLG.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\bmVSxxe.exe
  C:\Windows\System\bmVSxxe.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\ApcsCzE.exe
  C:\Windows\System\ApcsCzE.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\tIlRHzW.exe
  C:\Windows\System\tIlRHzW.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\nODirxm.exe
  C:\Windows\System\nODirxm.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\DqGZYgX.exe
  C:\Windows\System\DqGZYgX.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\rScFHQh.exe
  C:\Windows\System\rScFHQh.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\doJwFAY.exe
  C:\Windows\System\doJwFAY.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\zMKqpoL.exe
  C:\Windows\System\zMKqpoL.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\DIFWQjV.exe
  C:\Windows\System\DIFWQjV.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\CZDGMoc.exe
  C:\Windows\System\CZDGMoc.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\cmokOqi.exe
  C:\Windows\System\cmokOqi.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\SeEPoHs.exe
  C:\Windows\System\SeEPoHs.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\nzyxLJN.exe
  C:\Windows\System\nzyxLJN.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\irCJjRN.exe
  C:\Windows\System\irCJjRN.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\vsEpTeX.exe
  C:\Windows\System\vsEpTeX.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\FBDNXdE.exe
  C:\Windows\System\FBDNXdE.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\dSYidcX.exe
  C:\Windows\System\dSYidcX.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\FASFfCH.exe
  C:\Windows\System\FASFfCH.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\cNxjmRQ.exe
  C:\Windows\System\cNxjmRQ.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\thUwlMk.exe
  C:\Windows\System\thUwlMk.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\gJvsmOR.exe
  C:\Windows\System\gJvsmOR.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\MenaQxu.exe
  C:\Windows\System\MenaQxu.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\gkpRQEF.exe
  C:\Windows\System\gkpRQEF.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\IdwBvcx.exe
  C:\Windows\System\IdwBvcx.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\gZmFfVP.exe
  C:\Windows\System\gZmFfVP.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\XyzDPgY.exe
  C:\Windows\System\XyzDPgY.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\yyMZHFB.exe
  C:\Windows\System\yyMZHFB.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\JkAkMRO.exe
  C:\Windows\System\JkAkMRO.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\yUZBNju.exe
  C:\Windows\System\yUZBNju.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\jAmLhSO.exe
  C:\Windows\System\jAmLhSO.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\XmzozOi.exe
  C:\Windows\System\XmzozOi.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\SZbAeHH.exe
  C:\Windows\System\SZbAeHH.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\ysicpOy.exe
  C:\Windows\System\ysicpOy.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\BcjYnok.exe
  C:\Windows\System\BcjYnok.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\RrYhWEB.exe
  C:\Windows\System\RrYhWEB.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\VWhGygw.exe
  C:\Windows\System\VWhGygw.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\wYFbGNs.exe
  C:\Windows\System\wYFbGNs.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\lcKAAcX.exe
  C:\Windows\System\lcKAAcX.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\mTWCUYT.exe
  C:\Windows\System\mTWCUYT.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\bLAiduP.exe
  C:\Windows\System\bLAiduP.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\PejWYYL.exe
  C:\Windows\System\PejWYYL.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\kQDUzOp.exe
  C:\Windows\System\kQDUzOp.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\sdQMqOz.exe
  C:\Windows\System\sdQMqOz.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\kThKOba.exe
  C:\Windows\System\kThKOba.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\TZXEUEm.exe
  C:\Windows\System\TZXEUEm.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\AKzfdVY.exe
  C:\Windows\System\AKzfdVY.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\KYZWrUl.exe
  C:\Windows\System\KYZWrUl.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\ZaEEBeg.exe
  C:\Windows\System\ZaEEBeg.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\NrhEPYN.exe
  C:\Windows\System\NrhEPYN.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\BEDSzsx.exe
  C:\Windows\System\BEDSzsx.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\fUVXpzI.exe
  C:\Windows\System\fUVXpzI.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\HpfjyAW.exe
  C:\Windows\System\HpfjyAW.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\SHpkGHF.exe
  C:\Windows\System\SHpkGHF.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\DwNGfOH.exe
  C:\Windows\System\DwNGfOH.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\lCirBob.exe
  C:\Windows\System\lCirBob.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\GzbZPCa.exe
  C:\Windows\System\GzbZPCa.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\myXPWUn.exe
  C:\Windows\System\myXPWUn.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\qFMgRWG.exe
  C:\Windows\System\qFMgRWG.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\gSUjGKK.exe
  C:\Windows\System\gSUjGKK.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\xNQHWul.exe
  C:\Windows\System\xNQHWul.exe
  2⤵
  PID:2916
- C:\Windows\System\pYlNHDs.exe
  C:\Windows\System\pYlNHDs.exe
  2⤵
  PID:2876
- C:\Windows\System\NHELLyt.exe
  C:\Windows\System\NHELLyt.exe
  2⤵
  PID:2956
- C:\Windows\System\oCRYeAw.exe
  C:\Windows\System\oCRYeAw.exe
  2⤵
  PID:1104
- C:\Windows\System\VslzDPI.exe
  C:\Windows\System\VslzDPI.exe
  2⤵
  PID:1880
- C:\Windows\System\ciqKfCW.exe
  C:\Windows\System\ciqKfCW.exe
  2⤵
  PID:1920
- C:\Windows\System\KxayVQa.exe
  C:\Windows\System\KxayVQa.exe
  2⤵
  PID:2164
- C:\Windows\System\awQegQo.exe
  C:\Windows\System\awQegQo.exe
  2⤵
  PID:1028
- C:\Windows\System\LQFRZVD.exe
  C:\Windows\System\LQFRZVD.exe
  2⤵
  PID:2256
- C:\Windows\System\ccwZBLA.exe
  C:\Windows\System\ccwZBLA.exe
  2⤵
  PID:2836
- C:\Windows\System\tUrNNMt.exe
  C:\Windows\System\tUrNNMt.exe
  2⤵
  PID:2108
- C:\Windows\System\rcKHtcz.exe
  C:\Windows\System\rcKHtcz.exe
  2⤵
  PID:2040
- C:\Windows\System\NfypqkM.exe
  C:\Windows\System\NfypqkM.exe
  2⤵
  PID:1336
- C:\Windows\System\fNHGTSG.exe
  C:\Windows\System\fNHGTSG.exe
  2⤵
  PID:2304
- C:\Windows\System\PhtPLKD.exe
  C:\Windows\System\PhtPLKD.exe
  2⤵
  PID:932
- C:\Windows\System\gdSgsPb.exe
  C:\Windows\System\gdSgsPb.exe
  2⤵
  PID:1532
- C:\Windows\System\ndRWUFU.exe
  C:\Windows\System\ndRWUFU.exe
  2⤵
  PID:1152
- C:\Windows\System\PLJkbuS.exe
  C:\Windows\System\PLJkbuS.exe
  2⤵
  PID:1308
- C:\Windows\System\sQhjPXt.exe
  C:\Windows\System\sQhjPXt.exe
  2⤵
  PID:828
- C:\Windows\System\AmDYQpj.exe
  C:\Windows\System\AmDYQpj.exe
  2⤵
  PID:2948
- C:\Windows\System\hMtfYVn.exe
  C:\Windows\System\hMtfYVn.exe
  2⤵
  PID:1884
- C:\Windows\System\OXRTTCc.exe
  C:\Windows\System\OXRTTCc.exe
  2⤵
  PID:2024
- C:\Windows\System\SWiUTBy.exe
  C:\Windows\System\SWiUTBy.exe
  2⤵
  PID:2028
- C:\Windows\System\UDzwtZF.exe
  C:\Windows\System\UDzwtZF.exe
  2⤵
  PID:2412
- C:\Windows\System\vhNEsWK.exe
  C:\Windows\System\vhNEsWK.exe
  2⤵
  PID:3028
- C:\Windows\System\CNBejvp.exe
  C:\Windows\System\CNBejvp.exe
  2⤵
  PID:872
- C:\Windows\System\iPaPZUy.exe
  C:\Windows\System\iPaPZUy.exe
  2⤵
  PID:1528
- C:\Windows\System\kBUUVaN.exe
  C:\Windows\System\kBUUVaN.exe
  2⤵
  PID:1580
- C:\Windows\System\htrQiyx.exe
  C:\Windows\System\htrQiyx.exe
  2⤵
  PID:2964
- C:\Windows\System\exezLzh.exe
  C:\Windows\System\exezLzh.exe
  2⤵
  PID:1560
- C:\Windows\System\RQOkGQS.exe
  C:\Windows\System\RQOkGQS.exe
  2⤵
  PID:2932
- C:\Windows\System\gBlAtTL.exe
  C:\Windows\System\gBlAtTL.exe
  2⤵
  PID:2420
- C:\Windows\System\lOMxWHT.exe
  C:\Windows\System\lOMxWHT.exe
  2⤵
  PID:1228
- C:\Windows\System\jAnalwA.exe
  C:\Windows\System\jAnalwA.exe
  2⤵
  PID:2492
- C:\Windows\System\ZWVGzfh.exe
  C:\Windows\System\ZWVGzfh.exe
  2⤵
  PID:2628
- C:\Windows\System\dJLHXDZ.exe
  C:\Windows\System\dJLHXDZ.exe
  2⤵
  PID:660
- C:\Windows\System\ODeRBaG.exe
  C:\Windows\System\ODeRBaG.exe
  2⤵
  PID:1440
- C:\Windows\System\OffnpAB.exe
  C:\Windows\System\OffnpAB.exe
  2⤵
  PID:560
- C:\Windows\System\qtQWtby.exe
  C:\Windows\System\qtQWtby.exe
  2⤵
  PID:1644
- C:\Windows\System\vkdVpQy.exe
  C:\Windows\System\vkdVpQy.exe
  2⤵
  PID:2780
- C:\Windows\System\fyKFLvR.exe
  C:\Windows\System\fyKFLvR.exe
  2⤵
  PID:2088
- C:\Windows\System\ENWVbTF.exe
  C:\Windows\System\ENWVbTF.exe
  2⤵
  PID:3016
- C:\Windows\System\OVAMGIE.exe
  C:\Windows\System\OVAMGIE.exe
  2⤵
  PID:2736
- C:\Windows\System\mUStoPd.exe
  C:\Windows\System\mUStoPd.exe
  2⤵
  PID:1780
- C:\Windows\System\xPaHwfr.exe
  C:\Windows\System\xPaHwfr.exe
  2⤵
  PID:1384
- C:\Windows\System\hSwuGGI.exe
  C:\Windows\System\hSwuGGI.exe
  2⤵
  PID:2340
- C:\Windows\System\AtlPnJd.exe
  C:\Windows\System\AtlPnJd.exe
  2⤵
  PID:1968
- C:\Windows\System\XnhIoPs.exe
  C:\Windows\System\XnhIoPs.exe
  2⤵
  PID:2800
- C:\Windows\System\RuDPPtG.exe
  C:\Windows\System\RuDPPtG.exe
  2⤵
  PID:2128
- C:\Windows\System\nCtpWra.exe
  C:\Windows\System\nCtpWra.exe
  2⤵
  PID:3024
- C:\Windows\System\ToIITRe.exe
  C:\Windows\System\ToIITRe.exe
  2⤵
  PID:2352
- C:\Windows\System\MxoCJky.exe
  C:\Windows\System\MxoCJky.exe
  2⤵
  PID:3000
- C:\Windows\System\AceQCSI.exe
  C:\Windows\System\AceQCSI.exe
  2⤵
  PID:2792
- C:\Windows\System\SoUnnDD.exe
  C:\Windows\System\SoUnnDD.exe
  2⤵
  PID:2572
- C:\Windows\System\IMJlmiI.exe
  C:\Windows\System\IMJlmiI.exe
  2⤵
  PID:2424
- C:\Windows\System\EaRECIz.exe
  C:\Windows\System\EaRECIz.exe
  2⤵
  PID:2908
- C:\Windows\System\bfmwwdk.exe
  C:\Windows\System\bfmwwdk.exe
  2⤵
  PID:1936
- C:\Windows\System\DCHsbMJ.exe
  C:\Windows\System\DCHsbMJ.exe
  2⤵
  PID:1008
- C:\Windows\System\IDUVgVn.exe
  C:\Windows\System\IDUVgVn.exe
  2⤵
  PID:448
- C:\Windows\System\XRMqJin.exe
  C:\Windows\System\XRMqJin.exe
  2⤵
  PID:2688
- C:\Windows\System\sZMEYRc.exe
  C:\Windows\System\sZMEYRc.exe
  2⤵
  PID:536
- C:\Windows\System\ZDFwNpF.exe
  C:\Windows\System\ZDFwNpF.exe
  2⤵
  PID:2472
- C:\Windows\System\DvUPdul.exe
  C:\Windows\System\DvUPdul.exe
  2⤵
  PID:2032
- C:\Windows\System\tUQgJLo.exe
  C:\Windows\System\tUQgJLo.exe
  2⤵
  PID:1736
- C:\Windows\System\dHRyJcL.exe
  C:\Windows\System\dHRyJcL.exe
  2⤵
  PID:2192
- C:\Windows\System\LQEGtRR.exe
  C:\Windows\System\LQEGtRR.exe
  2⤵
  PID:1688
- C:\Windows\System\LuNUbom.exe
  C:\Windows\System\LuNUbom.exe
  2⤵
  PID:1196
- C:\Windows\System\WkppvlN.exe
  C:\Windows\System\WkppvlN.exe
  2⤵
  PID:2056
- C:\Windows\System\xdIRbeX.exe
  C:\Windows\System\xdIRbeX.exe
  2⤵
  PID:2624
- C:\Windows\System\dFHvAVe.exe
  C:\Windows\System\dFHvAVe.exe
  2⤵
  PID:1260
- C:\Windows\System\BsxtDCM.exe
  C:\Windows\System\BsxtDCM.exe
  2⤵
  PID:2712
- C:\Windows\System\MyGpySz.exe
  C:\Windows\System\MyGpySz.exe
  2⤵
  PID:2752
- C:\Windows\System\guFqxaT.exe
  C:\Windows\System\guFqxaT.exe
  2⤵
  PID:3092
- C:\Windows\System\vUQZipJ.exe
  C:\Windows\System\vUQZipJ.exe
  2⤵
  PID:3112
- C:\Windows\System\EEIPvIC.exe
  C:\Windows\System\EEIPvIC.exe
  2⤵
  PID:3132
- C:\Windows\System\ZThSgWB.exe
  C:\Windows\System\ZThSgWB.exe
  2⤵
  PID:3152
- C:\Windows\System\IzJOHnC.exe
  C:\Windows\System\IzJOHnC.exe
  2⤵
  PID:3172
- C:\Windows\System\LzKKpnS.exe
