cobaltstrike | 67bf05d3c350f114c206bb0f221926bf9f6c9dce886b70e3c1e562f88a28491c

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
31-01-2025 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

94885a869b73fd60432485ca1c285c25
SHA1

72e9ab2fa74df87e7dabd59957faba9049c9c04c
SHA256

67bf05d3c350f114c206bb0f221926bf9f6c9dce886b70e3c1e562f88a28491c
SHA512

84c6e58af68ca37c87a00eb45340b5cedde42fbd336dbf2f0603b6cee13b00e85241b415d78994ed762da51bce0982e0ba826530eb94711e1dd4501e5a7e2e68
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUZ:T+q56utgpPF8u/7Z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012257-3.dat	cobalt_reflective_dll
behavioral1/files/0x0033000000018650-20.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c5-21.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186bf-23.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c9-22.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018703-38.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001925b-40.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019603-51.dat	cobalt_reflective_dll
behavioral1/files/0x0030000000017021-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-71.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019659-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a071-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41c-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41a-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a355-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a303-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09a-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07a-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb8-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db5-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9a-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019da9-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d40-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d18-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c50-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c32-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019999-107.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ed-98.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001969b-90.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2844-0-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x000d000000012257-3.dat	xmrig
behavioral1/files/0x0033000000018650-20.dat	xmrig
behavioral1/files/0x00060000000186c5-21.dat	xmrig
behavioral1/files/0x00060000000186bf-23.dat	xmrig
behavioral1/files/0x00060000000186c9-22.dat	xmrig
behavioral1/memory/2116-10-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2988-28-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/files/0x0008000000018703-38.dat	xmrig
behavioral1/memory/2724-39-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/files/0x000700000001925b-40.dat	xmrig
behavioral1/memory/2748-36-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2844-35-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2892-34-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2828-32-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2116-54-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x0005000000019603-51.dat	xmrig
behavioral1/files/0x0030000000017021-65.dat	xmrig
behavioral1/memory/1860-69-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/files/0x0005000000019605-67.dat	xmrig
behavioral1/files/0x0005000000019615-71.dat	xmrig
behavioral1/files/0x0005000000019659-80.dat	xmrig
behavioral1/memory/1984-87-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/files/0x000500000001a071-162.dat	xmrig
behavioral1/memory/2916-812-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2560-956-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2412-393-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2844-335-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/1860-239-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41c-193.dat	xmrig
behavioral1/files/0x000500000001a41a-187.dat	xmrig
behavioral1/files/0x000500000001a355-182.dat	xmrig
behavioral1/files/0x000500000001a303-177.dat	xmrig
behavioral1/files/0x000500000001a09a-172.dat	xmrig
behavioral1/files/0x000500000001a07a-167.dat	xmrig
behavioral1/files/0x0005000000019fb8-157.dat	xmrig
behavioral1/files/0x0005000000019db5-147.dat	xmrig
behavioral1/files/0x0005000000019f9a-152.dat	xmrig
behavioral1/files/0x0005000000019da9-142.dat	xmrig
behavioral1/files/0x0005000000019d40-137.dat	xmrig
behavioral1/files/0x0005000000019d18-132.dat	xmrig
behavioral1/files/0x0005000000019c50-127.dat	xmrig
behavioral1/files/0x0005000000019c34-118.dat	xmrig
behavioral1/files/0x0005000000019c36-122.dat	xmrig
behavioral1/files/0x0005000000019c32-112.dat	xmrig
behavioral1/files/0x0005000000019999-107.dat	xmrig
behavioral1/memory/2844-105-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/memory/1488-104-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2560-100-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x00050000000196ed-98.dat	xmrig
behavioral1/memory/2916-92-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/1648-91-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/files/0x000500000001969b-90.dat	xmrig
behavioral1/memory/2724-86-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2412-77-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2844-74-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2828-73-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2988-72-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/1488-66-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/1476-64-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/1648-61-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2844-50-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2724-3577-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2116-3585-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2116	xABfvRh.exe
2988	HbKCwjj.exe
2828	IzkYVsP.exe
2892	jiMguQV.exe
2748	zsctieD.exe
2724	Hdesten.exe
1648	DZQsyXI.exe
1476	mLuHkRs.exe
1488	rqNRBhi.exe
1860	hydPwZV.exe
2412	XjYVstN.exe
1984	FMLmwnM.exe
2916	VyCtMKo.exe
2560	eHlgfVj.exe
3020	jvUbaUM.exe
2888	tbzdGYF.exe
2420	sZSCCub.exe
1044	WCqLCcN.exe
1596	OAGszMp.exe
1988	NVZDBgK.exe
1460	QCtdBDB.exe
2288	iUUfHfo.exe
2132	VYaWgRJ.exe
2476	jZfFgal.exe
2312	mVzfghn.exe
2664	WxRrQKd.exe
1040	pZcWOdD.exe
2316	TJnGbkm.exe
1640	HiTXvoH.exe
1976	VLbrZXn.exe
348	aAbZpHo.exe
1656	bfnWfQW.exe
1600	JQwcJNx.exe
2284	WAhiNfs.exe
1868	FYKJHat.exe
1712	EjJtoaT.exe
1520	gxaHIgp.exe
1932	uftQOFe.exe
1680	wJEiBdm.exe
916	rZctXvE.exe
2628	lDXgowy.exe
2612	TezyNpn.exe
2512	UISBhop.exe
2408	AICuKyp.exe
1764	ORYJkAG.exe
1924	ZAEvoui.exe
1720	hdXrSYv.exe
1864	MLzESUo.exe
988	TtUfyIU.exe
892	YiCQCpB.exe
2588	wBFjrJV.exe
2632	hNpdsOw.exe
1580	NdkZQKk.exe
2820	YhzzgcH.exe
2700	btOeYGj.exe
2860	mfTXNuf.exe
2708	hynSYdu.exe
2552	rSYuyfP.exe
3036	pnLZjwC.exe
1688	tvqAkkQ.exe
2384	mrGEGfw.exe
2372	hQTyMfi.exe
2528	GNklYln.exe
2876	IJCSHqx.exe

