cobaltstrike | cfc2e579d2fb977d5dc7e62793ce1d97ab6fb430b3a5e4199282b7e0cf0ee2fa

Analysis

max time kernel
149s
max time network
125s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
02-02-2025 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

7678ffaf1dbac1812c408083322a5a5e
SHA1

6f3e3a1fce413e69c7a96980a19fdd1ab4b35cfd
SHA256

cfc2e579d2fb977d5dc7e62793ce1d97ab6fb430b3a5e4199282b7e0cf0ee2fa
SHA512

037a11a8d639bf902705456a144dd7dded730278ca6e9808f7adeef3bc2cfb5d955402eef8b98dbdc2b5e1a31748c2d3b1352b3ec97a505b01913ad33fbb3fc5
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUG:T+q56utgpPF8u/7G

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001225c-6.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001660b-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ace-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c10-27.dat	cobalt_reflective_dll
behavioral1/files/0x001200000001626d-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c23-42.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016fc9-48.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019480-68.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-63.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948c-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-184.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-195.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-190.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-175.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-179.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-167.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-158.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-119.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-107.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019489-78.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c1a-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2732-0-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/files/0x000b00000001225c-6.dat	xmrig
behavioral1/files/0x000900000001660b-12.dat	xmrig
behavioral1/memory/2732-10-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x0008000000016ace-11.dat	xmrig
behavioral1/memory/2872-23-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c10-27.dat	xmrig
behavioral1/memory/2816-51-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x001200000001626d-52.dat	xmrig
behavioral1/memory/2732-53-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/3004-43-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c23-42.dat	xmrig
behavioral1/memory/2936-39-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x0008000000016fc9-48.dat	xmrig
behavioral1/memory/3052-67-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2644-59-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/files/0x0006000000019480-68.dat	xmrig
behavioral1/memory/2824-66-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-63.dat	xmrig
behavioral1/memory/2968-75-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2936-74-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/1376-88-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001948c-87.dat	xmrig
behavioral1/memory/3004-85-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/108-83-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/files/0x0005000000019490-93.dat	xmrig
behavioral1/files/0x00050000000194ef-113.dat	xmrig
behavioral1/files/0x0005000000019515-123.dat	xmrig
behavioral1/files/0x00050000000195a7-138.dat	xmrig
behavioral1/files/0x00050000000195bb-184.dat	xmrig
behavioral1/memory/2732-337-0x0000000002470000-0x00000000027C4000-memory.dmp	xmrig
behavioral1/memory/1376-338-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2956-409-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/108-222-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c1-195.dat	xmrig
behavioral1/files/0x00050000000195bd-190.dat	xmrig
behavioral1/files/0x00050000000195b5-175.dat	xmrig
behavioral1/files/0x00050000000195b7-179.dat	xmrig
behavioral1/files/0x00050000000195b1-160.dat	xmrig
behavioral1/files/0x00050000000195ad-155.dat	xmrig
behavioral1/files/0x00050000000195b3-167.dat	xmrig
behavioral1/files/0x00050000000195af-158.dat	xmrig
behavioral1/files/0x00050000000195ab-149.dat	xmrig
behavioral1/files/0x00050000000195a9-144.dat	xmrig
behavioral1/files/0x000500000001957c-133.dat	xmrig
behavioral1/files/0x0005000000019547-128.dat	xmrig
behavioral1/files/0x000500000001950f-119.dat	xmrig
behavioral1/files/0x00050000000194eb-107.dat	xmrig
behavioral1/memory/2732-102-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2956-101-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a3-99.dat	xmrig
behavioral1/memory/1612-96-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/files/0x0005000000019489-78.dat	xmrig
behavioral1/files/0x0007000000016c1a-34.dat	xmrig
behavioral1/memory/3052-29-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2132-22-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2152-21-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2152-1337-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2872-1336-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/3052-1363-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/3004-1376-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2936-1360-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2816-1373-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2132-1334-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2152	iEYFCST.exe
2132	rUBbMvj.exe
2872	rzaquPP.exe
3052	NIUNVHh.exe
2936	MdINTyO.exe
3004	pfCsvxb.exe
2816	LpFpkvi.exe
2644	PQkZDtF.exe
2824	uuPlPjp.exe
2968	wtjAQtg.exe
108	OpzXzSd.exe
1376	rbjEJQT.exe
1612	YTJgFcA.exe
2956	fULXdfo.exe
2460	kWIFPbW.exe
2740	mJJaZwv.exe
1620	UGcAGRU.exe
1664	tDudEtf.exe
2004	uIRlTgL.exe
2104	aqWaekY.exe
1176	KufECaX.exe
1740	RyeiSoL.exe
2412	juAJJif.exe
2168	BEhkxVl.exe
1696	MsRLYuj.exe
2172	aqbrWlL.exe
2476	ooguULv.exe
2436	aHGlARW.exe
2976	CQAQgfd.exe
1652	UXaYqWX.exe
1904	lPxcXpq.exe
924	RcAKhel.exe
1300	ptPZZbL.exe
1972	nYYGaTw.exe
932	YzYDtZE.exe
1400	VYHjhhw.exe
1412	lpqLqer.exe
1080	XNHUoJr.exe
1492	tnWyKVT.exe
1604	HBixPgt.exe
2520	NEQApTK.exe
2532	RwhYiJI.exe
1008	NKaXIbn.exe
1724	FVJwbjZ.exe
544	bkxSZPQ.exe
908	CNjfooJ.exe
1480	qOwgzPp.exe
1568	pJGWCZP.exe
1328	CFykhXQ.exe
1388	cRVedAH.exe
1468	sZqusci.exe
2080	eITbQXC.exe
2844	uYFendM.exe
2868	BdmtKLB.exe
1900	nTSEpQY.exe
2280	yQMBlZN.exe
3064	wELGHJH.exe
2704	ydmqbpA.exe
2632	DUjVlkZ.exe
1768	qPKBVzG.exe
3032	QXqPmjw.exe
3000	iwVrNcR.exe
988	updSZbD.exe
2720	TyFJMOj.exe

Loads dropped DLL 64 IoCs

pid	Process
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2732-0-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/files/0x000b00000001225c-6.dat	upx
behavioral1/files/0x000900000001660b-12.dat	upx
behavioral1/files/0x0008000000016ace-11.dat	upx
behavioral1/memory/2872-23-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/files/0x0007000000016c10-27.dat	upx
behavioral1/memory/2816-51-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x001200000001626d-52.dat	upx
behavioral1/memory/2732-53-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/3004-43-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x0007000000016c23-42.dat	upx
behavioral1/memory/2936-39-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x0008000000016fc9-48.dat	upx
behavioral1/memory/3052-67-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2644-59-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/files/0x0006000000019480-68.dat	upx
behavioral1/memory/2824-66-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x0002000000018334-63.dat	upx
behavioral1/memory/2968-75-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2936-74-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/1376-88-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/files/0x000500000001948c-87.dat	upx
behavioral1/memory/3004-85-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/108-83-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/files/0x0005000000019490-93.dat	upx
behavioral1/files/0x00050000000194ef-113.dat	upx
behavioral1/files/0x0005000000019515-123.dat	upx
behavioral1/files/0x00050000000195a7-138.dat	upx
behavioral1/files/0x00050000000195bb-184.dat	upx
behavioral1/memory/1376-338-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2956-409-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/108-222-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/files/0x00050000000195c1-195.dat	upx
behavioral1/files/0x00050000000195bd-190.dat	upx
behavioral1/files/0x00050000000195b5-175.dat	upx
behavioral1/files/0x00050000000195b7-179.dat	upx
behavioral1/files/0x00050000000195b1-160.dat	upx
behavioral1/files/0x00050000000195ad-155.dat	upx
behavioral1/files/0x00050000000195b3-167.dat	upx
behavioral1/files/0x00050000000195af-158.dat	upx
behavioral1/files/0x00050000000195ab-149.dat	upx
behavioral1/files/0x00050000000195a9-144.dat	upx
behavioral1/files/0x000500000001957c-133.dat	upx
behavioral1/files/0x0005000000019547-128.dat	upx
behavioral1/files/0x000500000001950f-119.dat	upx
behavioral1/files/0x00050000000194eb-107.dat	upx
behavioral1/memory/2956-101-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x00050000000194a3-99.dat	upx
behavioral1/memory/1612-96-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/files/0x0005000000019489-78.dat	upx
behavioral1/files/0x0007000000016c1a-34.dat	upx
