cobaltstrike | 3ddf9df94b35d551cd8a765eadd4b81a077754fc6f3cae85591ce16783b2e0ca

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 13:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

71e437cae4e482c9d8e53913d6f2492f
SHA1

941a8d5eba311f933493f9d2949b9ac53508e8de
SHA256

3ddf9df94b35d551cd8a765eadd4b81a077754fc6f3cae85591ce16783b2e0ca
SHA512

e0af63de6d3bbf89c55b59adae21e560ba73efd18afce54e8863c3d4424e15c6f46eda6411e295f795eebc9bfdc74290869b6ac3f695c8594d674f9efbcaa0f9
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU+:T+q56utgpPF8u/7+

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fd-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019608-9.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001960a-11.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001961c-23.dat	cobalt_reflective_dll
behavioral1/files/0x002e000000019604-34.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019667-38.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019926-58.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019c3c-68.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c9-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c7-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4de-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4f7-197.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4f1-192.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ef-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ed-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4eb-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e8-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e4-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e6-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e0-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e2-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4db-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d9-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d7-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d5-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d3-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d1-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cf-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cb-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cd-104.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019c34-66.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000196a1-50.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1096-0-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-3.dat	xmrig
behavioral1/memory/1096-6-0x00000000022B0000-0x0000000002604000-memory.dmp	xmrig
behavioral1/files/0x0007000000019608-9.dat	xmrig
behavioral1/memory/2332-14-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x000700000001960a-11.dat	xmrig
behavioral1/memory/2968-20-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/1096-18-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x000700000001961c-23.dat	xmrig
behavioral1/memory/2860-29-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2740-36-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x002e000000019604-34.dat	xmrig
behavioral1/memory/1096-33-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x0006000000019667-38.dat	xmrig
behavioral1/memory/1476-39-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2728-44-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2968-53-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019926-58.dat	xmrig
behavioral1/memory/2720-59-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x0008000000019c3c-68.dat	xmrig
behavioral1/files/0x000500000001a4c9-75.dat	xmrig
behavioral1/files/0x000500000001a4c7-84.dat	xmrig
behavioral1/memory/3052-86-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/1096-100-0x00000000022B0000-0x0000000002604000-memory.dmp	xmrig
behavioral1/memory/3048-106-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4de-147.dat	xmrig
behavioral1/memory/1096-849-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/3048-1015-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/1992-729-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/3052-564-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/1524-455-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2552-348-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/656-215-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4f7-197.dat	xmrig
behavioral1/files/0x000500000001a4f1-192.dat	xmrig
behavioral1/files/0x000500000001a4ef-187.dat	xmrig
behavioral1/files/0x000500000001a4ed-183.dat	xmrig
behavioral1/files/0x000500000001a4eb-177.dat	xmrig
behavioral1/files/0x000500000001a4e8-173.dat	xmrig
behavioral1/files/0x000500000001a4e4-163.dat	xmrig
behavioral1/files/0x000500000001a4e6-167.dat	xmrig
behavioral1/files/0x000500000001a4e0-153.dat	xmrig
behavioral1/files/0x000500000001a4e2-157.dat	xmrig
behavioral1/files/0x000500000001a4db-142.dat	xmrig
behavioral1/files/0x000500000001a4d9-138.dat	xmrig
behavioral1/files/0x000500000001a4d7-132.dat	xmrig
behavioral1/files/0x000500000001a4d5-128.dat	xmrig
behavioral1/files/0x000500000001a4d3-122.dat	xmrig
behavioral1/files/0x000500000001a4d1-118.dat	xmrig
behavioral1/files/0x000500000001a4cf-112.dat	xmrig
behavioral1/memory/2720-105-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/1992-96-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2796-95-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4cb-94.dat	xmrig
behavioral1/files/0x000500000001a4cd-104.dat	xmrig
behavioral1/memory/1096-101-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/656-67-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x0008000000019c34-66.dat	xmrig
behavioral1/memory/2728-85-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/1524-83-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2740-79-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/1096-76-0x00000000022B0000-0x0000000002604000-memory.dmp	xmrig
behavioral1/memory/1096-56-0x00000000022B0000-0x0000000002604000-memory.dmp	xmrig
behavioral1/memory/2796-51-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1476	zjQTTHu.exe
2332	oAcOlbn.exe
2968	mFXpPgP.exe
2860	TDKdEfg.exe
2740	RduLGjP.exe
2728	bSLMuuk.exe
2796	krmtJmx.exe
2720	SVlbTDt.exe
656	PEcVtch.exe
1524	hbIUemT.exe
2552	StNNPzf.exe
3052	FMXgPCp.exe
1992	sXPnYOA.exe
3048	eGZEvOh.exe
2164	qpETjfk.exe
2264	NqmgpiJ.exe
2128	LNijuVC.exe
3040	aoTXEab.exe
2260	yzIMIUf.exe
2304	wnGwcPI.exe
1848	BRnexnw.exe
532	lDGizql.exe
844	RbDXnwX.exe
2188	CcBnDVB.exe
536	vwMqazh.exe
2088	RAYzbKz.exe
2324	GVtcfXU.exe
2412	voUuEaw.exe
1800	RfUMNEq.exe
1608	xylbJcD.exe
2448	mJMQkkZ.exe
2580	LlbtCct.exe
560	weKZJSn.exe
692	EjICZTD.exe
2008	tGuEjcT.exe
1768	saeGqUy.exe
1408	OJkdeQz.exe
1640	BaRxEjC.exe
2376	BbBQAJM.exe
1676	rkHGaYn.exe
1704	crraYpm.exe
1876	iEQtHOQ.exe
988	ULwaPvb.exe
984	CBjMyKm.exe
1188	LQcnRrv.exe
2928	IqtbbkB.exe
2052	XoOaymx.exe
1972	cRCEDZu.exe
336	kAJJeDJ.exe
2512	qjpjIwY.exe
2032	NHHoAjZ.exe
1712	tDPdiQC.exe
1584	XoOrdWC.exe
1680	dHkGkyS.exe
2000	ropZgHr.exe
2956	jrOPeQM.exe
2992	LJQlgih.exe
2836	yHqKRom.exe
2840	dapxnlI.exe
2920	WmvaXTv.exe
2752	ebLYNki.exe
1904	EikBGun.exe
1180	qDKadiY.exe
2172	LSnSkqR.exe