Loads dropped DLL 64 IoCs

pid	Process
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2844-0-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x000d000000012257-3.dat	upx
behavioral1/files/0x0033000000018650-20.dat	upx
behavioral1/files/0x00060000000186c5-21.dat	upx
behavioral1/files/0x00060000000186bf-23.dat	upx
behavioral1/files/0x00060000000186c9-22.dat	upx
behavioral1/memory/2116-10-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2988-28-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/files/0x0008000000018703-38.dat	upx
behavioral1/memory/2724-39-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/files/0x000700000001925b-40.dat	upx
behavioral1/memory/2748-36-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2892-34-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2828-32-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2116-54-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x0005000000019603-51.dat	upx
behavioral1/files/0x0030000000017021-65.dat	upx
behavioral1/memory/1860-69-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/files/0x0005000000019605-67.dat	upx
behavioral1/files/0x0005000000019615-71.dat	upx
behavioral1/files/0x0005000000019659-80.dat	upx
behavioral1/memory/1984-87-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/files/0x000500000001a071-162.dat	upx
behavioral1/memory/2916-812-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2560-956-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2412-393-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/1860-239-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/files/0x000500000001a41c-193.dat	upx
behavioral1/files/0x000500000001a41a-187.dat	upx
behavioral1/files/0x000500000001a355-182.dat	upx
behavioral1/files/0x000500000001a303-177.dat	upx
behavioral1/files/0x000500000001a09a-172.dat	upx
behavioral1/files/0x000500000001a07a-167.dat	upx
behavioral1/files/0x0005000000019fb8-157.dat	upx
behavioral1/files/0x0005000000019db5-147.dat	upx
behavioral1/files/0x0005000000019f9a-152.dat	upx
behavioral1/files/0x0005000000019da9-142.dat	upx
behavioral1/files/0x0005000000019d40-137.dat	upx
behavioral1/files/0x0005000000019d18-132.dat	upx
behavioral1/files/0x0005000000019c50-127.dat	upx
behavioral1/files/0x0005000000019c34-118.dat	upx
behavioral1/files/0x0005000000019c36-122.dat	upx
behavioral1/files/0x0005000000019c32-112.dat	upx
behavioral1/files/0x0005000000019999-107.dat	upx
behavioral1/memory/1488-104-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2560-100-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x00050000000196ed-98.dat	upx
behavioral1/memory/2916-92-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/1648-91-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/files/0x000500000001969b-90.dat	upx
behavioral1/memory/2724-86-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2412-77-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2828-73-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2988-72-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/1488-66-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/1476-64-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/1648-61-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2844-50-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2724-3577-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2116-3585-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2748-3586-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2988-3567-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2828-3561-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2892-3591-0x000000013F100000-0x000000013F454000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\yEPCDbU.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zjPuYSP.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jXVvURy.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FcxIVfh.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHwQIfn.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WaUHkTC.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tevLZNd.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gHFXfnw.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RyBMCco.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LsMWVMP.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FNxxuRX.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TgPFQXK.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzQrbBf.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sKHPqCr.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xRMGFsV.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FqqwNwn.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mlteAsq.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rRvRLPr.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QXPCLTg.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\niHUhfl.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cuPZhKc.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MQsHUIm.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IqctWoS.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QgUDbBV.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BMIIocw.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IwcJFWB.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qaLAxqS.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oRvIuKN.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TJsBTtV.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qRbYilc.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CvwTpoU.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ROXcFTB.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jpTmWDE.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XsamjLu.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FaoUILE.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XvVaFZl.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WsBzGAS.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mcKPouU.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CsvsJwo.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DLrLNdR.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FqqDKFG.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JYSHxnv.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tDDpNBz.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hoYkZPg.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AxnQsOQ.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KRcgFsg.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eHsKfzE.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AkcdgZc.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qscbcex.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MMdQKon.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nBCoVnj.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZrAAGuR.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\faRLeVf.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hEworcc.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\skoOVGo.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\npTdQke.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LpOPgKD.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uyyjELJ.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\shAJkhN.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TyOwWuV.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IJlOUGw.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kXBkcja.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CScrBFh.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QfTpigG.exe	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2116	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2844 wrote to memory of 2116	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2844 wrote to memory of 2116	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2844 wrote to memory of 2988	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2844 wrote to memory of 2988	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2844 wrote to memory of 2988	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2844 wrote to memory of 2892	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2844 wrote to memory of 2892	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2844 wrote to memory of 2892	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2844 wrote to memory of 2828	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2844 wrote to memory of 2828	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2844 wrote to memory of 2828	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2844 wrote to memory of 2748	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2844 wrote to memory of 2748	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2844 wrote to memory of 2748	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2844 wrote to memory of 2724	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2844 wrote to memory of 2724	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2844 wrote to memory of 2724	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2844 wrote to memory of 1648	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2844 wrote to memory of 1648	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2844 wrote to memory of 1648	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2844 wrote to memory of 1488	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2844 wrote to memory of 1488	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2844 wrote to memory of 1488	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2844 wrote to memory of 1476	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2844 wrote to memory of 1476	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2844 wrote to memory of 1476	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2844 wrote to memory of 1860	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2844 wrote to memory of 1860	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2844 wrote to memory of 1860	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2844 wrote to memory of 2412	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2844 wrote to memory of 2412	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2844 wrote to memory of 2412	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2844 wrote to memory of 1984	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2844 wrote to memory of 1984	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2844 wrote to memory of 1984	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2844 wrote to memory of 2916	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2844 wrote to memory of 2916	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2844 wrote to memory of 2916	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2844 wrote to memory of 2560	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2844 wrote to memory of 2560	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2844 wrote to memory of 2560	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2844 wrote to memory of 3020	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2844 wrote to memory of 3020	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2844 wrote to memory of 3020	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2844 wrote to memory of 2888	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2844 wrote to memory of 2888	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2844 wrote to memory of 2888	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2844 wrote to memory of 2420	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2844 wrote to memory of 2420	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2844 wrote to memory of 2420	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2844 wrote to memory of 1044	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2844 wrote to memory of 1044	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2844 wrote to memory of 1044	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2844 wrote to memory of 1596	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2844 wrote to memory of 1596	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2844 wrote to memory of 1596	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2844 wrote to memory of 1988	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2844 wrote to memory of 1988	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2844 wrote to memory of 1988	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2844 wrote to memory of 1460	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2844 wrote to memory of 1460	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2844 wrote to memory of 1460	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2844 wrote to memory of 2288	2844	2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_94885a869b73fd60432485ca1c285c25_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Windows\System\xABfvRh.exe
  C:\Windows\System\xABfvRh.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\HbKCwjj.exe
  C:\Windows\System\HbKCwjj.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\jiMguQV.exe
  C:\Windows\System\jiMguQV.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\IzkYVsP.exe
  C:\Windows\System\IzkYVsP.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\zsctieD.exe
  C:\Windows\System\zsctieD.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\Hdesten.exe
  C:\Windows\System\Hdesten.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\DZQsyXI.exe
  C:\Windows\System\DZQsyXI.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\rqNRBhi.exe
  C:\Windows\System\rqNRBhi.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\mLuHkRs.exe
  C:\Windows\System\mLuHkRs.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\hydPwZV.exe
  C:\Windows\System\hydPwZV.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\XjYVstN.exe
  C:\Windows\System\XjYVstN.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\FMLmwnM.exe
  C:\Windows\System\FMLmwnM.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\VyCtMKo.exe
  C:\Windows\System\VyCtMKo.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\eHlgfVj.exe
  C:\Windows\System\eHlgfVj.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\jvUbaUM.exe
  C:\Windows\System\jvUbaUM.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\tbzdGYF.exe
  C:\Windows\System\tbzdGYF.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\sZSCCub.exe
  C:\Windows\System\sZSCCub.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\WCqLCcN.exe
  C:\Windows\System\WCqLCcN.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\OAGszMp.exe
  C:\Windows\System\OAGszMp.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\NVZDBgK.exe
  C:\Windows\System\NVZDBgK.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\QCtdBDB.exe
  C:\Windows\System\QCtdBDB.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\iUUfHfo.exe
  C:\Windows\System\iUUfHfo.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\VYaWgRJ.exe
  C:\Windows\System\VYaWgRJ.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\jZfFgal.exe
  C:\Windows\System\jZfFgal.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\mVzfghn.exe
  C:\Windows\System\mVzfghn.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\WxRrQKd.exe
  C:\Windows\System\WxRrQKd.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\pZcWOdD.exe
  C:\Windows\System\pZcWOdD.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\TJnGbkm.exe
  C:\Windows\System\TJnGbkm.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\HiTXvoH.exe
  C:\Windows\System\HiTXvoH.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\VLbrZXn.exe
  C:\Windows\System\VLbrZXn.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\aAbZpHo.exe
  C:\Windows\System\aAbZpHo.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\bfnWfQW.exe
  C:\Windows\System\bfnWfQW.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\JQwcJNx.exe
