cobaltstrike | 810d753eea66a3c5e90048ebb8e55dad6c6d6c11a30f5006e20f2e4281f4df70

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01/02/2025, 06:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

660bad417a0019e3a90df9702f76ba9c
SHA1

90b8bb5b469988caec965d88017a4e57d52492d1
SHA256

810d753eea66a3c5e90048ebb8e55dad6c6d6c11a30f5006e20f2e4281f4df70
SHA512

7af13a9527d52ec4aa012c8a452213e989339c866edfda2dddbf956ba2d07be8f56c0d9d85d6e86bce5e68a51ef9686738110e0a561dc613572677d97c4ddaf3
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUZ:T+q56utgpPF8u/7Z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c0000000122e0-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c3d-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c58-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016a47-14.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd3-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ca2-31.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001650a-53.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cfe-47.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173aa-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017403-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-202.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-196.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-191.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-166.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-161.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-146.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018678-141.dat	cobalt_reflective_dll
behavioral1/files/0x001500000001866d-136.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001752f-131.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174ac-126.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001747b-116.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001748f-121.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017409-107.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173e4-81.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fb-89.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d0b-65.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2024-2-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x000c0000000122e0-6.dat	xmrig
behavioral1/files/0x0008000000016c3d-9.dat	xmrig
behavioral1/memory/1704-17-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2324-22-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2024-16-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c58-23.dat	xmrig
behavioral1/memory/2428-30-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2836-15-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016a47-14.dat	xmrig
behavioral1/files/0x0007000000016cd3-38.dat	xmrig
behavioral1/files/0x0007000000016ca2-31.dat	xmrig
behavioral1/memory/2964-44-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2688-36-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x000900000001650a-53.dat	xmrig
behavioral1/files/0x0008000000016cfe-47.dat	xmrig
behavioral1/files/0x00060000000173aa-70.dat	xmrig
behavioral1/memory/2616-75-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2376-90-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/files/0x0006000000017403-94.dat	xmrig
behavioral1/memory/820-973-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/1888-809-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/1440-603-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2828-423-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2616-240-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/files/0x0005000000019271-202.dat	xmrig
behavioral1/files/0x000500000001926b-196.dat	xmrig
behavioral1/files/0x000500000001924c-191.dat	xmrig
behavioral1/files/0x0005000000019234-186.dat	xmrig
behavioral1/files/0x0005000000019229-181.dat	xmrig
behavioral1/files/0x0005000000019218-176.dat	xmrig
behavioral1/files/0x00050000000191f7-171.dat	xmrig
behavioral1/files/0x00050000000191f3-166.dat	xmrig
behavioral1/files/0x00060000000190d6-161.dat	xmrig
behavioral1/files/0x00060000000190cd-156.dat	xmrig
behavioral1/files/0x000500000001879b-151.dat	xmrig
behavioral1/files/0x0005000000018690-146.dat	xmrig
behavioral1/files/0x0009000000018678-141.dat	xmrig
behavioral1/files/0x001500000001866d-136.dat	xmrig
behavioral1/files/0x000600000001752f-131.dat	xmrig
behavioral1/files/0x00060000000174ac-126.dat	xmrig
behavioral1/files/0x000600000001747b-116.dat	xmrig
behavioral1/files/0x000600000001748f-121.dat	xmrig
behavioral1/memory/1888-100-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2564-99-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2024-96-0x00000000023D0000-0x0000000002724000-memory.dmp	xmrig
behavioral1/memory/2024-95-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/820-109-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2828-83-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2712-108-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x0006000000017409-107.dat	xmrig
behavioral1/memory/2964-82-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x00060000000173e4-81.dat	xmrig
behavioral1/memory/1440-91-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000173fb-89.dat	xmrig
behavioral1/memory/2712-67-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2428-66-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d0b-65.dat	xmrig
behavioral1/memory/2688-74-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2376-51-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2564-60-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2324-59-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2024-55-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/1704-54-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2836	LeytJaz.exe
1704	XvCJCtf.exe
2324	fGgpxbW.exe
2428	eEZKzGc.exe
2688	QTJQBDr.exe
2964	zthYqkz.exe
2376	eOaGQHW.exe
2564	KCFnhCa.exe
2712	UMFBPrJ.exe
2616	gKenoyD.exe
2828	optCWEF.exe
1440	vWQbkXM.exe
1888	SAbwIPJ.exe
820	XMubymQ.exe
1652	okLTAbT.exe
1996	wmFbgab.exe
2856	BBzUgYH.exe
1492	VBztiOY.exe
1688	JFSeJpi.exe
2940	sguLbmX.exe
3056	hbDJHrB.exe
1924	DxXyuFW.exe
1932	CrNZZIy.exe
3020	DBfRpin.exe
2148	KCQLTpB.exe
1728	HZjlhTt.exe
2908	OOrLbXD.exe
2896	vFQtlFz.exe
980	FumzWxj.exe
1268	LvgCoCS.exe
2168	NsTesjT.exe
2524	BWfqWDW.exe
1956	uxKRcND.exe
2912	MbsylLg.exe
1540	LXvDDqL.exe
1448	rALRJRB.exe
1276	xddROvi.exe
1900	lRRhCsM.exe
1096	uXbqwbE.exe
2116	dRGjHAO.exe
2096	AzQHrvH.exe
2384	eISRHbx.exe
2432	PexbWWQ.exe
984	ZVROJWX.exe
2360	iAsUXLR.exe
332	bEbCBGM.exe
1016	FIVffSs.exe
872	cxMlGEl.exe
3016	kPHpfzf.exe
2308	fKyKFcF.exe
1616	PsyoICZ.exe
1244	YIscsyB.exe
1896	QEIdREB.exe
2684	BcXXTUz.exe
2032	HLIXgNS.exe
2756	AcxRnme.exe
2584	VPIhQHr.exe
2608	HhYpxoz.exe
2788	eFfrjID.exe
1232	JCMDkaC.exe
1908	OGEvJms.exe
1496	gyHGymk.exe
1524	BGdQkew.exe
2872	bdArweB.exe

