cobaltstrike | a177d91b8f8eebf349afd920c54f1023d2f5d19f2f1b1297c690738dce6e7e01

Analysis

max time kernel
138s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31-01-2025 20:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

e715422cf43a0fa76fe0bfc0cb751b41
SHA1

ebddb06569edf3a6a3005de336bed135f951c26a
SHA256

a177d91b8f8eebf349afd920c54f1023d2f5d19f2f1b1297c690738dce6e7e01
SHA512

7c7e95ea00f0143e5a43c4fd9acde01be615bb3bd9e6adc7f8b7bde1b86170ca19b7699c570fa6a0e36c28f00888301efb14910a733a2a7f8463583a5ad191ce
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lU2:j+R56utgpPF8u/72

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000700000001211a-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd1-8.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cfc-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d36-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d46-31.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-61.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019356-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019397-178.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a5-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019423-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001928c-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936b-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019353-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019256-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-97.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-91.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-85.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-79.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-73.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-67.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018792-56.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d9a-44.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd1-49.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d96-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d3e-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2116-0-0x000000013F2F0000-0x000000013F63D000-memory.dmp	xmrig
behavioral1/files/0x000700000001211a-3.dat	xmrig
behavioral1/files/0x0007000000016cd1-8.dat	xmrig
behavioral1/files/0x0009000000016cfc-16.dat	xmrig
behavioral1/files/0x0007000000016d36-20.dat	xmrig
behavioral1/memory/2256-21-0x000000013F850000-0x000000013FB9D000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d46-31.dat	xmrig
behavioral1/memory/2896-45-0x000000013F020000-0x000000013F36D000-memory.dmp	xmrig
behavioral1/files/0x0006000000018c1a-61.dat	xmrig
behavioral1/memory/3064-75-0x000000013F520000-0x000000013F86D000-memory.dmp	xmrig
behavioral1/memory/2176-81-0x000000013FFF0000-0x000000014033D000-memory.dmp	xmrig
behavioral1/files/0x00050000000191ff-103.dat	xmrig
behavioral1/memory/1608-141-0x000000013F6B0000-0x000000013F9FD000-memory.dmp	xmrig
behavioral1/files/0x0005000000019356-161.dat	xmrig
behavioral1/memory/1356-194-0x000000013F7F0000-0x000000013FB3D000-memory.dmp	xmrig
behavioral1/memory/628-190-0x000000013F720000-0x000000013FA6D000-memory.dmp	xmrig
behavioral1/memory/1692-189-0x000000013F690000-0x000000013F9DD000-memory.dmp	xmrig
behavioral1/memory/1184-180-0x000000013F550000-0x000000013F89D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019397-178.dat	xmrig
behavioral1/files/0x00050000000193a5-176.dat	xmrig
behavioral1/files/0x000500000001937b-170.dat	xmrig
behavioral1/memory/768-207-0x000000013F7B0000-0x000000013FAFD000-memory.dmp	xmrig
behavioral1/memory/484-187-0x000000013FB40000-0x000000013FE8D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019423-184.dat	xmrig
behavioral1/memory/2936-153-0x000000013F490000-0x000000013F7DD000-memory.dmp	xmrig
behavioral1/files/0x000500000001928c-152.dat	xmrig
behavioral1/files/0x0005000000019266-139.dat	xmrig
behavioral1/memory/1124-168-0x000000013F330000-0x000000013F67D000-memory.dmp	xmrig
behavioral1/files/0x000500000001936b-167.dat	xmrig
behavioral1/memory/2196-159-0x000000013F290000-0x000000013F5DD000-memory.dmp	xmrig
behavioral1/files/0x0005000000019353-157.dat	xmrig
behavioral1/memory/2188-147-0x000000013FBC0000-0x000000013FF0D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019284-145.dat	xmrig
behavioral1/memory/2964-135-0x000000013FF10000-0x000000014025D000-memory.dmp	xmrig
behavioral1/memory/2832-129-0x000000013FF40000-0x000000014028D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019263-133.dat	xmrig
behavioral1/files/0x0005000000019259-127.dat	xmrig
behavioral1/memory/620-123-0x000000013F8C0000-0x000000013FC0D000-memory.dmp	xmrig
behavioral1/memory/1848-117-0x000000013FA70000-0x000000013FDBD000-memory.dmp	xmrig
behavioral1/files/0x0005000000019256-121.dat	xmrig
behavioral1/files/0x0005000000019244-115.dat	xmrig
behavioral1/memory/2364-111-0x000000013F970000-0x000000013FCBD000-memory.dmp	xmrig
behavioral1/files/0x000500000001922c-109.dat	xmrig
behavioral1/memory/2840-105-0x000000013F4B0000-0x000000013F7FD000-memory.dmp	xmrig
behavioral1/memory/1092-99-0x000000013F920000-0x000000013FC6D000-memory.dmp	xmrig
behavioral1/files/0x00050000000191d4-97.dat	xmrig
behavioral1/files/0x00060000000190e0-91.dat	xmrig
behavioral1/memory/1908-87-0x000000013F830000-0x000000013FB7D000-memory.dmp	xmrig
behavioral1/files/0x00060000000190ce-85.dat	xmrig
behavioral1/files/0x000600000001903b-79.dat	xmrig
behavioral1/files/0x0006000000018f53-73.dat	xmrig
behavioral1/memory/2636-69-0x000000013F460000-0x000000013F7AD000-memory.dmp	xmrig
behavioral1/files/0x0006000000018c26-67.dat	xmrig
behavioral1/memory/2884-63-0x000000013FDB0000-0x00000001400FD000-memory.dmp	xmrig
behavioral1/memory/1980-57-0x000000013F260000-0x000000013F5AD000-memory.dmp	xmrig
behavioral1/files/0x0006000000018792-56.dat	xmrig
behavioral1/memory/2904-50-0x000000013F680000-0x000000013F9CD000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d9a-44.dat	xmrig
behavioral1/files/0x0008000000016dd1-49.dat	xmrig
behavioral1/memory/2712-39-0x000000013F5E0000-0x000000013F92D000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d96-38.dat	xmrig
behavioral1/memory/2880-33-0x000000013F900000-0x000000013FC4D000-memory.dmp	xmrig
behavioral1/memory/2848-27-0x000000013F990000-0x000000013FCDD000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d3e-26.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2112	nLPGEwz.exe
2528	IiGhPqZ.exe
2924	UCyJDwD.exe
2256	TIbCsEr.exe
2848	foilEyD.exe
2880	UeHARuz.exe
2712	wSnZWdT.exe
2896	cjwFpqu.exe
2904	kUzVVLW.exe
1980	tbQYeKH.exe
2884	tMgVrEz.exe
2636	QvWqapj.exe
3064	rjjwahp.exe
2176	RHjEJNA.exe
1908	OkEfIKB.exe
1788	jidPFmP.exe
1092	eAYaQFW.exe
2840	IEuaVey.exe
2364	MLDnICL.exe
1848	kIveeCO.exe
620	EPirBGL.exe
2832	pXhWJJp.exe
2964	kRxTZMC.exe
1608	MrdMRQR.exe
2188	MSAARSf.exe
2936	GoTBBFR.exe
2196	dlYGirb.exe
1124	xxjEiZC.exe
1184	uILpvcj.exe
484	beSLOJs.exe
628	krEZTLN.exe
1692	LmedUPp.exe
1356	zGxcWZd.exe
2336	aHkCtDJ.exe
1668	TSCLBfj.exe
768	rtLNjWU.exe
2036	gSpsmBl.exe
3044	XtSCMzD.exe
2496	YTOsaHr.exe
3032	GnXOIjH.exe
352	fEQvont.exe
2144	WtAZXJe.exe
1708	xnKCtER.exe
2860	pgrBjHI.exe
2204	FSUyrBx.exe
2608	JuSfcWu.exe
2152	xnweqWB.exe
1780	SQrvHWI.exe
356	PDgscbX.exe
2432	fMDKNio.exe
2360	wogdKoa.exe
2492	JSOCjsA.exe
344	aRZeLIm.exe
1728	GazQbql.exe
1992	UkHirAa.exe
2096	ysZPdiw.exe
1812	JejELfs.exe
2572	JDsxFEo.exe
2500	dvWOXus.exe
2640	XoDJRQi.exe
3068	nxKksjq.exe
1912	UkspEjh.exe
2420	qZIkFCw.exe
2644	zAYPddZ.exe

