cobaltstrike | ea70c7b63532a59d9c29e348a37fde02274cf7f0b934088e187115487d570102

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
31/01/2025, 04:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

156f7438c1e081a7d4968f3ea5f360ca
SHA1

85a352450b051d0b96b75683541f329bc021f52e
SHA256

ea70c7b63532a59d9c29e348a37fde02274cf7f0b934088e187115487d570102
SHA512

0ae31b92e54ddb7b953bb5a5310e2db773fc0dee9e072dea2f27864a1f9741b76949be4ece4bdd4494efd94195c98b14602c36b3be60f5a7ea11e924d940894c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUr:T+q56utgpPF8u/7r

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012264-3.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001756e-10.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-12.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186bb-24.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c3-35.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000016fc9-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b05-47.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b28-55.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b50-62.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b8-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-202.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-197.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-99.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2220-0-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/files/0x000c000000012264-3.dat	xmrig
behavioral1/files/0x000900000001756e-10.dat	xmrig
behavioral1/files/0x0002000000018334-12.dat	xmrig
behavioral1/memory/2996-16-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2848-23-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x00060000000186bb-24.dat	xmrig
behavioral1/memory/2876-29-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2856-9-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/1528-38-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2220-36-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/files/0x00060000000186c3-35.dat	xmrig
behavioral1/files/0x0014000000016fc9-40.dat	xmrig
behavioral1/memory/3004-43-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b05-47.dat	xmrig
behavioral1/memory/2736-54-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2220-49-0x00000000024E0000-0x0000000002834000-memory.dmp	xmrig
behavioral1/memory/2996-48-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x0008000000018b28-55.dat	xmrig
behavioral1/memory/2220-57-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2572-61-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2848-56-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x0008000000018b50-62.dat	xmrig
behavioral1/memory/2876-63-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/1128-69-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2220-64-0x00000000024E0000-0x0000000002834000-memory.dmp	xmrig
behavioral1/memory/1528-71-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x00070000000193b8-70.dat	xmrig
behavioral1/memory/1576-78-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2220-76-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-86.dat	xmrig
behavioral1/memory/2220-87-0x00000000024E0000-0x0000000002834000-memory.dmp	xmrig
behavioral1/memory/2736-91-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c6-83.dat	xmrig
behavioral1/memory/1772-101-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/1128-109-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x0005000000019643-108.dat	xmrig
behavioral1/memory/2956-110-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x000500000001975a-117.dat	xmrig
behavioral1/files/0x00050000000197fd-126.dat	xmrig
behavioral1/files/0x0005000000019bf5-142.dat	xmrig
behavioral1/memory/1576-144-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x000500000001a0b6-202.dat	xmrig
behavioral1/memory/2956-355-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/1772-293-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/828-240-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2220-224-0x00000000024E0000-0x0000000002834000-memory.dmp	xmrig
behavioral1/memory/2812-215-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x000500000001a049-197.dat	xmrig
behavioral1/files/0x000500000001a03c-192.dat	xmrig
behavioral1/files/0x0005000000019fdd-187.dat	xmrig
behavioral1/files/0x0005000000019fd4-182.dat	xmrig
behavioral1/files/0x0005000000019e92-177.dat	xmrig
behavioral1/files/0x0005000000019d6d-172.dat	xmrig
behavioral1/files/0x0005000000019d62-167.dat	xmrig
behavioral1/files/0x0005000000019c3c-157.dat	xmrig
behavioral1/files/0x0005000000019d61-163.dat	xmrig
behavioral1/files/0x0005000000019bf9-152.dat	xmrig
behavioral1/files/0x0005000000019bf6-147.dat	xmrig
behavioral1/files/0x000500000001998d-136.dat	xmrig
behavioral1/files/0x0005000000019820-131.dat	xmrig
behavioral1/files/0x0005000000019761-121.dat	xmrig
behavioral1/memory/2572-100-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-99.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2856	TOAHiiC.exe
2996	eGHVwNj.exe
2848	QRbDjdy.exe
2876	SAqgRpk.exe
1528	ieSggFc.exe
3004	txGNlLE.exe
2736	FMPYEvD.exe
2572	FKLgoCZ.exe
1128	MtxCNxQ.exe
1576	hULrTqB.exe
2812	qmOZkCH.exe
828	LpCLAoS.exe
1772	lwLajLD.exe
2956	PYajMPd.exe
2280	UfyKWck.exe
2416	BWilMWK.exe
892	PfJFyMO.exe
2504	vxuplDl.exe
1636	hmDaUyX.exe
632	InCIjnK.exe
2208	wHIKghe.exe
840	wtBhiNJ.exe
2128	iVVUwfi.exe
2144	UxyCKbq.exe
2084	LnwLPat.exe
1732	TCzaugS.exe
2684	icQwmpu.exe
528	VGWlBsb.exe
1956	wDfEdRN.exe
824	hJFsMeT.exe
2168	tvVeKMd.exe
1300	ePALSNI.exe
2384	yGBXHFA.exe
2548	EcNXZOv.exe
1336	XIbecjZ.exe
1916	zWrDJyh.exe
1664	JgvSskZ.exe
928	AGDZLsH.exe
1700	vxUYLyG.exe
1848	HFSfbqD.exe
956	bkKEslY.exe
1012	ZftObBL.exe
2340	BRFqKJz.exe
1760	VklZgGK.exe
692	JcwwgZx.exe
1696	jsMYatN.exe
2260	MZUlBiV.exe
1716	wNJXZka.exe
2368	cLLdfIs.exe
2380	UtYPjLq.exe
1852	BvMRzTL.exe
2216	bCrgMjx.exe
2096	EBPSzOY.exe
2296	syeGcfs.exe
2744	wOYoeLd.exe
2728	KlRMLao.exe
2836	nEyDfCz.exe
2936	kxucUhd.exe
2980	RrYLqJf.exe
568	dsRWlGM.exe
2532	jMkCkaH.exe
2176	wVdSwyV.exe
3036	SdbRpDa.exe
2300	CXZIvhr.exe