Loads dropped DLL 64 IoCs

pid	Process
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2024-2-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x000c0000000122e0-6.dat	upx
behavioral1/files/0x0008000000016c3d-9.dat	upx
behavioral1/memory/1704-17-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2324-22-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x0007000000016c58-23.dat	upx
behavioral1/memory/2428-30-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2836-15-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x0007000000016a47-14.dat	upx
behavioral1/files/0x0007000000016cd3-38.dat	upx
behavioral1/files/0x0007000000016ca2-31.dat	upx
behavioral1/memory/2964-44-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2688-36-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x000900000001650a-53.dat	upx
behavioral1/files/0x0008000000016cfe-47.dat	upx
behavioral1/files/0x00060000000173aa-70.dat	upx
behavioral1/memory/2616-75-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2376-90-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/files/0x0006000000017403-94.dat	upx
behavioral1/memory/820-973-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/1888-809-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/1440-603-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2828-423-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2616-240-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/files/0x0005000000019271-202.dat	upx
behavioral1/files/0x000500000001926b-196.dat	upx
behavioral1/files/0x000500000001924c-191.dat	upx
behavioral1/files/0x0005000000019234-186.dat	upx
behavioral1/files/0x0005000000019229-181.dat	upx
behavioral1/files/0x0005000000019218-176.dat	upx
behavioral1/files/0x00050000000191f7-171.dat	upx
behavioral1/files/0x00050000000191f3-166.dat	upx
behavioral1/files/0x00060000000190d6-161.dat	upx
behavioral1/files/0x00060000000190cd-156.dat	upx
behavioral1/files/0x000500000001879b-151.dat	upx
behavioral1/files/0x0005000000018690-146.dat	upx
behavioral1/files/0x0009000000018678-141.dat	upx
behavioral1/files/0x001500000001866d-136.dat	upx
behavioral1/files/0x000600000001752f-131.dat	upx
behavioral1/files/0x00060000000174ac-126.dat	upx
behavioral1/files/0x000600000001747b-116.dat	upx
behavioral1/files/0x000600000001748f-121.dat	upx
behavioral1/memory/1888-100-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2564-99-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/820-109-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2828-83-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2712-108-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x0006000000017409-107.dat	upx
behavioral1/memory/2964-82-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x00060000000173e4-81.dat	upx
behavioral1/memory/1440-91-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x00060000000173fb-89.dat	upx
behavioral1/memory/2712-67-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2428-66-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x0008000000016d0b-65.dat	upx
behavioral1/memory/2688-74-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2376-51-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2564-60-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2324-59-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/1704-54-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2024-42-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/1704-3685-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2428-3688-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2324-3687-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\cHOtAwQ.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngwcDRc.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bYkCbrt.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZKRxBzR.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PZzjnFw.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBQFzfD.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvoqiLi.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UhRidIj.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRgvHNP.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zxYkDbE.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SWHeliC.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kOdwdNA.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eJAistW.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UcZeNAp.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jvgpQSp.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YlqppNS.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DFOQzZc.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\afKOpPh.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hSbetSh.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kLXsdEi.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wOZWKfb.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ItHIkTn.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VFuYDlD.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DfHuAjg.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sDLMXpN.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DKfIcyI.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oupCMvx.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCBOARr.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YwfXBiH.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IJBHVmN.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wtvantP.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBCPGCD.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LVgaerc.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AqxPSJL.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DoOMSJe.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aTVqneD.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPUqHdb.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bhkUeUO.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aPdgzyV.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLbKbNe.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EgubPzk.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rfjGhuS.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jkZOYcV.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UGCQskT.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KFhdPUY.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pyQjzQn.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PyHYViP.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NNNoFsK.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XzQjiWR.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jilCzcc.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\quMJdGU.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oPOBmKK.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vhFQUFA.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEOYfvb.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fACUBFe.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TeeudNR.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uLTNZBb.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oHgrdoF.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SEZRvGi.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iNRJIJd.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZKxOwlM.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TsiQNsA.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oCaDuvS.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jBNbAMw.exe	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2836	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2024 wrote to memory of 2836	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2024 wrote to memory of 2836	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2024 wrote to memory of 1704	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2024 wrote to memory of 1704	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2024 wrote to memory of 1704	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2024 wrote to memory of 2324	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2024 wrote to memory of 2324	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2024 wrote to memory of 2324	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2024 wrote to memory of 2428	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2024 wrote to memory of 2428	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2024 wrote to memory of 2428	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2024 wrote to memory of 2688	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2024 wrote to memory of 2688	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2024 wrote to memory of 2688	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2024 wrote to memory of 2964	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2024 wrote to memory of 2964	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2024 wrote to memory of 2964	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2024 wrote to memory of 2376	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2024 wrote to memory of 2376	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2024 wrote to memory of 2376	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2024 wrote to memory of 2564	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2024 wrote to memory of 2564	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2024 wrote to memory of 2564	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2024 wrote to memory of 2712	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2024 wrote to memory of 2712	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2024 wrote to memory of 2712	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2024 wrote to memory of 2616	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2024 wrote to memory of 2616	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2024 wrote to memory of 2616	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2024 wrote to memory of 2828	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2024 wrote to memory of 2828	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2024 wrote to memory of 2828	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2024 wrote to memory of 1440	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2024 wrote to memory of 1440	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2024 wrote to memory of 1440	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2024 wrote to memory of 1888	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2024 wrote to memory of 1888	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2024 wrote to memory of 1888	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2024 wrote to memory of 820	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2024 wrote to memory of 820	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2024 wrote to memory of 820	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2024 wrote to memory of 1652	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2024 wrote to memory of 1652	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2024 wrote to memory of 1652	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2024 wrote to memory of 1996	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2024 wrote to memory of 1996	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2024 wrote to memory of 1996	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2024 wrote to memory of 2856	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2024 wrote to memory of 2856	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2024 wrote to memory of 2856	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2024 wrote to memory of 1492	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2024 wrote to memory of 1492	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2024 wrote to memory of 1492	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2024 wrote to memory of 1688	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2024 wrote to memory of 1688	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2024 wrote to memory of 1688	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2024 wrote to memory of 2940	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2024 wrote to memory of 2940	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2024 wrote to memory of 2940	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2024 wrote to memory of 3056	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2024 wrote to memory of 3056	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2024 wrote to memory of 3056	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2024 wrote to memory of 1924	2024	2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_660bad417a0019e3a90df9702f76ba9c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\System\LeytJaz.exe
  C:\Windows\System\LeytJaz.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\XvCJCtf.exe
  C:\Windows\System\XvCJCtf.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\fGgpxbW.exe
  C:\Windows\System\fGgpxbW.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\eEZKzGc.exe
  C:\Windows\System\eEZKzGc.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\QTJQBDr.exe
  C:\Windows\System\QTJQBDr.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\zthYqkz.exe
  C:\Windows\System\zthYqkz.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\eOaGQHW.exe
  C:\Windows\System\eOaGQHW.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\KCFnhCa.exe
  C:\Windows\System\KCFnhCa.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\UMFBPrJ.exe
  C:\Windows\System\UMFBPrJ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\gKenoyD.exe
  C:\Windows\System\gKenoyD.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\optCWEF.exe
  C:\Windows\System\optCWEF.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\vWQbkXM.exe
  C:\Windows\System\vWQbkXM.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\SAbwIPJ.exe
  C:\Windows\System\SAbwIPJ.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\XMubymQ.exe
  C:\Windows\System\XMubymQ.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\okLTAbT.exe
  C:\Windows\System\okLTAbT.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\wmFbgab.exe
  C:\Windows\System\wmFbgab.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\BBzUgYH.exe
  C:\Windows\System\BBzUgYH.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\VBztiOY.exe
  C:\Windows\System\VBztiOY.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\JFSeJpi.exe
  C:\Windows\System\JFSeJpi.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\sguLbmX.exe
  C:\Windows\System\sguLbmX.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\hbDJHrB.exe
  C:\Windows\System\hbDJHrB.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\DxXyuFW.exe
  C:\Windows\System\DxXyuFW.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\CrNZZIy.exe
  C:\Windows\System\CrNZZIy.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\DBfRpin.exe
  C:\Windows\System\DBfRpin.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\KCQLTpB.exe
  C:\Windows\System\KCQLTpB.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\HZjlhTt.exe
  C:\Windows\System\HZjlhTt.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\OOrLbXD.exe
  C:\Windows\System\OOrLbXD.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\vFQtlFz.exe
  C:\Windows\System\vFQtlFz.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\FumzWxj.exe
  C:\Windows\System\FumzWxj.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\LvgCoCS.exe
  C:\Windows\System\LvgCoCS.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\NsTesjT.exe
  C:\Windows\System\NsTesjT.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\BWfqWDW.exe
  C:\Windows\System\BWfqWDW.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\uxKRcND.exe
  C:\Windows\System\uxKRcND.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\MbsylLg.exe