Loads dropped DLL 64 IoCs

pid	Process
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\KEDQCIq.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wqhWWTI.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wFioeoz.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KholOEr.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eQPhBhf.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CrvbkXu.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYPodDF.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SemKbrT.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KjgNhcd.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UMNfLXD.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TZWUdGT.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MMnCpQz.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DrKTCnI.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NPIsjSk.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qywtQbW.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMlVryP.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vtzGEQp.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nPBBocX.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nlZsQxp.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\acaIVHI.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\scyMKnf.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lSCiJQZ.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CKVWCXH.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LzkGbqL.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YVwGlCd.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QFxABrD.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HBKVMto.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jfdPqFN.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNPqdmW.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KyKSZSq.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mxLfzPX.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FGJUEKQ.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUzVVLW.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vQrgumQ.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hUwPQjE.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cbDshpQ.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFoOBRG.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SoABLey.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XhiMVCz.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\USsvjKA.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nitQTnC.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XIoZsQV.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwcbOUY.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dybTcZV.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KwusbPz.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jrsXXlM.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\poqIzAC.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RBRoncf.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YGKQmiN.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SgwlExM.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EaxcUpr.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WaYPFsp.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cSUQWZn.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCxSjRT.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fIUsASi.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NzppizF.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxxBMcs.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pVGtwvX.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SAMMLnA.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AIrfVTO.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYRUEJE.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wOsdXdg.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HBXSoVM.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oyZpTTu.exe	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2112	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2116 wrote to memory of 2112	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2116 wrote to memory of 2112	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2116 wrote to memory of 2528	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2116 wrote to memory of 2528	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2116 wrote to memory of 2528	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2116 wrote to memory of 2924	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2116 wrote to memory of 2924	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2116 wrote to memory of 2924	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2116 wrote to memory of 2256	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2116 wrote to memory of 2256	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2116 wrote to memory of 2256	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2116 wrote to memory of 2848	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2116 wrote to memory of 2848	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2116 wrote to memory of 2848	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2116 wrote to memory of 2880	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2116 wrote to memory of 2880	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2116 wrote to memory of 2880	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2116 wrote to memory of 2712	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2116 wrote to memory of 2712	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2116 wrote to memory of 2712	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2116 wrote to memory of 2896	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2116 wrote to memory of 2896	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2116 wrote to memory of 2896	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2116 wrote to memory of 2904	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2116 wrote to memory of 2904	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2116 wrote to memory of 2904	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2116 wrote to memory of 1980	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2116 wrote to memory of 1980	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2116 wrote to memory of 1980	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2116 wrote to memory of 2884	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2116 wrote to memory of 2884	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2116 wrote to memory of 2884	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2116 wrote to memory of 2636	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2116 wrote to memory of 2636	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2116 wrote to memory of 2636	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2116 wrote to memory of 3064	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2116 wrote to memory of 3064	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2116 wrote to memory of 3064	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2116 wrote to memory of 2176	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2116 wrote to memory of 2176	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2116 wrote to memory of 2176	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2116 wrote to memory of 1908	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2116 wrote to memory of 1908	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2116 wrote to memory of 1908	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2116 wrote to memory of 1788	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2116 wrote to memory of 1788	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2116 wrote to memory of 1788	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2116 wrote to memory of 1092	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2116 wrote to memory of 1092	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2116 wrote to memory of 1092	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2116 wrote to memory of 2840	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2116 wrote to memory of 2840	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2116 wrote to memory of 2840	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2116 wrote to memory of 2364	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2116 wrote to memory of 2364	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2116 wrote to memory of 2364	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2116 wrote to memory of 1848	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2116 wrote to memory of 1848	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2116 wrote to memory of 1848	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2116 wrote to memory of 620	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2116 wrote to memory of 620	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2116 wrote to memory of 620	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2116 wrote to memory of 2832	2116	2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_e715422cf43a0fa76fe0bfc0cb751b41_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\System\nLPGEwz.exe
  C:\Windows\System\nLPGEwz.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\IiGhPqZ.exe
  C:\Windows\System\IiGhPqZ.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\UCyJDwD.exe
  C:\Windows\System\UCyJDwD.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\TIbCsEr.exe
  C:\Windows\System\TIbCsEr.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\foilEyD.exe
  C:\Windows\System\foilEyD.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\UeHARuz.exe
  C:\Windows\System\UeHARuz.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\wSnZWdT.exe
  C:\Windows\System\wSnZWdT.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\cjwFpqu.exe
  C:\Windows\System\cjwFpqu.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\kUzVVLW.exe
  C:\Windows\System\kUzVVLW.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\tbQYeKH.exe
  C:\Windows\System\tbQYeKH.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\tMgVrEz.exe
  C:\Windows\System\tMgVrEz.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\QvWqapj.exe
  C:\Windows\System\QvWqapj.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\rjjwahp.exe
  C:\Windows\System\rjjwahp.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\RHjEJNA.exe
  C:\Windows\System\RHjEJNA.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\OkEfIKB.exe
  C:\Windows\System\OkEfIKB.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\jidPFmP.exe
  C:\Windows\System\jidPFmP.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\eAYaQFW.exe
  C:\Windows\System\eAYaQFW.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\IEuaVey.exe
  C:\Windows\System\IEuaVey.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\MLDnICL.exe
  C:\Windows\System\MLDnICL.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\kIveeCO.exe
  C:\Windows\System\kIveeCO.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\EPirBGL.exe
  C:\Windows\System\EPirBGL.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\pXhWJJp.exe
  C:\Windows\System\pXhWJJp.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\kRxTZMC.exe
  C:\Windows\System\kRxTZMC.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\MrdMRQR.exe
  C:\Windows\System\MrdMRQR.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\MSAARSf.exe
  C:\Windows\System\MSAARSf.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\GoTBBFR.exe
  C:\Windows\System\GoTBBFR.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\dlYGirb.exe
  C:\Windows\System\dlYGirb.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\krEZTLN.exe
  C:\Windows\System\krEZTLN.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\xxjEiZC.exe
  C:\Windows\System\xxjEiZC.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\LmedUPp.exe
  C:\Windows\System\LmedUPp.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\uILpvcj.exe
  C:\Windows\System\uILpvcj.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\zGxcWZd.exe
  C:\Windows\System\zGxcWZd.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\beSLOJs.exe
  C:\Windows\System\beSLOJs.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\TSCLBfj.exe
  C:\Windows\System\TSCLBfj.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\aHkCtDJ.exe
  C:\Windows\System\aHkCtDJ.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\fMDKNio.exe
  C:\Windows\System\fMDKNio.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\rtLNjWU.exe
  C:\Windows\System\rtLNjWU.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\wogdKoa.exe
  C:\Windows\System\wogdKoa.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\gSpsmBl.exe
  C:\Windows\System\gSpsmBl.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\JSOCjsA.exe
  C:\Windows\System\JSOCjsA.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\XtSCMzD.exe
  C:\Windows\System\XtSCMzD.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\aRZeLIm.exe
  C:\Windows\System\aRZeLIm.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\YTOsaHr.exe
  C:\Windows\System\YTOsaHr.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\GazQbql.exe
  C:\Windows\System\GazQbql.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\GnXOIjH.exe
  C:\Windows\System\GnXOIjH.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\UkHirAa.exe
  C:\Windows\System\UkHirAa.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\fEQvont.exe
  C:\Windows\System\fEQvont.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\ysZPdiw.exe
  C:\Windows\System\ysZPdiw.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\WtAZXJe.exe
  C:\Windows\System\WtAZXJe.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\JejELfs.exe
  C:\Windows\System\JejELfs.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\xnKCtER.exe
  C:\Windows\System\xnKCtER.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\JDsxFEo.exe
  C:\Windows\System\JDsxFEo.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\pgrBjHI.exe
  C:\Windows\System\pgrBjHI.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\dvWOXus.exe
  C:\Windows\System\dvWOXus.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\FSUyrBx.exe
  C:\Windows\System\FSUyrBx.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\XoDJRQi.exe
  C:\Windows\System\XoDJRQi.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\JuSfcWu.exe
  C:\Windows\System\JuSfcWu.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\nxKksjq.exe
  C:\Windows\System\nxKksjq.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\xnweqWB.exe
  C:\Windows\System\xnweqWB.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\UkspEjh.exe
  C:\Windows\System\UkspEjh.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\SQrvHWI.exe
  C:\Windows\System\SQrvHWI.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\qZIkFCw.exe
  C:\Windows\System\qZIkFCw.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\PDgscbX.exe
  C:\Windows\System\PDgscbX.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\zAYPddZ.exe
  C:\Windows\System\zAYPddZ.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\YDUOslt.exe
  C:\Windows\System\YDUOslt.exe
  2⤵
  PID:1856
- C:\Windows\System\nnTiTft.exe
  C:\Windows\System\nnTiTft.exe
  2⤵
  PID:2016
- C:\Windows\System\hBaAVEm.exe
  C:\Windows\System\hBaAVEm.exe
  2⤵
  PID:1264
- C:\Windows\System\keWYBHK.exe
  C:\Windows\System\keWYBHK.exe
  2⤵
  PID:2808
- C:\Windows\System\SgwlExM.exe
  C:\Windows\System\SgwlExM.exe
  2⤵
  PID:288
- C:\Windows\System\BAbnDBZ.exe
  C:\Windows\System\BAbnDBZ.exe
  2⤵
  PID:1388
- C:\Windows\System\NnILpHf.exe
  C:\Windows\System\NnILpHf.exe
  2⤵
  PID:444
- C:\Windows\System\RuYzFfT.exe
  C:\Windows\System\RuYzFfT.exe
  2⤵
  PID:1860
- C:\Windows\System\ISBxVyF.exe
  C:\Windows\System\ISBxVyF.exe
  2⤵
  PID:1500
- C:\Windows\System\FSfXoae.exe
  C:\Windows\System\FSfXoae.exe
  2⤵
  PID:1288
- C:\Windows\System\yDfEusO.exe
  C:\Windows\System\yDfEusO.exe
  2⤵
  PID:1776
- C:\Windows\System\YRtOHkL.exe
  C:\Windows\System\YRtOHkL.exe
  2⤵
  PID:1888
- C:\Windows\System\uKwTyYx.exe
  C:\Windows\System\uKwTyYx.exe
  2⤵
  PID:2772
- C:\Windows\System\BpvWHaG.exe
  C:\Windows\System\BpvWHaG.exe
  2⤵
  PID:1572
- C:\Windows\System\cZlGiYw.exe
  C:\Windows\System\cZlGiYw.exe
  2⤵
  PID:1496
- C:\Windows\System\WirfIJx.exe
  C:\Windows\System\WirfIJx.exe
  2⤵
  PID:2272
- C:\Windows\System\aygAxlV.exe
  C:\Windows\System\aygAxlV.exe
  2⤵
  PID:896
- C:\Windows\System\FMylNse.exe
  C:\Windows\System\FMylNse.exe
  2⤵
  PID:1120
- C:\Windows\System\ZjfoYsJ.exe
  C:\Windows\System\ZjfoYsJ.exe
  2⤵
  PID:2784
- C:\Windows\System\TeSQaSN.exe
  C:\Windows\System\TeSQaSN.exe
  2⤵
  PID:604
- C:\Windows\System\gRFRUVM.exe
  C:\Windows\System\gRFRUVM.exe
  2⤵
  PID:1292
- C:\Windows\System\abkEwMB.exe
  C:\Windows\System\abkEwMB.exe
  2⤵
  PID:3040
- C:\Windows\System\JaPgTWh.exe
  C:\Windows\System\JaPgTWh.exe
  2⤵
  PID:2296
- C:\Windows\System\nlGRhAu.exe
  C:\Windows\System\nlGRhAu.exe
  2⤵
  PID:1648
- C:\Windows\System\EkOPXWE.exe
  C:\Windows\System\EkOPXWE.exe
  2⤵
  PID:2564
- C:\Windows\System\ADQgcCy.exe
  C:\Windows\System\ADQgcCy.exe
  2⤵
  PID:3092
- C:\Windows\System\ZMqRmsP.exe
  C:\Windows\System\ZMqRmsP.exe
  2⤵
  PID:3108
- C:\Windows\System\URIUTCk.exe
  C:\Windows\System\URIUTCk.exe
  2⤵
  PID:3124
- C:\Windows\System\djSOqMO.exe
  C:\Windows\System\djSOqMO.exe
  2⤵
  PID:3140
- C:\Windows\System\jlOKsMC.exe
  C:\Windows\System\jlOKsMC.exe
  2⤵
  PID:3156
- C:\Windows\System\WAvXadw.exe
  C:\Windows\System\WAvXadw.exe
  2⤵
  PID:3180
- C:\Windows\System\jRnulDL.exe
  C:\Windows\System\jRnulDL.exe
  2⤵
  PID:3196
- C:\Windows\System\UmsuivH.exe
  C:\Windows\System\UmsuivH.exe
  2⤵
  PID:3220
- C:\Windows\System\DPVzLaZ.exe
  C:\Windows\System\DPVzLaZ.exe
  2⤵
  PID:3244
- C:\Windows\System\YStxZdz.exe
  C:\Windows\System\YStxZdz.exe
  2⤵
  PID:3260
- C:\Windows\System\oCKHPqp.exe
  C:\Windows\System\oCKHPqp.exe
  2⤵
  PID:3276
- C:\Windows\System\yzUGCaG.exe
  C:\Windows\System\yzUGCaG.exe
  2⤵
  PID:3316
- C:\Windows\System\htMDlsK.exe
  C:\Windows\System\htMDlsK.exe
  2⤵
  PID:3332
- C:\Windows\System\bElmkeB.exe
  C:\Windows\System\bElmkeB.exe
  2⤵
