cobaltstrike | ab99d8b60a0cd500d05ac1d0dc90bb3a643c7165be3b956160ec9feb72f71ac2

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e8f173aed5a242f6efef20e6c2f293d8
SHA1

9fc3b381ecd2d4e5d3668707801c6c8297399cf5
SHA256

ab99d8b60a0cd500d05ac1d0dc90bb3a643c7165be3b956160ec9feb72f71ac2
SHA512

7e074f06aecc4eb27e86c7ae54b7c504227e805122155aab1cb992ee7bc96123c56783c5065a270fccfff7018838ef94c87cddd5871bf4daf9516f05737c1731
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUR:T+q56utgpPF8u/7R

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d00000001226b-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f81-11.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001612f-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016307-21.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000164c8-26.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001658c-30.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001662e-36.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd1-45.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ea4-57.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eca-60.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001706d-72.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017472-96.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017487-102.dat	cobalt_reflective_dll
behavioral1/files/0x000d00000001866e-126.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-156.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018792-141.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-163.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-153.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-144.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017525-113.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018687-125.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018663-116.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a2-107.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fc-93.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f1-82.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f4-87.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173da-78.dat	cobalt_reflective_dll
behavioral1/files/0x0033000000015db1-67.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd7-50.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016855-40.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 51 IoCs

miner

resource	yara_rule
behavioral1/memory/2496-0-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x000d00000001226b-6.dat	xmrig
behavioral1/files/0x0008000000015f81-11.dat	xmrig
behavioral1/files/0x000800000001612f-12.dat	xmrig
behavioral1/files/0x0007000000016307-21.dat	xmrig
behavioral1/files/0x00070000000164c8-26.dat	xmrig
behavioral1/files/0x000700000001658c-30.dat	xmrig
behavioral1/files/0x000900000001662e-36.dat	xmrig
behavioral1/files/0x0006000000016dd1-45.dat	xmrig
behavioral1/files/0x0006000000016ea4-57.dat	xmrig
behavioral1/files/0x0006000000016eca-60.dat	xmrig
behavioral1/files/0x000600000001706d-72.dat	xmrig
behavioral1/files/0x0006000000017472-96.dat	xmrig
behavioral1/files/0x0006000000017487-102.dat	xmrig
behavioral1/files/0x000d00000001866e-126.dat	xmrig
behavioral1/files/0x00060000000190e0-156.dat	xmrig
behavioral1/files/0x000600000001903b-147.dat	xmrig
behavioral1/files/0x0005000000018792-141.dat	xmrig
behavioral1/files/0x0006000000018c26-137.dat	xmrig
behavioral1/files/0x00050000000191d4-163.dat	xmrig
behavioral1/files/0x00060000000190ce-153.dat	xmrig
behavioral1/files/0x0006000000018f53-144.dat	xmrig
behavioral1/files/0x0006000000017525-113.dat	xmrig
behavioral1/files/0x0006000000018c1a-134.dat	xmrig
behavioral1/files/0x0005000000018687-125.dat	xmrig
behavioral1/files/0x0014000000018663-116.dat	xmrig
behavioral1/files/0x00060000000174a2-107.dat	xmrig
behavioral1/files/0x00060000000173fc-93.dat	xmrig
behavioral1/files/0x00060000000173f1-82.dat	xmrig
behavioral1/files/0x00060000000173f4-87.dat	xmrig
behavioral1/files/0x00060000000173da-78.dat	xmrig
behavioral1/files/0x0033000000015db1-67.dat	xmrig
behavioral1/files/0x0006000000016dd7-50.dat	xmrig
behavioral1/files/0x0008000000016855-40.dat	xmrig
behavioral1/memory/2784-1822-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2712-2222-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2872-2515-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2652-2585-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2496-2587-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/1996-2590-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2956-2591-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/960-2602-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2496-3291-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2496-3556-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2956-3983-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2872-3986-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2712-3987-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/1996-3988-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/960-3989-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2784-3985-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2652-3984-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2804	SjjoCPn.exe
2680	xqbzAbS.exe
2784	EmPTkAo.exe
2712	yONQmbv.exe
2872	yUGqVVV.exe
2072	tFoLHbm.exe
2580	hLHvSGM.exe
2544	rZFfqJY.exe
2652	xsuJDpq.exe
1996	MmSBzBu.exe
2956	llbiQCR.exe
960	bsDNRYh.exe
2112	hSqCNcf.exe
1680	Wiyrqet.exe
1672	CjWqbzQ.exe
1348	OhRolRr.exe
2864	wEhtbVi.exe
1052	ChnszoU.exe
1144	bTpgFqA.exe
2892	AlfOAtX.exe
2876	WFnMSqx.exe
2592	QLQWYWc.exe
2236	XtOaTgK.exe
2192	RQjtJVS.exe
536	tEFgYaE.exe
1952	cgnjSVQ.exe
2168	FUrDJVN.exe
1908	EhTdyDh.exe
1160	djLgCyT.exe
2340	SrUxMky.exe
976	KHlZyXY.exe
1916	LqGzNxI.exe
2184	tKLmAaC.exe
2224	dODWQPi.exe
716	lzrDWUU.exe
848	ZXvluqu.exe
1852	BZrGDAt.exe
1112	npNTuCm.exe
3008	eiZevvL.exe
1536	UMgyeCU.exe
1764	VLmaMKy.exe
892	OJxnVHH.exe
1716	NVBaYcx.exe
1972	wBfVsCh.exe
604	xbqGhPI.exe
1788	GlbeSfk.exe
2508	GoUPZkY.exe
2392	jMBXeTi.exe
2964	KBYgscg.exe
2924	xWYJzHg.exe
2884	YFINlgk.exe
2952	flNKpyb.exe
1152	vyYDZBY.exe
1664	fHnjVXS.exe
1796	fdcSEEb.exe
2448	YNDLMuT.exe
2612	deqRwfB.exe
2616	inViIEp.exe
1608	jZwGmEg.exe
2756	unXIVyq.exe
2100	qUKxGFs.exe
1352	oGVLYxf.exe
2556	MsoVzxi.exe
1584	IXmpRMU.exe