Loads dropped DLL 64 IoCs

pid	Process
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2220-0-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/files/0x000c000000012264-3.dat	upx
behavioral1/files/0x000900000001756e-10.dat	upx
behavioral1/files/0x0002000000018334-12.dat	upx
behavioral1/memory/2996-16-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2848-23-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x00060000000186bb-24.dat	upx
behavioral1/memory/2876-29-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2856-9-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/1528-38-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2220-36-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/files/0x00060000000186c3-35.dat	upx
behavioral1/files/0x0014000000016fc9-40.dat	upx
behavioral1/memory/3004-43-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/files/0x0007000000018b05-47.dat	upx
behavioral1/memory/2736-54-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2996-48-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x0008000000018b28-55.dat	upx
behavioral1/memory/2572-61-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2848-56-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x0008000000018b50-62.dat	upx
behavioral1/memory/2876-63-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/1128-69-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/1528-71-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x00070000000193b8-70.dat	upx
behavioral1/memory/1576-78-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x00050000000195c7-86.dat	upx
behavioral1/memory/2736-91-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x00050000000195c6-83.dat	upx
behavioral1/memory/1772-101-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/1128-109-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x0005000000019643-108.dat	upx
behavioral1/memory/2956-110-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x000500000001975a-117.dat	upx
behavioral1/files/0x00050000000197fd-126.dat	upx
behavioral1/files/0x0005000000019bf5-142.dat	upx
behavioral1/memory/1576-144-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x000500000001a0b6-202.dat	upx
behavioral1/memory/2956-355-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/1772-293-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/828-240-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2812-215-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x000500000001a049-197.dat	upx
behavioral1/files/0x000500000001a03c-192.dat	upx
behavioral1/files/0x0005000000019fdd-187.dat	upx
behavioral1/files/0x0005000000019fd4-182.dat	upx
behavioral1/files/0x0005000000019e92-177.dat	upx
behavioral1/files/0x0005000000019d6d-172.dat	upx
behavioral1/files/0x0005000000019d62-167.dat	upx
behavioral1/files/0x0005000000019c3c-157.dat	upx
behavioral1/files/0x0005000000019d61-163.dat	upx
behavioral1/files/0x0005000000019bf9-152.dat	upx
behavioral1/files/0x0005000000019bf6-147.dat	upx
behavioral1/files/0x000500000001998d-136.dat	upx
behavioral1/files/0x0005000000019820-131.dat	upx
behavioral1/files/0x0005000000019761-121.dat	upx
behavioral1/memory/2572-100-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x000500000001960c-99.dat	upx
behavioral1/memory/2812-85-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/3004-84-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2856-1322-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2996-1331-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2848-1357-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2876-1356-0x000000013FF00000-0x0000000140254000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gjbgyya.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vPhCcmg.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GNsTfaa.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQrxevU.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwozXim.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdJxNwW.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNBGKAO.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OfZFzZE.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eDvFRlo.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qSnPujJ.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZWvOzOQ.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gBHzhrZ.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ghsNqdh.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LFjDnun.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xAhYTzb.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lsBfNPJ.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wWCvsRv.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hYzHdxL.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NcYSAyx.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LGGGwqM.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mqozLHL.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\blNrgFi.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lKwausb.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MOSdOGp.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PiQrZip.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YeTwgwS.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YRzoRVq.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVMsLwo.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\puvyUmO.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MQQOZGD.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAKwyVV.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MzjttAT.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PHRGoij.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BjtpFOv.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hAaGcwW.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uYRSyIc.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\enQmSnw.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dbfzPIR.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ANXitfG.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xiuvmHR.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bkADRDK.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mkCkRqU.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FocuaDg.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWWrlzC.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\glXvuTf.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vGNhvkI.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNPBhaP.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\biFpOJI.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uPiGShD.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHYXFLG.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rQtNDUd.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pJLSvTy.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HYXETMm.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NERRTlv.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRhNEmh.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nZFuewT.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EWxKhsV.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JlsUldn.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cTAhnyU.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftJMvSx.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OUpDHde.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kNZfkbJ.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aRRpGkm.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YhJgZWo.exe	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2856	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2220 wrote to memory of 2856	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2220 wrote to memory of 2856	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2220 wrote to memory of 2996	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2220 wrote to memory of 2996	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2220 wrote to memory of 2996	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2220 wrote to memory of 2848	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2220 wrote to memory of 2848	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2220 wrote to memory of 2848	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2220 wrote to memory of 2876	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2220 wrote to memory of 2876	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2220 wrote to memory of 2876	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2220 wrote to memory of 1528	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2220 wrote to memory of 1528	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2220 wrote to memory of 1528	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2220 wrote to memory of 3004	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2220 wrote to memory of 3004	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2220 wrote to memory of 3004	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2220 wrote to memory of 2736	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2220 wrote to memory of 2736	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2220 wrote to memory of 2736	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2220 wrote to memory of 2572	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2220 wrote to memory of 2572	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2220 wrote to memory of 2572	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2220 wrote to memory of 1128	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2220 wrote to memory of 1128	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2220 wrote to memory of 1128	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2220 wrote to memory of 1576	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2220 wrote to memory of 1576	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2220 wrote to memory of 1576	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2220 wrote to memory of 2812	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2220 wrote to memory of 2812	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2220 wrote to memory of 2812	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2220 wrote to memory of 828	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2220 wrote to memory of 828	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2220 wrote to memory of 828	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2220 wrote to memory of 1772	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2220 wrote to memory of 1772	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2220 wrote to memory of 1772	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2220 wrote to memory of 2956	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2220 wrote to memory of 2956	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2220 wrote to memory of 2956	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2220 wrote to memory of 2280	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2220 wrote to memory of 2280	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2220 wrote to memory of 2280	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2220 wrote to memory of 2416	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2220 wrote to memory of 2416	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2220 wrote to memory of 2416	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2220 wrote to memory of 892	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2220 wrote to memory of 892	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2220 wrote to memory of 892	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2220 wrote to memory of 2504	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2220 wrote to memory of 2504	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2220 wrote to memory of 2504	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2220 wrote to memory of 1636	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2220 wrote to memory of 1636	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2220 wrote to memory of 1636	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2220 wrote to memory of 632	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2220 wrote to memory of 632	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2220 wrote to memory of 632	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2220 wrote to memory of 2208	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2220 wrote to memory of 2208	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2220 wrote to memory of 2208	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2220 wrote to memory of 840	2220	2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_156f7438c1e081a7d4968f3ea5f360ca_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\System\TOAHiiC.exe
  C:\Windows\System\TOAHiiC.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\eGHVwNj.exe
  C:\Windows\System\eGHVwNj.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\QRbDjdy.exe
  C:\Windows\System\QRbDjdy.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\SAqgRpk.exe
  C:\Windows\System\SAqgRpk.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\ieSggFc.exe
  C:\Windows\System\ieSggFc.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\txGNlLE.exe
  C:\Windows\System\txGNlLE.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\FMPYEvD.exe
  C:\Windows\System\FMPYEvD.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\FKLgoCZ.exe
  C:\Windows\System\FKLgoCZ.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\MtxCNxQ.exe
  C:\Windows\System\MtxCNxQ.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\hULrTqB.exe
  C:\Windows\System\hULrTqB.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\qmOZkCH.exe
  C:\Windows\System\qmOZkCH.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\LpCLAoS.exe
  C:\Windows\System\LpCLAoS.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\lwLajLD.exe
  C:\Windows\System\lwLajLD.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\PYajMPd.exe
  C:\Windows\System\PYajMPd.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\UfyKWck.exe
  C:\Windows\System\UfyKWck.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\BWilMWK.exe
  C:\Windows\System\BWilMWK.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\PfJFyMO.exe
  C:\Windows\System\PfJFyMO.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\vxuplDl.exe
  C:\Windows\System\vxuplDl.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\hmDaUyX.exe
  C:\Windows\System\hmDaUyX.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\InCIjnK.exe
  C:\Windows\System\InCIjnK.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\wHIKghe.exe
  C:\Windows\System\wHIKghe.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\wtBhiNJ.exe
  C:\Windows\System\wtBhiNJ.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\iVVUwfi.exe
  C:\Windows\System\iVVUwfi.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\UxyCKbq.exe
  C:\Windows\System\UxyCKbq.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\LnwLPat.exe
  C:\Windows\System\LnwLPat.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\TCzaugS.exe
  C:\Windows\System\TCzaugS.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\icQwmpu.exe
  C:\Windows\System\icQwmpu.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\VGWlBsb.exe
  C:\Windows\System\VGWlBsb.exe
  2⤵
  - Executes dropped EXE
  PID:528
- C:\Windows\System\wDfEdRN.exe
  C:\Windows\System\wDfEdRN.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\hJFsMeT.exe
  C:\Windows\System\hJFsMeT.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\tvVeKMd.exe
  C:\Windows\System\tvVeKMd.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\ePALSNI.exe
  C:\Windows\System\ePALSNI.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\yGBXHFA.exe