  PID:3356
- C:\Windows\System\HVEYhbg.exe
  C:\Windows\System\HVEYhbg.exe
  2⤵
  PID:3372
- C:\Windows\System\FRrrrNE.exe
  C:\Windows\System\FRrrrNE.exe
  2⤵
  PID:3388
- C:\Windows\System\JnSqBcG.exe
  C:\Windows\System\JnSqBcG.exe
  2⤵
  PID:3412
- C:\Windows\System\QFxABrD.exe
  C:\Windows\System\QFxABrD.exe
  2⤵
  PID:3428
- C:\Windows\System\EFxsfns.exe
  C:\Windows\System\EFxsfns.exe
  2⤵
  PID:3444
- C:\Windows\System\CLOpKLy.exe
  C:\Windows\System\CLOpKLy.exe
  2⤵
  PID:3464
- C:\Windows\System\CJBAoDL.exe
  C:\Windows\System\CJBAoDL.exe
  2⤵
  PID:3492
- C:\Windows\System\dliRqip.exe
  C:\Windows\System\dliRqip.exe
  2⤵
  PID:3508
- C:\Windows\System\YrvNEEz.exe
  C:\Windows\System\YrvNEEz.exe
  2⤵
  PID:3532
- C:\Windows\System\yUomVmX.exe
  C:\Windows\System\yUomVmX.exe
  2⤵
  PID:3548
- C:\Windows\System\jHbnhSq.exe
  C:\Windows\System\jHbnhSq.exe
  2⤵
  PID:3564
- C:\Windows\System\zgvBIUZ.exe
  C:\Windows\System\zgvBIUZ.exe
  2⤵
  PID:3580
- C:\Windows\System\oqpuWUN.exe
  C:\Windows\System\oqpuWUN.exe
  2⤵
  PID:3596
- C:\Windows\System\FJhIxCB.exe
  C:\Windows\System\FJhIxCB.exe
  2⤵
  PID:3636
- C:\Windows\System\GbNRIOt.exe
  C:\Windows\System\GbNRIOt.exe
  2⤵
  PID:3652
- C:\Windows\System\sVRQYmf.exe
  C:\Windows\System\sVRQYmf.exe
  2⤵
  PID:3676
- C:\Windows\System\jDiqUzu.exe
  C:\Windows\System\jDiqUzu.exe
  2⤵
  PID:3692
- C:\Windows\System\giPDRIO.exe
  C:\Windows\System\giPDRIO.exe
  2⤵
  PID:3708
- C:\Windows\System\AjmAPzj.exe
  C:\Windows\System\AjmAPzj.exe
  2⤵
  PID:3724
- C:\Windows\System\XVaDazS.exe
  C:\Windows\System\XVaDazS.exe
  2⤵
  PID:3752
- C:\Windows\System\TonoHFT.exe
  C:\Windows\System\TonoHFT.exe
  2⤵
  PID:3776
- C:\Windows\System\vOfgFDS.exe
  C:\Windows\System\vOfgFDS.exe
  2⤵
  PID:3820
- C:\Windows\System\slKpESE.exe
  C:\Windows\System\slKpESE.exe
  2⤵
  PID:4036
- C:\Windows\System\QPxgYdp.exe
  C:\Windows\System\QPxgYdp.exe
  2⤵
  PID:4052
- C:\Windows\System\GymuTek.exe
  C:\Windows\System\GymuTek.exe
  2⤵
  PID:4076
- C:\Windows\System\xaafFcx.exe
  C:\Windows\System\xaafFcx.exe
  2⤵
  PID:1548
- C:\Windows\System\QpQibMh.exe
  C:\Windows\System\QpQibMh.exe
  2⤵
  PID:1720
- C:\Windows\System\UKVqTIX.exe
  C:\Windows\System\UKVqTIX.exe
  2⤵
  PID:2060
- C:\Windows\System\qnNfgfx.exe
  C:\Windows\System\qnNfgfx.exe
  2⤵
  PID:2804
- C:\Windows\System\gVhYPBn.exe
  C:\Windows\System\gVhYPBn.exe
  2⤵
  PID:2828
- C:\Windows\System\HVbvPWL.exe
  C:\Windows\System\HVbvPWL.exe
  2⤵
  PID:2592
- C:\Windows\System\NHnFWuy.exe
  C:\Windows\System\NHnFWuy.exe
  2⤵
  PID:3076
- C:\Windows\System\gqOheLC.exe
  C:\Windows\System\gqOheLC.exe
  2⤵
  PID:3148
- C:\Windows\System\FEomHPO.exe
  C:\Windows\System\FEomHPO.exe
  2⤵
  PID:3396
- C:\Windows\System\qDMNOuS.exe
  C:\Windows\System\qDMNOuS.exe
  2⤵
  PID:3472
- C:\Windows\System\OQqVSUy.exe
  C:\Windows\System\OQqVSUy.exe
  2⤵
  PID:3520
- C:\Windows\System\YmxiGMh.exe
  C:\Windows\System\YmxiGMh.exe
  2⤵
  PID:3592
- C:\Windows\System\TmYMCeW.exe
  C:\Windows\System\TmYMCeW.exe
  2⤵
  PID:2076
- C:\Windows\System\RLkhLYe.exe
  C:\Windows\System\RLkhLYe.exe
  2⤵
  PID:2308
- C:\Windows\System\SafHFUq.exe
  C:\Windows\System\SafHFUq.exe
  2⤵
  PID:1148
- C:\Windows\System\XIoZsQV.exe
  C:\Windows\System\XIoZsQV.exe
  2⤵
  PID:2148
- C:\Windows\System\eRVsTzv.exe
  C:\Windows\System\eRVsTzv.exe
  2⤵
  PID:3684
- C:\Windows\System\XqUoJIH.exe
  C:\Windows\System\XqUoJIH.exe
  2⤵
  PID:3768
- C:\Windows\System\UZpmgCY.exe
  C:\Windows\System\UZpmgCY.exe
  2⤵
  PID:3836
- C:\Windows\System\dFXzFjE.exe
  C:\Windows\System\dFXzFjE.exe
  2⤵
  PID:3852
- C:\Windows\System\LQvODva.exe
  C:\Windows\System\LQvODva.exe
  2⤵
  PID:3876
- C:\Windows\System\uvrSyQE.exe
  C:\Windows\System\uvrSyQE.exe
  2⤵
  PID:3904
- C:\Windows\System\azaejFv.exe
  C:\Windows\System\azaejFv.exe
  2⤵
  PID:3924
- C:\Windows\System\XwPIFcx.exe
  C:\Windows\System\XwPIFcx.exe
  2⤵
  PID:3176
- C:\Windows\System\IJJHnIA.exe
  C:\Windows\System\IJJHnIA.exe
  2⤵
  PID:3292
- C:\Windows\System\QsIOfvr.exe
  C:\Windows\System\QsIOfvr.exe
  2⤵
  PID:3352
- C:\Windows\System\DdEPHZM.exe
  C:\Windows\System\DdEPHZM.exe
  2⤵
  PID:3628
- C:\Windows\System\gtlHkzl.exe
  C:\Windows\System\gtlHkzl.exe
  2⤵
  PID:3700
- C:\Windows\System\DeAKeiE.exe
  C:\Windows\System\DeAKeiE.exe
  2⤵
  PID:3748
- C:\Windows\System\DLwYjKG.exe
  C:\Windows\System\DLwYjKG.exe
  2⤵
  PID:3540
- C:\Windows\System\fQZVvUM.exe
  C:\Windows\System\fQZVvUM.exe
  2⤵
  PID:3452
- C:\Windows\System\ctZOkoe.exe
  C:\Windows\System\ctZOkoe.exe
  2⤵
  PID:3340
- C:\Windows\System\xJuqoax.exe
  C:\Windows\System\xJuqoax.exe
  2⤵
  PID:3252
- C:\Windows\System\VCTmdxw.exe
  C:\Windows\System\VCTmdxw.exe
  2⤵
  PID:3104
- C:\Windows\System\tMpKZzO.exe
  C:\Windows\System\tMpKZzO.exe
  2⤵
  PID:2468
- C:\Windows\System\VTCAHzd.exe
  C:\Windows\System\VTCAHzd.exe
  2⤵
  PID:3960
- C:\Windows\System\OfdaiRK.exe
  C:\Windows\System\OfdaiRK.exe
  2⤵
  PID:3976
- C:\Windows\System\TuxxmWZ.exe
  C:\Windows\System\TuxxmWZ.exe
  2⤵
  PID:4000
- C:\Windows\System\RDGxEgQ.exe
  C:\Windows\System\RDGxEgQ.exe
  2⤵
  PID:4012
- C:\Windows\System\jmgJkth.exe
  C:\Windows\System\jmgJkth.exe
  2⤵
  PID:4028
- C:\Windows\System\zZEAoVp.exe
  C:\Windows\System\zZEAoVp.exe
  2⤵
  PID:4064
- C:\Windows\System\xODOLgX.exe
  C:\Windows\System\xODOLgX.exe
  2⤵
  PID:332
- C:\Windows\System\ncTHUjQ.exe
  C:\Windows\System\ncTHUjQ.exe
  2⤵
  PID:4088
- C:\Windows\System\iAAQlSG.exe
  C:\Windows\System\iAAQlSG.exe
  2⤵
  PID:3116
- C:\Windows\System\InMFgwq.exe
  C:\Windows\System\InMFgwq.exe
  2⤵
  PID:1040
- C:\Windows\System\jtBDzwk.exe
  C:\Windows\System\jtBDzwk.exe
  2⤵
  PID:3228
- C:\Windows\System\vOEoPmt.exe
  C:\Windows\System\vOEoPmt.exe
  2⤵
  PID:3268
- C:\Windows\System\wsXtMPI.exe
  C:\Windows\System\wsXtMPI.exe
  2⤵
  PID:3192
- C:\Windows\System\iqOYxdX.exe
  C:\Windows\System\iqOYxdX.exe
  2⤵
  PID:3560
- C:\Windows\System\axTIPwh.exe
  C:\Windows\System\axTIPwh.exe
  2⤵
  PID:1896
- C:\Windows\System\PDjnmwX.exe
  C:\Windows\System\PDjnmwX.exe
  2⤵
  PID:3480
- C:\Windows\System\SYSHuzh.exe
  C:\Windows\System\SYSHuzh.exe
  2⤵
  PID:3028
- C:\Windows\System\azXiMAs.exe
  C:\Windows\System\azXiMAs.exe
  2⤵
  PID:3760
- C:\Windows\System\ebelrrS.exe
  C:\Windows\System\ebelrrS.exe
  2⤵
  PID:3848
- C:\Windows\System\uPuGfox.exe
  C:\Windows\System\uPuGfox.exe
  2⤵
  PID:3892
- C:\Windows\System\RUIJWRP.exe
  C:\Windows\System\RUIJWRP.exe
  2⤵
  PID:2732
- C:\Windows\System\edVrxha.exe
  C:\Windows\System\edVrxha.exe
  2⤵
  PID:3304
- C:\Windows\System\vfmHSEK.exe
  C:\Windows\System\vfmHSEK.exe
  2⤵
  PID:3664
- C:\Windows\System\YpYhXYU.exe
  C:\Windows\System\YpYhXYU.exe
  2⤵
  PID:3216
- C:\Windows\System\ZGCwjUJ.exe
  C:\Windows\System\ZGCwjUJ.exe
  2⤵
  PID:3616
- C:\Windows\System\GaLvMve.exe
  C:\Windows\System\GaLvMve.exe
  2⤵
  PID:3572
- C:\Windows\System\ONijJIn.exe
  C:\Windows\System\ONijJIn.exe
  2⤵
  PID:3344
- C:\Windows\System\xrbciBX.exe
  C:\Windows\System\xrbciBX.exe
  2⤵
  PID:3744
- C:\Windows\System\aOoLKsD.exe
  C:\Windows\System\aOoLKsD.exe
  2⤵
  PID:2776
- C:\Windows\System\WWRRwoJ.exe
  C:\Windows\System\WWRRwoJ.exe
  2⤵
  PID:3500
- C:\Windows\System\PNYMLVj.exe
  C:\Windows\System\PNYMLVj.exe
  2⤵
  PID:4024
- C:\Windows\System\WUyzOYR.exe
  C:\Windows\System\WUyzOYR.exe
  2⤵
  PID:1432
- C:\Windows\System\DkSiSVH.exe
  C:\Windows\System\DkSiSVH.exe
  2⤵
  PID:1312
- C:\Windows\System\grlxrvH.exe
  C:\Windows\System\grlxrvH.exe
  2⤵
  PID:2240
- C:\Windows\System\EVJEmsT.exe
  C:\Windows\System\EVJEmsT.exe
  2⤵
  PID:3088
- C:\Windows\System\WHnotvR.exe
  C:\Windows\System\WHnotvR.exe
  2⤵
  PID:2612
- C:\Windows\System\RsoICju.exe
  C:\Windows\System\RsoICju.exe
  2⤵
  PID:3816
- C:\Windows\System\pxUkaCW.exe
  C:\Windows\System\pxUkaCW.exe
  2⤵
  PID:3328
- C:\Windows\System\qZwVAJk.exe
  C:\Windows\System\qZwVAJk.exe
  2⤵
  PID:3488
- C:\Windows\System\XKcWNQD.exe
  C:\Windows\System\XKcWNQD.exe
  2⤵
  PID:3172
- C:\Windows\System\lbzTDmT.exe
  C:\Windows\System\lbzTDmT.exe
  2⤵
  PID:4100
- C:\Windows\System\KPcgagM.exe
  C:\Windows\System\KPcgagM.exe
  2⤵
  PID:4124
- C:\Windows\System\xtyYtUf.exe
  C:\Windows\System\xtyYtUf.exe
  2⤵
  PID:4148
- C:\Windows\System\oGWELNb.exe
  C:\Windows\System\oGWELNb.exe
  2⤵
  PID:4244
- C:\Windows\System\aYEzgWf.exe
  C:\Windows\System\aYEzgWf.exe
  2⤵
  PID:4284
- C:\Windows\System\GLjPsLl.exe
  C:\Windows\System\GLjPsLl.exe
  2⤵
  PID:4300
- C:\Windows\System\EhZtCBR.exe
  C:\Windows\System\EhZtCBR.exe
  2⤵
  PID:4316
- C:\Windows\System\JZLYUDY.exe
  C:\Windows\System\JZLYUDY.exe
  2⤵
  PID:4340
- C:\Windows\System\EWBTOnd.exe
  C:\Windows\System\EWBTOnd.exe
  2⤵
  PID:4356
- C:\Windows\System\vxohKpt.exe
  C:\Windows\System\vxohKpt.exe
  2⤵
  PID:4380
- C:\Windows\System\rmIQWee.exe
  C:\Windows\System\rmIQWee.exe
  2⤵
  PID:4396
- C:\Windows\System\aLqckmx.exe
  C:\Windows\System\aLqckmx.exe
  2⤵
  PID:4420
- C:\Windows\System\aWCnSkR.exe
  C:\Windows\System\aWCnSkR.exe
  2⤵
  PID:4444
- C:\Windows\System\pnCgezT.exe
  C:\Windows\System\pnCgezT.exe
  2⤵
  PID:4460
- C:\Windows\System\qzDSSTa.exe
  C:\Windows\System\qzDSSTa.exe
  2⤵
  PID:4476
- C:\Windows\System\joZiXez.exe
  C:\Windows\System\joZiXez.exe
  2⤵
  PID:4500
- C:\Windows\System\NquzApG.exe
  C:\Windows\System\NquzApG.exe
  2⤵
  PID:4524
- C:\Windows\System\YXZFKAu.exe
  C:\Windows\System\YXZFKAu.exe
  2⤵
  PID:4540
- C:\Windows\System\eduyvGs.exe
  C:\Windows\System\eduyvGs.exe
  2⤵
  PID:4556
- C:\Windows\System\UHfBOBT.exe
  C:\Windows\System\UHfBOBT.exe
  2⤵
  PID:4572
- C:\Windows\System\gXKlDJj.exe
  C:\Windows\System\gXKlDJj.exe
  2⤵
  PID:4596
- C:\Windows\System\KslyxfG.exe
  C:\Windows\System\KslyxfG.exe
  2⤵
  PID:4612
- C:\Windows\System\tvRkobZ.exe
  C:\Windows\System\tvRkobZ.exe
  2⤵
  PID:4628
- C:\Windows\System\XHRGtUz.exe
  C:\Windows\System\XHRGtUz.exe
  2⤵
  PID:4652
- C:\Windows\System\rIYKByZ.exe
  C:\Windows\System\rIYKByZ.exe
  2⤵
  PID:4668
- C:\Windows\System\BBJZKwW.exe
  C:\Windows\System\BBJZKwW.exe
  2⤵
  PID:4692
- C:\Windows\System\oOvgiJy.exe
  C:\Windows\System\oOvgiJy.exe
  2⤵
  PID:4708
- C:\Windows\System\cRRsKLO.exe
  C:\Windows\System\cRRsKLO.exe
  2⤵
  PID:4740
- C:\Windows\System\pxEYqTH.exe
  C:\Windows\System\pxEYqTH.exe
  2⤵
  PID:4764
- C:\Windows\System\GwDurCx.exe
  C:\Windows\System\GwDurCx.exe
  2⤵
  PID:4780
- C:\Windows\System\kjDfVvh.exe
  C:\Windows\System\kjDfVvh.exe
  2⤵
  PID:4796
- C:\Windows\System\jNpFIjl.exe
  C:\Windows\System\jNpFIjl.exe
  2⤵
  PID:4812
- C:\Windows\System\wGEtFTw.exe
  C:\Windows\System\wGEtFTw.exe
  2⤵
  PID:4828
- C:\Windows\System\IStxjUK.exe
  C:\Windows\System\IStxjUK.exe
  2⤵
  PID:4852
- C:\Windows\System\BQmvMzb.exe
  C:\Windows\System\BQmvMzb.exe
  2⤵
  PID:4868
- C:\Windows\System\JGgDecH.exe
  C:\Windows\System\JGgDecH.exe
  2⤵
  PID:4884
- C:\Windows\System\GLjjcZN.exe
  C:\Windows\System\GLjjcZN.exe
  2⤵
  PID:4916
- C:\Windows\System\qoAGjxW.exe
  C:\Windows\System\qoAGjxW.exe
  2⤵
  PID:4940
- C:\Windows\System\sdKhyPK.exe
  C:\Windows\System\sdKhyPK.exe
  2⤵
  PID:4956
- C:\Windows\System\NPuMYzK.exe
  C:\Windows\System\NPuMYzK.exe
  2⤵
  PID:4980
- C:\Windows\System\RVxpoTs.exe
  C:\Windows\System\RVxpoTs.exe
  2⤵
  PID:5004
- C:\Windows\System\yXfTnFD.exe
  C:\Windows\System\yXfTnFD.exe
  2⤵
  PID:5020
- C:\Windows\System\fKTKIhq.exe
  C:\Windows\System\fKTKIhq.exe
  2⤵
  PID:5036
- C:\Windows\System\hFdAQQS.exe
  C:\Windows\System\hFdAQQS.exe
  2⤵
  PID:5052
- C:\Windows\System\YWBehOG.exe
  C:\Windows\System\YWBehOG.exe
  2⤵
  PID:5076
- C:\Windows\System\MxwMGCt.exe
  C:\Windows\System\MxwMGCt.exe
  2⤵
  PID:5100
- C:\Windows\System\IRoRRId.exe
  C:\Windows\System\IRoRRId.exe
  2⤵
  PID:5116
- C:\Windows\System\DWwKMUP.exe
  C:\Windows\System\DWwKMUP.exe
  2⤵
  PID:3348
- C:\Windows\System\rFykaNp.exe
  C:\Windows\System\rFykaNp.exe
  2⤵
  PID:3612
- C:\Windows\System\gAqaKTT.exe
  C:\Windows\System\gAqaKTT.exe
  2⤵
  PID:3440
- C:\Windows\System\IhjONDN.exe
  C:\Windows\System\IhjONDN.exe
  2⤵
  PID:3644
- C:\Windows\System\SemKbrT.exe
  C:\Windows\System\SemKbrT.exe
  2⤵
  PID:3720
- C:\Windows\System\JXIIRgw.exe
  C:\Windows\System\JXIIRgw.exe
  2⤵
  PID:1276
- C:\Windows\System\MgFvCeQ.exe
  C:\Windows\System\MgFvCeQ.exe
  2⤵
  PID:2960
- C:\Windows\System\YjDNkJC.exe
  C:\Windows\System\YjDNkJC.exe
  2⤵
  PID:3436
- C:\Windows\System\hUwPQjE.exe
  C:\Windows\System\hUwPQjE.exe
  2⤵
  PID:3368
- C:\Windows\System\RxcqhZM.exe
  C:\Windows\System\RxcqhZM.exe
  2⤵
  PID:4092
- C:\Windows\System\ewtyfCE.exe
  C:\Windows\System\ewtyfCE.exe
  2⤵
  PID:3832
- C:\Windows\System\KholOEr.exe
  C:\Windows\System\KholOEr.exe
  2⤵
  PID:3940
- C:\Windows\System\fncEbhK.exe
  C:\Windows\System\fncEbhK.exe
  2⤵
  PID:3948
- C:\Windows\System\wHVibfK.exe
  C:\Windows\System\wHVibfK.exe
  2⤵
  PID:3576
- C:\Windows\System\ZWSKNmK.exe
  C:\Windows\System\ZWSKNmK.exe
  2⤵
  PID:4252
- C:\Windows\System\ABIomED.exe
  C:\Windows\System\ABIomED.exe
  2⤵
  PID:4280
- C:\Windows\System\TVqdRre.exe
  C:\Windows\System\TVqdRre.exe
  2⤵
  PID:4748
- C:\Windows\System\hHyoblw.exe
  C:\Windows\System\hHyoblw.exe
  2⤵
  PID:4792
- C:\Windows\System\zfijWqY.exe
  C:\Windows\System\zfijWqY.exe
  2⤵
  PID:4892
- C:\Windows\System\VCNQhZm.exe
  C:\Windows\System\VCNQhZm.exe
  2⤵
  PID:4908
- C:\Windows\System\GmSpDAb.exe
  C:\Windows\System\GmSpDAb.exe
  2⤵
  PID:5000
- C:\Windows\System\vtzGEQp.exe
  C:\Windows\System\vtzGEQp.exe
  2⤵
  PID:5072
- C:\Windows\System\mBGAbUW.exe
  C:\Windows\System\mBGAbUW.exe
  2⤵
  PID:3668
- C:\Windows\System\XaidiNM.exe
  C:\Windows\System\XaidiNM.exe
  2⤵
  PID:3132
- C:\Windows\System\cCEQVsR.exe
  C:\Windows\System\cCEQVsR.exe
  2⤵
  PID:4008
- C:\Windows\System\KwYzkIO.exe
  C:\Windows\System\KwYzkIO.exe
  2⤵
  PID:3324
- C:\Windows\System\SgwjZSy.exe
  C:\Windows\System\SgwjZSy.exe
  2⤵
  PID:4108
- C:\Windows\System\sRzXkVI.exe
  C:\Windows\System\sRzXkVI.exe
  2⤵
  PID:4156
- C:\Windows\System\PTnvYZV.exe
  C:\Windows\System\PTnvYZV.exe
  2⤵
  PID:2824
- C:\Windows\System\XwJQbUy.exe
  C:\Windows\System\XwJQbUy.exe
  2⤵
  PID:1880
- C:\Windows\System\hDIVWEK.exe
  C:\Windows\System\hDIVWEK.exe
  2⤵
  PID:3920
- C:\Windows\System\mLlEenu.exe
  C:\Windows\System\mLlEenu.exe
  2⤵
  PID:4180
- C:\Windows\System\hUxRoer.exe
  C:\Windows\System\hUxRoer.exe
  2⤵
  PID:4204
- C:\Windows\System\lOtfKNy.exe
  C:\Windows\System\lOtfKNy.exe
  2⤵
  PID:4224
- C:\Windows\System\HKFqayq.exe
  C:\Windows\System\HKFqayq.exe
  2⤵
  PID:2692
- C:\Windows\System\mmdhuQW.exe
  C:\Windows\System\mmdhuQW.exe
  2⤵
  PID:3956
- C:\Windows\System\myjsQjA.exe
  C:\Windows\System\myjsQjA.exe
  2⤵
  PID:4688
- C:\Windows\System\KDSDRyM.exe
  C:\Windows\System\KDSDRyM.exe
  2⤵
  PID:4848
- C:\Windows\System\fDWSbSL.exe
  C:\Windows\System\fDWSbSL.exe
  2⤵
  PID:4976
- C:\Windows\System\khJUGRG.exe
  C:\Windows\System\khJUGRG.exe
  2⤵
  PID:4020
- C:\Windows\System\YTjdaZU.exe
  C:\Windows\System\YTjdaZU.exe
  2⤵
  PID:1600
- C:\Windows\System\REeApCT.exe
  C:\Windows\System\REeApCT.exe
  2⤵
  PID:3864
- C:\Windows\System\XMIzauI.exe
  C:\Windows\System\XMIzauI.exe
  2⤵
  PID:4136
- C:\Windows\System\OifjDyI.exe
  C:\Windows\System\OifjDyI.exe
  2⤵
  PID:3968
- C:\Windows\System\bHoYDAv.exe
  C:\Windows\System\bHoYDAv.exe
  2⤵
  PID:5064
- C:\Windows\System\uFmhlgH.exe
  C:\Windows\System\uFmhlgH.exe
  2⤵
  PID:4072
- C:\Windows\System\oHHwYBc.exe
  C:\Windows\System\oHHwYBc.exe
  2⤵
  PID:4196
- C:\Windows\System\VaWMjRt.exe
  C:\Windows\System\VaWMjRt.exe
  2⤵
  PID:2008
- C:\Windows\System\aziBkmU.exe
  C:\Windows\System\aziBkmU.exe
  2⤵
  PID:5084
- C:\Windows\System\fgdPgNp.exe
  C:\Windows\System\fgdPgNp.exe
  2⤵
  PID:4804
- C:\Windows\System\eSZDFHQ.exe
  C:\Windows\System\eSZDFHQ.exe
  2⤵
  PID:4964
- C:\Windows\System\zQfLrPa.exe
  C:\Windows\System\zQfLrPa.exe
  2⤵
  PID:4640
- C:\Windows\System\XaVfXgJ.exe
  C:\Windows\System\XaVfXgJ.exe
  2⤵
  PID:4452
- C:\Windows\System\ibuYMaY.exe
  C:\Windows\System\ibuYMaY.exe
  2⤵
  PID:4188
- C:\Windows\System\zVsZPPw.exe
  C:\Windows\System\zVsZPPw.exe
  2⤵
  PID:1260
- C:\Windows\System\IPMYslg.exe
  C:\Windows\System\IPMYslg.exe
  2⤵
  PID:4312
- C:\Windows\System\tFJPbWi.exe
  C:\Windows\System\tFJPbWi.exe
  2⤵
  PID:4392
- C:\Windows\System\AWUcglL.exe
  C:\Windows\System\AWUcglL.exe
  2⤵
  PID:4440
- C:\Windows\System\nkXSyDo.exe
  C:\Windows\System\nkXSyDo.exe
  2⤵
  PID:4512
- C:\Windows\System\QNSYTSN.exe
  C:\Windows\System\QNSYTSN.exe
  2⤵
  PID:4552
- C:\Windows\System\QLxrTaa.exe
  C:\Windows\System\QLxrTaa.exe
  2⤵
  PID:3052
- C:\Windows\System\OiiDfwq.exe
  C:\Windows\System\OiiDfwq.exe
  2⤵
  PID:4700
- C:\Windows\System\DXxCmSv.exe
  C:\Windows\System\DXxCmSv.exe
  2⤵
  PID:4860
- C:\Windows\System\MoSZIvO.exe
  C:\Windows\System\MoSZIvO.exe
  2⤵
  PID:3084
- C:\Windows\System\QJIGUov.exe
  C:\Windows\System\QJIGUov.exe
  2⤵
  PID:3212
- C:\Windows\System\mLYBXoQ.exe
  C:\Windows\System\mLYBXoQ.exe
  2⤵
  PID:4276
- C:\Windows\System\IoQGUWi.exe
  C:\Windows\System\IoQGUWi.exe
  2⤵
  PID:2724
- C:\Windows\System\qgRxabv.exe
  C:\Windows\System\qgRxabv.exe
  2⤵
  PID:4736
- C:\Windows\System\TZWUdGT.exe
  C:\Windows\System\TZWUdGT.exe
  2⤵
  PID:3996
- C:\Windows\System\OhgvMBS.exe
  C:\Windows\System\OhgvMBS.exe
  2⤵
  PID:4952
- C:\Windows\System\NvCiSpG.exe
  C:\Windows\System\NvCiSpG.exe
  2⤵
  PID:2568
- C:\Windows\System\EqBRIVS.exe
  C:\Windows\System\EqBRIVS.exe
  2⤵
  PID:3164
- C:\Windows\System\ftQxPyw.exe
  C:\Windows\System\ftQxPyw.exe
  2⤵
  PID:4684
- C:\Windows\System\HprDmKc.exe
  C:\Windows\System\HprDmKc.exe
  2⤵
  PID:3736
- C:\Windows\System\CGTETMi.exe
  C:\Windows\System\CGTETMi.exe
  2⤵
  PID:5016
- C:\Windows\System\YVwGlCd.exe
  C:\Windows\System\YVwGlCd.exe
  2⤵
  PID:4680
- C:\Windows\System\YzqYalD.exe
  C:\Windows\System\YzqYalD.exe
  2⤵
  PID:3984
- C:\Windows\System\KsqDcmk.exe
  C:\Windows\System\KsqDcmk.exe
  2⤵
  PID:4408
- C:\Windows\System\KjgNhcd.exe
  C:\Windows\System\KjgNhcd.exe
  2⤵
  PID:4220
- C:\Windows\System\gTSClHP.exe
  C:\Windows\System\gTSClHP.exe
  2⤵
  PID:4548
- C:\Windows\System\YLGiNWd.exe
  C:\Windows\System\YLGiNWd.exe
  2⤵
  PID:4532
- C:\Windows\System\inumwGd.exe
  C:\Windows\System\inumwGd.exe
  2⤵
  PID:4592
- C:\Windows\System\KUoMvLo.exe
  C:\Windows\System\KUoMvLo.exe
  2⤵
  PID:4376