behavioral1/memory/3052-29-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2132-22-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2152-21-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2152-1337-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2872-1336-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/3052-1363-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/3004-1376-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2936-1360-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2816-1373-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2132-1334-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2644-1423-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2824-1430-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2968-1484-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CljIOYI.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XyBDDPL.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oMFmqew.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iIzlgNz.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWjXdTW.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pfCsvxb.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yFlvTWC.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQnCvqm.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VAmGpTv.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VnaiJbi.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPKBVzG.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZALiyD.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JMpgQtF.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XuIWXbc.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBdMHqJ.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PKzVyxc.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hDEdJot.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GBvntsn.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xngTHik.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aqbrWlL.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YPAmADu.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UwDRrAL.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CojzrRt.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hgKwkTZ.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CemZNGm.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CLYpgSa.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nJBlHnu.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rzaquPP.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpqLqer.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ednjJXP.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oVWkpFA.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YCCjCGO.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQItwLQ.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qNuhxeC.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UpWhZWh.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPEpXmo.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rTKmSaf.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BoTYRkY.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tIUmQqn.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\osDlMFh.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KnIzCOP.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uDrLAkM.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZsaGKkr.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PakRwAX.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JSgBJvW.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hBOYiHR.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QZgISiP.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UWKoStU.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\auoutBU.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VCPmMJk.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lqxXqQl.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ICPVQjK.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cVqpqVM.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SasWlgM.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qIKynZX.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOGqLYA.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yQLsabO.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XZJvECK.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dHPeyYC.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jiYFlkz.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cMNACjY.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SEaqlSb.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ubkGEFh.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dhbMIcP.exe	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2152	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2732 wrote to memory of 2152	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2732 wrote to memory of 2152	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2732 wrote to memory of 2132	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2732 wrote to memory of 2132	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2732 wrote to memory of 2132	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2732 wrote to memory of 2872	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2732 wrote to memory of 2872	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2732 wrote to memory of 2872	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2732 wrote to memory of 3052	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2732 wrote to memory of 3052	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2732 wrote to memory of 3052	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2732 wrote to memory of 2936	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2732 wrote to memory of 2936	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2732 wrote to memory of 2936	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2732 wrote to memory of 3004	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2732 wrote to memory of 3004	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2732 wrote to memory of 3004	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2732 wrote to memory of 2816	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2732 wrote to memory of 2816	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2732 wrote to memory of 2816	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2732 wrote to memory of 2644	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2732 wrote to memory of 2644	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2732 wrote to memory of 2644	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2732 wrote to memory of 2824	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2732 wrote to memory of 2824	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2732 wrote to memory of 2824	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2732 wrote to memory of 2968	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2732 wrote to memory of 2968	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2732 wrote to memory of 2968	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2732 wrote to memory of 108	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2732 wrote to memory of 108	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2732 wrote to memory of 108	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2732 wrote to memory of 1376	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2732 wrote to memory of 1376	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2732 wrote to memory of 1376	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2732 wrote to memory of 1612	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2732 wrote to memory of 1612	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2732 wrote to memory of 1612	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2732 wrote to memory of 2956	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2732 wrote to memory of 2956	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2732 wrote to memory of 2956	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2732 wrote to memory of 2460	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2732 wrote to memory of 2460	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2732 wrote to memory of 2460	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2732 wrote to memory of 2740	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2732 wrote to memory of 2740	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2732 wrote to memory of 2740	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2732 wrote to memory of 1620	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2732 wrote to memory of 1620	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2732 wrote to memory of 1620	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2732 wrote to memory of 1664	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2732 wrote to memory of 1664	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2732 wrote to memory of 1664	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2732 wrote to memory of 2004	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2732 wrote to memory of 2004	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2732 wrote to memory of 2004	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2732 wrote to memory of 2104	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2732 wrote to memory of 2104	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2732 wrote to memory of 2104	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2732 wrote to memory of 1176	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2732 wrote to memory of 1176	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2732 wrote to memory of 1176	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2732 wrote to memory of 1740	2732	2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-02_7678ffaf1dbac1812c408083322a5a5e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Windows\System\iEYFCST.exe
  C:\Windows\System\iEYFCST.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\rUBbMvj.exe
  C:\Windows\System\rUBbMvj.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\rzaquPP.exe
  C:\Windows\System\rzaquPP.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\NIUNVHh.exe
  C:\Windows\System\NIUNVHh.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\MdINTyO.exe
  C:\Windows\System\MdINTyO.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\pfCsvxb.exe
  C:\Windows\System\pfCsvxb.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\LpFpkvi.exe
  C:\Windows\System\LpFpkvi.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\PQkZDtF.exe
  C:\Windows\System\PQkZDtF.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\uuPlPjp.exe
  C:\Windows\System\uuPlPjp.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\wtjAQtg.exe
  C:\Windows\System\wtjAQtg.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\OpzXzSd.exe
  C:\Windows\System\OpzXzSd.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\rbjEJQT.exe
  C:\Windows\System\rbjEJQT.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\YTJgFcA.exe
  C:\Windows\System\YTJgFcA.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\fULXdfo.exe
  C:\Windows\System\fULXdfo.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\kWIFPbW.exe
  C:\Windows\System\kWIFPbW.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\mJJaZwv.exe
  C:\Windows\System\mJJaZwv.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\UGcAGRU.exe
  C:\Windows\System\UGcAGRU.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\tDudEtf.exe
  C:\Windows\System\tDudEtf.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\uIRlTgL.exe
  C:\Windows\System\uIRlTgL.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\aqWaekY.exe
  C:\Windows\System\aqWaekY.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\KufECaX.exe
  C:\Windows\System\KufECaX.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\RyeiSoL.exe
  C:\Windows\System\RyeiSoL.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\juAJJif.exe
  C:\Windows\System\juAJJif.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\BEhkxVl.exe
  C:\Windows\System\BEhkxVl.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\MsRLYuj.exe
  C:\Windows\System\MsRLYuj.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\ooguULv.exe
  C:\Windows\System\ooguULv.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\aqbrWlL.exe