  C:\Windows\System\yGBXHFA.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\EcNXZOv.exe
  C:\Windows\System\EcNXZOv.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\XIbecjZ.exe
  C:\Windows\System\XIbecjZ.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\zWrDJyh.exe
  C:\Windows\System\zWrDJyh.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\JgvSskZ.exe
  C:\Windows\System\JgvSskZ.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\AGDZLsH.exe
  C:\Windows\System\AGDZLsH.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\vxUYLyG.exe
  C:\Windows\System\vxUYLyG.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\HFSfbqD.exe
  C:\Windows\System\HFSfbqD.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\bkKEslY.exe
  C:\Windows\System\bkKEslY.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\ZftObBL.exe
  C:\Windows\System\ZftObBL.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\BRFqKJz.exe
  C:\Windows\System\BRFqKJz.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\VklZgGK.exe
  C:\Windows\System\VklZgGK.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\JcwwgZx.exe
  C:\Windows\System\JcwwgZx.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\jsMYatN.exe
  C:\Windows\System\jsMYatN.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\MZUlBiV.exe
  C:\Windows\System\MZUlBiV.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\wNJXZka.exe
  C:\Windows\System\wNJXZka.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\cLLdfIs.exe
  C:\Windows\System\cLLdfIs.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\UtYPjLq.exe
  C:\Windows\System\UtYPjLq.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\BvMRzTL.exe
  C:\Windows\System\BvMRzTL.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\bCrgMjx.exe
  C:\Windows\System\bCrgMjx.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\EBPSzOY.exe
  C:\Windows\System\EBPSzOY.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\syeGcfs.exe
  C:\Windows\System\syeGcfs.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\wOYoeLd.exe
  C:\Windows\System\wOYoeLd.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\KlRMLao.exe
  C:\Windows\System\KlRMLao.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\nEyDfCz.exe
  C:\Windows\System\nEyDfCz.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\kxucUhd.exe
  C:\Windows\System\kxucUhd.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\RrYLqJf.exe
  C:\Windows\System\RrYLqJf.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\dsRWlGM.exe
  C:\Windows\System\dsRWlGM.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\jMkCkaH.exe
  C:\Windows\System\jMkCkaH.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\wVdSwyV.exe
  C:\Windows\System\wVdSwyV.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\SdbRpDa.exe
  C:\Windows\System\SdbRpDa.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\CXZIvhr.exe
  C:\Windows\System\CXZIvhr.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\ZjEDUPu.exe
  C:\Windows\System\ZjEDUPu.exe
  2⤵
  PID:2628
- C:\Windows\System\CNpBiSa.exe
  C:\Windows\System\CNpBiSa.exe
  2⤵
  PID:2212
- C:\Windows\System\WOQcdaF.exe
  C:\Windows\System\WOQcdaF.exe
  2⤵
  PID:1824
- C:\Windows\System\wmArpcT.exe
  C:\Windows\System\wmArpcT.exe
  2⤵
  PID:2480
- C:\Windows\System\DgpCksW.exe
  C:\Windows\System\DgpCksW.exe
  2⤵
  PID:2520
- C:\Windows\System\wBguyEf.exe
  C:\Windows\System\wBguyEf.exe
  2⤵
  PID:2104
- C:\Windows\System\lVBXxra.exe
  C:\Windows\System\lVBXxra.exe
  2⤵
  PID:2668
- C:\Windows\System\wdUwpyZ.exe
  C:\Windows\System\wdUwpyZ.exe
  2⤵
  PID:2456
- C:\Windows\System\SQBHVCD.exe
  C:\Windows\System\SQBHVCD.exe
  2⤵
  PID:2692
- C:\Windows\System\uLhrUIs.exe
  C:\Windows\System\uLhrUIs.exe
  2⤵
  PID:976
- C:\Windows\System\cWgGnMM.exe
  C:\Windows\System\cWgGnMM.exe
  2⤵
  PID:1480
- C:\Windows\System\RQojrKb.exe
  C:\Windows\System\RQojrKb.exe
  2⤵
  PID:1712
- C:\Windows\System\EwyKyCt.exe
  C:\Windows\System\EwyKyCt.exe
  2⤵
  PID:1332
- C:\Windows\System\cKbEZfv.exe
  C:\Windows\System\cKbEZfv.exe
  2⤵
  PID:1364
- C:\Windows\System\BWJMWRF.exe
  C:\Windows\System\BWJMWRF.exe
  2⤵
  PID:1020
- C:\Windows\System\VqfPMNW.exe
  C:\Windows\System\VqfPMNW.exe
  2⤵
  PID:1076
- C:\Windows\System\mGXbaiZ.exe
  C:\Windows\System\mGXbaiZ.exe
  2⤵
  PID:2972
- C:\Windows\System\waPagje.exe
  C:\Windows\System\waPagje.exe
  2⤵
  PID:2012
- C:\Windows\System\nZFuewT.exe
  C:\Windows\System\nZFuewT.exe
  2⤵
  PID:2392
- C:\Windows\System\AUnXqRS.exe
  C:\Windows\System\AUnXqRS.exe
  2⤵
  PID:2348
- C:\Windows\System\ZvQvnWt.exe
  C:\Windows\System\ZvQvnWt.exe
  2⤵
  PID:2056
- C:\Windows\System\jHdxMiX.exe
  C:\Windows\System\jHdxMiX.exe
  2⤵
  PID:2660
- C:\Windows\System\jZGuAAx.exe
  C:\Windows\System\jZGuAAx.exe
  2⤵
  PID:2808
- C:\Windows\System\QJibZuN.exe
  C:\Windows\System\QJibZuN.exe
  2⤵
  PID:1536
- C:\Windows\System\ydPghoR.exe
  C:\Windows\System\ydPghoR.exe
  2⤵
  PID:2072
- C:\Windows\System\zvZUOLU.exe
  C:\Windows\System\zvZUOLU.exe
  2⤵
  PID:3020
- C:\Windows\System\OqSqgDT.exe
  C:\Windows\System\OqSqgDT.exe
  2⤵
  PID:1308
- C:\Windows\System\BsTYmsE.exe
  C:\Windows\System\BsTYmsE.exe
  2⤵
  PID:2268
- C:\Windows\System\InExKTu.exe
  C:\Windows\System\InExKTu.exe
  2⤵
  PID:2696
- C:\Windows\System\LNFwvAg.exe
  C:\Windows\System\LNFwvAg.exe
  2⤵
  PID:2712
- C:\Windows\System\HoSmIWN.exe
  C:\Windows\System\HoSmIWN.exe
  2⤵
  PID:2964
- C:\Windows\System\mXConin.exe
  C:\Windows\System\mXConin.exe
  2⤵
  PID:1812
- C:\Windows\System\UdTlCRa.exe
  C:\Windows\System\UdTlCRa.exe
  2⤵
  PID:2092
- C:\Windows\System\IunGYHK.exe
  C:\Windows\System\IunGYHK.exe
  2⤵
  PID:2408
- C:\Windows\System\SDbrroY.exe
  C:\Windows\System\SDbrroY.exe
  2⤵
  PID:3000
- C:\Windows\System\NueElFj.exe
  C:\Windows\System\NueElFj.exe
  2⤵
  PID:1392
- C:\Windows\System\YmfYDdY.exe
  C:\Windows\System\YmfYDdY.exe
  2⤵
  PID:932
- C:\Windows\System\ycShVwB.exe
  C:\Windows\System\ycShVwB.exe
  2⤵
  PID:2512
- C:\Windows\System\YGyTjny.exe
  C:\Windows\System\YGyTjny.exe
  2⤵
  PID:2468
- C:\Windows\System\iHKKiTL.exe
  C:\Windows\System\iHKKiTL.exe
  2⤵
  PID:2860
- C:\Windows\System\ufulWnF.exe
  C:\Windows\System\ufulWnF.exe
  2⤵
  PID:1660
- C:\Windows\System\QEMMseY.exe
  C:\Windows\System\QEMMseY.exe
  2⤵
  PID:2976
- C:\Windows\System\xKwElpG.exe
  C:\Windows\System\xKwElpG.exe
  2⤵
  PID:2008
- C:\Windows\System\dUwhpeY.exe
  C:\Windows\System\dUwhpeY.exe
  2⤵
  PID:2020
- C:\Windows\System\IzuMNIT.exe
  C:\Windows\System\IzuMNIT.exe
  2⤵
  PID:1568
- C:\Windows\System\VqkmuaI.exe
  C:\Windows\System\VqkmuaI.exe
  2⤵
  PID:2552
- C:\Windows\System\EFuCmjV.exe
  C:\Windows\System\EFuCmjV.exe
  2⤵
  PID:2828
- C:\Windows\System\SvvLEJc.exe
  C:\Windows\System\SvvLEJc.exe
  2⤵
  PID:2276
- C:\Windows\System\KcvunZl.exe
  C:\Windows\System\KcvunZl.exe
  2⤵
  PID:3028
- C:\Windows\System\msMzkrT.exe
  C:\Windows\System\msMzkrT.exe
  2⤵
  PID:2100
- C:\Windows\System\LRRxnpX.exe
  C:\Windows\System\LRRxnpX.exe
  2⤵
  PID:2756
- C:\Windows\System\vKCePMU.exe
  C:\Windows\System\vKCePMU.exe
  2⤵
  PID:836
- C:\Windows\System\cTYUCFp.exe
  C:\Windows\System\cTYUCFp.exe
  2⤵
  PID:1652
- C:\Windows\System\XCwMrjR.exe
  C:\Windows\System\XCwMrjR.exe
  2⤵
  PID:2656
- C:\Windows\System\HSRDsGE.exe
  C:\Windows\System\HSRDsGE.exe
  2⤵
  PID:1676
- C:\Windows\System\ysYpXdw.exe
  C:\Windows\System\ysYpXdw.exe
  2⤵
  PID:2116
- C:\Windows\System\cTIIjBL.exe
  C:\Windows\System\cTIIjBL.exe
  2⤵
  PID:2864
- C:\Windows\System\JDhvshF.exe
  C:\Windows\System\JDhvshF.exe
  2⤵
  PID:2308
- C:\Windows\System\fRHzTJu.exe
  C:\Windows\System\fRHzTJu.exe
  2⤵
  PID:2688
- C:\Windows\System\urnZQzW.exe
  C:\Windows\System\urnZQzW.exe
  2⤵
  PID:2284
- C:\Windows\System\jHcODkI.exe
  C:\Windows\System\jHcODkI.exe
  2⤵
  PID:2136
- C:\Windows\System\kyRPWUr.exe
  C:\Windows\System\kyRPWUr.exe
  2⤵
  PID:1188
- C:\Windows\System\bEvArtg.exe
  C:\Windows\System\bEvArtg.exe
  2⤵
  PID:2816
- C:\Windows\System\dkwXXQD.exe
  C:\Windows\System\dkwXXQD.exe
  2⤵
  PID:752
- C:\Windows\System\PoclXqY.exe
  C:\Windows\System\PoclXqY.exe
  2⤵
  PID:2924
- C:\Windows\System\TjtYbng.exe
  C:\Windows\System\TjtYbng.exe
  2⤵
  PID:2248
- C:\Windows\System\KQrxevU.exe
  C:\Windows\System\KQrxevU.exe
  2⤵
  PID:2760
- C:\Windows\System\dPhLGVh.exe
  C:\Windows\System\dPhLGVh.exe
  2⤵
  PID:1036
- C:\Windows\System\UXlepLf.exe
  C:\Windows\System\UXlepLf.exe
  2⤵
  PID:948
- C:\Windows\System\NlqNTbI.exe
  C:\Windows\System\NlqNTbI.exe
  2⤵
  PID:1616
- C:\Windows\System\DTnbPNW.exe
  C:\Windows\System\DTnbPNW.exe
  2⤵
  PID:2952
- C:\Windows\System\HyvzBzR.exe
  C:\Windows\System\HyvzBzR.exe
  2⤵
  PID:2292
- C:\Windows\System\moRtpld.exe
  C:\Windows\System\moRtpld.exe
  2⤵
  PID:1796
- C:\Windows\System\kJZWhaS.exe
  C:\Windows\System\kJZWhaS.exe
  2⤵
  PID:2328
- C:\Windows\System\yQYuSWs.exe
  C:\Windows\System\yQYuSWs.exe
  2⤵
  PID:604
- C:\Windows\System\XcDXvjS.exe
  C:\Windows\System\XcDXvjS.exe
  2⤵
  PID:2376
- C:\Windows\System\UubhkhG.exe
  C:\Windows\System\UubhkhG.exe
  2⤵
  PID:1428
- C:\Windows\System\LEffLxv.exe
  C:\Windows\System\LEffLxv.exe
  2⤵
  PID:864
- C:\Windows\System\IEJTQxI.exe
  C:\Windows\System\IEJTQxI.exe
  2⤵
  PID:1792
- C:\Windows\System\xEdzLAW.exe
  C:\Windows\System\xEdzLAW.exe
  2⤵
  PID:820
- C:\Windows\System\ohZvKhN.exe
  C:\Windows\System\ohZvKhN.exe
  2⤵
  PID:2124
- C:\Windows\System\GEJuTjr.exe
  C:\Windows\System\GEJuTjr.exe
  2⤵
  PID:2720
- C:\Windows\System\eOcmTSb.exe
  C:\Windows\System\eOcmTSb.exe
  2⤵
  PID:1148
- C:\Windows\System\keIAWJU.exe
  C:\Windows\System\keIAWJU.exe
  2⤵
  PID:2880
- C:\Windows\System\LSGjSHM.exe
  C:\Windows\System\LSGjSHM.exe
  2⤵
  PID:2108
- C:\Windows\System\xtJCbem.exe
  C:\Windows\System\xtJCbem.exe
  2⤵
  PID:3068
- C:\Windows\System\HaWGxMJ.exe
  C:\Windows\System\HaWGxMJ.exe
  2⤵
  PID:2960
- C:\Windows\System\FiPDKqM.exe
  C:\Windows\System\FiPDKqM.exe
  2⤵
  PID:916
- C:\Windows\System\MkWlkpi.exe
  C:\Windows\System\MkWlkpi.exe
  2⤵
  PID:2180
- C:\Windows\System\rmpFRNH.exe
  C:\Windows\System\rmpFRNH.exe
  2⤵
  PID:972
- C:\Windows\System\OFyYhRr.exe
  C:\Windows\System\OFyYhRr.exe
  2⤵
  PID:1596
- C:\Windows\System\YTMAvGq.exe
  C:\Windows\System\YTMAvGq.exe
  2⤵
  PID:1776
- C:\Windows\System\RFzUqhy.exe
  C:\Windows\System\RFzUqhy.exe
  2⤵
  PID:1132
- C:\Windows\System\YewSXLH.exe
  C:\Windows\System\YewSXLH.exe
  2⤵
  PID:2716
- C:\Windows\System\LorPHXO.exe
  C:\Windows\System\LorPHXO.exe
  2⤵
  PID:1668
- C:\Windows\System\TsWBbPk.exe
  C:\Windows\System\TsWBbPk.exe
  2⤵
  PID:2472
- C:\Windows\System\JMFFpnn.exe
  C:\Windows\System\JMFFpnn.exe
  2⤵
  PID:2632
- C:\Windows\System\pbSFeQg.exe
  C:\Windows\System\pbSFeQg.exe
  2⤵
  PID:1748
- C:\Windows\System\FpNDClq.exe
  C:\Windows\System\FpNDClq.exe
  2⤵
  PID:1820
- C:\Windows\System\VhpjylL.exe
  C:\Windows\System\VhpjylL.exe
  2⤵
  PID:2916
- C:\Windows\System\ArjuUbz.exe
  C:\Windows\System\ArjuUbz.exe
  2⤵
  PID:600
- C:\Windows\System\bKOKqqg.exe
  C:\Windows\System\bKOKqqg.exe
  2⤵
  PID:2396
- C:\Windows\System\EcTQfSL.exe
  C:\Windows\System\EcTQfSL.exe
  2⤵
  PID:520
- C:\Windows\System\Cbrxvjr.exe
  C:\Windows\System\Cbrxvjr.exe
  2⤵
  PID:2364
- C:\Windows\System\gTpUFLX.exe
  C:\Windows\System\gTpUFLX.exe
  2⤵
  PID:2164
- C:\Windows\System\hbVIomY.exe
  C:\Windows\System\hbVIomY.exe
  2⤵
  PID:2948
- C:\Windows\System\eFNyGlc.exe
  C:\Windows\System\eFNyGlc.exe
  2⤵
  PID:560
- C:\Windows\System\vQGivwE.exe
  C:\Windows\System\vQGivwE.exe
  2⤵
  PID:2752
- C:\Windows\System\koBCEvA.exe
  C:\Windows\System\koBCEvA.exe
  2⤵
  PID:2652
- C:\Windows\System\SEQdyFs.exe
  C:\Windows\System\SEQdyFs.exe
  2⤵
  PID:2496
- C:\Windows\System\eWTPAia.exe
  C:\Windows\System\eWTPAia.exe
  2⤵
  PID:1556
- C:\Windows\System\JiKpzCq.exe
  C:\Windows\System\JiKpzCq.exe
  2⤵
  PID:1620
- C:\Windows\System\rNCbzzA.exe
  C:\Windows\System\rNCbzzA.exe
  2⤵
  PID:2256
- C:\Windows\System\UNqygDk.exe
  C:\Windows\System\UNqygDk.exe
  2⤵
  PID:2740
- C:\Windows\System\WxDcVDz.exe
  C:\Windows\System\WxDcVDz.exe
  2⤵
  PID:1084
- C:\Windows\System\KNJBfHs.exe
  C:\Windows\System\KNJBfHs.exe
  2⤵
  PID:3088
- C:\Windows\System\ALyCTou.exe
  C:\Windows\System\ALyCTou.exe
  2⤵
  PID:3104
- C:\Windows\System\UqJASGC.exe
  C:\Windows\System\UqJASGC.exe
  2⤵
  PID:3136
- C:\Windows\System\ELtvCyJ.exe
  C:\Windows\System\ELtvCyJ.exe
  2⤵
  PID:3152
- C:\Windows\System\HsfwWpS.exe
  C:\Windows\System\HsfwWpS.exe
  2⤵
  PID:3172
- C:\Windows\System\HhrGcvl.exe
  C:\Windows\System\HhrGcvl.exe
  2⤵
  PID:3188
- C:\Windows\System\wMJdKaN.exe
  C:\Windows\System\wMJdKaN.exe
  2⤵
  PID:3204
- C:\Windows\System\KafaYFY.exe
  C:\Windows\System\KafaYFY.exe
  2⤵
  PID:3232
- C:\Windows\System\SGExAut.exe
  C:\Windows\System\SGExAut.exe
  2⤵
  PID:3248
- C:\Windows\System\QViJTit.exe
  C:\Windows\System\QViJTit.exe
  2⤵
  PID:3276
- C:\Windows\System\SPoGwNL.exe
  C:\Windows\System\SPoGwNL.exe
  2⤵
  PID:3292
- C:\Windows\System\qKhYCoE.exe
  C:\Windows\System\qKhYCoE.exe
  2⤵
  PID:3312
- C:\Windows\System\YHAxmPm.exe
  C:\Windows\System\YHAxmPm.exe
  2⤵
  PID:3332
- C:\Windows\System\exfTvTT.exe
  C:\Windows\System\exfTvTT.exe
  2⤵
  PID:3356
- C:\Windows\System\wDHWWsx.exe
  C:\Windows\System\wDHWWsx.exe
  2⤵
  PID:3372
- C:\Windows\System\dlvIaFa.exe
  C:\Windows\System\dlvIaFa.exe
  2⤵
  PID:3388
- C:\Windows\System\spxsHtc.exe
  C:\Windows\System\spxsHtc.exe
  2⤵
  PID:3420
- C:\Windows\System\vJvJqnP.exe
  C:\Windows\System\vJvJqnP.exe
  2⤵
  PID:3440
- C:\Windows\System\RRrByUi.exe
  C:\Windows\System\RRrByUi.exe
  2⤵
  PID:3456
- C:\Windows\System\ghsNqdh.exe
  C:\Windows\System\ghsNqdh.exe
  2⤵
  PID:3472
- C:\Windows\System\zFbZDDB.exe
  C:\Windows\System\zFbZDDB.exe
  2⤵
  PID:3488
- C:\Windows\System\lggEimE.exe
  C:\Windows\System\lggEimE.exe
  2⤵
  PID:3508
- C:\Windows\System\SlTYINM.exe
  C:\Windows\System\SlTYINM.exe
  2⤵
  PID:3532
- C:\Windows\System\YQKJeQI.exe
  C:\Windows\System\YQKJeQI.exe
  2⤵
  PID:3548
- C:\Windows\System\DIhVLSO.exe
  C:\Windows\System\DIhVLSO.exe
  2⤵
  PID:3564
- C:\Windows\System\cmNbFQM.exe
  C:\Windows\System\cmNbFQM.exe
  2⤵
  PID:3592
- C:\Windows\System\pODmSlU.exe
  C:\Windows\System\pODmSlU.exe
  2⤵
  PID:3612
- C:\Windows\System\afrLuTE.exe
  C:\Windows\System\afrLuTE.exe
  2⤵
  PID:3628
- C:\Windows\System\iVFvMQp.exe
  C:\Windows\System\iVFvMQp.exe
  2⤵
  PID:3648
- C:\Windows\System\cAWLrvy.exe
  C:\Windows\System\cAWLrvy.exe
  2⤵
  PID:3668
- C:\Windows\System\IspAsrU.exe
  C:\Windows\System\IspAsrU.exe
  2⤵
  PID:3692
- C:\Windows\System\pBRwyRK.exe
  C:\Windows\System\pBRwyRK.exe
  2⤵
  PID:3712
- C:\Windows\System\KPAhXff.exe
  C:\Windows\System\KPAhXff.exe
  2⤵
  PID:3728
- C:\Windows\System\BINezQf.exe
  C:\Windows\System\BINezQf.exe
  2⤵
  PID:3756
- C:\Windows\System\pjQsajP.exe
  C:\Windows\System\pjQsajP.exe
  2⤵
  PID:3776
- C:\Windows\System\ezqSuxn.exe
  C:\Windows\System\ezqSuxn.exe
  2⤵
  PID:3796
- C:\Windows\System\SGqCCZX.exe
  C:\Windows\System\SGqCCZX.exe
  2⤵
  PID:3816
- C:\Windows\System\tPcHvXk.exe
  C:\Windows\System\tPcHvXk.exe
  2⤵
  PID:3836
- C:\Windows\System\YMWJXok.exe
  C:\Windows\System\YMWJXok.exe
  2⤵
  PID:3860
- C:\Windows\System\zHfpcvf.exe
  C:\Windows\System\zHfpcvf.exe
  2⤵
  PID:3876
- C:\Windows\System\hOFFizu.exe
  C:\Windows\System\hOFFizu.exe
  2⤵
  PID:3896
- C:\Windows\System\mCkrsrf.exe
  C:\Windows\System\mCkrsrf.exe
  2⤵
  PID:3916
- C:\Windows\System\bPjBkpM.exe
  C:\Windows\System\bPjBkpM.exe
  2⤵
  PID:3940
- C:\Windows\System\KFUaOps.exe
  C:\Windows\System\KFUaOps.exe
  2⤵
  PID:3960
- C:\Windows\System\QJHZpFG.exe
  C:\Windows\System\QJHZpFG.exe
  2⤵
  PID:3976
- C:\Windows\System\kPuWxDZ.exe
  C:\Windows\System\kPuWxDZ.exe
  2⤵
  PID:3996
- C:\Windows\System\TqCfbqt.exe
  C:\Windows\System\TqCfbqt.exe
  2⤵
  PID:4016
- C:\Windows\System\elEOTuc.exe