  C:\Windows\System\LzKKpnS.exe
  2⤵
  PID:3192
- C:\Windows\System\gOoosOQ.exe
  C:\Windows\System\gOoosOQ.exe
  2⤵
  PID:3212
- C:\Windows\System\RuoNuwg.exe
  C:\Windows\System\RuoNuwg.exe
  2⤵
  PID:3232
- C:\Windows\System\IFPdzgW.exe
  C:\Windows\System\IFPdzgW.exe
  2⤵
  PID:3252
- C:\Windows\System\YEQBkKt.exe
  C:\Windows\System\YEQBkKt.exe
  2⤵
  PID:3272
- C:\Windows\System\QSHTjmC.exe
  C:\Windows\System\QSHTjmC.exe
  2⤵
  PID:3292
- C:\Windows\System\hnqGXFC.exe
  C:\Windows\System\hnqGXFC.exe
  2⤵
  PID:3312
- C:\Windows\System\vBbktZb.exe
  C:\Windows\System\vBbktZb.exe
  2⤵
  PID:3336
- C:\Windows\System\UjskjmX.exe
  C:\Windows\System\UjskjmX.exe
  2⤵
  PID:3356
- C:\Windows\System\GfzzpJN.exe
  C:\Windows\System\GfzzpJN.exe
  2⤵
  PID:3372
- C:\Windows\System\mqJcIAO.exe
  C:\Windows\System\mqJcIAO.exe
  2⤵
  PID:3396
- C:\Windows\System\qIWlxSX.exe
  C:\Windows\System\qIWlxSX.exe
  2⤵
  PID:3416
- C:\Windows\System\SPvTbIy.exe
  C:\Windows\System\SPvTbIy.exe
  2⤵
  PID:3436
- C:\Windows\System\mthHmPi.exe
  C:\Windows\System\mthHmPi.exe
  2⤵
  PID:3456
- C:\Windows\System\IiAEcSk.exe
  C:\Windows\System\IiAEcSk.exe
  2⤵
  PID:3476
- C:\Windows\System\gvmepPq.exe
  C:\Windows\System\gvmepPq.exe
  2⤵
  PID:3496
- C:\Windows\System\MlEgFuW.exe
  C:\Windows\System\MlEgFuW.exe
  2⤵
  PID:3516
- C:\Windows\System\ixGtSZL.exe
  C:\Windows\System\ixGtSZL.exe
  2⤵
  PID:3544
- C:\Windows\System\IDFaMgu.exe
  C:\Windows\System\IDFaMgu.exe
  2⤵
  PID:3564
- C:\Windows\System\BZCLydf.exe
  C:\Windows\System\BZCLydf.exe
  2⤵
  PID:3584
- C:\Windows\System\ChPZGgD.exe
  C:\Windows\System\ChPZGgD.exe
  2⤵
  PID:3604
- C:\Windows\System\AiDuFnI.exe
  C:\Windows\System\AiDuFnI.exe
  2⤵
  PID:3624
- C:\Windows\System\kjbKycM.exe
  C:\Windows\System\kjbKycM.exe
  2⤵
  PID:3644
- C:\Windows\System\NWBbZld.exe
  C:\Windows\System\NWBbZld.exe
  2⤵
  PID:3664
- C:\Windows\System\niVuvHy.exe
  C:\Windows\System\niVuvHy.exe
  2⤵
  PID:3684
- C:\Windows\System\aOpJeoc.exe
  C:\Windows\System\aOpJeoc.exe
  2⤵
  PID:3700
- C:\Windows\System\mnkUxrQ.exe
  C:\Windows\System\mnkUxrQ.exe
  2⤵
  PID:3724
- C:\Windows\System\hWYCzzE.exe
  C:\Windows\System\hWYCzzE.exe
  2⤵
  PID:3744
- C:\Windows\System\ybumMtf.exe
  C:\Windows\System\ybumMtf.exe
  2⤵
  PID:3764
- C:\Windows\System\MXVEsYR.exe
  C:\Windows\System\MXVEsYR.exe
  2⤵
  PID:3784
- C:\Windows\System\TFDYZkT.exe
  C:\Windows\System\TFDYZkT.exe
  2⤵
  PID:3804
- C:\Windows\System\xsHovYg.exe
  C:\Windows\System\xsHovYg.exe
  2⤵
  PID:3824
- C:\Windows\System\vVtbTCo.exe
  C:\Windows\System\vVtbTCo.exe
  2⤵
  PID:3844
- C:\Windows\System\dpxfBNE.exe
  C:\Windows\System\dpxfBNE.exe
  2⤵
  PID:3864
- C:\Windows\System\kmaXNLP.exe
  C:\Windows\System\kmaXNLP.exe
  2⤵
  PID:3884
- C:\Windows\System\qRiVzqa.exe
  C:\Windows\System\qRiVzqa.exe
  2⤵
  PID:3904
- C:\Windows\System\hgNyINk.exe
  C:\Windows\System\hgNyINk.exe
  2⤵
  PID:3924
- C:\Windows\System\lDQMVqK.exe
  C:\Windows\System\lDQMVqK.exe
  2⤵
  PID:3948
- C:\Windows\System\FWAcVNq.exe
  C:\Windows\System\FWAcVNq.exe
  2⤵
  PID:3968
- C:\Windows\System\BEoiCCh.exe
  C:\Windows\System\BEoiCCh.exe
  2⤵
  PID:3988
- C:\Windows\System\EIrSAsA.exe
  C:\Windows\System\EIrSAsA.exe
  2⤵
  PID:4008
- C:\Windows\System\yHdFzuC.exe
  C:\Windows\System\yHdFzuC.exe
  2⤵
  PID:4028
- C:\Windows\System\HmIsMNX.exe
  C:\Windows\System\HmIsMNX.exe
  2⤵
  PID:4048
- C:\Windows\System\ngSZoTM.exe
  C:\Windows\System\ngSZoTM.exe
  2⤵
  PID:4068
- C:\Windows\System\uTgGPhO.exe
  C:\Windows\System\uTgGPhO.exe
  2⤵
  PID:4088
- C:\Windows\System\jQOuCjc.exe
  C:\Windows\System\jQOuCjc.exe
  2⤵
  PID:2512
- C:\Windows\System\tkvPHJx.exe
  C:\Windows\System\tkvPHJx.exe
  2⤵
  PID:2212
- C:\Windows\System\ETdRlQP.exe
  C:\Windows\System\ETdRlQP.exe
  2⤵
  PID:2656
- C:\Windows\System\qtZbWTO.exe
  C:\Windows\System\qtZbWTO.exe
  2⤵
  PID:776
- C:\Windows\System\tItbqcQ.exe
  C:\Windows\System\tItbqcQ.exe
  2⤵
  PID:2312
- C:\Windows\System\hwsizNM.exe
  C:\Windows\System\hwsizNM.exe
  2⤵
  PID:1768
- C:\Windows\System\RSruGTJ.exe
  C:\Windows\System\RSruGTJ.exe
  2⤵
  PID:3104
- C:\Windows\System\vGShIXj.exe
  C:\Windows\System\vGShIXj.exe
  2⤵
  PID:3148
- C:\Windows\System\EiwgEfP.exe
  C:\Windows\System\EiwgEfP.exe
  2⤵
  PID:3180
- C:\Windows\System\lOeKnYh.exe
  C:\Windows\System\lOeKnYh.exe
  2⤵
  PID:3200
- C:\Windows\System\inbRnBj.exe
  C:\Windows\System\inbRnBj.exe
  2⤵
  PID:3204
- C:\Windows\System\usCMvFd.exe
  C:\Windows\System\usCMvFd.exe
  2⤵
  PID:3244
- C:\Windows\System\nnkISCd.exe
  C:\Windows\System\nnkISCd.exe
  2⤵
  PID:3300
- C:\Windows\System\dtzzzXc.exe
  C:\Windows\System\dtzzzXc.exe
  2⤵
  PID:3320
- C:\Windows\System\AfZWoZO.exe
  C:\Windows\System\AfZWoZO.exe
  2⤵
  PID:3348
- C:\Windows\System\lJcfMuw.exe
  C:\Windows\System\lJcfMuw.exe
  2⤵
  PID:3364
- C:\Windows\System\WxRnGPx.exe
  C:\Windows\System\WxRnGPx.exe
  2⤵
  PID:3404
- C:\Windows\System\zyoRAWy.exe
  C:\Windows\System\zyoRAWy.exe
  2⤵
  PID:3464
- C:\Windows\System\xtzSQKK.exe
  C:\Windows\System\xtzSQKK.exe
  2⤵
  PID:3484
- C:\Windows\System\TUuIRuS.exe
  C:\Windows\System\TUuIRuS.exe
  2⤵
  PID:3512
- C:\Windows\System\cCIOfnJ.exe
  C:\Windows\System\cCIOfnJ.exe
  2⤵
  PID:3560
- C:\Windows\System\pcAWPAD.exe
  C:\Windows\System\pcAWPAD.exe
  2⤵
  PID:3600
- C:\Windows\System\eovlfpz.exe
  C:\Windows\System\eovlfpz.exe
  2⤵
  PID:3612
- C:\Windows\System\PDWAEKN.exe
  C:\Windows\System\PDWAEKN.exe
  2⤵
  PID:3640
- C:\Windows\System\eqRGfIE.exe
  C:\Windows\System\eqRGfIE.exe
  2⤵
  PID:3680
- C:\Windows\System\DUPicvH.exe
  C:\Windows\System\DUPicvH.exe
  2⤵
  PID:3720
- C:\Windows\System\TYIASpM.exe
  C:\Windows\System\TYIASpM.exe
  2⤵
  PID:3760
- C:\Windows\System\WTspCAq.exe
  C:\Windows\System\WTspCAq.exe
  2⤵
  PID:3792
- C:\Windows\System\jERbtDb.exe
  C:\Windows\System\jERbtDb.exe
  2⤵
  PID:3812
- C:\Windows\System\WbObonh.exe
  C:\Windows\System\WbObonh.exe
  2⤵
  PID:3836
- C:\Windows\System\MMFLUkX.exe
  C:\Windows\System\MMFLUkX.exe
  2⤵
  PID:3860
- C:\Windows\System\wjTDLxU.exe
  C:\Windows\System\wjTDLxU.exe
  2⤵
  PID:3896
- C:\Windows\System\UBSdfpo.exe
  C:\Windows\System\UBSdfpo.exe
  2⤵
  PID:3936
- C:\Windows\System\MjGJVYi.exe
  C:\Windows\System\MjGJVYi.exe
  2⤵
  PID:2484
- C:\Windows\System\ViAGAUD.exe
  C:\Windows\System\ViAGAUD.exe
  2⤵
  PID:4000
- C:\Windows\System\Wcybprn.exe
  C:\Windows\System\Wcybprn.exe
  2⤵
  PID:4024
- C:\Windows\System\wOgbxzk.exe
  C:\Windows\System\wOgbxzk.exe
  2⤵
  PID:4060
- C:\Windows\System\LdYKDFm.exe
  C:\Windows\System\LdYKDFm.exe
  2⤵
  PID:380
- C:\Windows\System\pqtBYuu.exe
  C:\Windows\System\pqtBYuu.exe
  2⤵
  PID:2708
- C:\Windows\System\bnvgGsX.exe
  C:\Windows\System\bnvgGsX.exe
  2⤵
  PID:2116
- C:\Windows\System\afoKjXA.exe
  C:\Windows\System\afoKjXA.exe
  2⤵
  PID:2372
- C:\Windows\System\qVRxvLR.exe
  C:\Windows\System\qVRxvLR.exe
  2⤵
  PID:3140
- C:\Windows\System\tPeptoK.exe
  C:\Windows\System\tPeptoK.exe
  2⤵
  PID:3188
- C:\Windows\System\IpMOLcW.exe
  C:\Windows\System\IpMOLcW.exe
  2⤵
  PID:3248
- C:\Windows\System\rDTMcTA.exe
  C:\Windows\System\rDTMcTA.exe
  2⤵
  PID:3304
- C:\Windows\System\EzLZMKf.exe
  C:\Windows\System\EzLZMKf.exe
  2⤵
  PID:3284
- C:\Windows\System\YNzrMVT.exe
  C:\Windows\System\YNzrMVT.exe
  2⤵
  PID:3384
- C:\Windows\System\TASpFyy.exe
  C:\Windows\System\TASpFyy.exe
  2⤵
  PID:3424
- C:\Windows\System\ZzGSjDs.exe
  C:\Windows\System\ZzGSjDs.exe
  2⤵
  PID:3492
- C:\Windows\System\vdFclCn.exe
  C:\Windows\System\vdFclCn.exe
  2⤵
  PID:3488
- C:\Windows\System\cXbfuRO.exe
  C:\Windows\System\cXbfuRO.exe
  2⤵
  PID:3552
- C:\Windows\System\FEwxWDX.exe
  C:\Windows\System\FEwxWDX.exe
  2⤵
  PID:3536
- C:\Windows\System\SRmTxkO.exe
  C:\Windows\System\SRmTxkO.exe
  2⤵
  PID:3656
- C:\Windows\System\yzyNfni.exe
  C:\Windows\System\yzyNfni.exe
  2⤵
  PID:3736
- C:\Windows\System\fEKLwvN.exe
  C:\Windows\System\fEKLwvN.exe
  2⤵
  PID:1676
- C:\Windows\System\CwUFTmi.exe
  C:\Windows\System\CwUFTmi.exe
  2⤵
  PID:3816
- C:\Windows\System\cHCWkFS.exe
  C:\Windows\System\cHCWkFS.exe
  2⤵
  PID:3892
- C:\Windows\System\rjVlrHG.exe
  C:\Windows\System\rjVlrHG.exe
  2⤵
  PID:3916
- C:\Windows\System\kZIXTmj.exe
  C:\Windows\System\kZIXTmj.exe
  2⤵
  PID:3960
- C:\Windows\System\WksWQWU.exe
  C:\Windows\System\WksWQWU.exe
  2⤵
  PID:3984
- C:\Windows\System\tNOeiDX.exe
  C:\Windows\System\tNOeiDX.exe
  2⤵
  PID:4080
- C:\Windows\System\UIHZBGU.exe
  C:\Windows\System\UIHZBGU.exe
  2⤵
  PID:2148
- C:\Windows\System\gekHaco.exe
  C:\Windows\System\gekHaco.exe
  2⤵
  PID:2664
- C:\Windows\System\DGsvbhZ.exe
  C:\Windows\System\DGsvbhZ.exe
  2⤵
  PID:1388
- C:\Windows\System\RjSyjxy.exe
  C:\Windows\System\RjSyjxy.exe
  2⤵
  PID:3184
- C:\Windows\System\QvvUfxD.exe
  C:\Windows\System\QvvUfxD.exe
  2⤵
  PID:2536
- C:\Windows\System\mgARKXr.exe
  C:\Windows\System\mgARKXr.exe
  2⤵
  PID:3224
- C:\Windows\System\KCWhFrq.exe
  C:\Windows\System\KCWhFrq.exe
  2⤵
  PID:3352
- C:\Windows\System\XpLnezu.exe
  C:\Windows\System\XpLnezu.exe
  2⤵
  PID:3452
- C:\Windows\System\KGOwqeV.exe
  C:\Windows\System\KGOwqeV.exe
  2⤵
  PID:1160
- C:\Windows\System\FjjfNZG.exe
  C:\Windows\System\FjjfNZG.exe
  2⤵
  PID:3592
- C:\Windows\System\plTSexK.exe
  C:\Windows\System\plTSexK.exe
  2⤵
  PID:3672
- C:\Windows\System\ngDXwgC.exe
  C:\Windows\System\ngDXwgC.exe
  2⤵
  PID:3776
- C:\Windows\System\okpQVUg.exe
  C:\Windows\System\okpQVUg.exe
  2⤵
  PID:3772
- C:\Windows\System\afokDbB.exe
  C:\Windows\System\afokDbB.exe
  2⤵
  PID:988
- C:\Windows\System\bKGKFXb.exe
  C:\Windows\System\bKGKFXb.exe
  2⤵
  PID:3876
- C:\Windows\System\qupjEPx.exe
  C:\Windows\System\qupjEPx.exe
  2⤵
  PID:3996
- C:\Windows\System\wvjspHh.exe
  C:\Windows\System\wvjspHh.exe
  2⤵
  PID:2784
- C:\Windows\System\NYznUyo.exe
  C:\Windows\System\NYznUyo.exe
  2⤵
  PID:3084
- C:\Windows\System\oELsNQb.exe
  C:\Windows\System\oELsNQb.exe
  2⤵
  PID:3124
- C:\Windows\System\ygYjoiE.exe
  C:\Windows\System\ygYjoiE.exe
  2⤵
  PID:3128
- C:\Windows\System\CcERzrj.exe
  C:\Windows\System\CcERzrj.exe
  2⤵
  PID:2700
- C:\Windows\System\lJFImJr.exe
  C:\Windows\System\lJFImJr.exe
  2⤵
  PID:3432
- C:\Windows\System\fVPSymM.exe
  C:\Windows\System\fVPSymM.exe
  2⤵
  PID:3632
- C:\Windows\System\BCtkIWI.exe
  C:\Windows\System\BCtkIWI.exe
  2⤵
  PID:3696
- C:\Windows\System\TITVRIL.exe
  C:\Windows\System\TITVRIL.exe
  2⤵
  PID:1512
- C:\Windows\System\nyneWYg.exe
  C:\Windows\System\nyneWYg.exe
  2⤵
  PID:3900
- C:\Windows\System\xEzHlBa.exe
  C:\Windows\System\xEzHlBa.exe
  2⤵
  PID:4056
- C:\Windows\System\SPZnHic.exe
  C:\Windows\System\SPZnHic.exe
  2⤵
  PID:3100
- C:\Windows\System\Ugpunao.exe
  C:\Windows\System\Ugpunao.exe
  2⤵
  PID:1600
- C:\Windows\System\BEIHrYH.exe
  C:\Windows\System\BEIHrYH.exe
  2⤵
  PID:3208
- C:\Windows\System\AKpnLrA.exe
  C:\Windows\System\AKpnLrA.exe
  2⤵
  PID:3756
- C:\Windows\System\MEkkPDo.exe
  C:\Windows\System\MEkkPDo.exe
  2⤵
  PID:4112
- C:\Windows\System\UKiEcud.exe
  C:\Windows\System\UKiEcud.exe
  2⤵
  PID:4132
- C:\Windows\System\DSNmJPu.exe
  C:\Windows\System\DSNmJPu.exe
  2⤵
  PID:4152
- C:\Windows\System\wcHKPNj.exe
  C:\Windows\System\wcHKPNj.exe
  2⤵
  PID:4172
- C:\Windows\System\dunaVHm.exe
  C:\Windows\System\dunaVHm.exe
  2⤵
  PID:4192
- C:\Windows\System\ojBvBoD.exe
  C:\Windows\System\ojBvBoD.exe
  2⤵
  PID:4212
- C:\Windows\System\srhVPBK.exe
  C:\Windows\System\srhVPBK.exe
  2⤵
  PID:4232
- C:\Windows\System\EqReLKG.exe
  C:\Windows\System\EqReLKG.exe
  2⤵
  PID:4252
- C:\Windows\System\yviiuUz.exe
  C:\Windows\System\yviiuUz.exe
  2⤵
  PID:4272
- C:\Windows\System\jmitqqD.exe
  C:\Windows\System\jmitqqD.exe
  2⤵
  PID:4292
- C:\Windows\System\ZodfAcc.exe