  C:\Windows\System\aqbrWlL.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\aHGlARW.exe
  C:\Windows\System\aHGlARW.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\CQAQgfd.exe
  C:\Windows\System\CQAQgfd.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\UXaYqWX.exe
  C:\Windows\System\UXaYqWX.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\lPxcXpq.exe
  C:\Windows\System\lPxcXpq.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\RcAKhel.exe
  C:\Windows\System\RcAKhel.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\ptPZZbL.exe
  C:\Windows\System\ptPZZbL.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\nYYGaTw.exe
  C:\Windows\System\nYYGaTw.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\YzYDtZE.exe
  C:\Windows\System\YzYDtZE.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\lpqLqer.exe
  C:\Windows\System\lpqLqer.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\VYHjhhw.exe
  C:\Windows\System\VYHjhhw.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\XNHUoJr.exe
  C:\Windows\System\XNHUoJr.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\tnWyKVT.exe
  C:\Windows\System\tnWyKVT.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\NEQApTK.exe
  C:\Windows\System\NEQApTK.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\HBixPgt.exe
  C:\Windows\System\HBixPgt.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\NKaXIbn.exe
  C:\Windows\System\NKaXIbn.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\RwhYiJI.exe
  C:\Windows\System\RwhYiJI.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\bkxSZPQ.exe
  C:\Windows\System\bkxSZPQ.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\FVJwbjZ.exe
  C:\Windows\System\FVJwbjZ.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\cRVedAH.exe
  C:\Windows\System\cRVedAH.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\CNjfooJ.exe
  C:\Windows\System\CNjfooJ.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\sZqusci.exe
  C:\Windows\System\sZqusci.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\qOwgzPp.exe
  C:\Windows\System\qOwgzPp.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\eITbQXC.exe
  C:\Windows\System\eITbQXC.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\pJGWCZP.exe
  C:\Windows\System\pJGWCZP.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\nTSEpQY.exe
  C:\Windows\System\nTSEpQY.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\CFykhXQ.exe
  C:\Windows\System\CFykhXQ.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\yQMBlZN.exe
  C:\Windows\System\yQMBlZN.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\uYFendM.exe
  C:\Windows\System\uYFendM.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\wELGHJH.exe
  C:\Windows\System\wELGHJH.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\BdmtKLB.exe
  C:\Windows\System\BdmtKLB.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\ydmqbpA.exe
  C:\Windows\System\ydmqbpA.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\DUjVlkZ.exe
  C:\Windows\System\DUjVlkZ.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\qPKBVzG.exe
  C:\Windows\System\qPKBVzG.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\QXqPmjw.exe
  C:\Windows\System\QXqPmjw.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\iwVrNcR.exe
  C:\Windows\System\iwVrNcR.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\updSZbD.exe
  C:\Windows\System\updSZbD.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\FBwxtPX.exe
  C:\Windows\System\FBwxtPX.exe
  2⤵
  PID:2988
- C:\Windows\System\TyFJMOj.exe
  C:\Windows\System\TyFJMOj.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\mfcYWge.exe
  C:\Windows\System\mfcYWge.exe
  2⤵
  PID:808
- C:\Windows\System\HgjWIEu.exe
  C:\Windows\System\HgjWIEu.exe
  2⤵
  PID:2900
- C:\Windows\System\QNQseXt.exe
  C:\Windows\System\QNQseXt.exe
  2⤵
  PID:2336
- C:\Windows\System\kRyiWFK.exe
  C:\Windows\System\kRyiWFK.exe
  2⤵
  PID:2932
- C:\Windows\System\TkoXJzl.exe
  C:\Windows\System\TkoXJzl.exe
  2⤵
  PID:1608
- C:\Windows\System\BwdLDJA.exe
  C:\Windows\System\BwdLDJA.exe
  2⤵
  PID:2312
- C:\Windows\System\MUWApsR.exe
  C:\Windows\System\MUWApsR.exe
  2⤵
  PID:112
- C:\Windows\System\EuuGLSD.exe
  C:\Windows\System\EuuGLSD.exe
  2⤵
  PID:996
- C:\Windows\System\WssBEzE.exe
  C:\Windows\System\WssBEzE.exe
  2⤵
  PID:1976
- C:\Windows\System\CJCuMgT.exe
  C:\Windows\System\CJCuMgT.exe
  2⤵
  PID:1128
- C:\Windows\System\sZabjcN.exe
  C:\Windows\System\sZabjcN.exe
  2⤵
  PID:1868
- C:\Windows\System\cdyLZXH.exe
  C:\Windows\System\cdyLZXH.exe
  2⤵
  PID:1580
- C:\Windows\System\JDJpkob.exe
  C:\Windows\System\JDJpkob.exe
  2⤵
  PID:2184
- C:\Windows\System\UafNemv.exe
  C:\Windows\System\UafNemv.exe
  2⤵
  PID:1520
- C:\Windows\System\KikmEJQ.exe
  C:\Windows\System\KikmEJQ.exe
  2⤵
  PID:1744
- C:\Windows\System\ZVCqAsJ.exe
  C:\Windows\System\ZVCqAsJ.exe
  2⤵
  PID:852
- C:\Windows\System\MafpDMY.exe
  C:\Windows\System\MafpDMY.exe
  2⤵
  PID:3068
- C:\Windows\System\InlfsFS.exe
  C:\Windows\System\InlfsFS.exe
  2⤵
  PID:1596
- C:\Windows\System\kaJcFSP.exe
  C:\Windows\System\kaJcFSP.exe
  2⤵
  PID:1952
- C:\Windows\System\uoWUtmM.exe
  C:\Windows\System\uoWUtmM.exe
  2⤵
  PID:1668
- C:\Windows\System\PAMGgmq.exe
  C:\Windows\System\PAMGgmq.exe
  2⤵
  PID:2760
- C:\Windows\System\NEypZUv.exe
  C:\Windows\System\NEypZUv.exe
  2⤵
  PID:2940
- C:\Windows\System\SjxDgGy.exe
  C:\Windows\System\SjxDgGy.exe
  2⤵
  PID:1504
- C:\Windows\System\KmduGNO.exe
  C:\Windows\System\KmduGNO.exe
  2⤵
  PID:1072
- C:\Windows\System\GPLsZwS.exe
  C:\Windows\System\GPLsZwS.exe
  2⤵
  PID:2992
- C:\Windows\System\cScTFGU.exe
  C:\Windows\System\cScTFGU.exe
  2⤵
  PID:1800
- C:\Windows\System\ZfPmfRX.exe
  C:\Windows\System\ZfPmfRX.exe
  2⤵
  PID:1360
- C:\Windows\System\OiuzSja.exe
  C:\Windows\System\OiuzSja.exe
  2⤵
  PID:2848
- C:\Windows\System\youEDvT.exe
  C:\Windows\System\youEDvT.exe
  2⤵
  PID:1572
- C:\Windows\System\JAlNeEY.exe
  C:\Windows\System\JAlNeEY.exe
  2⤵
  PID:2472
- C:\Windows\System\QEclQUC.exe
  C:\Windows\System\QEclQUC.exe
  2⤵
  PID:1996
- C:\Windows\System\PDsyBrb.exe
  C:\Windows\System\PDsyBrb.exe
  2⤵
  PID:1584
- C:\Windows\System\QBdMHqJ.exe
  C:\Windows\System\QBdMHqJ.exe
  2⤵
  PID:2008
- C:\Windows\System\ugZoTsh.exe
  C:\Windows\System\ugZoTsh.exe
  2⤵
  PID:1804
- C:\Windows\System\aFOuFjw.exe
  C:\Windows\System\aFOuFjw.exe
  2⤵
  PID:508
- C:\Windows\System\ePNHqtc.exe
  C:\Windows\System\ePNHqtc.exe
  2⤵
  PID:1916
- C:\Windows\System\KXVXQBK.exe
  C:\Windows\System\KXVXQBK.exe
  2⤵
  PID:1356
- C:\Windows\System\CJzqJac.exe
  C:\Windows\System\CJzqJac.exe
  2⤵
  PID:2256
- C:\Windows\System\toXpfkz.exe
  C:\Windows\System\toXpfkz.exe
  2⤵
  PID:2756
- C:\Windows\System\YvKkEvS.exe
  C:\Windows\System\YvKkEvS.exe
  2⤵
  PID:2012
- C:\Windows\System\PIezABL.exe
  C:\Windows\System\PIezABL.exe
  2⤵
  PID:2432
- C:\Windows\System\xLfHIeC.exe
  C:\Windows\System\xLfHIeC.exe
  2⤵
  PID:1684
- C:\Windows\System\ItmnTOa.exe
  C:\Windows\System\ItmnTOa.exe
  2⤵
  PID:928
- C:\Windows\System\GsyVjcl.exe
  C:\Windows\System\GsyVjcl.exe
  2⤵
  PID:772
- C:\Windows\System\FqBakQg.exe
  C:\Windows\System\FqBakQg.exe
  2⤵
  PID:2876
- C:\Windows\System\LxFIdBP.exe
  C:\Windows\System\LxFIdBP.exe
  2⤵
  PID:2368
- C:\Windows\System\URwfFNf.exe
  C:\Windows\System\URwfFNf.exe
  2⤵
  PID:2948
- C:\Windows\System\opaCHrP.exe
  C:\Windows\System\opaCHrP.exe
  2⤵
  PID:2264
- C:\Windows\System\vAtFiws.exe
  C:\Windows\System\vAtFiws.exe
  2⤵
  PID:2584
- C:\Windows\System\ptSNPxY.exe
  C:\Windows\System\ptSNPxY.exe
  2⤵
  PID:1252
- C:\Windows\System\tulyCEs.exe
  C:\Windows\System\tulyCEs.exe
  2⤵
  PID:2300
- C:\Windows\System\Bzfvlfh.exe
  C:\Windows\System\Bzfvlfh.exe
  2⤵
  PID:2220
- C:\Windows\System\dOOthAt.exe
  C:\Windows\System\dOOthAt.exe
  2⤵
  PID:2304
- C:\Windows\System\UcAsnHT.exe
  C:\Windows\System\UcAsnHT.exe
  2⤵
  PID:3092
- C:\Windows\System\kdUraoG.exe
  C:\Windows\System\kdUraoG.exe
  2⤵
  PID:3112
- C:\Windows\System\GKASMBb.exe
  C:\Windows\System\GKASMBb.exe
  2⤵
  PID:3132
- C:\Windows\System\RTMPZmH.exe
  C:\Windows\System\RTMPZmH.exe
  2⤵
  PID:3156
- C:\Windows\System\JYHlVty.exe
  C:\Windows\System\JYHlVty.exe
  2⤵
  PID:3176
- C:\Windows\System\nFEFoeO.exe
  C:\Windows\System\nFEFoeO.exe
  2⤵
  PID:3192
- C:\Windows\System\iewMLKC.exe
  C:\Windows\System\iewMLKC.exe
  2⤵
  PID:3220
- C:\Windows\System\kXyCycN.exe
  C:\Windows\System\kXyCycN.exe
  2⤵
  PID:3240
- C:\Windows\System\DycsrHO.exe
  C:\Windows\System\DycsrHO.exe
  2⤵
  PID:3260
- C:\Windows\System\wkrAFSJ.exe
  C:\Windows\System\wkrAFSJ.exe
  2⤵
  PID:3280
- C:\Windows\System\eASfmnw.exe
  C:\Windows\System\eASfmnw.exe
  2⤵
  PID:3300
- C:\Windows\System\xlVEXdM.exe
  C:\Windows\System\xlVEXdM.exe
  2⤵
  PID:3320
- C:\Windows\System\MXMJVmJ.exe
  C:\Windows\System\MXMJVmJ.exe
  2⤵
  PID:3340
- C:\Windows\System\rFAIfKy.exe
  C:\Windows\System\rFAIfKy.exe
  2⤵
  PID:3356
- C:\Windows\System\dnWCIFO.exe
  C:\Windows\System\dnWCIFO.exe
  2⤵
  PID:3376
- C:\Windows\System\wxZHnkk.exe
  C:\Windows\System\wxZHnkk.exe
  2⤵
  PID:3396
- C:\Windows\System\VUotiEX.exe
  C:\Windows\System\VUotiEX.exe
  2⤵
  PID:3416
- C:\Windows\System\CdLDjYH.exe
  C:\Windows\System\CdLDjYH.exe
  2⤵
  PID:3440
- C:\Windows\System\gyAUgfW.exe
  C:\Windows\System\gyAUgfW.exe
  2⤵
  PID:3460
- C:\Windows\System\cVqpqVM.exe
  C:\Windows\System\cVqpqVM.exe
  2⤵
  PID:3480
- C:\Windows\System\TrHdchF.exe
  C:\Windows\System\TrHdchF.exe
  2⤵
  PID:3500
- C:\Windows\System\FPYKBBW.exe
  C:\Windows\System\FPYKBBW.exe
  2⤵
  PID:3524
- C:\Windows\System\QBIetGl.exe
  C:\Windows\System\QBIetGl.exe
  2⤵
  PID:3544
- C:\Windows\System\ZGSxsvD.exe
  C:\Windows\System\ZGSxsvD.exe
  2⤵
  PID:3564
- C:\Windows\System\PulJusO.exe
  C:\Windows\System\PulJusO.exe
  2⤵
  PID:3584
- C:\Windows\System\OouqyHg.exe
  C:\Windows\System\OouqyHg.exe
  2⤵
  PID:3604
- C:\Windows\System\Ewwsaek.exe
  C:\Windows\System\Ewwsaek.exe
  2⤵
  PID:3620
- C:\Windows\System\oHVpQXM.exe
  C:\Windows\System\oHVpQXM.exe
  2⤵
  PID:3636
- C:\Windows\System\TPiYjjh.exe
  C:\Windows\System\TPiYjjh.exe
  2⤵
  PID:3660
- C:\Windows\System\UhgzBGw.exe
  C:\Windows\System\UhgzBGw.exe
  2⤵
  PID:3684
- C:\Windows\System\SNybuPs.exe
  C:\Windows\System\SNybuPs.exe
  2⤵
  PID:3708
- C:\Windows\System\jTGTXrb.exe
  C:\Windows\System\jTGTXrb.exe
  2⤵
  PID:3724
- C:\Windows\System\uKbyJxs.exe
  C:\Windows\System\uKbyJxs.exe
  2⤵
  PID:3744
- C:\Windows\System\YErayAz.exe
  C:\Windows\System\YErayAz.exe
  2⤵
  PID:3768
- C:\Windows\System\fIpeMrg.exe
  C:\Windows\System\fIpeMrg.exe
  2⤵
  PID:3784
- C:\Windows\System\mVsVstl.exe
  C:\Windows\System\mVsVstl.exe
  2⤵
  PID:3800
- C:\Windows\System\iZfmSeR.exe
  C:\Windows\System\iZfmSeR.exe
  2⤵
  PID:3816
- C:\Windows\System\yQLsabO.exe
  C:\Windows\System\yQLsabO.exe
  2⤵
  PID:3844