  C:\Windows\System\MbsylLg.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\LXvDDqL.exe
  C:\Windows\System\LXvDDqL.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\rALRJRB.exe
  C:\Windows\System\rALRJRB.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\xddROvi.exe
  C:\Windows\System\xddROvi.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\lRRhCsM.exe
  C:\Windows\System\lRRhCsM.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\uXbqwbE.exe
  C:\Windows\System\uXbqwbE.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\dRGjHAO.exe
  C:\Windows\System\dRGjHAO.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\AzQHrvH.exe
  C:\Windows\System\AzQHrvH.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\eISRHbx.exe
  C:\Windows\System\eISRHbx.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\PexbWWQ.exe
  C:\Windows\System\PexbWWQ.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\ZVROJWX.exe
  C:\Windows\System\ZVROJWX.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\iAsUXLR.exe
  C:\Windows\System\iAsUXLR.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\bEbCBGM.exe
  C:\Windows\System\bEbCBGM.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\FIVffSs.exe
  C:\Windows\System\FIVffSs.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\cxMlGEl.exe
  C:\Windows\System\cxMlGEl.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\kPHpfzf.exe
  C:\Windows\System\kPHpfzf.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\fKyKFcF.exe
  C:\Windows\System\fKyKFcF.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\PsyoICZ.exe
  C:\Windows\System\PsyoICZ.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\YIscsyB.exe
  C:\Windows\System\YIscsyB.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\QEIdREB.exe
  C:\Windows\System\QEIdREB.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\BcXXTUz.exe
  C:\Windows\System\BcXXTUz.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\HLIXgNS.exe
  C:\Windows\System\HLIXgNS.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\AcxRnme.exe
  C:\Windows\System\AcxRnme.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\VPIhQHr.exe
  C:\Windows\System\VPIhQHr.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\HhYpxoz.exe
  C:\Windows\System\HhYpxoz.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\eFfrjID.exe
  C:\Windows\System\eFfrjID.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\JCMDkaC.exe
  C:\Windows\System\JCMDkaC.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\OGEvJms.exe
  C:\Windows\System\OGEvJms.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\gyHGymk.exe
  C:\Windows\System\gyHGymk.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\BGdQkew.exe
  C:\Windows\System\BGdQkew.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\bdArweB.exe
  C:\Windows\System\bdArweB.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\NXKgyRE.exe
  C:\Windows\System\NXKgyRE.exe
  2⤵
  PID:2508
- C:\Windows\System\htwhpPS.exe
  C:\Windows\System\htwhpPS.exe
  2⤵
  PID:1576
- C:\Windows\System\GKzZpBn.exe
  C:\Windows\System\GKzZpBn.exe
  2⤵
  PID:1776
- C:\Windows\System\qvhXbJU.exe
  C:\Windows\System\qvhXbJU.exe
  2⤵
  PID:876
- C:\Windows\System\rbVCitU.exe
  C:\Windows\System\rbVCitU.exe
  2⤵
  PID:2880
- C:\Windows\System\LcucmtD.exe
  C:\Windows\System\LcucmtD.exe
  2⤵
  PID:1640
- C:\Windows\System\Dijlefq.exe
  C:\Windows\System\Dijlefq.exe
  2⤵
  PID:1648
- C:\Windows\System\mXbdIAI.exe
  C:\Windows\System\mXbdIAI.exe
  2⤵
  PID:1676
- C:\Windows\System\sutuPtO.exe
  C:\Windows\System\sutuPtO.exe
  2⤵
  PID:2196
- C:\Windows\System\pHAgIIu.exe
  C:\Windows\System\pHAgIIu.exe
  2⤵
  PID:1892
- C:\Windows\System\gztKhmo.exe
  C:\Windows\System\gztKhmo.exe
  2⤵
  PID:2216
- C:\Windows\System\RaZudJq.exe
  C:\Windows\System\RaZudJq.exe
  2⤵
  PID:2500
- C:\Windows\System\lNOlPfj.exe
  C:\Windows\System\lNOlPfj.exe
  2⤵
  PID:2100
- C:\Windows\System\ngigscj.exe
  C:\Windows\System\ngigscj.exe
  2⤵
  PID:776
- C:\Windows\System\cHOtAwQ.exe
  C:\Windows\System\cHOtAwQ.exe
  2⤵
  PID:1020
- C:\Windows\System\YnaEMSF.exe
  C:\Windows\System\YnaEMSF.exe
  2⤵
  PID:2152
- C:\Windows\System\AylPhpW.exe
  C:\Windows\System\AylPhpW.exe
  2⤵
  PID:656
- C:\Windows\System\XNLTfsx.exe
  C:\Windows\System\XNLTfsx.exe
  2⤵
  PID:2956
- C:\Windows\System\SJFBQZr.exe
  C:\Windows\System\SJFBQZr.exe
  2⤵
  PID:2300
- C:\Windows\System\qZZWiFH.exe
  C:\Windows\System\qZZWiFH.exe
  2⤵
  PID:2244
- C:\Windows\System\rPXcMpw.exe
  C:\Windows\System\rPXcMpw.exe
  2⤵
  PID:2632
- C:\Windows\System\YbhGGvI.exe
  C:\Windows\System\YbhGGvI.exe
  2⤵
  PID:592
- C:\Windows\System\BbgZFIk.exe
  C:\Windows\System\BbgZFIk.exe
  2⤵
  PID:2604
- C:\Windows\System\EsTehVv.exe
  C:\Windows\System\EsTehVv.exe
  2⤵
  PID:2784
- C:\Windows\System\WFDFsut.exe
  C:\Windows\System\WFDFsut.exe
  2⤵
  PID:756
- C:\Windows\System\SlVZAfX.exe
  C:\Windows\System\SlVZAfX.exe
  2⤵
  PID:2884
- C:\Windows\System\DXmCUeV.exe
  C:\Windows\System\DXmCUeV.exe
  2⤵
  PID:1964
- C:\Windows\System\jWmkTpg.exe
  C:\Windows\System\jWmkTpg.exe
  2⤵
  PID:2388
- C:\Windows\System\MFUeiBg.exe
  C:\Windows\System\MFUeiBg.exe
  2⤵
  PID:1948
- C:\Windows\System\AnaYfrn.exe
  C:\Windows\System\AnaYfrn.exe
  2⤵
  PID:948
- C:\Windows\System\puLQYqq.exe
  C:\Windows\System\puLQYqq.exe
  2⤵
  PID:1656
- C:\Windows\System\YVBcizt.exe
  C:\Windows\System\YVBcizt.exe
  2⤵
  PID:1632
- C:\Windows\System\PTHqfvu.exe
  C:\Windows\System\PTHqfvu.exe
  2⤵
  PID:2248
- C:\Windows\System\ZktQtEB.exe
  C:\Windows\System\ZktQtEB.exe
  2⤵
  PID:1944
- C:\Windows\System\NBQFzfD.exe
  C:\Windows\System\NBQFzfD.exe
  2⤵
  PID:2400
- C:\Windows\System\xJnsoys.exe
  C:\Windows\System\xJnsoys.exe
  2⤵
  PID:888
- C:\Windows\System\VlkjhBQ.exe
  C:\Windows\System\VlkjhBQ.exe
  2⤵
  PID:2620
- C:\Windows\System\wtznVGu.exe
  C:\Windows\System\wtznVGu.exe
  2⤵
  PID:1520
- C:\Windows\System\keCFgcE.exe
  C:\Windows\System\keCFgcE.exe
  2⤵
  PID:2228
- C:\Windows\System\NRKDKGf.exe
  C:\Windows\System\NRKDKGf.exe
  2⤵
  PID:2696
- C:\Windows\System\UxbosRH.exe
  C:\Windows\System\UxbosRH.exe
  2⤵
  PID:3088
- C:\Windows\System\UZEtaOV.exe
  C:\Windows\System\UZEtaOV.exe
  2⤵
  PID:3108
- C:\Windows\System\sgNovsH.exe
  C:\Windows\System\sgNovsH.exe
  2⤵
  PID:3132
- C:\Windows\System\PFkAHTB.exe
  C:\Windows\System\PFkAHTB.exe
  2⤵
  PID:3152
- C:\Windows\System\gXCUyny.exe
  C:\Windows\System\gXCUyny.exe
  2⤵
  PID:3172
- C:\Windows\System\TntCwBf.exe
  C:\Windows\System\TntCwBf.exe
  2⤵
  PID:3192
- C:\Windows\System\MLkLSOn.exe
  C:\Windows\System\MLkLSOn.exe
  2⤵
  PID:3212
- C:\Windows\System\sDpyERb.exe
  C:\Windows\System\sDpyERb.exe
  2⤵
  PID:3232
- C:\Windows\System\VQCaoKA.exe
  C:\Windows\System\VQCaoKA.exe
  2⤵
  PID:3252
- C:\Windows\System\VsACaux.exe
  C:\Windows\System\VsACaux.exe
  2⤵
  PID:3272
- C:\Windows\System\XqWWDOx.exe
  C:\Windows\System\XqWWDOx.exe
  2⤵
  PID:3292
- C:\Windows\System\JGIRSfQ.exe
  C:\Windows\System\JGIRSfQ.exe
  2⤵
  PID:3312
- C:\Windows\System\AlNhFSJ.exe
  C:\Windows\System\AlNhFSJ.exe
  2⤵
  PID:3332
- C:\Windows\System\QfSBfRz.exe
  C:\Windows\System\QfSBfRz.exe
  2⤵
  PID:3348
- C:\Windows\System\rexaaZY.exe
  C:\Windows\System\rexaaZY.exe
  2⤵
  PID:3372
- C:\Windows\System\ISSgnca.exe
  C:\Windows\System\ISSgnca.exe
  2⤵
  PID:3392
- C:\Windows\System\SlBHbEb.exe
  C:\Windows\System\SlBHbEb.exe
  2⤵
  PID:3412
- C:\Windows\System\bBVtmRG.exe
  C:\Windows\System\bBVtmRG.exe
  2⤵
  PID:3432
- C:\Windows\System\gryDyAV.exe
  C:\Windows\System\gryDyAV.exe
  2⤵
  PID:3452
- C:\Windows\System\ROCqTuz.exe
  C:\Windows\System\ROCqTuz.exe
  2⤵
  PID:3472
- C:\Windows\System\gPLNJqv.exe
  C:\Windows\System\gPLNJqv.exe
  2⤵
  PID:3492
- C:\Windows\System\ylgLvkG.exe
  C:\Windows\System\ylgLvkG.exe
  2⤵
  PID:3512
- C:\Windows\System\MVpgIkF.exe
  C:\Windows\System\MVpgIkF.exe
  2⤵
  PID:3532
- C:\Windows\System\AcGiKaF.exe
  C:\Windows\System\AcGiKaF.exe
  2⤵
  PID:3552
- C:\Windows\System\AGgKVFl.exe
  C:\Windows\System\AGgKVFl.exe
  2⤵
  PID:3572
- C:\Windows\System\BzvBxkG.exe
  C:\Windows\System\BzvBxkG.exe
  2⤵
  PID:3592
- C:\Windows\System\TeeudNR.exe
  C:\Windows\System\TeeudNR.exe
  2⤵
  PID:3612
- C:\Windows\System\bplQCUM.exe
  C:\Windows\System\bplQCUM.exe
  2⤵
  PID:3636
- C:\Windows\System\FTMlspb.exe
  C:\Windows\System\FTMlspb.exe
  2⤵
  PID:3660
- C:\Windows\System\kREYQtS.exe
  C:\Windows\System\kREYQtS.exe
  2⤵
  PID:3680
- C:\Windows\System\mrpGHlF.exe
  C:\Windows\System\mrpGHlF.exe
  2⤵
  PID:3700
- C:\Windows\System\iNIFfds.exe
  C:\Windows\System\iNIFfds.exe
  2⤵
  PID:3720
- C:\Windows\System\YmiGBja.exe
  C:\Windows\System\YmiGBja.exe
  2⤵
  PID:3740
- C:\Windows\System\YlqppNS.exe
  C:\Windows\System\YlqppNS.exe
  2⤵
  PID:3760
- C:\Windows\System\mxVzQtI.exe
  C:\Windows\System\mxVzQtI.exe
  2⤵
  PID:3780
- C:\Windows\System\QNaIoGr.exe
  C:\Windows\System\QNaIoGr.exe
  2⤵
  PID:3796
- C:\Windows\System\WaeseaW.exe
  C:\Windows\System\WaeseaW.exe
  2⤵
  PID:3820
- C:\Windows\System\AtTRNXp.exe
  C:\Windows\System\AtTRNXp.exe
  2⤵
  PID:3840
- C:\Windows\System\toZyGWl.exe
  C:\Windows\System\toZyGWl.exe
  2⤵
  PID:3860
- C:\Windows\System\GhOOBEM.exe
  C:\Windows\System\GhOOBEM.exe
  2⤵
  PID:3880
- C:\Windows\System\jUkVoGw.exe
  C:\Windows\System\jUkVoGw.exe
  2⤵
  PID:3900
- C:\Windows\System\omfpHpk.exe
  C:\Windows\System\omfpHpk.exe
  2⤵
  PID:3920
- C:\Windows\System\WdjXbMq.exe
  C:\Windows\System\WdjXbMq.exe
  2⤵
  PID:3940
- C:\Windows\System\ZwtBgkn.exe
  C:\Windows\System\ZwtBgkn.exe
  2⤵
  PID:3960
- C:\Windows\System\BIYUqoQ.exe
  C:\Windows\System\BIYUqoQ.exe
  2⤵
  PID:3980
- C:\Windows\System\BINixyN.exe
  C:\Windows\System\BINixyN.exe
  2⤵
  PID:4000
- C:\Windows\System\tNcPwQX.exe
  C:\Windows\System\tNcPwQX.exe
  2⤵
  PID:4020
- C:\Windows\System\scunOiK.exe
  C:\Windows\System\scunOiK.exe
  2⤵
  PID:4040
- C:\Windows\System\kauGYzo.exe
  C:\Windows\System\kauGYzo.exe
  2⤵
  PID:4060
- C:\Windows\System\PNVafVW.exe
  C:\Windows\System\PNVafVW.exe
  2⤵
  PID:4080
- C:\Windows\System\WwYuFLo.exe
  C:\Windows\System\WwYuFLo.exe
  2⤵
  PID:1424
- C:\Windows\System\XZHTMOs.exe
  C:\Windows\System\XZHTMOs.exe
  2⤵
  PID:2932
- C:\Windows\System\uwJXaUx.exe
  C:\Windows\System\uwJXaUx.exe
  2⤵
  PID:1816
- C:\Windows\System\GVNlpgF.exe
  C:\Windows\System\GVNlpgF.exe
  2⤵
  PID:844
- C:\Windows\System\PCwmPWt.exe
  C:\Windows\System\PCwmPWt.exe
  2⤵
  PID:1044
- C:\Windows\System\ObyHqUd.exe
  C:\Windows\System\ObyHqUd.exe
  2⤵
  PID:1092
- C:\Windows\System\VjOqiUc.exe
  C:\Windows\System\VjOqiUc.exe
  2⤵
  PID:2996
- C:\Windows\System\hQJHNrQ.exe
  C:\Windows\System\hQJHNrQ.exe
  2⤵
  PID:2624
- C:\Windows\System\mvAsnWA.exe
  C:\Windows\System\mvAsnWA.exe
  2⤵
  PID:300
- C:\Windows\System\IvUjizu.exe
  C:\Windows\System\IvUjizu.exe
  2⤵
  PID:2260
- C:\Windows\System\IMLDNek.exe
  C:\Windows\System\IMLDNek.exe
  2⤵
  PID:3084
- C:\Windows\System\nLeArBE.exe
  C:\Windows\System\nLeArBE.exe
  2⤵
  PID:3096
- C:\Windows\System\GSXKqBn.exe
  C:\Windows\System\GSXKqBn.exe
  2⤵
  PID:3164
- C:\Windows\System\sgFNyZR.exe
  C:\Windows\System\sgFNyZR.exe
  2⤵
  PID:3208
- C:\Windows\System\UwvIzXv.exe
  C:\Windows\System\UwvIzXv.exe
  2⤵
  PID:3240
- C:\Windows\System\JymDRIK.exe
  C:\Windows\System\JymDRIK.exe
  2⤵
  PID:3220
- C:\Windows\System\jbxKUFk.exe
  C:\Windows\System\jbxKUFk.exe
  2⤵
  PID:3284
- C:\Windows\System\PbACctS.exe
  C:\Windows\System\PbACctS.exe
  2⤵
  PID:3300
- C:\Windows\System\wCDJacg.exe
  C:\Windows\System\wCDJacg.exe
  2⤵
  PID:3368
- C:\Windows\System\obtqaPt.exe
  C:\Windows\System\obtqaPt.exe
  2⤵
  PID:3404
- C:\Windows\System\QJlOgqG.exe
  C:\Windows\System\QJlOgqG.exe
  2⤵
  PID:3448
- C:\Windows\System\oNpILUc.exe
  C:\Windows\System\oNpILUc.exe
  2⤵
  PID:3480
- C:\Windows\System\jkCZHug.exe
  C:\Windows\System\jkCZHug.exe
  2⤵
  PID:3468
- C:\Windows\System\JfGAHaa.exe
  C:\Windows\System\JfGAHaa.exe
  2⤵
  PID:3508
- C:\Windows\System\bcrGKXW.exe
  C:\Windows\System\bcrGKXW.exe
  2⤵
  PID:3544
- C:\Windows\System\WaVNvQW.exe
  C:\Windows\System\WaVNvQW.exe
  2⤵
  PID:3580
- C:\Windows\System\KmgCVau.exe
  C:\Windows\System\KmgCVau.exe
  2⤵
  PID:3644
- C:\Windows\System\vtHWpuG.exe
  C:\Windows\System\vtHWpuG.exe
  2⤵
  PID:3624
- C:\Windows\System\DzlgilG.exe
  C:\Windows\System\DzlgilG.exe
  2⤵
  PID:3668
- C:\Windows\System\AfLwsQb.exe
  C:\Windows\System\AfLwsQb.exe
  2⤵
  PID:3716
- C:\Windows\System\PlkHYVG.exe
  C:\Windows\System\PlkHYVG.exe
  2⤵
  PID:3748
- C:\Windows\System\dJSbvgz.exe
  C:\Windows\System\dJSbvgz.exe
  2⤵
  PID:3816
- C:\Windows\System\VQtktCV.exe
  C:\Windows\System\VQtktCV.exe
  2⤵
  PID:3828
- C:\Windows\System\hktEOTb.exe
  C:\Windows\System\hktEOTb.exe
  2⤵
  PID:3888
- C:\Windows\System\tEesuIP.exe
  C:\Windows\System\tEesuIP.exe
  2⤵
  PID:3892
- C:\Windows\System\oSqsqpj.exe
  C:\Windows\System\oSqsqpj.exe
  2⤵
  PID:3916
- C:\Windows\System\cPnemWi.exe
  C:\Windows\System\cPnemWi.exe
  2⤵
  PID:3656
- C:\Windows\System\PzXtxFi.exe
  C:\Windows\System\PzXtxFi.exe
  2⤵
  PID:4016
- C:\Windows\System\cbEgegl.exe
  C:\Windows\System\cbEgegl.exe
  2⤵
  PID:4048
- C:\Windows\System\YCMzJKY.exe
  C:\Windows\System\YCMzJKY.exe
  2⤵
  PID:4036
- C:\Windows\System\EesUyXl.exe
  C:\Windows\System\EesUyXl.exe
  2⤵
  PID:4092
- C:\Windows\System\AccgHLM.exe
  C:\Windows\System\AccgHLM.exe
  2⤵
  PID:1612
- C:\Windows\System\NindGTE.exe
  C:\Windows\System\NindGTE.exe
  2⤵
  PID:1152
- C:\Windows\System\ZIsnpGS.exe
  C:\Windows\System\ZIsnpGS.exe
  2⤵
  PID:784
- C:\Windows\System\ZDtjrKU.exe
  C:\Windows\System\ZDtjrKU.exe
  2⤵
  PID:2644
- C:\Windows\System\UGVJwou.exe
  C:\Windows\System\UGVJwou.exe
  2⤵
  PID:596
- C:\Windows\System\gZuZeRe.exe
  C:\Windows\System\gZuZeRe.exe
  2⤵
  PID:3076
- C:\Windows\System\qeswfPI.exe
  C:\Windows\System\qeswfPI.exe
  2⤵
  PID:3116
- C:\Windows\System\rQVdDrZ.exe
  C:\Windows\System\rQVdDrZ.exe
  2⤵
  PID:3148
- C:\Windows\System\XKSBOkg.exe
  C:\Windows\System\XKSBOkg.exe
  2⤵
  PID:3260
- C:\Windows\System\yIpbOKY.exe
  C:\Windows\System\yIpbOKY.exe
  2⤵
  PID:3228
- C:\Windows\System\ZpZgwtP.exe
  C:\Windows\System\ZpZgwtP.exe
  2⤵
  PID:3268
- C:\Windows\System\DvjnvkS.exe
  C:\Windows\System\DvjnvkS.exe
  2⤵
  PID:3408
- C:\Windows\System\qXLIScJ.exe
  C:\Windows\System\qXLIScJ.exe
  2⤵
  PID:3420
- C:\Windows\System\fcmOTYG.exe
  C:\Windows\System\fcmOTYG.exe
  2⤵
  PID:3528
- C:\Windows\System\IqLhpAU.exe
  C:\Windows\System\IqLhpAU.exe
  2⤵
  PID:3584
- C:\Windows\System\FtpVvoS.exe
  C:\Windows\System\FtpVvoS.exe
  2⤵
  PID:3600
- C:\Windows\System\MBzDwwP.exe
  C:\Windows\System\MBzDwwP.exe
  2⤵
  PID:3632
- C:\Windows\System\NZLmNpa.exe
  C:\Windows\System\NZLmNpa.exe
  2⤵
  PID:3776
- C:\Windows\System\mKPIDBa.exe
  C:\Windows\System\mKPIDBa.exe
  2⤵
  PID:3792
- C:\Windows\System\JJnZtII.exe
  C:\Windows\System\JJnZtII.exe
  2⤵
  PID:3896
- C:\Windows\System\bvBirhK.exe
  C:\Windows\System\bvBirhK.exe
  2⤵
  PID:3936
- C:\Windows\System\JhAejAH.exe
  C:\Windows\System\JhAejAH.exe
  2⤵
  PID:3908
- C:\Windows\System\aRaQPpA.exe
  C:\Windows\System\aRaQPpA.exe
  2⤵
  PID:4008
- C:\Windows\System\pmTsTml.exe
  C:\Windows\System\pmTsTml.exe
  2⤵
  PID:4028
- C:\Windows\System\HbZFoqY.exe
  C:\Windows\System\HbZFoqY.exe
  2⤵
  PID:2392
- C:\Windows\System\abWNvVl.exe
  C:\Windows\System\abWNvVl.exe
  2⤵
  PID:2208
- C:\Windows\System\AVXJySK.exe
  C:\Windows\System\AVXJySK.exe
  2⤵
  PID:1488
- C:\Windows\System\pxTOZCn.exe
  C:\Windows\System\pxTOZCn.exe
  2⤵
  PID:1672
- C:\Windows\System\yikXIIM.exe
  C:\Windows\System\yikXIIM.exe
  2⤵
  PID:3180
- C:\Windows\System\PZqVLJT.exe
  C:\Windows\System\PZqVLJT.exe
  2⤵
  PID:3264
- C:\Windows\System\fxNsdFN.exe
  C:\Windows\System\fxNsdFN.exe
  2⤵
  PID:3388
- C:\Windows\System\VpoZFrz.exe
  C:\Windows\System\VpoZFrz.exe
  2⤵
  PID:3540