Loads dropped DLL 64 IoCs

pid	Process
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1096-0-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-3.dat	upx
behavioral1/memory/1096-6-0x00000000022B0000-0x0000000002604000-memory.dmp	upx
behavioral1/files/0x0007000000019608-9.dat	upx
behavioral1/memory/2332-14-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x000700000001960a-11.dat	upx
behavioral1/memory/2968-20-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x000700000001961c-23.dat	upx
behavioral1/memory/2860-29-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2740-36-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x002e000000019604-34.dat	upx
behavioral1/memory/1096-33-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x0006000000019667-38.dat	upx
behavioral1/memory/1476-39-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2728-44-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2968-53-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x0006000000019926-58.dat	upx
behavioral1/memory/2720-59-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x0008000000019c3c-68.dat	upx
behavioral1/files/0x000500000001a4c9-75.dat	upx
behavioral1/files/0x000500000001a4c7-84.dat	upx
behavioral1/memory/3052-86-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/3048-106-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x000500000001a4de-147.dat	upx
behavioral1/memory/3048-1015-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/1992-729-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/3052-564-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/1524-455-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2552-348-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/656-215-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x000500000001a4f7-197.dat	upx
behavioral1/files/0x000500000001a4f1-192.dat	upx
behavioral1/files/0x000500000001a4ef-187.dat	upx
behavioral1/files/0x000500000001a4ed-183.dat	upx
behavioral1/files/0x000500000001a4eb-177.dat	upx
behavioral1/files/0x000500000001a4e8-173.dat	upx
behavioral1/files/0x000500000001a4e4-163.dat	upx
behavioral1/files/0x000500000001a4e6-167.dat	upx
behavioral1/files/0x000500000001a4e0-153.dat	upx
behavioral1/files/0x000500000001a4e2-157.dat	upx
behavioral1/files/0x000500000001a4db-142.dat	upx
behavioral1/files/0x000500000001a4d9-138.dat	upx
behavioral1/files/0x000500000001a4d7-132.dat	upx
behavioral1/files/0x000500000001a4d5-128.dat	upx
behavioral1/files/0x000500000001a4d3-122.dat	upx
behavioral1/files/0x000500000001a4d1-118.dat	upx
behavioral1/files/0x000500000001a4cf-112.dat	upx
behavioral1/memory/2720-105-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/1992-96-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2796-95-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/files/0x000500000001a4cb-94.dat	upx
behavioral1/files/0x000500000001a4cd-104.dat	upx
behavioral1/memory/656-67-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x0008000000019c34-66.dat	upx
behavioral1/memory/2728-85-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/1524-83-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2740-79-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/1096-76-0x00000000022B0000-0x0000000002604000-memory.dmp	upx
behavioral1/memory/2796-51-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/files/0x00060000000196a1-50.dat	upx
behavioral1/memory/2332-46-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2332-3654-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2968-3660-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/1476-3677-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bJkcaea.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TjobyCG.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SUQDMzH.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RbDXnwX.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CJfqCUN.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FPWkmgY.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DHqdrWI.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qhHOPtz.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPnMqWn.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cVJOGUT.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oCiKprF.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iHVJMhV.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\plUarAd.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YCpcJRY.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCObPlU.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wqGvhXh.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHwkhXM.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iUQnlXb.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eboTjWi.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DoaUdpx.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TTUwfTF.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CLMHDuM.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kOvnTxY.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRuDuqp.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRTUkBh.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kgiqmvB.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hbnNIlb.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XDnRoNE.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FsGjywu.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AcIyfZQ.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UZwotSh.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jKvxXPy.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHHjCtn.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NoNitRw.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wIXYiaY.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JsgGQZV.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pJRtOMD.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FWZISnl.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DVYxDwy.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMVsQWL.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UhfYzEr.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EyRRHdA.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdRaRTw.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ecPFfPY.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JcLIbVo.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWlHUit.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sfhZISV.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wSnoaSv.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\swzacUb.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lehavOm.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wcpNRGn.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFkmPQB.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tzcDXhL.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lndkQbZ.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kyCtBJi.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MzIfvBl.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XcWCovZ.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FlUDZuI.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LiiuMnG.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hlRwyPC.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FnTegZb.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BEsEDcA.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpaphpY.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\syJqTbv.exe	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 1476	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1096 wrote to memory of 1476	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1096 wrote to memory of 1476	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1096 wrote to memory of 2332	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1096 wrote to memory of 2332	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1096 wrote to memory of 2332	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1096 wrote to memory of 2968	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1096 wrote to memory of 2968	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1096 wrote to memory of 2968	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1096 wrote to memory of 2860	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1096 wrote to memory of 2860	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1096 wrote to memory of 2860	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1096 wrote to memory of 2740	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1096 wrote to memory of 2740	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1096 wrote to memory of 2740	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1096 wrote to memory of 2728	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1096 wrote to memory of 2728	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1096 wrote to memory of 2728	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1096 wrote to memory of 2796	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1096 wrote to memory of 2796	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1096 wrote to memory of 2796	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1096 wrote to memory of 2720	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1096 wrote to memory of 2720	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1096 wrote to memory of 2720	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1096 wrote to memory of 656	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1096 wrote to memory of 656	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1096 wrote to memory of 656	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1096 wrote to memory of 1524	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1096 wrote to memory of 1524	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1096 wrote to memory of 1524	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1096 wrote to memory of 3052	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1096 wrote to memory of 3052	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1096 wrote to memory of 3052	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1096 wrote to memory of 2552	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1096 wrote to memory of 2552	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1096 wrote to memory of 2552	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1096 wrote to memory of 1992	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1096 wrote to memory of 1992	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1096 wrote to memory of 1992	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1096 wrote to memory of 3048	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1096 wrote to memory of 3048	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1096 wrote to memory of 3048	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1096 wrote to memory of 2164	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1096 wrote to memory of 2164	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1096 wrote to memory of 2164	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1096 wrote to memory of 2264	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1096 wrote to memory of 2264	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1096 wrote to memory of 2264	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1096 wrote to memory of 2128	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1096 wrote to memory of 2128	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1096 wrote to memory of 2128	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1096 wrote to memory of 3040	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1096 wrote to memory of 3040	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1096 wrote to memory of 3040	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1096 wrote to memory of 2260	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1096 wrote to memory of 2260	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1096 wrote to memory of 2260	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1096 wrote to memory of 2304	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1096 wrote to memory of 2304	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1096 wrote to memory of 2304	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1096 wrote to memory of 1848	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1096 wrote to memory of 1848	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1096 wrote to memory of 1848	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1096 wrote to memory of 532	1096	2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_71e437cae4e482c9d8e53913d6f2492f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Windows\System\zjQTTHu.exe
  C:\Windows\System\zjQTTHu.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\oAcOlbn.exe
  C:\Windows\System\oAcOlbn.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\mFXpPgP.exe
  C:\Windows\System\mFXpPgP.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\TDKdEfg.exe
  C:\Windows\System\TDKdEfg.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\RduLGjP.exe
  C:\Windows\System\RduLGjP.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\bSLMuuk.exe
  C:\Windows\System\bSLMuuk.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\krmtJmx.exe
  C:\Windows\System\krmtJmx.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\SVlbTDt.exe
  C:\Windows\System\SVlbTDt.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\PEcVtch.exe
  C:\Windows\System\PEcVtch.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\hbIUemT.exe
  C:\Windows\System\hbIUemT.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\FMXgPCp.exe
  C:\Windows\System\FMXgPCp.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\StNNPzf.exe
  C:\Windows\System\StNNPzf.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\sXPnYOA.exe
  C:\Windows\System\sXPnYOA.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\eGZEvOh.exe
  C:\Windows\System\eGZEvOh.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\qpETjfk.exe
  C:\Windows\System\qpETjfk.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\NqmgpiJ.exe
  C:\Windows\System\NqmgpiJ.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\LNijuVC.exe
  C:\Windows\System\LNijuVC.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\aoTXEab.exe
  C:\Windows\System\aoTXEab.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\yzIMIUf.exe
  C:\Windows\System\yzIMIUf.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\wnGwcPI.exe
  C:\Windows\System\wnGwcPI.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\BRnexnw.exe
  C:\Windows\System\BRnexnw.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\lDGizql.exe
  C:\Windows\System\lDGizql.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\RbDXnwX.exe
  C:\Windows\System\RbDXnwX.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\CcBnDVB.exe
  C:\Windows\System\CcBnDVB.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\vwMqazh.exe
  C:\Windows\System\vwMqazh.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\RAYzbKz.exe
  C:\Windows\System\RAYzbKz.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\GVtcfXU.exe
  C:\Windows\System\GVtcfXU.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\voUuEaw.exe
  C:\Windows\System\voUuEaw.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\RfUMNEq.exe
  C:\Windows\System\RfUMNEq.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\xylbJcD.exe
  C:\Windows\System\xylbJcD.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\mJMQkkZ.exe
  C:\Windows\System\mJMQkkZ.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\LlbtCct.exe
  C:\Windows\System\LlbtCct.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\weKZJSn.exe