  C:\Windows\System\JQwcJNx.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\WAhiNfs.exe
  C:\Windows\System\WAhiNfs.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\FYKJHat.exe
  C:\Windows\System\FYKJHat.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\EjJtoaT.exe
  C:\Windows\System\EjJtoaT.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\gxaHIgp.exe
  C:\Windows\System\gxaHIgp.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\uftQOFe.exe
  C:\Windows\System\uftQOFe.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\wJEiBdm.exe
  C:\Windows\System\wJEiBdm.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\rZctXvE.exe
  C:\Windows\System\rZctXvE.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\lDXgowy.exe
  C:\Windows\System\lDXgowy.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\TezyNpn.exe
  C:\Windows\System\TezyNpn.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\UISBhop.exe
  C:\Windows\System\UISBhop.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\AICuKyp.exe
  C:\Windows\System\AICuKyp.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\ORYJkAG.exe
  C:\Windows\System\ORYJkAG.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\ZAEvoui.exe
  C:\Windows\System\ZAEvoui.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\hdXrSYv.exe
  C:\Windows\System\hdXrSYv.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\MLzESUo.exe
  C:\Windows\System\MLzESUo.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\TtUfyIU.exe
  C:\Windows\System\TtUfyIU.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\YiCQCpB.exe
  C:\Windows\System\YiCQCpB.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\wBFjrJV.exe
  C:\Windows\System\wBFjrJV.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\hNpdsOw.exe
  C:\Windows\System\hNpdsOw.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\NdkZQKk.exe
  C:\Windows\System\NdkZQKk.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\YhzzgcH.exe
  C:\Windows\System\YhzzgcH.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\btOeYGj.exe
  C:\Windows\System\btOeYGj.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\mfTXNuf.exe
  C:\Windows\System\mfTXNuf.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\hynSYdu.exe
  C:\Windows\System\hynSYdu.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\rSYuyfP.exe
  C:\Windows\System\rSYuyfP.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\pnLZjwC.exe
  C:\Windows\System\pnLZjwC.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\tvqAkkQ.exe
  C:\Windows\System\tvqAkkQ.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\mrGEGfw.exe
  C:\Windows\System\mrGEGfw.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\hQTyMfi.exe
  C:\Windows\System\hQTyMfi.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\GNklYln.exe
  C:\Windows\System\GNklYln.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\IJCSHqx.exe
  C:\Windows\System\IJCSHqx.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\YvJLiXf.exe
  C:\Windows\System\YvJLiXf.exe
  2⤵
  PID:2076
- C:\Windows\System\oHCGlLv.exe
  C:\Windows\System\oHCGlLv.exe
  2⤵
  PID:1456
- C:\Windows\System\eLRanIA.exe
  C:\Windows\System\eLRanIA.exe
  2⤵
  PID:628
- C:\Windows\System\SevwfnC.exe
  C:\Windows\System\SevwfnC.exe
  2⤵
  PID:2180
- C:\Windows\System\gixJlVh.exe
  C:\Windows\System\gixJlVh.exe
  2⤵
  PID:1816
- C:\Windows\System\XJARaWn.exe
  C:\Windows\System\XJARaWn.exe
  2⤵
  PID:2100
- C:\Windows\System\igcKOoW.exe
  C:\Windows\System\igcKOoW.exe
  2⤵
  PID:896
- C:\Windows\System\VgcPPoM.exe
  C:\Windows\System\VgcPPoM.exe
  2⤵
  PID:1784
- C:\Windows\System\ojbLRJE.exe
  C:\Windows\System\ojbLRJE.exe
  2⤵
  PID:1972
- C:\Windows\System\RWIjMbd.exe
  C:\Windows\System\RWIjMbd.exe
  2⤵
  PID:1332
- C:\Windows\System\WOBnxra.exe
  C:\Windows\System\WOBnxra.exe
  2⤵
  PID:300
- C:\Windows\System\sbXtqOD.exe
  C:\Windows\System\sbXtqOD.exe
  2⤵
  PID:1524
- C:\Windows\System\dOpobCL.exe
  C:\Windows\System\dOpobCL.exe
  2⤵
  PID:1032
- C:\Windows\System\EGCbWac.exe
  C:\Windows\System\EGCbWac.exe
  2⤵
  PID:1048
- C:\Windows\System\bdmiDzL.exe
  C:\Windows\System\bdmiDzL.exe
  2⤵
  PID:612
- C:\Windows\System\tuItXiT.exe
  C:\Windows\System\tuItXiT.exe
  2⤵
  PID:1692
- C:\Windows\System\XdiEluB.exe
  C:\Windows\System\XdiEluB.exe
  2⤵
  PID:2520
- C:\Windows\System\UpeEQYV.exe
  C:\Windows\System\UpeEQYV.exe
  2⤵
  PID:1576
- C:\Windows\System\TlQhCni.exe
  C:\Windows\System\TlQhCni.exe
  2⤵
  PID:2752
- C:\Windows\System\eHtrNsS.exe
  C:\Windows\System\eHtrNsS.exe
  2⤵
  PID:1508
- C:\Windows\System\EKDtALC.exe
  C:\Windows\System\EKDtALC.exe
  2⤵
  PID:2488
- C:\Windows\System\WcRnNNv.exe
  C:\Windows\System\WcRnNNv.exe
  2⤵
  PID:1192
- C:\Windows\System\FNBIxOw.exe
  C:\Windows\System\FNBIxOw.exe
  2⤵
  PID:1592
- C:\Windows\System\JSRBjaP.exe
  C:\Windows\System\JSRBjaP.exe
  2⤵
  PID:1584
- C:\Windows\System\FycCmmw.exe
  C:\Windows\System\FycCmmw.exe
  2⤵
  PID:2176
- C:\Windows\System\XNIpTSa.exe
  C:\Windows\System\XNIpTSa.exe
  2⤵
  PID:1668
- C:\Windows\System\FcKOJlG.exe
  C:\Windows\System\FcKOJlG.exe
  2⤵
  PID:2300
- C:\Windows\System\DJoQqCx.exe
  C:\Windows\System\DJoQqCx.exe
  2⤵
  PID:796
- C:\Windows\System\PwCjfxC.exe
  C:\Windows\System\PwCjfxC.exe
  2⤵
  PID:1800
- C:\Windows\System\TPBSSoF.exe
  C:\Windows\System\TPBSSoF.exe
  2⤵
  PID:2008
- C:\Windows\System\CmUHKEK.exe
  C:\Windows\System\CmUHKEK.exe
  2⤵
  PID:1612
- C:\Windows\System\nwPGfrb.exe
  C:\Windows\System\nwPGfrb.exe
  2⤵
  PID:2216
- C:\Windows\System\KWYfGiM.exe
  C:\Windows\System\KWYfGiM.exe
  2⤵
  PID:2056
- C:\Windows\System\CwSymLB.exe
  C:\Windows\System\CwSymLB.exe
  2⤵
  PID:1496
- C:\Windows\System\GEUjfuO.exe
  C:\Windows\System\GEUjfuO.exe
  2⤵
  PID:1660
- C:\Windows\System\gJbksab.exe
  C:\Windows\System\gJbksab.exe
  2⤵
  PID:1796
- C:\Windows\System\WYBdplP.exe
  C:\Windows\System\WYBdplP.exe
  2⤵
  PID:908
- C:\Windows\System\oCAwCEL.exe
  C:\Windows\System\oCAwCEL.exe
  2⤵
  PID:1812
- C:\Windows\System\XGhKJcU.exe
  C:\Windows\System\XGhKJcU.exe
  2⤵
  PID:2616
- C:\Windows\System\UfgcMPo.exe
  C:\Windows\System\UfgcMPo.exe
  2⤵
  PID:2508
- C:\Windows\System\bHJoOii.exe
  C:\Windows\System\bHJoOii.exe
  2⤵
  PID:1152
- C:\Windows\System\AkcdgZc.exe
  C:\Windows\System\AkcdgZc.exe
  2⤵
  PID:2236
- C:\Windows\System\TlOpcFS.exe
  C:\Windows\System\TlOpcFS.exe
  2⤵
  PID:2464
- C:\Windows\System\OIxRlCf.exe
  C:\Windows\System\OIxRlCf.exe
  2⤵
  PID:2280
- C:\Windows\System\pJNLeko.exe
  C:\Windows\System\pJNLeko.exe
  2⤵
  PID:3064
- C:\Windows\System\DzcThNK.exe
  C:\Windows\System\DzcThNK.exe
  2⤵
  PID:2912
- C:\Windows\System\qhRVhyL.exe
  C:\Windows\System\qhRVhyL.exe
  2⤵
  PID:2504
- C:\Windows\System\FYAvYme.exe
  C:\Windows\System\FYAvYme.exe
  2⤵
  PID:2264
- C:\Windows\System\zDntkEz.exe
  C:\Windows\System\zDntkEz.exe
  2⤵
  PID:1948
- C:\Windows\System\YtWiUSi.exe
  C:\Windows\System\YtWiUSi.exe
  2⤵
  PID:1664
- C:\Windows\System\MKpNukh.exe
  C:\Windows\System\MKpNukh.exe
  2⤵
  PID:2540
- C:\Windows\System\biphDaS.exe
  C:\Windows\System\biphDaS.exe
  2⤵
  PID:3084
- C:\Windows\System\OWyXZAZ.exe
  C:\Windows\System\OWyXZAZ.exe
  2⤵
  PID:3108
- C:\Windows\System\VIkqENI.exe
  C:\Windows\System\VIkqENI.exe
  2⤵
  PID:3128
- C:\Windows\System\nqshGVR.exe
  C:\Windows\System\nqshGVR.exe
  2⤵
  PID:3148
- C:\Windows\System\fjnboDr.exe
  C:\Windows\System\fjnboDr.exe
  2⤵
  PID:3168
- C:\Windows\System\bbCmTXK.exe
  C:\Windows\System\bbCmTXK.exe
  2⤵
  PID:3188
- C:\Windows\System\VfGLCNY.exe
  C:\Windows\System\VfGLCNY.exe
  2⤵
  PID:3208
- C:\Windows\System\GEkbbeh.exe
  C:\Windows\System\GEkbbeh.exe
  2⤵
  PID:3228
- C:\Windows\System\dAlzIkD.exe
  C:\Windows\System\dAlzIkD.exe
  2⤵
  PID:3248
- C:\Windows\System\qFjEyYN.exe
  C:\Windows\System\qFjEyYN.exe
  2⤵
  PID:3268
- C:\Windows\System\jlfqquP.exe
  C:\Windows\System\jlfqquP.exe
  2⤵
  PID:3288
- C:\Windows\System\AOBWwmj.exe
  C:\Windows\System\AOBWwmj.exe
  2⤵
  PID:3308
- C:\Windows\System\crZdNXX.exe
  C:\Windows\System\crZdNXX.exe
  2⤵
  PID:3328
- C:\Windows\System\mUWlmMD.exe
  C:\Windows\System\mUWlmMD.exe
  2⤵
  PID:3348
- C:\Windows\System\fTpmSXD.exe
  C:\Windows\System\fTpmSXD.exe
  2⤵
  PID:3368
- C:\Windows\System\WXpYKNY.exe
  C:\Windows\System\WXpYKNY.exe
  2⤵
  PID:3392
- C:\Windows\System\ZvqCBuj.exe
  C:\Windows\System\ZvqCBuj.exe
  2⤵
  PID:3412
- C:\Windows\System\SXItcpw.exe
  C:\Windows\System\SXItcpw.exe
  2⤵
  PID:3432
- C:\Windows\System\zuGVBUa.exe
  C:\Windows\System\zuGVBUa.exe
  2⤵
  PID:3452
- C:\Windows\System\xFQOfZr.exe
  C:\Windows\System\xFQOfZr.exe
  2⤵
  PID:3472
- C:\Windows\System\YtFqEMO.exe
  C:\Windows\System\YtFqEMO.exe
  2⤵
  PID:3492
- C:\Windows\System\lPUAstD.exe
  C:\Windows\System\lPUAstD.exe
  2⤵
  PID:3512
- C:\Windows\System\PAlTEia.exe
  C:\Windows\System\PAlTEia.exe
  2⤵
  PID:3532
- C:\Windows\System\fFZxFWp.exe
  C:\Windows\System\fFZxFWp.exe
  2⤵
  PID:3552
- C:\Windows\System\TvUGlvB.exe
  C:\Windows\System\TvUGlvB.exe
  2⤵
  PID:3572
- C:\Windows\System\nFnvaHb.exe
  C:\Windows\System\nFnvaHb.exe
  2⤵
  PID:3592
- C:\Windows\System\pNMNLTM.exe
  C:\Windows\System\pNMNLTM.exe
  2⤵
  PID:3612
- C:\Windows\System\mPMrlJI.exe
  C:\Windows\System\mPMrlJI.exe
  2⤵
  PID:3632
- C:\Windows\System\vczqeOd.exe
  C:\Windows\System\vczqeOd.exe
  2⤵
  PID:3648
- C:\Windows\System\tWhdlyx.exe
  C:\Windows\System\tWhdlyx.exe
  2⤵
  PID:3672
- C:\Windows\System\PQktyuB.exe
  C:\Windows\System\PQktyuB.exe
  2⤵
  PID:3692
- C:\Windows\System\uqNaxgo.exe
  C:\Windows\System\uqNaxgo.exe
  2⤵
  PID:3712
- C:\Windows\System\yONmaAa.exe
  C:\Windows\System\yONmaAa.exe
  2⤵
  PID:3732
- C:\Windows\System\SZVBDXk.exe
  C:\Windows\System\SZVBDXk.exe
  2⤵
  PID:3752
- C:\Windows\System\BFndxiR.exe
  C:\Windows\System\BFndxiR.exe
  2⤵
  PID:3772
- C:\Windows\System\tjpIMCR.exe
  C:\Windows\System\tjpIMCR.exe
  2⤵
  PID:3792
- C:\Windows\System\hefIJLJ.exe
  C:\Windows\System\hefIJLJ.exe
  2⤵
  PID:3812
- C:\Windows\System\XjtWvVL.exe
  C:\Windows\System\XjtWvVL.exe
  2⤵
  PID:3832
- C:\Windows\System\SLmzpPo.exe
  C:\Windows\System\SLmzpPo.exe
  2⤵
  PID:3848
- C:\Windows\System\jmOyzCR.exe
  C:\Windows\System\jmOyzCR.exe
  2⤵
  PID:3872
- C:\Windows\System\OnlVPnI.exe
  C:\Windows\System\OnlVPnI.exe
  2⤵
  PID:3888
- C:\Windows\System\SmAzyfW.exe
  C:\Windows\System\SmAzyfW.exe
  2⤵
  PID:3912
- C:\Windows\System\RALDcoO.exe
  C:\Windows\System\RALDcoO.exe
  2⤵
  PID:3936
- C:\Windows\System\BtNnxNL.exe
  C:\Windows\System\BtNnxNL.exe
  2⤵
  PID:3956
- C:\Windows\System\QUVjnPx.exe
  C:\Windows\System\QUVjnPx.exe
  2⤵
  PID:3976
- C:\Windows\System\KRZBBHu.exe
  C:\Windows\System\KRZBBHu.exe
  2⤵
  PID:3996
- C:\Windows\System\bAOLHgU.exe
  C:\Windows\System\bAOLHgU.exe
  2⤵
  PID:4016
- C:\Windows\System\xLoOSEI.exe
  C:\Windows\System\xLoOSEI.exe
  2⤵
  PID:4036
- C:\Windows\System\cpfFyAq.exe
  C:\Windows\System\cpfFyAq.exe
  2⤵
  PID:4056
- C:\Windows\System\BnLXWsa.exe
  C:\Windows\System\BnLXWsa.exe
  2⤵
  PID:4076
- C:\Windows\System\lBrfEGT.exe
  C:\Windows\System\lBrfEGT.exe
  2⤵
  PID:1412
- C:\Windows\System\hXQvTGA.exe
  C:\Windows\System\hXQvTGA.exe
  2⤵
  PID:1788
- C:\Windows\System\CbDzFXp.exe
  C:\Windows\System\CbDzFXp.exe
  2⤵
  PID:2824
- C:\Windows\System\EwZOWbg.exe
  C:\Windows\System\EwZOWbg.exe
  2⤵
  PID:2564
- C:\Windows\System\CUtvefF.exe
  C:\Windows\System\CUtvefF.exe
  2⤵
  PID:3044
- C:\Windows\System\BZZZSmV.exe
  C:\Windows\System\BZZZSmV.exe
  2⤵
  PID:3048
- C:\Windows\System\BNAnxpU.exe
  C:\Windows\System\BNAnxpU.exe
  2⤵
  PID:2328
- C:\Windows\System\xnkupGu.exe
  C:\Windows\System\xnkupGu.exe
  2⤵
  PID:2484
- C:\Windows\System\cMgyeHi.exe
  C:\Windows\System\cMgyeHi.exe
  2⤵
  PID:3076
- C:\Windows\System\vPERCXe.exe
  C:\Windows\System\vPERCXe.exe
  2⤵
  PID:3080
- C:\Windows\System\IXjNWwd.exe
  C:\Windows\System\IXjNWwd.exe
  2⤵
  PID:3120
- C:\Windows\System\YaUljns.exe
  C:\Windows\System\YaUljns.exe
  2⤵
  PID:3164
- C:\Windows\System\yPOXidF.exe
  C:\Windows\System\yPOXidF.exe
  2⤵
  PID:3220
- C:\Windows\System\qyziNZV.exe
  C:\Windows\System\qyziNZV.exe
  2⤵
  PID:3260
- C:\Windows\System\NvhLLxa.exe
  C:\Windows\System\NvhLLxa.exe
  2⤵
  PID:3244
- C:\Windows\System\JDbJCXv.exe
  C:\Windows\System\JDbJCXv.exe
  2⤵
  PID:3340
- C:\Windows\System\OQWzHyz.exe
  C:\Windows\System\OQWzHyz.exe
  2⤵
  PID:3320
- C:\Windows\System\CZSWRPF.exe
  C:\Windows\System\CZSWRPF.exe
  2⤵
  PID:3360
- C:\Windows\System\mDFSScL.exe
  C:\Windows\System\mDFSScL.exe
  2⤵
  PID:3424
- C:\Windows\System\BqVkkIt.exe
  C:\Windows\System\BqVkkIt.exe
  2⤵
  PID:3408
- C:\Windows\System\dYDLCZb.exe
  C:\Windows\System\dYDLCZb.exe
  2⤵
  PID:3440
- C:\Windows\System\JAghgyN.exe
  C:\Windows\System\JAghgyN.exe
  2⤵
  PID:3484
- C:\Windows\System\waAcGaw.exe
  C:\Windows\System\waAcGaw.exe
  2⤵
  PID:3580
- C:\Windows\System\frGzRnk.exe
  C:\Windows\System\frGzRnk.exe
  2⤵
  PID:3564
- C:\Windows\System\dGQgZfH.exe
  C:\Windows\System\dGQgZfH.exe
  2⤵
  PID:3620
- C:\Windows\System\VDfhRiV.exe
  C:\Windows\System\VDfhRiV.exe
  2⤵
  PID:3664
- C:\Windows\System\GdjDLCJ.exe
  C:\Windows\System\GdjDLCJ.exe
  2⤵
  PID:3708
- C:\Windows\System\pCrRrQG.exe
  C:\Windows\System\pCrRrQG.exe
  2⤵
  PID:3680
- C:\Windows\System\rmmvTJA.exe
  C:\Windows\System\rmmvTJA.exe
  2⤵
  PID:3744
- C:\Windows\System\YhrvCHw.exe
  C:\Windows\System\YhrvCHw.exe
  2⤵
  PID:3788
- C:\Windows\System\jBOKCsv.exe
  C:\Windows\System\jBOKCsv.exe
  2⤵
  PID:3764
- C:\Windows\System\awtBnaP.exe
  C:\Windows\System\awtBnaP.exe
  2⤵
  PID:3804
- C:\Windows\System\ygqvmdf.exe
  C:\Windows\System\ygqvmdf.exe
  2⤵
  PID:3860
- C:\Windows\System\PnxRKxa.exe
  C:\Windows\System\PnxRKxa.exe
  2⤵
  PID:3844
- C:\Windows\System\pexFNdJ.exe
  C:\Windows\System\pexFNdJ.exe
  2⤵
  PID:3884
- C:\Windows\System\CBRPMMx.exe
  C:\Windows\System\CBRPMMx.exe
  2⤵
  PID:3992
- C:\Windows\System\iKwgAOY.exe
  C:\Windows\System\iKwgAOY.exe
  2⤵
  PID:4024
- C:\Windows\System\xGjLquP.exe
  C:\Windows\System\xGjLquP.exe
  2⤵
  PID:4012
- C:\Windows\System\ltVZWvV.exe
  C:\Windows\System\ltVZWvV.exe
  2⤵
  PID:4044
- C:\Windows\System\jLMBkVk.exe
  C:\Windows\System\jLMBkVk.exe
  2⤵
  PID:4092
- C:\Windows\System\eiHhGLX.exe
  C:\Windows\System\eiHhGLX.exe
  2⤵
  PID:2064
- C:\Windows\System\ZPnTpKc.exe
  C:\Windows\System\ZPnTpKc.exe
  2⤵
  PID:1848
- C:\Windows\System\OxWWWfQ.exe
  C:\Windows\System\OxWWWfQ.exe
  2⤵
  PID:1944
- C:\Windows\System\fgqUDEY.exe
  C:\Windows\System\fgqUDEY.exe
  2⤵
  PID:1248
- C:\Windows\System\HqwfcJC.exe
  C:\Windows\System\HqwfcJC.exe
  2⤵
  PID:3096
- C:\Windows\System\GdVYDJX.exe
  C:\Windows\System\GdVYDJX.exe
  2⤵
  PID:3092
- C:\Windows\System\eqmXhqn.exe
  C:\Windows\System\eqmXhqn.exe
  2⤵
  PID:3264
- C:\Windows\System\lHxxRMO.exe
  C:\Windows\System\lHxxRMO.exe
  2⤵
  PID:3336
- C:\Windows\System\sYZlKuy.exe
  C:\Windows\System\sYZlKuy.exe
  2⤵
  PID:3388
- C:\Windows\System\IbuCcSB.exe
  C:\Windows\System\IbuCcSB.exe
  2⤵
  PID:3284
- C:\Windows\System\qRbYilc.exe
  C:\Windows\System\qRbYilc.exe
  2⤵
  PID:3500
- C:\Windows\System\lWDBNsN.exe
  C:\Windows\System\lWDBNsN.exe
  2⤵
  PID:3444
- C:\Windows\System\DJCuPGn.exe
  C:\Windows\System\DJCuPGn.exe
  2⤵
  PID:3548
- C:\Windows\System\XEpiJkF.exe
  C:\Windows\System\XEpiJkF.exe
  2⤵
  PID:3656
- C:\Windows\System\VNCrtst.exe
  C:\Windows\System\VNCrtst.exe
  2⤵
  PID:3688
- C:\Windows\System\GrYiNSD.exe
  C:\Windows\System\GrYiNSD.exe
  2⤵
  PID:3704
- C:\Windows\System\Tjuilwx.exe
  C:\Windows\System\Tjuilwx.exe
  2⤵
  PID:3720
- C:\Windows\System\nBHJZAi.exe
  C:\Windows\System\nBHJZAi.exe
  2⤵
  PID:2712
- C:\Windows\System\HmWXmAn.exe
  C:\Windows\System\HmWXmAn.exe
  2⤵
  PID:3904
- C:\Windows\System\qaLAxqS.exe
  C:\Windows\System\qaLAxqS.exe
  2⤵
  PID:3952
- C:\Windows\System\qWEPnSn.exe
  C:\Windows\System\qWEPnSn.exe
  2⤵
  PID:3880