- C:\Windows\System\ngwcDRc.exe
  C:\Windows\System\ngwcDRc.exe
  2⤵
  PID:3620
- C:\Windows\System\hcGXGpx.exe
  C:\Windows\System\hcGXGpx.exe
  2⤵
  PID:3500
- C:\Windows\System\LHzZrsN.exe
  C:\Windows\System\LHzZrsN.exe
  2⤵
  PID:3708
- C:\Windows\System\OFmXXuy.exe
  C:\Windows\System\OFmXXuy.exe
  2⤵
  PID:4112
- C:\Windows\System\FoMETfC.exe
  C:\Windows\System\FoMETfC.exe
  2⤵
  PID:4132
- C:\Windows\System\hpRnRmD.exe
  C:\Windows\System\hpRnRmD.exe
  2⤵
  PID:4156
- C:\Windows\System\EATbZHI.exe
  C:\Windows\System\EATbZHI.exe
  2⤵
  PID:4176
- C:\Windows\System\ZBQNOjT.exe
  C:\Windows\System\ZBQNOjT.exe
  2⤵
  PID:4196
- C:\Windows\System\PqrDXiH.exe
  C:\Windows\System\PqrDXiH.exe
  2⤵
  PID:4216
- C:\Windows\System\HKQTyYU.exe
  C:\Windows\System\HKQTyYU.exe
  2⤵
  PID:4236
- C:\Windows\System\aqjhSyX.exe
  C:\Windows\System\aqjhSyX.exe
  2⤵
  PID:4256
- C:\Windows\System\USPMwmV.exe
  C:\Windows\System\USPMwmV.exe
  2⤵
  PID:4276
- C:\Windows\System\CrxripF.exe
  C:\Windows\System\CrxripF.exe
  2⤵
  PID:4296
- C:\Windows\System\BlocBRk.exe
  C:\Windows\System\BlocBRk.exe
  2⤵
  PID:4316
- C:\Windows\System\YZAyZQl.exe
  C:\Windows\System\YZAyZQl.exe
  2⤵
  PID:4336
- C:\Windows\System\VCfvTLi.exe
  C:\Windows\System\VCfvTLi.exe
  2⤵
  PID:4356
- C:\Windows\System\ohUJqGH.exe
  C:\Windows\System\ohUJqGH.exe
  2⤵
  PID:4376
- C:\Windows\System\bnUUNdZ.exe
  C:\Windows\System\bnUUNdZ.exe
  2⤵
  PID:4396
- C:\Windows\System\bkFjiWZ.exe
  C:\Windows\System\bkFjiWZ.exe
  2⤵
  PID:4416
- C:\Windows\System\DKypdBc.exe
  C:\Windows\System\DKypdBc.exe
  2⤵
  PID:4436
- C:\Windows\System\GBMFeKK.exe
  C:\Windows\System\GBMFeKK.exe
  2⤵
  PID:4456
- C:\Windows\System\mzEzozt.exe
  C:\Windows\System\mzEzozt.exe
  2⤵
  PID:4476
- C:\Windows\System\qZOpVtB.exe
  C:\Windows\System\qZOpVtB.exe
  2⤵
  PID:4496
- C:\Windows\System\RlPqdeT.exe
  C:\Windows\System\RlPqdeT.exe
  2⤵
  PID:4516
- C:\Windows\System\GQSqPor.exe
  C:\Windows\System\GQSqPor.exe
  2⤵
  PID:4536
- C:\Windows\System\dhhonEm.exe
  C:\Windows\System\dhhonEm.exe
  2⤵
  PID:4556
- C:\Windows\System\jCGEMbs.exe
  C:\Windows\System\jCGEMbs.exe
  2⤵
  PID:4576
- C:\Windows\System\cCvoDEa.exe
  C:\Windows\System\cCvoDEa.exe
  2⤵
  PID:4596
- C:\Windows\System\QqgKtiu.exe
  C:\Windows\System\QqgKtiu.exe
  2⤵
  PID:4620
- C:\Windows\System\FiJdzIB.exe
  C:\Windows\System\FiJdzIB.exe
  2⤵
  PID:4640
- C:\Windows\System\qFSaSnL.exe
  C:\Windows\System\qFSaSnL.exe
  2⤵
  PID:4660
- C:\Windows\System\uemnjbv.exe
  C:\Windows\System\uemnjbv.exe
  2⤵
  PID:4680
- C:\Windows\System\eqEDfDU.exe
  C:\Windows\System\eqEDfDU.exe
  2⤵
  PID:4700
- C:\Windows\System\gWBKVzm.exe
  C:\Windows\System\gWBKVzm.exe
  2⤵
  PID:4720
- C:\Windows\System\PpyVlvZ.exe
  C:\Windows\System\PpyVlvZ.exe
  2⤵
  PID:4740
- C:\Windows\System\sUWjGbP.exe
  C:\Windows\System\sUWjGbP.exe
  2⤵
  PID:4760
- C:\Windows\System\AYibMkt.exe
  C:\Windows\System\AYibMkt.exe
  2⤵
  PID:4780
- C:\Windows\System\SeyIBgq.exe
  C:\Windows\System\SeyIBgq.exe
  2⤵
  PID:4804
- C:\Windows\System\jXdgRUH.exe
  C:\Windows\System\jXdgRUH.exe
  2⤵
  PID:4824
- C:\Windows\System\uSQETLY.exe
  C:\Windows\System\uSQETLY.exe
  2⤵
  PID:4844
- C:\Windows\System\IwrKXtl.exe
  C:\Windows\System\IwrKXtl.exe
  2⤵
  PID:4864
- C:\Windows\System\oVvUfFC.exe
  C:\Windows\System\oVvUfFC.exe
  2⤵
  PID:4884
- C:\Windows\System\nLmDRch.exe
  C:\Windows\System\nLmDRch.exe
  2⤵
  PID:4904
- C:\Windows\System\WUVbiqi.exe
  C:\Windows\System\WUVbiqi.exe
  2⤵
  PID:4924
- C:\Windows\System\uVmYAHY.exe
  C:\Windows\System\uVmYAHY.exe
  2⤵
  PID:4944
- C:\Windows\System\ozovoVA.exe
  C:\Windows\System\ozovoVA.exe
  2⤵
  PID:4964
- C:\Windows\System\KrDnjea.exe
  C:\Windows\System\KrDnjea.exe
  2⤵
  PID:4984
- C:\Windows\System\DJTQcnl.exe
  C:\Windows\System\DJTQcnl.exe
  2⤵
  PID:5004
- C:\Windows\System\cgXAnne.exe
  C:\Windows\System\cgXAnne.exe
  2⤵
  PID:5020
- C:\Windows\System\TSvozlG.exe
  C:\Windows\System\TSvozlG.exe
  2⤵
  PID:5044
- C:\Windows\System\BfGCvbz.exe
  C:\Windows\System\BfGCvbz.exe
  2⤵
  PID:5064
- C:\Windows\System\ZzXSpRm.exe
  C:\Windows\System\ZzXSpRm.exe
  2⤵
  PID:5084
- C:\Windows\System\YHMiBfL.exe
  C:\Windows\System\YHMiBfL.exe
  2⤵
  PID:5104
- C:\Windows\System\MqXtEpC.exe
  C:\Windows\System\MqXtEpC.exe
  2⤵
  PID:3876
- C:\Windows\System\tCSTDDv.exe
  C:\Windows\System\tCSTDDv.exe
  2⤵
  PID:3848
- C:\Windows\System\SzhDVHI.exe
  C:\Windows\System\SzhDVHI.exe
  2⤵
  PID:3836
- C:\Windows\System\lGUquHP.exe
  C:\Windows\System\lGUquHP.exe
  2⤵
  PID:1436
- C:\Windows\System\FfngBYa.exe
  C:\Windows\System\FfngBYa.exe
  2⤵
  PID:340
- C:\Windows\System\XblERIO.exe
  C:\Windows\System\XblERIO.exe
  2⤵
  PID:1824
- C:\Windows\System\PmLBFue.exe
  C:\Windows\System\PmLBFue.exe
  2⤵
  PID:3244
- C:\Windows\System\BFApVOI.exe
  C:\Windows\System\BFApVOI.exe
  2⤵
  PID:3356
- C:\Windows\System\qlMvmjI.exe
  C:\Windows\System\qlMvmjI.exe
  2⤵
  PID:3200
- C:\Windows\System\AdERrhT.exe
  C:\Windows\System\AdERrhT.exe
  2⤵
  PID:3608
- C:\Windows\System\fsASKvc.exe
  C:\Windows\System\fsASKvc.exe
  2⤵
  PID:4108
- C:\Windows\System\MHBNHiF.exe
  C:\Windows\System\MHBNHiF.exe
  2⤵
  PID:4140
- C:\Windows\System\NcsRDTE.exe
  C:\Windows\System\NcsRDTE.exe
  2⤵
  PID:4128
- C:\Windows\System\rhuMmbm.exe
  C:\Windows\System\rhuMmbm.exe
  2⤵
  PID:4188
- C:\Windows\System\NJWmTAk.exe
  C:\Windows\System\NJWmTAk.exe
  2⤵
  PID:4212
- C:\Windows\System\JzOAUHU.exe
  C:\Windows\System\JzOAUHU.exe
  2⤵
  PID:4272
- C:\Windows\System\DhBkWYD.exe
  C:\Windows\System\DhBkWYD.exe
  2⤵
  PID:4304
- C:\Windows\System\OlIbyBp.exe
  C:\Windows\System\OlIbyBp.exe
  2⤵
  PID:4292
- C:\Windows\System\ywDREYn.exe
  C:\Windows\System\ywDREYn.exe
  2⤵
  PID:4332
- C:\Windows\System\fMKXFQn.exe
  C:\Windows\System\fMKXFQn.exe
  2⤵
  PID:4372
- C:\Windows\System\BNEyPpi.exe
  C:\Windows\System\BNEyPpi.exe
  2⤵
  PID:4432
- C:\Windows\System\cDOUlkt.exe
  C:\Windows\System\cDOUlkt.exe
  2⤵
  PID:4464
- C:\Windows\System\pwPaCeD.exe
  C:\Windows\System\pwPaCeD.exe
  2⤵
  PID:4484
- C:\Windows\System\aZxIyxx.exe
  C:\Windows\System\aZxIyxx.exe
  2⤵
  PID:4488
- C:\Windows\System\wpvOdZA.exe
  C:\Windows\System\wpvOdZA.exe
  2⤵
  PID:4532
- C:\Windows\System\GQxujke.exe
  C:\Windows\System\GQxujke.exe
  2⤵
  PID:4588
- C:\Windows\System\eYGxoZb.exe
  C:\Windows\System\eYGxoZb.exe
  2⤵
  PID:4636
- C:\Windows\System\adEfgXw.exe
  C:\Windows\System\adEfgXw.exe
  2⤵
  PID:4648
- C:\Windows\System\rgLTDSt.exe
  C:\Windows\System\rgLTDSt.exe
  2⤵
  PID:4688
- C:\Windows\System\gWuKeLk.exe
  C:\Windows\System\gWuKeLk.exe
  2⤵
  PID:4692
- C:\Windows\System\cchKOuR.exe
  C:\Windows\System\cchKOuR.exe
  2⤵
  PID:4736
- C:\Windows\System\ietEhLS.exe
  C:\Windows\System\ietEhLS.exe
  2⤵
  PID:4792
- C:\Windows\System\IHSuSAT.exe
  C:\Windows\System\IHSuSAT.exe
  2⤵
  PID:4812
- C:\Windows\System\iaeBAop.exe
  C:\Windows\System\iaeBAop.exe
  2⤵
  PID:4872
- C:\Windows\System\fLspidb.exe
  C:\Windows\System\fLspidb.exe
  2⤵
  PID:4892
- C:\Windows\System\MnACSAe.exe
  C:\Windows\System\MnACSAe.exe
  2⤵
  PID:4896
- C:\Windows\System\PbzCpem.exe
  C:\Windows\System\PbzCpem.exe
  2⤵
  PID:4960
- C:\Windows\System\uXMDFcw.exe
  C:\Windows\System\uXMDFcw.exe
  2⤵
  PID:4992
- C:\Windows\System\hcAhqSe.exe
  C:\Windows\System\hcAhqSe.exe
  2⤵
  PID:5032
- C:\Windows\System\MFtchBu.exe
  C:\Windows\System\MFtchBu.exe
  2⤵
  PID:5072
- C:\Windows\System\ijwdWTV.exe
  C:\Windows\System\ijwdWTV.exe
  2⤵
  PID:5092
- C:\Windows\System\evTGQyZ.exe
  C:\Windows\System\evTGQyZ.exe
  2⤵
  PID:3852
- C:\Windows\System\ciDzxRG.exe
  C:\Windows\System\ciDzxRG.exe
  2⤵
  PID:2648
- C:\Windows\System\JGmKqSX.exe
  C:\Windows\System\JGmKqSX.exe
  2⤵
  PID:2012
- C:\Windows\System\Frfksty.exe
  C:\Windows\System\Frfksty.exe
  2⤵
  PID:900
- C:\Windows\System\CoCCrMv.exe
  C:\Windows\System\CoCCrMv.exe
  2⤵
  PID:2960
- C:\Windows\System\hkhLTct.exe
  C:\Windows\System\hkhLTct.exe
  2⤵
  PID:3120
- C:\Windows\System\oquxWfu.exe
  C:\Windows\System\oquxWfu.exe
  2⤵
  PID:4100
- C:\Windows\System\gUxNnmR.exe
  C:\Windows\System\gUxNnmR.exe
  2⤵
  PID:4144
- C:\Windows\System\KhKdEKV.exe
  C:\Windows\System\KhKdEKV.exe
  2⤵
  PID:4184
- C:\Windows\System\YZmpUMJ.exe
  C:\Windows\System\YZmpUMJ.exe
  2⤵
  PID:4192
- C:\Windows\System\pJityvt.exe
  C:\Windows\System\pJityvt.exe
  2⤵
  PID:4252
- C:\Windows\System\NqOikOq.exe
  C:\Windows\System\NqOikOq.exe
  2⤵
  PID:4348
- C:\Windows\System\piLUGrG.exe
  C:\Windows\System\piLUGrG.exe
  2⤵
  PID:4364
- C:\Windows\System\pYaVYcy.exe
  C:\Windows\System\pYaVYcy.exe
  2⤵
  PID:4384
- C:\Windows\System\rPGhWDE.exe
  C:\Windows\System\rPGhWDE.exe
  2⤵
  PID:4444
- C:\Windows\System\pEUbLjy.exe
  C:\Windows\System\pEUbLjy.exe
  2⤵
  PID:4508
- C:\Windows\System\TwKhyBy.exe
  C:\Windows\System\TwKhyBy.exe
  2⤵
  PID:4592
- C:\Windows\System\rKEMRcQ.exe
  C:\Windows\System\rKEMRcQ.exe
  2⤵
  PID:4672
- C:\Windows\System\VSwYMGV.exe
  C:\Windows\System\VSwYMGV.exe
  2⤵
  PID:4612
- C:\Windows\System\UrFUbDn.exe
  C:\Windows\System\UrFUbDn.exe
  2⤵
  PID:4756
- C:\Windows\System\caXbCaA.exe
  C:\Windows\System\caXbCaA.exe
  2⤵
  PID:4840
- C:\Windows\System\zgsSIxj.exe
  C:\Windows\System\zgsSIxj.exe
  2⤵
  PID:4876
- C:\Windows\System\QvqDoWi.exe
  C:\Windows\System\QvqDoWi.exe
  2⤵
  PID:4900
- C:\Windows\System\zxYkDbE.exe
  C:\Windows\System\zxYkDbE.exe
  2⤵
  PID:4980
- C:\Windows\System\OauzYIj.exe
  C:\Windows\System\OauzYIj.exe
  2⤵
  PID:5016
- C:\Windows\System\JJeDgXg.exe
  C:\Windows\System\JJeDgXg.exe
  2⤵
  PID:5076
- C:\Windows\System\HLRebEX.exe
  C:\Windows\System\HLRebEX.exe
  2⤵
  PID:3804
- C:\Windows\System\TynokSp.exe
  C:\Windows\System\TynokSp.exe
  2⤵
  PID:5136
- C:\Windows\System\XwKnvdm.exe
  C:\Windows\System\XwKnvdm.exe
  2⤵
  PID:5156
- C:\Windows\System\mFBUIHv.exe
  C:\Windows\System\mFBUIHv.exe
  2⤵
  PID:5176
- C:\Windows\System\ekFbgWp.exe
  C:\Windows\System\ekFbgWp.exe
  2⤵
  PID:5196
- C:\Windows\System\hUEplBK.exe
  C:\Windows\System\hUEplBK.exe
  2⤵
  PID:5216
- C:\Windows\System\PyHYViP.exe
  C:\Windows\System\PyHYViP.exe
  2⤵
  PID:5236
- C:\Windows\System\EiHNpgG.exe
  C:\Windows\System\EiHNpgG.exe
  2⤵
  PID:5256
- C:\Windows\System\xcvFhoG.exe
  C:\Windows\System\xcvFhoG.exe
  2⤵
  PID:5276
- C:\Windows\System\EhCkkCV.exe
  C:\Windows\System\EhCkkCV.exe
  2⤵
  PID:5296
- C:\Windows\System\oOSHXqa.exe
  C:\Windows\System\oOSHXqa.exe
  2⤵
  PID:5316
- C:\Windows\System\SMcthtS.exe
  C:\Windows\System\SMcthtS.exe
  2⤵
  PID:5336
- C:\Windows\System\orcuONj.exe
  C:\Windows\System\orcuONj.exe
  2⤵
  PID:5356
- C:\Windows\System\JHeChOu.exe
  C:\Windows\System\JHeChOu.exe
  2⤵
  PID:5380
- C:\Windows\System\XPlQPNX.exe
  C:\Windows\System\XPlQPNX.exe
  2⤵
  PID:5400
- C:\Windows\System\pOaSMfw.exe
  C:\Windows\System\pOaSMfw.exe
  2⤵
  PID:5420
- C:\Windows\System\IgIeaOr.exe
  C:\Windows\System\IgIeaOr.exe
  2⤵
  PID:5440
- C:\Windows\System\JRseRlV.exe
  C:\Windows\System\JRseRlV.exe
  2⤵
  PID:5460
- C:\Windows\System\TeLhLXK.exe
  C:\Windows\System\TeLhLXK.exe
  2⤵
  PID:5480
- C:\Windows\System\ekwWsuV.exe
  C:\Windows\System\ekwWsuV.exe
  2⤵
  PID:5500
- C:\Windows\System\lbMBDSK.exe
  C:\Windows\System\lbMBDSK.exe
  2⤵
  PID:5520
- C:\Windows\System\sLcsUYb.exe
  C:\Windows\System\sLcsUYb.exe
  2⤵
  PID:5540
- C:\Windows\System\SDSXmjc.exe
  C:\Windows\System\SDSXmjc.exe
  2⤵
  PID:5560
- C:\Windows\System\RfNERxt.exe
  C:\Windows\System\RfNERxt.exe
  2⤵
  PID:5580
- C:\Windows\System\dnCFltR.exe
  C:\Windows\System\dnCFltR.exe
  2⤵
  PID:5600
- C:\Windows\System\aRyHVUr.exe
  C:\Windows\System\aRyHVUr.exe
  2⤵
  PID:5620
- C:\Windows\System\dCLYEkb.exe
  C:\Windows\System\dCLYEkb.exe
  2⤵
  PID:5640
- C:\Windows\System\OjNdyyG.exe
  C:\Windows\System\OjNdyyG.exe
  2⤵
  PID:5660
- C:\Windows\System\CItrYRQ.exe
  C:\Windows\System\CItrYRQ.exe
  2⤵
  PID:5680
- C:\Windows\System\kdljnix.exe
  C:\Windows\System\kdljnix.exe
  2⤵
  PID:5700
- C:\Windows\System\YLWBXCO.exe
  C:\Windows\System\YLWBXCO.exe
  2⤵
  PID:5720
- C:\Windows\System\AlGKIZc.exe
  C:\Windows\System\AlGKIZc.exe
  2⤵
  PID:5740
- C:\Windows\System\erwmApl.exe
  C:\Windows\System\erwmApl.exe
  2⤵
  PID:5764
- C:\Windows\System\UclcUjz.exe
  C:\Windows\System\UclcUjz.exe
  2⤵
  PID:5784
- C:\Windows\System\KKTpwWU.exe
  C:\Windows\System\KKTpwWU.exe
  2⤵
  PID:5804
- C:\Windows\System\zAbZtQi.exe
  C:\Windows\System\zAbZtQi.exe
  2⤵
  PID:5824
- C:\Windows\System\DoVumuZ.exe
  C:\Windows\System\DoVumuZ.exe
  2⤵
  PID:5844
- C:\Windows\System\MeAsXDc.exe
  C:\Windows\System\MeAsXDc.exe
  2⤵
  PID:5864
- C:\Windows\System\JiMXOLT.exe
  C:\Windows\System\JiMXOLT.exe
  2⤵
  PID:5884
- C:\Windows\System\MjwwQmM.exe
  C:\Windows\System\MjwwQmM.exe
  2⤵
  PID:5904
- C:\Windows\System\sodbPuJ.exe
  C:\Windows\System\sodbPuJ.exe
  2⤵
  PID:5924
- C:\Windows\System\hrZMIFc.exe
  C:\Windows\System\hrZMIFc.exe
  2⤵
  PID:5944
- C:\Windows\System\GSLOshq.exe
  C:\Windows\System\GSLOshq.exe
  2⤵
  PID:5964
- C:\Windows\System\SSeJmKX.exe
  C:\Windows\System\SSeJmKX.exe
  2⤵
  PID:5984
- C:\Windows\System\hDedUMI.exe
  C:\Windows\System\hDedUMI.exe
  2⤵
  PID:6004
- C:\Windows\System\KxRiotk.exe
  C:\Windows\System\KxRiotk.exe
  2⤵
  PID:6024
- C:\Windows\System\MnSrQvv.exe
  C:\Windows\System\MnSrQvv.exe
  2⤵
  PID:6044
- C:\Windows\System\NolzWII.exe
  C:\Windows\System\NolzWII.exe
  2⤵
  PID:6064
- C:\Windows\System\KEuYkZd.exe
  C:\Windows\System\KEuYkZd.exe
  2⤵
  PID:6084
- C:\Windows\System\hIPQOgA.exe
  C:\Windows\System\hIPQOgA.exe
  2⤵
  PID:6104
- C:\Windows\System\BobFMJv.exe
  C:\Windows\System\BobFMJv.exe
  2⤵
  PID:6124
- C:\Windows\System\oVUvZne.exe
  C:\Windows\System\oVUvZne.exe
  2⤵
  PID:4012
- C:\Windows\System\EttUJmS.exe
  C:\Windows\System\EttUJmS.exe
  2⤵
  PID:4072
- C:\Windows\System\HDiZuVn.exe
  C:\Windows\System\HDiZuVn.exe
  2⤵
  PID:3440
- C:\Windows\System\OtJghaL.exe
  C:\Windows\System\OtJghaL.exe
  2⤵
  PID:3560
- C:\Windows\System\hWNivjO.exe
  C:\Windows\System\hWNivjO.exe
  2⤵
  PID:4124
- C:\Windows\System\uCqDIKM.exe
  C:\Windows\System\uCqDIKM.exe
  2⤵
  PID:3752
- C:\Windows\System\MJEhLbq.exe
  C:\Windows\System\MJEhLbq.exe
  2⤵
  PID:4284
- C:\Windows\System\LPanXmY.exe
  C:\Windows\System\LPanXmY.exe
  2⤵
  PID:4404
- C:\Windows\System\JKDFhWk.exe
  C:\Windows\System\JKDFhWk.exe
  2⤵
  PID:4472
- C:\Windows\System\DnsxbEv.exe
  C:\Windows\System\DnsxbEv.exe
  2⤵
  PID:2676
- C:\Windows\System\DLudCsq.exe
  C:\Windows\System\DLudCsq.exe
  2⤵
  PID:4668
- C:\Windows\System\VfRUKGN.exe
  C:\Windows\System\VfRUKGN.exe
  2⤵
  PID:4716
- C:\Windows\System\UjznMMe.exe
  C:\Windows\System\UjznMMe.exe
  2⤵
  PID:4856
- C:\Windows\System\OHACjBp.exe
  C:\Windows\System\OHACjBp.exe
  2⤵
  PID:4940
- C:\Windows\System\nKjRjxx.exe
  C:\Windows\System\nKjRjxx.exe
  2⤵
  PID:5112
- C:\Windows\System\vWURoby.exe
  C:\Windows\System\vWURoby.exe
  2⤵
  PID:5124
- C:\Windows\System\iiJuxnd.exe
  C:\Windows\System\iiJuxnd.exe
  2⤵
  PID:5144
- C:\Windows\System\DPtqHgx.exe
  C:\Windows\System\DPtqHgx.exe
  2⤵
  PID:5172
- C:\Windows\System\VcthCfD.exe
  C:\Windows\System\VcthCfD.exe
  2⤵
  PID:5192
- C:\Windows\System\qnGvzex.exe
  C:\Windows\System\qnGvzex.exe
  2⤵
  PID:5232
- C:\Windows\System\HJOhwHO.exe
  C:\Windows\System\HJOhwHO.exe
  2⤵
  PID:5264
- C:\Windows\System\ybvctJO.exe
  C:\Windows\System\ybvctJO.exe
  2⤵
  PID:5268
- C:\Windows\System\ddwAjLz.exe
  C:\Windows\System\ddwAjLz.exe
  2⤵
  PID:5332
- C:\Windows\System\yoEtAdm.exe
  C:\Windows\System\yoEtAdm.exe
  2⤵
  PID:5348
- C:\Windows\System\blQbyPo.exe
  C:\Windows\System\blQbyPo.exe
  2⤵
  PID:5396
- C:\Windows\System\hLasghM.exe
  C:\Windows\System\hLasghM.exe
  2⤵
  PID:5448
- C:\Windows\System\kDBuXlQ.exe
  C:\Windows\System\kDBuXlQ.exe
  2⤵
  PID:5468
- C:\Windows\System\OgBrRTe.exe
  C:\Windows\System\OgBrRTe.exe
  2⤵
  PID:5496
- C:\Windows\System\TpsgXsE.exe