  C:\Windows\System\ZodfAcc.exe
  2⤵
  PID:4312
- C:\Windows\System\KoypfPF.exe
  C:\Windows\System\KoypfPF.exe
  2⤵
  PID:4332
- C:\Windows\System\COAotDe.exe
  C:\Windows\System\COAotDe.exe
  2⤵
  PID:4352
- C:\Windows\System\tndJGEm.exe
  C:\Windows\System\tndJGEm.exe
  2⤵
  PID:4376
- C:\Windows\System\oybxlGM.exe
  C:\Windows\System\oybxlGM.exe
  2⤵
  PID:4396
- C:\Windows\System\VIYOVni.exe
  C:\Windows\System\VIYOVni.exe
  2⤵
  PID:4416
- C:\Windows\System\IbPoRzk.exe
  C:\Windows\System\IbPoRzk.exe
  2⤵
  PID:4436
- C:\Windows\System\IlZBUwn.exe
  C:\Windows\System\IlZBUwn.exe
  2⤵
  PID:4456
- C:\Windows\System\OsUUwkh.exe
  C:\Windows\System\OsUUwkh.exe
  2⤵
  PID:4476
- C:\Windows\System\RtAXHjL.exe
  C:\Windows\System\RtAXHjL.exe
  2⤵
  PID:4496
- C:\Windows\System\YFtCJak.exe
  C:\Windows\System\YFtCJak.exe
  2⤵
  PID:4516
- C:\Windows\System\PCbdbWr.exe
  C:\Windows\System\PCbdbWr.exe
  2⤵
  PID:4536
- C:\Windows\System\tTRtOCx.exe
  C:\Windows\System\tTRtOCx.exe
  2⤵
  PID:4556
- C:\Windows\System\XLcHKTp.exe
  C:\Windows\System\XLcHKTp.exe
  2⤵
  PID:4576
- C:\Windows\System\LAfDojD.exe
  C:\Windows\System\LAfDojD.exe
  2⤵
  PID:4596
- C:\Windows\System\LGBChnz.exe
  C:\Windows\System\LGBChnz.exe
  2⤵
  PID:4616
- C:\Windows\System\pfHuUvP.exe
  C:\Windows\System\pfHuUvP.exe
  2⤵
  PID:4636
- C:\Windows\System\kWXCOwm.exe
  C:\Windows\System\kWXCOwm.exe
  2⤵
  PID:4656
- C:\Windows\System\JJobahM.exe
  C:\Windows\System\JJobahM.exe
  2⤵
  PID:4676
- C:\Windows\System\cIHwsEc.exe
  C:\Windows\System\cIHwsEc.exe
  2⤵
  PID:4696
- C:\Windows\System\BgcrJpi.exe
  C:\Windows\System\BgcrJpi.exe
  2⤵
  PID:4716
- C:\Windows\System\gbBeyWc.exe
  C:\Windows\System\gbBeyWc.exe
  2⤵
  PID:4736
- C:\Windows\System\PoTznNc.exe
  C:\Windows\System\PoTznNc.exe
  2⤵
  PID:4756
- C:\Windows\System\jzECfue.exe
  C:\Windows\System\jzECfue.exe
  2⤵
  PID:4776
- C:\Windows\System\gSqOWCO.exe
  C:\Windows\System\gSqOWCO.exe
  2⤵
  PID:4796
- C:\Windows\System\KeIvEZE.exe
  C:\Windows\System\KeIvEZE.exe
  2⤵
  PID:4816
- C:\Windows\System\snvsJrt.exe
  C:\Windows\System\snvsJrt.exe
  2⤵
  PID:4836
- C:\Windows\System\OxYmaMP.exe
  C:\Windows\System\OxYmaMP.exe
  2⤵
  PID:4856
- C:\Windows\System\mFDzgRR.exe
  C:\Windows\System\mFDzgRR.exe
  2⤵
  PID:4876
- C:\Windows\System\WmEtzMV.exe
  C:\Windows\System\WmEtzMV.exe
  2⤵
  PID:4900
- C:\Windows\System\xtakcsX.exe
  C:\Windows\System\xtakcsX.exe
  2⤵
  PID:4932
- C:\Windows\System\RFAsdOC.exe
  C:\Windows\System\RFAsdOC.exe
  2⤵
  PID:4952
- C:\Windows\System\pdzgurV.exe
  C:\Windows\System\pdzgurV.exe
  2⤵
  PID:4968
- C:\Windows\System\pCjHdqG.exe
  C:\Windows\System\pCjHdqG.exe
  2⤵
  PID:4992
- C:\Windows\System\wQgdgmX.exe
  C:\Windows\System\wQgdgmX.exe
  2⤵
  PID:5008
- C:\Windows\System\yNhulBu.exe
  C:\Windows\System\yNhulBu.exe
  2⤵
  PID:5028
- C:\Windows\System\nUsxfFj.exe
  C:\Windows\System\nUsxfFj.exe
  2⤵
  PID:5044
- C:\Windows\System\cRPdMLo.exe
  C:\Windows\System\cRPdMLo.exe
  2⤵
  PID:5060
- C:\Windows\System\MYbLUSI.exe
  C:\Windows\System\MYbLUSI.exe
  2⤵
  PID:5076
- C:\Windows\System\RFDHKQQ.exe
  C:\Windows\System\RFDHKQQ.exe
  2⤵
  PID:5092
- C:\Windows\System\VsmVLwS.exe
  C:\Windows\System\VsmVLwS.exe
  2⤵
  PID:5112
- C:\Windows\System\OYZLDFA.exe
  C:\Windows\System\OYZLDFA.exe
  2⤵
  PID:3716
- C:\Windows\System\MpzdrBl.exe
  C:\Windows\System\MpzdrBl.exe
  2⤵
  PID:1664
- C:\Windows\System\Emmmota.exe
  C:\Windows\System\Emmmota.exe
  2⤵
  PID:2808
- C:\Windows\System\LGRFfjQ.exe
  C:\Windows\System\LGRFfjQ.exe
  2⤵
  PID:4076
- C:\Windows\System\ANRwGQS.exe
  C:\Windows\System\ANRwGQS.exe
  2⤵
  PID:3412
- C:\Windows\System\Cxogfvv.exe
  C:\Windows\System\Cxogfvv.exe
  2⤵
  PID:2904
- C:\Windows\System\rievnos.exe
  C:\Windows\System\rievnos.exe
  2⤵
  PID:4104
- C:\Windows\System\ENZfvQr.exe
  C:\Windows\System\ENZfvQr.exe
  2⤵
  PID:4160
- C:\Windows\System\JOkAuht.exe
  C:\Windows\System\JOkAuht.exe
  2⤵
  PID:4228
- C:\Windows\System\xKAbcXo.exe
  C:\Windows\System\xKAbcXo.exe
  2⤵
  PID:4268
- C:\Windows\System\ONMXlfc.exe
  C:\Windows\System\ONMXlfc.exe
  2⤵
  PID:4324
- C:\Windows\System\BCjYcPD.exe
  C:\Windows\System\BCjYcPD.exe
  2⤵
  PID:4368
- C:\Windows\System\OBPeKYV.exe
  C:\Windows\System\OBPeKYV.exe
  2⤵
  PID:4408
- C:\Windows\System\ossazFf.exe
  C:\Windows\System\ossazFf.exe
  2⤵
  PID:4444
- C:\Windows\System\BWxIXAS.exe
  C:\Windows\System\BWxIXAS.exe
  2⤵
  PID:4464
- C:\Windows\System\hBnNcgQ.exe
  C:\Windows\System\hBnNcgQ.exe
  2⤵
  PID:4468
- C:\Windows\System\azyGYVr.exe
  C:\Windows\System\azyGYVr.exe
  2⤵
  PID:4512
- C:\Windows\System\LtySvhq.exe
  C:\Windows\System\LtySvhq.exe
  2⤵
  PID:4572
- C:\Windows\System\NjlhulH.exe
  C:\Windows\System\NjlhulH.exe
  2⤵
  PID:4584
- C:\Windows\System\xuOrbpu.exe
  C:\Windows\System\xuOrbpu.exe
  2⤵
  PID:4592
- C:\Windows\System\TJOqcSl.exe
  C:\Windows\System\TJOqcSl.exe
  2⤵
  PID:4632
- C:\Windows\System\knWJsKK.exe
  C:\Windows\System\knWJsKK.exe
  2⤵
  PID:4664
- C:\Windows\System\tsIaJmO.exe
  C:\Windows\System\tsIaJmO.exe
  2⤵
  PID:4704
- C:\Windows\System\aRWPWMK.exe
  C:\Windows\System\aRWPWMK.exe
  2⤵
  PID:4708
- C:\Windows\System\PxAQQWz.exe
  C:\Windows\System\PxAQQWz.exe
  2⤵
  PID:4748
- C:\Windows\System\gGnxYCx.exe
  C:\Windows\System\gGnxYCx.exe
  2⤵
  PID:4792
- C:\Windows\System\UENGrDC.exe
  C:\Windows\System\UENGrDC.exe
  2⤵
  PID:4852
- C:\Windows\System\NmPgFcD.exe
  C:\Windows\System\NmPgFcD.exe
  2⤵
  PID:4868
- C:\Windows\System\KCuDRPZ.exe
  C:\Windows\System\KCuDRPZ.exe
  2⤵
  PID:3328
- C:\Windows\System\ErDlkRz.exe
  C:\Windows\System\ErDlkRz.exe
  2⤵
  PID:2464
- C:\Windows\System\CUabQSI.exe
  C:\Windows\System\CUabQSI.exe
  2⤵
  PID:2912
- C:\Windows\System\VWlzmKm.exe
  C:\Windows\System\VWlzmKm.exe
  2⤵
  PID:1268
- C:\Windows\System\Okqkggs.exe
  C:\Windows\System\Okqkggs.exe
  2⤵
  PID:1368
- C:\Windows\System\hobWoMF.exe
  C:\Windows\System\hobWoMF.exe
  2⤵
  PID:2820
- C:\Windows\System\cpYyfAW.exe
  C:\Windows\System\cpYyfAW.exe
  2⤵
  PID:956
- C:\Windows\System\fFTlNSF.exe
  C:\Windows\System\fFTlNSF.exe
  2⤵
  PID:1496
- C:\Windows\System\mZseVnH.exe
  C:\Windows\System\mZseVnH.exe
  2⤵
  PID:2744
- C:\Windows\System\oDDZUxI.exe
  C:\Windows\System\oDDZUxI.exe
  2⤵
  PID:1672
- C:\Windows\System\aDftbaY.exe
  C:\Windows\System\aDftbaY.exe
  2⤵
  PID:916
- C:\Windows\System\SdNJiAo.exe
  C:\Windows\System\SdNJiAo.exe
  2⤵
  PID:1748
- C:\Windows\System\VppLVAT.exe
  C:\Windows\System\VppLVAT.exe
  2⤵
  PID:4912
- C:\Windows\System\hxBiYUr.exe
  C:\Windows\System\hxBiYUr.exe
  2⤵
  PID:4940
- C:\Windows\System\yAznOCS.exe
  C:\Windows\System\yAznOCS.exe
  2⤵
  PID:4980
- C:\Windows\System\IheBWUK.exe
  C:\Windows\System\IheBWUK.exe
  2⤵
  PID:5052
- C:\Windows\System\WCQEGQC.exe
  C:\Windows\System\WCQEGQC.exe
  2⤵
  PID:4040
- C:\Windows\System\OpuMPmD.exe
  C:\Windows\System\OpuMPmD.exe
  2⤵
  PID:4164
- C:\Windows\System\ZEptZqC.exe
  C:\Windows\System\ZEptZqC.exe
  2⤵
  PID:4188
- C:\Windows\System\VOSyUFs.exe
  C:\Windows\System\VOSyUFs.exe
  2⤵
  PID:4248
- C:\Windows\System\HXuZgQx.exe
  C:\Windows\System\HXuZgQx.exe
  2⤵
  PID:5068
- C:\Windows\System\mUGhGBq.exe
  C:\Windows\System\mUGhGBq.exe
  2⤵
  PID:3712
- C:\Windows\System\ZqioaTX.exe
  C:\Windows\System\ZqioaTX.exe
  2⤵
  PID:3240
- C:\Windows\System\AlFQZLb.exe
  C:\Windows\System\AlFQZLb.exe
  2⤵
  PID:4328
- C:\Windows\System\LqDZqQT.exe
  C:\Windows\System\LqDZqQT.exe
  2⤵
  PID:4284
- C:\Windows\System\Ltuawff.exe
  C:\Windows\System\Ltuawff.exe
  2⤵
  PID:4340
- C:\Windows\System\baBzIuJ.exe
  C:\Windows\System\baBzIuJ.exe
  2⤵
  PID:4412
- C:\Windows\System\GWxNdAo.exe
  C:\Windows\System\GWxNdAo.exe
  2⤵
  PID:4432
- C:\Windows\System\XhLRozb.exe
  C:\Windows\System\XhLRozb.exe
  2⤵
  PID:4472
- C:\Windows\System\ndZRdjs.exe
  C:\Windows\System\ndZRdjs.exe
  2⤵
  PID:4548
- C:\Windows\System\JitJzRs.exe
  C:\Windows\System\JitJzRs.exe
  2⤵
  PID:4692
- C:\Windows\System\vvYdMXz.exe
  C:\Windows\System\vvYdMXz.exe
  2⤵
  PID:4744
- C:\Windows\System\diNsVcU.exe
  C:\Windows\System\diNsVcU.exe
  2⤵
  PID:4648
- C:\Windows\System\beHAaDf.exe
  C:\Windows\System\beHAaDf.exe
  2⤵
  PID:4804
- C:\Windows\System\oilRAMo.exe
  C:\Windows\System\oilRAMo.exe
  2⤵
  PID:4824
- C:\Windows\System\KdWsUYq.exe
  C:\Windows\System\KdWsUYq.exe
  2⤵
  PID:4888
- C:\Windows\System\yaeVEtO.exe
  C:\Windows\System\yaeVEtO.exe
  2⤵
  PID:4864
- C:\Windows\System\wvhFhTe.exe
  C:\Windows\System\wvhFhTe.exe
  2⤵
  PID:1064
- C:\Windows\System\bkdcjqk.exe
  C:\Windows\System\bkdcjqk.exe
  2⤵
  PID:2776
- C:\Windows\System\TdhVJZr.exe
  C:\Windows\System\TdhVJZr.exe
  2⤵
  PID:1604
- C:\Windows\System\sVtHMIP.exe
  C:\Windows\System\sVtHMIP.exe
  2⤵
  PID:5088
- C:\Windows\System\gkfXlht.exe
  C:\Windows\System\gkfXlht.exe
  2⤵
  PID:4928
- C:\Windows\System\VFoAZLS.exe
  C:\Windows\System\VFoAZLS.exe
  2⤵
  PID:1056
- C:\Windows\System\SuMdBGu.exe
  C:\Windows\System\SuMdBGu.exe
  2⤵
  PID:2308
- C:\Windows\System\mnnvbjE.exe
  C:\Windows\System\mnnvbjE.exe
  2⤵
  PID:5016
- C:\Windows\System\pHrywYq.exe
  C:\Windows\System\pHrywYq.exe
  2⤵
  PID:2936
- C:\Windows\System\sAoEweo.exe
  C:\Windows\System\sAoEweo.exe
  2⤵
  PID:4204
- C:\Windows\System\DZhwdSD.exe
  C:\Windows\System\DZhwdSD.exe
  2⤵
  PID:5036
- C:\Windows\System\YUXCjOB.exe
  C:\Windows\System\YUXCjOB.exe
  2⤵
  PID:4240
- C:\Windows\System\JQeYGcr.exe
  C:\Windows\System\JQeYGcr.exe
  2⤵
  PID:3444
- C:\Windows\System\LzUmDCM.exe
  C:\Windows\System\LzUmDCM.exe
  2⤵
  PID:4404
- C:\Windows\System\sbNsaGO.exe
  C:\Windows\System\sbNsaGO.exe
  2⤵
  PID:4688
- C:\Windows\System\WjQOtMU.exe
  C:\Windows\System\WjQOtMU.exe
  2⤵
  PID:4200
- C:\Windows\System\ExBssKL.exe
  C:\Windows\System\ExBssKL.exe
  2⤵
  PID:4564
- C:\Windows\System\SvSjCsS.exe
  C:\Windows\System\SvSjCsS.exe
  2⤵
  PID:4552
- C:\Windows\System\UmtruEP.exe
  C:\Windows\System\UmtruEP.exe
  2⤵
  PID:4728
- C:\Windows\System\VboqOki.exe
  C:\Windows\System\VboqOki.exe
  2⤵
  PID:2640
- C:\Windows\System\ePvhhpP.exe
  C:\Windows\System\ePvhhpP.exe
  2⤵
  PID:2176
- C:\Windows\System\OAgasqh.exe
  C:\Windows\System\OAgasqh.exe
  2⤵
  PID:296
- C:\Windows\System\qCATrRG.exe
  C:\Windows\System\qCATrRG.exe
  2⤵
  PID:5084
- C:\Windows\System\SdRatFj.exe
  C:\Windows\System\SdRatFj.exe
  2⤵
  PID:4964
- C:\Windows\System\UAGQKhw.exe
  C:\Windows\System\UAGQKhw.exe
  2⤵
  PID:4208
- C:\Windows\System\zkSsenN.exe
  C:\Windows\System\zkSsenN.exe
  2⤵
  PID:4304
- C:\Windows\System\vsGdiFP.exe
  C:\Windows\System\vsGdiFP.exe
  2⤵
  PID:4128
- C:\Windows\System\wfYdwVm.exe
  C:\Windows\System\wfYdwVm.exe
  2⤵
  PID:5108
- C:\Windows\System\hrtSpwE.exe
  C:\Windows\System\hrtSpwE.exe
  2⤵
  PID:4288
- C:\Windows\System\yFSpcwP.exe
  C:\Windows\System\yFSpcwP.exe
  2⤵
  PID:4488
- C:\Windows\System\MYgdWQq.exe
  C:\Windows\System\MYgdWQq.exe
  2⤵
  PID:4608
- C:\Windows\System\BFnDSob.exe
  C:\Windows\System\BFnDSob.exe
  2⤵
  PID:4768
- C:\Windows\System\MhxIHKM.exe
  C:\Windows\System\MhxIHKM.exe
  2⤵
  PID:1696
- C:\Windows\System\VVFIBHY.exe
  C:\Windows\System\VVFIBHY.exe
  2⤵
  PID:1864
- C:\Windows\System\gVBkplP.exe
  C:\Windows\System\gVBkplP.exe
  2⤵
  PID:600
- C:\Windows\System\wviFuqT.exe
  C:\Windows\System\wviFuqT.exe
  2⤵
  PID:3852
- C:\Windows\System\ZWjvGsD.exe
  C:\Windows\System\ZWjvGsD.exe
  2⤵
  PID:4924
- C:\Windows\System\fJcbipz.exe
  C:\Windows\System\fJcbipz.exe
  2⤵
  PID:4908
- C:\Windows\System\MClCyrB.exe
  C:\Windows\System\MClCyrB.exe
  2⤵
  PID:1036
- C:\Windows\System\MaapYZZ.exe
  C:\Windows\System\MaapYZZ.exe
  2⤵
  PID:3528
- C:\Windows\System\rPFYTPD.exe
  C:\Windows\System\rPFYTPD.exe
  2⤵
  PID:4140
- C:\Windows\System\EzDGbZK.exe
  C:\Windows\System\EzDGbZK.exe
