cobaltstrike | 1bc2bbbd7a9e9b70d31a43a24c67bd474dd39cbda0a8099562ce6595e0d992bf

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31-01-2025 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e4408e840be99a6200f37fbfbe9b53e5
SHA1

31bc7013d0c6ec4ab930c85650d68c3e46381204
SHA256

1bc2bbbd7a9e9b70d31a43a24c67bd474dd39cbda0a8099562ce6595e0d992bf
SHA512

81e792bc5e1b65a06089b2f2ffcaf329df7c0eb47ee4d8117b0fcf1ebe183e4ba68b81616d69a53b321f46e1a4766838cb671235e8e470ed4480faad7bb1df93
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUo:T+q56utgpPF8u/7o

Score

10^/10

cobaltstrike xmrig 0 backdoor discovery miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c0000000122e0-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d2e-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d36-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d47-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d50-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d9f-34.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d13-52.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-68.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-98.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-128.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-193.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-178.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-112.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-76.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-83.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000018678-59.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dc8-47.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2024-0-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x000c0000000122e0-3.dat	xmrig
behavioral1/memory/2040-7-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d2e-12.dat	xmrig
behavioral1/files/0x0008000000016d36-11.dat	xmrig
behavioral1/memory/3048-20-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d47-22.dat	xmrig
behavioral1/memory/2748-33-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d50-32.dat	xmrig
behavioral1/memory/2024-29-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/800-16-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d9f-34.dat	xmrig
behavioral1/files/0x0009000000016d13-52.dat	xmrig
behavioral1/memory/2648-54-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018690-68.dat	xmrig
behavioral1/memory/2644-60-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2748-81-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2716-77-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f3-98.dat	xmrig
behavioral1/files/0x00050000000191f7-109.dat	xmrig
behavioral1/files/0x000500000001924c-128.dat	xmrig
behavioral1/files/0x00050000000193df-183.dat	xmrig
behavioral1/memory/2604-232-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/888-609-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2592-936-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2024-882-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/1376-795-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2716-423-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2024-323-0x00000000024A0000-0x00000000027F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019401-189.dat	xmrig
behavioral1/files/0x0005000000019403-193.dat	xmrig
behavioral1/files/0x00050000000193d9-178.dat	xmrig
behavioral1/files/0x00050000000193cc-173.dat	xmrig
behavioral1/files/0x00050000000193c4-168.dat	xmrig
behavioral1/files/0x00050000000193be-163.dat	xmrig
behavioral1/files/0x0005000000019389-158.dat	xmrig
behavioral1/files/0x0005000000019382-153.dat	xmrig
behavioral1/files/0x0005000000019277-148.dat	xmrig
behavioral1/files/0x0005000000019273-143.dat	xmrig
behavioral1/files/0x0005000000019271-139.dat	xmrig
behavioral1/files/0x000500000001926b-133.dat	xmrig
behavioral1/files/0x0005000000019234-123.dat	xmrig
behavioral1/files/0x0005000000019229-118.dat	xmrig
behavioral1/memory/2024-105-0x00000000024A0000-0x00000000027F4000-memory.dmp	xmrig
behavioral1/memory/2024-104-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x0005000000019218-112.dat	xmrig
behavioral1/memory/1376-93-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2648-92-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000190d6-91.dat	xmrig
behavioral1/memory/2592-100-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2644-99-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2024-96-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2024-95-0x00000000024A0000-0x00000000027F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001879b-76.dat	xmrig
behavioral1/memory/2024-74-0x00000000024A0000-0x00000000027F4000-memory.dmp	xmrig
behavioral1/memory/2640-73-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/888-85-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2860-84-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/files/0x00060000000190cd-83.dat	xmrig
behavioral1/files/0x000b000000018678-59.dat	xmrig
behavioral1/memory/800-56-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2604-69-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2024-66-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/3048-65-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2040	NVLRUKo.exe
800	DmVVjuO.exe
3048	uUkAyoa.exe
2640	sesIJbl.exe
2748	VyyXojN.exe
2540	zLPdhiq.exe
2860	btRJFXr.exe
2648	gGfaKRm.exe
2644	fxZUqFQ.exe
2604	ItOItJz.exe
2716	OErpXLW.exe
888	RFpHHXj.exe
1376	HjjaeDV.exe
2592	IuVcJKi.exe
492	UCFFJTy.exe
2520	NIhPzXq.exe
1220	dkwrQhU.exe
2768	GaROdAf.exe
636	HztpEYE.exe
2864	rlqNbqo.exe
1160	wEJzFXi.exe
1996	ZGakCQS.exe
2708	YZmdiOh.exe
2220	uhZORLP.exe
1788	pxMCkvH.exe
2216	ZPzMTgK.exe
2368	XFJlRpf.exe
1640	GaHcmls.exe
2408	mFXgpIq.exe
844	NqGqAen.exe
1452	BLNNEHy.exe
1732	FCnlreG.exe
1740	TGaqWyO.exe
908	RShaiis.exe
2448	kuafUGM.exe
1680	PHcWZVI.exe
1304	scvVKoq.exe
1380	rLtcyhT.exe
2136	hBDczdc.exe
2140	USUauiF.exe
2976	DSKivoc.exe
2964	CTibnZy.exe
3032	TmNNNiM.exe
2924	OiGKEiG.exe
2428	khmiqqt.exe
876	KkduEBI.exe
1896	UiqDfan.exe
1900	TeJLMcS.exe
2460	ajdgRCG.exe
1756	fWcwDnK.exe
2944	ILvtudY.exe
1600	KBhxnFk.exe
1792	NHpfVEs.exe
2508	hEWoNDf.exe
3064	AcxKaMg.exe
2796	CWwMcTC.exe
2820	mfyunmg.exe
2980	AFOQGjU.exe
2580	mkhyUDl.exe
1112	hGhIgoR.exe
1328	bsGhumn.exe
2848	qYEjPMy.exe
1652	FRMzEra.exe
2600	FSOaaOa.exe