- C:\Windows\System\RYlYXtw.exe
  C:\Windows\System\RYlYXtw.exe
  2⤵
  PID:4864
- C:\Windows\System\oesnVwO.exe
  C:\Windows\System\oesnVwO.exe
  2⤵
  PID:308
- C:\Windows\System\HBKVMto.exe
  C:\Windows\System\HBKVMto.exe
  2⤵
  PID:4260
- C:\Windows\System\HafBRPy.exe
  C:\Windows\System\HafBRPy.exe
  2⤵
  PID:4936
- C:\Windows\System\QFqnjRJ.exe
  C:\Windows\System\QFqnjRJ.exe
  2⤵
  PID:3608
- C:\Windows\System\pdcuKlL.exe
  C:\Windows\System\pdcuKlL.exe
  2⤵
  PID:2124
- C:\Windows\System\VpQkBKW.exe
  C:\Windows\System\VpQkBKW.exe
  2⤵
  PID:4900
- C:\Windows\System\GgwPgTf.exe
  C:\Windows\System\GgwPgTf.exe
  2⤵
  PID:5068
- C:\Windows\System\VMObciI.exe
  C:\Windows\System\VMObciI.exe
  2⤵
  PID:5012
- C:\Windows\System\gWJGaSA.exe
  C:\Windows\System\gWJGaSA.exe
  2⤵
  PID:4536
- C:\Windows\System\qBjXvPc.exe
  C:\Windows\System\qBjXvPc.exe
  2⤵
  PID:3932
- C:\Windows\System\mkbTRqH.exe
  C:\Windows\System\mkbTRqH.exe
  2⤵
  PID:4636
- C:\Windows\System\JODWtOI.exe
  C:\Windows\System\JODWtOI.exe
  2⤵
  PID:4388
- C:\Windows\System\VSgipKr.exe
  C:\Windows\System\VSgipKr.exe
  2⤵
  PID:4564
- C:\Windows\System\CaqBeeB.exe
  C:\Windows\System\CaqBeeB.exe
  2⤵
  PID:4240
- C:\Windows\System\nalCfTz.exe
  C:\Windows\System\nalCfTz.exe
  2⤵
  PID:4824
- C:\Windows\System\jDOpecX.exe
  C:\Windows\System\jDOpecX.exe
  2⤵
  PID:960
- C:\Windows\System\Ddshfvl.exe
  C:\Windows\System\Ddshfvl.exe
  2⤵
  PID:3788
- C:\Windows\System\yttDpGz.exe
  C:\Windows\System\yttDpGz.exe
  2⤵
  PID:4648
- C:\Windows\System\VRcncGD.exe
  C:\Windows\System\VRcncGD.exe
  2⤵
  PID:3992
- C:\Windows\System\ENVfxrx.exe
  C:\Windows\System\ENVfxrx.exe
  2⤵
  PID:3008
- C:\Windows\System\nCxSjRT.exe
  C:\Windows\System\nCxSjRT.exe
  2⤵
  PID:1816
- C:\Windows\System\WkNfMgZ.exe
  C:\Windows\System\WkNfMgZ.exe
  2⤵
  PID:2620
- C:\Windows\System\mBazWAm.exe
  C:\Windows\System\mBazWAm.exe
  2⤵
  PID:4436
- C:\Windows\System\QKvLHQk.exe
  C:\Windows\System\QKvLHQk.exe
  2⤵
  PID:4676
- C:\Windows\System\aMlldXj.exe
  C:\Windows\System\aMlldXj.exe
  2⤵
  PID:3936
- C:\Windows\System\gnQxwlb.exe
  C:\Windows\System\gnQxwlb.exe
  2⤵
  PID:4212
- C:\Windows\System\bxMLPev.exe
  C:\Windows\System\bxMLPev.exe
  2⤵
  PID:4084
- C:\Windows\System\kDMzeQZ.exe
  C:\Windows\System\kDMzeQZ.exe
  2⤵
  PID:3456
- C:\Windows\System\XAyEQVV.exe
  C:\Windows\System\XAyEQVV.exe
  2⤵
  PID:4328
- C:\Windows\System\lSTiANo.exe
  C:\Windows\System\lSTiANo.exe
  2⤵
  PID:5032
- C:\Windows\System\yIIErWr.exe
  C:\Windows\System\yIIErWr.exe
  2⤵
  PID:1924
- C:\Windows\System\CCmoghk.exe
  C:\Windows\System\CCmoghk.exe
  2⤵
  PID:2384
- C:\Windows\System\BiLDSJi.exe
  C:\Windows\System\BiLDSJi.exe
  2⤵
  PID:2864
- C:\Windows\System\ddXkkbg.exe
  C:\Windows\System\ddXkkbg.exe
  2⤵
  PID:4352
- C:\Windows\System\PHZoxLq.exe
  C:\Windows\System\PHZoxLq.exe
  2⤵
  PID:4268
- C:\Windows\System\aLyhzOr.exe
  C:\Windows\System\aLyhzOr.exe
  2⤵
  PID:5144
- C:\Windows\System\XdixJdX.exe
  C:\Windows\System\XdixJdX.exe
  2⤵
  PID:5168
- C:\Windows\System\erpTysA.exe
  C:\Windows\System\erpTysA.exe
  2⤵
  PID:5188
- C:\Windows\System\zoCvhrG.exe
  C:\Windows\System\zoCvhrG.exe
  2⤵
  PID:5212
- C:\Windows\System\FjWqoTr.exe
  C:\Windows\System\FjWqoTr.exe
  2⤵
  PID:5236
- C:\Windows\System\LUNLgRV.exe
  C:\Windows\System\LUNLgRV.exe
  2⤵
  PID:5256
- C:\Windows\System\iTRxKNO.exe
  C:\Windows\System\iTRxKNO.exe
  2⤵
  PID:5284
- C:\Windows\System\uCSYUbQ.exe
  C:\Windows\System\uCSYUbQ.exe
  2⤵
  PID:5312
- C:\Windows\System\dNHrgHI.exe
  C:\Windows\System\dNHrgHI.exe
  2⤵
  PID:5332
- C:\Windows\System\wOKpZcQ.exe
  C:\Windows\System\wOKpZcQ.exe
  2⤵
  PID:5348
- C:\Windows\System\EcWqiML.exe
  C:\Windows\System\EcWqiML.exe
  2⤵
  PID:5372
- C:\Windows\System\BtlyDxp.exe
  C:\Windows\System\BtlyDxp.exe
  2⤵
  PID:5388
- C:\Windows\System\wXkROKQ.exe
  C:\Windows\System\wXkROKQ.exe
  2⤵
  PID:5408
- C:\Windows\System\NjDiySJ.exe
  C:\Windows\System\NjDiySJ.exe
  2⤵
  PID:5468
- C:\Windows\System\RaOwLVq.exe
  C:\Windows\System\RaOwLVq.exe
  2⤵
  PID:5484
- C:\Windows\System\SlMKLiE.exe
  C:\Windows\System\SlMKLiE.exe
  2⤵
  PID:5500
- C:\Windows\System\ZvCXRsn.exe
  C:\Windows\System\ZvCXRsn.exe
  2⤵
  PID:5516
- C:\Windows\System\HYXdJUB.exe
  C:\Windows\System\HYXdJUB.exe
  2⤵
  PID:5536
- C:\Windows\System\IdDIGEb.exe
  C:\Windows\System\IdDIGEb.exe
  2⤵
  PID:5552
- C:\Windows\System\hZxCfaV.exe
  C:\Windows\System\hZxCfaV.exe
  2⤵
  PID:5572
- C:\Windows\System\yJtgmtD.exe
  C:\Windows\System\yJtgmtD.exe
  2⤵
  PID:5596
- C:\Windows\System\RytJAnT.exe
  C:\Windows\System\RytJAnT.exe
  2⤵
  PID:5620
- C:\Windows\System\VfNbpJr.exe
  C:\Windows\System\VfNbpJr.exe
  2⤵
  PID:5644
- C:\Windows\System\rvwADoj.exe
  C:\Windows\System\rvwADoj.exe
  2⤵
  PID:5660
- C:\Windows\System\aeoWndY.exe
  C:\Windows\System\aeoWndY.exe
  2⤵
  PID:5688
- C:\Windows\System\cGpmRRS.exe
  C:\Windows\System\cGpmRRS.exe
  2⤵
  PID:5704
- C:\Windows\System\uWudUxg.exe
  C:\Windows\System\uWudUxg.exe
  2⤵
  PID:5728
- C:\Windows\System\PGVUbky.exe
  C:\Windows\System\PGVUbky.exe
  2⤵
  PID:5744
- C:\Windows\System\dULRnNl.exe
  C:\Windows\System\dULRnNl.exe
  2⤵
  PID:5768
- C:\Windows\System\iVySpSt.exe
  C:\Windows\System\iVySpSt.exe
  2⤵
  PID:5792
- C:\Windows\System\hxXycak.exe
  C:\Windows\System\hxXycak.exe
  2⤵
  PID:5816
- C:\Windows\System\LrYnEjh.exe
  C:\Windows\System\LrYnEjh.exe
  2⤵
  PID:5864
- C:\Windows\System\nBdkAoy.exe
  C:\Windows\System\nBdkAoy.exe
  2⤵
  PID:5888
- C:\Windows\System\wNfIWVL.exe
  C:\Windows\System\wNfIWVL.exe
  2⤵
  PID:5916
- C:\Windows\System\kOqZgOl.exe
  C:\Windows\System\kOqZgOl.exe
  2⤵
  PID:5936
- C:\Windows\System\tOSiPMx.exe
  C:\Windows\System\tOSiPMx.exe
  2⤵
  PID:5956
- C:\Windows\System\iXysOls.exe
  C:\Windows\System\iXysOls.exe
  2⤵
  PID:5972
- C:\Windows\System\hNVyHYv.exe
  C:\Windows\System\hNVyHYv.exe
  2⤵
  PID:5992
- C:\Windows\System\zbABcFk.exe
  C:\Windows\System\zbABcFk.exe
  2⤵
  PID:6012
- C:\Windows\System\PEzqSyo.exe
  C:\Windows\System\PEzqSyo.exe
  2⤵
  PID:6032
- C:\Windows\System\NlTOoNq.exe
  C:\Windows\System\NlTOoNq.exe
  2⤵
  PID:6056
- C:\Windows\System\oluCSmF.exe
  C:\Windows\System\oluCSmF.exe
  2⤵
  PID:6088
- C:\Windows\System\KNbSwRv.exe
  C:\Windows\System\KNbSwRv.exe
  2⤵
  PID:6104
- C:\Windows\System\eUPdrcQ.exe
  C:\Windows\System\eUPdrcQ.exe
  2⤵
  PID:6128
- C:\Windows\System\fLAJNxs.exe
  C:\Windows\System\fLAJNxs.exe
  2⤵
  PID:684
- C:\Windows\System\MbmFhEi.exe
  C:\Windows\System\MbmFhEi.exe
  2⤵
  PID:2200
- C:\Windows\System\gYXuYOb.exe
  C:\Windows\System\gYXuYOb.exe
  2⤵
  PID:4760
- C:\Windows\System\KfjxLst.exe
  C:\Windows\System\KfjxLst.exe
  2⤵
  PID:4836
- C:\Windows\System\vbTlYMs.exe
  C:\Windows\System\vbTlYMs.exe
  2⤵
  PID:4456
- C:\Windows\System\AGqKXSz.exe
  C:\Windows\System\AGqKXSz.exe
  2⤵
  PID:1712
- C:\Windows\System\ogKDBfK.exe
  C:\Windows\System\ogKDBfK.exe
  2⤵
  PID:5140
- C:\Windows\System\jXHubiK.exe
  C:\Windows\System\jXHubiK.exe
  2⤵
  PID:5156
- C:\Windows\System\mRFbdgH.exe
  C:\Windows\System\mRFbdgH.exe
  2⤵
  PID:5200
- C:\Windows\System\hlSOara.exe
  C:\Windows\System\hlSOara.exe
  2⤵
  PID:5252
- C:\Windows\System\NnFgPuJ.exe
  C:\Windows\System\NnFgPuJ.exe
  2⤵
  PID:5280
- C:\Windows\System\iAHPJQI.exe
  C:\Windows\System\iAHPJQI.exe
  2⤵
  PID:5308
- C:\Windows\System\ZdpEwyn.exe
  C:\Windows\System\ZdpEwyn.exe
  2⤵
  PID:5356
- C:\Windows\System\aNVpQXu.exe
  C:\Windows\System\aNVpQXu.exe
  2⤵
  PID:5416
- C:\Windows\System\kLPQrfP.exe
  C:\Windows\System\kLPQrfP.exe
  2⤵
  PID:1544
- C:\Windows\System\lvTjiVf.exe
  C:\Windows\System\lvTjiVf.exe
  2⤵
  PID:5432
- C:\Windows\System\kJiVjxh.exe
  C:\Windows\System\kJiVjxh.exe
  2⤵
  PID:5444
- C:\Windows\System\YRyUbgC.exe
  C:\Windows\System\YRyUbgC.exe
  2⤵
  PID:5456
- C:\Windows\System\WlUfIYd.exe
  C:\Windows\System\WlUfIYd.exe
  2⤵
  PID:2128
- C:\Windows\System\cjIcJIG.exe
  C:\Windows\System\cjIcJIG.exe
  2⤵
  PID:1508
- C:\Windows\System\OQiSBTX.exe
  C:\Windows\System\OQiSBTX.exe
  2⤵
  PID:5564
- C:\Windows\System\Qyfmkvl.exe
  C:\Windows\System\Qyfmkvl.exe
  2⤵
  PID:5592
- C:\Windows\System\VILfKRc.exe
  C:\Windows\System\VILfKRc.exe
  2⤵
  PID:5616
- C:\Windows\System\hccEdol.exe
  C:\Windows\System\hccEdol.exe
  2⤵
  PID:3016
- C:\Windows\System\WSToTLQ.exe
  C:\Windows\System\WSToTLQ.exe
  2⤵
  PID:5656
- C:\Windows\System\vdvsfiL.exe
  C:\Windows\System\vdvsfiL.exe
  2⤵
  PID:1784
- C:\Windows\System\hiIvdxc.exe
  C:\Windows\System\hiIvdxc.exe
  2⤵
  PID:1972
- C:\Windows\System\RAxvgGo.exe
  C:\Windows\System\RAxvgGo.exe
  2⤵
  PID:5716
- C:\Windows\System\FjLJbRf.exe
  C:\Windows\System\FjLJbRf.exe
  2⤵
  PID:5740
- C:\Windows\System\BcMmibH.exe
  C:\Windows\System\BcMmibH.exe
  2⤵
  PID:5808
- C:\Windows\System\nVyhzaV.exe
  C:\Windows\System\nVyhzaV.exe
  2⤵
  PID:5780
- C:\Windows\System\dEhkNsF.exe
  C:\Windows\System\dEhkNsF.exe
  2⤵
  PID:5824
- C:\Windows\System\fdRqcJj.exe
  C:\Windows\System\fdRqcJj.exe
  2⤵
  PID:5872
- C:\Windows\System\OFOuBAL.exe
  C:\Windows\System\OFOuBAL.exe
  2⤵
  PID:5856
- C:\Windows\System\TfsMGJu.exe
  C:\Windows\System\TfsMGJu.exe
  2⤵
  PID:5904
- C:\Windows\System\YfYuPZY.exe
  C:\Windows\System\YfYuPZY.exe
  2⤵
  PID:5944
- C:\Windows\System\tFaYinR.exe
  C:\Windows\System\tFaYinR.exe
  2⤵
  PID:5980
- C:\Windows\System\dVJwsOU.exe
  C:\Windows\System\dVJwsOU.exe
  2⤵
  PID:6004
- C:\Windows\System\SgwmAhR.exe
  C:\Windows\System\SgwmAhR.exe
  2⤵
  PID:6024
- C:\Windows\System\VHuuwPF.exe
  C:\Windows\System\VHuuwPF.exe
  2⤵
  PID:6052
- C:\Windows\System\YwHLVKE.exe
  C:\Windows\System\YwHLVKE.exe
  2⤵
  PID:6100
- C:\Windows\System\TdJjDuK.exe
  C:\Windows\System\TdJjDuK.exe
  2⤵
  PID:6084
- C:\Windows\System\DfbVinc.exe
  C:\Windows\System\DfbVinc.exe
  2⤵
  PID:4060
- C:\Windows\System\EnVEjZs.exe
  C:\Windows\System\EnVEjZs.exe
  2⤵
  PID:2696
- C:\Windows\System\qLRJmLa.exe
  C:\Windows\System\qLRJmLa.exe
  2⤵
  PID:4924
- C:\Windows\System\anIZRTE.exe
  C:\Windows\System\anIZRTE.exe
  2⤵
  PID:2872
- C:\Windows\System\XNlsJBu.exe
  C:\Windows\System\XNlsJBu.exe
  2⤵
  PID:3732
- C:\Windows\System\fCRfoVs.exe
  C:\Windows\System\fCRfoVs.exe
  2⤵
  PID:2000
- C:\Windows\System\iNpnNQi.exe
  C:\Windows\System\iNpnNQi.exe
  2⤵
  PID:5128
- C:\Windows\System\dYidvWq.exe
  C:\Windows\System\dYidvWq.exe
  2⤵
  PID:1568
- C:\Windows\System\cUIuAvu.exe
  C:\Windows\System\cUIuAvu.exe
  2⤵
  PID:5160
- C:\Windows\System\EcHtVNv.exe
  C:\Windows\System\EcHtVNv.exe
  2⤵
  PID:5276
- C:\Windows\System\QrPPknt.exe
  C:\Windows\System\QrPPknt.exe
  2⤵
  PID:5244
- C:\Windows\System\CcBjHhM.exe
  C:\Windows\System\CcBjHhM.exe
  2⤵
  PID:5296
- C:\Windows\System\bSAzyYv.exe
  C:\Windows\System\bSAzyYv.exe
  2⤵
  PID:5368
- C:\Windows\System\uawICQd.exe
  C:\Windows\System\uawICQd.exe
  2⤵
  PID:2748
- C:\Windows\System\HZAtPFS.exe
  C:\Windows\System\HZAtPFS.exe
  2⤵
  PID:5384
- C:\Windows\System\fkJnpLk.exe
  C:\Windows\System\fkJnpLk.exe
  2⤵
  PID:2764
- C:\Windows\System\CPBWNAo.exe
  C:\Windows\System\CPBWNAo.exe
  2⤵
  PID:2676
- C:\Windows\System\IcMZZro.exe
  C:\Windows\System\IcMZZro.exe
  2⤵
  PID:1516
- C:\Windows\System\IqTUkgp.exe
  C:\Windows\System\IqTUkgp.exe
  2⤵
  PID:2136
- C:\Windows\System\wOsdXdg.exe
  C:\Windows\System\wOsdXdg.exe
  2⤵
  PID:2796
- C:\Windows\System\nkldMqM.exe
  C:\Windows\System\nkldMqM.exe
  2⤵
  PID:1280
- C:\Windows\System\HkVyIVb.exe
  C:\Windows\System\HkVyIVb.exe
  2⤵
  PID:1424
- C:\Windows\System\PwbaSsz.exe
  C:\Windows\System\PwbaSsz.exe
  2⤵
  PID:752
- C:\Windows\System\aBMbpPV.exe
  C:\Windows\System\aBMbpPV.exe
  2⤵
  PID:5464
- C:\Windows\System\AMJTXJD.exe
  C:\Windows\System\AMJTXJD.exe
  2⤵
  PID:5492
- C:\Windows\System\MYDgUkL.exe
  C:\Windows\System\MYDgUkL.exe
  2⤵
  PID:5532
- C:\Windows\System\IyJRvNd.exe
  C:\Windows\System\IyJRvNd.exe
  2⤵
  PID:5568
- C:\Windows\System\jTyooyc.exe
  C:\Windows\System\jTyooyc.exe
  2⤵
  PID:5668
- C:\Windows\System\ePEHvZd.exe
  C:\Windows\System\ePEHvZd.exe
  2⤵
  PID:5712
- C:\Windows\System\TvofHbn.exe
  C:\Windows\System\TvofHbn.exe
  2⤵
  PID:5776
- C:\Windows\System\wEzdxOS.exe
  C:\Windows\System\wEzdxOS.exe
  2⤵
  PID:5636
- C:\Windows\System\pRdMdhZ.exe
  C:\Windows\System\pRdMdhZ.exe
  2⤵
  PID:5720
- C:\Windows\System\IUZauyk.exe
  C:\Windows\System\IUZauyk.exe
  2⤵
  PID:5828
- C:\Windows\System\NBmrkcR.exe
  C:\Windows\System\NBmrkcR.exe
  2⤵
  PID:5652
- C:\Windows\System\AISpDrh.exe
  C:\Windows\System\AISpDrh.exe
  2⤵
  PID:5900
- C:\Windows\System\HBXSoVM.exe
  C:\Windows\System\HBXSoVM.exe
  2⤵
  PID:6028
- C:\Windows\System\HkEQseF.exe
  C:\Windows\System\HkEQseF.exe
  2⤵
  PID:6080
- C:\Windows\System\locxBTl.exe
  C:\Windows\System\locxBTl.exe
  2⤵
  PID:6116
- C:\Windows\System\KfLfJqR.exe
  C:\Windows\System\KfLfJqR.exe
  2⤵
  PID:5860
- C:\Windows\System\qfSGKAp.exe
  C:\Windows\System\qfSGKAp.exe
  2⤵
  PID:5912
- C:\Windows\System\EaxcUpr.exe
  C:\Windows\System\EaxcUpr.exe
  2⤵
  PID:6048
- C:\Windows\System\Acbhsbe.exe
  C:\Windows\System\Acbhsbe.exe
  2⤵
  PID:4772
- C:\Windows\System\AaeNoMA.exe
  C:\Windows\System\AaeNoMA.exe
  2⤵
  PID:572
- C:\Windows\System\aVDRzhk.exe
  C:\Windows\System\aVDRzhk.exe
  2⤵
  PID:2012
- C:\Windows\System\NQKzkoA.exe
  C:\Windows\System\NQKzkoA.exe
  2⤵
  PID:5132
- C:\Windows\System\Rrlvsod.exe
  C:\Windows\System\Rrlvsod.exe
  2⤵
  PID:2800
- C:\Windows\System\nXNkNAE.exe
  C:\Windows\System\nXNkNAE.exe
  2⤵
  PID:2740
- C:\Windows\System\eZnJwQA.exe
  C:\Windows\System\eZnJwQA.exe
  2⤵
  PID:5220
- C:\Windows\System\huyvURr.exe
  C:\Windows\System\huyvURr.exe
  2⤵
  PID:2084
- C:\Windows\System\oRgTeur.exe
  C:\Windows\System\oRgTeur.exe
  2⤵
  PID:1964
- C:\Windows\System\bvuFXAD.exe
  C:\Windows\System\bvuFXAD.exe
  2⤵
  PID:692
- C:\Windows\System\xoxCLSK.exe
  C:\Windows\System\xoxCLSK.exe
  2⤵
  PID:5584
- C:\Windows\System\aqbXPqJ.exe
  C:\Windows\System\aqbXPqJ.exe
  2⤵
  PID:984
- C:\Windows\System\vEEMMmr.exe
  C:\Windows\System\vEEMMmr.exe
  2⤵
  PID:5848
- C:\Windows\System\NDCjkjm.exe
  C:\Windows\System\NDCjkjm.exe
  2⤵
  PID:1700
- C:\Windows\System\gnxGyoI.exe
  C:\Windows\System\gnxGyoI.exe
  2⤵
  PID:2668
- C:\Windows\System\mbZLOgn.exe
  C:\Windows\System\mbZLOgn.exe
  2⤵
  PID:4144
- C:\Windows\System\GggHFVn.exe
  C:\Windows\System\GggHFVn.exe
  2⤵
  PID:2044
- C:\Windows\System\TZJMWul.exe
  C:\Windows\System\TZJMWul.exe
  2⤵
  PID:5700
- C:\Windows\System\JHnaXUL.exe
  C:\Windows\System\JHnaXUL.exe
  2⤵
  PID:5448
- C:\Windows\System\dnqZEjP.exe
  C:\Windows\System\dnqZEjP.exe
  2⤵
  PID:2792
- C:\Windows\System\QdyNoUP.exe
  C:\Windows\System\QdyNoUP.exe
  2⤵
  PID:812
- C:\Windows\System\izODaQk.exe
  C:\Windows\System\izODaQk.exe
  2⤵
  PID:5440
- C:\Windows\System\EHzBRfo.exe
  C:\Windows\System\EHzBRfo.exe
  2⤵
  PID:5528
- C:\Windows\System\HNRqjJF.exe
  C:\Windows\System\HNRqjJF.exe
  2⤵
  PID:1744
- C:\Windows\System\ViXVugg.exe
  C:\Windows\System\ViXVugg.exe
  2⤵
  PID:5876
- C:\Windows\System\stZjUcF.exe
  C:\Windows\System\stZjUcF.exe
  2⤵
  PID:6152
- C:\Windows\System\KxenRZj.exe
  C:\Windows\System\KxenRZj.exe
  2⤵
  PID:6168
- C:\Windows\System\YMskFXg.exe
  C:\Windows\System\YMskFXg.exe
  2⤵
  PID:6184
- C:\Windows\System\Esocdxg.exe
  C:\Windows\System\Esocdxg.exe
  2⤵
  PID:6200
- C:\Windows\System\SAFpCwu.exe
  C:\Windows\System\SAFpCwu.exe
  2⤵
  PID:6216
- C:\Windows\System\sTvpEHr.exe
  C:\Windows\System\sTvpEHr.exe
  2⤵
  PID:6232
- C:\Windows\System\uzvEhTR.exe
  C:\Windows\System\uzvEhTR.exe
  2⤵
  PID:6248
- C:\Windows\System\ZczcBVw.exe
  C:\Windows\System\ZczcBVw.exe
  2⤵
  PID:6264
- C:\Windows\System\zaMJhaQ.exe
  C:\Windows\System\zaMJhaQ.exe
  2⤵
  PID:6280
- C:\Windows\System\BrfyoJF.exe
  C:\Windows\System\BrfyoJF.exe
  2⤵
  PID:6296
- C:\Windows\System\OCAONMU.exe
  C:\Windows\System\OCAONMU.exe
  2⤵
  PID:6312
- C:\Windows\System\ZbgkGYe.exe
  C:\Windows\System\ZbgkGYe.exe
  2⤵
  PID:6328
- C:\Windows\System\YuCehvk.exe
  C:\Windows\System\YuCehvk.exe
  2⤵
  PID:6344
- C:\Windows\System\MWXEdoZ.exe
  C:\Windows\System\MWXEdoZ.exe
  2⤵
  PID:6360
- C:\Windows\System\cEseDeG.exe
  C:\Windows\System\cEseDeG.exe
  2⤵
  PID:6376
- C:\Windows\System\NPyZarK.exe
  C:\Windows\System\NPyZarK.exe
  2⤵
  PID:6392
- C:\Windows\System\JBWewKe.exe
  C:\Windows\System\JBWewKe.exe
  2⤵
  PID:6408
- C:\Windows\System\fxoeAkN.exe
  C:\Windows\System\fxoeAkN.exe
  2⤵
  PID:6424
- C:\Windows\System\sDxcHtQ.exe
  C:\Windows\System\sDxcHtQ.exe
  2⤵
  PID:6440
- C:\Windows\System\CZuipBk.exe
  C:\Windows\System\CZuipBk.exe
  2⤵
  PID:6456
- C:\Windows\System\ErLktMd.exe
  C:\Windows\System\ErLktMd.exe
  2⤵
  PID:6480
- C:\Windows\System\QbRZHgn.exe
  C:\Windows\System\QbRZHgn.exe
  2⤵
  PID:6496
- C:\Windows\System\jfdPqFN.exe
  C:\Windows\System\jfdPqFN.exe
  2⤵
  PID:6512
- C:\Windows\System\SaIPzRI.exe
  C:\Windows\System\SaIPzRI.exe
  2⤵
  PID:6528
- C:\Windows\System\PTeUyyf.exe
  C:\Windows\System\PTeUyyf.exe
  2⤵
  PID:6544
- C:\Windows\System\kaJiRtS.exe
  C:\Windows\System\kaJiRtS.exe
  2⤵
  PID:6560
- C:\Windows\System\BqPkQfc.exe
  C:\Windows\System\BqPkQfc.exe
  2⤵
  PID:6576
- C:\Windows\System\UNrXcYN.exe
  C:\Windows\System\UNrXcYN.exe
  2⤵
  PID:6592
- C:\Windows\System\bfPOvZf.exe
  C:\Windows\System\bfPOvZf.exe
  2⤵
  PID:6608
- C:\Windows\System\AdRiOty.exe
  C:\Windows\System\AdRiOty.exe
  2⤵
  PID:6624
- C:\Windows\System\NHYGNGn.exe
  C:\Windows\System\NHYGNGn.exe
  2⤵
  PID:6640
- C:\Windows\System\gnTAeKE.exe
  C:\Windows\System\gnTAeKE.exe
  2⤵
  PID:6656
- C:\Windows\System\yyFImpJ.exe
  C:\Windows\System\yyFImpJ.exe
  2⤵
  PID:6672
- C:\Windows\System\yOMwofT.exe
  C:\Windows\System\yOMwofT.exe
  2⤵
  PID:6688
- C:\Windows\System\ehRgWmG.exe
  C:\Windows\System\ehRgWmG.exe
  2⤵
  PID:6704
- C:\Windows\System\cjthTyP.exe
  C:\Windows\System\cjthTyP.exe
  2⤵
  PID:6720
- C:\Windows\System\tpWmMBE.exe
  C:\Windows\System\tpWmMBE.exe
  2⤵
  PID:6736
- C:\Windows\System\dGEAker.exe
  C:\Windows\System\dGEAker.exe
  2⤵
  PID:6752
- C:\Windows\System\lFgbZJH.exe
  C:\Windows\System\lFgbZJH.exe
  2⤵
  PID:6768
- C:\Windows\System\RwbiJUF.exe
  C:\Windows\System\RwbiJUF.exe
  2⤵
  PID:6784
- C:\Windows\System\tbQCjEC.exe
  C:\Windows\System\tbQCjEC.exe
  2⤵
  PID:6800
- C:\Windows\System\fmtPuiA.exe
  C:\Windows\System\fmtPuiA.exe
  2⤵
  PID:6816
- C:\Windows\System\MoKgdsT.exe