  2⤵
  PID:4976
- C:\Windows\System\yzgqzaT.exe
  C:\Windows\System\yzgqzaT.exe
  2⤵
  PID:4448
- C:\Windows\System\BwwJcLs.exe
  C:\Windows\System\BwwJcLs.exe
  2⤵
  PID:1992
- C:\Windows\System\BLqDAcy.exe
  C:\Windows\System\BLqDAcy.exe
  2⤵
  PID:4784
- C:\Windows\System\hPNvTaL.exe
  C:\Windows\System\hPNvTaL.exe
  2⤵
  PID:2704
- C:\Windows\System\SKDSlyR.exe
  C:\Windows\System\SKDSlyR.exe
  2⤵
  PID:4732
- C:\Windows\System\fDPepwH.exe
  C:\Windows\System\fDPepwH.exe
  2⤵
  PID:5132
- C:\Windows\System\REQEoqD.exe
  C:\Windows\System\REQEoqD.exe
  2⤵
  PID:5148
- C:\Windows\System\PYWDFdO.exe
  C:\Windows\System\PYWDFdO.exe
  2⤵
  PID:5176
- C:\Windows\System\ROGAjJP.exe
  C:\Windows\System\ROGAjJP.exe
  2⤵
  PID:5192
- C:\Windows\System\TqPdwwA.exe
  C:\Windows\System\TqPdwwA.exe
  2⤵
  PID:5212
- C:\Windows\System\aVkMSkO.exe
  C:\Windows\System\aVkMSkO.exe
  2⤵
  PID:5232
- C:\Windows\System\vVNUMOF.exe
  C:\Windows\System\vVNUMOF.exe
  2⤵
  PID:5248
- C:\Windows\System\zmDAvuO.exe
  C:\Windows\System\zmDAvuO.exe
  2⤵
  PID:5268
- C:\Windows\System\gVGDLfd.exe
  C:\Windows\System\gVGDLfd.exe
  2⤵
  PID:5304
- C:\Windows\System\MoNzBQS.exe
  C:\Windows\System\MoNzBQS.exe
  2⤵
  PID:5320
- C:\Windows\System\gzPlHOs.exe
  C:\Windows\System\gzPlHOs.exe
  2⤵
  PID:5336
- C:\Windows\System\VEKkosr.exe
  C:\Windows\System\VEKkosr.exe
  2⤵
  PID:5356
- C:\Windows\System\mMsUVCP.exe
  C:\Windows\System\mMsUVCP.exe
  2⤵
  PID:5372
- C:\Windows\System\CHTiihg.exe
  C:\Windows\System\CHTiihg.exe
  2⤵
  PID:5392
- C:\Windows\System\VcDqerl.exe
  C:\Windows\System\VcDqerl.exe
  2⤵
  PID:5408
- C:\Windows\System\LcvzHaK.exe
  C:\Windows\System\LcvzHaK.exe
  2⤵
  PID:5432
- C:\Windows\System\geXOetp.exe
  C:\Windows\System\geXOetp.exe
  2⤵
  PID:5452
- C:\Windows\System\avmcEZd.exe
  C:\Windows\System\avmcEZd.exe
  2⤵
  PID:5480
- C:\Windows\System\SZkmMoi.exe
  C:\Windows\System\SZkmMoi.exe
  2⤵
  PID:5500
- C:\Windows\System\pSPLKbH.exe
  C:\Windows\System\pSPLKbH.exe
  2⤵
  PID:5516
- C:\Windows\System\JhljoFX.exe
  C:\Windows\System\JhljoFX.exe
  2⤵
  PID:5540
- C:\Windows\System\RLIoIpG.exe
  C:\Windows\System\RLIoIpG.exe
  2⤵
  PID:5560
- C:\Windows\System\lSIHQRK.exe
  C:\Windows\System\lSIHQRK.exe
  2⤵
  PID:5576
- C:\Windows\System\nwgjWKQ.exe
  C:\Windows\System\nwgjWKQ.exe
  2⤵
  PID:5604
- C:\Windows\System\SAxRkyA.exe
  C:\Windows\System\SAxRkyA.exe
  2⤵
  PID:5620
- C:\Windows\System\sBFXJFY.exe
  C:\Windows\System\sBFXJFY.exe
  2⤵
  PID:5644
- C:\Windows\System\ewluuvm.exe
  C:\Windows\System\ewluuvm.exe
  2⤵
  PID:5672
- C:\Windows\System\AKvOjsl.exe
  C:\Windows\System\AKvOjsl.exe
  2⤵
  PID:5688
- C:\Windows\System\jyfqmjs.exe
  C:\Windows\System\jyfqmjs.exe
  2⤵
  PID:5704
- C:\Windows\System\STEWiBh.exe
  C:\Windows\System\STEWiBh.exe
  2⤵
  PID:5720
- C:\Windows\System\wPNUvLT.exe
  C:\Windows\System\wPNUvLT.exe
  2⤵
  PID:5752
- C:\Windows\System\XFgRhCO.exe
  C:\Windows\System\XFgRhCO.exe
  2⤵
  PID:5772
- C:\Windows\System\xmVcGvG.exe
  C:\Windows\System\xmVcGvG.exe
  2⤵
  PID:5788
- C:\Windows\System\XUbNqrN.exe
  C:\Windows\System\XUbNqrN.exe
  2⤵
  PID:5804
- C:\Windows\System\aOoLLUZ.exe
  C:\Windows\System\aOoLLUZ.exe
  2⤵
  PID:5820
- C:\Windows\System\uQouOYq.exe
  C:\Windows\System\uQouOYq.exe
  2⤵
  PID:5844
- C:\Windows\System\AYrXbIv.exe
  C:\Windows\System\AYrXbIv.exe
  2⤵
  PID:5864
- C:\Windows\System\ZHVqUfQ.exe
  C:\Windows\System\ZHVqUfQ.exe
  2⤵
  PID:5892
- C:\Windows\System\JFUprqy.exe
  C:\Windows\System\JFUprqy.exe
  2⤵
  PID:5908
- C:\Windows\System\jSPYBQq.exe
  C:\Windows\System\jSPYBQq.exe
  2⤵
  PID:5924
- C:\Windows\System\MWFzaPE.exe
  C:\Windows\System\MWFzaPE.exe
  2⤵
  PID:5948
- C:\Windows\System\iMbuRzd.exe
  C:\Windows\System\iMbuRzd.exe
  2⤵
  PID:5964
- C:\Windows\System\uJhSHJz.exe
  C:\Windows\System\uJhSHJz.exe
  2⤵
  PID:5988
- C:\Windows\System\wTAJeTY.exe
  C:\Windows\System\wTAJeTY.exe
  2⤵
  PID:6008
- C:\Windows\System\JkMvJYv.exe
  C:\Windows\System\JkMvJYv.exe
  2⤵
  PID:6024
- C:\Windows\System\LasIIKt.exe
  C:\Windows\System\LasIIKt.exe
  2⤵
  PID:6040
- C:\Windows\System\cEtUsdS.exe
  C:\Windows\System\cEtUsdS.exe
  2⤵
  PID:6072
- C:\Windows\System\fijRUBe.exe
  C:\Windows\System\fijRUBe.exe
  2⤵
  PID:6088
- C:\Windows\System\moLVUgi.exe
  C:\Windows\System\moLVUgi.exe
  2⤵
  PID:6104
- C:\Windows\System\iktYysn.exe
  C:\Windows\System\iktYysn.exe
  2⤵
  PID:6120
- C:\Windows\System\NEvaRwK.exe
  C:\Windows\System\NEvaRwK.exe
  2⤵
  PID:6136
- C:\Windows\System\PjVCxdx.exe
  C:\Windows\System\PjVCxdx.exe
  2⤵
  PID:5164
- C:\Windows\System\nAalOKv.exe
  C:\Windows\System\nAalOKv.exe
  2⤵
  PID:5204
- C:\Windows\System\DJkpTgG.exe
  C:\Windows\System\DJkpTgG.exe
  2⤵
  PID:5244
- C:\Windows\System\XZIPAkH.exe
  C:\Windows\System\XZIPAkH.exe
  2⤵
  PID:5280
- C:\Windows\System\VAhaYLY.exe
  C:\Windows\System\VAhaYLY.exe
  2⤵
  PID:5260
- C:\Windows\System\lZuTLFs.exe
  C:\Windows\System\lZuTLFs.exe
  2⤵
  PID:5184
- C:\Windows\System\qGJECJV.exe
  C:\Windows\System\qGJECJV.exe
  2⤵
  PID:5288
- C:\Windows\System\GKlfWuK.exe
  C:\Windows\System\GKlfWuK.exe
  2⤵
  PID:5332
- C:\Windows\System\pfBKtoS.exe
  C:\Windows\System\pfBKtoS.exe
  2⤵
  PID:5316
- C:\Windows\System\DmVAQYo.exe
  C:\Windows\System\DmVAQYo.exe
  2⤵
  PID:5444
- C:\Windows\System\YsguMPn.exe
  C:\Windows\System\YsguMPn.exe
  2⤵
  PID:5380
- C:\Windows\System\qToIxpg.exe
  C:\Windows\System\qToIxpg.exe
  2⤵
  PID:5352
- C:\Windows\System\vSleXZp.exe
  C:\Windows\System\vSleXZp.exe
  2⤵
  PID:5388
- C:\Windows\System\AgUdCPO.exe
  C:\Windows\System\AgUdCPO.exe
  2⤵
  PID:5496
- C:\Windows\System\DJJPieq.exe
  C:\Windows\System\DJJPieq.exe
  2⤵
  PID:5568
- C:\Windows\System\WJbiqoM.exe
  C:\Windows\System\WJbiqoM.exe
  2⤵
  PID:5548
- C:\Windows\System\zxKiMKE.exe
  C:\Windows\System\zxKiMKE.exe
  2⤵
  PID:5628
- C:\Windows\System\UVBfzLM.exe
  C:\Windows\System\UVBfzLM.exe
  2⤵
  PID:5668
- C:\Windows\System\EwavaOt.exe
  C:\Windows\System\EwavaOt.exe
  2⤵
  PID:5684
- C:\Windows\System\wBccbWi.exe
  C:\Windows\System\wBccbWi.exe
  2⤵
  PID:5740
- C:\Windows\System\feLvyiI.exe
  C:\Windows\System\feLvyiI.exe
  2⤵
  PID:5796
- C:\Windows\System\OXDrSfg.exe
  C:\Windows\System\OXDrSfg.exe
  2⤵
  PID:5816
- C:\Windows\System\PgMoawG.exe
  C:\Windows\System\PgMoawG.exe
  2⤵
  PID:5860
- C:\Windows\System\HbiSpkI.exe
  C:\Windows\System\HbiSpkI.exe
  2⤵
  PID:5840
- C:\Windows\System\NmotVNN.exe
  C:\Windows\System\NmotVNN.exe
  2⤵
  PID:5920
- C:\Windows\System\YlEtLfK.exe
  C:\Windows\System\YlEtLfK.exe
  2⤵
  PID:5940
- C:\Windows\System\CEEUsZV.exe
  C:\Windows\System\CEEUsZV.exe
  2⤵
  PID:5976
- C:\Windows\System\EbUhkKv.exe
  C:\Windows\System\EbUhkKv.exe
  2⤵
  PID:6064
- C:\Windows\System\AUdLYBB.exe
  C:\Windows\System\AUdLYBB.exe
  2⤵
  PID:6032
- C:\Windows\System\gLCJYpe.exe
  C:\Windows\System\gLCJYpe.exe
  2⤵
  PID:6100
- C:\Windows\System\XMqWPfJ.exe
  C:\Windows\System\XMqWPfJ.exe
  2⤵
  PID:6080
- C:\Windows\System\oKtNQPP.exe
  C:\Windows\System\oKtNQPP.exe
  2⤵
  PID:5104
- C:\Windows\System\xwhMoQM.exe
  C:\Windows\System\xwhMoQM.exe
  2⤵
  PID:5172
- C:\Windows\System\ukbYPcC.exe
  C:\Windows\System\ukbYPcC.exe
  2⤵
  PID:5188
- C:\Windows\System\ilicSiC.exe
  C:\Windows\System\ilicSiC.exe
  2⤵
  PID:5296
- C:\Windows\System\UFwAqgW.exe
  C:\Windows\System\UFwAqgW.exe
  2⤵
  PID:5428
- C:\Windows\System\ZdZTRDt.exe
  C:\Windows\System\ZdZTRDt.exe
  2⤵
  PID:5612
- C:\Windows\System\cAzWpsS.exe
  C:\Windows\System\cAzWpsS.exe
  2⤵
  PID:5312
- C:\Windows\System\ZRSvJRI.exe
  C:\Windows\System\ZRSvJRI.exe
  2⤵
  PID:5464
- C:\Windows\System\QDTUydf.exe
  C:\Windows\System\QDTUydf.exe
  2⤵
  PID:5616
- C:\Windows\System\aNLvYqg.exe
  C:\Windows\System\aNLvYqg.exe
  2⤵
  PID:5532
- C:\Windows\System\tAhbTcy.exe
  C:\Windows\System\tAhbTcy.exe
  2⤵
  PID:5664
- C:\Windows\System\oyMhVfe.exe
  C:\Windows\System\oyMhVfe.exe
  2⤵
  PID:5736
- C:\Windows\System\vAKrbMb.exe
  C:\Windows\System\vAKrbMb.exe
  2⤵
  PID:5732
- C:\Windows\System\WiNSjYW.exe
  C:\Windows\System\WiNSjYW.exe
  2⤵
  PID:5880
- C:\Windows\System\FhhBzyS.exe
  C:\Windows\System\FhhBzyS.exe
  2⤵
  PID:5748
- C:\Windows\System\LjMBYHY.exe
  C:\Windows\System\LjMBYHY.exe
  2⤵
  PID:5904
- C:\Windows\System\zYjqXqz.exe
  C:\Windows\System\zYjqXqz.exe
  2⤵
  PID:5956
- C:\Windows\System\qIpcmDN.exe
  C:\Windows\System\qIpcmDN.exe
  2⤵
  PID:6016
- C:\Windows\System\nRuJWpL.exe
  C:\Windows\System\nRuJWpL.exe
  2⤵
  PID:5960
- C:\Windows\System\neALihk.exe
  C:\Windows\System\neALihk.exe
  2⤵
  PID:2504
- C:\Windows\System\mAqKTxb.exe
  C:\Windows\System\mAqKTxb.exe
  2⤵
  PID:6112
- C:\Windows\System\EmAhiIx.exe
  C:\Windows\System\EmAhiIx.exe
  2⤵
  PID:5328
- C:\Windows\System\bhNXvVS.exe
  C:\Windows\System\bhNXvVS.exe
  2⤵
  PID:5440
- C:\Windows\System\TJQrcCo.exe
  C:\Windows\System\TJQrcCo.exe
  2⤵
  PID:5512
- C:\Windows\System\llchKcU.exe
  C:\Windows\System\llchKcU.exe
  2⤵
  PID:5492
- C:\Windows\System\QIBkTPu.exe
  C:\Windows\System\QIBkTPu.exe
  2⤵
  PID:5228
- C:\Windows\System\zRZmnVn.exe
  C:\Windows\System\zRZmnVn.exe
  2⤵
  PID:5652
- C:\Windows\System\cdEylQh.exe
  C:\Windows\System\cdEylQh.exe
  2⤵
  PID:5884
- C:\Windows\System\lQzvQaj.exe
  C:\Windows\System\lQzvQaj.exe
  2⤵
  PID:5936
- C:\Windows\System\eDclMTk.exe
  C:\Windows\System\eDclMTk.exe
  2⤵
  PID:6060
- C:\Windows\System\tAGNWkj.exe
  C:\Windows\System\tAGNWkj.exe
  2⤵
  PID:5220
- C:\Windows\System\lMZntxn.exe
  C:\Windows\System\lMZntxn.exe
  2⤵
  PID:4808
- C:\Windows\System\CyHlQii.exe
  C:\Windows\System\CyHlQii.exe
  2⤵
  PID:6096
- C:\Windows\System\RGwuQUR.exe
  C:\Windows\System\RGwuQUR.exe
  2⤵
  PID:5888
- C:\Windows\System\qJmqjPV.exe
  C:\Windows\System\qJmqjPV.exe
  2⤵
  PID:5588
- C:\Windows\System\cTSBKTE.exe
  C:\Windows\System\cTSBKTE.exe
  2⤵
  PID:5636
- C:\Windows\System\YyQWyeo.exe
  C:\Windows\System\YyQWyeo.exe
  2⤵
  PID:5784
- C:\Windows\System\TNLgodr.exe
  C:\Windows\System\TNLgodr.exe
  2⤵
  PID:5780
- C:\Windows\System\AJRjqBw.exe
  C:\Windows\System\AJRjqBw.exe
  2⤵
  PID:6056
- C:\Windows\System\AqXcsrj.exe
  C:\Windows\System\AqXcsrj.exe
  2⤵
  PID:5916
- C:\Windows\System\MJwbfpV.exe
  C:\Windows\System\MJwbfpV.exe
  2⤵
  PID:5508
- C:\Windows\System\bkxkmOR.exe
  C:\Windows\System\bkxkmOR.exe
  2⤵
  PID:5932
- C:\Windows\System\KknjyDc.exe
  C:\Windows\System\KknjyDc.exe
  2⤵
  PID:6052
- C:\Windows\System\gdSFywA.exe
  C:\Windows\System\gdSFywA.exe
  2⤵
  PID:5828
- C:\Windows\System\CpCHPUn.exe
  C:\Windows\System\CpCHPUn.exe
  2⤵
  PID:5556
- C:\Windows\System\AJYPwhY.exe
  C:\Windows\System\AJYPwhY.exe
  2⤵
  PID:5156
- C:\Windows\System\sOsMfBK.exe
  C:\Windows\System\sOsMfBK.exe
  2⤵
  PID:6168
- C:\Windows\System\vIqbwae.exe
  C:\Windows\System\vIqbwae.exe
  2⤵
  PID:6184
- C:\Windows\System\hpsvgFp.exe
  C:\Windows\System\hpsvgFp.exe
  2⤵
  PID:6204
- C:\Windows\System\ghRnmXm.exe
  C:\Windows\System\ghRnmXm.exe
  2⤵
  PID:6224
- C:\Windows\System\dAvRFDQ.exe
  C:\Windows\System\dAvRFDQ.exe
  2⤵
  PID:6252
- C:\Windows\System\GnOeERC.exe
  C:\Windows\System\GnOeERC.exe
  2⤵
  PID:6268
- C:\Windows\System\gSqXaxB.exe
  C:\Windows\System\gSqXaxB.exe
  2⤵
  PID:6288
- C:\Windows\System\gCwCoHY.exe
  C:\Windows\System\gCwCoHY.exe
  2⤵
  PID:6304
- C:\Windows\System\DTAWpTp.exe
  C:\Windows\System\DTAWpTp.exe
  2⤵
  PID:6332
- C:\Windows\System\tuHgnMy.exe
  C:\Windows\System\tuHgnMy.exe
  2⤵
  PID:6348
- C:\Windows\System\KWejmVj.exe
  C:\Windows\System\KWejmVj.exe
  2⤵
  PID:6364
- C:\Windows\System\XWZdRVk.exe
  C:\Windows\System\XWZdRVk.exe
  2⤵
  PID:6380
- C:\Windows\System\JGmGvRv.exe
  C:\Windows\System\JGmGvRv.exe
  2⤵
  PID:6400
- C:\Windows\System\xBHLgzU.exe
  C:\Windows\System\xBHLgzU.exe