Loads dropped DLL 64 IoCs

pid	Process
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 49 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2496-0-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x000d00000001226b-6.dat	upx
behavioral1/files/0x0008000000015f81-11.dat	upx
behavioral1/files/0x000800000001612f-12.dat	upx
behavioral1/files/0x0007000000016307-21.dat	upx
behavioral1/files/0x00070000000164c8-26.dat	upx
behavioral1/files/0x000700000001658c-30.dat	upx
behavioral1/files/0x000900000001662e-36.dat	upx
behavioral1/files/0x0006000000016dd1-45.dat	upx
behavioral1/files/0x0006000000016ea4-57.dat	upx
behavioral1/files/0x0006000000016eca-60.dat	upx
behavioral1/files/0x000600000001706d-72.dat	upx
behavioral1/files/0x0006000000017472-96.dat	upx
behavioral1/files/0x0006000000017487-102.dat	upx
behavioral1/files/0x000d00000001866e-126.dat	upx
behavioral1/files/0x00060000000190e0-156.dat	upx
behavioral1/files/0x000600000001903b-147.dat	upx
behavioral1/files/0x0005000000018792-141.dat	upx
behavioral1/files/0x0006000000018c26-137.dat	upx
behavioral1/files/0x00050000000191d4-163.dat	upx
behavioral1/files/0x00060000000190ce-153.dat	upx
behavioral1/files/0x0006000000018f53-144.dat	upx
behavioral1/files/0x0006000000017525-113.dat	upx
behavioral1/files/0x0006000000018c1a-134.dat	upx
behavioral1/files/0x0005000000018687-125.dat	upx
behavioral1/files/0x0014000000018663-116.dat	upx
behavioral1/files/0x00060000000174a2-107.dat	upx
behavioral1/files/0x00060000000173fc-93.dat	upx
behavioral1/files/0x00060000000173f1-82.dat	upx
behavioral1/files/0x00060000000173f4-87.dat	upx
behavioral1/files/0x00060000000173da-78.dat	upx
behavioral1/files/0x0033000000015db1-67.dat	upx
behavioral1/files/0x0006000000016dd7-50.dat	upx
behavioral1/files/0x0008000000016855-40.dat	upx
behavioral1/memory/2784-1822-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2712-2222-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2872-2515-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2652-2585-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/1996-2590-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2956-2591-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/960-2602-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2496-3291-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2956-3983-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2872-3986-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2712-3987-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/1996-3988-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/960-3989-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2784-3985-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2652-3984-0x000000013F840000-0x000000013FB94000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\AEsVXzE.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CiRTVaJ.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eOxeqHz.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbhHaID.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cvhGaEw.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AUZQHBZ.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BgtvENA.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nBvyBno.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OUpImeH.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wBfVsCh.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GXUhnYb.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZzQkQTG.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aaLfOxD.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kNxoHKB.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yYGaqnU.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jYWQPlO.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dBeXDAX.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SiUYFJX.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AWdihZn.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KoqMpXj.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FIFBfsV.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tpNwwJo.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hjCymKd.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mcGVsyN.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OyxaqPe.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bMvxvIA.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VQtZmEq.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BpjajoH.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qYmezBm.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oWXwdxt.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YEXAMYR.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LiAHkip.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hgPJQhs.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\reCKCbJ.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RLrUSci.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fnGPCrF.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jNSxXUc.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EdFvWQb.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZLUoztQ.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hBfAAZR.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TxpagCz.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjIdabY.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QDHTgtW.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RTQffpU.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pqLcVNy.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lzaZGrE.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TWriOIc.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yfvQuVy.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gfafTAP.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wSDCawC.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vBTgNdw.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ufpizdu.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMrssYP.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PPViIBU.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTLdmRI.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rpkqsuY.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wEcCGLJ.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NYJOqnn.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MFZenuy.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bRJxglu.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NCWiKfi.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VMgwsqd.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rlWzuxn.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aeZlcOR.exe	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2804	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2496 wrote to memory of 2804	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2496 wrote to memory of 2804	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2496 wrote to memory of 2680	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2496 wrote to memory of 2680	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2496 wrote to memory of 2680	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2496 wrote to memory of 2784	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2496 wrote to memory of 2784	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2496 wrote to memory of 2784	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2496 wrote to memory of 2712	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2496 wrote to memory of 2712	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2496 wrote to memory of 2712	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2496 wrote to memory of 2872	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2496 wrote to memory of 2872	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2496 wrote to memory of 2872	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2496 wrote to memory of 2072	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2496 wrote to memory of 2072	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2496 wrote to memory of 2072	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2496 wrote to memory of 2580	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2496 wrote to memory of 2580	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2496 wrote to memory of 2580	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2496 wrote to memory of 2544	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2496 wrote to memory of 2544	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2496 wrote to memory of 2544	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2496 wrote to memory of 2652	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2496 wrote to memory of 2652	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2496 wrote to memory of 2652	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2496 wrote to memory of 1996	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2496 wrote to memory of 1996	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2496 wrote to memory of 1996	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2496 wrote to memory of 2956	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2496 wrote to memory of 2956	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2496 wrote to memory of 2956	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2496 wrote to memory of 960	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2496 wrote to memory of 960	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2496 wrote to memory of 960	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2496 wrote to memory of 2112	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2496 wrote to memory of 2112	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2496 wrote to memory of 2112	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2496 wrote to memory of 1680	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2496 wrote to memory of 1680	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2496 wrote to memory of 1680	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2496 wrote to memory of 1672	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2496 wrote to memory of 1672	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2496 wrote to memory of 1672	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2496 wrote to memory of 1348	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2496 wrote to memory of 1348	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2496 wrote to memory of 1348	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2496 wrote to memory of 2864	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2496 wrote to memory of 2864	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2496 wrote to memory of 2864	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2496 wrote to memory of 1052	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2496 wrote to memory of 1052	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2496 wrote to memory of 1052	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2496 wrote to memory of 1144	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2496 wrote to memory of 1144	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2496 wrote to memory of 1144	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2496 wrote to memory of 2892	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2496 wrote to memory of 2892	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2496 wrote to memory of 2892	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2496 wrote to memory of 2876	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2496 wrote to memory of 2876	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2496 wrote to memory of 2876	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2496 wrote to memory of 2592	2496	2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_e8f173aed5a242f6efef20e6c2f293d8_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Windows\System\SjjoCPn.exe
  C:\Windows\System\SjjoCPn.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\xqbzAbS.exe
  C:\Windows\System\xqbzAbS.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\EmPTkAo.exe
  C:\Windows\System\EmPTkAo.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\yONQmbv.exe
  C:\Windows\System\yONQmbv.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\yUGqVVV.exe
  C:\Windows\System\yUGqVVV.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\tFoLHbm.exe
  C:\Windows\System\tFoLHbm.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\hLHvSGM.exe
  C:\Windows\System\hLHvSGM.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\rZFfqJY.exe
  C:\Windows\System\rZFfqJY.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\xsuJDpq.exe
  C:\Windows\System\xsuJDpq.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\MmSBzBu.exe
  C:\Windows\System\MmSBzBu.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\llbiQCR.exe
  C:\Windows\System\llbiQCR.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\bsDNRYh.exe
  C:\Windows\System\bsDNRYh.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\hSqCNcf.exe
  C:\Windows\System\hSqCNcf.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\Wiyrqet.exe
  C:\Windows\System\Wiyrqet.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\CjWqbzQ.exe
  C:\Windows\System\CjWqbzQ.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\OhRolRr.exe
  C:\Windows\System\OhRolRr.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\wEhtbVi.exe
  C:\Windows\System\wEhtbVi.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\ChnszoU.exe
  C:\Windows\System\ChnszoU.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\bTpgFqA.exe
  C:\Windows\System\bTpgFqA.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\AlfOAtX.exe
  C:\Windows\System\AlfOAtX.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\WFnMSqx.exe
  C:\Windows\System\WFnMSqx.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\QLQWYWc.exe
  C:\Windows\System\QLQWYWc.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\XtOaTgK.exe
  C:\Windows\System\XtOaTgK.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\tEFgYaE.exe
  C:\Windows\System\tEFgYaE.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\RQjtJVS.exe
  C:\Windows\System\RQjtJVS.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\FUrDJVN.exe
  C:\Windows\System\FUrDJVN.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\cgnjSVQ.exe
  C:\Windows\System\cgnjSVQ.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\SrUxMky.exe
  C:\Windows\System\SrUxMky.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\EhTdyDh.exe
  C:\Windows\System\EhTdyDh.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\tKLmAaC.exe
  C:\Windows\System\tKLmAaC.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\djLgCyT.exe
  C:\Windows\System\djLgCyT.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\dODWQPi.exe
  C:\Windows\System\dODWQPi.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\KHlZyXY.exe
  C:\Windows\System\KHlZyXY.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\ZXvluqu.exe
  C:\Windows\System\ZXvluqu.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\LqGzNxI.exe
  C:\Windows\System\LqGzNxI.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\BZrGDAt.exe
  C:\Windows\System\BZrGDAt.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\lzrDWUU.exe
  C:\Windows\System\lzrDWUU.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\npNTuCm.exe
  C:\Windows\System\npNTuCm.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\eiZevvL.exe
  C:\Windows\System\eiZevvL.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\UMgyeCU.exe
  C:\Windows\System\UMgyeCU.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\VLmaMKy.exe