Loads dropped DLL 64 IoCs

pid	Process
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2024-0-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x000c0000000122e0-3.dat	upx
behavioral1/memory/2040-7-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/files/0x0008000000016d2e-12.dat	upx
behavioral1/files/0x0008000000016d36-11.dat	upx
behavioral1/memory/3048-20-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x0007000000016d47-22.dat	upx
behavioral1/memory/2748-33-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x0007000000016d50-32.dat	upx
behavioral1/memory/2024-29-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/800-16-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x0007000000016d9f-34.dat	upx
behavioral1/files/0x0009000000016d13-52.dat	upx
behavioral1/memory/2648-54-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x0005000000018690-68.dat	upx
behavioral1/memory/2644-60-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2748-81-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2716-77-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/files/0x00050000000191f3-98.dat	upx
behavioral1/files/0x00050000000191f7-109.dat	upx
behavioral1/files/0x000500000001924c-128.dat	upx
behavioral1/files/0x00050000000193df-183.dat	upx
behavioral1/memory/2604-232-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/888-609-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2592-936-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/1376-795-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2716-423-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/files/0x0005000000019401-189.dat	upx
behavioral1/files/0x0005000000019403-193.dat	upx
behavioral1/files/0x00050000000193d9-178.dat	upx
behavioral1/files/0x00050000000193cc-173.dat	upx
behavioral1/files/0x00050000000193c4-168.dat	upx
behavioral1/files/0x00050000000193be-163.dat	upx
behavioral1/files/0x0005000000019389-158.dat	upx
behavioral1/files/0x0005000000019382-153.dat	upx
behavioral1/files/0x0005000000019277-148.dat	upx
behavioral1/files/0x0005000000019273-143.dat	upx
behavioral1/files/0x0005000000019271-139.dat	upx
behavioral1/files/0x000500000001926b-133.dat	upx
behavioral1/files/0x0005000000019234-123.dat	upx
behavioral1/files/0x0005000000019229-118.dat	upx
behavioral1/files/0x0005000000019218-112.dat	upx
behavioral1/memory/1376-93-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2648-92-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x00060000000190d6-91.dat	upx
behavioral1/memory/2592-100-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2644-99-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/files/0x000500000001879b-76.dat	upx
behavioral1/memory/2640-73-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/888-85-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2860-84-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/files/0x00060000000190cd-83.dat	upx
behavioral1/files/0x000b000000018678-59.dat	upx
behavioral1/memory/800-56-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2604-69-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/3048-65-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2040-51-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2860-50-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2540-48-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x0008000000016dc8-47.dat	upx
behavioral1/memory/800-3888-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2640-3882-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/3048-3904-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2040-3908-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MlKxgPt.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oLqxueU.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vfBxMaN.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NupZOoJ.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bCJunAI.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbLfIMF.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RidWMvw.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxVHRLh.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XfEnuWo.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PWVBRJz.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TtIBsBR.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KosPlQg.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zlLSYMX.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XXYQTGc.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bYTTYCn.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LaYLIGg.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qgVWGyL.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FYfRIzP.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZuAqYpU.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MJzgvOL.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krtYbWZ.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ryMRABz.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPQXyTP.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FPbkvzF.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TDSEZwk.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iOJQjlA.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xcZuyEU.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gCAfRAW.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bBDUHfe.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HKkGRxU.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nKsgHwg.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\slPOcnW.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLHzuwQ.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSnCelZ.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vQppVmv.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QboYaHd.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\trbqzcY.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KMfRqlI.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KpgSyJq.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DtbhLRa.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gdAEoHo.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAvjgiP.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dnQeaHU.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zaQncXl.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FRMzEra.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdqRHrr.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fRstJNh.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KMclIJR.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PqGeOHa.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BHJIUFp.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qwRqSKm.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dHqsCBq.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHUjEFI.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MeqsFJU.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KxoeSHt.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RtqXukq.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bijYjma.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AZEkaiU.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPNwbZL.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbQTWEa.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGaVWSk.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDVGZQF.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yidpsUe.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KWlsRhD.exe	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
19184	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2040	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2024 wrote to memory of 2040	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2024 wrote to memory of 2040	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2024 wrote to memory of 800	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2024 wrote to memory of 800	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2024 wrote to memory of 800	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2024 wrote to memory of 3048	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2024 wrote to memory of 3048	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2024 wrote to memory of 3048	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2024 wrote to memory of 2640	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2024 wrote to memory of 2640	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2024 wrote to memory of 2640	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2024 wrote to memory of 2748	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2024 wrote to memory of 2748	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2024 wrote to memory of 2748	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2024 wrote to memory of 2540	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2024 wrote to memory of 2540	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2024 wrote to memory of 2540	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2024 wrote to memory of 2648	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2024 wrote to memory of 2648	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2024 wrote to memory of 2648	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2024 wrote to memory of 2860	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2024 wrote to memory of 2860	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2024 wrote to memory of 2860	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2024 wrote to memory of 2644	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2024 wrote to memory of 2644	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2024 wrote to memory of 2644	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2024 wrote to memory of 2604	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2024 wrote to memory of 2604	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2024 wrote to memory of 2604	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2024 wrote to memory of 2716	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2024 wrote to memory of 2716	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2024 wrote to memory of 2716	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2024 wrote to memory of 888	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2024 wrote to memory of 888	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2024 wrote to memory of 888	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2024 wrote to memory of 1376	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2024 wrote to memory of 1376	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2024 wrote to memory of 1376	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2024 wrote to memory of 2592	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2024 wrote to memory of 2592	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2024 wrote to memory of 2592	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2024 wrote to memory of 492	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2024 wrote to memory of 492	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2024 wrote to memory of 492	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2024 wrote to memory of 2520	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2024 wrote to memory of 2520	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2024 wrote to memory of 2520	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2024 wrote to memory of 1220	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2024 wrote to memory of 1220	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2024 wrote to memory of 1220	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2024 wrote to memory of 2768	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2024 wrote to memory of 2768	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2024 wrote to memory of 2768	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2024 wrote to memory of 636	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2024 wrote to memory of 636	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2024 wrote to memory of 636	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2024 wrote to memory of 2864	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2024 wrote to memory of 2864	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2024 wrote to memory of 2864	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2024 wrote to memory of 1160	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2024 wrote to memory of 1160	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2024 wrote to memory of 1160	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2024 wrote to memory of 1996	2024	2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_e4408e840be99a6200f37fbfbe9b53e5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\System\NVLRUKo.exe
  C:\Windows\System\NVLRUKo.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\DmVVjuO.exe
  C:\Windows\System\DmVVjuO.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\uUkAyoa.exe
  C:\Windows\System\uUkAyoa.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\sesIJbl.exe
  C:\Windows\System\sesIJbl.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\VyyXojN.exe
  C:\Windows\System\VyyXojN.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\zLPdhiq.exe
  C:\Windows\System\zLPdhiq.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\gGfaKRm.exe
  C:\Windows\System\gGfaKRm.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\btRJFXr.exe
  C:\Windows\System\btRJFXr.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\fxZUqFQ.exe
  C:\Windows\System\fxZUqFQ.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\ItOItJz.exe
  C:\Windows\System\ItOItJz.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\OErpXLW.exe
  C:\Windows\System\OErpXLW.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\RFpHHXj.exe
  C:\Windows\System\RFpHHXj.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\HjjaeDV.exe
  C:\Windows\System\HjjaeDV.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\IuVcJKi.exe
  C:\Windows\System\IuVcJKi.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\UCFFJTy.exe
  C:\Windows\System\UCFFJTy.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\NIhPzXq.exe
  C:\Windows\System\NIhPzXq.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\dkwrQhU.exe
  C:\Windows\System\dkwrQhU.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\GaROdAf.exe
  C:\Windows\System\GaROdAf.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\HztpEYE.exe
  C:\Windows\System\HztpEYE.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\rlqNbqo.exe
  C:\Windows\System\rlqNbqo.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\wEJzFXi.exe
  C:\Windows\System\wEJzFXi.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\ZGakCQS.exe
  C:\Windows\System\ZGakCQS.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\YZmdiOh.exe
  C:\Windows\System\YZmdiOh.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\uhZORLP.exe
  C:\Windows\System\uhZORLP.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\pxMCkvH.exe
  C:\Windows\System\pxMCkvH.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\ZPzMTgK.exe
  C:\Windows\System\ZPzMTgK.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\XFJlRpf.exe
  C:\Windows\System\XFJlRpf.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\GaHcmls.exe
  C:\Windows\System\GaHcmls.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\mFXgpIq.exe
  C:\Windows\System\mFXgpIq.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\NqGqAen.exe
  C:\Windows\System\NqGqAen.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\BLNNEHy.exe
  C:\Windows\System\BLNNEHy.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\FCnlreG.exe
  C:\Windows\System\FCnlreG.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\TGaqWyO.exe