- C:\Windows\System\CdMEyCL.exe
  C:\Windows\System\CdMEyCL.exe
  2⤵
  PID:4004
- C:\Windows\System\otblFJz.exe
  C:\Windows\System\otblFJz.exe
  2⤵
  PID:4084
- C:\Windows\System\mVQFOwe.exe
  C:\Windows\System\mVQFOwe.exe
  2⤵
  PID:2688
- C:\Windows\System\SamsnDN.exe
  C:\Windows\System\SamsnDN.exe
  2⤵
  PID:2072
- C:\Windows\System\jNrjjcq.exe
  C:\Windows\System\jNrjjcq.exe
  2⤵
  PID:3156
- C:\Windows\System\avkGKQK.exe
  C:\Windows\System\avkGKQK.exe
  2⤵
  PID:3176
- C:\Windows\System\VOFTHcJ.exe
  C:\Windows\System\VOFTHcJ.exe
  2⤵
  PID:3256
- C:\Windows\System\yUYuoKf.exe
  C:\Windows\System\yUYuoKf.exe
  2⤵
  PID:3344
- C:\Windows\System\gwbZEIw.exe
  C:\Windows\System\gwbZEIw.exe
  2⤵
  PID:3420
- C:\Windows\System\zPsPXXU.exe
  C:\Windows\System\zPsPXXU.exe
  2⤵
  PID:3520
- C:\Windows\System\UpmxHIJ.exe
  C:\Windows\System\UpmxHIJ.exe
  2⤵
  PID:2556
- C:\Windows\System\shpOixv.exe
  C:\Windows\System\shpOixv.exe
  2⤵
  PID:3700
- C:\Windows\System\wxvwpEv.exe
  C:\Windows\System\wxvwpEv.exe
  2⤵
  PID:3660
- C:\Windows\System\ACYQXvo.exe
  C:\Windows\System\ACYQXvo.exe
  2⤵
  PID:3900
- C:\Windows\System\QvAywxc.exe
  C:\Windows\System\QvAywxc.exe
  2⤵
  PID:3964
- C:\Windows\System\SAMUjcs.exe
  C:\Windows\System\SAMUjcs.exe
  2⤵
  PID:3984
- C:\Windows\System\RhEHvju.exe
  C:\Windows\System\RhEHvju.exe
  2⤵
  PID:1752
- C:\Windows\System\nmnTtzZ.exe
  C:\Windows\System\nmnTtzZ.exe
  2⤵
  PID:2208
- C:\Windows\System\lrzbinu.exe
  C:\Windows\System\lrzbinu.exe
  2⤵
  PID:3276
- C:\Windows\System\nZtmiql.exe
  C:\Windows\System\nZtmiql.exe
  2⤵
  PID:3324
- C:\Windows\System\hJtpbwk.exe
  C:\Windows\System\hJtpbwk.exe
  2⤵
  PID:1920
- C:\Windows\System\iCSWPbA.exe
  C:\Windows\System\iCSWPbA.exe
  2⤵
  PID:3480
- C:\Windows\System\Xdmovtj.exe
  C:\Windows\System\Xdmovtj.exe
  2⤵
  PID:4116
- C:\Windows\System\HXHcCme.exe
  C:\Windows\System\HXHcCme.exe
  2⤵
  PID:4136
- C:\Windows\System\uyyjELJ.exe
  C:\Windows\System\uyyjELJ.exe
  2⤵
  PID:4156
- C:\Windows\System\KRcgFsg.exe
  C:\Windows\System\KRcgFsg.exe
  2⤵
  PID:4176
- C:\Windows\System\SDHjwfL.exe
  C:\Windows\System\SDHjwfL.exe
  2⤵
  PID:4196
- C:\Windows\System\PFdkuwl.exe
  C:\Windows\System\PFdkuwl.exe
  2⤵
  PID:4216
- C:\Windows\System\hOqCoVW.exe
  C:\Windows\System\hOqCoVW.exe
  2⤵
  PID:4236
- C:\Windows\System\OhnKwaz.exe
  C:\Windows\System\OhnKwaz.exe
  2⤵
  PID:4256
- C:\Windows\System\rJRUCnw.exe
  C:\Windows\System\rJRUCnw.exe
  2⤵
  PID:4276
- C:\Windows\System\pgZDjcx.exe
  C:\Windows\System\pgZDjcx.exe
  2⤵
  PID:4296
- C:\Windows\System\ATDtxex.exe
  C:\Windows\System\ATDtxex.exe
  2⤵
  PID:4316
- C:\Windows\System\gIKNYEu.exe
  C:\Windows\System\gIKNYEu.exe
  2⤵
  PID:4336
- C:\Windows\System\kbBdFUr.exe
  C:\Windows\System\kbBdFUr.exe
  2⤵
  PID:4356
- C:\Windows\System\ZHpCoSK.exe
  C:\Windows\System\ZHpCoSK.exe
  2⤵
  PID:4376
- C:\Windows\System\xuaZakU.exe
  C:\Windows\System\xuaZakU.exe
  2⤵
  PID:4396
- C:\Windows\System\QhkMdLk.exe
  C:\Windows\System\QhkMdLk.exe
  2⤵
  PID:4416
- C:\Windows\System\XQshvyJ.exe
  C:\Windows\System\XQshvyJ.exe
  2⤵
  PID:4436
- C:\Windows\System\rXDdQXq.exe
  C:\Windows\System\rXDdQXq.exe
  2⤵
  PID:4460
- C:\Windows\System\VvsFNLH.exe
  C:\Windows\System\VvsFNLH.exe
  2⤵
  PID:4480
- C:\Windows\System\aXcONLQ.exe
  C:\Windows\System\aXcONLQ.exe
  2⤵
  PID:4500
- C:\Windows\System\QEvwxYN.exe
  C:\Windows\System\QEvwxYN.exe
  2⤵
  PID:4524
- C:\Windows\System\eQiCGBg.exe
  C:\Windows\System\eQiCGBg.exe
  2⤵
  PID:4544
- C:\Windows\System\fsDVfeW.exe
  C:\Windows\System\fsDVfeW.exe
  2⤵
  PID:4564
- C:\Windows\System\LZXHFJQ.exe
  C:\Windows\System\LZXHFJQ.exe
  2⤵
  PID:4584
- C:\Windows\System\xPDxGqh.exe
  C:\Windows\System\xPDxGqh.exe
  2⤵
  PID:4604
- C:\Windows\System\GegsJdr.exe
  C:\Windows\System\GegsJdr.exe
  2⤵
  PID:4624
- C:\Windows\System\YYIFtDy.exe
  C:\Windows\System\YYIFtDy.exe
  2⤵
  PID:4644
- C:\Windows\System\pHbGmos.exe
  C:\Windows\System\pHbGmos.exe
  2⤵
  PID:4664
- C:\Windows\System\eFAtvHp.exe
  C:\Windows\System\eFAtvHp.exe
  2⤵
  PID:4684
- C:\Windows\System\fHFTZaZ.exe
  C:\Windows\System\fHFTZaZ.exe
  2⤵
  PID:4704
- C:\Windows\System\GXIOeZw.exe
  C:\Windows\System\GXIOeZw.exe
  2⤵
  PID:4724
- C:\Windows\System\xUFUgNI.exe
  C:\Windows\System\xUFUgNI.exe
  2⤵
  PID:4744
- C:\Windows\System\DeCykiy.exe
  C:\Windows\System\DeCykiy.exe
  2⤵
  PID:4764
- C:\Windows\System\leFhgFi.exe
  C:\Windows\System\leFhgFi.exe
  2⤵
  PID:4784
- C:\Windows\System\xwmSHba.exe
  C:\Windows\System\xwmSHba.exe
  2⤵
  PID:4804
- C:\Windows\System\Mltzdbg.exe
  C:\Windows\System\Mltzdbg.exe
  2⤵
  PID:4824
- C:\Windows\System\XDLmkmg.exe
  C:\Windows\System\XDLmkmg.exe
  2⤵
  PID:4848
- C:\Windows\System\kKlTOKL.exe
  C:\Windows\System\kKlTOKL.exe
  2⤵
  PID:4868
- C:\Windows\System\WWyxrDY.exe
  C:\Windows\System\WWyxrDY.exe
  2⤵
  PID:4888
- C:\Windows\System\nUukJCe.exe
  C:\Windows\System\nUukJCe.exe
  2⤵
  PID:4908
- C:\Windows\System\KLtFrNd.exe
  C:\Windows\System\KLtFrNd.exe
  2⤵
  PID:4928
- C:\Windows\System\XIJDjRi.exe
  C:\Windows\System\XIJDjRi.exe
  2⤵
  PID:4948
- C:\Windows\System\MjeeVaW.exe
  C:\Windows\System\MjeeVaW.exe
  2⤵
  PID:4968
- C:\Windows\System\XbUuiOI.exe
  C:\Windows\System\XbUuiOI.exe
  2⤵
  PID:4988
- C:\Windows\System\IOMjaUK.exe
  C:\Windows\System\IOMjaUK.exe
  2⤵
  PID:5008
- C:\Windows\System\DULmAra.exe
  C:\Windows\System\DULmAra.exe
  2⤵
  PID:5028
- C:\Windows\System\BFuNcwX.exe
  C:\Windows\System\BFuNcwX.exe
  2⤵
  PID:5048
- C:\Windows\System\DHVRGnH.exe
  C:\Windows\System\DHVRGnH.exe
  2⤵
  PID:5068
- C:\Windows\System\BleJOUF.exe
  C:\Windows\System\BleJOUF.exe
  2⤵
  PID:5088
- C:\Windows\System\gelZRJJ.exe
  C:\Windows\System\gelZRJJ.exe
  2⤵
  PID:5108
- C:\Windows\System\davZCcE.exe
  C:\Windows\System\davZCcE.exe
  2⤵
  PID:2500
- C:\Windows\System\IqctWoS.exe
  C:\Windows\System\IqctWoS.exe
  2⤵
  PID:3628
- C:\Windows\System\YtHIocA.exe
  C:\Windows\System\YtHIocA.exe
  2⤵
  PID:3760
- C:\Windows\System\VsWJrhQ.exe
  C:\Windows\System\VsWJrhQ.exe
  2⤵
  PID:3932
- C:\Windows\System\sFrdpnf.exe
  C:\Windows\System\sFrdpnf.exe
  2⤵
  PID:2884
- C:\Windows\System\CsVTgkk.exe
  C:\Windows\System\CsVTgkk.exe
  2⤵
  PID:1780
- C:\Windows\System\HpmDaXS.exe
  C:\Windows\System\HpmDaXS.exe
  2⤵
  PID:3464
- C:\Windows\System\HIcCcBk.exe
  C:\Windows\System\HIcCcBk.exe
  2⤵
  PID:4108
- C:\Windows\System\lLUVxSM.exe
  C:\Windows\System\lLUVxSM.exe
  2⤵
  PID:4152
- C:\Windows\System\AiIhoJT.exe
  C:\Windows\System\AiIhoJT.exe
  2⤵
  PID:4172
- C:\Windows\System\XdJZSYJ.exe
  C:\Windows\System\XdJZSYJ.exe
  2⤵
  PID:4212
- C:\Windows\System\MboDwlS.exe
  C:\Windows\System\MboDwlS.exe
  2⤵
  PID:4252
- C:\Windows\System\gStatgm.exe
  C:\Windows\System\gStatgm.exe
  2⤵
  PID:4304
- C:\Windows\System\szOaYDq.exe
  C:\Windows\System\szOaYDq.exe
  2⤵
  PID:4308
- C:\Windows\System\gOmuAsz.exe
  C:\Windows\System\gOmuAsz.exe
  2⤵
  PID:4352
- C:\Windows\System\OJJhJIp.exe
  C:\Windows\System\OJJhJIp.exe
  2⤵
  PID:4384
- C:\Windows\System\MImGjdW.exe
  C:\Windows\System\MImGjdW.exe
  2⤵
  PID:4412
- C:\Windows\System\tFRluxb.exe
  C:\Windows\System\tFRluxb.exe
  2⤵
  PID:4452
- C:\Windows\System\OOPfGoT.exe
  C:\Windows\System\OOPfGoT.exe
  2⤵
  PID:4472
- C:\Windows\System\IprvhRT.exe
  C:\Windows\System\IprvhRT.exe
  2⤵
  PID:4516
- C:\Windows\System\BGFdJXF.exe
  C:\Windows\System\BGFdJXF.exe
  2⤵
  PID:2164
- C:\Windows\System\rliFxCG.exe
  C:\Windows\System\rliFxCG.exe
  2⤵
  PID:4580
- C:\Windows\System\YhowztY.exe
  C:\Windows\System\YhowztY.exe
  2⤵
  PID:4612
- C:\Windows\System\cZUQbvv.exe
  C:\Windows\System\cZUQbvv.exe
  2⤵
  PID:4636
- C:\Windows\System\hsPcsWT.exe
  C:\Windows\System\hsPcsWT.exe
  2⤵
  PID:4680
- C:\Windows\System\NMbVUcw.exe
  C:\Windows\System\NMbVUcw.exe
  2⤵
  PID:4700
- C:\Windows\System\jKwdaoj.exe
  C:\Windows\System\jKwdaoj.exe
  2⤵
  PID:4740
- C:\Windows\System\PHOYQWF.exe
  C:\Windows\System\PHOYQWF.exe
  2⤵
  PID:2976
- C:\Windows\System\GOQwRuY.exe
  C:\Windows\System\GOQwRuY.exe
  2⤵
  PID:4800
- C:\Windows\System\UUyXpeA.exe
  C:\Windows\System\UUyXpeA.exe
  2⤵
  PID:4820
- C:\Windows\System\PXDIeEc.exe
  C:\Windows\System\PXDIeEc.exe
  2⤵
  PID:4864
- C:\Windows\System\FQPSTRZ.exe
  C:\Windows\System\FQPSTRZ.exe
  2⤵
  PID:4896
- C:\Windows\System\bSTghNT.exe
  C:\Windows\System\bSTghNT.exe
  2⤵
  PID:936
- C:\Windows\System\QPmBJeF.exe
  C:\Windows\System\QPmBJeF.exe
  2⤵
  PID:4940
- C:\Windows\System\zgJDnwH.exe
  C:\Windows\System\zgJDnwH.exe
  2⤵
  PID:4996
- C:\Windows\System\rMiOEzg.exe
  C:\Windows\System\rMiOEzg.exe
  2⤵
  PID:5000
- C:\Windows\System\iCjQyJz.exe
  C:\Windows\System\iCjQyJz.exe
  2⤵
  PID:5044
- C:\Windows\System\yRuIMAo.exe
  C:\Windows\System\yRuIMAo.exe
  2⤵
  PID:5080
- C:\Windows\System\HjRcArl.exe
  C:\Windows\System\HjRcArl.exe
  2⤵
  PID:2204
- C:\Windows\System\liKeOCJ.exe
  C:\Windows\System\liKeOCJ.exe
  2⤵
  PID:2404
- C:\Windows\System\EmYTvza.exe
  C:\Windows\System\EmYTvza.exe
  2⤵
  PID:3560
- C:\Windows\System\UiBzMRj.exe
  C:\Windows\System\UiBzMRj.exe
  2⤵
  PID:3968
- C:\Windows\System\ZdFmBOJ.exe
  C:\Windows\System\ZdFmBOJ.exe
  2⤵
  PID:2732
- C:\Windows\System\RQMjpIT.exe
  C:\Windows\System\RQMjpIT.exe
  2⤵
  PID:4124
- C:\Windows\System\xtaNFKR.exe
  C:\Windows\System\xtaNFKR.exe
  2⤵
  PID:4132
- C:\Windows\System\OFedJdg.exe
  C:\Windows\System\OFedJdg.exe
  2⤵
  PID:4224
- C:\Windows\System\srppBju.exe
  C:\Windows\System\srppBju.exe
  2⤵
  PID:4244
- C:\Windows\System\xiXIBqW.exe
  C:\Windows\System\xiXIBqW.exe
  2⤵
  PID:4284
- C:\Windows\System\QDyiYYP.exe
  C:\Windows\System\QDyiYYP.exe
  2⤵
  PID:2080
- C:\Windows\System\uicCLKG.exe
  C:\Windows\System\uicCLKG.exe
  2⤵
  PID:4428
- C:\Windows\System\qKMaWoK.exe
  C:\Windows\System\qKMaWoK.exe
  2⤵
  PID:4468
- C:\Windows\System\NiJjtkg.exe
  C:\Windows\System\NiJjtkg.exe
  2⤵
  PID:4492
- C:\Windows\System\YIljrVZ.exe
  C:\Windows\System\YIljrVZ.exe
  2⤵
  PID:4556
- C:\Windows\System\KqsZced.exe
  C:\Windows\System\KqsZced.exe
  2⤵
  PID:1372
- C:\Windows\System\NJQFzyK.exe
  C:\Windows\System\NJQFzyK.exe
  2⤵
  PID:4716
- C:\Windows\System\JQpkvea.exe
  C:\Windows\System\JQpkvea.exe
  2⤵
  PID:4712
- C:\Windows\System\kYaBfDL.exe
  C:\Windows\System\kYaBfDL.exe
  2⤵
  PID:4776
- C:\Windows\System\eZNGlpy.exe
  C:\Windows\System\eZNGlpy.exe
  2⤵
  PID:1296
- C:\Windows\System\tGymOuX.exe
  C:\Windows\System\tGymOuX.exe
  2⤵
  PID:4884
- C:\Windows\System\XbYfvCK.exe
  C:\Windows\System\XbYfvCK.exe
  2⤵
  PID:1704
- C:\Windows\System\aqqUfYP.exe
  C:\Windows\System\aqqUfYP.exe
  2⤵
  PID:5024
- C:\Windows\System\ShLcOjq.exe
  C:\Windows\System\ShLcOjq.exe
  2⤵
  PID:5020
- C:\Windows\System\tifSTmH.exe
  C:\Windows\System\tifSTmH.exe
  2⤵
  PID:5084
- C:\Windows\System\nAdHeOs.exe
  C:\Windows\System\nAdHeOs.exe
  2⤵
  PID:5104
- C:\Windows\System\rntpLNs.exe
  C:\Windows\System\rntpLNs.exe
  2⤵
  PID:3400
- C:\Windows\System\NaSZDkH.exe
  C:\Windows\System\NaSZDkH.exe
  2⤵
  PID:3588
- C:\Windows\System\dVWjBVl.exe
  C:\Windows\System\dVWjBVl.exe
  2⤵
  PID:2024
- C:\Windows\System\oMdSykf.exe
  C:\Windows\System\oMdSykf.exe
  2⤵
  PID:4232
- C:\Windows\System\wpvgPmV.exe
  C:\Windows\System\wpvgPmV.exe
  2⤵
  PID:4344
- C:\Windows\System\aVrOFtB.exe
  C:\Windows\System\aVrOFtB.exe
  2⤵
  PID:4328
- C:\Windows\System\HrwRubg.exe
  C:\Windows\System\HrwRubg.exe
  2⤵
  PID:2068
- C:\Windows\System\NQgbpCc.exe
  C:\Windows\System\NQgbpCc.exe
  2⤵
  PID:4576
- C:\Windows\System\UhqfKOW.exe
  C:\Windows\System\UhqfKOW.exe
  2⤵
  PID:4632
- C:\Windows\System\tDDpNBz.exe
  C:\Windows\System\tDDpNBz.exe
  2⤵
  PID:4720
- C:\Windows\System\DDqvdah.exe
  C:\Windows\System\DDqvdah.exe
  2⤵
  PID:4812
- C:\Windows\System\weMzzXx.exe
  C:\Windows\System\weMzzXx.exe
  2⤵
  PID:4856
- C:\Windows\System\SwltKPn.exe
  C:\Windows\System\SwltKPn.exe
  2⤵
  PID:4960
- C:\Windows\System\wxdDxQx.exe
  C:\Windows\System\wxdDxQx.exe
  2⤵
  PID:2596
- C:\Windows\System\xbwWSXS.exe
  C:\Windows\System\xbwWSXS.exe
  2⤵
  PID:2400
- C:\Windows\System\SzumMrJ.exe
  C:\Windows\System\SzumMrJ.exe
  2⤵
  PID:3808
- C:\Windows\System\QpiUGws.exe
  C:\Windows\System\QpiUGws.exe
  2⤵
  PID:4264
- C:\Windows\System\nPqZgJF.exe
  C:\Windows\System\nPqZgJF.exe
  2⤵
  PID:2920
- C:\Windows\System\oVKXEyv.exe
  C:\Windows\System\oVKXEyv.exe
  2⤵
  PID:4192
- C:\Windows\System\tKdXBky.exe
  C:\Windows\System\tKdXBky.exe
  2⤵
  PID:4292
- C:\Windows\System\tXcbgRv.exe
  C:\Windows\System\tXcbgRv.exe
  2⤵
  PID:4596
- C:\Windows\System\anQgGYa.exe
  C:\Windows\System\anQgGYa.exe
  2⤵
  PID:3144
- C:\Windows\System\lezPROT.exe
  C:\Windows\System\lezPROT.exe
  2⤵
  PID:4936
- C:\Windows\System\NJtcTMp.exe
  C:\Windows\System\NJtcTMp.exe
  2⤵
  PID:4840
- C:\Windows\System\bdFmyUd.exe
  C:\Windows\System\bdFmyUd.exe
  2⤵
  PID:4980
- C:\Windows\System\KChMOUw.exe
  C:\Windows\System\KChMOUw.exe
  2⤵
  PID:2992
- C:\Windows\System\sLVxkQk.exe
  C:\Windows\System\sLVxkQk.exe
  2⤵
  PID:4052
- C:\Windows\System\BJbYCxp.exe
  C:\Windows\System\BJbYCxp.exe
  2⤵
  PID:4424
- C:\Windows\System\nkGdEzL.exe
  C:\Windows\System\nkGdEzL.exe
  2⤵
  PID:4532
- C:\Windows\System\mGGaRah.exe
  C:\Windows\System\mGGaRah.exe
  2⤵
  PID:4572
- C:\Windows\System\vMCeYEV.exe
  C:\Windows\System\vMCeYEV.exe
  2⤵
  PID:4660
- C:\Windows\System\FjvWBgU.exe
  C:\Windows\System\FjvWBgU.exe
  2⤵
  PID:2852
- C:\Windows\System\uphCkwo.exe
  C:\Windows\System\uphCkwo.exe
  2⤵
  PID:2928
- C:\Windows\System\Zbqurvi.exe
  C:\Windows\System\Zbqurvi.exe
  2⤵
  PID:3056
- C:\Windows\System\PUJukyZ.exe
  C:\Windows\System\PUJukyZ.exe
  2⤵
  PID:4476
- C:\Windows\System\OkeIHkW.exe
  C:\Windows\System\OkeIHkW.exe
  2⤵
  PID:4732
- C:\Windows\System\fqwmmXH.exe
  C:\Windows\System\fqwmmXH.exe
  2⤵
  PID:5144
- C:\Windows\System\CLkVmgJ.exe
  C:\Windows\System\CLkVmgJ.exe
  2⤵
  PID:5160
- C:\Windows\System\EZXVibb.exe
  C:\Windows\System\EZXVibb.exe
  2⤵
  PID:5184
- C:\Windows\System\HNqHypA.exe
  C:\Windows\System\HNqHypA.exe
  2⤵
  PID:5204
- C:\Windows\System\tHwQIfn.exe
  C:\Windows\System\tHwQIfn.exe
  2⤵
  PID:5224
- C:\Windows\System\jtUCQxs.exe
  C:\Windows\System\jtUCQxs.exe
  2⤵
  PID:5244
- C:\Windows\System\FtZGKnB.exe
  C:\Windows\System\FtZGKnB.exe
  2⤵
  PID:5264
- C:\Windows\System\XGBCHKk.exe
  C:\Windows\System\XGBCHKk.exe
  2⤵
  PID:5284
- C:\Windows\System\XLgJTXs.exe
  C:\Windows\System\XLgJTXs.exe
  2⤵
  PID:5304
- C:\Windows\System\gGONVLZ.exe
  C:\Windows\System\gGONVLZ.exe
  2⤵
  PID:5324
- C:\Windows\System\BOADELA.exe
  C:\Windows\System\BOADELA.exe
  2⤵
  PID:5344
- C:\Windows\System\mJnjpPH.exe
  C:\Windows\System\mJnjpPH.exe
  2⤵
  PID:5364
- C:\Windows\System\ESJjNxV.exe
  C:\Windows\System\ESJjNxV.exe
  2⤵
  PID:5384
- C:\Windows\System\wYXnWDz.exe
  C:\Windows\System\wYXnWDz.exe
  2⤵
  PID:5404
- C:\Windows\System\Hggigql.exe
  C:\Windows\System\Hggigql.exe
  2⤵
  PID:5424
- C:\Windows\System\ioaUqRv.exe
  C:\Windows\System\ioaUqRv.exe
  2⤵
  PID:5444
- C:\Windows\System\mMlMgaQ.exe
  C:\Windows\System\mMlMgaQ.exe
  2⤵
  PID:5464
- C:\Windows\System\luZmuSx.exe
  C:\Windows\System\luZmuSx.exe
  2⤵
  PID:5484
- C:\Windows\System\ElkLgbr.exe
  C:\Windows\System\ElkLgbr.exe
  2⤵
  PID:5504
- C:\Windows\System\VoPRCnb.exe
  C:\Windows\System\VoPRCnb.exe
  2⤵
  PID:5520
- C:\Windows\System\ynmYttv.exe
  C:\Windows\System\ynmYttv.exe
  2⤵
  PID:5544
- C:\Windows\System\xlrfVIY.exe
  C:\Windows\System\xlrfVIY.exe
  2⤵
  PID:5564
- C:\Windows\System\uRmMhdo.exe
  C:\Windows\System\uRmMhdo.exe
  2⤵
  PID:5584
- C:\Windows\System\HnZGTFI.exe
  C:\Windows\System\HnZGTFI.exe
  2⤵
  PID:5604
- C:\Windows\System\HkPqYfJ.exe
  C:\Windows\System\HkPqYfJ.exe
  2⤵
  PID:5624
- C:\Windows\System\HaZTuQN.exe
  C:\Windows\System\HaZTuQN.exe
  2⤵
  PID:5644
- C:\Windows\System\xXBcJQA.exe
  C:\Windows\System\xXBcJQA.exe
  2⤵
  PID:5664
- C:\Windows\System\ghMqKAg.exe
  C:\Windows\System\ghMqKAg.exe