- C:\Windows\System\uGZZtEl.exe
  C:\Windows\System\uGZZtEl.exe
  2⤵
  PID:3860
- C:\Windows\System\LxRikDW.exe
  C:\Windows\System\LxRikDW.exe
  2⤵
  PID:3876
- C:\Windows\System\bNMLygJ.exe
  C:\Windows\System\bNMLygJ.exe
  2⤵
  PID:3904
- C:\Windows\System\TRdIhrP.exe
  C:\Windows\System\TRdIhrP.exe
  2⤵
  PID:3924
- C:\Windows\System\stBseOO.exe
  C:\Windows\System\stBseOO.exe
  2⤵
  PID:3948
- C:\Windows\System\NPvuPFB.exe
  C:\Windows\System\NPvuPFB.exe
  2⤵
  PID:3968
- C:\Windows\System\BEQNTgt.exe
  C:\Windows\System\BEQNTgt.exe
  2⤵
  PID:3988
- C:\Windows\System\GyOvtPe.exe
  C:\Windows\System\GyOvtPe.exe
  2⤵
  PID:4012
- C:\Windows\System\HEsLlIM.exe
  C:\Windows\System\HEsLlIM.exe
  2⤵
  PID:4032
- C:\Windows\System\sgeHpKz.exe
  C:\Windows\System\sgeHpKz.exe
  2⤵
  PID:4048
- C:\Windows\System\OGEfMRK.exe
  C:\Windows\System\OGEfMRK.exe
  2⤵
  PID:4064
- C:\Windows\System\prQxYqf.exe
  C:\Windows\System\prQxYqf.exe
  2⤵
  PID:4084
- C:\Windows\System\PZjltzf.exe
  C:\Windows\System\PZjltzf.exe
  2⤵
  PID:2912
- C:\Windows\System\dMcPUfn.exe
  C:\Windows\System\dMcPUfn.exe
  2⤵
  PID:1532
- C:\Windows\System\rgmMFYk.exe
  C:\Windows\System\rgmMFYk.exe
  2⤵
  PID:1592
- C:\Windows\System\rBGRZDt.exe
  C:\Windows\System\rBGRZDt.exe
  2⤵
  PID:2788
- C:\Windows\System\VNRJWxx.exe
  C:\Windows\System\VNRJWxx.exe
  2⤵
  PID:1508
- C:\Windows\System\VGEgFer.exe
  C:\Windows\System\VGEgFer.exe
  2⤵
  PID:884
- C:\Windows\System\bNkJDHb.exe
  C:\Windows\System\bNkJDHb.exe
  2⤵
  PID:948
- C:\Windows\System\YPAmADu.exe
  C:\Windows\System\YPAmADu.exe
  2⤵
  PID:3108
- C:\Windows\System\xkwVnVH.exe
  C:\Windows\System\xkwVnVH.exe
  2⤵
  PID:812
- C:\Windows\System\VSgnrlW.exe
  C:\Windows\System\VSgnrlW.exe
  2⤵
  PID:1316
- C:\Windows\System\CmUoKgE.exe
  C:\Windows\System\CmUoKgE.exe
  2⤵
  PID:3184
- C:\Windows\System\XScKdRO.exe
  C:\Windows\System\XScKdRO.exe
  2⤵
  PID:3236
- C:\Windows\System\ynTewcq.exe
  C:\Windows\System\ynTewcq.exe
  2⤵
  PID:3168
- C:\Windows\System\iZALiyD.exe
  C:\Windows\System\iZALiyD.exe
  2⤵
  PID:3212
- C:\Windows\System\IMHgLWH.exe
  C:\Windows\System\IMHgLWH.exe
  2⤵
  PID:3308
- C:\Windows\System\MzKbHEs.exe
  C:\Windows\System\MzKbHEs.exe
  2⤵
  PID:3296
- C:\Windows\System\aWyZaSQ.exe
  C:\Windows\System\aWyZaSQ.exe
  2⤵
  PID:3352
- C:\Windows\System\xsEUOnm.exe
  C:\Windows\System\xsEUOnm.exe
  2⤵
  PID:3392
- C:\Windows\System\XZJvECK.exe
  C:\Windows\System\XZJvECK.exe
  2⤵
  PID:3424
- C:\Windows\System\onjBjPX.exe
  C:\Windows\System\onjBjPX.exe
  2⤵
  PID:3408
- C:\Windows\System\EWlPSFw.exe
  C:\Windows\System\EWlPSFw.exe
  2⤵
  PID:3472
- C:\Windows\System\AdTycbC.exe
  C:\Windows\System\AdTycbC.exe
  2⤵
  PID:3552
- C:\Windows\System\TnImBpn.exe
  C:\Windows\System\TnImBpn.exe
  2⤵
  PID:3488
- C:\Windows\System\oUnmwZR.exe
  C:\Windows\System\oUnmwZR.exe
  2⤵
  PID:3596
- C:\Windows\System\pSTNZjL.exe
  C:\Windows\System\pSTNZjL.exe
  2⤵
  PID:3668
- C:\Windows\System\dwMnHWq.exe
  C:\Windows\System\dwMnHWq.exe
  2⤵
  PID:3580
- C:\Windows\System\toEIRDf.exe
  C:\Windows\System\toEIRDf.exe
  2⤵
  PID:3644
- C:\Windows\System\UiHxpft.exe
  C:\Windows\System\UiHxpft.exe
  2⤵
  PID:3700
- C:\Windows\System\TPsCowC.exe
  C:\Windows\System\TPsCowC.exe
  2⤵
  PID:3760
- C:\Windows\System\bbOMaHt.exe
  C:\Windows\System\bbOMaHt.exe
  2⤵
  PID:3824
- C:\Windows\System\EgLxhCE.exe
  C:\Windows\System\EgLxhCE.exe
  2⤵
  PID:3736
- C:\Windows\System\ZhIpvbu.exe
  C:\Windows\System\ZhIpvbu.exe
  2⤵
  PID:3920
- C:\Windows\System\uOGnCuz.exe
  C:\Windows\System\uOGnCuz.exe
  2⤵
  PID:3812
- C:\Windows\System\vAyYSPo.exe
  C:\Windows\System\vAyYSPo.exe
  2⤵
  PID:3884
- C:\Windows\System\UDVeSzy.exe
  C:\Windows\System\UDVeSzy.exe
  2⤵
  PID:4004
- C:\Windows\System\EyXjrdX.exe
  C:\Windows\System\EyXjrdX.exe
  2⤵
  PID:3936
- C:\Windows\System\xkPbmZu.exe
  C:\Windows\System\xkPbmZu.exe
  2⤵
  PID:4080
- C:\Windows\System\cUnJlZY.exe
  C:\Windows\System\cUnJlZY.exe
  2⤵
  PID:1704
- C:\Windows\System\UWIXenS.exe
  C:\Windows\System\UWIXenS.exe
  2⤵
  PID:2488
- C:\Windows\System\PFVVeRL.exe
  C:\Windows\System\PFVVeRL.exe
  2⤵
  PID:3100
- C:\Windows\System\KHZcSBN.exe
  C:\Windows\System\KHZcSBN.exe
  2⤵
  PID:4060
- C:\Windows\System\omRNYGj.exe
  C:\Windows\System\omRNYGj.exe
  2⤵
  PID:1676
- C:\Windows\System\WmRIKYD.exe
  C:\Windows\System\WmRIKYD.exe
  2⤵
  PID:2100
- C:\Windows\System\uJSrRYe.exe
  C:\Windows\System\uJSrRYe.exe
  2⤵
  PID:3204
- C:\Windows\System\KIMZyUp.exe
  C:\Windows\System\KIMZyUp.exe
  2⤵
  PID:1076
- C:\Windows\System\OxAxWVq.exe
  C:\Windows\System\OxAxWVq.exe
  2⤵
  PID:3332
- C:\Windows\System\mTgjyfM.exe
  C:\Windows\System\mTgjyfM.exe
  2⤵
  PID:3436
- C:\Windows\System\nAiwTKH.exe
  C:\Windows\System\nAiwTKH.exe
  2⤵
  PID:2668
- C:\Windows\System\XyBDDPL.exe
  C:\Windows\System\XyBDDPL.exe
  2⤵
  PID:3144
- C:\Windows\System\CsfYmen.exe
  C:\Windows\System\CsfYmen.exe
  2⤵
  PID:1888
- C:\Windows\System\kRkcCDh.exe
  C:\Windows\System\kRkcCDh.exe
  2⤵
  PID:3540
- C:\Windows\System\NEXohbm.exe
  C:\Windows\System\NEXohbm.exe
  2⤵
  PID:3680
- C:\Windows\System\jTynYhR.exe
  C:\Windows\System\jTynYhR.exe
  2⤵
  PID:3368
- C:\Windows\System\OZkgiVe.exe
  C:\Windows\System\OZkgiVe.exe
  2⤵
  PID:3476
- C:\Windows\System\gaHivji.exe
  C:\Windows\System\gaHivji.exe
  2⤵
  PID:3792
- C:\Windows\System\nEQWGKE.exe
  C:\Windows\System\nEQWGKE.exe
  2⤵
  PID:3872
- C:\Windows\System\YflvbDa.exe
  C:\Windows\System\YflvbDa.exe
  2⤵
  PID:3628
- C:\Windows\System\UAqHWcM.exe
  C:\Windows\System\UAqHWcM.exe
  2⤵
  PID:3960
- C:\Windows\System\YaQpGrt.exe
  C:\Windows\System\YaQpGrt.exe
  2⤵
  PID:3740
- C:\Windows\System\UeNAVtF.exe
  C:\Windows\System\UeNAVtF.exe
  2⤵
  PID:3896
- C:\Windows\System\lIsCWgn.exe
  C:\Windows\System\lIsCWgn.exe
  2⤵
  PID:3780
- C:\Windows\System\FuCxGKR.exe
  C:\Windows\System\FuCxGKR.exe
  2⤵
  PID:3996
- C:\Windows\System\wwldAum.exe
  C:\Windows\System\wwldAum.exe
  2⤵
  PID:4044
- C:\Windows\System\qozNbMU.exe
  C:\Windows\System\qozNbMU.exe
  2⤵
  PID:4028
- C:\Windows\System\JQCqHRj.exe
  C:\Windows\System\JQCqHRj.exe
  2⤵
  PID:1160
- C:\Windows\System\YrDFpNX.exe
  C:\Windows\System\YrDFpNX.exe
  2⤵
  PID:840
- C:\Windows\System\ATLlZat.exe
  C:\Windows\System\ATLlZat.exe
  2⤵
  PID:3276
- C:\Windows\System\yeytQaW.exe
  C:\Windows\System\yeytQaW.exe
  2⤵
  PID:2812
- C:\Windows\System\EZWcvWY.exe
  C:\Windows\System\EZWcvWY.exe
  2⤵
  PID:2440
- C:\Windows\System\zzbXWDr.exe
  C:\Windows\System\zzbXWDr.exe
  2⤵
  PID:3536
- C:\Windows\System\ehucCPw.exe
  C:\Windows\System\ehucCPw.exe
  2⤵
  PID:3656
- C:\Windows\System\tnWdWdK.exe
  C:\Windows\System\tnWdWdK.exe
  2⤵
  PID:2680
- C:\Windows\System\UvFNVNh.exe
  C:\Windows\System\UvFNVNh.exe
  2⤵
  PID:3612
- C:\Windows\System\kGJHLaA.exe
  C:\Windows\System\kGJHLaA.exe
  2⤵
  PID:3900
- C:\Windows\System\wCgRzno.exe
  C:\Windows\System\wCgRzno.exe
  2⤵
  PID:3288
- C:\Windows\System\ySCnXwp.exe
  C:\Windows\System\ySCnXwp.exe
  2⤵
  PID:3672
- C:\Windows\System\LVUUhNq.exe
  C:\Windows\System\LVUUhNq.exe
  2⤵
  PID:1852
- C:\Windows\System\zPCtvFK.exe
  C:\Windows\System\zPCtvFK.exe
  2⤵
  PID:2036
- C:\Windows\System\fwScojB.exe
  C:\Windows\System\fwScojB.exe
  2⤵
  PID:2676
- C:\Windows\System\FziPnUv.exe
  C:\Windows\System\FziPnUv.exe
  2⤵
  PID:3148
- C:\Windows\System\ZyrMaZp.exe
  C:\Windows\System\ZyrMaZp.exe
  2⤵
  PID:3520
- C:\Windows\System\JbpPVco.exe
  C:\Windows\System\JbpPVco.exe
  2⤵
  PID:3468
- C:\Windows\System\ydhdNeS.exe
  C:\Windows\System\ydhdNeS.exe
  2⤵
  PID:3912
- C:\Windows\System\HqBHHbH.exe
  C:\Windows\System\HqBHHbH.exe
  2⤵
  PID:1560
- C:\Windows\System\fpauYwh.exe
  C:\Windows\System\fpauYwh.exe
  2⤵
  PID:552
- C:\Windows\System\PMcHKIR.exe
  C:\Windows\System\PMcHKIR.exe
  2⤵
  PID:2596
- C:\Windows\System\NNaWEFS.exe
  C:\Windows\System\NNaWEFS.exe
  2⤵
  PID:2996
- C:\Windows\System\QSpfawq.exe
  C:\Windows\System\QSpfawq.exe
  2⤵
  PID:2512
- C:\Windows\System\RYHNdZI.exe
  C:\Windows\System\RYHNdZI.exe
  2⤵
  PID:2904
- C:\Windows\System\SasWlgM.exe
  C:\Windows\System\SasWlgM.exe
  2⤵
  PID:3732
- C:\Windows\System\bvZBDUN.exe
  C:\Windows\System\bvZBDUN.exe
  2⤵
  PID:3076
- C:\Windows\System\nPGUoKC.exe
  C:\Windows\System\nPGUoKC.exe
  2⤵
  PID:3164
- C:\Windows\System\RWrgvgZ.exe
  C:\Windows\System\RWrgvgZ.exe
  2⤵
  PID:1524
- C:\Windows\System\JNjCtYg.exe
  C:\Windows\System\JNjCtYg.exe
  2⤵
  PID:2464
- C:\Windows\System\yYaexyz.exe
  C:\Windows\System\yYaexyz.exe
  2⤵
  PID:2712
- C:\Windows\System\YDYONDQ.exe
  C:\Windows\System\YDYONDQ.exe
  2⤵
  PID:1884
- C:\Windows\System\oOvrBIB.exe
  C:\Windows\System\oOvrBIB.exe
  2⤵
  PID:3980
- C:\Windows\System\yNIedNr.exe
  C:\Windows\System\yNIedNr.exe
  2⤵
  PID:2928
- C:\Windows\System\rBpKbhf.exe
  C:\Windows\System\rBpKbhf.exe
  2⤵
  PID:2752
- C:\Windows\System\ZMEaqzz.exe
  C:\Windows\System\ZMEaqzz.exe
  2⤵
  PID:392
- C:\Windows\System\OIxYvwP.exe
  C:\Windows\System\OIxYvwP.exe
  2⤵
  PID:2380
- C:\Windows\System\yPEOrIc.exe
  C:\Windows\System\yPEOrIc.exe
  2⤵
  PID:2164
- C:\Windows\System\oSZLbIY.exe
  C:\Windows\System\oSZLbIY.exe
  2⤵
  PID:1384
- C:\Windows\System\gIhfZzP.exe
  C:\Windows\System\gIhfZzP.exe
  2⤵
  PID:3964
- C:\Windows\System\zezdBGz.exe
  C:\Windows\System\zezdBGz.exe
  2⤵
  PID:1876
- C:\Windows\System\kDPbrlb.exe
  C:\Windows\System\kDPbrlb.exe
  2⤵
  PID:2356
- C:\Windows\System\OiZLDid.exe
  C:\Windows\System\OiZLDid.exe
  2⤵
  PID:1452
- C:\Windows\System\XBcxKZK.exe
  C:\Windows\System\XBcxKZK.exe
  2⤵
  PID:3028
- C:\Windows\System\fRcSsoU.exe
  C:\Windows\System\fRcSsoU.exe
  2⤵
  PID:612
- C:\Windows\System\EEhAlxy.exe
  C:\Windows\System\EEhAlxy.exe
  2⤵
  PID:1092
- C:\Windows\System\kddPnLh.exe
  C:\Windows\System\kddPnLh.exe
  2⤵
  PID:3840
- C:\Windows\System\ypjAWzb.exe
  C:\Windows\System\ypjAWzb.exe
  2⤵
  PID:2364
- C:\Windows\System\BdBFPlX.exe
  C:\Windows\System\BdBFPlX.exe
  2⤵
  PID:264
- C:\Windows\System\SGHLbbB.exe
  C:\Windows\System\SGHLbbB.exe
  2⤵
  PID:2388
- C:\Windows\System\kMOxcMt.exe
  C:\Windows\System\kMOxcMt.exe
  2⤵
  PID:936
- C:\Windows\System\cRnIeuw.exe
  C:\Windows\System\cRnIeuw.exe
  2⤵
  PID:2408
- C:\Windows\System\pPVXRuM.exe
  C:\Windows\System\pPVXRuM.exe
  2⤵
  PID:3048
- C:\Windows\System\NmrYoVI.exe
  C:\Windows\System\NmrYoVI.exe
  2⤵
  PID:2324
- C:\Windows\System\UnOPYcK.exe
  C:\Windows\System\UnOPYcK.exe
  2⤵
  PID:1124
- C:\Windows\System\gWtrspY.exe
  C:\Windows\System\gWtrspY.exe
  2⤵
  PID:2076
- C:\Windows\System\yRVDxCT.exe
  C:\Windows\System\yRVDxCT.exe
  2⤵
  PID:2452
- C:\Windows\System\fTbfzEU.exe
  C:\Windows\System\fTbfzEU.exe
  2⤵
  PID:2628
- C:\Windows\System\kjaMMDJ.exe
  C:\Windows\System\kjaMMDJ.exe
  2⤵
  PID:2372
- C:\Windows\System\RHEbyxz.exe
  C:\Windows\System\RHEbyxz.exe
  2⤵
  PID:3976
- C:\Windows\System\zFCsOQa.exe
  C:\Windows\System\zFCsOQa.exe
  2⤵
  PID:2600