  C:\Windows\System\VLmaMKy.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\OJxnVHH.exe
  C:\Windows\System\OJxnVHH.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\NVBaYcx.exe
  C:\Windows\System\NVBaYcx.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\wBfVsCh.exe
  C:\Windows\System\wBfVsCh.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\xbqGhPI.exe
  C:\Windows\System\xbqGhPI.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\GlbeSfk.exe
  C:\Windows\System\GlbeSfk.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\GoUPZkY.exe
  C:\Windows\System\GoUPZkY.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\KBYgscg.exe
  C:\Windows\System\KBYgscg.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\jMBXeTi.exe
  C:\Windows\System\jMBXeTi.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\flNKpyb.exe
  C:\Windows\System\flNKpyb.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\xWYJzHg.exe
  C:\Windows\System\xWYJzHg.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\vyYDZBY.exe
  C:\Windows\System\vyYDZBY.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\YFINlgk.exe
  C:\Windows\System\YFINlgk.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\fHnjVXS.exe
  C:\Windows\System\fHnjVXS.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\fdcSEEb.exe
  C:\Windows\System\fdcSEEb.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\YNDLMuT.exe
  C:\Windows\System\YNDLMuT.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\deqRwfB.exe
  C:\Windows\System\deqRwfB.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\inViIEp.exe
  C:\Windows\System\inViIEp.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\jZwGmEg.exe
  C:\Windows\System\jZwGmEg.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\unXIVyq.exe
  C:\Windows\System\unXIVyq.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\qUKxGFs.exe
  C:\Windows\System\qUKxGFs.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\oGVLYxf.exe
  C:\Windows\System\oGVLYxf.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\MsoVzxi.exe
  C:\Windows\System\MsoVzxi.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\IXmpRMU.exe
  C:\Windows\System\IXmpRMU.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\CpUYUrY.exe
  C:\Windows\System\CpUYUrY.exe
  2⤵
  PID:2608
- C:\Windows\System\tdZbRYN.exe
  C:\Windows\System\tdZbRYN.exe
  2⤵
  PID:1360
- C:\Windows\System\aOcgMpj.exe
  C:\Windows\System\aOcgMpj.exe
  2⤵
  PID:2160
- C:\Windows\System\caKfiiC.exe
  C:\Windows\System\caKfiiC.exe
  2⤵
  PID:2120
- C:\Windows\System\HNWckil.exe
  C:\Windows\System\HNWckil.exe
  2⤵
  PID:2504
- C:\Windows\System\nDTZymH.exe
  C:\Windows\System\nDTZymH.exe
  2⤵
  PID:332
- C:\Windows\System\AnbuIgw.exe
  C:\Windows\System\AnbuIgw.exe
  2⤵
  PID:2900
- C:\Windows\System\QhgESQk.exe
  C:\Windows\System\QhgESQk.exe
  2⤵
  PID:540
- C:\Windows\System\CVBzutS.exe
  C:\Windows\System\CVBzutS.exe
  2⤵
  PID:320
- C:\Windows\System\TWriOIc.exe
  C:\Windows\System\TWriOIc.exe
  2⤵
  PID:1404
- C:\Windows\System\BRgTAJb.exe
  C:\Windows\System\BRgTAJb.exe
  2⤵
  PID:2336
- C:\Windows\System\kioJuwP.exe
  C:\Windows\System\kioJuwP.exe
  2⤵
  PID:1072
- C:\Windows\System\DSIiSGf.exe
  C:\Windows\System\DSIiSGf.exe
  2⤵
  PID:1904
- C:\Windows\System\AvOhkRr.exe
  C:\Windows\System\AvOhkRr.exe
  2⤵
  PID:1924
- C:\Windows\System\gsioaIg.exe
  C:\Windows\System\gsioaIg.exe
  2⤵
  PID:2332
- C:\Windows\System\XDOaCsF.exe
  C:\Windows\System\XDOaCsF.exe
  2⤵
  PID:2172
- C:\Windows\System\JdoQkTa.exe
  C:\Windows\System\JdoQkTa.exe
  2⤵
  PID:1648
- C:\Windows\System\EypWmdP.exe
  C:\Windows\System\EypWmdP.exe
  2⤵
  PID:792
- C:\Windows\System\GfkQxKZ.exe
  C:\Windows\System\GfkQxKZ.exe
  2⤵
  PID:2312
- C:\Windows\System\VqVbsoe.exe
  C:\Windows\System\VqVbsoe.exe
  2⤵
  PID:1768
- C:\Windows\System\UWRiCuw.exe
  C:\Windows\System\UWRiCuw.exe
  2⤵
  PID:1324
- C:\Windows\System\cUqgdup.exe
  C:\Windows\System\cUqgdup.exe
  2⤵
  PID:2404
- C:\Windows\System\IVdJYNC.exe
  C:\Windows\System\IVdJYNC.exe
  2⤵
  PID:2148
- C:\Windows\System\oFnaypU.exe
  C:\Windows\System\oFnaypU.exe
  2⤵
  PID:1512
- C:\Windows\System\FxJbbNu.exe
  C:\Windows\System\FxJbbNu.exe
  2⤵
  PID:1644
- C:\Windows\System\APMujEv.exe
  C:\Windows\System\APMujEv.exe
  2⤵
  PID:2004
- C:\Windows\System\UXJDdYo.exe
  C:\Windows\System\UXJDdYo.exe
  2⤵
  PID:3012
- C:\Windows\System\ZepucqV.exe
  C:\Windows\System\ZepucqV.exe
  2⤵
  PID:696
- C:\Windows\System\UqlkiUs.exe
  C:\Windows\System\UqlkiUs.exe
  2⤵
  PID:2480
- C:\Windows\System\iTHRBzd.exe
  C:\Windows\System\iTHRBzd.exe
  2⤵
  PID:1604
- C:\Windows\System\lXiNEpX.exe
  C:\Windows\System\lXiNEpX.exe
  2⤵
  PID:1440
- C:\Windows\System\HwSRXoU.exe
  C:\Windows\System\HwSRXoU.exe
  2⤵
  PID:1600
- C:\Windows\System\ahZxHUy.exe
  C:\Windows\System\ahZxHUy.exe
  2⤵
  PID:2644
- C:\Windows\System\vIauupz.exe
  C:\Windows\System\vIauupz.exe
  2⤵
  PID:2568
- C:\Windows\System\kfAWkgM.exe
  C:\Windows\System\kfAWkgM.exe
  2⤵
  PID:1260
- C:\Windows\System\fBselRc.exe
  C:\Windows\System\fBselRc.exe
  2⤵
  PID:2560
- C:\Windows\System\qXOcadQ.exe
  C:\Windows\System\qXOcadQ.exe
  2⤵
  PID:2384
- C:\Windows\System\fLsOPOH.exe
  C:\Windows\System\fLsOPOH.exe
  2⤵
  PID:2852
- C:\Windows\System\QIaDtIm.exe
  C:\Windows\System\QIaDtIm.exe
  2⤵
  PID:2832
- C:\Windows\System\csvwpTm.exe
  C:\Windows\System\csvwpTm.exe
  2⤵
  PID:1100
- C:\Windows\System\hjCymKd.exe
  C:\Windows\System\hjCymKd.exe
  2⤵
  PID:2176
- C:\Windows\System\vhMbKZZ.exe
  C:\Windows\System\vhMbKZZ.exe
  2⤵
  PID:1384
- C:\Windows\System\ZNBrsvg.exe
  C:\Windows\System\ZNBrsvg.exe
  2⤵
  PID:2028
- C:\Windows\System\bRGXxli.exe
  C:\Windows\System\bRGXxli.exe
  2⤵
  PID:1292
- C:\Windows\System\RslgVzg.exe
  C:\Windows\System\RslgVzg.exe
  2⤵
  PID:2052
- C:\Windows\System\QIZAAYB.exe
  C:\Windows\System\QIZAAYB.exe
  2⤵
  PID:1288
- C:\Windows\System\RpzSbWt.exe
  C:\Windows\System\RpzSbWt.exe
  2⤵
  PID:2396
- C:\Windows\System\KKnuLzr.exe
  C:\Windows\System\KKnuLzr.exe
  2⤵
  PID:2308
- C:\Windows\System\BtkGpeD.exe
  C:\Windows\System\BtkGpeD.exe
  2⤵
  PID:2276
- C:\Windows\System\QfEZvdE.exe
  C:\Windows\System\QfEZvdE.exe
  2⤵
  PID:1504
- C:\Windows\System\KbTDrxi.exe
  C:\Windows\System\KbTDrxi.exe
  2⤵
  PID:1540
- C:\Windows\System\NXbgfRR.exe
  C:\Windows\System\NXbgfRR.exe
  2⤵
  PID:1240
- C:\Windows\System\ydliLAH.exe
  C:\Windows\System\ydliLAH.exe
  2⤵
  PID:1836
- C:\Windows\System\vMVxswX.exe
  C:\Windows\System\vMVxswX.exe
  2⤵
  PID:3048
- C:\Windows\System\YjRfGba.exe
  C:\Windows\System\YjRfGba.exe
  2⤵
  PID:2620
- C:\Windows\System\WThaOkZ.exe
  C:\Windows\System\WThaOkZ.exe
  2⤵
  PID:2248
- C:\Windows\System\IeOZqig.exe
  C:\Windows\System\IeOZqig.exe
  2⤵
  PID:2564
- C:\Windows\System\adhGcbg.exe
  C:\Windows\System\adhGcbg.exe
  2⤵
  PID:836
- C:\Windows\System\iHFKbQI.exe
  C:\Windows\System\iHFKbQI.exe
  2⤵
  PID:3004
- C:\Windows\System\BUtLScY.exe
  C:\Windows\System\BUtLScY.exe
  2⤵
  PID:2320
- C:\Windows\System\oDpZdUN.exe
  C:\Windows\System\oDpZdUN.exe
  2⤵
  PID:3084
- C:\Windows\System\MAbEBtM.exe
  C:\Windows\System\MAbEBtM.exe
  2⤵
  PID:3104
- C:\Windows\System\eciHDUm.exe
  C:\Windows\System\eciHDUm.exe
  2⤵
  PID:3120
- C:\Windows\System\itAweuB.exe
  C:\Windows\System\itAweuB.exe
  2⤵
  PID:3140
- C:\Windows\System\sfDdUCX.exe
  C:\Windows\System\sfDdUCX.exe
  2⤵
  PID:3160
- C:\Windows\System\inheZps.exe
  C:\Windows\System\inheZps.exe
  2⤵
  PID:3184
- C:\Windows\System\ehDUmrR.exe
  C:\Windows\System\ehDUmrR.exe
  2⤵
  PID:3204
- C:\Windows\System\nGfvuUq.exe
  C:\Windows\System\nGfvuUq.exe
  2⤵
  PID:3228
- C:\Windows\System\ZgXEJnh.exe
  C:\Windows\System\ZgXEJnh.exe
  2⤵
  PID:3244
- C:\Windows\System\TGCAZPW.exe
  C:\Windows\System\TGCAZPW.exe
  2⤵
  PID:3268
- C:\Windows\System\NvWaSkt.exe
  C:\Windows\System\NvWaSkt.exe
  2⤵
  PID:3284
- C:\Windows\System\yLwnBrh.exe
  C:\Windows\System\yLwnBrh.exe
  2⤵
  PID:3308
- C:\Windows\System\iHzdtxT.exe
  C:\Windows\System\iHzdtxT.exe
  2⤵
  PID:3324
- C:\Windows\System\ABpiUXa.exe
  C:\Windows\System\ABpiUXa.exe
  2⤵
  PID:3348
- C:\Windows\System\tgvLiXu.exe
  C:\Windows\System\tgvLiXu.exe
  2⤵
  PID:3364
- C:\Windows\System\HFtvgKb.exe
  C:\Windows\System\HFtvgKb.exe
  2⤵
  PID:3388
- C:\Windows\System\dUdKCLR.exe
  C:\Windows\System\dUdKCLR.exe
  2⤵
  PID:3404
- C:\Windows\System\pLitWRT.exe
  C:\Windows\System\pLitWRT.exe
  2⤵
  PID:3424
- C:\Windows\System\tRVnLOe.exe
  C:\Windows\System\tRVnLOe.exe
  2⤵
  PID:3448
- C:\Windows\System\ASIAzCA.exe
  C:\Windows\System\ASIAzCA.exe
  2⤵
  PID:3464
- C:\Windows\System\JCrFiEE.exe
  C:\Windows\System\JCrFiEE.exe
  2⤵
  PID:3484
- C:\Windows\System\LiAHkip.exe
  C:\Windows\System\LiAHkip.exe
  2⤵
  PID:3500
- C:\Windows\System\BtYwgdZ.exe
  C:\Windows\System\BtYwgdZ.exe
  2⤵
  PID:3520
- C:\Windows\System\YXHBFtY.exe
  C:\Windows\System\YXHBFtY.exe
  2⤵
  PID:3548
- C:\Windows\System\XGkUNue.exe
  C:\Windows\System\XGkUNue.exe
  2⤵
  PID:3564
- C:\Windows\System\CFgKDJv.exe
  C:\Windows\System\CFgKDJv.exe
  2⤵
  PID:3588
- C:\Windows\System\cloJmgk.exe
  C:\Windows\System\cloJmgk.exe
  2⤵
  PID:3608
- C:\Windows\System\slKDIFg.exe
  C:\Windows\System\slKDIFg.exe
  2⤵
  PID:3624
- C:\Windows\System\THvpBHU.exe
  C:\Windows\System\THvpBHU.exe
  2⤵
  PID:3648
- C:\Windows\System\LXfNFgu.exe
  C:\Windows\System\LXfNFgu.exe
  2⤵
  PID:3668
- C:\Windows\System\rYoaPAj.exe
  C:\Windows\System\rYoaPAj.exe
  2⤵
  PID:3684
- C:\Windows\System\KBhrGHB.exe
  C:\Windows\System\KBhrGHB.exe
  2⤵
  PID:3704
- C:\Windows\System\gitxQxG.exe
  C:\Windows\System\gitxQxG.exe
  2⤵
  PID:3724
- C:\Windows\System\SvTdmad.exe
  C:\Windows\System\SvTdmad.exe
  2⤵
  PID:3740
- C:\Windows\System\bvEALts.exe
  C:\Windows\System\bvEALts.exe
  2⤵
  PID:3760
- C:\Windows\System\ddSjdZd.exe
  C:\Windows\System\ddSjdZd.exe
  2⤵
  PID:3784
- C:\Windows\System\SHoXtoy.exe
  C:\Windows\System\SHoXtoy.exe
  2⤵
  PID:3800
- C:\Windows\System\uLjTFwz.exe
  C:\Windows\System\uLjTFwz.exe
  2⤵
  PID:3828
- C:\Windows\System\hfUDqEk.exe
  C:\Windows\System\hfUDqEk.exe
  2⤵
  PID:3848
- C:\Windows\System\MddXUUN.exe
  C:\Windows\System\MddXUUN.exe
  2⤵
  PID:3864
- C:\Windows\System\EpyowGD.exe
  C:\Windows\System\EpyowGD.exe
  2⤵
  PID:3888
- C:\Windows\System\oSqOZwC.exe
  C:\Windows\System\oSqOZwC.exe
  2⤵
  PID:3904
- C:\Windows\System\VGOysgO.exe
  C:\Windows\System\VGOysgO.exe
  2⤵
  PID:3920
- C:\Windows\System\QfAJIhE.exe
  C:\Windows\System\QfAJIhE.exe
  2⤵
  PID:3936
- C:\Windows\System\wWSjOAR.exe
  C:\Windows\System\wWSjOAR.exe
  2⤵
  PID:3968
- C:\Windows\System\DqGrlIW.exe
  C:\Windows\System\DqGrlIW.exe
  2⤵
  PID:3988
- C:\Windows\System\efWXsSe.exe
  C:\Windows\System\efWXsSe.exe
  2⤵
  PID:4008
- C:\Windows\System\ZqhDjKt.exe
  C:\Windows\System\ZqhDjKt.exe
  2⤵
  PID:4024
- C:\Windows\System\mcGVsyN.exe
  C:\Windows\System\mcGVsyN.exe
  2⤵
  PID:4044
- C:\Windows\System\EuKSmIc.exe
  C:\Windows\System\EuKSmIc.exe
  2⤵
  PID:4068
- C:\Windows\System\kWOuGuw.exe
  C:\Windows\System\kWOuGuw.exe
  2⤵
  PID:4084
- C:\Windows\System\olAQVdB.exe
  C:\Windows\System\olAQVdB.exe
  2⤵
  PID:1388
- C:\Windows\System\OnCfRza.exe
  C:\Windows\System\OnCfRza.exe
  2⤵
  PID:2400
- C:\Windows\System\VXwMlQU.exe
  C:\Windows\System\VXwMlQU.exe
  2⤵
  PID:924
- C:\Windows\System\MusslSU.exe
  C:\Windows\System\MusslSU.exe
  2⤵
  PID:2456
- C:\Windows\System\WUgeOwX.exe
  C:\Windows\System\WUgeOwX.exe
  2⤵
  PID:896
- C:\Windows\System\ScfbjcZ.exe
  C:\Windows\System\ScfbjcZ.exe
  2⤵
  PID:2604
- C:\Windows\System\TiqcEIy.exe
  C:\Windows\System\TiqcEIy.exe
  2⤵
  PID:2916
- C:\Windows\System\HpJmMdW.exe
  C:\Windows\System\HpJmMdW.exe
  2⤵
  PID:2124
- C:\Windows\System\ovJNzZz.exe
  C:\Windows\System\ovJNzZz.exe
  2⤵
  PID:620
- C:\Windows\System\mNKvRvp.exe
  C:\Windows\System\mNKvRvp.exe
  2⤵
  PID:916
- C:\Windows\System\SVvAyPG.exe
  C:\Windows\System\SVvAyPG.exe
  2⤵
  PID:3100
- C:\Windows\System\LPjcaET.exe
  C:\Windows\System\LPjcaET.exe
  2⤵
  PID:3172
- C:\Windows\System\BhojXfb.exe
  C:\Windows\System\BhojXfb.exe
  2⤵
  PID:3152
- C:\Windows\System\DLhcDfZ.exe
  C:\Windows\System\DLhcDfZ.exe
  2⤵
  PID:3156
- C:\Windows\System\jPUfrPM.exe
  C:\Windows\System\jPUfrPM.exe
  2⤵
  PID:3196
- C:\Windows\System\GEAqMeM.exe
  C:\Windows\System\GEAqMeM.exe
  2⤵
  PID:3252
- C:\Windows\System\EoXyFTS.exe
  C:\Windows\System\EoXyFTS.exe
  2⤵
  PID:3292
- C:\Windows\System\dNzTgCH.exe
  C:\Windows\System\dNzTgCH.exe
  2⤵
  PID:3280
- C:\Windows\System\vXbFjiC.exe
  C:\Windows\System\vXbFjiC.exe
  2⤵
  PID:3372
- C:\Windows\System\uZDvDYP.exe
  C:\Windows\System\uZDvDYP.exe
  2⤵
  PID:3412
- C:\Windows\System\GXUhnYb.exe
  C:\Windows\System\GXUhnYb.exe
  2⤵
  PID:3460
- C:\Windows\System\UNGIpII.exe
  C:\Windows\System\UNGIpII.exe
  2⤵
  PID:3436
- C:\Windows\System\SEglqie.exe
  C:\Windows\System\SEglqie.exe
  2⤵
  PID:3532
- C:\Windows\System\xLwfiHw.exe
  C:\Windows\System\xLwfiHw.exe
  2⤵
  PID:3472
- C:\Windows\System\dLRyCzA.exe
  C:\Windows\System\dLRyCzA.exe
  2⤵
  PID:3584
- C:\Windows\System\wdwJtqa.exe
  C:\Windows\System\wdwJtqa.exe
  2⤵
  PID:3556
- C:\Windows\System\ZlJhMOz.exe
  C:\Windows\System\ZlJhMOz.exe
  2⤵
  PID:3700
- C:\Windows\System\jtjuiCU.exe
  C:\Windows\System\jtjuiCU.exe
  2⤵
  PID:3604
- C:\Windows\System\IoZprik.exe
  C:\Windows\System\IoZprik.exe
  2⤵
  PID:3732
- C:\Windows\System\ogfhQIc.exe
  C:\Windows\System\ogfhQIc.exe
  2⤵
  PID:3776
- C:\Windows\System\NkKqtAg.exe
  C:\Windows\System\NkKqtAg.exe
  2⤵
  PID:3712
- C:\Windows\System\lqQkYzm.exe
  C:\Windows\System\lqQkYzm.exe
  2⤵
  PID:3816
- C:\Windows\System\mEvhqRu.exe
  C:\Windows\System\mEvhqRu.exe
  2⤵
  PID:3836
- C:\Windows\System\XPdOYqw.exe
  C:\Windows\System\XPdOYqw.exe
  2⤵
  PID:3876
- C:\Windows\System\CfpLZzo.exe
  C:\Windows\System\CfpLZzo.exe
  2⤵
  PID:3932
- C:\Windows\System\ZhCDWJd.exe
  C:\Windows\System\ZhCDWJd.exe
  2⤵
  PID:3916
- C:\Windows\System\qhhTCBT.exe
  C:\Windows\System\qhhTCBT.exe
  2⤵
  PID:3976
- C:\Windows\System\fkKIDms.exe
  C:\Windows\System\fkKIDms.exe
  2⤵
  PID:4020
- C:\Windows\System\HfhSNZa.exe
  C:\Windows\System\HfhSNZa.exe
  2⤵
  PID:3996
- C:\Windows\System\XtOqcdU.exe
  C:\Windows\System\XtOqcdU.exe
  2⤵
  PID:4092
- C:\Windows\System\RiHMogY.exe
  C:\Windows\System\RiHMogY.exe
  2⤵
  PID:928
- C:\Windows\System\EdFxAWb.exe
  C:\Windows\System\EdFxAWb.exe
  2⤵
  PID:1632
- C:\Windows\System\QmkbAMg.exe
  C:\Windows\System\QmkbAMg.exe
  2⤵
  PID:2428
- C:\Windows\System\IPNozUq.exe
  C:\Windows\System\IPNozUq.exe
  2⤵
  PID:1708
- C:\Windows\System\mEaKLlz.exe
  C:\Windows\System\mEaKLlz.exe
  2⤵
  PID:2420
- C:\Windows\System\dgaOhbR.exe
  C:\Windows\System\dgaOhbR.exe
  2⤵
  PID:3092
- C:\Windows\System\ksPuMUn.exe
  C:\Windows\System\ksPuMUn.exe
  2⤵
  PID:1792
- C:\Windows\System\JbhHaID.exe
  C:\Windows\System\JbhHaID.exe
  2⤵
  PID:3180
- C:\Windows\System\UTAxmnS.exe
  C:\Windows\System\UTAxmnS.exe
  2⤵
  PID:3264
- C:\Windows\System\cVPNfqX.exe
  C:\Windows\System\cVPNfqX.exe
  2⤵
  PID:3340
- C:\Windows\System\RQhPqzg.exe
  C:\Windows\System\RQhPqzg.exe
  2⤵
  PID:3336
- C:\Windows\System\rZlAqwk.exe
  C:\Windows\System\rZlAqwk.exe
  2⤵
  PID:3076
- C:\Windows\System\gupZkJc.exe
  C:\Windows\System\gupZkJc.exe
  2⤵
  PID:3356
- C:\Windows\System\bZcztze.exe
  C:\Windows\System\bZcztze.exe
  2⤵
  PID:3376
- C:\Windows\System\dMtnLoj.exe
  C:\Windows\System\dMtnLoj.exe
  2⤵
  PID:3480
- C:\Windows\System\hgPJQhs.exe
  C:\Windows\System\hgPJQhs.exe
  2⤵
  PID:3540
- C:\Windows\System\BUXRIup.exe
  C:\Windows\System\BUXRIup.exe
  2⤵
  PID:3560
- C:\Windows\System\meqpmxj.exe
  C:\Windows\System\meqpmxj.exe
  2⤵
  PID:3772
- C:\Windows\System\FSxdmzn.exe
  C:\Windows\System\FSxdmzn.exe
  2⤵