  C:\Windows\System\TpsgXsE.exe
  2⤵
  PID:5516
- C:\Windows\System\mmLkxwT.exe
  C:\Windows\System\mmLkxwT.exe
  2⤵
  PID:5568
- C:\Windows\System\AgMgXDF.exe
  C:\Windows\System\AgMgXDF.exe
  2⤵
  PID:5596
- C:\Windows\System\afZRvSq.exe
  C:\Windows\System\afZRvSq.exe
  2⤵
  PID:5648
- C:\Windows\System\gHflYyW.exe
  C:\Windows\System\gHflYyW.exe
  2⤵
  PID:5668
- C:\Windows\System\HRfQMyI.exe
  C:\Windows\System\HRfQMyI.exe
  2⤵
  PID:5692
- C:\Windows\System\kLXsdEi.exe
  C:\Windows\System\kLXsdEi.exe
  2⤵
  PID:5736
- C:\Windows\System\lOaRqDY.exe
  C:\Windows\System\lOaRqDY.exe
  2⤵
  PID:5756
- C:\Windows\System\PJEUjzK.exe
  C:\Windows\System\PJEUjzK.exe
  2⤵
  PID:5796
- C:\Windows\System\dIJCwaO.exe
  C:\Windows\System\dIJCwaO.exe
  2⤵
  PID:5832
- C:\Windows\System\PKoMnVL.exe
  C:\Windows\System\PKoMnVL.exe
  2⤵
  PID:5856
- C:\Windows\System\jgzmFec.exe
  C:\Windows\System\jgzmFec.exe
  2⤵
  PID:5896
- C:\Windows\System\wdXsdTT.exe
  C:\Windows\System\wdXsdTT.exe
  2⤵
  PID:5916
- C:\Windows\System\rGQkTOb.exe
  C:\Windows\System\rGQkTOb.exe
  2⤵
  PID:5972
- C:\Windows\System\QuOobby.exe
  C:\Windows\System\QuOobby.exe
  2⤵
  PID:2692
- C:\Windows\System\ZndnLNd.exe
  C:\Windows\System\ZndnLNd.exe
  2⤵
  PID:6016
- C:\Windows\System\wfbXSEi.exe
  C:\Windows\System\wfbXSEi.exe
  2⤵
  PID:6060
- C:\Windows\System\dCdZxec.exe
  C:\Windows\System\dCdZxec.exe
  2⤵
  PID:6092
- C:\Windows\System\EGDIHZO.exe
  C:\Windows\System\EGDIHZO.exe
  2⤵
  PID:6112
- C:\Windows\System\boYeKYM.exe
  C:\Windows\System\boYeKYM.exe
  2⤵
  PID:6136
- C:\Windows\System\xCvdlfJ.exe
  C:\Windows\System\xCvdlfJ.exe
  2⤵
  PID:2944
- C:\Windows\System\dPNeXxl.exe
  C:\Windows\System\dPNeXxl.exe
  2⤵
  PID:3324
- C:\Windows\System\eMSyLfr.exe
  C:\Windows\System\eMSyLfr.exe
  2⤵
  PID:1952
- C:\Windows\System\GBExpaU.exe
  C:\Windows\System\GBExpaU.exe
  2⤵
  PID:4328
- C:\Windows\System\SnlTrRO.exe
  C:\Windows\System\SnlTrRO.exe
  2⤵
  PID:4492
- C:\Windows\System\PAegDGY.exe
  C:\Windows\System\PAegDGY.exe
  2⤵
  PID:4656
- C:\Windows\System\EfysVgL.exe
  C:\Windows\System\EfysVgL.exe
  2⤵
  PID:2704
- C:\Windows\System\GNyaDWI.exe
  C:\Windows\System\GNyaDWI.exe
  2⤵
  PID:4880
- C:\Windows\System\PeNWpMh.exe
  C:\Windows\System\PeNWpMh.exe
  2⤵
  PID:5028
- C:\Windows\System\aZJCfMc.exe
  C:\Windows\System\aZJCfMc.exe
  2⤵
  PID:5128
- C:\Windows\System\BoWZbDj.exe
  C:\Windows\System\BoWZbDj.exe
  2⤵
  PID:5152
- C:\Windows\System\RUGugyQ.exe
  C:\Windows\System\RUGugyQ.exe
  2⤵
  PID:5244
- C:\Windows\System\YLrxgrA.exe
  C:\Windows\System\YLrxgrA.exe
  2⤵
  PID:5272
- C:\Windows\System\cCURNTR.exe
  C:\Windows\System\cCURNTR.exe
  2⤵
  PID:5352
- C:\Windows\System\vhFQUFA.exe
  C:\Windows\System\vhFQUFA.exe
  2⤵
  PID:5388
- C:\Windows\System\EdYVaoQ.exe
  C:\Windows\System\EdYVaoQ.exe
  2⤵
  PID:5452
- C:\Windows\System\ZVEMYhZ.exe
  C:\Windows\System\ZVEMYhZ.exe
  2⤵
  PID:5528
- C:\Windows\System\fLsrASl.exe
  C:\Windows\System\fLsrASl.exe
  2⤵
  PID:5552
- C:\Windows\System\CkWLvHM.exe
  C:\Windows\System\CkWLvHM.exe
  2⤵
  PID:5588
- C:\Windows\System\FmvBdSC.exe
  C:\Windows\System\FmvBdSC.exe
  2⤵
  PID:5656
- C:\Windows\System\vLWNRAl.exe
  C:\Windows\System\vLWNRAl.exe
  2⤵
  PID:5672
- C:\Windows\System\ErfpWWm.exe
  C:\Windows\System\ErfpWWm.exe
  2⤵
  PID:5800
- C:\Windows\System\KGCusZy.exe
  C:\Windows\System\KGCusZy.exe
  2⤵
  PID:5840
- C:\Windows\System\nCSmjxk.exe
  C:\Windows\System\nCSmjxk.exe
  2⤵
  PID:5836
- C:\Windows\System\nfszdqI.exe
  C:\Windows\System\nfszdqI.exe
  2⤵
  PID:5892
- C:\Windows\System\UbVgzAp.exe
  C:\Windows\System\UbVgzAp.exe
  2⤵
  PID:5952
- C:\Windows\System\jKWtryX.exe
  C:\Windows\System\jKWtryX.exe
  2⤵
  PID:6052
- C:\Windows\System\UEQbwTB.exe
  C:\Windows\System\UEQbwTB.exe
  2⤵
  PID:3044
- C:\Windows\System\kVAaQQF.exe
  C:\Windows\System\kVAaQQF.exe
  2⤵
  PID:6116
- C:\Windows\System\NhgwJqM.exe
  C:\Windows\System\NhgwJqM.exe
  2⤵
  PID:2528
- C:\Windows\System\mpKTWTj.exe
  C:\Windows\System\mpKTWTj.exe
  2⤵
  PID:2536
- C:\Windows\System\UrDdvZm.exe
  C:\Windows\System\UrDdvZm.exe
  2⤵
  PID:4268
- C:\Windows\System\jluqhjy.exe
  C:\Windows\System\jluqhjy.exe
  2⤵
  PID:4412
- C:\Windows\System\JWwnnMx.exe
  C:\Windows\System\JWwnnMx.exe
  2⤵
  PID:4564
- C:\Windows\System\mCEZFMf.exe
  C:\Windows\System\mCEZFMf.exe
  2⤵
  PID:4852
- C:\Windows\System\yIQgiUE.exe
  C:\Windows\System\yIQgiUE.exe
  2⤵
  PID:2020
- C:\Windows\System\xflCrFQ.exe
  C:\Windows\System\xflCrFQ.exe
  2⤵
  PID:5164
- C:\Windows\System\IsBCUbm.exe
  C:\Windows\System\IsBCUbm.exe
  2⤵
  PID:2652
- C:\Windows\System\NGBhabv.exe
  C:\Windows\System\NGBhabv.exe
  2⤵
  PID:5324
- C:\Windows\System\MpACWIW.exe
  C:\Windows\System\MpACWIW.exe
  2⤵
  PID:5308
- C:\Windows\System\VsNMqdJ.exe
  C:\Windows\System\VsNMqdJ.exe
  2⤵
  PID:3068
- C:\Windows\System\VLDXwHH.exe
  C:\Windows\System\VLDXwHH.exe
  2⤵
  PID:2480
- C:\Windows\System\nplpIcz.exe
  C:\Windows\System\nplpIcz.exe
  2⤵
  PID:5608
- C:\Windows\System\gqVLPnY.exe
  C:\Windows\System\gqVLPnY.exe
  2⤵
  PID:5652
- C:\Windows\System\LQNrIPV.exe
  C:\Windows\System\LQNrIPV.exe
  2⤵
  PID:5776
- C:\Windows\System\APYJvWe.exe
  C:\Windows\System\APYJvWe.exe
  2⤵
  PID:1120
- C:\Windows\System\ewfqWbE.exe
  C:\Windows\System\ewfqWbE.exe
  2⤵
  PID:5820
- C:\Windows\System\XChlGFj.exe
  C:\Windows\System\XChlGFj.exe
  2⤵
  PID:5940
- C:\Windows\System\rfskfHX.exe
  C:\Windows\System\rfskfHX.exe
  2⤵
  PID:6012
- C:\Windows\System\DnywKzx.exe
  C:\Windows\System\DnywKzx.exe
  2⤵
  PID:6096
- C:\Windows\System\tpXXhII.exe
  C:\Windows\System\tpXXhII.exe
  2⤵
  PID:3344
- C:\Windows\System\OVasWaa.exe
  C:\Windows\System\OVasWaa.exe
  2⤵
  PID:2776
- C:\Windows\System\YwfRODQ.exe
  C:\Windows\System\YwfRODQ.exe
  2⤵
  PID:4232
- C:\Windows\System\BfjaegS.exe
  C:\Windows\System\BfjaegS.exe
  2⤵
  PID:4712
- C:\Windows\System\CgOjaYc.exe
  C:\Windows\System\CgOjaYc.exe
  2⤵
  PID:3832
- C:\Windows\System\BofbITq.exe
  C:\Windows\System\BofbITq.exe
  2⤵
  PID:5204
- C:\Windows\System\HYXWusr.exe
  C:\Windows\System\HYXWusr.exe
  2⤵
  PID:5408
- C:\Windows\System\cInaflV.exe
  C:\Windows\System\cInaflV.exe
  2⤵
  PID:5572
- C:\Windows\System\YIRUpRM.exe
  C:\Windows\System\YIRUpRM.exe
  2⤵
  PID:6156
- C:\Windows\System\hEsyova.exe
  C:\Windows\System\hEsyova.exe
  2⤵
  PID:6180
- C:\Windows\System\qFXuERX.exe
  C:\Windows\System\qFXuERX.exe
  2⤵
  PID:6200
- C:\Windows\System\lngvRne.exe
  C:\Windows\System\lngvRne.exe
  2⤵
  PID:6220
- C:\Windows\System\WoARLWL.exe
  C:\Windows\System\WoARLWL.exe
  2⤵
  PID:6240
- C:\Windows\System\IsuiPqf.exe
  C:\Windows\System\IsuiPqf.exe
  2⤵
  PID:6260
- C:\Windows\System\MSJvVlw.exe
  C:\Windows\System\MSJvVlw.exe
  2⤵
  PID:6280
- C:\Windows\System\ZmMYReG.exe
  C:\Windows\System\ZmMYReG.exe
  2⤵
  PID:6300
- C:\Windows\System\RQOrKnl.exe
  C:\Windows\System\RQOrKnl.exe
  2⤵
  PID:6320
- C:\Windows\System\SgcAUrS.exe
  C:\Windows\System\SgcAUrS.exe
  2⤵
  PID:6340
- C:\Windows\System\AMRefdj.exe
  C:\Windows\System\AMRefdj.exe
  2⤵
  PID:6360
- C:\Windows\System\cHZLVpS.exe
  C:\Windows\System\cHZLVpS.exe
  2⤵
  PID:6380
- C:\Windows\System\FcrWuIb.exe
  C:\Windows\System\FcrWuIb.exe
  2⤵
  PID:6400
- C:\Windows\System\OTOEtvx.exe
  C:\Windows\System\OTOEtvx.exe
  2⤵
  PID:6420
- C:\Windows\System\lMdzJRu.exe
  C:\Windows\System\lMdzJRu.exe
  2⤵
  PID:6440
- C:\Windows\System\FIFYmRK.exe
  C:\Windows\System\FIFYmRK.exe
  2⤵
  PID:6460
- C:\Windows\System\ZVlQhSN.exe
  C:\Windows\System\ZVlQhSN.exe
  2⤵
  PID:6480
- C:\Windows\System\AOSeYAW.exe
  C:\Windows\System\AOSeYAW.exe
  2⤵
  PID:6500
- C:\Windows\System\SqYxjTO.exe
  C:\Windows\System\SqYxjTO.exe
  2⤵
  PID:6520
- C:\Windows\System\nBHOMVU.exe
  C:\Windows\System\nBHOMVU.exe
  2⤵
  PID:6540
- C:\Windows\System\ELCibJh.exe
  C:\Windows\System\ELCibJh.exe
  2⤵
  PID:6560
- C:\Windows\System\xrPkGkA.exe
  C:\Windows\System\xrPkGkA.exe
  2⤵
  PID:6580
- C:\Windows\System\SSJxOAs.exe
  C:\Windows\System\SSJxOAs.exe
  2⤵
  PID:6600
- C:\Windows\System\dZKLVlW.exe
  C:\Windows\System\dZKLVlW.exe
  2⤵
  PID:6620
- C:\Windows\System\JbjomtE.exe
  C:\Windows\System\JbjomtE.exe
  2⤵
  PID:6640
- C:\Windows\System\xDpKmAW.exe
  C:\Windows\System\xDpKmAW.exe
  2⤵
  PID:6660
- C:\Windows\System\jACMpHe.exe
  C:\Windows\System\jACMpHe.exe
  2⤵
  PID:6680
- C:\Windows\System\bPFHwqA.exe
  C:\Windows\System\bPFHwqA.exe
  2⤵
  PID:6700
- C:\Windows\System\zQAxeRN.exe
  C:\Windows\System\zQAxeRN.exe
  2⤵
  PID:6720
- C:\Windows\System\ovcUWAH.exe
  C:\Windows\System\ovcUWAH.exe
  2⤵
  PID:6740
- C:\Windows\System\HtOUAHg.exe
  C:\Windows\System\HtOUAHg.exe
  2⤵
  PID:6760
- C:\Windows\System\EXasUFh.exe
  C:\Windows\System\EXasUFh.exe
  2⤵
  PID:6780
- C:\Windows\System\EgAluwg.exe
  C:\Windows\System\EgAluwg.exe
  2⤵
  PID:6800
- C:\Windows\System\wtvantP.exe
  C:\Windows\System\wtvantP.exe
  2⤵
  PID:6820
- C:\Windows\System\EbNFZCT.exe
  C:\Windows\System\EbNFZCT.exe
  2⤵
  PID:6840
- C:\Windows\System\BliuZTG.exe
  C:\Windows\System\BliuZTG.exe
  2⤵
  PID:6860
- C:\Windows\System\sJRuzKr.exe
  C:\Windows\System\sJRuzKr.exe
  2⤵
  PID:6880
- C:\Windows\System\ieYdFzN.exe
  C:\Windows\System\ieYdFzN.exe
  2⤵
  PID:6900
- C:\Windows\System\QydqMcn.exe
  C:\Windows\System\QydqMcn.exe
  2⤵
  PID:6920
- C:\Windows\System\zqsJniU.exe
  C:\Windows\System\zqsJniU.exe
  2⤵
  PID:6940
- C:\Windows\System\jTlgfvE.exe
  C:\Windows\System\jTlgfvE.exe
  2⤵
  PID:6960
- C:\Windows\System\qmqeydR.exe
  C:\Windows\System\qmqeydR.exe
  2⤵
  PID:6980
- C:\Windows\System\iibUfVH.exe
  C:\Windows\System\iibUfVH.exe
  2⤵
  PID:7000
- C:\Windows\System\jEhfWJi.exe
  C:\Windows\System\jEhfWJi.exe
  2⤵
  PID:7020
- C:\Windows\System\UCSDVAs.exe
  C:\Windows\System\UCSDVAs.exe
  2⤵
  PID:7040
- C:\Windows\System\jkZOYcV.exe
  C:\Windows\System\jkZOYcV.exe
  2⤵
  PID:7060
- C:\Windows\System\reYQkCy.exe
  C:\Windows\System\reYQkCy.exe
  2⤵
  PID:7080
- C:\Windows\System\XvYkLQo.exe
  C:\Windows\System\XvYkLQo.exe
  2⤵
  PID:7100
- C:\Windows\System\HpXnjrd.exe
  C:\Windows\System\HpXnjrd.exe
  2⤵
  PID:7124
- C:\Windows\System\tUdzfVC.exe
  C:\Windows\System\tUdzfVC.exe
  2⤵
  PID:7144
- C:\Windows\System\WXjExBX.exe
  C:\Windows\System\WXjExBX.exe
  2⤵
  PID:7164
- C:\Windows\System\blKpXkN.exe
  C:\Windows\System\blKpXkN.exe
  2⤵
  PID:5676
- C:\Windows\System\KASOVpk.exe
  C:\Windows\System\KASOVpk.exe
  2⤵
  PID:5876
- C:\Windows\System\bvugfgb.exe
  C:\Windows\System\bvugfgb.exe
  2⤵
  PID:5912
- C:\Windows\System\mKeyEXQ.exe
  C:\Windows\System\mKeyEXQ.exe
  2⤵
  PID:6080
- C:\Windows\System\CSAVlLm.exe
  C:\Windows\System\CSAVlLm.exe
  2⤵
  PID:6132
- C:\Windows\System\ClxaQQK.exe
  C:\Windows\System\ClxaQQK.exe
  2⤵
  PID:1984
- C:\Windows\System\OMKYXDB.exe
  C:\Windows\System\OMKYXDB.exe
  2⤵
  PID:1884
- C:\Windows\System\zbNnthL.exe
  C:\Windows\System\zbNnthL.exe
  2⤵
  PID:5252
- C:\Windows\System\isJtXSF.exe
  C:\Windows\System\isJtXSF.exe
  2⤵
  PID:5412
- C:\Windows\System\ZeUaeGH.exe
  C:\Windows\System\ZeUaeGH.exe
  2⤵
  PID:2304
- C:\Windows\System\gjGjmMD.exe
  C:\Windows\System\gjGjmMD.exe
  2⤵
  PID:6192
- C:\Windows\System\XOcHWFT.exe
  C:\Windows\System\XOcHWFT.exe
  2⤵
  PID:6212
- C:\Windows\System\biKUwKz.exe
  C:\Windows\System\biKUwKz.exe
  2⤵
  PID:6268
- C:\Windows\System\alGoCzt.exe
  C:\Windows\System\alGoCzt.exe
  2⤵
  PID:6296
- C:\Windows\System\HNCaVDA.exe
  C:\Windows\System\HNCaVDA.exe
  2⤵
  PID:6328
- C:\Windows\System\XTEeLjZ.exe
  C:\Windows\System\XTEeLjZ.exe
  2⤵
  PID:6356
- C:\Windows\System\lGRYvwM.exe
  C:\Windows\System\lGRYvwM.exe
  2⤵
  PID:6372
- C:\Windows\System\nmlnIQl.exe
  C:\Windows\System\nmlnIQl.exe
  2⤵
  PID:6428
- C:\Windows\System\CROGKsK.exe
  C:\Windows\System\CROGKsK.exe
  2⤵
  PID:6456
- C:\Windows\System\DYhNiEK.exe
  C:\Windows\System\DYhNiEK.exe
  2⤵
  PID:6472
- C:\Windows\System\bGPaIZW.exe
  C:\Windows\System\bGPaIZW.exe
  2⤵
  PID:6516
- C:\Windows\System\JhQjYfL.exe
  C:\Windows\System\JhQjYfL.exe
  2⤵
  PID:6532
- C:\Windows\System\xEYlsim.exe
  C:\Windows\System\xEYlsim.exe
  2⤵
  PID:6588
- C:\Windows\System\cJtXksQ.exe
  C:\Windows\System\cJtXksQ.exe
  2⤵
  PID:6608
- C:\Windows\System\tDJmHhn.exe
  C:\Windows\System\tDJmHhn.exe
  2⤵
  PID:6632
- C:\Windows\System\JYIlQra.exe
  C:\Windows\System\JYIlQra.exe
  2⤵
  PID:6676
- C:\Windows\System\DDICeRe.exe
  C:\Windows\System\DDICeRe.exe
  2⤵
  PID:6692
- C:\Windows\System\wAuGtnS.exe
  C:\Windows\System\wAuGtnS.exe
  2⤵
  PID:6756
- C:\Windows\System\DqjDKAV.exe
  C:\Windows\System\DqjDKAV.exe
  2⤵
  PID:6788
- C:\Windows\System\GwOyKZG.exe
  C:\Windows\System\GwOyKZG.exe
  2⤵
  PID:6808
- C:\Windows\System\qwOPuLV.exe
  C:\Windows\System\qwOPuLV.exe
  2⤵
  PID:6832
- C:\Windows\System\ORNeedN.exe
  C:\Windows\System\ORNeedN.exe
  2⤵
  PID:6852
- C:\Windows\System\eOFauvD.exe
  C:\Windows\System\eOFauvD.exe
  2⤵
  PID:6916
- C:\Windows\System\EZzwTmM.exe
  C:\Windows\System\EZzwTmM.exe
  2⤵
  PID:6936
- C:\Windows\System\OLbrlrI.exe
  C:\Windows\System\OLbrlrI.exe
  2⤵
  PID:6976
- C:\Windows\System\PSdUbqS.exe
  C:\Windows\System\PSdUbqS.exe
  2⤵
  PID:7008
- C:\Windows\System\BYslCml.exe
  C:\Windows\System\BYslCml.exe
  2⤵
  PID:7032
- C:\Windows\System\NsSMYrE.exe
  C:\Windows\System\NsSMYrE.exe
  2⤵
  PID:7076
- C:\Windows\System\JsOxTrA.exe
  C:\Windows\System\JsOxTrA.exe
  2⤵
  PID:7120
- C:\Windows\System\JBCFslk.exe
  C:\Windows\System\JBCFslk.exe
  2⤵
  PID:7140
- C:\Windows\System\Cllvzaa.exe
  C:\Windows\System\Cllvzaa.exe
  2⤵
  PID:5548
- C:\Windows\System\zZGSMPE.exe
  C:\Windows\System\zZGSMPE.exe
  2⤵
  PID:5792
- C:\Windows\System\ZnjinAq.exe
  C:\Windows\System\ZnjinAq.exe
  2⤵
  PID:5960
- C:\Windows\System\zSqhVwI.exe
  C:\Windows\System\zSqhVwI.exe
  2⤵
  PID:3952
- C:\Windows\System\ODzaJdn.exe
  C:\Windows\System\ODzaJdn.exe
  2⤵
  PID:5292
- C:\Windows\System\OMnYsCt.exe
  C:\Windows\System\OMnYsCt.exe
  2⤵
  PID:5344
- C:\Windows\System\QCVDDqG.exe
  C:\Windows\System\QCVDDqG.exe
  2⤵
  PID:6168
- C:\Windows\System\ytNRryl.exe
  C:\Windows\System\ytNRryl.exe
  2⤵
  PID:6232
- C:\Windows\System\hGyCNcM.exe
  C:\Windows\System\hGyCNcM.exe
  2⤵
  PID:6272
- C:\Windows\System\sNUzDoc.exe
  C:\Windows\System\sNUzDoc.exe
  2⤵
  PID:2680
- C:\Windows\System\wLTctGI.exe
  C:\Windows\System\wLTctGI.exe
  2⤵
  PID:6416
- C:\Windows\System\CJxZVRL.exe
  C:\Windows\System\CJxZVRL.exe
  2⤵
  PID:6468
- C:\Windows\System\PpOzcXU.exe
  C:\Windows\System\PpOzcXU.exe
  2⤵
  PID:6508
- C:\Windows\System\pSHmkVL.exe
  C:\Windows\System\pSHmkVL.exe
  2⤵
  PID:6572
- C:\Windows\System\QXDpqbA.exe
  C:\Windows\System\QXDpqbA.exe
  2⤵
  PID:6668
- C:\Windows\System\NZNHAPE.exe
  C:\Windows\System\NZNHAPE.exe
  2⤵
  PID:6656
- C:\Windows\System\GpSEPPF.exe
  C:\Windows\System\GpSEPPF.exe
  2⤵
  PID:6712
- C:\Windows\System\NHuTeAz.exe
  C:\Windows\System\NHuTeAz.exe
  2⤵
  PID:6768
- C:\Windows\System\rVHpkbE.exe
  C:\Windows\System\rVHpkbE.exe
  2⤵
  PID:6828
- C:\Windows\System\OZYTFsT.exe
  C:\Windows\System\OZYTFsT.exe
  2⤵
  PID:6876
- C:\Windows\System\AvNqgaq.exe
  C:\Windows\System\AvNqgaq.exe
  2⤵
  PID:6948
- C:\Windows\System\YXbRNue.exe
  C:\Windows\System\YXbRNue.exe
  2⤵
  PID:6992
- C:\Windows\System\USoxepP.exe
  C:\Windows\System\USoxepP.exe
  2⤵
  PID:7056
- C:\Windows\System\EiwZfAP.exe
  C:\Windows\System\EiwZfAP.exe
  2⤵
  PID:7068
- C:\Windows\System\nlGZyCc.exe
  C:\Windows\System\nlGZyCc.exe
  2⤵
  PID:7108
- C:\Windows\System\tohzpWJ.exe
  C:\Windows\System\tohzpWJ.exe
  2⤵
  PID:6020
- C:\Windows\System\hDiBTjW.exe
  C:\Windows\System\hDiBTjW.exe
  2⤵
  PID:3768
- C:\Windows\System\GDmfIsk.exe
  C:\Windows\System\GDmfIsk.exe
  2⤵
  PID:4748
- C:\Windows\System\sYOTcVy.exe
  C:\Windows\System\sYOTcVy.exe
  2⤵
  PID:6148
- C:\Windows\System\UrdImpY.exe
  C:\Windows\System\UrdImpY.exe
  2⤵
  PID:6216
- C:\Windows\System\hkaddiS.exe