  2⤵
  PID:6420
- C:\Windows\System\KMwHPdu.exe
  C:\Windows\System\KMwHPdu.exe
  2⤵
  PID:6440
- C:\Windows\System\tzwDzeP.exe
  C:\Windows\System\tzwDzeP.exe
  2⤵
  PID:6456
- C:\Windows\System\qaFrmkr.exe
  C:\Windows\System\qaFrmkr.exe
  2⤵
  PID:6472
- C:\Windows\System\pjqjmQu.exe
  C:\Windows\System\pjqjmQu.exe
  2⤵
  PID:6488
- C:\Windows\System\rinsFYj.exe
  C:\Windows\System\rinsFYj.exe
  2⤵
  PID:6508
- C:\Windows\System\XMijiVn.exe
  C:\Windows\System\XMijiVn.exe
  2⤵
  PID:6524
- C:\Windows\System\ffuRLsE.exe
  C:\Windows\System\ffuRLsE.exe
  2⤵
  PID:6540
- C:\Windows\System\YrpCmVa.exe
  C:\Windows\System\YrpCmVa.exe
  2⤵
  PID:6588
- C:\Windows\System\IprtRSU.exe
  C:\Windows\System\IprtRSU.exe
  2⤵
  PID:6604
- C:\Windows\System\nWHeLqp.exe
  C:\Windows\System\nWHeLqp.exe
  2⤵
  PID:6624
- C:\Windows\System\pMMJihd.exe
  C:\Windows\System\pMMJihd.exe
  2⤵
  PID:6652
- C:\Windows\System\EiyemdJ.exe
  C:\Windows\System\EiyemdJ.exe
  2⤵
  PID:6668
- C:\Windows\System\LKXgYok.exe
  C:\Windows\System\LKXgYok.exe
  2⤵
  PID:6684
- C:\Windows\System\zJPDmTQ.exe
  C:\Windows\System\zJPDmTQ.exe
  2⤵
  PID:6700
- C:\Windows\System\oCkcOIH.exe
  C:\Windows\System\oCkcOIH.exe
  2⤵
  PID:6716
- C:\Windows\System\NUtpGna.exe
  C:\Windows\System\NUtpGna.exe
  2⤵
  PID:6732
- C:\Windows\System\oyhOQNl.exe
  C:\Windows\System\oyhOQNl.exe
  2⤵
  PID:6748
- C:\Windows\System\xTiXarh.exe
  C:\Windows\System\xTiXarh.exe
  2⤵
  PID:6764
- C:\Windows\System\EvApAEf.exe
  C:\Windows\System\EvApAEf.exe
  2⤵
  PID:6780
- C:\Windows\System\Spkvyrx.exe
  C:\Windows\System\Spkvyrx.exe
  2⤵
  PID:6796
- C:\Windows\System\ETnvZFf.exe
  C:\Windows\System\ETnvZFf.exe
  2⤵
  PID:6812
- C:\Windows\System\bNGkium.exe
  C:\Windows\System\bNGkium.exe
  2⤵
  PID:6828
- C:\Windows\System\imwbqUO.exe
  C:\Windows\System\imwbqUO.exe
  2⤵
  PID:6844
- C:\Windows\System\eEgshKT.exe
  C:\Windows\System\eEgshKT.exe
  2⤵
  PID:6860
- C:\Windows\System\pcwWGMq.exe
  C:\Windows\System\pcwWGMq.exe
  2⤵
  PID:6876
- C:\Windows\System\hWRXNPq.exe
  C:\Windows\System\hWRXNPq.exe
  2⤵
  PID:6892
- C:\Windows\System\ltjRFeJ.exe
  C:\Windows\System\ltjRFeJ.exe
  2⤵
  PID:6908
- C:\Windows\System\BAUGznr.exe
  C:\Windows\System\BAUGznr.exe
  2⤵
  PID:6924
- C:\Windows\System\UolQEZI.exe
  C:\Windows\System\UolQEZI.exe
  2⤵
  PID:6940
- C:\Windows\System\JLCdgEa.exe
  C:\Windows\System\JLCdgEa.exe
  2⤵
  PID:6956
- C:\Windows\System\AKzdwIK.exe
  C:\Windows\System\AKzdwIK.exe
  2⤵
  PID:6972
- C:\Windows\System\hjRNhVl.exe
  C:\Windows\System\hjRNhVl.exe
  2⤵
  PID:6988
- C:\Windows\System\DiNUkfQ.exe
  C:\Windows\System\DiNUkfQ.exe
  2⤵
  PID:7004
- C:\Windows\System\BYaaKaC.exe
  C:\Windows\System\BYaaKaC.exe
  2⤵
  PID:7020
- C:\Windows\System\SCokIPZ.exe
  C:\Windows\System\SCokIPZ.exe
  2⤵
  PID:7036
- C:\Windows\System\XygFQad.exe
  C:\Windows\System\XygFQad.exe
  2⤵
  PID:7052
- C:\Windows\System\AFvxACp.exe
  C:\Windows\System\AFvxACp.exe
  2⤵
  PID:7068
- C:\Windows\System\EKnNsCm.exe
  C:\Windows\System\EKnNsCm.exe
  2⤵
  PID:7084
- C:\Windows\System\VqLjian.exe
  C:\Windows\System\VqLjian.exe
  2⤵
  PID:7100
- C:\Windows\System\OQiBvOs.exe
  C:\Windows\System\OQiBvOs.exe
  2⤵
  PID:7116
- C:\Windows\System\PNPspQa.exe
  C:\Windows\System\PNPspQa.exe
  2⤵
  PID:7132
- C:\Windows\System\pBeKmZU.exe
  C:\Windows\System\pBeKmZU.exe
  2⤵
  PID:7148
- C:\Windows\System\VLvypAp.exe
  C:\Windows\System\VLvypAp.exe
  2⤵
  PID:7164
- C:\Windows\System\UlVizxH.exe
  C:\Windows\System\UlVizxH.exe
  2⤵
  PID:5528
- C:\Windows\System\LgsVuOv.exe
  C:\Windows\System\LgsVuOv.exe
  2⤵
  PID:6152
- C:\Windows\System\bAYxsLK.exe
  C:\Windows\System\bAYxsLK.exe
  2⤵
  PID:5712
- C:\Windows\System\sCWzTzP.exe
  C:\Windows\System\sCWzTzP.exe
  2⤵
  PID:6232
- C:\Windows\System\zlxCGDI.exe
  C:\Windows\System\zlxCGDI.exe
  2⤵
  PID:6216
- C:\Windows\System\cMbopfr.exe
  C:\Windows\System\cMbopfr.exe
  2⤵
  PID:6244
- C:\Windows\System\pcwdvMX.exe
  C:\Windows\System\pcwdvMX.exe
  2⤵
  PID:6296
- C:\Windows\System\KqvYArP.exe
  C:\Windows\System\KqvYArP.exe
  2⤵
  PID:6280
- C:\Windows\System\Bwinfqq.exe
  C:\Windows\System\Bwinfqq.exe
  2⤵
  PID:6324
- C:\Windows\System\YVnvyHV.exe
  C:\Windows\System\YVnvyHV.exe
  2⤵
  PID:6360
- C:\Windows\System\bXQiEbN.exe
  C:\Windows\System\bXQiEbN.exe
  2⤵
  PID:6428
- C:\Windows\System\eHHfVMu.exe
  C:\Windows\System\eHHfVMu.exe
  2⤵
  PID:6468
- C:\Windows\System\lCbyULr.exe
  C:\Windows\System\lCbyULr.exe
  2⤵
  PID:6408
- C:\Windows\System\qOYAaoc.exe
  C:\Windows\System\qOYAaoc.exe
  2⤵
  PID:6452
- C:\Windows\System\FyeOcWI.exe
  C:\Windows\System\FyeOcWI.exe
  2⤵
  PID:6504
- C:\Windows\System\uMMDpaS.exe
  C:\Windows\System\uMMDpaS.exe
  2⤵
  PID:6556
- C:\Windows\System\YWAnIUs.exe
  C:\Windows\System\YWAnIUs.exe
  2⤵
  PID:6572
- C:\Windows\System\iiUIorh.exe
  C:\Windows\System\iiUIorh.exe
  2⤵
  PID:6600
- C:\Windows\System\IXdMOCs.exe
  C:\Windows\System\IXdMOCs.exe
  2⤵
  PID:6616
- C:\Windows\System\LGccNEo.exe
  C:\Windows\System\LGccNEo.exe
  2⤵
  PID:6772
- C:\Windows\System\YNzSvCD.exe
  C:\Windows\System\YNzSvCD.exe
  2⤵
  PID:6676
- C:\Windows\System\dLjPNvO.exe
  C:\Windows\System\dLjPNvO.exe
  2⤵
  PID:6804
- C:\Windows\System\KRNAdoM.exe
  C:\Windows\System\KRNAdoM.exe
  2⤵
  PID:6728
- C:\Windows\System\KHSPMXB.exe
  C:\Windows\System\KHSPMXB.exe
  2⤵
  PID:6900
- C:\Windows\System\yUsSSBA.exe
  C:\Windows\System\yUsSSBA.exe
  2⤵
  PID:6872
- C:\Windows\System\PWvERfW.exe
  C:\Windows\System\PWvERfW.exe
  2⤵
  PID:6824
- C:\Windows\System\PJaCQFa.exe
  C:\Windows\System\PJaCQFa.exe
  2⤵
  PID:6920
- C:\Windows\System\QyCmJOm.exe
  C:\Windows\System\QyCmJOm.exe
  2⤵
  PID:6852
- C:\Windows\System\qIdMYug.exe
  C:\Windows\System\qIdMYug.exe
  2⤵
  PID:6980
- C:\Windows\System\TCmQHnq.exe
  C:\Windows\System\TCmQHnq.exe
  2⤵
  PID:7028
- C:\Windows\System\diPbOmA.exe
  C:\Windows\System\diPbOmA.exe
  2⤵
  PID:7092
- C:\Windows\System\LDXXgCF.exe
  C:\Windows\System\LDXXgCF.exe
  2⤵
  PID:7124
- C:\Windows\System\xRpDDob.exe
  C:\Windows\System\xRpDDob.exe
  2⤵
  PID:7140
- C:\Windows\System\pQLrYSk.exe
  C:\Windows\System\pQLrYSk.exe
  2⤵
  PID:6164
- C:\Windows\System\GjeRwIG.exe
  C:\Windows\System\GjeRwIG.exe
  2⤵
  PID:7156
- C:\Windows\System\XrbKsFo.exe
  C:\Windows\System\XrbKsFo.exe
  2⤵
  PID:6236
- C:\Windows\System\uffaJFC.exe
  C:\Windows\System\uffaJFC.exe
  2⤵
  PID:6212
- C:\Windows\System\PjEbIdb.exe
  C:\Windows\System\PjEbIdb.exe
  2⤵
  PID:6328
- C:\Windows\System\BvxyEcP.exe
  C:\Windows\System\BvxyEcP.exe
  2⤵
  PID:6464
- C:\Windows\System\tCjfdiw.exe
  C:\Windows\System\tCjfdiw.exe
  2⤵
  PID:6484
- C:\Windows\System\cMHUpTO.exe
  C:\Windows\System\cMHUpTO.exe
  2⤵
  PID:6500
- C:\Windows\System\elVktLL.exe
  C:\Windows\System\elVktLL.exe
  2⤵
  PID:6584
- C:\Windows\System\PoqbyAD.exe
  C:\Windows\System\PoqbyAD.exe
  2⤵
  PID:6552
- C:\Windows\System\pzyixkw.exe
  C:\Windows\System\pzyixkw.exe
  2⤵
  PID:6644
- C:\Windows\System\UjOPisd.exe
  C:\Windows\System\UjOPisd.exe
  2⤵
  PID:6712
- C:\Windows\System\SvxVKjq.exe
  C:\Windows\System\SvxVKjq.exe
  2⤵
  PID:6756
- C:\Windows\System\SZAtNWH.exe
  C:\Windows\System\SZAtNWH.exe
  2⤵
  PID:6664
- C:\Windows\System\RnVJKvh.exe
  C:\Windows\System\RnVJKvh.exe
  2⤵
  PID:6916
- C:\Windows\System\uwroyxX.exe
  C:\Windows\System\uwroyxX.exe
  2⤵
  PID:6820
- C:\Windows\System\EbfQPAg.exe
  C:\Windows\System\EbfQPAg.exe
  2⤵
  PID:6996
- C:\Windows\System\MrhZwQm.exe
  C:\Windows\System\MrhZwQm.exe
  2⤵
  PID:7064
- C:\Windows\System\myqKzhF.exe
  C:\Windows\System\myqKzhF.exe
  2⤵
  PID:7096
- C:\Windows\System\LNYlmrH.exe
  C:\Windows\System\LNYlmrH.exe
  2⤵
  PID:5448
- C:\Windows\System\EuFIZbH.exe
  C:\Windows\System\EuFIZbH.exe
  2⤵
  PID:6200
- C:\Windows\System\dklLWsi.exe
  C:\Windows\System\dklLWsi.exe
  2⤵
  PID:6320
- C:\Windows\System\eJVOuiU.exe
  C:\Windows\System\eJVOuiU.exe
  2⤵
  PID:6760
- C:\Windows\System\mBCNbzA.exe
  C:\Windows\System\mBCNbzA.exe
  2⤵
  PID:6240
- C:\Windows\System\NbtpDQM.exe
  C:\Windows\System\NbtpDQM.exe
  2⤵
  PID:6392
- C:\Windows\System\ZxZKBIE.exe
  C:\Windows\System\ZxZKBIE.exe
  2⤵
  PID:6520
- C:\Windows\System\MGeNQvc.exe
  C:\Windows\System\MGeNQvc.exe
  2⤵
  PID:6708
- C:\Windows\System\DynRSAc.exe
  C:\Windows\System\DynRSAc.exe
  2⤵
  PID:6964
- C:\Windows\System\FNIAABV.exe
  C:\Windows\System\FNIAABV.exe
  2⤵
  PID:7108
- C:\Windows\System\zNWtHGl.exe
  C:\Windows\System\zNWtHGl.exe
  2⤵
  PID:7112
- C:\Windows\System\VuxzNvU.exe
  C:\Windows\System\VuxzNvU.exe
  2⤵
  PID:7060
- C:\Windows\System\HRZeKqT.exe
  C:\Windows\System\HRZeKqT.exe
  2⤵
  PID:6548
- C:\Windows\System\lyBTngh.exe
  C:\Windows\System\lyBTngh.exe
  2⤵
  PID:5856
- C:\Windows\System\BYfVugc.exe
  C:\Windows\System\BYfVugc.exe
  2⤵
  PID:6636
- C:\Windows\System\nzLnqxZ.exe
  C:\Windows\System\nzLnqxZ.exe
  2⤵
  PID:6884
- C:\Windows\System\TBOuQIU.exe
  C:\Windows\System\TBOuQIU.exe
  2⤵
  PID:6448
- C:\Windows\System\IpIdkBI.exe
  C:\Windows\System\IpIdkBI.exe
  2⤵
  PID:7012
- C:\Windows\System\LiFokbo.exe
  C:\Windows\System\LiFokbo.exe
  2⤵
  PID:6532
- C:\Windows\System\NUBEFtC.exe
  C:\Windows\System\NUBEFtC.exe
  2⤵
  PID:7184
- C:\Windows\System\JqlNVSs.exe
  C:\Windows\System\JqlNVSs.exe
  2⤵
  PID:7204
- C:\Windows\System\cZrJpvV.exe
  C:\Windows\System\cZrJpvV.exe
  2⤵
  PID:7224
- C:\Windows\System\sfphSDR.exe
  C:\Windows\System\sfphSDR.exe
  2⤵
  PID:7240
- C:\Windows\System\TdsKDcI.exe
  C:\Windows\System\TdsKDcI.exe
  2⤵
  PID:7268
- C:\Windows\System\gwFbfOj.exe
  C:\Windows\System\gwFbfOj.exe
  2⤵
  PID:7284
- C:\Windows\System\abEIiON.exe
  C:\Windows\System\abEIiON.exe
  2⤵
  PID:7300
- C:\Windows\System\SRmfyjq.exe
  C:\Windows\System\SRmfyjq.exe
  2⤵
  PID:7340
- C:\Windows\System\HTgTsdB.exe
  C:\Windows\System\HTgTsdB.exe
  2⤵
  PID:7360
- C:\Windows\System\ybIgFfL.exe
  C:\Windows\System\ybIgFfL.exe
  2⤵
  PID:7380
- C:\Windows\System\xpaDlii.exe
  C:\Windows\System\xpaDlii.exe
  2⤵
  PID:7400
- C:\Windows\System\ufQNfxZ.exe
  C:\Windows\System\ufQNfxZ.exe
  2⤵
  PID:7416
- C:\Windows\System\xOMydlc.exe
  C:\Windows\System\xOMydlc.exe
  2⤵
  PID:7436
- C:\Windows\System\slMSPfp.exe
  C:\Windows\System\slMSPfp.exe
  2⤵
  PID:7456
- C:\Windows\System\fAlKvVQ.exe
  C:\Windows\System\fAlKvVQ.exe
  2⤵
  PID:7472
- C:\Windows\System\AYnKwFM.exe
  C:\Windows\System\AYnKwFM.exe
  2⤵
  PID:7488
- C:\Windows\System\VdzyfqR.exe
  C:\Windows\System\VdzyfqR.exe
  2⤵
  PID:7508
- C:\Windows\System\gyycJlw.exe
  C:\Windows\System\gyycJlw.exe
  2⤵
  PID:7524
- C:\Windows\System\yWjhekQ.exe
  C:\Windows\System\yWjhekQ.exe
  2⤵
  PID:7540
- C:\Windows\System\qguySti.exe
  C:\Windows\System\qguySti.exe
  2⤵
  PID:7556
- C:\Windows\System\FoTFmKe.exe
  C:\Windows\System\FoTFmKe.exe
  2⤵
  PID:7576
- C:\Windows\System\HRODwwm.exe
  C:\Windows\System\HRODwwm.exe
  2⤵
  PID:7596
- C:\Windows\System\HOTRmNm.exe
  C:\Windows\System\HOTRmNm.exe
  2⤵
  PID:7612
- C:\Windows\System\ravoccP.exe
  C:\Windows\System\ravoccP.exe
  2⤵
  PID:7632
- C:\Windows\System\vzqENnK.exe
  C:\Windows\System\vzqENnK.exe
  2⤵
  PID:7648
- C:\Windows\System\cqzXBvO.exe
  C:\Windows\System\cqzXBvO.exe
  2⤵
  PID:7672
- C:\Windows\System\LqFkyMW.exe
  C:\Windows\System\LqFkyMW.exe
  2⤵
  PID:7692
- C:\Windows\System\jDXeaxM.exe
  C:\Windows\System\jDXeaxM.exe
  2⤵
  PID:7712
- C:\Windows\System\uootEPk.exe
  C:\Windows\System\uootEPk.exe
  2⤵
  PID:7732
- C:\Windows\System\QcKnGMh.exe
  C:\Windows\System\QcKnGMh.exe
  2⤵
  PID:7764
- C:\Windows\System\gAKSZFb.exe
  C:\Windows\System\gAKSZFb.exe
  2⤵
  PID:7808
- C:\Windows\System\YERYIiA.exe
  C:\Windows\System\YERYIiA.exe
  2⤵
  PID:7824
- C:\Windows\System\ESUvqcT.exe
  C:\Windows\System\ESUvqcT.exe