  C:\Windows\System\MoKgdsT.exe
  2⤵
  PID:6832
- C:\Windows\System\LHlBsgP.exe
  C:\Windows\System\LHlBsgP.exe
  2⤵
  PID:6848
- C:\Windows\System\hloYILL.exe
  C:\Windows\System\hloYILL.exe
  2⤵
  PID:6864
- C:\Windows\System\lhDOosk.exe
  C:\Windows\System\lhDOosk.exe
  2⤵
  PID:6880
- C:\Windows\System\bprakZc.exe
  C:\Windows\System\bprakZc.exe
  2⤵
  PID:6896
- C:\Windows\System\LGlryAW.exe
  C:\Windows\System\LGlryAW.exe
  2⤵
  PID:6912
- C:\Windows\System\TlBLjak.exe
  C:\Windows\System\TlBLjak.exe
  2⤵
  PID:6928
- C:\Windows\System\WhFoFln.exe
  C:\Windows\System\WhFoFln.exe
  2⤵
  PID:6944
- C:\Windows\System\BjlnwnB.exe
  C:\Windows\System\BjlnwnB.exe
  2⤵
  PID:6960
- C:\Windows\System\DeTDnAO.exe
  C:\Windows\System\DeTDnAO.exe
  2⤵
  PID:6976
- C:\Windows\System\oNJlSqA.exe
  C:\Windows\System\oNJlSqA.exe
  2⤵
  PID:6992
- C:\Windows\System\RwiuNyA.exe
  C:\Windows\System\RwiuNyA.exe
  2⤵
  PID:7008
- C:\Windows\System\zoFgJDK.exe
  C:\Windows\System\zoFgJDK.exe
  2⤵
  PID:7028
- C:\Windows\System\oNiwajy.exe
  C:\Windows\System\oNiwajy.exe
  2⤵
  PID:7044
- C:\Windows\System\nvMWgYR.exe
  C:\Windows\System\nvMWgYR.exe
  2⤵
  PID:7060
- C:\Windows\System\DnYfCls.exe
  C:\Windows\System\DnYfCls.exe
  2⤵
  PID:7076
- C:\Windows\System\LGWwVvD.exe
  C:\Windows\System\LGWwVvD.exe
  2⤵
  PID:7092
- C:\Windows\System\wGhGZBF.exe
  C:\Windows\System\wGhGZBF.exe
  2⤵
  PID:7108
- C:\Windows\System\NBvjtMn.exe
  C:\Windows\System\NBvjtMn.exe
  2⤵
  PID:7124
- C:\Windows\System\NVRMhlF.exe
  C:\Windows\System\NVRMhlF.exe
  2⤵
  PID:7140
- C:\Windows\System\pVGtwvX.exe
  C:\Windows\System\pVGtwvX.exe
  2⤵
  PID:7156
- C:\Windows\System\immSTsz.exe
  C:\Windows\System\immSTsz.exe
  2⤵
  PID:5496
- C:\Windows\System\dGozTFq.exe
  C:\Windows\System\dGozTFq.exe
  2⤵
  PID:5344
- C:\Windows\System\JlynVjv.exe
  C:\Windows\System\JlynVjv.exe
  2⤵
  PID:2304
- C:\Windows\System\dmARHbd.exe
  C:\Windows\System\dmARHbd.exe
  2⤵
  PID:4732
- C:\Windows\System\EUuYlFp.exe
  C:\Windows\System\EUuYlFp.exe
  2⤵
  PID:1308
- C:\Windows\System\rEiQsVA.exe
  C:\Windows\System\rEiQsVA.exe
  2⤵
  PID:5480
- C:\Windows\System\mtVuOqC.exe
  C:\Windows\System\mtVuOqC.exe
  2⤵
  PID:4808
- C:\Windows\System\axyNFTJ.exe
  C:\Windows\System\axyNFTJ.exe
  2⤵
  PID:5988
- C:\Windows\System\SAMMLnA.exe
  C:\Windows\System\SAMMLnA.exe
  2⤵
  PID:1724
- C:\Windows\System\xfkGiAR.exe
  C:\Windows\System\xfkGiAR.exe
  2⤵
  PID:6180
- C:\Windows\System\nlzfNcM.exe
  C:\Windows\System\nlzfNcM.exe
  2⤵
  PID:6256
- C:\Windows\System\VylVbxw.exe
  C:\Windows\System\VylVbxw.exe
  2⤵
  PID:6160
- C:\Windows\System\ruIfuPE.exe
  C:\Windows\System\ruIfuPE.exe
  2⤵
  PID:6324
- C:\Windows\System\FDaQSLx.exe
  C:\Windows\System\FDaQSLx.exe
  2⤵
  PID:6308
- C:\Windows\System\CkmqcTR.exe
  C:\Windows\System\CkmqcTR.exe
  2⤵
  PID:6384
- C:\Windows\System\LruYYnF.exe
  C:\Windows\System\LruYYnF.exe
  2⤵
  PID:6304
- C:\Windows\System\WOlBNrg.exe
  C:\Windows\System\WOlBNrg.exe
  2⤵
  PID:6340
- C:\Windows\System\cerGook.exe
  C:\Windows\System\cerGook.exe
  2⤵
  PID:6368
- C:\Windows\System\YBEBpKm.exe
  C:\Windows\System\YBEBpKm.exe
  2⤵
  PID:6436
- C:\Windows\System\dNtsPlY.exe
  C:\Windows\System\dNtsPlY.exe
  2⤵
  PID:6472
- C:\Windows\System\rUysKgB.exe
  C:\Windows\System\rUysKgB.exe
  2⤵
  PID:6524
- C:\Windows\System\JjYGSOX.exe
  C:\Windows\System\JjYGSOX.exe
  2⤵
  PID:6536
- C:\Windows\System\pIiEHqF.exe
  C:\Windows\System\pIiEHqF.exe
  2⤵
  PID:6572
- C:\Windows\System\jDNOKbA.exe
  C:\Windows\System\jDNOKbA.exe
  2⤵
  PID:6616
- C:\Windows\System\gumHccw.exe
  C:\Windows\System\gumHccw.exe
  2⤵
  PID:6680
- C:\Windows\System\UGyapCe.exe
  C:\Windows\System\UGyapCe.exe
  2⤵
  PID:6700
- C:\Windows\System\HPfBqwJ.exe
  C:\Windows\System\HPfBqwJ.exe
  2⤵
  PID:6636
- C:\Windows\System\HMTVTET.exe
  C:\Windows\System\HMTVTET.exe
  2⤵
  PID:6748
- C:\Windows\System\UgupEEg.exe
  C:\Windows\System\UgupEEg.exe
  2⤵
  PID:6812
- C:\Windows\System\hVoZjSA.exe
  C:\Windows\System\hVoZjSA.exe
  2⤵
  PID:6876
- C:\Windows\System\wBWZxiP.exe
  C:\Windows\System\wBWZxiP.exe
  2⤵
  PID:6940
- C:\Windows\System\oLGkYxk.exe
  C:\Windows\System\oLGkYxk.exe
  2⤵
  PID:6828
- C:\Windows\System\bMoONRH.exe
  C:\Windows\System\bMoONRH.exe
  2⤵
  PID:6892
- C:\Windows\System\ZxUNdtG.exe
  C:\Windows\System\ZxUNdtG.exe
  2⤵
  PID:6956
- C:\Windows\System\DpYGtMo.exe
  C:\Windows\System\DpYGtMo.exe
  2⤵
  PID:7004
- C:\Windows\System\BFctvRP.exe
  C:\Windows\System\BFctvRP.exe
  2⤵
  PID:6796
- C:\Windows\System\pbxZuLz.exe
  C:\Windows\System\pbxZuLz.exe
  2⤵
  PID:7052
- C:\Windows\System\kSJFqla.exe
  C:\Windows\System\kSJFqla.exe
  2⤵
  PID:7100
- C:\Windows\System\UYGXbqd.exe
  C:\Windows\System\UYGXbqd.exe
  2⤵
  PID:7132
- C:\Windows\System\IpSmJJj.exe
  C:\Windows\System\IpSmJJj.exe
  2⤵
  PID:2504
- C:\Windows\System\CLVEzuv.exe
  C:\Windows\System\CLVEzuv.exe
  2⤵
  PID:7120
- C:\Windows\System\PoSeHdB.exe
  C:\Windows\System\PoSeHdB.exe
  2⤵
  PID:5204
- C:\Windows\System\GAvjVHy.exe
  C:\Windows\System\GAvjVHy.exe
  2⤵
  PID:5928
- C:\Windows\System\zDXCrGZ.exe
  C:\Windows\System\zDXCrGZ.exe
  2⤵
  PID:2324
- C:\Windows\System\HJBVsHV.exe
  C:\Windows\System\HJBVsHV.exe
  2⤵
  PID:4232
- C:\Windows\System\iaEMGrm.exe
  C:\Windows\System\iaEMGrm.exe
  2⤵
  PID:6148
- C:\Windows\System\BRYZhiA.exe
  C:\Windows\System\BRYZhiA.exe
  2⤵
  PID:5896
- C:\Windows\System\YYXHrJV.exe
  C:\Windows\System\YYXHrJV.exe
  2⤵
  PID:6404
- C:\Windows\System\KrrLYQv.exe
  C:\Windows\System\KrrLYQv.exe
  2⤵
  PID:6552
- C:\Windows\System\poqIzAC.exe
  C:\Windows\System\poqIzAC.exe
  2⤵
  PID:6432
- C:\Windows\System\mxQtaDV.exe
  C:\Windows\System\mxQtaDV.exe
  2⤵
  PID:6696
- C:\Windows\System\gfArwCw.exe
  C:\Windows\System\gfArwCw.exe
  2⤵
  PID:6520
- C:\Windows\System\KesBeSR.exe
  C:\Windows\System\KesBeSR.exe
  2⤵
  PID:6652
- C:\Windows\System\DeYTaXF.exe
  C:\Windows\System\DeYTaXF.exe
  2⤵
  PID:6872
- C:\Windows\System\DhwrCNL.exe
  C:\Windows\System\DhwrCNL.exe
  2⤵
  PID:6952
- C:\Windows\System\bbsYtWd.exe
  C:\Windows\System\bbsYtWd.exe
  2⤵
  PID:7020
- C:\Windows\System\qJleAvM.exe
  C:\Windows\System\qJleAvM.exe
  2⤵
  PID:7088
- C:\Windows\System\xeBnVaP.exe
  C:\Windows\System\xeBnVaP.exe
  2⤵
  PID:6984
- C:\Windows\System\fNPqdmW.exe
  C:\Windows\System\fNPqdmW.exe
  2⤵
  PID:7116
- C:\Windows\System\tcyMmgb.exe
  C:\Windows\System\tcyMmgb.exe
  2⤵
  PID:7164
- C:\Windows\System\fobmCtF.exe
  C:\Windows\System\fobmCtF.exe
  2⤵
  PID:2976
- C:\Windows\System\rvIEmyx.exe
  C:\Windows\System\rvIEmyx.exe
  2⤵
  PID:4620
- C:\Windows\System\LmFDcNB.exe
  C:\Windows\System\LmFDcNB.exe
  2⤵
  PID:980
- C:\Windows\System\JCWPasf.exe
  C:\Windows\System\JCWPasf.exe
  2⤵
  PID:6464
- C:\Windows\System\zAiYKKh.exe
  C:\Windows\System\zAiYKKh.exe
  2⤵
  PID:6420
- C:\Windows\System\HDGuuaT.exe
  C:\Windows\System\HDGuuaT.exe
  2⤵
  PID:6824
- C:\Windows\System\tWaRmcg.exe
  C:\Windows\System\tWaRmcg.exe
  2⤵
  PID:6240
- C:\Windows\System\ekeeDEQ.exe
  C:\Windows\System\ekeeDEQ.exe
  2⤵
  PID:7072
- C:\Windows\System\GpEHCEj.exe
  C:\Windows\System\GpEHCEj.exe
  2⤵
  PID:6604
- C:\Windows\System\YzQwNMq.exe
  C:\Windows\System\YzQwNMq.exe
  2⤵
  PID:6468
- C:\Windows\System\dPgvLqF.exe
  C:\Windows\System\dPgvLqF.exe
  2⤵
  PID:6808
- C:\Windows\System\MAYNOiy.exe
  C:\Windows\System\MAYNOiy.exe
  2⤵
  PID:5628
- C:\Windows\System\znqsaGA.exe
  C:\Windows\System\znqsaGA.exe
  2⤵
  PID:7148
- C:\Windows\System\wyjmMCz.exe
  C:\Windows\System\wyjmMCz.exe
  2⤵
  PID:6228
- C:\Windows\System\vQXXaLc.exe
  C:\Windows\System\vQXXaLc.exe
  2⤵
  PID:5560
- C:\Windows\System\ttmNyjQ.exe
  C:\Windows\System\ttmNyjQ.exe
  2⤵
  PID:6292
- C:\Windows\System\uXTVVHD.exe
  C:\Windows\System\uXTVVHD.exe
  2⤵
  PID:6908
- C:\Windows\System\XUrfVEl.exe
  C:\Windows\System\XUrfVEl.exe
  2⤵
  PID:6352
- C:\Windows\System\DRuVtcE.exe
  C:\Windows\System\DRuVtcE.exe
  2⤵
  PID:7172
- C:\Windows\System\JoYYBhc.exe
  C:\Windows\System\JoYYBhc.exe
  2⤵
  PID:7188
- C:\Windows\System\zpCGKSy.exe
  C:\Windows\System\zpCGKSy.exe
  2⤵
  PID:7204
- C:\Windows\System\ZQYgACa.exe
  C:\Windows\System\ZQYgACa.exe
  2⤵
  PID:7232
- C:\Windows\System\GXGkTwU.exe
  C:\Windows\System\GXGkTwU.exe
  2⤵
  PID:7248
- C:\Windows\System\mfvQCGz.exe
  C:\Windows\System\mfvQCGz.exe
  2⤵
  PID:7264
- C:\Windows\System\zERuXMz.exe
  C:\Windows\System\zERuXMz.exe
  2⤵
  PID:7280
- C:\Windows\System\hayMOhU.exe
  C:\Windows\System\hayMOhU.exe
  2⤵
  PID:7296
- C:\Windows\System\DoUPRyq.exe
  C:\Windows\System\DoUPRyq.exe
  2⤵
  PID:7312
- C:\Windows\System\eEYHSiZ.exe
  C:\Windows\System\eEYHSiZ.exe
  2⤵
  PID:7328
- C:\Windows\System\uHNXcwg.exe
  C:\Windows\System\uHNXcwg.exe
  2⤵
  PID:7348
- C:\Windows\System\bSdGkOy.exe
  C:\Windows\System\bSdGkOy.exe
  2⤵
  PID:7368
- C:\Windows\System\UxxQsbF.exe
  C:\Windows\System\UxxQsbF.exe
  2⤵
  PID:7384
- C:\Windows\System\huUfYaY.exe
  C:\Windows\System\huUfYaY.exe
  2⤵
  PID:7400
- C:\Windows\System\qhMvtAU.exe
  C:\Windows\System\qhMvtAU.exe
  2⤵
  PID:7416
- C:\Windows\System\cbDshpQ.exe
  C:\Windows\System\cbDshpQ.exe
  2⤵
  PID:7432
- C:\Windows\System\TBhhutP.exe
  C:\Windows\System\TBhhutP.exe
  2⤵
  PID:7448
- C:\Windows\System\ZBYWYMv.exe
  C:\Windows\System\ZBYWYMv.exe
  2⤵
  PID:7464
- C:\Windows\System\qMPkjGR.exe
  C:\Windows\System\qMPkjGR.exe
  2⤵
  PID:7480
- C:\Windows\System\ndutMyw.exe
  C:\Windows\System\ndutMyw.exe
  2⤵
  PID:7496
- C:\Windows\System\qFoOBRG.exe
  C:\Windows\System\qFoOBRG.exe
  2⤵
  PID:7512
- C:\Windows\System\AtAzbpC.exe
  C:\Windows\System\AtAzbpC.exe
  2⤵
  PID:7536
- C:\Windows\System\bBPiBcX.exe
  C:\Windows\System\bBPiBcX.exe
  2⤵
  PID:7552
- C:\Windows\System\nfGpibk.exe
  C:\Windows\System\nfGpibk.exe
  2⤵
  PID:7568
- C:\Windows\System\jxWfpvp.exe
  C:\Windows\System\jxWfpvp.exe
  2⤵
  PID:7584
- C:\Windows\System\yjkuywA.exe
  C:\Windows\System\yjkuywA.exe
  2⤵
  PID:7600
- C:\Windows\System\DXDHEmo.exe
  C:\Windows\System\DXDHEmo.exe
  2⤵
  PID:7616
- C:\Windows\System\MIvFiAy.exe
  C:\Windows\System\MIvFiAy.exe
  2⤵
  PID:7632
- C:\Windows\System\LYxClAo.exe
  C:\Windows\System\LYxClAo.exe
  2⤵
  PID:7648
- C:\Windows\System\DeWEYZK.exe
  C:\Windows\System\DeWEYZK.exe
  2⤵
  PID:7664
- C:\Windows\System\WEzIjCN.exe
  C:\Windows\System\WEzIjCN.exe
  2⤵
  PID:7680
- C:\Windows\System\QnaySdv.exe
  C:\Windows\System\QnaySdv.exe
  2⤵
  PID:7696
- C:\Windows\System\BQvjZNe.exe
  C:\Windows\System\BQvjZNe.exe
  2⤵
  PID:7712
- C:\Windows\System\OOWXbEz.exe
  C:\Windows\System\OOWXbEz.exe
  2⤵
  PID:7728
- C:\Windows\System\dQGRQlc.exe
  C:\Windows\System\dQGRQlc.exe
  2⤵
  PID:7744
- C:\Windows\System\VNvEHVd.exe
  C:\Windows\System\VNvEHVd.exe
  2⤵
  PID:7760
- C:\Windows\System\MlGFAhQ.exe
  C:\Windows\System\MlGFAhQ.exe
  2⤵
  PID:7776
- C:\Windows\System\rXlvJKK.exe
  C:\Windows\System\rXlvJKK.exe
  2⤵
  PID:7792
- C:\Windows\System\yzBuZfC.exe
  C:\Windows\System\yzBuZfC.exe
  2⤵
  PID:7808
- C:\Windows\System\BbBGVNS.exe
  C:\Windows\System\BbBGVNS.exe
  2⤵
  PID:7824
- C:\Windows\System\xuLplal.exe
  C:\Windows\System\xuLplal.exe
  2⤵
  PID:7840
- C:\Windows\System\VnTHtgi.exe
  C:\Windows\System\VnTHtgi.exe
  2⤵
  PID:7856
- C:\Windows\System\kydlQEc.exe
  C:\Windows\System\kydlQEc.exe
  2⤵
  PID:7872
- C:\Windows\System\ZvaeaUZ.exe
  C:\Windows\System\ZvaeaUZ.exe
  2⤵
  PID:7888
- C:\Windows\System\acaIVHI.exe
  C:\Windows\System\acaIVHI.exe
  2⤵
  PID:7904
- C:\Windows\System\sicsoPi.exe
  C:\Windows\System\sicsoPi.exe
  2⤵
  PID:7920
- C:\Windows\System\EYYkXpG.exe
  C:\Windows\System\EYYkXpG.exe
  2⤵
  PID:7936
- C:\Windows\System\eQPhBhf.exe
  C:\Windows\System\eQPhBhf.exe
  2⤵
  PID:8132
- C:\Windows\System\JkObgLI.exe
  C:\Windows\System\JkObgLI.exe
  2⤵
  PID:8152
- C:\Windows\System\jxkAXhI.exe
  C:\Windows\System\jxkAXhI.exe
  2⤵
  PID:8180
- C:\Windows\System\grXLnyr.exe
  C:\Windows\System\grXLnyr.exe
  2⤵
  PID:7240
- C:\Windows\System\IHHPZqq.exe
  C:\Windows\System\IHHPZqq.exe
  2⤵
  PID:7444
- C:\Windows\System\vVdPGZS.exe
  C:\Windows\System\vVdPGZS.exe
  2⤵
  PID:7376
- C:\Windows\System\zOwfWDb.exe
  C:\Windows\System\zOwfWDb.exe
  2⤵
  PID:7412
- C:\Windows\System\SrAUMfD.exe
  C:\Windows\System\SrAUMfD.exe
  2⤵
  PID:7544
- C:\Windows\System\ZqLQglT.exe
  C:\Windows\System\ZqLQglT.exe
  2⤵
  PID:7528
- C:\Windows\System\YUQVSJn.exe
  C:\Windows\System\YUQVSJn.exe
  2⤵
  PID:7608
- C:\Windows\System\wxhjjZs.exe
  C:\Windows\System\wxhjjZs.exe
  2⤵
  PID:7672
- C:\Windows\System\QuhpECm.exe
  C:\Windows\System\QuhpECm.exe
  2⤵
  PID:7592
- C:\Windows\System\uaOYxfK.exe
  C:\Windows\System\uaOYxfK.exe
  2⤵
  PID:7692
- C:\Windows\System\pktFUNB.exe
  C:\Windows\System\pktFUNB.exe
  2⤵
  PID:7596
- C:\Windows\System\EQBqIMP.exe
  C:\Windows\System\EQBqIMP.exe
  2⤵
  PID:7784
- C:\Windows\System\bhJJZRX.exe
  C:\Windows\System\bhJJZRX.exe
  2⤵
  PID:7864
- C:\Windows\System\VphvmXc.exe
  C:\Windows\System\VphvmXc.exe
  2⤵
  PID:7816
- C:\Windows\System\lOvcDiu.exe
  C:\Windows\System\lOvcDiu.exe
  2⤵
  PID:7932
- C:\Windows\System\BWRcXJl.exe
  C:\Windows\System\BWRcXJl.exe
  2⤵
  PID:7852
- C:\Windows\System\gTzweuG.exe
  C:\Windows\System\gTzweuG.exe
  2⤵
  PID:7992
- C:\Windows\System\kQcNkfK.exe
  C:\Windows\System\kQcNkfK.exe
  2⤵
  PID:8008
- C:\Windows\System\LDMZViE.exe
  C:\Windows\System\LDMZViE.exe
  2⤵
  PID:8024
- C:\Windows\System\IZGFvxs.exe
  C:\Windows\System\IZGFvxs.exe
  2⤵
  PID:8064
- C:\Windows\System\cGvdsHH.exe
  C:\Windows\System\cGvdsHH.exe
  2⤵
  PID:8080
- C:\Windows\System\qlBQnLH.exe
  C:\Windows\System\qlBQnLH.exe
  2⤵
  PID:8096
- C:\Windows\System\JVcMFUB.exe
  C:\Windows\System\JVcMFUB.exe
  2⤵
  PID:8040
- C:\Windows\System\XQhrmge.exe
  C:\Windows\System\XQhrmge.exe
  2⤵
  PID:8120
- C:\Windows\System\wDCYhCi.exe
  C:\Windows\System\wDCYhCi.exe
  2⤵
  PID:7016
- C:\Windows\System\MHHknts.exe
  C:\Windows\System\MHHknts.exe
  2⤵
  PID:8140
- C:\Windows\System\gxFVtZj.exe
  C:\Windows\System\gxFVtZj.exe
  2⤵
  PID:6712
- C:\Windows\System\gQeuYWY.exe
  C:\Windows\System\gQeuYWY.exe
  2⤵
  PID:6760
- C:\Windows\System\GENDiQK.exe
  C:\Windows\System\GENDiQK.exe
  2⤵
  PID:7216
- C:\Windows\System\yYKsylL.exe
  C:\Windows\System\yYKsylL.exe
  2⤵
  PID:7040
- C:\Windows\System\fsIeRKu.exe
  C:\Windows\System\fsIeRKu.exe
  2⤵
  PID:7272
- C:\Windows\System\IxEyPTa.exe
  C:\Windows\System\IxEyPTa.exe
  2⤵
  PID:7308
- C:\Windows\System\GYLTXpm.exe
  C:\Windows\System\GYLTXpm.exe
  2⤵
  PID:7324
- C:\Windows\System\rjbwXyf.exe
  C:\Windows\System\rjbwXyf.exe
  2⤵
  PID:7336
- C:\Windows\System\wHnomGJ.exe
  C:\Windows\System\wHnomGJ.exe
  2⤵
  PID:7340
- C:\Windows\System\EgBJErB.exe
  C:\Windows\System\EgBJErB.exe
  2⤵
  PID:7492
- C:\Windows\System\UsdzhxJ.exe
  C:\Windows\System\UsdzhxJ.exe
  2⤵
  PID:7476
- C:\Windows\System\qcfhYPA.exe
  C:\Windows\System\qcfhYPA.exe
  2⤵
  PID:7524
- C:\Windows\System\mLnrNKd.exe
  C:\Windows\System\mLnrNKd.exe
  2⤵
  PID:7740
- C:\Windows\System\xbUqfnD.exe
  C:\Windows\System\xbUqfnD.exe
  2⤵
  PID:7836
- C:\Windows\System\YeXKHHg.exe
  C:\Windows\System\YeXKHHg.exe
  2⤵
  PID:7880
- C:\Windows\System\nhvGFfD.exe
  C:\Windows\System\nhvGFfD.exe
  2⤵
  PID:7804
- C:\Windows\System\SBNIsgU.exe
  C:\Windows\System\SBNIsgU.exe
  2⤵
  PID:7800
- C:\Windows\System\KhlvLqu.exe
  C:\Windows\System\KhlvLqu.exe
  2⤵
  PID:7708
- C:\Windows\System\mZdJbZJ.exe
  C:\Windows\System\mZdJbZJ.exe
  2⤵
  PID:7960
- C:\Windows\System\GrgPYVM.exe
  C:\Windows\System\GrgPYVM.exe
  2⤵
  PID:7988
- C:\Windows\System\BXuDXuw.exe
  C:\Windows\System\BXuDXuw.exe
  2⤵
  PID:8020
- C:\Windows\System\jxAiGCn.exe
  C:\Windows\System\jxAiGCn.exe
  2⤵
  PID:8128
- C:\Windows\System\VoKjTUw.exe
  C:\Windows\System\VoKjTUw.exe
  2⤵
  PID:8172
- C:\Windows\System\rsGHbue.exe
  C:\Windows\System\rsGHbue.exe
  2⤵
  PID:2992
- C:\Windows\System\wYgLNmk.exe
  C:\Windows\System\wYgLNmk.exe
  2⤵
  PID:6276
- C:\Windows\System\jWGUVkk.exe
  C:\Windows\System\jWGUVkk.exe
  2⤵
  PID:7260
- C:\Windows\System\FexVwcs.exe
  C:\Windows\System\FexVwcs.exe
  2⤵
  PID:7360
- C:\Windows\System\UDDyFFx.exe
  C:\Windows\System\UDDyFFx.exe
  2⤵
  PID:7344
- C:\Windows\System\TazvKMe.exe
  C:\Windows\System\TazvKMe.exe
  2⤵
  PID:7200
- C:\Windows\System\slgklSk.exe
  C:\Windows\System\slgklSk.exe
  2⤵
  PID:7288
- C:\Windows\System\alSUbfY.exe
  C:\Windows\System\alSUbfY.exe
  2⤵
  PID:7472
- C:\Windows\System\LaqIvpF.exe
  C:\Windows\System\LaqIvpF.exe
  2⤵
  PID:7580
- C:\Windows\System\eRAgcLs.exe
  C:\Windows\System\eRAgcLs.exe
  2⤵
  PID:7896
- C:\Windows\System\awTVwHk.exe
  C:\Windows\System\awTVwHk.exe
  2⤵
  PID:7628
- C:\Windows\System\bVNBkNU.exe
  C:\Windows\System\bVNBkNU.exe
  2⤵
  PID:7772
- C:\Windows\System\tyjLfqX.exe
  C:\Windows\System\tyjLfqX.exe
  2⤵
  PID:8000
- C:\Windows\System\bJQwCGP.exe
  C:\Windows\System\bJQwCGP.exe
  2⤵
  PID:8016
- C:\Windows\System\QtvXdOh.exe
  C:\Windows\System\QtvXdOh.exe
  2⤵
  PID:8060
- C:\Windows\System\ulamyfL.exe
  C:\Windows\System\ulamyfL.exe
  2⤵
  PID:8104
- C:\Windows\System\fIUsASi.exe
  C:\Windows\System\fIUsASi.exe
  2⤵
  PID:8160
- C:\Windows\System\EeUHTFl.exe
  C:\Windows\System\EeUHTFl.exe
  2⤵
  PID:6288
- C:\Windows\System\ZPAuqMh.exe
  C:\Windows\System\ZPAuqMh.exe
  2⤵
  PID:7212
- C:\Windows\System\IgwgViT.exe
  C:\Windows\System\IgwgViT.exe
  2⤵
  PID:6568
- C:\Windows\System\uojxdsb.exe
  C:\Windows\System\uojxdsb.exe
  2⤵
  PID:7196
- C:\Windows\System\bJlAHMN.exe
  C:\Windows\System\bJlAHMN.exe
  2⤵
  PID:7736
- C:\Windows\System\rXRkskD.exe
  C:\Windows\System\rXRkskD.exe
  2⤵
  PID:8088
- C:\Windows\System\JVamBIE.exe
  C:\Windows\System\JVamBIE.exe
  2⤵
  PID:7320
- C:\Windows\System\KEDQCIq.exe
  C:\Windows\System\KEDQCIq.exe
  2⤵
  PID:7952
- C:\Windows\System\JCzOlHM.exe
  C:\Windows\System\JCzOlHM.exe
  2⤵
  PID:8196
- C:\Windows\System\katTAGY.exe
  C:\Windows\System\katTAGY.exe
  2⤵
  PID:8212
- C:\Windows\System\fMmURIo.exe
  C:\Windows\System\fMmURIo.exe
  2⤵
  PID:8228
- C:\Windows\System\eZkHhvX.exe
  C:\Windows\System\eZkHhvX.exe
  2⤵
  PID:8256
- C:\Windows\System\rvNUwqM.exe
  C:\Windows\System\rvNUwqM.exe
  2⤵
  PID:8272
- C:\Windows\System\bqhqoWH.exe
  C:\Windows\System\bqhqoWH.exe
  2⤵
  PID:8288
- C:\Windows\System\ipiuIcJ.exe
  C:\Windows\System\ipiuIcJ.exe
  2⤵
  PID:8304
- C:\Windows\System\KVsJccf.exe
  C:\Windows\System\KVsJccf.exe