  C:\Windows\System\hkaddiS.exe
  2⤵
  PID:6312
- C:\Windows\System\tqmnpiQ.exe
  C:\Windows\System\tqmnpiQ.exe
  2⤵
  PID:6408
- C:\Windows\System\fvqvOgx.exe
  C:\Windows\System\fvqvOgx.exe
  2⤵
  PID:1412
- C:\Windows\System\SPhnGVY.exe
  C:\Windows\System\SPhnGVY.exe
  2⤵
  PID:6636
- C:\Windows\System\UbSKDSI.exe
  C:\Windows\System\UbSKDSI.exe
  2⤵
  PID:2084
- C:\Windows\System\rKrzIiO.exe
  C:\Windows\System\rKrzIiO.exe
  2⤵
  PID:6732
- C:\Windows\System\lthoqFI.exe
  C:\Windows\System\lthoqFI.exe
  2⤵
  PID:6772
- C:\Windows\System\gYAqBdV.exe
  C:\Windows\System\gYAqBdV.exe
  2⤵
  PID:6908
- C:\Windows\System\oikgXMo.exe
  C:\Windows\System\oikgXMo.exe
  2⤵
  PID:7016
- C:\Windows\System\WlYPfwQ.exe
  C:\Windows\System\WlYPfwQ.exe
  2⤵
  PID:324
- C:\Windows\System\ubIgYCh.exe
  C:\Windows\System\ubIgYCh.exe
  2⤵
  PID:5628
- C:\Windows\System\PMZeddh.exe
  C:\Windows\System\PMZeddh.exe
  2⤵
  PID:5040
- C:\Windows\System\AlcgHTt.exe
  C:\Windows\System\AlcgHTt.exe
  2⤵
  PID:6164
- C:\Windows\System\ztGtbHI.exe
  C:\Windows\System\ztGtbHI.exe
  2⤵
  PID:6368
- C:\Windows\System\pJCNDnv.exe
  C:\Windows\System\pJCNDnv.exe
  2⤵
  PID:6552
- C:\Windows\System\RZTXMft.exe
  C:\Windows\System\RZTXMft.exe
  2⤵
  PID:7172
- C:\Windows\System\GXPTdnD.exe
  C:\Windows\System\GXPTdnD.exe
  2⤵
  PID:7192
- C:\Windows\System\Wapktdg.exe
  C:\Windows\System\Wapktdg.exe
  2⤵
  PID:7212
- C:\Windows\System\vaHMOVd.exe
  C:\Windows\System\vaHMOVd.exe
  2⤵
  PID:7232
- C:\Windows\System\gxYNuwy.exe
  C:\Windows\System\gxYNuwy.exe
  2⤵
  PID:7252
- C:\Windows\System\NxnixeD.exe
  C:\Windows\System\NxnixeD.exe
  2⤵
  PID:7272
- C:\Windows\System\rzRZzNL.exe
  C:\Windows\System\rzRZzNL.exe
  2⤵
  PID:7292
- C:\Windows\System\DEigXmO.exe
  C:\Windows\System\DEigXmO.exe
  2⤵
  PID:7312
- C:\Windows\System\DCRzdIM.exe
  C:\Windows\System\DCRzdIM.exe
  2⤵
  PID:7332
- C:\Windows\System\ySVaQQz.exe
  C:\Windows\System\ySVaQQz.exe
  2⤵
  PID:7352
- C:\Windows\System\JUWJuCK.exe
  C:\Windows\System\JUWJuCK.exe
  2⤵
  PID:7372
- C:\Windows\System\eSbhmVJ.exe
  C:\Windows\System\eSbhmVJ.exe
  2⤵
  PID:7392
- C:\Windows\System\SDvrIFU.exe
  C:\Windows\System\SDvrIFU.exe
  2⤵
  PID:7412
- C:\Windows\System\sCdMiSP.exe
  C:\Windows\System\sCdMiSP.exe
  2⤵
  PID:7432
- C:\Windows\System\ZwBCmZk.exe
  C:\Windows\System\ZwBCmZk.exe
  2⤵
  PID:7452
- C:\Windows\System\YGeMzJd.exe
  C:\Windows\System\YGeMzJd.exe
  2⤵
  PID:7472
- C:\Windows\System\VneURtT.exe
  C:\Windows\System\VneURtT.exe
  2⤵
  PID:7492
- C:\Windows\System\PGgNZFY.exe
  C:\Windows\System\PGgNZFY.exe
  2⤵
  PID:7512
- C:\Windows\System\CKWjlok.exe
  C:\Windows\System\CKWjlok.exe
  2⤵
  PID:7532
- C:\Windows\System\OBCPGCD.exe
  C:\Windows\System\OBCPGCD.exe
  2⤵
  PID:7552
- C:\Windows\System\ZzjLeXG.exe
  C:\Windows\System\ZzjLeXG.exe
  2⤵
  PID:7572
- C:\Windows\System\bYkCbrt.exe
  C:\Windows\System\bYkCbrt.exe
  2⤵
  PID:7592
- C:\Windows\System\DtwclVr.exe
  C:\Windows\System\DtwclVr.exe
  2⤵
  PID:7616
- C:\Windows\System\jPPYLzS.exe
  C:\Windows\System\jPPYLzS.exe
  2⤵
  PID:7636
- C:\Windows\System\UOcChEt.exe
  C:\Windows\System\UOcChEt.exe
  2⤵
  PID:7656
- C:\Windows\System\GPnFDxy.exe
  C:\Windows\System\GPnFDxy.exe
  2⤵
  PID:7676
- C:\Windows\System\zvozpMu.exe
  C:\Windows\System\zvozpMu.exe
  2⤵
  PID:7696
- C:\Windows\System\aPfCjpl.exe
  C:\Windows\System\aPfCjpl.exe
  2⤵
  PID:7712
- C:\Windows\System\DVyRhsn.exe
  C:\Windows\System\DVyRhsn.exe
  2⤵
  PID:7736
- C:\Windows\System\bycisQK.exe
  C:\Windows\System\bycisQK.exe
  2⤵
  PID:7756
- C:\Windows\System\ozPMRGb.exe
  C:\Windows\System\ozPMRGb.exe
  2⤵
  PID:7776
- C:\Windows\System\dhVvShO.exe
  C:\Windows\System\dhVvShO.exe
  2⤵
  PID:7796
- C:\Windows\System\wHzrjLL.exe
  C:\Windows\System\wHzrjLL.exe
  2⤵
  PID:7816
- C:\Windows\System\ZokBPTk.exe
  C:\Windows\System\ZokBPTk.exe
  2⤵
  PID:7836
- C:\Windows\System\fMyrqXC.exe
  C:\Windows\System\fMyrqXC.exe
  2⤵
  PID:7856
- C:\Windows\System\OFInyxJ.exe
  C:\Windows\System\OFInyxJ.exe
  2⤵
  PID:7876
- C:\Windows\System\BcWbyWQ.exe
  C:\Windows\System\BcWbyWQ.exe
  2⤵
  PID:7896
- C:\Windows\System\zcMHarP.exe
  C:\Windows\System\zcMHarP.exe
  2⤵
  PID:7916
- C:\Windows\System\OquJEHP.exe
  C:\Windows\System\OquJEHP.exe
  2⤵
  PID:7936
- C:\Windows\System\UAlZNzF.exe
  C:\Windows\System\UAlZNzF.exe
  2⤵
  PID:7956
- C:\Windows\System\xwImVFb.exe
  C:\Windows\System\xwImVFb.exe
  2⤵
  PID:7976
- C:\Windows\System\NlPcLkB.exe
  C:\Windows\System\NlPcLkB.exe
  2⤵
  PID:8000
- C:\Windows\System\FCoMtOZ.exe
  C:\Windows\System\FCoMtOZ.exe
  2⤵
  PID:8020
- C:\Windows\System\HYQzsFy.exe
  C:\Windows\System\HYQzsFy.exe
  2⤵
  PID:8040
- C:\Windows\System\acnRaoV.exe
  C:\Windows\System\acnRaoV.exe
  2⤵
  PID:8060
- C:\Windows\System\zMPOKjC.exe
  C:\Windows\System\zMPOKjC.exe
  2⤵
  PID:8080
- C:\Windows\System\KKTrqJQ.exe
  C:\Windows\System\KKTrqJQ.exe
  2⤵
  PID:8100
- C:\Windows\System\oTDKDZf.exe
  C:\Windows\System\oTDKDZf.exe
  2⤵
  PID:8120
- C:\Windows\System\DoOMSJe.exe
  C:\Windows\System\DoOMSJe.exe
  2⤵
  PID:8140
- C:\Windows\System\OPFoHPV.exe
  C:\Windows\System\OPFoHPV.exe
  2⤵
  PID:8160
- C:\Windows\System\plkDCYn.exe
  C:\Windows\System\plkDCYn.exe
  2⤵
  PID:8180
- C:\Windows\System\JoskgGY.exe
  C:\Windows\System\JoskgGY.exe
  2⤵
  PID:6728
- C:\Windows\System\hZmBzOm.exe
  C:\Windows\System\hZmBzOm.exe
  2⤵
  PID:6868
- C:\Windows\System\AyQseEF.exe
  C:\Windows\System\AyQseEF.exe
  2⤵
  PID:6996
- C:\Windows\System\ccXeFrl.exe
  C:\Windows\System\ccXeFrl.exe
  2⤵
  PID:7036
- C:\Windows\System\VjrqgqK.exe
  C:\Windows\System\VjrqgqK.exe
  2⤵
  PID:5816
- C:\Windows\System\CFHfIjF.exe
  C:\Windows\System\CFHfIjF.exe
  2⤵
  PID:2548
- C:\Windows\System\PIWCuQF.exe
  C:\Windows\System\PIWCuQF.exe
  2⤵
  PID:6592
- C:\Windows\System\MfnZoXO.exe
  C:\Windows\System\MfnZoXO.exe
  2⤵
  PID:6376
- C:\Windows\System\HqMkTDq.exe
  C:\Windows\System\HqMkTDq.exe
  2⤵
  PID:7208
- C:\Windows\System\VCeSnkj.exe
  C:\Windows\System\VCeSnkj.exe
  2⤵
  PID:7240
- C:\Windows\System\rsXCIZH.exe
  C:\Windows\System\rsXCIZH.exe
  2⤵
  PID:7268
- C:\Windows\System\ojZxeBy.exe
  C:\Windows\System\ojZxeBy.exe
  2⤵
  PID:7300
- C:\Windows\System\JxsmvXB.exe
  C:\Windows\System\JxsmvXB.exe
  2⤵
  PID:7324
- C:\Windows\System\GTLlucO.exe
  C:\Windows\System\GTLlucO.exe
  2⤵
  PID:7368
- C:\Windows\System\SfeZObS.exe
  C:\Windows\System\SfeZObS.exe
  2⤵
  PID:7404
- C:\Windows\System\nDYHnkl.exe
  C:\Windows\System\nDYHnkl.exe
  2⤵
  PID:7428
- C:\Windows\System\lauJVix.exe
  C:\Windows\System\lauJVix.exe
  2⤵
  PID:7480
- C:\Windows\System\FKYaGvr.exe
  C:\Windows\System\FKYaGvr.exe
  2⤵
  PID:7464
- C:\Windows\System\IBhmHsf.exe
  C:\Windows\System\IBhmHsf.exe
  2⤵
  PID:7508
- C:\Windows\System\PPqXkkP.exe
  C:\Windows\System\PPqXkkP.exe
  2⤵
  PID:7544
- C:\Windows\System\KnQRIhA.exe
  C:\Windows\System\KnQRIhA.exe
  2⤵
  PID:7588
- C:\Windows\System\wJlYXzl.exe
  C:\Windows\System\wJlYXzl.exe
  2⤵
  PID:7648
- C:\Windows\System\lBbJfsO.exe
  C:\Windows\System\lBbJfsO.exe
  2⤵
  PID:7684
- C:\Windows\System\zLGEXYF.exe
  C:\Windows\System\zLGEXYF.exe
  2⤵
  PID:7720
- C:\Windows\System\PIIXhMr.exe
  C:\Windows\System\PIIXhMr.exe
  2⤵
  PID:7724
- C:\Windows\System\nVXshfu.exe
  C:\Windows\System\nVXshfu.exe
  2⤵
  PID:7752
- C:\Windows\System\myJNyaG.exe
  C:\Windows\System\myJNyaG.exe
  2⤵
  PID:7788
- C:\Windows\System\swocMoe.exe
  C:\Windows\System\swocMoe.exe
  2⤵
  PID:7844
- C:\Windows\System\tFvnliH.exe
  C:\Windows\System\tFvnliH.exe
  2⤵
  PID:1756
- C:\Windows\System\mVUyQoj.exe
  C:\Windows\System\mVUyQoj.exe
  2⤵
  PID:7872
- C:\Windows\System\PfwqzpV.exe
  C:\Windows\System\PfwqzpV.exe
  2⤵
  PID:7912
- C:\Windows\System\KjNbquO.exe
  C:\Windows\System\KjNbquO.exe
  2⤵
  PID:7952
- C:\Windows\System\aTVqneD.exe
  C:\Windows\System\aTVqneD.exe
  2⤵
  PID:8016
- C:\Windows\System\SNvxyed.exe
  C:\Windows\System\SNvxyed.exe
  2⤵
  PID:8028
- C:\Windows\System\qcbGSTX.exe
  C:\Windows\System\qcbGSTX.exe
  2⤵
  PID:8032
- C:\Windows\System\wiTTfmm.exe
  C:\Windows\System\wiTTfmm.exe
  2⤵
  PID:8072
- C:\Windows\System\TULAlcj.exe
  C:\Windows\System\TULAlcj.exe
  2⤵
  PID:8128
- C:\Windows\System\vCODhux.exe
  C:\Windows\System\vCODhux.exe
  2⤵
  PID:8148
- C:\Windows\System\zwpvcKh.exe
  C:\Windows\System\zwpvcKh.exe
  2⤵
  PID:7604
- C:\Windows\System\WlEdIQg.exe
  C:\Windows\System\WlEdIQg.exe
  2⤵
  PID:6576
- C:\Windows\System\YhalQjO.exe
  C:\Windows\System\YhalQjO.exe
  2⤵
  PID:6932
- C:\Windows\System\QdYrLWb.exe
  C:\Windows\System\QdYrLWb.exe
  2⤵
  PID:4424
- C:\Windows\System\iPWwWOs.exe
  C:\Windows\System\iPWwWOs.exe
  2⤵
  PID:4816
- C:\Windows\System\jCDlLii.exe
  C:\Windows\System\jCDlLii.exe
  2⤵
  PID:3040
- C:\Windows\System\fdjUISh.exe
  C:\Windows\System\fdjUISh.exe
  2⤵
  PID:7204
- C:\Windows\System\LGUnRCW.exe
  C:\Windows\System\LGUnRCW.exe
  2⤵
  PID:7288
- C:\Windows\System\AStfJqO.exe
  C:\Windows\System\AStfJqO.exe
  2⤵
  PID:4796
- C:\Windows\System\TrLBoJW.exe
  C:\Windows\System\TrLBoJW.exe
  2⤵
  PID:7344
- C:\Windows\System\bWZCMHb.exe
  C:\Windows\System\bWZCMHb.exe
  2⤵
  PID:7384
- C:\Windows\System\glBZkev.exe
  C:\Windows\System\glBZkev.exe
  2⤵
  PID:7484
- C:\Windows\System\spKAbDV.exe
  C:\Windows\System\spKAbDV.exe
  2⤵
  PID:7528
- C:\Windows\System\GqyHylr.exe
  C:\Windows\System\GqyHylr.exe
  2⤵
  PID:2816
- C:\Windows\System\mYBZqyP.exe
  C:\Windows\System\mYBZqyP.exe
  2⤵
  PID:7612
- C:\Windows\System\fyXZYIU.exe
  C:\Windows\System\fyXZYIU.exe
  2⤵
  PID:7668
- C:\Windows\System\uLFZcAt.exe
  C:\Windows\System\uLFZcAt.exe
  2⤵
  PID:2868
- C:\Windows\System\cNwMENZ.exe
  C:\Windows\System\cNwMENZ.exe
  2⤵
  PID:7704
- C:\Windows\System\YBDxcjQ.exe
  C:\Windows\System\YBDxcjQ.exe
  2⤵
  PID:7804
- C:\Windows\System\vwJIjFZ.exe
  C:\Windows\System\vwJIjFZ.exe
  2⤵
  PID:7868
- C:\Windows\System\VwlGfyh.exe
  C:\Windows\System\VwlGfyh.exe
  2⤵
  PID:7924
- C:\Windows\System\XTOSrOj.exe
  C:\Windows\System\XTOSrOj.exe
  2⤵
  PID:7928
- C:\Windows\System\TGALsoO.exe
  C:\Windows\System\TGALsoO.exe
  2⤵
  PID:3224
- C:\Windows\System\OKZQUmz.exe
  C:\Windows\System\OKZQUmz.exe
  2⤵
  PID:1464
- C:\Windows\System\ynfjOqJ.exe
  C:\Windows\System\ynfjOqJ.exe
  2⤵
  PID:8076
- C:\Windows\System\gsJlDZf.exe
  C:\Windows\System\gsJlDZf.exe
  2⤵
  PID:8108
- C:\Windows\System\gPAkIpK.exe
  C:\Windows\System\gPAkIpK.exe
  2⤵
  PID:6612
- C:\Windows\System\LLjANiC.exe
  C:\Windows\System\LLjANiC.exe
  2⤵
  PID:2556
- C:\Windows\System\NOTlMJt.exe
  C:\Windows\System\NOTlMJt.exe
  2⤵
  PID:2280
- C:\Windows\System\tItsxwc.exe
  C:\Windows\System\tItsxwc.exe
  2⤵
  PID:1664
- C:\Windows\System\IadUXVe.exe
  C:\Windows\System\IadUXVe.exe
  2⤵
  PID:868
- C:\Windows\System\hkVwwVx.exe
  C:\Windows\System\hkVwwVx.exe
  2⤵
  PID:6152
- C:\Windows\System\BBPZdXk.exe
  C:\Windows\System\BBPZdXk.exe
  2⤵
  PID:2928
- C:\Windows\System\JWWMxpc.exe
  C:\Windows\System\JWWMxpc.exe
  2⤵
  PID:7224
- C:\Windows\System\NvhaRFz.exe
  C:\Windows\System\NvhaRFz.exe
  2⤵
  PID:7380
- C:\Windows\System\OUBMVpG.exe
  C:\Windows\System\OUBMVpG.exe
  2⤵
  PID:2600
- C:\Windows\System\DgQHzgd.exe
  C:\Windows\System\DgQHzgd.exe
  2⤵
  PID:7520
- C:\Windows\System\xYdcUto.exe
  C:\Windows\System\xYdcUto.exe
  2⤵
  PID:1528
- C:\Windows\System\TdWrYgt.exe
  C:\Windows\System\TdWrYgt.exe
  2⤵
  PID:7652
- C:\Windows\System\zLNPokf.exe
  C:\Windows\System\zLNPokf.exe
  2⤵
  PID:7600
- C:\Windows\System\lChRohz.exe
  C:\Windows\System\lChRohz.exe
  2⤵
  PID:7708
- C:\Windows\System\PsfPFNA.exe
  C:\Windows\System\PsfPFNA.exe
  2⤵
  PID:7688
- C:\Windows\System\shjhKqu.exe
  C:\Windows\System\shjhKqu.exe
  2⤵
  PID:2496
- C:\Windows\System\NfPAxUm.exe
  C:\Windows\System\NfPAxUm.exe
  2⤵
  PID:7608
- C:\Windows\System\TrYJwan.exe
  C:\Windows\System\TrYJwan.exe
  2⤵
  PID:8008
- C:\Windows\System\EqNMzWm.exe
  C:\Windows\System\EqNMzWm.exe
  2⤵
  PID:8092
- C:\Windows\System\EFNbCnI.exe
  C:\Windows\System\EFNbCnI.exe
  2⤵
  PID:8172
- C:\Windows\System\bDGDPTV.exe
  C:\Windows\System\bDGDPTV.exe
  2⤵
  PID:3628
- C:\Windows\System\PrJumda.exe
  C:\Windows\System\PrJumda.exe
  2⤵
  PID:2748
- C:\Windows\System\PrWEQFt.exe
  C:\Windows\System\PrWEQFt.exe
  2⤵
  PID:7228
- C:\Windows\System\ATSdvXh.exe
  C:\Windows\System\ATSdvXh.exe
  2⤵
  PID:7328
- C:\Windows\System\iATJSSW.exe
  C:\Windows\System\iATJSSW.exe
  2⤵
  PID:2740
- C:\Windows\System\lxmElJt.exe
  C:\Windows\System\lxmElJt.exe
  2⤵
  PID:7524
- C:\Windows\System\wqIZdzb.exe
  C:\Windows\System\wqIZdzb.exe
  2⤵
  PID:632
- C:\Windows\System\iMUwMin.exe
  C:\Windows\System\iMUwMin.exe
  2⤵
  PID:7664
- C:\Windows\System\skkgWKt.exe
  C:\Windows\System\skkgWKt.exe
  2⤵
  PID:2292
- C:\Windows\System\vVRcWDE.exe
  C:\Windows\System\vVRcWDE.exe
  2⤵
  PID:7792
- C:\Windows\System\MITvrmd.exe
  C:\Windows\System\MITvrmd.exe
  2⤵
  PID:8116
- C:\Windows\System\zUtQzbs.exe
  C:\Windows\System\zUtQzbs.exe
  2⤵
  PID:8152
- C:\Windows\System\xfEdSnx.exe
  C:\Windows\System\xfEdSnx.exe
  2⤵
  PID:536
- C:\Windows\System\ZqfJfHN.exe
  C:\Windows\System\ZqfJfHN.exe
  2⤵
  PID:2192
- C:\Windows\System\CRIlAoY.exe
  C:\Windows\System\CRIlAoY.exe
  2⤵
  PID:7244
- C:\Windows\System\ZNHtYKe.exe
  C:\Windows\System\ZNHtYKe.exe
  2⤵
  PID:7628
- C:\Windows\System\uwXfrwV.exe
  C:\Windows\System\uwXfrwV.exe
  2⤵
  PID:848
- C:\Windows\System\iGOTdxx.exe
  C:\Windows\System\iGOTdxx.exe
  2⤵
  PID:448
- C:\Windows\System\gcXhDin.exe
  C:\Windows\System\gcXhDin.exe
  2⤵
  PID:652
- C:\Windows\System\qlaTrha.exe
  C:\Windows\System\qlaTrha.exe
  2⤵
  PID:2976
- C:\Windows\System\caynSyF.exe
  C:\Windows\System\caynSyF.exe
  2⤵
  PID:1484
- C:\Windows\System\SChEmVl.exe
  C:\Windows\System\SChEmVl.exe
  2⤵
  PID:7944
- C:\Windows\System\rYAposq.exe
  C:\Windows\System\rYAposq.exe
  2⤵
  PID:8204
- C:\Windows\System\ehtzrhu.exe
  C:\Windows\System\ehtzrhu.exe
  2⤵
  PID:8260
- C:\Windows\System\XXnuCQh.exe
  C:\Windows\System\XXnuCQh.exe
  2⤵
  PID:8280
- C:\Windows\System\WEKZLLJ.exe
  C:\Windows\System\WEKZLLJ.exe
  2⤵
  PID:8300
- C:\Windows\System\OaQjLhP.exe
  C:\Windows\System\OaQjLhP.exe
  2⤵
  PID:8320
- C:\Windows\System\MeLvAit.exe
  C:\Windows\System\MeLvAit.exe
  2⤵
  PID:8356
- C:\Windows\System\hyFMagr.exe
  C:\Windows\System\hyFMagr.exe
  2⤵
  PID:8372
- C:\Windows\System\lMilrqb.exe
  C:\Windows\System\lMilrqb.exe
  2⤵
  PID:8392
- C:\Windows\System\vEHDTjm.exe
  C:\Windows\System\vEHDTjm.exe
  2⤵
  PID:8408
- C:\Windows\System\rFxqMiF.exe
  C:\Windows\System\rFxqMiF.exe
  2⤵
  PID:8428
- C:\Windows\System\GvjsWzV.exe
  C:\Windows\System\GvjsWzV.exe
  2⤵
  PID:8464
- C:\Windows\System\JxXqJPi.exe
  C:\Windows\System\JxXqJPi.exe
  2⤵
  PID:8480
- C:\Windows\System\tBkFrDq.exe
  C:\Windows\System\tBkFrDq.exe
  2⤵
  PID:8500
- C:\Windows\System\WkcybOu.exe
  C:\Windows\System\WkcybOu.exe
  2⤵
  PID:8520
- C:\Windows\System\dEGEJnw.exe
  C:\Windows\System\dEGEJnw.exe
  2⤵
  PID:8540
- C:\Windows\System\satyDur.exe
  C:\Windows\System\satyDur.exe
  2⤵
  PID:8560
- C:\Windows\System\pKvQDnK.exe
  C:\Windows\System\pKvQDnK.exe
  2⤵
  PID:8576
- C:\Windows\System\lpBgBkW.exe
  C:\Windows\System\lpBgBkW.exe
  2⤵
  PID:8600
- C:\Windows\System\yPNDqWT.exe
  C:\Windows\System\yPNDqWT.exe
  2⤵
  PID:8616
- C:\Windows\System\JKdcZjf.exe
  C:\Windows\System\JKdcZjf.exe
  2⤵
  PID:8636
- C:\Windows\System\mXhodAm.exe
  C:\Windows\System\mXhodAm.exe
  2⤵
  PID:8652
- C:\Windows\System\rhZsDHk.exe
  C:\Windows\System\rhZsDHk.exe
  2⤵
  PID:8684
- C:\Windows\System\klDIDYL.exe
  C:\Windows\System\klDIDYL.exe
  2⤵
  PID:8700
- C:\Windows\System\bBUtATQ.exe
  C:\Windows\System\bBUtATQ.exe
  2⤵
  PID:8720
- C:\Windows\System\XeVBkRO.exe
  C:\Windows\System\XeVBkRO.exe
  2⤵
  PID:8740
- C:\Windows\System\SoabWqD.exe
  C:\Windows\System\SoabWqD.exe
  2⤵
  PID:8768
- C:\Windows\System\VhkUMww.exe
  C:\Windows\System\VhkUMww.exe