  C:\Windows\System\weKZJSn.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\EjICZTD.exe
  C:\Windows\System\EjICZTD.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\tGuEjcT.exe
  C:\Windows\System\tGuEjcT.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\saeGqUy.exe
  C:\Windows\System\saeGqUy.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\OJkdeQz.exe
  C:\Windows\System\OJkdeQz.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\BaRxEjC.exe
  C:\Windows\System\BaRxEjC.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\BbBQAJM.exe
  C:\Windows\System\BbBQAJM.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\rkHGaYn.exe
  C:\Windows\System\rkHGaYn.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\crraYpm.exe
  C:\Windows\System\crraYpm.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\iEQtHOQ.exe
  C:\Windows\System\iEQtHOQ.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\ULwaPvb.exe
  C:\Windows\System\ULwaPvb.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\CBjMyKm.exe
  C:\Windows\System\CBjMyKm.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\LQcnRrv.exe
  C:\Windows\System\LQcnRrv.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\IqtbbkB.exe
  C:\Windows\System\IqtbbkB.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\XoOaymx.exe
  C:\Windows\System\XoOaymx.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\cRCEDZu.exe
  C:\Windows\System\cRCEDZu.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\kAJJeDJ.exe
  C:\Windows\System\kAJJeDJ.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\qjpjIwY.exe
  C:\Windows\System\qjpjIwY.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\NHHoAjZ.exe
  C:\Windows\System\NHHoAjZ.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\tDPdiQC.exe
  C:\Windows\System\tDPdiQC.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\XoOrdWC.exe
  C:\Windows\System\XoOrdWC.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\dHkGkyS.exe
  C:\Windows\System\dHkGkyS.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\ropZgHr.exe
  C:\Windows\System\ropZgHr.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\jrOPeQM.exe
  C:\Windows\System\jrOPeQM.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\LJQlgih.exe
  C:\Windows\System\LJQlgih.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\yHqKRom.exe
  C:\Windows\System\yHqKRom.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\dapxnlI.exe
  C:\Windows\System\dapxnlI.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\WmvaXTv.exe
  C:\Windows\System\WmvaXTv.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\ebLYNki.exe
  C:\Windows\System\ebLYNki.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\EikBGun.exe
  C:\Windows\System\EikBGun.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\qDKadiY.exe
  C:\Windows\System\qDKadiY.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\LSnSkqR.exe
  C:\Windows\System\LSnSkqR.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\NuuvRVO.exe
  C:\Windows\System\NuuvRVO.exe
  2⤵
  PID:2912
- C:\Windows\System\ImKzOQS.exe
  C:\Windows\System\ImKzOQS.exe
  2⤵
  PID:2120
- C:\Windows\System\rmggyop.exe
  C:\Windows\System\rmggyop.exe
  2⤵
  PID:1940
- C:\Windows\System\UdrnXsC.exe
  C:\Windows\System\UdrnXsC.exe
  2⤵
  PID:1292
- C:\Windows\System\hgYzwSV.exe
  C:\Windows\System\hgYzwSV.exe
  2⤵
  PID:1760
- C:\Windows\System\SnFpUkv.exe
  C:\Windows\System\SnFpUkv.exe
  2⤵
  PID:2232
- C:\Windows\System\TIpoqjc.exe
  C:\Windows\System\TIpoqjc.exe
  2⤵
  PID:2168
- C:\Windows\System\JJJSvht.exe
  C:\Windows\System\JJJSvht.exe
  2⤵
  PID:2184
- C:\Windows\System\ADFjqiK.exe
  C:\Windows\System\ADFjqiK.exe
  2⤵
  PID:2328
- C:\Windows\System\ApuoRuQ.exe
  C:\Windows\System\ApuoRuQ.exe
  2⤵
  PID:2200
- C:\Windows\System\qImtCxP.exe
  C:\Windows\System\qImtCxP.exe
  2⤵
  PID:1480
- C:\Windows\System\XseBHjT.exe
  C:\Windows\System\XseBHjT.exe
  2⤵
  PID:768
- C:\Windows\System\gQLNubh.exe
  C:\Windows\System\gQLNubh.exe
  2⤵
  PID:800
- C:\Windows\System\eXcWTPX.exe
  C:\Windows\System\eXcWTPX.exe
  2⤵
  PID:1612
- C:\Windows\System\BxnSxzd.exe
  C:\Windows\System\BxnSxzd.exe
  2⤵
  PID:1416
- C:\Windows\System\zwercQg.exe
  C:\Windows\System\zwercQg.exe
  2⤵
  PID:2296
- C:\Windows\System\FNMXczh.exe
  C:\Windows\System\FNMXczh.exe
  2⤵
  PID:2152
- C:\Windows\System\mPEPxqt.exe
  C:\Windows\System\mPEPxqt.exe
  2⤵
  PID:1916
- C:\Windows\System\Reivlhj.exe
  C:\Windows\System\Reivlhj.exe
  2⤵
  PID:2680
- C:\Windows\System\TlogZyo.exe
  C:\Windows\System\TlogZyo.exe
  2⤵
  PID:2456
- C:\Windows\System\FTsXSUJ.exe
  C:\Windows\System\FTsXSUJ.exe
  2⤵
  PID:1968
- C:\Windows\System\GqDnpQr.exe
  C:\Windows\System\GqDnpQr.exe
  2⤵
  PID:1148
- C:\Windows\System\kjNzZnS.exe
  C:\Windows\System\kjNzZnS.exe
  2⤵
  PID:1056
- C:\Windows\System\iVocclq.exe
  C:\Windows\System\iVocclq.exe
  2⤵
  PID:2320
- C:\Windows\System\QCBxsSK.exe
  C:\Windows\System\QCBxsSK.exe
  2⤵
  PID:2892
- C:\Windows\System\BoSDsuZ.exe
  C:\Windows\System\BoSDsuZ.exe
  2⤵
  PID:576
- C:\Windows\System\QrgRoWb.exe
  C:\Windows\System\QrgRoWb.exe
  2⤵
  PID:2240
- C:\Windows\System\lqZylwd.exe
  C:\Windows\System\lqZylwd.exe
  2⤵
  PID:2816
- C:\Windows\System\gJfcHPf.exe
  C:\Windows\System\gJfcHPf.exe
  2⤵
  PID:2896
- C:\Windows\System\ZKYalKx.exe
  C:\Windows\System\ZKYalKx.exe
  2⤵
  PID:1556
- C:\Windows\System\wqGvhXh.exe
  C:\Windows\System\wqGvhXh.exe
  2⤵
  PID:2744
- C:\Windows\System\MSteYwS.exe
  C:\Windows\System\MSteYwS.exe
  2⤵
  PID:1696
- C:\Windows\System\bKYvEvE.exe
  C:\Windows\System\bKYvEvE.exe
  2⤵
  PID:2916
- C:\Windows\System\LkKWZPL.exe
  C:\Windows\System\LkKWZPL.exe
  2⤵
  PID:1948
- C:\Windows\System\shjpQPG.exe
  C:\Windows\System\shjpQPG.exe
  2⤵
  PID:760
- C:\Windows\System\XerycYV.exe
  C:\Windows\System\XerycYV.exe
  2⤵
  PID:2140
- C:\Windows\System\boeWBBJ.exe
  C:\Windows\System\boeWBBJ.exe
  2⤵
  PID:976
- C:\Windows\System\EJOsPgy.exe
  C:\Windows\System\EJOsPgy.exe
  2⤵
  PID:2532
- C:\Windows\System\CIpLBnl.exe
  C:\Windows\System\CIpLBnl.exe
  2⤵
  PID:2084
- C:\Windows\System\gvPkCVd.exe
  C:\Windows\System\gvPkCVd.exe
  2⤵
  PID:2384
- C:\Windows\System\vuNMwPt.exe
  C:\Windows\System\vuNMwPt.exe
  2⤵
  PID:2668
- C:\Windows\System\ZjcWYYc.exe
  C:\Windows\System\ZjcWYYc.exe
  2⤵
  PID:2488
- C:\Windows\System\yIBIbXV.exe
  C:\Windows\System\yIBIbXV.exe
  2⤵
  PID:1064
- C:\Windows\System\ujaDCXx.exe
  C:\Windows\System\ujaDCXx.exe
  2⤵
  PID:608
- C:\Windows\System\cogsRbG.exe
  C:\Windows\System\cogsRbG.exe
  2⤵
  PID:2608
- C:\Windows\System\GONVmeJ.exe
  C:\Windows\System\GONVmeJ.exe
  2⤵
  PID:2440
- C:\Windows\System\PVsDFIO.exe
  C:\Windows\System\PVsDFIO.exe
  2⤵
  PID:1576
- C:\Windows\System\qLAZLpl.exe
  C:\Windows\System\qLAZLpl.exe
  2⤵
  PID:2360
- C:\Windows\System\OOirqMl.exe
  C:\Windows\System\OOirqMl.exe
  2⤵
  PID:1520
- C:\Windows\System\swzacUb.exe
  C:\Windows\System\swzacUb.exe
  2⤵
  PID:2256
- C:\Windows\System\WRlWcjl.exe
  C:\Windows\System\WRlWcjl.exe
  2⤵
  PID:2528
- C:\Windows\System\FvBzBVm.exe
  C:\Windows\System\FvBzBVm.exe
  2⤵
  PID:1860
- C:\Windows\System\rKxSIgX.exe
  C:\Windows\System\rKxSIgX.exe
  2⤵
  PID:2556
- C:\Windows\System\IQoFXHU.exe
  C:\Windows\System\IQoFXHU.exe
  2⤵
  PID:1928
- C:\Windows\System\skZNKeo.exe
  C:\Windows\System\skZNKeo.exe
  2⤵
  PID:1500
- C:\Windows\System\EGlnOci.exe
  C:\Windows\System\EGlnOci.exe
  2⤵
  PID:1864
- C:\Windows\System\rXasmWU.exe
  C:\Windows\System\rXasmWU.exe
  2⤵
  PID:1896
- C:\Windows\System\yLHLDZf.exe
  C:\Windows\System\yLHLDZf.exe
  2⤵
  PID:1504
- C:\Windows\System\rsuvBpS.exe
  C:\Windows\System\rsuvBpS.exe
  2⤵
  PID:1572
- C:\Windows\System\zXOTPFZ.exe
  C:\Windows\System\zXOTPFZ.exe
  2⤵
  PID:3080
- C:\Windows\System\sTWzWid.exe
  C:\Windows\System\sTWzWid.exe
  2⤵
  PID:3100
- C:\Windows\System\jBEUeFY.exe
  C:\Windows\System\jBEUeFY.exe
  2⤵
  PID:3120
- C:\Windows\System\ZmTnZYs.exe
  C:\Windows\System\ZmTnZYs.exe
  2⤵
  PID:3140
- C:\Windows\System\jcUADIy.exe
  C:\Windows\System\jcUADIy.exe
  2⤵
  PID:3160
- C:\Windows\System\MEoPTwj.exe
  C:\Windows\System\MEoPTwj.exe
  2⤵
  PID:3180
- C:\Windows\System\kaZnkgD.exe
  C:\Windows\System\kaZnkgD.exe
  2⤵
  PID:3200
- C:\Windows\System\AslEaQG.exe
  C:\Windows\System\AslEaQG.exe
  2⤵
  PID:3220
- C:\Windows\System\cTktrOt.exe
  C:\Windows\System\cTktrOt.exe
  2⤵
  PID:3240
- C:\Windows\System\qLotEMe.exe
  C:\Windows\System\qLotEMe.exe
  2⤵
  PID:3260
- C:\Windows\System\xYRKtPS.exe
  C:\Windows\System\xYRKtPS.exe
  2⤵
  PID:3280
- C:\Windows\System\TAbHaqX.exe
  C:\Windows\System\TAbHaqX.exe
  2⤵
  PID:3300
- C:\Windows\System\NjyLlqd.exe
  C:\Windows\System\NjyLlqd.exe
  2⤵
  PID:3320
- C:\Windows\System\quMJCFj.exe
  C:\Windows\System\quMJCFj.exe
  2⤵
  PID:3344
- C:\Windows\System\PVVvHNM.exe
  C:\Windows\System\PVVvHNM.exe
  2⤵
  PID:3364
- C:\Windows\System\LWlcDro.exe
  C:\Windows\System\LWlcDro.exe
  2⤵
  PID:3384
- C:\Windows\System\aySsOBg.exe
  C:\Windows\System\aySsOBg.exe
  2⤵
  PID:3400
- C:\Windows\System\HGvBROB.exe
  C:\Windows\System\HGvBROB.exe
  2⤵
  PID:3424
- C:\Windows\System\jPqRiBC.exe
  C:\Windows\System\jPqRiBC.exe
  2⤵
  PID:3440
- C:\Windows\System\iwtxTDv.exe
  C:\Windows\System\iwtxTDv.exe
  2⤵
  PID:3464
- C:\Windows\System\VbapplV.exe
  C:\Windows\System\VbapplV.exe
  2⤵
  PID:3484
- C:\Windows\System\UZwotSh.exe
  C:\Windows\System\UZwotSh.exe
  2⤵
  PID:3504
- C:\Windows\System\WPGJYxm.exe
  C:\Windows\System\WPGJYxm.exe
  2⤵
  PID:3524
- C:\Windows\System\YKMMYZJ.exe
  C:\Windows\System\YKMMYZJ.exe
  2⤵
  PID:3544
- C:\Windows\System\gTNYeSg.exe
  C:\Windows\System\gTNYeSg.exe
  2⤵
  PID:3564
- C:\Windows\System\cqyvdnE.exe
  C:\Windows\System\cqyvdnE.exe
  2⤵
  PID:3584
- C:\Windows\System\aUiReYV.exe
  C:\Windows\System\aUiReYV.exe
  2⤵
  PID:3604
- C:\Windows\System\oqjTbyt.exe
  C:\Windows\System\oqjTbyt.exe
  2⤵
  PID:3624
- C:\Windows\System\lLogPwp.exe
  C:\Windows\System\lLogPwp.exe
  2⤵
  PID:3644
- C:\Windows\System\bHwkhXM.exe
  C:\Windows\System\bHwkhXM.exe
  2⤵
  PID:3664
- C:\Windows\System\lsdRnle.exe
  C:\Windows\System\lsdRnle.exe
  2⤵
  PID:3688
- C:\Windows\System\ONjjSvY.exe
  C:\Windows\System\ONjjSvY.exe
  2⤵
  PID:3708
- C:\Windows\System\lWhnRDK.exe
  C:\Windows\System\lWhnRDK.exe
  2⤵
  PID:3728
- C:\Windows\System\AjCeKxf.exe
  C:\Windows\System\AjCeKxf.exe
  2⤵
  PID:3748
- C:\Windows\System\ShhhRqI.exe
  C:\Windows\System\ShhhRqI.exe
  2⤵
  PID:3768
- C:\Windows\System\oPuSHMp.exe
  C:\Windows\System\oPuSHMp.exe
  2⤵
  PID:3788
- C:\Windows\System\ZogtIor.exe
  C:\Windows\System\ZogtIor.exe
  2⤵
  PID:3808
- C:\Windows\System\kyZCIkh.exe
  C:\Windows\System\kyZCIkh.exe
  2⤵
  PID:3828
- C:\Windows\System\Qrppmvi.exe
  C:\Windows\System\Qrppmvi.exe
  2⤵
  PID:3844
- C:\Windows\System\TGxRjik.exe
  C:\Windows\System\TGxRjik.exe
  2⤵
  PID:3868
- C:\Windows\System\nJHfAgc.exe
  C:\Windows\System\nJHfAgc.exe
  2⤵
  PID:3888
- C:\Windows\System\fxTFxwt.exe
  C:\Windows\System\fxTFxwt.exe
  2⤵
  PID:3908
- C:\Windows\System\JLavGaB.exe
  C:\Windows\System\JLavGaB.exe
  2⤵
  PID:3928
- C:\Windows\System\BANqKuW.exe
  C:\Windows\System\BANqKuW.exe
  2⤵
  PID:3948
- C:\Windows\System\qDhNbqu.exe
  C:\Windows\System\qDhNbqu.exe
  2⤵
  PID:3968
- C:\Windows\System\cweyEfo.exe
  C:\Windows\System\cweyEfo.exe
  2⤵
  PID:3988
- C:\Windows\System\AThWaVb.exe
  C:\Windows\System\AThWaVb.exe
  2⤵
  PID:4008
- C:\Windows\System\fCWApLx.exe
  C:\Windows\System\fCWApLx.exe
  2⤵
  PID:4028
- C:\Windows\System\ktrTNtU.exe
  C:\Windows\System\ktrTNtU.exe
  2⤵
  PID:4048
- C:\Windows\System\RkQfnGP.exe
  C:\Windows\System\RkQfnGP.exe
  2⤵
  PID:4068
- C:\Windows\System\OpJANFq.exe
  C:\Windows\System\OpJANFq.exe
  2⤵
  PID:4088
- C:\Windows\System\xCSoJLz.exe
  C:\Windows\System\xCSoJLz.exe
  2⤵
  PID:2972
- C:\Windows\System\rTfLMAF.exe
  C:\Windows\System\rTfLMAF.exe
  2⤵
  PID:1744
- C:\Windows\System\CTSRdOJ.exe
  C:\Windows\System\CTSRdOJ.exe
  2⤵
  PID:2116
- C:\Windows\System\xOVUySK.exe
  C:\Windows\System\xOVUySK.exe
  2⤵
  PID:2216
- C:\Windows\System\LrEOWDR.exe
  C:\Windows\System\LrEOWDR.exe
  2⤵
  PID:1528
- C:\Windows\System\baFtwwq.exe
  C:\Windows\System\baFtwwq.exe
  2⤵
  PID:2228
- C:\Windows\System\GmRXrJO.exe
  C:\Windows\System\GmRXrJO.exe
  2⤵
  PID:1732
- C:\Windows\System\sfLFKtb.exe
  C:\Windows\System\sfLFKtb.exe
  2⤵
  PID:1168
- C:\Windows\System\YeHlHrG.exe
  C:\Windows\System\YeHlHrG.exe
  2⤵
  PID:3108
- C:\Windows\System\hLWOYnO.exe
  C:\Windows\System\hLWOYnO.exe
  2⤵
  PID:3168
- C:\Windows\System\YvWzXSY.exe
  C:\Windows\System\YvWzXSY.exe
  2⤵
  PID:3152
- C:\Windows\System\GABXCRH.exe
  C:\Windows\System\GABXCRH.exe
  2⤵
  PID:3216
- C:\Windows\System\BvMTIMS.exe
  C:\Windows\System\BvMTIMS.exe
  2⤵
  PID:3236
- C:\Windows\System\abvjfEd.exe
  C:\Windows\System\abvjfEd.exe
  2⤵
  PID:3292
- C:\Windows\System\toCJccC.exe
  C:\Windows\System\toCJccC.exe
  2⤵
  PID:3336
- C:\Windows\System\nQPjmZt.exe
  C:\Windows\System\nQPjmZt.exe
  2⤵
  PID:3352
- C:\Windows\System\WRroUrl.exe
  C:\Windows\System\WRroUrl.exe
  2⤵
  PID:3356
- C:\Windows\System\QrNgwAF.exe
  C:\Windows\System\QrNgwAF.exe
  2⤵
  PID:3392
- C:\Windows\System\RRQjksl.exe
  C:\Windows\System\RRQjksl.exe
  2⤵
  PID:3432
- C:\Windows\System\Uzclobn.exe
  C:\Windows\System\Uzclobn.exe
  2⤵
  PID:3500
- C:\Windows\System\JnjrQGh.exe
  C:\Windows\System\JnjrQGh.exe
  2⤵
  PID:3532
- C:\Windows\System\BMvLxuB.exe
  C:\Windows\System\BMvLxuB.exe
  2⤵
  PID:3536
- C:\Windows\System\uYcCxFu.exe
  C:\Windows\System\uYcCxFu.exe
  2⤵
  PID:3580
- C:\Windows\System\XLxIOcf.exe
  C:\Windows\System\XLxIOcf.exe
  2⤵
  PID:3620
- C:\Windows\System\oDnbPVX.exe
  C:\Windows\System\oDnbPVX.exe
  2⤵
  PID:3660
- C:\Windows\System\rtralJD.exe
  C:\Windows\System\rtralJD.exe
  2⤵
  PID:2872
- C:\Windows\System\NzfjWJh.exe
  C:\Windows\System\NzfjWJh.exe
  2⤵
  PID:3704
- C:\Windows\System\hlRwyPC.exe
  C:\Windows\System\hlRwyPC.exe
  2⤵
  PID:3716
- C:\Windows\System\oQRtxYj.exe
  C:\Windows\System\oQRtxYj.exe
  2⤵
  PID:3756
- C:\Windows\System\rnpYNUJ.exe
  C:\Windows\System\rnpYNUJ.exe
  2⤵
  PID:3816
- C:\Windows\System\KuMXtJs.exe
  C:\Windows\System\KuMXtJs.exe
  2⤵
  PID:3820
- C:\Windows\System\GyqvQMy.exe
  C:\Windows\System\GyqvQMy.exe
  2⤵
  PID:3840
- C:\Windows\System\AemcMYR.exe
  C:\Windows\System\AemcMYR.exe
  2⤵
  PID:3904
- C:\Windows\System\yHkkoSx.exe
  C:\Windows\System\yHkkoSx.exe
  2⤵
  PID:3944
- C:\Windows\System\UrXYDnK.exe
  C:\Windows\System\UrXYDnK.exe
  2⤵
  PID:3976
- C:\Windows\System\JgUBtrW.exe
  C:\Windows\System\JgUBtrW.exe
  2⤵
  PID:3996
- C:\Windows\System\ynTcQQe.exe
  C:\Windows\System\ynTcQQe.exe
  2⤵
  PID:4064
- C:\Windows\System\KTJkfwF.exe
  C:\Windows\System\KTJkfwF.exe
  2⤵
  PID:1488
- C:\Windows\System\LSkNCGH.exe
  C:\Windows\System\LSkNCGH.exe
  2⤵
  PID:2868
- C:\Windows\System\aFkmPQB.exe
  C:\Windows\System\aFkmPQB.exe
  2⤵
  PID:2392
- C:\Windows\System\LAfIYPl.exe
  C:\Windows\System\LAfIYPl.exe
  2⤵
  PID:1644
- C:\Windows\System\syJqTbv.exe
  C:\Windows\System\syJqTbv.exe
  2⤵
  PID:1020
- C:\Windows\System\HvxvuYC.exe
  C:\Windows\System\HvxvuYC.exe
  2⤵
  PID:2736
- C:\Windows\System\EypJszx.exe
  C:\Windows\System\EypJszx.exe
  2⤵
  PID:3076
- C:\Windows\System\UhLomsc.exe
  C:\Windows\System\UhLomsc.exe
  2⤵
  PID:3136
- C:\Windows\System\GuXfFTf.exe
  C:\Windows\System\GuXfFTf.exe
  2⤵
  PID:3192
- C:\Windows\System\rvqXjbd.exe
  C:\Windows\System\rvqXjbd.exe
  2⤵
  PID:3296
- C:\Windows\System\SGecpaA.exe
  C:\Windows\System\SGecpaA.exe
  2⤵
  PID:3316
- C:\Windows\System\GTpVwNe.exe
  C:\Windows\System\GTpVwNe.exe
  2⤵
  PID:3376
- C:\Windows\System\RsfXGGB.exe
  C:\Windows\System\RsfXGGB.exe
  2⤵
  PID:2828
- C:\Windows\System\CAcoLnv.exe
  C:\Windows\System\CAcoLnv.exe
  2⤵
  PID:1872
- C:\Windows\System\CitmlFX.exe
  C:\Windows\System\CitmlFX.exe
  2⤵
  PID:1200
- C:\Windows\System\JXnvswN.exe
  C:\Windows\System\JXnvswN.exe