  2⤵
  PID:7848
- C:\Windows\System\HZSnjOJ.exe
  C:\Windows\System\HZSnjOJ.exe
  2⤵
  PID:7864
- C:\Windows\System\nSHCECG.exe
  C:\Windows\System\nSHCECG.exe
  2⤵
  PID:7880
- C:\Windows\System\RRRsmKu.exe
  C:\Windows\System\RRRsmKu.exe
  2⤵
  PID:7900
- C:\Windows\System\ovtxzKB.exe
  C:\Windows\System\ovtxzKB.exe
  2⤵
  PID:7916
- C:\Windows\System\HJYSWkz.exe
  C:\Windows\System\HJYSWkz.exe
  2⤵
  PID:7936
- C:\Windows\System\NylWqtr.exe
  C:\Windows\System\NylWqtr.exe
  2⤵
  PID:7952
- C:\Windows\System\jwwwFgo.exe
  C:\Windows\System\jwwwFgo.exe
  2⤵
  PID:7968
- C:\Windows\System\XrptAMC.exe
  C:\Windows\System\XrptAMC.exe
  2⤵
  PID:7984
- C:\Windows\System\NzZQNGl.exe
  C:\Windows\System\NzZQNGl.exe
  2⤵
  PID:8032
- C:\Windows\System\bmKklgO.exe
  C:\Windows\System\bmKklgO.exe
  2⤵
  PID:8052
- C:\Windows\System\SxUARDM.exe
  C:\Windows\System\SxUARDM.exe
  2⤵
  PID:8068
- C:\Windows\System\YCqyZfq.exe
  C:\Windows\System\YCqyZfq.exe
  2⤵
  PID:8084
- C:\Windows\System\sjPZGDJ.exe
  C:\Windows\System\sjPZGDJ.exe
  2⤵
  PID:8104
- C:\Windows\System\CfxSVDn.exe
  C:\Windows\System\CfxSVDn.exe
  2⤵
  PID:8120
- C:\Windows\System\ksRVtHO.exe
  C:\Windows\System\ksRVtHO.exe
  2⤵
  PID:8136
- C:\Windows\System\DKVvNwE.exe
  C:\Windows\System\DKVvNwE.exe
  2⤵
  PID:8160
- C:\Windows\System\ErLIvTY.exe
  C:\Windows\System\ErLIvTY.exe
  2⤵
  PID:8176
- C:\Windows\System\CAYScne.exe
  C:\Windows\System\CAYScne.exe
  2⤵
  PID:6984
- C:\Windows\System\pENKNCT.exe
  C:\Windows\System\pENKNCT.exe
  2⤵
  PID:7212
- C:\Windows\System\DKFcoec.exe
  C:\Windows\System\DKFcoec.exe
  2⤵
  PID:7196
- C:\Windows\System\JfEOPXQ.exe
  C:\Windows\System\JfEOPXQ.exe
  2⤵
  PID:7256
- C:\Windows\System\RUNPiSF.exe
  C:\Windows\System\RUNPiSF.exe
  2⤵
  PID:7312
- C:\Windows\System\SpXURth.exe
  C:\Windows\System\SpXURth.exe
  2⤵
  PID:7324
- C:\Windows\System\SjVTICz.exe
  C:\Windows\System\SjVTICz.exe
  2⤵
  PID:7352
- C:\Windows\System\rqplGzV.exe
  C:\Windows\System\rqplGzV.exe
  2⤵
  PID:7396
- C:\Windows\System\UcXimbJ.exe
  C:\Windows\System\UcXimbJ.exe
  2⤵
  PID:7408
- C:\Windows\System\VfwXEQD.exe
  C:\Windows\System\VfwXEQD.exe
  2⤵
  PID:7500
- C:\Windows\System\iPIYeob.exe
  C:\Windows\System\iPIYeob.exe
  2⤵
  PID:7568
- C:\Windows\System\ulIkUau.exe
  C:\Windows\System\ulIkUau.exe
  2⤵
  PID:7608
- C:\Windows\System\zoLsmeT.exe
  C:\Windows\System\zoLsmeT.exe
  2⤵
  PID:7724
- C:\Windows\System\wQIffdx.exe
  C:\Windows\System\wQIffdx.exe
  2⤵
  PID:7452
- C:\Windows\System\DYmaDqV.exe
  C:\Windows\System\DYmaDqV.exe
  2⤵
  PID:7520
- C:\Windows\System\QlCaftM.exe
  C:\Windows\System\QlCaftM.exe
  2⤵
  PID:7656
- C:\Windows\System\DJUDuZn.exe
  C:\Windows\System\DJUDuZn.exe
  2⤵
  PID:7708
- C:\Windows\System\fEOphfi.exe
  C:\Windows\System\fEOphfi.exe
  2⤵
  PID:7748
- C:\Windows\System\wjGqrVV.exe
  C:\Windows\System\wjGqrVV.exe
  2⤵
  PID:7620
- C:\Windows\System\rWAEMia.exe
  C:\Windows\System\rWAEMia.exe
  2⤵
  PID:7760
- C:\Windows\System\NtwnOsK.exe
  C:\Windows\System\NtwnOsK.exe
  2⤵
  PID:7788
- C:\Windows\System\QnOZqtU.exe
  C:\Windows\System\QnOZqtU.exe
  2⤵
  PID:7796
- C:\Windows\System\STCGAsl.exe
  C:\Windows\System\STCGAsl.exe
  2⤵
  PID:7840
- C:\Windows\System\augAuuv.exe
  C:\Windows\System\augAuuv.exe
  2⤵
  PID:7860
- C:\Windows\System\ZkylMzi.exe
  C:\Windows\System\ZkylMzi.exe
  2⤵
  PID:7912
- C:\Windows\System\TnidcRj.exe
  C:\Windows\System\TnidcRj.exe
  2⤵
  PID:8004
- C:\Windows\System\PxJRvwP.exe
  C:\Windows\System\PxJRvwP.exe
  2⤵
  PID:8012
- C:\Windows\System\kMqPSeq.exe
  C:\Windows\System\kMqPSeq.exe
  2⤵
  PID:7928
- C:\Windows\System\TuuImrO.exe
  C:\Windows\System\TuuImrO.exe
  2⤵
  PID:8080
- C:\Windows\System\RyRcSus.exe
  C:\Windows\System\RyRcSus.exe
  2⤵
  PID:8112
- C:\Windows\System\BZzgdIG.exe
  C:\Windows\System\BZzgdIG.exe
  2⤵
  PID:8156
- C:\Windows\System\xGDkMZc.exe
  C:\Windows\System\xGDkMZc.exe
  2⤵
  PID:8172
- C:\Windows\System\RpQiuiF.exe
  C:\Windows\System\RpQiuiF.exe
  2⤵
  PID:6564
- C:\Windows\System\yFEmEZw.exe
  C:\Windows\System\yFEmEZw.exe
  2⤵
  PID:7192
- C:\Windows\System\uKlAxLm.exe
  C:\Windows\System\uKlAxLm.exe
  2⤵
  PID:7264
- C:\Windows\System\RqlKuMC.exe
  C:\Windows\System\RqlKuMC.exe
  2⤵
  PID:7348
- C:\Windows\System\yrPBxZn.exe
  C:\Windows\System\yrPBxZn.exe
  2⤵
  PID:7432
- C:\Windows\System\GuddDgE.exe
  C:\Windows\System\GuddDgE.exe
  2⤵
  PID:7564
- C:\Windows\System\GtUnjIE.exe
  C:\Windows\System\GtUnjIE.exe
  2⤵
  PID:7640
- C:\Windows\System\SoYBeqb.exe
  C:\Windows\System\SoYBeqb.exe
  2⤵
  PID:7444
- C:\Windows\System\WXEVetg.exe
  C:\Windows\System\WXEVetg.exe
  2⤵
  PID:7484
- C:\Windows\System\SoEtQFk.exe
  C:\Windows\System\SoEtQFk.exe
  2⤵
  PID:7744
- C:\Windows\System\FZqUxLK.exe
  C:\Windows\System\FZqUxLK.exe
  2⤵
  PID:7844
- C:\Windows\System\KumdVRb.exe
  C:\Windows\System\KumdVRb.exe
  2⤵
  PID:7944
- C:\Windows\System\EEfNBxQ.exe
  C:\Windows\System\EEfNBxQ.exe
  2⤵
  PID:7992
- C:\Windows\System\sQuoiqk.exe
  C:\Windows\System\sQuoiqk.exe
  2⤵
  PID:7700
- C:\Windows\System\hxpTMRv.exe
  C:\Windows\System\hxpTMRv.exe
  2⤵
  PID:7816
- C:\Windows\System\ovrRClt.exe
  C:\Windows\System\ovrRClt.exe
  2⤵
  PID:8116
- C:\Windows\System\EQLUQOg.exe
  C:\Windows\System\EQLUQOg.exe
  2⤵
  PID:8008
- C:\Windows\System\dzXouHu.exe
  C:\Windows\System\dzXouHu.exe
  2⤵
  PID:8028
- C:\Windows\System\niaNuii.exe
  C:\Windows\System\niaNuii.exe
  2⤵
  PID:8100
- C:\Windows\System\mmsFsJf.exe
  C:\Windows\System\mmsFsJf.exe
  2⤵
  PID:6936
- C:\Windows\System\CktCCPV.exe
  C:\Windows\System\CktCCPV.exe
  2⤵
  PID:6196
- C:\Windows\System\AfYUmLD.exe
  C:\Windows\System\AfYUmLD.exe
  2⤵
  PID:7280
- C:\Windows\System\DkpDdAF.exe
  C:\Windows\System\DkpDdAF.exe
  2⤵
  PID:7496
- C:\Windows\System\OmCfEeL.exe
  C:\Windows\System\OmCfEeL.exe
  2⤵
  PID:7332
- C:\Windows\System\nZiKlGs.exe
  C:\Windows\System\nZiKlGs.exe
  2⤵
  PID:7516
- C:\Windows\System\BhCdOuz.exe
  C:\Windows\System\BhCdOuz.exe
  2⤵
  PID:7536
- C:\Windows\System\mpcMoaH.exe
  C:\Windows\System\mpcMoaH.exe
  2⤵
  PID:7876
- C:\Windows\System\KIzqvIZ.exe
  C:\Windows\System\KIzqvIZ.exe
  2⤵
  PID:7668
- C:\Windows\System\XSMviiI.exe
  C:\Windows\System\XSMviiI.exe
  2⤵
  PID:8016
- C:\Windows\System\wAbwirp.exe
  C:\Windows\System\wAbwirp.exe
  2⤵
  PID:8132
- C:\Windows\System\zFpqPKi.exe
  C:\Windows\System\zFpqPKi.exe
  2⤵
  PID:7236
- C:\Windows\System\IJAeWrF.exe
  C:\Windows\System\IJAeWrF.exe
  2⤵
  PID:7468
- C:\Windows\System\bFskWEX.exe
  C:\Windows\System\bFskWEX.exe
  2⤵
  PID:7412
- C:\Windows\System\CudFtET.exe
  C:\Windows\System\CudFtET.exe
  2⤵
  PID:7976
- C:\Windows\System\SGKzler.exe
  C:\Windows\System\SGKzler.exe
  2⤵
  PID:7740
- C:\Windows\System\DjfEaMq.exe
  C:\Windows\System\DjfEaMq.exe
  2⤵
  PID:8060
- C:\Windows\System\zARxlTj.exe
  C:\Windows\System\zARxlTj.exe
  2⤵
  PID:7424
- C:\Windows\System\ARRsqZk.exe
  C:\Windows\System\ARRsqZk.exe
  2⤵
  PID:7804
- C:\Windows\System\aOVucMQ.exe
  C:\Windows\System\aOVucMQ.exe
  2⤵
  PID:7932
- C:\Windows\System\dNUnFYQ.exe
  C:\Windows\System\dNUnFYQ.exe
  2⤵
  PID:7776
- C:\Windows\System\ulbJzVI.exe
  C:\Windows\System\ulbJzVI.exe
  2⤵
  PID:8096
- C:\Windows\System\fHZAaEb.exe
  C:\Windows\System\fHZAaEb.exe
  2⤵
  PID:7784
- C:\Windows\System\BwjhFtP.exe
  C:\Windows\System\BwjhFtP.exe
  2⤵
  PID:7624
- C:\Windows\System\OAuSeen.exe
  C:\Windows\System\OAuSeen.exe
  2⤵
  PID:8208
- C:\Windows\System\TYiBBsm.exe
  C:\Windows\System\TYiBBsm.exe
  2⤵
  PID:8228
- C:\Windows\System\uSLDYDs.exe
  C:\Windows\System\uSLDYDs.exe
  2⤵
  PID:8244
- C:\Windows\System\gtWSYjG.exe
  C:\Windows\System\gtWSYjG.exe
  2⤵
  PID:8260
- C:\Windows\System\wKYRWMk.exe
  C:\Windows\System\wKYRWMk.exe
  2⤵
  PID:8288
- C:\Windows\System\SUXiFgR.exe
  C:\Windows\System\SUXiFgR.exe
  2⤵
  PID:8304
- C:\Windows\System\oDNJbiZ.exe
  C:\Windows\System\oDNJbiZ.exe
  2⤵
  PID:8340
- C:\Windows\System\VUtmaHN.exe
  C:\Windows\System\VUtmaHN.exe
  2⤵
  PID:8356
- C:\Windows\System\eTkqCoU.exe
  C:\Windows\System\eTkqCoU.exe
  2⤵
  PID:8376
- C:\Windows\System\lmHAKpV.exe
  C:\Windows\System\lmHAKpV.exe
  2⤵
  PID:8396
- C:\Windows\System\xePboxJ.exe
  C:\Windows\System\xePboxJ.exe
  2⤵
  PID:8416
- C:\Windows\System\rVHvMeK.exe
  C:\Windows\System\rVHvMeK.exe
  2⤵
  PID:8432
- C:\Windows\System\cbHabQA.exe
  C:\Windows\System\cbHabQA.exe
  2⤵
  PID:8448
- C:\Windows\System\NuutxOx.exe
  C:\Windows\System\NuutxOx.exe
  2⤵
  PID:8464
- C:\Windows\System\WKXfJgm.exe
  C:\Windows\System\WKXfJgm.exe
  2⤵
  PID:8480
- C:\Windows\System\VVbRbxV.exe
  C:\Windows\System\VVbRbxV.exe
  2⤵
  PID:8508
- C:\Windows\System\zIVkPeO.exe
  C:\Windows\System\zIVkPeO.exe
  2⤵
  PID:8528
- C:\Windows\System\VBrQRoW.exe
  C:\Windows\System\VBrQRoW.exe
  2⤵
  PID:8544
- C:\Windows\System\DPFPNOy.exe
  C:\Windows\System\DPFPNOy.exe
  2⤵
  PID:8560
- C:\Windows\System\YuGYLqs.exe
  C:\Windows\System\YuGYLqs.exe
  2⤵
  PID:8576
- C:\Windows\System\UIencRC.exe
  C:\Windows\System\UIencRC.exe
  2⤵
  PID:8592
- C:\Windows\System\pULgUFy.exe
  C:\Windows\System\pULgUFy.exe
  2⤵
  PID:8612
- C:\Windows\System\pLuwjQX.exe
  C:\Windows\System\pLuwjQX.exe
  2⤵
  PID:8672
- C:\Windows\System\bvcTyeV.exe
  C:\Windows\System\bvcTyeV.exe
  2⤵
  PID:8692
- C:\Windows\System\fuEHSSq.exe
  C:\Windows\System\fuEHSSq.exe
  2⤵
  PID:8708
- C:\Windows\System\jWzIoiV.exe
  C:\Windows\System\jWzIoiV.exe
  2⤵
  PID:8728
- C:\Windows\System\IxoAdFt.exe
  C:\Windows\System\IxoAdFt.exe
  2⤵
  PID:8748
- C:\Windows\System\bEWBFwn.exe
  C:\Windows\System\bEWBFwn.exe
  2⤵
  PID:8764
- C:\Windows\System\tlteLwo.exe
  C:\Windows\System\tlteLwo.exe
  2⤵
  PID:8780
- C:\Windows\System\dVUDRHp.exe
  C:\Windows\System\dVUDRHp.exe
  2⤵
  PID:8812
- C:\Windows\System\fvlHyJc.exe
  C:\Windows\System\fvlHyJc.exe
  2⤵
  PID:8828
- C:\Windows\System\AtaklZY.exe
  C:\Windows\System\AtaklZY.exe
  2⤵
  PID:8844
- C:\Windows\System\DfwfvcD.exe
  C:\Windows\System\DfwfvcD.exe
  2⤵
  PID:8864
- C:\Windows\System\pNruegG.exe
  C:\Windows\System\pNruegG.exe
  2⤵
  PID:8880
- C:\Windows\System\PPUUvkj.exe
  C:\Windows\System\PPUUvkj.exe
  2⤵
  PID:8896
- C:\Windows\System\wwdVdlY.exe
  C:\Windows\System\wwdVdlY.exe
  2⤵
  PID:8916
- C:\Windows\System\EzIOcwx.exe
  C:\Windows\System\EzIOcwx.exe
  2⤵
  PID:8932
- C:\Windows\System\WZsDugN.exe
  C:\Windows\System\WZsDugN.exe
  2⤵
  PID:8952
- C:\Windows\System\wGAXDkT.exe
  C:\Windows\System\wGAXDkT.exe
  2⤵
  PID:8972
- C:\Windows\System\HGHaDDV.exe
  C:\Windows\System\HGHaDDV.exe
  2⤵
  PID:8988
- C:\Windows\System\JEBWkwv.exe
  C:\Windows\System\JEBWkwv.exe
  2⤵
  PID:9008
- C:\Windows\System\OfLZygt.exe
  C:\Windows\System\OfLZygt.exe
  2⤵
  PID:9024
- C:\Windows\System\qVmJNQl.exe
  C:\Windows\System\qVmJNQl.exe
  2⤵
  PID:9040
- C:\Windows\System\ZPMPXMA.exe
  C:\Windows\System\ZPMPXMA.exe
  2⤵
  PID:9060
- C:\Windows\System\BMGtALz.exe
  C:\Windows\System\BMGtALz.exe
  2⤵
  PID:9076
- C:\Windows\System\LfPvHat.exe
  C:\Windows\System\LfPvHat.exe
  2⤵
  PID:9092
- C:\Windows\System\rebAoRf.exe
  C:\Windows\System\rebAoRf.exe
  2⤵
  PID:9108
- C:\Windows\System\YgWuRsS.exe
  C:\Windows\System\YgWuRsS.exe
  2⤵
  PID:9124
- C:\Windows\System\YxJkHfN.exe
  C:\Windows\System\YxJkHfN.exe
  2⤵
  PID:9140
- C:\Windows\System\GTuerlj.exe
  C:\Windows\System\GTuerlj.exe
  2⤵
  PID:9156
- C:\Windows\System\frxbMhX.exe
  C:\Windows\System\frxbMhX.exe
  2⤵
  PID:9176
- C:\Windows\System\YZbfWIc.exe
  C:\Windows\System\YZbfWIc.exe
  2⤵
  PID:9200
- C:\Windows\System\aKXGGvD.exe
  C:\Windows\System\aKXGGvD.exe
  2⤵
  PID:8216
- C:\Windows\System\RSBijqP.exe
  C:\Windows\System\RSBijqP.exe
  2⤵
  PID:7628
- C:\Windows\System\ClMWuZo.exe
  C:\Windows\System\ClMWuZo.exe
  2⤵