- C:\Windows\System\UUDPgAk.exe
  C:\Windows\System\UUDPgAk.exe
  2⤵
  PID:900
- C:\Windows\System\BqGVBBD.exe
  C:\Windows\System\BqGVBBD.exe
  2⤵
  PID:992
- C:\Windows\System\LPPDJqb.exe
  C:\Windows\System\LPPDJqb.exe
  2⤵
  PID:1232
- C:\Windows\System\GKllayY.exe
  C:\Windows\System\GKllayY.exe
  2⤵
  PID:2216
- C:\Windows\System\cfnXODq.exe
  C:\Windows\System\cfnXODq.exe
  2⤵
  PID:2016
- C:\Windows\System\PJeNPze.exe
  C:\Windows\System\PJeNPze.exe
  2⤵
  PID:2224
- C:\Windows\System\TqSqHfE.exe
  C:\Windows\System\TqSqHfE.exe
  2⤵
  PID:2148
- C:\Windows\System\cKQKrnT.exe
  C:\Windows\System\cKQKrnT.exe
  2⤵
  PID:2836
- C:\Windows\System\AYyjHBN.exe
  C:\Windows\System\AYyjHBN.exe
  2⤵
  PID:2664
- C:\Windows\System\gpPUtaP.exe
  C:\Windows\System\gpPUtaP.exe
  2⤵
  PID:4104
- C:\Windows\System\vFRKent.exe
  C:\Windows\System\vFRKent.exe
  2⤵
  PID:4120
- C:\Windows\System\SWCzvkY.exe
  C:\Windows\System\SWCzvkY.exe
  2⤵
  PID:4136
- C:\Windows\System\DNsDRzl.exe
  C:\Windows\System\DNsDRzl.exe
  2⤵
  PID:4160
- C:\Windows\System\ucRKQvw.exe
  C:\Windows\System\ucRKQvw.exe
  2⤵
  PID:4176
- C:\Windows\System\xuAhKKe.exe
  C:\Windows\System\xuAhKKe.exe
  2⤵
  PID:4216
- C:\Windows\System\UpWhZWh.exe
  C:\Windows\System\UpWhZWh.exe
  2⤵
  PID:4232
- C:\Windows\System\aGzJxmb.exe
  C:\Windows\System\aGzJxmb.exe
  2⤵
  PID:4252
- C:\Windows\System\IUAuSLh.exe
  C:\Windows\System\IUAuSLh.exe
  2⤵
  PID:4268
- C:\Windows\System\fuUllsg.exe
  C:\Windows\System\fuUllsg.exe
  2⤵
  PID:4284
- C:\Windows\System\aOVJGyB.exe
  C:\Windows\System\aOVJGyB.exe
  2⤵
  PID:4308
- C:\Windows\System\WLsNsla.exe
  C:\Windows\System\WLsNsla.exe
  2⤵
  PID:4324
- C:\Windows\System\aTuWZLC.exe
  C:\Windows\System\aTuWZLC.exe
  2⤵
  PID:4340
- C:\Windows\System\ItmKEVX.exe
  C:\Windows\System\ItmKEVX.exe
  2⤵
  PID:4356
- C:\Windows\System\LWaAELe.exe
  C:\Windows\System\LWaAELe.exe
  2⤵
  PID:4380
- C:\Windows\System\QDplNrF.exe
  C:\Windows\System\QDplNrF.exe
  2⤵
  PID:4400
- C:\Windows\System\yShnXLC.exe
  C:\Windows\System\yShnXLC.exe
  2⤵
  PID:4416
- C:\Windows\System\hDZASvu.exe
  C:\Windows\System\hDZASvu.exe
  2⤵
  PID:4440
- C:\Windows\System\ZKXKhdf.exe
  C:\Windows\System\ZKXKhdf.exe
  2⤵
  PID:4456
- C:\Windows\System\veuTdFp.exe
  C:\Windows\System\veuTdFp.exe
  2⤵
  PID:4472
- C:\Windows\System\hhPRYCe.exe
  C:\Windows\System\hhPRYCe.exe
  2⤵
  PID:4488
- C:\Windows\System\BgVnwvA.exe
  C:\Windows\System\BgVnwvA.exe
  2⤵
  PID:4536
- C:\Windows\System\DWoWkAv.exe
  C:\Windows\System\DWoWkAv.exe
  2⤵
  PID:4552
- C:\Windows\System\GmPhWLY.exe
  C:\Windows\System\GmPhWLY.exe
  2⤵
  PID:4572
- C:\Windows\System\WIMbWYL.exe
  C:\Windows\System\WIMbWYL.exe
  2⤵
  PID:4588
- C:\Windows\System\cXlSDPq.exe
  C:\Windows\System\cXlSDPq.exe
  2⤵
  PID:4604
- C:\Windows\System\MjRMcrN.exe
  C:\Windows\System\MjRMcrN.exe
  2⤵
  PID:4648
- C:\Windows\System\KwwnzTa.exe
  C:\Windows\System\KwwnzTa.exe
  2⤵
  PID:4688
- C:\Windows\System\RhrCKmE.exe
  C:\Windows\System\RhrCKmE.exe
  2⤵
  PID:4704
- C:\Windows\System\arKRiLk.exe
  C:\Windows\System\arKRiLk.exe
  2⤵
  PID:4720
- C:\Windows\System\ULEEyLA.exe
  C:\Windows\System\ULEEyLA.exe
  2⤵
  PID:4740
- C:\Windows\System\mmIBdCk.exe
  C:\Windows\System\mmIBdCk.exe
  2⤵
  PID:4764
- C:\Windows\System\PzbnhYA.exe
  C:\Windows\System\PzbnhYA.exe
  2⤵
  PID:4780
- C:\Windows\System\CJvxPJN.exe
  C:\Windows\System\CJvxPJN.exe
  2⤵
  PID:4800
- C:\Windows\System\ulfHuWr.exe
  C:\Windows\System\ulfHuWr.exe
  2⤵
  PID:4824
- C:\Windows\System\erGEkRi.exe
  C:\Windows\System\erGEkRi.exe
  2⤵
  PID:4844
- C:\Windows\System\zxrOOHW.exe
  C:\Windows\System\zxrOOHW.exe
  2⤵
  PID:4872
- C:\Windows\System\zhWIUHg.exe
  C:\Windows\System\zhWIUHg.exe
  2⤵
  PID:4888
- C:\Windows\System\xYiHudE.exe
  C:\Windows\System\xYiHudE.exe
  2⤵
  PID:4904
- C:\Windows\System\cvSBiQQ.exe
  C:\Windows\System\cvSBiQQ.exe
  2⤵
  PID:4920
- C:\Windows\System\ZUpjxCL.exe
  C:\Windows\System\ZUpjxCL.exe
  2⤵
  PID:4936
- C:\Windows\System\WJeksVP.exe
  C:\Windows\System\WJeksVP.exe
  2⤵
  PID:4956
- C:\Windows\System\xXUZvxi.exe
  C:\Windows\System\xXUZvxi.exe
  2⤵
  PID:4972
- C:\Windows\System\HGdZHsr.exe
  C:\Windows\System\HGdZHsr.exe
  2⤵
  PID:4992
- C:\Windows\System\INmaGxZ.exe
  C:\Windows\System\INmaGxZ.exe
  2⤵
  PID:5032
- C:\Windows\System\dleFHDo.exe
  C:\Windows\System\dleFHDo.exe
  2⤵
  PID:5048
- C:\Windows\System\fVlLJMX.exe
  C:\Windows\System\fVlLJMX.exe
  2⤵
  PID:5064
- C:\Windows\System\NPNdrDX.exe
  C:\Windows\System\NPNdrDX.exe
  2⤵
  PID:5080
- C:\Windows\System\LVgwqwL.exe
  C:\Windows\System\LVgwqwL.exe
  2⤵
  PID:5100
- C:\Windows\System\pGwHqpA.exe
  C:\Windows\System\pGwHqpA.exe
  2⤵
  PID:2576
- C:\Windows\System\XTpMkzX.exe
  C:\Windows\System\XTpMkzX.exe
  2⤵
  PID:940
- C:\Windows\System\akCGPDf.exe
  C:\Windows\System\akCGPDf.exe
  2⤵
  PID:4188
- C:\Windows\System\BZpaYrc.exe
  C:\Windows\System\BZpaYrc.exe
  2⤵
  PID:4152
- C:\Windows\System\EUGfgbO.exe
  C:\Windows\System\EUGfgbO.exe
  2⤵
  PID:4200
- C:\Windows\System\SFqhFsk.exe
  C:\Windows\System\SFqhFsk.exe
  2⤵
  PID:4248
- C:\Windows\System\OpbXKkN.exe
  C:\Windows\System\OpbXKkN.exe
  2⤵
  PID:4316
- C:\Windows\System\gtqheqG.exe
  C:\Windows\System\gtqheqG.exe
  2⤵
  PID:4304
- C:\Windows\System\dYpBKEX.exe
  C:\Windows\System\dYpBKEX.exe
  2⤵
  PID:4364
- C:\Windows\System\VcYERAH.exe
  C:\Windows\System\VcYERAH.exe
  2⤵
  PID:4408
- C:\Windows\System\AtBkZxg.exe
  C:\Windows\System\AtBkZxg.exe
  2⤵
  PID:4332
- C:\Windows\System\WcrdUNG.exe
  C:\Windows\System\WcrdUNG.exe
  2⤵
  PID:4484
- C:\Windows\System\artXDmQ.exe
  C:\Windows\System\artXDmQ.exe
  2⤵
  PID:4428
- C:\Windows\System\kyMIFse.exe
  C:\Windows\System\kyMIFse.exe
  2⤵
  PID:4500
- C:\Windows\System\zJQgiSd.exe
  C:\Windows\System\zJQgiSd.exe
  2⤵
  PID:4524
- C:\Windows\System\EGcYtjT.exe
  C:\Windows\System\EGcYtjT.exe
  2⤵
  PID:4560
- C:\Windows\System\OVuDFGY.exe
  C:\Windows\System\OVuDFGY.exe
  2⤵
  PID:4612
- C:\Windows\System\iKfitgU.exe
  C:\Windows\System\iKfitgU.exe
  2⤵
  PID:4548
- C:\Windows\System\SdsqNhq.exe
  C:\Windows\System\SdsqNhq.exe
  2⤵
  PID:4632
- C:\Windows\System\JDoqvDH.exe
  C:\Windows\System\JDoqvDH.exe
  2⤵
  PID:4656
- C:\Windows\System\SeVUmig.exe
  C:\Windows\System\SeVUmig.exe
  2⤵
  PID:4760
- C:\Windows\System\iXGlfLF.exe
  C:\Windows\System\iXGlfLF.exe
  2⤵
  PID:4696
- C:\Windows\System\nVYeoWe.exe
  C:\Windows\System\nVYeoWe.exe
  2⤵
  PID:4772
- C:\Windows\System\MEKpERP.exe
  C:\Windows\System\MEKpERP.exe
  2⤵
  PID:4820
- C:\Windows\System\dHPeyYC.exe
  C:\Windows\System\dHPeyYC.exe
  2⤵
  PID:4860
- C:\Windows\System\aPprexK.exe
  C:\Windows\System\aPprexK.exe
  2⤵
  PID:4792
- C:\Windows\System\DWJPovY.exe
  C:\Windows\System\DWJPovY.exe
  2⤵
  PID:4868
- C:\Windows\System\iCZizwW.exe
  C:\Windows\System\iCZizwW.exe
  2⤵
  PID:4932
- C:\Windows\System\wHbSdUa.exe
  C:\Windows\System\wHbSdUa.exe
  2⤵
  PID:5008
- C:\Windows\System\IprCHTe.exe
  C:\Windows\System\IprCHTe.exe
  2⤵
  PID:4884
- C:\Windows\System\InJsoAc.exe
  C:\Windows\System\InJsoAc.exe
  2⤵
  PID:4944
- C:\Windows\System\KDblrTU.exe
  C:\Windows\System\KDblrTU.exe
  2⤵
  PID:4988
- C:\Windows\System\LeiTdaJ.exe
  C:\Windows\System\LeiTdaJ.exe
  2⤵
  PID:5028
- C:\Windows\System\DAvrWDn.exe
  C:\Windows\System\DAvrWDn.exe
  2⤵
  PID:5096
- C:\Windows\System\BsmAxbq.exe
  C:\Windows\System\BsmAxbq.exe
  2⤵
  PID:4116
- C:\Windows\System\UIstMUc.exe
  C:\Windows\System\UIstMUc.exe
  2⤵
  PID:5044
- C:\Windows\System\mBzTQOA.exe
  C:\Windows\System\mBzTQOA.exe
  2⤵
  PID:5076
- C:\Windows\System\XZvrdwN.exe
  C:\Windows\System\XZvrdwN.exe
  2⤵
  PID:2144
- C:\Windows\System\JgTpeQL.exe
  C:\Windows\System\JgTpeQL.exe
  2⤵
  PID:4196
- C:\Windows\System\EAWuHxd.exe
  C:\Windows\System\EAWuHxd.exe
  2⤵
  PID:4244
- C:\Windows\System\wGIFiDn.exe
  C:\Windows\System\wGIFiDn.exe
  2⤵
  PID:4240
- C:\Windows\System\mDFmndm.exe
  C:\Windows\System\mDFmndm.exe
  2⤵
  PID:4228
- C:\Windows\System\fepQXlw.exe
  C:\Windows\System\fepQXlw.exe
  2⤵
  PID:4296
- C:\Windows\System\psWNwFV.exe
  C:\Windows\System\psWNwFV.exe
  2⤵
  PID:4336
- C:\Windows\System\NaDFSyj.exe
  C:\Windows\System\NaDFSyj.exe
  2⤵
  PID:4448
- C:\Windows\System\nPQHgOV.exe
  C:\Windows\System\nPQHgOV.exe
  2⤵
  PID:4496
- C:\Windows\System\ZuUwflf.exe
  C:\Windows\System\ZuUwflf.exe
  2⤵
  PID:4568
- C:\Windows\System\lHUsXmF.exe
  C:\Windows\System\lHUsXmF.exe
  2⤵
  PID:4756
- C:\Windows\System\JdjBoIo.exe
  C:\Windows\System\JdjBoIo.exe
  2⤵
  PID:4520
- C:\Windows\System\rgUKKLc.exe
  C:\Windows\System\rgUKKLc.exe
  2⤵
  PID:4584
- C:\Windows\System\kcXpUoZ.exe
  C:\Windows\System\kcXpUoZ.exe
  2⤵
  PID:4712
- C:\Windows\System\IGHfNlz.exe
  C:\Windows\System\IGHfNlz.exe
  2⤵
  PID:4816
- C:\Windows\System\SxvHqMT.exe
  C:\Windows\System\SxvHqMT.exe
  2⤵
  PID:4832
- C:\Windows\System\sVgWBTT.exe
  C:\Windows\System\sVgWBTT.exe
  2⤵
  PID:4896
- C:\Windows\System\baneLtr.exe
  C:\Windows\System\baneLtr.exe
  2⤵
  PID:4912
- C:\Windows\System\AigwHjf.exe
  C:\Windows\System\AigwHjf.exe
  2⤵
  PID:4788
- C:\Windows\System\jDiLRPO.exe
  C:\Windows\System\jDiLRPO.exe
  2⤵
  PID:4900
- C:\Windows\System\heqhTfy.exe
  C:\Windows\System\heqhTfy.exe
  2⤵
  PID:4880
- C:\Windows\System\dkMCxpU.exe
  C:\Windows\System\dkMCxpU.exe
  2⤵
  PID:5060
- C:\Windows\System\oYcFFac.exe
  C:\Windows\System\oYcFFac.exe
  2⤵
  PID:1748
- C:\Windows\System\MKJIYNx.exe
  C:\Windows\System\MKJIYNx.exe
  2⤵
  PID:4300
- C:\Windows\System\uWXdzJh.exe
  C:\Windows\System\uWXdzJh.exe
  2⤵
  PID:4424
- C:\Windows\System\xNjPLfI.exe
  C:\Windows\System\xNjPLfI.exe
  2⤵
  PID:2656
- C:\Windows\System\cKKDABh.exe
  C:\Windows\System\cKKDABh.exe
  2⤵
  PID:4532
- C:\Windows\System\TngKCIj.exe
  C:\Windows\System\TngKCIj.exe
  2⤵
  PID:4516
- C:\Windows\System\aiEnven.exe
  C:\Windows\System\aiEnven.exe
  2⤵
  PID:4952
- C:\Windows\System\mHGxSnN.exe
  C:\Windows\System\mHGxSnN.exe
  2⤵
  PID:5016
- C:\Windows\System\eaCDfeT.exe
  C:\Windows\System\eaCDfeT.exe
  2⤵
  PID:4212
- C:\Windows\System\fJtcvju.exe
  C:\Windows\System\fJtcvju.exe
  2⤵
  PID:4396
- C:\Windows\System\WyjirsS.exe
  C:\Windows\System\WyjirsS.exe
  2⤵
  PID:4392
- C:\Windows\System\uTSgVCQ.exe
  C:\Windows\System\uTSgVCQ.exe
  2⤵
  PID:5128
- C:\Windows\System\uTtnvdj.exe
  C:\Windows\System\uTtnvdj.exe
  2⤵
  PID:5168
- C:\Windows\System\gkpClOq.exe
  C:\Windows\System\gkpClOq.exe
  2⤵
  PID:5188
- C:\Windows\System\jLXZBRr.exe
  C:\Windows\System\jLXZBRr.exe
  2⤵
  PID:5204
- C:\Windows\System\FyZwrgO.exe
  C:\Windows\System\FyZwrgO.exe
  2⤵
  PID:5220
- C:\Windows\System\mNJTXED.exe
  C:\Windows\System\mNJTXED.exe
  2⤵
  PID:5236
- C:\Windows\System\AgkyYnF.exe
  C:\Windows\System\AgkyYnF.exe
  2⤵
  PID:5260
- C:\Windows\System\lPdwSpo.exe
  C:\Windows\System\lPdwSpo.exe
  2⤵
  PID:5280
- C:\Windows\System\ajemFES.exe
  C:\Windows\System\ajemFES.exe
  2⤵