  2⤵
  PID:1380
- C:\Windows\System\lrNLZeY.exe
  C:\Windows\System\lrNLZeY.exe
  2⤵
  PID:3560
- C:\Windows\System\SKSfLbA.exe
  C:\Windows\System\SKSfLbA.exe
  2⤵
  PID:3556
- C:\Windows\System\XMZPBJS.exe
  C:\Windows\System\XMZPBJS.exe
  2⤵
  PID:3652
- C:\Windows\System\lnWKeyQ.exe
  C:\Windows\System\lnWKeyQ.exe
  2⤵
  PID:3684
- C:\Windows\System\aFmbNdh.exe
  C:\Windows\System\aFmbNdh.exe
  2⤵
  PID:3744
- C:\Windows\System\uVWcooN.exe
  C:\Windows\System\uVWcooN.exe
  2⤵
  PID:3796
- C:\Windows\System\uEHEmJt.exe
  C:\Windows\System\uEHEmJt.exe
  2⤵
  PID:3780
- C:\Windows\System\XIAbkVH.exe
  C:\Windows\System\XIAbkVH.exe
  2⤵
  PID:3884
- C:\Windows\System\MpDysoI.exe
  C:\Windows\System\MpDysoI.exe
  2⤵
  PID:3960
- C:\Windows\System\iiKAfdD.exe
  C:\Windows\System\iiKAfdD.exe
  2⤵
  PID:2568
- C:\Windows\System\sAaGkdE.exe
  C:\Windows\System\sAaGkdE.exe
  2⤵
  PID:4084
- C:\Windows\System\vdpZPTy.exe
  C:\Windows\System\vdpZPTy.exe
  2⤵
  PID:4040
- C:\Windows\System\kPfMjmR.exe
  C:\Windows\System\kPfMjmR.exe
  2⤵
  PID:2064
- C:\Windows\System\zPkIpdm.exe
  C:\Windows\System\zPkIpdm.exe
  2⤵
  PID:1976
- C:\Windows\System\jSATlrC.exe
  C:\Windows\System\jSATlrC.exe
  2⤵
  PID:1216
- C:\Windows\System\vTrxpmr.exe
  C:\Windows\System\vTrxpmr.exe
  2⤵
  PID:2980
- C:\Windows\System\SgkQWJs.exe
  C:\Windows\System\SgkQWJs.exe
  2⤵
  PID:1668
- C:\Windows\System\cjiuxur.exe
  C:\Windows\System\cjiuxur.exe
  2⤵
  PID:3188
- C:\Windows\System\VeUdBNj.exe
  C:\Windows\System\VeUdBNj.exe
  2⤵
  PID:2220
- C:\Windows\System\psFOIgs.exe
  C:\Windows\System\psFOIgs.exe
  2⤵
  PID:3420
- C:\Windows\System\OQbPflR.exe
  C:\Windows\System\OQbPflR.exe
  2⤵
  PID:2044
- C:\Windows\System\LnFaYZU.exe
  C:\Windows\System\LnFaYZU.exe
  2⤵
  PID:2688
- C:\Windows\System\BnnITFJ.exe
  C:\Windows\System\BnnITFJ.exe
  2⤵
  PID:3516
- C:\Windows\System\jzmlBHq.exe
  C:\Windows\System\jzmlBHq.exe
  2⤵
  PID:3636
- C:\Windows\System\ynCULVd.exe
  C:\Windows\System\ynCULVd.exe
  2⤵
  PID:3720
- C:\Windows\System\KOqsEVa.exe
  C:\Windows\System\KOqsEVa.exe
  2⤵
  PID:2132
- C:\Windows\System\NZBLVOv.exe
  C:\Windows\System\NZBLVOv.exe
  2⤵
  PID:3836
- C:\Windows\System\EONxCHu.exe
  C:\Windows\System\EONxCHu.exe
  2⤵
  PID:3924
- C:\Windows\System\cjHmfID.exe
  C:\Windows\System\cjHmfID.exe
  2⤵
  PID:4044
- C:\Windows\System\sMvQxmr.exe
  C:\Windows\System\sMvQxmr.exe
  2⤵
  PID:948
- C:\Windows\System\HVIhKpe.exe
  C:\Windows\System\HVIhKpe.exe
  2⤵
  PID:3044
- C:\Windows\System\dzdMQcn.exe
  C:\Windows\System\dzdMQcn.exe
  2⤵
  PID:3112
- C:\Windows\System\PoRKACV.exe
  C:\Windows\System\PoRKACV.exe
  2⤵
  PID:3228
- C:\Windows\System\NahYsxg.exe
  C:\Windows\System\NahYsxg.exe
  2⤵
  PID:3332
- C:\Windows\System\eKzlDSD.exe
  C:\Windows\System\eKzlDSD.exe
  2⤵
  PID:4104
- C:\Windows\System\MuiajOL.exe
  C:\Windows\System\MuiajOL.exe
  2⤵
  PID:4128
- C:\Windows\System\GNpvfYo.exe
  C:\Windows\System\GNpvfYo.exe
  2⤵
  PID:4144
- C:\Windows\System\fsvtSvX.exe
  C:\Windows\System\fsvtSvX.exe
  2⤵
  PID:4168
- C:\Windows\System\XvFzPdA.exe
  C:\Windows\System\XvFzPdA.exe
  2⤵
  PID:4188
- C:\Windows\System\IjRdhsd.exe
  C:\Windows\System\IjRdhsd.exe
  2⤵
  PID:4208
- C:\Windows\System\qfeLsAj.exe
  C:\Windows\System\qfeLsAj.exe
  2⤵
  PID:4224
- C:\Windows\System\lSNzEmh.exe
  C:\Windows\System\lSNzEmh.exe
  2⤵
  PID:4248
- C:\Windows\System\qMlVDRq.exe
  C:\Windows\System\qMlVDRq.exe
  2⤵
  PID:4268
- C:\Windows\System\sLlXszf.exe
  C:\Windows\System\sLlXszf.exe
  2⤵
  PID:4288
- C:\Windows\System\yoySsJA.exe
  C:\Windows\System\yoySsJA.exe
  2⤵
  PID:4304
- C:\Windows\System\zxIRodn.exe
  C:\Windows\System\zxIRodn.exe
  2⤵
  PID:4328
- C:\Windows\System\tCrUHYo.exe
  C:\Windows\System\tCrUHYo.exe
  2⤵
  PID:4348
- C:\Windows\System\oBbdznJ.exe
  C:\Windows\System\oBbdznJ.exe
  2⤵
  PID:4368
- C:\Windows\System\uXLQbju.exe
  C:\Windows\System\uXLQbju.exe
  2⤵
  PID:4388
- C:\Windows\System\dfvFMQP.exe
  C:\Windows\System\dfvFMQP.exe
  2⤵
  PID:4408
- C:\Windows\System\BlkMIqV.exe
  C:\Windows\System\BlkMIqV.exe
  2⤵
  PID:4428
- C:\Windows\System\qytUNNK.exe
  C:\Windows\System\qytUNNK.exe
  2⤵
  PID:4448
- C:\Windows\System\GeSaZlX.exe
  C:\Windows\System\GeSaZlX.exe
  2⤵
  PID:4468
- C:\Windows\System\ITmLPTM.exe
  C:\Windows\System\ITmLPTM.exe
  2⤵
  PID:4488
- C:\Windows\System\PdVIaMj.exe
  C:\Windows\System\PdVIaMj.exe
  2⤵
  PID:4508
- C:\Windows\System\lxwTwoT.exe
  C:\Windows\System\lxwTwoT.exe
  2⤵
  PID:4528
- C:\Windows\System\FxYsEsZ.exe
  C:\Windows\System\FxYsEsZ.exe
  2⤵
  PID:4548
- C:\Windows\System\hnLJOTq.exe
  C:\Windows\System\hnLJOTq.exe
  2⤵
  PID:4568
- C:\Windows\System\vjgwcYU.exe
  C:\Windows\System\vjgwcYU.exe
  2⤵
  PID:4584
- C:\Windows\System\RublwEM.exe
  C:\Windows\System\RublwEM.exe
  2⤵
  PID:4608
- C:\Windows\System\YYbaKHz.exe
  C:\Windows\System\YYbaKHz.exe
  2⤵
  PID:4628
- C:\Windows\System\tmebinx.exe
  C:\Windows\System\tmebinx.exe
  2⤵
  PID:4648
- C:\Windows\System\fKNJaLj.exe
  C:\Windows\System\fKNJaLj.exe
  2⤵
  PID:4668
- C:\Windows\System\XOmfHFU.exe
  C:\Windows\System\XOmfHFU.exe
  2⤵
  PID:4688
- C:\Windows\System\QFuLBBc.exe
  C:\Windows\System\QFuLBBc.exe
  2⤵
  PID:4708
- C:\Windows\System\eBNnHAm.exe
  C:\Windows\System\eBNnHAm.exe
  2⤵
  PID:4728
- C:\Windows\System\XsmHQtf.exe
  C:\Windows\System\XsmHQtf.exe
  2⤵
  PID:4748
- C:\Windows\System\olLFqAr.exe
  C:\Windows\System\olLFqAr.exe
  2⤵
  PID:4768
- C:\Windows\System\bPRjujr.exe
  C:\Windows\System\bPRjujr.exe
  2⤵
  PID:4788
- C:\Windows\System\rxsKoul.exe
  C:\Windows\System\rxsKoul.exe
  2⤵
  PID:4808
- C:\Windows\System\oieEcEi.exe
  C:\Windows\System\oieEcEi.exe
  2⤵
  PID:4828
- C:\Windows\System\PgnPNzI.exe
  C:\Windows\System\PgnPNzI.exe
  2⤵
  PID:4848
- C:\Windows\System\hJCCWJg.exe
  C:\Windows\System\hJCCWJg.exe
  2⤵
  PID:4868
- C:\Windows\System\XFHnoqO.exe
  C:\Windows\System\XFHnoqO.exe
  2⤵
  PID:4888
- C:\Windows\System\virkyOf.exe
  C:\Windows\System\virkyOf.exe
  2⤵
  PID:4908
- C:\Windows\System\wkYPqsh.exe
  C:\Windows\System\wkYPqsh.exe
  2⤵
  PID:4936
- C:\Windows\System\dZfXEDb.exe
  C:\Windows\System\dZfXEDb.exe
  2⤵
  PID:4956
- C:\Windows\System\iegSnKA.exe
  C:\Windows\System\iegSnKA.exe
  2⤵
  PID:4976
- C:\Windows\System\kbbISsa.exe
  C:\Windows\System\kbbISsa.exe
  2⤵
  PID:4996
- C:\Windows\System\bYHRKrQ.exe
  C:\Windows\System\bYHRKrQ.exe
  2⤵
  PID:5016
- C:\Windows\System\nlOCQGh.exe
  C:\Windows\System\nlOCQGh.exe
  2⤵
  PID:5036
- C:\Windows\System\qEbzMNT.exe
  C:\Windows\System\qEbzMNT.exe
  2⤵
  PID:5056
- C:\Windows\System\ZUQArRz.exe
  C:\Windows\System\ZUQArRz.exe
  2⤵
  PID:5076
- C:\Windows\System\zJNjxLf.exe
  C:\Windows\System\zJNjxLf.exe
  2⤵
  PID:5096
- C:\Windows\System\SfwGXOv.exe
  C:\Windows\System\SfwGXOv.exe
  2⤵
  PID:5116
- C:\Windows\System\HaPtIwB.exe
  C:\Windows\System\HaPtIwB.exe
  2⤵
  PID:2760
- C:\Windows\System\bmxAmMq.exe
  C:\Windows\System\bmxAmMq.exe
  2⤵
  PID:3632
- C:\Windows\System\oglhDEP.exe
  C:\Windows\System\oglhDEP.exe
  2⤵
  PID:1496
- C:\Windows\System\QJxIuPx.exe
  C:\Windows\System\QJxIuPx.exe
  2⤵
  PID:3880
- C:\Windows\System\Shfuppc.exe
  C:\Windows\System\Shfuppc.exe
  2⤵
  PID:4020
- C:\Windows\System\pKJassy.exe
  C:\Windows\System\pKJassy.exe
  2⤵
  PID:4024
- C:\Windows\System\MuqTNFZ.exe
  C:\Windows\System\MuqTNFZ.exe
  2⤵
  PID:2952
- C:\Windows\System\XQJXvrk.exe
  C:\Windows\System\XQJXvrk.exe
  2⤵
  PID:3492
- C:\Windows\System\ZgsAeMW.exe
  C:\Windows\System\ZgsAeMW.exe
  2⤵
  PID:4124
- C:\Windows\System\iUQnlXb.exe
  C:\Windows\System\iUQnlXb.exe
  2⤵
  PID:4160
- C:\Windows\System\YwIblFj.exe
  C:\Windows\System\YwIblFj.exe
  2⤵
  PID:4196
- C:\Windows\System\DftoSQm.exe
  C:\Windows\System\DftoSQm.exe
  2⤵
  PID:4180
- C:\Windows\System\gFetMUx.exe
  C:\Windows\System\gFetMUx.exe
  2⤵
  PID:4236
- C:\Windows\System\qLHrTQB.exe
  C:\Windows\System\qLHrTQB.exe
  2⤵
  PID:4260
- C:\Windows\System\RDoOiYU.exe
  C:\Windows\System\RDoOiYU.exe
  2⤵
  PID:4316
- C:\Windows\System\IKcrCyX.exe
  C:\Windows\System\IKcrCyX.exe
  2⤵
  PID:4364
- C:\Windows\System\eoXMOVP.exe
  C:\Windows\System\eoXMOVP.exe
  2⤵
  PID:4404
- C:\Windows\System\cGKAxNT.exe
  C:\Windows\System\cGKAxNT.exe
  2⤵
  PID:4400
- C:\Windows\System\kQSOnTd.exe
  C:\Windows\System\kQSOnTd.exe
  2⤵
  PID:4440
- C:\Windows\System\SumziEW.exe
  C:\Windows\System\SumziEW.exe
  2⤵
  PID:4464
- C:\Windows\System\EjPdnft.exe
  C:\Windows\System\EjPdnft.exe
  2⤵
  PID:4504
- C:\Windows\System\AlPwVij.exe
  C:\Windows\System\AlPwVij.exe
  2⤵
  PID:4544
- C:\Windows\System\hXijkHL.exe
  C:\Windows\System\hXijkHL.exe
  2⤵
  PID:4600
- C:\Windows\System\rKUStkm.exe
  C:\Windows\System\rKUStkm.exe
  2⤵
  PID:4580
- C:\Windows\System\DeUJokh.exe
  C:\Windows\System\DeUJokh.exe
  2⤵
  PID:4620
- C:\Windows\System\vBvpCwh.exe
  C:\Windows\System\vBvpCwh.exe
  2⤵
  PID:4664
- C:\Windows\System\CkzVKYP.exe
  C:\Windows\System\CkzVKYP.exe
  2⤵
  PID:4700
- C:\Windows\System\AqwNnWA.exe
  C:\Windows\System\AqwNnWA.exe
  2⤵
  PID:4764
- C:\Windows\System\bWqnMdT.exe
  C:\Windows\System\bWqnMdT.exe
  2⤵
  PID:4796
- C:\Windows\System\dZYGwRF.exe
  C:\Windows\System\dZYGwRF.exe
  2⤵
  PID:4780
- C:\Windows\System\wKHlRQj.exe
  C:\Windows\System\wKHlRQj.exe
  2⤵
  PID:4820
- C:\Windows\System\xfUwhZG.exe
  C:\Windows\System\xfUwhZG.exe
  2⤵
  PID:4860
- C:\Windows\System\IRtWnTE.exe
  C:\Windows\System\IRtWnTE.exe
  2⤵
  PID:4904
- C:\Windows\System\lNywJVH.exe
  C:\Windows\System\lNywJVH.exe
  2⤵
  PID:4972
- C:\Windows\System\anRcrvE.exe
  C:\Windows\System\anRcrvE.exe
  2⤵
  PID:4948
- C:\Windows\System\ZbEdwiU.exe
  C:\Windows\System\ZbEdwiU.exe
  2⤵
  PID:4992
- C:\Windows\System\YNwGibe.exe
  C:\Windows\System\YNwGibe.exe
  2⤵
  PID:5028
- C:\Windows\System\ZvGrTPR.exe
  C:\Windows\System\ZvGrTPR.exe
  2⤵
  PID:5092
- C:\Windows\System\qErwocL.exe
  C:\Windows\System\qErwocL.exe
  2⤵
  PID:2144
- C:\Windows\System\ESYQjQT.exe
  C:\Windows\System\ESYQjQT.exe
  2⤵
  PID:3480
- C:\Windows\System\XyjlVEA.exe
  C:\Windows\System\XyjlVEA.exe
  2⤵
  PID:3640
- C:\Windows\System\PUeaUwy.exe
  C:\Windows\System\PUeaUwy.exe
  2⤵
  PID:872
- C:\Windows\System\hFxNHWF.exe
  C:\Windows\System\hFxNHWF.exe
  2⤵
  PID:4016
- C:\Windows\System\NauchRS.exe
  C:\Windows\System\NauchRS.exe
  2⤵
  PID:3172
- C:\Windows\System\tgEMQde.exe
  C:\Windows\System\tgEMQde.exe
  2⤵
  PID:4140
- C:\Windows\System\cXOaWKd.exe
  C:\Windows\System\cXOaWKd.exe
  2⤵
  PID:4220
- C:\Windows\System\nuRFZWv.exe
  C:\Windows\System\nuRFZWv.exe
  2⤵
  PID:4312
- C:\Windows\System\nXoKYxA.exe
  C:\Windows\System\nXoKYxA.exe
  2⤵
  PID:4300
- C:\Windows\System\ccEpTtn.exe
  C:\Windows\System\ccEpTtn.exe
  2⤵
  PID:4340
- C:\Windows\System\ByROfyR.exe
  C:\Windows\System\ByROfyR.exe
  2⤵
  PID:4384
- C:\Windows\System\rZCmvoU.exe
  C:\Windows\System\rZCmvoU.exe
  2⤵
  PID:4480
- C:\Windows\System\YvDOAKp.exe
  C:\Windows\System\YvDOAKp.exe
  2⤵
  PID:4556
- C:\Windows\System\bFCcKqP.exe
  C:\Windows\System\bFCcKqP.exe
  2⤵
  PID:4596
- C:\Windows\System\EjeTDAC.exe
  C:\Windows\System\EjeTDAC.exe
  2⤵
  PID:4684
- C:\Windows\System\SGxwATV.exe
  C:\Windows\System\SGxwATV.exe
  2⤵
  PID:4716
- C:\Windows\System\dYYQXHk.exe
  C:\Windows\System\dYYQXHk.exe
  2⤵
  PID:4760
- C:\Windows\System\jxbFSTm.exe
  C:\Windows\System\jxbFSTm.exe
  2⤵
  PID:4880
- C:\Windows\System\MJvYIYA.exe
  C:\Windows\System\MJvYIYA.exe
  2⤵
  PID:4876
- C:\Windows\System\aWYkYMH.exe
  C:\Windows\System\aWYkYMH.exe
  2⤵
  PID:4964
- C:\Windows\System\BFmZeYc.exe
  C:\Windows\System\BFmZeYc.exe
  2⤵
  PID:5012
- C:\Windows\System\oHZCwXG.exe
  C:\Windows\System\oHZCwXG.exe
  2⤵
  PID:5044
- C:\Windows\System\hJDcVHU.exe
  C:\Windows\System\hJDcVHU.exe
  2⤵
  PID:5064
- C:\Windows\System\DVfDBiS.exe
  C:\Windows\System\DVfDBiS.exe
  2⤵
  PID:3612
- C:\Windows\System\OPWLOvf.exe
  C:\Windows\System\OPWLOvf.exe
  2⤵
  PID:3804
- C:\Windows\System\OIvtYUr.exe
  C:\Windows\System\OIvtYUr.exe
  2⤵
  PID:2072
- C:\Windows\System\dHoBLOG.exe
  C:\Windows\System\dHoBLOG.exe
  2⤵
  PID:1936
- C:\Windows\System\FSMfTxk.exe
  C:\Windows\System\FSMfTxk.exe
  2⤵
  PID:4116
- C:\Windows\System\rXeZNhi.exe
  C:\Windows\System\rXeZNhi.exe
  2⤵
  PID:4244
- C:\Windows\System\iWxipgZ.exe
  C:\Windows\System\iWxipgZ.exe
  2⤵
  PID:4356
- C:\Windows\System\aBfKfEZ.exe
  C:\Windows\System\aBfKfEZ.exe
  2⤵
  PID:4456
- C:\Windows\System\KGmofzr.exe
  C:\Windows\System\KGmofzr.exe
  2⤵
  PID:4520
- C:\Windows\System\GmMpZZL.exe
  C:\Windows\System\GmMpZZL.exe
  2⤵
  PID:4636
- C:\Windows\System\PmQlqEl.exe
  C:\Windows\System\PmQlqEl.exe
  2⤵
  PID:4720
- C:\Windows\System\AoZXmrP.exe
  C:\Windows\System\AoZXmrP.exe
  2⤵
  PID:4824
- C:\Windows\System\ImMcAca.exe
  C:\Windows\System\ImMcAca.exe
  2⤵
  PID:4932
- C:\Windows\System\dlQLvCj.exe
  C:\Windows\System\dlQLvCj.exe
  2⤵
  PID:4968
- C:\Windows\System\HFAMmHp.exe
  C:\Windows\System\HFAMmHp.exe
  2⤵
  PID:5048
- C:\Windows\System\FgLBjkf.exe
  C:\Windows\System\FgLBjkf.exe
  2⤵
  PID:3800
- C:\Windows\System\bwEaRba.exe
  C:\Windows\System\bwEaRba.exe
  2⤵
  PID:3288
- C:\Windows\System\CQzQTwd.exe
  C:\Windows\System\CQzQTwd.exe
  2⤵
  PID:5140
- C:\Windows\System\CmdyQVe.exe
  C:\Windows\System\CmdyQVe.exe
  2⤵
  PID:5160
- C:\Windows\System\tWvLdtO.exe
  C:\Windows\System\tWvLdtO.exe
  2⤵
  PID:5180
- C:\Windows\System\IFASKiV.exe
  C:\Windows\System\IFASKiV.exe
  2⤵
  PID:5200
- C:\Windows\System\osdLEPp.exe
  C:\Windows\System\osdLEPp.exe
  2⤵
  PID:5220
- C:\Windows\System\yaKpFHk.exe
  C:\Windows\System\yaKpFHk.exe
  2⤵
  PID:5240
- C:\Windows\System\YGremNs.exe
  C:\Windows\System\YGremNs.exe
  2⤵
  PID:5260
- C:\Windows\System\kbTegYn.exe
  C:\Windows\System\kbTegYn.exe
  2⤵
  PID:5280
- C:\Windows\System\neXYsea.exe
  C:\Windows\System\neXYsea.exe
  2⤵
  PID:5300
- C:\Windows\System\UKnSkMM.exe
  C:\Windows\System\UKnSkMM.exe
  2⤵
  PID:5320
- C:\Windows\System\mdjTQPk.exe
  C:\Windows\System\mdjTQPk.exe
  2⤵
  PID:5340
- C:\Windows\System\jJoWbto.exe
  C:\Windows\System\jJoWbto.exe
  2⤵
  PID:5360
- C:\Windows\System\vAQSmLL.exe
  C:\Windows\System\vAQSmLL.exe
  2⤵
  PID:5380
- C:\Windows\System\BFKcVVV.exe
  C:\Windows\System\BFKcVVV.exe
  2⤵
  PID:5404
- C:\Windows\System\inKMMBW.exe
  C:\Windows\System\inKMMBW.exe
  2⤵
  PID:5424
- C:\Windows\System\LKXqJxB.exe
  C:\Windows\System\LKXqJxB.exe
  2⤵
  PID:5444
- C:\Windows\System\GpfYGxs.exe
  C:\Windows\System\GpfYGxs.exe
  2⤵
  PID:5460
- C:\Windows\System\tLXKvEL.exe
  C:\Windows\System\tLXKvEL.exe
  2⤵
  PID:5484
- C:\Windows\System\bPczHoW.exe
  C:\Windows\System\bPczHoW.exe
  2⤵
  PID:5504
- C:\Windows\System\LqGcHBA.exe
  C:\Windows\System\LqGcHBA.exe
  2⤵
  PID:5524
- C:\Windows\System\UUWmehg.exe
  C:\Windows\System\UUWmehg.exe
  2⤵
  PID:5544
- C:\Windows\System\egStQCo.exe
  C:\Windows\System\egStQCo.exe
  2⤵
  PID:5564
- C:\Windows\System\lvWDFLu.exe
  C:\Windows\System\lvWDFLu.exe
  2⤵
  PID:5584
- C:\Windows\System\oVeIwxe.exe
  C:\Windows\System\oVeIwxe.exe
  2⤵
  PID:5604
- C:\Windows\System\fxdDRnq.exe
  C:\Windows\System\fxdDRnq.exe
  2⤵
  PID:5624
- C:\Windows\System\ZGagfPo.exe
  C:\Windows\System\ZGagfPo.exe
  2⤵
  PID:5644
- C:\Windows\System\MHjNIYL.exe
  C:\Windows\System\MHjNIYL.exe
  2⤵
  PID:5664
- C:\Windows\System\eCtlkZe.exe
  C:\Windows\System\eCtlkZe.exe
  2⤵
  PID:5684
- C:\Windows\System\YNEVAnz.exe
  C:\Windows\System\YNEVAnz.exe
  2⤵
  PID:5704
- C:\Windows\System\nRUErVR.exe
  C:\Windows\System\nRUErVR.exe
  2⤵
  PID:5724
- C:\Windows\System\XlRCjBn.exe
  C:\Windows\System\XlRCjBn.exe
  2⤵
  PID:5744
- C:\Windows\System\BaTVwuT.exe
  C:\Windows\System\BaTVwuT.exe
  2⤵
  PID:5764
- C:\Windows\System\ebbSbSv.exe
  C:\Windows\System\ebbSbSv.exe
  2⤵
  PID:5784
- C:\Windows\System\sKAveZl.exe
  C:\Windows\System\sKAveZl.exe
  2⤵
  PID:5804
- C:\Windows\System\GmRGHDa.exe
  C:\Windows\System\GmRGHDa.exe
  2⤵
  PID:5824