  PID:8200
- C:\Windows\System\qhMfVcG.exe
  C:\Windows\System\qhMfVcG.exe
  2⤵
  PID:8296
- C:\Windows\System\dTrebqr.exe
  C:\Windows\System\dTrebqr.exe
  2⤵
  PID:8328
- C:\Windows\System\DVcxwHy.exe
  C:\Windows\System\DVcxwHy.exe
  2⤵
  PID:8312
- C:\Windows\System\CYYFpHO.exe
  C:\Windows\System\CYYFpHO.exe
  2⤵
  PID:8352
- C:\Windows\System\AOLzIiG.exe
  C:\Windows\System\AOLzIiG.exe
  2⤵
  PID:8392
- C:\Windows\System\WaOLsQI.exe
  C:\Windows\System\WaOLsQI.exe
  2⤵
  PID:8428
- C:\Windows\System\dOnpfcL.exe
  C:\Windows\System\dOnpfcL.exe
  2⤵
  PID:8492
- C:\Windows\System\jAUbUcA.exe
  C:\Windows\System\jAUbUcA.exe
  2⤵
  PID:8408
- C:\Windows\System\kYnwWgi.exe
  C:\Windows\System\kYnwWgi.exe
  2⤵
  PID:8636
- C:\Windows\System\WzedaLk.exe
  C:\Windows\System\WzedaLk.exe
  2⤵
  PID:8668
- C:\Windows\System\WaQOQRu.exe
  C:\Windows\System\WaQOQRu.exe
  2⤵
  PID:8700
- C:\Windows\System\IPsvnkz.exe
  C:\Windows\System\IPsvnkz.exe
  2⤵
  PID:8724
- C:\Windows\System\SwmyOcf.exe
  C:\Windows\System\SwmyOcf.exe
  2⤵
  PID:8744
- C:\Windows\System\fJoDlCd.exe
  C:\Windows\System\fJoDlCd.exe
  2⤵
  PID:8776
- C:\Windows\System\iCWxDZO.exe
  C:\Windows\System\iCWxDZO.exe
  2⤵
  PID:8796
- C:\Windows\System\LAwbqVo.exe
  C:\Windows\System\LAwbqVo.exe
  2⤵
  PID:8904
- C:\Windows\System\XSxjuLw.exe
  C:\Windows\System\XSxjuLw.exe
  2⤵
  PID:8944
- C:\Windows\System\pIWMLIt.exe
  C:\Windows\System\pIWMLIt.exe
  2⤵
  PID:8892
- C:\Windows\System\QXxkWfR.exe
  C:\Windows\System\QXxkWfR.exe
  2⤵
  PID:8964
- C:\Windows\System\vguGIjh.exe
  C:\Windows\System\vguGIjh.exe
  2⤵
  PID:8820
- C:\Windows\System\mFgLYgs.exe
  C:\Windows\System\mFgLYgs.exe
  2⤵
  PID:9056
- C:\Windows\System\QhYfxmP.exe
  C:\Windows\System\QhYfxmP.exe
  2⤵
  PID:9120
- C:\Windows\System\hsIxwSQ.exe
  C:\Windows\System\hsIxwSQ.exe
  2⤵
  PID:9184
- C:\Windows\System\GmgomDv.exe
  C:\Windows\System\GmgomDv.exe
  2⤵
  PID:9188
- C:\Windows\System\HrueOXm.exe
  C:\Windows\System\HrueOXm.exe
  2⤵
  PID:9196
- C:\Windows\System\zmtKOTB.exe
  C:\Windows\System\zmtKOTB.exe
  2⤵
  PID:8128
- C:\Windows\System\hLCfkxX.exe
  C:\Windows\System\hLCfkxX.exe
  2⤵
  PID:8272
- C:\Windows\System\FQqznTk.exe
  C:\Windows\System\FQqznTk.exe
  2⤵
  PID:8368
- C:\Windows\System\NKsPWYz.exe
  C:\Windows\System\NKsPWYz.exe
  2⤵
  PID:8412
- C:\Windows\System\tnVIEAE.exe
  C:\Windows\System\tnVIEAE.exe
  2⤵
  PID:8404
- C:\Windows\System\orGWovR.exe
  C:\Windows\System\orGWovR.exe
  2⤵
  PID:8444
- C:\Windows\System\qXecVDH.exe
  C:\Windows\System\qXecVDH.exe
  2⤵
  PID:8584
- C:\Windows\System\VEZbhnX.exe
  C:\Windows\System\VEZbhnX.exe
  2⤵
  PID:8600
- C:\Windows\System\eepjJhd.exe
  C:\Windows\System\eepjJhd.exe
  2⤵
  PID:8620
- C:\Windows\System\OSiuDSQ.exe
  C:\Windows\System\OSiuDSQ.exe
  2⤵
  PID:8632
- C:\Windows\System\bEvDpIN.exe
  C:\Windows\System\bEvDpIN.exe
  2⤵
  PID:8688
- C:\Windows\System\FSuOLrE.exe
  C:\Windows\System\FSuOLrE.exe
  2⤵
  PID:8804
- C:\Windows\System\TGselyn.exe
  C:\Windows\System\TGselyn.exe
  2⤵
  PID:8720
- C:\Windows\System\MRlppLa.exe
  C:\Windows\System\MRlppLa.exe
  2⤵
  PID:8984
- C:\Windows\System\rrIEAZi.exe
  C:\Windows\System\rrIEAZi.exe
  2⤵
  PID:8840
- C:\Windows\System\DcqwrVl.exe
  C:\Windows\System\DcqwrVl.exe
  2⤵
  PID:8876
- C:\Windows\System\VkWCGsI.exe
  C:\Windows\System\VkWCGsI.exe
  2⤵
  PID:9036
- C:\Windows\System\FcDZnPN.exe
  C:\Windows\System\FcDZnPN.exe
  2⤵
  PID:9212
- C:\Windows\System\fGnlZTl.exe
  C:\Windows\System\fGnlZTl.exe
  2⤵
  PID:8384
- C:\Windows\System\hOURvSj.exe
  C:\Windows\System\hOURvSj.exe
  2⤵
  PID:9168
- C:\Windows\System\hZEdDuP.exe
  C:\Windows\System\hZEdDuP.exe
  2⤵
  PID:7308
- C:\Windows\System\TtqPvcC.exe
  C:\Windows\System\TtqPvcC.exe
  2⤵
  PID:8252
- C:\Windows\System\AYpAjBl.exe
  C:\Windows\System\AYpAjBl.exe
  2⤵
  PID:8520
- C:\Windows\System\SEmjruk.exe
  C:\Windows\System\SEmjruk.exe
  2⤵
  PID:8556
- C:\Windows\System\BlLCqVR.exe
  C:\Windows\System\BlLCqVR.exe
  2⤵
  PID:8608
- C:\Windows\System\PcUmCFd.exe
  C:\Windows\System\PcUmCFd.exe
  2⤵
  PID:8740
- C:\Windows\System\HrKiquz.exe
  C:\Windows\System\HrKiquz.exe
  2⤵
  PID:8960
- C:\Windows\System\SDqyRMN.exe
  C:\Windows\System\SDqyRMN.exe
  2⤵
  PID:8788
- C:\Windows\System\OnCZzrw.exe
  C:\Windows\System\OnCZzrw.exe
  2⤵
  PID:8856
- C:\Windows\System\fRhSnPt.exe
  C:\Windows\System\fRhSnPt.exe
  2⤵
  PID:9088
- C:\Windows\System\HZXvpcY.exe
  C:\Windows\System\HZXvpcY.exe
  2⤵
  PID:9132
- C:\Windows\System\yXOMBCV.exe
  C:\Windows\System\yXOMBCV.exe
  2⤵
  PID:8472
- C:\Windows\System\CqwKtHg.exe
  C:\Windows\System\CqwKtHg.exe
  2⤵
  PID:8628
- C:\Windows\System\LxDFogq.exe
  C:\Windows\System\LxDFogq.exe
  2⤵
  PID:8460
- C:\Windows\System\vCRjhRQ.exe
  C:\Windows\System\vCRjhRQ.exe
  2⤵
  PID:8968
- C:\Windows\System\oTVDRVY.exe
  C:\Windows\System\oTVDRVY.exe
  2⤵
  PID:9032
- C:\Windows\System\GkKNeue.exe
  C:\Windows\System\GkKNeue.exe
  2⤵
  PID:9020
- C:\Windows\System\fbHNPWG.exe
  C:\Windows\System\fbHNPWG.exe
  2⤵
  PID:9116
- C:\Windows\System\UWfaeFD.exe
  C:\Windows\System\UWfaeFD.exe
  2⤵
  PID:8664
- C:\Windows\System\ZUDkHTL.exe
  C:\Windows\System\ZUDkHTL.exe
  2⤵
  PID:8424
- C:\Windows\System\MrRlviA.exe
  C:\Windows\System\MrRlviA.exe
  2⤵
  PID:9052
- C:\Windows\System\VojXUbB.exe
  C:\Windows\System\VojXUbB.exe
  2⤵
  PID:8348
- C:\Windows\System\RiNqebo.exe
  C:\Windows\System\RiNqebo.exe
  2⤵
  PID:8604
- C:\Windows\System\kotHoUt.exe
  C:\Windows\System\kotHoUt.exe
  2⤵
  PID:8220
- C:\Windows\System\VRzSMkp.exe
  C:\Windows\System\VRzSMkp.exe
  2⤵
  PID:8280
- C:\Windows\System\gTdSsoh.exe
  C:\Windows\System\gTdSsoh.exe
  2⤵
  PID:8236
- C:\Windows\System\WDblbwy.exe
  C:\Windows\System\WDblbwy.exe
  2⤵
  PID:9152
- C:\Windows\System\wbcSdcp.exe
  C:\Windows\System\wbcSdcp.exe
  2⤵
  PID:9228
- C:\Windows\System\qVzMRej.exe
  C:\Windows\System\qVzMRej.exe
  2⤵
  PID:9244
- C:\Windows\System\CyFUDRU.exe
  C:\Windows\System\CyFUDRU.exe
  2⤵
  PID:9268
- C:\Windows\System\iomoBOh.exe
  C:\Windows\System\iomoBOh.exe
  2⤵
  PID:9284
- C:\Windows\System\KIQYsUK.exe
  C:\Windows\System\KIQYsUK.exe
  2⤵
  PID:9300
- C:\Windows\System\nCLjfcU.exe
  C:\Windows\System\nCLjfcU.exe
  2⤵
  PID:9316
- C:\Windows\System\yBvFPQF.exe
  C:\Windows\System\yBvFPQF.exe
  2⤵
  PID:9340
- C:\Windows\System\ZyafoQJ.exe
  C:\Windows\System\ZyafoQJ.exe
  2⤵
  PID:9356
- C:\Windows\System\oWuhVhy.exe
  C:\Windows\System\oWuhVhy.exe
  2⤵
  PID:9372
- C:\Windows\System\ghEMGBp.exe
  C:\Windows\System\ghEMGBp.exe
  2⤵
  PID:9392
- C:\Windows\System\ULSyajq.exe
  C:\Windows\System\ULSyajq.exe
  2⤵
  PID:9432
- C:\Windows\System\AxyhbuM.exe
  C:\Windows\System\AxyhbuM.exe
  2⤵
  PID:9448
- C:\Windows\System\sysRYJT.exe
  C:\Windows\System\sysRYJT.exe
  2⤵
  PID:9468
- C:\Windows\System\uNhXKgW.exe
  C:\Windows\System\uNhXKgW.exe
  2⤵
  PID:9488
- C:\Windows\System\RtnWpYt.exe
  C:\Windows\System\RtnWpYt.exe
  2⤵
  PID:9512
- C:\Windows\System\tbkQslI.exe
  C:\Windows\System\tbkQslI.exe
  2⤵
  PID:9532
- C:\Windows\System\GaCXyjX.exe
  C:\Windows\System\GaCXyjX.exe
  2⤵
  PID:9548
- C:\Windows\System\PlKsfXI.exe
  C:\Windows\System\PlKsfXI.exe
  2⤵
  PID:9576
- C:\Windows\System\zyBwHmd.exe
  C:\Windows\System\zyBwHmd.exe
  2⤵
  PID:9592
- C:\Windows\System\jxMnPBx.exe
  C:\Windows\System\jxMnPBx.exe
  2⤵
  PID:9608
- C:\Windows\System\USudlpn.exe
  C:\Windows\System\USudlpn.exe
  2⤵
  PID:9624
- C:\Windows\System\ZEgVELg.exe
  C:\Windows\System\ZEgVELg.exe
  2⤵
  PID:9648
- C:\Windows\System\clHRuWc.exe
  C:\Windows\System\clHRuWc.exe
  2⤵
  PID:9672
- C:\Windows\System\BByAQdA.exe
  C:\Windows\System\BByAQdA.exe
  2⤵
  PID:9692
- C:\Windows\System\OxWMCZr.exe
  C:\Windows\System\OxWMCZr.exe
  2⤵
  PID:9720
- C:\Windows\System\UCjtpiP.exe
  C:\Windows\System\UCjtpiP.exe
  2⤵
  PID:9744
- C:\Windows\System\XMfeaSt.exe
  C:\Windows\System\XMfeaSt.exe
  2⤵
  PID:9764
- C:\Windows\System\RSUuXsU.exe
  C:\Windows\System\RSUuXsU.exe
  2⤵
  PID:9788
- C:\Windows\System\ScRtRnx.exe
  C:\Windows\System\ScRtRnx.exe
  2⤵
  PID:9808
- C:\Windows\System\zJrAOMK.exe
  C:\Windows\System\zJrAOMK.exe
  2⤵
  PID:9828
- C:\Windows\System\PCzYMox.exe
  C:\Windows\System\PCzYMox.exe
  2⤵
  PID:9844
- C:\Windows\System\YNaTfQh.exe
  C:\Windows\System\YNaTfQh.exe
  2⤵
  PID:9868
- C:\Windows\System\GALNHOJ.exe
  C:\Windows\System\GALNHOJ.exe
  2⤵
  PID:9884
- C:\Windows\System\TImycVv.exe
  C:\Windows\System\TImycVv.exe
  2⤵
  PID:9904
- C:\Windows\System\aUZLYxh.exe
  C:\Windows\System\aUZLYxh.exe
  2⤵
  PID:9928
- C:\Windows\System\fNgKeYH.exe
  C:\Windows\System\fNgKeYH.exe
  2⤵
  PID:9948
- C:\Windows\System\phWJxWS.exe
  C:\Windows\System\phWJxWS.exe
  2⤵
  PID:9968
- C:\Windows\System\BcOLuUO.exe
  C:\Windows\System\BcOLuUO.exe
  2⤵
  PID:9988
- C:\Windows\System\RZBHSRZ.exe
  C:\Windows\System\RZBHSRZ.exe
  2⤵
  PID:10008
- C:\Windows\System\mHYUcmM.exe
  C:\Windows\System\mHYUcmM.exe
  2⤵
  PID:10024
- C:\Windows\System\uHCVQPK.exe
  C:\Windows\System\uHCVQPK.exe
  2⤵
  PID:10044
- C:\Windows\System\sJicGvP.exe
  C:\Windows\System\sJicGvP.exe
  2⤵
  PID:10064
- C:\Windows\System\TaZxKCL.exe
  C:\Windows\System\TaZxKCL.exe
  2⤵
  PID:10088
- C:\Windows\System\JUCbuiE.exe
  C:\Windows\System\JUCbuiE.exe
  2⤵
  PID:10104
- C:\Windows\System\cxgQjbj.exe
  C:\Windows\System\cxgQjbj.exe
  2⤵
  PID:10120
- C:\Windows\System\tHQsDiq.exe
  C:\Windows\System\tHQsDiq.exe
  2⤵
  PID:10140
- C:\Windows\System\LeVxNeo.exe
  C:\Windows\System\LeVxNeo.exe
  2⤵
  PID:10164
- C:\Windows\System\BxmsCOS.exe
  C:\Windows\System\BxmsCOS.exe
  2⤵
  PID:10180
- C:\Windows\System\xJqEKPz.exe
  C:\Windows\System\xJqEKPz.exe
  2⤵
  PID:10196
- C:\Windows\System\wyoBdyi.exe
  C:\Windows\System\wyoBdyi.exe
  2⤵
  PID:10212
- C:\Windows\System\nVjxhKu.exe
  C:\Windows\System\nVjxhKu.exe
  2⤵
  PID:10228
- C:\Windows\System\vFRnIbt.exe
  C:\Windows\System\vFRnIbt.exe
  2⤵
  PID:9220
- C:\Windows\System\ivKGzyg.exe
  C:\Windows\System\ivKGzyg.exe
  2⤵
  PID:9256
- C:\Windows\System\ZPvPCkW.exe
  C:\Windows\System\ZPvPCkW.exe
  2⤵
  PID:9280
- C:\Windows\System\hXDEkgU.exe
  C:\Windows\System\hXDEkgU.exe
  2⤵
  PID:9368
- C:\Windows\System\sQshrOe.exe
  C:\Windows\System\sQshrOe.exe
  2⤵
  PID:9408
- C:\Windows\System\BGrpocQ.exe
  C:\Windows\System\BGrpocQ.exe
  2⤵
  PID:9440
- C:\Windows\System\iCDhxwj.exe
  C:\Windows\System\iCDhxwj.exe
  2⤵
  PID:9464
- C:\Windows\System\lJwNbjm.exe
  C:\Windows\System\lJwNbjm.exe
  2⤵
  PID:9500
- C:\Windows\System\oRuYxcM.exe
  C:\Windows\System\oRuYxcM.exe
  2⤵
  PID:9540
- C:\Windows\System\KTeJolV.exe
  C:\Windows\System\KTeJolV.exe
  2⤵
  PID:9564
- C:\Windows\System\ZdgUsbn.exe
  C:\Windows\System\ZdgUsbn.exe
  2⤵
  PID:9656
- C:\Windows\System\DrAPUTe.exe
  C:\Windows\System\DrAPUTe.exe
  2⤵
  PID:9604
- C:\Windows\System\WAtahDi.exe
  C:\Windows\System\WAtahDi.exe
  2⤵
  PID:9644
- C:\Windows\System\zmqyKeH.exe
  C:\Windows\System\zmqyKeH.exe
  2⤵
  PID:9708
- C:\Windows\System\ybigGaC.exe
  C:\Windows\System\ybigGaC.exe
  2⤵
  PID:9740
- C:\Windows\System\BTViuKr.exe
  C:\Windows\System\BTViuKr.exe
  2⤵
  PID:9772
- C:\Windows\System\QEluMKW.exe
  C:\Windows\System\QEluMKW.exe
  2⤵
  PID:9796
- C:\Windows\System\deesuIO.exe
  C:\Windows\System\deesuIO.exe
  2⤵
  PID:9824
- C:\Windows\System\mMtnuKT.exe
  C:\Windows\System\mMtnuKT.exe
  2⤵
  PID:9856
- C:\Windows\System\ursVUIU.exe
  C:\Windows\System\ursVUIU.exe
  2⤵
  PID:9912
- C:\Windows\System\MKzPDqT.exe
  C:\Windows\System\MKzPDqT.exe
  2⤵
  PID:9936
- C:\Windows\System\yHRjacL.exe
  C:\Windows\System\yHRjacL.exe
  2⤵
  PID:9976
- C:\Windows\System\YRkrApo.exe
  C:\Windows\System\YRkrApo.exe
  2⤵
  PID:10004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DIFWQjV.exe