  2⤵
  PID:5684
- C:\Windows\System\bYTmgnp.exe
  C:\Windows\System\bYTmgnp.exe
  2⤵
  PID:5704
- C:\Windows\System\unvvSze.exe
  C:\Windows\System\unvvSze.exe
  2⤵
  PID:5724
- C:\Windows\System\kcAOGXV.exe
  C:\Windows\System\kcAOGXV.exe
  2⤵
  PID:5744
- C:\Windows\System\wRbFunh.exe
  C:\Windows\System\wRbFunh.exe
  2⤵
  PID:5764
- C:\Windows\System\IXIFnUm.exe
  C:\Windows\System\IXIFnUm.exe
  2⤵
  PID:5784
- C:\Windows\System\TRVJlAO.exe
  C:\Windows\System\TRVJlAO.exe
  2⤵
  PID:5804
- C:\Windows\System\xPHlorM.exe
  C:\Windows\System\xPHlorM.exe
  2⤵
  PID:5824
- C:\Windows\System\eSiRlpB.exe
  C:\Windows\System\eSiRlpB.exe
  2⤵
  PID:5844
- C:\Windows\System\ERrIHPh.exe
  C:\Windows\System\ERrIHPh.exe
  2⤵
  PID:5864
- C:\Windows\System\xJOLkoS.exe
  C:\Windows\System\xJOLkoS.exe
  2⤵
  PID:5888
- C:\Windows\System\cQRqwNK.exe
  C:\Windows\System\cQRqwNK.exe
  2⤵
  PID:5908
- C:\Windows\System\wGtMgcD.exe
  C:\Windows\System\wGtMgcD.exe
  2⤵
  PID:5928
- C:\Windows\System\QPOfkCK.exe
  C:\Windows\System\QPOfkCK.exe
  2⤵
  PID:5948
- C:\Windows\System\FhWLauw.exe
  C:\Windows\System\FhWLauw.exe
  2⤵
  PID:5968
- C:\Windows\System\uSiAVIv.exe
  C:\Windows\System\uSiAVIv.exe
  2⤵
  PID:5988
- C:\Windows\System\lEpDube.exe
  C:\Windows\System\lEpDube.exe
  2⤵
  PID:6008
- C:\Windows\System\hyMvRAO.exe
  C:\Windows\System\hyMvRAO.exe
  2⤵
  PID:6024
- C:\Windows\System\xRwXQoh.exe
  C:\Windows\System\xRwXQoh.exe
  2⤵
  PID:6040
- C:\Windows\System\AXjEWhQ.exe
  C:\Windows\System\AXjEWhQ.exe
  2⤵
  PID:6056
- C:\Windows\System\FcwyCet.exe
  C:\Windows\System\FcwyCet.exe
  2⤵
  PID:6072
- C:\Windows\System\tFRujlg.exe
  C:\Windows\System\tFRujlg.exe
  2⤵
  PID:6088
- C:\Windows\System\DVkDerq.exe
  C:\Windows\System\DVkDerq.exe
  2⤵
  PID:6104
- C:\Windows\System\qsXMSOd.exe
  C:\Windows\System\qsXMSOd.exe
  2⤵
  PID:6120
- C:\Windows\System\sEwZeqA.exe
  C:\Windows\System\sEwZeqA.exe
  2⤵
  PID:6136
- C:\Windows\System\QIFNoSw.exe
  C:\Windows\System\QIFNoSw.exe
  2⤵
  PID:4836
- C:\Windows\System\ygThNuq.exe
  C:\Windows\System\ygThNuq.exe
  2⤵
  PID:2572
- C:\Windows\System\vUVKhKq.exe
  C:\Windows\System\vUVKhKq.exe
  2⤵
  PID:4536
- C:\Windows\System\fbVyNTp.exe
  C:\Windows\System\fbVyNTp.exe
  2⤵
  PID:5140
- C:\Windows\System\gipAOnZ.exe
  C:\Windows\System\gipAOnZ.exe
  2⤵
  PID:4656
- C:\Windows\System\ZrcKkUK.exe
  C:\Windows\System\ZrcKkUK.exe
  2⤵
  PID:5152
- C:\Windows\System\ObCmDLZ.exe
  C:\Windows\System\ObCmDLZ.exe
  2⤵
  PID:5220
- C:\Windows\System\ztpEcdg.exe
  C:\Windows\System\ztpEcdg.exe
  2⤵
  PID:5216
- C:\Windows\System\LneBfkN.exe
  C:\Windows\System\LneBfkN.exe
  2⤵
  PID:5260
- C:\Windows\System\ZpSNHso.exe
  C:\Windows\System\ZpSNHso.exe
  2⤵
  PID:5292
- C:\Windows\System\ZWEutIA.exe
  C:\Windows\System\ZWEutIA.exe
  2⤵
  PID:5276
- C:\Windows\System\ihIMlof.exe
  C:\Windows\System\ihIMlof.exe
  2⤵
  PID:5332
- C:\Windows\System\dyRipIl.exe
  C:\Windows\System\dyRipIl.exe
  2⤵
  PID:5352
- C:\Windows\System\YBRiBlb.exe
  C:\Windows\System\YBRiBlb.exe
  2⤵
  PID:5356
- C:\Windows\System\MvOAbOE.exe
  C:\Windows\System\MvOAbOE.exe
  2⤵
  PID:5400
- C:\Windows\System\eziFCcv.exe
  C:\Windows\System\eziFCcv.exe
  2⤵
  PID:5416
- C:\Windows\System\AruytVA.exe
  C:\Windows\System\AruytVA.exe
  2⤵
  PID:5440
- C:\Windows\System\RCwMlwx.exe
  C:\Windows\System\RCwMlwx.exe
  2⤵
  PID:5492
- C:\Windows\System\nTYrflS.exe
  C:\Windows\System\nTYrflS.exe
  2⤵
  PID:5480
- C:\Windows\System\BYGKCDD.exe
  C:\Windows\System\BYGKCDD.exe
  2⤵
  PID:5540
- C:\Windows\System\YrsUxXj.exe
  C:\Windows\System\YrsUxXj.exe
  2⤵
  PID:5516
- C:\Windows\System\YhIpeCW.exe
  C:\Windows\System\YhIpeCW.exe
  2⤵
  PID:5560
- C:\Windows\System\tNRyVGR.exe
  C:\Windows\System\tNRyVGR.exe
  2⤵
  PID:5712
- C:\Windows\System\dPWuaCc.exe
  C:\Windows\System\dPWuaCc.exe
  2⤵
  PID:5760
- C:\Windows\System\WgmYacn.exe
  C:\Windows\System\WgmYacn.exe
  2⤵
  PID:2744
- C:\Windows\System\NbnOrMi.exe
  C:\Windows\System\NbnOrMi.exe
  2⤵
  PID:5812
- C:\Windows\System\ipPDCus.exe
  C:\Windows\System\ipPDCus.exe
  2⤵
  PID:5840
- C:\Windows\System\yLHwxgR.exe
  C:\Windows\System\yLHwxgR.exe
  2⤵
  PID:5896
- C:\Windows\System\LpqGfGi.exe
  C:\Windows\System\LpqGfGi.exe
  2⤵
  PID:5876
- C:\Windows\System\jFgTgMa.exe
  C:\Windows\System\jFgTgMa.exe
  2⤵
  PID:5920
- C:\Windows\System\jagDrrl.exe
  C:\Windows\System\jagDrrl.exe
  2⤵
  PID:5940
- C:\Windows\System\WHouxyF.exe
  C:\Windows\System\WHouxyF.exe
  2⤵
  PID:5984
- C:\Windows\System\tOQvrgw.exe
  C:\Windows\System\tOQvrgw.exe
  2⤵
  PID:6000
- C:\Windows\System\zqxbPeD.exe
  C:\Windows\System\zqxbPeD.exe
  2⤵
  PID:2704
- C:\Windows\System\OUSnMJm.exe
  C:\Windows\System\OUSnMJm.exe
  2⤵
  PID:6032
- C:\Windows\System\mcTUJqp.exe
  C:\Windows\System\mcTUJqp.exe
  2⤵
  PID:6080
- C:\Windows\System\nDJuOUa.exe
  C:\Windows\System\nDJuOUa.exe
  2⤵
  PID:6084
- C:\Windows\System\pvtnpeo.exe
  C:\Windows\System\pvtnpeo.exe
  2⤵
  PID:6100
- C:\Windows\System\MKndBJT.exe
  C:\Windows\System\MKndBJT.exe
  2⤵
  PID:6132
- C:\Windows\System\aNqWizI.exe
  C:\Windows\System\aNqWizI.exe
  2⤵
  PID:3840
- C:\Windows\System\ZDnLwaD.exe
  C:\Windows\System\ZDnLwaD.exe
  2⤵
  PID:4372
- C:\Windows\System\apmcKys.exe
  C:\Windows\System\apmcKys.exe
  2⤵
  PID:5180
- C:\Windows\System\JaYpziL.exe
  C:\Windows\System\JaYpziL.exe
  2⤵
  PID:5196
- C:\Windows\System\XHDuQBJ.exe
  C:\Windows\System\XHDuQBJ.exe
  2⤵
  PID:5256
- C:\Windows\System\fmCAEll.exe
  C:\Windows\System\fmCAEll.exe
  2⤵
  PID:5340
- C:\Windows\System\ykFwNko.exe
  C:\Windows\System\ykFwNko.exe
  2⤵
  PID:5576
- C:\Windows\System\UkqvrZW.exe
  C:\Windows\System\UkqvrZW.exe
  2⤵
  PID:4756
- C:\Windows\System\UYeLBVL.exe
  C:\Windows\System\UYeLBVL.exe
  2⤵
  PID:5652
- C:\Windows\System\BRmCQGU.exe
  C:\Windows\System\BRmCQGU.exe
  2⤵
  PID:5656
- C:\Windows\System\dMeUIjE.exe
  C:\Windows\System\dMeUIjE.exe
  2⤵
  PID:5696
- C:\Windows\System\bpvUzan.exe
  C:\Windows\System\bpvUzan.exe
  2⤵
  PID:2932
- C:\Windows\System\XMuYetX.exe
  C:\Windows\System\XMuYetX.exe
  2⤵
  PID:2148
- C:\Windows\System\dHovzkP.exe
  C:\Windows\System\dHovzkP.exe
  2⤵
  PID:5832
- C:\Windows\System\XwZXqhb.exe
  C:\Windows\System\XwZXqhb.exe
  2⤵
  PID:5880
- C:\Windows\System\OCRsSRz.exe
  C:\Windows\System\OCRsSRz.exe
  2⤵
  PID:6004
- C:\Windows\System\MbQQEUs.exe
  C:\Windows\System\MbQQEUs.exe
  2⤵
  PID:5884
- C:\Windows\System\shAJkhN.exe
  C:\Windows\System\shAJkhN.exe
  2⤵
  PID:5836
- C:\Windows\System\CVuDWaD.exe
  C:\Windows\System\CVuDWaD.exe
  2⤵
  PID:5924
- C:\Windows\System\NXQQwSN.exe
  C:\Windows\System\NXQQwSN.exe
  2⤵
  PID:2424
- C:\Windows\System\dYTWKkq.exe
  C:\Windows\System\dYTWKkq.exe
  2⤵
  PID:5192
- C:\Windows\System\IUaYRRT.exe
  C:\Windows\System\IUaYRRT.exe
  2⤵
  PID:6036
- C:\Windows\System\FKDyOfv.exe
  C:\Windows\System\FKDyOfv.exe
  2⤵
  PID:6112
- C:\Windows\System\qPvXfKV.exe
  C:\Windows\System\qPvXfKV.exe
  2⤵
  PID:5612
- C:\Windows\System\sznGBSo.exe
  C:\Windows\System\sznGBSo.exe
  2⤵
  PID:5580
- C:\Windows\System\aCYsaas.exe
  C:\Windows\System\aCYsaas.exe
  2⤵
  PID:5692
- C:\Windows\System\iImIVLX.exe
  C:\Windows\System\iImIVLX.exe
  2⤵
  PID:5396
- C:\Windows\System\zscDRgg.exe
  C:\Windows\System\zscDRgg.exe
  2⤵
  PID:5380
- C:\Windows\System\IbDKJgX.exe
  C:\Windows\System\IbDKJgX.exe
  2⤵
  PID:5456
- C:\Windows\System\gCFxJOl.exe
  C:\Windows\System\gCFxJOl.exe
  2⤵
  PID:5528
- C:\Windows\System\OreFDuA.exe
  C:\Windows\System\OreFDuA.exe
  2⤵
  PID:5600
- C:\Windows\System\qmfkPuY.exe
  C:\Windows\System\qmfkPuY.exe
  2⤵
  PID:5680
- C:\Windows\System\anmZeWh.exe
  C:\Windows\System\anmZeWh.exe
  2⤵
  PID:5752
- C:\Windows\System\ZQNfxOP.exe
  C:\Windows\System\ZQNfxOP.exe
  2⤵
  PID:5980
- C:\Windows\System\JMDHgsG.exe
  C:\Windows\System\JMDHgsG.exe
  2⤵
  PID:4844
- C:\Windows\System\FAGBpcg.exe
  C:\Windows\System\FAGBpcg.exe
  2⤵
  PID:5776
- C:\Windows\System\RQhPXoH.exe
  C:\Windows\System\RQhPXoH.exe
  2⤵
  PID:5976
- C:\Windows\System\KLvhpVa.exe
  C:\Windows\System\KLvhpVa.exe
  2⤵
  PID:5132
- C:\Windows\System\spRreUt.exe
  C:\Windows\System\spRreUt.exe
  2⤵
  PID:6052
- C:\Windows\System\tLGGxAc.exe
  C:\Windows\System\tLGGxAc.exe
  2⤵
  PID:5336
- C:\Windows\System\DsjnSwT.exe
  C:\Windows\System\DsjnSwT.exe
  2⤵
  PID:5632
- C:\Windows\System\EifAtUh.exe
  C:\Windows\System\EifAtUh.exe
  2⤵
  PID:1140
- C:\Windows\System\PEUTcWI.exe
  C:\Windows\System\PEUTcWI.exe
  2⤵
  PID:2196
- C:\Windows\System\TxBfMEM.exe
  C:\Windows\System\TxBfMEM.exe
  2⤵
  PID:2220
- C:\Windows\System\yQHBUyM.exe
  C:\Windows\System\yQHBUyM.exe
  2⤵
  PID:1736
- C:\Windows\System\lYkcyTU.exe
  C:\Windows\System\lYkcyTU.exe
  2⤵
  PID:2276
- C:\Windows\System\GIhKKdg.exe
  C:\Windows\System\GIhKKdg.exe
  2⤵
  PID:4456
- C:\Windows\System\xtKDfNg.exe
  C:\Windows\System\xtKDfNg.exe
  2⤵
  PID:5732
- C:\Windows\System\ykjhqmO.exe
  C:\Windows\System\ykjhqmO.exe
  2⤵
  PID:5944
- C:\Windows\System\OZSkGYi.exe
  C:\Windows\System\OZSkGYi.exe
  2⤵
  PID:836
- C:\Windows\System\CvwTpoU.exe
  C:\Windows\System\CvwTpoU.exe
  2⤵
  PID:1540
- C:\Windows\System\mNVLffs.exe
  C:\Windows\System\mNVLffs.exe
  2⤵
  PID:5796
- C:\Windows\System\SPJudgR.exe
  C:\Windows\System\SPJudgR.exe
  2⤵
  PID:2012
- C:\Windows\System\wOHPfar.exe
  C:\Windows\System\wOHPfar.exe
  2⤵
  PID:900
- C:\Windows\System\WMKJeqL.exe
  C:\Windows\System\WMKJeqL.exe
  2⤵
  PID:5472
- C:\Windows\System\FMBtvWL.exe
  C:\Windows\System\FMBtvWL.exe
  2⤵
  PID:2608
- C:\Windows\System\aBAXEKz.exe
  C:\Windows\System\aBAXEKz.exe
  2⤵
  PID:1940
- C:\Windows\System\iwwSJMi.exe
  C:\Windows\System\iwwSJMi.exe
  2⤵
  PID:572
- C:\Windows\System\tUxxPHW.exe
  C:\Windows\System\tUxxPHW.exe
  2⤵
  PID:2656
- C:\Windows\System\HZEpuPV.exe
  C:\Windows\System\HZEpuPV.exe
  2⤵
  PID:5700
- C:\Windows\System\layjFLY.exe
  C:\Windows\System\layjFLY.exe
  2⤵
  PID:5460
- C:\Windows\System\DHzFaVG.exe
  C:\Windows\System\DHzFaVG.exe
  2⤵
  PID:5636
- C:\Windows\System\BefOQVk.exe
  C:\Windows\System\BefOQVk.exe
  2⤵
  PID:1740
- C:\Windows\System\TyOwWuV.exe
  C:\Windows\System\TyOwWuV.exe
  2⤵
  PID:3032
- C:\Windows\System\iQmpSTJ.exe
  C:\Windows\System\iQmpSTJ.exe
  2⤵
  PID:5792
- C:\Windows\System\gWhfAml.exe
  C:\Windows\System\gWhfAml.exe
  2⤵
  PID:5432
- C:\Windows\System\atxGUMl.exe
  C:\Windows\System\atxGUMl.exe
  2⤵
  PID:6016
- C:\Windows\System\YHblXWB.exe
  C:\Windows\System\YHblXWB.exe
  2⤵
  PID:2568
- C:\Windows\System\yOLGfug.exe
  C:\Windows\System\yOLGfug.exe
  2⤵
  PID:5672
- C:\Windows\System\qqNVntY.exe
  C:\Windows\System\qqNVntY.exe
  2⤵
  PID:5716
- C:\Windows\System\eyYEQJa.exe
  C:\Windows\System\eyYEQJa.exe
  2⤵
  PID:2000
- C:\Windows\System\mGWEMbn.exe
  C:\Windows\System\mGWEMbn.exe
  2⤵
  PID:6152
- C:\Windows\System\ThRltqF.exe
  C:\Windows\System\ThRltqF.exe
  2⤵
  PID:6168
- C:\Windows\System\dstIJJc.exe
  C:\Windows\System\dstIJJc.exe
  2⤵
  PID:6184
- C:\Windows\System\dRmSypo.exe
  C:\Windows\System\dRmSypo.exe
  2⤵
  PID:6200
- C:\Windows\System\fATTxPJ.exe
  C:\Windows\System\fATTxPJ.exe
  2⤵
  PID:6228
- C:\Windows\System\OGISSUi.exe
  C:\Windows\System\OGISSUi.exe
  2⤵
  PID:6248
- C:\Windows\System\mRuwtEE.exe
  C:\Windows\System\mRuwtEE.exe
  2⤵
  PID:6280
- C:\Windows\System\smwYVKE.exe
  C:\Windows\System\smwYVKE.exe
  2⤵
  PID:6296
- C:\Windows\System\ifEHdhS.exe
  C:\Windows\System\ifEHdhS.exe
  2⤵
  PID:6312
- C:\Windows\System\qSgxCza.exe
  C:\Windows\System\qSgxCza.exe
  2⤵
  PID:6328
- C:\Windows\System\hbUoaXY.exe
  C:\Windows\System\hbUoaXY.exe
  2⤵
  PID:6344
- C:\Windows\System\LiFNlgh.exe
  C:\Windows\System\LiFNlgh.exe
  2⤵
  PID:6364
- C:\Windows\System\Yzykpbb.exe
  C:\Windows\System\Yzykpbb.exe
  2⤵
  PID:6380
- C:\Windows\System\pogNHsa.exe
  C:\Windows\System\pogNHsa.exe
  2⤵
  PID:6400
- C:\Windows\System\PEfssgx.exe
  C:\Windows\System\PEfssgx.exe
  2⤵
  PID:6420
- C:\Windows\System\BWYCpdN.exe
  C:\Windows\System\BWYCpdN.exe
  2⤵
  PID:6436
- C:\Windows\System\WYRsHsf.exe
  C:\Windows\System\WYRsHsf.exe
  2⤵
  PID:6452
- C:\Windows\System\Kcrnvet.exe
  C:\Windows\System\Kcrnvet.exe
  2⤵
  PID:6468
- C:\Windows\System\esivPTM.exe
  C:\Windows\System\esivPTM.exe
  2⤵
  PID:6484
- C:\Windows\System\CcRFccj.exe
  C:\Windows\System\CcRFccj.exe
  2⤵
  PID:6500
- C:\Windows\System\NDhzegr.exe
  C:\Windows\System\NDhzegr.exe
  2⤵
  PID:6548
- C:\Windows\System\RUCtkwE.exe
  C:\Windows\System\RUCtkwE.exe
  2⤵
  PID:6580
- C:\Windows\System\UqeFpNA.exe
  C:\Windows\System\UqeFpNA.exe
  2⤵
  PID:6596
- C:\Windows\System\tiuBeGu.exe
  C:\Windows\System\tiuBeGu.exe
  2⤵
  PID:6612
- C:\Windows\System\weBgSYx.exe
  C:\Windows\System\weBgSYx.exe
  2⤵
  PID:6644
- C:\Windows\System\LMhSvFK.exe
  C:\Windows\System\LMhSvFK.exe
  2⤵
  PID:6660
- C:\Windows\System\GoXaXBR.exe
  C:\Windows\System\GoXaXBR.exe
  2⤵
  PID:6676
- C:\Windows\System\FsQWbUW.exe
  C:\Windows\System\FsQWbUW.exe
  2⤵
  PID:6692
- C:\Windows\System\ikvZBNo.exe
  C:\Windows\System\ikvZBNo.exe
  2⤵
  PID:6708
- C:\Windows\System\zMYfwSx.exe
  C:\Windows\System\zMYfwSx.exe
  2⤵
  PID:6724
- C:\Windows\System\WumVGdK.exe
  C:\Windows\System\WumVGdK.exe
  2⤵
  PID:6740
- C:\Windows\System\pFvdgXI.exe
  C:\Windows\System\pFvdgXI.exe
  2⤵
  PID:6756
- C:\Windows\System\AfmdpGH.exe
  C:\Windows\System\AfmdpGH.exe
  2⤵
  PID:6772
- C:\Windows\System\RVoFhqI.exe
  C:\Windows\System\RVoFhqI.exe
  2⤵
  PID:6792
- C:\Windows\System\GNXuOUU.exe
  C:\Windows\System\GNXuOUU.exe
  2⤵
  PID:6828
- C:\Windows\System\sLsFZHx.exe
  C:\Windows\System\sLsFZHx.exe
  2⤵
  PID:6844
- C:\Windows\System\ciFYIce.exe
  C:\Windows\System\ciFYIce.exe
  2⤵
  PID:6860
- C:\Windows\System\DRhSiBN.exe
  C:\Windows\System\DRhSiBN.exe
  2⤵
  PID:6880
- C:\Windows\System\CagnkBT.exe
  C:\Windows\System\CagnkBT.exe
  2⤵
  PID:6900
- C:\Windows\System\hmRmNaD.exe
  C:\Windows\System\hmRmNaD.exe
  2⤵
  PID:6916
- C:\Windows\System\ZDzziGi.exe
  C:\Windows\System\ZDzziGi.exe
  2⤵
  PID:6932
- C:\Windows\System\URDcpfw.exe
  C:\Windows\System\URDcpfw.exe
  2⤵
  PID:6948
- C:\Windows\System\oNFlGRu.exe
  C:\Windows\System\oNFlGRu.exe
  2⤵
  PID:6964
- C:\Windows\System\HkeeeXV.exe
  C:\Windows\System\HkeeeXV.exe
  2⤵
  PID:6996
- C:\Windows\System\blZsAFo.exe
  C:\Windows\System\blZsAFo.exe
  2⤵
  PID:7016
- C:\Windows\System\WwYVbWI.exe
  C:\Windows\System\WwYVbWI.exe
  2⤵
  PID:7032
- C:\Windows\System\MhFmBQK.exe
  C:\Windows\System\MhFmBQK.exe
  2⤵
  PID:7048
- C:\Windows\System\CFzmnSx.exe
  C:\Windows\System\CFzmnSx.exe
  2⤵
  PID:7064
- C:\Windows\System\ffGZVMT.exe
  C:\Windows\System\ffGZVMT.exe
  2⤵
  PID:7080
- C:\Windows\System\uyucqXO.exe
  C:\Windows\System\uyucqXO.exe
  2⤵
  PID:7096
- C:\Windows\System\QtTFSBt.exe
  C:\Windows\System\QtTFSBt.exe
  2⤵
  PID:7112
- C:\Windows\System\Socdknf.exe
  C:\Windows\System\Socdknf.exe
  2⤵
  PID:7128
- C:\Windows\System\VqYwQJk.exe
  C:\Windows\System\VqYwQJk.exe
  2⤵
  PID:7148
- C:\Windows\System\MlBAWfG.exe
  C:\Windows\System\MlBAWfG.exe
  2⤵
  PID:5640
- C:\Windows\System\XAWVzJg.exe
  C:\Windows\System\XAWVzJg.exe
  2⤵
  PID:6148
- C:\Windows\System\zlJOCVx.exe
  C:\Windows\System\zlJOCVx.exe
  2⤵
  PID:6212
- C:\Windows\System\xjqiRRu.exe
  C:\Windows\System\xjqiRRu.exe
  2⤵
  PID:6160
- C:\Windows\System\UaxoFlL.exe
  C:\Windows\System\UaxoFlL.exe
  2⤵
  PID:6448
- C:\Windows\System\ZQygETg.exe
  C:\Windows\System\ZQygETg.exe
  2⤵
  PID:6388
- C:\Windows\System\GCgvgME.exe
  C:\Windows\System\GCgvgME.exe
  2⤵
  PID:6480
- C:\Windows\System\oblAbPj.exe
  C:\Windows\System\oblAbPj.exe
  2⤵
  PID:6464
- C:\Windows\System\oKUjJRe.exe
  C:\Windows\System\oKUjJRe.exe
  2⤵
  PID:6536
- C:\Windows\System\sHUwLoM.exe
  C:\Windows\System\sHUwLoM.exe
  2⤵
  PID:6352
- C:\Windows\System\YDFPIft.exe
  C:\Windows\System\YDFPIft.exe
  2⤵
  PID:6564
- C:\Windows\System\kafnPET.exe
  C:\Windows\System\kafnPET.exe
  2⤵
  PID:6620