  C:\Windows\System\elEOTuc.exe
  2⤵
  PID:4040
- C:\Windows\System\vFzTEUR.exe
  C:\Windows\System\vFzTEUR.exe
  2⤵
  PID:4056
- C:\Windows\System\hpODvIh.exe
  C:\Windows\System\hpODvIh.exe
  2⤵
  PID:4076
- C:\Windows\System\GQxhlyN.exe
  C:\Windows\System\GQxhlyN.exe
  2⤵
  PID:700
- C:\Windows\System\WOMCQTq.exe
  C:\Windows\System\WOMCQTq.exe
  2⤵
  PID:1600
- C:\Windows\System\DlWjyYD.exe
  C:\Windows\System\DlWjyYD.exe
  2⤵
  PID:3084
- C:\Windows\System\IfMLJuP.exe
  C:\Windows\System\IfMLJuP.exe
  2⤵
  PID:3148
- C:\Windows\System\xYYUKLQ.exe
  C:\Windows\System\xYYUKLQ.exe
  2⤵
  PID:3212
- C:\Windows\System\vmMXmZi.exe
  C:\Windows\System\vmMXmZi.exe
  2⤵
  PID:3228
- C:\Windows\System\tUnpSgF.exe
  C:\Windows\System\tUnpSgF.exe
  2⤵
  PID:3244
- C:\Windows\System\UfGMWmN.exe
  C:\Windows\System\UfGMWmN.exe
  2⤵
  PID:3272
- C:\Windows\System\pKstPyu.exe
  C:\Windows\System\pKstPyu.exe
  2⤵
  PID:3308
- C:\Windows\System\MSXWCHt.exe
  C:\Windows\System\MSXWCHt.exe
  2⤵
  PID:3352
- C:\Windows\System\IUKjfQX.exe
  C:\Windows\System\IUKjfQX.exe
  2⤵
  PID:3408
- C:\Windows\System\julTNQg.exe
  C:\Windows\System\julTNQg.exe
  2⤵
  PID:3416
- C:\Windows\System\atZJeEI.exe
  C:\Windows\System\atZJeEI.exe
  2⤵
  PID:1684
- C:\Windows\System\SbmmeaO.exe
  C:\Windows\System\SbmmeaO.exe
  2⤵
  PID:3484
- C:\Windows\System\nVXxEwa.exe
  C:\Windows\System\nVXxEwa.exe
  2⤵
  PID:3516
- C:\Windows\System\ApqvgET.exe
  C:\Windows\System\ApqvgET.exe
  2⤵
  PID:3556
- C:\Windows\System\UTiIhOS.exe
  C:\Windows\System\UTiIhOS.exe
  2⤵
  PID:3636
- C:\Windows\System\cURIiFL.exe
  C:\Windows\System\cURIiFL.exe
  2⤵
  PID:3572
- C:\Windows\System\tbFjHcF.exe
  C:\Windows\System\tbFjHcF.exe
  2⤵
  PID:3624
- C:\Windows\System\dYcZWiM.exe
  C:\Windows\System\dYcZWiM.exe
  2⤵
  PID:3680
- C:\Windows\System\bKrrbSV.exe
  C:\Windows\System\bKrrbSV.exe
  2⤵
  PID:3720
- C:\Windows\System\BVZRiVm.exe
  C:\Windows\System\BVZRiVm.exe
  2⤵
  PID:3724
- C:\Windows\System\RBMjVYZ.exe
  C:\Windows\System\RBMjVYZ.exe
  2⤵
  PID:3792
- C:\Windows\System\mthXXoJ.exe
  C:\Windows\System\mthXXoJ.exe
  2⤵
  PID:3772
- C:\Windows\System\HkuxnLB.exe
  C:\Windows\System\HkuxnLB.exe
  2⤵
  PID:3844
- C:\Windows\System\QtAVyKC.exe
  C:\Windows\System\QtAVyKC.exe
  2⤵
  PID:3872
- C:\Windows\System\DMKHXvS.exe
  C:\Windows\System\DMKHXvS.exe
  2⤵
  PID:3908
- C:\Windows\System\RqmSgKU.exe
  C:\Windows\System\RqmSgKU.exe
  2⤵
  PID:3928
- C:\Windows\System\yVPzYlr.exe
  C:\Windows\System\yVPzYlr.exe
  2⤵
  PID:3968
- C:\Windows\System\uYBnYSo.exe
  C:\Windows\System\uYBnYSo.exe
  2⤵
  PID:4012
- C:\Windows\System\SCyHJqU.exe
  C:\Windows\System\SCyHJqU.exe
  2⤵
  PID:4052
- C:\Windows\System\mkCkRqU.exe
  C:\Windows\System\mkCkRqU.exe
  2⤵
  PID:2612
- C:\Windows\System\TRMyIba.exe
  C:\Windows\System\TRMyIba.exe
  2⤵
  PID:4068
- C:\Windows\System\HHsfarB.exe
  C:\Windows\System\HHsfarB.exe
  2⤵
  PID:3100
- C:\Windows\System\ciRLwMI.exe
  C:\Windows\System\ciRLwMI.exe
  2⤵
  PID:3124
- C:\Windows\System\vkLJUSZ.exe
  C:\Windows\System\vkLJUSZ.exe
  2⤵
  PID:3260
- C:\Windows\System\SfGtdLW.exe
  C:\Windows\System\SfGtdLW.exe
  2⤵
  PID:3196
- C:\Windows\System\sbVfSPw.exe
  C:\Windows\System\sbVfSPw.exe
  2⤵
  PID:3328
- C:\Windows\System\loScUcQ.exe
  C:\Windows\System\loScUcQ.exe
  2⤵
  PID:3412
- C:\Windows\System\JEJAovB.exe
  C:\Windows\System\JEJAovB.exe
  2⤵
  PID:3480
- C:\Windows\System\yAfrdbT.exe
  C:\Windows\System\yAfrdbT.exe
  2⤵
  PID:3500
- C:\Windows\System\zhWIFIG.exe
  C:\Windows\System\zhWIFIG.exe
  2⤵
  PID:3644
- C:\Windows\System\ooKfoLE.exe
  C:\Windows\System\ooKfoLE.exe
  2⤵
  PID:3544
- C:\Windows\System\jvblpnW.exe
  C:\Windows\System\jvblpnW.exe
  2⤵
  PID:3676
- C:\Windows\System\DfrSAAw.exe
  C:\Windows\System\DfrSAAw.exe
  2⤵
  PID:3740
- C:\Windows\System\wPXpEbZ.exe
  C:\Windows\System\wPXpEbZ.exe
  2⤵
  PID:3768
- C:\Windows\System\ytREQPs.exe
  C:\Windows\System\ytREQPs.exe
  2⤵
  PID:3856
- C:\Windows\System\FLegrSx.exe
  C:\Windows\System\FLegrSx.exe
  2⤵
  PID:3984
- C:\Windows\System\MVXHGnB.exe
  C:\Windows\System\MVXHGnB.exe
  2⤵
  PID:3904
- C:\Windows\System\zQesnFu.exe
  C:\Windows\System\zQesnFu.exe
  2⤵
  PID:3132
- C:\Windows\System\UTOwpRJ.exe
  C:\Windows\System\UTOwpRJ.exe
  2⤵
  PID:4048
- C:\Windows\System\IexTnwY.exe
  C:\Windows\System\IexTnwY.exe
  2⤵
  PID:4072
- C:\Windows\System\NLtUjuK.exe
  C:\Windows\System\NLtUjuK.exe
  2⤵
  PID:2452
- C:\Windows\System\wTadypX.exe
  C:\Windows\System\wTadypX.exe
  2⤵
  PID:3184
- C:\Windows\System\GtOjZGP.exe
  C:\Windows\System\GtOjZGP.exe
  2⤵
  PID:3344
- C:\Windows\System\EJSVVZW.exe
  C:\Windows\System\EJSVVZW.exe
  2⤵
  PID:3160
- C:\Windows\System\BMWtxBa.exe
  C:\Windows\System\BMWtxBa.exe
  2⤵
  PID:3452
- C:\Windows\System\HONlaed.exe
  C:\Windows\System\HONlaed.exe
  2⤵
  PID:3604
- C:\Windows\System\pryIlyK.exe
  C:\Windows\System\pryIlyK.exe
  2⤵
  PID:3708
- C:\Windows\System\aiHIClc.exe
  C:\Windows\System\aiHIClc.exe
  2⤵
  PID:3788
- C:\Windows\System\FbxbGLG.exe
  C:\Windows\System\FbxbGLG.exe
  2⤵
  PID:3832
- C:\Windows\System\vzsIaAW.exe
  C:\Windows\System\vzsIaAW.exe
  2⤵
  PID:3956
- C:\Windows\System\FdxMaBk.exe
  C:\Windows\System\FdxMaBk.exe
  2⤵
  PID:316
- C:\Windows\System\OWCnGpT.exe
  C:\Windows\System\OWCnGpT.exe
  2⤵
  PID:1808
- C:\Windows\System\wivUUQg.exe
  C:\Windows\System\wivUUQg.exe
  2⤵
  PID:3224
- C:\Windows\System\HotpGSb.exe
  C:\Windows\System\HotpGSb.exe
  2⤵
  PID:3540
- C:\Windows\System\YRzoRVq.exe
  C:\Windows\System\YRzoRVq.exe
  2⤵
  PID:3620
- C:\Windows\System\fbTANmd.exe
  C:\Windows\System\fbTANmd.exe
  2⤵
  PID:3496
- C:\Windows\System\jDMfvrX.exe
  C:\Windows\System\jDMfvrX.exe
  2⤵
  PID:3868
- C:\Windows\System\oeovdxf.exe
  C:\Windows\System\oeovdxf.exe
  2⤵
  PID:4004
- C:\Windows\System\kEVghmI.exe
  C:\Windows\System\kEVghmI.exe
  2⤵
  PID:4028
- C:\Windows\System\VJNkSaO.exe
  C:\Windows\System\VJNkSaO.exe
  2⤵
  PID:3384
- C:\Windows\System\TULDsBW.exe
  C:\Windows\System\TULDsBW.exe
  2⤵
  PID:3340
- C:\Windows\System\MLTiBiq.exe
  C:\Windows\System\MLTiBiq.exe
  2⤵
  PID:3808
- C:\Windows\System\QEwvHpE.exe
  C:\Windows\System\QEwvHpE.exe
  2⤵
  PID:3096
- C:\Windows\System\WMwvDfS.exe
  C:\Windows\System\WMwvDfS.exe
  2⤵
  PID:3264
- C:\Windows\System\qWpWHYg.exe
  C:\Windows\System\qWpWHYg.exe
  2⤵
  PID:3584
- C:\Windows\System\SwvTlkJ.exe
  C:\Windows\System\SwvTlkJ.exe
  2⤵
  PID:4112
- C:\Windows\System\Hlxuaju.exe
  C:\Windows\System\Hlxuaju.exe
  2⤵
  PID:4132
- C:\Windows\System\aZATXzz.exe
  C:\Windows\System\aZATXzz.exe
  2⤵
  PID:4152
- C:\Windows\System\uPiGShD.exe
  C:\Windows\System\uPiGShD.exe
  2⤵
  PID:4168
- C:\Windows\System\TpMyKuf.exe
  C:\Windows\System\TpMyKuf.exe
  2⤵
  PID:4184
- C:\Windows\System\PQwxPwv.exe
  C:\Windows\System\PQwxPwv.exe
  2⤵
  PID:4204
- C:\Windows\System\dnqZQYF.exe
  C:\Windows\System\dnqZQYF.exe
  2⤵
  PID:4232
- C:\Windows\System\yDDUDrA.exe
  C:\Windows\System\yDDUDrA.exe
  2⤵
  PID:4248
- C:\Windows\System\BWhjgVX.exe
  C:\Windows\System\BWhjgVX.exe
  2⤵
  PID:4264
- C:\Windows\System\TENayso.exe
  C:\Windows\System\TENayso.exe
  2⤵
  PID:4284
- C:\Windows\System\ILCtdWE.exe
  C:\Windows\System\ILCtdWE.exe
  2⤵
  PID:4304
- C:\Windows\System\bFdGisc.exe
  C:\Windows\System\bFdGisc.exe
  2⤵
  PID:4320
- C:\Windows\System\JEiTCep.exe
  C:\Windows\System\JEiTCep.exe
  2⤵
  PID:4340
- C:\Windows\System\TQebPiI.exe
  C:\Windows\System\TQebPiI.exe
  2⤵
  PID:4356
- C:\Windows\System\ygFbVYS.exe
  C:\Windows\System\ygFbVYS.exe
  2⤵
  PID:4380
- C:\Windows\System\sRwXVLk.exe
  C:\Windows\System\sRwXVLk.exe
  2⤵
  PID:4408
- C:\Windows\System\rdJxNwW.exe
  C:\Windows\System\rdJxNwW.exe
  2⤵
  PID:4424
- C:\Windows\System\nsKHseK.exe
  C:\Windows\System\nsKHseK.exe
  2⤵
  PID:4444
- C:\Windows\System\dqrVaqs.exe
  C:\Windows\System\dqrVaqs.exe
  2⤵
  PID:4460
- C:\Windows\System\kpIcsBP.exe
  C:\Windows\System\kpIcsBP.exe
  2⤵
  PID:4484
- C:\Windows\System\xBlmmkS.exe
  C:\Windows\System\xBlmmkS.exe
  2⤵
  PID:4500
- C:\Windows\System\yJtUItH.exe
  C:\Windows\System\yJtUItH.exe
  2⤵
  PID:4532
- C:\Windows\System\boZarzj.exe
  C:\Windows\System\boZarzj.exe
  2⤵
  PID:4548
- C:\Windows\System\FvMWSOX.exe
  C:\Windows\System\FvMWSOX.exe
  2⤵
  PID:4568
- C:\Windows\System\sXSBwZr.exe
  C:\Windows\System\sXSBwZr.exe
  2⤵
  PID:4584
- C:\Windows\System\uoDUtDk.exe
  C:\Windows\System\uoDUtDk.exe
  2⤵
  PID:4604
- C:\Windows\System\qtWhteh.exe
  C:\Windows\System\qtWhteh.exe
  2⤵
  PID:4628
- C:\Windows\System\BuSBhcj.exe
  C:\Windows\System\BuSBhcj.exe
  2⤵
  PID:4648
- C:\Windows\System\OYcPgSh.exe
  C:\Windows\System\OYcPgSh.exe
  2⤵
  PID:4668
- C:\Windows\System\CAZNTTr.exe
  C:\Windows\System\CAZNTTr.exe
  2⤵
  PID:4684
- C:\Windows\System\FnsEfND.exe
  C:\Windows\System\FnsEfND.exe
  2⤵
  PID:4708
- C:\Windows\System\LbDfOkw.exe
  C:\Windows\System\LbDfOkw.exe
  2⤵
  PID:4724
- C:\Windows\System\dermxyM.exe
  C:\Windows\System\dermxyM.exe
  2⤵
  PID:4744
- C:\Windows\System\pHhsWVL.exe
  C:\Windows\System\pHhsWVL.exe
  2⤵
  PID:4760
- C:\Windows\System\MEcWlfP.exe
  C:\Windows\System\MEcWlfP.exe
  2⤵
  PID:4788
- C:\Windows\System\SQdQTNt.exe
  C:\Windows\System\SQdQTNt.exe
  2⤵
  PID:4804
- C:\Windows\System\fxBrdrH.exe
  C:\Windows\System\fxBrdrH.exe
  2⤵
  PID:4828
- C:\Windows\System\fbcyuNL.exe
  C:\Windows\System\fbcyuNL.exe
  2⤵
  PID:4852
- C:\Windows\System\mVjjQXm.exe
  C:\Windows\System\mVjjQXm.exe
  2⤵
  PID:4876
- C:\Windows\System\XtJKGdP.exe
  C:\Windows\System\XtJKGdP.exe
  2⤵
  PID:4892
- C:\Windows\System\HdaZTwi.exe
  C:\Windows\System\HdaZTwi.exe
  2⤵
  PID:4912
- C:\Windows\System\UgebMjO.exe
  C:\Windows\System\UgebMjO.exe
  2⤵
  PID:4932
- C:\Windows\System\fGySksC.exe
  C:\Windows\System\fGySksC.exe
  2⤵
  PID:4956
- C:\Windows\System\iRonnmG.exe
  C:\Windows\System\iRonnmG.exe
  2⤵
  PID:4972
- C:\Windows\System\jKEOjFH.exe
  C:\Windows\System\jKEOjFH.exe
  2⤵
  PID:4996
- C:\Windows\System\QPqqxkz.exe
  C:\Windows\System\QPqqxkz.exe
  2⤵
  PID:5012
- C:\Windows\System\mufzTeq.exe
  C:\Windows\System\mufzTeq.exe
  2⤵
  PID:5032
- C:\Windows\System\wGInMZv.exe
  C:\Windows\System\wGInMZv.exe
  2⤵
  PID:5048
- C:\Windows\System\ovzilCI.exe
  C:\Windows\System\ovzilCI.exe
  2⤵
  PID:5064
- C:\Windows\System\AVzSBrJ.exe
  C:\Windows\System\AVzSBrJ.exe
  2⤵
  PID:5096
- C:\Windows\System\cRIOHnN.exe
  C:\Windows\System\cRIOHnN.exe
  2⤵
  PID:5112
- C:\Windows\System\UNKVEos.exe
  C:\Windows\System\UNKVEos.exe
  2⤵
  PID:3992
- C:\Windows\System\PKNpAcG.exe
  C:\Windows\System\PKNpAcG.exe
  2⤵
  PID:4108
- C:\Windows\System\qrexOSZ.exe
  C:\Windows\System\qrexOSZ.exe
  2⤵
  PID:4128
- C:\Windows\System\AXVudcg.exe
  C:\Windows\System\AXVudcg.exe
  2⤵
  PID:4164
- C:\Windows\System\loGBSoq.exe
  C:\Windows\System\loGBSoq.exe
  2⤵
  PID:4200
- C:\Windows\System\vbWyeWp.exe
  C:\Windows\System\vbWyeWp.exe
  2⤵
  PID:4216
- C:\Windows\System\XAOphGU.exe
  C:\Windows\System\XAOphGU.exe
  2⤵
  PID:4296
- C:\Windows\System\PshQhJS.exe
  C:\Windows\System\PshQhJS.exe
  2⤵
  PID:4336
- C:\Windows\System\TqSRuTP.exe
  C:\Windows\System\TqSRuTP.exe
  2⤵
  PID:4312
- C:\Windows\System\WknbRrQ.exe
  C:\Windows\System\WknbRrQ.exe
  2⤵
  PID:4392
- C:\Windows\System\JeArwLQ.exe
  C:\Windows\System\JeArwLQ.exe
  2⤵
  PID:4372
- C:\Windows\System\bpKMxQu.exe
  C:\Windows\System\bpKMxQu.exe
  2⤵
  PID:4420
- C:\Windows\System\iKgPPRQ.exe
  C:\Windows\System\iKgPPRQ.exe
  2⤵
  PID:4436
- C:\Windows\System\yyejrLz.exe
  C:\Windows\System\yyejrLz.exe
  2⤵
  PID:4508
- C:\Windows\System\ZBbdcFf.exe
  C:\Windows\System\ZBbdcFf.exe
  2⤵
  PID:4512
- C:\Windows\System\gcPeMHy.exe
  C:\Windows\System\gcPeMHy.exe
  2⤵
  PID:4624
- C:\Windows\System\HfTNiaK.exe
  C:\Windows\System\HfTNiaK.exe
  2⤵
  PID:4592
- C:\Windows\System\Iekqqcd.exe
  C:\Windows\System\Iekqqcd.exe
  2⤵
  PID:4656
- C:\Windows\System\KbRGyAM.exe
  C:\Windows\System\KbRGyAM.exe
  2⤵
  PID:4700
- C:\Windows\System\hnHSDII.exe
  C:\Windows\System\hnHSDII.exe
  2⤵
  PID:4768
- C:\Windows\System\nJsHBsH.exe
  C:\Windows\System\nJsHBsH.exe
  2⤵
  PID:4812
- C:\Windows\System\hdKHgCA.exe
  C:\Windows\System\hdKHgCA.exe
  2⤵
  PID:4716
- C:\Windows\System\PHRGoij.exe
  C:\Windows\System\PHRGoij.exe
  2⤵
  PID:4816
- C:\Windows\System\biFpOJI.exe
  C:\Windows\System\biFpOJI.exe
  2⤵
  PID:4840
- C:\Windows\System\VmfMbXE.exe
  C:\Windows\System\VmfMbXE.exe
  2⤵
  PID:3784
- C:\Windows\System\AakqjMS.exe
  C:\Windows\System\AakqjMS.exe
  2⤵
  PID:4904
- C:\Windows\System\YpLnuOf.exe
  C:\Windows\System\YpLnuOf.exe
  2⤵
  PID:4920
- C:\Windows\System\KhDkmDS.exe
  C:\Windows\System\KhDkmDS.exe
  2⤵
  PID:4964
- C:\Windows\System\TXPbsJc.exe
  C:\Windows\System\TXPbsJc.exe
  2⤵
  PID:4968
- C:\Windows\System\Vgaatuf.exe
  C:\Windows\System\Vgaatuf.exe
  2⤵
  PID:5028
- C:\Windows\System\KutnLwm.exe
  C:\Windows\System\KutnLwm.exe
  2⤵
  PID:5080
- C:\Windows\System\pydCLxr.exe
  C:\Windows\System\pydCLxr.exe
  2⤵
  PID:5104
- C:\Windows\System\MisHYQG.exe
  C:\Windows\System\MisHYQG.exe
  2⤵
  PID:3528
- C:\Windows\System\SzxXaaV.exe
  C:\Windows\System\SzxXaaV.exe
  2⤵
  PID:3200
- C:\Windows\System\YDqfaiC.exe
  C:\Windows\System\YDqfaiC.exe
  2⤵
  PID:4176
- C:\Windows\System\ykTIeeP.exe
  C:\Windows\System\ykTIeeP.exe
  2⤵
  PID:4192
- C:\Windows\System\iJChNJo.exe
  C:\Windows\System\iJChNJo.exe
  2⤵
  PID:4328
- C:\Windows\System\UORpAba.exe
  C:\Windows\System\UORpAba.exe
  2⤵
  PID:4400
- C:\Windows\System\mwEpTUR.exe
  C:\Windows\System\mwEpTUR.exe
  2⤵
  PID:4496
- C:\Windows\System\sLhkiCe.exe
  C:\Windows\System\sLhkiCe.exe
  2⤵
  PID:4416
- C:\Windows\System\LMtUxGC.exe
  C:\Windows\System\LMtUxGC.exe
  2⤵
  PID:4528
- C:\Windows\System\kLGewGW.exe
  C:\Windows\System\kLGewGW.exe
  2⤵
  PID:4564
- C:\Windows\System\hrWGMiR.exe
  C:\Windows\System\hrWGMiR.exe
  2⤵
  PID:4600
- C:\Windows\System\KSckytF.exe
  C:\Windows\System\KSckytF.exe
  2⤵
  PID:4740
- C:\Windows\System\PuIAfFv.exe
  C:\Windows\System\PuIAfFv.exe
  2⤵
  PID:4772
- C:\Windows\System\mEBqoEa.exe
  C:\Windows\System\mEBqoEa.exe
  2⤵
  PID:4796
- C:\Windows\System\vNsRYCP.exe
  C:\Windows\System\vNsRYCP.exe
  2⤵
  PID:4864
- C:\Windows\System\FkwiOJM.exe
  C:\Windows\System\FkwiOJM.exe
  2⤵
  PID:4948
- C:\Windows\System\iyzBsBm.exe
  C:\Windows\System\iyzBsBm.exe
  2⤵
  PID:5020
- C:\Windows\System\VCQHEjO.exe
  C:\Windows\System\VCQHEjO.exe
  2⤵
  PID:5072
- C:\Windows\System\mNYOCZY.exe
  C:\Windows\System\mNYOCZY.exe
  2⤵
  PID:5092
- C:\Windows\System\asvNpcq.exe
  C:\Windows\System\asvNpcq.exe
  2⤵
  PID:4104
- C:\Windows\System\FFjPssw.exe
  C:\Windows\System\FFjPssw.exe
  2⤵
  PID:4148
- C:\Windows\System\NZsvuCl.exe
  C:\Windows\System\NZsvuCl.exe
  2⤵
  PID:4228
- C:\Windows\System\qMFDUlH.exe
  C:\Windows\System\qMFDUlH.exe
  2⤵
  PID:4280
- C:\Windows\System\mJXKeWl.exe
  C:\Windows\System\mJXKeWl.exe
  2⤵
  PID:4276
- C:\Windows\System\CCZRFaT.exe
  C:\Windows\System\CCZRFaT.exe
  2⤵
  PID:4560
- C:\Windows\System\BDAgcmq.exe
  C:\Windows\System\BDAgcmq.exe
  2⤵
  PID:4680
- C:\Windows\System\reMfLCX.exe
  C:\Windows\System\reMfLCX.exe
  2⤵
  PID:4940
- C:\Windows\System\tlQvVgB.exe
  C:\Windows\System\tlQvVgB.exe
  2⤵
  PID:4824
- C:\Windows\System\LcaqNiU.exe
  C:\Windows\System\LcaqNiU.exe
  2⤵
  PID:5044
- C:\Windows\System\KxHCCfJ.exe
  C:\Windows\System\KxHCCfJ.exe
  2⤵
  PID:3588
- C:\Windows\System\vhEatYU.exe
  C:\Windows\System\vhEatYU.exe
  2⤵
  PID:4352
- C:\Windows\System\yGnVCJq.exe
  C:\Windows\System\yGnVCJq.exe
  2⤵
  PID:4696
- C:\Windows\System\vfICYTq.exe
  C:\Windows\System\vfICYTq.exe
  2⤵
  PID:4692
- C:\Windows\System\RglCPLC.exe
  C:\Windows\System\RglCPLC.exe
  2⤵
  PID:4612
- C:\Windows\System\gcqMRbX.exe
  C:\Windows\System\gcqMRbX.exe
  2⤵
  PID:4644
- C:\Windows\System\EXjBbtB.exe
  C:\Windows\System\EXjBbtB.exe
  2⤵
  PID:4868
- C:\Windows\System\YvhGAFF.exe
  C:\Windows\System\YvhGAFF.exe
  2⤵