Filesize
6.0MB

MD5
fae268cf247ffe0cebc2be0ae91f85ff

SHA1
7ef8b5a5dc3ee0e13dd05e2b4e62ccf98be9db18

SHA256
0e3b9963ec385555a1fccfbf9f2192252c081f1bfd2d45ccd6e0c8a60db94c2b

SHA512
1ef14a4f4d035ca8f77a54f779ec0a009437d4ae4b68e484041e49fc91ac1ee75dac4c341519ad075727479f98d65ec023e9f12d1300d35d80ad655833f8f350

Download Submit
C:\Windows\system\DqGZYgX.exe

Filesize
6.0MB

MD5
1070875c135890a852dec24a6f815503

SHA1
2789b2f0e015d0003ef8f27b095ef92b36694fd4

SHA256
ebefb1a6ac630bfa2bdfd4df3a70ded3e2b363c768b6f4c9a510a303bbcd685f

SHA512
ea9de1e3a336b6ef54ff1ea0ecbbafe7944855db6c02842bcd5a0efce2c06642cc819c9b7546815dd5d91a0baa30ee95481ccb8f9852539b0571d367a18b62d3

Download Submit
C:\Windows\system\FASFfCH.exe

Filesize
6.0MB

MD5
03634917171998e9a4cfe1c956622320

SHA1
09f6f25ef71f1e8f3f9c07d46e1f27a9e0a48be6

SHA256
a10be416ded162df5b00e3a22e35f806141aa8dd11fee00094b3eaa6085cd77b

SHA512
a8f13b00579ab4b629c650e753f1fe01dfa98e0bd1c112d9db40ce27f359916760b4efcb4f90353791cd78d7b4adaf7ec289bfa91d94f457ee112c3bc9f65b5d

Download Submit
C:\Windows\system\FBDNXdE.exe

Filesize
6.0MB

MD5
aaabdba4173ef5dcc1bca56958cd7437

SHA1
924d02599c9ce4df7aa0360d14e850e437f4465a

SHA256
d951cc752ab7f16d2173879801b55c2ef1d09b4884d4ef383d7acbc3a9ff265e

SHA512
5dad415299211315d1ab0e84e3d2e91092cc724fdae2bcd3a8399854fbfa2416610472326fc14ae926ff531c03fe97600569057daa8a24aa3373c29ed9cbf4ad

Download Submit
C:\Windows\system\IdwBvcx.exe

Filesize
6.0MB

MD5
9958d18a2a9f3f340942898d6d20e126

SHA1
ae528efd983289a44def67fc182e555dd04b050e

SHA256
c35dda5c5f2ddcca3bee39d3dd97196f8ac09c450471150a73c863a398caf61d

SHA512
3cfb79da751463e69828a4d6529b4a73e56dd2ea3a4ef44612be70327fb05f21d9263e8ddfdf30bc16dcb28ed9b258ef589da4bf12063857e4ce87c25215d9e8

Download Submit
C:\Windows\system\MenaQxu.exe

Filesize
6.0MB

MD5
fcf8f049cb526103ab29d9d2300917af

SHA1
3f9c15d1388ee158655a385ef09545f6e47fd40f

SHA256
9d3436149402b5e8a43e36868c8814b33a39faa6fae03c6afc8646360b07a578

SHA512
a0678105de64a326014f6bae7848663e03d91794895df653ed3ef58cda854cbdd071bb02df7d6e1c1b2523da14dfe010f1abdcd85252ce90539039a63c4644f8

Download Submit
C:\Windows\system\MmTEszB.exe

Filesize
6.0MB

MD5
2e1288286890082bf6866d7cbbb2653e

SHA1
6e28c53ca9037919b7faac0f262256c92565c3ea

SHA256
677bf594a76cb17e6617a4d01f926de9304b6ca3f1b92ce990fadf81af00d373

SHA512
b9db1dab5d3ca7833c413e7a8b0fc07c2f8d38c34e0221815b44442a8d56254c0c522eed0b6fbd1465c9c8b3e4f6f5e588acce52ccefec94891080fb44b6e9fc

Download Submit
C:\Windows\system\SeEPoHs.exe

Filesize
6.0MB

MD5
6f0e8a56909a6c67552549bb37160010

SHA1
e57f810113c5bb6cc8caa8fd8af9b004cbba4929

SHA256
2a104c399bafb9dabd9005da53e29ea70a48c7d86be8c99f7a0f54d715972f2b

SHA512
24951ff434ba3c3cb562e76f3b10f29c8feef446332a56c39e660b86703be1a5b652da057c4e3b1af745e5f03bbc8d5fb7b92ded36d954cc9926880fb5d591a1

Download Submit
C:\Windows\system\XyzDPgY.exe

Filesize
6.0MB

MD5
c4948739216ccd096754d04336438e96

SHA1
29cb114b5d17f7d6cec6229f9e5c841f500a7421

SHA256
9fc388ad0293927e847b930ae88e7829bd8a1b9aa7366f485310ef2e83a8f0e6

SHA512
5e15eabbaa15b68ca7e812ffefe896ff4bc7fe307cbcd6c97947d9cf11337b56a7796bfc64f69a3595f9a11e94c07f4a53d5a73056066359290f7e5484bc24ea

Download Submit
C:\Windows\system\bmVSxxe.exe

Filesize
6.0MB

MD5
312a035b8fcd24a28c0ddb47f86c2f7c

SHA1
507dbde8e2cde8c8d0780d7fce14cf34d50d7804

SHA256
355e80a0fb5d748171459accb875e02aefb2e5e050b033720299a879c181f888

SHA512
a42fb3b4c72efdfef3c7ea3039ed23b954edfc5920ec40c45ebaea806878c2f0890f5b960afc1cd22d1e8c098a00d9321dd68d0b9b00ac587a4ca847b7e141fa

Download Submit
C:\Windows\system\cNxjmRQ.exe

Filesize
6.0MB

MD5
c84b917a290ae8ad88b864f1d2a5c488

SHA1
0f7ae134a4bd0fc44fded20b3b113e72f068c143

SHA256
c43121ef3c56c9a54e5d98558624b546ff7e06a7aa496488cbfa69ce9567e066

SHA512
c8464baebd805db32374703bb551facdc08c13cd4c490c850ab2d93691f27ea3b5186d6aec12285d4249fe4472fefb06e83aa4ed9b3d99ff199550fd5ce3da5c

Download Submit
C:\Windows\system\cmokOqi.exe

Filesize
6.0MB

MD5
203d6d96331551bafccfda2660b16e2e

SHA1
3626483fab475ea50621f4feef6be0c08ff1d9b4

SHA256
8e3913ba6b51624648c7fb4b7384b8f66015a3adf9d4214723d3520a1e294903

SHA512
c926d88e76db5ae030752e2c6172f48c2e10cce0f2c296a5ff5582fab35b559fa150c413523b3a92d46520ff955055f8350f2db166db1fc344410ba0522a7342

Download Submit
C:\Windows\system\dSYidcX.exe

Filesize
6.0MB

MD5
7aca683bc0cc3689c7d24a4c8e48fa21

SHA1
4a89eaca5bc421ec6f18f137b74369ac5038a1a1

SHA256
da52cade870ab0fb239cf5ad8f46230c3494fa7e64f5c6b98de52518065793a8

SHA512
8e87afe8d5e281872a5730f382c28b90adb7d215cd0fce31af928692758fef09a6f503bfbe5df231eab4939b0fc03823226460a9b88334fd281dd42880e9378e

Download Submit
C:\Windows\system\doJwFAY.exe

Filesize
6.0MB

MD5
c2a634996fccf2afc387956db16a95f4

SHA1
149c38a56510e85b92f7a14d05c2c4e149072644

SHA256
11540fab517ec2d2985ca76023d07c0b9a5c818206dc2f9df0e81eb25a8a95f0

SHA512
68fb9142fd8d065c2eb937e1dd1cf507ea86d9398be8688013dfb347b3cb1cab589abbc1f9435ee2d35b38dcc627b7c9120213ea238218f36645bbb41bf0782d

Download Submit
C:\Windows\system\gJvsmOR.exe

Filesize
6.0MB

MD5
889f6bbaf58062e36ddb770ba488c925

SHA1
6bf270c6bbe6086005fd1a4c6da1ee58927f2cf4

SHA256
23aa1096fcf22578bef3af28f544254a27c75af35d002933c6a9929f7662b41d

SHA512
ba92122eb579dff77547d36089d4afb686a5f94a98f030f4f62bc3771a4a4b5dfe90909427c5acff1d6b63482c6bb4e1683868504c8fecfa5a297ac2522e8199

Download Submit
C:\Windows\system\gZmFfVP.exe

Filesize
6.0MB

MD5
1c6353f726621e3b9bc71f0d550eea5c

SHA1
9a28401fd8fdcd1c20d426592da33cf9b99ced2a

SHA256
6a26cfe11d80bc3d7676642122477b7c9aa90fcea72177c88462665b12f4c012

SHA512
cdb2c02e4a3b806bb8d4eb2b9b461ba9ef250cf0ce074f78fae3efcfe48843b9a4013241511f967132c8cf6a67465dc387093f962ff018f60e60622f43700aae

Download Submit
C:\Windows\system\gkpRQEF.exe

Filesize
6.0MB

MD5
1c675ea85c48a8400d70d9d757e1d7bc

SHA1
e7e5074fc2193ce9cb8d024b83ea6b88416a87c5

SHA256
7268fecc169c025b5f4396b219eaa95eb3dd5d12b0676a9e75029b38213d2c2a

SHA512
ef3207add97884151cbc45048c7f980d06c864a56fc4cfb5d05cef4238f590a9d727b0315bec57f8c3be9adde8ef085e7ca6ed42da6626c5c545e627b60ecd0c

Download Submit
C:\Windows\system\irCJjRN.exe

Filesize
6.0MB

MD5
e0fd611edb65e34767b27fd8eaea0bb5

SHA1
5c65d3aabc2d1605d9a1c5179a75ab3468690f16

SHA256
a97f088ca7fa30bc694ccf57ab84cf2cc5d1c2856ca2501821edbf0fe2bc243b

SHA512
989c53bdfa2956a0d7aab9b5df0b79a4affe1390b94fc9fca18569a53773870b527c5edf0664018ddd48f33e63bf62c648e0467f03c972f0f704ac8fc14ba74b

Download Submit
C:\Windows\system\nzyxLJN.exe

Filesize
6.0MB

MD5
9440c86aeb9904511e83260627ab7657

SHA1
f596e556ee0b3511c42a382eec83049be4963798

SHA256
b241a538122ccb97a4341c525aaecbcf4e585ca63b828b170f73474154234cb7

SHA512
5551a75f586685485c431e987a1ba47c10db0018854bfd69b9de0a970fd640af613be3095a4d22a976517e9f57a1f7ce04893176c45c986600a1af92184ef4a0

Download Submit
C:\Windows\system\rScFHQh.exe

Filesize
6.0MB

MD5
df1ec684f00a971359e827dd9c34ed32

SHA1
f6a87a96ff4961e670a0815d2e22bd69c6e2474b

SHA256
59a97ffb65eb73dcd375b536291a61fed1aafe817f9da246d0f12cf6838ec3b0

SHA512
cf0f60548c435562bc1a510162f0359abe6e5377cb5c308ad53b3ed1542a79a6b22ff3cc7dbc8874cb840bc135ff65fcd53693729c4eaa5b8686d6e9188a54cf

Download Submit
C:\Windows\system\tIlRHzW.exe

Filesize
6.0MB

MD5
f3b6b3bea61f27d20114d6836fa2980e

SHA1
44663e44e16db4cf6bc5b7df62229ea510563f43

SHA256
08e597e7f257408ea664af0e10490b43e05609c68789215d7386ab98e96f4d3c

SHA512
34506eda43e72b27dd0a3c210b7fe56aa073d80e8e47ff5b8cfca38b58f19e585324bdb809681ad19a2b04d5222bf8e2bb64f5cdd8aada0e4e05e015a3e35ce4

Download Submit
C:\Windows\system\thUwlMk.exe

Filesize
6.0MB

MD5
85e995d142ceae0d67ab0462ee06a168

SHA1
64881dfd6e0779aa0c784350b8ae5cf82e68ad9c

SHA256
ffc2ef220a4a17025459457ed9acc4489177003cda4db0420c0aca51029cfc69

SHA512
c085d49a20125b65be0e7b84be3ced130365d7b800495ebe8c24942dbcfce5b7fdc5f792f1cf1511f9cad4e87c1c11b75e8675ef8a5078c891e3b3af1d0827e7

Download Submit
C:\Windows\system\vsEpTeX.exe

Filesize
6.0MB

MD5
dcdbe9d39aa39b25795aee151d0d8e51

SHA1
e8ebac7f5ae178067cb87c73576d25c6fa39e326

SHA256
8aa4b9e600e390511cb495e5e7ee71327f93b481b249aff494bb598071afd989

SHA512
a646b302608976abbb95ea92e869b78dfba30bc3328ff1605e5b31fb69b9db57ef78c75c789dbe02f182774baf6122b44c5a73cedfb091c49a7a2ab649b084e6

Download Submit
C:\Windows\system\yyMZHFB.exe

Filesize
6.0MB

MD5
67ea70451ff0898077cedad4af2d3841

SHA1
0aed5408af50f3fd32600b1e9587f5b4e275d9ba

SHA256
4c838fa9cf8ea44d90a6ce9d4c60ac55e8e436fb9f124432d5ab05a76b335bbc

SHA512
d67d0a6f2dfd577f32baf10f488344398c6208a4962ebd7f237fd3d140da4052cc967aa2b749cd0ce9b8c88563f6290b620257371f6122f39bf57643c553f953

Download Submit
C:\Windows\system\zMKqpoL.exe

Filesize
6.0MB

MD5
c97d30b1cf1af40da16f398d81a989e7

SHA1
f83dd5ba3be5fef167303bda18e4fad464fd8907

SHA256
a352b567dfb91f869b32a7e8f428e48df12a240a84845c9fdff5fd0806968943

SHA512
c81ac34472d7c6450c91f4c00fb5c695bfddc46d71e910a7f85b4a9c195492619a549e104dd90c264092b78271a5ca8e3fe923971d3044094e65a51cbf5171ea

Download Submit
\Windows\system\ApcsCzE.exe

Filesize
6.0MB

MD5
00a827d8d9f1e4cb4a4020181a506558

SHA1
9b7d581cd5c7e284d9766e444c8bfc0b9ea7fc7f

SHA256
a7fef4e9d1db004e56c12455d4425aff39010dba0df74fdd57c8d780e68d2ec9

SHA512
037f472a5d409b3fd17569aaccec2281f1cc025b40a079fed289f72946d62576989a1ee7a233a220ea881ce87c3072fbf97a1e61d8c49476398dbf956a8f5422

Download Submit
\Windows\system\CZDGMoc.exe

Filesize
6.0MB

MD5
958eb88a1757538743a0e2a7b98ee31e

SHA1
f21f7e6dcc1f1faf07c953a550b4148b1c66bc4e

SHA256
fcbacde5268fdea8d86833a7e08fde3b3886d6878f0bb1726fd3f9fdedec8e12

SHA512
1ed96507e3db0631b2750cf1c3f4713093d0d1b2493c33d47cbb2086db8c3d72c6c64392765e9ff455668815fa00c1459f690ce91e89ae4324dc3311a5e8f259

Download Submit
\Windows\system\FCAgNRh.exe

Filesize
6.0MB

MD5
9b7486f35c6d431d0532ac07b1dc8a59

SHA1
af476d9c098088f6cecc4d8319d2fb0189b2f3f0

SHA256
bf5ff9ea59baf1d48f28ea9ebb2455ae226d016dee917cc2baf215c88bd29a2d

SHA512
fb310dae1d9345aac0f05011b66a683d0394a7aaa181fbabd11fa08abe996869d6535a7410f8f2f1512a5ed1f7f20693e93a05df38c136e875fdfcf1e7ecfde8

Download Submit
\Windows\system\QNqswLG.exe

Filesize
6.0MB

MD5
dfa2da32a5dba11b3b6a06b309d95666

SHA1
50f4799cd73a360b56524f2e150ea3598b90ea66

SHA256
27ddd7eddc8980cc9011d0595649b6b23d461d85d44720a35c021020442940cb

SHA512
51e84922804260f2573407f658152b5bdd6b4db1c3e468c2e3962a3b0850e0872e4a6cd2530c5cd605c5bf1ebf6c3ae80f2bc2dc7783ab1832a89d41a18460c2

Download Submit
\Windows\system\iRRMQIx.exe

Filesize
6.0MB

MD5
557ae6ae6b82d34f047ec969256cdc09

SHA1
83aa91bad5c5f3cd5177e3bb5174f2b44b230c88

SHA256
991f2e5f81d482d01b9767e2a089113b59ef73ad61a9b0c8a4a5174ed79ea576

SHA512
d4854b5bf9216c4f1164ed263617a648bffaaac77427f5e966b7b3013b8a84b67b5c034ae83bbd82087b7919ac923b8c945044af665e5c7b0199a446a0c82e2d

Download Submit
\Windows\system\nODirxm.exe

Filesize
6.0MB

MD5
c1b7577c3694b63a68974ebf5ba1bac9

SHA1
1c0312201b5f69ea9d7cc11b818e0ac096ab4713

SHA256
b9acaa923a64d4ce733082e20c0a08b66f9840d2bf41bcec068720f3240b1f96

SHA512
100989e29e130d02a34f308a4ca09b9f40ac016fa32f37aeb425f037011c81b5dea380afa8701d6506a727b4ae2957d6689cadb213d944d7baf00306326300a2

Download Submit
\Windows\system\unpUnti.exe

Filesize
6.0MB

MD5
7905cef3ae5352bda6d107c4f8b0fe20

SHA1
5f8c5cf14169855502a27f8ae92330d1766722ae

SHA256
46d9b9b1601d5d8694327f2554a40d9e8564a05b127a0c5bfb86d90c9f6a8c35

SHA512
f9189424e00d8a53f155f1f20cc116d214274ad629bee1bf6f24c18b7a5e71319a8c4b31bc09a4602f480262cb92cbfde3fa288b2f9b928c326233ca58f6cc7a

Download Submit
memory/584-3339-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/584-103-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/584-1107-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/976-66-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/976-102-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/976-3290-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/992-3323-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/992-96-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/992-1054-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-38-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-7-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-3026-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-546-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1916-3327-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1916-88-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2064-65-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2064-36-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2064-3127-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2100-453-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2100-578-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-30-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-17-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-42-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2100-1307-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2100-11-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2100-0-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-35-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-26-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-50-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2100-54-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2100-76-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-93-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-92-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2100-84-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2100-83-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2100-1-0x0000000001B20000-0x0000000001B30000-memory.dmp

Filesize
64KB

Download
memory/2520-206-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2520-73-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3301-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2532-72-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2532-4901-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2532-43-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2540-3285-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2540-52-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2540-87-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2548-3118-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-20-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-47-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3113-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-28-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-58-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-79-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3317-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-364-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-59-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/3012-4903-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/3036-44-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/3036-3028-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/3036-14-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download