  PID:3808
- C:\Windows\System\AWdihZn.exe
  C:\Windows\System\AWdihZn.exe
  2⤵
  PID:3752
- C:\Windows\System\ePzkOhx.exe
  C:\Windows\System\ePzkOhx.exe
  2⤵
  PID:3896
- C:\Windows\System\nRtxOxt.exe
  C:\Windows\System\nRtxOxt.exe
  2⤵
  PID:3952
- C:\Windows\System\HVAdehM.exe
  C:\Windows\System\HVAdehM.exe
  2⤵
  PID:3844
- C:\Windows\System\FztjhkU.exe
  C:\Windows\System\FztjhkU.exe
  2⤵
  PID:4064
- C:\Windows\System\eyOQtgi.exe
  C:\Windows\System\eyOQtgi.exe
  2⤵
  PID:1968
- C:\Windows\System\iEoxdHv.exe
  C:\Windows\System\iEoxdHv.exe
  2⤵
  PID:1484
- C:\Windows\System\CKGKlvw.exe
  C:\Windows\System\CKGKlvw.exe
  2⤵
  PID:2688
- C:\Windows\System\ezTtCYa.exe
  C:\Windows\System\ezTtCYa.exe
  2⤵
  PID:2684
- C:\Windows\System\FNWdyAX.exe
  C:\Windows\System\FNWdyAX.exe
  2⤵
  PID:2136
- C:\Windows\System\SJgHBFv.exe
  C:\Windows\System\SJgHBFv.exe
  2⤵
  PID:3456
- C:\Windows\System\JTMUpJe.exe
  C:\Windows\System\JTMUpJe.exe
  2⤵
  PID:2904
- C:\Windows\System\VTxqfSc.exe
  C:\Windows\System\VTxqfSc.exe
  2⤵
  PID:3692
- C:\Windows\System\HWPzSqU.exe
  C:\Windows\System\HWPzSqU.exe
  2⤵
  PID:2764
- C:\Windows\System\CNpBkJr.exe
  C:\Windows\System\CNpBkJr.exe
  2⤵
  PID:3296
- C:\Windows\System\SDuRvvz.exe
  C:\Windows\System\SDuRvvz.exe
  2⤵
  PID:3580
- C:\Windows\System\PNyOfcF.exe
  C:\Windows\System\PNyOfcF.exe
  2⤵
  PID:3572
- C:\Windows\System\tyKkFJw.exe
  C:\Windows\System\tyKkFJw.exe
  2⤵
  PID:3616
- C:\Windows\System\eukSTvJ.exe
  C:\Windows\System\eukSTvJ.exe
  2⤵
  PID:3644
- C:\Windows\System\EGKGOHM.exe
  C:\Windows\System\EGKGOHM.exe
  2⤵
  PID:3948
- C:\Windows\System\hkpfGOk.exe
  C:\Windows\System\hkpfGOk.exe
  2⤵
  PID:4056
- C:\Windows\System\wWjgbxD.exe
  C:\Windows\System\wWjgbxD.exe
  2⤵
  PID:3224
- C:\Windows\System\oAuKIhq.exe
  C:\Windows\System\oAuKIhq.exe
  2⤵
  PID:4104
- C:\Windows\System\dhmTQfs.exe
  C:\Windows\System\dhmTQfs.exe
  2⤵
  PID:4120
- C:\Windows\System\KkNxbuI.exe
  C:\Windows\System\KkNxbuI.exe
  2⤵
  PID:4140
- C:\Windows\System\TzAbRWW.exe
  C:\Windows\System\TzAbRWW.exe
  2⤵
  PID:4160
- C:\Windows\System\XRTSLVX.exe
  C:\Windows\System\XRTSLVX.exe
  2⤵
  PID:4188
- C:\Windows\System\EaSyCzY.exe
  C:\Windows\System\EaSyCzY.exe
  2⤵
  PID:4208
- C:\Windows\System\UXWhivh.exe
  C:\Windows\System\UXWhivh.exe
  2⤵
  PID:4232
- C:\Windows\System\EJEwmSk.exe
  C:\Windows\System\EJEwmSk.exe
  2⤵
  PID:4248
- C:\Windows\System\hamBZFD.exe
  C:\Windows\System\hamBZFD.exe
  2⤵
  PID:4268
- C:\Windows\System\SkPHPgz.exe
  C:\Windows\System\SkPHPgz.exe
  2⤵
  PID:4284
- C:\Windows\System\JYtRxVB.exe
  C:\Windows\System\JYtRxVB.exe
  2⤵
  PID:4304
- C:\Windows\System\kERwyEQ.exe
  C:\Windows\System\kERwyEQ.exe
  2⤵
  PID:4324
- C:\Windows\System\zWSmlqK.exe
  C:\Windows\System\zWSmlqK.exe
  2⤵
  PID:4340
- C:\Windows\System\XZxgJog.exe
  C:\Windows\System\XZxgJog.exe
  2⤵
  PID:4356
- C:\Windows\System\bsahefn.exe
  C:\Windows\System\bsahefn.exe
  2⤵
  PID:4372
- C:\Windows\System\wxoFHLP.exe
  C:\Windows\System\wxoFHLP.exe
  2⤵
  PID:4388
- C:\Windows\System\sRnhqiS.exe
  C:\Windows\System\sRnhqiS.exe
  2⤵
  PID:4416
- C:\Windows\System\eLcPNgy.exe
  C:\Windows\System\eLcPNgy.exe
  2⤵
  PID:4436
- C:\Windows\System\eUdBCIk.exe
  C:\Windows\System\eUdBCIk.exe
  2⤵
  PID:4460
- C:\Windows\System\jGyvIqQ.exe
  C:\Windows\System\jGyvIqQ.exe
  2⤵
  PID:4480
- C:\Windows\System\DPdInLG.exe
  C:\Windows\System\DPdInLG.exe
  2⤵
  PID:4504
- C:\Windows\System\CAOPMAT.exe
  C:\Windows\System\CAOPMAT.exe
  2⤵
  PID:4524
- C:\Windows\System\BBIdTsZ.exe
  C:\Windows\System\BBIdTsZ.exe
  2⤵
  PID:4544
- C:\Windows\System\imWAHnv.exe
  C:\Windows\System\imWAHnv.exe
  2⤵
  PID:4560
- C:\Windows\System\YayuwYU.exe
  C:\Windows\System\YayuwYU.exe
  2⤵
  PID:4576
- C:\Windows\System\gQSAPYR.exe
  C:\Windows\System\gQSAPYR.exe
  2⤵
  PID:4592
- C:\Windows\System\NBbVmwt.exe
  C:\Windows\System\NBbVmwt.exe
  2⤵
  PID:4616
- C:\Windows\System\ZPNlhCb.exe
  C:\Windows\System\ZPNlhCb.exe
  2⤵
  PID:4636
- C:\Windows\System\yXZRBUb.exe
  C:\Windows\System\yXZRBUb.exe
  2⤵
  PID:4656
- C:\Windows\System\Ftqojrr.exe
  C:\Windows\System\Ftqojrr.exe
  2⤵
  PID:4680
- C:\Windows\System\BXvgiEr.exe
  C:\Windows\System\BXvgiEr.exe
  2⤵
  PID:4700
- C:\Windows\System\sQwKdRa.exe
  C:\Windows\System\sQwKdRa.exe
  2⤵
  PID:4736
- C:\Windows\System\VIetuFK.exe
  C:\Windows\System\VIetuFK.exe
  2⤵
  PID:4752
- C:\Windows\System\BXWqaSH.exe
  C:\Windows\System\BXWqaSH.exe
  2⤵
  PID:4768
- C:\Windows\System\mcEUZLr.exe
  C:\Windows\System\mcEUZLr.exe
  2⤵
  PID:4788
- C:\Windows\System\uiRoUYo.exe
  C:\Windows\System\uiRoUYo.exe
  2⤵
  PID:4812
- C:\Windows\System\TkbZJxl.exe
  C:\Windows\System\TkbZJxl.exe
  2⤵
  PID:4828
- C:\Windows\System\onaFuTi.exe
  C:\Windows\System\onaFuTi.exe
  2⤵
  PID:4852
- C:\Windows\System\rWTeIRz.exe
  C:\Windows\System\rWTeIRz.exe
  2⤵
  PID:4872
- C:\Windows\System\ajTVEnf.exe
  C:\Windows\System\ajTVEnf.exe
  2⤵
  PID:4892
- C:\Windows\System\qaRRzfa.exe
  C:\Windows\System\qaRRzfa.exe
  2⤵
  PID:4912
- C:\Windows\System\PfRTuqs.exe
  C:\Windows\System\PfRTuqs.exe
  2⤵
  PID:4936
- C:\Windows\System\OoyIaoJ.exe
  C:\Windows\System\OoyIaoJ.exe
  2⤵
  PID:4956
- C:\Windows\System\ullSWGH.exe
  C:\Windows\System\ullSWGH.exe
  2⤵
  PID:4976
- C:\Windows\System\psGZGNZ.exe
  C:\Windows\System\psGZGNZ.exe
  2⤵
  PID:4992
- C:\Windows\System\NkBiWJW.exe
  C:\Windows\System\NkBiWJW.exe
  2⤵
  PID:5012
- C:\Windows\System\thvNykW.exe
  C:\Windows\System\thvNykW.exe
  2⤵
  PID:5032
- C:\Windows\System\NZGQgvc.exe
  C:\Windows\System\NZGQgvc.exe
  2⤵
  PID:5048
- C:\Windows\System\EaGhSYt.exe
  C:\Windows\System\EaGhSYt.exe
  2⤵
  PID:5076
- C:\Windows\System\lSuiAqg.exe
  C:\Windows\System\lSuiAqg.exe
  2⤵
  PID:5096
- C:\Windows\System\tePpVKn.exe
  C:\Windows\System\tePpVKn.exe
  2⤵
  PID:5116
- C:\Windows\System\fPnBqvV.exe
  C:\Windows\System\fPnBqvV.exe
  2⤵
  PID:3116
- C:\Windows\System\qsRmHhs.exe
  C:\Windows\System\qsRmHhs.exe
  2⤵
  PID:2152
- C:\Windows\System\eJUeWBI.exe
  C:\Windows\System\eJUeWBI.exe
  2⤵
  PID:3300
- C:\Windows\System\eVpjqcE.exe
  C:\Windows\System\eVpjqcE.exe
  2⤵
  PID:3400
- C:\Windows\System\zfLJAwJ.exe
  C:\Windows\System\zfLJAwJ.exe
  2⤵
  PID:3792
- C:\Windows\System\xdstgGn.exe
  C:\Windows\System\xdstgGn.exe
  2⤵
  PID:4112
- C:\Windows\System\znnSTvR.exe
  C:\Windows\System\znnSTvR.exe
  2⤵
  PID:3508
- C:\Windows\System\puMzHko.exe
  C:\Windows\System\puMzHko.exe
  2⤵
  PID:3860
- C:\Windows\System\LXoOIka.exe
  C:\Windows\System\LXoOIka.exe
  2⤵
  PID:4200
- C:\Windows\System\aPHvKvN.exe
  C:\Windows\System\aPHvKvN.exe
  2⤵
  PID:4280
- C:\Windows\System\NdDTNOz.exe
  C:\Windows\System\NdDTNOz.exe
  2⤵
  PID:4352
- C:\Windows\System\iJmkwnZ.exe
  C:\Windows\System\iJmkwnZ.exe
  2⤵
  PID:4432
- C:\Windows\System\slqQAHz.exe
  C:\Windows\System\slqQAHz.exe
  2⤵
  PID:4172
- C:\Windows\System\CiRTVaJ.exe
  C:\Windows\System\CiRTVaJ.exe
  2⤵
  PID:3912
- C:\Windows\System\LZznncC.exe
  C:\Windows\System\LZznncC.exe
  2⤵
  PID:4216
- C:\Windows\System\HBFTFEB.exe
  C:\Windows\System\HBFTFEB.exe
  2⤵
  PID:4468
- C:\Windows\System\CXsrcXf.exe
  C:\Windows\System\CXsrcXf.exe
  2⤵
  PID:4260
- C:\Windows\System\aylUQaV.exe
  C:\Windows\System\aylUQaV.exe
  2⤵
  PID:4552
- C:\Windows\System\IRohAqn.exe
  C:\Windows\System\IRohAqn.exe
  2⤵
  PID:4296
- C:\Windows\System\pLAcuej.exe
  C:\Windows\System\pLAcuej.exe
  2⤵
  PID:4364
- C:\Windows\System\MhNhpmK.exe
  C:\Windows\System\MhNhpmK.exe
  2⤵
  PID:4632
- C:\Windows\System\sEzDiCd.exe
  C:\Windows\System\sEzDiCd.exe
  2⤵
  PID:4672
- C:\Windows\System\lUDVQAw.exe
  C:\Windows\System\lUDVQAw.exe
  2⤵
  PID:4448
- C:\Windows\System\fhRqngb.exe
  C:\Windows\System\fhRqngb.exe
  2⤵
  PID:4492
- C:\Windows\System\HPRNysJ.exe
  C:\Windows\System\HPRNysJ.exe
  2⤵
  PID:4568
- C:\Windows\System\fbLbBzn.exe
  C:\Windows\System\fbLbBzn.exe
  2⤵
  PID:4600
- C:\Windows\System\cWQjtrZ.exe
  C:\Windows\System\cWQjtrZ.exe
  2⤵
  PID:4728
- C:\Windows\System\wdIAMgt.exe
  C:\Windows\System\wdIAMgt.exe
  2⤵
  PID:4648
- C:\Windows\System\APfQLyM.exe
  C:\Windows\System\APfQLyM.exe
  2⤵
  PID:4808
- C:\Windows\System\Aexpuhx.exe
  C:\Windows\System\Aexpuhx.exe
  2⤵
  PID:4844
- C:\Windows\System\rRIRHNf.exe
  C:\Windows\System\rRIRHNf.exe
  2⤵
  PID:4776
- C:\Windows\System\LYquhsH.exe
  C:\Windows\System\LYquhsH.exe
  2⤵
  PID:4864
- C:\Windows\System\GEnMDGS.exe
  C:\Windows\System\GEnMDGS.exe
  2⤵
  PID:4920
- C:\Windows\System\wZtqBTT.exe
  C:\Windows\System\wZtqBTT.exe
  2⤵
  PID:4908
- C:\Windows\System\wCGVIdO.exe
  C:\Windows\System\wCGVIdO.exe
  2⤵
  PID:5008
- C:\Windows\System\FBSYPxv.exe
  C:\Windows\System\FBSYPxv.exe
  2⤵
  PID:4984
- C:\Windows\System\cciGonW.exe
  C:\Windows\System\cciGonW.exe
  2⤵
  PID:5044
- C:\Windows\System\uMrssYP.exe
  C:\Windows\System\uMrssYP.exe
  2⤵
  PID:5056
- C:\Windows\System\OPKsEIS.exe
  C:\Windows\System\OPKsEIS.exe
  2⤵
  PID:1624
- C:\Windows\System\vIzijMP.exe
  C:\Windows\System\vIzijMP.exe
  2⤵
  PID:3216
- C:\Windows\System\PPViIBU.exe
  C:\Windows\System\PPViIBU.exe
  2⤵
  PID:4060
- C:\Windows\System\dhmYvKQ.exe
  C:\Windows\System\dhmYvKQ.exe
  2⤵
  PID:4156
- C:\Windows\System\sCIQGwI.exe
  C:\Windows\System\sCIQGwI.exe
  2⤵
  PID:4196
- C:\Windows\System\UUbSPra.exe
  C:\Windows\System\UUbSPra.exe
  2⤵
  PID:3496
- C:\Windows\System\EXZeDKW.exe
  C:\Windows\System\EXZeDKW.exe
  2⤵
  PID:4320
- C:\Windows\System\MrxWOfr.exe
  C:\Windows\System\MrxWOfr.exe
  2⤵
  PID:4136
- C:\Windows\System\WovJJer.exe
  C:\Windows\System\WovJJer.exe
  2⤵
  PID:4256
- C:\Windows\System\qWgvvLG.exe
  C:\Windows\System\qWgvvLG.exe
  2⤵
  PID:4424
- C:\Windows\System\bbhUJNF.exe
  C:\Windows\System\bbhUJNF.exe
  2⤵
  PID:4624
- C:\Windows\System\LcYvomH.exe
  C:\Windows\System\LcYvomH.exe
  2⤵
  PID:4408
- C:\Windows\System\JlAIivO.exe
  C:\Windows\System\JlAIivO.exe
  2⤵
  PID:4404
- C:\Windows\System\gliANbE.exe
  C:\Windows\System\gliANbE.exe
  2⤵
  PID:4368
- C:\Windows\System\sFcbSJP.exe
  C:\Windows\System\sFcbSJP.exe
  2⤵
  PID:4712
- C:\Windows\System\darVAQP.exe
  C:\Windows\System\darVAQP.exe
  2⤵
  PID:4540
- C:\Windows\System\xHjwhVQ.exe
  C:\Windows\System\xHjwhVQ.exe
  2⤵
  PID:4612
- C:\Windows\System\dMFtJPO.exe
  C:\Windows\System\dMFtJPO.exe
  2⤵
  PID:4696
- C:\Windows\System\gmOBORL.exe
  C:\Windows\System\gmOBORL.exe
  2⤵
  PID:4748
- C:\Windows\System\TeoXZds.exe
  C:\Windows\System\TeoXZds.exe
  2⤵
  PID:4900
- C:\Windows\System\pPFYGTq.exe
  C:\Windows\System\pPFYGTq.exe
  2⤵
  PID:4944
- C:\Windows\System\fWdIOyp.exe
  C:\Windows\System\fWdIOyp.exe
  2⤵
  PID:5000
- C:\Windows\System\EiUWeNt.exe
  C:\Windows\System\EiUWeNt.exe
  2⤵
  PID:5024
- C:\Windows\System\VDLdAcF.exe
  C:\Windows\System\VDLdAcF.exe
  2⤵
  PID:3384
- C:\Windows\System\EFbLhin.exe
  C:\Windows\System\EFbLhin.exe
  2⤵
  PID:5088
- C:\Windows\System\JEFbwEc.exe
  C:\Windows\System\JEFbwEc.exe
  2⤵
  PID:3600
- C:\Windows\System\UwrXLUU.exe
  C:\Windows\System\UwrXLUU.exe
  2⤵
  PID:4148
- C:\Windows\System\fVRorll.exe
  C:\Windows\System\fVRorll.exe
  2⤵
  PID:3640
- C:\Windows\System\ZbVgkvE.exe
  C:\Windows\System\ZbVgkvE.exe
  2⤵
  PID:4016
- C:\Windows\System\VQtZmEq.exe
  C:\Windows\System\VQtZmEq.exe
  2⤵
  PID:4276
- C:\Windows\System\bpYtNty.exe
  C:\Windows\System\bpYtNty.exe
  2⤵
  PID:3956
- C:\Windows\System\rxLVUVQ.exe
  C:\Windows\System\rxLVUVQ.exe
  2⤵
  PID:4336
- C:\Windows\System\NCWiKfi.exe
  C:\Windows\System\NCWiKfi.exe
  2⤵
  PID:4224
- C:\Windows\System\bEWLuYK.exe
  C:\Windows\System\bEWLuYK.exe
  2⤵
  PID:4732
- C:\Windows\System\MFZenuy.exe
  C:\Windows\System\MFZenuy.exe
  2⤵
  PID:4500
- C:\Windows\System\SGBHomY.exe
  C:\Windows\System\SGBHomY.exe
  2⤵
  PID:4804
- C:\Windows\System\HUrhAaj.exe
  C:\Windows\System\HUrhAaj.exe
  2⤵
  PID:5040
- C:\Windows\System\OpLLjfQ.exe
  C:\Windows\System\OpLLjfQ.exe
  2⤵
  PID:2500
- C:\Windows\System\gfafTAP.exe
  C:\Windows\System\gfafTAP.exe
  2⤵
  PID:4952
- C:\Windows\System\uRzsDVX.exe
  C:\Windows\System\uRzsDVX.exe
  2⤵
  PID:5072
- C:\Windows\System\KYWTxqX.exe
  C:\Windows\System\KYWTxqX.exe
  2⤵
  PID:4472
- C:\Windows\System\lEWjSqK.exe
  C:\Windows\System\lEWjSqK.exe
  2⤵
  PID:3964
- C:\Windows\System\dMQIDtK.exe
  C:\Windows\System\dMQIDtK.exe
  2⤵
  PID:3528
- C:\Windows\System\rSJVcsH.exe
  C:\Windows\System\rSJVcsH.exe
  2⤵
  PID:4444
- C:\Windows\System\jkVdKEs.exe
  C:\Windows\System\jkVdKEs.exe
  2⤵
  PID:4744
- C:\Windows\System\RvNdrDf.exe
  C:\Windows\System\RvNdrDf.exe
  2⤵
  PID:2928
- C:\Windows\System\YHkJWlt.exe
  C:\Windows\System\YHkJWlt.exe
  2⤵
  PID:2972
- C:\Windows\System\jOXSQOF.exe
  C:\Windows\System\jOXSQOF.exe
  2⤵
  PID:5092
- C:\Windows\System\oPQtojY.exe
  C:\Windows\System\oPQtojY.exe
  2⤵
  PID:5132
- C:\Windows\System\OwyDsnj.exe
  C:\Windows\System\OwyDsnj.exe
  2⤵
  PID:5152
- C:\Windows\System\siozuyb.exe
  C:\Windows\System\siozuyb.exe
  2⤵
  PID:5172
- C:\Windows\System\cFCXvVs.exe
  C:\Windows\System\cFCXvVs.exe
  2⤵
  PID:5192
- C:\Windows\System\YXunGcD.exe
  C:\Windows\System\YXunGcD.exe
  2⤵
  PID:5208
- C:\Windows\System\IXNonji.exe
  C:\Windows\System\IXNonji.exe
  2⤵
  PID:5228
- C:\Windows\System\rbbGGxB.exe
  C:\Windows\System\rbbGGxB.exe
  2⤵
  PID:5252
- C:\Windows\System\qEaRyZq.exe
  C:\Windows\System\qEaRyZq.exe
  2⤵
  PID:5272
- C:\Windows\System\wwKfHXQ.exe
  C:\Windows\System\wwKfHXQ.exe
  2⤵
  PID:5292
- C:\Windows\System\Rzhfukd.exe
  C:\Windows\System\Rzhfukd.exe
  2⤵
  PID:5312
- C:\Windows\System\IxAiyMG.exe
  C:\Windows\System\IxAiyMG.exe
  2⤵
  PID:5336
- C:\Windows\System\BZcAPco.exe
  C:\Windows\System\BZcAPco.exe
  2⤵
  PID:5352
- C:\Windows\System\swHEwca.exe
  C:\Windows\System\swHEwca.exe
  2⤵
  PID:5372
- C:\Windows\System\spvZYVX.exe
  C:\Windows\System\spvZYVX.exe
  2⤵
  PID:5392
- C:\Windows\System\LUQIojx.exe
  C:\Windows\System\LUQIojx.exe
  2⤵
  PID:5412
- C:\Windows\System\bmTgteD.exe
  C:\Windows\System\bmTgteD.exe
  2⤵
  PID:5432
- C:\Windows\System\YgvfMov.exe
  C:\Windows\System\YgvfMov.exe
  2⤵
  PID:5452
- C:\Windows\System\tWVFPwh.exe
  C:\Windows\System\tWVFPwh.exe
  2⤵
  PID:5472
- C:\Windows\System\PWYoIhn.exe
  C:\Windows\System\PWYoIhn.exe
  2⤵
  PID:5492
- C:\Windows\System\bZsCIwN.exe
  C:\Windows\System\bZsCIwN.exe
  2⤵
  PID:5512
- C:\Windows\System\KrzkekP.exe
  C:\Windows\System\KrzkekP.exe
  2⤵
  PID:5536
- C:\Windows\System\JpEtMQR.exe
  C:\Windows\System\JpEtMQR.exe
  2⤵
  PID:5552
- C:\Windows\System\xTctPcS.exe
  C:\Windows\System\xTctPcS.exe
  2⤵
  PID:5576
- C:\Windows\System\GhbgmQR.exe
  C:\Windows\System\GhbgmQR.exe
  2⤵
  PID:5596
- C:\Windows\System\zMrqqZi.exe
  C:\Windows\System\zMrqqZi.exe
  2⤵
  PID:5612
- C:\Windows\System\SLXxjvI.exe
  C:\Windows\System\SLXxjvI.exe
  2⤵
  PID:5636
- C:\Windows\System\PrcqmJt.exe
  C:\Windows\System\PrcqmJt.exe
  2⤵
  PID:5652
- C:\Windows\System\DDbTVsJ.exe
  C:\Windows\System\DDbTVsJ.exe
  2⤵
  PID:5668
- C:\Windows\System\ZodUmCY.exe
  C:\Windows\System\ZodUmCY.exe
  2⤵
  PID:5692
- C:\Windows\System\rbBDavr.exe
  C:\Windows\System\rbBDavr.exe
  2⤵
  PID:5708
- C:\Windows\System\rwYFqPU.exe
  C:\Windows\System\rwYFqPU.exe
  2⤵
  PID:5728
- C:\Windows\System\KGKuGiW.exe
  C:\Windows\System\KGKuGiW.exe
  2⤵
  PID:5752
- C:\Windows\System\ohPgWUT.exe
  C:\Windows\System\ohPgWUT.exe
  2⤵
  PID:5772
- C:\Windows\System\MuBNnmD.exe
  C:\Windows\System\MuBNnmD.exe
  2⤵
  PID:5788
- C:\Windows\System\gPjmGvs.exe
  C:\Windows\System\gPjmGvs.exe
  2⤵
  PID:5812
- C:\Windows\System\ypXhHVn.exe
  C:\Windows\System\ypXhHVn.exe
  2⤵
  PID:5828
- C:\Windows\System\ciGePTT.exe
  C:\Windows\System\ciGePTT.exe
  2⤵
  PID:5856
- C:\Windows\System\IIakQPa.exe
  C:\Windows\System\IIakQPa.exe
  2⤵
  PID:5872
- C:\Windows\System\ouTEqIR.exe