- C:\Windows\System\lprDQgY.exe
  C:\Windows\System\lprDQgY.exe
  2⤵
  PID:6636
- C:\Windows\System\tRZLFqh.exe
  C:\Windows\System\tRZLFqh.exe
  2⤵
  PID:6732
- C:\Windows\System\sKHPqCr.exe
  C:\Windows\System\sKHPqCr.exe
  2⤵
  PID:6572
- C:\Windows\System\BOLGrqj.exe
  C:\Windows\System\BOLGrqj.exe
  2⤵
  PID:6800
- C:\Windows\System\JafyknI.exe
  C:\Windows\System\JafyknI.exe
  2⤵
  PID:6816
- C:\Windows\System\HPVkwUn.exe
  C:\Windows\System\HPVkwUn.exe
  2⤵
  PID:6896
- C:\Windows\System\eQpVpnF.exe
  C:\Windows\System\eQpVpnF.exe
  2⤵
  PID:6960
- C:\Windows\System\ZtEwqQL.exe
  C:\Windows\System\ZtEwqQL.exe
  2⤵
  PID:7072
- C:\Windows\System\RUAOTuE.exe
  C:\Windows\System\RUAOTuE.exe
  2⤵
  PID:6788
- C:\Windows\System\HVdPzfQ.exe
  C:\Windows\System\HVdPzfQ.exe
  2⤵
  PID:7108
- C:\Windows\System\jDtRmst.exe
  C:\Windows\System\jDtRmst.exe
  2⤵
  PID:2924
- C:\Windows\System\cirhlGm.exe
  C:\Windows\System\cirhlGm.exe
  2⤵
  PID:6752
- C:\Windows\System\IKxulkk.exe
  C:\Windows\System\IKxulkk.exe
  2⤵
  PID:7092
- C:\Windows\System\FNlClaR.exe
  C:\Windows\System\FNlClaR.exe
  2⤵
  PID:6688
- C:\Windows\System\KRoxkjH.exe
  C:\Windows\System\KRoxkjH.exe
  2⤵
  PID:7124
- C:\Windows\System\atKzHeJ.exe
  C:\Windows\System\atKzHeJ.exe
  2⤵
  PID:6872
- C:\Windows\System\WZTAxIS.exe
  C:\Windows\System\WZTAxIS.exe
  2⤵
  PID:6912
- C:\Windows\System\DNjzEAR.exe
  C:\Windows\System\DNjzEAR.exe
  2⤵
  PID:6972
- C:\Windows\System\hyxsgci.exe
  C:\Windows\System\hyxsgci.exe
  2⤵
  PID:6992
- C:\Windows\System\odpQVNj.exe
  C:\Windows\System\odpQVNj.exe
  2⤵
  PID:6180
- C:\Windows\System\OKKpQrv.exe
  C:\Windows\System\OKKpQrv.exe
  2⤵
  PID:6268
- C:\Windows\System\MgbmYby.exe
  C:\Windows\System\MgbmYby.exe
  2⤵
  PID:6308
- C:\Windows\System\SYsFQXZ.exe
  C:\Windows\System\SYsFQXZ.exe
  2⤵
  PID:6340
- C:\Windows\System\zMfyuBl.exe
  C:\Windows\System\zMfyuBl.exe
  2⤵
  PID:2088
- C:\Windows\System\moHHNho.exe
  C:\Windows\System\moHHNho.exe
  2⤵
  PID:6408
- C:\Windows\System\DsvVVUA.exe
  C:\Windows\System\DsvVVUA.exe
  2⤵
  PID:6320
- C:\Windows\System\lxWAfWw.exe
  C:\Windows\System\lxWAfWw.exe
  2⤵
  PID:6460
- C:\Windows\System\pwdEAyB.exe
  C:\Windows\System\pwdEAyB.exe
  2⤵
  PID:6560
- C:\Windows\System\tVfdKUu.exe
  C:\Windows\System\tVfdKUu.exe
  2⤵
  PID:6812
- C:\Windows\System\juqPKfw.exe
  C:\Windows\System\juqPKfw.exe
  2⤵
  PID:7008
- C:\Windows\System\kMbWkcL.exe
  C:\Windows\System\kMbWkcL.exe
  2⤵
  PID:7104
- C:\Windows\System\ItLPCag.exe
  C:\Windows\System\ItLPCag.exe
  2⤵
  PID:6720
- C:\Windows\System\NEfTgNV.exe
  C:\Windows\System\NEfTgNV.exe
  2⤵
  PID:6976
- C:\Windows\System\OuZVdtn.exe
  C:\Windows\System\OuZVdtn.exe
  2⤵
  PID:6304
- C:\Windows\System\lvuoDUZ.exe
  C:\Windows\System\lvuoDUZ.exe
  2⤵
  PID:2296
- C:\Windows\System\zKYBXtV.exe
  C:\Windows\System\zKYBXtV.exe
  2⤵
  PID:6396
- C:\Windows\System\LUwpXEI.exe
  C:\Windows\System\LUwpXEI.exe
  2⤵
  PID:6240
- C:\Windows\System\bZdgouO.exe
  C:\Windows\System\bZdgouO.exe
  2⤵
  PID:7056
- C:\Windows\System\WLTzEEO.exe
  C:\Windows\System\WLTzEEO.exe
  2⤵
  PID:6908
- C:\Windows\System\gmOdYXy.exe
  C:\Windows\System\gmOdYXy.exe
  2⤵
  PID:6524
- C:\Windows\System\oQawQxz.exe
  C:\Windows\System\oQawQxz.exe
  2⤵
  PID:6588
- C:\Windows\System\TYKiFzW.exe
  C:\Windows\System\TYKiFzW.exe
  2⤵
  PID:6496
- C:\Windows\System\PHEbXts.exe
  C:\Windows\System\PHEbXts.exe
  2⤵
  PID:6700
- C:\Windows\System\LkPQgkZ.exe
  C:\Windows\System\LkPQgkZ.exe
  2⤵
  PID:6604
- C:\Windows\System\huvnijy.exe
  C:\Windows\System\huvnijy.exe
  2⤵
  PID:6892
- C:\Windows\System\BNkHNOw.exe
  C:\Windows\System\BNkHNOw.exe
  2⤵
  PID:6512
- C:\Windows\System\diacEfI.exe
  C:\Windows\System\diacEfI.exe
  2⤵
  PID:6984
- C:\Windows\System\IjgHVBW.exe
  C:\Windows\System\IjgHVBW.exe
  2⤵
  PID:7040
- C:\Windows\System\NSKBoZl.exe
  C:\Windows\System\NSKBoZl.exe
  2⤵
  PID:6840
- C:\Windows\System\RyBMCco.exe
  C:\Windows\System\RyBMCco.exe
  2⤵
  PID:7188
- C:\Windows\System\LUtQbSP.exe
  C:\Windows\System\LUtQbSP.exe
  2⤵
  PID:7204
- C:\Windows\System\leXDidA.exe
  C:\Windows\System\leXDidA.exe
  2⤵
  PID:7220
- C:\Windows\System\mexghCP.exe
  C:\Windows\System\mexghCP.exe
  2⤵
  PID:7236
- C:\Windows\System\fjdMult.exe
  C:\Windows\System\fjdMult.exe
  2⤵
  PID:7252
- C:\Windows\System\qnVKoaP.exe
  C:\Windows\System\qnVKoaP.exe
  2⤵
  PID:7268
- C:\Windows\System\cNLNunV.exe
  C:\Windows\System\cNLNunV.exe
  2⤵
  PID:7284
- C:\Windows\System\QMCcRvh.exe
  C:\Windows\System\QMCcRvh.exe
  2⤵
  PID:7300
- C:\Windows\System\kRaNAdr.exe
  C:\Windows\System\kRaNAdr.exe
  2⤵
  PID:7320
- C:\Windows\System\ZDtCFsa.exe
  C:\Windows\System\ZDtCFsa.exe
  2⤵
  PID:7336
- C:\Windows\System\ZTpMaim.exe
  C:\Windows\System\ZTpMaim.exe
  2⤵
  PID:7352
- C:\Windows\System\SPZnLdG.exe
  C:\Windows\System\SPZnLdG.exe
  2⤵
  PID:7368
- C:\Windows\System\ihrWxKk.exe
  C:\Windows\System\ihrWxKk.exe
  2⤵
  PID:7384
- C:\Windows\System\ssZzmSh.exe
  C:\Windows\System\ssZzmSh.exe
  2⤵
  PID:7400
- C:\Windows\System\JmsLLIV.exe
  C:\Windows\System\JmsLLIV.exe
  2⤵
  PID:7416
- C:\Windows\System\fUkdikX.exe
  C:\Windows\System\fUkdikX.exe
  2⤵
  PID:7432
- C:\Windows\System\kyRRMbC.exe
  C:\Windows\System\kyRRMbC.exe
  2⤵
  PID:7448
- C:\Windows\System\vpYNfSo.exe
  C:\Windows\System\vpYNfSo.exe
  2⤵
  PID:7464
- C:\Windows\System\ZAslFWK.exe
  C:\Windows\System\ZAslFWK.exe
  2⤵
  PID:7480
- C:\Windows\System\vTKEvkI.exe
  C:\Windows\System\vTKEvkI.exe
  2⤵
  PID:7496
- C:\Windows\System\THBWQbA.exe
  C:\Windows\System\THBWQbA.exe
  2⤵
  PID:7512
- C:\Windows\System\FFsOMqq.exe
  C:\Windows\System\FFsOMqq.exe
  2⤵
  PID:7528
- C:\Windows\System\ElFSMSH.exe
  C:\Windows\System\ElFSMSH.exe
  2⤵
  PID:7544
- C:\Windows\System\adSUIfA.exe
  C:\Windows\System\adSUIfA.exe
  2⤵
  PID:7560
- C:\Windows\System\fWiKZgB.exe
  C:\Windows\System\fWiKZgB.exe
  2⤵
  PID:7576
- C:\Windows\System\DiKDlkD.exe
  C:\Windows\System\DiKDlkD.exe
  2⤵
  PID:7592
- C:\Windows\System\KBPaeVe.exe
  C:\Windows\System\KBPaeVe.exe
  2⤵
  PID:7608
- C:\Windows\System\vsmpyHp.exe
  C:\Windows\System\vsmpyHp.exe
  2⤵
  PID:7624
- C:\Windows\System\zQEGUvA.exe
  C:\Windows\System\zQEGUvA.exe
  2⤵
  PID:7644
- C:\Windows\System\pTjxjvG.exe
  C:\Windows\System\pTjxjvG.exe
  2⤵
  PID:7660
- C:\Windows\System\pwdBWDl.exe
  C:\Windows\System\pwdBWDl.exe
  2⤵
  PID:7676
- C:\Windows\System\jdtGLmj.exe
  C:\Windows\System\jdtGLmj.exe
  2⤵
  PID:7692
- C:\Windows\System\yoSKsvC.exe
  C:\Windows\System\yoSKsvC.exe
  2⤵
  PID:7708
- C:\Windows\System\AdGlBCH.exe
  C:\Windows\System\AdGlBCH.exe
  2⤵
  PID:7724
- C:\Windows\System\hHnBNLf.exe
  C:\Windows\System\hHnBNLf.exe
  2⤵
  PID:7740
- C:\Windows\System\yZmwGap.exe
  C:\Windows\System\yZmwGap.exe
  2⤵
  PID:7756
- C:\Windows\System\fLYCkbS.exe
  C:\Windows\System\fLYCkbS.exe
  2⤵
  PID:7776
- C:\Windows\System\cSxhSYV.exe
  C:\Windows\System\cSxhSYV.exe
  2⤵
  PID:7792
- C:\Windows\System\JCyerRs.exe
  C:\Windows\System\JCyerRs.exe
  2⤵
  PID:7808
- C:\Windows\System\WScBBqi.exe
  C:\Windows\System\WScBBqi.exe
  2⤵
  PID:7824
- C:\Windows\System\XuHYKNQ.exe
  C:\Windows\System\XuHYKNQ.exe
  2⤵
  PID:7840
- C:\Windows\System\AwcYdXR.exe
  C:\Windows\System\AwcYdXR.exe
  2⤵
  PID:7856
- C:\Windows\System\prLsUtn.exe
  C:\Windows\System\prLsUtn.exe
  2⤵
  PID:7884
- C:\Windows\System\LHGWhYu.exe
  C:\Windows\System\LHGWhYu.exe
  2⤵
  PID:7908
- C:\Windows\System\jGusTdV.exe
  C:\Windows\System\jGusTdV.exe
  2⤵
  PID:7932
- C:\Windows\System\oeLoRCX.exe
  C:\Windows\System\oeLoRCX.exe
  2⤵
  PID:7952
- C:\Windows\System\zExrhqj.exe
  C:\Windows\System\zExrhqj.exe
  2⤵
  PID:7968
- C:\Windows\System\XLtafBP.exe
  C:\Windows\System\XLtafBP.exe
  2⤵
  PID:7984
- C:\Windows\System\LfZnVQO.exe
  C:\Windows\System\LfZnVQO.exe
  2⤵
  PID:8000
- C:\Windows\System\yEPCDbU.exe
  C:\Windows\System\yEPCDbU.exe
  2⤵
  PID:8016
- C:\Windows\System\LRFObYw.exe
  C:\Windows\System\LRFObYw.exe
  2⤵
  PID:8032
- C:\Windows\System\nfMqpFi.exe
  C:\Windows\System\nfMqpFi.exe
  2⤵
  PID:8052
- C:\Windows\System\rdbzZLW.exe
  C:\Windows\System\rdbzZLW.exe
  2⤵
  PID:8068
- C:\Windows\System\Icsofkm.exe
  C:\Windows\System\Icsofkm.exe
  2⤵
  PID:8084
- C:\Windows\System\LSdhWfO.exe
  C:\Windows\System\LSdhWfO.exe
  2⤵
  PID:8100
- C:\Windows\System\WTnHHwn.exe
  C:\Windows\System\WTnHHwn.exe
  2⤵
  PID:8116
- C:\Windows\System\EKuPhin.exe
  C:\Windows\System\EKuPhin.exe
  2⤵
  PID:8132
- C:\Windows\System\zirWPye.exe
  C:\Windows\System\zirWPye.exe
  2⤵
  PID:8148
- C:\Windows\System\blAtxFT.exe
  C:\Windows\System\blAtxFT.exe
  2⤵
  PID:8164
- C:\Windows\System\ztSkbfS.exe
  C:\Windows\System\ztSkbfS.exe
  2⤵
  PID:8180
- C:\Windows\System\giPOSqE.exe
  C:\Windows\System\giPOSqE.exe
  2⤵
  PID:1620
- C:\Windows\System\EGItAhX.exe
  C:\Windows\System\EGItAhX.exe
  2⤵
  PID:2544
- C:\Windows\System\ZIbjSmv.exe
  C:\Windows\System\ZIbjSmv.exe
  2⤵
  PID:6704
- C:\Windows\System\dSWKlEF.exe
  C:\Windows\System\dSWKlEF.exe
  2⤵
  PID:7088
- C:\Windows\System\ixhAXzI.exe
  C:\Windows\System\ixhAXzI.exe
  2⤵
  PID:6640
- C:\Windows\System\YVWsbcK.exe
  C:\Windows\System\YVWsbcK.exe
  2⤵
  PID:6928
- C:\Windows\System\fZJmjdt.exe
  C:\Windows\System\fZJmjdt.exe
  2⤵
  PID:6944
- C:\Windows\System\ELSqKQW.exe
  C:\Windows\System\ELSqKQW.exe
  2⤵
  PID:7140
- C:\Windows\System\eqNIvnR.exe
  C:\Windows\System\eqNIvnR.exe
  2⤵
  PID:7216
- C:\Windows\System\fUjKClt.exe
  C:\Windows\System\fUjKClt.exe
  2⤵
  PID:7248
- C:\Windows\System\RQQuMxb.exe
  C:\Windows\System\RQQuMxb.exe
  2⤵
  PID:7312
- C:\Windows\System\VgSHjHk.exe
  C:\Windows\System\VgSHjHk.exe
  2⤵
  PID:7376
- C:\Windows\System\YJdrbBf.exe
  C:\Windows\System\YJdrbBf.exe
  2⤵
  PID:7440
- C:\Windows\System\YuZugbi.exe
  C:\Windows\System\YuZugbi.exe
  2⤵
  PID:7476
- C:\Windows\System\RNgcBly.exe
  C:\Windows\System\RNgcBly.exe
  2⤵
  PID:7568
- C:\Windows\System\cGnAAzd.exe
  C:\Windows\System\cGnAAzd.exe
  2⤵
  PID:7264
- C:\Windows\System\IdoxFkq.exe
  C:\Windows\System\IdoxFkq.exe
  2⤵
  PID:7296
- C:\Windows\System\VLAipHp.exe
  C:\Windows\System\VLAipHp.exe
  2⤵
  PID:7636
- C:\Windows\System\qomWpHq.exe
  C:\Windows\System\qomWpHq.exe
  2⤵
  PID:7704
- C:\Windows\System\EOTcdcE.exe
  C:\Windows\System\EOTcdcE.exe
  2⤵
  PID:7332
- C:\Windows\System\EzbbTOA.exe
  C:\Windows\System\EzbbTOA.exe
  2⤵
  PID:7424
- C:\Windows\System\OdnyxBZ.exe
  C:\Windows\System\OdnyxBZ.exe
  2⤵
  PID:7488
- C:\Windows\System\yJtcKzm.exe
  C:\Windows\System\yJtcKzm.exe
  2⤵
  PID:7584
- C:\Windows\System\hReUIhr.exe
  C:\Windows\System\hReUIhr.exe
  2⤵
  PID:7720
- C:\Windows\System\fgJeqVo.exe
  C:\Windows\System\fgJeqVo.exe
  2⤵
  PID:7520
- C:\Windows\System\LYOPqeV.exe
  C:\Windows\System\LYOPqeV.exe
  2⤵
  PID:7652
- C:\Windows\System\rhKvkky.exe
  C:\Windows\System\rhKvkky.exe
  2⤵
  PID:7748
- C:\Windows\System\oKmalZQ.exe
  C:\Windows\System\oKmalZQ.exe
  2⤵
  PID:7784
- C:\Windows\System\RdtVBli.exe
  C:\Windows\System\RdtVBli.exe
  2⤵
  PID:7816
- C:\Windows\System\THzYxnM.exe
  C:\Windows\System\THzYxnM.exe
  2⤵
  PID:6196
- C:\Windows\System\OSWjhSG.exe
  C:\Windows\System\OSWjhSG.exe
  2⤵
  PID:7920
- C:\Windows\System\GcICDFU.exe
  C:\Windows\System\GcICDFU.exe
  2⤵
  PID:7940
- C:\Windows\System\RMYkkbS.exe
  C:\Windows\System\RMYkkbS.exe
  2⤵
  PID:8188
- C:\Windows\System\yRwVlvG.exe
  C:\Windows\System\yRwVlvG.exe
  2⤵
  PID:6716
- C:\Windows\System\YscYOzr.exe
  C:\Windows\System\YscYOzr.exe
  2⤵
  PID:8124
- C:\Windows\System\aomXwWq.exe
  C:\Windows\System\aomXwWq.exe
  2⤵
  PID:7012
- C:\Windows\System\aLrBVos.exe
  C:\Windows\System\aLrBVos.exe
  2⤵
  PID:8144
- C:\Windows\System\ehMpkoD.exe
  C:\Windows\System\ehMpkoD.exe
  2⤵
  PID:6244
- C:\Windows\System\UrVWoHo.exe
  C:\Windows\System\UrVWoHo.exe
  2⤵
  PID:7408
- C:\Windows\System\ddjFZMq.exe
  C:\Windows\System\ddjFZMq.exe
  2⤵
  PID:7348
- C:\Windows\System\izfThfZ.exe
  C:\Windows\System\izfThfZ.exe
  2⤵
  PID:7540
- C:\Windows\System\XeRxEoJ.exe
  C:\Windows\System\XeRxEoJ.exe
  2⤵
  PID:7672
- C:\Windows\System\WCZxqQl.exe
  C:\Windows\System\WCZxqQl.exe
  2⤵
  PID:7632
- C:\Windows\System\QFXLaQB.exe
  C:\Windows\System\QFXLaQB.exe
  2⤵
  PID:7396
- C:\Windows\System\wUsYPrd.exe
  C:\Windows\System\wUsYPrd.exe
  2⤵
  PID:7768
- C:\Windows\System\ivoSxYh.exe
  C:\Windows\System\ivoSxYh.exe
  2⤵
  PID:7492
- C:\Windows\System\oRvIuKN.exe
  C:\Windows\System\oRvIuKN.exe
  2⤵
  PID:7820
- C:\Windows\System\FCDJTUQ.exe
  C:\Windows\System\FCDJTUQ.exe
  2⤵
  PID:7556
- C:\Windows\System\KAardKg.exe
  C:\Windows\System\KAardKg.exe
  2⤵
  PID:7876
- C:\Windows\System\KfAmBdg.exe
  C:\Windows\System\KfAmBdg.exe
  2⤵
  PID:7916
- C:\Windows\System\esnxCpS.exe
  C:\Windows\System\esnxCpS.exe
  2⤵
  PID:7904
- C:\Windows\System\ORxAFGx.exe
  C:\Windows\System\ORxAFGx.exe
  2⤵
  PID:2252
- C:\Windows\System\OGdRIDv.exe
  C:\Windows\System\OGdRIDv.exe
  2⤵
  PID:8008
- C:\Windows\System\LSOOZOK.exe
  C:\Windows\System\LSOOZOK.exe
  2⤵
  PID:7996
- C:\Windows\System\lfNTSvw.exe
  C:\Windows\System\lfNTSvw.exe
  2⤵
  PID:8040
- C:\Windows\System\PosiFlK.exe
  C:\Windows\System\PosiFlK.exe
  2⤵
  PID:8076
- C:\Windows\System\vmmMQuu.exe
  C:\Windows\System\vmmMQuu.exe
  2⤵
  PID:8112
- C:\Windows\System\sTzplUe.exe
  C:\Windows\System\sTzplUe.exe
  2⤵
  PID:6764
- C:\Windows\System\RjYvDxc.exe
  C:\Windows\System\RjYvDxc.exe
  2⤵
  PID:6276
- C:\Windows\System\VlDnppT.exe
  C:\Windows\System\VlDnppT.exe
  2⤵
  PID:7244
- C:\Windows\System\KnEJPqt.exe
  C:\Windows\System\KnEJPqt.exe
  2⤵
  PID:7604
- C:\Windows\System\LLqoICK.exe
  C:\Windows\System\LLqoICK.exe
  2⤵
  PID:6444
- C:\Windows\System\euQeMmZ.exe
  C:\Windows\System\euQeMmZ.exe
  2⤵
  PID:7764
- C:\Windows\System\iVPSiXZ.exe
  C:\Windows\System\iVPSiXZ.exe
  2⤵
  PID:2344
- C:\Windows\System\QsXflmb.exe
  C:\Windows\System\QsXflmb.exe
  2⤵
  PID:7260
- C:\Windows\System\qNVDFZD.exe
  C:\Windows\System\qNVDFZD.exe
  2⤵
  PID:7572
- C:\Windows\System\KHOuFFr.exe
  C:\Windows\System\KHOuFFr.exe
  2⤵
  PID:7944
- C:\Windows\System\fwIsGol.exe
  C:\Windows\System\fwIsGol.exe
  2⤵
  PID:8012
- C:\Windows\System\ifIvmkg.exe
  C:\Windows\System\ifIvmkg.exe
  2⤵
  PID:7960
- C:\Windows\System\IsvbRyX.exe
  C:\Windows\System\IsvbRyX.exe
  2⤵
  PID:8060
- C:\Windows\System\vPSdAPu.exe
  C:\Windows\System\vPSdAPu.exe
  2⤵
  PID:7472
- C:\Windows\System\GiftwVo.exe
  C:\Windows\System\GiftwVo.exe
  2⤵
  PID:8160
- C:\Windows\System\gLpTmET.exe
  C:\Windows\System\gLpTmET.exe
  2⤵
  PID:7344
- C:\Windows\System\Vwgebwv.exe
  C:\Windows\System\Vwgebwv.exe
  2⤵
  PID:7900
- C:\Windows\System\jINKAhv.exe
  C:\Windows\System\jINKAhv.exe
  2⤵
  PID:8092
- C:\Windows\System\PAALFvf.exe
  C:\Windows\System\PAALFvf.exe
  2⤵
  PID:7156
- C:\Windows\System\GMeEZpA.exe
  C:\Windows\System\GMeEZpA.exe
  2⤵
  PID:8208
- C:\Windows\System\HGTJQxm.exe
  C:\Windows\System\HGTJQxm.exe
  2⤵
  PID:8224
- C:\Windows\System\entIYeb.exe
  C:\Windows\System\entIYeb.exe
  2⤵
  PID:8240
- C:\Windows\System\hKhUekz.exe
  C:\Windows\System\hKhUekz.exe
  2⤵
  PID:8256
- C:\Windows\System\VdNXaxD.exe
  C:\Windows\System\VdNXaxD.exe
  2⤵
  PID:8272
- C:\Windows\System\YudOnsu.exe
  C:\Windows\System\YudOnsu.exe
  2⤵
  PID:8288
- C:\Windows\System\HCMLICi.exe
  C:\Windows\System\HCMLICi.exe
  2⤵
  PID:8304
- C:\Windows\System\KbYeraY.exe
  C:\Windows\System\KbYeraY.exe
  2⤵
  PID:8320
- C:\Windows\System\uOneiKn.exe
  C:\Windows\System\uOneiKn.exe
  2⤵
  PID:8336
- C:\Windows\System\YFVRezT.exe
  C:\Windows\System\YFVRezT.exe
  2⤵
  PID:8352
- C:\Windows\System\psYLTNi.exe
  C:\Windows\System\psYLTNi.exe
  2⤵
  PID:8368
- C:\Windows\System\OIWXXVN.exe
  C:\Windows\System\OIWXXVN.exe
  2⤵
  PID:8384
- C:\Windows\System\GdGJGfX.exe
  C:\Windows\System\GdGJGfX.exe
  2⤵
  PID:8412
- C:\Windows\System\VnnYpDj.exe
  C:\Windows\System\VnnYpDj.exe
  2⤵
  PID:8428
- C:\Windows\System\RLgehAH.exe
  C:\Windows\System\RLgehAH.exe