  C:\Windows\System\TGaqWyO.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\RShaiis.exe
  C:\Windows\System\RShaiis.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\kuafUGM.exe
  C:\Windows\System\kuafUGM.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\PHcWZVI.exe
  C:\Windows\System\PHcWZVI.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\scvVKoq.exe
  C:\Windows\System\scvVKoq.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\rLtcyhT.exe
  C:\Windows\System\rLtcyhT.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\hBDczdc.exe
  C:\Windows\System\hBDczdc.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\USUauiF.exe
  C:\Windows\System\USUauiF.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\DSKivoc.exe
  C:\Windows\System\DSKivoc.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\CTibnZy.exe
  C:\Windows\System\CTibnZy.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\TmNNNiM.exe
  C:\Windows\System\TmNNNiM.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\OiGKEiG.exe
  C:\Windows\System\OiGKEiG.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\khmiqqt.exe
  C:\Windows\System\khmiqqt.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\KkduEBI.exe
  C:\Windows\System\KkduEBI.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\UiqDfan.exe
  C:\Windows\System\UiqDfan.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\TeJLMcS.exe
  C:\Windows\System\TeJLMcS.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\ajdgRCG.exe
  C:\Windows\System\ajdgRCG.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\fWcwDnK.exe
  C:\Windows\System\fWcwDnK.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\ILvtudY.exe
  C:\Windows\System\ILvtudY.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\KBhxnFk.exe
  C:\Windows\System\KBhxnFk.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\NHpfVEs.exe
  C:\Windows\System\NHpfVEs.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\hEWoNDf.exe
  C:\Windows\System\hEWoNDf.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\AcxKaMg.exe
  C:\Windows\System\AcxKaMg.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\CWwMcTC.exe
  C:\Windows\System\CWwMcTC.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\mfyunmg.exe
  C:\Windows\System\mfyunmg.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\AFOQGjU.exe
  C:\Windows\System\AFOQGjU.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\mkhyUDl.exe
  C:\Windows\System\mkhyUDl.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\hGhIgoR.exe
  C:\Windows\System\hGhIgoR.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\bsGhumn.exe
  C:\Windows\System\bsGhumn.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\qYEjPMy.exe
  C:\Windows\System\qYEjPMy.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\FRMzEra.exe
  C:\Windows\System\FRMzEra.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\FSOaaOa.exe
  C:\Windows\System\FSOaaOa.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\EwnInvd.exe
  C:\Windows\System\EwnInvd.exe
  2⤵
  PID:1976
- C:\Windows\System\ezqxuVx.exe
  C:\Windows\System\ezqxuVx.exe
  2⤵
  PID:2092
- C:\Windows\System\LOscEma.exe
  C:\Windows\System\LOscEma.exe
  2⤵
  PID:2132
- C:\Windows\System\dsWChYI.exe
  C:\Windows\System\dsWChYI.exe
  2⤵
  PID:672
- C:\Windows\System\VWMxMLW.exe
  C:\Windows\System\VWMxMLW.exe
  2⤵
  PID:2104
- C:\Windows\System\YZFQyeV.exe
  C:\Windows\System\YZFQyeV.exe
  2⤵
  PID:1140
- C:\Windows\System\gbBbFwS.exe
  C:\Windows\System\gbBbFwS.exe
  2⤵
  PID:1356
- C:\Windows\System\qSibRkM.exe
  C:\Windows\System\qSibRkM.exe
  2⤵
  PID:2056
- C:\Windows\System\PMSHwAc.exe
  C:\Windows\System\PMSHwAc.exe
  2⤵
  PID:1860
- C:\Windows\System\foFBnYh.exe
  C:\Windows\System\foFBnYh.exe
  2⤵
  PID:1036
- C:\Windows\System\SlhTWOF.exe
  C:\Windows\System\SlhTWOF.exe
  2⤵
  PID:1636
- C:\Windows\System\KMwzOQM.exe
  C:\Windows\System\KMwzOQM.exe
  2⤵
  PID:1796
- C:\Windows\System\kBhNHrs.exe
  C:\Windows\System\kBhNHrs.exe
  2⤵
  PID:1284
- C:\Windows\System\kPPnIjL.exe
  C:\Windows\System\kPPnIjL.exe
  2⤵
  PID:2960
- C:\Windows\System\WcGcZNG.exe
  C:\Windows\System\WcGcZNG.exe
  2⤵
  PID:1504
- C:\Windows\System\VyCmzcF.exe
  C:\Windows\System\VyCmzcF.exe
  2⤵
  PID:2080
- C:\Windows\System\llzVLpv.exe
  C:\Windows\System\llzVLpv.exe
  2⤵
  PID:1904
- C:\Windows\System\khzGbqu.exe
  C:\Windows\System\khzGbqu.exe
  2⤵
  PID:1864
- C:\Windows\System\JVAWWup.exe
  C:\Windows\System\JVAWWup.exe
  2⤵
  PID:2436
- C:\Windows\System\zjdIEML.exe
  C:\Windows\System\zjdIEML.exe
  2⤵
  PID:1100
- C:\Windows\System\yAbnuMu.exe
  C:\Windows\System\yAbnuMu.exe
  2⤵
  PID:2108
- C:\Windows\System\Lpnftaj.exe
  C:\Windows\System\Lpnftaj.exe
  2⤵
  PID:2224
- C:\Windows\System\OBHWxAH.exe
  C:\Windows\System\OBHWxAH.exe
  2⤵
  PID:2908
- C:\Windows\System\YwrsrWY.exe
  C:\Windows\System\YwrsrWY.exe
  2⤵
  PID:2528
- C:\Windows\System\vCtaDdd.exe
  C:\Windows\System\vCtaDdd.exe
  2⤵
  PID:2288
- C:\Windows\System\MBwBYTt.exe
  C:\Windows\System\MBwBYTt.exe
  2⤵
  PID:896
- C:\Windows\System\HtRjUoT.exe
  C:\Windows\System\HtRjUoT.exe
  2⤵
  PID:2432
- C:\Windows\System\tEGgNJb.exe
  C:\Windows\System\tEGgNJb.exe
  2⤵
  PID:1632
- C:\Windows\System\fBHGTLx.exe
  C:\Windows\System\fBHGTLx.exe
  2⤵
  PID:2892
- C:\Windows\System\TNcZcqj.exe
  C:\Windows\System\TNcZcqj.exe
  2⤵
  PID:2340
- C:\Windows\System\pEiqHEv.exe
  C:\Windows\System\pEiqHEv.exe
  2⤵
  PID:2868
- C:\Windows\System\DCEJNsQ.exe
  C:\Windows\System\DCEJNsQ.exe
  2⤵
  PID:1292
- C:\Windows\System\KXGZOtg.exe
  C:\Windows\System\KXGZOtg.exe
  2⤵
  PID:1236
- C:\Windows\System\lKnLvRh.exe
  C:\Windows\System\lKnLvRh.exe
  2⤵
  PID:2720
- C:\Windows\System\oWzPcnG.exe
  C:\Windows\System\oWzPcnG.exe
  2⤵
  PID:1028
- C:\Windows\System\guSEilE.exe
  C:\Windows\System\guSEilE.exe
  2⤵
  PID:2956
- C:\Windows\System\agoipuj.exe
  C:\Windows\System\agoipuj.exe
  2⤵
  PID:2204
- C:\Windows\System\QDTnjgg.exe
  C:\Windows\System\QDTnjgg.exe
  2⤵
  PID:1576
- C:\Windows\System\TNLLUwj.exe
  C:\Windows\System\TNLLUwj.exe
  2⤵
  PID:1928
- C:\Windows\System\HNKBUeE.exe
  C:\Windows\System\HNKBUeE.exe
  2⤵
  PID:3096
- C:\Windows\System\tfdvUnO.exe
  C:\Windows\System\tfdvUnO.exe
  2⤵
  PID:3116
- C:\Windows\System\rqxOBuw.exe
  C:\Windows\System\rqxOBuw.exe
  2⤵
  PID:3136
- C:\Windows\System\lfZpsvL.exe
  C:\Windows\System\lfZpsvL.exe
  2⤵
  PID:3156
- C:\Windows\System\BFTINDa.exe
  C:\Windows\System\BFTINDa.exe
  2⤵
  PID:3180
- C:\Windows\System\ixWeNWW.exe
  C:\Windows\System\ixWeNWW.exe
  2⤵
  PID:3200
- C:\Windows\System\IIBSyGg.exe
  C:\Windows\System\IIBSyGg.exe
  2⤵
  PID:3220
- C:\Windows\System\CWTdDck.exe
  C:\Windows\System\CWTdDck.exe
  2⤵
  PID:3240
- C:\Windows\System\ughkgWo.exe
  C:\Windows\System\ughkgWo.exe
  2⤵
  PID:3256
- C:\Windows\System\elUCQHe.exe
  C:\Windows\System\elUCQHe.exe
  2⤵
  PID:3280
- C:\Windows\System\FrLEtcL.exe
  C:\Windows\System\FrLEtcL.exe
  2⤵
  PID:3300
- C:\Windows\System\anzvRHr.exe
  C:\Windows\System\anzvRHr.exe
  2⤵
  PID:3320
- C:\Windows\System\qzZExds.exe
  C:\Windows\System\qzZExds.exe
  2⤵
  PID:3340
- C:\Windows\System\dEeGQjM.exe
  C:\Windows\System\dEeGQjM.exe
  2⤵
  PID:3360
- C:\Windows\System\SVXuWwS.exe
  C:\Windows\System\SVXuWwS.exe
  2⤵
  PID:3380
- C:\Windows\System\sPJwbbl.exe
  C:\Windows\System\sPJwbbl.exe
  2⤵
  PID:3400
- C:\Windows\System\BLgHIuW.exe
  C:\Windows\System\BLgHIuW.exe
  2⤵
  PID:3420
- C:\Windows\System\CsxDZMN.exe
  C:\Windows\System\CsxDZMN.exe
  2⤵
  PID:3440
- C:\Windows\System\FUmrCDs.exe
  C:\Windows\System\FUmrCDs.exe
  2⤵
  PID:3460
- C:\Windows\System\cVEXOoR.exe
  C:\Windows\System\cVEXOoR.exe
  2⤵
  PID:3480
- C:\Windows\System\hTCOeET.exe
  C:\Windows\System\hTCOeET.exe
  2⤵
  PID:3500
- C:\Windows\System\oePkOgk.exe
  C:\Windows\System\oePkOgk.exe
  2⤵
  PID:3520
- C:\Windows\System\WeRwVsU.exe
  C:\Windows\System\WeRwVsU.exe
  2⤵
  PID:3540
- C:\Windows\System\EXhUkDV.exe
  C:\Windows\System\EXhUkDV.exe
  2⤵
  PID:3560
- C:\Windows\System\SeKCTKY.exe
  C:\Windows\System\SeKCTKY.exe
  2⤵
  PID:3580
- C:\Windows\System\rirvjdc.exe
  C:\Windows\System\rirvjdc.exe
  2⤵
  PID:3600
- C:\Windows\System\qpVvFOY.exe
  C:\Windows\System\qpVvFOY.exe
  2⤵
  PID:3620
- C:\Windows\System\cIelceV.exe
  C:\Windows\System\cIelceV.exe
  2⤵
  PID:3640
- C:\Windows\System\mEosGXV.exe
  C:\Windows\System\mEosGXV.exe
  2⤵
  PID:3660
- C:\Windows\System\NKsYGBm.exe
  C:\Windows\System\NKsYGBm.exe
  2⤵
  PID:3684
- C:\Windows\System\MJzgvOL.exe
  C:\Windows\System\MJzgvOL.exe
  2⤵
  PID:3704
- C:\Windows\System\UebfpgL.exe
  C:\Windows\System\UebfpgL.exe
  2⤵
  PID:3724
- C:\Windows\System\ybBUxja.exe
  C:\Windows\System\ybBUxja.exe
  2⤵
  PID:3740
- C:\Windows\System\DxzmgkS.exe
  C:\Windows\System\DxzmgkS.exe
  2⤵
  PID:3764
- C:\Windows\System\azCrEmE.exe
  C:\Windows\System\azCrEmE.exe
  2⤵
  PID:3780
- C:\Windows\System\WmhWZMD.exe
  C:\Windows\System\WmhWZMD.exe
  2⤵
  PID:3804
- C:\Windows\System\CRDbuGL.exe
  C:\Windows\System\CRDbuGL.exe
  2⤵
  PID:3824
- C:\Windows\System\DTWNLzL.exe
  C:\Windows\System\DTWNLzL.exe
  2⤵
  PID:3844
- C:\Windows\System\gCBFYQi.exe
  C:\Windows\System\gCBFYQi.exe
  2⤵
  PID:3864
- C:\Windows\System\MqEfCNQ.exe
  C:\Windows\System\MqEfCNQ.exe
  2⤵
  PID:3884
- C:\Windows\System\WNSubzQ.exe
  C:\Windows\System\WNSubzQ.exe
  2⤵
  PID:3904
- C:\Windows\System\hQybGBc.exe
  C:\Windows\System\hQybGBc.exe
  2⤵
  PID:3924
- C:\Windows\System\ntvXbel.exe
  C:\Windows\System\ntvXbel.exe
  2⤵
  PID:3944
- C:\Windows\System\bXBYeLv.exe
  C:\Windows\System\bXBYeLv.exe
  2⤵
  PID:3964
- C:\Windows\System\afdrzyH.exe
  C:\Windows\System\afdrzyH.exe
  2⤵
  PID:3984
- C:\Windows\System\lynIBpG.exe
  C:\Windows\System\lynIBpG.exe
  2⤵
  PID:4004
- C:\Windows\System\sbsFqRn.exe
  C:\Windows\System\sbsFqRn.exe
  2⤵
  PID:4024
- C:\Windows\System\DPSOxrj.exe
  C:\Windows\System\DPSOxrj.exe
  2⤵
  PID:4044
- C:\Windows\System\IEoQxsO.exe
  C:\Windows\System\IEoQxsO.exe
  2⤵
  PID:4064
- C:\Windows\System\MNuJbop.exe
  C:\Windows\System\MNuJbop.exe
  2⤵
  PID:4084
- C:\Windows\System\rTAXwsV.exe
  C:\Windows\System\rTAXwsV.exe
  2⤵
  PID:2612
- C:\Windows\System\fiovSaL.exe
  C:\Windows\System\fiovSaL.exe
  2⤵
  PID:1596
- C:\Windows\System\qUNgKJd.exe
  C:\Windows\System\qUNgKJd.exe
  2⤵
  PID:1984
- C:\Windows\System\BaVyNhk.exe
  C:\Windows\System\BaVyNhk.exe
  2⤵
  PID:2840
- C:\Windows\System\MnWzAix.exe
  C:\Windows\System\MnWzAix.exe
  2⤵
  PID:852
- C:\Windows\System\kqKwvCP.exe
  C:\Windows\System\kqKwvCP.exe
  2⤵
  PID:2968
- C:\Windows\System\iecYNIC.exe
  C:\Windows\System\iecYNIC.exe
  2⤵
  PID:1484
- C:\Windows\System\Fdavqtd.exe
  C:\Windows\System\Fdavqtd.exe
  2⤵
  PID:2772
- C:\Windows\System\livRYFK.exe
  C:\Windows\System\livRYFK.exe
  2⤵
  PID:1608
- C:\Windows\System\ufZdKLk.exe
  C:\Windows\System\ufZdKLk.exe
  2⤵
  PID:2972
- C:\Windows\System\cwFuwpS.exe
  C:\Windows\System\cwFuwpS.exe
  2⤵
  PID:2232
- C:\Windows\System\iMfgvqA.exe
  C:\Windows\System\iMfgvqA.exe
  2⤵
  PID:3068
- C:\Windows\System\kQxmtPL.exe
  C:\Windows\System\kQxmtPL.exe
  2⤵
  PID:3104
- C:\Windows\System\QHzpGUj.exe
  C:\Windows\System\QHzpGUj.exe
  2⤵
  PID:3144
- C:\Windows\System\YlWKVAI.exe
  C:\Windows\System\YlWKVAI.exe
  2⤵
  PID:3148
- C:\Windows\System\BIcUTbj.exe
  C:\Windows\System\BIcUTbj.exe
  2⤵
  PID:3196
- C:\Windows\System\RaBPaJT.exe
  C:\Windows\System\RaBPaJT.exe
  2⤵
  PID:3212
- C:\Windows\System\gJMbuie.exe
  C:\Windows\System\gJMbuie.exe
  2⤵
  PID:3276
- C:\Windows\System\SlYiwdw.exe
  C:\Windows\System\SlYiwdw.exe
  2⤵
  PID:3292
- C:\Windows\System\CiDvyxr.exe
  C:\Windows\System\CiDvyxr.exe
  2⤵
  PID:3336
- C:\Windows\System\xyVjhEq.exe
  C:\Windows\System\xyVjhEq.exe
  2⤵
  PID:3368
- C:\Windows\System\gMpUFhj.exe
  C:\Windows\System\gMpUFhj.exe
  2⤵
  PID:3408
- C:\Windows\System\poTHnir.exe
  C:\Windows\System\poTHnir.exe
  2⤵
  PID:3432
- C:\Windows\System\qBzoQNE.exe
  C:\Windows\System\qBzoQNE.exe
  2⤵
  PID:3456
- C:\Windows\System\lmNePrw.exe
  C:\Windows\System\lmNePrw.exe
  2⤵
  PID:3492
- C:\Windows\System\pPemnvL.exe
  C:\Windows\System\pPemnvL.exe
  2⤵
  PID:3536
- C:\Windows\System\dtcHUWx.exe
  C:\Windows\System\dtcHUWx.exe
  2⤵
  PID:3588
- C:\Windows\System\jaFenZw.exe
  C:\Windows\System\jaFenZw.exe
  2⤵
  PID:3576
- C:\Windows\System\XYJkDZG.exe
  C:\Windows\System\XYJkDZG.exe
  2⤵
  PID:3648
- C:\Windows\System\nQxOOSM.exe
  C:\Windows\System\nQxOOSM.exe
  2⤵
  PID:3672
- C:\Windows\System\BZNjSHl.exe
  C:\Windows\System\BZNjSHl.exe
  2⤵
  PID:3700
- C:\Windows\System\UjkvrfU.exe
  C:\Windows\System\UjkvrfU.exe
  2⤵
  PID:3756
- C:\Windows\System\rPRhmaf.exe
  C:\Windows\System\rPRhmaf.exe
  2⤵
  PID:3792
- C:\Windows\System\velSbCl.exe
  C:\Windows\System\velSbCl.exe
  2⤵
  PID:3832
- C:\Windows\System\JSkMtlk.exe
  C:\Windows\System\JSkMtlk.exe
  2⤵
  PID:3816
- C:\Windows\System\HBSUNeZ.exe
  C:\Windows\System\HBSUNeZ.exe
  2⤵
  PID:3880
- C:\Windows\System\BHJIUFp.exe
  C:\Windows\System\BHJIUFp.exe
  2⤵
  PID:3912
- C:\Windows\System\DXFJdvF.exe
  C:\Windows\System\DXFJdvF.exe
  2⤵
  PID:3960
- C:\Windows\System\oulDrXS.exe
  C:\Windows\System\oulDrXS.exe
  2⤵
  PID:3992
- C:\Windows\System\JSHGkLW.exe
  C:\Windows\System\JSHGkLW.exe
  2⤵
  PID:3976
- C:\Windows\System\nbFeXSX.exe
  C:\Windows\System\nbFeXSX.exe
  2⤵
  PID:4040
- C:\Windows\System\DbCscZN.exe
  C:\Windows\System\DbCscZN.exe
  2⤵
  PID:4080
- C:\Windows\System\ZfXKIts.exe
  C:\Windows\System\ZfXKIts.exe
  2⤵
  PID:1564
- C:\Windows\System\DXelgPL.exe
  C:\Windows\System\DXelgPL.exe
  2⤵
  PID:2560
- C:\Windows\System\UINjeEr.exe
  C:\Windows\System\UINjeEr.exe
  2⤵
  PID:2552
- C:\Windows\System\noRfNAr.exe
  C:\Windows\System\noRfNAr.exe
  2⤵
  PID:2632
- C:\Windows\System\zpypDhT.exe
  C:\Windows\System\zpypDhT.exe
  2⤵
  PID:1016
- C:\Windows\System\dlUpJgi.exe
  C:\Windows\System\dlUpJgi.exe
  2⤵
  PID:1684
- C:\Windows\System\yLtHVCK.exe
  C:\Windows\System\yLtHVCK.exe
  2⤵
  PID:764
- C:\Windows\System\fEDjfIz.exe
  C:\Windows\System\fEDjfIz.exe
  2⤵
  PID:3036
- C:\Windows\System\xteCbAw.exe
  C:\Windows\System\xteCbAw.exe
  2⤵
  PID:3164
- C:\Windows\System\zeBjOcy.exe
  C:\Windows\System\zeBjOcy.exe
  2⤵
  PID:3128
- C:\Windows\System\iscTlms.exe
  C:\Windows\System\iscTlms.exe
  2⤵
  PID:3208
- C:\Windows\System\tBZxYZI.exe
  C:\Windows\System\tBZxYZI.exe
  2⤵
  PID:3252
- C:\Windows\System\gcvPRYr.exe
  C:\Windows\System\gcvPRYr.exe
  2⤵
  PID:3356
- C:\Windows\System\MSlMLBy.exe
  C:\Windows\System\MSlMLBy.exe
  2⤵
  PID:3468
- C:\Windows\System\vpVZnFg.exe
  C:\Windows\System\vpVZnFg.exe
  2⤵
  PID:3508
- C:\Windows\System\jLJVqPB.exe
  C:\Windows\System\jLJVqPB.exe
  2⤵
  PID:3552
- C:\Windows\System\NNcquBK.exe
  C:\Windows\System\NNcquBK.exe
  2⤵
  PID:3556
- C:\Windows\System\xQBwoUd.exe
  C:\Windows\System\xQBwoUd.exe
  2⤵
  PID:3616
- C:\Windows\System\wQBjgYg.exe
  C:\Windows\System\wQBjgYg.exe
  2⤵
  PID:3692
- C:\Windows\System\IfEWiDa.exe
  C:\Windows\System\IfEWiDa.exe
  2⤵
  PID:3776
- C:\Windows\System\gwnVttD.exe
  C:\Windows\System\gwnVttD.exe
  2⤵
  PID:2660
- C:\Windows\System\gcovcHP.exe
  C:\Windows\System\gcovcHP.exe
  2⤵
  PID:3812
- C:\Windows\System\UaGfDUc.exe
  C:\Windows\System\UaGfDUc.exe
  2⤵
  PID:3900
- C:\Windows\System\JLIommX.exe
  C:\Windows\System\JLIommX.exe
  2⤵
  PID:3980
- C:\Windows\System\jjhvjvF.exe
  C:\Windows\System\jjhvjvF.exe
  2⤵
  PID:4036
- C:\Windows\System\sbaLRSb.exe
  C:\Windows\System\sbaLRSb.exe
  2⤵
  PID:4092
- C:\Windows\System\EzFxlQt.exe
  C:\Windows\System\EzFxlQt.exe
  2⤵
  PID:1944
- C:\Windows\System\xsKJlsl.exe
  C:\Windows\System\xsKJlsl.exe
  2⤵
  PID:2680
- C:\Windows\System\XGCwsDg.exe
  C:\Windows\System\XGCwsDg.exe
  2⤵
  PID:2036
- C:\Windows\System\aTaqEmz.exe
  C:\Windows\System\aTaqEmz.exe
  2⤵
  PID:1908
- C:\Windows\System\bGIxrZj.exe
  C:\Windows\System\bGIxrZj.exe
  2⤵
  PID:3132
- C:\Windows\System\FAqNLNR.exe