  PID:5296
- C:\Windows\System\uuFmONx.exe
  C:\Windows\System\uuFmONx.exe
  2⤵
  PID:5312
- C:\Windows\System\lEtzzQy.exe
  C:\Windows\System\lEtzzQy.exe
  2⤵
  PID:5348
- C:\Windows\System\RdThpvf.exe
  C:\Windows\System\RdThpvf.exe
  2⤵
  PID:5368
- C:\Windows\System\nEKENvG.exe
  C:\Windows\System\nEKENvG.exe
  2⤵
  PID:5384
- C:\Windows\System\MhEtUTa.exe
  C:\Windows\System\MhEtUTa.exe
  2⤵
  PID:5424
- C:\Windows\System\WqqlHfA.exe
  C:\Windows\System\WqqlHfA.exe
  2⤵
  PID:5440
- C:\Windows\System\VLswMAE.exe
  C:\Windows\System\VLswMAE.exe
  2⤵
  PID:5456
- C:\Windows\System\XIgYPMy.exe
  C:\Windows\System\XIgYPMy.exe
  2⤵
  PID:5488
- C:\Windows\System\jdYlnpO.exe
  C:\Windows\System\jdYlnpO.exe
  2⤵
  PID:5508
- C:\Windows\System\UuoLKwf.exe
  C:\Windows\System\UuoLKwf.exe
  2⤵
  PID:5536
- C:\Windows\System\tYWmnbp.exe
  C:\Windows\System\tYWmnbp.exe
  2⤵
  PID:5552
- C:\Windows\System\BXLMQId.exe
  C:\Windows\System\BXLMQId.exe
  2⤵
  PID:5568
- C:\Windows\System\vwhxIBF.exe
  C:\Windows\System\vwhxIBF.exe
  2⤵
  PID:5588
- C:\Windows\System\jywnrqC.exe
  C:\Windows\System\jywnrqC.exe
  2⤵
  PID:5608
- C:\Windows\System\tTOaZer.exe
  C:\Windows\System\tTOaZer.exe
  2⤵
  PID:5636
- C:\Windows\System\PakRwAX.exe
  C:\Windows\System\PakRwAX.exe
  2⤵
  PID:5652
- C:\Windows\System\AZBpchL.exe
  C:\Windows\System\AZBpchL.exe
  2⤵
  PID:5668
- C:\Windows\System\lLpyOyx.exe
  C:\Windows\System\lLpyOyx.exe
  2⤵
  PID:5696
- C:\Windows\System\UPKqTLV.exe
  C:\Windows\System\UPKqTLV.exe
  2⤵
  PID:5712
- C:\Windows\System\HMrUvQW.exe
  C:\Windows\System\HMrUvQW.exe
  2⤵
  PID:5732
- C:\Windows\System\ECSomSE.exe
  C:\Windows\System\ECSomSE.exe
  2⤵
  PID:5748
- C:\Windows\System\CiFNxDh.exe
  C:\Windows\System\CiFNxDh.exe
  2⤵
  PID:5768
- C:\Windows\System\zmLXDEH.exe
  C:\Windows\System\zmLXDEH.exe
  2⤵
  PID:5792
- C:\Windows\System\zeqiYDK.exe
  C:\Windows\System\zeqiYDK.exe
  2⤵
  PID:5812
- C:\Windows\System\KJTLRfg.exe
  C:\Windows\System\KJTLRfg.exe
  2⤵
  PID:5828
- C:\Windows\System\VCIvtPQ.exe
  C:\Windows\System\VCIvtPQ.exe
  2⤵
  PID:5844
- C:\Windows\System\MsyiXZx.exe
  C:\Windows\System\MsyiXZx.exe
  2⤵
  PID:5860
- C:\Windows\System\QtrXKQC.exe
  C:\Windows\System\QtrXKQC.exe
  2⤵
  PID:5880
- C:\Windows\System\dIrLVXY.exe
  C:\Windows\System\dIrLVXY.exe
  2⤵
  PID:5908
- C:\Windows\System\qZMLcab.exe
  C:\Windows\System\qZMLcab.exe
  2⤵
  PID:5932
- C:\Windows\System\SCORouJ.exe
  C:\Windows\System\SCORouJ.exe
  2⤵
  PID:5952
- C:\Windows\System\WFQlmDb.exe
  C:\Windows\System\WFQlmDb.exe
  2⤵
  PID:5984
- C:\Windows\System\UMkfuyA.exe
  C:\Windows\System\UMkfuyA.exe
  2⤵
  PID:6000
- C:\Windows\System\MusVPyu.exe
  C:\Windows\System\MusVPyu.exe
  2⤵
  PID:6016
- C:\Windows\System\EgIzEDH.exe
  C:\Windows\System\EgIzEDH.exe
  2⤵
  PID:6032
- C:\Windows\System\mUyAngP.exe
  C:\Windows\System\mUyAngP.exe
  2⤵
  PID:6052
- C:\Windows\System\WRwYhvU.exe
  C:\Windows\System\WRwYhvU.exe
  2⤵
  PID:6080
- C:\Windows\System\bxQQBXM.exe
  C:\Windows\System\bxQQBXM.exe
  2⤵
  PID:6100
- C:\Windows\System\fctpMoe.exe
  C:\Windows\System\fctpMoe.exe
  2⤵
  PID:6116
- C:\Windows\System\YRzFcLk.exe
  C:\Windows\System\YRzFcLk.exe
  2⤵
  PID:6132
- C:\Windows\System\agMmfGx.exe
  C:\Windows\System\agMmfGx.exe
  2⤵
  PID:4620
- C:\Windows\System\YzUJYiV.exe
  C:\Windows\System\YzUJYiV.exe
  2⤵
  PID:5152
- C:\Windows\System\HRlvpTf.exe
  C:\Windows\System\HRlvpTf.exe
  2⤵
  PID:4132
- C:\Windows\System\gMFbdXt.exe
  C:\Windows\System\gMFbdXt.exe
  2⤵
  PID:5056
- C:\Windows\System\FVDEoTT.exe
  C:\Windows\System\FVDEoTT.exe
  2⤵
  PID:5212
- C:\Windows\System\GXgMKyA.exe
  C:\Windows\System\GXgMKyA.exe
  2⤵
  PID:5268
- C:\Windows\System\xUfjUrH.exe
  C:\Windows\System\xUfjUrH.exe
  2⤵
  PID:5336
- C:\Windows\System\HiRScyW.exe
  C:\Windows\System\HiRScyW.exe
  2⤵
  PID:5116
- C:\Windows\System\fAsPnIq.exe
  C:\Windows\System\fAsPnIq.exe
  2⤵
  PID:5276
- C:\Windows\System\qrWYFva.exe
  C:\Windows\System\qrWYFva.exe
  2⤵
  PID:5228
- C:\Windows\System\AsfauXa.exe
  C:\Windows\System\AsfauXa.exe
  2⤵
  PID:5392
- C:\Windows\System\XYoqHPb.exe
  C:\Windows\System\XYoqHPb.exe
  2⤵
  PID:5416
- C:\Windows\System\cEBvEiG.exe
  C:\Windows\System\cEBvEiG.exe
  2⤵
  PID:5436
- C:\Windows\System\vPOKGWB.exe
  C:\Windows\System\vPOKGWB.exe
  2⤵
  PID:5072
- C:\Windows\System\KCqVDNo.exe
  C:\Windows\System\KCqVDNo.exe
  2⤵
  PID:5504
- C:\Windows\System\hNBiBvd.exe
  C:\Windows\System\hNBiBvd.exe
  2⤵
  PID:5468
- C:\Windows\System\PtcSCGR.exe
  C:\Windows\System\PtcSCGR.exe
  2⤵
  PID:3616
- C:\Windows\System\jJumWop.exe
  C:\Windows\System\jJumWop.exe
  2⤵
  PID:5528
- C:\Windows\System\AqJHWoZ.exe
  C:\Windows\System\AqJHWoZ.exe
  2⤵
  PID:5560
- C:\Windows\System\nETHbmw.exe
  C:\Windows\System\nETHbmw.exe
  2⤵
  PID:5604
- C:\Windows\System\yhgcCiq.exe
  C:\Windows\System\yhgcCiq.exe
  2⤵
  PID:5660
- C:\Windows\System\pNmitnV.exe
  C:\Windows\System\pNmitnV.exe
  2⤵
  PID:5688
- C:\Windows\System\qXgUOLq.exe
  C:\Windows\System\qXgUOLq.exe
  2⤵
  PID:5724
- C:\Windows\System\uYbFstp.exe
  C:\Windows\System\uYbFstp.exe
  2⤵
  PID:4264
- C:\Windows\System\THqOvGR.exe
  C:\Windows\System\THqOvGR.exe
  2⤵
  PID:5840
- C:\Windows\System\csBCfbc.exe
  C:\Windows\System\csBCfbc.exe
  2⤵
  PID:5876
- C:\Windows\System\zYHmlYD.exe
  C:\Windows\System\zYHmlYD.exe
  2⤵
  PID:5904
- C:\Windows\System\MoFpSJe.exe
  C:\Windows\System\MoFpSJe.exe
  2⤵
  PID:5920
- C:\Windows\System\cWCnMPA.exe
  C:\Windows\System\cWCnMPA.exe
  2⤵
  PID:5972
- C:\Windows\System\ECHyMHK.exe
  C:\Windows\System\ECHyMHK.exe
  2⤵
  PID:6008
- C:\Windows\System\kRYCYRG.exe
  C:\Windows\System\kRYCYRG.exe
  2⤵
  PID:6068
- C:\Windows\System\aXovbQw.exe
  C:\Windows\System\aXovbQw.exe
  2⤵
  PID:6028
- C:\Windows\System\ldtOSbe.exe
  C:\Windows\System\ldtOSbe.exe
  2⤵
  PID:6060
- C:\Windows\System\jPjLxME.exe
  C:\Windows\System\jPjLxME.exe
  2⤵
  PID:4616
- C:\Windows\System\ytSPJqp.exe
  C:\Windows\System\ytSPJqp.exe
  2⤵
  PID:5136
- C:\Windows\System\UbnICCK.exe
  C:\Windows\System\UbnICCK.exe
  2⤵
  PID:6096
- C:\Windows\System\spnLoff.exe
  C:\Windows\System\spnLoff.exe
  2⤵
  PID:5308
- C:\Windows\System\xdUeeqD.exe
  C:\Windows\System\xdUeeqD.exe
  2⤵
  PID:5544
- C:\Windows\System\CemZNGm.exe
  C:\Windows\System\CemZNGm.exe
  2⤵
  PID:5252
- C:\Windows\System\oxACZtd.exe
  C:\Windows\System\oxACZtd.exe
  2⤵
  PID:5496
- C:\Windows\System\NrqJpuo.exe
  C:\Windows\System\NrqJpuo.exe
  2⤵
  PID:5140
- C:\Windows\System\UWKoStU.exe
  C:\Windows\System\UWKoStU.exe
  2⤵
  PID:5196
- C:\Windows\System\DRlfxuc.exe
  C:\Windows\System\DRlfxuc.exe
  2⤵
  PID:5248
- C:\Windows\System\WiOzTuy.exe
  C:\Windows\System\WiOzTuy.exe
  2⤵
  PID:5412
- C:\Windows\System\cNxeTEB.exe
  C:\Windows\System\cNxeTEB.exe
  2⤵
  PID:5476
- C:\Windows\System\wfbUyTY.exe
  C:\Windows\System\wfbUyTY.exe
  2⤵
  PID:5600
- C:\Windows\System\HsBadBV.exe
  C:\Windows\System\HsBadBV.exe
  2⤵
  PID:5756
- C:\Windows\System\TlxpCRv.exe
  C:\Windows\System\TlxpCRv.exe
  2⤵
  PID:5788
- C:\Windows\System\CtMIoDJ.exe
  C:\Windows\System\CtMIoDJ.exe
  2⤵
  PID:5824
- C:\Windows\System\zdelGkh.exe
  C:\Windows\System\zdelGkh.exe
  2⤵
  PID:5484
- C:\Windows\System\EJOGsKm.exe
  C:\Windows\System\EJOGsKm.exe
  2⤵
  PID:5980
- C:\Windows\System\SjoOYqc.exe
  C:\Windows\System\SjoOYqc.exe
  2⤵
  PID:5928
- C:\Windows\System\BfhsJZI.exe
  C:\Windows\System\BfhsJZI.exe
  2⤵
  PID:5892
- C:\Windows\System\WUglxNN.exe
  C:\Windows\System\WUglxNN.exe
  2⤵
  PID:4172
- C:\Windows\System\OXCGvpY.exe
  C:\Windows\System\OXCGvpY.exe
  2⤵
  PID:6092
- C:\Windows\System\KQzjSPp.exe
  C:\Windows\System\KQzjSPp.exe
  2⤵
  PID:5364
- C:\Windows\System\zsRjRcM.exe
  C:\Windows\System\zsRjRcM.exe
  2⤵
  PID:6128
- C:\Windows\System\geTDwNY.exe
  C:\Windows\System\geTDwNY.exe
  2⤵
  PID:5244
- C:\Windows\System\XXAUuxA.exe
  C:\Windows\System\XXAUuxA.exe
  2⤵
  PID:5292
- C:\Windows\System\mGyboQZ.exe
  C:\Windows\System\mGyboQZ.exe
  2⤵
  PID:5616
- C:\Windows\System\UKTDllg.exe
  C:\Windows\System\UKTDllg.exe
  2⤵
  PID:5344
- C:\Windows\System\rdsKkcS.exe
  C:\Windows\System\rdsKkcS.exe
  2⤵
  PID:5480
- C:\Windows\System\eOLzNNY.exe
  C:\Windows\System\eOLzNNY.exe
  2⤵
  PID:5580
- C:\Windows\System\hcTEKUf.exe
  C:\Windows\System\hcTEKUf.exe
  2⤵
  PID:5944
- C:\Windows\System\nDnymXF.exe
  C:\Windows\System\nDnymXF.exe
  2⤵
  PID:5872
- C:\Windows\System\WdjzNAP.exe
  C:\Windows\System\WdjzNAP.exe
  2⤵
  PID:6140
- C:\Windows\System\fXSmveK.exe
  C:\Windows\System\fXSmveK.exe
  2⤵
  PID:5896
- C:\Windows\System\PSEOxha.exe
  C:\Windows\System\PSEOxha.exe
  2⤵
  PID:5380
- C:\Windows\System\TEQytYu.exe
  C:\Windows\System\TEQytYu.exe
  2⤵
  PID:5360
- C:\Windows\System\vwSVVFk.exe
  C:\Windows\System\vwSVVFk.exe
  2⤵
  PID:5124
- C:\Windows\System\ZsIEsMt.exe
  C:\Windows\System\ZsIEsMt.exe
  2⤵
  PID:5404
- C:\Windows\System\QrWKtyi.exe
  C:\Windows\System\QrWKtyi.exe
  2⤵
  PID:5948
- C:\Windows\System\dSxsrKY.exe
  C:\Windows\System\dSxsrKY.exe
  2⤵
  PID:5532
- C:\Windows\System\FhFpqvN.exe
  C:\Windows\System\FhFpqvN.exe
  2⤵
  PID:5968
- C:\Windows\System\RnSjnza.exe
  C:\Windows\System\RnSjnza.exe
  2⤵
  PID:5780
- C:\Windows\System\MnYnjHZ.exe
  C:\Windows\System\MnYnjHZ.exe
  2⤵
  PID:5744
- C:\Windows\System\ntWHMGs.exe
  C:\Windows\System\ntWHMGs.exe
  2⤵
  PID:5804
- C:\Windows\System\XwwVdiJ.exe
  C:\Windows\System\XwwVdiJ.exe
  2⤵
  PID:5924
- C:\Windows\System\DIbsZJl.exe
  C:\Windows\System\DIbsZJl.exe
  2⤵
  PID:5148
- C:\Windows\System\TYYllxz.exe
  C:\Windows\System\TYYllxz.exe
  2⤵
  PID:5704
- C:\Windows\System\iQvZtel.exe
  C:\Windows\System\iQvZtel.exe
  2⤵
  PID:6152
- C:\Windows\System\ftJlPqz.exe
  C:\Windows\System\ftJlPqz.exe
  2⤵
  PID:6168
- C:\Windows\System\vRnWrtd.exe
  C:\Windows\System\vRnWrtd.exe
  2⤵
  PID:6224
- C:\Windows\System\tJiBGhO.exe
  C:\Windows\System\tJiBGhO.exe
  2⤵
  PID:6240
- C:\Windows\System\Pvypisq.exe
  C:\Windows\System\Pvypisq.exe
  2⤵
  PID:6256
- C:\Windows\System\VOwUXcx.exe
  C:\Windows\System\VOwUXcx.exe
  2⤵
  PID:6272
- C:\Windows\System\UpUfwVQ.exe
  C:\Windows\System\UpUfwVQ.exe
  2⤵
  PID:6304
- C:\Windows\System\mKIyosK.exe
  C:\Windows\System\mKIyosK.exe
  2⤵
  PID:6320
- C:\Windows\System\HMGmBZG.exe
  C:\Windows\System\HMGmBZG.exe
  2⤵
  PID:6336
- C:\Windows\System\pjLgmNy.exe
  C:\Windows\System\pjLgmNy.exe
  2⤵
  PID:6356
- C:\Windows\System\LAOsJrs.exe
  C:\Windows\System\LAOsJrs.exe
  2⤵
  PID:6372
- C:\Windows\System\ZnOWLau.exe
  C:\Windows\System\ZnOWLau.exe
  2⤵
  PID:6392
- C:\Windows\System\tQionDv.exe
  C:\Windows\System\tQionDv.exe
  2⤵
  PID:6428
- C:\Windows\System\BjTdCNB.exe
  C:\Windows\System\BjTdCNB.exe
  2⤵
  PID:6444
- C:\Windows\System\cKhLOno.exe
  C:\Windows\System\cKhLOno.exe
  2⤵
  PID:6464
- C:\Windows\System\EDwgLiE.exe
  C:\Windows\System\EDwgLiE.exe
  2⤵
  PID:6484
- C:\Windows\System\ImCUbTN.exe
  C:\Windows\System\ImCUbTN.exe