  C:\Windows\System\ouTEqIR.exe
  2⤵
  PID:5896
- C:\Windows\System\ZhMCyZr.exe
  C:\Windows\System\ZhMCyZr.exe
  2⤵
  PID:5916
- C:\Windows\System\HmqCtZq.exe
  C:\Windows\System\HmqCtZq.exe
  2⤵
  PID:5932
- C:\Windows\System\VsttAGI.exe
  C:\Windows\System\VsttAGI.exe
  2⤵
  PID:5952
- C:\Windows\System\TOIGUfk.exe
  C:\Windows\System\TOIGUfk.exe
  2⤵
  PID:5976
- C:\Windows\System\RMyBVme.exe
  C:\Windows\System\RMyBVme.exe
  2⤵
  PID:5992
- C:\Windows\System\zMsMmDB.exe
  C:\Windows\System\zMsMmDB.exe
  2⤵
  PID:6012
- C:\Windows\System\fiAkjXp.exe
  C:\Windows\System\fiAkjXp.exe
  2⤵
  PID:6028
- C:\Windows\System\kWKUonq.exe
  C:\Windows\System\kWKUonq.exe
  2⤵
  PID:6052
- C:\Windows\System\zhNTZiP.exe
  C:\Windows\System\zhNTZiP.exe
  2⤵
  PID:6068
- C:\Windows\System\HCucbPe.exe
  C:\Windows\System\HCucbPe.exe
  2⤵
  PID:6092
- C:\Windows\System\BpjajoH.exe
  C:\Windows\System\BpjajoH.exe
  2⤵
  PID:6108
- C:\Windows\System\DiuGTCo.exe
  C:\Windows\System\DiuGTCo.exe
  2⤵
  PID:6132
- C:\Windows\System\wfAvsmr.exe
  C:\Windows\System\wfAvsmr.exe
  2⤵
  PID:1980
- C:\Windows\System\VfLUBhk.exe
  C:\Windows\System\VfLUBhk.exe
  2⤵
  PID:4132
- C:\Windows\System\cqvyedx.exe
  C:\Windows\System\cqvyedx.exe
  2⤵
  PID:3304
- C:\Windows\System\BbfyVqv.exe
  C:\Windows\System\BbfyVqv.exe
  2⤵
  PID:4128
- C:\Windows\System\ikJbWeG.exe
  C:\Windows\System\ikJbWeG.exe
  2⤵
  PID:4708
- C:\Windows\System\yYGaqnU.exe
  C:\Windows\System\yYGaqnU.exe
  2⤵
  PID:2260
- C:\Windows\System\cFVjxse.exe
  C:\Windows\System\cFVjxse.exe
  2⤵
  PID:4972
- C:\Windows\System\KtjGute.exe
  C:\Windows\System\KtjGute.exe
  2⤵
  PID:5248
- C:\Windows\System\IHmFCNB.exe
  C:\Windows\System\IHmFCNB.exe
  2⤵
  PID:2968
- C:\Windows\System\pPKSUgO.exe
  C:\Windows\System\pPKSUgO.exe
  2⤵
  PID:5288
- C:\Windows\System\woWClSg.exe
  C:\Windows\System\woWClSg.exe
  2⤵
  PID:5224
- C:\Windows\System\NEUUGxP.exe
  C:\Windows\System\NEUUGxP.exe
  2⤵
  PID:5332
- C:\Windows\System\DkbiWsq.exe
  C:\Windows\System\DkbiWsq.exe
  2⤵
  PID:5364
- C:\Windows\System\XoidjKb.exe
  C:\Windows\System\XoidjKb.exe
  2⤵
  PID:5408
- C:\Windows\System\GhZHHjo.exe
  C:\Windows\System\GhZHHjo.exe
  2⤵
  PID:5448
- C:\Windows\System\AaTmfjz.exe
  C:\Windows\System\AaTmfjz.exe
  2⤵
  PID:5480
- C:\Windows\System\xmrLMvl.exe
  C:\Windows\System\xmrLMvl.exe
  2⤵
  PID:5524
- C:\Windows\System\SAotrUL.exe
  C:\Windows\System\SAotrUL.exe
  2⤵
  PID:5428
- C:\Windows\System\aVzNbNI.exe
  C:\Windows\System\aVzNbNI.exe
  2⤵
  PID:5572
- C:\Windows\System\geCsQEl.exe
  C:\Windows\System\geCsQEl.exe
  2⤵
  PID:5460
- C:\Windows\System\DyfXqwI.exe
  C:\Windows\System\DyfXqwI.exe
  2⤵
  PID:5508
- C:\Windows\System\mqyjXZZ.exe
  C:\Windows\System\mqyjXZZ.exe
  2⤵
  PID:5548
- C:\Windows\System\cvhGaEw.exe
  C:\Windows\System\cvhGaEw.exe
  2⤵
  PID:5720
- C:\Windows\System\xXoJWUf.exe
  C:\Windows\System\xXoJWUf.exe
  2⤵
  PID:5632
- C:\Windows\System\DAUJrIo.exe
  C:\Windows\System\DAUJrIo.exe
  2⤵
  PID:5700
- C:\Windows\System\cxuYcNc.exe
  C:\Windows\System\cxuYcNc.exe
  2⤵
  PID:5804
- C:\Windows\System\ZignxOR.exe
  C:\Windows\System\ZignxOR.exe
  2⤵
  PID:5836
- C:\Windows\System\GWvtWWb.exe
  C:\Windows\System\GWvtWWb.exe
  2⤵
  PID:5844
- C:\Windows\System\iwbwqex.exe
  C:\Windows\System\iwbwqex.exe
  2⤵
  PID:5924
- C:\Windows\System\zkqlmhs.exe
  C:\Windows\System\zkqlmhs.exe
  2⤵
  PID:5928
- C:\Windows\System\gGAguVC.exe
  C:\Windows\System\gGAguVC.exe
  2⤵
  PID:5864
- C:\Windows\System\FCjzQsA.exe
  C:\Windows\System\FCjzQsA.exe
  2⤵
  PID:6004
- C:\Windows\System\bYMTIuC.exe
  C:\Windows\System\bYMTIuC.exe
  2⤵
  PID:5904
- C:\Windows\System\PoRqryP.exe
  C:\Windows\System\PoRqryP.exe
  2⤵
  PID:6044
- C:\Windows\System\VGwCqHT.exe
  C:\Windows\System\VGwCqHT.exe
  2⤵
  PID:5984
- C:\Windows\System\auwnDiF.exe
  C:\Windows\System\auwnDiF.exe
  2⤵
  PID:6020
- C:\Windows\System\GwtgXWh.exe
  C:\Windows\System\GwtgXWh.exe
  2⤵
  PID:6060
- C:\Windows\System\tBoDWds.exe
  C:\Windows\System\tBoDWds.exe
  2⤵
  PID:4928
- C:\Windows\System\jNKidXS.exe
  C:\Windows\System\jNKidXS.exe
  2⤵
  PID:4396
- C:\Windows\System\dwzwMuG.exe
  C:\Windows\System\dwzwMuG.exe
  2⤵
  PID:5164
- C:\Windows\System\QDHTgtW.exe
  C:\Windows\System\QDHTgtW.exe
  2⤵
  PID:5236
- C:\Windows\System\YTdOHWD.exe
  C:\Windows\System\YTdOHWD.exe
  2⤵
  PID:5148
- C:\Windows\System\ZqQboVP.exe
  C:\Windows\System\ZqQboVP.exe
  2⤵
  PID:4880
- C:\Windows\System\OSgmdtg.exe
  C:\Windows\System\OSgmdtg.exe
  2⤵
  PID:5184
- C:\Windows\System\CaEZMLy.exe
  C:\Windows\System\CaEZMLy.exe
  2⤵
  PID:5300
- C:\Windows\System\EdFvWQb.exe
  C:\Windows\System\EdFvWQb.exe
  2⤵
  PID:2536
- C:\Windows\System\Ijmsjpj.exe
  C:\Windows\System\Ijmsjpj.exe
  2⤵
  PID:5268
- C:\Windows\System\EhgrwaX.exe
  C:\Windows\System\EhgrwaX.exe
  2⤵
  PID:5384
- C:\Windows\System\NjkBTge.exe
  C:\Windows\System\NjkBTge.exe
  2⤵
  PID:5500
- C:\Windows\System\VxBqZdi.exe
  C:\Windows\System\VxBqZdi.exe
  2⤵
  PID:5684
- C:\Windows\System\PyDuaZl.exe
  C:\Windows\System\PyDuaZl.exe
  2⤵
  PID:5560
- C:\Windows\System\FvkFtgh.exe
  C:\Windows\System\FvkFtgh.exe
  2⤵
  PID:5568
- C:\Windows\System\nXVVJVa.exe
  C:\Windows\System\nXVVJVa.exe
  2⤵
  PID:5592
- C:\Windows\System\flmQQlh.exe
  C:\Windows\System\flmQQlh.exe
  2⤵
  PID:5724
- C:\Windows\System\KBmKgYs.exe
  C:\Windows\System\KBmKgYs.exe
  2⤵
  PID:5740
- C:\Windows\System\FQkluIv.exe
  C:\Windows\System\FQkluIv.exe
  2⤵
  PID:5892
- C:\Windows\System\IdVibbH.exe
  C:\Windows\System\IdVibbH.exe
  2⤵
  PID:5944
- C:\Windows\System\jOMtGhw.exe
  C:\Windows\System\jOMtGhw.exe
  2⤵
  PID:5964
- C:\Windows\System\opfFQPp.exe
  C:\Windows\System\opfFQPp.exe
  2⤵
  PID:4536
- C:\Windows\System\plfbiRq.exe
  C:\Windows\System\plfbiRq.exe
  2⤵
  PID:6040
- C:\Windows\System\CFnejGc.exe
  C:\Windows\System\CFnejGc.exe
  2⤵
  PID:5328
- C:\Windows\System\iNMOmwj.exe
  C:\Windows\System\iNMOmwj.exe
  2⤵
  PID:5304
- C:\Windows\System\AUZQHBZ.exe
  C:\Windows\System\AUZQHBZ.exe
  2⤵
  PID:5344
- C:\Windows\System\hsnwvUT.exe
  C:\Windows\System\hsnwvUT.exe
  2⤵
  PID:4316
- C:\Windows\System\ZrspPmu.exe
  C:\Windows\System\ZrspPmu.exe
  2⤵
  PID:4932
- C:\Windows\System\VmLdiqI.exe
  C:\Windows\System\VmLdiqI.exe
  2⤵
  PID:4884
- C:\Windows\System\yXDraNn.exe
  C:\Windows\System\yXDraNn.exe
  2⤵
  PID:5648
- C:\Windows\System\nVPYdZm.exe
  C:\Windows\System\nVPYdZm.exe
  2⤵
  PID:5264
- C:\Windows\System\gTSbFiG.exe
  C:\Windows\System\gTSbFiG.exe
  2⤵
  PID:5848
- C:\Windows\System\qvcsNpc.exe
  C:\Windows\System\qvcsNpc.exe
  2⤵
  PID:2008
- C:\Windows\System\npWanea.exe
  C:\Windows\System\npWanea.exe
  2⤵
  PID:5424
- C:\Windows\System\NOqZTcA.exe
  C:\Windows\System\NOqZTcA.exe
  2⤵
  PID:5884
- C:\Windows\System\pbJIbrm.exe
  C:\Windows\System\pbJIbrm.exe
  2⤵
  PID:5824
- C:\Windows\System\dKLwAVH.exe
  C:\Windows\System\dKLwAVH.exe
  2⤵
  PID:5912
- C:\Windows\System\VNrRcPz.exe
  C:\Windows\System\VNrRcPz.exe
  2⤵
  PID:2240
- C:\Windows\System\Paiusdd.exe
  C:\Windows\System\Paiusdd.exe
  2⤵
  PID:6104
- C:\Windows\System\DCXndwd.exe
  C:\Windows\System\DCXndwd.exe
  2⤵
  PID:6088
- C:\Windows\System\TDqjgii.exe
  C:\Windows\System\TDqjgii.exe
  2⤵
  PID:5676
- C:\Windows\System\eUJaEKg.exe
  C:\Windows\System\eUJaEKg.exe
  2⤵
  PID:3040
- C:\Windows\System\nVZGFxl.exe
  C:\Windows\System\nVZGFxl.exe
  2⤵
  PID:5348
- C:\Windows\System\bRJxglu.exe
  C:\Windows\System\bRJxglu.exe
  2⤵
  PID:5440
- C:\Windows\System\bhOrJpZ.exe
  C:\Windows\System\bhOrJpZ.exe
  2⤵
  PID:5808
- C:\Windows\System\DbrvbAX.exe
  C:\Windows\System\DbrvbAX.exe
  2⤵
  PID:5800
- C:\Windows\System\RqtAIPF.exe
  C:\Windows\System\RqtAIPF.exe
  2⤵
  PID:5868
- C:\Windows\System\moTmTlA.exe
  C:\Windows\System\moTmTlA.exe
  2⤵
  PID:552
- C:\Windows\System\gmrvdGx.exe
  C:\Windows\System\gmrvdGx.exe
  2⤵
  PID:6076
- C:\Windows\System\fOTBtNl.exe
  C:\Windows\System\fOTBtNl.exe
  2⤵
  PID:6036
- C:\Windows\System\otjqWCv.exe
  C:\Windows\System\otjqWCv.exe
  2⤵
  PID:1700
- C:\Windows\System\yMldZtR.exe
  C:\Windows\System\yMldZtR.exe
  2⤵
  PID:5624
- C:\Windows\System\lAuKakc.exe
  C:\Windows\System\lAuKakc.exe
  2⤵
  PID:2180
- C:\Windows\System\BXwyWCl.exe
  C:\Windows\System\BXwyWCl.exe
  2⤵
  PID:1688
- C:\Windows\System\eykhYqk.exe
  C:\Windows\System\eykhYqk.exe
  2⤵
  PID:4080
- C:\Windows\System\ErnlkRU.exe
  C:\Windows\System\ErnlkRU.exe
  2⤵
  PID:2060
- C:\Windows\System\etHTzFM.exe
  C:\Windows\System\etHTzFM.exe
  2⤵
  PID:2976
- C:\Windows\System\vrxWXRf.exe
  C:\Windows\System\vrxWXRf.exe
  2⤵
  PID:6152
- C:\Windows\System\aRZwxSC.exe
  C:\Windows\System\aRZwxSC.exe
  2⤵
  PID:6180
- C:\Windows\System\TcVbioq.exe
  C:\Windows\System\TcVbioq.exe
  2⤵
  PID:6196
- C:\Windows\System\DFahUZO.exe
  C:\Windows\System\DFahUZO.exe
  2⤵
  PID:6220
- C:\Windows\System\jmQHUgB.exe
  C:\Windows\System\jmQHUgB.exe
  2⤵
  PID:6236
- C:\Windows\System\MQPIIVA.exe
  C:\Windows\System\MQPIIVA.exe
  2⤵
  PID:6256
- C:\Windows\System\xfWEQai.exe
  C:\Windows\System\xfWEQai.exe
  2⤵
  PID:6276
- C:\Windows\System\MVWOlVP.exe
  C:\Windows\System\MVWOlVP.exe
  2⤵
  PID:6296
- C:\Windows\System\wNsCnQI.exe
  C:\Windows\System\wNsCnQI.exe
  2⤵
  PID:6312
- C:\Windows\System\ulmwHmY.exe
  C:\Windows\System\ulmwHmY.exe
  2⤵
  PID:6328
- C:\Windows\System\eOxeqHz.exe
  C:\Windows\System\eOxeqHz.exe
  2⤵
  PID:6372
- C:\Windows\System\KKiBxRk.exe
  C:\Windows\System\KKiBxRk.exe
  2⤵
  PID:6392
- C:\Windows\System\GcuQTJd.exe
  C:\Windows\System\GcuQTJd.exe
  2⤵
  PID:6408
- C:\Windows\System\WhfRLuL.exe
  C:\Windows\System\WhfRLuL.exe
  2⤵
  PID:6432
- C:\Windows\System\FmxlYmU.exe
  C:\Windows\System\FmxlYmU.exe
  2⤵
  PID:6448
- C:\Windows\System\NbMppji.exe
  C:\Windows\System\NbMppji.exe
  2⤵
  PID:6464
- C:\Windows\System\ddaLmhj.exe
  C:\Windows\System\ddaLmhj.exe
  2⤵
  PID:6480
- C:\Windows\System\eTkRmYo.exe
  C:\Windows\System\eTkRmYo.exe
  2⤵
  PID:6496
- C:\Windows\System\yTLdmRI.exe
  C:\Windows\System\yTLdmRI.exe
  2⤵
  PID:6512
- C:\Windows\System\lkFTHmT.exe
  C:\Windows\System\lkFTHmT.exe
  2⤵
  PID:6528
- C:\Windows\System\VMgwsqd.exe
  C:\Windows\System\VMgwsqd.exe
  2⤵
  PID:6572
- C:\Windows\System\aHeNWPV.exe
  C:\Windows\System\aHeNWPV.exe
  2⤵
  PID:6588
- C:\Windows\System\AJBwBfH.exe
  C:\Windows\System\AJBwBfH.exe
  2⤵
  PID:6608
- C:\Windows\System\IWwtlJr.exe
  C:\Windows\System\IWwtlJr.exe
  2⤵
  PID:6624
- C:\Windows\System\zFhCumo.exe
  C:\Windows\System\zFhCumo.exe
  2⤵
  PID:6652
- C:\Windows\System\FqzeJvv.exe
  C:\Windows\System\FqzeJvv.exe
  2⤵
  PID:6668
- C:\Windows\System\vgxNbsj.exe
  C:\Windows\System\vgxNbsj.exe
  2⤵
  PID:6684
- C:\Windows\System\aVHHpCQ.exe
  C:\Windows\System\aVHHpCQ.exe
  2⤵
  PID:6700
- C:\Windows\System\fwhuimI.exe
  C:\Windows\System\fwhuimI.exe
  2⤵
  PID:6716
- C:\Windows\System\TndETbq.exe
  C:\Windows\System\TndETbq.exe
  2⤵
  PID:6732
- C:\Windows\System\ntAmKLy.exe
  C:\Windows\System\ntAmKLy.exe
  2⤵
  PID:6748
- C:\Windows\System\SFzflsD.exe
  C:\Windows\System\SFzflsD.exe
  2⤵
  PID:6764
- C:\Windows\System\sthhOJZ.exe
  C:\Windows\System\sthhOJZ.exe
  2⤵
  PID:6780
- C:\Windows\System\CeDTpMI.exe
  C:\Windows\System\CeDTpMI.exe
  2⤵
  PID:6796
- C:\Windows\System\oALbYmE.exe
  C:\Windows\System\oALbYmE.exe
  2⤵
  PID:6812
- C:\Windows\System\YdCanAF.exe
  C:\Windows\System\YdCanAF.exe
  2⤵
  PID:6828
- C:\Windows\System\BsmVDwr.exe
  C:\Windows\System\BsmVDwr.exe
  2⤵
  PID:6844
- C:\Windows\System\uVQMcvI.exe
  C:\Windows\System\uVQMcvI.exe
  2⤵
  PID:6860
- C:\Windows\System\kuoEsrg.exe
  C:\Windows\System\kuoEsrg.exe
  2⤵
  PID:6944
- C:\Windows\System\fPXpvDE.exe
  C:\Windows\System\fPXpvDE.exe
  2⤵
  PID:6960
- C:\Windows\System\KqgcAsN.exe
  C:\Windows\System\KqgcAsN.exe
  2⤵
  PID:6988
- C:\Windows\System\bzodEln.exe
  C:\Windows\System\bzodEln.exe
  2⤵
  PID:7004
- C:\Windows\System\rlWzuxn.exe
  C:\Windows\System\rlWzuxn.exe
  2⤵
  PID:7024
- C:\Windows\System\rdTLfFh.exe
  C:\Windows\System\rdTLfFh.exe
  2⤵
  PID:7040
- C:\Windows\System\dBTNbiw.exe
  C:\Windows\System\dBTNbiw.exe
  2⤵
  PID:7056
- C:\Windows\System\ZTdMmtm.exe
  C:\Windows\System\ZTdMmtm.exe
  2⤵
  PID:7072
- C:\Windows\System\NpqyZdW.exe
  C:\Windows\System\NpqyZdW.exe
  2⤵
  PID:7088
- C:\Windows\System\gIwBQBh.exe
  C:\Windows\System\gIwBQBh.exe
  2⤵
  PID:7112
- C:\Windows\System\HqYAZqA.exe
  C:\Windows\System\HqYAZqA.exe
  2⤵
  PID:2036
- C:\Windows\System\AVQnbmE.exe
  C:\Windows\System\AVQnbmE.exe
  2⤵
  PID:2572
- C:\Windows\System\JyACSbC.exe
  C:\Windows\System\JyACSbC.exe
  2⤵
  PID:5764
- C:\Windows\System\yuHzEIM.exe
  C:\Windows\System\yuHzEIM.exe
  2⤵
  PID:6172
- C:\Windows\System\rpkqsuY.exe
  C:\Windows\System\rpkqsuY.exe
  2⤵
  PID:6204
- C:\Windows\System\mtXwniB.exe
  C:\Windows\System\mtXwniB.exe
  2⤵
  PID:6208
- C:\Windows\System\UqLLhEC.exe
  C:\Windows\System\UqLLhEC.exe
  2⤵
  PID:2084
- C:\Windows\System\fxGaJQx.exe
  C:\Windows\System\fxGaJQx.exe
  2⤵
  PID:2776
- C:\Windows\System\zjzDTJf.exe
  C:\Windows\System\zjzDTJf.exe
  2⤵
  PID:2888
- C:\Windows\System\mnDbPOv.exe
  C:\Windows\System\mnDbPOv.exe
  2⤵
  PID:4608
- C:\Windows\System\BOIgjio.exe
  C:\Windows\System\BOIgjio.exe
  2⤵
  PID:2880
- C:\Windows\System\yOdsQGh.exe
  C:\Windows\System\yOdsQGh.exe
  2⤵
  PID:6264
- C:\Windows\System\TTgekci.exe
  C:\Windows\System\TTgekci.exe
  2⤵
  PID:6308
- C:\Windows\System\aIjgDea.exe
  C:\Windows\System\aIjgDea.exe
  2⤵
  PID:6380
- C:\Windows\System\lJCIHdV.exe
  C:\Windows\System\lJCIHdV.exe
  2⤵
  PID:6416
- C:\Windows\System\CBRMjWn.exe
  C:\Windows\System\CBRMjWn.exe
  2⤵
  PID:6400
- C:\Windows\System\vbYOHeQ.exe
  C:\Windows\System\vbYOHeQ.exe
  2⤵
  PID:6456
- C:\Windows\System\CZXtKdC.exe
  C:\Windows\System\CZXtKdC.exe
  2⤵
  PID:6360
- C:\Windows\System\Ymcaaeu.exe
  C:\Windows\System\Ymcaaeu.exe
  2⤵
  PID:1336
- C:\Windows\System\ROHoKfN.exe
  C:\Windows\System\ROHoKfN.exe
  2⤵
  PID:6560
- C:\Windows\System\AwXZHkm.exe
  C:\Windows\System\AwXZHkm.exe
  2⤵
  PID:6568
- C:\Windows\System\HLaQRXb.exe
  C:\Windows\System\HLaQRXb.exe
  2⤵
  PID:6536
- C:\Windows\System\nrbeWRx.exe
  C:\Windows\System\nrbeWRx.exe
  2⤵
  PID:6596
- C:\Windows\System\TLPFKMV.exe
  C:\Windows\System\TLPFKMV.exe
  2⤵
  PID:6664
- C:\Windows\System\qUfSzUq.exe
  C:\Windows\System\qUfSzUq.exe
  2⤵
  PID:6728
- C:\Windows\System\NiQVSEN.exe
  C:\Windows\System\NiQVSEN.exe
  2⤵
  PID:6792
- C:\Windows\System\RTQffpU.exe
  C:\Windows\System\RTQffpU.exe
  2⤵
  PID:6856
- C:\Windows\System\ORukjiL.exe
  C:\Windows\System\ORukjiL.exe
  2⤵
  PID:6640
- C:\Windows\System\tXYzrDs.exe
  C:\Windows\System\tXYzrDs.exe
  2⤵
  PID:6712
- C:\Windows\System\vjTwoln.exe
  C:\Windows\System\vjTwoln.exe
  2⤵
  PID:6804
- C:\Windows\System\ObOOQfT.exe
  C:\Windows\System\ObOOQfT.exe
  2⤵
  PID:6840
- C:\Windows\System\OXgjiTo.exe
  C:\Windows\System\OXgjiTo.exe
  2⤵
  PID:6604
- C:\Windows\System\qerYMtK.exe
  C:\Windows\System\qerYMtK.exe
  2⤵
  PID:1252
- C:\Windows\System\ClEZUIy.exe
  C:\Windows\System\ClEZUIy.exe
  2⤵
  PID:6940
- C:\Windows\System\atAEzJS.exe
  C:\Windows\System\atAEzJS.exe
  2⤵
  PID:6916
- C:\Windows\System\ckApSIt.exe
  C:\Windows\System\ckApSIt.exe
  2⤵
  PID:6996
- C:\Windows\System\GeswTBv.exe
  C:\Windows\System\GeswTBv.exe
  2⤵
  PID:7064
- C:\Windows\System\kJOcGCx.exe
  C:\Windows\System\kJOcGCx.exe
  2⤵
  PID:7104
- C:\Windows\System\HXNhJbF.exe
  C:\Windows\System\HXNhJbF.exe
  2⤵
  PID:6976
- C:\Windows\System\aOMytJx.exe
  C:\Windows\System\aOMytJx.exe
  2⤵
  PID:7020
- C:\Windows\System\ObNmPBr.exe
  C:\Windows\System\ObNmPBr.exe
  2⤵
  PID:7084
- C:\Windows\System\coaUdQI.exe
  C:\Windows\System\coaUdQI.exe
  2⤵
  PID:7148
- C:\Windows\System\SabcRVi.exe
  C:\Windows\System\SabcRVi.exe
  2⤵
  PID:1284