  2⤵
  PID:8444
- C:\Windows\System\cFqHpgU.exe
  C:\Windows\System\cFqHpgU.exe
  2⤵
  PID:8460
- C:\Windows\System\EorZSwY.exe
  C:\Windows\System\EorZSwY.exe
  2⤵
  PID:8476
- C:\Windows\System\PIYOfhY.exe
  C:\Windows\System\PIYOfhY.exe
  2⤵
  PID:8492
- C:\Windows\System\vubElgy.exe
  C:\Windows\System\vubElgy.exe
  2⤵
  PID:8508
- C:\Windows\System\sJHuvOf.exe
  C:\Windows\System\sJHuvOf.exe
  2⤵
  PID:8524
- C:\Windows\System\aJwoxLr.exe
  C:\Windows\System\aJwoxLr.exe
  2⤵
  PID:8540
- C:\Windows\System\YJAcfRe.exe
  C:\Windows\System\YJAcfRe.exe
  2⤵
  PID:8556
- C:\Windows\System\LtfSoCF.exe
  C:\Windows\System\LtfSoCF.exe
  2⤵
  PID:8572
- C:\Windows\System\vqZsljA.exe
  C:\Windows\System\vqZsljA.exe
  2⤵
  PID:8588
- C:\Windows\System\cdkNMZj.exe
  C:\Windows\System\cdkNMZj.exe
  2⤵
  PID:8604
- C:\Windows\System\cKVmZNF.exe
  C:\Windows\System\cKVmZNF.exe
  2⤵
  PID:8628
- C:\Windows\System\szMUHjW.exe
  C:\Windows\System\szMUHjW.exe
  2⤵
  PID:8644
- C:\Windows\System\xmhYSoR.exe
  C:\Windows\System\xmhYSoR.exe
  2⤵
  PID:8660
- C:\Windows\System\kYxbcGq.exe
  C:\Windows\System\kYxbcGq.exe
  2⤵
  PID:8676
- C:\Windows\System\NiEBZgC.exe
  C:\Windows\System\NiEBZgC.exe
  2⤵
  PID:8692
- C:\Windows\System\nXddTmR.exe
  C:\Windows\System\nXddTmR.exe
  2⤵
  PID:8708
- C:\Windows\System\veBgGUB.exe
  C:\Windows\System\veBgGUB.exe
  2⤵
  PID:8724
- C:\Windows\System\WsFHXue.exe
  C:\Windows\System\WsFHXue.exe
  2⤵
  PID:8748
- C:\Windows\System\JQHySAA.exe
  C:\Windows\System\JQHySAA.exe
  2⤵
  PID:8764
- C:\Windows\System\Dnqspvc.exe
  C:\Windows\System\Dnqspvc.exe
  2⤵
  PID:8780
- C:\Windows\System\eKziFLx.exe
  C:\Windows\System\eKziFLx.exe
  2⤵
  PID:8796
- C:\Windows\System\RUfzBWi.exe
  C:\Windows\System\RUfzBWi.exe
  2⤵
  PID:8816
- C:\Windows\System\GUdYJRB.exe
  C:\Windows\System\GUdYJRB.exe
  2⤵
  PID:8836
- C:\Windows\System\MiylECu.exe
  C:\Windows\System\MiylECu.exe
  2⤵
  PID:8860
- C:\Windows\System\LJMDHoU.exe
  C:\Windows\System\LJMDHoU.exe
  2⤵
  PID:8876
- C:\Windows\System\jxHAWUk.exe
  C:\Windows\System\jxHAWUk.exe
  2⤵
  PID:8892
- C:\Windows\System\HKVQAIG.exe
  C:\Windows\System\HKVQAIG.exe
  2⤵
  PID:8908
- C:\Windows\System\hYbRwIt.exe
  C:\Windows\System\hYbRwIt.exe
  2⤵
  PID:8928
- C:\Windows\System\GhkjOlJ.exe
  C:\Windows\System\GhkjOlJ.exe
  2⤵
  PID:8956
- C:\Windows\System\yNlkEps.exe
  C:\Windows\System\yNlkEps.exe
  2⤵
  PID:9024
- C:\Windows\System\GRieHNU.exe
  C:\Windows\System\GRieHNU.exe
  2⤵
  PID:9096
- C:\Windows\System\fJQTtXM.exe
  C:\Windows\System\fJQTtXM.exe
  2⤵
  PID:9112
- C:\Windows\System\WiuPnys.exe
  C:\Windows\System\WiuPnys.exe
  2⤵
  PID:8300
- C:\Windows\System\OsVaKon.exe
  C:\Windows\System\OsVaKon.exe
  2⤵
  PID:7872
- C:\Windows\System\mFKfrWy.exe
  C:\Windows\System\mFKfrWy.exe
  2⤵
  PID:8488
- C:\Windows\System\mmPjoks.exe
  C:\Windows\System\mmPjoks.exe
  2⤵
  PID:8568
- C:\Windows\System\YjMWeuG.exe
  C:\Windows\System\YjMWeuG.exe
  2⤵
  PID:8408
- C:\Windows\System\XQDiFxJ.exe
  C:\Windows\System\XQDiFxJ.exe
  2⤵
  PID:8504
- C:\Windows\System\FPUNART.exe
  C:\Windows\System\FPUNART.exe
  2⤵
  PID:8668
- C:\Windows\System\CiqHeYh.exe
  C:\Windows\System\CiqHeYh.exe
  2⤵
  PID:8900
- C:\Windows\System\uSUtfyL.exe
  C:\Windows\System\uSUtfyL.exe
  2⤵
  PID:8936
- C:\Windows\System\rRCryap.exe
  C:\Windows\System\rRCryap.exe
  2⤵
  PID:8924
- C:\Windows\System\MkirxLq.exe
  C:\Windows\System\MkirxLq.exe
  2⤵
  PID:8968
- C:\Windows\System\YsJpQeE.exe
  C:\Windows\System\YsJpQeE.exe
  2⤵
  PID:9004
- C:\Windows\System\zaBnzth.exe
  C:\Windows\System\zaBnzth.exe
  2⤵
  PID:9036
- C:\Windows\System\ygDMCxY.exe
  C:\Windows\System\ygDMCxY.exe
  2⤵
  PID:9052
- C:\Windows\System\pvECEtb.exe
  C:\Windows\System\pvECEtb.exe
  2⤵
  PID:9064
- C:\Windows\System\keAPyhe.exe
  C:\Windows\System\keAPyhe.exe
  2⤵
  PID:9084
- C:\Windows\System\rXifPZX.exe
  C:\Windows\System\rXifPZX.exe
  2⤵
  PID:9108
- C:\Windows\System\tyBNUDy.exe
  C:\Windows\System\tyBNUDy.exe
  2⤵
  PID:9136
- C:\Windows\System\xLpzOzP.exe
  C:\Windows\System\xLpzOzP.exe
  2⤵
  PID:9152
- C:\Windows\System\kQRwKQw.exe
  C:\Windows\System\kQRwKQw.exe
  2⤵
  PID:9168
- C:\Windows\System\aGVSdNL.exe
  C:\Windows\System\aGVSdNL.exe
  2⤵
  PID:9184
- C:\Windows\System\mjOnZMG.exe
  C:\Windows\System\mjOnZMG.exe
  2⤵
  PID:9200
- C:\Windows\System\RQZCUTk.exe
  C:\Windows\System\RQZCUTk.exe
  2⤵
  PID:7804
- C:\Windows\System\TSsitLQ.exe
  C:\Windows\System\TSsitLQ.exe
  2⤵
  PID:8248
- C:\Windows\System\ivBpEka.exe
  C:\Windows\System\ivBpEka.exe
  2⤵
  PID:8312
- C:\Windows\System\dsnktHS.exe
  C:\Windows\System\dsnktHS.exe
  2⤵
  PID:8348
- C:\Windows\System\ivNnsdF.exe
  C:\Windows\System\ivNnsdF.exe
  2⤵
  PID:8392
- C:\Windows\System\evqrzwD.exe
  C:\Windows\System\evqrzwD.exe
  2⤵
  PID:8364
- C:\Windows\System\jovjvkV.exe
  C:\Windows\System\jovjvkV.exe
  2⤵
  PID:8328
- C:\Windows\System\ptzVjvw.exe
  C:\Windows\System\ptzVjvw.exe
  2⤵
  PID:8200
- C:\Windows\System\GlnBqRv.exe
  C:\Windows\System\GlnBqRv.exe
  2⤵
  PID:8172
- C:\Windows\System\Dxaskwz.exe
  C:\Windows\System\Dxaskwz.exe
  2⤵
  PID:8456
- C:\Windows\System\GMHZdIJ.exe
  C:\Windows\System\GMHZdIJ.exe
  2⤵
  PID:8580
- C:\Windows\System\lSXwKMS.exe
  C:\Windows\System\lSXwKMS.exe
  2⤵
  PID:8468
- C:\Windows\System\eGnvfSj.exe
  C:\Windows\System\eGnvfSj.exe
  2⤵
  PID:6432
- C:\Windows\System\uqHpAzz.exe
  C:\Windows\System\uqHpAzz.exe
  2⤵
  PID:9132
- C:\Windows\System\CHyHcqb.exe
  C:\Windows\System\CHyHcqb.exe
  2⤵
  PID:7460
- C:\Windows\System\XmwuBFq.exe
  C:\Windows\System\XmwuBFq.exe
  2⤵
  PID:8044
- C:\Windows\System\UlOYpUv.exe
  C:\Windows\System\UlOYpUv.exe
  2⤵
  PID:8584
- C:\Windows\System\FnABzgd.exe
  C:\Windows\System\FnABzgd.exe
  2⤵
  PID:8472
- C:\Windows\System\xXTaFhg.exe
  C:\Windows\System\xXTaFhg.exe
  2⤵
  PID:8720
- C:\Windows\System\ATfpsrH.exe
  C:\Windows\System\ATfpsrH.exe
  2⤵
  PID:8684
- C:\Windows\System\yxAiMty.exe
  C:\Windows\System\yxAiMty.exe
  2⤵
  PID:8672
- C:\Windows\System\ainlxQI.exe
  C:\Windows\System\ainlxQI.exe
  2⤵
  PID:8904
- C:\Windows\System\opXhwMX.exe
  C:\Windows\System\opXhwMX.exe
  2⤵
  PID:8964
- C:\Windows\System\mrVpVQa.exe
  C:\Windows\System\mrVpVQa.exe
  2⤵
  PID:8868
- C:\Windows\System\rlpdtFY.exe
  C:\Windows\System\rlpdtFY.exe
  2⤵
  PID:8760
- C:\Windows\System\shCgtDr.exe
  C:\Windows\System\shCgtDr.exe
  2⤵
  PID:9060
- C:\Windows\System\EiOyiEZ.exe
  C:\Windows\System\EiOyiEZ.exe
  2⤵
  PID:8976
- C:\Windows\System\KAQuzfT.exe
  C:\Windows\System\KAQuzfT.exe
  2⤵
  PID:9144
- C:\Windows\System\zhUApKJ.exe
  C:\Windows\System\zhUApKJ.exe
  2⤵
  PID:8804
- C:\Windows\System\VbIIDFj.exe
  C:\Windows\System\VbIIDFj.exe
  2⤵
  PID:8376
- C:\Windows\System\fHhpqZs.exe
  C:\Windows\System\fHhpqZs.exe
  2⤵
  PID:8028
- C:\Windows\System\UcNejib.exe
  C:\Windows\System\UcNejib.exe
  2⤵
  PID:2156
- C:\Windows\System\QnAOwSD.exe
  C:\Windows\System\QnAOwSD.exe
  2⤵
  PID:8452
- C:\Windows\System\yMtXsDq.exe
  C:\Windows\System\yMtXsDq.exe
  2⤵
  PID:8716
- C:\Windows\System\aFypwnQ.exe
  C:\Windows\System\aFypwnQ.exe
  2⤵
  PID:8612
- C:\Windows\System\NvzLJNB.exe
  C:\Windows\System\NvzLJNB.exe
  2⤵
  PID:8600
- C:\Windows\System\ymxcNlI.exe
  C:\Windows\System\ymxcNlI.exe
  2⤵
  PID:8852
- C:\Windows\System\KJEiLhy.exe
  C:\Windows\System\KJEiLhy.exe
  2⤵
  PID:8844
- C:\Windows\System\VoauNHK.exe
  C:\Windows\System\VoauNHK.exe
  2⤵
  PID:9180
- C:\Windows\System\FkMhznJ.exe
  C:\Windows\System\FkMhznJ.exe
  2⤵
  PID:9080
- C:\Windows\System\dHScdEt.exe
  C:\Windows\System\dHScdEt.exe
  2⤵
  PID:8096
- C:\Windows\System\BIRxpZP.exe
  C:\Windows\System\BIRxpZP.exe
  2⤵
  PID:9196
- C:\Windows\System\MCrLNhR.exe
  C:\Windows\System\MCrLNhR.exe
  2⤵
  PID:8316
- C:\Windows\System\gbhXomW.exe
  C:\Windows\System\gbhXomW.exe
  2⤵
  PID:8704
- C:\Windows\System\ZEmxHMn.exe
  C:\Windows\System\ZEmxHMn.exe
  2⤵
  PID:9032
- C:\Windows\System\slMoXII.exe
  C:\Windows\System\slMoXII.exe
  2⤵
  PID:8772
- C:\Windows\System\VVilcDa.exe
  C:\Windows\System\VVilcDa.exe
  2⤵
  PID:9104
- C:\Windows\System\pwscfrd.exe
  C:\Windows\System\pwscfrd.exe
  2⤵
  PID:8280
- C:\Windows\System\mcKPouU.exe
  C:\Windows\System\mcKPouU.exe
  2⤵
  PID:6164
- C:\Windows\System\OjDJUOP.exe
  C:\Windows\System\OjDJUOP.exe
  2⤵
  PID:9176
- C:\Windows\System\vCobHEs.exe
  C:\Windows\System\vCobHEs.exe
  2⤵
  PID:1000
- C:\Windows\System\RSCLBZz.exe
  C:\Windows\System\RSCLBZz.exe
  2⤵
  PID:9228
- C:\Windows\System\jhFyOOV.exe
  C:\Windows\System\jhFyOOV.exe
  2⤵
  PID:9244
- C:\Windows\System\DYqAJaq.exe
  C:\Windows\System\DYqAJaq.exe
  2⤵
  PID:9260
- C:\Windows\System\wjbbVRw.exe
  C:\Windows\System\wjbbVRw.exe
  2⤵
  PID:9284
- C:\Windows\System\UPIrLlb.exe
  C:\Windows\System\UPIrLlb.exe
  2⤵
  PID:9312
- C:\Windows\System\faeWZHa.exe
  C:\Windows\System\faeWZHa.exe
  2⤵
  PID:9352
- C:\Windows\System\QknrhUs.exe
  C:\Windows\System\QknrhUs.exe
  2⤵
  PID:9372
- C:\Windows\System\BUxrlAs.exe
  C:\Windows\System\BUxrlAs.exe
  2⤵
  PID:9388
- C:\Windows\System\mTovdiL.exe
  C:\Windows\System\mTovdiL.exe
  2⤵
  PID:9408
- C:\Windows\System\mqsqWPQ.exe
  C:\Windows\System\mqsqWPQ.exe
  2⤵
  PID:9424
- C:\Windows\System\ZAIwMbO.exe
  C:\Windows\System\ZAIwMbO.exe
  2⤵
  PID:9444
- C:\Windows\System\zUAmvIK.exe
  C:\Windows\System\zUAmvIK.exe
  2⤵
  PID:9460
- C:\Windows\System\vKwNevQ.exe
  C:\Windows\System\vKwNevQ.exe
  2⤵
  PID:9480
- C:\Windows\System\vJXuqzS.exe
  C:\Windows\System\vJXuqzS.exe
  2⤵
  PID:9496
- C:\Windows\System\HzPYkwh.exe
  C:\Windows\System\HzPYkwh.exe
  2⤵
  PID:9516
- C:\Windows\System\LHXsCkA.exe
  C:\Windows\System\LHXsCkA.exe
  2⤵
  PID:9540
- C:\Windows\System\iWtPbum.exe
  C:\Windows\System\iWtPbum.exe
  2⤵
  PID:9564
- C:\Windows\System\HHRqEBl.exe
  C:\Windows\System\HHRqEBl.exe
  2⤵
  PID:9592
- C:\Windows\System\UFeGnox.exe
  C:\Windows\System\UFeGnox.exe
  2⤵
  PID:9612
- C:\Windows\System\IJlOUGw.exe
  C:\Windows\System\IJlOUGw.exe
  2⤵
  PID:9628
- C:\Windows\System\gpJDKaJ.exe
  C:\Windows\System\gpJDKaJ.exe
  2⤵
  PID:9656
- C:\Windows\System\YatKwET.exe
  C:\Windows\System\YatKwET.exe
  2⤵
  PID:9672
- C:\Windows\System\dxlDUql.exe
  C:\Windows\System\dxlDUql.exe
  2⤵
  PID:9688
- C:\Windows\System\tRcrgFX.exe
  C:\Windows\System\tRcrgFX.exe
  2⤵
  PID:9704
- C:\Windows\System\HHSEOVq.exe
  C:\Windows\System\HHSEOVq.exe
  2⤵
  PID:9736
- C:\Windows\System\MWxykKc.exe
  C:\Windows\System\MWxykKc.exe
  2⤵
  PID:9752
- C:\Windows\System\zBZWvzd.exe
  C:\Windows\System\zBZWvzd.exe
  2⤵
  PID:9768
- C:\Windows\System\POyrLlP.exe
  C:\Windows\System\POyrLlP.exe
  2⤵
  PID:9784
- C:\Windows\System\TuWbmrH.exe
  C:\Windows\System\TuWbmrH.exe
  2⤵
  PID:9812
- C:\Windows\System\GgHxqUY.exe
  C:\Windows\System\GgHxqUY.exe
  2⤵
  PID:9828
- C:\Windows\System\PmpDMFj.exe
  C:\Windows\System\PmpDMFj.exe
  2⤵
  PID:9844
- C:\Windows\System\gHPANMw.exe
  C:\Windows\System\gHPANMw.exe
  2⤵
  PID:9860
- C:\Windows\System\mLwYnjK.exe
  C:\Windows\System\mLwYnjK.exe
  2⤵
  PID:9888
- C:\Windows\System\wknEkti.exe
  C:\Windows\System\wknEkti.exe
  2⤵
  PID:9904
- C:\Windows\System\qrMGHPG.exe
  C:\Windows\System\qrMGHPG.exe
  2⤵
  PID:9924
- C:\Windows\System\eoWMtHT.exe
  C:\Windows\System\eoWMtHT.exe
  2⤵
  PID:9948
- C:\Windows\System\YSldIKt.exe
  C:\Windows\System\YSldIKt.exe
  2⤵
  PID:9964
- C:\Windows\System\YLxlmLO.exe
  C:\Windows\System\YLxlmLO.exe
  2⤵
  PID:9984
- C:\Windows\System\hATRZwt.exe
  C:\Windows\System\hATRZwt.exe
  2⤵
  PID:10012
- C:\Windows\System\fuRUVFW.exe
  C:\Windows\System\fuRUVFW.exe
  2⤵
  PID:10032
- C:\Windows\System\APhejIi.exe
  C:\Windows\System\APhejIi.exe
  2⤵
  PID:10052
- C:\Windows\System\gIJQxYU.exe
  C:\Windows\System\gIJQxYU.exe
  2⤵
  PID:10072
- C:\Windows\System\waIgdRX.exe
  C:\Windows\System\waIgdRX.exe
  2⤵
  PID:10096
- C:\Windows\System\fmfKMKa.exe
  C:\Windows\System\fmfKMKa.exe
  2⤵
  PID:10116
- C:\Windows\System\ypwzycy.exe
  C:\Windows\System\ypwzycy.exe
  2⤵
  PID:10136
- C:\Windows\System\rimkQsi.exe
  C:\Windows\System\rimkQsi.exe
  2⤵
  PID:10156
- C:\Windows\System\AolcxIY.exe
  C:\Windows\System\AolcxIY.exe
  2⤵
  PID:10180
- C:\Windows\System\OoKsRMU.exe
  C:\Windows\System\OoKsRMU.exe
  2⤵
  PID:10200
- C:\Windows\System\NMeWjkT.exe
  C:\Windows\System\NMeWjkT.exe
  2⤵
  PID:10224
- C:\Windows\System\RYxjkta.exe
  C:\Windows\System\RYxjkta.exe
  2⤵
  PID:9240
- C:\Windows\System\ZtQDpYQ.exe
  C:\Windows\System\ZtQDpYQ.exe
  2⤵
  PID:9276
- C:\Windows\System\QAQQxtS.exe
  C:\Windows\System\QAQQxtS.exe
  2⤵
  PID:8220
- C:\Windows\System\vxtJqUo.exe
  C:\Windows\System\vxtJqUo.exe
  2⤵
  PID:9212
- C:\Windows\System\eoSlWoM.exe
  C:\Windows\System\eoSlWoM.exe
  2⤵
  PID:9076
- C:\Windows\System\iwmhOhx.exe
  C:\Windows\System\iwmhOhx.exe
  2⤵
  PID:9300
- C:\Windows\System\UxTHWJT.exe
  C:\Windows\System\UxTHWJT.exe
  2⤵
  PID:9224
- C:\Windows\System\PWbJxiN.exe
  C:\Windows\System\PWbJxiN.exe
  2⤵
  PID:9348
- C:\Windows\System\zYUlRqg.exe
  C:\Windows\System\zYUlRqg.exe
  2⤵
  PID:9396
- C:\Windows\System\LUsyFJQ.exe
  C:\Windows\System\LUsyFJQ.exe
  2⤵
  PID:9452
- C:\Windows\System\DdgZgoV.exe
  C:\Windows\System\DdgZgoV.exe
  2⤵
  PID:9532
- C:\Windows\System\giOkbUY.exe
  C:\Windows\System\giOkbUY.exe
  2⤵
  PID:9440
- C:\Windows\System\kwmBjFG.exe
  C:\Windows\System\kwmBjFG.exe
  2⤵
  PID:9400
- C:\Windows\System\OwkOcza.exe
  C:\Windows\System\OwkOcza.exe
  2⤵
  PID:9548
- C:\Windows\System\BSyxTAj.exe
  C:\Windows\System\BSyxTAj.exe
  2⤵
  PID:9576
- C:\Windows\System\VWRywVp.exe
  C:\Windows\System\VWRywVp.exe
  2⤵
  PID:9620
- C:\Windows\System\vbQHFhO.exe
  C:\Windows\System\vbQHFhO.exe
  2⤵
  PID:9636
- C:\Windows\System\PjHscvl.exe
  C:\Windows\System\PjHscvl.exe
  2⤵
  PID:9640
- C:\Windows\System\odHKsTq.exe
  C:\Windows\System\odHKsTq.exe
  2⤵
  PID:9680
- C:\Windows\System\ifbQqkl.exe
  C:\Windows\System\ifbQqkl.exe
  2⤵
  PID:9732
- C:\Windows\System\WfnnZGf.exe
  C:\Windows\System\WfnnZGf.exe
  2⤵
  PID:9764
- C:\Windows\System\ZseZWKp.exe
  C:\Windows\System\ZseZWKp.exe
  2⤵
  PID:9852
- C:\Windows\System\dJwLmIB.exe
  C:\Windows\System\dJwLmIB.exe
  2⤵
  PID:9936
- C:\Windows\System\ZkFsLam.exe
  C:\Windows\System\ZkFsLam.exe
  2⤵
  PID:9880
- C:\Windows\System\wBPfnmr.exe
  C:\Windows\System\wBPfnmr.exe
  2⤵
  PID:9872
- C:\Windows\System\WPCldPk.exe
  C:\Windows\System\WPCldPk.exe
  2⤵
  PID:9912
- C:\Windows\System\fDVQKXX.exe
  C:\Windows\System\fDVQKXX.exe
  2⤵
  PID:9980
- C:\Windows\System\LuntgJt.exe
  C:\Windows\System\LuntgJt.exe
  2⤵
  PID:10000
- C:\Windows\System\PZkmabd.exe
  C:\Windows\System\PZkmabd.exe
  2⤵
  PID:10060
- C:\Windows\System\ONcDwbw.exe
  C:\Windows\System\ONcDwbw.exe
  2⤵
  PID:10044
- C:\Windows\System\OmhfGFa.exe
  C:\Windows\System\OmhfGFa.exe
  2⤵
  PID:10108
- C:\Windows\System\ZXhKMti.exe
  C:\Windows\System\ZXhKMti.exe
  2⤵
  PID:10132
- C:\Windows\System\sDavVdn.exe
  C:\Windows\System\sDavVdn.exe
  2⤵
  PID:10172
- C:\Windows\System\nzJezCz.exe
  C:\Windows\System\nzJezCz.exe
  2⤵
  PID:10196
- C:\Windows\System\kwjeoQa.exe
  C:\Windows\System\kwjeoQa.exe
  2⤵
  PID:10232
- C:\Windows\System\XycIbBf.exe
  C:\Windows\System\XycIbBf.exe
  2⤵
  PID:8792
- C:\Windows\System\wnRUlMM.exe
  C:\Windows\System\wnRUlMM.exe
  2⤵
  PID:9328
- C:\Windows\System\meBcrQm.exe
  C:\Windows\System\meBcrQm.exe
  2⤵
  PID:9252
- C:\Windows\System\aGHNbMy.exe
  C:\Windows\System\aGHNbMy.exe
  2⤵
  PID:9344
- C:\Windows\System\vMsLJEl.exe
  C:\Windows\System\vMsLJEl.exe
  2⤵
  PID:9380
- C:\Windows\System\HXNjmJf.exe
  C:\Windows\System\HXNjmJf.exe
  2⤵
  PID:9608
- C:\Windows\System\tauvNNI.exe
  C:\Windows\System\tauvNNI.exe
  2⤵
  PID:9504
- C:\Windows\System\UWPdPwt.exe
  C:\Windows\System\UWPdPwt.exe
  2⤵
  PID:9696
- C:\Windows\System\vyUyYYD.exe
  C:\Windows\System\vyUyYYD.exe
  2⤵
  PID:9648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\HbKCwjj.exe