  PID:4860
- C:\Windows\System\GbFgSaJ.exe
  C:\Windows\System\GbFgSaJ.exe
  2⤵
  PID:4124
- C:\Windows\System\AIquxlK.exe
  C:\Windows\System\AIquxlK.exe
  2⤵
  PID:4544
- C:\Windows\System\xKHjPgP.exe
  C:\Windows\System\xKHjPgP.exe
  2⤵
  PID:4836
- C:\Windows\System\OYtJVGu.exe
  C:\Windows\System\OYtJVGu.exe
  2⤵
  PID:4664
- C:\Windows\System\DBLJpjM.exe
  C:\Windows\System\DBLJpjM.exe
  2⤵
  PID:4988
- C:\Windows\System\KWaipFl.exe
  C:\Windows\System\KWaipFl.exe
  2⤵
  PID:4516
- C:\Windows\System\WuQDMPX.exe
  C:\Windows\System\WuQDMPX.exe
  2⤵
  PID:5128
- C:\Windows\System\WsPaNtD.exe
  C:\Windows\System\WsPaNtD.exe
  2⤵
  PID:5148
- C:\Windows\System\PrGOTWx.exe
  C:\Windows\System\PrGOTWx.exe
  2⤵
  PID:5172
- C:\Windows\System\zVABuoG.exe
  C:\Windows\System\zVABuoG.exe
  2⤵
  PID:5192
- C:\Windows\System\KkYoZLJ.exe
  C:\Windows\System\KkYoZLJ.exe
  2⤵
  PID:5224
- C:\Windows\System\XUndgFO.exe
  C:\Windows\System\XUndgFO.exe
  2⤵
  PID:5248
- C:\Windows\System\IYWmvNB.exe
  C:\Windows\System\IYWmvNB.exe
  2⤵
  PID:5264
- C:\Windows\System\aoEyXsS.exe
  C:\Windows\System\aoEyXsS.exe
  2⤵
  PID:5288
- C:\Windows\System\OCQZeuI.exe
  C:\Windows\System\OCQZeuI.exe
  2⤵
  PID:5312
- C:\Windows\System\rOTWCZF.exe
  C:\Windows\System\rOTWCZF.exe
  2⤵
  PID:5328
- C:\Windows\System\qylnyad.exe
  C:\Windows\System\qylnyad.exe
  2⤵
  PID:5348
- C:\Windows\System\eekvaOR.exe
  C:\Windows\System\eekvaOR.exe
  2⤵
  PID:5364
- C:\Windows\System\HphlRLG.exe
  C:\Windows\System\HphlRLG.exe
  2⤵
  PID:5384
- C:\Windows\System\hPcaDIr.exe
  C:\Windows\System\hPcaDIr.exe
  2⤵
  PID:5400
- C:\Windows\System\aFRTJEc.exe
  C:\Windows\System\aFRTJEc.exe
  2⤵
  PID:5420
- C:\Windows\System\FlaubWd.exe
  C:\Windows\System\FlaubWd.exe
  2⤵
  PID:5452
- C:\Windows\System\MyNvNlA.exe
  C:\Windows\System\MyNvNlA.exe
  2⤵
  PID:5468
- C:\Windows\System\fYjdGSB.exe
  C:\Windows\System\fYjdGSB.exe
  2⤵
  PID:5488
- C:\Windows\System\XVVOXvM.exe
  C:\Windows\System\XVVOXvM.exe
  2⤵
  PID:5504
- C:\Windows\System\AoJxjsv.exe
  C:\Windows\System\AoJxjsv.exe
  2⤵
  PID:5524
- C:\Windows\System\moeuKRO.exe
  C:\Windows\System\moeuKRO.exe
  2⤵
  PID:5552
- C:\Windows\System\GCAzkqn.exe
  C:\Windows\System\GCAzkqn.exe
  2⤵
  PID:5568
- C:\Windows\System\SxIhwri.exe
  C:\Windows\System\SxIhwri.exe
  2⤵
  PID:5592
- C:\Windows\System\OahGPrs.exe
  C:\Windows\System\OahGPrs.exe
  2⤵
  PID:5608
- C:\Windows\System\voRcxYR.exe
  C:\Windows\System\voRcxYR.exe
  2⤵
  PID:5624
- C:\Windows\System\zWmweko.exe
  C:\Windows\System\zWmweko.exe
  2⤵
  PID:5644
- C:\Windows\System\qGNtQKh.exe
  C:\Windows\System\qGNtQKh.exe
  2⤵
  PID:5660
- C:\Windows\System\YJsAygE.exe
  C:\Windows\System\YJsAygE.exe
  2⤵
  PID:5680
- C:\Windows\System\nYmyBxB.exe
  C:\Windows\System\nYmyBxB.exe
  2⤵
  PID:5708
- C:\Windows\System\rOrAyvF.exe
  C:\Windows\System\rOrAyvF.exe
  2⤵
  PID:5728
- C:\Windows\System\oufTVZV.exe
  C:\Windows\System\oufTVZV.exe
  2⤵
  PID:5748
- C:\Windows\System\wwczAWn.exe
  C:\Windows\System\wwczAWn.exe
  2⤵
  PID:5768
- C:\Windows\System\haIhZTh.exe
  C:\Windows\System\haIhZTh.exe
  2⤵
  PID:5784
- C:\Windows\System\kjfzWyT.exe
  C:\Windows\System\kjfzWyT.exe
  2⤵
  PID:5816
- C:\Windows\System\jMgJibA.exe
  C:\Windows\System\jMgJibA.exe
  2⤵
  PID:5836
- C:\Windows\System\sXzvXQp.exe
  C:\Windows\System\sXzvXQp.exe
  2⤵
  PID:5856
- C:\Windows\System\WxyyFPd.exe
  C:\Windows\System\WxyyFPd.exe
  2⤵
  PID:5872
- C:\Windows\System\xVdgWzV.exe
  C:\Windows\System\xVdgWzV.exe
  2⤵
  PID:5896
- C:\Windows\System\ajGoIla.exe
  C:\Windows\System\ajGoIla.exe
  2⤵
  PID:5916
- C:\Windows\System\WhRqApJ.exe
  C:\Windows\System\WhRqApJ.exe
  2⤵
  PID:5936
- C:\Windows\System\JnQULPj.exe
  C:\Windows\System\JnQULPj.exe
  2⤵
  PID:5956
- C:\Windows\System\RbHYgHQ.exe
  C:\Windows\System\RbHYgHQ.exe
  2⤵
  PID:5976
- C:\Windows\System\ljwJkBg.exe
  C:\Windows\System\ljwJkBg.exe
  2⤵
  PID:6000
- C:\Windows\System\qHZpVPB.exe
  C:\Windows\System\qHZpVPB.exe
  2⤵
  PID:6016
- C:\Windows\System\aquCDRo.exe
  C:\Windows\System\aquCDRo.exe
  2⤵
  PID:6040
- C:\Windows\System\MMTwVhG.exe
  C:\Windows\System\MMTwVhG.exe
  2⤵
  PID:6056
- C:\Windows\System\KlvLytT.exe
  C:\Windows\System\KlvLytT.exe
  2⤵
  PID:6072
- C:\Windows\System\mqozLHL.exe
  C:\Windows\System\mqozLHL.exe
  2⤵
  PID:6092
- C:\Windows\System\jdnYMNR.exe
  C:\Windows\System\jdnYMNR.exe
  2⤵
  PID:6108
- C:\Windows\System\XXhgsgY.exe
  C:\Windows\System\XXhgsgY.exe
  2⤵
  PID:6140
- C:\Windows\System\lZMmdZC.exe
  C:\Windows\System\lZMmdZC.exe
  2⤵
  PID:4480
- C:\Windows\System\QJCmlzo.exe
  C:\Windows\System\QJCmlzo.exe
  2⤵
  PID:4348
- C:\Windows\System\FNoyZDL.exe
  C:\Windows\System\FNoyZDL.exe
  2⤵
  PID:4756
- C:\Windows\System\FiJJhYu.exe
  C:\Windows\System\FiJJhYu.exe
  2⤵
  PID:5188
- C:\Windows\System\JzwkTVv.exe
  C:\Windows\System\JzwkTVv.exe
  2⤵
  PID:5220
- C:\Windows\System\TmbKXYl.exe
  C:\Windows\System\TmbKXYl.exe
  2⤵
  PID:5256
- C:\Windows\System\jkQdxIM.exe
  C:\Windows\System\jkQdxIM.exe
  2⤵
  PID:5284
- C:\Windows\System\jBeuJWb.exe
  C:\Windows\System\jBeuJWb.exe
  2⤵
  PID:5300
- C:\Windows\System\hFKVlPm.exe
  C:\Windows\System\hFKVlPm.exe
  2⤵
  PID:5340
- C:\Windows\System\YRCNSRC.exe
  C:\Windows\System\YRCNSRC.exe
  2⤵
  PID:5360
- C:\Windows\System\UVuJzMO.exe
  C:\Windows\System\UVuJzMO.exe
  2⤵
  PID:5436
- C:\Windows\System\oeTmAcv.exe
  C:\Windows\System\oeTmAcv.exe
  2⤵
  PID:5444
- C:\Windows\System\ziaoSVm.exe
  C:\Windows\System\ziaoSVm.exe
  2⤵
  PID:5512
- C:\Windows\System\kQhEAzo.exe
  C:\Windows\System\kQhEAzo.exe
  2⤵
  PID:5536
- C:\Windows\System\xguOUkq.exe
  C:\Windows\System\xguOUkq.exe
  2⤵
  PID:5564
- C:\Windows\System\rcdVeqq.exe
  C:\Windows\System\rcdVeqq.exe
  2⤵
  PID:5656
- C:\Windows\System\dOUBLJL.exe
  C:\Windows\System\dOUBLJL.exe
  2⤵
  PID:5640
- C:\Windows\System\iVBxeOr.exe
  C:\Windows\System\iVBxeOr.exe
  2⤵
  PID:5696
- C:\Windows\System\KDuxQag.exe
  C:\Windows\System\KDuxQag.exe
  2⤵
  PID:5744
- C:\Windows\System\BdiKeSA.exe
  C:\Windows\System\BdiKeSA.exe
  2⤵
  PID:5720
- C:\Windows\System\qZlAhlC.exe
  C:\Windows\System\qZlAhlC.exe
  2⤵
  PID:5808
- C:\Windows\System\CnstXEv.exe
  C:\Windows\System\CnstXEv.exe
  2⤵
  PID:5244
- C:\Windows\System\DVooimm.exe
  C:\Windows\System\DVooimm.exe
  2⤵
  PID:5864
- C:\Windows\System\FpPEBeA.exe
  C:\Windows\System\FpPEBeA.exe
  2⤵
  PID:5880
- C:\Windows\System\kNZfkbJ.exe
  C:\Windows\System\kNZfkbJ.exe
  2⤵
  PID:5944
- C:\Windows\System\rOLVBQY.exe
  C:\Windows\System\rOLVBQY.exe
  2⤵
  PID:5928
- C:\Windows\System\bhzkDSZ.exe
  C:\Windows\System\bhzkDSZ.exe
  2⤵
  PID:5984
- C:\Windows\System\RhxblDX.exe
  C:\Windows\System\RhxblDX.exe
  2⤵
  PID:6012
- C:\Windows\System\WRioXKM.exe
  C:\Windows\System\WRioXKM.exe
  2⤵
  PID:6028
- C:\Windows\System\HKfMfSC.exe
  C:\Windows\System\HKfMfSC.exe
  2⤵
  PID:6104
- C:\Windows\System\VYrbABP.exe
  C:\Windows\System\VYrbABP.exe
  2⤵
  PID:6088
- C:\Windows\System\XeRDzUg.exe
  C:\Windows\System\XeRDzUg.exe
  2⤵
  PID:5024
- C:\Windows\System\KJJZAJR.exe
  C:\Windows\System\KJJZAJR.exe
  2⤵
  PID:5140
- C:\Windows\System\UvDYvyX.exe
  C:\Windows\System\UvDYvyX.exe
  2⤵
  PID:5824
- C:\Windows\System\UdvJDtV.exe
  C:\Windows\System\UdvJDtV.exe
  2⤵
  PID:5212
- C:\Windows\System\HjHVeBZ.exe
  C:\Windows\System\HjHVeBZ.exe
  2⤵
  PID:5380
- C:\Windows\System\UUgkixd.exe
  C:\Windows\System\UUgkixd.exe
  2⤵
  PID:5464
- C:\Windows\System\egpwuwe.exe
  C:\Windows\System\egpwuwe.exe
  2⤵
  PID:4900
- C:\Windows\System\jdudJMs.exe
  C:\Windows\System\jdudJMs.exe
  2⤵
  PID:5396
- C:\Windows\System\FocuaDg.exe
  C:\Windows\System\FocuaDg.exe
  2⤵
  PID:5484
- C:\Windows\System\khHUSdL.exe
  C:\Windows\System\khHUSdL.exe
  2⤵
  PID:5548
- C:\Windows\System\RpwbxBY.exe
  C:\Windows\System\RpwbxBY.exe
  2⤵
  PID:5184
- C:\Windows\System\aDMgyBF.exe
  C:\Windows\System\aDMgyBF.exe
  2⤵
  PID:5652
- C:\Windows\System\GFhVvSH.exe
  C:\Windows\System\GFhVvSH.exe
  2⤵
  PID:5672
- C:\Windows\System\jlYxaSS.exe
  C:\Windows\System\jlYxaSS.exe
  2⤵
  PID:5700
- C:\Windows\System\skEDKyJ.exe
  C:\Windows\System\skEDKyJ.exe
  2⤵
  PID:5792
- C:\Windows\System\mtfHpvz.exe
  C:\Windows\System\mtfHpvz.exe
  2⤵
  PID:5812
- C:\Windows\System\ZCnVpvZ.exe
  C:\Windows\System\ZCnVpvZ.exe
  2⤵
  PID:5912
- C:\Windows\System\ipJbaaB.exe
  C:\Windows\System\ipJbaaB.exe
  2⤵
  PID:5932
- C:\Windows\System\nJmzaRM.exe
  C:\Windows\System\nJmzaRM.exe
  2⤵
  PID:6008
- C:\Windows\System\fpJtgda.exe
  C:\Windows\System\fpJtgda.exe
  2⤵
  PID:6064
- C:\Windows\System\vHGTUfC.exe
  C:\Windows\System\vHGTUfC.exe
  2⤵
  PID:6124
- C:\Windows\System\OxhKEdg.exe
  C:\Windows\System\OxhKEdg.exe
  2⤵
  PID:5124
- C:\Windows\System\CooVVxK.exe
  C:\Windows\System\CooVVxK.exe
  2⤵
  PID:5208
- C:\Windows\System\PnAodMN.exe
  C:\Windows\System\PnAodMN.exe
  2⤵
  PID:5336
- C:\Windows\System\srUXSOM.exe
  C:\Windows\System\srUXSOM.exe
  2⤵
  PID:5232
- C:\Windows\System\BApVFMy.exe
  C:\Windows\System\BApVFMy.exe
  2⤵
  PID:5304
- C:\Windows\System\JuUzbeJ.exe
  C:\Windows\System\JuUzbeJ.exe
  2⤵
  PID:5476
- C:\Windows\System\yJjUuXW.exe
  C:\Windows\System\yJjUuXW.exe
  2⤵
  PID:5620
- C:\Windows\System\sFcRYVb.exe
  C:\Windows\System\sFcRYVb.exe
  2⤵
  PID:5584
- C:\Windows\System\OCufUqW.exe
  C:\Windows\System\OCufUqW.exe
  2⤵
  PID:5756
- C:\Windows\System\jJljKZK.exe
  C:\Windows\System\jJljKZK.exe
  2⤵
  PID:5844
- C:\Windows\System\bJnLDYf.exe
  C:\Windows\System\bJnLDYf.exe
  2⤵
  PID:5924
- C:\Windows\System\cdCZGSP.exe
  C:\Windows\System\cdCZGSP.exe
  2⤵
  PID:5988
- C:\Windows\System\AokxTvK.exe
  C:\Windows\System\AokxTvK.exe
  2⤵
  PID:5168
- C:\Windows\System\cBOcNle.exe
  C:\Windows\System\cBOcNle.exe
  2⤵
  PID:6132
- C:\Windows\System\VvHflFo.exe
  C:\Windows\System\VvHflFo.exe
  2⤵
  PID:5356
- C:\Windows\System\BlihGyn.exe
  C:\Windows\System\BlihGyn.exe
  2⤵
  PID:5704
- C:\Windows\System\BNnTjJC.exe
  C:\Windows\System\BNnTjJC.exe
  2⤵
  PID:5440
- C:\Windows\System\uPHggNn.exe
  C:\Windows\System\uPHggNn.exe
  2⤵
  PID:5764
- C:\Windows\System\UwtTzoE.exe
  C:\Windows\System\UwtTzoE.exe
  2⤵
  PID:5904
- C:\Windows\System\PIZeJXZ.exe
  C:\Windows\System\PIZeJXZ.exe
  2⤵
  PID:5892
- C:\Windows\System\BNBGKAO.exe
  C:\Windows\System\BNBGKAO.exe
  2⤵
  PID:5412
- C:\Windows\System\SBuRngb.exe
  C:\Windows\System\SBuRngb.exe
  2⤵
  PID:5180
- C:\Windows\System\YfbXakd.exe
  C:\Windows\System\YfbXakd.exe
  2⤵
  PID:5616
- C:\Windows\System\QRBwccd.exe
  C:\Windows\System\QRBwccd.exe
  2⤵
  PID:5888
- C:\Windows\System\iXxMcEJ.exe
  C:\Windows\System\iXxMcEJ.exe
  2⤵
  PID:4240
- C:\Windows\System\KgOCyNc.exe
  C:\Windows\System\KgOCyNc.exe
  2⤵
  PID:5604
- C:\Windows\System\VWPzQDr.exe
  C:\Windows\System\VWPzQDr.exe
  2⤵
  PID:6156
- C:\Windows\System\pWYbaXx.exe
  C:\Windows\System\pWYbaXx.exe
  2⤵
  PID:6184
- C:\Windows\System\cLQeIEs.exe
  C:\Windows\System\cLQeIEs.exe
  2⤵
  PID:6200
- C:\Windows\System\ZhCHatp.exe
  C:\Windows\System\ZhCHatp.exe
  2⤵
  PID:6220
- C:\Windows\System\CMWBNun.exe
  C:\Windows\System\CMWBNun.exe
  2⤵
  PID:6248
- C:\Windows\System\eFxENOE.exe
  C:\Windows\System\eFxENOE.exe
  2⤵
  PID:6264
- C:\Windows\System\LGGGwqM.exe
  C:\Windows\System\LGGGwqM.exe
  2⤵
  PID:6284
- C:\Windows\System\KwhABZn.exe
  C:\Windows\System\KwhABZn.exe
  2⤵
  PID:6304
- C:\Windows\System\qZMBbBd.exe
  C:\Windows\System\qZMBbBd.exe
  2⤵
  PID:6324
- C:\Windows\System\TCxBnHZ.exe
  C:\Windows\System\TCxBnHZ.exe
  2⤵
  PID:6344
- C:\Windows\System\vLXVvwB.exe
  C:\Windows\System\vLXVvwB.exe
  2⤵
  PID:6368
- C:\Windows\System\zpekJQF.exe
  C:\Windows\System\zpekJQF.exe
  2⤵
  PID:6384
- C:\Windows\System\ffuuQxP.exe
  C:\Windows\System\ffuuQxP.exe
  2⤵
  PID:6404
- C:\Windows\System\rSKovNE.exe
  C:\Windows\System\rSKovNE.exe
  2⤵
  PID:6424
- C:\Windows\System\tkPXZeG.exe
  C:\Windows\System\tkPXZeG.exe
  2⤵
  PID:6444
- C:\Windows\System\yyplBeM.exe
  C:\Windows\System\yyplBeM.exe
  2⤵
  PID:6460
- C:\Windows\System\ACQEbqg.exe
  C:\Windows\System\ACQEbqg.exe
  2⤵
  PID:6480
- C:\Windows\System\MrMsOac.exe
  C:\Windows\System\MrMsOac.exe
  2⤵
  PID:6500
- C:\Windows\System\SmvETAR.exe
  C:\Windows\System\SmvETAR.exe
  2⤵
  PID:6520
- C:\Windows\System\PVawMjj.exe
  C:\Windows\System\PVawMjj.exe
  2⤵
  PID:6540
- C:\Windows\System\yXznLRf.exe
  C:\Windows\System\yXznLRf.exe
  2⤵
  PID:6560
- C:\Windows\System\qICTHHF.exe
  C:\Windows\System\qICTHHF.exe
  2⤵
  PID:6580
- C:\Windows\System\AymQQmN.exe
  C:\Windows\System\AymQQmN.exe
  2⤵
  PID:6608
- C:\Windows\System\CQTNUuj.exe
  C:\Windows\System\CQTNUuj.exe
  2⤵
  PID:6624
- C:\Windows\System\mRHriCh.exe
  C:\Windows\System\mRHriCh.exe
  2⤵
  PID:6648
- C:\Windows\System\jJYLJzc.exe
  C:\Windows\System\jJYLJzc.exe
  2⤵
  PID:6664
- C:\Windows\System\KCDmqYp.exe
  C:\Windows\System\KCDmqYp.exe
  2⤵
  PID:6680
- C:\Windows\System\tmEYZlX.exe
  C:\Windows\System\tmEYZlX.exe
  2⤵
  PID:6704
- C:\Windows\System\SzcVLZY.exe
  C:\Windows\System\SzcVLZY.exe
  2⤵
  PID:6724
- C:\Windows\System\gjbgyya.exe
  C:\Windows\System\gjbgyya.exe
  2⤵
  PID:6744
- C:\Windows\System\pBQTYBA.exe
  C:\Windows\System\pBQTYBA.exe
  2⤵
  PID:6764
- C:\Windows\System\dhChTui.exe
  C:\Windows\System\dhChTui.exe
  2⤵
  PID:6784
- C:\Windows\System\qxaGyxq.exe
  C:\Windows\System\qxaGyxq.exe
  2⤵
  PID:6808
- C:\Windows\System\DfpbVgI.exe
  C:\Windows\System\DfpbVgI.exe
  2⤵
  PID:6828
- C:\Windows\System\URjENmW.exe
  C:\Windows\System\URjENmW.exe
  2⤵
  PID:6844
- C:\Windows\System\gEIXXgx.exe
  C:\Windows\System\gEIXXgx.exe
  2⤵
  PID:6860
- C:\Windows\System\lrOiIve.exe
  C:\Windows\System\lrOiIve.exe
  2⤵
  PID:6876
- C:\Windows\System\riTUPBV.exe
  C:\Windows\System\riTUPBV.exe
  2⤵
  PID:6892
- C:\Windows\System\oiSZUfb.exe
  C:\Windows\System\oiSZUfb.exe
  2⤵
  PID:6932
- C:\Windows\System\bcIrFei.exe
  C:\Windows\System\bcIrFei.exe
  2⤵
  PID:6948
- C:\Windows\System\zKMVIsC.exe
  C:\Windows\System\zKMVIsC.exe
  2⤵
  PID:6964
- C:\Windows\System\ZlTyUdw.exe
  C:\Windows\System\ZlTyUdw.exe
  2⤵
  PID:6992
- C:\Windows\System\VWsBwHz.exe
  C:\Windows\System\VWsBwHz.exe
  2⤵
  PID:7012
- C:\Windows\System\WaSrxrL.exe
  C:\Windows\System\WaSrxrL.exe
  2⤵
  PID:7028
- C:\Windows\System\vPhCcmg.exe
  C:\Windows\System\vPhCcmg.exe
  2⤵
  PID:7048
- C:\Windows\System\AHYXFLG.exe
  C:\Windows\System\AHYXFLG.exe
  2⤵
  PID:7068
- C:\Windows\System\ETtADNn.exe
  C:\Windows\System\ETtADNn.exe
  2⤵
  PID:7088
- C:\Windows\System\gKcFwUq.exe
  C:\Windows\System\gKcFwUq.exe
  2⤵
  PID:7104
- C:\Windows\System\qYOifZv.exe
  C:\Windows\System\qYOifZv.exe
  2⤵
  PID:7124
- C:\Windows\System\FAUqXIb.exe
  C:\Windows\System\FAUqXIb.exe
  2⤵
  PID:7144
- C:\Windows\System\IoVGEWe.exe
  C:\Windows\System\IoVGEWe.exe
  2⤵
  PID:5716
- C:\Windows\System\mqqazcC.exe
  C:\Windows\System\mqqazcC.exe
  2⤵
  PID:6052
- C:\Windows\System\lSTqtXw.exe
  C:\Windows\System\lSTqtXw.exe
  2⤵
  PID:6164
- C:\Windows\System\sIrClDq.exe
  C:\Windows\System\sIrClDq.exe
  2⤵
  PID:6180
- C:\Windows\System\fkCAAOf.exe
  C:\Windows\System\fkCAAOf.exe
  2⤵
  PID:6212
- C:\Windows\System\nKMdryA.exe
  C:\Windows\System\nKMdryA.exe
  2⤵
  PID:6236
- C:\Windows\System\sBiNWvx.exe
  C:\Windows\System\sBiNWvx.exe
  2⤵
  PID:6276
- C:\Windows\System\EaxwrBW.exe
  C:\Windows\System\EaxwrBW.exe
  2⤵
  PID:6316
- C:\Windows\System\azxBKhN.exe
  C:\Windows\System\azxBKhN.exe
  2⤵
  PID:6336
- C:\Windows\System\LeOOmxu.exe
  C:\Windows\System\LeOOmxu.exe
  2⤵
  PID:6356
- C:\Windows\System\EzybsMQ.exe
  C:\Windows\System\EzybsMQ.exe
  2⤵
  PID:6436
- C:\Windows\System\PsXjheF.exe
  C:\Windows\System\PsXjheF.exe
  2⤵
  PID:6468
- C:\Windows\System\vZriOeO.exe
  C:\Windows\System\vZriOeO.exe
  2⤵
  PID:6420
- C:\Windows\System\hmUSmzX.exe
  C:\Windows\System\hmUSmzX.exe
  2⤵
  PID:6508
- C:\Windows\System\dEgFNdt.exe
  C:\Windows\System\dEgFNdt.exe
  2⤵
  PID:6552
- C:\Windows\System\UeVgUED.exe