- C:\Windows\System\gPuquYz.exe
  C:\Windows\System\gPuquYz.exe
  2⤵
  PID:6100
- C:\Windows\System\VyLpFLo.exe
  C:\Windows\System\VyLpFLo.exe
  2⤵
  PID:5588
- C:\Windows\System\ieABepF.exe
  C:\Windows\System\ieABepF.exe
  2⤵
  PID:5748
- C:\Windows\System\bqVvlva.exe
  C:\Windows\System\bqVvlva.exe
  2⤵
  PID:6248
- C:\Windows\System\CAwsqRG.exe
  C:\Windows\System\CAwsqRG.exe
  2⤵
  PID:1684
- C:\Windows\System\xwimnWC.exe
  C:\Windows\System\xwimnWC.exe
  2⤵
  PID:1900
- C:\Windows\System\pEbrabD.exe
  C:\Windows\System\pEbrabD.exe
  2⤵
  PID:6252
- C:\Windows\System\jwXMIWC.exe
  C:\Windows\System\jwXMIWC.exe
  2⤵
  PID:6232
- C:\Windows\System\NNdodtf.exe
  C:\Windows\System\NNdodtf.exe
  2⤵
  PID:6352
- C:\Windows\System\YdKIwwo.exe
  C:\Windows\System\YdKIwwo.exe
  2⤵
  PID:6368
- C:\Windows\System\BseUOlv.exe
  C:\Windows\System\BseUOlv.exe
  2⤵
  PID:6524
- C:\Windows\System\zlAKxzY.exe
  C:\Windows\System\zlAKxzY.exe
  2⤵
  PID:6620
- C:\Windows\System\hycabdE.exe
  C:\Windows\System\hycabdE.exe
  2⤵
  PID:6580
- C:\Windows\System\nqEtnrB.exe
  C:\Windows\System\nqEtnrB.exe
  2⤵
  PID:6472
- C:\Windows\System\MYKiNHU.exe
  C:\Windows\System\MYKiNHU.exe
  2⤵
  PID:2896
- C:\Windows\System\KlsMZrb.exe
  C:\Windows\System\KlsMZrb.exe
  2⤵
  PID:6788
- C:\Windows\System\NMeMAHs.exe
  C:\Windows\System\NMeMAHs.exe
  2⤵
  PID:6696
- C:\Windows\System\wSDCawC.exe
  C:\Windows\System\wSDCawC.exe
  2⤵
  PID:6676
- C:\Windows\System\AuCAZtk.exe
  C:\Windows\System\AuCAZtk.exe
  2⤵
  PID:6744
- C:\Windows\System\WPRtZak.exe
  C:\Windows\System\WPRtZak.exe
  2⤵
  PID:6884
- C:\Windows\System\ZMkOvZb.exe
  C:\Windows\System\ZMkOvZb.exe
  2⤵
  PID:5784
- C:\Windows\System\pNntgNn.exe
  C:\Windows\System\pNntgNn.exe
  2⤵
  PID:5140
- C:\Windows\System\kNpFyll.exe
  C:\Windows\System\kNpFyll.exe
  2⤵
  PID:6912
- C:\Windows\System\NdmbyNh.exe
  C:\Windows\System\NdmbyNh.exe
  2⤵
  PID:6900
- C:\Windows\System\AEkLvWJ.exe
  C:\Windows\System\AEkLvWJ.exe
  2⤵
  PID:7032
- C:\Windows\System\VfwTKSH.exe
  C:\Windows\System\VfwTKSH.exe
  2⤵
  PID:7140
- C:\Windows\System\IqFqsaA.exe
  C:\Windows\System\IqFqsaA.exe
  2⤵
  PID:6476
- C:\Windows\System\hBfAAZR.exe
  C:\Windows\System\hBfAAZR.exe
  2⤵
  PID:6648
- C:\Windows\System\nxmMIWZ.exe
  C:\Windows\System\nxmMIWZ.exe
  2⤵
  PID:6892
- C:\Windows\System\zKAjbtE.exe
  C:\Windows\System\zKAjbtE.exe
  2⤵
  PID:6492
- C:\Windows\System\CFGCZxq.exe
  C:\Windows\System\CFGCZxq.exe
  2⤵
  PID:1544
- C:\Windows\System\pDZOyjk.exe
  C:\Windows\System\pDZOyjk.exe
  2⤵
  PID:6928
- C:\Windows\System\lUDsnNA.exe
  C:\Windows\System\lUDsnNA.exe
  2⤵
  PID:7144
- C:\Windows\System\dwsbfsJ.exe
  C:\Windows\System\dwsbfsJ.exe
  2⤵
  PID:7036
- C:\Windows\System\rcILWLL.exe
  C:\Windows\System\rcILWLL.exe
  2⤵
  PID:2596
- C:\Windows\System\MUhseAM.exe
  C:\Windows\System\MUhseAM.exe
  2⤵
  PID:2324
- C:\Windows\System\ynJvJWD.exe
  C:\Windows\System\ynJvJWD.exe
  2⤵
  PID:6660
- C:\Windows\System\wecKqeM.exe
  C:\Windows\System\wecKqeM.exe
  2⤵
  PID:7164
- C:\Windows\System\NNFXICj.exe
  C:\Windows\System\NNFXICj.exe
  2⤵
  PID:1636
- C:\Windows\System\dDpEOsK.exe
  C:\Windows\System\dDpEOsK.exe
  2⤵
  PID:6852
- C:\Windows\System\lIstRHD.exe
  C:\Windows\System\lIstRHD.exe
  2⤵
  PID:2668
- C:\Windows\System\kpGRHVo.exe
  C:\Windows\System\kpGRHVo.exe
  2⤵
  PID:6616
- C:\Windows\System\WocAAht.exe
  C:\Windows\System\WocAAht.exe
  2⤵
  PID:7184
- C:\Windows\System\sScoRdS.exe
  C:\Windows\System\sScoRdS.exe
  2⤵
  PID:7208
- C:\Windows\System\zuMreQK.exe
  C:\Windows\System\zuMreQK.exe
  2⤵
  PID:7224
- C:\Windows\System\RETBGwX.exe
  C:\Windows\System\RETBGwX.exe
  2⤵
  PID:7248
- C:\Windows\System\AUOaGEa.exe
  C:\Windows\System\AUOaGEa.exe
  2⤵
  PID:7272
- C:\Windows\System\omiczrI.exe
  C:\Windows\System\omiczrI.exe
  2⤵
  PID:7288
- C:\Windows\System\xFBZOFn.exe
  C:\Windows\System\xFBZOFn.exe
  2⤵
  PID:7356
- C:\Windows\System\jOOifsG.exe
  C:\Windows\System\jOOifsG.exe
  2⤵
  PID:7376
- C:\Windows\System\kXNPXPB.exe
  C:\Windows\System\kXNPXPB.exe
  2⤵
  PID:7396
- C:\Windows\System\aDfUoyA.exe
  C:\Windows\System\aDfUoyA.exe
  2⤵
  PID:7412
- C:\Windows\System\TCHHezq.exe
  C:\Windows\System\TCHHezq.exe
  2⤵
  PID:7428
- C:\Windows\System\IIhhoca.exe
  C:\Windows\System\IIhhoca.exe
  2⤵
  PID:7444
- C:\Windows\System\drQqXuW.exe
  C:\Windows\System\drQqXuW.exe
  2⤵
  PID:7460
- C:\Windows\System\wBinXxo.exe
  C:\Windows\System\wBinXxo.exe
  2⤵
  PID:7476
- C:\Windows\System\tLHxOVl.exe
  C:\Windows\System\tLHxOVl.exe
  2⤵
  PID:7492
- C:\Windows\System\aYINXOX.exe
  C:\Windows\System\aYINXOX.exe
  2⤵
  PID:7508
- C:\Windows\System\fpoONeo.exe
  C:\Windows\System\fpoONeo.exe
  2⤵
  PID:7524
- C:\Windows\System\lqZbiRB.exe
  C:\Windows\System\lqZbiRB.exe
  2⤵
  PID:7540
- C:\Windows\System\kvxuDBG.exe
  C:\Windows\System\kvxuDBG.exe
  2⤵
  PID:7604
- C:\Windows\System\QcTUybu.exe
  C:\Windows\System\QcTUybu.exe
  2⤵
  PID:7620
- C:\Windows\System\uidspoc.exe
  C:\Windows\System\uidspoc.exe
  2⤵
  PID:7636
- C:\Windows\System\zOKOWqt.exe
  C:\Windows\System\zOKOWqt.exe
  2⤵
  PID:7652
- C:\Windows\System\oJgeDNy.exe
  C:\Windows\System\oJgeDNy.exe
  2⤵
  PID:7668
- C:\Windows\System\WNAxguh.exe
  C:\Windows\System\WNAxguh.exe
  2⤵
  PID:7684
- C:\Windows\System\qzRtcfH.exe
  C:\Windows\System\qzRtcfH.exe
  2⤵
  PID:7700
- C:\Windows\System\uGuqMIH.exe
  C:\Windows\System\uGuqMIH.exe
  2⤵
  PID:7716
- C:\Windows\System\HRXbNil.exe
  C:\Windows\System\HRXbNil.exe
  2⤵
  PID:7732
- C:\Windows\System\CZJhfDG.exe
  C:\Windows\System\CZJhfDG.exe
  2⤵
  PID:7752
- C:\Windows\System\nqmsNDb.exe
  C:\Windows\System\nqmsNDb.exe
  2⤵
  PID:7772
- C:\Windows\System\ihoYbjr.exe
  C:\Windows\System\ihoYbjr.exe
  2⤵
  PID:7792
- C:\Windows\System\ZYkcwBH.exe
  C:\Windows\System\ZYkcwBH.exe
  2⤵
  PID:7816
- C:\Windows\System\ZiQgumT.exe
  C:\Windows\System\ZiQgumT.exe
  2⤵
  PID:7864
- C:\Windows\System\IIaXSkV.exe
  C:\Windows\System\IIaXSkV.exe
  2⤵
  PID:7880
- C:\Windows\System\JFlFKYe.exe
  C:\Windows\System\JFlFKYe.exe
  2⤵
  PID:7896
- C:\Windows\System\nLvpOvr.exe
  C:\Windows\System\nLvpOvr.exe
  2⤵
  PID:7912
- C:\Windows\System\UThplpv.exe
  C:\Windows\System\UThplpv.exe
  2⤵
  PID:7928
- C:\Windows\System\wFEFPUP.exe
  C:\Windows\System\wFEFPUP.exe
  2⤵
  PID:7944
- C:\Windows\System\KfQlhNz.exe
  C:\Windows\System\KfQlhNz.exe
  2⤵
  PID:7960
- C:\Windows\System\hIaZhLl.exe
  C:\Windows\System\hIaZhLl.exe
  2⤵
  PID:7976
- C:\Windows\System\xzaQHne.exe
  C:\Windows\System\xzaQHne.exe
  2⤵
  PID:8000
- C:\Windows\System\rboYAlc.exe
  C:\Windows\System\rboYAlc.exe
  2⤵
  PID:8020
- C:\Windows\System\puMixYM.exe
  C:\Windows\System\puMixYM.exe
  2⤵
  PID:8036
- C:\Windows\System\XtNGEhp.exe
  C:\Windows\System\XtNGEhp.exe
  2⤵
  PID:8052
- C:\Windows\System\rPJdphK.exe
  C:\Windows\System\rPJdphK.exe
  2⤵
  PID:8068
- C:\Windows\System\SZTQJao.exe
  C:\Windows\System\SZTQJao.exe
  2⤵
  PID:8084
- C:\Windows\System\cutnWQJ.exe
  C:\Windows\System\cutnWQJ.exe
  2⤵
  PID:8104
- C:\Windows\System\BCNpfdM.exe
  C:\Windows\System\BCNpfdM.exe
  2⤵
  PID:8124
- C:\Windows\System\pBDMYEL.exe
  C:\Windows\System\pBDMYEL.exe
  2⤵
  PID:8148
- C:\Windows\System\fFCkstb.exe
  C:\Windows\System\fFCkstb.exe
  2⤵
  PID:8168
- C:\Windows\System\oTaqDIK.exe
  C:\Windows\System\oTaqDIK.exe
  2⤵
  PID:8184
- C:\Windows\System\fDkeeIA.exe
  C:\Windows\System\fDkeeIA.exe
  2⤵
  PID:6836
- C:\Windows\System\wnXPFGJ.exe
  C:\Windows\System\wnXPFGJ.exe
  2⤵
  PID:6304
- C:\Windows\System\NIgKTxi.exe
  C:\Windows\System\NIgKTxi.exe
  2⤵
  PID:6540
- C:\Windows\System\aiDjVET.exe
  C:\Windows\System\aiDjVET.exe
  2⤵
  PID:6952
- C:\Windows\System\bKmdmHJ.exe
  C:\Windows\System\bKmdmHJ.exe
  2⤵
  PID:6444
- C:\Windows\System\IFEBHmt.exe
  C:\Windows\System\IFEBHmt.exe
  2⤵
  PID:6000
- C:\Windows\System\dPmMrHP.exe
  C:\Windows\System\dPmMrHP.exe
  2⤵
  PID:7284
- C:\Windows\System\SCsxepY.exe
  C:\Windows\System\SCsxepY.exe
  2⤵
  PID:7216
- C:\Windows\System\sbbumPi.exe
  C:\Windows\System\sbbumPi.exe
  2⤵
  PID:7260
- C:\Windows\System\yiylzzE.exe
  C:\Windows\System\yiylzzE.exe
  2⤵
  PID:7308
- C:\Windows\System\GZurDGC.exe
  C:\Windows\System\GZurDGC.exe
  2⤵
  PID:7328
- C:\Windows\System\ruMGseF.exe
  C:\Windows\System\ruMGseF.exe
  2⤵
  PID:7372
- C:\Windows\System\wyhYEJO.exe
  C:\Windows\System\wyhYEJO.exe
  2⤵
  PID:7404
- C:\Windows\System\PCdCbpU.exe
  C:\Windows\System\PCdCbpU.exe
  2⤵
  PID:7536
- C:\Windows\System\eIDHhMP.exe
  C:\Windows\System\eIDHhMP.exe
  2⤵
  PID:7420
- C:\Windows\System\rtUwkUI.exe
  C:\Windows\System\rtUwkUI.exe
  2⤵
  PID:7488
- C:\Windows\System\EEwAFhz.exe
  C:\Windows\System\EEwAFhz.exe
  2⤵
  PID:7564
- C:\Windows\System\IPGKfpz.exe
  C:\Windows\System\IPGKfpz.exe
  2⤵
  PID:7580
- C:\Windows\System\slMNyyK.exe
  C:\Windows\System\slMNyyK.exe
  2⤵
  PID:7596
- C:\Windows\System\sowlJNY.exe
  C:\Windows\System\sowlJNY.exe
  2⤵
  PID:7648
- C:\Windows\System\CQcTxSt.exe
  C:\Windows\System\CQcTxSt.exe
  2⤵
  PID:7740
- C:\Windows\System\jRjTnGo.exe
  C:\Windows\System\jRjTnGo.exe
  2⤵
  PID:7616
- C:\Windows\System\ShAcBZU.exe
  C:\Windows\System\ShAcBZU.exe
  2⤵
  PID:7784
- C:\Windows\System\RocPtLD.exe
  C:\Windows\System\RocPtLD.exe
  2⤵
  PID:7724
- C:\Windows\System\OqDTlHY.exe
  C:\Windows\System\OqDTlHY.exe
  2⤵
  PID:7664
- C:\Windows\System\bxSxLwU.exe
  C:\Windows\System\bxSxLwU.exe
  2⤵
  PID:7800
- C:\Windows\System\zZXMbWv.exe
  C:\Windows\System\zZXMbWv.exe
  2⤵
  PID:7832
- C:\Windows\System\mbGUqBJ.exe
  C:\Windows\System\mbGUqBJ.exe
  2⤵
  PID:7852
- C:\Windows\System\RjdVGTi.exe
  C:\Windows\System\RjdVGTi.exe
  2⤵
  PID:7956
- C:\Windows\System\kGDDcFk.exe
  C:\Windows\System\kGDDcFk.exe
  2⤵
  PID:7992
- C:\Windows\System\yfvQuVy.exe
  C:\Windows\System\yfvQuVy.exe
  2⤵
  PID:8064
- C:\Windows\System\esQeDhv.exe
  C:\Windows\System\esQeDhv.exe
  2⤵
  PID:8132
- C:\Windows\System\OrYgoxv.exe
  C:\Windows\System\OrYgoxv.exe
  2⤵
  PID:8008
- C:\Windows\System\YabGEOc.exe
  C:\Windows\System\YabGEOc.exe
  2⤵
  PID:8080
- C:\Windows\System\vBTgNdw.exe
  C:\Windows\System\vBTgNdw.exe
  2⤵
  PID:6888
- C:\Windows\System\XbcrKHk.exe
  C:\Windows\System\XbcrKHk.exe
  2⤵
  PID:6632
- C:\Windows\System\zATrMwM.exe
  C:\Windows\System\zATrMwM.exe
  2⤵
  PID:7240
- C:\Windows\System\pQySAjM.exe
  C:\Windows\System\pQySAjM.exe
  2⤵
  PID:7052
- C:\Windows\System\qnkEsee.exe
  C:\Windows\System\qnkEsee.exe
  2⤵
  PID:7204
- C:\Windows\System\zjmZMEz.exe
  C:\Windows\System\zjmZMEz.exe
  2⤵
  PID:6324
- C:\Windows\System\AEsVXzE.exe
  C:\Windows\System\AEsVXzE.exe
  2⤵
  PID:6288
- C:\Windows\System\kQOEiQG.exe
  C:\Windows\System\kQOEiQG.exe
  2⤵
  PID:7268
- C:\Windows\System\DAJSYix.exe
  C:\Windows\System\DAJSYix.exe
  2⤵
  PID:7368
- C:\Windows\System\eZbLErs.exe
  C:\Windows\System\eZbLErs.exe
  2⤵
  PID:7452
- C:\Windows\System\UAqFXOh.exe
  C:\Windows\System\UAqFXOh.exe
  2⤵
  PID:7336
- C:\Windows\System\FgnCJvM.exe
  C:\Windows\System\FgnCJvM.exe
  2⤵
  PID:7500
- C:\Windows\System\lTwaZOy.exe
  C:\Windows\System\lTwaZOy.exe
  2⤵
  PID:7484
- C:\Windows\System\FIFBfsV.exe
  C:\Windows\System\FIFBfsV.exe
  2⤵
  PID:1572
- C:\Windows\System\SinMgZO.exe
  C:\Windows\System\SinMgZO.exe
  2⤵
  PID:7548
- C:\Windows\System\hXEkSsq.exe
  C:\Windows\System\hXEkSsq.exe
  2⤵
  PID:7808
- C:\Windows\System\eDhkCvn.exe
  C:\Windows\System\eDhkCvn.exe
  2⤵
  PID:7764
- C:\Windows\System\KoqMpXj.exe
  C:\Windows\System\KoqMpXj.exe
  2⤵
  PID:7984
- C:\Windows\System\YDdoXWA.exe
  C:\Windows\System\YDdoXWA.exe
  2⤵
  PID:7560
- C:\Windows\System\BgtvENA.exe
  C:\Windows\System\BgtvENA.exe
  2⤵
  PID:7952
- C:\Windows\System\wShnpGp.exe
  C:\Windows\System\wShnpGp.exe
  2⤵
  PID:7768
- C:\Windows\System\DhGfPAN.exe
  C:\Windows\System\DhGfPAN.exe
  2⤵
  PID:7924
- C:\Windows\System\GJcKcNr.exe
  C:\Windows\System\GJcKcNr.exe
  2⤵
  PID:8044
- C:\Windows\System\GvkxBhB.exe
  C:\Windows\System\GvkxBhB.exe
  2⤵
  PID:7876
- C:\Windows\System\sdYlthw.exe
  C:\Windows\System\sdYlthw.exe
  2⤵
  PID:7968
- C:\Windows\System\RldOIWs.exe
  C:\Windows\System\RldOIWs.exe
  2⤵
  PID:8076
- C:\Windows\System\QHFwUfo.exe
  C:\Windows\System\QHFwUfo.exe
  2⤵
  PID:7236
- C:\Windows\System\RETnLQB.exe
  C:\Windows\System\RETnLQB.exe
  2⤵
  PID:7108
- C:\Windows\System\HSUhPpS.exe
  C:\Windows\System\HSUhPpS.exe
  2⤵
  PID:7244
- C:\Windows\System\KxZiPFQ.exe
  C:\Windows\System\KxZiPFQ.exe
  2⤵
  PID:7472
- C:\Windows\System\UYguqab.exe
  C:\Windows\System\UYguqab.exe
  2⤵
  PID:7556
- C:\Windows\System\qTTySjN.exe
  C:\Windows\System\qTTySjN.exe
  2⤵
  PID:7708
- C:\Windows\System\bmvKKIb.exe
  C:\Windows\System\bmvKKIb.exe
  2⤵
  PID:7828
- C:\Windows\System\PjnYSVy.exe
  C:\Windows\System\PjnYSVy.exe
  2⤵
  PID:7972
- C:\Windows\System\bFTqmPH.exe
  C:\Windows\System\bFTqmPH.exe
  2⤵
  PID:8208
- C:\Windows\System\nHXZHCn.exe
  C:\Windows\System\nHXZHCn.exe
  2⤵
  PID:8224
- C:\Windows\System\LvZhLrH.exe
  C:\Windows\System\LvZhLrH.exe
  2⤵
  PID:8240
- C:\Windows\System\LdqfbPW.exe
  C:\Windows\System\LdqfbPW.exe
  2⤵
  PID:8256
- C:\Windows\System\pVWkdgA.exe
  C:\Windows\System\pVWkdgA.exe
  2⤵
  PID:8280
- C:\Windows\System\AwVYjAX.exe
  C:\Windows\System\AwVYjAX.exe
  2⤵
  PID:8300
- C:\Windows\System\OxrIOzP.exe
  C:\Windows\System\OxrIOzP.exe
  2⤵
  PID:8320
- C:\Windows\System\ZLfLNtA.exe
  C:\Windows\System\ZLfLNtA.exe
  2⤵
  PID:8336
- C:\Windows\System\OYhDzCq.exe
  C:\Windows\System\OYhDzCq.exe
  2⤵
  PID:8352
- C:\Windows\System\MnLAwSV.exe
  C:\Windows\System\MnLAwSV.exe
  2⤵
  PID:8372
- C:\Windows\System\nRDIiDY.exe
  C:\Windows\System\nRDIiDY.exe
  2⤵
  PID:8388
- C:\Windows\System\wBMNsRc.exe
  C:\Windows\System\wBMNsRc.exe
  2⤵
  PID:8404
- C:\Windows\System\BdxUGRI.exe
  C:\Windows\System\BdxUGRI.exe
  2⤵
  PID:8420
- C:\Windows\System\sUVzHqP.exe
  C:\Windows\System\sUVzHqP.exe
  2⤵
  PID:8436
- C:\Windows\System\EOByLWX.exe
  C:\Windows\System\EOByLWX.exe
  2⤵
  PID:8452
- C:\Windows\System\AjZQyww.exe
  C:\Windows\System\AjZQyww.exe
  2⤵
  PID:8468
- C:\Windows\System\iEDqZud.exe
  C:\Windows\System\iEDqZud.exe
  2⤵
  PID:8484
- C:\Windows\System\SBotQfp.exe
  C:\Windows\System\SBotQfp.exe
  2⤵
  PID:8500
- C:\Windows\System\oxtAZQO.exe
  C:\Windows\System\oxtAZQO.exe
  2⤵
  PID:8516
- C:\Windows\System\OVkDbDL.exe
  C:\Windows\System\OVkDbDL.exe
  2⤵
  PID:8532
- C:\Windows\System\BFMmOvS.exe
  C:\Windows\System\BFMmOvS.exe
  2⤵
  PID:8548
- C:\Windows\System\GQbIAsr.exe
  C:\Windows\System\GQbIAsr.exe
  2⤵
  PID:8564
- C:\Windows\System\YziPEwm.exe
  C:\Windows\System\YziPEwm.exe
  2⤵
  PID:8580
- C:\Windows\System\lEPQHSi.exe
  C:\Windows\System\lEPQHSi.exe
  2⤵
  PID:8596
- C:\Windows\System\oPTbnMF.exe
  C:\Windows\System\oPTbnMF.exe
  2⤵
  PID:8652
- C:\Windows\System\opqaVGT.exe
  C:\Windows\System\opqaVGT.exe
  2⤵
  PID:8676
- C:\Windows\System\aDgoOxl.exe
  C:\Windows\System\aDgoOxl.exe
  2⤵
  PID:8692
- C:\Windows\System\JjvSJkO.exe
  C:\Windows\System\JjvSJkO.exe
  2⤵
  PID:8708
- C:\Windows\System\KQFWItA.exe
  C:\Windows\System\KQFWItA.exe
  2⤵
  PID:8760
- C:\Windows\System\cWQihVi.exe
  C:\Windows\System\cWQihVi.exe
  2⤵
  PID:8776
- C:\Windows\System\qHBFbpH.exe
  C:\Windows\System\qHBFbpH.exe
  2⤵
  PID:8800
- C:\Windows\System\tLSTIQb.exe
  C:\Windows\System\tLSTIQb.exe
  2⤵
  PID:8816
- C:\Windows\System\lWMCykL.exe
  C:\Windows\System\lWMCykL.exe
  2⤵
  PID:8836
- C:\Windows\System\XMOwMal.exe
  C:\Windows\System\XMOwMal.exe
  2⤵
  PID:8856
- C:\Windows\System\WRxCLko.exe
  C:\Windows\System\WRxCLko.exe
  2⤵
  PID:8872
- C:\Windows\System\HUSCRKv.exe
  C:\Windows\System\HUSCRKv.exe
  2⤵
  PID:8888
- C:\Windows\System\uNSzQEu.exe
  C:\Windows\System\uNSzQEu.exe
  2⤵
  PID:8904
- C:\Windows\System\SqElHNB.exe