  2⤵
  PID:6504
- C:\Windows\System\PKzVyxc.exe
  C:\Windows\System\PKzVyxc.exe
  2⤵
  PID:6524
- C:\Windows\System\GJmkffn.exe
  C:\Windows\System\GJmkffn.exe
  2⤵
  PID:6540
- C:\Windows\System\DsoauLq.exe
  C:\Windows\System\DsoauLq.exe
  2⤵
  PID:6560
- C:\Windows\System\ajXxucW.exe
  C:\Windows\System\ajXxucW.exe
  2⤵
  PID:6584
- C:\Windows\System\tgEhNMy.exe
  C:\Windows\System\tgEhNMy.exe
  2⤵
  PID:6600
- C:\Windows\System\NPwcECO.exe
  C:\Windows\System\NPwcECO.exe
  2⤵
  PID:6616
- C:\Windows\System\oxDdykj.exe
  C:\Windows\System\oxDdykj.exe
  2⤵
  PID:6632
- C:\Windows\System\MpXrvof.exe
  C:\Windows\System\MpXrvof.exe
  2⤵
  PID:6648
- C:\Windows\System\krMlABS.exe
  C:\Windows\System\krMlABS.exe
  2⤵
  PID:6664
- C:\Windows\System\tUnQcGV.exe
  C:\Windows\System\tUnQcGV.exe
  2⤵
  PID:6680
- C:\Windows\System\aLTZOop.exe
  C:\Windows\System\aLTZOop.exe
  2⤵
  PID:6696
- C:\Windows\System\pPuLiOB.exe
  C:\Windows\System\pPuLiOB.exe
  2⤵
  PID:6712
- C:\Windows\System\QBMXAZt.exe
  C:\Windows\System\QBMXAZt.exe
  2⤵
  PID:6728
- C:\Windows\System\EtoAdxu.exe
  C:\Windows\System\EtoAdxu.exe
  2⤵
  PID:6760
- C:\Windows\System\iXchcAe.exe
  C:\Windows\System\iXchcAe.exe
  2⤵
  PID:6784
- C:\Windows\System\lutCrCk.exe
  C:\Windows\System\lutCrCk.exe
  2⤵
  PID:6808
- C:\Windows\System\tRWmysh.exe
  C:\Windows\System\tRWmysh.exe
  2⤵
  PID:6828
- C:\Windows\System\iORgSOR.exe
  C:\Windows\System\iORgSOR.exe
  2⤵
  PID:6848
- C:\Windows\System\cvBEoBJ.exe
  C:\Windows\System\cvBEoBJ.exe
  2⤵
  PID:6864
- C:\Windows\System\XYFInvv.exe
  C:\Windows\System\XYFInvv.exe
  2⤵
  PID:6888
- C:\Windows\System\pHsVAZx.exe
  C:\Windows\System\pHsVAZx.exe
  2⤵
  PID:6904
- C:\Windows\System\OiPuBRw.exe
  C:\Windows\System\OiPuBRw.exe
  2⤵
  PID:6932
- C:\Windows\System\BAqGDtc.exe
  C:\Windows\System\BAqGDtc.exe
  2⤵
  PID:6948
- C:\Windows\System\ktVfGcK.exe
  C:\Windows\System\ktVfGcK.exe
  2⤵
  PID:6964
- C:\Windows\System\hDEdJot.exe
  C:\Windows\System\hDEdJot.exe
  2⤵
  PID:6980
- C:\Windows\System\wHDLtNv.exe
  C:\Windows\System\wHDLtNv.exe
  2⤵
  PID:6996
- C:\Windows\System\SRsRQIK.exe
  C:\Windows\System\SRsRQIK.exe
  2⤵
  PID:7016
- C:\Windows\System\LisOzHc.exe
  C:\Windows\System\LisOzHc.exe
  2⤵
  PID:7032
- C:\Windows\System\JSgBJvW.exe
  C:\Windows\System\JSgBJvW.exe
  2⤵
  PID:7048
- C:\Windows\System\vxzEhPi.exe
  C:\Windows\System\vxzEhPi.exe
  2⤵
  PID:7064
- C:\Windows\System\PTfVBvT.exe
  C:\Windows\System\PTfVBvT.exe
  2⤵
  PID:7080
- C:\Windows\System\yFlvTWC.exe
  C:\Windows\System\yFlvTWC.exe
  2⤵
  PID:7096
- C:\Windows\System\wJofWCR.exe
  C:\Windows\System\wJofWCR.exe
  2⤵
  PID:7112
- C:\Windows\System\KCEGdev.exe
  C:\Windows\System\KCEGdev.exe
  2⤵
  PID:7128
- C:\Windows\System\OLwljSy.exe
  C:\Windows\System\OLwljSy.exe
  2⤵
  PID:7144
- C:\Windows\System\pxDHZaE.exe
  C:\Windows\System\pxDHZaE.exe
  2⤵
  PID:7160
- C:\Windows\System\CKEnRrC.exe
  C:\Windows\System\CKEnRrC.exe
  2⤵
  PID:5596
- C:\Windows\System\OnDguam.exe
  C:\Windows\System\OnDguam.exe
  2⤵
  PID:6192
- C:\Windows\System\zRKXaRk.exe
  C:\Windows\System\zRKXaRk.exe
  2⤵
  PID:6204
- C:\Windows\System\qIKynZX.exe
  C:\Windows\System\qIKynZX.exe
  2⤵
  PID:5800
- C:\Windows\System\QqCSijr.exe
  C:\Windows\System\QqCSijr.exe
  2⤵
  PID:5040
- C:\Windows\System\gBUVcYk.exe
  C:\Windows\System\gBUVcYk.exe
  2⤵
  PID:6076
- C:\Windows\System\PllOpnj.exe
  C:\Windows\System\PllOpnj.exe
  2⤵
  PID:6216
- C:\Windows\System\KAbZLDC.exe
  C:\Windows\System\KAbZLDC.exe
  2⤵
  PID:5180
- C:\Windows\System\JtVCmxO.exe
  C:\Windows\System\JtVCmxO.exe
  2⤵
  PID:6292
- C:\Windows\System\oktabGy.exe
  C:\Windows\System\oktabGy.exe
  2⤵
  PID:6332
- C:\Windows\System\QCHNiqG.exe
  C:\Windows\System\QCHNiqG.exe
  2⤵
  PID:6268
- C:\Windows\System\YGeWUcG.exe
  C:\Windows\System\YGeWUcG.exe
  2⤵
  PID:6400
- C:\Windows\System\QaBzeRJ.exe
  C:\Windows\System\QaBzeRJ.exe
  2⤵
  PID:4728
- C:\Windows\System\FMQXBQC.exe
  C:\Windows\System\FMQXBQC.exe
  2⤵
  PID:6352
- C:\Windows\System\UMXSbEz.exe
  C:\Windows\System\UMXSbEz.exe
  2⤵
  PID:5996
- C:\Windows\System\sXlBmTt.exe
  C:\Windows\System\sXlBmTt.exe
  2⤵
  PID:6456
- C:\Windows\System\bfGyaog.exe
  C:\Windows\System\bfGyaog.exe
  2⤵
  PID:6500
- C:\Windows\System\XVrMxyd.exe
  C:\Windows\System\XVrMxyd.exe
  2⤵
  PID:6568
- C:\Windows\System\obhzpFc.exe
  C:\Windows\System\obhzpFc.exe
  2⤵
  PID:6612
- C:\Windows\System\KptXHrR.exe
  C:\Windows\System\KptXHrR.exe
  2⤵
  PID:6556
- C:\Windows\System\KPqhUUX.exe
  C:\Windows\System\KPqhUUX.exe
  2⤵
  PID:6472
- C:\Windows\System\eoBnCgH.exe
  C:\Windows\System\eoBnCgH.exe
  2⤵
  PID:6520
- C:\Windows\System\LwhheFZ.exe
  C:\Windows\System\LwhheFZ.exe
  2⤵
  PID:6708
- C:\Windows\System\DUTxEDk.exe
  C:\Windows\System\DUTxEDk.exe
  2⤵
  PID:6592
- C:\Windows\System\FbTkcKu.exe
  C:\Windows\System\FbTkcKu.exe
  2⤵
  PID:6692
- C:\Windows\System\pIrETgK.exe
  C:\Windows\System\pIrETgK.exe
  2⤵
  PID:6756
- C:\Windows\System\YyMtwKB.exe
  C:\Windows\System\YyMtwKB.exe
  2⤵
  PID:6800
- C:\Windows\System\reKvftM.exe
  C:\Windows\System\reKvftM.exe
  2⤵
  PID:6872
- C:\Windows\System\onBXVVU.exe
  C:\Windows\System\onBXVVU.exe
  2⤵
  PID:6912
- C:\Windows\System\YSFvinH.exe
  C:\Windows\System\YSFvinH.exe
  2⤵
  PID:6960
- C:\Windows\System\kPvtRJy.exe
  C:\Windows\System\kPvtRJy.exe
  2⤵
  PID:6816
- C:\Windows\System\RPEpXmo.exe
  C:\Windows\System\RPEpXmo.exe
  2⤵
  PID:6860
- C:\Windows\System\gUMyJcr.exe
  C:\Windows\System\gUMyJcr.exe
  2⤵
  PID:7024
- C:\Windows\System\wrcFWFh.exe
  C:\Windows\System\wrcFWFh.exe
  2⤵
  PID:6972
- C:\Windows\System\DsBVQaM.exe
  C:\Windows\System\DsBVQaM.exe
  2⤵
  PID:7040
- C:\Windows\System\jLQliVo.exe
  C:\Windows\System\jLQliVo.exe
  2⤵
  PID:7044
- C:\Windows\System\oOAxWBA.exe
  C:\Windows\System\oOAxWBA.exe
  2⤵
  PID:7120
- C:\Windows\System\JHRWLZD.exe
  C:\Windows\System\JHRWLZD.exe
  2⤵
  PID:7124
- C:\Windows\System\CllqEqV.exe
  C:\Windows\System\CllqEqV.exe
  2⤵
  PID:6188
- C:\Windows\System\aftrksk.exe
  C:\Windows\System\aftrksk.exe
  2⤵
  PID:6024
- C:\Windows\System\IapIGoX.exe
  C:\Windows\System\IapIGoX.exe
  2⤵
  PID:5332
- C:\Windows\System\SReJzGf.exe
  C:\Windows\System\SReJzGf.exe
  2⤵
  PID:6284
- C:\Windows\System\Mhuxkmj.exe
  C:\Windows\System\Mhuxkmj.exe
  2⤵
  PID:6160
- C:\Windows\System\SSFSbnQ.exe
  C:\Windows\System\SSFSbnQ.exe
  2⤵
  PID:6316
- C:\Windows\System\kUXNQJN.exe
  C:\Windows\System\kUXNQJN.exe
  2⤵
  PID:6288
- C:\Windows\System\HzYHoRR.exe
  C:\Windows\System\HzYHoRR.exe
  2⤵
  PID:6264
- C:\Windows\System\oBBcvka.exe
  C:\Windows\System\oBBcvka.exe
  2⤵
  PID:6640
- C:\Windows\System\ADLzTum.exe
  C:\Windows\System\ADLzTum.exe
  2⤵
  PID:6532
- C:\Windows\System\euPCKQK.exe
  C:\Windows\System\euPCKQK.exe
  2⤵
  PID:6516
- C:\Windows\System\LzCyJxH.exe
  C:\Windows\System\LzCyJxH.exe
  2⤵
  PID:6436
- C:\Windows\System\ubkGEFh.exe
  C:\Windows\System\ubkGEFh.exe
  2⤵
  PID:6688
- C:\Windows\System\AiwteyG.exe
  C:\Windows\System\AiwteyG.exe
  2⤵
  PID:6840
- C:\Windows\System\qPymrGu.exe
  C:\Windows\System\qPymrGu.exe
  2⤵
  PID:6796
- C:\Windows\System\sXSCQbq.exe
  C:\Windows\System\sXSCQbq.exe
  2⤵
  PID:6880
- C:\Windows\System\OXoyCcb.exe
  C:\Windows\System\OXoyCcb.exe
  2⤵
  PID:6856
- C:\Windows\System\LvaEUyQ.exe
  C:\Windows\System\LvaEUyQ.exe
  2⤵
  PID:7004
- C:\Windows\System\auoutBU.exe
  C:\Windows\System\auoutBU.exe
  2⤵
  PID:7136
- C:\Windows\System\sbpcvAk.exe
  C:\Windows\System\sbpcvAk.exe
  2⤵
  PID:7088
- C:\Windows\System\dPqbVdd.exe
  C:\Windows\System\dPqbVdd.exe
  2⤵
  PID:6164
- C:\Windows\System\QsQQoTp.exe
  C:\Windows\System\QsQQoTp.exe
  2⤵
  PID:6232
- C:\Windows\System\TPTGdJT.exe
  C:\Windows\System\TPTGdJT.exe
  2⤵
  PID:6344
- C:\Windows\System\UWxLZly.exe
  C:\Windows\System\UWxLZly.exe
  2⤵
  PID:6412
- C:\Windows\System\fBeOLwu.exe
  C:\Windows\System\fBeOLwu.exe
  2⤵
  PID:6676
- C:\Windows\System\gZXfTze.exe
  C:\Windows\System\gZXfTze.exe
  2⤵
  PID:6480
- C:\Windows\System\tblmpeW.exe
  C:\Windows\System\tblmpeW.exe
  2⤵
  PID:6280
- C:\Windows\System\nQDTfUX.exe
  C:\Windows\System\nQDTfUX.exe
  2⤵
  PID:7156
- C:\Windows\System\ZDnCkpv.exe
  C:\Windows\System\ZDnCkpv.exe
  2⤵
  PID:7172
- C:\Windows\System\umqhIjM.exe
  C:\Windows\System\umqhIjM.exe
  2⤵
  PID:7188
- C:\Windows\System\NAZawnZ.exe
  C:\Windows\System\NAZawnZ.exe
  2⤵
  PID:7204
- C:\Windows\System\iAiAxIr.exe
  C:\Windows\System\iAiAxIr.exe
  2⤵
  PID:7220
- C:\Windows\System\NAItDTI.exe
  C:\Windows\System\NAItDTI.exe
  2⤵
  PID:7236
- C:\Windows\System\ednjJXP.exe
  C:\Windows\System\ednjJXP.exe
  2⤵
  PID:7252
- C:\Windows\System\NDtfHuZ.exe
  C:\Windows\System\NDtfHuZ.exe
  2⤵
  PID:7268
- C:\Windows\System\aipqnKv.exe
  C:\Windows\System\aipqnKv.exe
  2⤵
  PID:7284
- C:\Windows\System\zZJSUZs.exe
  C:\Windows\System\zZJSUZs.exe
  2⤵
  PID:7300
- C:\Windows\System\NJYIxrl.exe
  C:\Windows\System\NJYIxrl.exe
  2⤵
  PID:7316
- C:\Windows\System\NCHQzMn.exe
  C:\Windows\System\NCHQzMn.exe
  2⤵
  PID:7332
- C:\Windows\System\lndEDRB.exe
  C:\Windows\System\lndEDRB.exe
  2⤵
  PID:7348
- C:\Windows\System\nFlnkqQ.exe
  C:\Windows\System\nFlnkqQ.exe
  2⤵
  PID:7364
- C:\Windows\System\rNpMQZv.exe
  C:\Windows\System\rNpMQZv.exe
  2⤵
  PID:7380
- C:\Windows\System\YZzFFyo.exe
  C:\Windows\System\YZzFFyo.exe
  2⤵
  PID:7396
- C:\Windows\System\rDzNIUp.exe
  C:\Windows\System\rDzNIUp.exe
  2⤵
  PID:7412
- C:\Windows\System\UtxanNk.exe
  C:\Windows\System\UtxanNk.exe
  2⤵
  PID:7432
- C:\Windows\System\HqxmCOO.exe
  C:\Windows\System\HqxmCOO.exe
  2⤵
  PID:7448
- C:\Windows\System\TSPaEPM.exe
  C:\Windows\System\TSPaEPM.exe
  2⤵
  PID:7464
- C:\Windows\System\gkswgDo.exe
  C:\Windows\System\gkswgDo.exe
  2⤵
  PID:7480
- C:\Windows\System\qrlcMnE.exe
  C:\Windows\System\qrlcMnE.exe
  2⤵
  PID:7496
- C:\Windows\System\lLCgdzK.exe
  C:\Windows\System\lLCgdzK.exe
  2⤵
  PID:7512
- C:\Windows\System\vsDRzQM.exe
  C:\Windows\System\vsDRzQM.exe
  2⤵
  PID:7528
- C:\Windows\System\CBAfjus.exe
  C:\Windows\System\CBAfjus.exe
  2⤵
  PID:7544
- C:\Windows\System\KVKIOck.exe
  C:\Windows\System\KVKIOck.exe
  2⤵
  PID:7560
- C:\Windows\System\UTqbFhO.exe
  C:\Windows\System\UTqbFhO.exe
  2⤵
  PID:7576
- C:\Windows\System\uStsAKf.exe
  C:\Windows\System\uStsAKf.exe
  2⤵
  PID:7592
- C:\Windows\System\xwsyelM.exe
  C:\Windows\System\xwsyelM.exe
  2⤵
  PID:7608
- C:\Windows\System\ABsmrLa.exe
  C:\Windows\System\ABsmrLa.exe
  2⤵
  PID:7624
- C:\Windows\System\AaHlvjF.exe
  C:\Windows\System\AaHlvjF.exe
  2⤵
  PID:7640
- C:\Windows\System\xLnDVja.exe
  C:\Windows\System\xLnDVja.exe
  2⤵
  PID:7656
- C:\Windows\System\LJlmyFj.exe
  C:\Windows\System\LJlmyFj.exe
  2⤵
  PID:7672
- C:\Windows\System\QQnCvqm.exe
  C:\Windows\System\QQnCvqm.exe
  2⤵
  PID:7688
- C:\Windows\System\ztwdJwa.exe
  C:\Windows\System\ztwdJwa.exe
  2⤵
  PID:7704
- C:\Windows\System\sLZweRy.exe