  C:\Windows\System\UeVgUED.exe
  2⤵
  PID:6588
- C:\Windows\System\XSlXFfl.exe
  C:\Windows\System\XSlXFfl.exe
  2⤵
  PID:6604
- C:\Windows\System\yieqGjJ.exe
  C:\Windows\System\yieqGjJ.exe
  2⤵
  PID:6644
- C:\Windows\System\ezEdhvR.exe
  C:\Windows\System\ezEdhvR.exe
  2⤵
  PID:6660
- C:\Windows\System\ReQQcbd.exe
  C:\Windows\System\ReQQcbd.exe
  2⤵
  PID:6720
- C:\Windows\System\jEQWfRd.exe
  C:\Windows\System\jEQWfRd.exe
  2⤵
  PID:6752
- C:\Windows\System\gzhlihL.exe
  C:\Windows\System\gzhlihL.exe
  2⤵
  PID:6776
- C:\Windows\System\zsoGAZv.exe
  C:\Windows\System\zsoGAZv.exe
  2⤵
  PID:6804
- C:\Windows\System\aGVCchb.exe
  C:\Windows\System\aGVCchb.exe
  2⤵
  PID:6820
- C:\Windows\System\davKaJB.exe
  C:\Windows\System\davKaJB.exe
  2⤵
  PID:6868
- C:\Windows\System\lBsABHP.exe
  C:\Windows\System\lBsABHP.exe
  2⤵
  PID:6904
- C:\Windows\System\lgHTHYN.exe
  C:\Windows\System\lgHTHYN.exe
  2⤵
  PID:6940
- C:\Windows\System\DwauKcX.exe
  C:\Windows\System\DwauKcX.exe
  2⤵
  PID:6976
- C:\Windows\System\XPPSNol.exe
  C:\Windows\System\XPPSNol.exe
  2⤵
  PID:6988
- C:\Windows\System\ZAkRGCM.exe
  C:\Windows\System\ZAkRGCM.exe
  2⤵
  PID:7024
- C:\Windows\System\rUhyjOf.exe
  C:\Windows\System\rUhyjOf.exe
  2⤵
  PID:7076
- C:\Windows\System\uqSQYUP.exe
  C:\Windows\System\uqSQYUP.exe
  2⤵
  PID:7056
- C:\Windows\System\GqfBNGN.exe
  C:\Windows\System\GqfBNGN.exe
  2⤵
  PID:7160
- C:\Windows\System\VjEqylN.exe
  C:\Windows\System\VjEqylN.exe
  2⤵
  PID:6120
- C:\Windows\System\EnQAuZt.exe
  C:\Windows\System\EnQAuZt.exe
  2⤵
  PID:6196
- C:\Windows\System\xxNjmXf.exe
  C:\Windows\System\xxNjmXf.exe
  2⤵
  PID:6244
- C:\Windows\System\MxJpnlu.exe
  C:\Windows\System\MxJpnlu.exe
  2⤵
  PID:6256
- C:\Windows\System\minyFvM.exe
  C:\Windows\System\minyFvM.exe
  2⤵
  PID:6312
- C:\Windows\System\zabWEKk.exe
  C:\Windows\System\zabWEKk.exe
  2⤵
  PID:6392
- C:\Windows\System\WUVfeeT.exe
  C:\Windows\System\WUVfeeT.exe
  2⤵
  PID:6412
- C:\Windows\System\hlUrpfb.exe
  C:\Windows\System\hlUrpfb.exe
  2⤵
  PID:6516
- C:\Windows\System\DGnBKbG.exe
  C:\Windows\System\DGnBKbG.exe
  2⤵
  PID:6548
- C:\Windows\System\COyJZlP.exe
  C:\Windows\System\COyJZlP.exe
  2⤵
  PID:6692
- C:\Windows\System\UmADBdW.exe
  C:\Windows\System\UmADBdW.exe
  2⤵
  PID:6636
- C:\Windows\System\ywAvHaj.exe
  C:\Windows\System\ywAvHaj.exe
  2⤵
  PID:6676
- C:\Windows\System\eslrHvm.exe
  C:\Windows\System\eslrHvm.exe
  2⤵
  PID:6780
- C:\Windows\System\pNNSTSL.exe
  C:\Windows\System\pNNSTSL.exe
  2⤵
  PID:6888
- C:\Windows\System\SHEEBRW.exe
  C:\Windows\System\SHEEBRW.exe
  2⤵
  PID:6840
- C:\Windows\System\kMjIblT.exe
  C:\Windows\System\kMjIblT.exe
  2⤵
  PID:7020
- C:\Windows\System\dOWVYoE.exe
  C:\Windows\System\dOWVYoE.exe
  2⤵
  PID:7040
- C:\Windows\System\cjkYwNG.exe
  C:\Windows\System\cjkYwNG.exe
  2⤵
  PID:7008
- C:\Windows\System\qVrmPKp.exe
  C:\Windows\System\qVrmPKp.exe
  2⤵
  PID:7136
- C:\Windows\System\FUAdOEc.exe
  C:\Windows\System\FUAdOEc.exe
  2⤵
  PID:6960
- C:\Windows\System\ZCegzGC.exe
  C:\Windows\System\ZCegzGC.exe
  2⤵
  PID:6192
- C:\Windows\System\umvsMRs.exe
  C:\Windows\System\umvsMRs.exe
  2⤵
  PID:6168
- C:\Windows\System\yJYEIhb.exe
  C:\Windows\System\yJYEIhb.exe
  2⤵
  PID:6320
- C:\Windows\System\zfVouKB.exe
  C:\Windows\System\zfVouKB.exe
  2⤵
  PID:6452
- C:\Windows\System\qKkgbPO.exe
  C:\Windows\System\qKkgbPO.exe
  2⤵
  PID:6532
- C:\Windows\System\ZGxCkFS.exe
  C:\Windows\System\ZGxCkFS.exe
  2⤵
  PID:6496
- C:\Windows\System\aRRpGkm.exe
  C:\Windows\System\aRRpGkm.exe
  2⤵
  PID:6632
- C:\Windows\System\VlPWXfp.exe
  C:\Windows\System\VlPWXfp.exe
  2⤵
  PID:6792
- C:\Windows\System\xlBjEGU.exe
  C:\Windows\System\xlBjEGU.exe
  2⤵
  PID:6916
- C:\Windows\System\bgILsAc.exe
  C:\Windows\System\bgILsAc.exe
  2⤵
  PID:6972
- C:\Windows\System\fWspmyx.exe
  C:\Windows\System\fWspmyx.exe
  2⤵
  PID:6872
- C:\Windows\System\dbfzPIR.exe
  C:\Windows\System\dbfzPIR.exe
  2⤵
  PID:6176
- C:\Windows\System\zKeGhRX.exe
  C:\Windows\System\zKeGhRX.exe
  2⤵
  PID:7096
- C:\Windows\System\OfZFzZE.exe
  C:\Windows\System\OfZFzZE.exe
  2⤵
  PID:6172
- C:\Windows\System\hDgInWO.exe
  C:\Windows\System\hDgInWO.exe
  2⤵
  PID:6364
- C:\Windows\System\XSIqiee.exe
  C:\Windows\System\XSIqiee.exe
  2⤵
  PID:6712
- C:\Windows\System\cXGolkt.exe
  C:\Windows\System\cXGolkt.exe
  2⤵
  PID:6616
- C:\Windows\System\HVOxKoh.exe
  C:\Windows\System\HVOxKoh.exe
  2⤵
  PID:6740
- C:\Windows\System\ZKDiHOD.exe
  C:\Windows\System\ZKDiHOD.exe
  2⤵
  PID:7064
- C:\Windows\System\IDHkwKV.exe
  C:\Windows\System\IDHkwKV.exe
  2⤵
  PID:7156
- C:\Windows\System\ibtENgv.exe
  C:\Windows\System\ibtENgv.exe
  2⤵
  PID:5532
- C:\Windows\System\dJOesUj.exe
  C:\Windows\System\dJOesUj.exe
  2⤵
  PID:6300
- C:\Windows\System\BagbiKu.exe
  C:\Windows\System\BagbiKu.exe
  2⤵
  PID:6772
- C:\Windows\System\uiRcxmU.exe
  C:\Windows\System\uiRcxmU.exe
  2⤵
  PID:7120
- C:\Windows\System\RfgRaNF.exe
  C:\Windows\System\RfgRaNF.exe
  2⤵
  PID:6824
- C:\Windows\System\LWRcvMt.exe
  C:\Windows\System\LWRcvMt.exe
  2⤵
  PID:7188
- C:\Windows\System\jpHJBpl.exe
  C:\Windows\System\jpHJBpl.exe
  2⤵
  PID:7232
- C:\Windows\System\fLEvcrd.exe
  C:\Windows\System\fLEvcrd.exe
  2⤵
  PID:7256
- C:\Windows\System\NWmuHzj.exe
  C:\Windows\System\NWmuHzj.exe
  2⤵
  PID:7272
- C:\Windows\System\vwPPELW.exe
  C:\Windows\System\vwPPELW.exe
  2⤵
  PID:7288
- C:\Windows\System\knGwIDA.exe
  C:\Windows\System\knGwIDA.exe
  2⤵
  PID:7304
- C:\Windows\System\xWtLOrO.exe
  C:\Windows\System\xWtLOrO.exe
  2⤵
  PID:7320
- C:\Windows\System\OhWCSCv.exe
  C:\Windows\System\OhWCSCv.exe
  2⤵
  PID:7336
- C:\Windows\System\McrlGAR.exe
  C:\Windows\System\McrlGAR.exe
  2⤵
  PID:7352
- C:\Windows\System\lTiprio.exe
  C:\Windows\System\lTiprio.exe
  2⤵
  PID:7368
- C:\Windows\System\lcRbHCs.exe
  C:\Windows\System\lcRbHCs.exe
  2⤵
  PID:7384
- C:\Windows\System\fdSWKzH.exe
  C:\Windows\System\fdSWKzH.exe
  2⤵
  PID:7416
- C:\Windows\System\jWWrlzC.exe
  C:\Windows\System\jWWrlzC.exe
  2⤵
  PID:7432
- C:\Windows\System\XuGRdiw.exe
  C:\Windows\System\XuGRdiw.exe
  2⤵
  PID:7476
- C:\Windows\System\DfHLNVW.exe
  C:\Windows\System\DfHLNVW.exe
  2⤵
  PID:7492
- C:\Windows\System\lkWkWzR.exe
  C:\Windows\System\lkWkWzR.exe
  2⤵
  PID:7508
- C:\Windows\System\vyxlopT.exe
  C:\Windows\System\vyxlopT.exe
  2⤵
  PID:7524
- C:\Windows\System\cGQDcDm.exe
  C:\Windows\System\cGQDcDm.exe
  2⤵
  PID:7540
- C:\Windows\System\nHAmaoc.exe
  C:\Windows\System\nHAmaoc.exe
  2⤵
  PID:7556
- C:\Windows\System\leicARJ.exe
  C:\Windows\System\leicARJ.exe
  2⤵
  PID:7576
- C:\Windows\System\gKvZjyb.exe
  C:\Windows\System\gKvZjyb.exe
  2⤵
  PID:7596
- C:\Windows\System\lujLNtW.exe
  C:\Windows\System\lujLNtW.exe
  2⤵
  PID:7628
- C:\Windows\System\VgjnHai.exe
  C:\Windows\System\VgjnHai.exe
  2⤵
  PID:7644
- C:\Windows\System\zWhhkpZ.exe
  C:\Windows\System\zWhhkpZ.exe
  2⤵
  PID:7660
- C:\Windows\System\zvnqeUM.exe
  C:\Windows\System\zvnqeUM.exe
  2⤵
  PID:7676
- C:\Windows\System\tpEamtC.exe
  C:\Windows\System\tpEamtC.exe
  2⤵
  PID:7696
- C:\Windows\System\BTnrreA.exe
  C:\Windows\System\BTnrreA.exe
  2⤵
  PID:7724
- C:\Windows\System\cXaIPLE.exe
  C:\Windows\System\cXaIPLE.exe
  2⤵
  PID:7740
- C:\Windows\System\ffxMHxJ.exe
  C:\Windows\System\ffxMHxJ.exe
  2⤵
  PID:7776
- C:\Windows\System\zRJUMXA.exe
  C:\Windows\System\zRJUMXA.exe
  2⤵
  PID:7804
- C:\Windows\System\FcANWBt.exe
  C:\Windows\System\FcANWBt.exe
  2⤵
  PID:7820
- C:\Windows\System\AeugKXX.exe
  C:\Windows\System\AeugKXX.exe
  2⤵
  PID:7836
- C:\Windows\System\nFDotla.exe
  C:\Windows\System\nFDotla.exe
  2⤵
  PID:7852
- C:\Windows\System\FQSvfaP.exe
  C:\Windows\System\FQSvfaP.exe
  2⤵
  PID:7880
- C:\Windows\System\QQJfvov.exe
  C:\Windows\System\QQJfvov.exe
  2⤵
  PID:7908
- C:\Windows\System\QVUXFkA.exe
  C:\Windows\System\QVUXFkA.exe
  2⤵
  PID:7924
- C:\Windows\System\opEMuoG.exe
  C:\Windows\System\opEMuoG.exe
  2⤵
  PID:7944
- C:\Windows\System\PoMFXtC.exe
  C:\Windows\System\PoMFXtC.exe
  2⤵
  PID:7964
- C:\Windows\System\tupPEeX.exe
  C:\Windows\System\tupPEeX.exe
  2⤵
  PID:7984
- C:\Windows\System\XnKUALO.exe
  C:\Windows\System\XnKUALO.exe
  2⤵
  PID:8004
- C:\Windows\System\wWCvsRv.exe
  C:\Windows\System\wWCvsRv.exe
  2⤵
  PID:8028
- C:\Windows\System\gsWdPUG.exe
  C:\Windows\System\gsWdPUG.exe
  2⤵
  PID:8044
- C:\Windows\System\xOziqRW.exe
  C:\Windows\System\xOziqRW.exe
  2⤵
  PID:8064
- C:\Windows\System\gGmCXAn.exe
  C:\Windows\System\gGmCXAn.exe
  2⤵
  PID:8084
- C:\Windows\System\nULufAX.exe
  C:\Windows\System\nULufAX.exe
  2⤵
  PID:8100
- C:\Windows\System\WDENHGn.exe
  C:\Windows\System\WDENHGn.exe
  2⤵
  PID:8128
- C:\Windows\System\pqoKfHk.exe
  C:\Windows\System\pqoKfHk.exe
  2⤵
  PID:8152
- C:\Windows\System\fWjkLMP.exe
  C:\Windows\System\fWjkLMP.exe
  2⤵
  PID:8168
- C:\Windows\System\HsDxFxL.exe
  C:\Windows\System\HsDxFxL.exe
  2⤵
  PID:8188
- C:\Windows\System\RmqgDlE.exe
  C:\Windows\System\RmqgDlE.exe
  2⤵
  PID:7132
- C:\Windows\System\WgXgxWV.exe
  C:\Windows\System\WgXgxWV.exe
  2⤵
  PID:6736
- C:\Windows\System\LjSjQBZ.exe
  C:\Windows\System\LjSjQBZ.exe
  2⤵
  PID:7244
- C:\Windows\System\AjhbEnX.exe
  C:\Windows\System\AjhbEnX.exe
  2⤵
  PID:7216
- C:\Windows\System\NmwMnrM.exe
  C:\Windows\System\NmwMnrM.exe
  2⤵
  PID:7196
- C:\Windows\System\iVigcZO.exe
  C:\Windows\System\iVigcZO.exe
  2⤵
  PID:7312
- C:\Windows\System\dWmLCKd.exe
  C:\Windows\System\dWmLCKd.exe
  2⤵
  PID:7328
- C:\Windows\System\oqqpTMO.exe
  C:\Windows\System\oqqpTMO.exe
  2⤵
  PID:7364
- C:\Windows\System\HsHXHsc.exe
  C:\Windows\System\HsHXHsc.exe
  2⤵
  PID:7396
- C:\Windows\System\CdbuaPI.exe
  C:\Windows\System\CdbuaPI.exe
  2⤵
  PID:7428
- C:\Windows\System\BAUgYJJ.exe
  C:\Windows\System\BAUgYJJ.exe
  2⤵
  PID:7468
- C:\Windows\System\mNQtPwN.exe
  C:\Windows\System\mNQtPwN.exe
  2⤵
  PID:7440
- C:\Windows\System\VpdgvIl.exe
  C:\Windows\System\VpdgvIl.exe
  2⤵
  PID:7548
- C:\Windows\System\RsXokAE.exe
  C:\Windows\System\RsXokAE.exe
  2⤵
  PID:7504
- C:\Windows\System\hdmUDAf.exe
  C:\Windows\System\hdmUDAf.exe
  2⤵
  PID:7588
- C:\Windows\System\IMFoFGq.exe
  C:\Windows\System\IMFoFGq.exe
  2⤵
  PID:7668
- C:\Windows\System\WtvsYjK.exe
  C:\Windows\System\WtvsYjK.exe
  2⤵
  PID:7608
- C:\Windows\System\vyFSKWN.exe
  C:\Windows\System\vyFSKWN.exe
  2⤵
  PID:7688
- C:\Windows\System\MbFAFla.exe
  C:\Windows\System\MbFAFla.exe
  2⤵
  PID:7732
- C:\Windows\System\ZDshhLo.exe
  C:\Windows\System\ZDshhLo.exe
  2⤵
  PID:7764
- C:\Windows\System\MpwOlAI.exe
  C:\Windows\System\MpwOlAI.exe
  2⤵
  PID:7736
- C:\Windows\System\mwGFqiC.exe
  C:\Windows\System\mwGFqiC.exe
  2⤵
  PID:7816
- C:\Windows\System\ksEuIyD.exe
  C:\Windows\System\ksEuIyD.exe
  2⤵
  PID:7860
- C:\Windows\System\eIGNRQe.exe
  C:\Windows\System\eIGNRQe.exe
  2⤵
  PID:7864
- C:\Windows\System\lbpbxgU.exe
  C:\Windows\System\lbpbxgU.exe
  2⤵
  PID:7140
- C:\Windows\System\RYkGTfH.exe
  C:\Windows\System\RYkGTfH.exe
  2⤵
  PID:7936
- C:\Windows\System\DpglMCh.exe
  C:\Windows\System\DpglMCh.exe
  2⤵
  PID:7972
- C:\Windows\System\VzHLBqr.exe
  C:\Windows\System\VzHLBqr.exe
  2⤵
  PID:8016
- C:\Windows\System\EIyCxBL.exe
  C:\Windows\System\EIyCxBL.exe
  2⤵
  PID:8040
- C:\Windows\System\CXPpVEg.exe
  C:\Windows\System\CXPpVEg.exe
  2⤵
  PID:8076
- C:\Windows\System\JuZiIPV.exe
  C:\Windows\System\JuZiIPV.exe
  2⤵
  PID:8108
- C:\Windows\System\rYxFOhZ.exe
  C:\Windows\System\rYxFOhZ.exe
  2⤵
  PID:7572
- C:\Windows\System\jtxFDhE.exe
  C:\Windows\System\jtxFDhE.exe
  2⤵
  PID:8164
- C:\Windows\System\RDzFJbP.exe
  C:\Windows\System\RDzFJbP.exe
  2⤵
  PID:6984
- C:\Windows\System\cJXQnkr.exe
  C:\Windows\System\cJXQnkr.exe
  2⤵
  PID:7240
- C:\Windows\System\MvTwPKA.exe
  C:\Windows\System\MvTwPKA.exe
  2⤵
  PID:7204
- C:\Windows\System\hnxdNBf.exe
  C:\Windows\System\hnxdNBf.exe
  2⤵
  PID:7252
- C:\Windows\System\WHNiAxL.exe
  C:\Windows\System\WHNiAxL.exe
  2⤵
  PID:7376
- C:\Windows\System\hwAIOWx.exe
  C:\Windows\System\hwAIOWx.exe
  2⤵
  PID:7408
- C:\Windows\System\GgDPpwS.exe
  C:\Windows\System\GgDPpwS.exe
  2⤵
  PID:7464
- C:\Windows\System\dUEwJxV.exe
  C:\Windows\System\dUEwJxV.exe
  2⤵
  PID:7584
- C:\Windows\System\RGrfktc.exe
  C:\Windows\System\RGrfktc.exe
  2⤵
  PID:7604
- C:\Windows\System\wcdoIpL.exe
  C:\Windows\System\wcdoIpL.exe
  2⤵
  PID:7656
- C:\Windows\System\VjVOjNf.exe
  C:\Windows\System\VjVOjNf.exe
  2⤵
  PID:7708
- C:\Windows\System\AgiaMeA.exe
  C:\Windows\System\AgiaMeA.exe
  2⤵
  PID:7756
- C:\Windows\System\CnAjZCz.exe
  C:\Windows\System\CnAjZCz.exe
  2⤵
  PID:7812
- C:\Windows\System\zeYELEL.exe
  C:\Windows\System\zeYELEL.exe
  2⤵
  PID:8136
- C:\Windows\System\blNrgFi.exe
  C:\Windows\System\blNrgFi.exe
  2⤵
  PID:7920
- C:\Windows\System\NchWQQN.exe
  C:\Windows\System\NchWQQN.exe
  2⤵
  PID:8000
- C:\Windows\System\lKwausb.exe
  C:\Windows\System\lKwausb.exe
  2⤵
  PID:7996
- C:\Windows\System\dIFbLZa.exe
  C:\Windows\System\dIFbLZa.exe
  2⤵
  PID:8052
- C:\Windows\System\YZSDPCZ.exe
  C:\Windows\System\YZSDPCZ.exe
  2⤵
  PID:8112
- C:\Windows\System\LcXZwti.exe
  C:\Windows\System\LcXZwti.exe
  2⤵
  PID:8184
- C:\Windows\System\PYViizT.exe
  C:\Windows\System\PYViizT.exe
  2⤵
  PID:7200
- C:\Windows\System\qWITkkV.exe
  C:\Windows\System\qWITkkV.exe
  2⤵
  PID:7344
- C:\Windows\System\QmJsdfB.exe
  C:\Windows\System\QmJsdfB.exe
  2⤵
  PID:7484
- C:\Windows\System\CYSFoEc.exe
  C:\Windows\System\CYSFoEc.exe
  2⤵
  PID:7520
- C:\Windows\System\vrXDNwS.exe
  C:\Windows\System\vrXDNwS.exe
  2⤵
  PID:7380
- C:\Windows\System\BusFPgN.exe
  C:\Windows\System\BusFPgN.exe
  2⤵
  PID:7636
- C:\Windows\System\qvSxdDc.exe
  C:\Windows\System\qvSxdDc.exe
  2⤵
  PID:7716
- C:\Windows\System\RpwrmDm.exe
  C:\Windows\System\RpwrmDm.exe
  2⤵
  PID:7832
- C:\Windows\System\rYyCksy.exe
  C:\Windows\System\rYyCksy.exe
  2⤵
  PID:7932
- C:\Windows\System\mdnEpvo.exe
  C:\Windows\System\mdnEpvo.exe
  2⤵
  PID:8036
- C:\Windows\System\GBcEOcI.exe
  C:\Windows\System\GBcEOcI.exe
  2⤵
  PID:8096
- C:\Windows\System\gINxMDO.exe
  C:\Windows\System\gINxMDO.exe
  2⤵
  PID:6816
- C:\Windows\System\sHRfCBn.exe
  C:\Windows\System\sHRfCBn.exe
  2⤵
  PID:6296
- C:\Windows\System\FgFRTzO.exe
  C:\Windows\System\FgFRTzO.exe
  2⤵
  PID:7296
- C:\Windows\System\uNOcriC.exe
  C:\Windows\System\uNOcriC.exe
  2⤵
  PID:7704
- C:\Windows\System\gJjwnno.exe
  C:\Windows\System\gJjwnno.exe
  2⤵
  PID:7684
- C:\Windows\System\QUvYKdE.exe
  C:\Windows\System\QUvYKdE.exe
  2⤵
  PID:7992
- C:\Windows\System\DzYCJLF.exe
  C:\Windows\System\DzYCJLF.exe
  2⤵
  PID:8012
- C:\Windows\System\obKbEBE.exe
  C:\Windows\System\obKbEBE.exe
  2⤵
  PID:8056
- C:\Windows\System\JMMuRZE.exe
  C:\Windows\System\JMMuRZE.exe
  2⤵
  PID:7348
- C:\Windows\System\EeEDNsm.exe
  C:\Windows\System\EeEDNsm.exe
  2⤵
  PID:7536
- C:\Windows\System\ZFOcIYF.exe
  C:\Windows\System\ZFOcIYF.exe
  2⤵
  PID:7568
- C:\Windows\System\ckMvgwH.exe
  C:\Windows\System\ckMvgwH.exe
  2⤵
  PID:7876
- C:\Windows\System\gkFyiMi.exe
  C:\Windows\System\gkFyiMi.exe
  2⤵
  PID:7180
- C:\Windows\System\JOAhNBO.exe
  C:\Windows\System\JOAhNBO.exe
  2⤵
  PID:7612
- C:\Windows\System\yOxGcOp.exe
  C:\Windows\System\yOxGcOp.exe
  2⤵
  PID:7900
- C:\Windows\System\zKJVYGN.exe
  C:\Windows\System\zKJVYGN.exe
  2⤵
  PID:8148
- C:\Windows\System\XkRnaUX.exe
  C:\Windows\System\XkRnaUX.exe
  2⤵
  PID:2636
- C:\Windows\System\sUvkOyN.exe
  C:\Windows\System\sUvkOyN.exe
  2⤵
  PID:7796
- C:\Windows\System\pwEuzmr.exe
  C:\Windows\System\pwEuzmr.exe
  2⤵
  PID:2592
- C:\Windows\System\PAzKdgR.exe
  C:\Windows\System\PAzKdgR.exe
  2⤵
  PID:8176
- C:\Windows\System\kKyIeMO.exe
  C:\Windows\System\kKyIeMO.exe
  2⤵
  PID:2524
- C:\Windows\System\FOSgbIH.exe
  C:\Windows\System\FOSgbIH.exe
  2⤵
  PID:2156
- C:\Windows\System\kmAwtXC.exe
  C:\Windows\System\kmAwtXC.exe
  2⤵
  PID:8200
- C:\Windows\System\gUAKUzI.exe
  C:\Windows\System\gUAKUzI.exe