  C:\Windows\System\FAqNLNR.exe
  2⤵
  PID:3228
- C:\Windows\System\HwHEWyX.exe
  C:\Windows\System\HwHEWyX.exe
  2⤵
  PID:3296
- C:\Windows\System\ipcfxMJ.exe
  C:\Windows\System\ipcfxMJ.exe
  2⤵
  PID:3396
- C:\Windows\System\npbFNSM.exe
  C:\Windows\System\npbFNSM.exe
  2⤵
  PID:3548
- C:\Windows\System\YFoCWQa.exe
  C:\Windows\System\YFoCWQa.exe
  2⤵
  PID:3656
- C:\Windows\System\updZNmD.exe
  C:\Windows\System\updZNmD.exe
  2⤵
  PID:3712
- C:\Windows\System\dXrMafW.exe
  C:\Windows\System\dXrMafW.exe
  2⤵
  PID:3788
- C:\Windows\System\YTnOKOi.exe
  C:\Windows\System\YTnOKOi.exe
  2⤵
  PID:3736
- C:\Windows\System\sQFnQAl.exe
  C:\Windows\System\sQFnQAl.exe
  2⤵
  PID:3952
- C:\Windows\System\btKDAbA.exe
  C:\Windows\System\btKDAbA.exe
  2⤵
  PID:4060
- C:\Windows\System\qYnBeuM.exe
  C:\Windows\System\qYnBeuM.exe
  2⤵
  PID:2656
- C:\Windows\System\RDiLoOn.exe
  C:\Windows\System\RDiLoOn.exe
  2⤵
  PID:2060
- C:\Windows\System\MFaCYIk.exe
  C:\Windows\System\MFaCYIk.exe
  2⤵
  PID:2380
- C:\Windows\System\mzgbhZa.exe
  C:\Windows\System\mzgbhZa.exe
  2⤵
  PID:2156
- C:\Windows\System\ckypawk.exe
  C:\Windows\System\ckypawk.exe
  2⤵
  PID:4112
- C:\Windows\System\ikEtpKF.exe
  C:\Windows\System\ikEtpKF.exe
  2⤵
  PID:4132
- C:\Windows\System\xFujEir.exe
  C:\Windows\System\xFujEir.exe
  2⤵
  PID:4152
- C:\Windows\System\DZcNQbB.exe
  C:\Windows\System\DZcNQbB.exe
  2⤵
  PID:4172
- C:\Windows\System\acDtiJD.exe
  C:\Windows\System\acDtiJD.exe
  2⤵
  PID:4192
- C:\Windows\System\jXmqGil.exe
  C:\Windows\System\jXmqGil.exe
  2⤵
  PID:4212
- C:\Windows\System\hAtsFRJ.exe
  C:\Windows\System\hAtsFRJ.exe
  2⤵
  PID:4232
- C:\Windows\System\ygVFUXt.exe
  C:\Windows\System\ygVFUXt.exe
  2⤵
  PID:4256
- C:\Windows\System\OIUITrG.exe
  C:\Windows\System\OIUITrG.exe
  2⤵
  PID:4276
- C:\Windows\System\SGawlPz.exe
  C:\Windows\System\SGawlPz.exe
  2⤵
  PID:4296
- C:\Windows\System\rLZiPUR.exe
  C:\Windows\System\rLZiPUR.exe
  2⤵
  PID:4316
- C:\Windows\System\vQppVmv.exe
  C:\Windows\System\vQppVmv.exe
  2⤵
  PID:4336
- C:\Windows\System\qJImEdm.exe
  C:\Windows\System\qJImEdm.exe
  2⤵
  PID:4356
- C:\Windows\System\rbxoouE.exe
  C:\Windows\System\rbxoouE.exe
  2⤵
  PID:4376
- C:\Windows\System\AJuyzXM.exe
  C:\Windows\System\AJuyzXM.exe
  2⤵
  PID:4396
- C:\Windows\System\rLWGegU.exe
  C:\Windows\System\rLWGegU.exe
  2⤵
  PID:4416
- C:\Windows\System\bNzcbGt.exe
  C:\Windows\System\bNzcbGt.exe
  2⤵
  PID:4436
- C:\Windows\System\RyAfQtO.exe
  C:\Windows\System\RyAfQtO.exe
  2⤵
  PID:4456
- C:\Windows\System\mqIhXHx.exe
  C:\Windows\System\mqIhXHx.exe
  2⤵
  PID:4476
- C:\Windows\System\UJyLfVq.exe
  C:\Windows\System\UJyLfVq.exe
  2⤵
  PID:4500
- C:\Windows\System\GImPRuY.exe
  C:\Windows\System\GImPRuY.exe
  2⤵
  PID:4520
- C:\Windows\System\eunxqRl.exe
  C:\Windows\System\eunxqRl.exe
  2⤵
  PID:4540
- C:\Windows\System\JBLbbZt.exe
  C:\Windows\System\JBLbbZt.exe
  2⤵
  PID:4560
- C:\Windows\System\FEuYpGZ.exe
  C:\Windows\System\FEuYpGZ.exe
  2⤵
  PID:4580
- C:\Windows\System\iHWzLdI.exe
  C:\Windows\System\iHWzLdI.exe
  2⤵
  PID:4600
- C:\Windows\System\EIzUoJN.exe
  C:\Windows\System\EIzUoJN.exe
  2⤵
  PID:4620
- C:\Windows\System\SbvBgIS.exe
  C:\Windows\System\SbvBgIS.exe
  2⤵
  PID:4640
- C:\Windows\System\PIqhZGg.exe
  C:\Windows\System\PIqhZGg.exe
  2⤵
  PID:4660
- C:\Windows\System\HCOacBN.exe
  C:\Windows\System\HCOacBN.exe
  2⤵
  PID:4680
- C:\Windows\System\EIftTpL.exe
  C:\Windows\System\EIftTpL.exe
  2⤵
  PID:4700
- C:\Windows\System\VkHKjia.exe
  C:\Windows\System\VkHKjia.exe
  2⤵
  PID:4720
- C:\Windows\System\vgOXPEC.exe
  C:\Windows\System\vgOXPEC.exe
  2⤵
  PID:4740
- C:\Windows\System\qOYJRib.exe
  C:\Windows\System\qOYJRib.exe
  2⤵
  PID:4760
- C:\Windows\System\BKFGRiT.exe
  C:\Windows\System\BKFGRiT.exe
  2⤵
  PID:4780
- C:\Windows\System\QOiSlxe.exe
  C:\Windows\System\QOiSlxe.exe
  2⤵
  PID:4800
- C:\Windows\System\CzMIDcv.exe
  C:\Windows\System\CzMIDcv.exe
  2⤵
  PID:4820
- C:\Windows\System\qjatVtR.exe
  C:\Windows\System\qjatVtR.exe
  2⤵
  PID:4844
- C:\Windows\System\PIuYcUM.exe
  C:\Windows\System\PIuYcUM.exe
  2⤵
  PID:4868
- C:\Windows\System\oTSdMfK.exe
  C:\Windows\System\oTSdMfK.exe
  2⤵
  PID:4888
- C:\Windows\System\mtUXsch.exe
  C:\Windows\System\mtUXsch.exe
  2⤵
  PID:4908
- C:\Windows\System\bdRxWXw.exe
  C:\Windows\System\bdRxWXw.exe
  2⤵
  PID:4928
- C:\Windows\System\maiZCnw.exe
  C:\Windows\System\maiZCnw.exe
  2⤵
  PID:4948
- C:\Windows\System\kJTDuhH.exe
  C:\Windows\System\kJTDuhH.exe
  2⤵
  PID:4968
- C:\Windows\System\zsAGmYD.exe
  C:\Windows\System\zsAGmYD.exe
  2⤵
  PID:4988
- C:\Windows\System\sNsOZxS.exe
  C:\Windows\System\sNsOZxS.exe
  2⤵
  PID:5008
- C:\Windows\System\gmbrYVP.exe
  C:\Windows\System\gmbrYVP.exe
  2⤵
  PID:5028
- C:\Windows\System\aAjKrzg.exe
  C:\Windows\System\aAjKrzg.exe
  2⤵
  PID:5048
- C:\Windows\System\ITCFHxK.exe
  C:\Windows\System\ITCFHxK.exe
  2⤵
  PID:5068
- C:\Windows\System\DXKzHPI.exe
  C:\Windows\System\DXKzHPI.exe
  2⤵
  PID:5088
- C:\Windows\System\GDobNvk.exe
  C:\Windows\System\GDobNvk.exe
  2⤵
  PID:5108
- C:\Windows\System\uGBecav.exe
  C:\Windows\System\uGBecav.exe
  2⤵
  PID:3328
- C:\Windows\System\BfOdmIJ.exe
  C:\Windows\System\BfOdmIJ.exe
  2⤵
  PID:3352
- C:\Windows\System\IfTFhxG.exe
  C:\Windows\System\IfTFhxG.exe
  2⤵
  PID:3568
- C:\Windows\System\NMunReT.exe
  C:\Windows\System\NMunReT.exe
  2⤵
  PID:3636
- C:\Windows\System\QtcwiGv.exe
  C:\Windows\System\QtcwiGv.exe
  2⤵
  PID:3972
- C:\Windows\System\BGJpYNf.exe
  C:\Windows\System\BGJpYNf.exe
  2⤵
  PID:2732
- C:\Windows\System\sdTAusj.exe
  C:\Windows\System\sdTAusj.exe
  2⤵
  PID:2952
- C:\Windows\System\kAwGFXI.exe
  C:\Windows\System\kAwGFXI.exe
  2⤵
  PID:4100
- C:\Windows\System\ljIsdUA.exe
  C:\Windows\System\ljIsdUA.exe
  2⤵
  PID:1760
- C:\Windows\System\fXToVKf.exe
  C:\Windows\System\fXToVKf.exe
  2⤵
  PID:4124
- C:\Windows\System\vWNKipx.exe
  C:\Windows\System\vWNKipx.exe
  2⤵
  PID:4188
- C:\Windows\System\sXmaFdy.exe
  C:\Windows\System\sXmaFdy.exe
  2⤵
  PID:4224
- C:\Windows\System\UxEHDjX.exe
  C:\Windows\System\UxEHDjX.exe
  2⤵
  PID:4240
- C:\Windows\System\DIWBbaF.exe
  C:\Windows\System\DIWBbaF.exe
  2⤵
  PID:4284
- C:\Windows\System\SOuRsQO.exe
  C:\Windows\System\SOuRsQO.exe
  2⤵
  PID:4288
- C:\Windows\System\UMZadWm.exe
  C:\Windows\System\UMZadWm.exe
  2⤵
  PID:4328
- C:\Windows\System\ffZGoAr.exe
  C:\Windows\System\ffZGoAr.exe
  2⤵
  PID:4372
- C:\Windows\System\EjQzGRH.exe
  C:\Windows\System\EjQzGRH.exe
  2⤵
  PID:4432
- C:\Windows\System\iXfwbQz.exe
  C:\Windows\System\iXfwbQz.exe
  2⤵
  PID:4408
- C:\Windows\System\yTLLyRl.exe
  C:\Windows\System\yTLLyRl.exe
  2⤵
  PID:4484
- C:\Windows\System\XfateKx.exe
  C:\Windows\System\XfateKx.exe
  2⤵
  PID:4488
- C:\Windows\System\cjfcVSF.exe
  C:\Windows\System\cjfcVSF.exe
  2⤵
  PID:4536
- C:\Windows\System\bBDUHfe.exe
  C:\Windows\System\bBDUHfe.exe
  2⤵
  PID:4576
- C:\Windows\System\jadYGnL.exe
  C:\Windows\System\jadYGnL.exe
  2⤵
  PID:4616
- C:\Windows\System\sCOXbEd.exe
  C:\Windows\System\sCOXbEd.exe
  2⤵
  PID:4648
- C:\Windows\System\VRDOGlU.exe
  C:\Windows\System\VRDOGlU.exe
  2⤵
  PID:4652
- C:\Windows\System\PVjiRcT.exe
  C:\Windows\System\PVjiRcT.exe
  2⤵
  PID:4712
- C:\Windows\System\AtCHdFl.exe
  C:\Windows\System\AtCHdFl.exe
  2⤵
  PID:4748
- C:\Windows\System\cqWDmsh.exe
  C:\Windows\System\cqWDmsh.exe
  2⤵
  PID:4776
- C:\Windows\System\fINuwnq.exe
  C:\Windows\System\fINuwnq.exe
  2⤵
  PID:4808
- C:\Windows\System\jufRiyH.exe
  C:\Windows\System\jufRiyH.exe
  2⤵
  PID:2704
- C:\Windows\System\sCRqgjp.exe
  C:\Windows\System\sCRqgjp.exe
  2⤵
  PID:4876
- C:\Windows\System\rSIbBDF.exe
  C:\Windows\System\rSIbBDF.exe
  2⤵
  PID:1748
- C:\Windows\System\GtdQQpR.exe
  C:\Windows\System\GtdQQpR.exe
  2⤵
  PID:2576
- C:\Windows\System\SOwsNpB.exe
  C:\Windows\System\SOwsNpB.exe
  2⤵
  PID:4936
- C:\Windows\System\QSWTPwl.exe
  C:\Windows\System\QSWTPwl.exe
  2⤵
  PID:4996
- C:\Windows\System\GQKKSLl.exe
  C:\Windows\System\GQKKSLl.exe
  2⤵
  PID:5016
- C:\Windows\System\IbHVqVH.exe
  C:\Windows\System\IbHVqVH.exe
  2⤵
  PID:5024
- C:\Windows\System\ngDtCeo.exe
  C:\Windows\System\ngDtCeo.exe
  2⤵
  PID:5056
- C:\Windows\System\rJubrDo.exe
  C:\Windows\System\rJubrDo.exe
  2⤵
  PID:5096
- C:\Windows\System\arBJhhl.exe
  C:\Windows\System\arBJhhl.exe
  2⤵
  PID:5100
- C:\Windows\System\tViERyV.exe
  C:\Windows\System\tViERyV.exe
  2⤵
  PID:3476
- C:\Windows\System\lbBjtkU.exe
  C:\Windows\System\lbBjtkU.exe
  2⤵
  PID:3820
- C:\Windows\System\NDBuqwN.exe
  C:\Windows\System\NDBuqwN.exe
  2⤵
  PID:2916
- C:\Windows\System\cspYwnn.exe
  C:\Windows\System\cspYwnn.exe
  2⤵
  PID:3192
- C:\Windows\System\PpUYszl.exe
  C:\Windows\System\PpUYszl.exe
  2⤵
  PID:3084
- C:\Windows\System\zlLSYMX.exe
  C:\Windows\System\zlLSYMX.exe
  2⤵
  PID:4168
- C:\Windows\System\PEwbTue.exe
  C:\Windows\System\PEwbTue.exe
  2⤵
  PID:4220
- C:\Windows\System\imaqXCs.exe
  C:\Windows\System\imaqXCs.exe
  2⤵
  PID:4312
- C:\Windows\System\POMCVBW.exe
  C:\Windows\System\POMCVBW.exe
  2⤵
  PID:3008
- C:\Windows\System\gCtXuBS.exe
  C:\Windows\System\gCtXuBS.exe
  2⤵
  PID:4392
- C:\Windows\System\GmYpERd.exe
  C:\Windows\System\GmYpERd.exe
  2⤵
  PID:4424
- C:\Windows\System\qldkXfx.exe
  C:\Windows\System\qldkXfx.exe
  2⤵
  PID:4448
- C:\Windows\System\sSjAjCL.exe
  C:\Windows\System\sSjAjCL.exe
  2⤵
  PID:4568
- C:\Windows\System\xkvnigH.exe
  C:\Windows\System\xkvnigH.exe
  2⤵
  PID:4592
- C:\Windows\System\VLQRvog.exe
  C:\Windows\System\VLQRvog.exe
  2⤵
  PID:4632
- C:\Windows\System\MQTrhaT.exe
  C:\Windows\System\MQTrhaT.exe
  2⤵
  PID:4676
- C:\Windows\System\PYgNBjP.exe
  C:\Windows\System\PYgNBjP.exe
  2⤵
  PID:4768
- C:\Windows\System\mYdqQGa.exe
  C:\Windows\System\mYdqQGa.exe
  2⤵
  PID:4796
- C:\Windows\System\GkywgQP.exe
  C:\Windows\System\GkywgQP.exe
  2⤵
  PID:4836
- C:\Windows\System\SSkWLre.exe
  C:\Windows\System\SSkWLre.exe
  2⤵
  PID:4864
- C:\Windows\System\jNgRhew.exe
  C:\Windows\System\jNgRhew.exe
  2⤵
  PID:4904
- C:\Windows\System\LOGNkFi.exe
  C:\Windows\System\LOGNkFi.exe
  2⤵
  PID:4976
- C:\Windows\System\OlGOLAt.exe
  C:\Windows\System\OlGOLAt.exe
  2⤵
  PID:4832
- C:\Windows\System\TwLNgmV.exe
  C:\Windows\System\TwLNgmV.exe
  2⤵
  PID:2728
- C:\Windows\System\iMVSbWK.exe
  C:\Windows\System\iMVSbWK.exe
  2⤵
  PID:2304
- C:\Windows\System\iaUIpdf.exe
  C:\Windows\System\iaUIpdf.exe
  2⤵
  PID:3800
- C:\Windows\System\WxURXTI.exe
  C:\Windows\System\WxURXTI.exe
  2⤵
  PID:3772
- C:\Windows\System\ukQJcse.exe
  C:\Windows\System\ukQJcse.exe
  2⤵
  PID:4016
- C:\Windows\System\xUYSKIv.exe
  C:\Windows\System\xUYSKIv.exe
  2⤵
  PID:2584
- C:\Windows\System\WBjgoei.exe
  C:\Windows\System\WBjgoei.exe
  2⤵
  PID:4204
- C:\Windows\System\BdycPxX.exe
  C:\Windows\System\BdycPxX.exe
  2⤵
  PID:4364
- C:\Windows\System\frZrQDI.exe
  C:\Windows\System\frZrQDI.exe
  2⤵
  PID:4268
- C:\Windows\System\STRxuWH.exe
  C:\Windows\System\STRxuWH.exe
  2⤵
  PID:4508
- C:\Windows\System\aBSTpIq.exe
  C:\Windows\System\aBSTpIq.exe
  2⤵
  PID:1516
- C:\Windows\System\DtbhLRa.exe
  C:\Windows\System\DtbhLRa.exe
  2⤵
  PID:4612
- C:\Windows\System\jPlgYvB.exe
  C:\Windows\System\jPlgYvB.exe
  2⤵
  PID:4708
- C:\Windows\System\WBLdTuY.exe
  C:\Windows\System\WBLdTuY.exe
  2⤵
  PID:4772
- C:\Windows\System\nfBSDsO.exe
  C:\Windows\System\nfBSDsO.exe
  2⤵
  PID:5140
- C:\Windows\System\DQtpkib.exe
  C:\Windows\System\DQtpkib.exe
  2⤵
  PID:5160
- C:\Windows\System\WlKmskT.exe
  C:\Windows\System\WlKmskT.exe
  2⤵
  PID:5180
- C:\Windows\System\MgEdkXr.exe
  C:\Windows\System\MgEdkXr.exe
  2⤵
  PID:5204
- C:\Windows\System\vHUerRM.exe
  C:\Windows\System\vHUerRM.exe
  2⤵
  PID:5224
- C:\Windows\System\szVEWUc.exe
  C:\Windows\System\szVEWUc.exe
  2⤵
  PID:5244
- C:\Windows\System\bQCiMLO.exe
  C:\Windows\System\bQCiMLO.exe
  2⤵
  PID:5264
- C:\Windows\System\DrnRRnA.exe
  C:\Windows\System\DrnRRnA.exe
  2⤵
  PID:5284
- C:\Windows\System\OcnDVcT.exe
  C:\Windows\System\OcnDVcT.exe
  2⤵
  PID:5304
- C:\Windows\System\sDeiHKb.exe
  C:\Windows\System\sDeiHKb.exe
  2⤵
  PID:5324
- C:\Windows\System\vNaPGXZ.exe
  C:\Windows\System\vNaPGXZ.exe
  2⤵
  PID:5344
- C:\Windows\System\BUMiYnP.exe
  C:\Windows\System\BUMiYnP.exe
  2⤵
  PID:5364
- C:\Windows\System\RaZnyxl.exe
  C:\Windows\System\RaZnyxl.exe
  2⤵
  PID:5384
- C:\Windows\System\sGjiLfd.exe
  C:\Windows\System\sGjiLfd.exe
  2⤵
  PID:5404
- C:\Windows\System\QCnvumc.exe
  C:\Windows\System\QCnvumc.exe
  2⤵
  PID:5424
- C:\Windows\System\MeqsFJU.exe
  C:\Windows\System\MeqsFJU.exe
  2⤵
  PID:5444
- C:\Windows\System\nOIKLeu.exe
  C:\Windows\System\nOIKLeu.exe
  2⤵
  PID:5464
- C:\Windows\System\BaEijrk.exe
  C:\Windows\System\BaEijrk.exe
  2⤵
  PID:5484
- C:\Windows\System\FPmmXyN.exe
  C:\Windows\System\FPmmXyN.exe
  2⤵
  PID:5504
- C:\Windows\System\LwgVxVX.exe
  C:\Windows\System\LwgVxVX.exe
  2⤵
  PID:5524
- C:\Windows\System\QdYVAqC.exe
  C:\Windows\System\QdYVAqC.exe
  2⤵
  PID:5544
- C:\Windows\System\tBsNRDo.exe
  C:\Windows\System\tBsNRDo.exe
  2⤵
  PID:5564
- C:\Windows\System\ieoZiVz.exe
  C:\Windows\System\ieoZiVz.exe
  2⤵
  PID:5584
- C:\Windows\System\xrrMubx.exe
  C:\Windows\System\xrrMubx.exe
  2⤵
  PID:5604
- C:\Windows\System\aklmiEu.exe
  C:\Windows\System\aklmiEu.exe
  2⤵
  PID:5624
- C:\Windows\System\vjgrxPf.exe
  C:\Windows\System\vjgrxPf.exe
  2⤵
  PID:5644
- C:\Windows\System\GXJXEeE.exe
  C:\Windows\System\GXJXEeE.exe
  2⤵
  PID:5664
- C:\Windows\System\ltNituV.exe
  C:\Windows\System\ltNituV.exe
  2⤵
  PID:5684
- C:\Windows\System\FAyGRiM.exe
  C:\Windows\System\FAyGRiM.exe
  2⤵
  PID:5704
- C:\Windows\System\RIEfXsh.exe
  C:\Windows\System\RIEfXsh.exe
  2⤵
  PID:5724
- C:\Windows\System\zkqhlBa.exe
  C:\Windows\System\zkqhlBa.exe
  2⤵
  PID:5744
- C:\Windows\System\dmPOctE.exe
  C:\Windows\System\dmPOctE.exe
  2⤵
  PID:5764
- C:\Windows\System\wnvOYLk.exe
  C:\Windows\System\wnvOYLk.exe
  2⤵
  PID:5784
- C:\Windows\System\TmNPYFJ.exe
  C:\Windows\System\TmNPYFJ.exe
  2⤵
  PID:5804
- C:\Windows\System\tDkPkhD.exe
  C:\Windows\System\tDkPkhD.exe
  2⤵
  PID:5824
- C:\Windows\System\idwIQRP.exe
  C:\Windows\System\idwIQRP.exe
  2⤵
  PID:5844
- C:\Windows\System\EypXCQi.exe
  C:\Windows\System\EypXCQi.exe
  2⤵
  PID:5868
- C:\Windows\System\IKyiFmB.exe
  C:\Windows\System\IKyiFmB.exe
  2⤵
  PID:5888
- C:\Windows\System\IlPLUlF.exe
  C:\Windows\System\IlPLUlF.exe
  2⤵
  PID:5908
- C:\Windows\System\ANwWtSd.exe
  C:\Windows\System\ANwWtSd.exe
  2⤵
  PID:5928
- C:\Windows\System\nnAYKhz.exe
  C:\Windows\System\nnAYKhz.exe
  2⤵
  PID:5948
- C:\Windows\System\ZkEaIwI.exe
  C:\Windows\System\ZkEaIwI.exe
  2⤵
  PID:5968
- C:\Windows\System\Vvydcak.exe
  C:\Windows\System\Vvydcak.exe
  2⤵
  PID:5988
- C:\Windows\System\pjgrGed.exe
  C:\Windows\System\pjgrGed.exe
  2⤵
  PID:6008
- C:\Windows\System\wnEBaHt.exe
  C:\Windows\System\wnEBaHt.exe
  2⤵
  PID:6028
- C:\Windows\System\MItFkDS.exe
  C:\Windows\System\MItFkDS.exe
  2⤵
  PID:6048
- C:\Windows\System\Rntmwza.exe
  C:\Windows\System\Rntmwza.exe
  2⤵
  PID:6068
- C:\Windows\System\WcoCFxa.exe
  C:\Windows\System\WcoCFxa.exe
  2⤵
  PID:6088
- C:\Windows\System\GTnmxgn.exe
  C:\Windows\System\GTnmxgn.exe
  2⤵
  PID:6108
- C:\Windows\System\XUTvsnW.exe
  C:\Windows\System\XUTvsnW.exe
  2⤵
  PID:6128
- C:\Windows\System\iXKuWUY.exe
  C:\Windows\System\iXKuWUY.exe
  2⤵
  PID:4792
- C:\Windows\System\rZAySJs.exe
  C:\Windows\System\rZAySJs.exe
  2⤵
  PID:2804
- C:\Windows\System\KBfAjgk.exe
  C:\Windows\System\KBfAjgk.exe
  2⤵
  PID:5004
- C:\Windows\System\PuXHKAM.exe
  C:\Windows\System\PuXHKAM.exe
  2⤵
  PID:5044
- C:\Windows\System\IBJNSmD.exe
  C:\Windows\System\IBJNSmD.exe
  2⤵
  PID:3412
- C:\Windows\System\OGdusdP.exe
  C:\Windows\System\OGdusdP.exe
  2⤵
  PID:4000
- C:\Windows\System\rcibbdU.exe
  C:\Windows\System\rcibbdU.exe
  2⤵
  PID:4072
- C:\Windows\System\sbHrEni.exe
  C:\Windows\System\sbHrEni.exe