- C:\Windows\System\joWLMYr.exe
  C:\Windows\System\joWLMYr.exe
  2⤵
  PID:5844
- C:\Windows\System\xVnaqlz.exe
  C:\Windows\System\xVnaqlz.exe
  2⤵
  PID:5864
- C:\Windows\System\fOVwPWv.exe
  C:\Windows\System\fOVwPWv.exe
  2⤵
  PID:5884
- C:\Windows\System\fDPGZrJ.exe
  C:\Windows\System\fDPGZrJ.exe
  2⤵
  PID:5904
- C:\Windows\System\OPoeuWB.exe
  C:\Windows\System\OPoeuWB.exe
  2⤵
  PID:5924
- C:\Windows\System\BcFXDfD.exe
  C:\Windows\System\BcFXDfD.exe
  2⤵
  PID:5944
- C:\Windows\System\ReFQQlJ.exe
  C:\Windows\System\ReFQQlJ.exe
  2⤵
  PID:5964
- C:\Windows\System\IgPeVrZ.exe
  C:\Windows\System\IgPeVrZ.exe
  2⤵
  PID:5984
- C:\Windows\System\xVplklN.exe
  C:\Windows\System\xVplklN.exe
  2⤵
  PID:6004
- C:\Windows\System\FFZfnMO.exe
  C:\Windows\System\FFZfnMO.exe
  2⤵
  PID:6024
- C:\Windows\System\CfLMvBw.exe
  C:\Windows\System\CfLMvBw.exe
  2⤵
  PID:6044
- C:\Windows\System\UlIgTZl.exe
  C:\Windows\System\UlIgTZl.exe
  2⤵
  PID:6064
- C:\Windows\System\BAxAxze.exe
  C:\Windows\System\BAxAxze.exe
  2⤵
  PID:6084
- C:\Windows\System\CbtmOyy.exe
  C:\Windows\System\CbtmOyy.exe
  2⤵
  PID:6104
- C:\Windows\System\pFKoMtN.exe
  C:\Windows\System\pFKoMtN.exe
  2⤵
  PID:6124
- C:\Windows\System\btkxRHQ.exe
  C:\Windows\System\btkxRHQ.exe
  2⤵
  PID:4156
- C:\Windows\System\haYvcFP.exe
  C:\Windows\System\haYvcFP.exe
  2⤵
  PID:4184
- C:\Windows\System\UHxCbVM.exe
  C:\Windows\System\UHxCbVM.exe
  2⤵
  PID:4320
- C:\Windows\System\eDnsdHk.exe
  C:\Windows\System\eDnsdHk.exe
  2⤵
  PID:4484
- C:\Windows\System\tMoetMl.exe
  C:\Windows\System\tMoetMl.exe
  2⤵
  PID:4704
- C:\Windows\System\FZAmczv.exe
  C:\Windows\System\FZAmczv.exe
  2⤵
  PID:4784
- C:\Windows\System\VBEKUCx.exe
  C:\Windows\System\VBEKUCx.exe
  2⤵
  PID:5032
- C:\Windows\System\DTKGeJd.exe
  C:\Windows\System\DTKGeJd.exe
  2⤵
  PID:636
- C:\Windows\System\OFbdBvV.exe
  C:\Windows\System\OFbdBvV.exe
  2⤵
  PID:5128
- C:\Windows\System\fNVwMbQ.exe
  C:\Windows\System\fNVwMbQ.exe
  2⤵
  PID:5152
- C:\Windows\System\ceJSAim.exe
  C:\Windows\System\ceJSAim.exe
  2⤵
  PID:5176
- C:\Windows\System\xzCFmgn.exe
  C:\Windows\System\xzCFmgn.exe
  2⤵
  PID:5228
- C:\Windows\System\UYcjrZB.exe
  C:\Windows\System\UYcjrZB.exe
  2⤵
  PID:5276
- C:\Windows\System\IkjqMXk.exe
  C:\Windows\System\IkjqMXk.exe
  2⤵
  PID:5292
- C:\Windows\System\XbXgJYS.exe
  C:\Windows\System\XbXgJYS.exe
  2⤵
  PID:5352
- C:\Windows\System\UwVNDdz.exe
  C:\Windows\System\UwVNDdz.exe
  2⤵
  PID:5368
- C:\Windows\System\OXVASMr.exe
  C:\Windows\System\OXVASMr.exe
  2⤵
  PID:5396
- C:\Windows\System\zgmkrHe.exe
  C:\Windows\System\zgmkrHe.exe
  2⤵
  PID:5416
- C:\Windows\System\fWGDJqJ.exe
  C:\Windows\System\fWGDJqJ.exe
  2⤵
  PID:5452
- C:\Windows\System\jSCIkSR.exe
  C:\Windows\System\jSCIkSR.exe
  2⤵
  PID:5500
- C:\Windows\System\pxyFzVG.exe
  C:\Windows\System\pxyFzVG.exe
  2⤵
  PID:5532
- C:\Windows\System\BZqqgGL.exe
  C:\Windows\System\BZqqgGL.exe
  2⤵
  PID:5536
- C:\Windows\System\WaHJVHM.exe
  C:\Windows\System\WaHJVHM.exe
  2⤵
  PID:5576
- C:\Windows\System\jFkTExv.exe
  C:\Windows\System\jFkTExv.exe
  2⤵
  PID:5616
- C:\Windows\System\gfYYreq.exe
  C:\Windows\System\gfYYreq.exe
  2⤵
  PID:5660
- C:\Windows\System\UDKiWkv.exe
  C:\Windows\System\UDKiWkv.exe
  2⤵
  PID:5712
- C:\Windows\System\cFyCpdy.exe
  C:\Windows\System\cFyCpdy.exe
  2⤵
  PID:5720
- C:\Windows\System\uCnOgoy.exe
  C:\Windows\System\uCnOgoy.exe
  2⤵
  PID:5740
- C:\Windows\System\udSijCg.exe
  C:\Windows\System\udSijCg.exe
  2⤵
  PID:5792
- C:\Windows\System\jUVDFKn.exe
  C:\Windows\System\jUVDFKn.exe
  2⤵
  PID:5832
- C:\Windows\System\AdSKdFM.exe
  C:\Windows\System\AdSKdFM.exe
  2⤵
  PID:5836
- C:\Windows\System\XkHlWWM.exe
  C:\Windows\System\XkHlWWM.exe
  2⤵
  PID:5880
- C:\Windows\System\htSoSDY.exe
  C:\Windows\System\htSoSDY.exe
  2⤵
  PID:5912
- C:\Windows\System\DGlRiHG.exe
  C:\Windows\System\DGlRiHG.exe
  2⤵
  PID:5952
- C:\Windows\System\LkrPhig.exe
  C:\Windows\System\LkrPhig.exe
  2⤵
  PID:5956
- C:\Windows\System\ncwCAnl.exe
  C:\Windows\System\ncwCAnl.exe
  2⤵
  PID:5996
- C:\Windows\System\ftEXTgh.exe
  C:\Windows\System\ftEXTgh.exe
  2⤵
  PID:6016
- C:\Windows\System\oRwzAEK.exe
  C:\Windows\System\oRwzAEK.exe
  2⤵
  PID:6076
- C:\Windows\System\xgbVdqf.exe
  C:\Windows\System\xgbVdqf.exe
  2⤵
  PID:6092
- C:\Windows\System\idEbweM.exe
  C:\Windows\System\idEbweM.exe
  2⤵
  PID:6140
- C:\Windows\System\UOlnpQu.exe
  C:\Windows\System\UOlnpQu.exe
  2⤵
  PID:4380
- C:\Windows\System\fkygYXh.exe
  C:\Windows\System\fkygYXh.exe
  2⤵
  PID:4420
- C:\Windows\System\EYNNDZy.exe
  C:\Windows\System\EYNNDZy.exe
  2⤵
  PID:4640
- C:\Windows\System\pDxavMW.exe
  C:\Windows\System\pDxavMW.exe
  2⤵
  PID:4776
- C:\Windows\System\cjCupsy.exe
  C:\Windows\System\cjCupsy.exe
  2⤵
  PID:3736
- C:\Windows\System\sanhXWz.exe
  C:\Windows\System\sanhXWz.exe
  2⤵
  PID:1352
- C:\Windows\System\mtoBgCB.exe
  C:\Windows\System\mtoBgCB.exe
  2⤵
  PID:5192
- C:\Windows\System\dEeOIan.exe
  C:\Windows\System\dEeOIan.exe
  2⤵
  PID:5268
- C:\Windows\System\OQxNujr.exe
  C:\Windows\System\OQxNujr.exe
  2⤵
  PID:5336
- C:\Windows\System\SHXWhjs.exe
  C:\Windows\System\SHXWhjs.exe
  2⤵
  PID:5372
- C:\Windows\System\LeBGnlh.exe
  C:\Windows\System\LeBGnlh.exe
  2⤵
  PID:5440
- C:\Windows\System\GMQVBMx.exe
  C:\Windows\System\GMQVBMx.exe
  2⤵
  PID:5468
- C:\Windows\System\vKzISPW.exe
  C:\Windows\System\vKzISPW.exe
  2⤵
  PID:5556
- C:\Windows\System\wTrHXaO.exe
  C:\Windows\System\wTrHXaO.exe
  2⤵
  PID:5580
- C:\Windows\System\QpAYcdF.exe
  C:\Windows\System\QpAYcdF.exe
  2⤵
  PID:5612
- C:\Windows\System\RLKzFRJ.exe
  C:\Windows\System\RLKzFRJ.exe
  2⤵
  PID:5636
- C:\Windows\System\EkhOCFM.exe
  C:\Windows\System\EkhOCFM.exe
  2⤵
  PID:5732
- C:\Windows\System\QZzbukW.exe
  C:\Windows\System\QZzbukW.exe
  2⤵
  PID:5796
- C:\Windows\System\nsvaYwq.exe
  C:\Windows\System\nsvaYwq.exe
  2⤵
  PID:5820
- C:\Windows\System\LRKTjqo.exe
  C:\Windows\System\LRKTjqo.exe
  2⤵
  PID:5892
- C:\Windows\System\AMkMIBf.exe
  C:\Windows\System\AMkMIBf.exe
  2⤵
  PID:5916
- C:\Windows\System\NmwVpRr.exe
  C:\Windows\System\NmwVpRr.exe
  2⤵
  PID:5936
- C:\Windows\System\NxYbfxw.exe
  C:\Windows\System\NxYbfxw.exe
  2⤵
  PID:6080
- C:\Windows\System\zmAMrwc.exe
  C:\Windows\System\zmAMrwc.exe
  2⤵
  PID:6096
- C:\Windows\System\BAVHlHJ.exe
  C:\Windows\System\BAVHlHJ.exe
  2⤵
  PID:4176
- C:\Windows\System\JutqcIN.exe
  C:\Windows\System\JutqcIN.exe
  2⤵
  PID:4396
- C:\Windows\System\KnrrOaL.exe
  C:\Windows\System\KnrrOaL.exe
  2⤵
  PID:4564
- C:\Windows\System\BiSsAoX.exe
  C:\Windows\System\BiSsAoX.exe
  2⤵
  PID:5156
- C:\Windows\System\CKMZnyx.exe
  C:\Windows\System\CKMZnyx.exe
  2⤵
  PID:5232
- C:\Windows\System\yTdgeIn.exe
  C:\Windows\System\yTdgeIn.exe
  2⤵
  PID:5248
- C:\Windows\System\HKIFBiu.exe
  C:\Windows\System\HKIFBiu.exe
  2⤵
  PID:5312
- C:\Windows\System\gbfrSLe.exe
  C:\Windows\System\gbfrSLe.exe
  2⤵
  PID:5388
- C:\Windows\System\UjNeRiW.exe
  C:\Windows\System\UjNeRiW.exe
  2⤵
  PID:5540
- C:\Windows\System\umyxnds.exe
  C:\Windows\System\umyxnds.exe
  2⤵
  PID:5676
- C:\Windows\System\tLKEJDY.exe
  C:\Windows\System\tLKEJDY.exe
  2⤵
  PID:4656
- C:\Windows\System\PNNsfNH.exe
  C:\Windows\System\PNNsfNH.exe
  2⤵
  PID:5696
- C:\Windows\System\KrxlGTt.exe
  C:\Windows\System\KrxlGTt.exe
  2⤵
  PID:5872
- C:\Windows\System\ZfUinUT.exe
  C:\Windows\System\ZfUinUT.exe
  2⤵
  PID:5896
- C:\Windows\System\VQQqdjB.exe
  C:\Windows\System\VQQqdjB.exe
  2⤵
  PID:6032
- C:\Windows\System\EJRIFnk.exe
  C:\Windows\System\EJRIFnk.exe
  2⤵
  PID:6020
- C:\Windows\System\bJkcaea.exe
  C:\Windows\System\bJkcaea.exe
  2⤵
  PID:6136
- C:\Windows\System\yEBMmwb.exe
  C:\Windows\System\yEBMmwb.exe
  2⤵
  PID:4844
- C:\Windows\System\wiSjeOG.exe
  C:\Windows\System\wiSjeOG.exe
  2⤵
  PID:5252
- C:\Windows\System\cidoZQd.exe
  C:\Windows\System\cidoZQd.exe
  2⤵
  PID:5472
- C:\Windows\System\wUTEkuZ.exe
  C:\Windows\System\wUTEkuZ.exe
  2⤵
  PID:2748
- C:\Windows\System\DTfSjdN.exe
  C:\Windows\System\DTfSjdN.exe
  2⤵
  PID:2464
- C:\Windows\System\KULnYXO.exe
  C:\Windows\System\KULnYXO.exe
  2⤵
  PID:2784
- C:\Windows\System\InokHnT.exe
  C:\Windows\System\InokHnT.exe
  2⤵
  PID:5760
- C:\Windows\System\hueHjQL.exe
  C:\Windows\System\hueHjQL.exe
  2⤵
  PID:6056
- C:\Windows\System\pREMPzN.exe
  C:\Windows\System\pREMPzN.exe
  2⤵
  PID:6052
- C:\Windows\System\aJbvYJy.exe
  C:\Windows\System\aJbvYJy.exe
  2⤵
  PID:3008
- C:\Windows\System\zcsztDV.exe
  C:\Windows\System\zcsztDV.exe
  2⤵
  PID:5136
- C:\Windows\System\HStsmtz.exe
  C:\Windows\System\HStsmtz.exe
  2⤵
  PID:1256
- C:\Windows\System\BmywUgW.exe
  C:\Windows\System\BmywUgW.exe
  2⤵
  PID:6156
- C:\Windows\System\tBluJTz.exe
  C:\Windows\System\tBluJTz.exe
  2⤵
  PID:6176
- C:\Windows\System\QAqROtV.exe
  C:\Windows\System\QAqROtV.exe
  2⤵
  PID:6196
- C:\Windows\System\uJRLuII.exe
  C:\Windows\System\uJRLuII.exe
  2⤵
  PID:6216
- C:\Windows\System\TbQxmPX.exe
  C:\Windows\System\TbQxmPX.exe
  2⤵
  PID:6236
- C:\Windows\System\tUCwrbQ.exe
  C:\Windows\System\tUCwrbQ.exe
  2⤵
  PID:6256
- C:\Windows\System\Epcxhox.exe
  C:\Windows\System\Epcxhox.exe
  2⤵
  PID:6276
- C:\Windows\System\OaZKBKP.exe
  C:\Windows\System\OaZKBKP.exe
  2⤵
  PID:6296
- C:\Windows\System\WpUPPrO.exe
  C:\Windows\System\WpUPPrO.exe
  2⤵
  PID:6316
- C:\Windows\System\DBWVfAP.exe
  C:\Windows\System\DBWVfAP.exe
  2⤵
  PID:6336
- C:\Windows\System\ITdCCTt.exe
  C:\Windows\System\ITdCCTt.exe
  2⤵
  PID:6356
- C:\Windows\System\jTcGoGZ.exe
  C:\Windows\System\jTcGoGZ.exe
  2⤵
  PID:6376
- C:\Windows\System\TvrsNlG.exe
  C:\Windows\System\TvrsNlG.exe
  2⤵
  PID:6396
- C:\Windows\System\iKQSyZB.exe
  C:\Windows\System\iKQSyZB.exe
  2⤵
  PID:6416
- C:\Windows\System\rqvCNqW.exe
  C:\Windows\System\rqvCNqW.exe
  2⤵
  PID:6436
- C:\Windows\System\ugCPuJG.exe
  C:\Windows\System\ugCPuJG.exe
  2⤵
  PID:6456
- C:\Windows\System\UUupRgQ.exe
  C:\Windows\System\UUupRgQ.exe
  2⤵
  PID:6492
- C:\Windows\System\gQcKLtB.exe
  C:\Windows\System\gQcKLtB.exe
  2⤵
  PID:6512
- C:\Windows\System\LteZuVv.exe
  C:\Windows\System\LteZuVv.exe
  2⤵
  PID:6548
- C:\Windows\System\jTGlmrO.exe
  C:\Windows\System\jTGlmrO.exe
  2⤵
  PID:6564
- C:\Windows\System\QLIrdlr.exe
  C:\Windows\System\QLIrdlr.exe
  2⤵
  PID:6588
- C:\Windows\System\ySPqses.exe
  C:\Windows\System\ySPqses.exe
  2⤵
  PID:6608
- C:\Windows\System\tIpFMiP.exe
  C:\Windows\System\tIpFMiP.exe
  2⤵
  PID:6624
- C:\Windows\System\psuHjVD.exe
  C:\Windows\System\psuHjVD.exe
  2⤵
  PID:6640
- C:\Windows\System\TmQlMEf.exe
  C:\Windows\System\TmQlMEf.exe
  2⤵
  PID:6664
- C:\Windows\System\TTWUIji.exe
  C:\Windows\System\TTWUIji.exe
  2⤵
  PID:6680
- C:\Windows\System\PfVufid.exe
  C:\Windows\System\PfVufid.exe
  2⤵
  PID:6696
- C:\Windows\System\bhvYKKu.exe
  C:\Windows\System\bhvYKKu.exe
  2⤵
  PID:6716
- C:\Windows\System\afJRhud.exe
  C:\Windows\System\afJRhud.exe
  2⤵
  PID:6732
- C:\Windows\System\GJPJtOi.exe
  C:\Windows\System\GJPJtOi.exe
  2⤵
  PID:6748
- C:\Windows\System\cvdZsCX.exe
  C:\Windows\System\cvdZsCX.exe
  2⤵
  PID:6764
- C:\Windows\System\iyKQNSm.exe
  C:\Windows\System\iyKQNSm.exe
  2⤵
  PID:6784
- C:\Windows\System\mkLeoQV.exe
  C:\Windows\System\mkLeoQV.exe
  2⤵
  PID:6800
- C:\Windows\System\TlInfnU.exe
  C:\Windows\System\TlInfnU.exe
  2⤵
  PID:6816
- C:\Windows\System\iNYESwL.exe
  C:\Windows\System\iNYESwL.exe
  2⤵
  PID:6860
- C:\Windows\System\OMKDeOZ.exe
  C:\Windows\System\OMKDeOZ.exe
  2⤵
  PID:6880
- C:\Windows\System\NomaQGF.exe
  C:\Windows\System\NomaQGF.exe
  2⤵
  PID:6900
- C:\Windows\System\neAFfVm.exe
  C:\Windows\System\neAFfVm.exe
  2⤵
  PID:6920
- C:\Windows\System\UZxuUhr.exe
  C:\Windows\System\UZxuUhr.exe
  2⤵
  PID:6940
- C:\Windows\System\AnHlZJH.exe
  C:\Windows\System\AnHlZJH.exe
  2⤵
  PID:6960
- C:\Windows\System\wMNuyeI.exe
  C:\Windows\System\wMNuyeI.exe
  2⤵
  PID:6976
- C:\Windows\System\xrJeoOV.exe
  C:\Windows\System\xrJeoOV.exe
  2⤵
  PID:7000
- C:\Windows\System\LjDMROv.exe
  C:\Windows\System\LjDMROv.exe
  2⤵
  PID:7028
- C:\Windows\System\NzkoPgu.exe
  C:\Windows\System\NzkoPgu.exe
  2⤵
  PID:7048
- C:\Windows\System\sgTlWvv.exe
  C:\Windows\System\sgTlWvv.exe
  2⤵
  PID:7064
- C:\Windows\System\wWZraRA.exe
  C:\Windows\System\wWZraRA.exe
  2⤵
  PID:7084
- C:\Windows\System\FVllSAv.exe
  C:\Windows\System\FVllSAv.exe
  2⤵
  PID:7108
- C:\Windows\System\ZNQrVqJ.exe
  C:\Windows\System\ZNQrVqJ.exe
  2⤵
  PID:7124
- C:\Windows\System\VRIepyT.exe
  C:\Windows\System\VRIepyT.exe
  2⤵
  PID:7140
- C:\Windows\System\BVFinOf.exe
  C:\Windows\System\BVFinOf.exe
  2⤵
  PID:7160
- C:\Windows\System\eKmifKV.exe
  C:\Windows\System\eKmifKV.exe
  2⤵
  PID:5332
- C:\Windows\System\zJfpSLh.exe
  C:\Windows\System\zJfpSLh.exe
  2⤵
  PID:1332
- C:\Windows\System\xNsaOMe.exe
  C:\Windows\System\xNsaOMe.exe
  2⤵
  PID:264
- C:\Windows\System\CSoXzPL.exe
  C:\Windows\System\CSoXzPL.exe
  2⤵
  PID:5980
- C:\Windows\System\ZAizzCj.exe
  C:\Windows\System\ZAizzCj.exe
  2⤵
  PID:2884
- C:\Windows\System\RCcPZos.exe
  C:\Windows\System\RCcPZos.exe
  2⤵
  PID:2924
- C:\Windows\System\TQHmaVS.exe
  C:\Windows\System\TQHmaVS.exe
  2⤵
  PID:1932
- C:\Windows\System\RzoTMqx.exe
  C:\Windows\System\RzoTMqx.exe
  2⤵
  PID:5132
- C:\Windows\System\eBaNLyv.exe
  C:\Windows\System\eBaNLyv.exe
  2⤵
  PID:6224
- C:\Windows\System\zFQYiMO.exe
  C:\Windows\System\zFQYiMO.exe
  2⤵
  PID:6232
- C:\Windows\System\ddHoNFa.exe
  C:\Windows\System\ddHoNFa.exe
  2⤵
  PID:2336
- C:\Windows\System\KAbUTdX.exe
  C:\Windows\System\KAbUTdX.exe
  2⤵
  PID:2340
- C:\Windows\System\YSWiwsj.exe
  C:\Windows\System\YSWiwsj.exe
  2⤵
  PID:2948
- C:\Windows\System\pWDqlkO.exe
  C:\Windows\System\pWDqlkO.exe
  2⤵
  PID:6312
- C:\Windows\System\pfGVDgq.exe
  C:\Windows\System\pfGVDgq.exe
  2⤵
  PID:896
- C:\Windows\System\xfShLYI.exe
  C:\Windows\System\xfShLYI.exe
  2⤵
  PID:2564
- C:\Windows\System\hbnNIlb.exe
  C:\Windows\System\hbnNIlb.exe
  2⤵
  PID:6348
- C:\Windows\System\LtcAZlH.exe
  C:\Windows\System\LtcAZlH.exe
  2⤵
  PID:2888
- C:\Windows\System\uxHqHfr.exe
  C:\Windows\System\uxHqHfr.exe
  2⤵
  PID:2012
- C:\Windows\System\cOINIqG.exe
  C:\Windows\System\cOINIqG.exe
  2⤵
  PID:6432
- C:\Windows\System\FnTegZb.exe
  C:\Windows\System\FnTegZb.exe
  2⤵
  PID:2208
- C:\Windows\System\nzBODGP.exe
  C:\Windows\System\nzBODGP.exe
  2⤵
  PID:6444
- C:\Windows\System\pjPPxfT.exe
  C:\Windows\System\pjPPxfT.exe
  2⤵
  PID:6448
- C:\Windows\System\xElrXpx.exe
  C:\Windows\System\xElrXpx.exe
  2⤵
  PID:6520
- C:\Windows\System\EocZbcf.exe
  C:\Windows\System\EocZbcf.exe
  2⤵
  PID:6532
- C:\Windows\System\yBrIxIO.exe
  C:\Windows\System\yBrIxIO.exe
  2⤵
  PID:6524
- C:\Windows\System\vvZTDun.exe
  C:\Windows\System\vvZTDun.exe
  2⤵
  PID:6580
- C:\Windows\System\dTakcxV.exe
  C:\Windows\System\dTakcxV.exe
  2⤵
  PID:6600
- C:\Windows\System\ZapFJrd.exe
  C:\Windows\System\ZapFJrd.exe
  2⤵
  PID:6648
- C:\Windows\System\ePQrqXi.exe
  C:\Windows\System\ePQrqXi.exe
  2⤵
  PID:6688
- C:\Windows\System\jKvxXPy.exe
  C:\Windows\System\jKvxXPy.exe
  2⤵
  PID:6676
- C:\Windows\System\fQqlozk.exe
  C:\Windows\System\fQqlozk.exe
  2⤵
  PID:6756
- C:\Windows\System\YMhoYgL.exe
  C:\Windows\System\YMhoYgL.exe
  2⤵
  PID:6824
- C:\Windows\System\LHgMvuP.exe
  C:\Windows\System\LHgMvuP.exe
  2⤵
  PID:6740
- C:\Windows\System\jhquqHC.exe
  C:\Windows\System\jhquqHC.exe
  2⤵
  PID:6776
- C:\Windows\System\QaKiYAz.exe
  C:\Windows\System\QaKiYAz.exe
  2⤵
  PID:6932
- C:\Windows\System\ogaLmPS.exe
  C:\Windows\System\ogaLmPS.exe
  2⤵
  PID:7008
- C:\Windows\System\URAKXIQ.exe
  C:\Windows\System\URAKXIQ.exe
  2⤵
  PID:7024
- C:\Windows\System\bgTPETy.exe
  C:\Windows\System\bgTPETy.exe
  2⤵
  PID:6956
- C:\Windows\System\CDKhUYF.exe
  C:\Windows\System\CDKhUYF.exe
  2⤵
  PID:7044
- C:\Windows\System\qGbVzQp.exe
  C:\Windows\System\qGbVzQp.exe
  2⤵
  PID:7080
- C:\Windows\System\HLdkbuX.exe