  2⤵
  PID:8228
- C:\Windows\System\mUSBCuN.exe
  C:\Windows\System\mUSBCuN.exe
  2⤵
  PID:8244
- C:\Windows\System\OuYBtMd.exe
  C:\Windows\System\OuYBtMd.exe
  2⤵
  PID:8272
- C:\Windows\System\VttgqmI.exe
  C:\Windows\System\VttgqmI.exe
  2⤵
  PID:8288
- C:\Windows\System\dmltQVU.exe
  C:\Windows\System\dmltQVU.exe
  2⤵
  PID:8304
- C:\Windows\System\VKxTZPb.exe
  C:\Windows\System\VKxTZPb.exe
  2⤵
  PID:8320
- C:\Windows\System\IKKsrIM.exe
  C:\Windows\System\IKKsrIM.exe
  2⤵
  PID:8336
- C:\Windows\System\iiekhgR.exe
  C:\Windows\System\iiekhgR.exe
  2⤵
  PID:8352
- C:\Windows\System\VCdLUfk.exe
  C:\Windows\System\VCdLUfk.exe
  2⤵
  PID:8384
- C:\Windows\System\WffqJvC.exe
  C:\Windows\System\WffqJvC.exe
  2⤵
  PID:8408
- C:\Windows\System\vFAYzRy.exe
  C:\Windows\System\vFAYzRy.exe
  2⤵
  PID:8424
- C:\Windows\System\iIEMvlG.exe
  C:\Windows\System\iIEMvlG.exe
  2⤵
  PID:8440
- C:\Windows\System\cWRvyTV.exe
  C:\Windows\System\cWRvyTV.exe
  2⤵
  PID:8464
- C:\Windows\System\nAzUZMG.exe
  C:\Windows\System\nAzUZMG.exe
  2⤵
  PID:8488
- C:\Windows\System\ZWaLRfd.exe
  C:\Windows\System\ZWaLRfd.exe
  2⤵
  PID:8512
- C:\Windows\System\DEgpPQp.exe
  C:\Windows\System\DEgpPQp.exe
  2⤵
  PID:8528
- C:\Windows\System\jZDhYSt.exe
  C:\Windows\System\jZDhYSt.exe
  2⤵
  PID:8548
- C:\Windows\System\WRGmetv.exe
  C:\Windows\System\WRGmetv.exe
  2⤵
  PID:8568
- C:\Windows\System\OopBXkh.exe
  C:\Windows\System\OopBXkh.exe
  2⤵
  PID:8592
- C:\Windows\System\WtLZbWz.exe
  C:\Windows\System\WtLZbWz.exe
  2⤵
  PID:8608
- C:\Windows\System\LQYXSdw.exe
  C:\Windows\System\LQYXSdw.exe
  2⤵
  PID:8624
- C:\Windows\System\sPixlfi.exe
  C:\Windows\System\sPixlfi.exe
  2⤵
  PID:8648
- C:\Windows\System\OXzSalw.exe
  C:\Windows\System\OXzSalw.exe
  2⤵
  PID:8668
- C:\Windows\System\SvAgyoT.exe
  C:\Windows\System\SvAgyoT.exe
  2⤵
  PID:8688
- C:\Windows\System\yyzqTIo.exe
  C:\Windows\System\yyzqTIo.exe
  2⤵
  PID:8712
- C:\Windows\System\WFZcjhF.exe
  C:\Windows\System\WFZcjhF.exe
  2⤵
  PID:8728
- C:\Windows\System\SbxYojr.exe
  C:\Windows\System\SbxYojr.exe
  2⤵
  PID:8752
- C:\Windows\System\uzCEqce.exe
  C:\Windows\System\uzCEqce.exe
  2⤵
  PID:8768
- C:\Windows\System\UECpeVY.exe
  C:\Windows\System\UECpeVY.exe
  2⤵
  PID:8788
- C:\Windows\System\eHLLaoP.exe
  C:\Windows\System\eHLLaoP.exe
  2⤵
  PID:8808
- C:\Windows\System\cqqpGap.exe
  C:\Windows\System\cqqpGap.exe
  2⤵
  PID:8832
- C:\Windows\System\uSntWBQ.exe
  C:\Windows\System\uSntWBQ.exe
  2⤵
  PID:8852
- C:\Windows\System\nWLJaOz.exe
  C:\Windows\System\nWLJaOz.exe
  2⤵
  PID:8876
- C:\Windows\System\NXbEoku.exe
  C:\Windows\System\NXbEoku.exe
  2⤵
  PID:8892
- C:\Windows\System\yyIDXcX.exe
  C:\Windows\System\yyIDXcX.exe
  2⤵
  PID:8908
- C:\Windows\System\xShSrSN.exe
  C:\Windows\System\xShSrSN.exe
  2⤵
  PID:8928
- C:\Windows\System\hNfvWnE.exe
  C:\Windows\System\hNfvWnE.exe
  2⤵
  PID:8944
- C:\Windows\System\PjTFIGv.exe
  C:\Windows\System\PjTFIGv.exe
  2⤵
  PID:8964
- C:\Windows\System\oizoSId.exe
  C:\Windows\System\oizoSId.exe
  2⤵
  PID:8996
- C:\Windows\System\BalrNpq.exe
  C:\Windows\System\BalrNpq.exe
  2⤵
  PID:9016
- C:\Windows\System\klSMhmq.exe
  C:\Windows\System\klSMhmq.exe
  2⤵
  PID:9036
- C:\Windows\System\YNGCzuA.exe
  C:\Windows\System\YNGCzuA.exe
  2⤵
  PID:9052
- C:\Windows\System\WQEpBku.exe
  C:\Windows\System\WQEpBku.exe
  2⤵
  PID:9072
- C:\Windows\System\iAwNjzM.exe
  C:\Windows\System\iAwNjzM.exe
  2⤵
  PID:9092
- C:\Windows\System\RthEtcB.exe
  C:\Windows\System\RthEtcB.exe
  2⤵
  PID:9108
- C:\Windows\System\xJbOwsx.exe
  C:\Windows\System\xJbOwsx.exe
  2⤵
  PID:9132
- C:\Windows\System\lDtpOHH.exe
  C:\Windows\System\lDtpOHH.exe
  2⤵
  PID:9156
- C:\Windows\System\yTsPjVh.exe
  C:\Windows\System\yTsPjVh.exe
  2⤵
  PID:9172
- C:\Windows\System\GotKBIB.exe
  C:\Windows\System\GotKBIB.exe
  2⤵
  PID:9196
- C:\Windows\System\EuTRFfk.exe
  C:\Windows\System\EuTRFfk.exe
  2⤵
  PID:9212
- C:\Windows\System\oMXvkGQ.exe
  C:\Windows\System\oMXvkGQ.exe
  2⤵
  PID:8212
- C:\Windows\System\JqkuFeu.exe
  C:\Windows\System\JqkuFeu.exe
  2⤵
  PID:8260
- C:\Windows\System\nMJncQk.exe
  C:\Windows\System\nMJncQk.exe
  2⤵
  PID:8240
- C:\Windows\System\doNSJrI.exe
  C:\Windows\System\doNSJrI.exe
  2⤵
  PID:8280
- C:\Windows\System\lsBfNPJ.exe
  C:\Windows\System\lsBfNPJ.exe
  2⤵
  PID:8300
- C:\Windows\System\fhyfKdL.exe
  C:\Windows\System\fhyfKdL.exe
  2⤵
  PID:8368
- C:\Windows\System\xoAnggy.exe
  C:\Windows\System\xoAnggy.exe
  2⤵
  PID:8416
- C:\Windows\System\IVQQnyg.exe
  C:\Windows\System\IVQQnyg.exe
  2⤵
  PID:8460
- C:\Windows\System\eDvFRlo.exe
  C:\Windows\System\eDvFRlo.exe
  2⤵
  PID:8504
- C:\Windows\System\sVLBOgp.exe
  C:\Windows\System\sVLBOgp.exe
  2⤵
  PID:8472
- C:\Windows\System\nwTuAIF.exe
  C:\Windows\System\nwTuAIF.exe
  2⤵
  PID:8540
- C:\Windows\System\KDPMMiG.exe
  C:\Windows\System\KDPMMiG.exe
  2⤵
  PID:8560
- C:\Windows\System\PAvBpYe.exe
  C:\Windows\System\PAvBpYe.exe
  2⤵
  PID:8588
- C:\Windows\System\cGCyQoc.exe
  C:\Windows\System\cGCyQoc.exe
  2⤵
  PID:8656
- C:\Windows\System\QkyscQj.exe
  C:\Windows\System\QkyscQj.exe
  2⤵
  PID:8660
- C:\Windows\System\zgMyNXQ.exe
  C:\Windows\System\zgMyNXQ.exe
  2⤵
  PID:8696
- C:\Windows\System\MeSvCyP.exe
  C:\Windows\System\MeSvCyP.exe
  2⤵
  PID:8724
- C:\Windows\System\uJWpxNh.exe
  C:\Windows\System\uJWpxNh.exe
  2⤵
  PID:8748
- C:\Windows\System\oHYfCUg.exe
  C:\Windows\System\oHYfCUg.exe
  2⤵
  PID:8760
- C:\Windows\System\UkkCrrE.exe
  C:\Windows\System\UkkCrrE.exe
  2⤵
  PID:8804
- C:\Windows\System\UKIZxfa.exe
  C:\Windows\System\UKIZxfa.exe
  2⤵
  PID:8868
- C:\Windows\System\gVAJdkw.exe
  C:\Windows\System\gVAJdkw.exe
  2⤵
  PID:8936
- C:\Windows\System\GFMyKsK.exe
  C:\Windows\System\GFMyKsK.exe
  2⤵
  PID:8884
- C:\Windows\System\iGvGVyc.exe
  C:\Windows\System\iGvGVyc.exe
  2⤵
  PID:8956
- C:\Windows\System\GheKIMg.exe
  C:\Windows\System\GheKIMg.exe
  2⤵
  PID:9004
- C:\Windows\System\OGcKPcD.exe
  C:\Windows\System\OGcKPcD.exe
  2⤵
  PID:9028
- C:\Windows\System\dfJAXvO.exe
  C:\Windows\System\dfJAXvO.exe
  2⤵
  PID:9064
- C:\Windows\System\Uactikq.exe
  C:\Windows\System\Uactikq.exe
  2⤵
  PID:9100
- C:\Windows\System\HVPwaKN.exe
  C:\Windows\System\HVPwaKN.exe
  2⤵
  PID:9140
- C:\Windows\System\WvOOWCR.exe
  C:\Windows\System\WvOOWCR.exe
  2⤵
  PID:9164
- C:\Windows\System\yyWtIba.exe
  C:\Windows\System\yyWtIba.exe
  2⤵
  PID:9192
- C:\Windows\System\AESSaBx.exe
  C:\Windows\System\AESSaBx.exe
  2⤵
  PID:8268
- C:\Windows\System\sDtXIYp.exe
  C:\Windows\System\sDtXIYp.exe
  2⤵
  PID:8224
- C:\Windows\System\frJvioG.exe
  C:\Windows\System\frJvioG.exe
  2⤵
  PID:8344
- C:\Windows\System\SwozXim.exe
  C:\Windows\System\SwozXim.exe
  2⤵
  PID:8380
- C:\Windows\System\zmilGPN.exe
  C:\Windows\System\zmilGPN.exe
  2⤵
  PID:8332
- C:\Windows\System\hHhLXHi.exe
  C:\Windows\System\hHhLXHi.exe
  2⤵
  PID:8480
- C:\Windows\System\KTKGQxW.exe
  C:\Windows\System\KTKGQxW.exe
  2⤵
  PID:8556
- C:\Windows\System\TuQbDpP.exe
  C:\Windows\System\TuQbDpP.exe
  2⤵
  PID:8616
- C:\Windows\System\vRrGNfK.exe
  C:\Windows\System\vRrGNfK.exe
  2⤵
  PID:8604
- C:\Windows\System\kRkYsjy.exe
  C:\Windows\System\kRkYsjy.exe
  2⤵
  PID:8684
- C:\Windows\System\kWKmhBv.exe
  C:\Windows\System\kWKmhBv.exe
  2⤵
  PID:8780
- C:\Windows\System\eUrDgrO.exe
  C:\Windows\System\eUrDgrO.exe
  2⤵
  PID:8840
- C:\Windows\System\zHGJAJp.exe
  C:\Windows\System\zHGJAJp.exe
  2⤵
  PID:8744
- C:\Windows\System\jkBixnl.exe
  C:\Windows\System\jkBixnl.exe
  2⤵
  PID:8220
- C:\Windows\System\iBTHHCr.exe
  C:\Windows\System\iBTHHCr.exe
  2⤵
  PID:8924
- C:\Windows\System\MaZstYM.exe
  C:\Windows\System\MaZstYM.exe
  2⤵
  PID:8952
- C:\Windows\System\UYKOOEk.exe
  C:\Windows\System\UYKOOEk.exe
  2⤵
  PID:8988
- C:\Windows\System\mjzrvPr.exe
  C:\Windows\System\mjzrvPr.exe
  2⤵
  PID:9060
- C:\Windows\System\YGNXYSH.exe
  C:\Windows\System\YGNXYSH.exe
  2⤵
  PID:9080
- C:\Windows\System\yhpkdSY.exe
  C:\Windows\System\yhpkdSY.exe
  2⤵
  PID:9128
- C:\Windows\System\TNWAkDa.exe
  C:\Windows\System\TNWAkDa.exe
  2⤵
  PID:9188
- C:\Windows\System\wQPDcqZ.exe
  C:\Windows\System\wQPDcqZ.exe
  2⤵
  PID:9148
- C:\Windows\System\FaclsgP.exe
  C:\Windows\System\FaclsgP.exe
  2⤵
  PID:8208
- C:\Windows\System\MhLhkdS.exe
  C:\Windows\System\MhLhkdS.exe
  2⤵
  PID:8376
- C:\Windows\System\BXVSoQJ.exe
  C:\Windows\System\BXVSoQJ.exe
  2⤵
  PID:8404
- C:\Windows\System\NrpfLWY.exe
  C:\Windows\System\NrpfLWY.exe
  2⤵
  PID:8364
- C:\Windows\System\tOmNbFT.exe
  C:\Windows\System\tOmNbFT.exe
  2⤵
  PID:8796
- C:\Windows\System\FTFzqTr.exe
  C:\Windows\System\FTFzqTr.exe
  2⤵
  PID:8860
- C:\Windows\System\JQuVREM.exe
  C:\Windows\System\JQuVREM.exe
  2⤵
  PID:8644
- C:\Windows\System\cDlUegk.exe
  C:\Windows\System\cDlUegk.exe
  2⤵
  PID:8708
- C:\Windows\System\dEJbjLp.exe
  C:\Windows\System\dEJbjLp.exe
  2⤵
  PID:8740
- C:\Windows\System\nmMCsGK.exe
  C:\Windows\System\nmMCsGK.exe
  2⤵
  PID:8984
- C:\Windows\System\sjXAQBI.exe
  C:\Windows\System\sjXAQBI.exe
  2⤵
  PID:2024
- C:\Windows\System\ANXitfG.exe
  C:\Windows\System\ANXitfG.exe
  2⤵
  PID:8992
- C:\Windows\System\vnStqZl.exe
  C:\Windows\System\vnStqZl.exe
  2⤵
  PID:308
- C:\Windows\System\uvErzBh.exe
  C:\Windows\System\uvErzBh.exe
  2⤵
  PID:8496
- C:\Windows\System\qndiFHI.exe
  C:\Windows\System\qndiFHI.exe
  2⤵
  PID:8524
- C:\Windows\System\feBuzoe.exe
  C:\Windows\System\feBuzoe.exe
  2⤵
  PID:8820
- C:\Windows\System\GWgrwYQ.exe
  C:\Windows\System\GWgrwYQ.exe
  2⤵
  PID:8720
- C:\Windows\System\WLfXocM.exe
  C:\Windows\System\WLfXocM.exe
  2⤵
  PID:9048
- C:\Windows\System\BfBNqcg.exe
  C:\Windows\System\BfBNqcg.exe
  2⤵
  PID:9124
- C:\Windows\System\cdMNGJP.exe
  C:\Windows\System\cdMNGJP.exe
  2⤵
  PID:8420
- C:\Windows\System\qypCmMR.exe
  C:\Windows\System\qypCmMR.exe
  2⤵
  PID:8640
- C:\Windows\System\OZtJZVK.exe
  C:\Windows\System\OZtJZVK.exe
  2⤵
  PID:9044
- C:\Windows\System\GlsVeuf.exe
  C:\Windows\System\GlsVeuf.exe
  2⤵
  PID:8392
- C:\Windows\System\wWeOvqi.exe
  C:\Windows\System\wWeOvqi.exe
  2⤵
  PID:8236
- C:\Windows\System\owKcmhn.exe
  C:\Windows\System\owKcmhn.exe
  2⤵
  PID:8536
- C:\Windows\System\bYIMIrJ.exe
  C:\Windows\System\bYIMIrJ.exe
  2⤵
  PID:9228
- C:\Windows\System\VyACPZk.exe
  C:\Windows\System\VyACPZk.exe
  2⤵
  PID:9244
- C:\Windows\System\ugacyEl.exe
  C:\Windows\System\ugacyEl.exe
  2⤵
  PID:9260
- C:\Windows\System\edPzNmT.exe
  C:\Windows\System\edPzNmT.exe
  2⤵
  PID:9276
- C:\Windows\System\RiRXCoo.exe
  C:\Windows\System\RiRXCoo.exe
  2⤵
  PID:9304
- C:\Windows\System\ymzKodI.exe
  C:\Windows\System\ymzKodI.exe
  2⤵
  PID:9328
- C:\Windows\System\DeTazAR.exe
  C:\Windows\System\DeTazAR.exe
  2⤵
  PID:9348
- C:\Windows\System\OJMUHJb.exe
  C:\Windows\System\OJMUHJb.exe
  2⤵
  PID:9368
- C:\Windows\System\NXrNeGg.exe
  C:\Windows\System\NXrNeGg.exe
  2⤵
  PID:9388
- C:\Windows\System\bfECIRx.exe
  C:\Windows\System\bfECIRx.exe
  2⤵
  PID:9404
- C:\Windows\System\tcCTfPW.exe
  C:\Windows\System\tcCTfPW.exe
  2⤵
  PID:9420
- C:\Windows\System\pqNRUxR.exe
  C:\Windows\System\pqNRUxR.exe
  2⤵
  PID:9436
- C:\Windows\System\zaOhXkG.exe
  C:\Windows\System\zaOhXkG.exe
  2⤵
  PID:9452
- C:\Windows\System\HXoewLM.exe
  C:\Windows\System\HXoewLM.exe
  2⤵
  PID:9472
- C:\Windows\System\HwojFwz.exe
  C:\Windows\System\HwojFwz.exe
  2⤵
  PID:9488
- C:\Windows\System\urCWEEY.exe
  C:\Windows\System\urCWEEY.exe
  2⤵
  PID:9504
- C:\Windows\System\pnsyNpB.exe
  C:\Windows\System\pnsyNpB.exe
  2⤵
  PID:9524
- C:\Windows\System\KWHGQVG.exe
  C:\Windows\System\KWHGQVG.exe
  2⤵
  PID:9540
- C:\Windows\System\OVCcJAo.exe
  C:\Windows\System\OVCcJAo.exe
  2⤵
  PID:9564
- C:\Windows\System\GkqiKBZ.exe
  C:\Windows\System\GkqiKBZ.exe
  2⤵
  PID:9584
- C:\Windows\System\SlSDjOz.exe
  C:\Windows\System\SlSDjOz.exe
  2⤵
  PID:9604
- C:\Windows\System\RGVqsQV.exe
  C:\Windows\System\RGVqsQV.exe
  2⤵
  PID:9628
- C:\Windows\System\PfcYgCS.exe
  C:\Windows\System\PfcYgCS.exe
  2⤵
  PID:9644
- C:\Windows\System\GVJApWZ.exe
  C:\Windows\System\GVJApWZ.exe
  2⤵
  PID:9660
- C:\Windows\System\jLtpnAV.exe
  C:\Windows\System\jLtpnAV.exe
  2⤵
  PID:9676
- C:\Windows\System\ZzDyetm.exe
  C:\Windows\System\ZzDyetm.exe
  2⤵
  PID:9692
- C:\Windows\System\eKAwzrV.exe
  C:\Windows\System\eKAwzrV.exe
  2⤵
  PID:9708
- C:\Windows\System\iZbppBO.exe
  C:\Windows\System\iZbppBO.exe
  2⤵
  PID:9724
- C:\Windows\System\UftLwio.exe
  C:\Windows\System\UftLwio.exe
  2⤵
  PID:9744
- C:\Windows\System\HecRDEB.exe
  C:\Windows\System\HecRDEB.exe
  2⤵
  PID:9760
- C:\Windows\System\VeRQOmG.exe
  C:\Windows\System\VeRQOmG.exe
  2⤵
  PID:9784
- C:\Windows\System\TeGsafN.exe
  C:\Windows\System\TeGsafN.exe
  2⤵
  PID:9800
- C:\Windows\System\MnbMbda.exe
  C:\Windows\System\MnbMbda.exe
  2⤵
  PID:9816
- C:\Windows\System\hTTcHkd.exe
  C:\Windows\System\hTTcHkd.exe
  2⤵
  PID:9832
- C:\Windows\System\aOctubG.exe
  C:\Windows\System\aOctubG.exe
  2⤵
  PID:9848
- C:\Windows\System\xnWqmcq.exe
  C:\Windows\System\xnWqmcq.exe
  2⤵
  PID:9864
- C:\Windows\System\SgxYemM.exe
  C:\Windows\System\SgxYemM.exe
  2⤵
  PID:9880
- C:\Windows\System\LPQpYGW.exe
  C:\Windows\System\LPQpYGW.exe
  2⤵
  PID:9896
- C:\Windows\System\aSfWvaf.exe
  C:\Windows\System\aSfWvaf.exe
  2⤵
  PID:9916
- C:\Windows\System\enQmSnw.exe
  C:\Windows\System\enQmSnw.exe
  2⤵
  PID:9932
- C:\Windows\System\mWofPbk.exe
  C:\Windows\System\mWofPbk.exe
  2⤵
  PID:9952
- C:\Windows\System\yvldFPO.exe
  C:\Windows\System\yvldFPO.exe
  2⤵
  PID:9968
- C:\Windows\System\psAfYhq.exe
  C:\Windows\System\psAfYhq.exe
  2⤵
  PID:9984
- C:\Windows\System\rLUCMxh.exe
  C:\Windows\System\rLUCMxh.exe
  2⤵
  PID:10000
- C:\Windows\System\ZzLCJSl.exe
  C:\Windows\System\ZzLCJSl.exe
  2⤵
  PID:10016
- C:\Windows\System\UYUEjBd.exe
  C:\Windows\System\UYUEjBd.exe
  2⤵
  PID:10032
- C:\Windows\System\SmWfGeX.exe
  C:\Windows\System\SmWfGeX.exe
  2⤵
  PID:10048
- C:\Windows\System\VEnrLqQ.exe
  C:\Windows\System\VEnrLqQ.exe
  2⤵
  PID:10068
- C:\Windows\System\XPSPXNS.exe
  C:\Windows\System\XPSPXNS.exe
  2⤵
  PID:10092
- C:\Windows\System\QNtFufX.exe
  C:\Windows\System\QNtFufX.exe
  2⤵
  PID:10112
- C:\Windows\System\McVYUZs.exe
  C:\Windows\System\McVYUZs.exe
  2⤵
  PID:10128
- C:\Windows\System\sFrIAjW.exe
  C:\Windows\System\sFrIAjW.exe
  2⤵
  PID:10148
- C:\Windows\System\aPBucRy.exe
  C:\Windows\System\aPBucRy.exe
  2⤵
  PID:10168
- C:\Windows\System\EqkYVyF.exe
  C:\Windows\System\EqkYVyF.exe
  2⤵
  PID:10188
- C:\Windows\System\wAdmFCd.exe
  C:\Windows\System\wAdmFCd.exe
  2⤵
  PID:10212
- C:\Windows\System\sFNmoXl.exe
  C:\Windows\System\sFNmoXl.exe
  2⤵
  PID:10232
- C:\Windows\System\VyKHROg.exe
  C:\Windows\System\VyKHROg.exe
  2⤵
  PID:9224
- C:\Windows\System\TUUxAJQ.exe
  C:\Windows\System\TUUxAJQ.exe
  2⤵
  PID:9284
- C:\Windows\System\ndrNvdu.exe
  C:\Windows\System\ndrNvdu.exe
  2⤵
  PID:9296
- C:\Windows\System\bLroevL.exe
  C:\Windows\System\bLroevL.exe
  2⤵
  PID:9316
- C:\Windows\System\CBorxyJ.exe
  C:\Windows\System\CBorxyJ.exe
  2⤵
  PID:9344
- C:\Windows\System\arsDpQC.exe
  C:\Windows\System\arsDpQC.exe
  2⤵
  PID:9380
- C:\Windows\System\LtOtqyE.exe
  C:\Windows\System\LtOtqyE.exe
  2⤵
  PID:9360
- C:\Windows\System\RkLwLKV.exe
  C:\Windows\System\RkLwLKV.exe
  2⤵
  PID:9448
- C:\Windows\System\IBZYVcz.exe
  C:\Windows\System\IBZYVcz.exe
  2⤵
  PID:9460
- C:\Windows\System\DiqtHob.exe
  C:\Windows\System\DiqtHob.exe
  2⤵
  PID:9500
- C:\Windows\System\olIUsJy.exe
  C:\Windows\System\olIUsJy.exe
  2⤵
  PID:9532
- C:\Windows\System\QGbKZBv.exe
  C:\Windows\System\QGbKZBv.exe
  2⤵
  PID:9592
- C:\Windows\System\yfcvlks.exe
  C:\Windows\System\yfcvlks.exe
  2⤵
  PID:9616
- C:\Windows\System\GxNXrxZ.exe
  C:\Windows\System\GxNXrxZ.exe
  2⤵
  PID:9636
- C:\Windows\System\IehgOwa.exe
  C:\Windows\System\IehgOwa.exe
  2⤵
  PID:9672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BWilMWK.exe