  2⤵
  PID:8320
- C:\Windows\System\qgFsuDc.exe
  C:\Windows\System\qgFsuDc.exe
  2⤵
  PID:8336
- C:\Windows\System\hGuytWp.exe
  C:\Windows\System\hGuytWp.exe
  2⤵
  PID:8352
- C:\Windows\System\sqFIBxf.exe
  C:\Windows\System\sqFIBxf.exe
  2⤵
  PID:8372
- C:\Windows\System\DbOoTaq.exe
  C:\Windows\System\DbOoTaq.exe
  2⤵
  PID:8388
- C:\Windows\System\rlIcgzM.exe
  C:\Windows\System\rlIcgzM.exe
  2⤵
  PID:8404
- C:\Windows\System\SQuxySR.exe
  C:\Windows\System\SQuxySR.exe
  2⤵
  PID:8420
- C:\Windows\System\OCcyByH.exe
  C:\Windows\System\OCcyByH.exe
  2⤵
  PID:8436
- C:\Windows\System\jrNWDYW.exe
  C:\Windows\System\jrNWDYW.exe
  2⤵
  PID:8452
- C:\Windows\System\hjVdzvd.exe
  C:\Windows\System\hjVdzvd.exe
  2⤵
  PID:8468
- C:\Windows\System\fdtSdLI.exe
  C:\Windows\System\fdtSdLI.exe
  2⤵
  PID:8484
- C:\Windows\System\QYppbjc.exe
  C:\Windows\System\QYppbjc.exe
  2⤵
  PID:8500
- C:\Windows\System\VpuAYnl.exe
  C:\Windows\System\VpuAYnl.exe
  2⤵
  PID:8516
- C:\Windows\System\DadTTQI.exe
  C:\Windows\System\DadTTQI.exe
  2⤵
  PID:8532
- C:\Windows\System\WWkcfCW.exe
  C:\Windows\System\WWkcfCW.exe
  2⤵
  PID:8552
- C:\Windows\System\NQUGRdC.exe
  C:\Windows\System\NQUGRdC.exe
  2⤵
  PID:8568
- C:\Windows\System\hnvCSGM.exe
  C:\Windows\System\hnvCSGM.exe
  2⤵
  PID:8584
- C:\Windows\System\rHoWXGd.exe
  C:\Windows\System\rHoWXGd.exe
  2⤵
  PID:8600
- C:\Windows\System\fnoXjia.exe
  C:\Windows\System\fnoXjia.exe
  2⤵
  PID:8616
- C:\Windows\System\sKrWkek.exe
  C:\Windows\System\sKrWkek.exe
  2⤵
  PID:8632
- C:\Windows\System\lgivoYI.exe
  C:\Windows\System\lgivoYI.exe
  2⤵
  PID:8648
- C:\Windows\System\lURAPPH.exe
  C:\Windows\System\lURAPPH.exe
  2⤵
  PID:8664
- C:\Windows\System\aIcAMVD.exe
  C:\Windows\System\aIcAMVD.exe
  2⤵
  PID:8680
- C:\Windows\System\mcIyYWL.exe
  C:\Windows\System\mcIyYWL.exe
  2⤵
  PID:8696
- C:\Windows\System\coiuxWO.exe
  C:\Windows\System\coiuxWO.exe
  2⤵
  PID:8712
- C:\Windows\System\XEkEowF.exe
  C:\Windows\System\XEkEowF.exe
  2⤵
  PID:8732
- C:\Windows\System\ivyOjpN.exe
  C:\Windows\System\ivyOjpN.exe
  2⤵
  PID:8748
- C:\Windows\System\hPahDTT.exe
  C:\Windows\System\hPahDTT.exe
  2⤵
  PID:8764
- C:\Windows\System\Hjkuwuo.exe
  C:\Windows\System\Hjkuwuo.exe
  2⤵
  PID:8780
- C:\Windows\System\JuzDLZh.exe
  C:\Windows\System\JuzDLZh.exe
  2⤵
  PID:8796
- C:\Windows\System\KCyjmVv.exe
  C:\Windows\System\KCyjmVv.exe
  2⤵
  PID:8812
- C:\Windows\System\MAnpMRz.exe
  C:\Windows\System\MAnpMRz.exe
  2⤵
  PID:8828
- C:\Windows\System\gkdozLf.exe
  C:\Windows\System\gkdozLf.exe
  2⤵
  PID:8844
- C:\Windows\System\GUUsvPR.exe
  C:\Windows\System\GUUsvPR.exe
  2⤵
  PID:8860
- C:\Windows\System\iRFGLkU.exe
  C:\Windows\System\iRFGLkU.exe
  2⤵
  PID:8876
- C:\Windows\System\FnoWLgo.exe
  C:\Windows\System\FnoWLgo.exe
  2⤵
  PID:8892
- C:\Windows\System\cceSgTP.exe
  C:\Windows\System\cceSgTP.exe
  2⤵
  PID:8908
- C:\Windows\System\yJAeisb.exe
  C:\Windows\System\yJAeisb.exe
  2⤵
  PID:8924
- C:\Windows\System\iJFIhfz.exe
  C:\Windows\System\iJFIhfz.exe
  2⤵
  PID:8940
- C:\Windows\System\MhMIHLr.exe
  C:\Windows\System\MhMIHLr.exe
  2⤵
  PID:8956
- C:\Windows\System\ICZtFaq.exe
  C:\Windows\System\ICZtFaq.exe
  2⤵
  PID:8972
- C:\Windows\System\hbSLIbS.exe
  C:\Windows\System\hbSLIbS.exe
  2⤵
  PID:8988
- C:\Windows\System\ltDPjNR.exe
  C:\Windows\System\ltDPjNR.exe
  2⤵
  PID:9004
- C:\Windows\System\wsMNZsf.exe
  C:\Windows\System\wsMNZsf.exe
  2⤵
  PID:9020
- C:\Windows\System\YDAmGJn.exe
  C:\Windows\System\YDAmGJn.exe
  2⤵
  PID:9036
- C:\Windows\System\FVzFLjo.exe
  C:\Windows\System\FVzFLjo.exe
  2⤵
  PID:9052
- C:\Windows\System\eMQRWGk.exe
  C:\Windows\System\eMQRWGk.exe
  2⤵
  PID:9068
- C:\Windows\System\bWlxLqv.exe
  C:\Windows\System\bWlxLqv.exe
  2⤵
  PID:9084
- C:\Windows\System\wSDOEJq.exe
  C:\Windows\System\wSDOEJq.exe
  2⤵
  PID:9100
- C:\Windows\System\vpFpMhm.exe
  C:\Windows\System\vpFpMhm.exe
  2⤵
  PID:9116
- C:\Windows\System\CUtRYOz.exe
  C:\Windows\System\CUtRYOz.exe
  2⤵
  PID:9132
- C:\Windows\System\MaSWelE.exe
  C:\Windows\System\MaSWelE.exe
  2⤵
  PID:9148
- C:\Windows\System\TywCEgH.exe
  C:\Windows\System\TywCEgH.exe
  2⤵
  PID:9164
- C:\Windows\System\byMLqmd.exe
  C:\Windows\System\byMLqmd.exe
  2⤵
  PID:9180
- C:\Windows\System\fvRrBPP.exe
  C:\Windows\System\fvRrBPP.exe
  2⤵
  PID:9196
- C:\Windows\System\SfzUHol.exe
  C:\Windows\System\SfzUHol.exe
  2⤵
  PID:9212
- C:\Windows\System\kgwowVT.exe
  C:\Windows\System\kgwowVT.exe
  2⤵
  PID:8048
- C:\Windows\System\HGIyzZD.exe
  C:\Windows\System\HGIyzZD.exe
  2⤵
  PID:8148
- C:\Windows\System\kEntudJ.exe
  C:\Windows\System\kEntudJ.exe
  2⤵
  PID:8240
- C:\Windows\System\hSjdOWq.exe
  C:\Windows\System\hSjdOWq.exe
  2⤵
  PID:7768
- C:\Windows\System\UVUgGNM.exe
  C:\Windows\System\UVUgGNM.exe
  2⤵
  PID:8144
- C:\Windows\System\VHJRDDk.exe
  C:\Windows\System\VHJRDDk.exe
  2⤵
  PID:8284
- C:\Windows\System\HcIyGin.exe
  C:\Windows\System\HcIyGin.exe
  2⤵
  PID:8032
- C:\Windows\System\QbOFjno.exe
  C:\Windows\System\QbOFjno.exe
  2⤵
  PID:7396
- C:\Windows\System\VEKbUQG.exe
  C:\Windows\System\VEKbUQG.exe
  2⤵
  PID:8268
- C:\Windows\System\YjFWYoe.exe
  C:\Windows\System\YjFWYoe.exe
  2⤵
  PID:8316
- C:\Windows\System\jbzkKhp.exe
  C:\Windows\System\jbzkKhp.exe
  2⤵
  PID:8328
- C:\Windows\System\iXRFXYR.exe
  C:\Windows\System\iXRFXYR.exe
  2⤵
  PID:8384
- C:\Windows\System\ZtoUsuw.exe
  C:\Windows\System\ZtoUsuw.exe
  2⤵
  PID:8448
- C:\Windows\System\mUSKAoC.exe
  C:\Windows\System\mUSKAoC.exe
  2⤵
  PID:8368
- C:\Windows\System\DrKTCnI.exe
  C:\Windows\System\DrKTCnI.exe
  2⤵
  PID:8460
- C:\Windows\System\MeuwnHc.exe
  C:\Windows\System\MeuwnHc.exe
  2⤵
  PID:8524
- C:\Windows\System\BAdWGHm.exe
  C:\Windows\System\BAdWGHm.exe
  2⤵
  PID:8548
- C:\Windows\System\dybTcZV.exe
  C:\Windows\System\dybTcZV.exe
  2⤵
  PID:8592
- C:\Windows\System\KyKSZSq.exe
  C:\Windows\System\KyKSZSq.exe
  2⤵
  PID:8596
- C:\Windows\System\sKESwyg.exe
  C:\Windows\System\sKESwyg.exe
  2⤵
  PID:8644
- C:\Windows\System\MmAZVii.exe
  C:\Windows\System\MmAZVii.exe
  2⤵
  PID:8660
- C:\Windows\System\DJGkiwZ.exe
  C:\Windows\System\DJGkiwZ.exe
  2⤵
  PID:8720
- C:\Windows\System\lxvSHwk.exe
  C:\Windows\System\lxvSHwk.exe
  2⤵
  PID:8792
- C:\Windows\System\VcyzKfR.exe
  C:\Windows\System\VcyzKfR.exe
  2⤵
  PID:8708
- C:\Windows\System\tJuaVJN.exe
  C:\Windows\System\tJuaVJN.exe
  2⤵
  PID:8776
- C:\Windows\System\tUpdbWy.exe
  C:\Windows\System\tUpdbWy.exe
  2⤵
  PID:8884
- C:\Windows\System\zuvbRDz.exe
  C:\Windows\System\zuvbRDz.exe
  2⤵
  PID:8872
- C:\Windows\System\hoTUDuQ.exe
  C:\Windows\System\hoTUDuQ.exe
  2⤵
  PID:8904
- C:\Windows\System\scyMKnf.exe
  C:\Windows\System\scyMKnf.exe
  2⤵
  PID:8948
- C:\Windows\System\kgsJXZh.exe
  C:\Windows\System\kgsJXZh.exe
  2⤵
  PID:9012
- C:\Windows\System\CPXJRYY.exe
  C:\Windows\System\CPXJRYY.exe
  2⤵
  PID:9076
- C:\Windows\System\DqyuoXB.exe
  C:\Windows\System\DqyuoXB.exe
  2⤵
  PID:9112
- C:\Windows\System\fclRgZe.exe
  C:\Windows\System\fclRgZe.exe
  2⤵
  PID:9092
- C:\Windows\System\mxLfzPX.exe
  C:\Windows\System\mxLfzPX.exe
  2⤵
  PID:8996
- C:\Windows\System\exYHiKk.exe
  C:\Windows\System\exYHiKk.exe
  2⤵
  PID:9128
- C:\Windows\System\ygWgARm.exe
  C:\Windows\System\ygWgARm.exe
  2⤵
  PID:9172
- C:\Windows\System\luFNyln.exe
  C:\Windows\System\luFNyln.exe
  2⤵
  PID:9204
- C:\Windows\System\doJklNh.exe
  C:\Windows\System\doJklNh.exe
  2⤵
  PID:8076
- C:\Windows\System\TwKzeWh.exe
  C:\Windows\System\TwKzeWh.exe
  2⤵
  PID:7656
- C:\Windows\System\szyBuXZ.exe
  C:\Windows\System\szyBuXZ.exe
  2⤵
  PID:7408
- C:\Windows\System\OuPcbDW.exe
  C:\Windows\System\OuPcbDW.exe
  2⤵
  PID:7456
- C:\Windows\System\PZQQVYc.exe
  C:\Windows\System\PZQQVYc.exe
  2⤵
  PID:8280
- C:\Windows\System\SIwFPlA.exe
  C:\Windows\System\SIwFPlA.exe
  2⤵
  PID:8312
- C:\Windows\System\UBODrEE.exe
  C:\Windows\System\UBODrEE.exe
  2⤵
  PID:8364
- C:\Windows\System\DferYeF.exe
  C:\Windows\System\DferYeF.exe
  2⤵
  PID:8432
- C:\Windows\System\AZiqXuL.exe
  C:\Windows\System\AZiqXuL.exe
  2⤵
  PID:8540
- C:\Windows\System\mqQKtUX.exe
  C:\Windows\System\mqQKtUX.exe
  2⤵
  PID:8564
- C:\Windows\System\jwbdqOK.exe
  C:\Windows\System\jwbdqOK.exe
  2⤵
  PID:8692
- C:\Windows\System\CkngrSc.exe
  C:\Windows\System\CkngrSc.exe
  2⤵
  PID:8724
- C:\Windows\System\OcSgsCQ.exe
  C:\Windows\System\OcSgsCQ.exe
  2⤵
  PID:8676
- C:\Windows\System\cmsJDZp.exe
  C:\Windows\System\cmsJDZp.exe
  2⤵
  PID:8740
- C:\Windows\System\gpvASib.exe
  C:\Windows\System\gpvASib.exe
  2⤵
  PID:9048
- C:\Windows\System\rzGlMNe.exe
  C:\Windows\System\rzGlMNe.exe
  2⤵
  PID:9144
- C:\Windows\System\DJjLBWJ.exe
  C:\Windows\System\DJjLBWJ.exe
  2⤵
  PID:8248
- C:\Windows\System\vjsuAik.exe
  C:\Windows\System\vjsuAik.exe
  2⤵
  PID:8936
- C:\Windows\System\lgCGqKG.exe
  C:\Windows\System\lgCGqKG.exe
  2⤵
  PID:8984
- C:\Windows\System\nXyoHJY.exe
  C:\Windows\System\nXyoHJY.exe
  2⤵
  PID:8968
- C:\Windows\System\LpdCFNE.exe
  C:\Windows\System\LpdCFNE.exe
  2⤵
  PID:8236
- C:\Windows\System\MRfAldb.exe
  C:\Windows\System\MRfAldb.exe
  2⤵
  PID:8396
- C:\Windows\System\yRErYKD.exe
  C:\Windows\System\yRErYKD.exe
  2⤵
  PID:8444
- C:\Windows\System\AQnpeBh.exe
  C:\Windows\System\AQnpeBh.exe
  2⤵
  PID:8760
- C:\Windows\System\GmkbPlU.exe
  C:\Windows\System\GmkbPlU.exe
  2⤵
  PID:8640
- C:\Windows\System\ahPJOVh.exe
  C:\Windows\System\ahPJOVh.exe
  2⤵
  PID:9044
- C:\Windows\System\cNuTTOJ.exe
  C:\Windows\System\cNuTTOJ.exe
  2⤵
  PID:9064
- C:\Windows\System\UJMqWqa.exe
  C:\Windows\System\UJMqWqa.exe
  2⤵
  PID:8980
- C:\Windows\System\wgQsZes.exe
  C:\Windows\System\wgQsZes.exe
  2⤵
  PID:8840
- C:\Windows\System\kuFbeKl.exe
  C:\Windows\System\kuFbeKl.exe
  2⤵
  PID:8728
- C:\Windows\System\IJaxKQq.exe
  C:\Windows\System\IJaxKQq.exe
  2⤵
  PID:8300
- C:\Windows\System\CAONNpd.exe
  C:\Windows\System\CAONNpd.exe
  2⤵
  PID:8224
- C:\Windows\System\TotSsSs.exe
  C:\Windows\System\TotSsSs.exe
  2⤵
  PID:8868
- C:\Windows\System\ZTWFsiD.exe
  C:\Windows\System\ZTWFsiD.exe
  2⤵
  PID:9176
- C:\Windows\System\dUnphMZ.exe
  C:\Windows\System\dUnphMZ.exe
  2⤵
  PID:9220
- C:\Windows\System\HtAAVIR.exe
  C:\Windows\System\HtAAVIR.exe
  2⤵
  PID:9236
- C:\Windows\System\rjdbCst.exe
  C:\Windows\System\rjdbCst.exe
  2⤵
  PID:9252
- C:\Windows\System\gjZruNc.exe
  C:\Windows\System\gjZruNc.exe
  2⤵
  PID:9268
- C:\Windows\System\FGJUEKQ.exe
  C:\Windows\System\FGJUEKQ.exe
  2⤵
  PID:9284
- C:\Windows\System\SbmKcoi.exe
  C:\Windows\System\SbmKcoi.exe
  2⤵
  PID:9300
- C:\Windows\System\gzJjTSk.exe
  C:\Windows\System\gzJjTSk.exe
  2⤵
  PID:9316
- C:\Windows\System\aTaWWcp.exe
  C:\Windows\System\aTaWWcp.exe
  2⤵
  PID:9336
- C:\Windows\System\bgqLGeQ.exe
  C:\Windows\System\bgqLGeQ.exe
  2⤵
  PID:9352
- C:\Windows\System\QadsqBe.exe
  C:\Windows\System\QadsqBe.exe
  2⤵
  PID:9368
- C:\Windows\System\HvlgWiS.exe
  C:\Windows\System\HvlgWiS.exe
  2⤵
  PID:9384
- C:\Windows\System\hLImqbo.exe
  C:\Windows\System\hLImqbo.exe
  2⤵
  PID:9400
- C:\Windows\System\XdqKiZh.exe
  C:\Windows\System\XdqKiZh.exe
  2⤵
  PID:9416
- C:\Windows\System\LqqaEfG.exe
  C:\Windows\System\LqqaEfG.exe
  2⤵
  PID:9432
- C:\Windows\System\rbBiMNl.exe
  C:\Windows\System\rbBiMNl.exe
  2⤵
  PID:9452
- C:\Windows\System\bGwRTxC.exe
  C:\Windows\System\bGwRTxC.exe
  2⤵
  PID:9468
- C:\Windows\System\xzxLwOc.exe
  C:\Windows\System\xzxLwOc.exe
  2⤵
  PID:9484
- C:\Windows\System\TMkodck.exe
  C:\Windows\System\TMkodck.exe
  2⤵
  PID:9500
- C:\Windows\System\FPdkMVo.exe
  C:\Windows\System\FPdkMVo.exe
  2⤵
  PID:9516
- C:\Windows\System\GIfzQlP.exe
  C:\Windows\System\GIfzQlP.exe
  2⤵
  PID:9532
- C:\Windows\System\odOgXqN.exe
  C:\Windows\System\odOgXqN.exe
  2⤵
  PID:9548
- C:\Windows\System\rPHHnzh.exe
  C:\Windows\System\rPHHnzh.exe
  2⤵
  PID:9564
- C:\Windows\System\gggLJNG.exe
  C:\Windows\System\gggLJNG.exe
  2⤵
  PID:9580
- C:\Windows\System\oTRYCFq.exe
  C:\Windows\System\oTRYCFq.exe
  2⤵
  PID:9596
- C:\Windows\System\RMJXJNb.exe
  C:\Windows\System\RMJXJNb.exe
  2⤵
  PID:9612
- C:\Windows\System\ECOiUbb.exe
  C:\Windows\System\ECOiUbb.exe
  2⤵
  PID:9628
- C:\Windows\System\ojMhbCS.exe
  C:\Windows\System\ojMhbCS.exe
  2⤵
  PID:9644
- C:\Windows\System\SDLjIQN.exe
  C:\Windows\System\SDLjIQN.exe
  2⤵
  PID:9660
- C:\Windows\System\xNFRsCW.exe
  C:\Windows\System\xNFRsCW.exe
  2⤵
  PID:9676
- C:\Windows\System\jerlbVt.exe
  C:\Windows\System\jerlbVt.exe
  2⤵
  PID:9692
- C:\Windows\System\NqUFVzQ.exe
  C:\Windows\System\NqUFVzQ.exe
  2⤵
  PID:9708
- C:\Windows\System\WgCFeck.exe
  C:\Windows\System\WgCFeck.exe
  2⤵
  PID:9724
- C:\Windows\System\oyZpTTu.exe
  C:\Windows\System\oyZpTTu.exe
  2⤵
  PID:9740
- C:\Windows\System\rVIeoDa.exe
  C:\Windows\System\rVIeoDa.exe
  2⤵
  PID:9756
- C:\Windows\System\hkfuzBb.exe
  C:\Windows\System\hkfuzBb.exe
  2⤵
  PID:9772
- C:\Windows\System\yGBExUu.exe
  C:\Windows\System\yGBExUu.exe
  2⤵
  PID:9788
- C:\Windows\System\RcHCngR.exe
  C:\Windows\System\RcHCngR.exe
  2⤵
  PID:9804
- C:\Windows\System\GPksfra.exe
  C:\Windows\System\GPksfra.exe
  2⤵
  PID:9820
- C:\Windows\System\CwiqrVN.exe
  C:\Windows\System\CwiqrVN.exe
  2⤵
  PID:9836
- C:\Windows\System\tZXnhhV.exe
  C:\Windows\System\tZXnhhV.exe
  2⤵
  PID:9852
- C:\Windows\System\pTwuLFn.exe
  C:\Windows\System\pTwuLFn.exe
  2⤵
  PID:9868
- C:\Windows\System\jjgSJqY.exe
  C:\Windows\System\jjgSJqY.exe
  2⤵
  PID:9884
- C:\Windows\System\thhljBT.exe
  C:\Windows\System\thhljBT.exe
  2⤵
  PID:9900
- C:\Windows\System\zyCoWrQ.exe
  C:\Windows\System\zyCoWrQ.exe
  2⤵
  PID:9916
- C:\Windows\System\VTZlHNs.exe
  C:\Windows\System\VTZlHNs.exe
  2⤵
  PID:9932
- C:\Windows\System\azpxMXw.exe
  C:\Windows\System\azpxMXw.exe
  2⤵
  PID:9948
- C:\Windows\System\BNwiiWR.exe
  C:\Windows\System\BNwiiWR.exe
  2⤵
  PID:9964
- C:\Windows\System\ZVMVWRq.exe
  C:\Windows\System\ZVMVWRq.exe
  2⤵
  PID:9980
- C:\Windows\System\DxMvAVw.exe
  C:\Windows\System\DxMvAVw.exe
  2⤵
  PID:9996
- C:\Windows\System\QAggPDQ.exe
  C:\Windows\System\QAggPDQ.exe
  2⤵
  PID:10012
- C:\Windows\System\uGdySAa.exe
  C:\Windows\System\uGdySAa.exe
  2⤵
  PID:10048
- C:\Windows\System\uhypgnm.exe
  C:\Windows\System\uhypgnm.exe
  2⤵
  PID:10064
- C:\Windows\System\XGZjVcv.exe
  C:\Windows\System\XGZjVcv.exe
  2⤵
  PID:10080
- C:\Windows\System\FlPbppr.exe
  C:\Windows\System\FlPbppr.exe
  2⤵
  PID:10096
- C:\Windows\System\uSUHCWL.exe
  C:\Windows\System\uSUHCWL.exe
  2⤵
  PID:10112
- C:\Windows\System\fEtuzqf.exe
  C:\Windows\System\fEtuzqf.exe
  2⤵
  PID:10128
- C:\Windows\System\BzROWVc.exe
  C:\Windows\System\BzROWVc.exe
  2⤵
  PID:10144
- C:\Windows\System\CknOAWh.exe
  C:\Windows\System\CknOAWh.exe
  2⤵
  PID:10160
- C:\Windows\System\SPXhmDF.exe
  C:\Windows\System\SPXhmDF.exe
  2⤵
  PID:10176
- C:\Windows\System\UHpmQBU.exe
  C:\Windows\System\UHpmQBU.exe
  2⤵
  PID:10192
- C:\Windows\System\mmlAeVS.exe
  C:\Windows\System\mmlAeVS.exe
  2⤵
  PID:10208
- C:\Windows\System\tTgfbyQ.exe
  C:\Windows\System\tTgfbyQ.exe
  2⤵
  PID:10224
- C:\Windows\System\CrvbkXu.exe
  C:\Windows\System\CrvbkXu.exe
  2⤵
  PID:8100
- C:\Windows\System\dLLTupU.exe
  C:\Windows\System\dLLTupU.exe
  2⤵
  PID:9160
- C:\Windows\System\bJlhhLq.exe
  C:\Windows\System\bJlhhLq.exe
  2⤵
  PID:8428
- C:\Windows\System\nbAgZwx.exe
  C:\Windows\System\nbAgZwx.exe
  2⤵
  PID:9248
- C:\Windows\System\NJXXkxh.exe
  C:\Windows\System\NJXXkxh.exe
  2⤵
  PID:9264
- C:\Windows\System\ybADjHW.exe
  C:\Windows\System\ybADjHW.exe
  2⤵
  PID:9308
- C:\Windows\System\bDoPGjY.exe
  C:\Windows\System\bDoPGjY.exe
  2⤵
  PID:9344
- C:\Windows\System\jUuvycO.exe
  C:\Windows\System\jUuvycO.exe
  2⤵
  PID:9380
- C:\Windows\System\jmxaQuc.exe
  C:\Windows\System\jmxaQuc.exe
  2⤵
  PID:9448
- C:\Windows\System\HxgxGUb.exe
  C:\Windows\System\HxgxGUb.exe
  2⤵
  PID:9396
- C:\Windows\System\qnXGwTn.exe
  C:\Windows\System\qnXGwTn.exe
  2⤵
  PID:9464
- C:\Windows\System\SHMduLw.exe
  C:\Windows\System\SHMduLw.exe
  2⤵
  PID:9540
- C:\Windows\System\nSODozo.exe
  C:\Windows\System\nSODozo.exe
  2⤵
  PID:9604
- C:\Windows\System\UbabONB.exe
  C:\Windows\System\UbabONB.exe
  2⤵
  PID:9528
- C:\Windows\System\vufIrjm.exe
  C:\Windows\System\vufIrjm.exe
  2⤵
  PID:9588
- C:\Windows\System\yqqxZCm.exe
  C:\Windows\System\yqqxZCm.exe
  2⤵
  PID:9652
- C:\Windows\System\IUJpkct.exe
  C:\Windows\System\IUJpkct.exe
  2⤵
  PID:9716
- C:\Windows\System\HYNonWS.exe
  C:\Windows\System\HYNonWS.exe
  2⤵
  PID:9700
- C:\Windows\System\JJuhNzt.exe
  C:\Windows\System\JJuhNzt.exe
  2⤵
  PID:9732
- C:\Windows\System\PJqKALo.exe
  C:\Windows\System\PJqKALo.exe
  2⤵
  PID:9780
- C:\Windows\System\njYdWkH.exe
  C:\Windows\System\njYdWkH.exe
  2⤵
  PID:9796
- C:\Windows\System\WqdnSJW.exe
  C:\Windows\System\WqdnSJW.exe
  2⤵
  PID:9800
- C:\Windows\System\mnVPTlM.exe
  C:\Windows\System\mnVPTlM.exe
  2⤵
  PID:9860
- C:\Windows\System\zWFWxtK.exe
  C:\Windows\System\zWFWxtK.exe
  2⤵
  PID:9864
- C:\Windows\System\PcpeaeW.exe
  C:\Windows\System\PcpeaeW.exe
  2⤵
  PID:9944
- C:\Windows\System\nBKKMbx.exe
  C:\Windows\System\nBKKMbx.exe
  2⤵
  PID:10008
- C:\Windows\System\eBOVphA.exe
  C:\Windows\System\eBOVphA.exe
  2⤵
  PID:9988
- C:\Windows\System\nGbaYVl.exe
  C:\Windows\System\nGbaYVl.exe
  2⤵
  PID:10028
- C:\Windows\System\bXZZbVG.exe
  C:\Windows\System\bXZZbVG.exe
  2⤵
  PID:10060
- C:\Windows\System\qUjpvrK.exe
  C:\Windows\System\qUjpvrK.exe
  2⤵
  PID:10124
- C:\Windows\System\yFjhAvv.exe
  C:\Windows\System\yFjhAvv.exe
  2⤵
  PID:10188
- C:\Windows\System\OsKhlvW.exe
  C:\Windows\System\OsKhlvW.exe
  2⤵
  PID:8252
- C:\Windows\System\FjEHIWa.exe
  C:\Windows\System\FjEHIWa.exe
  2⤵
  PID:9312
- C:\Windows\System\oNNHqpU.exe
  C:\Windows\System\oNNHqpU.exe
  2⤵
  PID:10056
- C:\Windows\System\gBKBawa.exe
  C:\Windows\System\gBKBawa.exe
  2⤵
  PID:10108
- C:\Windows\System\mDkXReT.exe
  C:\Windows\System\mDkXReT.exe
  2⤵
  PID:10140
- C:\Windows\System\elluthU.exe
  C:\Windows\System\elluthU.exe
  2⤵
  PID:10236
- C:\Windows\System\CITkWBw.exe
  C:\Windows\System\CITkWBw.exe
  2⤵
  PID:9328
- C:\Windows\System\IyXTGvc.exe
  C:\Windows\System\IyXTGvc.exe
  2⤵
  PID:10044
- C:\Windows\System\GOqjQaG.exe
  C:\Windows\System\GOqjQaG.exe
  2⤵
  PID:9460
- C:\Windows\System\tnyXhaH.exe
  C:\Windows\System\tnyXhaH.exe
  2⤵
  PID:9572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EPirBGL.exe