  C:\Windows\System\HLdkbuX.exe
  2⤵
  PID:7100
- C:\Windows\System\ktoAqcH.exe
  C:\Windows\System\ktoAqcH.exe
  2⤵
  PID:5560
- C:\Windows\System\PyycZRj.exe
  C:\Windows\System\PyycZRj.exe
  2⤵
  PID:2244
- C:\Windows\System\MueNDVU.exe
  C:\Windows\System\MueNDVU.exe
  2⤵
  PID:7120
- C:\Windows\System\JwzhykW.exe
  C:\Windows\System\JwzhykW.exe
  2⤵
  PID:7152
- C:\Windows\System\scIEzkb.exe
  C:\Windows\System\scIEzkb.exe
  2⤵
  PID:5860
- C:\Windows\System\qFpEkjn.exe
  C:\Windows\System\qFpEkjn.exe
  2⤵
  PID:5008
- C:\Windows\System\qEvwxdr.exe
  C:\Windows\System\qEvwxdr.exe
  2⤵
  PID:6168
- C:\Windows\System\XxgRdZz.exe
  C:\Windows\System\XxgRdZz.exe
  2⤵
  PID:6164
- C:\Windows\System\IvwdjTA.exe
  C:\Windows\System\IvwdjTA.exe
  2⤵
  PID:6248
- C:\Windows\System\AwrGdcN.exe
  C:\Windows\System\AwrGdcN.exe
  2⤵
  PID:6212
- C:\Windows\System\LapCRAX.exe
  C:\Windows\System\LapCRAX.exe
  2⤵
  PID:6388
- C:\Windows\System\gTsmaNM.exe
  C:\Windows\System\gTsmaNM.exe
  2⤵
  PID:6544
- C:\Windows\System\lEjcnxt.exe
  C:\Windows\System\lEjcnxt.exe
  2⤵
  PID:1628
- C:\Windows\System\faaNEkz.exe
  C:\Windows\System\faaNEkz.exe
  2⤵
  PID:3064
- C:\Windows\System\XaWhvGh.exe
  C:\Windows\System\XaWhvGh.exe
  2⤵
  PID:6472
- C:\Windows\System\KTUVils.exe
  C:\Windows\System\KTUVils.exe
  2⤵
  PID:6724
- C:\Windows\System\yChmArN.exe
  C:\Windows\System\yChmArN.exe
  2⤵
  PID:6796
- C:\Windows\System\YVSLWUc.exe
  C:\Windows\System\YVSLWUc.exe
  2⤵
  PID:6540
- C:\Windows\System\CqONPPx.exe
  C:\Windows\System\CqONPPx.exe
  2⤵
  PID:6836
- C:\Windows\System\eeOmDvZ.exe
  C:\Windows\System\eeOmDvZ.exe
  2⤵
  PID:6352
- C:\Windows\System\KCbiWOn.exe
  C:\Windows\System\KCbiWOn.exe
  2⤵
  PID:6536
- C:\Windows\System\OkrEeQD.exe
  C:\Windows\System\OkrEeQD.exe
  2⤵
  PID:6632
- C:\Windows\System\xpDdNWr.exe
  C:\Windows\System\xpDdNWr.exe
  2⤵
  PID:6728
- C:\Windows\System\GtzdxXS.exe
  C:\Windows\System\GtzdxXS.exe
  2⤵
  PID:6772
- C:\Windows\System\THMCMTH.exe
  C:\Windows\System\THMCMTH.exe
  2⤵
  PID:6916
- C:\Windows\System\zNVAfKp.exe
  C:\Windows\System\zNVAfKp.exe
  2⤵
  PID:7060
- C:\Windows\System\ucbwvWM.exe
  C:\Windows\System\ucbwvWM.exe
  2⤵
  PID:7092
- C:\Windows\System\HbyGVXo.exe
  C:\Windows\System\HbyGVXo.exe
  2⤵
  PID:6992
- C:\Windows\System\EoCeoKB.exe
  C:\Windows\System\EoCeoKB.exe
  2⤵
  PID:6192
- C:\Windows\System\vbaSeQc.exe
  C:\Windows\System\vbaSeQc.exe
  2⤵
  PID:2520
- C:\Windows\System\qJvKFTQ.exe
  C:\Windows\System\qJvKFTQ.exe
  2⤵
  PID:2348
- C:\Windows\System\TiyHqsU.exe
  C:\Windows\System\TiyHqsU.exe
  2⤵
  PID:4928
- C:\Windows\System\BSKTNyR.exe
  C:\Windows\System\BSKTNyR.exe
  2⤵
  PID:6620
- C:\Windows\System\kjJmxyc.exe
  C:\Windows\System\kjJmxyc.exe
  2⤵
  PID:6424
- C:\Windows\System\EyRqTNg.exe
  C:\Windows\System\EyRqTNg.exe
  2⤵
  PID:6852
- C:\Windows\System\hBbgnpZ.exe
  C:\Windows\System\hBbgnpZ.exe
  2⤵
  PID:2160
- C:\Windows\System\LjouGZu.exe
  C:\Windows\System\LjouGZu.exe
  2⤵
  PID:6244
- C:\Windows\System\JWfJrBU.exe
  C:\Windows\System\JWfJrBU.exe
  2⤵
  PID:5772
- C:\Windows\System\ZJnZzWh.exe
  C:\Windows\System\ZJnZzWh.exe
  2⤵
  PID:6780
- C:\Windows\System\QLYjIVB.exe
  C:\Windows\System\QLYjIVB.exe
  2⤵
  PID:6704
- C:\Windows\System\pdICrup.exe
  C:\Windows\System\pdICrup.exe
  2⤵
  PID:6364
- C:\Windows\System\AstjRmU.exe
  C:\Windows\System\AstjRmU.exe
  2⤵
  PID:6872
- C:\Windows\System\hvEOwYn.exe
  C:\Windows\System\hvEOwYn.exe
  2⤵
  PID:7020
- C:\Windows\System\mfgbQGD.exe
  C:\Windows\System\mfgbQGD.exe
  2⤵
  PID:6120
- C:\Windows\System\iBcfINN.exe
  C:\Windows\System\iBcfINN.exe
  2⤵
  PID:4816
- C:\Windows\System\WvFzUNn.exe
  C:\Windows\System\WvFzUNn.exe
  2⤵
  PID:2300
- C:\Windows\System\tkVZvDJ.exe
  C:\Windows\System\tkVZvDJ.exe
  2⤵
  PID:7056
- C:\Windows\System\dVHMnQe.exe
  C:\Windows\System\dVHMnQe.exe
  2⤵
  PID:6928
- C:\Windows\System\PJMAQOC.exe
  C:\Windows\System\PJMAQOC.exe
  2⤵
  PID:6292
- C:\Windows\System\yfjRmbh.exe
  C:\Windows\System\yfjRmbh.exe
  2⤵
  PID:5296
- C:\Windows\System\abrlywy.exe
  C:\Windows\System\abrlywy.exe
  2⤵
  PID:6304
- C:\Windows\System\kqRrHej.exe
  C:\Windows\System\kqRrHej.exe
  2⤵
  PID:2544
- C:\Windows\System\jLDBEXR.exe
  C:\Windows\System\jLDBEXR.exe
  2⤵
  PID:6808
- C:\Windows\System\VxkGKYa.exe
  C:\Windows\System\VxkGKYa.exe
  2⤵
  PID:580
- C:\Windows\System\dDzfFZf.exe
  C:\Windows\System\dDzfFZf.exe
  2⤵
  PID:2452
- C:\Windows\System\moCQLPv.exe
  C:\Windows\System\moCQLPv.exe
  2⤵
  PID:7184
- C:\Windows\System\dwQrgzr.exe
  C:\Windows\System\dwQrgzr.exe
  2⤵
  PID:7204
- C:\Windows\System\rYxLkTv.exe
  C:\Windows\System\rYxLkTv.exe
  2⤵
  PID:7224
- C:\Windows\System\KaTqMDh.exe
  C:\Windows\System\KaTqMDh.exe
  2⤵
  PID:7264
- C:\Windows\System\JCMeTXK.exe
  C:\Windows\System\JCMeTXK.exe
  2⤵
  PID:7288
- C:\Windows\System\umhVlfI.exe
  C:\Windows\System\umhVlfI.exe
  2⤵
  PID:7308
- C:\Windows\System\YjSFzML.exe
  C:\Windows\System\YjSFzML.exe
  2⤵
  PID:7328
- C:\Windows\System\XcXRgfb.exe
  C:\Windows\System\XcXRgfb.exe
  2⤵
  PID:7348
- C:\Windows\System\FPYaiCa.exe
  C:\Windows\System\FPYaiCa.exe
  2⤵
  PID:7364
- C:\Windows\System\adopdww.exe
  C:\Windows\System\adopdww.exe
  2⤵
  PID:7380
- C:\Windows\System\BKbIVht.exe
  C:\Windows\System\BKbIVht.exe
  2⤵
  PID:7412
- C:\Windows\System\QnHTcjY.exe
  C:\Windows\System\QnHTcjY.exe
  2⤵
  PID:7432
- C:\Windows\System\uUXBOfC.exe
  C:\Windows\System\uUXBOfC.exe
  2⤵
  PID:7448
- C:\Windows\System\tIMxJuR.exe
  C:\Windows\System\tIMxJuR.exe
  2⤵
  PID:7464
- C:\Windows\System\oiuEyTc.exe
  C:\Windows\System\oiuEyTc.exe
  2⤵
  PID:7484
- C:\Windows\System\NNMIzus.exe
  C:\Windows\System\NNMIzus.exe
  2⤵
  PID:7500
- C:\Windows\System\fMSlWKI.exe
  C:\Windows\System\fMSlWKI.exe
  2⤵
  PID:7520
- C:\Windows\System\PHnWfrK.exe
  C:\Windows\System\PHnWfrK.exe
  2⤵
  PID:7540
- C:\Windows\System\UxBcSUl.exe
  C:\Windows\System\UxBcSUl.exe
  2⤵
  PID:7556
- C:\Windows\System\hcKNwrZ.exe
  C:\Windows\System\hcKNwrZ.exe
  2⤵
  PID:7572
- C:\Windows\System\ticKDuD.exe
  C:\Windows\System\ticKDuD.exe
  2⤵
  PID:7588
- C:\Windows\System\GzkyvFT.exe
  C:\Windows\System\GzkyvFT.exe
  2⤵
  PID:7608
- C:\Windows\System\IyIWyWo.exe
  C:\Windows\System\IyIWyWo.exe
  2⤵
  PID:7624
- C:\Windows\System\SArPOrY.exe
  C:\Windows\System\SArPOrY.exe
  2⤵
  PID:7640
- C:\Windows\System\PRAcXVl.exe
  C:\Windows\System\PRAcXVl.exe
  2⤵
  PID:7656
- C:\Windows\System\vGEeTSB.exe
  C:\Windows\System\vGEeTSB.exe
  2⤵
  PID:7672
- C:\Windows\System\Sbuuatw.exe
  C:\Windows\System\Sbuuatw.exe
  2⤵
  PID:7736
- C:\Windows\System\HHnaBpV.exe
  C:\Windows\System\HHnaBpV.exe
  2⤵
  PID:7752
- C:\Windows\System\AXeAFUe.exe
  C:\Windows\System\AXeAFUe.exe
  2⤵
  PID:7768
- C:\Windows\System\dTNDYqU.exe
  C:\Windows\System\dTNDYqU.exe
  2⤵
  PID:7784
- C:\Windows\System\BvRUDIa.exe
  C:\Windows\System\BvRUDIa.exe
  2⤵
  PID:7800
- C:\Windows\System\NLSlykO.exe
  C:\Windows\System\NLSlykO.exe
  2⤵
  PID:7816
- C:\Windows\System\SncvBaZ.exe
  C:\Windows\System\SncvBaZ.exe
  2⤵
  PID:7836
- C:\Windows\System\EyRRHdA.exe
  C:\Windows\System\EyRRHdA.exe
  2⤵
  PID:7852
- C:\Windows\System\hrVEnen.exe
  C:\Windows\System\hrVEnen.exe
  2⤵
  PID:7872
- C:\Windows\System\OIxfFKs.exe
  C:\Windows\System\OIxfFKs.exe
  2⤵
  PID:7892
- C:\Windows\System\rTIxFok.exe
  C:\Windows\System\rTIxFok.exe
  2⤵
  PID:7912
- C:\Windows\System\gjUSeJg.exe
  C:\Windows\System\gjUSeJg.exe
  2⤵
  PID:7932
- C:\Windows\System\BIojRiZ.exe
  C:\Windows\System\BIojRiZ.exe
  2⤵
  PID:7952
- C:\Windows\System\UxPYLEK.exe
  C:\Windows\System\UxPYLEK.exe
  2⤵
  PID:7972
- C:\Windows\System\kIWtHjZ.exe
  C:\Windows\System\kIWtHjZ.exe
  2⤵
  PID:7992
- C:\Windows\System\cAiDWmP.exe
  C:\Windows\System\cAiDWmP.exe
  2⤵
  PID:8032
- C:\Windows\System\nghDepl.exe
  C:\Windows\System\nghDepl.exe
  2⤵
  PID:8052
- C:\Windows\System\EjUJpcn.exe
  C:\Windows\System\EjUJpcn.exe
  2⤵
  PID:8068
- C:\Windows\System\nbWLJrW.exe
  C:\Windows\System\nbWLJrW.exe
  2⤵
  PID:8092
- C:\Windows\System\yyqIcjz.exe
  C:\Windows\System\yyqIcjz.exe
  2⤵
  PID:8112
- C:\Windows\System\lOAsAUj.exe
  C:\Windows\System\lOAsAUj.exe
  2⤵
  PID:8132
- C:\Windows\System\qKWxxZs.exe
  C:\Windows\System\qKWxxZs.exe
  2⤵
  PID:8148
- C:\Windows\System\YatcKQN.exe
  C:\Windows\System\YatcKQN.exe
  2⤵
  PID:8168
- C:\Windows\System\cBNkMkC.exe
  C:\Windows\System\cBNkMkC.exe
  2⤵
  PID:8184
- C:\Windows\System\HxsoyrW.exe
  C:\Windows\System\HxsoyrW.exe
  2⤵
  PID:7196
- C:\Windows\System\tvpjmOb.exe
  C:\Windows\System\tvpjmOb.exe
  2⤵
  PID:7012
- C:\Windows\System\KNpPQsk.exe
  C:\Windows\System\KNpPQsk.exe
  2⤵
  PID:7248
- C:\Windows\System\piRTlwP.exe
  C:\Windows\System\piRTlwP.exe
  2⤵
  PID:6888
- C:\Windows\System\kXxZDUa.exe
  C:\Windows\System\kXxZDUa.exe
  2⤵
  PID:7236
- C:\Windows\System\EEekPrg.exe
  C:\Windows\System\EEekPrg.exe
  2⤵
  PID:1796
- C:\Windows\System\PBAtXIM.exe
  C:\Windows\System\PBAtXIM.exe
  2⤵
  PID:2192
- C:\Windows\System\izLWNVT.exe
  C:\Windows\System\izLWNVT.exe
  2⤵
  PID:7296
- C:\Windows\System\lrjGQqu.exe
  C:\Windows\System\lrjGQqu.exe
  2⤵
  PID:7180
- C:\Windows\System\yqvrdXi.exe
  C:\Windows\System\yqvrdXi.exe
  2⤵
  PID:7284
- C:\Windows\System\rchkSyI.exe
  C:\Windows\System\rchkSyI.exe
  2⤵
  PID:7324
- C:\Windows\System\wLSChsc.exe
  C:\Windows\System\wLSChsc.exe
  2⤵
  PID:7372
- C:\Windows\System\nbfNmgH.exe
  C:\Windows\System\nbfNmgH.exe
  2⤵
  PID:7388
- C:\Windows\System\pdYueHg.exe
  C:\Windows\System\pdYueHg.exe
  2⤵
  PID:7472
- C:\Windows\System\tGRXjMy.exe
  C:\Windows\System\tGRXjMy.exe
  2⤵
  PID:7536
- C:\Windows\System\uHfntPy.exe
  C:\Windows\System\uHfntPy.exe
  2⤵
  PID:7604
- C:\Windows\System\ECqMkvg.exe
  C:\Windows\System\ECqMkvg.exe
  2⤵
  PID:7668
- C:\Windows\System\IVBkBWi.exe
  C:\Windows\System\IVBkBWi.exe
  2⤵
  PID:7708
- C:\Windows\System\YBHBGEp.exe
  C:\Windows\System\YBHBGEp.exe
  2⤵
  PID:7548
- C:\Windows\System\SCqsJgs.exe
  C:\Windows\System\SCqsJgs.exe
  2⤵
  PID:7616
- C:\Windows\System\ytmnLbz.exe
  C:\Windows\System\ytmnLbz.exe
  2⤵
  PID:7652
- C:\Windows\System\NhKkYzF.exe
  C:\Windows\System\NhKkYzF.exe
  2⤵
  PID:7808
- C:\Windows\System\nDgDOAo.exe
  C:\Windows\System\nDgDOAo.exe
  2⤵
  PID:7812
- C:\Windows\System\vdUMVEL.exe
  C:\Windows\System\vdUMVEL.exe
  2⤵
  PID:7884
- C:\Windows\System\pVLfoOr.exe
  C:\Windows\System\pVLfoOr.exe
  2⤵
  PID:7964
- C:\Windows\System\EsUbace.exe
  C:\Windows\System\EsUbace.exe
  2⤵
  PID:7968
- C:\Windows\System\RkBuZLu.exe
  C:\Windows\System\RkBuZLu.exe
  2⤵
  PID:7860
- C:\Windows\System\HiaqPco.exe
  C:\Windows\System\HiaqPco.exe
  2⤵
  PID:8004
- C:\Windows\System\OBMOyzM.exe
  C:\Windows\System\OBMOyzM.exe
  2⤵
  PID:7908
- C:\Windows\System\NedElCd.exe
  C:\Windows\System\NedElCd.exe
  2⤵
  PID:7980
- C:\Windows\System\nvNogXY.exe
  C:\Windows\System\nvNogXY.exe
  2⤵
  PID:8044
- C:\Windows\System\xAmNVba.exe
  C:\Windows\System\xAmNVba.exe
  2⤵
  PID:8100
- C:\Windows\System\RaeRPOK.exe
  C:\Windows\System\RaeRPOK.exe
  2⤵
  PID:8084
- C:\Windows\System\HbrdVpV.exe
  C:\Windows\System\HbrdVpV.exe
  2⤵
  PID:8120
- C:\Windows\System\IUqSPUW.exe
  C:\Windows\System\IUqSPUW.exe
  2⤵
  PID:6332
- C:\Windows\System\mJPgfaV.exe
  C:\Windows\System\mJPgfaV.exe
  2⤵
  PID:8160
- C:\Windows\System\JPXdiHH.exe
  C:\Windows\System\JPXdiHH.exe
  2⤵
  PID:7232
- C:\Windows\System\WJKQECf.exe
  C:\Windows\System\WJKQECf.exe
  2⤵
  PID:868
- C:\Windows\System\TYpROMN.exe
  C:\Windows\System\TYpROMN.exe
  2⤵
  PID:7496
- C:\Windows\System\Jnkcvds.exe
  C:\Windows\System\Jnkcvds.exe
  2⤵
  PID:6344
- C:\Windows\System\WgJtxSJ.exe
  C:\Windows\System\WgJtxSJ.exe
  2⤵
  PID:7320
- C:\Windows\System\kqUOhet.exe
  C:\Windows\System\kqUOhet.exe
  2⤵
  PID:7428
- C:\Windows\System\wGNrnzc.exe
  C:\Windows\System\wGNrnzc.exe
  2⤵
  PID:7480
- C:\Windows\System\BuUnpIt.exe
  C:\Windows\System\BuUnpIt.exe
  2⤵
  PID:7404
- C:\Windows\System\toASqgE.exe
  C:\Windows\System\toASqgE.exe
  2⤵
  PID:7696
- C:\Windows\System\kJgUuKa.exe
  C:\Windows\System\kJgUuKa.exe
  2⤵
  PID:7636
- C:\Windows\System\pupTPtD.exe
  C:\Windows\System\pupTPtD.exe
  2⤵
  PID:7720
- C:\Windows\System\WTqhJKb.exe
  C:\Windows\System\WTqhJKb.exe
  2⤵
  PID:7684
- C:\Windows\System\gkjBnXa.exe
  C:\Windows\System\gkjBnXa.exe
  2⤵
  PID:7848
- C:\Windows\System\ZJwsQpG.exe
  C:\Windows\System\ZJwsQpG.exe
  2⤵
  PID:7764
- C:\Windows\System\UqsxABJ.exe
  C:\Windows\System\UqsxABJ.exe
  2⤵
  PID:7868
- C:\Windows\System\oVYOoYI.exe
  C:\Windows\System\oVYOoYI.exe
  2⤵
  PID:7780
- C:\Windows\System\TyLuyeJ.exe
  C:\Windows\System\TyLuyeJ.exe
  2⤵
  PID:7824
- C:\Windows\System\vzVttXw.exe
  C:\Windows\System\vzVttXw.exe
  2⤵
  PID:8140
- C:\Windows\System\koaMuho.exe
  C:\Windows\System\koaMuho.exe
  2⤵
  PID:6404
- C:\Windows\System\HwvtVyf.exe
  C:\Windows\System\HwvtVyf.exe
  2⤵
  PID:6936
- C:\Windows\System\oZNQTpY.exe
  C:\Windows\System\oZNQTpY.exe
  2⤵
  PID:7216
- C:\Windows\System\biEycrt.exe
  C:\Windows\System\biEycrt.exe
  2⤵
  PID:7192
- C:\Windows\System\mgEOrFf.exe
  C:\Windows\System\mgEOrFf.exe
  2⤵
  PID:1604
- C:\Windows\System\rEhJmGZ.exe
  C:\Windows\System\rEhJmGZ.exe
  2⤵
  PID:6988
- C:\Windows\System\FHmNbfE.exe
  C:\Windows\System\FHmNbfE.exe
  2⤵
  PID:7512
- C:\Windows\System\NKgZicI.exe
  C:\Windows\System\NKgZicI.exe
  2⤵
  PID:7728
- C:\Windows\System\EmLoRLI.exe
  C:\Windows\System\EmLoRLI.exe
  2⤵
  PID:1444
- C:\Windows\System\GnKgOxq.exe
  C:\Windows\System\GnKgOxq.exe
  2⤵
  PID:936
- C:\Windows\System\PcWqbRe.exe
  C:\Windows\System\PcWqbRe.exe
  2⤵
  PID:7460
- C:\Windows\System\VZmjaEl.exe
  C:\Windows\System\VZmjaEl.exe
  2⤵
  PID:7600
- C:\Windows\System\cTcjwiZ.exe
  C:\Windows\System\cTcjwiZ.exe
  2⤵
  PID:7584
- C:\Windows\System\hCbAbEG.exe
  C:\Windows\System\hCbAbEG.exe
  2⤵
  PID:8064
- C:\Windows\System\gdmqLWR.exe
  C:\Windows\System\gdmqLWR.exe
  2⤵
  PID:7256
- C:\Windows\System\xilYPYX.exe
  C:\Windows\System\xilYPYX.exe
  2⤵
  PID:7360
- C:\Windows\System\ZipxRTd.exe
  C:\Windows\System\ZipxRTd.exe
  2⤵
  PID:8176
- C:\Windows\System\xfzQtLz.exe
  C:\Windows\System\xfzQtLz.exe
  2⤵
  PID:7336
- C:\Windows\System\tRxrheP.exe
  C:\Windows\System\tRxrheP.exe
  2⤵
  PID:7580
- C:\Windows\System\XdHcSed.exe
  C:\Windows\System\XdHcSed.exe
  2⤵
  PID:7920
- C:\Windows\System\whjRCXC.exe
  C:\Windows\System\whjRCXC.exe
  2⤵
  PID:920
- C:\Windows\System\PyTSyWz.exe
  C:\Windows\System\PyTSyWz.exe
  2⤵
  PID:8008
- C:\Windows\System\szWbDMy.exe
  C:\Windows\System\szWbDMy.exe
  2⤵
  PID:7948
- C:\Windows\System\Syvinmy.exe
  C:\Windows\System\Syvinmy.exe
  2⤵
  PID:7220
- C:\Windows\System\YdgMiEQ.exe
  C:\Windows\System\YdgMiEQ.exe
  2⤵
  PID:8028
- C:\Windows\System\joXgPCk.exe
  C:\Windows\System\joXgPCk.exe
  2⤵
  PID:7904
- C:\Windows\System\WStEIse.exe
  C:\Windows\System\WStEIse.exe
  2⤵
  PID:7928
- C:\Windows\System\qVspDRJ.exe
  C:\Windows\System\qVspDRJ.exe
  2⤵
  PID:8040
- C:\Windows\System\MQgsNmp.exe
  C:\Windows\System\MQgsNmp.exe
  2⤵
  PID:7596
- C:\Windows\System\TKhuAWs.exe
  C:\Windows\System\TKhuAWs.exe
  2⤵
  PID:7748
- C:\Windows\System\YInXlRq.exe
  C:\Windows\System\YInXlRq.exe
  2⤵
  PID:8208
- C:\Windows\System\lRIAwgv.exe
  C:\Windows\System\lRIAwgv.exe
  2⤵
  PID:8256
- C:\Windows\System\BZsFsOV.exe
  C:\Windows\System\BZsFsOV.exe
  2⤵
  PID:8272
- C:\Windows\System\MLBKrLB.exe
  C:\Windows\System\MLBKrLB.exe
  2⤵
  PID:8288
- C:\Windows\System\rseWPJZ.exe
  C:\Windows\System\rseWPJZ.exe
  2⤵
  PID:8304
- C:\Windows\System\HDupqZc.exe
  C:\Windows\System\HDupqZc.exe
  2⤵
  PID:8324
- C:\Windows\System\JvayJdv.exe
  C:\Windows\System\JvayJdv.exe
  2⤵
  PID:8348
- C:\Windows\System\mkHEpkk.exe
  C:\Windows\System\mkHEpkk.exe
  2⤵
  PID:8380
- C:\Windows\System\fNHKUxz.exe
  C:\Windows\System\fNHKUxz.exe
  2⤵
  PID:8400
- C:\Windows\System\iqjFGKD.exe
  C:\Windows\System\iqjFGKD.exe