  2⤵
  PID:4228
- C:\Windows\System\XzpgjJf.exe
  C:\Windows\System\XzpgjJf.exe
  2⤵
  PID:4272
- C:\Windows\System\kaXdGSK.exe
  C:\Windows\System\kaXdGSK.exe
  2⤵
  PID:2792
- C:\Windows\System\CEgnCFs.exe
  C:\Windows\System\CEgnCFs.exe
  2⤵
  PID:4552
- C:\Windows\System\MKokeNl.exe
  C:\Windows\System\MKokeNl.exe
  2⤵
  PID:4516
- C:\Windows\System\RonNSfd.exe
  C:\Windows\System\RonNSfd.exe
  2⤵
  PID:1812
- C:\Windows\System\mCuuHlo.exe
  C:\Windows\System\mCuuHlo.exe
  2⤵
  PID:5176
- C:\Windows\System\qypqARM.exe
  C:\Windows\System\qypqARM.exe
  2⤵
  PID:5172
- C:\Windows\System\oMfxTEo.exe
  C:\Windows\System\oMfxTEo.exe
  2⤵
  PID:5220
- C:\Windows\System\ZxgoKDL.exe
  C:\Windows\System\ZxgoKDL.exe
  2⤵
  PID:5260
- C:\Windows\System\zMcOHHC.exe
  C:\Windows\System\zMcOHHC.exe
  2⤵
  PID:5300
- C:\Windows\System\NPQVjdo.exe
  C:\Windows\System\NPQVjdo.exe
  2⤵
  PID:768
- C:\Windows\System\ttGUcbV.exe
  C:\Windows\System\ttGUcbV.exe
  2⤵
  PID:5340
- C:\Windows\System\nwzHbgK.exe
  C:\Windows\System\nwzHbgK.exe
  2⤵
  PID:5372
- C:\Windows\System\TfOEBXV.exe
  C:\Windows\System\TfOEBXV.exe
  2⤵
  PID:5396
- C:\Windows\System\VlDmcOb.exe
  C:\Windows\System\VlDmcOb.exe
  2⤵
  PID:5440
- C:\Windows\System\bhZaIvn.exe
  C:\Windows\System\bhZaIvn.exe
  2⤵
  PID:5492
- C:\Windows\System\zcAwnYG.exe
  C:\Windows\System\zcAwnYG.exe
  2⤵
  PID:5476
- C:\Windows\System\BiuCTnA.exe
  C:\Windows\System\BiuCTnA.exe
  2⤵
  PID:5540
- C:\Windows\System\MfFWFoS.exe
  C:\Windows\System\MfFWFoS.exe
  2⤵
  PID:5556
- C:\Windows\System\zWsFbra.exe
  C:\Windows\System\zWsFbra.exe
  2⤵
  PID:5592
- C:\Windows\System\qtwibxt.exe
  C:\Windows\System\qtwibxt.exe
  2⤵
  PID:5616
- C:\Windows\System\aVNgFVS.exe
  C:\Windows\System\aVNgFVS.exe
  2⤵
  PID:5656
- C:\Windows\System\xdkDdnE.exe
  C:\Windows\System\xdkDdnE.exe
  2⤵
  PID:1948
- C:\Windows\System\DzOrtef.exe
  C:\Windows\System\DzOrtef.exe
  2⤵
  PID:5712
- C:\Windows\System\UZegLLF.exe
  C:\Windows\System\UZegLLF.exe
  2⤵
  PID:5736
- C:\Windows\System\LSDhgzC.exe
  C:\Windows\System\LSDhgzC.exe
  2⤵
  PID:5756
- C:\Windows\System\uBalGaM.exe
  C:\Windows\System\uBalGaM.exe
  2⤵
  PID:5800
- C:\Windows\System\JzvTsfQ.exe
  C:\Windows\System\JzvTsfQ.exe
  2⤵
  PID:5852
- C:\Windows\System\RTffkDT.exe
  C:\Windows\System\RTffkDT.exe
  2⤵
  PID:5856
- C:\Windows\System\PwBcljn.exe
  C:\Windows\System\PwBcljn.exe
  2⤵
  PID:5900
- C:\Windows\System\JaDnTvH.exe
  C:\Windows\System\JaDnTvH.exe
  2⤵
  PID:5944
- C:\Windows\System\EuXOaaK.exe
  C:\Windows\System\EuXOaaK.exe
  2⤵
  PID:5984
- C:\Windows\System\kcISrVw.exe
  C:\Windows\System\kcISrVw.exe
  2⤵
  PID:6004
- C:\Windows\System\hMVojqP.exe
  C:\Windows\System\hMVojqP.exe
  2⤵
  PID:6056
- C:\Windows\System\VKaSZin.exe
  C:\Windows\System\VKaSZin.exe
  2⤵
  PID:6076
- C:\Windows\System\YVTANkP.exe
  C:\Windows\System\YVTANkP.exe
  2⤵
  PID:6100
- C:\Windows\System\YOYJEYe.exe
  C:\Windows\System\YOYJEYe.exe
  2⤵
  PID:6140
- C:\Windows\System\LcFObhn.exe
  C:\Windows\System\LcFObhn.exe
  2⤵
  PID:4960
- C:\Windows\System\DnKlBiL.exe
  C:\Windows\System\DnKlBiL.exe
  2⤵
  PID:3312
- C:\Windows\System\EJDQQWs.exe
  C:\Windows\System\EJDQQWs.exe
  2⤵
  PID:3840
- C:\Windows\System\GdsyEXR.exe
  C:\Windows\System\GdsyEXR.exe
  2⤵
  PID:4180
- C:\Windows\System\VagdUDS.exe
  C:\Windows\System\VagdUDS.exe
  2⤵
  PID:2536
- C:\Windows\System\ZKQpZVm.exe
  C:\Windows\System\ZKQpZVm.exe
  2⤵
  PID:4556
- C:\Windows\System\IhHmMMT.exe
  C:\Windows\System\IhHmMMT.exe
  2⤵
  PID:4728
- C:\Windows\System\hdCpVug.exe
  C:\Windows\System\hdCpVug.exe
  2⤵
  PID:5148
- C:\Windows\System\FDHlVdH.exe
  C:\Windows\System\FDHlVdH.exe
  2⤵
  PID:5232
- C:\Windows\System\nsiJEDq.exe
  C:\Windows\System\nsiJEDq.exe
  2⤵
  PID:5280
- C:\Windows\System\GKWwDKk.exe
  C:\Windows\System\GKWwDKk.exe
  2⤵
  PID:5292
- C:\Windows\System\DXDRBhU.exe
  C:\Windows\System\DXDRBhU.exe
  2⤵
  PID:5316
- C:\Windows\System\ugwpcmN.exe
  C:\Windows\System\ugwpcmN.exe
  2⤵
  PID:5392
- C:\Windows\System\krtYbWZ.exe
  C:\Windows\System\krtYbWZ.exe
  2⤵
  PID:5456
- C:\Windows\System\dbcimjO.exe
  C:\Windows\System\dbcimjO.exe
  2⤵
  PID:992
- C:\Windows\System\DjClpUt.exe
  C:\Windows\System\DjClpUt.exe
  2⤵
  PID:5520
- C:\Windows\System\bvWkFOE.exe
  C:\Windows\System\bvWkFOE.exe
  2⤵
  PID:5576
- C:\Windows\System\MzwHrPe.exe
  C:\Windows\System\MzwHrPe.exe
  2⤵
  PID:5692
- C:\Windows\System\hzpqMZE.exe
  C:\Windows\System\hzpqMZE.exe
  2⤵
  PID:5732
- C:\Windows\System\ZzPIEwy.exe
  C:\Windows\System\ZzPIEwy.exe
  2⤵
  PID:5772
- C:\Windows\System\iLrSVVh.exe
  C:\Windows\System\iLrSVVh.exe
  2⤵
  PID:5820
- C:\Windows\System\rYZTNRJ.exe
  C:\Windows\System\rYZTNRJ.exe
  2⤵
  PID:5860
- C:\Windows\System\itZgJKt.exe
  C:\Windows\System\itZgJKt.exe
  2⤵
  PID:5920
- C:\Windows\System\xpWyOdi.exe
  C:\Windows\System\xpWyOdi.exe
  2⤵
  PID:5964
- C:\Windows\System\oxXLEpD.exe
  C:\Windows\System\oxXLEpD.exe
  2⤵
  PID:6060
- C:\Windows\System\QVWOvkn.exe
  C:\Windows\System\QVWOvkn.exe
  2⤵
  PID:6096
- C:\Windows\System\XCycRHW.exe
  C:\Windows\System\XCycRHW.exe
  2⤵
  PID:6124
- C:\Windows\System\LsSCVZj.exe
  C:\Windows\System\LsSCVZj.exe
  2⤵
  PID:5040
- C:\Windows\System\VUJdafv.exe
  C:\Windows\System\VUJdafv.exe
  2⤵
  PID:1436
- C:\Windows\System\KscwvAB.exe
  C:\Windows\System\KscwvAB.exe
  2⤵
  PID:4672
- C:\Windows\System\llxfeyG.exe
  C:\Windows\System\llxfeyG.exe
  2⤵
  PID:4596
- C:\Windows\System\ufBaKsm.exe
  C:\Windows\System\ufBaKsm.exe
  2⤵
  PID:5168
- C:\Windows\System\HwKlRDT.exe
  C:\Windows\System\HwKlRDT.exe
  2⤵
  PID:5200
- C:\Windows\System\hrYFSyh.exe
  C:\Windows\System\hrYFSyh.exe
  2⤵
  PID:5320
- C:\Windows\System\FBjPExG.exe
  C:\Windows\System\FBjPExG.exe
  2⤵
  PID:5400
- C:\Windows\System\WkdwYUI.exe
  C:\Windows\System\WkdwYUI.exe
  2⤵
  PID:5480
- C:\Windows\System\RfYjMuG.exe
  C:\Windows\System\RfYjMuG.exe
  2⤵
  PID:5552
- C:\Windows\System\ooupZMY.exe
  C:\Windows\System\ooupZMY.exe
  2⤵
  PID:5640
- C:\Windows\System\RdwAwvE.exe
  C:\Windows\System\RdwAwvE.exe
  2⤵
  PID:5672
- C:\Windows\System\VjIfDvU.exe
  C:\Windows\System\VjIfDvU.exe
  2⤵
  PID:5840
- C:\Windows\System\ZMCBDxJ.exe
  C:\Windows\System\ZMCBDxJ.exe
  2⤵
  PID:5876
- C:\Windows\System\fqjRIsZ.exe
  C:\Windows\System\fqjRIsZ.exe
  2⤵
  PID:6040
- C:\Windows\System\rbHEfWv.exe
  C:\Windows\System\rbHEfWv.exe
  2⤵
  PID:572
- C:\Windows\System\fIousAf.exe
  C:\Windows\System\fIousAf.exe
  2⤵
  PID:6136
- C:\Windows\System\oPguAfU.exe
  C:\Windows\System\oPguAfU.exe
  2⤵
  PID:4244
- C:\Windows\System\YODbkHQ.exe
  C:\Windows\System\YODbkHQ.exe
  2⤵
  PID:6156
- C:\Windows\System\aMdTjTS.exe
  C:\Windows\System\aMdTjTS.exe
  2⤵
  PID:6176
- C:\Windows\System\gitaqMR.exe
  C:\Windows\System\gitaqMR.exe
  2⤵
  PID:6196
- C:\Windows\System\VVLxtsB.exe
  C:\Windows\System\VVLxtsB.exe
  2⤵
  PID:6216
- C:\Windows\System\biFwgwM.exe
  C:\Windows\System\biFwgwM.exe
  2⤵
  PID:6236
- C:\Windows\System\VwZTXzP.exe
  C:\Windows\System\VwZTXzP.exe
  2⤵
  PID:6256
- C:\Windows\System\MvRvODq.exe
  C:\Windows\System\MvRvODq.exe
  2⤵
  PID:6276
- C:\Windows\System\KGOVkoA.exe
  C:\Windows\System\KGOVkoA.exe
  2⤵
  PID:6296
- C:\Windows\System\htvWwYN.exe
  C:\Windows\System\htvWwYN.exe
  2⤵
  PID:6316
- C:\Windows\System\YrqkxzL.exe
  C:\Windows\System\YrqkxzL.exe
  2⤵
  PID:6336
- C:\Windows\System\seGFGzd.exe
  C:\Windows\System\seGFGzd.exe
  2⤵
  PID:6356
- C:\Windows\System\RFhmXaB.exe
  C:\Windows\System\RFhmXaB.exe
  2⤵
  PID:6376
- C:\Windows\System\zLBItSl.exe
  C:\Windows\System\zLBItSl.exe
  2⤵
  PID:6396
- C:\Windows\System\ytJiyzJ.exe
  C:\Windows\System\ytJiyzJ.exe
  2⤵
  PID:6416
- C:\Windows\System\TdALEWr.exe
  C:\Windows\System\TdALEWr.exe
  2⤵
  PID:6436
- C:\Windows\System\EhpKyvr.exe
  C:\Windows\System\EhpKyvr.exe
  2⤵
  PID:6456
- C:\Windows\System\mkHwDlj.exe
  C:\Windows\System\mkHwDlj.exe
  2⤵
  PID:6476
- C:\Windows\System\OvCETmb.exe
  C:\Windows\System\OvCETmb.exe
  2⤵
  PID:6496
- C:\Windows\System\RHSmYzV.exe
  C:\Windows\System\RHSmYzV.exe
  2⤵
  PID:6516
- C:\Windows\System\vbVABDj.exe
  C:\Windows\System\vbVABDj.exe
  2⤵
  PID:6536
- C:\Windows\System\NeetbFB.exe
  C:\Windows\System\NeetbFB.exe
  2⤵
  PID:6556
- C:\Windows\System\qdUzXmg.exe
  C:\Windows\System\qdUzXmg.exe
  2⤵
  PID:6576
- C:\Windows\System\XruSDkj.exe
  C:\Windows\System\XruSDkj.exe
  2⤵
  PID:6596
- C:\Windows\System\vmUeVdk.exe
  C:\Windows\System\vmUeVdk.exe
  2⤵
  PID:6616
- C:\Windows\System\KnZtDlT.exe
  C:\Windows\System\KnZtDlT.exe
  2⤵
  PID:6636
- C:\Windows\System\cvBCoGn.exe
  C:\Windows\System\cvBCoGn.exe
  2⤵
  PID:6656
- C:\Windows\System\ujJzUhZ.exe
  C:\Windows\System\ujJzUhZ.exe
  2⤵
  PID:6676
- C:\Windows\System\rPJutzl.exe
  C:\Windows\System\rPJutzl.exe
  2⤵
  PID:6696
- C:\Windows\System\rDEiWZj.exe
  C:\Windows\System\rDEiWZj.exe
  2⤵
  PID:6716
- C:\Windows\System\BoHIuXU.exe
  C:\Windows\System\BoHIuXU.exe
  2⤵
  PID:6736
- C:\Windows\System\PEuyVmh.exe
  C:\Windows\System\PEuyVmh.exe
  2⤵
  PID:6756
- C:\Windows\System\bEkOjyI.exe
  C:\Windows\System\bEkOjyI.exe
  2⤵
  PID:6776
- C:\Windows\System\gDcyvrg.exe
  C:\Windows\System\gDcyvrg.exe
  2⤵
  PID:6796
- C:\Windows\System\ZwLWBLJ.exe
  C:\Windows\System\ZwLWBLJ.exe
  2⤵
  PID:6816
- C:\Windows\System\JynElJR.exe
  C:\Windows\System\JynElJR.exe
  2⤵
  PID:6840
- C:\Windows\System\deXAEjv.exe
  C:\Windows\System\deXAEjv.exe
  2⤵
  PID:6860
- C:\Windows\System\NygTfDT.exe
  C:\Windows\System\NygTfDT.exe
  2⤵
  PID:6880
- C:\Windows\System\EiRSGCh.exe
  C:\Windows\System\EiRSGCh.exe
  2⤵
  PID:6900
- C:\Windows\System\CDrkJUI.exe
  C:\Windows\System\CDrkJUI.exe
  2⤵
  PID:6920
- C:\Windows\System\RBCiNVg.exe
  C:\Windows\System\RBCiNVg.exe
  2⤵
  PID:6940
- C:\Windows\System\tBsLSIT.exe
  C:\Windows\System\tBsLSIT.exe
  2⤵
  PID:6960
- C:\Windows\System\tacFqhh.exe
  C:\Windows\System\tacFqhh.exe
  2⤵
  PID:6980
- C:\Windows\System\FPLdjVs.exe
  C:\Windows\System\FPLdjVs.exe
  2⤵
  PID:7000
- C:\Windows\System\fsshsvE.exe
  C:\Windows\System\fsshsvE.exe
  2⤵
  PID:7020
- C:\Windows\System\vGWprTZ.exe
  C:\Windows\System\vGWprTZ.exe
  2⤵
  PID:7040
- C:\Windows\System\AyXzMmh.exe
  C:\Windows\System\AyXzMmh.exe
  2⤵
  PID:7060
- C:\Windows\System\haSmDIe.exe
  C:\Windows\System\haSmDIe.exe
  2⤵
  PID:7080
- C:\Windows\System\FhfkTEa.exe
  C:\Windows\System\FhfkTEa.exe
  2⤵
  PID:7100
- C:\Windows\System\YhfrYbn.exe
  C:\Windows\System\YhfrYbn.exe
  2⤵
  PID:7120
- C:\Windows\System\VzeVQXx.exe
  C:\Windows\System\VzeVQXx.exe
  2⤵
  PID:7140
- C:\Windows\System\KFgGONq.exe
  C:\Windows\System\KFgGONq.exe
  2⤵
  PID:7160
- C:\Windows\System\mnFevnO.exe
  C:\Windows\System\mnFevnO.exe
  2⤵
  PID:4412
- C:\Windows\System\XPAIRYr.exe
  C:\Windows\System\XPAIRYr.exe
  2⤵
  PID:5252
- C:\Windows\System\LbdfFIn.exe
  C:\Windows\System\LbdfFIn.exe
  2⤵
  PID:5432
- C:\Windows\System\ERoppAk.exe
  C:\Windows\System\ERoppAk.exe
  2⤵
  PID:5472
- C:\Windows\System\vwcAuXU.exe
  C:\Windows\System\vwcAuXU.exe
  2⤵
  PID:5600
- C:\Windows\System\AJaYLNd.exe
  C:\Windows\System\AJaYLNd.exe
  2⤵
  PID:5780
- C:\Windows\System\tcegQMx.exe
  C:\Windows\System\tcegQMx.exe
  2⤵
  PID:5936
- C:\Windows\System\HAhTgqn.exe
  C:\Windows\System\HAhTgqn.exe
  2⤵
  PID:4756
- C:\Windows\System\nukbYTZ.exe
  C:\Windows\System\nukbYTZ.exe
  2⤵
  PID:4108
- C:\Windows\System\VcLXKzx.exe
  C:\Windows\System\VcLXKzx.exe
  2⤵
  PID:6172
- C:\Windows\System\stajhxY.exe
  C:\Windows\System\stajhxY.exe
  2⤵
  PID:6188
- C:\Windows\System\BJeiQvb.exe
  C:\Windows\System\BJeiQvb.exe
  2⤵
  PID:6208
- C:\Windows\System\CaqBpTJ.exe
  C:\Windows\System\CaqBpTJ.exe
  2⤵
  PID:6252
- C:\Windows\System\BUftewu.exe
  C:\Windows\System\BUftewu.exe
  2⤵
  PID:6292
- C:\Windows\System\vVedFfv.exe
  C:\Windows\System\vVedFfv.exe
  2⤵
  PID:6332
- C:\Windows\System\lGWNlHm.exe
  C:\Windows\System\lGWNlHm.exe
  2⤵
  PID:6364
- C:\Windows\System\eNiccqP.exe
  C:\Windows\System\eNiccqP.exe
  2⤵
  PID:6388
- C:\Windows\System\UaGwYbq.exe
  C:\Windows\System\UaGwYbq.exe
  2⤵
  PID:6408
- C:\Windows\System\Fiiwbzj.exe
  C:\Windows\System\Fiiwbzj.exe
  2⤵
  PID:3176
- C:\Windows\System\GNOfpuq.exe
  C:\Windows\System\GNOfpuq.exe
  2⤵
  PID:6492
- C:\Windows\System\UAVpdzo.exe
  C:\Windows\System\UAVpdzo.exe
  2⤵
  PID:6524
- C:\Windows\System\ulptoJb.exe
  C:\Windows\System\ulptoJb.exe
  2⤵
  PID:6548
- C:\Windows\System\OaBcyEj.exe
  C:\Windows\System\OaBcyEj.exe
  2⤵
  PID:6568
- C:\Windows\System\ZQlTNHK.exe
  C:\Windows\System\ZQlTNHK.exe
  2⤵
  PID:6624
- C:\Windows\System\xLfJgAf.exe
  C:\Windows\System\xLfJgAf.exe
  2⤵
  PID:6664
- C:\Windows\System\AufkJuG.exe
  C:\Windows\System\AufkJuG.exe
  2⤵
  PID:6684
- C:\Windows\System\pdlfRLh.exe
  C:\Windows\System\pdlfRLh.exe
  2⤵
  PID:6708
- C:\Windows\System\MjfGRHL.exe
  C:\Windows\System\MjfGRHL.exe
  2⤵
  PID:6728
- C:\Windows\System\qVtTGBt.exe
  C:\Windows\System\qVtTGBt.exe
  2⤵
  PID:6784
- C:\Windows\System\FzHQZab.exe
  C:\Windows\System\FzHQZab.exe
  2⤵
  PID:6832
- C:\Windows\System\sRRcXvJ.exe
  C:\Windows\System\sRRcXvJ.exe
  2⤵
  PID:6848
- C:\Windows\System\wSBlhPC.exe
  C:\Windows\System\wSBlhPC.exe
  2⤵
  PID:6908
- C:\Windows\System\ASHPLlO.exe
  C:\Windows\System\ASHPLlO.exe
  2⤵
  PID:6912
- C:\Windows\System\bMuMaOk.exe
  C:\Windows\System\bMuMaOk.exe
  2⤵
  PID:6956
- C:\Windows\System\RVjnhRQ.exe
  C:\Windows\System\RVjnhRQ.exe
  2⤵
  PID:6996
- C:\Windows\System\aCCgJXe.exe
  C:\Windows\System\aCCgJXe.exe
  2⤵
  PID:7016
- C:\Windows\System\EckuPzH.exe
  C:\Windows\System\EckuPzH.exe
  2⤵
  PID:7056
- C:\Windows\System\NZIqMUz.exe
  C:\Windows\System\NZIqMUz.exe
  2⤵
  PID:7108
- C:\Windows\System\HEzyEJu.exe
  C:\Windows\System\HEzyEJu.exe
  2⤵
  PID:7148
- C:\Windows\System\ZDYlYQU.exe
  C:\Windows\System\ZDYlYQU.exe
  2⤵
  PID:7152
- C:\Windows\System\yLAtwYg.exe
  C:\Windows\System\yLAtwYg.exe
  2⤵
  PID:5156
- C:\Windows\System\JxOKiUX.exe
  C:\Windows\System\JxOKiUX.exe
  2⤵
  PID:5352
- C:\Windows\System\EbVaMTl.exe
  C:\Windows\System\EbVaMTl.exe
  2⤵
  PID:5188
- C:\Windows\System\zpXVpiK.exe
  C:\Windows\System\zpXVpiK.exe
  2⤵
  PID:5980
- C:\Windows\System\vGcjvPY.exe
  C:\Windows\System\vGcjvPY.exe
  2⤵
  PID:6152
- C:\Windows\System\ixFljvQ.exe
  C:\Windows\System\ixFljvQ.exe
  2⤵
  PID:6148
- C:\Windows\System\cgayaUq.exe
  C:\Windows\System\cgayaUq.exe
  2⤵
  PID:6212
- C:\Windows\System\BngzFXA.exe
  C:\Windows\System\BngzFXA.exe
  2⤵
  PID:6304
- C:\Windows\System\YTNCPqp.exe
  C:\Windows\System\YTNCPqp.exe
  2⤵
  PID:6312
- C:\Windows\System\SvFvAXy.exe
  C:\Windows\System\SvFvAXy.exe
  2⤵
  PID:6352
- C:\Windows\System\EnoYddf.exe
  C:\Windows\System\EnoYddf.exe
  2⤵
  PID:6412
- C:\Windows\System\kUtlmuv.exe
  C:\Windows\System\kUtlmuv.exe
  2⤵
  PID:6472
- C:\Windows\System\HVOdjqp.exe
  C:\Windows\System\HVOdjqp.exe
  2⤵
  PID:6544
- C:\Windows\System\wuWAmrt.exe
  C:\Windows\System\wuWAmrt.exe
  2⤵
  PID:6608
- C:\Windows\System\zardwkH.exe
  C:\Windows\System\zardwkH.exe
  2⤵
  PID:6628
- C:\Windows\System\EQgFRdb.exe
  C:\Windows\System\EQgFRdb.exe
  2⤵
  PID:6668
- C:\Windows\System\kNnOHsQ.exe
  C:\Windows\System\kNnOHsQ.exe
  2⤵
  PID:6732
- C:\Windows\System\mkurGYY.exe
  C:\Windows\System\mkurGYY.exe
  2⤵
  PID:2816
- C:\Windows\System\lWuDXbc.exe
  C:\Windows\System\lWuDXbc.exe
  2⤵
  PID:6772
- C:\Windows\System\okjTzae.exe
  C:\Windows\System\okjTzae.exe
  2⤵
  PID:6856
- C:\Windows\System\FcdzuKH.exe
  C:\Windows\System\FcdzuKH.exe
  2⤵
  PID:6932
- C:\Windows\System\LWgrTwt.exe
  C:\Windows\System\LWgrTwt.exe
  2⤵
  PID:6968
- C:\Windows\System\cQDemBb.exe
  C:\Windows\System\cQDemBb.exe
  2⤵
  PID:7028
- C:\Windows\System\diGVbnM.exe
  C:\Windows\System\diGVbnM.exe
  2⤵
  PID:7072
- C:\Windows\System\JrvgMRu.exe
  C:\Windows\System\JrvgMRu.exe
  2⤵
  PID:7092
- C:\Windows\System\tmMHRak.exe
  C:\Windows\System\tmMHRak.exe
  2⤵
  PID:2752
- C:\Windows\System\belslaF.exe