  2⤵
  PID:8784
- C:\Windows\System\mvgqRDd.exe
  C:\Windows\System\mvgqRDd.exe
  2⤵
  PID:8800
- C:\Windows\System\UMZoqwR.exe
  C:\Windows\System\UMZoqwR.exe
  2⤵
  PID:8828
- C:\Windows\System\orJERyo.exe
  C:\Windows\System\orJERyo.exe
  2⤵
  PID:8852
- C:\Windows\System\lmVqREf.exe
  C:\Windows\System\lmVqREf.exe
  2⤵
  PID:8868
- C:\Windows\System\QqeLYii.exe
  C:\Windows\System\QqeLYii.exe
  2⤵
  PID:8888
- C:\Windows\System\rrweVkN.exe
  C:\Windows\System\rrweVkN.exe
  2⤵
  PID:8908
- C:\Windows\System\oBwmJMb.exe
  C:\Windows\System\oBwmJMb.exe
  2⤵
  PID:8924
- C:\Windows\System\dlBgAdT.exe
  C:\Windows\System\dlBgAdT.exe
  2⤵
  PID:8944
- C:\Windows\System\aOTKjox.exe
  C:\Windows\System\aOTKjox.exe
  2⤵
  PID:8960
- C:\Windows\System\RCVVMJg.exe
  C:\Windows\System\RCVVMJg.exe
  2⤵
  PID:8980
- C:\Windows\System\HKGwOHa.exe
  C:\Windows\System\HKGwOHa.exe
  2⤵
  PID:9008
- C:\Windows\System\bMmwaTD.exe
  C:\Windows\System\bMmwaTD.exe
  2⤵
  PID:9024
- C:\Windows\System\mQwbzof.exe
  C:\Windows\System\mQwbzof.exe
  2⤵
  PID:9052
- C:\Windows\System\lnNkBUx.exe
  C:\Windows\System\lnNkBUx.exe
  2⤵
  PID:9068
- C:\Windows\System\cgPPVTe.exe
  C:\Windows\System\cgPPVTe.exe
  2⤵
  PID:9084
- C:\Windows\System\CzimWeO.exe
  C:\Windows\System\CzimWeO.exe
  2⤵
  PID:9100
- C:\Windows\System\PCjEehk.exe
  C:\Windows\System\PCjEehk.exe
  2⤵
  PID:9116
- C:\Windows\System\CCSaKUT.exe
  C:\Windows\System\CCSaKUT.exe
  2⤵
  PID:9132
- C:\Windows\System\CReVPBW.exe
  C:\Windows\System\CReVPBW.exe
  2⤵
  PID:9148
- C:\Windows\System\UGCQskT.exe
  C:\Windows\System\UGCQskT.exe
  2⤵
  PID:9164
- C:\Windows\System\kOBzClL.exe
  C:\Windows\System\kOBzClL.exe
  2⤵
  PID:9180
- C:\Windows\System\YvtMciw.exe
  C:\Windows\System\YvtMciw.exe
  2⤵
  PID:9196
- C:\Windows\System\VTYGXXg.exe
  C:\Windows\System\VTYGXXg.exe
  2⤵
  PID:9212
- C:\Windows\System\GiFwzhQ.exe
  C:\Windows\System\GiFwzhQ.exe
  2⤵
  PID:2744
- C:\Windows\System\ZfhfuUh.exe
  C:\Windows\System\ZfhfuUh.exe
  2⤵
  PID:7468
- C:\Windows\System\pFOIxoO.exe
  C:\Windows\System\pFOIxoO.exe
  2⤵
  PID:2888
- C:\Windows\System\FCjZJbc.exe
  C:\Windows\System\FCjZJbc.exe
  2⤵
  PID:8136
- C:\Windows\System\wBkFaVH.exe
  C:\Windows\System\wBkFaVH.exe
  2⤵
  PID:2852
- C:\Windows\System\hRdivnz.exe
  C:\Windows\System\hRdivnz.exe
  2⤵
  PID:8244
- C:\Windows\System\onnOgVy.exe
  C:\Windows\System\onnOgVy.exe
  2⤵
  PID:8268
- C:\Windows\System\mhOHYyu.exe
  C:\Windows\System\mhOHYyu.exe
  2⤵
  PID:8288
- C:\Windows\System\WwkyDvQ.exe
  C:\Windows\System\WwkyDvQ.exe
  2⤵
  PID:8340
- C:\Windows\System\IfvVvDa.exe
  C:\Windows\System\IfvVvDa.exe
  2⤵
  PID:8436
- C:\Windows\System\dvFarip.exe
  C:\Windows\System\dvFarip.exe
  2⤵
  PID:8384
- C:\Windows\System\Bksslmn.exe
  C:\Windows\System\Bksslmn.exe
  2⤵
  PID:8444
- C:\Windows\System\LqnsZYZ.exe
  C:\Windows\System\LqnsZYZ.exe
  2⤵
  PID:8492
- C:\Windows\System\jPTwBIH.exe
  C:\Windows\System\jPTwBIH.exe
  2⤵
  PID:8528
- C:\Windows\System\DcnxMRY.exe
  C:\Windows\System\DcnxMRY.exe
  2⤵
  PID:8608
- C:\Windows\System\ppSyPGN.exe
  C:\Windows\System\ppSyPGN.exe
  2⤵
  PID:8644
- C:\Windows\System\bSApRHz.exe
  C:\Windows\System\bSApRHz.exe
  2⤵
  PID:8592
- C:\Windows\System\WhKgCCy.exe
  C:\Windows\System\WhKgCCy.exe
  2⤵
  PID:8624
- C:\Windows\System\siwHmwD.exe
  C:\Windows\System\siwHmwD.exe
  2⤵
  PID:8660
- C:\Windows\System\mkSgzYr.exe
  C:\Windows\System\mkSgzYr.exe
  2⤵
  PID:8696
- C:\Windows\System\NHYUNtQ.exe
  C:\Windows\System\NHYUNtQ.exe
  2⤵
  PID:8728
- C:\Windows\System\bavteSA.exe
  C:\Windows\System\bavteSA.exe
  2⤵
  PID:8760
- C:\Windows\System\xASjeSh.exe
  C:\Windows\System\xASjeSh.exe
  2⤵
  PID:8820
- C:\Windows\System\fusorti.exe
  C:\Windows\System\fusorti.exe
  2⤵
  PID:8840
- C:\Windows\System\FSOmSfZ.exe
  C:\Windows\System\FSOmSfZ.exe
  2⤵
  PID:8896
- C:\Windows\System\uIBsLUd.exe
  C:\Windows\System\uIBsLUd.exe
  2⤵
  PID:8916
- C:\Windows\System\uYYjQfg.exe
  C:\Windows\System\uYYjQfg.exe
  2⤵
  PID:8972
- C:\Windows\System\MFjaVVD.exe
  C:\Windows\System\MFjaVVD.exe
  2⤵
  PID:8956
- C:\Windows\System\DRHpgco.exe
  C:\Windows\System\DRHpgco.exe
  2⤵
  PID:9016
- C:\Windows\System\kSbAyep.exe
  C:\Windows\System\kSbAyep.exe
  2⤵
  PID:9080
- C:\Windows\System\kclJyFN.exe
  C:\Windows\System\kclJyFN.exe
  2⤵
  PID:9096
- C:\Windows\System\FIRPnnY.exe
  C:\Windows\System\FIRPnnY.exe
  2⤵
  PID:9160
- C:\Windows\System\jWguWTj.exe
  C:\Windows\System\jWguWTj.exe
  2⤵
  PID:9192
- C:\Windows\System\SWHeliC.exe
  C:\Windows\System\SWHeliC.exe
  2⤵
  PID:8844
- C:\Windows\System\qTBIcRl.exe
  C:\Windows\System\qTBIcRl.exe
  2⤵
  PID:2924
- C:\Windows\System\bAgWxae.exe
  C:\Windows\System\bAgWxae.exe
  2⤵
  PID:6432
- C:\Windows\System\kLiJWIO.exe
  C:\Windows\System\kLiJWIO.exe
  2⤵
  PID:1544
- C:\Windows\System\NifJrZs.exe
  C:\Windows\System\NifJrZs.exe
  2⤵
  PID:7744
- C:\Windows\System\GHKqVjw.exe
  C:\Windows\System\GHKqVjw.exe
  2⤵
  PID:8220
- C:\Windows\System\yfTAOGC.exe
  C:\Windows\System\yfTAOGC.exe
  2⤵
  PID:8216
- C:\Windows\System\xcgnaOr.exe
  C:\Windows\System\xcgnaOr.exe
  2⤵
  PID:8312
- C:\Windows\System\dkZQBNL.exe
  C:\Windows\System\dkZQBNL.exe
  2⤵
  PID:7892
- C:\Windows\System\uLTNZBb.exe
  C:\Windows\System\uLTNZBb.exe
  2⤵
  PID:8416
- C:\Windows\System\TsqdtQs.exe
  C:\Windows\System\TsqdtQs.exe
  2⤵
  PID:8472
- C:\Windows\System\rBIWESK.exe
  C:\Windows\System\rBIWESK.exe
  2⤵
  PID:8556
- C:\Windows\System\pGmiwpb.exe
  C:\Windows\System\pGmiwpb.exe
  2⤵
  PID:7692
- C:\Windows\System\qEDnsLN.exe
  C:\Windows\System\qEDnsLN.exe
  2⤵
  PID:8776
- C:\Windows\System\AJZuvKz.exe
  C:\Windows\System\AJZuvKz.exe
  2⤵
  PID:8680
- C:\Windows\System\EKjIaOc.exe
  C:\Windows\System\EKjIaOc.exe
  2⤵
  PID:8552
- C:\Windows\System\SuNEmeB.exe
  C:\Windows\System\SuNEmeB.exe
  2⤵
  PID:8860
- C:\Windows\System\SbfDYSS.exe
  C:\Windows\System\SbfDYSS.exe
  2⤵
  PID:8796
- C:\Windows\System\ntnjwfK.exe
  C:\Windows\System\ntnjwfK.exe
  2⤵
  PID:8968
- C:\Windows\System\hSlQbJa.exe
  C:\Windows\System\hSlQbJa.exe
  2⤵
  PID:8904
- C:\Windows\System\neGhxiS.exe
  C:\Windows\System\neGhxiS.exe
  2⤵
  PID:8884
- C:\Windows\System\zWXQKfw.exe
  C:\Windows\System\zWXQKfw.exe
  2⤵
  PID:9044
- C:\Windows\System\jfEgUJt.exe
  C:\Windows\System\jfEgUJt.exe
  2⤵
  PID:9064
- C:\Windows\System\tAfTEum.exe
  C:\Windows\System\tAfTEum.exe
  2⤵
  PID:9144
- C:\Windows\System\iAdDifY.exe
  C:\Windows\System\iAdDifY.exe
  2⤵
  PID:9204
- C:\Windows\System\kKZssZS.exe
  C:\Windows\System\kKZssZS.exe
  2⤵
  PID:7304
- C:\Windows\System\gdbJmwn.exe
  C:\Windows\System\gdbJmwn.exe
  2⤵
  PID:8212
- C:\Windows\System\FpBInYC.exe
  C:\Windows\System\FpBInYC.exe
  2⤵
  PID:2236
- C:\Windows\System\tpihWhN.exe
  C:\Windows\System\tpihWhN.exe
  2⤵
  PID:8368
- C:\Windows\System\AdYjVel.exe
  C:\Windows\System\AdYjVel.exe
  2⤵
  PID:8240
- C:\Windows\System\GiQOPTj.exe
  C:\Windows\System\GiQOPTj.exe
  2⤵
  PID:8568
- C:\Windows\System\luYMCoq.exe
  C:\Windows\System\luYMCoq.exe
  2⤵
  PID:8716
- C:\Windows\System\lJhsXyX.exe
  C:\Windows\System\lJhsXyX.exe
  2⤵
  PID:8460
- C:\Windows\System\BfYbAYM.exe
  C:\Windows\System\BfYbAYM.exe
  2⤵
  PID:9076
- C:\Windows\System\jrjVmkT.exe
  C:\Windows\System\jrjVmkT.exe
  2⤵
  PID:9156
- C:\Windows\System\EcvPDSf.exe
  C:\Windows\System\EcvPDSf.exe
  2⤵
  PID:9140
- C:\Windows\System\yncbaLI.exe
  C:\Windows\System\yncbaLI.exe
  2⤵
  PID:7448
- C:\Windows\System\POzumPs.exe
  C:\Windows\System\POzumPs.exe
  2⤵
  PID:7548
- C:\Windows\System\ZKxOwlM.exe
  C:\Windows\System\ZKxOwlM.exe
  2⤵
  PID:8712
- C:\Windows\System\TqYxHNe.exe
  C:\Windows\System\TqYxHNe.exe
  2⤵
  PID:8780
- C:\Windows\System\NpHPCaR.exe
  C:\Windows\System\NpHPCaR.exe
  2⤵
  PID:8752
- C:\Windows\System\UhnIotw.exe
  C:\Windows\System\UhnIotw.exe
  2⤵
  PID:8792
- C:\Windows\System\RYQtVQq.exe
  C:\Windows\System\RYQtVQq.exe
  2⤵
  PID:8976
- C:\Windows\System\IPjSppi.exe
  C:\Windows\System\IPjSppi.exe
  2⤵
  PID:9128
- C:\Windows\System\QrCiPbE.exe
  C:\Windows\System\QrCiPbE.exe
  2⤵
  PID:8132
- C:\Windows\System\IWoEzeb.exe
  C:\Windows\System\IWoEzeb.exe
  2⤵
  PID:8632
- C:\Windows\System\ahbeHlt.exe
  C:\Windows\System\ahbeHlt.exe
  2⤵
  PID:8952
- C:\Windows\System\kcWqLqJ.exe
  C:\Windows\System\kcWqLqJ.exe
  2⤵
  PID:8512
- C:\Windows\System\VvhhynF.exe
  C:\Windows\System\VvhhynF.exe
  2⤵
  PID:8692
- C:\Windows\System\QVMQaEI.exe
  C:\Windows\System\QVMQaEI.exe
  2⤵
  PID:8252
- C:\Windows\System\QcXktvt.exe
  C:\Windows\System\QcXktvt.exe
  2⤵
  PID:8936
- C:\Windows\System\jUGRQPc.exe
  C:\Windows\System\jUGRQPc.exe
  2⤵
  PID:8296
- C:\Windows\System\WVebjnx.exe
  C:\Windows\System\WVebjnx.exe
  2⤵
  PID:9000
- C:\Windows\System\zyveEkI.exe
  C:\Windows\System\zyveEkI.exe
  2⤵
  PID:8736
- C:\Windows\System\lzGnXTg.exe
  C:\Windows\System\lzGnXTg.exe
  2⤵
  PID:8664
- C:\Windows\System\RrVMBWg.exe
  C:\Windows\System\RrVMBWg.exe
  2⤵
  PID:9240
- C:\Windows\System\zjWYyfG.exe
  C:\Windows\System\zjWYyfG.exe
  2⤵
  PID:9256
- C:\Windows\System\sMjSYlB.exe
  C:\Windows\System\sMjSYlB.exe
  2⤵
  PID:9280
- C:\Windows\System\TULVdUL.exe
  C:\Windows\System\TULVdUL.exe
  2⤵
  PID:9300
- C:\Windows\System\zhoEnTG.exe
  C:\Windows\System\zhoEnTG.exe
  2⤵
  PID:9320
- C:\Windows\System\dgednOr.exe
  C:\Windows\System\dgednOr.exe
  2⤵
  PID:9348
- C:\Windows\System\ffZmvav.exe
  C:\Windows\System\ffZmvav.exe
  2⤵
  PID:9368
- C:\Windows\System\MPpPNvY.exe
  C:\Windows\System\MPpPNvY.exe
  2⤵
  PID:9384
- C:\Windows\System\cnDzUcL.exe
  C:\Windows\System\cnDzUcL.exe
  2⤵
  PID:9400
- C:\Windows\System\yClxusP.exe
  C:\Windows\System\yClxusP.exe
  2⤵
  PID:9424
- C:\Windows\System\FeZBjUO.exe
  C:\Windows\System\FeZBjUO.exe
  2⤵
  PID:9444
- C:\Windows\System\kOdwdNA.exe
  C:\Windows\System\kOdwdNA.exe
  2⤵
  PID:9460
- C:\Windows\System\uSuDeJr.exe
  C:\Windows\System\uSuDeJr.exe
  2⤵
  PID:9480
- C:\Windows\System\kxLfVQP.exe
  C:\Windows\System\kxLfVQP.exe
  2⤵
  PID:9496
- C:\Windows\System\hxFCENm.exe
  C:\Windows\System\hxFCENm.exe
  2⤵
  PID:9512
- C:\Windows\System\JeAJTEL.exe
  C:\Windows\System\JeAJTEL.exe
  2⤵
  PID:9532
- C:\Windows\System\KqCBSJW.exe
  C:\Windows\System\KqCBSJW.exe
  2⤵
  PID:9556
- C:\Windows\System\rqleuOT.exe
  C:\Windows\System\rqleuOT.exe
  2⤵
  PID:9572
- C:\Windows\System\rSZMABH.exe
  C:\Windows\System\rSZMABH.exe
  2⤵
  PID:9588
- C:\Windows\System\LkwRrav.exe
  C:\Windows\System\LkwRrav.exe
  2⤵
  PID:9624
- C:\Windows\System\EkOiFpG.exe
  C:\Windows\System\EkOiFpG.exe
  2⤵
  PID:9644
- C:\Windows\System\qxoIDsU.exe
  C:\Windows\System\qxoIDsU.exe
  2⤵
  PID:9664
- C:\Windows\System\BfNDtya.exe
  C:\Windows\System\BfNDtya.exe
  2⤵
  PID:9680
- C:\Windows\System\blCHdqE.exe
  C:\Windows\System\blCHdqE.exe
  2⤵
  PID:9704
- C:\Windows\System\DASTUzL.exe
  C:\Windows\System\DASTUzL.exe
  2⤵
  PID:9720
- C:\Windows\System\VyuvGqK.exe
  C:\Windows\System\VyuvGqK.exe
  2⤵
  PID:9740
- C:\Windows\System\iNxOECK.exe
  C:\Windows\System\iNxOECK.exe
  2⤵
  PID:9760
- C:\Windows\System\IipIFgB.exe
  C:\Windows\System\IipIFgB.exe
  2⤵
  PID:9780
- C:\Windows\System\QTXStgK.exe
  C:\Windows\System\QTXStgK.exe
  2⤵
  PID:9796
- C:\Windows\System\ELeZJAx.exe
  C:\Windows\System\ELeZJAx.exe
  2⤵
  PID:9824
- C:\Windows\System\FbWahWv.exe
  C:\Windows\System\FbWahWv.exe
  2⤵
  PID:9840
- C:\Windows\System\UuAOcBq.exe
  C:\Windows\System\UuAOcBq.exe
  2⤵
  PID:9868
- C:\Windows\System\RQREIVh.exe
  C:\Windows\System\RQREIVh.exe
  2⤵
  PID:9888
- C:\Windows\System\InqTTTx.exe
  C:\Windows\System\InqTTTx.exe
  2⤵
  PID:9908
- C:\Windows\System\cCkMrQb.exe
  C:\Windows\System\cCkMrQb.exe
  2⤵
  PID:9936
- C:\Windows\System\bMmPnzE.exe
  C:\Windows\System\bMmPnzE.exe
  2⤵
  PID:9952
- C:\Windows\System\AHPtLan.exe
  C:\Windows\System\AHPtLan.exe
  2⤵
  PID:9968
- C:\Windows\System\FmUKstD.exe
  C:\Windows\System\FmUKstD.exe
  2⤵
  PID:9984
- C:\Windows\System\mmBZCJN.exe
  C:\Windows\System\mmBZCJN.exe
  2⤵
  PID:10004
- C:\Windows\System\SZAOQcv.exe
  C:\Windows\System\SZAOQcv.exe
  2⤵
  PID:10020
- C:\Windows\System\QwBrknY.exe
  C:\Windows\System\QwBrknY.exe
  2⤵
  PID:10040
- C:\Windows\System\kzAJsvT.exe
  C:\Windows\System\kzAJsvT.exe
  2⤵
  PID:10064
- C:\Windows\System\LlVncmk.exe
  C:\Windows\System\LlVncmk.exe
  2⤵
  PID:10100
- C:\Windows\System\mFdgysP.exe
  C:\Windows\System\mFdgysP.exe
  2⤵
  PID:10116
- C:\Windows\System\AqCuBBh.exe
  C:\Windows\System\AqCuBBh.exe
  2⤵
  PID:10136
- C:\Windows\System\LoBATTQ.exe
  C:\Windows\System\LoBATTQ.exe
  2⤵
  PID:10156
- C:\Windows\System\zcllvFO.exe
  C:\Windows\System\zcllvFO.exe
  2⤵
  PID:10172
- C:\Windows\System\EjHKpGT.exe
  C:\Windows\System\EjHKpGT.exe
  2⤵
  PID:10192
- C:\Windows\System\sfJixMd.exe
  C:\Windows\System\sfJixMd.exe
  2⤵
  PID:10208
- C:\Windows\System\gDbSVoe.exe
  C:\Windows\System\gDbSVoe.exe
  2⤵
  PID:10224
- C:\Windows\System\yUprtGo.exe
  C:\Windows\System\yUprtGo.exe
  2⤵
  PID:8996
- C:\Windows\System\pLJEAGi.exe
  C:\Windows\System\pLJEAGi.exe
  2⤵
  PID:9264
- C:\Windows\System\YTcWifV.exe
  C:\Windows\System\YTcWifV.exe
  2⤵
  PID:9252
- C:\Windows\System\uZiQfes.exe
  C:\Windows\System\uZiQfes.exe
  2⤵
  PID:9308
- C:\Windows\System\ZKKywwZ.exe
  C:\Windows\System\ZKKywwZ.exe
  2⤵
  PID:9332
- C:\Windows\System\mFckDuv.exe
  C:\Windows\System\mFckDuv.exe
  2⤵
  PID:9380
- C:\Windows\System\qvWLsNz.exe
  C:\Windows\System\qvWLsNz.exe
  2⤵
  PID:9436
- C:\Windows\System\XuoTmWh.exe
  C:\Windows\System\XuoTmWh.exe
  2⤵
  PID:9408
- C:\Windows\System\vxHyjjq.exe
  C:\Windows\System\vxHyjjq.exe
  2⤵
  PID:9552
- C:\Windows\System\nzeThaK.exe
  C:\Windows\System\nzeThaK.exe
  2⤵
  PID:9420
- C:\Windows\System\sWcrIwg.exe
  C:\Windows\System\sWcrIwg.exe
  2⤵
  PID:9600
- C:\Windows\System\RDqxPXO.exe
  C:\Windows\System\RDqxPXO.exe
  2⤵
  PID:9636
- C:\Windows\System\uWVcVrm.exe
  C:\Windows\System\uWVcVrm.exe
  2⤵
  PID:9652
- C:\Windows\System\mkhUzCs.exe
  C:\Windows\System\mkhUzCs.exe
  2⤵
  PID:9692
- C:\Windows\System\myfMPCU.exe
  C:\Windows\System\myfMPCU.exe
  2⤵
  PID:9716
- C:\Windows\System\uabtuUQ.exe
  C:\Windows\System\uabtuUQ.exe
  2⤵
  PID:9748
- C:\Windows\System\WMOvSNH.exe
  C:\Windows\System\WMOvSNH.exe
  2⤵
  PID:9792
- C:\Windows\System\yBsPUPc.exe
  C:\Windows\System\yBsPUPc.exe
  2⤵
  PID:9820
- C:\Windows\System\RCYHHQp.exe
  C:\Windows\System\RCYHHQp.exe
  2⤵
  PID:9848
- C:\Windows\System\yYTiLWw.exe
  C:\Windows\System\yYTiLWw.exe
  2⤵
  PID:9864
- C:\Windows\System\qlDSaTV.exe
  C:\Windows\System\qlDSaTV.exe
  2⤵
  PID:9932
- C:\Windows\System\ZaVPISl.exe
  C:\Windows\System\ZaVPISl.exe
  2⤵
  PID:9992
- C:\Windows\System\uSlnBNH.exe
  C:\Windows\System\uSlnBNH.exe
  2⤵
  PID:10028
- C:\Windows\System\QeOhvnu.exe
  C:\Windows\System\QeOhvnu.exe
  2⤵
  PID:10016
- C:\Windows\System\jOgfjFt.exe
  C:\Windows\System\jOgfjFt.exe
  2⤵
  PID:10036
- C:\Windows\System\hZTZQbJ.exe
  C:\Windows\System\hZTZQbJ.exe
  2⤵
  PID:10060
- C:\Windows\System\CIFDqKZ.exe
  C:\Windows\System\CIFDqKZ.exe
  2⤵
  PID:10112
- C:\Windows\System\rGpxSqt.exe
  C:\Windows\System\rGpxSqt.exe
  2⤵
  PID:10168
- C:\Windows\System\dWyQaeL.exe
  C:\Windows\System\dWyQaeL.exe
  2⤵
  PID:9232
- C:\Windows\System\mtIAkHd.exe
  C:\Windows\System\mtIAkHd.exe
  2⤵
  PID:9276
- C:\Windows\System\MdKyCcM.exe
  C:\Windows\System\MdKyCcM.exe
  2⤵
  PID:9396
- C:\Windows\System\jwVmowN.exe
  C:\Windows\System\jwVmowN.exe
  2⤵
  PID:10188
- C:\Windows\System\mFXoPro.exe
  C:\Windows\System\mFXoPro.exe
  2⤵
  PID:9228
- C:\Windows\System\wqgEPQO.exe
  C:\Windows\System\wqgEPQO.exe
  2⤵
  PID:9296
- C:\Windows\System\XCkEevE.exe
  C:\Windows\System\XCkEevE.exe
  2⤵
  PID:9360
- C:\Windows\System\hCkGBfQ.exe
  C:\Windows\System\hCkGBfQ.exe
  2⤵
  PID:9544
- C:\Windows\System\VYkrmCZ.exe
  C:\Windows\System\VYkrmCZ.exe
  2⤵
  PID:9568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BBzUgYH.exe