  2⤵
  PID:8416
- C:\Windows\System\rkVsoPu.exe
  C:\Windows\System\rkVsoPu.exe
  2⤵
  PID:8436
- C:\Windows\System\DOmywFB.exe
  C:\Windows\System\DOmywFB.exe
  2⤵
  PID:8452
- C:\Windows\System\AVxHjQU.exe
  C:\Windows\System\AVxHjQU.exe
  2⤵
  PID:8468
- C:\Windows\System\QzpgYyx.exe
  C:\Windows\System\QzpgYyx.exe
  2⤵
  PID:8484
- C:\Windows\System\ROrjHvh.exe
  C:\Windows\System\ROrjHvh.exe
  2⤵
  PID:8500
- C:\Windows\System\LDByKxt.exe
  C:\Windows\System\LDByKxt.exe
  2⤵
  PID:8528
- C:\Windows\System\hFWHLPl.exe
  C:\Windows\System\hFWHLPl.exe
  2⤵
  PID:8548
- C:\Windows\System\PVRidhi.exe
  C:\Windows\System\PVRidhi.exe
  2⤵
  PID:8568
- C:\Windows\System\bIzgzHT.exe
  C:\Windows\System\bIzgzHT.exe
  2⤵
  PID:8592
- C:\Windows\System\FhAEODt.exe
  C:\Windows\System\FhAEODt.exe
  2⤵
  PID:8612
- C:\Windows\System\PwuVMhD.exe
  C:\Windows\System\PwuVMhD.exe
  2⤵
  PID:8628
- C:\Windows\System\QaKXaKu.exe
  C:\Windows\System\QaKXaKu.exe
  2⤵
  PID:8652
- C:\Windows\System\etKucar.exe
  C:\Windows\System\etKucar.exe
  2⤵
  PID:8684
- C:\Windows\System\XBfktXv.exe
  C:\Windows\System\XBfktXv.exe
  2⤵
  PID:8704
- C:\Windows\System\YmQPmnw.exe
  C:\Windows\System\YmQPmnw.exe
  2⤵
  PID:8720
- C:\Windows\System\guAPndW.exe
  C:\Windows\System\guAPndW.exe
  2⤵
  PID:8740
- C:\Windows\System\TSzZayo.exe
  C:\Windows\System\TSzZayo.exe
  2⤵
  PID:8760
- C:\Windows\System\fgUEjeQ.exe
  C:\Windows\System\fgUEjeQ.exe
  2⤵
  PID:8780
- C:\Windows\System\pAAeaEm.exe
  C:\Windows\System\pAAeaEm.exe
  2⤵
  PID:8800
- C:\Windows\System\RMrLReX.exe
  C:\Windows\System\RMrLReX.exe
  2⤵
  PID:8820
- C:\Windows\System\zIbMvkL.exe
  C:\Windows\System\zIbMvkL.exe
  2⤵
  PID:8840
- C:\Windows\System\zaKfNNs.exe
  C:\Windows\System\zaKfNNs.exe
  2⤵
  PID:8864
- C:\Windows\System\wFHHUqz.exe
  C:\Windows\System\wFHHUqz.exe
  2⤵
  PID:8880
- C:\Windows\System\cJSDTXT.exe
  C:\Windows\System\cJSDTXT.exe
  2⤵
  PID:8900
- C:\Windows\System\okKunCm.exe
  C:\Windows\System\okKunCm.exe
  2⤵
  PID:8916
- C:\Windows\System\usYqCUa.exe
  C:\Windows\System\usYqCUa.exe
  2⤵
  PID:8932
- C:\Windows\System\GlnagKH.exe
  C:\Windows\System\GlnagKH.exe
  2⤵
  PID:8956
- C:\Windows\System\WJkmxFG.exe
  C:\Windows\System\WJkmxFG.exe
  2⤵
  PID:8972
- C:\Windows\System\LhIYUFg.exe
  C:\Windows\System\LhIYUFg.exe
  2⤵
  PID:8988
- C:\Windows\System\BqzTbuj.exe
  C:\Windows\System\BqzTbuj.exe
  2⤵
  PID:9008
- C:\Windows\System\MZxsAtc.exe
  C:\Windows\System\MZxsAtc.exe
  2⤵
  PID:9028
- C:\Windows\System\dGAmIhU.exe
  C:\Windows\System\dGAmIhU.exe
  2⤵
  PID:9056
- C:\Windows\System\fzpdqEJ.exe
  C:\Windows\System\fzpdqEJ.exe
  2⤵
  PID:9076
- C:\Windows\System\kmwqqxo.exe
  C:\Windows\System\kmwqqxo.exe
  2⤵
  PID:9096
- C:\Windows\System\MbDgjId.exe
  C:\Windows\System\MbDgjId.exe
  2⤵
  PID:9112
- C:\Windows\System\IHBEPEF.exe
  C:\Windows\System\IHBEPEF.exe
  2⤵
  PID:9136
- C:\Windows\System\XIfkMWL.exe
  C:\Windows\System\XIfkMWL.exe
  2⤵
  PID:9168
- C:\Windows\System\jplEMpi.exe
  C:\Windows\System\jplEMpi.exe
  2⤵
  PID:9188
- C:\Windows\System\YrQwdMi.exe
  C:\Windows\System\YrQwdMi.exe
  2⤵
  PID:9204
- C:\Windows\System\noyXXmQ.exe
  C:\Windows\System\noyXXmQ.exe
  2⤵
  PID:7704
- C:\Windows\System\DpeoQVE.exe
  C:\Windows\System\DpeoQVE.exe
  2⤵
  PID:7900
- C:\Windows\System\kfbvGkG.exe
  C:\Windows\System\kfbvGkG.exe
  2⤵
  PID:8228
- C:\Windows\System\LfNBOzh.exe
  C:\Windows\System\LfNBOzh.exe
  2⤵
  PID:8076
- C:\Windows\System\vGPnkcW.exe
  C:\Windows\System\vGPnkcW.exe
  2⤵
  PID:8268
- C:\Windows\System\WNktdBl.exe
  C:\Windows\System\WNktdBl.exe
  2⤵
  PID:8320
- C:\Windows\System\QIHvmWU.exe
  C:\Windows\System\QIHvmWU.exe
  2⤵
  PID:8336
- C:\Windows\System\tXKyaPP.exe
  C:\Windows\System\tXKyaPP.exe
  2⤵
  PID:8372
- C:\Windows\System\Vjoxryx.exe
  C:\Windows\System\Vjoxryx.exe
  2⤵
  PID:8392
- C:\Windows\System\qeUXSfY.exe
  C:\Windows\System\qeUXSfY.exe
  2⤵
  PID:8428
- C:\Windows\System\cSXQeIZ.exe
  C:\Windows\System\cSXQeIZ.exe
  2⤵
  PID:8524
- C:\Windows\System\auDxrPs.exe
  C:\Windows\System\auDxrPs.exe
  2⤵
  PID:8600
- C:\Windows\System\fGMjDes.exe
  C:\Windows\System\fGMjDes.exe
  2⤵
  PID:8492
- C:\Windows\System\SCogQxF.exe
  C:\Windows\System\SCogQxF.exe
  2⤵
  PID:8540
- C:\Windows\System\PxbEHhZ.exe
  C:\Windows\System\PxbEHhZ.exe
  2⤵
  PID:8576
- C:\Windows\System\BAJlcuY.exe
  C:\Windows\System\BAJlcuY.exe
  2⤵
  PID:8640
- C:\Windows\System\jEEPXTr.exe
  C:\Windows\System\jEEPXTr.exe
  2⤵
  PID:8672
- C:\Windows\System\LcBWfPw.exe
  C:\Windows\System\LcBWfPw.exe
  2⤵
  PID:8700
- C:\Windows\System\JCvyfxx.exe
  C:\Windows\System\JCvyfxx.exe
  2⤵
  PID:8736
- C:\Windows\System\CJfqCUN.exe
  C:\Windows\System\CJfqCUN.exe
  2⤵
  PID:8756
- C:\Windows\System\Ofddwsz.exe
  C:\Windows\System\Ofddwsz.exe
  2⤵
  PID:8812
- C:\Windows\System\HdCHQbx.exe
  C:\Windows\System\HdCHQbx.exe
  2⤵
  PID:8860
- C:\Windows\System\fZDOWot.exe
  C:\Windows\System\fZDOWot.exe
  2⤵
  PID:8556
- C:\Windows\System\UZGMLqs.exe
  C:\Windows\System\UZGMLqs.exe
  2⤵
  PID:8968
- C:\Windows\System\dlZBLPm.exe
  C:\Windows\System\dlZBLPm.exe
  2⤵
  PID:9036
- C:\Windows\System\SRRXuSC.exe
  C:\Windows\System\SRRXuSC.exe
  2⤵
  PID:8908
- C:\Windows\System\pyOpJbO.exe
  C:\Windows\System\pyOpJbO.exe
  2⤵
  PID:8944
- C:\Windows\System\wcDZfUO.exe
  C:\Windows\System\wcDZfUO.exe
  2⤵
  PID:9024
- C:\Windows\System\NVUBceH.exe
  C:\Windows\System\NVUBceH.exe
  2⤵
  PID:9120
- C:\Windows\System\XrLzncF.exe
  C:\Windows\System\XrLzncF.exe
  2⤵
  PID:9144
- C:\Windows\System\hnKNlYh.exe
  C:\Windows\System\hnKNlYh.exe
  2⤵
  PID:9160
- C:\Windows\System\tImGCyx.exe
  C:\Windows\System\tImGCyx.exe
  2⤵
  PID:9212
- C:\Windows\System\OUuATqj.exe
  C:\Windows\System\OUuATqj.exe
  2⤵
  PID:7444
- C:\Windows\System\GRFtJks.exe
  C:\Windows\System\GRFtJks.exe
  2⤵
  PID:7304
- C:\Windows\System\mgBHqrN.exe
  C:\Windows\System\mgBHqrN.exe
  2⤵
  PID:8236
- C:\Windows\System\OzuYTkS.exe
  C:\Windows\System\OzuYTkS.exe
  2⤵
  PID:8344
- C:\Windows\System\MABrhOr.exe
  C:\Windows\System\MABrhOr.exe
  2⤵
  PID:8388
- C:\Windows\System\pLHElPa.exe
  C:\Windows\System\pLHElPa.exe
  2⤵
  PID:8412
- C:\Windows\System\KXoYRPq.exe
  C:\Windows\System\KXoYRPq.exe
  2⤵
  PID:8480
- C:\Windows\System\PBwZvBz.exe
  C:\Windows\System\PBwZvBz.exe
  2⤵
  PID:8516
- C:\Windows\System\NOHfnCX.exe
  C:\Windows\System\NOHfnCX.exe
  2⤵
  PID:8624
- C:\Windows\System\FXhVLDP.exe
  C:\Windows\System\FXhVLDP.exe
  2⤵
  PID:8732
- C:\Windows\System\vPnAcOA.exe
  C:\Windows\System\vPnAcOA.exe
  2⤵
  PID:8584
- C:\Windows\System\UwnXxMW.exe
  C:\Windows\System\UwnXxMW.exe
  2⤵
  PID:8788
- C:\Windows\System\MHWUMLD.exe
  C:\Windows\System\MHWUMLD.exe
  2⤵
  PID:8836
- C:\Windows\System\QlooGjR.exe
  C:\Windows\System\QlooGjR.exe
  2⤵
  PID:8856
- C:\Windows\System\XyYPOPd.exe
  C:\Windows\System\XyYPOPd.exe
  2⤵
  PID:9000
- C:\Windows\System\JKvidpU.exe
  C:\Windows\System\JKvidpU.exe
  2⤵
  PID:8952
- C:\Windows\System\jmalwMb.exe
  C:\Windows\System\jmalwMb.exe
  2⤵
  PID:9040
- C:\Windows\System\LtwthDf.exe
  C:\Windows\System\LtwthDf.exe
  2⤵
  PID:9128
- C:\Windows\System\oWWRoiw.exe
  C:\Windows\System\oWWRoiw.exe
  2⤵
  PID:9200
- C:\Windows\System\XoDLBgH.exe
  C:\Windows\System\XoDLBgH.exe
  2⤵
  PID:8396
- C:\Windows\System\FyFjIyJ.exe
  C:\Windows\System\FyFjIyJ.exe
  2⤵
  PID:8448
- C:\Windows\System\iAHXlXv.exe
  C:\Windows\System\iAHXlXv.exe
  2⤵
  PID:8460
- C:\Windows\System\hKIpQjy.exe
  C:\Windows\System\hKIpQjy.exe
  2⤵
  PID:8368
- C:\Windows\System\fJlhGSv.exe
  C:\Windows\System\fJlhGSv.exe
  2⤵
  PID:8360
- C:\Windows\System\XcWCovZ.exe
  C:\Windows\System\XcWCovZ.exe
  2⤵
  PID:8520
- C:\Windows\System\GCDBwsB.exe
  C:\Windows\System\GCDBwsB.exe
  2⤵
  PID:940
- C:\Windows\System\yOfWoEl.exe
  C:\Windows\System\yOfWoEl.exe
  2⤵
  PID:8792
- C:\Windows\System\zdGWbMi.exe
  C:\Windows\System\zdGWbMi.exe
  2⤵
  PID:8832
- C:\Windows\System\jXXQSQN.exe
  C:\Windows\System\jXXQSQN.exe
  2⤵
  PID:8928
- C:\Windows\System\ApwtwzB.exe
  C:\Windows\System\ApwtwzB.exe
  2⤵
  PID:8980
- C:\Windows\System\CHhpdHa.exe
  C:\Windows\System\CHhpdHa.exe
  2⤵
  PID:9084
- C:\Windows\System\YzCtpMS.exe
  C:\Windows\System\YzCtpMS.exe
  2⤵
  PID:8216
- C:\Windows\System\bJHryhg.exe
  C:\Windows\System\bJHryhg.exe
  2⤵
  PID:8768
- C:\Windows\System\gxpEdea.exe
  C:\Windows\System\gxpEdea.exe
  2⤵
  PID:9016
- C:\Windows\System\iRcopsz.exe
  C:\Windows\System\iRcopsz.exe
  2⤵
  PID:8588
- C:\Windows\System\XwtHahs.exe
  C:\Windows\System\XwtHahs.exe
  2⤵
  PID:8536
- C:\Windows\System\SsBooZG.exe
  C:\Windows\System\SsBooZG.exe
  2⤵
  PID:9152
- C:\Windows\System\yBrusAM.exe
  C:\Windows\System\yBrusAM.exe
  2⤵
  PID:9196
- C:\Windows\System\SRGkKix.exe
  C:\Windows\System\SRGkKix.exe
  2⤵
  PID:8512
- C:\Windows\System\WdvAKUA.exe
  C:\Windows\System\WdvAKUA.exe
  2⤵
  PID:8300
- C:\Windows\System\ZulRvzQ.exe
  C:\Windows\System\ZulRvzQ.exe
  2⤵
  PID:8692
- C:\Windows\System\YrphYqP.exe
  C:\Windows\System\YrphYqP.exe
  2⤵
  PID:9184
- C:\Windows\System\JWEeDFF.exe
  C:\Windows\System\JWEeDFF.exe
  2⤵
  PID:8376
- C:\Windows\System\HhMSJGS.exe
  C:\Windows\System\HhMSJGS.exe
  2⤵
  PID:9104
- C:\Windows\System\YggrgzJ.exe
  C:\Windows\System\YggrgzJ.exe
  2⤵
  PID:9176
- C:\Windows\System\hjSwTuF.exe
  C:\Windows\System\hjSwTuF.exe
  2⤵
  PID:8828
- C:\Windows\System\TjobyCG.exe
  C:\Windows\System\TjobyCG.exe
  2⤵
  PID:9228
- C:\Windows\System\ShINpCM.exe
  C:\Windows\System\ShINpCM.exe
  2⤵
  PID:9244
- C:\Windows\System\LLXXSSH.exe
  C:\Windows\System\LLXXSSH.exe
  2⤵
  PID:9276
- C:\Windows\System\oobFlHK.exe
  C:\Windows\System\oobFlHK.exe
  2⤵
  PID:9292
- C:\Windows\System\ByNHAOc.exe
  C:\Windows\System\ByNHAOc.exe
  2⤵
  PID:9316
- C:\Windows\System\fiPGQkh.exe
  C:\Windows\System\fiPGQkh.exe
  2⤵
  PID:9332
- C:\Windows\System\IQcEHzK.exe
  C:\Windows\System\IQcEHzK.exe
  2⤵
  PID:9356
- C:\Windows\System\eCcEWDE.exe
  C:\Windows\System\eCcEWDE.exe
  2⤵
  PID:9372
- C:\Windows\System\iNxkbeq.exe
  C:\Windows\System\iNxkbeq.exe
  2⤵
  PID:9396
- C:\Windows\System\UrOIMLo.exe
  C:\Windows\System\UrOIMLo.exe
  2⤵
  PID:9412
- C:\Windows\System\WvNOwpx.exe
  C:\Windows\System\WvNOwpx.exe
  2⤵
  PID:9436
- C:\Windows\System\xQGcVwi.exe
  C:\Windows\System\xQGcVwi.exe
  2⤵
  PID:9456
- C:\Windows\System\ueDOTwK.exe
  C:\Windows\System\ueDOTwK.exe
  2⤵
  PID:9476
- C:\Windows\System\mVAzyZJ.exe
  C:\Windows\System\mVAzyZJ.exe
  2⤵
  PID:9492
- C:\Windows\System\qPnMqWn.exe
  C:\Windows\System\qPnMqWn.exe
  2⤵
  PID:9516
- C:\Windows\System\DSZcWZW.exe
  C:\Windows\System\DSZcWZW.exe
  2⤵
  PID:9540
- C:\Windows\System\OXdMURx.exe
  C:\Windows\System\OXdMURx.exe
  2⤵
  PID:9556
- C:\Windows\System\RgTcWYE.exe
  C:\Windows\System\RgTcWYE.exe
  2⤵
  PID:9580
- C:\Windows\System\vaNWIAs.exe
  C:\Windows\System\vaNWIAs.exe
  2⤵
  PID:9596
- C:\Windows\System\pXvAwhX.exe
  C:\Windows\System\pXvAwhX.exe
  2⤵
  PID:9620
- C:\Windows\System\OJGnjPA.exe
  C:\Windows\System\OJGnjPA.exe
  2⤵
  PID:9640
- C:\Windows\System\utpIdBN.exe
  C:\Windows\System\utpIdBN.exe
  2⤵
  PID:9656
- C:\Windows\System\jyFBCQS.exe
  C:\Windows\System\jyFBCQS.exe
  2⤵
  PID:9676
- C:\Windows\System\yrSfRFl.exe
  C:\Windows\System\yrSfRFl.exe
  2⤵
  PID:9696
- C:\Windows\System\csEFZgx.exe
  C:\Windows\System\csEFZgx.exe
  2⤵
  PID:9716
- C:\Windows\System\pFVyDjB.exe
  C:\Windows\System\pFVyDjB.exe
  2⤵
  PID:9740
- C:\Windows\System\wcxaCEU.exe
  C:\Windows\System\wcxaCEU.exe
  2⤵
  PID:9756
- C:\Windows\System\vlkvlDB.exe
  C:\Windows\System\vlkvlDB.exe
  2⤵
  PID:9776
- C:\Windows\System\QzGHygT.exe
  C:\Windows\System\QzGHygT.exe
  2⤵
  PID:9792
- C:\Windows\System\ImGcDAD.exe
  C:\Windows\System\ImGcDAD.exe
  2⤵
  PID:9816
- C:\Windows\System\OcLwkgF.exe
  C:\Windows\System\OcLwkgF.exe
  2⤵
  PID:9840
- C:\Windows\System\KygYgUM.exe
  C:\Windows\System\KygYgUM.exe
  2⤵
  PID:9856
- C:\Windows\System\UWIMmiD.exe
  C:\Windows\System\UWIMmiD.exe
  2⤵
  PID:9876
- C:\Windows\System\uLQHPDM.exe
  C:\Windows\System\uLQHPDM.exe
  2⤵
  PID:9900
- C:\Windows\System\bSAzBaz.exe
  C:\Windows\System\bSAzBaz.exe
  2⤵
  PID:9920
- C:\Windows\System\egKfxWa.exe
  C:\Windows\System\egKfxWa.exe
  2⤵
  PID:9936
- C:\Windows\System\eIlKIHE.exe
  C:\Windows\System\eIlKIHE.exe
  2⤵
  PID:9952
- C:\Windows\System\canRpHP.exe
  C:\Windows\System\canRpHP.exe
  2⤵
  PID:9976
- C:\Windows\System\rHDnwXz.exe
  C:\Windows\System\rHDnwXz.exe
  2⤵
  PID:9996
- C:\Windows\System\ajNSRhd.exe
  C:\Windows\System\ajNSRhd.exe
  2⤵
  PID:10020
- C:\Windows\System\HyUfRZJ.exe
  C:\Windows\System\HyUfRZJ.exe
  2⤵
  PID:10036
- C:\Windows\System\VZpweac.exe
  C:\Windows\System\VZpweac.exe
  2⤵
  PID:10052
- C:\Windows\System\zqsDRmu.exe
  C:\Windows\System\zqsDRmu.exe
  2⤵
  PID:10076
- C:\Windows\System\ZdCzgYA.exe
  C:\Windows\System\ZdCzgYA.exe
  2⤵
  PID:10100
- C:\Windows\System\DHqdrWI.exe
  C:\Windows\System\DHqdrWI.exe
  2⤵
  PID:10124
- C:\Windows\System\EDcwCaT.exe
  C:\Windows\System\EDcwCaT.exe
  2⤵
  PID:10140
- C:\Windows\System\agfCbja.exe
  C:\Windows\System\agfCbja.exe
  2⤵
  PID:10160
- C:\Windows\System\fcfFvxU.exe
  C:\Windows\System\fcfFvxU.exe
  2⤵
  PID:10180
- C:\Windows\System\DYrplqO.exe
  C:\Windows\System\DYrplqO.exe
  2⤵
  PID:10200
- C:\Windows\System\YQlvCIY.exe
  C:\Windows\System\YQlvCIY.exe
  2⤵
  PID:10220
- C:\Windows\System\RIFjYyi.exe
  C:\Windows\System\RIFjYyi.exe
  2⤵
  PID:10236
- C:\Windows\System\pBQijOb.exe
  C:\Windows\System\pBQijOb.exe
  2⤵
  PID:9236
- C:\Windows\System\UIWzVYL.exe
  C:\Windows\System\UIWzVYL.exe
  2⤵
  PID:9264
- C:\Windows\System\wYWdSUg.exe
  C:\Windows\System\wYWdSUg.exe
  2⤵
  PID:9288
- C:\Windows\System\mWqbuBA.exe
  C:\Windows\System\mWqbuBA.exe
  2⤵
  PID:9308
- C:\Windows\System\krBfGZk.exe
  C:\Windows\System\krBfGZk.exe
  2⤵
  PID:9348
- C:\Windows\System\iyjdmAC.exe
  C:\Windows\System\iyjdmAC.exe
  2⤵
  PID:9388
- C:\Windows\System\yAIkFNW.exe
  C:\Windows\System\yAIkFNW.exe
  2⤵
  PID:9424
- C:\Windows\System\jNwcqJj.exe
  C:\Windows\System\jNwcqJj.exe
  2⤵
  PID:9444
- C:\Windows\System\WCzYvTI.exe
  C:\Windows\System\WCzYvTI.exe
  2⤵
  PID:9472
- C:\Windows\System\BGpJWlz.exe
  C:\Windows\System\BGpJWlz.exe
  2⤵
  PID:9500
- C:\Windows\System\mfMHDzF.exe
  C:\Windows\System\mfMHDzF.exe
  2⤵
  PID:9548
- C:\Windows\System\wvkmTKM.exe
  C:\Windows\System\wvkmTKM.exe
  2⤵
  PID:9576
- C:\Windows\System\rPYUhzX.exe
  C:\Windows\System\rPYUhzX.exe
  2⤵
  PID:9604
- C:\Windows\System\igfiEzE.exe
  C:\Windows\System\igfiEzE.exe
  2⤵
  PID:9648
- C:\Windows\System\WTLPYej.exe
  C:\Windows\System\WTLPYej.exe
  2⤵
  PID:9684
- C:\Windows\System\vRIblHX.exe
  C:\Windows\System\vRIblHX.exe
  2⤵
  PID:9708
- C:\Windows\System\dptFMum.exe
  C:\Windows\System\dptFMum.exe
  2⤵
  PID:9736
- C:\Windows\System\tXAzifG.exe
  C:\Windows\System\tXAzifG.exe
  2⤵
  PID:9788
- C:\Windows\System\SBeSqep.exe
  C:\Windows\System\SBeSqep.exe
  2⤵
  PID:9812
- C:\Windows\System\KGkMkxn.exe
  C:\Windows\System\KGkMkxn.exe
  2⤵
  PID:9852
- C:\Windows\System\fqddNcr.exe
  C:\Windows\System\fqddNcr.exe
  2⤵
  PID:9888
- C:\Windows\System\jsmSLRI.exe
  C:\Windows\System\jsmSLRI.exe
  2⤵
  PID:9912
- C:\Windows\System\QOeaLKn.exe
  C:\Windows\System\QOeaLKn.exe
  2⤵
  PID:9960
- C:\Windows\System\ElfKkhJ.exe
  C:\Windows\System\ElfKkhJ.exe
  2⤵
  PID:9984
- C:\Windows\System\HAATCxc.exe
  C:\Windows\System\HAATCxc.exe
  2⤵
  PID:10016
- C:\Windows\System\vEJeAAt.exe
  C:\Windows\System\vEJeAAt.exe
  2⤵
  PID:10060
- C:\Windows\System\lePdhXs.exe
  C:\Windows\System\lePdhXs.exe
  2⤵
  PID:10084
- C:\Windows\System\ijrlRki.exe
  C:\Windows\System\ijrlRki.exe
  2⤵
  PID:10096
- C:\Windows\System\FRGxRQk.exe
  C:\Windows\System\FRGxRQk.exe
  2⤵
  PID:10136
- C:\Windows\System\YmPKeje.exe
  C:\Windows\System\YmPKeje.exe
  2⤵
  PID:10196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BRnexnw.exe