Filesize
6.0MB

MD5
75d575edae58ea07235c5eab33c90b6e

SHA1
815520808c278cd3472b1e042bbeba8cecfd26c3

SHA256
6596eb4f73e7fd8530aa6e8c40499e02d3028496cf43a359f8942a130d31b652

SHA512
3efc09fd4ea34af95b4cf5e22984ccacaed2b765c23a2c6df92ff4d75a28964bf6b148265980c18f4d526f27d5f7c1d6bd0e5a235ec423988dbf929444ce77e5

Download Submit
C:\Windows\system\InCIjnK.exe

Filesize
6.0MB

MD5
1b1e010648651875e004a497cce508e5

SHA1
3f6c6fc0cdd96dcc19849bff1662c2a7ba23221e

SHA256
14445dc0908b62161da841038004ca1b0fd9798985a04f6b4e8d7a87bf24e58e

SHA512
c8e48ccd9ce768c9c002dbcf4d222a7f3df0b8f434db1974e660bbe43c7adc0e19ddc956ffc1efa96a6c0fceed946f9d99173814798300e55fd94391e4c6a855

Download Submit
C:\Windows\system\LnwLPat.exe

Filesize
6.0MB

MD5
c1fc3cbcaf3b738d446cde2492a7299a

SHA1
373bdd81d61ed16b0bc710fb29bf22bab4f419ce

SHA256
d040f940d0f37a44df44b74c4348e31e44818a67dc1952ee4c8c649361680294

SHA512
20c0c2c355c69683ff6e5e5075cd79ab2f1e6c61d8eec36f2b2c328188be860f01d42c5e4a2611e23c92659518038ff3ef587b7da16fab4bb6439c410640d7e6

Download Submit
C:\Windows\system\PYajMPd.exe

Filesize
6.0MB

MD5
2dd97e434cc70668f61c37b8ed5564c4

SHA1
bf86056ea660e4adf8e42a2f51f7f68be51af816

SHA256
5cc8ac02666c15bbb3ea26ab798b63844a37429937c289967697e367631b243e

SHA512
229d7424586ff9509d08bd55fb37681e2a4711e2ef4f781e7b5d2abd77ab425bcb22b0c6d437d292cdc7880f18c9891512e9f57e11576abfc26a65845422b915

Download Submit
C:\Windows\system\PfJFyMO.exe

Filesize
6.0MB

MD5
660f214f717a5996d84cb8af19de8f22

SHA1
cbb4b57d1d5417f1df4fe6c913ed1c4de471eb0c

SHA256
1d06846513bd1f1d5aaa8ef6258a73c29bbab9a28f72453d2781eb797c062356

SHA512
d9da8d40a409be86c92c7b82ebbe42296525e304b65a3136f2fd8d83db7666b179487caacfd2a5824b3f9aa4eafc8a21a95379fc4859bcba1c143f59b65fedaa

Download Submit
C:\Windows\system\QRbDjdy.exe

Filesize
6.0MB

MD5
4bedcad8f54a7584afb6a87820405974

SHA1
2e52defe7e55e2b90c6fea6a9cdb3601d1d8041e

SHA256
df3947fe8db5d7059c568476639417aa2948db24a00f843ac2b0c3691126f77d

SHA512
5b4c048b9019d83e7a732355e24a67626dd9c494ba300a5c84e03f55b625602c5c10d1dfe58038816b437a535e28fd90a3feceb0acfa1e9340549cc1e67adfa8

Download Submit
C:\Windows\system\TCzaugS.exe

Filesize
6.0MB

MD5
b8ebb7956bf58ab0487b9e23824d5da4

SHA1
ff7cb699fabd8c89afc6f554dc6f28c4e0ce1d39

SHA256
9f613053e910d67fef3dc7e14eec7e4e7b02deca8af769135fd854d01a0a213d

SHA512
72bb626d195bc9d8e47a9666dbc4d2c8ff27a93470630d99d8f103a96d2d57c8c9597e30860d8ab835a2b9c34a9adc93361a143f2b9d3f726e0a226e37673f73

Download Submit
C:\Windows\system\UfyKWck.exe

Filesize
6.0MB

MD5
132b67b9012a33bababd9d1fcdebccaf

SHA1
ccd162ca7d96ed85fefb7fef2351085b2571c291

SHA256
c5208690b820a7ff5a51811ae47ebf7c562552d744d776060c06fd9abcae0400

SHA512
e154af5696dde7e4649147b42b315d643b497219349b23f504494a82ec455051023befa8509f51b5d07c7a1029341d69fac298a84bb913ddcf268b9135a48f60

Download Submit
C:\Windows\system\UxyCKbq.exe

Filesize
6.0MB

MD5
b89bfbd65635a482c89bc8c7f2c3090d

SHA1
f64b7b88ffecb300656dee220d5ff26428c492c3

SHA256
463374590db7fd9640ba5e129d88e0eae3a7ba8eb2482dbe8e38bae2d03b2c4a

SHA512
f2a264d0a613d85a41f94232da2d608c2a3b9bd8dd5c9b591f70249dcd036d91cda7fe6615243a60631d824f15d52fd931573fd436f4cbecad9db1a30d8ba2bb

Download Submit
C:\Windows\system\VGWlBsb.exe

Filesize
6.0MB

MD5
85c203b975f84c6af0caa6b20b7ff1fd

SHA1
16d8b80f30a5356909ad86568790a3f1222d214a

SHA256
0cb6f5d782561a53d13300265ae190a8732821c32ac3165174f603c2981c746b

SHA512
59958cff21f8614bf6b0c9619bf1376c1602dfccf400053444079486524903bd12288e77ab838535db2ca508c4ebc6fcc5899f643678462ff832d1347b1fc330

Download Submit
C:\Windows\system\ePALSNI.exe

Filesize
6.0MB

MD5
660c26971305a666063216fa90a74d66

SHA1
280b0286a79b14ff4ff1dff6a1806dc2d68ab1c2

SHA256
7d3d81595969bbdb72e82c62112547c067cdb85bb678fee3fb80bec68cabcdd2

SHA512
0f56132bf4fb79df6eaed4ca3ac95e018b4a44c45d0223199ef61abece3b354fb2a8a6f6fe484d6064b1a6d3108fd392a147756680017acb4eaaa11c5b3a1fe8

Download Submit
C:\Windows\system\hJFsMeT.exe

Filesize
6.0MB

MD5
415a110d68f63835c0133f319ba93d89

SHA1
747dcc7502450c321d23b4b42584139c9b06284c

SHA256
8e7f1db5cdb62511522fb8d3513b54852b5b9c5d4262495a55c3b581a0fd38d5

SHA512
96638477dc4bef220a581b190de97fc61bb5e9438223579fd2b645550d10c17a343bfbf69d46c59c5f7c23614ef9c0f53e5d0557665d76d1063917bb13d587a1

Download Submit
C:\Windows\system\hmDaUyX.exe

Filesize
6.0MB

MD5
6e0a9b18134f64566751e9d049d41eae

SHA1
e9f6d491002186d1afcc64ca2bc349790002868b

SHA256
e932e6f7e1be8f65834ef68c1f877d6e359bc0a194e9b3072b72fbc34abff6de

SHA512
c53c75d3a982897c9d97c94c2bbe8562b0667d967ff7c32c81728931335db1a24a24a5b78b43825eb5fafc6de5d19712b3cc54b122318d916ed00ff8248b92b7

Download Submit
C:\Windows\system\iVVUwfi.exe

Filesize
6.0MB

MD5
423ff5ce38937e8d61ea53bd20290b34

SHA1
80b6469ec0ce46e2abbbe85c00f1785b0cafb04d

SHA256
3537d1078874b9102a507fb2027ef7b83843c40f23cf19ece5e36030b57fc2d0

SHA512
b74fee12d1a76c6061fc210721e28c996292dcc2ad5599a86214e2bf020211d1dc3b37ee82039c29c46ccf28688821c40ebe4b8e02b2175129f8edbbc3a31ff6

Download Submit
C:\Windows\system\icQwmpu.exe

Filesize
6.0MB

MD5
cbe3fe23487d0ac5086227cb38ed6393

SHA1
ecc3674be11ae47c501eade3f4094f1b8ac728b4

SHA256
8eb65ab025f88a5985e245d8b89a5a4c193e2bcab39e787631547a0e78853577

SHA512
7fb12f76d996f273f2223cafef9b62770ccfc00248cf12d0beedf3ec734da4a33e24cf7746ecf7233b0966b7a6ca88b0148d9de6285b3632d89bce91088b4845

Download Submit
C:\Windows\system\ieSggFc.exe

Filesize
6.0MB

MD5
5d879586a81e39072b6bb799c73807c0

SHA1
017bb82c6bb80fb042d3e0ace58fa9a94a7481a0

SHA256
04d0f535bf8e6a7aa66b32ec30da7b1cfd8dd7cff4b14b935af51eddaa5a554a

SHA512
5a751a61142070b4541cb9890817a222fad6cea18ab24103c0642a06f42355c97344093526fc88daf17f7106ae5a2a0e8387d6edc01c279ffb02acae545d071f

Download Submit
C:\Windows\system\lwLajLD.exe

Filesize
6.0MB

MD5
f48e2866ef4f733f60e361461a0dc53a

SHA1
20d2b8756f525b30780ed4db9a1cd7339152ed97

SHA256
91bd4752ee97da1308a54de197ee84144a303938529f1218d9ae089aee356f45

SHA512
6f703e431a908caf9e3e1650ea8ec4315b755577ba4492ed8dd3d44ba4492ac4d81544b7412322e9dce12c5959b19952052e275b700478a18c822661c27e10c3

Download Submit
C:\Windows\system\qmOZkCH.exe

Filesize
6.0MB

MD5
64ffe8564c12596d730528d6d6a5a5a5

SHA1
3c4c696308a063a287c32f1ff219ef95e948c29c

SHA256
b46783fa8db9e8359f17392807a28a91112720b600515784be37f33b836af8b0

SHA512
41c4e3106b5c227c6345a7b5dec24457facc08da339a1fb48c147c21a58af0402d30da155b3838a249ca7db7a672bec14bc4b1a4e694767fc337e0a0a7397502

Download Submit
C:\Windows\system\tvVeKMd.exe

Filesize
6.0MB

MD5
b375f95ee63bf5ebd66a111a73141d3d

SHA1
dc47a21555f08ad34b1072fd178ad9d0ec90631a

SHA256
9ce6f1b84b756f5ee550a544e3a73cf42cbdb11a06687a68b5f32242b63a514c

SHA512
7c6cce2cd3eae78253c063eb71cad4ba36832ff1703054ab92cadbe07c88509bf1d6f9602e007eb335ec96d4585d396c48cfe7a170050a48f2340538efcd4f55

Download Submit
C:\Windows\system\vxuplDl.exe

Filesize
6.0MB

MD5
cf3013df3fa206c8be3f076d6eb52811

SHA1
5fbca97ee1966955720ef71a1e54f5b4591761e4

SHA256
46e3be9895b839c986291a567f346b6290270a59024b446d368f6d34b9c934eb

SHA512
fedee68001416ee8936091ff2a6d3901c246fc71134bc41334e65f5c53df809d124fb04c4732ccb6b46d096afd384c05ec594d2300c8e12fe2f25d574d1713d4

Download Submit
C:\Windows\system\wDfEdRN.exe

Filesize
6.0MB

MD5
ff71ffdf66ac7633a3dd185e66ddbf9c

SHA1
00ccd35f5d42eb5b1b88e0931373d66163620129

SHA256
c1e2f562afb96e09534420024d2ba868945af6cd3ef44674dd3091aca33469f7

SHA512
cb6c1f6d67c3cec6bd6d6baff68199a8207f9f2bd4d3a382bbbc4267e94721dd9ed41da0a526420c83f63ebe2979393c6bd5c6459095f77e66ae950752de1d72

Download Submit
C:\Windows\system\wHIKghe.exe

Filesize
6.0MB

MD5
b33f135a8c7a80716a8de8b4afe63804

SHA1
411609575cc27c739dfbacef507ecfe867b5f01a

SHA256
82c208e6284a971e132dc388ec29243bbf03e3009b0ed450c06979f8d26b4ac1

SHA512
1743b9a565709258c1386f7ef97ba36b7cba591141c8dfe90869c443da74035d5a1ae12e9edcdf0747578434d2b756dbb328c55c30e88193804d679ac3ce4a1b

Download Submit
C:\Windows\system\wtBhiNJ.exe

Filesize
6.0MB

MD5
5b5c8b81388e085015f7414e3f29f072

SHA1
42b14e4691c543a5120f6dc946c52f5108af771e

SHA256
94870670fab079bae9dd56ca1e2f4d8285cae5992330667de0342fe4cf29432c

SHA512
f889b19d76032979619c7e2cc3d90c5673b1b2d17ad2873e8fabf2fc9534a156214eb1a690790e60989151054f83561d97323ca8f0dda81b9b4d9f5de602056f

Download Submit
\Windows\system\FKLgoCZ.exe

Filesize
6.0MB

MD5
62ebbfdfe0b26e013ad8bd420019d8ab

SHA1
1ad41997d5f6c7ba2ae9c6084dff7e99281fabb3

SHA256
5268fe2d4844ec0b7f1608ae0e4a26aa230fee819a92a2ef94faf7c7f6a3280e

SHA512
ec570a09629e20017df182fe5849eccdf2aa72f4bdf2c2093b42812bfef2638e21e52b5b94968841ebc0817403e91c9cfa60629995b69017aa8e892d80d57392

Download Submit
\Windows\system\FMPYEvD.exe

Filesize
6.0MB

MD5
81938cedaf7eaf9ca6350c3e5f394761

SHA1
bdf268fac9dd99b384213b9549d939149899f51b

SHA256
de85d051e5aff32cb9720dbc7d3e890ccd19a2c27b77542b001bd75838883c8b

SHA512
8a4b1ab867d66f2608d9d5c1e9a758565ea7c1b906d0c738122646fba91ce0afe51e2306c9f3c68562ae1147522593dbf9aab1102d626d82f5558a2eb0eb7971

Download Submit
\Windows\system\LpCLAoS.exe

Filesize
6.0MB

MD5
7acd507b59fc064ee1b6611036a89f4b

SHA1
0072b83625edfc308112f1b13df67518ca91b157

SHA256
814dcff0a5892f152da8890213621f77391b7e0271d57d31592a7180780758c5

SHA512
c6e7359e728462b949f2132aeaa39c55e2cd7b15a8f5af6c3995da9c94d87c22e66361a22375f95c9f10699fa7fc04af8dd3ff4bbcbac1d31f4f2e26dee92d6f

Download Submit
\Windows\system\MtxCNxQ.exe

Filesize
6.0MB

MD5
14b7e9441923b583beb745a9067cd9cf

SHA1
3aa7758c687565a4f02422a1f9022a78fa2e5730

SHA256
b58026016bca303b1a6390c6a2da0c0cf186e6d558821f3a57713e6134dc044f

SHA512
bc0aad1a535ee7afa0424f1e92f0c9752e517239119dca51112937b4a26296e9ea7ef128b105b39a5d034c61525a254e5d823416167ae81eb8cc4d49044ce46f

Download Submit
\Windows\system\SAqgRpk.exe

Filesize
6.0MB

MD5
4c4732ae68a672917d24f65002a7f45c

SHA1
ecc40ac78c6cca6cdd11f7096153e98005c248e9

SHA256
83a04f2813e90eb65ef5e0ad8691ba0eab4d23faeb3d3baf33eae36869c42f92

SHA512
bbe87fd8539297ee4c99dee53cc785d74f8fb41d7c75c9b6332e3a7868efad9d88dce945861ecd907c8304f9ff977dabaa0031dd288035b143d19da48baa5e5b

Download Submit
\Windows\system\TOAHiiC.exe

Filesize
6.0MB

MD5
a2d9f795c7cf6c27a293a6aa139df2a7

SHA1
aca5d26e668268b96d97936528ec5de9e36bd0a7

SHA256
2f93a4461c8f1e3629241d381667ad150151d47c4db8f1c202e62d163f5773c8

SHA512
c34da03f33b7462c3eb94915af99d2e9d744fa4f9f30e708646c18815bfa24ce67be08e61f823cfd39177abea98e40057fff81c6ed805bdf33fe0feeba0cb1d1

Download Submit
\Windows\system\eGHVwNj.exe

Filesize
6.0MB

MD5
d131276cb89b7050261e36608ac787da

SHA1
d68bd53858cde8828c37a6215e18ef65fdb41687

SHA256
cb6b7d403b13dd6f59db7d43443f28d660ae6fef59e514472d2885fece115936

SHA512
2b3533efac67cb0f0b7ae83347cc1a1d639e774b395958fbd01faec93df33c05211a272eb26a98a254ef4ffb6d5c68cc04f55105691e62de46af44a1090c3f33

Download Submit
\Windows\system\hULrTqB.exe

Filesize
6.0MB

MD5
b1fa15bd7a9396835837c82d8fd3f8cf

SHA1
68f8e5932cbcc12f2ef071a4a8e835ccdc8a2cbb

SHA256
66729921880fa0f619aa0b090a6e81f106f7a7b8389ccfc7a0b894db6eb91b67

SHA512
f97c7fed9f8e5e02e684c27adc150b557e4808790563a3dc78952a3064b95dcc0ae303cad5b233f77b52226b39f0527593682ec86044d2b478c526c17b60b954

Download Submit
\Windows\system\txGNlLE.exe

Filesize
6.0MB

MD5
1af99dbfa56196e532f5944364c1a3b0

SHA1
d70568fdae989b50c329b164ff76434ac2e91fe0

SHA256
b0aac2fe0b54726d4b1868bdab25ca8215c616ecb75bb6e5944d3396d1f48955

SHA512
92290b89ac36cfadcb7352e4f9fb2f452e6aa9aee8b44630b93705695bbffed2226d1fae80264bfd6c2cc9df9cb8930e4bfeefecb1df4c178a7e93999a37705e

Download Submit
memory/828-1598-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/828-240-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1128-1569-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1128-69-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1128-109-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1528-71-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/1528-38-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/1528-1362-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/1576-1574-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1576-144-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1576-78-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1772-1610-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1772-101-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1772-293-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2220-8-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2220-105-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2220-36-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2220-37-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2220-106-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2220-44-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2220-332-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2220-88-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2220-13-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2220-256-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2220-80-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2220-224-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2220-57-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2220-96-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2220-32-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2220-87-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2220-20-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2220-25-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2220-49-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2220-76-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2220-97-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2220-64-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2220-115-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2220-0-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2572-61-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2572-100-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2572-1509-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2736-1380-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-91-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-54-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1604-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2812-85-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2812-215-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2848-56-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2848-1357-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2848-23-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2856-9-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2856-1322-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2876-1356-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2876-63-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2876-29-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2956-355-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2956-1617-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2956-110-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1331-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2996-16-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2996-48-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/3004-84-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-43-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-1369-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download