  C:\Windows\System\belslaF.exe
  2⤵
  PID:5516
- C:\Windows\System\jyyMFvd.exe
  C:\Windows\System\jyyMFvd.exe
  2⤵
  PID:2844
- C:\Windows\System\TTVcNEV.exe
  C:\Windows\System\TTVcNEV.exe
  2⤵
  PID:6164
- C:\Windows\System\ezcTsxd.exe
  C:\Windows\System\ezcTsxd.exe
  2⤵
  PID:6192
- C:\Windows\System\LCEnFhd.exe
  C:\Windows\System\LCEnFhd.exe
  2⤵
  PID:6308
- C:\Windows\System\ksKmvRS.exe
  C:\Windows\System\ksKmvRS.exe
  2⤵
  PID:6448
- C:\Windows\System\LcJWNex.exe
  C:\Windows\System\LcJWNex.exe
  2⤵
  PID:6444
- C:\Windows\System\ZaDqUKL.exe
  C:\Windows\System\ZaDqUKL.exe
  2⤵
  PID:6604
- C:\Windows\System\SNwvjyI.exe
  C:\Windows\System\SNwvjyI.exe
  2⤵
  PID:6612
- C:\Windows\System\MaCYHsk.exe
  C:\Windows\System\MaCYHsk.exe
  2⤵
  PID:6788
- C:\Windows\System\wUgswZd.exe
  C:\Windows\System\wUgswZd.exe
  2⤵
  PID:6768
- C:\Windows\System\LIxFLrE.exe
  C:\Windows\System\LIxFLrE.exe
  2⤵
  PID:6764
- C:\Windows\System\EMTPwlP.exe
  C:\Windows\System\EMTPwlP.exe
  2⤵
  PID:6936
- C:\Windows\System\VQsnuAe.exe
  C:\Windows\System\VQsnuAe.exe
  2⤵
  PID:7008
- C:\Windows\System\chwFdGa.exe
  C:\Windows\System\chwFdGa.exe
  2⤵
  PID:7048
- C:\Windows\System\QgXstBL.exe
  C:\Windows\System\QgXstBL.exe
  2⤵
  PID:5272
- C:\Windows\System\KRKKrhe.exe
  C:\Windows\System\KRKKrhe.exe
  2⤵
  PID:4940
- C:\Windows\System\QUoiXXD.exe
  C:\Windows\System\QUoiXXD.exe
  2⤵
  PID:2920
- C:\Windows\System\titMHau.exe
  C:\Windows\System\titMHau.exe
  2⤵
  PID:6392
- C:\Windows\System\AmuZsBc.exe
  C:\Windows\System\AmuZsBc.exe
  2⤵
  PID:6552
- C:\Windows\System\nzswpRK.exe
  C:\Windows\System\nzswpRK.exe
  2⤵
  PID:2556
- C:\Windows\System\mRQgOzM.exe
  C:\Windows\System\mRQgOzM.exe
  2⤵
  PID:6704
- C:\Windows\System\GRjuUcS.exe
  C:\Windows\System\GRjuUcS.exe
  2⤵
  PID:6808
- C:\Windows\System\IQNkqnM.exe
  C:\Windows\System\IQNkqnM.exe
  2⤵
  PID:7088
- C:\Windows\System\xtwijSw.exe
  C:\Windows\System\xtwijSw.exe
  2⤵
  PID:7116
- C:\Windows\System\BlnudZX.exe
  C:\Windows\System\BlnudZX.exe
  2⤵
  PID:2544
- C:\Windows\System\zfRkTod.exe
  C:\Windows\System\zfRkTod.exe
  2⤵
  PID:5452
- C:\Windows\System\MWlhSiz.exe
  C:\Windows\System\MWlhSiz.exe
  2⤵
  PID:6244
- C:\Windows\System\kZJDcaa.exe
  C:\Windows\System\kZJDcaa.exe
  2⤵
  PID:6508
- C:\Windows\System\jQzRrrR.exe
  C:\Windows\System\jQzRrrR.exe
  2⤵
  PID:7188
- C:\Windows\System\yWXgzoC.exe
  C:\Windows\System\yWXgzoC.exe
  2⤵
  PID:7208
- C:\Windows\System\kYGfLOq.exe
  C:\Windows\System\kYGfLOq.exe
  2⤵
  PID:7228
- C:\Windows\System\xmttner.exe
  C:\Windows\System\xmttner.exe
  2⤵
  PID:7248
- C:\Windows\System\NRAcTpF.exe
  C:\Windows\System\NRAcTpF.exe
  2⤵
  PID:7268
- C:\Windows\System\IRJCSrZ.exe
  C:\Windows\System\IRJCSrZ.exe
  2⤵
  PID:7288
- C:\Windows\System\tAGhNdE.exe
  C:\Windows\System\tAGhNdE.exe
  2⤵
  PID:7308
- C:\Windows\System\prFRWxa.exe
  C:\Windows\System\prFRWxa.exe
  2⤵
  PID:7328
- C:\Windows\System\jKTSFcV.exe
  C:\Windows\System\jKTSFcV.exe
  2⤵
  PID:7348
- C:\Windows\System\uDCeiTW.exe
  C:\Windows\System\uDCeiTW.exe
  2⤵
  PID:7368
- C:\Windows\System\bCJunAI.exe
  C:\Windows\System\bCJunAI.exe
  2⤵
  PID:7388
- C:\Windows\System\xvyKVpB.exe
  C:\Windows\System\xvyKVpB.exe
  2⤵
  PID:7408
- C:\Windows\System\BufaDoH.exe
  C:\Windows\System\BufaDoH.exe
  2⤵
  PID:7428
- C:\Windows\System\pHQMJhL.exe
  C:\Windows\System\pHQMJhL.exe
  2⤵
  PID:7448
- C:\Windows\System\hOkVtOk.exe
  C:\Windows\System\hOkVtOk.exe
  2⤵
  PID:7468
- C:\Windows\System\DXmFDxI.exe
  C:\Windows\System\DXmFDxI.exe
  2⤵
  PID:7488
- C:\Windows\System\BWpqWuQ.exe
  C:\Windows\System\BWpqWuQ.exe
  2⤵
  PID:7508
- C:\Windows\System\UEeFkjI.exe
  C:\Windows\System\UEeFkjI.exe
  2⤵
  PID:7528
- C:\Windows\System\JziepIz.exe
  C:\Windows\System\JziepIz.exe
  2⤵
  PID:7548
- C:\Windows\System\iUxTCfl.exe
  C:\Windows\System\iUxTCfl.exe
  2⤵
  PID:7572
- C:\Windows\System\DqgUFeC.exe
  C:\Windows\System\DqgUFeC.exe
  2⤵
  PID:7592
- C:\Windows\System\obRAubM.exe
  C:\Windows\System\obRAubM.exe
  2⤵
  PID:7612
- C:\Windows\System\BHKjxjy.exe
  C:\Windows\System\BHKjxjy.exe
  2⤵
  PID:7632
- C:\Windows\System\EBHJUMy.exe
  C:\Windows\System\EBHJUMy.exe
  2⤵
  PID:7652
- C:\Windows\System\akNsMGx.exe
  C:\Windows\System\akNsMGx.exe
  2⤵
  PID:7676
- C:\Windows\System\dtlzdYg.exe
  C:\Windows\System\dtlzdYg.exe
  2⤵
  PID:7696
- C:\Windows\System\jOqpRwy.exe
  C:\Windows\System\jOqpRwy.exe
  2⤵
  PID:7716
- C:\Windows\System\kznxxjc.exe
  C:\Windows\System\kznxxjc.exe
  2⤵
  PID:7736
- C:\Windows\System\vrfeyiS.exe
  C:\Windows\System\vrfeyiS.exe
  2⤵
  PID:7756
- C:\Windows\System\jaPSRhm.exe
  C:\Windows\System\jaPSRhm.exe
  2⤵
  PID:7776
- C:\Windows\System\ooCqdnf.exe
  C:\Windows\System\ooCqdnf.exe
  2⤵
  PID:7812
- C:\Windows\System\qndECMi.exe
  C:\Windows\System\qndECMi.exe
  2⤵
  PID:7912
- C:\Windows\System\nxUNaik.exe
  C:\Windows\System\nxUNaik.exe
  2⤵
  PID:7936
- C:\Windows\System\VHSggue.exe
  C:\Windows\System\VHSggue.exe
  2⤵
  PID:7956
- C:\Windows\System\pkEmmmX.exe
  C:\Windows\System\pkEmmmX.exe
  2⤵
  PID:7976
- C:\Windows\System\otbrYur.exe
  C:\Windows\System\otbrYur.exe
  2⤵
  PID:7992
- C:\Windows\System\IYxUYMt.exe
  C:\Windows\System\IYxUYMt.exe
  2⤵
  PID:8008
- C:\Windows\System\vyNQNVQ.exe
  C:\Windows\System\vyNQNVQ.exe
  2⤵
  PID:8032
- C:\Windows\System\seFtIkm.exe
  C:\Windows\System\seFtIkm.exe
  2⤵
  PID:8052
- C:\Windows\System\pLyykLa.exe
  C:\Windows\System\pLyykLa.exe
  2⤵
  PID:8068
- C:\Windows\System\gSjlWFy.exe
  C:\Windows\System\gSjlWFy.exe
  2⤵
  PID:8088
- C:\Windows\System\oHEvFJe.exe
  C:\Windows\System\oHEvFJe.exe
  2⤵
  PID:8116
- C:\Windows\System\FyTfTGU.exe
  C:\Windows\System\FyTfTGU.exe
  2⤵
  PID:8132
- C:\Windows\System\ZhPaXRd.exe
  C:\Windows\System\ZhPaXRd.exe
  2⤵
  PID:8148
- C:\Windows\System\MUdflUh.exe
  C:\Windows\System\MUdflUh.exe
  2⤵
  PID:8168
- C:\Windows\System\IoHzUfz.exe
  C:\Windows\System\IoHzUfz.exe
  2⤵
  PID:6572
- C:\Windows\System\nUCyXNu.exe
  C:\Windows\System\nUCyXNu.exe
  2⤵
  PID:6852
- C:\Windows\System\IWFAQuV.exe
  C:\Windows\System\IWFAQuV.exe
  2⤵
  PID:2652
- C:\Windows\System\gxJmEBz.exe
  C:\Windows\System\gxJmEBz.exe
  2⤵
  PID:2620
- C:\Windows\System\musfitF.exe
  C:\Windows\System\musfitF.exe
  2⤵
  PID:696
- C:\Windows\System\LucHYJl.exe
  C:\Windows\System\LucHYJl.exe
  2⤵
  PID:6224
- C:\Windows\System\YMgPmPm.exe
  C:\Windows\System\YMgPmPm.exe
  2⤵
  PID:7184
- C:\Windows\System\McVWQzg.exe
  C:\Windows\System\McVWQzg.exe
  2⤵
  PID:7220
- C:\Windows\System\WeoHSer.exe
  C:\Windows\System\WeoHSer.exe
  2⤵
  PID:1960
- C:\Windows\System\HQtbDne.exe
  C:\Windows\System\HQtbDne.exe
  2⤵
  PID:264
- C:\Windows\System\EMTslAn.exe
  C:\Windows\System\EMTslAn.exe
  2⤵
  PID:7112
- C:\Windows\System\acTpMxN.exe
  C:\Windows\System\acTpMxN.exe
  2⤵
  PID:7276
- C:\Windows\System\MwJJsnw.exe
  C:\Windows\System\MwJJsnw.exe
  2⤵
  PID:7324
- C:\Windows\System\LRTUXAF.exe
  C:\Windows\System\LRTUXAF.exe
  2⤵
  PID:7356
- C:\Windows\System\neIXpbE.exe
  C:\Windows\System\neIXpbE.exe
  2⤵
  PID:7364
- C:\Windows\System\nlGoAjb.exe
  C:\Windows\System\nlGoAjb.exe
  2⤵
  PID:7380
- C:\Windows\System\vYaMpvf.exe
  C:\Windows\System\vYaMpvf.exe
  2⤵
  PID:7424
- C:\Windows\System\lPhQlZH.exe
  C:\Windows\System\lPhQlZH.exe
  2⤵
  PID:7400
- C:\Windows\System\kIkLDBg.exe
  C:\Windows\System\kIkLDBg.exe
  2⤵
  PID:1344
- C:\Windows\System\NhtAOYy.exe
  C:\Windows\System\NhtAOYy.exe
  2⤵
  PID:2512
- C:\Windows\System\lKOnDDO.exe
  C:\Windows\System\lKOnDDO.exe
  2⤵
  PID:7536
- C:\Windows\System\YDqVtgy.exe
  C:\Windows\System\YDqVtgy.exe
  2⤵
  PID:7540
- C:\Windows\System\nvQpXSH.exe
  C:\Windows\System\nvQpXSH.exe
  2⤵
  PID:7568
- C:\Windows\System\ydoFwif.exe
  C:\Windows\System\ydoFwif.exe
  2⤵
  PID:7560
- C:\Windows\System\wJiCDjN.exe
  C:\Windows\System\wJiCDjN.exe
  2⤵
  PID:7600
- C:\Windows\System\uftxURh.exe
  C:\Windows\System\uftxURh.exe
  2⤵
  PID:7620
- C:\Windows\System\PZTUhJw.exe
  C:\Windows\System\PZTUhJw.exe
  2⤵
  PID:7668
- C:\Windows\System\tgezLUc.exe
  C:\Windows\System\tgezLUc.exe
  2⤵
  PID:4472
- C:\Windows\System\woyUwIt.exe
  C:\Windows\System\woyUwIt.exe
  2⤵
  PID:7688
- C:\Windows\System\wRHpFkL.exe
  C:\Windows\System\wRHpFkL.exe
  2⤵
  PID:7744
- C:\Windows\System\GzhjpyW.exe
  C:\Windows\System\GzhjpyW.exe
  2⤵
  PID:7768
- C:\Windows\System\vxokVxI.exe
  C:\Windows\System\vxokVxI.exe
  2⤵
  PID:1964
- C:\Windows\System\rzYMjno.exe
  C:\Windows\System\rzYMjno.exe
  2⤵
  PID:7908
- C:\Windows\System\ppawrwg.exe
  C:\Windows\System\ppawrwg.exe
  2⤵
  PID:7952
- C:\Windows\System\AQNUFQR.exe
  C:\Windows\System\AQNUFQR.exe
  2⤵
  PID:7984
- C:\Windows\System\QRjcwVH.exe
  C:\Windows\System\QRjcwVH.exe
  2⤵
  PID:8040
- C:\Windows\System\yNlakwT.exe
  C:\Windows\System\yNlakwT.exe
  2⤵
  PID:8080
- C:\Windows\System\YdvSgSP.exe
  C:\Windows\System\YdvSgSP.exe
  2⤵
  PID:8028
- C:\Windows\System\RlbsCAn.exe
  C:\Windows\System\RlbsCAn.exe
  2⤵
  PID:8112
- C:\Windows\System\fcapvKI.exe
  C:\Windows\System\fcapvKI.exe
  2⤵
  PID:1208
- C:\Windows\System\MtdXaFq.exe
  C:\Windows\System\MtdXaFq.exe
  2⤵
  PID:2028
- C:\Windows\System\WicIYTs.exe
  C:\Windows\System\WicIYTs.exe
  2⤵
  PID:8124
- C:\Windows\System\snWhYsc.exe
  C:\Windows\System\snWhYsc.exe
  2⤵
  PID:8188
- C:\Windows\System\gDOzNEF.exe
  C:\Windows\System\gDOzNEF.exe
  2⤵
  PID:6988
- C:\Windows\System\IDMLaOd.exe
  C:\Windows\System\IDMLaOd.exe
  2⤵
  PID:2724
- C:\Windows\System\ciHCpee.exe
  C:\Windows\System\ciHCpee.exe
  2⤵
  PID:5084
- C:\Windows\System\gYOcySw.exe
  C:\Windows\System\gYOcySw.exe
  2⤵
  PID:6432
- C:\Windows\System\wShPtZu.exe
  C:\Windows\System\wShPtZu.exe
  2⤵
  PID:6384
- C:\Windows\System\JmSseNA.exe
  C:\Windows\System\JmSseNA.exe
  2⤵
  PID:4492
- C:\Windows\System\JyndvpR.exe
  C:\Windows\System\JyndvpR.exe
  2⤵
  PID:1524
- C:\Windows\System\DhKAzDg.exe
  C:\Windows\System\DhKAzDg.exe
  2⤵
  PID:7240
- C:\Windows\System\lDzMemX.exe
  C:\Windows\System\lDzMemX.exe
  2⤵
  PID:1920
- C:\Windows\System\zvfRQWm.exe
  C:\Windows\System\zvfRQWm.exe
  2⤵
  PID:7396
- C:\Windows\System\AYMsgew.exe
  C:\Windows\System\AYMsgew.exe
  2⤵
  PID:7444
- C:\Windows\System\GgLLuqN.exe
  C:\Windows\System\GgLLuqN.exe
  2⤵
  PID:968
- C:\Windows\System\BGCjecG.exe
  C:\Windows\System\BGCjecG.exe
  2⤵
  PID:7500
- C:\Windows\System\SPWbCbt.exe
  C:\Windows\System\SPWbCbt.exe
  2⤵
  PID:7544
- C:\Windows\System\YBTsjVX.exe
  C:\Windows\System\YBTsjVX.exe
  2⤵
  PID:2008
- C:\Windows\System\GGJZLyh.exe
  C:\Windows\System\GGJZLyh.exe
  2⤵
  PID:7604
- C:\Windows\System\XXYQTGc.exe
  C:\Windows\System\XXYQTGc.exe
  2⤵
  PID:7644
- C:\Windows\System\WXlmIZr.exe
  C:\Windows\System\WXlmIZr.exe
  2⤵
  PID:7784
- C:\Windows\System\fpcBgLu.exe
  C:\Windows\System\fpcBgLu.exe
  2⤵
  PID:7928
- C:\Windows\System\pldJPQt.exe
  C:\Windows\System\pldJPQt.exe
  2⤵
  PID:8004
- C:\Windows\System\qPpBHCu.exe
  C:\Windows\System\qPpBHCu.exe
  2⤵
  PID:1604
- C:\Windows\System\TTZVRtq.exe
  C:\Windows\System\TTZVRtq.exe
  2⤵
  PID:8048
- C:\Windows\System\otElWGs.exe
  C:\Windows\System\otElWGs.exe
  2⤵
  PID:8104
- C:\Windows\System\fHaJBBN.exe
  C:\Windows\System\fHaJBBN.exe
  2⤵
  PID:1628
- C:\Windows\System\PZXrbar.exe
  C:\Windows\System\PZXrbar.exe
  2⤵
  PID:6688
- C:\Windows\System\WQGjGrM.exe
  C:\Windows\System\WQGjGrM.exe
  2⤵
  PID:7204
- C:\Windows\System\VVxirdV.exe
  C:\Windows\System\VVxirdV.exe
  2⤵
  PID:7384
- C:\Windows\System\vUEATqW.exe
  C:\Windows\System\vUEATqW.exe
  2⤵
  PID:7416
- C:\Windows\System\wVcrsyI.exe
  C:\Windows\System\wVcrsyI.exe
  2⤵
  PID:7256
- C:\Windows\System\xYEtzmp.exe
  C:\Windows\System\xYEtzmp.exe
  2⤵
  PID:5760
- C:\Windows\System\bTOKUAk.exe
  C:\Windows\System\bTOKUAk.exe
  2⤵
  PID:7340
- C:\Windows\System\HCSAKSu.exe
  C:\Windows\System\HCSAKSu.exe
  2⤵
  PID:7584
- C:\Windows\System\BNWpLnA.exe
  C:\Windows\System\BNWpLnA.exe
  2⤵
  PID:7336
- C:\Windows\System\IslhGFv.exe
  C:\Windows\System\IslhGFv.exe
  2⤵
  PID:564
- C:\Windows\System\GYejSSg.exe
  C:\Windows\System\GYejSSg.exe
  2⤵
  PID:7724
- C:\Windows\System\BACBpXE.exe
  C:\Windows\System\BACBpXE.exe
  2⤵
  PID:7788
- C:\Windows\System\rQzPWTf.exe
  C:\Windows\System\rQzPWTf.exe
  2⤵
  PID:7748
- C:\Windows\System\mUWQIyA.exe
  C:\Windows\System\mUWQIyA.exe
  2⤵
  PID:7732
- C:\Windows\System\HrHNwjb.exe
  C:\Windows\System\HrHNwjb.exe
  2⤵
  PID:8096
- C:\Windows\System\idYRqUl.exe
  C:\Windows\System\idYRqUl.exe
  2⤵
  PID:8140
- C:\Windows\System\GUUXyKm.exe
  C:\Windows\System\GUUXyKm.exe
  2⤵
  PID:6284
- C:\Windows\System\NTWnKEG.exe
  C:\Windows\System\NTWnKEG.exe
  2⤵
  PID:7920
- C:\Windows\System\TUqLTCU.exe
  C:\Windows\System\TUqLTCU.exe
  2⤵
  PID:7968
- C:\Windows\System\pZdWTRf.exe
  C:\Windows\System\pZdWTRf.exe
  2⤵
  PID:8024
- C:\Windows\System\Uezwrhq.exe
  C:\Windows\System\Uezwrhq.exe
  2⤵
  PID:8064
- C:\Windows\System\yvCRdDD.exe
  C:\Windows\System\yvCRdDD.exe
  2⤵
  PID:288
- C:\Windows\System\xGLbvQq.exe
  C:\Windows\System\xGLbvQq.exe
  2⤵
  PID:7376
- C:\Windows\System\LtaatGt.exe
  C:\Windows\System\LtaatGt.exe
  2⤵
  PID:8000
- C:\Windows\System\CYtTStp.exe
  C:\Windows\System\CYtTStp.exe
  2⤵
  PID:7524
- C:\Windows\System\eiQzQAc.exe
  C:\Windows\System\eiQzQAc.exe
  2⤵
  PID:7692
- C:\Windows\System\xfFFwJV.exe
  C:\Windows\System\xfFFwJV.exe
  2⤵
  PID:8144
- C:\Windows\System\tEemRmD.exe
  C:\Windows\System\tEemRmD.exe
  2⤵
  PID:2764
- C:\Windows\System\HoocaNp.exe
  C:\Windows\System\HoocaNp.exe
  2⤵
  PID:2876
- C:\Windows\System\ghVMKCr.exe
  C:\Windows\System\ghVMKCr.exe
  2⤵
  PID:7964
- C:\Windows\System\qoJAAMh.exe
  C:\Windows\System\qoJAAMh.exe
  2⤵
  PID:7640
- C:\Windows\System\YoBvpKM.exe
  C:\Windows\System\YoBvpKM.exe
  2⤵
  PID:7244
- C:\Windows\System\BSsdQVs.exe
  C:\Windows\System\BSsdQVs.exe
  2⤵
  PID:7436
- C:\Windows\System\IbClAyS.exe
  C:\Windows\System\IbClAyS.exe
  2⤵
  PID:7840
- C:\Windows\System\muAgEQY.exe
  C:\Windows\System\muAgEQY.exe
  2⤵
  PID:8020
- C:\Windows\System\cnkrCzV.exe
  C:\Windows\System\cnkrCzV.exe
  2⤵
  PID:8200
- C:\Windows\System\kzqDRjv.exe
  C:\Windows\System\kzqDRjv.exe
  2⤵
  PID:8216
- C:\Windows\System\LZhleMx.exe
  C:\Windows\System\LZhleMx.exe
  2⤵
  PID:8236
- C:\Windows\System\tEIOhli.exe
  C:\Windows\System\tEIOhli.exe
  2⤵
  PID:8260
- C:\Windows\System\rbFpNWx.exe
  C:\Windows\System\rbFpNWx.exe
  2⤵
  PID:8284
- C:\Windows\System\wEvBqCS.exe
  C:\Windows\System\wEvBqCS.exe
  2⤵
  PID:8300
- C:\Windows\System\cJdwODq.exe
  C:\Windows\System\cJdwODq.exe
  2⤵
  PID:8336
- C:\Windows\System\osjLPIc.exe
  C:\Windows\System\osjLPIc.exe
  2⤵
  PID:8352
- C:\Windows\System\KWsdOTA.exe
  C:\Windows\System\KWsdOTA.exe
  2⤵
  PID:8368
- C:\Windows\System\nLhxLyq.exe
  C:\Windows\System\nLhxLyq.exe
  2⤵
  PID:8388
- C:\Windows\System\eFYSYhj.exe
  C:\Windows\System\eFYSYhj.exe
  2⤵
  PID:8416
- C:\Windows\System\PaWnrSY.exe
  C:\Windows\System\PaWnrSY.exe
  2⤵
  PID:8432
- C:\Windows\System\neEtQvr.exe
  C:\Windows\System\neEtQvr.exe
  2⤵
  PID:8456
- C:\Windows\System\xsRuKiD.exe
  C:\Windows\System\xsRuKiD.exe
  2⤵
  PID:8476
- C:\Windows\System\KpzIehO.exe
  C:\Windows\System\KpzIehO.exe
  2⤵
  PID:8500
- C:\Windows\System\jbIqvOD.exe
  C:\Windows\System\jbIqvOD.exe
  2⤵
  PID:8516
- C:\Windows\System\NdqRHrr.exe
  C:\Windows\System\NdqRHrr.exe
  2⤵
  PID:8548
- C:\Windows\System\HZmSHiT.exe
  C:\Windows\System\HZmSHiT.exe
  2⤵
  PID:8564
- C:\Windows\System\EOzqgiM.exe
  C:\Windows\System\EOzqgiM.exe
  2⤵
  PID:8580
- C:\Windows\System\RhYVRdY.exe
  C:\Windows\System\RhYVRdY.exe
  2⤵
  PID:8600
- C:\Windows\System\KnzbIxT.exe
  C:\Windows\System\KnzbIxT.exe
  2⤵
  PID:8620
- C:\Windows\System\RjSaIjU.exe
  C:\Windows\System\RjSaIjU.exe
  2⤵
  PID:8636
- C:\Windows\System\pzcjiRT.exe
  C:\Windows\System\pzcjiRT.exe
  2⤵
  PID:8664
- C:\Windows\System\xmcROcb.exe
  C:\Windows\System\xmcROcb.exe