Filesize
6.0MB

MD5
a18e9f7de28e288232f9717232c1b87f

SHA1
a5879a7b157c39942ac7ad57dddca78f7e12e2c6

SHA256
96ec6db22c6551db3f293d86f1e1f1eccdd642311f464eda64372227a1ae1253

SHA512
e5056451ddec1dfb44b73df3d1b2186bcc02a8e4a9adb476578a84d9e23c2c782c1753a0e2024cbc6c6f6d3851e7cc14263067b19029105da243e5f5bc227b10

Download Submit
C:\Windows\system\CcBnDVB.exe

Filesize
6.0MB

MD5
a67bfdd7c6adac4791371ec52dc64d3d

SHA1
08ede6701dcfda7428f32a9dff2bc45652b86809

SHA256
167e35f8744157a63a7a7e3566c5ad17d5778fe05bae342076c0074f3e06d36e

SHA512
dd70235757a2b7e3a33c0df62d1aceb2989e60b5101c0ffaacd636f158bbe987d823fa99c9b328cc73db4256cc2dea83f7221176088a2598f9e571d41a9bc5b8

Download Submit
C:\Windows\system\FMXgPCp.exe

Filesize
6.0MB

MD5
556c7d0cbddf12c260ca3226fdd46f8e

SHA1
51cd27cd05d579d3836bc4a81ccab6a78778ed68

SHA256
0a84b5b60c71c6715a0a2e578ae6db54134da5544b9aeaa844afc924e0ce868f

SHA512
065984d3534c2d9d42a933b3cbfade6b7482814105281c0677916121e35cc87bdf0c3570683e256525b8f1e10b00e292b4afbd45695e43aaa03ef09a723640ba

Download Submit
C:\Windows\system\GVtcfXU.exe

Filesize
6.0MB

MD5
176011311e14e06d535bbbf4a7b68aec

SHA1
743f9a2dd072c5d034cb45d6db1ab8c47252cad9

SHA256
ac8d0581ebad5ca008bec188a813beea9ce389a87ab8617438c8254880e19fb3

SHA512
d5ea6743ea9e931a60054c2756601509e9439e933c7bb81ed5cbf655400c6956ead07c7a165d573c8f2fef809d5b5f732849beebe8a80d1324563f8be42d7aa6

Download Submit
C:\Windows\system\LNijuVC.exe

Filesize
6.0MB

MD5
c9564c961efa31212d3b6a9a0347bb77

SHA1
fc8bcddb874c9b38c3975acbf7f858a785c90142

SHA256
9a488faec9c6893ee93bcb08d72da1d7f800ca533ee54614d28b2213cd1cd5d7

SHA512
175625e150d03f0a9abcf1c4f577f27e6d4e647841900b1798e3ed499a68df0436dd80ae3facff8b25eb810563a129e9ea64eca0e2884e756f4c6f1d0eddeea4

Download Submit
C:\Windows\system\LlbtCct.exe

Filesize
6.0MB

MD5
9a612147e5a5e65ebb7811c7b8aa65d9

SHA1
0ca86b1dc01d77fa27e66125516c5a083c508a9a

SHA256
ffc5f594c872a4870d2685db5f79fdfb65ed3c94a3f534cecc67f2723c76ce4a

SHA512
bb5decacce8aa4d1839718b5c939b212e2a8a537134f37e11598d18bc3a4a2e2142881e9d7b154655e771b88790c3ac770d9fb61a0aefa4dfaac7e0ac734333b

Download Submit
C:\Windows\system\NqmgpiJ.exe

Filesize
6.0MB

MD5
051e19954cc6acb1247faa4b9967ee46

SHA1
5a28d5a50d15f3980221f9f1e00d6ce9b7a61933

SHA256
a217909168fae9c574832d29f8004ab5a085464dd14937818019a9b91d71ec56

SHA512
2ed420d2c32bc6f940311fdd919cccaa71bc7d23d7e350a9e5a9c64f45e49a0c0bd01d736f781ef3e98be8260e1e6e57613facb9753240dfa32b1a0a063fe316

Download Submit
C:\Windows\system\PEcVtch.exe

Filesize
6.0MB

MD5
16d72a119b312d81396b87794306be8c

SHA1
b34a7b06bdc3b2ab025e4339bb24e2e91d1a277f

SHA256
9f640b07b3262f7d1768be4e5353b4f95a9fae5ae49e9a17083dda471a882814

SHA512
89c109778ed7f21d22b0d689fe0d0677cc427762a8bc5c56283cc94cf71f7eec867f955f2e0cd8b576f0c9f5ed52e59e38a5155c95a4bff6939b8571ff657a66

Download Submit
C:\Windows\system\RAYzbKz.exe

Filesize
6.0MB

MD5
86b2a7ab91a4f778a164ece39f885c68

SHA1
e15dd8ced553537ddd6a529b0549e8e0718986bc

SHA256
20eca94a3c01dec8302972ca4827347849dddb0c87c981f445145c37379541c8

SHA512
c835bff1ff2f25f162a984934976167007abb80b8ec42d24926b6c494849690c2353904628fce27fef169e764d7db959bf24869f83f4e0a7d933295500101b1e

Download Submit
C:\Windows\system\RbDXnwX.exe

Filesize
6.0MB

MD5
3e95b99a27401026aa43affc6e5a487f

SHA1
1cd20c4eacaab0663f098338ec2acf50ca34e6de

SHA256
95695005cdd8c56a211f4a03a794f0f0f639f642947089be81a6d80b87203587

SHA512
d43780924f1532c8988e0f43c9d429b3b16ab6c001a13f3be228278b3303546480b6de6699b765d6ca2da6b469be8dae569e8bf10e5652c79961515776169de7

Download Submit
C:\Windows\system\RduLGjP.exe

Filesize
6.0MB

MD5
fdf19b46737bcac83e9668080a0fcaf4

SHA1
3a9ec5d03ef249de149d73d6037d0b4e766768c1

SHA256
2ac90215c5c166ed019b6b6c5f750c6a3daf0746e7b00b49787bfef799dfee95

SHA512
01c7a9220c4600500b39ac6c774bc864b6782787feb910819f9f33172a04fa6c954e1efa47bc038441a180ca69e91b7ef82e4d5778addbc0b1100ae34b388873

Download Submit
C:\Windows\system\RfUMNEq.exe

Filesize
6.0MB

MD5
8c935dc03364577a0c7c72e933e64306

SHA1
db75fa2821ce86a9392feda1854c614669805723

SHA256
951b552d18df61c3862513086b03af0cf8a9a47c4590d43ef382c202fc620cc3

SHA512
8dee7486beea0111b799b2a8f36832da0e3187913524f911663c628ac1389cbfdc36a711f6e7f922adb1ee1737a6b3c7445289feaa555dc802e42270a87236d6

Download Submit
C:\Windows\system\SVlbTDt.exe

Filesize
6.0MB

MD5
12ea4cf9af65bac93b2abba084daf760

SHA1
342c5ebb3d621f6460eef16b49234e7f1281cf52

SHA256
99c72ad110917dd30fd4433a5d1b748c0f87579124e8f78c7d441305f54b8f80

SHA512
034e5cc88eceaa90e93277d57d7d844fd2aab4ed1f5d8ffd1b8c74e1633d4ae8e8a0f005ae0b527580a905a201c1d8ef0038de075a7832abf3cd24c9fba1ecbc

Download Submit
C:\Windows\system\aoTXEab.exe

Filesize
6.0MB

MD5
4ad80c147a56eef9c5bc141fbc199b27

SHA1
33de2cc163b81604b07be722e2e0d44cc8000b07

SHA256
434a4fcb349884c769a39e9f8aa3c3ced3d1ab649992bd008e81e217f3166f27

SHA512
166e0d9cf2b0bbfffd2c93c40eda91cb63b471166f952caa53a7df0d29496f1334561f584ea320e4736777128166a4239f4561760fb6c27096ead801fb22893e

Download Submit
C:\Windows\system\eGZEvOh.exe

Filesize
6.0MB

MD5
8a25dd5b7d9d9736c014987a771a11e9

SHA1
aec15423054dc35eb72cd0efc8b65a76828077e1

SHA256
1139d69138b74636be49814ec2e3939f77b4dcc245f68dee5cfd00e21186532c

SHA512
0c8c965894be30c0cbe409b2ed9dda34dc4594b27dc9a9571ff89fe982078d22334008444d716b0f15203f1acf3fa11cb7a33ab7b147a8a7144a7a545875cbbf

Download Submit
C:\Windows\system\krmtJmx.exe

Filesize
6.0MB

MD5
ee2cc971ec91d36e17a4d0556defe653

SHA1
30e20323894d1eec96314dfe544d32ae3e3262b5

SHA256
443e51b0b00ffe285fcf2365266dbbcac3429a7e2420bd3e08a7345eb9195f71

SHA512
c760fe936f151f4d1a90f43ba8852a52e0b7d816347b97602af524405f1fa334284447bf04526ba1042b46ef0265455958c43371614e8606caf05ccf1fe1c799

Download Submit
C:\Windows\system\lDGizql.exe

Filesize
6.0MB

MD5
0293ed531969be6e8b32541b5c8f2293

SHA1
02f1c53d602dafeec9f64c5b0f668e586ac8c303

SHA256
5db0d32a68cfea884f815236a42d5f036fa984ff792ac8eb475ea766dcb0fecd

SHA512
379b5d333a509a18cd78818f1707f9d39471d12e014d01b8dda884245cffba1a33777c6908c2be96b40d982d43f975b4b13755dee17323ab817ae623ac158140

Download Submit
C:\Windows\system\mFXpPgP.exe

Filesize
6.0MB

MD5
f2ab012121d612be4600093b94a83e8c

SHA1
bfee5a940f96798db491629ac1337e00ab9d85df

SHA256
5b21bf6aa5de3f9ac6676687cdc401debc09d25126bb056d67fb2811aa1e8054

SHA512
5cea49f6f7bc7776d4c350c9865ace77d3e15a9ba62263c255201a890df4531838c41cd8b11ed63a59d75821dc88c6b5c5945763b41dbd07e4f6567922f2f34b

Download Submit
C:\Windows\system\mJMQkkZ.exe

Filesize
6.0MB

MD5
9dd1c3cc478c1161ce42e747d955285e

SHA1
5e58f8b492da10df632635a48338fb846f578b2d

SHA256
e4e57ca3bd00c3d9825144eaf4cc09124f11eed7dfc324f88e3f26d03e347cf6

SHA512
dd5e8b6aa072df07f009fe21c98e3401f0899cf958caec8b442fcd8cd32dfa0f3550ca5c109d242e08ef4abb733bca66372181f2c0762da7fb46ec0c781a3e7a

Download Submit
C:\Windows\system\nOXqqpW.exe

Filesize
8B

MD5
cda43b17dd71e70831055f941e8d100f

SHA1
76366203a2adc86a0a209c04e332ef0ed513603e

SHA256
47fb7f6a098fdf4c31449ab2031eeb373a9a07859ff51d62978254c30d26a348

SHA512
29cbfa5dbba89d510bcfe859cc21f6259519586320bbff6ea6bb5d50b949c6436000e3e83d94e109d557e47351553d6bb24858680953a49a7a20e3d548178cb5

Download Submit
C:\Windows\system\qpETjfk.exe

Filesize
6.0MB

MD5
5da04c136dc0cc12df3b6f1b56e62905

SHA1
2c4fc4fd34d04629109b9bbfd102273b7fa8668b

SHA256
44a98bb85a4d74cfa5c592cc33b6a8872be6249558f46c5ffe5b263204450ec1

SHA512
eb1675df95eb6699f0cacddf6cae84082bcf5fa7dd92d149f51e00d446541aee3dbeb0a53437c18626f3efefd2ed5641bf9772dbc0c73681291842931a24610e

Download Submit
C:\Windows\system\sXPnYOA.exe

Filesize
6.0MB

MD5
56f58d66341a70373b44d6c31bc348d9

SHA1
c2afb4754b12010d35698c29743d9d67451bb890

SHA256
2f81307a8f2fa4c1751dee7d10661e53fe63ce7f4b2dccb8414d432ec19a5afa

SHA512
4ddc997862e95c9d717c6dfee297308b8ba461686349f14952f92140d42e4d15cb33fdb5789946197deeffcfb5ac928fe84b05198319ad321a0b48ae03128c2c

Download Submit
C:\Windows\system\voUuEaw.exe

Filesize
6.0MB

MD5
057fb575d256dc3fa237cf9d585cc889

SHA1
1b78fbe7c7c1703d2702b3ba6de926ea5ebb5fee

SHA256
cfbb1b04aba9a5a6227ae305ba996bb9048f43bf7aa2a3cb3e53d4d802d8900d

SHA512
1feba4c23caf744d2ce66d5b44b57afa7d90cf56e55013324e2ae0730e45deafd595a4dcd9666a2c2cb284a6376f39abd2538165245f9a4bdea477063bd1ea73

Download Submit
C:\Windows\system\vwMqazh.exe

Filesize
6.0MB

MD5
be87248c7705528941994279f390e9a4

SHA1
4bd6173ccb89919a72a25772fe5c73c869a756f0

SHA256
7742e74a2ac3ff6485ec5c9501028010e4065aa372c36cb7dfc0b1ce4785fdf3

SHA512
be564d058544fe6995ff23d235eb38851c087812d4f82d6f98d4eb5e6a0dcd739f2903331669e423cc6fabe301ed81297cd81bae318be317fd06cd5b7eb3bd36

Download Submit
C:\Windows\system\wnGwcPI.exe

Filesize
6.0MB

MD5
b6ae1496e5cee9c3ea3b47d1509e5d61

SHA1
02739900ff08120e9de49b8b8516390b7fb7d523

SHA256
c81641676062f0c478abb88804117799508adb1b406fcccb63050e678efcb142

SHA512
abeb8ef4423abddd6c4ed7c61296210c22b322d223c22b6bb37212df552fa0c8e945dc23933403aa30d0e2dba740e664048ed249d7a88142c3c4a9b195ac0add

Download Submit
C:\Windows\system\xylbJcD.exe

Filesize
6.0MB

MD5
be365315ae1c7c01b65c75a39f004f86

SHA1
9484b15f4945d49b9b7de35c342254fc0820f9c3

SHA256
770eff90a5890c0b6911f7910cea07ccef9b05919d3cb015bbc0ffcc7b4c7fd5

SHA512
bf2fca28c314d612c22023fa661d430bc5873e1e78ae6c2421f7dd5c532f43375b0d8ec1de04f5f8d7a848b5ec84e3237310ca13ebb3804897384571803cd92e

Download Submit
C:\Windows\system\yzIMIUf.exe

Filesize
6.0MB

MD5
8cfabbb78fc77daf63af29e4d6ab955e

SHA1
087a72bcd858d664f6e60acc55ab5d5d0e241755

SHA256
4e293c535f650a643566831fa44e9d75689acc7071e0a1c745d2c865aed1cb8c

SHA512
289bb8b8c9403e05c579151bb48f16064a5820af56fda439ca16564c3efc833ebbb5d5b2975ff997126b08461e6c1b24d4e6b09c133c3504f7dcdd7191d04d03

Download Submit
\Windows\system\StNNPzf.exe

Filesize
6.0MB

MD5
d8567d72f68ac325871148f93b855a2d

SHA1
cfc0273ec99b04479863cd9cb508b0f7805c1e00

SHA256
ece7d1b15d54738dc46fd7950319ef9ac1a90914902ac83882d1e32c69a9cb1f

SHA512
2f45559a7ed199be05ad4c0cbfcc83a24d78e8d93deec5bd0ba84177add7a2039dafa205276b0f8cc4e78878b05656badcf21c886c40fb0f71ba4119d7a4e012

Download Submit
\Windows\system\TDKdEfg.exe

Filesize
6.0MB

MD5
9fb2998eb582dedd9b20a86fedbedee4

SHA1
b2ec9d362cce94b56e65df4541ccd95c78e0d452

SHA256
3e47d219e804271bafa67b8fcb75f62a77fa3b64fac357a0ae24a323b5bf1d40

SHA512
cfe52a86694c017e4bb06963ea417dbe1f29b0893acf51ffc9cfaa3c73594b958410b08e712667636d241a252930f7ff375c325a468118652afe51a665b6b1fb

Download Submit
\Windows\system\bSLMuuk.exe

Filesize
6.0MB

MD5
2138298947314c9e9ea1cb49827f4fc1

SHA1
05c99b010907f41323148b525a4a0c51c8043870

SHA256
90bdffeb5f52e0b1ff3b7986444832636cd69a9c86dac1525835cddcd96e61eb

SHA512
f715670f5fb09097dc8fc30fdd6dfa81cb8ba675e64e543a9ad7211bf4f9692f5d4b162a9d1f544cf3e76f18e57ed45a793e1c1fd9b837e2ac1f547d59b6a20f

Download Submit
\Windows\system\hbIUemT.exe

Filesize
6.0MB

MD5
9a2a1a98c8c7f2c51ce8458b9fe6195a

SHA1
0f05ff8ec2e9f976ae777a47d07334a2995e2173

SHA256
0274a8789ce26379ff9990ba76945fd1133e713e3248bb420e8530e3e2dbe0e0

SHA512
78090f5a737bce722176b4407d4846cafc66fbe1441c8a758399351a56742a42fdf7fe5f5f53e0d13645d84ff453cb97033e230adbb68da6820deb6e3125c3f3

Download Submit
\Windows\system\oAcOlbn.exe

Filesize
6.0MB

MD5
5d23c08db02a518c2a85f3f58a755267

SHA1
3957943767518bd7f6fd538a0509d9f91c3d3b42

SHA256
ecb920c0a902200fca8254727811040064e79273bd86cfd6088136911840a725

SHA512
7efc7752f002e849109dc2d870ffb01552ba1e99ba3681d4d427ab73ed192857be3084e9f23d3596524642668c2fa5f5f3157fc965f50b91c37198433bcaa742

Download Submit
\Windows\system\zjQTTHu.exe

Filesize
6.0MB

MD5
c7932ab5c9c56832b3f517d838136d39

SHA1
9d252c7d6873a7c5a5b902fb6aead1e0d8a5529e

SHA256
6a63ab74619032a06cd9e9b52cd3153949f400d9884a419dc2e23d71ebbdf2f9

SHA512
e65ebce24d8559dc12a3c9e68e6840bbfb6645754028783945809716f50efe9de52c8eb95bca28eeccc07d4f15c299292a13ecdc9bac4474ef1fba9fee5cd303

Download Submit
memory/656-67-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/656-215-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/656-3801-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1096-6-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/1096-1175-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/1096-56-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/1096-1-0x0000000000200000-0x0000000000210000-memory.dmp

Filesize
64KB

Download
memory/1096-76-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/1096-100-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/1096-62-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/1096-0-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1096-63-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1096-92-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/1096-43-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1096-47-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/1096-673-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/1096-33-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1096-35-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/1096-101-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-28-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/1096-849-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-18-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-91-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/1096-12-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1096-110-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/1096-109-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1476-39-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/1476-3677-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/1524-83-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1524-455-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1524-3794-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1992-729-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1992-3803-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1992-96-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2332-14-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2332-3654-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2332-46-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2552-348-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2552-3795-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3786-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2720-59-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2720-105-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2728-85-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3770-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2728-44-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2740-79-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2740-36-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2740-3743-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2796-51-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2796-95-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3788-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2860-29-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3725-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2968-3660-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-20-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-53-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-106-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3802-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-1015-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-86-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/3052-564-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/3052-3800-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download