  C:\Windows\System\SqElHNB.exe
  2⤵
  PID:8920
- C:\Windows\System\aqclfGk.exe
  C:\Windows\System\aqclfGk.exe
  2⤵
  PID:8936
- C:\Windows\System\bTkdYQp.exe
  C:\Windows\System\bTkdYQp.exe
  2⤵
  PID:9032
- C:\Windows\System\xIsSkld.exe
  C:\Windows\System\xIsSkld.exe
  2⤵
  PID:9052
- C:\Windows\System\fFdcwiy.exe
  C:\Windows\System\fFdcwiy.exe
  2⤵
  PID:9088
- C:\Windows\System\GPsvLpc.exe
  C:\Windows\System\GPsvLpc.exe
  2⤵
  PID:9104
- C:\Windows\System\MsNTZui.exe
  C:\Windows\System\MsNTZui.exe
  2⤵
  PID:9140
- C:\Windows\System\NrlFtLx.exe
  C:\Windows\System\NrlFtLx.exe
  2⤵
  PID:9164
- C:\Windows\System\vdFrBvk.exe
  C:\Windows\System\vdFrBvk.exe
  2⤵
  PID:9180
- C:\Windows\System\ScqZiNZ.exe
  C:\Windows\System\ScqZiNZ.exe
  2⤵
  PID:9196
- C:\Windows\System\WWpHDuz.exe
  C:\Windows\System\WWpHDuz.exe
  2⤵
  PID:9212
- C:\Windows\System\FjTTFKI.exe
  C:\Windows\System\FjTTFKI.exe
  2⤵
  PID:7280
- C:\Windows\System\faITptD.exe
  C:\Windows\System\faITptD.exe
  2⤵
  PID:8380
- C:\Windows\System\krvFhuA.exe
  C:\Windows\System\krvFhuA.exe
  2⤵
  PID:7016
- C:\Windows\System\LkIuRnd.exe
  C:\Windows\System\LkIuRnd.exe
  2⤵
  PID:7320
- C:\Windows\System\ZLUoztQ.exe
  C:\Windows\System\ZLUoztQ.exe
  2⤵
  PID:7552
- C:\Windows\System\qdEjYFL.exe
  C:\Windows\System\qdEjYFL.exe
  2⤵
  PID:8144
- C:\Windows\System\PuwGuWy.exe
  C:\Windows\System\PuwGuWy.exe
  2⤵
  PID:7940
- C:\Windows\System\uTzsslu.exe
  C:\Windows\System\uTzsslu.exe
  2⤵
  PID:7192
- C:\Windows\System\qBEolHe.exe
  C:\Windows\System\qBEolHe.exe
  2⤵
  PID:7576
- C:\Windows\System\reCKCbJ.exe
  C:\Windows\System\reCKCbJ.exe
  2⤵
  PID:8268
- C:\Windows\System\LtMRYtE.exe
  C:\Windows\System\LtMRYtE.exe
  2⤵
  PID:8444
- C:\Windows\System\PYQDnNp.exe
  C:\Windows\System\PYQDnNp.exe
  2⤵
  PID:8252
- C:\Windows\System\CDZFGNR.exe
  C:\Windows\System\CDZFGNR.exe
  2⤵
  PID:8328
- C:\Windows\System\pAZJKwJ.exe
  C:\Windows\System\pAZJKwJ.exe
  2⤵
  PID:8368
- C:\Windows\System\HhQoisf.exe
  C:\Windows\System\HhQoisf.exe
  2⤵
  PID:8432
- C:\Windows\System\JudnWjU.exe
  C:\Windows\System\JudnWjU.exe
  2⤵
  PID:8492
- C:\Windows\System\ikJNiRX.exe
  C:\Windows\System\ikJNiRX.exe
  2⤵
  PID:8556
- C:\Windows\System\ogpmgAr.exe
  C:\Windows\System\ogpmgAr.exe
  2⤵
  PID:8476
- C:\Windows\System\WqjVJQz.exe
  C:\Windows\System\WqjVJQz.exe
  2⤵
  PID:8540
- C:\Windows\System\ewoyMAK.exe
  C:\Windows\System\ewoyMAK.exe
  2⤵
  PID:8604
- C:\Windows\System\AxXNYJK.exe
  C:\Windows\System\AxXNYJK.exe
  2⤵
  PID:8628
- C:\Windows\System\udidFJu.exe
  C:\Windows\System\udidFJu.exe
  2⤵
  PID:8648
- C:\Windows\System\YCIWyrN.exe
  C:\Windows\System\YCIWyrN.exe
  2⤵
  PID:8720
- C:\Windows\System\hWhmAEv.exe
  C:\Windows\System\hWhmAEv.exe
  2⤵
  PID:8728
- C:\Windows\System\Phsbgss.exe
  C:\Windows\System\Phsbgss.exe
  2⤵
  PID:8744
- C:\Windows\System\PVtjKmF.exe
  C:\Windows\System\PVtjKmF.exe
  2⤵
  PID:8700
- C:\Windows\System\IJltpBd.exe
  C:\Windows\System\IJltpBd.exe
  2⤵
  PID:8784
- C:\Windows\System\tJvzcUK.exe
  C:\Windows\System\tJvzcUK.exe
  2⤵
  PID:8808
- C:\Windows\System\jrYXlBs.exe
  C:\Windows\System\jrYXlBs.exe
  2⤵
  PID:8868
- C:\Windows\System\wnDPtfP.exe
  C:\Windows\System\wnDPtfP.exe
  2⤵
  PID:8928
- C:\Windows\System\uoKPJcy.exe
  C:\Windows\System\uoKPJcy.exe
  2⤵
  PID:8844
- C:\Windows\System\ZcvSZiX.exe
  C:\Windows\System\ZcvSZiX.exe
  2⤵
  PID:8916
- C:\Windows\System\ZIBnqHK.exe
  C:\Windows\System\ZIBnqHK.exe
  2⤵
  PID:8968
- C:\Windows\System\ckZDaif.exe
  C:\Windows\System\ckZDaif.exe
  2⤵
  PID:8988
- C:\Windows\System\rnMUUGE.exe
  C:\Windows\System\rnMUUGE.exe
  2⤵
  PID:7660
- C:\Windows\System\yKfppkl.exe
  C:\Windows\System\yKfppkl.exe
  2⤵
  PID:9156
- C:\Windows\System\sKzAGzz.exe
  C:\Windows\System\sKzAGzz.exe
  2⤵
  PID:9124
- C:\Windows\System\WpXOAIZ.exe
  C:\Windows\System\WpXOAIZ.exe
  2⤵
  PID:9176
- C:\Windows\System\zxoXZIP.exe
  C:\Windows\System\zxoXZIP.exe
  2⤵
  PID:6292
- C:\Windows\System\AuCYfbu.exe
  C:\Windows\System\AuCYfbu.exe
  2⤵
  PID:7844
- C:\Windows\System\pTpppry.exe
  C:\Windows\System\pTpppry.exe
  2⤵
  PID:8216
- C:\Windows\System\oXRTCis.exe
  C:\Windows\System\oXRTCis.exe
  2⤵
  PID:8344
- C:\Windows\System\WhbEcVr.exe
  C:\Windows\System\WhbEcVr.exe
  2⤵
  PID:7748
- C:\Windows\System\rdhUEEv.exe
  C:\Windows\System\rdhUEEv.exe
  2⤵
  PID:7680
- C:\Windows\System\ZYDDTpg.exe
  C:\Windows\System\ZYDDTpg.exe
  2⤵
  PID:7080
- C:\Windows\System\UZrKQEc.exe
  C:\Windows\System\UZrKQEc.exe
  2⤵
  PID:8296
- C:\Windows\System\HWjkcnj.exe
  C:\Windows\System\HWjkcnj.exe
  2⤵
  PID:8528
- C:\Windows\System\rpzGRqh.exe
  C:\Windows\System\rpzGRqh.exe
  2⤵
  PID:8464
- C:\Windows\System\hJGhtLT.exe
  C:\Windows\System\hJGhtLT.exe
  2⤵
  PID:8200
- C:\Windows\System\THvvxEv.exe
  C:\Windows\System\THvvxEv.exe
  2⤵
  PID:8576
- C:\Windows\System\fIrwBPe.exe
  C:\Windows\System\fIrwBPe.exe
  2⤵
  PID:8752
- C:\Windows\System\NpGTfOy.exe
  C:\Windows\System\NpGTfOy.exe
  2⤵
  PID:8896
- C:\Windows\System\tpNwwJo.exe
  C:\Windows\System\tpNwwJo.exe
  2⤵
  PID:8972
- C:\Windows\System\FRsafuo.exe
  C:\Windows\System\FRsafuo.exe
  2⤵
  PID:8624
- C:\Windows\System\AAndDxx.exe
  C:\Windows\System\AAndDxx.exe
  2⤵
  PID:8768
- C:\Windows\System\FXSiHZx.exe
  C:\Windows\System\FXSiHZx.exe
  2⤵
  PID:8932
- C:\Windows\System\hoCVUrK.exe
  C:\Windows\System\hoCVUrK.exe
  2⤵
  PID:8984
- C:\Windows\System\ILCQcfm.exe
  C:\Windows\System\ILCQcfm.exe
  2⤵
  PID:8348
- C:\Windows\System\bytPjUY.exe
  C:\Windows\System\bytPjUY.exe
  2⤵
  PID:9016
- C:\Windows\System\CHQBoWc.exe
  C:\Windows\System\CHQBoWc.exe
  2⤵
  PID:9004
- C:\Windows\System\BzJWsOv.exe
  C:\Windows\System\BzJWsOv.exe
  2⤵
  PID:9060
- C:\Windows\System\mdHYTip.exe
  C:\Windows\System\mdHYTip.exe
  2⤵
  PID:9072
- C:\Windows\System\CWPXmkB.exe
  C:\Windows\System\CWPXmkB.exe
  2⤵
  PID:9188
- C:\Windows\System\wjSxYQK.exe
  C:\Windows\System\wjSxYQK.exe
  2⤵
  PID:9152
- C:\Windows\System\lSGkcVy.exe
  C:\Windows\System\lSGkcVy.exe
  2⤵
  PID:9136
- C:\Windows\System\YjTBsXw.exe
  C:\Windows\System\YjTBsXw.exe
  2⤵
  PID:8884
- C:\Windows\System\KGaKbfo.exe
  C:\Windows\System\KGaKbfo.exe
  2⤵
  PID:7592
- C:\Windows\System\ejWKLvp.exe
  C:\Windows\System\ejWKLvp.exe
  2⤵
  PID:7936
- C:\Windows\System\lyCNgJR.exe
  C:\Windows\System\lyCNgJR.exe
  2⤵
  PID:8364
- C:\Windows\System\OBTFFRJ.exe
  C:\Windows\System\OBTFFRJ.exe
  2⤵
  PID:8620
- C:\Windows\System\aeZlcOR.exe
  C:\Windows\System\aeZlcOR.exe
  2⤵
  PID:8684
- C:\Windows\System\DWLRYoB.exe
  C:\Windows\System\DWLRYoB.exe
  2⤵
  PID:8772
- C:\Windows\System\irMSjpl.exe
  C:\Windows\System\irMSjpl.exe
  2⤵
  PID:8512
- C:\Windows\System\HRAbKby.exe
  C:\Windows\System\HRAbKby.exe
  2⤵
  PID:8664
- C:\Windows\System\rORUUNW.exe
  C:\Windows\System\rORUUNW.exe
  2⤵
  PID:9148
- C:\Windows\System\eLydkWS.exe
  C:\Windows\System\eLydkWS.exe
  2⤵
  PID:9000
- C:\Windows\System\YwokTHA.exe
  C:\Windows\System\YwokTHA.exe
  2⤵
  PID:8948
- C:\Windows\System\bAleVlA.exe
  C:\Windows\System\bAleVlA.exe
  2⤵
  PID:9008
- C:\Windows\System\CjqzCvU.exe
  C:\Windows\System\CjqzCvU.exe
  2⤵
  PID:9192
- C:\Windows\System\LfouwUm.exe
  C:\Windows\System\LfouwUm.exe
  2⤵
  PID:9116
- C:\Windows\System\DOiSbVg.exe
  C:\Windows\System\DOiSbVg.exe
  2⤵
  PID:7304
- C:\Windows\System\gdHTZVM.exe
  C:\Windows\System\gdHTZVM.exe
  2⤵
  PID:7364
- C:\Windows\System\ibNzulj.exe
  C:\Windows\System\ibNzulj.exe
  2⤵
  PID:7780
- C:\Windows\System\UbZuKjj.exe
  C:\Windows\System\UbZuKjj.exe
  2⤵
  PID:8096
- C:\Windows\System\nzJCgLc.exe
  C:\Windows\System\nzJCgLc.exe
  2⤵
  PID:8428
- C:\Windows\System\SnNmrLl.exe
  C:\Windows\System\SnNmrLl.exe
  2⤵
  PID:8640
- C:\Windows\System\xSghXdB.exe
  C:\Windows\System\xSghXdB.exe
  2⤵
  PID:8508
- C:\Windows\System\MnIBKeN.exe
  C:\Windows\System\MnIBKeN.exe
  2⤵
  PID:8864
- C:\Windows\System\yoQJRdA.exe
  C:\Windows\System\yoQJRdA.exe
  2⤵
  PID:9040
- C:\Windows\System\xzyTocx.exe
  C:\Windows\System\xzyTocx.exe
  2⤵
  PID:8740
- C:\Windows\System\mjxVacC.exe
  C:\Windows\System\mjxVacC.exe
  2⤵
  PID:6908
- C:\Windows\System\PgKKdhl.exe
  C:\Windows\System\PgKKdhl.exe
  2⤵
  PID:7872
- C:\Windows\System\FfMmAqY.exe
  C:\Windows\System\FfMmAqY.exe
  2⤵
  PID:8292
- C:\Windows\System\hkKGSob.exe
  C:\Windows\System\hkKGSob.exe
  2⤵
  PID:8220
- C:\Windows\System\OiKpPkS.exe
  C:\Windows\System\OiKpPkS.exe
  2⤵
  PID:9076
- C:\Windows\System\jYWQPlO.exe
  C:\Windows\System\jYWQPlO.exe
  2⤵
  PID:8316
- C:\Windows\System\OLYcTTR.exe
  C:\Windows\System\OLYcTTR.exe
  2⤵
  PID:9228
- C:\Windows\System\sblblXi.exe
  C:\Windows\System\sblblXi.exe
  2⤵
  PID:9244
- C:\Windows\System\TgwqZht.exe
  C:\Windows\System\TgwqZht.exe
  2⤵
  PID:9264
- C:\Windows\System\dfTTokR.exe
  C:\Windows\System\dfTTokR.exe
  2⤵
  PID:9284
- C:\Windows\System\kRchQDk.exe
  C:\Windows\System\kRchQDk.exe
  2⤵
  PID:9300
- C:\Windows\System\SMUbvZz.exe
  C:\Windows\System\SMUbvZz.exe
  2⤵
  PID:9316
- C:\Windows\System\ooeErjp.exe
  C:\Windows\System\ooeErjp.exe
  2⤵
  PID:9336
- C:\Windows\System\ITLGKQm.exe
  C:\Windows\System\ITLGKQm.exe
  2⤵
  PID:9380
- C:\Windows\System\hXWJDMs.exe
  C:\Windows\System\hXWJDMs.exe
  2⤵
  PID:9396
- C:\Windows\System\OyrkVLS.exe
  C:\Windows\System\OyrkVLS.exe
  2⤵
  PID:9416
- C:\Windows\System\LZzDOtE.exe
  C:\Windows\System\LZzDOtE.exe
  2⤵
  PID:9432
- C:\Windows\System\gYXaXLy.exe
  C:\Windows\System\gYXaXLy.exe
  2⤵
  PID:9448
- C:\Windows\System\GiKMUeY.exe
  C:\Windows\System\GiKMUeY.exe
  2⤵
  PID:9464
- C:\Windows\System\KVUFqbe.exe
  C:\Windows\System\KVUFqbe.exe
  2⤵
  PID:9480
- C:\Windows\System\vBsfjDF.exe
  C:\Windows\System\vBsfjDF.exe
  2⤵
  PID:9496
- C:\Windows\System\ulBMlTD.exe
  C:\Windows\System\ulBMlTD.exe
  2⤵
  PID:9512
- C:\Windows\System\EkSOJJZ.exe
  C:\Windows\System\EkSOJJZ.exe
  2⤵
  PID:9528
- C:\Windows\System\KnnbbDk.exe
  C:\Windows\System\KnnbbDk.exe
  2⤵
  PID:9544
- C:\Windows\System\tmWwBJb.exe
  C:\Windows\System\tmWwBJb.exe
  2⤵
  PID:9560
- C:\Windows\System\OSJWlsq.exe
  C:\Windows\System\OSJWlsq.exe
  2⤵
  PID:9576
- C:\Windows\System\BeKHCae.exe
  C:\Windows\System\BeKHCae.exe
  2⤵
  PID:9592
- C:\Windows\System\dLVeVvT.exe
  C:\Windows\System\dLVeVvT.exe
  2⤵
  PID:9608
- C:\Windows\System\wvNHcSk.exe
  C:\Windows\System\wvNHcSk.exe
  2⤵
  PID:9624
- C:\Windows\System\zJHzgVx.exe
  C:\Windows\System\zJHzgVx.exe
  2⤵
  PID:9640
- C:\Windows\System\XozphWA.exe
  C:\Windows\System\XozphWA.exe
  2⤵
  PID:9656
- C:\Windows\System\odkwtmz.exe
  C:\Windows\System\odkwtmz.exe
  2⤵
  PID:9672
- C:\Windows\System\RvnvKLR.exe
  C:\Windows\System\RvnvKLR.exe
  2⤵
  PID:9688
- C:\Windows\System\uzPFcok.exe
  C:\Windows\System\uzPFcok.exe
  2⤵
  PID:9704
- C:\Windows\System\uEOelgN.exe
  C:\Windows\System\uEOelgN.exe
  2⤵
  PID:9720
- C:\Windows\System\SfnhINX.exe
  C:\Windows\System\SfnhINX.exe
  2⤵
  PID:9736
- C:\Windows\System\bgnyKJi.exe
  C:\Windows\System\bgnyKJi.exe
  2⤵
  PID:9756
- C:\Windows\System\iNUyvTo.exe
  C:\Windows\System\iNUyvTo.exe
  2⤵
  PID:9772
- C:\Windows\System\TWDGIFe.exe
  C:\Windows\System\TWDGIFe.exe
  2⤵
  PID:9788
- C:\Windows\System\gtJXSLS.exe
  C:\Windows\System\gtJXSLS.exe
  2⤵
  PID:9804
- C:\Windows\System\gsLGIYX.exe
  C:\Windows\System\gsLGIYX.exe
  2⤵
  PID:9820
- C:\Windows\System\werTnqU.exe
  C:\Windows\System\werTnqU.exe
  2⤵
  PID:9836
- C:\Windows\System\qYmezBm.exe
  C:\Windows\System\qYmezBm.exe
  2⤵
  PID:9852
- C:\Windows\System\bLzaiqC.exe
  C:\Windows\System\bLzaiqC.exe
  2⤵
  PID:9868
- C:\Windows\System\TndJWzO.exe
  C:\Windows\System\TndJWzO.exe
  2⤵
  PID:9884
- C:\Windows\System\OERJeLa.exe
  C:\Windows\System\OERJeLa.exe
  2⤵
  PID:9900
- C:\Windows\System\pqLcVNy.exe
  C:\Windows\System\pqLcVNy.exe
  2⤵
  PID:9916
- C:\Windows\System\znSxred.exe
  C:\Windows\System\znSxred.exe
  2⤵
  PID:9932
- C:\Windows\System\FWMbWxD.exe
  C:\Windows\System\FWMbWxD.exe
  2⤵
  PID:9948
- C:\Windows\System\cCIkOem.exe
  C:\Windows\System\cCIkOem.exe
  2⤵
  PID:9964
- C:\Windows\System\nflKsOh.exe
  C:\Windows\System\nflKsOh.exe
  2⤵
  PID:9980
- C:\Windows\System\vGfWWug.exe
  C:\Windows\System\vGfWWug.exe
  2⤵
  PID:9996
- C:\Windows\System\ISjEzQq.exe
  C:\Windows\System\ISjEzQq.exe
  2⤵
  PID:10012
- C:\Windows\System\DWZUVyj.exe
  C:\Windows\System\DWZUVyj.exe
  2⤵
  PID:10028
- C:\Windows\System\kFjHNLv.exe
  C:\Windows\System\kFjHNLv.exe
  2⤵
  PID:10044
- C:\Windows\System\ObRuDTj.exe
  C:\Windows\System\ObRuDTj.exe
  2⤵
  PID:10064
- C:\Windows\System\OWWFVBa.exe
  C:\Windows\System\OWWFVBa.exe
  2⤵
  PID:10080
- C:\Windows\System\sSGDIRK.exe
  C:\Windows\System\sSGDIRK.exe
  2⤵
  PID:10096
- C:\Windows\System\uctlsky.exe
  C:\Windows\System\uctlsky.exe
  2⤵
  PID:10112
- C:\Windows\System\CgJlucQ.exe
  C:\Windows\System\CgJlucQ.exe
  2⤵
  PID:10128
- C:\Windows\System\FzMRYBK.exe
  C:\Windows\System\FzMRYBK.exe
  2⤵
  PID:10144
- C:\Windows\System\BmZXGZi.exe
  C:\Windows\System\BmZXGZi.exe
  2⤵
  PID:10160
- C:\Windows\System\cebDivO.exe
  C:\Windows\System\cebDivO.exe
  2⤵
  PID:10176
- C:\Windows\System\qUzATIo.exe
  C:\Windows\System\qUzATIo.exe
  2⤵
  PID:10192
- C:\Windows\System\RLrUSci.exe
  C:\Windows\System\RLrUSci.exe
  2⤵
  PID:10212
- C:\Windows\System\dglaPEe.exe
  C:\Windows\System\dglaPEe.exe
  2⤵
  PID:10228
- C:\Windows\System\ACqXlmk.exe
  C:\Windows\System\ACqXlmk.exe
  2⤵
  PID:8248
- C:\Windows\System\LTftGlW.exe
  C:\Windows\System\LTftGlW.exe
  2⤵
  PID:9240
- C:\Windows\System\lzaZGrE.exe
  C:\Windows\System\lzaZGrE.exe
  2⤵
  PID:7692
- C:\Windows\System\tKQQAvw.exe
  C:\Windows\System\tKQQAvw.exe
  2⤵
  PID:7440
- C:\Windows\System\mjZnxYR.exe
  C:\Windows\System\mjZnxYR.exe
  2⤵
  PID:9224
- C:\Windows\System\bLNxAGI.exe
  C:\Windows\System\bLNxAGI.exe
  2⤵
  PID:9524
- C:\Windows\System\zeOsyMa.exe
  C:\Windows\System\zeOsyMa.exe
  2⤵
  PID:9636
- C:\Windows\System\OsOXgxu.exe
  C:\Windows\System\OsOXgxu.exe
  2⤵
  PID:10004
- C:\Windows\System\heDBNfk.exe
  C:\Windows\System\heDBNfk.exe
  2⤵
  PID:9812
- C:\Windows\System\bxXklls.exe
  C:\Windows\System\bxXklls.exe
  2⤵
  PID:9940
- C:\Windows\System\hSkbFLV.exe
  C:\Windows\System\hSkbFLV.exe
  2⤵
  PID:10040
- C:\Windows\System\NCNEzRi.exe
  C:\Windows\System\NCNEzRi.exe
  2⤵
  PID:10120
- C:\Windows\System\fnDyuwk.exe
  C:\Windows\System\fnDyuwk.exe
  2⤵
  PID:10140
- C:\Windows\System\ydxCInx.exe
  C:\Windows\System\ydxCInx.exe
  2⤵
  PID:10200
- C:\Windows\System\BwdFZVW.exe
  C:\Windows\System\BwdFZVW.exe
  2⤵
  PID:9308
- C:\Windows\System\vbZhHwG.exe
  C:\Windows\System\vbZhHwG.exe
  2⤵
  PID:9276
- C:\Windows\System\zeQfDjX.exe
  C:\Windows\System\zeQfDjX.exe
  2⤵
  PID:9112
- C:\Windows\System\QsCzqqv.exe
  C:\Windows\System\QsCzqqv.exe
  2⤵
  PID:9324
- C:\Windows\System\Wzhwqls.exe
  C:\Windows\System\Wzhwqls.exe
  2⤵
  PID:9368
- C:\Windows\System\dIVibJk.exe
  C:\Windows\System\dIVibJk.exe
  2⤵
  PID:9440
- C:\Windows\System\OPzYRwl.exe
  C:\Windows\System\OPzYRwl.exe
  2⤵
  PID:9360
- C:\Windows\System\oWXwdxt.exe
  C:\Windows\System\oWXwdxt.exe
  2⤵
  PID:9428
- C:\Windows\System\oSswMUU.exe
  C:\Windows\System\oSswMUU.exe
  2⤵
  PID:9460
- C:\Windows\System\ufUqUFD.exe
  C:\Windows\System\ufUqUFD.exe
  2⤵
  PID:9584
- C:\Windows\System\NCZOeEX.exe
  C:\Windows\System\NCZOeEX.exe
  2⤵
  PID:9476
- C:\Windows\System\BfUSqpN.exe
  C:\Windows\System\BfUSqpN.exe
  2⤵
  PID:9604
- C:\Windows\System\HpmmehA.exe
  C:\Windows\System\HpmmehA.exe
  2⤵
  PID:9600
- C:\Windows\System\elsKAKV.exe
  C:\Windows\System\elsKAKV.exe
  2⤵
  PID:9728
- C:\Windows\System\coQTvEB.exe
  C:\Windows\System\coQTvEB.exe
  2⤵
  PID:9732
- C:\Windows\System\OyxaqPe.exe
  C:\Windows\System\OyxaqPe.exe
  2⤵
  PID:9648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AlfOAtX.exe