Filesize
6.0MB

MD5
b6fcbcb140813689d8d005ba74d883f1

SHA1
7eee3f127fb2d5f074627ee23909f856de715601

SHA256
dce54e98cd09d4ae015fad816569b77aa01ff779d8002b561359743bb5eaf826

SHA512
5783331df0b86f178b6af5046627ab747be23cbd98959193362dd4c8be64a9bb25906b8876bfc4215244510c69d0dc010b726fd6368dbf8ef6ac7c3a0d720f04

Download Submit
C:\Windows\system\BWfqWDW.exe

Filesize
6.0MB

MD5
1ecd5bb84923495abd683498dff41fc1

SHA1
b70fe8e62024288ef0bc4733a6000c922428bbdb

SHA256
fc034db5f3bc4904de871a8b00c0072ff88167319edb9b5c96e0ee3211a34074

SHA512
ad4acf8e0c7cced5cc52774d6bc0c408f9ba1af73dbd09e1d6760915a3e0593bde9417dd785e73349a131bce51767c9f6c8f9437b12f623f91e7079b85f7b8fa

Download Submit
C:\Windows\system\CrNZZIy.exe

Filesize
6.0MB

MD5
ae461ace038c9fa1753efd84285dce0a

SHA1
c8affb52d93d8a7241a756149b238e1b8c3fa4bd

SHA256
2813c0a0daf6bbf0e2f12bc44aebb08c409817ff981886810be1f61045070ac0

SHA512
d9c7a93d52f45739b3efea5bd3dda69648678e4ecfc0f9164d0c542e56952e6ad5525746f905f576de92bddad95a85fa88fbc9cb140170ccffcd8002dbb8421c

Download Submit
C:\Windows\system\DBfRpin.exe

Filesize
6.0MB

MD5
6da2f7387b9a4d06488e87008500117a

SHA1
8630abbc90f737aa87f9ccf8488ce71a2ea0918c

SHA256
9cb591c2603927c4086402440c900cbd4db0a4aab053292d67acfcb9f756b442

SHA512
59f7521ab102b44de50239db2a6c0fff5308a0e662447ca49340ff449ae59a9b276511eae3538ff98fca505e4d6704910df14aa5146efb2cb0a4691b9b5a065c

Download Submit
C:\Windows\system\DxXyuFW.exe

Filesize
6.0MB

MD5
c8ee39933d8947fd48e844d359939667

SHA1
0eaebcd81271794c832beb1427b48ea6d7ac7ba0

SHA256
ce027da611c149cf6c84de49206d82e9a702c09990153639299de6504ff08cf5

SHA512
5c19e3b6528f79e47758fe2d9ab7c2f284a3b56feb1a9dc5f844a86adb4d389a49d84baf9ffe6e94d43bf108a59b50bdc2ad54fa604d049655d2cdc38dfd9fb1

Download Submit
C:\Windows\system\FumzWxj.exe

Filesize
6.0MB

MD5
ada6485deae2c2764e6b851b2ee9be86

SHA1
0cd81bd179d98a569c5b37d0c46ed90c09933756

SHA256
966fe90182be1d8415ee630233c4c5d6fb0f203220ee1329915c7d9567056ef1

SHA512
350759a4a901d16a8097563e7fd0d9504424518c73378bd8998ff956d3b57df75ae6bcc0ad1bf0f91dc5cdafa12840d3e674bff45d5ffd864cd4d280d177ae98

Download Submit
C:\Windows\system\HZjlhTt.exe

Filesize
6.0MB

MD5
e338a7c27bc081426d1b37ae1bb0077f

SHA1
1c39c5f6126d55b5f47ea1b64a52928c63a6a61c

SHA256
109af48b3fffe33a35df4cf4540f1c13757efcc7c4fd1ce9a83980f5ac0bfc43

SHA512
6e73a4e77465d307d256189cfd420677e6ebec5da04509c066975b83e648327e3f2c0b71264827eaa0780a2deca9a934ea007a234e678f901ea33284f77dae84

Download Submit
C:\Windows\system\JFSeJpi.exe

Filesize
6.0MB

MD5
f37e700ce524363dd0c266ee6750a6bf

SHA1
6673768ac486d63a14d1d1a8720a1f7eb5054793

SHA256
8428df668e0b72b750075157c12a753da7c3382774ecbb133c5afc6431f42076

SHA512
322c43445db5eca9d6331592067a2af566785379811413f4a612360208c9ce3a1d0c01a093bc1a5f5c260b8c647305b1fc9421946d2271b0bf3316e719d692e8

Download Submit
C:\Windows\system\KCQLTpB.exe

Filesize
6.0MB

MD5
5166436e88a349b4a96401e9a958b27b

SHA1
dce0c1e39f0420de25067c88e88bff1250e5d3bd

SHA256
d7e60ddb0389784817be3cdfea91d280a56872324a5bfd6c16ce05dae7ca2181

SHA512
a51fe4c7d4349dec6a76de3a1ff45f3d943e6d44a9921e1078ebe5bb0546609790dfc64e5b448c11dbc2577dfdada99088bc9cba3b2ef77c7548f2d12198d434

Download Submit
C:\Windows\system\LeytJaz.exe

Filesize
6.0MB

MD5
86c95a007402635ca31a76968e2d20a4

SHA1
219106c7ef9b42f609c56403acfa0cb4373c083a

SHA256
482d73cf0ec7d9dfa28e8b17b2066896984ab74dbe4341e0e80228a902ff5d1e

SHA512
1d3cf47cf0eb5c00c4985ac3ca40ca7205cc6b34803ec259745c757a03c3992f04307473e5c097421efd5e1ad3470c1eb0a09ade39bb16b06de0ec5cd6580ba6

Download Submit
C:\Windows\system\LvgCoCS.exe

Filesize
6.0MB

MD5
8fcb4151fba6f4371a25f358b4ab8830

SHA1
28782caa8f48693d9fc9628e32ac6d0dae8fa596

SHA256
c05cb547f2171d0a9e92e3419e9c6d67636935599a71e6496e2659f2150d8799

SHA512
cde9064c788396aa3b50fbf821048b0490ae9b3fb98a28b95c0de87eb267f9529a71106e128df6ad06a45f9612d56f08fe1cf3c46ecb622f8b442a2889e8a016

Download Submit
C:\Windows\system\NsTesjT.exe

Filesize
6.0MB

MD5
05dcc1061abedd4c9b39c0b16d10bd5e

SHA1
541585dbafe9e15e5746cef1826eebb112166560

SHA256
1277a853d4202b31f2038ad49d30b2044fe53214c94e9157be6fb2d57cf2dd76

SHA512
fb8f7fa4c6cdf2400c5e6830cf4dae6fea515347d3b564900850894803c6deec8cb271bed0bf82a3c0fe9636ba64c9f83f83cd44770500b1e718038d0a679750

Download Submit
C:\Windows\system\OOrLbXD.exe

Filesize
6.0MB

MD5
9964fe0f173a1fd40639480969baa1ab

SHA1
8c44fbf3d35c61478aeeecfa0ddca768b86f1dc9

SHA256
f1224d71768f647f693a448786ae2f0753408fe7c4fa33187fda35548352d249

SHA512
a91d8c20af0eb84aa0aa261ed3043e39cda3a36cb67e5ab5bd8b48f0cad463fd8e9c711ce8cf4f01d43c50bff51edde5de4bac68a1b6268c18f0ec8b4ebb3e26

Download Submit
C:\Windows\system\UMFBPrJ.exe

Filesize
6.0MB

MD5
2ec6580798642cd2566ca45b8ce43d47

SHA1
c267cf9fbb71694d86062c3d09fe16364735befc

SHA256
839ef4bbd30a06baff098c92a7b75e68c854b87b3f2bb24efaac8e4b12e40ca0

SHA512
f78f934370e403c602c099d2d893c0fbd85fa30f2e42712ac052a125928fef7ee1a96f0744fc0ca8cf229c7042b3729c71d0889e1518427a58efd3914398dd37

Download Submit
C:\Windows\system\VBztiOY.exe

Filesize
6.0MB

MD5
f54b931cd985290c555d3b4ac0d2a13d

SHA1
e67eab4c5109d1de6a40c177b1dfca033a47ed41

SHA256
00521a5d8b727f83d031bf36afe78f81bb85bc0fb5bdd11379b1fae37421f0e3

SHA512
d1faabb083abcca4173878a05397f94bb381b9174b8aec44e68d50cbf58529edfd2e81031b7032620d8d756607f2891e106e03955ae9120b62565b6ffae51be0

Download Submit
C:\Windows\system\XMubymQ.exe

Filesize
6.0MB

MD5
2424c30ba4dd65311c80233386d3743f

SHA1
9108755fc2626b69eac10b7b1fcebb5fd2c4222a

SHA256
0c0fd068665a4fc1d7ad0750dc46906efc927dce22b4140e306ccd3992aef3e8

SHA512
f046b3b03afcd9512bda06d43e7ec485e55e40e747440c37bbda52f594febfc2fac8e9db9a650483fac5a3895d9a6236b9aceb106ffd3000b8c08ad397b442b0

Download Submit
C:\Windows\system\XvCJCtf.exe

Filesize
6.0MB

MD5
f96a452026b03bc960f05f46984ff69d

SHA1
e4bb88a7dba461679718169d74a2c2002bec916b

SHA256
1378bfb5316741c4f859639d2e22fc38295b77e5cc46c2adb1bcf0cf57c8cb3d

SHA512
66117a8ceeb9de6d095f78cfc5bfcbd077bdc24ffd4844f47a1e0401534f76cb83569eec2f0fd96e2f6f5b0ee600f81332769ca8676c8044ffce7deecdace7b5

Download Submit
C:\Windows\system\fGgpxbW.exe

Filesize
6.0MB

MD5
7542e1d7625cb9c4d9a060b7825dac44

SHA1
640a3efa4b40533b4d2353853e5939838ba9c25e

SHA256
61a51fcb1b98a73c2f1ffeecd20e51399e6d1f7de933e377a869482f3095e7e0

SHA512
9a31c225ea3cff4fc1900b5a9a0de9d5efec7ecd43ca433d14969d8c3f24a79c3f5e364e8c7673ac07bc22bcae65c8e597059bd1228500e628590d32fd7c5c97

Download Submit
C:\Windows\system\fdXHpkN.exe

Filesize
8B

MD5
987c70d1ab05f8307bcf8d4a56bd1b2a

SHA1
d859960d50e2510715d925734fe157489a0a1944

SHA256
8b04df8935f86ec158279e310f60efac8553c711506922bdc4c06882166f3629

SHA512
41f6fbda2ec420f80db464d40ee3a4fdfafa74e79ae1fb6325dd1a4c2bb1f76015f6eaadd100afbdb1cfeb1a380e9a046b5a648e44c865d893d1be62594ccb9a

Download Submit
C:\Windows\system\hbDJHrB.exe

Filesize
6.0MB

MD5
f3abf1b9b53d1e2f56133e481c8902e3

SHA1
f345d49396e3b87ed0aa0a3040135b87646e16be

SHA256
2719a2280a59461d2e006747e511b95e045eec27d40ff6d7462f1e23b934ce90

SHA512
2968cbff018df8f70c3b9d30bb07166d8b4aaa7a780af1c2f61ade7c6f5f0e6739c9029fdf6dfb6d98cab3faf07c09e0c835374fb190d94d86f77956796ee18b

Download Submit
C:\Windows\system\okLTAbT.exe

Filesize
6.0MB

MD5
749e00938587eeb30f10f7cbc426c873

SHA1
97e65a732b1d9d3fcb3008a9498881a8606cff5a

SHA256
493ac702d1adf9f069a91c57a3c5e837e4b2ae5920063e1139c5e263623fdd12

SHA512
1a5ae21771d7416f7adc489a52bc5672151d46af0bab63c0e546c2f76ac4d59e976106e29f5918158d81e7488a69987074f753305f8f1ad7597d0b097def0057

Download Submit
C:\Windows\system\optCWEF.exe

Filesize
6.0MB

MD5
b0c284e6fdfd37adf85be8b2cf920f62

SHA1
9a519d53c0a6c0e27b4c0816f8fb5568df81888f

SHA256
87fe1f177ef3182225ff91b08a383e6a06db8294ce157d317a048190cec713bb

SHA512
6d81b65003884ecbf08f516d6f3fcfe5d34fe835bd5742e39799654d151c19c43256524b506a06bd3edcd644c919dff8f3eea4529b68a10373878ece7bc495d4

Download Submit
C:\Windows\system\sguLbmX.exe

Filesize
6.0MB

MD5
7c81473c0f81cbc3ddfbae2dc85d73dd

SHA1
66a2e70ce1a5e5a8d3c50440bdfe88b752f80e2f

SHA256
e55ae094cebf7d80c4471e91654627275ddbb4661288c714cec7fa4baf71e128

SHA512
89441620f1443da81fea67e1bc08a021e53b06263b55210f85d4d77f6f752e341a31bdb71cb4c99c1acd2aab0544bd9b390174df40a4ec306b7f32ec54ff08f7

Download Submit
C:\Windows\system\vFQtlFz.exe

Filesize
6.0MB

MD5
5c3f5aeb1a9f51914c305ce8492afa75

SHA1
32fcbb096fcba50762c7c372debabed411702e3f

SHA256
8ede99d440dde62ffddc16f9061c9a529a7b7cc5fc72c6fb51068cb6b3777afc

SHA512
5618d58fbb948e179547734801598c0b96bb9f846bee3b0bd6ae6090e6b12477c8da7c3579b73794d05b7f15ad161d41bda7a93e80a8b910d96529960060792f

Download Submit
C:\Windows\system\vWQbkXM.exe

Filesize
6.0MB

MD5
535d9714483d848129183b695126e8bc

SHA1
7efba3207a8e899b0256be9591ff9a51db501b5e

SHA256
0d43c548974dddc93f62c5426b643bb39088358379003810473b8308f3489473

SHA512
2e5ef1160f8cb49dc0b1017532f42a6e7f8d14143718e9d7b72e50a89b94f974ef7cbed83afeb1a8e8528071bcd618bc79d95b2db0ec43496678e3d1797bbf4c

Download Submit
C:\Windows\system\wmFbgab.exe

Filesize
6.0MB

MD5
c30c0de34179bc06e2719b456886ccfd

SHA1
0f0346ca533044e7df6784062a58cc661ff77ff2

SHA256
30424e293eb6fbfaf63eaa7f910aab19cbba9733d0e4edf5b740f7512ae6f7c9

SHA512
3848f9a096def542a02b4a9c7991fad7b3e156a081668ee70b34c6fb40ab98349fbbb46d7d5ac9c00b69947c28d6ce36a9ba8e5251fdcfcf0d5d59c9cf6fc6fb

Download Submit
\Windows\system\KCFnhCa.exe

Filesize
6.0MB

MD5
4b762741e2631b6cea601de6d71040a6

SHA1
a5e73de08f383e26350a8d3f3d3f46cb40062f2f

SHA256
ef954e329db04caa01e77abb33d7a3f784e5c7032ebe95dbcdcb716b866b3fca

SHA512
50735b5fff28ced76ae4a3857ee6519d04b94000ed90e633ae0b9997a1a552bd74cb6c9a090da9559d322fb6baef06cd5827b162a3c75560be7b988b5c731fa2

Download Submit
\Windows\system\QTJQBDr.exe

Filesize
6.0MB

MD5
80c0c6688a37484ed780505b6906a875

SHA1
e311841095084125c766f7cec207df47d0ad4a76

SHA256
4baa287565a8a48fea0dd3cd046ac2c536a3e40278cb9c0c81d46c13083a586a

SHA512
27207ee73d62414f2da8302f4a460bab7db21a41925b48900d0bf9ff1944752ac46c35d74e3b56aa4abfa3b432bca7040c53e721618fb9037ca1f8263cb6b213

Download Submit
\Windows\system\SAbwIPJ.exe

Filesize
6.0MB

MD5
5066f2cfc04fb42f4a7295b1fe1ac316

SHA1
ec63706d7ec782e9cc77ea792600c773bb920f70

SHA256
cbff241885113b786621013a7c88b031c91f81117dd249e8778b4ff419c98823

SHA512
8274a0627e52802793cd76114ced17a9e94fb48380d69b869d200d09546915278da8835bebffdb9f7ec811950ffcfed50c0657c2473eccf1fe78bafdb02f08b0

Download Submit
\Windows\system\eEZKzGc.exe

Filesize
6.0MB

MD5
84762f346e23be48c34886d18d307730

SHA1
2ecd77b8b7c585d7e99e0f8eac01757cf33ecb9f

SHA256
9a9c0d39be174e2375a26fdf82c0b91ab27d7a6437fa51fa9e7827e2d5e9eb34

SHA512
ec6a388b19e5890707248c9e1998815372d2cac0f280972f4d87d2686c6d4a796b84b087088714b3e79a881f2d50b04e84f0aa85e18d6b4a8d6bdcbdb1e3cba0

Download Submit
\Windows\system\eOaGQHW.exe

Filesize
6.0MB

MD5
339aba1ff9b7e98e798e0de78bfb79ff

SHA1
155ca74ece96066acae33092f2163008125ef016

SHA256
8b1bd35c662ce9b42ab72fb3121fdeeae5ccb52bb7e72e4b9fe140cbf16f2752

SHA512
d0493cbd28b267790fbf0a16f9f6fa52f5a7e59f8f7a8a0422fd76c446a150b103f9e2a748c97342734ea8091ba265da2fc01745b694f61c3a152f1d5783b873

Download Submit
\Windows\system\gKenoyD.exe

Filesize
6.0MB

MD5
1ca7545cb22caad98c14991c0ec76b5d

SHA1
71115cf786a6c086bdc32fe8bbdab1887cd57a5f

SHA256
cd3a54fc59fb5e86c9e4a2f449b4a76b35ee67d02dba9c33132d39fe068824c3

SHA512
db9a62c1afd503e26f8af9e0ad23447c66d80aba462f840bced3e3771e5b47cdcfd2b1599ada794b0f0a6b6f2811f2442e1b3b526a65b7f534448aa69b5249ed

Download Submit
\Windows\system\zthYqkz.exe

Filesize
6.0MB

MD5
b9e98f030a10f2960970675e3dda0b0c

SHA1
bb1e103bdcf4261f4818c66cb3895845fa853373

SHA256
d96d64cc68b2a71038dd3454113e9dc1f9bd4a373e7658089d41e250cc6977da

SHA512
dc01576962f624637863bd6ba4bb4fa17873c7ef2ef7f929022b01bfd4454795a4225f523bcf2cbc8c0e75b61e0eeabd05df10106f262edbbf954e2f5a1d985d

Download Submit
memory/820-109-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/820-973-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/820-3767-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/1440-91-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/1440-603-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/1440-3766-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-54-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1704-3685-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1704-17-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1888-809-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/1888-100-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/1888-3782-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2024-1072-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2024-16-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2024-329-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2024-2-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2024-502-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-703-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2024-114-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2024-113-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2024-905-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-0-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2024-12-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2024-96-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2024-95-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2024-10-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-39-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-42-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2024-43-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-105-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-104-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-32-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2024-55-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2024-79-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2024-71-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2024-87-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2024-63-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-24-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2324-59-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2324-22-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2324-3687-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2376-3764-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2376-90-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2376-51-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2428-30-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2428-66-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2428-3688-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3729-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2564-99-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2564-60-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2616-75-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3731-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2616-240-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2688-74-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2688-36-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3765-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2712-108-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3768-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-67-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3778-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2828-83-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2828-423-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2836-15-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3691-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-3719-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-82-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-44-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download