Filesize
5.7MB

MD5
87ac84d689b7f4e866aa0c73a6c18186

SHA1
b58a7b7ce1cbdf1173bddd1bfb1107f24a0c92c9

SHA256
5984ab86dd9ef73b0e8b00fdf8bac4972f2cfcdb9308ee9c921b1ff334430df9

SHA512
7020a20f02a845cbb62552d34051797db080777f7f51ac59729413c9e046f0bce5c347c43966128f6452445a2e4ff3905593442d104d8a0098c0413223f3154b

Download Submit
C:\Windows\system\GoTBBFR.exe

Filesize
5.7MB

MD5
b8d678155c5cf239b765967257ccb1d7

SHA1
b1057357935853d8402b313d3cf95f750410006f

SHA256
0689f607664d49eab54d125b07408e7c74a86401dd65ea0e76f757818b6eb46c

SHA512
01cc346c1d06994a5a05aabd1a718a5745d266ed42b17432f846f34c6e5bce4e099f44e86f3c58fcf36b380f209e627e600e5efb5421def13ace35190bf23b0c

Download Submit
C:\Windows\system\IEuaVey.exe

Filesize
5.7MB

MD5
4aff3d23e2c1373ea62b12a65bf04e26

SHA1
b00440b9829a0629e2538895e8159ee9c22e6f01

SHA256
3e13a92157714234bb6dc48a531626028ea5fc00e9ea13053af5a87908ff21d2

SHA512
af31ac92005619c1d957a558b54d9ff07139b251b2794728b19e58aa1ffc86d66b52e7afa2c4f7f286c2b6eadb05d68f51f0f3871c79e35804263993a01c758b