  2⤵
  PID:8684
- C:\Windows\System\vmNTmNO.exe
  C:\Windows\System\vmNTmNO.exe
  2⤵
  PID:8700
- C:\Windows\System\kGwjTLY.exe
  C:\Windows\System\kGwjTLY.exe
  2⤵
  PID:8720
- C:\Windows\System\ChYbPok.exe
  C:\Windows\System\ChYbPok.exe
  2⤵
  PID:8740
- C:\Windows\System\ZKludVy.exe
  C:\Windows\System\ZKludVy.exe
  2⤵
  PID:8756
- C:\Windows\System\ZWUNrAD.exe
  C:\Windows\System\ZWUNrAD.exe
  2⤵
  PID:8772
- C:\Windows\System\wnIRLUt.exe
  C:\Windows\System\wnIRLUt.exe
  2⤵
  PID:8812
- C:\Windows\System\DHeFZzD.exe
  C:\Windows\System\DHeFZzD.exe
  2⤵
  PID:8828
- C:\Windows\System\jkihghI.exe
  C:\Windows\System\jkihghI.exe
  2⤵
  PID:8844
- C:\Windows\System\oYCIodO.exe
  C:\Windows\System\oYCIodO.exe
  2⤵
  PID:8868
- C:\Windows\System\WupqfXd.exe
  C:\Windows\System\WupqfXd.exe
  2⤵
  PID:8884
- C:\Windows\System\EKgfwHy.exe
  C:\Windows\System\EKgfwHy.exe
  2⤵
  PID:8900
- C:\Windows\System\sChThzq.exe
  C:\Windows\System\sChThzq.exe
  2⤵
  PID:8932
- C:\Windows\System\KEGLIaD.exe
  C:\Windows\System\KEGLIaD.exe
  2⤵
  PID:8948
- C:\Windows\System\HOeevJp.exe
  C:\Windows\System\HOeevJp.exe
  2⤵
  PID:8964
- C:\Windows\System\wIYTkpq.exe
  C:\Windows\System\wIYTkpq.exe
  2⤵
  PID:8984
- C:\Windows\System\PCEuuER.exe
  C:\Windows\System\PCEuuER.exe
  2⤵
  PID:9008
- C:\Windows\System\BuvtpFb.exe
  C:\Windows\System\BuvtpFb.exe
  2⤵
  PID:9032
- C:\Windows\System\HNvMzeQ.exe
  C:\Windows\System\HNvMzeQ.exe
  2⤵
  PID:9052
- C:\Windows\System\YSHoNLy.exe
  C:\Windows\System\YSHoNLy.exe
  2⤵
  PID:9068
- C:\Windows\System\upzHnrD.exe
  C:\Windows\System\upzHnrD.exe
  2⤵
  PID:9088
- C:\Windows\System\URLkqBr.exe
  C:\Windows\System\URLkqBr.exe
  2⤵
  PID:9104
- C:\Windows\System\uCLhDUD.exe
  C:\Windows\System\uCLhDUD.exe
  2⤵
  PID:9124
- C:\Windows\System\qZVBEUm.exe
  C:\Windows\System\qZVBEUm.exe
  2⤵
  PID:9148
- C:\Windows\System\pISwrFM.exe
  C:\Windows\System\pISwrFM.exe
  2⤵
  PID:9168
- C:\Windows\System\Nshhimn.exe
  C:\Windows\System\Nshhimn.exe
  2⤵
  PID:9188
- C:\Windows\System\jTEtCjd.exe
  C:\Windows\System\jTEtCjd.exe
  2⤵
  PID:9208
- C:\Windows\System\MkfkHMz.exe
  C:\Windows\System\MkfkHMz.exe
  2⤵
  PID:8252
- C:\Windows\System\sbKChhn.exe
  C:\Windows\System\sbKChhn.exe
  2⤵
  PID:8292
- C:\Windows\System\yIMgnMU.exe
  C:\Windows\System\yIMgnMU.exe
  2⤵
  PID:8232
- C:\Windows\System\azBPuLF.exe
  C:\Windows\System\azBPuLF.exe
  2⤵
  PID:7460
- C:\Windows\System\mFAtUHq.exe
  C:\Windows\System\mFAtUHq.exe
  2⤵
  PID:8332
- C:\Windows\System\IYYXonM.exe
  C:\Windows\System\IYYXonM.exe
  2⤵
  PID:8384
- C:\Windows\System\hhtaHAo.exe
  C:\Windows\System\hhtaHAo.exe
  2⤵
  PID:8400
- C:\Windows\System\IvFaGEi.exe
  C:\Windows\System\IvFaGEi.exe
  2⤵
  PID:8444
- C:\Windows\System\hCdQbRY.exe
  C:\Windows\System\hCdQbRY.exe
  2⤵
  PID:8468
- C:\Windows\System\JbfxUzV.exe
  C:\Windows\System\JbfxUzV.exe
  2⤵
  PID:8508
- C:\Windows\System\UfJJGeC.exe
  C:\Windows\System\UfJJGeC.exe
  2⤵
  PID:8532
- C:\Windows\System\yZyHxRv.exe
  C:\Windows\System\yZyHxRv.exe
  2⤵
  PID:8560
- C:\Windows\System\guNxLMR.exe
  C:\Windows\System\guNxLMR.exe
  2⤵
  PID:8616
- C:\Windows\System\LqefSzw.exe
  C:\Windows\System\LqefSzw.exe
  2⤵
  PID:8632
- C:\Windows\System\ZCTncNb.exe
  C:\Windows\System\ZCTncNb.exe
  2⤵
  PID:8660
- C:\Windows\System\OKtrlQa.exe
  C:\Windows\System\OKtrlQa.exe
  2⤵
  PID:8712
- C:\Windows\System\VPlnhDb.exe
  C:\Windows\System\VPlnhDb.exe
  2⤵
  PID:8728
- C:\Windows\System\gEOmiGU.exe
  C:\Windows\System\gEOmiGU.exe
  2⤵
  PID:8736
- C:\Windows\System\plpIkTf.exe
  C:\Windows\System\plpIkTf.exe
  2⤵
  PID:8808
- C:\Windows\System\AvxrlBq.exe
  C:\Windows\System\AvxrlBq.exe
  2⤵
  PID:8840
- C:\Windows\System\ZPNXVHf.exe
  C:\Windows\System\ZPNXVHf.exe
  2⤵
  PID:8880
- C:\Windows\System\HaUIhvA.exe
  C:\Windows\System\HaUIhvA.exe
  2⤵
  PID:8908
- C:\Windows\System\QFPoBPT.exe
  C:\Windows\System\QFPoBPT.exe
  2⤵
  PID:8944
- C:\Windows\System\qrvpgiv.exe
  C:\Windows\System\qrvpgiv.exe
  2⤵
  PID:8804
- C:\Windows\System\unDLrlJ.exe
  C:\Windows\System\unDLrlJ.exe
  2⤵
  PID:8980
- C:\Windows\System\DVENvFe.exe
  C:\Windows\System\DVENvFe.exe
  2⤵
  PID:9028
- C:\Windows\System\adixXoZ.exe
  C:\Windows\System\adixXoZ.exe
  2⤵
  PID:9076
- C:\Windows\System\BnYcUae.exe
  C:\Windows\System\BnYcUae.exe
  2⤵
  PID:9116
- C:\Windows\System\eXghTeO.exe
  C:\Windows\System\eXghTeO.exe
  2⤵
  PID:9132
- C:\Windows\System\dgVPULM.exe
  C:\Windows\System\dgVPULM.exe
  2⤵
  PID:9144
- C:\Windows\System\pmOdLIZ.exe
  C:\Windows\System\pmOdLIZ.exe
  2⤵
  PID:8244
- C:\Windows\System\HNwUwHk.exe
  C:\Windows\System\HNwUwHk.exe
  2⤵
  PID:8308
- C:\Windows\System\xQEtXiJ.exe
  C:\Windows\System\xQEtXiJ.exe
  2⤵
  PID:8320
- C:\Windows\System\fGqDKjB.exe
  C:\Windows\System\fGqDKjB.exe
  2⤵
  PID:8408
- C:\Windows\System\hoGJGlf.exe
  C:\Windows\System\hoGJGlf.exe
  2⤵
  PID:8496
- C:\Windows\System\npPknRT.exe
  C:\Windows\System\npPknRT.exe
  2⤵
  PID:8680
- C:\Windows\System\VQtFPjU.exe
  C:\Windows\System\VQtFPjU.exe
  2⤵
  PID:8708
- C:\Windows\System\CCJipKG.exe
  C:\Windows\System\CCJipKG.exe
  2⤵
  PID:8464
- C:\Windows\System\FMTakUL.exe
  C:\Windows\System\FMTakUL.exe
  2⤵
  PID:8488
- C:\Windows\System\YKETHrp.exe
  C:\Windows\System\YKETHrp.exe
  2⤵
  PID:8780
- C:\Windows\System\wZuwOcl.exe
  C:\Windows\System\wZuwOcl.exe
  2⤵
  PID:8764
- C:\Windows\System\EEbQybZ.exe
  C:\Windows\System\EEbQybZ.exe
  2⤵
  PID:8800
- C:\Windows\System\KQeNeco.exe
  C:\Windows\System\KQeNeco.exe
  2⤵
  PID:8892
- C:\Windows\System\doOesjN.exe
  C:\Windows\System\doOesjN.exe
  2⤵
  PID:8916
- C:\Windows\System\VOwMwem.exe
  C:\Windows\System\VOwMwem.exe
  2⤵
  PID:8940
- C:\Windows\System\HxEbqbB.exe
  C:\Windows\System\HxEbqbB.exe
  2⤵
  PID:9004
- C:\Windows\System\xJGNJqa.exe
  C:\Windows\System\xJGNJqa.exe
  2⤵
  PID:9044
- C:\Windows\System\dcZHFfX.exe
  C:\Windows\System\dcZHFfX.exe
  2⤵
  PID:9064
- C:\Windows\System\ORIRTpM.exe
  C:\Windows\System\ORIRTpM.exe
  2⤵
  PID:9176
- C:\Windows\System\CuCuSNI.exe
  C:\Windows\System\CuCuSNI.exe
  2⤵
  PID:8256
- C:\Windows\System\YctuHOP.exe
  C:\Windows\System\YctuHOP.exe
  2⤵
  PID:8268
- C:\Windows\System\sdNlAsI.exe
  C:\Windows\System\sdNlAsI.exe
  2⤵
  PID:8376
- C:\Windows\System\WptvdwB.exe
  C:\Windows\System\WptvdwB.exe
  2⤵
  PID:8608
- C:\Windows\System\MzvcPbB.exe
  C:\Windows\System\MzvcPbB.exe
  2⤵
  PID:8748
- C:\Windows\System\CVxvkDc.exe
  C:\Windows\System\CVxvkDc.exe
  2⤵
  PID:8752
- C:\Windows\System\luEzEzs.exe
  C:\Windows\System\luEzEzs.exe
  2⤵
  PID:8796
- C:\Windows\System\yrAbyEb.exe
  C:\Windows\System\yrAbyEb.exe
  2⤵
  PID:8876
- C:\Windows\System\OLZPQdA.exe
  C:\Windows\System\OLZPQdA.exe
  2⤵
  PID:8960
- C:\Windows\System\pbXicZo.exe
  C:\Windows\System\pbXicZo.exe
  2⤵
  PID:9100
- C:\Windows\System\KbyfaTT.exe
  C:\Windows\System\KbyfaTT.exe
  2⤵
  PID:9184
- C:\Windows\System\ozBUtmO.exe
  C:\Windows\System\ozBUtmO.exe
  2⤵
  PID:9060
- C:\Windows\System\GLHJsIf.exe
  C:\Windows\System\GLHJsIf.exe
  2⤵
  PID:8676
- C:\Windows\System\qvyKIqE.exe
  C:\Windows\System\qvyKIqE.exe
  2⤵
  PID:8652
- C:\Windows\System\DReTIvg.exe
  C:\Windows\System\DReTIvg.exe
  2⤵
  PID:8556
- C:\Windows\System\sIEKrKZ.exe
  C:\Windows\System\sIEKrKZ.exe
  2⤵
  PID:9164
- C:\Windows\System\FMYEilI.exe
  C:\Windows\System\FMYEilI.exe
  2⤵
  PID:9024
- C:\Windows\System\xmDyRex.exe
  C:\Windows\System\xmDyRex.exe
  2⤵
  PID:8976
- C:\Windows\System\tRdbAxn.exe
  C:\Windows\System\tRdbAxn.exe
  2⤵
  PID:8588
- C:\Windows\System\nAeIeRB.exe
  C:\Windows\System\nAeIeRB.exe
  2⤵
  PID:8280
- C:\Windows\System\qHjietm.exe
  C:\Windows\System\qHjietm.exe
  2⤵
  PID:8424
- C:\Windows\System\WzGYxBJ.exe
  C:\Windows\System\WzGYxBJ.exe
  2⤵
  PID:8428
- C:\Windows\System\KoJhdhE.exe
  C:\Windows\System\KoJhdhE.exe
  2⤵
  PID:8912
- C:\Windows\System\YqCDFZT.exe
  C:\Windows\System\YqCDFZT.exe
  2⤵
  PID:9220
- C:\Windows\System\cgPIXgR.exe
  C:\Windows\System\cgPIXgR.exe
  2⤵
  PID:9244
- C:\Windows\System\XAcPrmx.exe
  C:\Windows\System\XAcPrmx.exe
  2⤵
  PID:9264
- C:\Windows\System\CcUnWmY.exe
  C:\Windows\System\CcUnWmY.exe
  2⤵
  PID:9280
- C:\Windows\System\cKKnQwM.exe
  C:\Windows\System\cKKnQwM.exe
  2⤵
  PID:9308
- C:\Windows\System\XQHRsfq.exe
  C:\Windows\System\XQHRsfq.exe
  2⤵
  PID:9328
- C:\Windows\System\jWJVKlN.exe
  C:\Windows\System\jWJVKlN.exe
  2⤵
  PID:9352
- C:\Windows\System\qeVFtna.exe
  C:\Windows\System\qeVFtna.exe
  2⤵
  PID:9368
- C:\Windows\System\DItIELq.exe
  C:\Windows\System\DItIELq.exe
  2⤵
  PID:9388
- C:\Windows\System\xMysdJf.exe
  C:\Windows\System\xMysdJf.exe
  2⤵
  PID:9408
- C:\Windows\System\LDEOYGL.exe
  C:\Windows\System\LDEOYGL.exe
  2⤵
  PID:9424
- C:\Windows\System\XGjFAQh.exe
  C:\Windows\System\XGjFAQh.exe
  2⤵
  PID:9440
- C:\Windows\System\vfDLoBI.exe
  C:\Windows\System\vfDLoBI.exe
  2⤵
  PID:9456
- C:\Windows\System\xCZEJaD.exe
  C:\Windows\System\xCZEJaD.exe
  2⤵
  PID:9480
- C:\Windows\System\HsZcgFY.exe
  C:\Windows\System\HsZcgFY.exe
  2⤵
  PID:9500
- C:\Windows\System\GdMSTNT.exe
  C:\Windows\System\GdMSTNT.exe
  2⤵
  PID:9532
- C:\Windows\System\xHdVLWM.exe
  C:\Windows\System\xHdVLWM.exe
  2⤵
  PID:9548
- C:\Windows\System\QiDKOzE.exe
  C:\Windows\System\QiDKOzE.exe
  2⤵
  PID:9564
- C:\Windows\System\dLENwdZ.exe
  C:\Windows\System\dLENwdZ.exe
  2⤵
  PID:9580
- C:\Windows\System\UZvWUcK.exe
  C:\Windows\System\UZvWUcK.exe
  2⤵
  PID:9604
- C:\Windows\System\PdcvUWq.exe
  C:\Windows\System\PdcvUWq.exe
  2⤵
  PID:9620
- C:\Windows\System\aINcxND.exe
  C:\Windows\System\aINcxND.exe
  2⤵
  PID:9640
- C:\Windows\System\STVLTDf.exe
  C:\Windows\System\STVLTDf.exe
  2⤵
  PID:9660
- C:\Windows\System\IFIvDbq.exe
  C:\Windows\System\IFIvDbq.exe
  2⤵
  PID:9692
- C:\Windows\System\RFZUMaM.exe
  C:\Windows\System\RFZUMaM.exe
  2⤵
  PID:9712
- C:\Windows\System\SbTjvAf.exe
  C:\Windows\System\SbTjvAf.exe
  2⤵
  PID:9732
- C:\Windows\System\DzYbJCJ.exe
  C:\Windows\System\DzYbJCJ.exe
  2⤵
  PID:9752
- C:\Windows\System\XKtlLUc.exe
  C:\Windows\System\XKtlLUc.exe
  2⤵
  PID:9772
- C:\Windows\System\vtctHwV.exe
  C:\Windows\System\vtctHwV.exe
  2⤵
  PID:9796
- C:\Windows\System\GoOWBRe.exe
  C:\Windows\System\GoOWBRe.exe
  2⤵
  PID:9812
- C:\Windows\System\FXMjRqI.exe
  C:\Windows\System\FXMjRqI.exe
  2⤵
  PID:9832
- C:\Windows\System\QHDpSFq.exe
  C:\Windows\System\QHDpSFq.exe
  2⤵
  PID:9852
- C:\Windows\System\tsNFjFP.exe
  C:\Windows\System\tsNFjFP.exe
  2⤵
  PID:9868
- C:\Windows\System\YmQYncv.exe
  C:\Windows\System\YmQYncv.exe
  2⤵
  PID:9884
- C:\Windows\System\OkYRiUa.exe
  C:\Windows\System\OkYRiUa.exe
  2⤵
  PID:9904
- C:\Windows\System\YEwzDrr.exe
  C:\Windows\System\YEwzDrr.exe
  2⤵
  PID:9924
- C:\Windows\System\ZCUohLp.exe
  C:\Windows\System\ZCUohLp.exe
  2⤵
  PID:9940
- C:\Windows\System\HMJZtcc.exe
  C:\Windows\System\HMJZtcc.exe
  2⤵
  PID:9956
- C:\Windows\System\YTkoAmL.exe
  C:\Windows\System\YTkoAmL.exe
  2⤵
  PID:9976
- C:\Windows\System\FGqlaBM.exe
  C:\Windows\System\FGqlaBM.exe
  2⤵
  PID:9996
- C:\Windows\System\zcMGDnh.exe
  C:\Windows\System\zcMGDnh.exe
  2⤵
  PID:10016
- C:\Windows\System\pqmbNiD.exe
  C:\Windows\System\pqmbNiD.exe
  2⤵
  PID:10040
- C:\Windows\System\xKdcrnM.exe
  C:\Windows\System\xKdcrnM.exe
  2⤵
  PID:10064
- C:\Windows\System\YmZtGUJ.exe
  C:\Windows\System\YmZtGUJ.exe
  2⤵
  PID:10080
- C:\Windows\System\EXfEBig.exe
  C:\Windows\System\EXfEBig.exe
  2⤵
  PID:10112
- C:\Windows\System\MuGfifC.exe
  C:\Windows\System\MuGfifC.exe
  2⤵
  PID:10136
- C:\Windows\System\UtWOpGI.exe
  C:\Windows\System\UtWOpGI.exe
  2⤵
  PID:10156
- C:\Windows\System\MgbzXzZ.exe
  C:\Windows\System\MgbzXzZ.exe
  2⤵
  PID:10176
- C:\Windows\System\LeUShVe.exe
  C:\Windows\System\LeUShVe.exe
  2⤵
  PID:10196
- C:\Windows\System\kmdsMfw.exe
  C:\Windows\System\kmdsMfw.exe
  2⤵
  PID:10212
- C:\Windows\System\FRjHKDb.exe
  C:\Windows\System\FRjHKDb.exe
  2⤵
  PID:10228
- C:\Windows\System\kqhttvk.exe
  C:\Windows\System\kqhttvk.exe
  2⤵
  PID:9240
- C:\Windows\System\MCQSFzG.exe
  C:\Windows\System\MCQSFzG.exe
  2⤵
  PID:9200
- C:\Windows\System\fQviKUf.exe
  C:\Windows\System\fQviKUf.exe
  2⤵
  PID:8484
- C:\Windows\System\TDSEZwk.exe
  C:\Windows\System\TDSEZwk.exe
  2⤵
  PID:9324
- C:\Windows\System\hInjtyY.exe
  C:\Windows\System\hInjtyY.exe
  2⤵
  PID:9300
- C:\Windows\System\QCdlYNh.exe
  C:\Windows\System\QCdlYNh.exe
  2⤵
  PID:9336
- C:\Windows\System\KxoeSHt.exe
  C:\Windows\System\KxoeSHt.exe
  2⤵
  PID:9400
- C:\Windows\System\PWqHlRE.exe
  C:\Windows\System\PWqHlRE.exe
  2⤵
  PID:9384
- C:\Windows\System\DVkSGIm.exe
  C:\Windows\System\DVkSGIm.exe
  2⤵
  PID:9448
- C:\Windows\System\JAqEQdd.exe
  C:\Windows\System\JAqEQdd.exe
  2⤵
  PID:9476
- C:\Windows\System\cRhAcgO.exe
  C:\Windows\System\cRhAcgO.exe
  2⤵
  PID:9524
- C:\Windows\System\hWJfhsK.exe
  C:\Windows\System\hWJfhsK.exe
  2⤵
  PID:9560
- C:\Windows\System\SArFckN.exe
  C:\Windows\System\SArFckN.exe
  2⤵
  PID:9540
- C:\Windows\System\yYrKsOA.exe
  C:\Windows\System\yYrKsOA.exe
  2⤵
  PID:9632
- C:\Windows\System\FgoJlUq.exe
  C:\Windows\System\FgoJlUq.exe
  2⤵
  PID:9656
- C:\Windows\System\ZgwImuD.exe
  C:\Windows\System\ZgwImuD.exe
  2⤵
  PID:9688
- C:\Windows\System\yQuUNgf.exe
  C:\Windows\System\yQuUNgf.exe
  2⤵
  PID:9704
- C:\Windows\System\mupjpbk.exe
  C:\Windows\System\mupjpbk.exe
  2⤵
  PID:9744
- C:\Windows\System\aBJPfrS.exe
  C:\Windows\System\aBJPfrS.exe
  2⤵
  PID:9780
- C:\Windows\System\mWgxfwM.exe
  C:\Windows\System\mWgxfwM.exe
  2⤵
  PID:9844
- C:\Windows\System\qvTIMVl.exe
  C:\Windows\System\qvTIMVl.exe
  2⤵
  PID:9912
- C:\Windows\System\bwNhMQM.exe
  C:\Windows\System\bwNhMQM.exe
  2⤵
  PID:9988
- C:\Windows\System\zphTUTN.exe
  C:\Windows\System\zphTUTN.exe
  2⤵
  PID:10028
- C:\Windows\System\zfEUNxC.exe
  C:\Windows\System\zfEUNxC.exe
  2⤵
  PID:9792
- C:\Windows\System\kjQSVYh.exe
  C:\Windows\System\kjQSVYh.exe
  2⤵
  PID:9864
- C:\Windows\System\ynLRlqt.exe
  C:\Windows\System\ynLRlqt.exe
  2⤵
  PID:9820
- C:\Windows\System\bAWgmGb.exe
  C:\Windows\System\bAWgmGb.exe
  2⤵
  PID:9964
- C:\Windows\System\UoRKpuY.exe
  C:\Windows\System\UoRKpuY.exe
  2⤵
  PID:10088
- C:\Windows\System\oziunOw.exe
  C:\Windows\System\oziunOw.exe
  2⤵
  PID:10124
- C:\Windows\System\XKUBAgy.exe
  C:\Windows\System\XKUBAgy.exe
  2⤵
  PID:10152
- C:\Windows\System\abwUQgX.exe
  C:\Windows\System\abwUQgX.exe
  2⤵
  PID:10168
- C:\Windows\System\XEewBrv.exe
  C:\Windows\System\XEewBrv.exe
  2⤵
  PID:10208
- C:\Windows\System\KaWcwJl.exe
  C:\Windows\System\KaWcwJl.exe
  2⤵
  PID:9232
- C:\Windows\System\VhePcQT.exe
  C:\Windows\System\VhePcQT.exe
  2⤵
  PID:9320
- C:\Windows\System\ybiswbF.exe
  C:\Windows\System\ybiswbF.exe
  2⤵
  PID:10224
- C:\Windows\System\RWGZStu.exe
  C:\Windows\System\RWGZStu.exe
  2⤵
  PID:8836
- C:\Windows\System\eOGTyJj.exe
  C:\Windows\System\eOGTyJj.exe
  2⤵
  PID:9492
- C:\Windows\System\RpuxxqB.exe
  C:\Windows\System\RpuxxqB.exe
  2⤵
  PID:9600
- C:\Windows\System\WheVTsE.exe
  C:\Windows\System\WheVTsE.exe
  2⤵
  PID:9276
- C:\Windows\System\ckTQBPh.exe
  C:\Windows\System\ckTQBPh.exe
  2⤵
  PID:9472
- C:\Windows\System\jazrUnS.exe
  C:\Windows\System\jazrUnS.exe
  2⤵
  PID:9512
- C:\Windows\System\RjlyurH.exe
  C:\Windows\System\RjlyurH.exe
  2⤵
  PID:9628
- C:\Windows\System\hGeyGoZ.exe
  C:\Windows\System\hGeyGoZ.exe
  2⤵
  PID:9728
- C:\Windows\System\iWGJZXa.exe
  C:\Windows\System\iWGJZXa.exe
  2⤵
  PID:9840
- C:\Windows\System\CEMdXyg.exe
  C:\Windows\System\CEMdXyg.exe
  2⤵
  PID:9848
- C:\Windows\System\RVEWsOD.exe
  C:\Windows\System\RVEWsOD.exe
  2⤵
  PID:9952
- C:\Windows\System\RaLyufi.exe
  C:\Windows\System\RaLyufi.exe
  2⤵
  PID:10036
- C:\Windows\System\CXqYcxj.exe
  C:\Windows\System\CXqYcxj.exe
  2⤵
  PID:9824
- C:\Windows\System\zaqXWzk.exe
  C:\Windows\System\zaqXWzk.exe
  2⤵
  PID:10120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BLNNEHy.exe