Filesize
6.0MB

MD5
4eb1073bd7dab735267c494576dd0ff3

SHA1
8d3aeea9b83b2f016b5cb6880511ed38063301fc

SHA256
bc237034b4a4fa5ecfe7fb09c03ea43ee22ba6ce703a297419b66aff83640608

SHA512
a935b0ba9eb298839e6c641a63c27c2ecee83a0f9dd1ef0a13e0e35fd3a92aba698cda296f20d15b1cc26d49f3de7ba01086ad738e0844672216a5c94a8df022

Download Submit
C:\Windows\system\Hdesten.exe

Filesize
6.0MB

MD5
053bd40f25352a459270e83e94bc833a

SHA1
da21d7cdaaafae793dd53a4cfaeb62cba85bc877

SHA256
428ee967091f0177eb6969bed0d8f1538f10f1b56710cd42181a2c2155c43216

SHA512
93d1e18464088c356b19cf07b16e39d46c2a278f4fd9a9a51fe20859454a6e6791016e7a64bbe65913ca41e83a9887fa74b127b4c0d2a71e4418f9dce3e75e7e

Download Submit
C:\Windows\system\HiTXvoH.exe

Filesize
6.0MB

MD5
02caec1568fabfae17cf32399e11f31b

SHA1
8c35927bda68308a675bccea042c61ee42f7b912

SHA256
028f4d27728f69e75d1bde579901be1079e8b14d6015474723ecf6ba3d241c99

SHA512
928479e6546be8cadf71c592974fcacc0dac37a5ec993362b7e849861fc5d4f6443eaadc7481f0af8d509197b7177df2f750d808d14de434e5420bfa476adbcb

Download Submit
C:\Windows\system\IzkYVsP.exe

Filesize
6.0MB

MD5
a6ece018426725111e72dd3803d41956

SHA1
4942b4a20b97ea910c304c210c2e80b9fec1a52a

SHA256
807467d7924178aa2d09fdf8d4498642e7aa022cd3b7f5993da2550ceaf9e4ce

SHA512
8d0e17f0ef1de576c635b23538332760469ccb95fa9b419b45a1851f791ccb319ea370f4cada2cc98ae9ec122c1e982c909d006eb58f76723b9ebe408b96769d

Download Submit
C:\Windows\system\NVZDBgK.exe

Filesize
6.0MB

MD5
e0a5b42acf429e0ea30ed39b5b55a742

SHA1
747c26f520f8480949ab7f2579f73c317b1c54b2

SHA256
bb10e8b0f83d2385415f321e75a6e1f919a2d4d96d45349664934f3db5d70c87

SHA512
5f9e828cdf7f948d25feff0549bee6638d3926162d156ecad38b623b700d5beb22773cd5ebd53f735398eba8a75d2238e79164f444446ba7a4cc01e45d1a7e4a

Download Submit
C:\Windows\system\OAGszMp.exe

Filesize
6.0MB

MD5
2c5e2d3c1eb8c7ab3909880de955cee0

SHA1
70bfeb94ec673eb113611dcb701f33f51de45b1b

SHA256
f000dfd571d6ce919113b16cec9e9c3e694501d1c09fcc612e08ee96e96f6233

SHA512
0d0577b0299fe7a9915d31a74b368180aec3675efac4d2e87b5722ddb649e5404c86dc6e1a78e4b8c3622d647dc7f5640706c0dc1dc0682e1455b4c4903b007d

Download Submit
C:\Windows\system\QCtdBDB.exe

Filesize
6.0MB

MD5
41294e1362612c7df676146e1c257956

SHA1
d3862b168b357ad3933c5223fe54857cb6a57742

SHA256
d1da5e6fa0617598e2615a5c96d7f5db37de8d5c86cae85c64ab5f6e7b6e3fdb

SHA512
147c9e7a2c8931218fd5c73bf70fbee832a2d1fe7d54d7ec81c4d12bcb3f5c9a79f0785bea89d6e5ad3f1536d18bd7caf257f4d30e66d7a1f170c1d9bfd6d200

Download Submit
C:\Windows\system\TJnGbkm.exe

Filesize
6.0MB

MD5
666e45c8d4b8010117bd5f26b8e0503a

SHA1
aa8fed92d85a26f2cb2e548e84ed1503b8460231

SHA256
784a258fdbfb6c49e7e1e21a387abdb9b1825325d63f595ccc359012f0fbcc99

SHA512
fe441f77cc9195cee953181999b549a583954127b954cb0a36a7f323399d4e3c829a15e72e586a83cb18dc337d973fc564224f3de6a5fc8e78fa059f81324627

Download Submit
C:\Windows\system\VLbrZXn.exe

Filesize
6.0MB

MD5
19353dbfdac611a13483ca0d25d5aa0b

SHA1
8d3cba901e1b594040b983afd6a853b820c35714

SHA256
2e16614742ccaac004b0e4b9d3aeb9ddfcba121a37976eeb201fbbb6c4fa7e88

SHA512
e06bd256e0a0ab3d2ccb49388fa81dad109b5457d5aeffd2c909ed22e7c14f1a24f94e9e63a0a4e0cf204e93f94fd44155581741e4b70abfc707b7828b66ea28

Download Submit
C:\Windows\system\VYaWgRJ.exe

Filesize
6.0MB

MD5
451752b0e11aa1723525e579b4dec5ba

SHA1
cc75f40c13e5be8f533e622f58934e6396c4902a

SHA256
991b96b50246d7ab8d5588f0f11ed2897979cc7d4cacad3c3de715597dbbabaa

SHA512
80a7d37126f42a586947a679a24bcf5b1062d326c723a33f939ce33785d5469fac245add7dad4567664e7882815fee677048fdd97594f01a7f33138cf780fd71

Download Submit
C:\Windows\system\VyCtMKo.exe

Filesize
6.0MB

MD5
0a408fb44f8fbe23d205e25d50090b6e

SHA1
02381eb86b334706549b51a54370cf8f4c1f5775

SHA256
4a0733d977ee74579cae00917677c6b823c978e31fea45772675d695b9e94155

SHA512
8c957f044763a488ae897ca0855115390112f7471d85a4749866b1a20f116ba05005c10de6f592d373388d1d3d6ad3ee658554302ccb60f4e65a7f8e82b72d67

Download Submit
C:\Windows\system\WCqLCcN.exe

Filesize
6.0MB

MD5
ac93f45bca79203b5cad17ec238260a4

SHA1
55b6465321719a624abbba0bc37748c6ac50e871

SHA256
5ed7aae58e290c7a446abf3ef40054bbb1a8aced8166fe0b00d32c2af4eb78ab

SHA512
cd8d0733d7bc219a0402b7e79103ff2883a9b2f2b375cae4d22b0bf6bd55a4c929076537751b44649d5d76db9a8077bec1aa9121712e1f0b7d8b8ee9334cddf8

Download Submit
C:\Windows\system\WxRrQKd.exe

Filesize
6.0MB

MD5
9adf59da2ee6bff010e09a9279277c41

SHA1
cedfcc00dbe33780f2edd2573476b1439224feb4

SHA256
ba1ededf8ce2f8f5b2db8bdfac4ddf635988d638519b0e453dbf1bb53d1b8bc4

SHA512
37d671fc0aa6e121232f0c2d9d2b4fcdbb955b1b7a170b6462e555650ee19f6616efc78e84321800548ecc82d1553d057daf5235d43850bbc973165ac2a546ce

Download Submit
C:\Windows\system\aAbZpHo.exe

Filesize
6.0MB

MD5
3d03a8dd07261e753da89a4cc581d9ec

SHA1
d7e06936f9bb035a250ed8a4d63f677c1842000c

SHA256
206bd60aafd753af5dbab1a17bb0d71844a9bc8a6fbbf9bb86b433520614e681

SHA512
3d1aba789d531b28f2498c9f5b5ba538efc2e2aa6d0da9f803d8aa61682487fdbf161672f5dd090236c3cf2296c75c398972610d99402a8cba80793526faa124

Download Submit
C:\Windows\system\bfnWfQW.exe

Filesize
6.0MB

MD5
02336c3fddd5ec21a7986085be51d8bf

SHA1
9590eff9c8d62837d82877c381da80abe31fc6de

SHA256
60c7554f17eb7ef7ea359bb1d47fd4a02c144b463e28a2f545ba819468ae0290

SHA512
165fdba1a94f43570cdd06592e89229100898f5d709d3845d3c44f73dae3d1fa2eff9ae3d7024d9bc2872a10825dabaa0ed0fe101a7c41ce904dbe65e12a3528

Download Submit
C:\Windows\system\eHlgfVj.exe

Filesize
6.0MB

MD5
6f5920e55246378e429bee4f97f87500

SHA1
17bdc1109aad8c650015f494c2127e9f6726f9ef

SHA256
afd1ae9e1f2d208868b1a43cdb99e9d2c5b37746097dd2087abd510a8ca6c1af

SHA512
a1c1d25a1bd832f06f105c4c573ce47a0fc9159a4e477119ce388aad5986b33d32a020ea7edafefa4e51c0ae70aad51b6d3a3f9e23d28a58ddf50fc1ed391262

Download Submit
C:\Windows\system\hydPwZV.exe

Filesize
6.0MB

MD5
e4a580390754f7998f1e4cfee52aba81

SHA1
ae69235124702a46dc4a39435edae448f83b035a

SHA256
331cf75a487c8b75db95b050126dc0bbe8ad6c4389bef3b81c9d2e8963df0b7e

SHA512
c55ac8c1125e5be02e51bd7026d7a9e24a93bd311aee808632d9869043e954a2621ec8a29a19accef9c62129b21569174b1df76136dd7baac4ec1c42cd4ebd85

Download Submit
C:\Windows\system\iUUfHfo.exe

Filesize
6.0MB

MD5
da7ee82b486610ef5e9c0cc1443b26e5

SHA1
05f242f2ab6e98ac28473d56ee64f2f78f592bf9

SHA256
2bf3bf5ed0cf2c868ebede4207ecba2580976d4e6c3a795a871301612180227e

SHA512
ce834eb7801e5c9bbf3d14d1e8b987921e523ed896dbdcb81f3426b782df9ca8a554126d32336f7898007925938e259ddb53e3b9b500052917d93dfabc2c4a75

Download Submit
C:\Windows\system\jZfFgal.exe

Filesize
6.0MB

MD5
5f57107781b526dbbc08249a2c639665

SHA1
192a54a3977863aaa8a25d9efc8dbc79ccf58629

SHA256
c10b1850f6d4ee1aea18e85710a87ea3729797bb8d0e2146bebbac08793a7974

SHA512
6dd5b088966d0e76d63a1892eb49d408f6ebe753bfbcbe857d9b04dd92b1cd0a37112925d33cec9ccfe45c4d22ac3b2b925fee2dfa0f5f88285705ddf9a92f57

Download Submit
C:\Windows\system\jiMguQV.exe

Filesize
6.0MB

MD5
ca203c6dab597d10299a8feadd2da348

SHA1
80c9d1364eeac66dc379a1139fae8271c9bbd7b3

SHA256
1a9b2fbcf97ab5ca27cdcf5397703838ac618538906458c63349e7faba1f711e

SHA512
3abd2d02a1dee1aee8aba683b52cc12549c9985d5bb9e17efbcc6bd17dc6bff01bff57f765b5434761943c7c7c0f591a62193eb00021bb3975dac5dbbe878b57

Download Submit
C:\Windows\system\jvUbaUM.exe

Filesize
6.0MB

MD5
80da45d687fd83f7f3c88a3ec328c695

SHA1
ec307e6f8c8b49effef566f580530eb4c8f97e9c

SHA256
ab8f38a2fd4cda68eda8bd0d600358589e7180ec8a90e6dbdb53b2a9b9aff66e

SHA512
07644cc9b86a288cfe14ee94fa01061ba1794fc1be30e1d9f2a2c8897ef0301623306795a81504e8379a953f30424e56d589e2b443a605c2c998739950881244

Download Submit
C:\Windows\system\mVzfghn.exe

Filesize
6.0MB

MD5
4a9680968f966c4989d812e093d8d7f6

SHA1
47c31d26ac2b39e89a1b3b7cebbeb9f7758d5d4f

SHA256
8d4a68cc79565500ee9cd6401de6d2ccc58b795fe5d8145401c784e4c83074ca

SHA512
4f3b5ad1ffb4c53a73d04e8b36a33be7d62b1600dcdea6d3ca43409e4561ca51a957127d6389b961d07d403a7f683adcbd1385950dcd8a932606a7d7929ad14c

Download Submit
C:\Windows\system\nMHnBcX.exe

Filesize
8B

MD5
5f3987f425069731d6d57d95b1dd1e4f

SHA1
ef1830cb916d681d6c7250bbce47eae8b431f1c6

SHA256
d9cb7c4fa97ee6d81e71c7885a13637e4f679a390a346793a84c1ae34e1fba0d

SHA512
18abb26bd449e1711cdbcb3e3b32a63842e97cf90682a8b2fe2eb573f546432bc8a63385fbf66b0b09a783d53f0ed8fd47420409b582f52328d3b7c80f7d197e

Download Submit
C:\Windows\system\pZcWOdD.exe

Filesize
6.0MB

MD5
0f2a6ccec3c8f95ed0fbd9d36abdc61b

SHA1
ca2e002509a0f3323b1a364bf96ee30238345227

SHA256
a28eade1996841f91bb5c64ff49d15452bc8548cdf2607b25fff4f30b6695491

SHA512
fdf821bc63095b4e21edfbfaf22c1ce3e8c165a1c0cf6814b81b7e6a83f138320c0e7fd1b34c54ef3e66115f098c60140ed525d8b5396f1b889b5cc688020b72

Download Submit
C:\Windows\system\rqNRBhi.exe

Filesize
6.0MB

MD5
7a359ec49a8577bd6eaa6e94dc077371

SHA1
9d218e237d3369f28dad46bcae8a161852a81897

SHA256
4524367cf12fb7cf83e9aed2248031e424d7f773c823187b48c98b1ee73773bc

SHA512
f1a3c4d9d6e762fd1a6d7ab4cb9697813db55736aa29b108e28d8b30be4dfb00d72a2a082967824ac48308a9f923019905351e257d08be6f26039c2178b37f93

Download Submit
C:\Windows\system\sZSCCub.exe

Filesize
6.0MB

MD5
70af515295145779885658606611304b

SHA1
3bb9c076ccbf2ae5e4492d7c449ac39fbd6549d3

SHA256
79a01a0834acceb275807da05df9f0d048ab845e59cb0d9a59bb3d1c3554f849

SHA512
8079bc7b132a19653a6a8dd28e61cfaaea6884c5aea1d1e9eb30b2f380e9c287fa384305b2d6be1c67cf5ff04e5a58f7102742497289975715cd9605f059207c

Download Submit
C:\Windows\system\tbzdGYF.exe

Filesize
6.0MB

MD5
76a8e290dbedd4cf3bba6c230fd6daad

SHA1
9b495051b46f0f540721d2b85d3e43d153c09f03

SHA256
30cc9934ce38c6d962eead1fe6dc063fdf0064616595a518091a9c01386c0efd

SHA512
18ce495d814258bf643a72c9ed9277eabbc93bb631fc824224c405c959ef8265bbd1f9817889dd6d23ca3d9a2b6f3d43e35e0ac64b817f33337602db664f4caf

Download Submit
\Windows\system\DZQsyXI.exe

Filesize
6.0MB

MD5
aa235a3d9f43ca6732d800c3b734206a

SHA1
9a9fdee22de1654c3ad8b386bc95615360b72a0d

SHA256
0e452dfada48e234aac3c968c20b1fe65f216a816916a5eebcfc71611be033bb

SHA512
c7806635afc365e3efc64bed4c1d2d58786cb339fd5c593b47da87f118b4f641a7496f99b057ba775763d3f84539864ded17f7ffd4e4109c5a29c03718f7d4e1

Download Submit
\Windows\system\FMLmwnM.exe

Filesize
6.0MB

MD5
22c6db3ca1a43fee868472047774ee52

SHA1
2559fabac1a9af77fd13b35d0bc0607fe9946b65

SHA256
de2195b69cd85ae99beadf556ef94bc0184e7100221673d7e7028b4fa8ba4ca8

SHA512
3e438edc1206a34ff834f6195c08e60fcbdcce2cd4864f4b87ea733cf73a45739d39c12fd32e9b61d34529948d09a78fd6f8a13b25654f9a01878a43d09f34f7

Download Submit
\Windows\system\XjYVstN.exe

Filesize
6.0MB

MD5
da85cda828f979c6812c85553b7db8bc

SHA1
fa71e7869a93d4388564c50b7da1379be3b1e5e5

SHA256
14db0b17eff79280309ffa9484442cfcf6e1dfdec513465a1f71cf307d1c1f43

SHA512
242ea728ceabff6fdc5e8e44f0a24d8b7c96f07eeeda132a5b134f395e96998b7c894b7ec655404b325979be17bef5cccbec66e0e5d97a6cbcd47768fb3a9a13

Download Submit
\Windows\system\mLuHkRs.exe

Filesize
6.0MB

MD5
2ae9e6380e792f658247d8c3cd71ae74

SHA1
35fe407da8e3be6acb4a455320058f5d55527057

SHA256
d80eb85a826d8314ae1a09a2ce5ac662cc5652973d34d3b1fdae3e1de7df5395

SHA512
29a793510bb746b555df0deb8d1b9a4a861b528e3e0a39686dd5ce1abf80f241adee95a34c951e849526737c529ce7da733c092eaa3b3189891c0b65e378b1de

Download Submit
\Windows\system\xABfvRh.exe

Filesize
6.0MB

MD5
5aa9389c99381f384c167a9cec2755b0

SHA1
ff92bd099eb66b2bbe762315ee29638cfdb5a075

SHA256
dfc31e6fc91c9f70521c025feacc88235f02eaa11eb072ec2ad34243dc0b9902

SHA512
82dc964957537974b753a143d523b467b0ccaf485f41351ac63ddeb5d3b797a936aef527227f7fed75813ab413bdb247f3d74fc025439bf23da1c0128fd0b10d

Download Submit
\Windows\system\zsctieD.exe

Filesize
6.0MB

MD5
9e50b577ea5be09f7b71a64cacc5dbea

SHA1
4fee431c825002195e02705b36c5e24c30c4fb85

SHA256
ba3ab31d7ccf8657354e5afa251bc5d61479aec1b8c9e9f56c2cb7f205f5c2ce

SHA512
9c24f2fb3d232d56e54e8d762012876c2e717097f6ec1bdae8719bc6560356a86dc0f9684e7a2feaf7cc347ca4405fd565b4bc52ff271ccd4c987fd4578e5c5d

Download Submit
memory/1476-3606-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1476-64-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1488-104-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1488-66-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1488-3621-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1648-91-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/1648-3618-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/1648-61-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-3630-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1860-69-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1860-239-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1984-87-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1984-4790-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2116-3585-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2116-54-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2116-10-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2412-3654-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-393-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-77-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-100-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3647-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2560-956-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2724-39-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-86-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3577-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3586-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2748-36-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2828-73-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3561-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-32-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-19-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-41-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-84-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2844-96-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-74-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2844-898-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-105-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-15-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2844-63-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1050-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-50-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2844-37-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-487-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2844-35-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2844-335-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-99-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2844-68-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-0-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3591-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2892-34-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2916-92-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2916-3704-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2916-812-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2988-3567-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2988-28-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2988-72-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download