Download Submit
C:\Windows\system\MLDnICL.exe

Filesize
5.7MB

MD5
5cc9268ee5a87028a1b43356319543c4

SHA1
eb8e25dd1b8d9a244e09bb571e82d203f7c52cdc

SHA256
b8cc873e0bf87e394ac0bebf171647abaa4b3f17241dcf9a747c9e4e1a4d2f75

SHA512
17bd03ff2d7ba1198f7207bc63c6e165e90b060465acb0996718651ecd0dde23bbc639e275655022cbf96490c8410035da1fc45bf54fc275f4cd85776670cede

Download Submit
C:\Windows\system\MSAARSf.exe

Filesize
5.7MB

MD5
a85ec19d58aea7da30dcd98f5a3aa9ee

SHA1
90efaeffbc8d51b2c775a1f53dfe9ad6d7f4b947

SHA256
b38ab163fde316e9e26c267c8e90536923b4c77970f3a254521b88b63b213c4a

SHA512
e23df76cc6efaa4e3880ac1be66ec134caa0da52c092554eb230e773eb9bc757a5dfdf943ac09e1567e9447854ac1b5947925ef63eba4708eca3cdd1e7926371

Download Submit
C:\Windows\system\MrdMRQR.exe

Filesize
5.7MB

MD5
94467479765fea60aa7960224d1ad0ff

SHA1
ac6d51d3ffbf50f46c1d82aec3b9c1bdfee36771

SHA256
7ee8dac8a6636e4ac6df797648ca52297df9b8db40604781b8a164c223d4b749

SHA512
73fae7c463b999a2f8856a9231c96bcffa0ec0ccc6fed128466fcc069dbc0741f5cfaa4841b4306b90e64aca849f2f045dad4a22b51fd4b976fb00c2501e87a1

Download Submit
C:\Windows\system\OkEfIKB.exe

Filesize
5.7MB

MD5
cd6d2f7844639fa818c6283132a906b0

SHA1
29faf1ad7ff8025e46517d4faf0aba39ea2586d5

SHA256
fd579a9c30259fe9b039bcfce0129b0a0be49410bd6f5945abedc4244b6c3edc

SHA512
40ca2fae7ff6034fbdcdf09faeaf795b629467f204c37feb956f272372f3eccb2474bc31e099d022afb7f42c647681cf8a4346a5c631bd7d94e82ff1bba1bc1e

Download Submit
C:\Windows\system\QvWqapj.exe

Filesize
5.7MB

MD5
80b208af906bc97aff86626da7af27da

SHA1
c3e0ebecd235bb93aff3e00794c5e55b037958fd

SHA256
d0adae71504e0e4a208dfb32a32f9924a5c0fa4beae0dce5c154574b3516c7af

SHA512
daedb0a42629f30b099e985cb4564976839c00c3f3a0a90fdcd9f0bd1983b488473c3ccb0f72781ff31d22f26c2bc9cbd9ebc619eebf45a11a05c424a53bda2a

Download Submit
C:\Windows\system\RHjEJNA.exe

Filesize
5.7MB

MD5
791598eab5be1b5afd3b4f5418192803

SHA1
ff18b0a57a2ebb7656820a60c58103b27d4f9f28

SHA256
c9275b54b581cbc178be1df622b5c53d4269a632652d769c23ec8759ddab0bf7

SHA512
e3721d54d533138baf50128524499a4d60ac4acb1cebc6ea6a39357f66eb218d432f49e508b00738a23d51d6198aeef8bec3b8826804e45257d9f617b238a8bf

Download Submit
C:\Windows\system\TIbCsEr.exe

Filesize
5.7MB

MD5
49249a2072ac143410661173771e7149

SHA1
704d17285296b91d59c84e717741c360243c18ee

SHA256
c563f1acccfa106153c902f71b333560ed0a424cbe2ccec383459fb568173445

SHA512
249aa859b505392aa5688f9f54b2204b04a87cfbd6b0df3e5dc600c0dd7f3c66d98c232fda160322f3bc0818851d5b6774ac86308634be0536460cec70ada020

Download Submit
C:\Windows\system\UCyJDwD.exe

Filesize
5.7MB

MD5
ab07ac044c2c3f743c0493b89dd4f23c

SHA1
da566f4fcfb65fefe049b95279b910fcafa2c9ee

SHA256
5ce5faf85861c36fa1ddae9b58619e0664f6be11d0f141ec14fe03f2053a1ffe

SHA512
fc2ace74f7a67d153af9f2c4a7a90ef7e1d8c59df751aa852ea5c14c289eb72980fcbb11502cb05448889a8850569e894b96e8d1f86239a0644ea9501cee36b4

Download Submit
C:\Windows\system\UeHARuz.exe

Filesize
5.7MB

MD5
e58e460976dd2910bab6d1d4d1f9ccdd

SHA1
b8e689ab64bfed116204f68e4b7466ae439dab94

SHA256
5bff92f334cf24fe75462cc620d496cd14565db2886b1d499a76e0034e575acf

SHA512
3d9576f609d8f08fc4dd703ac79ceeccbdeaf764868c9ce211c3b74faa1cceca684a34561ad7048c1b5cdfb2262e2c9a18e39b123584fa0989a37ba4ef040d3c

Download Submit
C:\Windows\system\beSLOJs.exe

Filesize
5.7MB

MD5
f7c131f02d835be01dfcb1af05e56fc0

SHA1
f5f624099ea467649134e9727ab05e76ec3c227b

SHA256
2502b5989229d32ac825d40d01d78dd18e1d23f212b025e25bf9202899d2d172

SHA512
aa370be7772b53eec8a05dc224cda7cb8200449a0fae7b2a9b186626c5a12384eb74f29970aba85dc3b94f4cd2ea7861014e39d72150c306363c1615b574540f

Download Submit
C:\Windows\system\cjwFpqu.exe

Filesize
5.7MB

MD5
da10f70f8bddb0c0ab6d129d46fe04d4

SHA1
4bbf713e4670ba12a9c2bb8ea5db356542019b07

SHA256
519d4676d0b49cd1fc0c53a237eb4eeb6a3871127c49d45e033c79263b2be42f

SHA512
d9024319b680c131eb687bf02f0cd18136cef8c58afa515c394824d632369a1dadc83b9af403071d52dd711f145c181182d728a2b6bc0414d62841dc6a0367bc

Download Submit
C:\Windows\system\dlYGirb.exe

Filesize
5.7MB

MD5
436d38a453f24875700fd32e7eadb09e

SHA1
a62095bf79e96ecde7e58cd0006aa7a41299fff9

SHA256
2fdf8cb0c74bab9d48da2fb655b70844ab58123dfc55b0f9c41de3c7187a94f8

SHA512
54880bfc44cbd515dbd741a885999b8b0994c15e8bf676af60e5cb353370162013a34c0de42bb1d8f0f53d243168517dcde53949c7a929e7462e3dbb63e1c5aa

Download Submit
C:\Windows\system\eAYaQFW.exe

Filesize
5.7MB

MD5
8bfcc77b5561bc1606dea11bc0b067ee

SHA1
73c2df1a0bdcef0a097b11b66726664ca494f79b

SHA256
bd074d483aea241a3b26807c8f9e7edf46be0d7077ed0a49afff360b10acc8b7

SHA512
f9286bf4fb22d62839b2338b75a5552357e00901be62a0d54533c4c4c46d1308c2184e3909517746573dd9a7f6a1b77046661e0d83294ac5c390d8aa36eb972b

Download Submit
C:\Windows\system\foilEyD.exe

Filesize
5.7MB

MD5
4d12a7b1b3b5cb894880ed04887ec7c8

SHA1
af01a9da290b0bddf72155a6db994d8bf44c8e31

SHA256
b4b574dca798ccf147e612c5c41980227fa6b339e7bc47e3df27e746693adbcf

SHA512
36ffd5b27cba78b063e87137a537555ef6572bd1c009123dd9619770ddbb3e7ee22b7e70e223a8a42f6969e1afd1f2164a6acdb9b8cdd6b4dbaf6fcf9d80758c

Download Submit
C:\Windows\system\jidPFmP.exe

Filesize
5.7MB

MD5
67c380bc4408ef023512d1152ffecaf3

SHA1
f3f32e62e2c4312aac0406c01ff25eadd3049e35

SHA256
bba6ec255f6db8b8aad523bfe2b32968e28c22a67bcbdc402ec62bcfc4351b5d

SHA512
a649f6b1b5986eb3563171135f51e368004a43d51a439a1c5140b829615c63b371d7cefa1bfa109126167f79b140237da3fc380d2328aca59509f361ecfc7d8c

Download Submit
C:\Windows\system\kIveeCO.exe

Filesize
5.7MB

MD5
ad7c34724706afbb398cc1980b83d808

SHA1
3416499e2c7918344e6f88b685f64863cf3f370d

SHA256
de431e7ff306d51cdc5c911aa93074b65351451d988e63403981a15815fc9e34

SHA512
5e54574eca3de4d794edf6642fc6878910a8787c55e54bde4a0268b740340c7c9a773896d99cef4f9722d682a0ebafa6c82f4a58907b4009b8a772a96d9bb0fd

Download Submit
C:\Windows\system\kRxTZMC.exe

Filesize
5.7MB

MD5
417719477989fd4d85d4442c85c65f83

SHA1
22326248dedbc1c96d8d6370c1c7c5d8e780140b

SHA256
213b26327964c805101b988a8fc06b3090d045c5cdcd64846d71975d70f4008c

SHA512
53bb2942848c483f95070f5d97f244825d2bc5dcb2c0e8c9e4d0a4afea528d0cc67c42a8454c11f53c7430f27ddf10b5422350064697850cefb41e527f8c4253

Download Submit
C:\Windows\system\kUzVVLW.exe

Filesize
5.7MB

MD5
e770a5e6cae77d06c8fa2a43598655e9

SHA1
6e65254546167868e0c7365d3e3fbefa4b5bc591

SHA256
ed12c4316832466641020da537e4e60320f9effb91a5dd7469553bf27c4905b3

SHA512
9db2305f1f140aef2a6dd61cfe4f80f01f4259ec555c918c77c75f000e60b48a134e4e594c0c7c6cbcf1c99b1addc86df32796b099adba8691a78db02a32b1ce

Download Submit
C:\Windows\system\pXhWJJp.exe

Filesize
5.7MB

MD5
744758fe573d1a6bd80416bdf5442b8c

SHA1
033781946e598393a0d9bfabb8240d99e6d2a783

SHA256
db3e6fa5e5a8cc87e80df484fb2c5ffd6c168f0e84b6d54ac4fe78c4d75ea3a2

SHA512
38b087bf0ab3299af51df58eac8af2b6edad35d93d0cd684a669d02232cd791e6df55627bc0a75b9f3c10f0941aaba4448bc9473aaca02be11f0122b547bf0f8

Download Submit
C:\Windows\system\rjjwahp.exe

Filesize
5.7MB

MD5
0aca7f52c7068b3f2047133bb5ac1f4d

SHA1
efc73ea6f01539d3aa8c69d7348bce4077d47877

SHA256
ce3799bf2c863b909ddefbef3a7f737ed6b68600ff420c1e5c2c21d3a637b801

SHA512
97517ef507c5ad705e1cb48975f41b765e86b4457735972dc62718a3e807e760e91bb7a257dbe8c8f8eec2943505d3cad67e4250e9522b176be417aef868d933

Download Submit
C:\Windows\system\tMgVrEz.exe

Filesize
5.7MB

MD5
7031e2463aace01771204e1b85b2c0ce

SHA1
fc5d2b7f78f342ae3721c06ba5fa6ba77377612e

SHA256
5d3441bf564b68a594ca7b8945d5a6c2ac1be2b82e92d8533269cf570aac818f

SHA512
658f582a8dd3054d15f343f8e2202b2f19915f74030e218f7056ea915cca18dacf9d99e70075cda35742bde027d9b87d297a1018cc113e51bbe538de443ed11d

Download Submit
C:\Windows\system\tbQYeKH.exe

Filesize
5.7MB

MD5
2202bbf501bb141fe1a09789ed94435f

SHA1
37673e94c7379a7b147ffc305fd291bc22868796

SHA256
f7a00de382ae819a2c728c48abb024779119201c65e6e51a6308973b4334a88a

SHA512
a40a46108a99b6a5512c883c58bd25ccec89d80db31e74d2ff64b697a97ccc994df7ca77c1a8de3ce6ef2f885c916482518eec1d84eca02a744d588fd2ecbbb0

Download Submit
C:\Windows\system\uILpvcj.exe

Filesize
5.7MB

MD5
99cbf29394e429e8f2b13615f5c1cdfa

SHA1
0abb7976479f8990e8b59f1c301a25f360b06038

SHA256
3122c38572e18ec10cdc130dd895600a33cf8d31d95463a04bb57f1ac9f0e4ff

SHA512
b11062b1da2b42cbf37da40a8e7026bbfa043b9d88866f3c43aa9eb32cf30367e228f50d5f3d0778e2a5a057e0cdf762188ecb54effcfb535e68f0438a311913

Download Submit
C:\Windows\system\wSnZWdT.exe

Filesize
5.7MB

MD5
108bc4b0874a3ef535f6f4e826725e16

SHA1
9569e18d6bba04ae800add58cbf2d6f35b3533d9

SHA256
06fb6a3fc20b1b77285176950b67a0e20ac08f46156535b5648e6f28708709e3

SHA512
078626426674f3103ed9943325ee5074b87035528d2a04416439e527c7d0c7484d6d84e695f7fbc47dbf0ede3b7a570a614b7aff0900ed773e5e05b349d9bd71

Download Submit
C:\Windows\system\xxjEiZC.exe

Filesize
5.7MB

MD5
4950d15328aec6c315bfbb7670869b63

SHA1
0af501beaa22f760ced61a0bdf974ad5ea4c33ef

SHA256
f595e606a165f2a431a42646c51300a6fc9a5e788bf98219e98919ed8aab2a3f

SHA512
dab8b40c8637ded2c079d7e8fc7bbbd611a0fb686ab2d1d2e3f0b82d4a432894f5a7f00cdcfd647aa295f69a0e9cc7274bfc91dc148b5f3d2e58b229118ea58e

Download Submit
\Windows\system\IiGhPqZ.exe

Filesize
5.7MB

MD5
bf0ca753b04481cbb3049699e8fa6469

SHA1
51f2779dbeed31b535ea218b22e5e47bd5877339

SHA256
284622fe017010f09232f60647507cde85204a39b7b53eaafb216cd3d5c6528b

SHA512
727cb0444e9f3451b3ee8e865675d9e0f3dde4c11901a1a47805589861ad52b7813bdf621b29787dea6a5e8e486b5af84122870b2b576cfb062c364bed90467b

Download Submit
\Windows\system\LmedUPp.exe

Filesize
5.7MB

MD5
4cec68a7a9db3b0745b5f63fb648dc02

SHA1
5728fc22377152b0e05afcd3853f7c34ed7d0f4f

SHA256
4091863cc37193e5eb26ae226f5a138ff0e69c359e68a041449c06fd0848793e

SHA512
ac08042a10e89f1bf9cb0a6bcf7b9a952a4c8565e6d2389d8298a7e1333d94b033ea3da27d6eed36a6f8fea54aca76b3ed8af9cb4ca4892b2dad350cca93e837

Download Submit
\Windows\system\krEZTLN.exe

Filesize
5.7MB

MD5
17154b62f62a5febbf92c87d11e67bff

SHA1
2118798012c5aaf44310ff7f73c43799ea5f19fb

SHA256
6fa07a316c35ef0931be565f8ecbf520174861a7a1d8d426dfdca219c8020cc7

SHA512
921b59c101166068fa5f7dc5d13537e23b851e258bc2043e9c74389da6f95fbd665dc3a7cbd5f75fa9f6dc18729b6bd50774b49cfaf166c291f75aab5d7ad933

Download Submit
\Windows\system\nLPGEwz.exe

Filesize
5.7MB

MD5
1667a2320f95adfc64b95a699e89910b

SHA1
5fd5d820a734e8e597e256d3e8acf1b9adfa6259

SHA256
65d105a9765e4e2471c380fd2ba89929a8d08bb307c1f9f26a1a762d1966d885

SHA512
ac703d09a311593c14f5eb89a0df69cbdb3c37998906da8b75c147ce47c8ec32fcc6e62c4e5258d389cb3fb79040f052bb11a8f153d764f4fa57e481a2950560

Download Submit
\Windows\system\zGxcWZd.exe

Filesize
5.7MB

MD5
5cb7374f5fd8afa51aa6e984c7550923

SHA1
14d7582f99e6c71dc93949a8c1c8fe2b264ff9c8

SHA256
219163f4f8552f636eb5e53548bc03d869823fc7d43c8c2a80f83f62635e1891

SHA512
6219c7794381a6567d5d09f8bc95e31f2ba1389d9cc6dede21b9d56d61bf8b4883327c2c950addd035185fde7c6a74123f469e37e6b5623d11fee6666af1446d

Download Submit
memory/484-187-0x000000013FB40000-0x000000013FE8D000-memory.dmp

Filesize
3.3MB

Download
memory/620-123-0x000000013F8C0000-0x000000013FC0D000-memory.dmp

Filesize
3.3MB

Download
memory/628-190-0x000000013F720000-0x000000013FA6D000-memory.dmp

Filesize
3.3MB

Download
memory/768-207-0x000000013F7B0000-0x000000013FAFD000-memory.dmp

Filesize
3.3MB

Download
memory/1092-99-0x000000013F920000-0x000000013FC6D000-memory.dmp

Filesize
3.3MB

Download
memory/1124-168-0x000000013F330000-0x000000013F67D000-memory.dmp

Filesize
3.3MB

Download
memory/1184-180-0x000000013F550000-0x000000013F89D000-memory.dmp

Filesize
3.3MB

Download
memory/1356-194-0x000000013F7F0000-0x000000013FB3D000-memory.dmp

Filesize
3.3MB

Download
memory/1608-141-0x000000013F6B0000-0x000000013F9FD000-memory.dmp

Filesize
3.3MB

Download
memory/1692-189-0x000000013F690000-0x000000013F9DD000-memory.dmp

Filesize
3.3MB

Download
memory/1848-117-0x000000013FA70000-0x000000013FDBD000-memory.dmp

Filesize
3.3MB

Download
memory/1908-87-0x000000013F830000-0x000000013FB7D000-memory.dmp

Filesize
3.3MB

Download
memory/1980-57-0x000000013F260000-0x000000013F5AD000-memory.dmp

Filesize
3.3MB

Download
memory/2112-7-0x000000013F5C0000-0x000000013F90D000-memory.dmp

Filesize
3.3MB

Download
memory/2116-0-0x000000013F2F0000-0x000000013F63D000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/2176-81-0x000000013FFF0000-0x000000014033D000-memory.dmp

Filesize
3.3MB

Download
memory/2188-147-0x000000013FBC0000-0x000000013FF0D000-memory.dmp

Filesize
3.3MB

Download
memory/2196-159-0x000000013F290000-0x000000013F5DD000-memory.dmp

Filesize
3.3MB

Download
memory/2256-21-0x000000013F850000-0x000000013FB9D000-memory.dmp

Filesize
3.3MB

Download
memory/2364-111-0x000000013F970000-0x000000013FCBD000-memory.dmp

Filesize
3.3MB

Download
memory/2636-69-0x000000013F460000-0x000000013F7AD000-memory.dmp

Filesize
3.3MB

Download
memory/2712-39-0x000000013F5E0000-0x000000013F92D000-memory.dmp

Filesize
3.3MB

Download
memory/2832-129-0x000000013FF40000-0x000000014028D000-memory.dmp

Filesize
3.3MB

Download
memory/2840-105-0x000000013F4B0000-0x000000013F7FD000-memory.dmp

Filesize
3.3MB

Download
memory/2848-27-0x000000013F990000-0x000000013FCDD000-memory.dmp

Filesize
3.3MB

Download
memory/2880-33-0x000000013F900000-0x000000013FC4D000-memory.dmp

Filesize
3.3MB

Download
memory/2884-63-0x000000013FDB0000-0x00000001400FD000-memory.dmp

Filesize
3.3MB

Download
memory/2896-45-0x000000013F020000-0x000000013F36D000-memory.dmp

Filesize
3.3MB

Download
memory/2904-50-0x000000013F680000-0x000000013F9CD000-memory.dmp

Filesize
3.3MB

Download
memory/2936-153-0x000000013F490000-0x000000013F7DD000-memory.dmp

Filesize
3.3MB

Download
memory/2964-135-0x000000013FF10000-0x000000014025D000-memory.dmp

Filesize
3.3MB

Download
memory/3064-75-0x000000013F520000-0x000000013F86D000-memory.dmp

Filesize
3.3MB

Download