Filesize
6.0MB

MD5
676eeab7ea518bb588c937399604fcfe

SHA1
0a6ed571f4ed99b43b3390389f010742797b1554

SHA256
e6b3e54531d7255b97532f73358c462fa5dd068d96b6cbbf38e302899acddfde

SHA512
1d5de6c1e26195c6f7390efc02b28719dc0ee090684b40c87ab156e4f8e4875f0bf898696e34020b855c307fe09857a119a71f88bd1527ce6770e72cbe6198ad

Download Submit
C:\Windows\system\DmVVjuO.exe

Filesize
6.0MB

MD5
d17bb6f6be22f4981c4407f2385edc17

SHA1
66c24bcd741f4721262064ac29b842aa9406dbde

SHA256
eae881decb99e43236a7f0613ee55158803c298eb7b1d36c41ede280f824e072

SHA512
1024270f84d4f77a8aa7d0aa0007432ec4f4e37a64e3fbe31fa8f8ff691d604bb47b3f99f6674df9866f66e37d2483b5d52c26844d7dfad9476cb5ffb60b36d7

Download Submit
C:\Windows\system\FCnlreG.exe

Filesize
6.0MB

MD5
536bcee52e1f57d26b08272b742721c3

SHA1
a7e8e5b18b75c7d021bb4eebe8d8a11d2e75cdd8

SHA256
4f5bb9bf040708ea86e8c5cab73f059a2b8a5179279153cce4d93dbd3db8c687

SHA512
93acbb853534dd732cc88f6b9f398a777eac6b73c6feb1ba864dd538b36f35a6fa1f4e13bc516ec5a1a253a0f954b35cdc50e54822fe0c77862ca2fd75269f04

Download Submit
C:\Windows\system\GaHcmls.exe

Filesize
6.0MB

MD5
072269f5c7ebce981a4d8a8e2d99b41d

SHA1
1f0d627f8420139f27fd3b8babee3b1405966afa

SHA256
a038a68cc46e3c55a5436b013152e0c631f381c6dbd298a3e2176413aeab0d38

SHA512
718f0ea8a1d0e9ce8a0187f314f7a55686cae11856d287fdfc7f6c80f6b5e1c795db7b980b9027443593a132c5ed37c3e54bc239cdf188fb2b2bb9bc8a73d55e

Download Submit
C:\Windows\system\GaROdAf.exe

Filesize
6.0MB

MD5
16744192ea576656ebe6ffa7aee821a7

SHA1
45abae1f3a7da6d3f078dc6a51a67d26ee66e359

SHA256
6896dc3238de06136dd0f8af3db20c6177e664f36c01217c0fffd23e22cc650d

SHA512
dc55dc29b2f27be1b271fbee93370563d074c4ae824eda47c22c5b8686a702bffe114d8798f062c8332e780a644eb7570c7fc7f49fa5c0faa0a15ca6268ed36f

Download Submit
C:\Windows\system\HjjaeDV.exe

Filesize
6.0MB

MD5
e2dff8db9db2f335d6d29c384cc2fad7

SHA1
24ee8d9ca880444f38029223d037729c7ce24208

SHA256
e1e979326bb0dd768184c424d78c3ddfaac0d91e8089e147d9bf01b6b2435fd4

SHA512
aa0f2e1585aef9d24b5dae07ba7b1146f5f95b486157dff0f040ded41e183baf794f0ece6a5f6cd4c8816112e1fe67f443e87b01a5ddf9afa25f4f7c4684be77

Download Submit
C:\Windows\system\HztpEYE.exe

Filesize
6.0MB

MD5
1894621be69140adac98d269e0b8df05

SHA1
5a6c2ae468f4d8da48b30e10992a5a5624415cad

SHA256
c61d45d81b72cbec90f5b5e648f7311e1ae3b690a0961c0bfd009d25ef4a04ae

SHA512
5a8865a8317d18973c75e98b8527e93e74da4a5f43ad5a47353b8013800c4cfa851baa2c7ee789cd94d5456628c693ab5d33feafc6b5dd089d953f635dd7c77f

Download Submit
C:\Windows\system\ItOItJz.exe

Filesize
6.0MB

MD5
c59c7dcffc0d54ba30b4dff7903ef583

SHA1
1b81d3f83ff20850fc5d2e4b342e81ecaf037ca9

SHA256
dcc8876d6c6aca26d8bbc9e7ad9f08ef0fa32f0b59e47c0508929cfac2e0f347

SHA512
d1533cca82b33d608d57e3f5dd1d0abcca3083802f78d3a8109546c035a3f35aa767c7f1aeb4d106a068837249607cabfe0973baa915d1621a37beee6369a011

Download Submit
C:\Windows\system\IuVcJKi.exe

Filesize
6.0MB

MD5
3ba676c02a0896e5904dca2cd127b8d6

SHA1
125b823e6e5c1dce3cc52851c8ffaaae89fba5e7

SHA256
23d53b48b69d70f8cf782ccf0740bda4af647f68e622dc9bc63510d30de0a558

SHA512
99be16aca6aa2846a9712ac62e4412b5cac27b3959028505c2bb7cb4601213dab948aed74e8f84fd3f064be06cff9457461619c78aefe4f1fb71a321f8f0266a

Download Submit
C:\Windows\system\NIhPzXq.exe

Filesize
6.0MB

MD5
f9a2bf115d5f031d7cddd6531bde8eab

SHA1
f23c1e78081e2916be729d5ab91a0a4bcaa7d82b

SHA256
0df702f8da5ad57d0af2e3911c19b497cfffcc0e0a69ca8bf26c6fc92f750fc6

SHA512
1db00e736570135ecc0cc39865894987f2a2139aabee51704bb7225d62cadfd1c9cbf312dbacf0986d881b3bc988f0987363bd4b5f617d2deece5c76bb448f6c

Download Submit
C:\Windows\system\NqGqAen.exe

Filesize
6.0MB

MD5
f178e92aba43c2104e6f0cb3f1d16222

SHA1
a83f65f2bf7d46f88c67b4a08b91c5fe909fe8e9

SHA256
604b02c4e87772d10733ecd4f8aab1684dcb7830ea5a1fbb3bef1be47269491d

SHA512
f39dfc7b9fa4c5e291ed562a88727297ec3ae23dc440018c1ff124adfb34e87e718f3bd59ad4730e562496c4423fa622c930e6af3246b35b3deee58716bcb2a6

Download Submit
C:\Windows\system\OErpXLW.exe

Filesize
6.0MB

MD5
05a95e0914ddd3382c941f466d6de318

SHA1
9a5e2f019b96483b205b7490a0d86fefed1a7f8c

SHA256
0ce508c018477772381d3efaa3bcda3dee0b6be73beaa6bc9f958805ac6b165d

SHA512
4010803772a62863a9d082ebe164e7f366e2b0a3df57b0154981b2cc25f94f8c4d6f059aaab002c0498aa20e51f164dd007543ded82982be5f2014c67ca0d7be

Download Submit
C:\Windows\system\RFpHHXj.exe

Filesize
6.0MB

MD5
a93870d2a6156aab039109492e81626f

SHA1
252167f9088797d1ac2e5d3563b14ed9375c3223

SHA256
293a44739f2cca1a4939cf935ae0ac939d71e398de1839787d1a8d92f2b729ea

SHA512
a64abd510bc4392bae64815318ac5004786ea8175df53bc07154f48ba4968ac3477fd859a6ad5345bdd6d55fdd24b2a894a5687c3264e294cc7bc3a6718777ab

Download Submit
C:\Windows\system\UCFFJTy.exe

Filesize
6.0MB

MD5
ad0d25e21da8df15ee03e65d58988689

SHA1
9ba6d9c03c79273c9d666b133cf5877f52e43307

SHA256
4c064778e78930ed2f0419d3cba079524aed9deafe127a2d9e0983b96fe15b64

SHA512
cde13bf7ff3b26d340d3a0b0f528dec2b7eb29609e8616aa3b4668d46de4151274c5403405f52c3d08a9cc1b4557fefceb91df82076eea7bf09634a77f4087e8

Download Submit
C:\Windows\system\VyyXojN.exe

Filesize
6.0MB

MD5
92e741dd60d0d67fda5ea490129567aa

SHA1
3ac6bc8a0fedc7ecc84701c47e14f9602feb6816

SHA256
925b7fa793fcdefb8e7adad1e77d9882f184b579ea34d2fedfb221a21e9f0f8d

SHA512
a4715b7a4935b08008558dbcc0050bcf91ea95d9209933724152b80951db7e793f18780504ce2c0cb5b365cde21d46b0e3487ed93da19528b5473d944fa8d15f

Download Submit
C:\Windows\system\WzajfHp.exe

Filesize
8B

MD5
c22a380e89ef2857e795b92021481c93

SHA1
738dde2b026701738f4315ce16bf21bd0ec173eb

SHA256
c603ffb7ca28c1de2ca2895894d4e67142c82d93a2b9004b2df44ac399ee3200

SHA512
f9aa4ac8af797109ae2816361a5c1641a6a929f24181b12a57c120171dbb69a9d4baeaae15aafc42a1ad346c5383eb9fcf996b9b4f4bf80b5810f8e47ca97be2

Download Submit
C:\Windows\system\XFJlRpf.exe

Filesize
6.0MB

MD5
19c3800ece1714782b1cdcd2eb4757ac

SHA1
de8b48830839eb6a91308a22aa4e3af2a674bf94

SHA256
722b64a4c9f7541da88d420a55cee1edcc4903707bb975fe3b4680d55a7420cc

SHA512
f5a35025feedad10b1ea1945681337431ec99ed796d0cf540ebf4386a9d57eacda367e454154030849170c6977f564c3d7b47a5f93f9c986c7d3955cf1c38a03

Download Submit
C:\Windows\system\YZmdiOh.exe

Filesize
6.0MB

MD5
1db481a0aaa71de5bc5884ed4cb20318

SHA1
b58ec1060fac4ace675e02c6891c54a7388b3f27

SHA256
962861f732d5a2ca0836a12d2d12f54bc65d751da03eae5da437d0e9d7c80643

SHA512
6c372f1a0eab42643832c7ea6e0ac6431bfe57571272c4f030b59c1391be272814a4cd970b4bc297f824fb1257a794557fb5daa8a8099024f2632ada80bc8da2

Download Submit
C:\Windows\system\ZGakCQS.exe

Filesize
6.0MB

MD5
90a673c8853c25b5d7e3f9d102ae50bf

SHA1
9ea4c4a537833b29264b732dc4a7743b83e16a1b

SHA256
864db0e99c23ec887923809a61850b824a62749612115ad8a77df93e3f136991

SHA512
f6cdb44da90941be9beafc22946132d2d6f4eb32ecae251fd1b04af73776603958e7d84857be457d26134e7f540ab7786bc6d041a4ed30d4d9cae5cbf9024899

Download Submit
C:\Windows\system\ZPzMTgK.exe

Filesize
6.0MB

MD5
ff27300fd85138c026fd8868d582a739

SHA1
ec4fb626761b23442cbd94bd8a0c2fa948a7c734

SHA256
07230c812573430c35bc09a4cb95d06518f5198b409574fd9d7d895266238aea

SHA512
e682689824bcde970490b93ec0951c3cad230a364afa0161d13f0381f3d22bd78444df4224481a62264c552e5c58d3808cabb5199ccf05d3038f4f083c41c7b1

Download Submit
C:\Windows\system\btRJFXr.exe

Filesize
6.0MB

MD5
6a3745b9de24b1d7448fa91c3901004b

SHA1
6bc26f53f1cb755b2a0c6f5a0f0708a9e54152b3

SHA256
48f6b32d75eee27b155818d29c1778cf1287b6cecabfe1881574e2d1183dbd1b

SHA512
5af458c5e25851bfa893416ac3eacf76f471448d0e2fce44520b81119182bf8f49dad0a8a5befa70fa5045689decc86758c9ad420743001049a646de1d5a362c

Download Submit
C:\Windows\system\dkwrQhU.exe

Filesize
6.0MB

MD5
a9e68679d5b0a56178827c3d41aeca04

SHA1
99c5d21b31d93fc007cf99ba875c48306f0c8268

SHA256
d52712388127d1c622b3cdb05022874ecc19e7675c792c36f4662212a593c0aa

SHA512
904922510df149f24e0d4e38ba92885957410e192a1c59de7f4bcf0e2545b6d5d8dd27e4519855b36c533331ae470e15168eec08ebf794888441b245df62bc0d

Download Submit
C:\Windows\system\fxZUqFQ.exe

Filesize
6.0MB

MD5
34f59900ab037fbd8915b882e42c79e8

SHA1
e7187f94655e451d606d609ad66331ecb0d8d8e3

SHA256
0aa80ccb7f9127d13b0550edc99b94b9e14f68d21fb92cdb70916fb00fca708c

SHA512
9a6d4f80349a0bf421c09d4d22fcece373c4bf228eb302070176b2a2616879bd9aae6c29c267ab7dfa469c3cae208866e9c1d2caf2fd9d26d19baabf7268cca8

Download Submit
C:\Windows\system\gGfaKRm.exe

Filesize
6.0MB

MD5
f1596ff592cdeca612c08c8c47a4e506

SHA1
aa41aaa7d4fa18e976d85f1d035edd73ce42c0bf

SHA256
5861e01703db1b343e810c52a7d5afae7892f2e1dce423d4b295253bd158b958

SHA512
7c9a3df0fb3671bcf7b1a6f6314b828869722e6683f5c6b3502951338dba30260660cd6b9c0f367ed4225426d12a14eaa2ce4aeeca6c30f136d981cb0167b852

Download Submit
C:\Windows\system\mFXgpIq.exe

Filesize
6.0MB

MD5
a0a3da31ff6c1f1bbcb03da84ebae896

SHA1
20a6781f9781a17833f90e49ca175b848e543c32

SHA256
a5bc08331fe714cc88bcb48f0eb4b95ba876ce3af3765e23a38cd1b4ec70d47d

SHA512
135677d91d51f9716644fd3b7d6d5af9ae1f1310aacae3e1521d642a9354d7b4915d707b90b71f0f15f0feb54fbbaf25ffb46dc268955e9c56aa11783c321046

Download Submit
C:\Windows\system\pxMCkvH.exe

Filesize
6.0MB

MD5
c20534e2df30e6ff2f75f59919fc9673

SHA1
f63e4dd9d3b999b5b4705eea9cff596faf16944c

SHA256
3e1375e609eff43c6f320c512812c2268b087fae89e050b313b1bfd239af3e2d

SHA512
d23b29bda652f149df2c2f37932ff3e04fd0aae1089dd98124e8a45232b946467b2093e0adac67302918b38c0adbdbe5f389a29c0c9229c7517895d41761694d

Download Submit
C:\Windows\system\rlqNbqo.exe

Filesize
6.0MB

MD5
9f9899bb41f3e51d0085227c2fb5e706

SHA1
4c21d913a63468196ef97b69cbc8032dc8b2a1e8

SHA256
e79ca07baac3843132e7f07db59f417c09e745e8321a0d18708fd436307d4760

SHA512
819aa84ec6a944ab63201555d8315f915d96764472aa12f6aa412e5af063f01e871e71437c66153b722f29b94d9bf3039105e4fa65f714a6ce20c0df002b1f88

Download Submit
C:\Windows\system\uUkAyoa.exe

Filesize
6.0MB

MD5
1f1afe9d947f4af0bc820b95dd946d3c

SHA1
98df45580233092c630d89c77ff61d898702cc03

SHA256
74e9e9eca620007a942dbdc106b749b1a8f15324a6725c644699e29eedebe55e

SHA512
1b2df5155105b2d797ca846341137e136ff1e1c7ef3a39e8a26138ac1e7001a02f3484a96ac24fef0b0a188ac6fdf799d28fb27e2bd74ea5bb51c3f137440d59

Download Submit
C:\Windows\system\uhZORLP.exe

Filesize
6.0MB

MD5
329a626c1414d51f797cff757a478f0a

SHA1
a424530d551ff0644d86e190b2ebc2fc8296421d

SHA256
5a0d9d9219d004883acc519a0f4fbc377467b48d16780f5d7f8293c930cd4a9d

SHA512
79e3a77e8a9711baf80e94109750a35b58244a97aa4a85c2b5dfc55be7eaf16d17fd338a27a1fb86db3ecf9981fef01558b643e2f6be9219933c9427ba5bcc51

Download Submit
C:\Windows\system\wEJzFXi.exe

Filesize
6.0MB

MD5
2d137d495aff8b332a8da860d890978f

SHA1
e7fbc91de937da3158fd4fb42eeede70d3ea36a4

SHA256
f93292f7c0d7b55d66c64bf6d5183808ebfbfab031e5c3c2777c777abe26a05f

SHA512
ccbdc17ca9627015083d71ceba852e5d00a07d605cfcc2a6c107fbe3626111d9c465f2f335c3091361d6dcb6c0aead348261df601a3b1de9cbca82b359b93a4f

Download Submit
\Windows\system\NVLRUKo.exe

Filesize
6.0MB

MD5
bb620e8a10f6cd9c0976889e5841fa24

SHA1
cf48f8df8854084c43d5baf4cee58f8a46d53f88

SHA256
5ae39ebded1f580d18e77533ba4b16d573ec7eab6ba5c8942c000cc404013adc

SHA512
f38bf4fae71cf73e39b115117564f6c3c8c82cb9add183c6d8d42279cd212dc5841f6b4105caa76670867a90e009922b56165a488b9dae1bc0cdd8ddb834c0b2

Download Submit
\Windows\system\sesIJbl.exe

Filesize
6.0MB

MD5
01dff3d85496a1d1dd8accd797515767

SHA1
d2aa8a3803093c6cd1d70bd7cf0fbae9747f2c4f

SHA256
f5324e7e62b92e827feae7060a2386d69cfdc6b1cc1a0a2ae70a3af2fcf19313

SHA512
cf37bed966f7440830db60263c7ad4b2930306b7b6994938ddcb0e81c0df063e2cf69a772adaab10cba78dfafee555b7a5a71ed87aeaf27b9b706e28897ef536

Download Submit
\Windows\system\zLPdhiq.exe

Filesize
6.0MB

MD5
1519d8e3c64f2c8d2cd5c461b59a010b

SHA1
6cacb9dbdf051700416ec79e6644e4227ae1986f

SHA256
9e003ed7b94d4aa5c78eb5df147f546a66d8a3bb84e5f789113ccffb434b8477

SHA512
5431ace7bc4bba9bddffc541672fcbc5e9ba46e28bb5712e113a482964a41c613890876eef0019a9b8fd2ea125adb027d7944edfff000455b2a6302ec90da1e1

Download Submit
memory/800-16-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/800-3888-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/800-56-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/888-609-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/888-3921-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/888-85-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/1376-93-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1376-795-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1376-4040-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2024-105-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-53-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2024-29-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-74-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-882-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2024-18-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2024-23-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2024-37-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2024-104-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2024-1034-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-697-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-66-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2024-323-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-57-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-0-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-96-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-95-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2040-3908-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2040-51-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2040-7-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2540-48-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-3939-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-100-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-3923-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-936-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-69-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2604-232-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3934-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3882-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2640-73-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2644-99-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2644-60-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3941-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2648-92-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-54-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-4050-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-77-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-423-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4007-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3940-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2748-81-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2748-33-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3928-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-84-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-50-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-65-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/3048-20-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3904-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download