Filesize
6.0MB

MD5
849dd9c3ad047b7bdbbfd3a98832f5b8

SHA1
a5dac36fb77a9c05a061b9ec67682c3bf8e1b454

SHA256
372c958cceacdc58af027d482213e35b07c580651d87e0f503eec66b3e1bdddc

SHA512
a4ddc44921a5ca201c709ac8a9fd4f4873005b8f17beb003ade8c4e9394baae7570b599e54ab77ace2e41978c42d7ccf90fd4d5b0f8a6bcdc5cbbe8e1a9c4529

Download Submit
C:\Windows\system\ChnszoU.exe

Filesize
6.0MB

MD5
ae3b6c08356334b286189b8f8dfc0271

SHA1
e15599f211128593505b551a38c247c73c878488

SHA256
adfb3b0cbd6e7e3fdae46b37602fcc51dfd249352acefad77b3ca3604836b6b8

SHA512
1ee1cf3723c0e9ccc15865a20e08655b0cbae5ff3e0fbf1c323379ace918055df68d21d4f08516c0ad0d113991000911649b967d1e9dcfe531ad06feea04ab3d

Download Submit
C:\Windows\system\CjWqbzQ.exe

Filesize
6.0MB

MD5
0df79fbfacfd019eb6e9c872e6c0ce53

SHA1
5f995ad8f8424f2a0be84263edd63f535154cbcd

SHA256
cb26377a8118ee6c7fea8e9860280eda13d44a12dddf8b5eee6a050e9c35eb53

SHA512
a24418c93e0df30b9e432794812c08cf95c54dae443fdc1f23e1a4bca47f4abf804fff6a8f2d3f4f1238f82fd842b4acd94a6f638701e692825b13efb0226eed

Download Submit
C:\Windows\system\EhTdyDh.exe

Filesize
6.0MB

MD5
ccd4138a1747f91d62cddbeed32079b1

SHA1
f40fbd92063e548efd70d3a4bba56afd083544ba

SHA256
b1ddc75cdbcd1d8052c98d2166280d5fecc735577dc6e83732b272706e91ef93

SHA512
7b59d8d69894e87a0209bf736894d2078ba485e765b3a73fc2eae2456457f68808b6bb15c6e47b41d09402b4bd0c02a7c1f08faa170c0a9fb7401376ad00d7b3

Download Submit
C:\Windows\system\FUrDJVN.exe

Filesize
6.0MB

MD5
35fa05824eab5899ff956d81e151d99e

SHA1
b29d3684c1a4e07f83aa46cac8b2b069149d467a

SHA256
beef43d299a8f0601a29704a5674473aac3ff18bfe1fe98a928148c171959760

SHA512
4094fe1047b2f25f6babfa4beb21477f541180e499e4e3bef03ef27cc337dcdd23739acb8fcfc13c50b6a6478684b086926ae32099e55b224638e28372b46e3b

Download Submit
C:\Windows\system\KHlZyXY.exe

Filesize
6.0MB

MD5
91fe65f664e660681a357bb8c787775f

SHA1
b69109172c2dab122c90303aead22addf3198c6a

SHA256
2d2791dffb7a949b60881caa0eeabbce2414d16afd76ba37ac66da8927fcf9ca

SHA512
290b3afd16484929c24db228f28c0d8573a55f682a4c72950895794d85e55bc28c9d96224a7bdadec3d40433f2459f1ceb425f9002935e05cb6f32b6b25c65d6

Download Submit
C:\Windows\system\MmSBzBu.exe

Filesize
6.0MB

MD5
ea76a5e6640e6bbf0d2779f53b6f28c4

SHA1
1025cfe6d4689b27f03ca109320e4835f32ec1a0

SHA256
9f5462013888066a6fbe8c38f23db26ec09afa54a4637848f148fbf347b7a18d

SHA512
fefc9f5cdd74f96210c8b9c2751939536564044484cf0e6d92e42a5106d0547df2f0c9323279e9b540a61f8ceabdf914ba3fb1573a31f5c7bda42df64332f7fc

Download Submit
C:\Windows\system\OhRolRr.exe

Filesize
6.0MB

MD5
98926eb60311328f4146e0ac2a78cf58

SHA1
f61590d339eb81f9a947ebc1d8cc4ad4c403ca77

SHA256
570e66febf9e216560c883373ccf31a8c0ab9dbc639a79d9b2df650c38ddd59c

SHA512
51fdad34b184c3541224c74cc02eac4d510456132ab7c3ad13a542de2f308108e6f4acf8b91a7a20ae09fd65badd3ea37a5d712b1729f4ec491e3f7589be444b

Download Submit
C:\Windows\system\QLQWYWc.exe

Filesize
6.0MB

MD5
2f1a5d230a454880f2079f573736871f

SHA1
6ca07785e2cd09adce75f32e864194d778434f6f

SHA256
438d3feace50ae1a7c90bdf91698f1e71819351e15a6626c955f5d17b57f4067

SHA512
d0c297edf1875ed2eac58837878c8737c341142fd7acd0542049afb1f92ae655e2f391e48064234a87b87654600d94bf36ee40fd9a6edf1f53a95f32ff969913

Download Submit
C:\Windows\system\RQjtJVS.exe

Filesize
6.0MB

MD5
a87e7b91c4b2ac75a56fb2b3343ad5fc

SHA1
d8d69db7e367a584331c75ee7ffd9c66d19f37dc

SHA256
7f5ead8ac2813257c66401274b333c10b571a3c6324688f1b1156511fe0a31d6

SHA512
ac96786fa7e07f6b154467459e99b6fbe0e49621a164222ebd3729a6bc2390340b0312a827f4fc472b35d1937acd52aa471352388a6fcfc42ef4e731b87e4881

Download Submit
C:\Windows\system\SjjoCPn.exe

Filesize
6.0MB

MD5
a42f19ec9603f1436ff5402fad979f59

SHA1
40533ce7f34e2417a628fe3db2fae8d615254b4f

SHA256
00c0f8e16a12f28a444553a13a2c77355b5f378e01edb052da9c628ad577e706

SHA512
493ccb1198711a292bf660736c3fa3254c955f368f4552a3f738f25cc4d73564614731c059c81cf32e3bf7b112b7e63534a5beb5f6b1ea05067d75d0c2001e82

Download Submit
C:\Windows\system\WFnMSqx.exe

Filesize
6.0MB

MD5
1dc5b2adcdd0d88a3a0b1e40fe9e7513

SHA1
05962aeaa0acf5243b90608107737a9f9aa09fcc

SHA256
ff6b7cb99cedd9e07702cb87e6d4a9afd63c48d225c98bdd9ca481791b7ee2f0

SHA512
03d497579f3cb98a9cfe2c527bba26af51babe2f7aa6eba9f66b3468bbd6e3f550f33227d554b73756c5b8b3cfcbd5184f7c75c43d2a2e8cc3c0c236bf87b0bc

Download Submit
C:\Windows\system\Wiyrqet.exe

Filesize
6.0MB

MD5
21fd8f0ae333aa19c3f5c523422da981

SHA1
b34e53c683b626badb9c2754c758974e3449f1fc

SHA256
b79b24212391f1b89984f9a31fb7ce715dcab81a4db956978873c9a577589e8a

SHA512
5db535be52888a69d226176df7f03b286fce525045557f64340c5dcdfbb052ad9b129d81b65d2f9f0731c51bc662b237c5365aac1f59581539987b6e28846653

Download Submit
C:\Windows\system\XtOaTgK.exe

Filesize
6.0MB

MD5
d582d1d1fcbc85b7cde3f35593f208b1

SHA1
ff21df4b6c54b4c3ed86485198ee36cb2ab23ddc

SHA256
50a99c74b4db5a9b3ecd902803bcdd3fdfc8aa111a2491482711cabda37d3253

SHA512
8a778235e2cee98f9c590404a47ae551978e5119bad618144def0e235610221db01f03b86c43f80c1af53f7194b9f78f7c74c6a2ead308a9a8679d3df476b43a

Download Submit
C:\Windows\system\bTpgFqA.exe

Filesize
6.0MB

MD5
51ecf5a7f920ccf88e861d2101acb48a

SHA1
27f2376f2987a380c7bec8ecab3a4f10d3c6c793

SHA256
2c6cd8d70ab95c3c743ce5699d33e1a29cc7e792a745ea92dd383e55ea426a29

SHA512
cc47ec2651ea94b52e01088d54a8a646b9b1e16e3882d60a7952a66837093b36ea261b92f0a95eb14c4e8e0c72372e708e6fb6a0e0d43515c1e7118fff150d5f

Download Submit
C:\Windows\system\cgnjSVQ.exe

Filesize
6.0MB

MD5
6393541671676a5791cfe713741a7ab3

SHA1
3af00a2155dc0bf0da0a064a562e1e01179518b7

SHA256
bdccb28c738d4aec5d1bbb6cf2c6438c92c8ba3c900fe23293d27ca069027cdd

SHA512
cb3ac9a52fdd3384603879c0a3cc857ff970f060b7bfe8b3066e66b7a1a0c6cd502779ab4bb0c86a048e627be944fae0553c1cc152dbf657e3222ab0e822541c

Download Submit
C:\Windows\system\djLgCyT.exe

Filesize
6.0MB

MD5
af39413a85d4129a7b0d10d55f6371e8

SHA1
458b2fd4dba062e5310eb2ace2da5cb305da7463

SHA256
e1d80991c82e76533679621fdf4309ab91aca5d9e3db22d5359ce8a47d7869e7

SHA512
c1f2e0b76da13d5606f6b2c33ccb20f62fcd26c60267501210c42b595b0f4146833dd99b13e1b41a3d2935df9300bc3920c4d33477779e2de0ade9540d11df80

Download Submit
C:\Windows\system\hLHvSGM.exe

Filesize
6.0MB

MD5
44a235fcd413afca923862662c47f5dd

SHA1
2f7b2225c91eb6ddb5d3fdced20a3db0d48d883a

SHA256
d56294e50b1074bfc9eb20bd654a6483668f4345dbd592a4b03eeaf37e593c0f

SHA512
b99d8413adb153b60497586541be1e24c057c16a3502a835bf248949079679c0d44f68d169e62bacdcffc2617b6f846a55ec8b691868281f24aca4378f59884f

Download Submit
C:\Windows\system\hSqCNcf.exe

Filesize
6.0MB

MD5
d36f2be9f3e11161db8fb77885894c2d

SHA1
d5fe5b4e57073d4de81aff87bbf5000e4183f163

SHA256
e7050252e801e218dd4a53257b16d5605cb0c36f47c359dfdd842b3863736e89

SHA512
c65f61575468053fb26da8471e667047990ab4bd19122c19c980549a0d21f6c72ea2015b01ebde825ca44eac388ed5f193eb879d155e86c057704462736bc235

Download Submit
C:\Windows\system\llbiQCR.exe

Filesize
6.0MB

MD5
3b86c6ca616a3ee80b8fe7d3a2120792

SHA1
69a8fe38da5bfec641aa11e65d81017dea92c5af

SHA256
b7b422b831b2b2338d47d1ff594a3bdbe24486d844a300530fbdd17ac5348b43

SHA512
8460827735cf683096074f08f92dffa8c655ccfb8609982acd7e169b99887f0fb59bc88ff09b65d8b9a7c90fd147e45417a3d8e470bb798db377462af6116085

Download Submit
C:\Windows\system\rZFfqJY.exe

Filesize
6.0MB

MD5
fe3fe84956d6f67eeec87856a62c3f5e

SHA1
b14ed25ac2344be98df502f62b104283a94bbfa4

SHA256
3449af62e1c31fa617283752f36617e9a41def2e37b21c70b19dc5b56fc8eb7c

SHA512
ef7f9e973ee68f681aa958ae8501418f1e51cd2df4ff865aba05e959efd0e6c57e2f525bbd3af3fdf0152cad32994e8b114a19ebe4184b80d1b89defc351c503

Download Submit
C:\Windows\system\tEFgYaE.exe

Filesize
6.0MB

MD5
9bbd9f9a27dcc153002a331804a3226f

SHA1
72acb6e411d1e5a7a483179ce34a7e1584960dac

SHA256
3a27cff44939498750b13c73c9cbfbdc483b95eb3f1b0c0c6adbf6e23bb365c7

SHA512
d3e502373dcf0aaf8059fcc0991cadfdeb37386fa22804362680e32dd4ee4e86c60637b5ce74514c28d142cac63e737edaed676f66cef290cb247580e9d8ef88

Download Submit
C:\Windows\system\tFoLHbm.exe

Filesize
6.0MB

MD5
91f8cfd30fbd7f8c70d5764b51444863

SHA1
a72987c68181917972829d7e5c0dbd7fe4aaadd9

SHA256
d5715a6f974296bb1a1e00e813ab20aa85dc2b4e8926bc7aa9bd15736955f52f

SHA512
067499c703fe37679b073e7c8eee8f5236157a23b7a292ea0a48fe6b5628549f2a5710ac0390657c39cfaa8053bb4a81048587ace554b40b3b7462538491665a

Download Submit
C:\Windows\system\wEhtbVi.exe

Filesize
6.0MB

MD5
5775bcb790d12946b52b3821a6c923c4

SHA1
e70c3e19aaf9d1449cbd51ed95e2c257ca00bfdd

SHA256
0d9351cc3c66cb24178d466742b9dc2e74a95ecd6a9b6cd5816a2c104aa9f489

SHA512
65bc2950bb85d610e04bde044cb642f107119f7ec9338c71c62af4f2010718c38cb22e4677b489b90d60ad8626c1ad6581acb90023f12dc89e1eaa1079d94269

Download Submit
C:\Windows\system\xqbzAbS.exe

Filesize
6.0MB

MD5
08a1d8d554445d87f1fc7e5dd272f5a0

SHA1
c737489f43c9d064f1f4d8374d37fc59d634eb5d

SHA256
9d00be78780f915b67dc742a63e63732ae6b2a7706cadeff94788c59b331a1f0

SHA512
6878cb1ce1b691237c4e897efad9d48b242a4cdf5baea12aadfa5a2edf54b36bb571f8b0dd97e724642b4ba594e2d832cb88928e46052ae1805453c560be7deb

Download Submit
C:\Windows\system\xsuJDpq.exe

Filesize
6.0MB

MD5
663150c3b0d8fb21a5913059ae83f476

SHA1
c9bb20ac5d654412a8a06c72b72017fa97d56ca2

SHA256
740da0b24fd0bbc69697235b29e3d6add2e2d2dce6a9aeadc5553ea96d1db8bd

SHA512
74f7336dbbd6e296b5e8ee9aec42242f300a3a8ca75e472c3d5c7413da93cf039bc6e16f7328b3cb0c3ce180b396036012419abb6bf407de24d63328004736fb

Download Submit
C:\Windows\system\yONQmbv.exe

Filesize
6.0MB

MD5
1ae79040b05773d580745902ba431e28

SHA1
8d4626dea5cb6d2180e5476295209e5e07f2e9da

SHA256
e02738ecc15450b719fc7ff654f4c73cea93e012a3dbe5a84f944bbd7a16f47b

SHA512
a9f40de1a9a45cbe67b51201fa249129884287c83fb27c3aba3b04a429c33aa8c82743d26e48bf134c09d833f1c557bcb477fd9c37fd5b65c639233b1250f8c5

Download Submit
C:\Windows\system\yUGqVVV.exe

Filesize
6.0MB

MD5
0fca8f217aa2d3bf3c27bdc0ad273dbf

SHA1
dea7a4cf31dbdd481622230a90c8ecbb89fb5903

SHA256
38735f711419cd888815748c43577385649ee69eaf0c25c210ab4ba75030ce36

SHA512
01c3cfae5937406d420318d3bda91a825580aae674ef0be03b295bbf7b907f6efc4b835b17fef27d15bcf42f89358e05cbffbfad5631a93e872eebf7309a2fbe

Download Submit
\Windows\system\EmPTkAo.exe

Filesize
6.0MB

MD5
367717b72abb74d5a7ea3a815d235ad9

SHA1
3181fbb6b6575c67c0aeef2d7b9c8112065e10af

SHA256
5f3680685b0b4bd3f8a82edf375428eb6119c6843bc54f87fef9df4eb17814c1

SHA512
60c7ae605c7b5ecfe8a0c497432e7842f1e40fe45a2580543b1cfa1b4d53a0f1356007a1ca7c9eb8803c358dee7c1de46a5aed4f7f4cdc2e4e13fc66bf1c2ac7

Download Submit
\Windows\system\SrUxMky.exe

Filesize
6.0MB

MD5
cce835a838c62a6f0a76e2cab570e1c5

SHA1
3747efb1d97f71baabcbb1415c54a20d3d6fc1f1

SHA256
7ac1aa2a4a8c2db0ec4a368333b58ec7cbbd3fe16d0c5f2b883521137da8dced

SHA512
a427205c316e1aeab1390ffd8ef4d3bb62d2649c18e82d9044e01013fd05c7ca081efa21abf04733cd7e6f4eedbad9ef448c8e036daabf7859b356f27a032392

Download Submit
\Windows\system\bsDNRYh.exe

Filesize
6.0MB

MD5
6603a2ea7c0559ee8b8dd9e5f5ec1092

SHA1
f0f90b31eca22d63a71db9ee9a07aa6cb36bc542

SHA256
8c64787f8f7b7fa8c17fef91254c84bad4b7ab4599cb122bd485da57c2a36a11

SHA512
6af0183f025f20ae4e2df96dbf21ae0a7fcc26309bc0aab221676e4a9c772169e43aa252b61e7478f9aaad81148cd5557396d0e887431928b33b31d4aab6d9f8

Download Submit
\Windows\system\dODWQPi.exe

Filesize
6.0MB

MD5
3c82639c917f5a5f2349d34885c8e8a1

SHA1
18366ed72fe0234e43acab129ea4c6440372a2d3

SHA256
04c295cd3e2271dc645659111785730cde84df331b182886f44f1824081faf86

SHA512
c8cfe8f8ec8cc537db8a1b95ac51dcec98051c076e44a1fbad663dc807ea6ebd06ddd44b9bc0adfe5ccc18730c44cf3158e70d491469f20c5e2af9526680f1a0

Download Submit
\Windows\system\tKLmAaC.exe

Filesize
6.0MB

MD5
0e7371b5957fb9411bcee9f8baed9cbe

SHA1
2cf3a06551c191d38997e5645994a1707b41ab79

SHA256
0add8c5a330e233296fe442e70874da0da6085c1a72a4c09d49601dc14002f91

SHA512
7d07debb49a936a370f31d1221ba647c8c13fcf90e45c2e812ef5c788e4f63ba9681955dbfc814b825b556b0a88bf89ede6a1b97b3b6366f643cd528f9726448

Download Submit
memory/960-3989-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/960-2602-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1996-2590-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1996-3988-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3557-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3478-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-0-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2496-54-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-2225-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3582-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3588-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-2587-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2496-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2496-53-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-2593-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-1703-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2496-2603-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3291-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3463-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-1825-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3556-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3570-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3558-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2652-2585-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3984-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3987-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2712-2222-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2784-1822-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3985-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2872-2515-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2872-3986-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2956-2591-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2956-3983-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download