  C:\Windows\System\sLZweRy.exe
  2⤵
  PID:7720
- C:\Windows\System\lyrqHeU.exe
  C:\Windows\System\lyrqHeU.exe
  2⤵
  PID:7736
- C:\Windows\System\TKgflIA.exe
  C:\Windows\System\TKgflIA.exe
  2⤵
  PID:7752
- C:\Windows\System\UVhOVPY.exe
  C:\Windows\System\UVhOVPY.exe
  2⤵
  PID:7768
- C:\Windows\System\qwqLWyD.exe
  C:\Windows\System\qwqLWyD.exe
  2⤵
  PID:7796
- C:\Windows\System\cuolJvH.exe
  C:\Windows\System\cuolJvH.exe
  2⤵
  PID:7812
- C:\Windows\System\ckYjMKZ.exe
  C:\Windows\System\ckYjMKZ.exe
  2⤵
  PID:7832
- C:\Windows\System\eThGMiS.exe
  C:\Windows\System\eThGMiS.exe
  2⤵
  PID:7848
- C:\Windows\System\oVWkpFA.exe
  C:\Windows\System\oVWkpFA.exe
  2⤵
  PID:7864
- C:\Windows\System\zMnbXVW.exe
  C:\Windows\System\zMnbXVW.exe
  2⤵
  PID:7884
- C:\Windows\System\TVSgpnz.exe
  C:\Windows\System\TVSgpnz.exe
  2⤵
  PID:7900
- C:\Windows\System\jgKyHth.exe
  C:\Windows\System\jgKyHth.exe
  2⤵
  PID:7916
- C:\Windows\System\OmScmlJ.exe
  C:\Windows\System\OmScmlJ.exe
  2⤵
  PID:7932
- C:\Windows\System\ZyPUAph.exe
  C:\Windows\System\ZyPUAph.exe
  2⤵
  PID:7948
- C:\Windows\System\uPenuEM.exe
  C:\Windows\System\uPenuEM.exe
  2⤵
  PID:7964
- C:\Windows\System\jznEoqw.exe
  C:\Windows\System\jznEoqw.exe
  2⤵
  PID:7980
- C:\Windows\System\kdSiBhr.exe
  C:\Windows\System\kdSiBhr.exe
  2⤵
  PID:7996
- C:\Windows\System\HnwTlAQ.exe
  C:\Windows\System\HnwTlAQ.exe
  2⤵
  PID:8012
- C:\Windows\System\fIpCbcI.exe
  C:\Windows\System\fIpCbcI.exe
  2⤵
  PID:8028
- C:\Windows\System\brWFzor.exe
  C:\Windows\System\brWFzor.exe
  2⤵
  PID:8044
- C:\Windows\System\ZnHzvoT.exe
  C:\Windows\System\ZnHzvoT.exe
  2⤵
  PID:8060
- C:\Windows\System\xDUXcWx.exe
  C:\Windows\System\xDUXcWx.exe
  2⤵
  PID:8076
- C:\Windows\System\NmtvJQt.exe
  C:\Windows\System\NmtvJQt.exe
  2⤵
  PID:8092
- C:\Windows\System\sTBzeTl.exe
  C:\Windows\System\sTBzeTl.exe
  2⤵
  PID:8108
- C:\Windows\System\vcXdyoF.exe
  C:\Windows\System\vcXdyoF.exe
  2⤵
  PID:8124
- C:\Windows\System\NpelNuO.exe
  C:\Windows\System\NpelNuO.exe
  2⤵
  PID:8140
- C:\Windows\System\YCCjCGO.exe
  C:\Windows\System\YCCjCGO.exe
  2⤵
  PID:8156
- C:\Windows\System\gCFaAxL.exe
  C:\Windows\System\gCFaAxL.exe
  2⤵
  PID:8172
- C:\Windows\System\VAmGpTv.exe
  C:\Windows\System\VAmGpTv.exe
  2⤵
  PID:8188
- C:\Windows\System\ZGlSeaj.exe
  C:\Windows\System\ZGlSeaj.exe
  2⤵
  PID:7180
- C:\Windows\System\BZjJzUk.exe
  C:\Windows\System\BZjJzUk.exe
  2⤵
  PID:7244
- C:\Windows\System\sQSJOfr.exe
  C:\Windows\System\sQSJOfr.exe
  2⤵
  PID:7308
- C:\Windows\System\mcdUBrL.exe
  C:\Windows\System\mcdUBrL.exe
  2⤵
  PID:6724
- C:\Windows\System\KDsYAug.exe
  C:\Windows\System\KDsYAug.exe
  2⤵
  PID:7372
- C:\Windows\System\YylzqTY.exe
  C:\Windows\System\YylzqTY.exe
  2⤵
  PID:6780
- C:\Windows\System\OgUENzx.exe
  C:\Windows\System\OgUENzx.exe
  2⤵
  PID:5684
- C:\Windows\System\RFuiIti.exe
  C:\Windows\System\RFuiIti.exe
  2⤵
  PID:7404
- C:\Windows\System\hXrKtfb.exe
  C:\Windows\System\hXrKtfb.exe
  2⤵
  PID:6416
- C:\Windows\System\QnCEuhT.exe
  C:\Windows\System\QnCEuhT.exe
  2⤵
  PID:6624
- C:\Windows\System\IUKkZty.exe
  C:\Windows\System\IUKkZty.exe
  2⤵
  PID:7232
- C:\Windows\System\HEjdgOU.exe
  C:\Windows\System\HEjdgOU.exe
  2⤵
  PID:7324
- C:\Windows\System\caWOKgV.exe
  C:\Windows\System\caWOKgV.exe
  2⤵
  PID:7388
- C:\Windows\System\oMFmqew.exe
  C:\Windows\System\oMFmqew.exe
  2⤵
  PID:7424
- C:\Windows\System\JJPWgQG.exe
  C:\Windows\System\JJPWgQG.exe
  2⤵
  PID:7504
- C:\Windows\System\baAiReK.exe
  C:\Windows\System\baAiReK.exe
  2⤵
  PID:7568
- C:\Windows\System\fsUCrae.exe
  C:\Windows\System\fsUCrae.exe
  2⤵
  PID:7456
- C:\Windows\System\THxaNep.exe
  C:\Windows\System\THxaNep.exe
  2⤵
  PID:7520
- C:\Windows\System\TrAZWvw.exe
  C:\Windows\System\TrAZWvw.exe
  2⤵
  PID:7632
- C:\Windows\System\JPyhnaQ.exe
  C:\Windows\System\JPyhnaQ.exe
  2⤵
  PID:7696
- C:\Windows\System\IwfpChG.exe
  C:\Windows\System\IwfpChG.exe
  2⤵
  PID:7620
- C:\Windows\System\iIzlgNz.exe
  C:\Windows\System\iIzlgNz.exe
  2⤵
  PID:7732
- C:\Windows\System\bPrXrAL.exe
  C:\Windows\System\bPrXrAL.exe
  2⤵
  PID:7680
- C:\Windows\System\oZejzcF.exe
  C:\Windows\System\oZejzcF.exe
  2⤵
  PID:7712
- C:\Windows\System\wsJGZwh.exe
  C:\Windows\System\wsJGZwh.exe
  2⤵
  PID:7428
- C:\Windows\System\wRlMZcE.exe
  C:\Windows\System\wRlMZcE.exe
  2⤵
  PID:7808
- C:\Windows\System\IUidbst.exe
  C:\Windows\System\IUidbst.exe
  2⤵
  PID:7872
- C:\Windows\System\okepZbb.exe
  C:\Windows\System\okepZbb.exe
  2⤵
  PID:7912
- C:\Windows\System\hhzjeJf.exe
  C:\Windows\System\hhzjeJf.exe
  2⤵
  PID:7896
- C:\Windows\System\ZZvWslx.exe
  C:\Windows\System\ZZvWslx.exe
  2⤵
  PID:7972
- C:\Windows\System\kWkXBJS.exe
  C:\Windows\System\kWkXBJS.exe
  2⤵
  PID:8036
- C:\Windows\System\NDiiCDa.exe
  C:\Windows\System\NDiiCDa.exe
  2⤵
  PID:7928
- C:\Windows\System\bBEuFpW.exe
  C:\Windows\System\bBEuFpW.exe
  2⤵
  PID:7956
- C:\Windows\System\YYVwCcW.exe
  C:\Windows\System\YYVwCcW.exe
  2⤵
  PID:8072
- C:\Windows\System\HDMGFtl.exe
  C:\Windows\System\HDMGFtl.exe
  2⤵
  PID:8104
- C:\Windows\System\WLcKkVz.exe
  C:\Windows\System\WLcKkVz.exe
  2⤵
  PID:8084
- C:\Windows\System\mFAWHFJ.exe
  C:\Windows\System\mFAWHFJ.exe
  2⤵
  PID:6200
- C:\Windows\System\JwWiQfW.exe
  C:\Windows\System\JwWiQfW.exe
  2⤵
  PID:6928
- C:\Windows\System\zFERsxm.exe
  C:\Windows\System\zFERsxm.exe
  2⤵
  PID:8148
- C:\Windows\System\OumyuON.exe
  C:\Windows\System\OumyuON.exe
  2⤵
  PID:7212
- C:\Windows\System\HpFlgLf.exe
  C:\Windows\System\HpFlgLf.exe
  2⤵
  PID:7344
- C:\Windows\System\buVikYp.exe
  C:\Windows\System\buVikYp.exe
  2⤵
  PID:6552
- C:\Windows\System\MIBoxDy.exe
  C:\Windows\System\MIBoxDy.exe
  2⤵
  PID:7376
- C:\Windows\System\gomuwmf.exe
  C:\Windows\System\gomuwmf.exe
  2⤵
  PID:7476
- C:\Windows\System\hBOYiHR.exe
  C:\Windows\System\hBOYiHR.exe
  2⤵
  PID:7540
- C:\Windows\System\onxgRCr.exe
  C:\Windows\System\onxgRCr.exe
  2⤵
  PID:7296
- C:\Windows\System\KTnrwnz.exe
  C:\Windows\System\KTnrwnz.exe
  2⤵
  PID:7488
- C:\Windows\System\pZRDmgO.exe
  C:\Windows\System\pZRDmgO.exe
  2⤵
  PID:7492
- C:\Windows\System\roxKRBr.exe
  C:\Windows\System\roxKRBr.exe
  2⤵
  PID:7648
- C:\Windows\System\sPUuMss.exe
  C:\Windows\System\sPUuMss.exe
  2⤵
  PID:7776
- C:\Windows\System\sBOQetj.exe
  C:\Windows\System\sBOQetj.exe
  2⤵
  PID:7784
- C:\Windows\System\fZzBZwn.exe
  C:\Windows\System\fZzBZwn.exe
  2⤵
  PID:7828
- C:\Windows\System\lrXpZKX.exe
  C:\Windows\System\lrXpZKX.exe
  2⤵
  PID:8056
- C:\Windows\System\BWwBzBJ.exe
  C:\Windows\System\BWwBzBJ.exe
  2⤵
  PID:8164
- C:\Windows\System\IMPxdPe.exe
  C:\Windows\System\IMPxdPe.exe
  2⤵
  PID:8024
- C:\Windows\System\AEiyRhM.exe
  C:\Windows\System\AEiyRhM.exe
  2⤵
  PID:7940
- C:\Windows\System\XhQhbku.exe
  C:\Windows\System\XhQhbku.exe
  2⤵
  PID:7992
- C:\Windows\System\XGHnNtS.exe
  C:\Windows\System\XGHnNtS.exe
  2⤵
  PID:7108
- C:\Windows\System\YiPfoQj.exe
  C:\Windows\System\YiPfoQj.exe
  2⤵
  PID:8184
- C:\Windows\System\biRjTnW.exe
  C:\Windows\System\biRjTnW.exe
  2⤵
  PID:7356
- C:\Windows\System\AsWgRFz.exe
  C:\Windows\System\AsWgRFz.exe
  2⤵
  PID:7472
- C:\Windows\System\VxTXYIV.exe
  C:\Windows\System\VxTXYIV.exe
  2⤵
  PID:6492
- C:\Windows\System\kukprHQ.exe
  C:\Windows\System\kukprHQ.exe
  2⤵
  PID:8180
- C:\Windows\System\xqHcrri.exe
  C:\Windows\System\xqHcrri.exe
  2⤵
  PID:7588
- C:\Windows\System\jztzcgf.exe
  C:\Windows\System\jztzcgf.exe
  2⤵
  PID:7880
- C:\Windows\System\hXumXFP.exe
  C:\Windows\System\hXumXFP.exe
  2⤵
  PID:7340
- C:\Windows\System\FGeDMpM.exe
  C:\Windows\System\FGeDMpM.exe
  2⤵
  PID:8136
- C:\Windows\System\QPfGBrs.exe
  C:\Windows\System\QPfGBrs.exe
  2⤵
  PID:7420
- C:\Windows\System\RShZquP.exe
  C:\Windows\System\RShZquP.exe
  2⤵
  PID:7668
- C:\Windows\System\gJrAhfF.exe
  C:\Windows\System\gJrAhfF.exe
  2⤵
  PID:7264
- C:\Windows\System\rBbgHYN.exe
  C:\Windows\System\rBbgHYN.exe
  2⤵
  PID:7788
- C:\Windows\System\OfKeiSk.exe
  C:\Windows\System\OfKeiSk.exe
  2⤵
  PID:8200
- C:\Windows\System\EFGpeIz.exe
  C:\Windows\System\EFGpeIz.exe
  2⤵
  PID:8216
- C:\Windows\System\kOoQNED.exe
  C:\Windows\System\kOoQNED.exe
  2⤵
  PID:8232
- C:\Windows\System\WTLYTFk.exe
  C:\Windows\System\WTLYTFk.exe
  2⤵
  PID:8248
- C:\Windows\System\KEwsvNx.exe
  C:\Windows\System\KEwsvNx.exe
  2⤵
  PID:8264
- C:\Windows\System\KeiqGiD.exe
  C:\Windows\System\KeiqGiD.exe
  2⤵
  PID:8280
- C:\Windows\System\UWHdMlg.exe
  C:\Windows\System\UWHdMlg.exe
  2⤵
  PID:8296
- C:\Windows\System\ZzrbnXE.exe
  C:\Windows\System\ZzrbnXE.exe
  2⤵
  PID:8312
- C:\Windows\System\poprdAt.exe
  C:\Windows\System\poprdAt.exe
  2⤵
  PID:8328
- C:\Windows\System\vKnBjpm.exe
  C:\Windows\System\vKnBjpm.exe
  2⤵
  PID:8344
- C:\Windows\System\pRQLrZM.exe
  C:\Windows\System\pRQLrZM.exe
  2⤵
  PID:8360
- C:\Windows\System\ZYmiWjQ.exe
  C:\Windows\System\ZYmiWjQ.exe
  2⤵
  PID:8376
- C:\Windows\System\kWuIcFk.exe
  C:\Windows\System\kWuIcFk.exe
  2⤵
  PID:8392
- C:\Windows\System\iUZzlUj.exe
  C:\Windows\System\iUZzlUj.exe
  2⤵
  PID:8408
- C:\Windows\System\GMjuvbF.exe
  C:\Windows\System\GMjuvbF.exe
  2⤵
  PID:8424
- C:\Windows\System\iOFcolD.exe
  C:\Windows\System\iOFcolD.exe
  2⤵
  PID:8440
- C:\Windows\System\EBxSTXq.exe
  C:\Windows\System\EBxSTXq.exe
  2⤵
  PID:8456
- C:\Windows\System\PVxASKx.exe
  C:\Windows\System\PVxASKx.exe
  2⤵
  PID:8472
- C:\Windows\System\rtXYsPq.exe
  C:\Windows\System\rtXYsPq.exe
  2⤵
  PID:8488
- C:\Windows\System\jhBXlAe.exe
  C:\Windows\System\jhBXlAe.exe
  2⤵
  PID:8504
- C:\Windows\System\qXkgQXd.exe
  C:\Windows\System\qXkgQXd.exe
  2⤵
  PID:8520
- C:\Windows\System\MmRpjXr.exe
  C:\Windows\System\MmRpjXr.exe
  2⤵
  PID:8536
- C:\Windows\System\fefybgs.exe
  C:\Windows\System\fefybgs.exe
  2⤵
  PID:8552
- C:\Windows\System\NtelGbT.exe
  C:\Windows\System\NtelGbT.exe
  2⤵
  PID:8568
- C:\Windows\System\oOZGwiE.exe
  C:\Windows\System\oOZGwiE.exe
  2⤵
  PID:8584
- C:\Windows\System\gvcRyqI.exe
  C:\Windows\System\gvcRyqI.exe
  2⤵
  PID:8600
- C:\Windows\System\nkLzyAU.exe
  C:\Windows\System\nkLzyAU.exe
  2⤵
  PID:8616
- C:\Windows\System\dRfsFgK.exe
  C:\Windows\System\dRfsFgK.exe
  2⤵
  PID:8632
- C:\Windows\System\oUxUVdg.exe
  C:\Windows\System\oUxUVdg.exe
  2⤵
  PID:8652
- C:\Windows\System\XglItKF.exe
  C:\Windows\System\XglItKF.exe
  2⤵
  PID:8668
- C:\Windows\System\PBpNRBo.exe
  C:\Windows\System\PBpNRBo.exe
  2⤵
  PID:8684
- C:\Windows\System\jTfeqUZ.exe
  C:\Windows\System\jTfeqUZ.exe
  2⤵
  PID:8700
- C:\Windows\System\VopaKEg.exe
  C:\Windows\System\VopaKEg.exe
  2⤵
  PID:8716
- C:\Windows\System\TXiUXsL.exe
  C:\Windows\System\TXiUXsL.exe
  2⤵
  PID:8732
- C:\Windows\System\RdmOlYe.exe
  C:\Windows\System\RdmOlYe.exe
  2⤵
  PID:8748
- C:\Windows\System\pdgrXCH.exe
  C:\Windows\System\pdgrXCH.exe
  2⤵
  PID:8764
- C:\Windows\System\tBFDzba.exe
  C:\Windows\System\tBFDzba.exe
  2⤵
  PID:8780
- C:\Windows\System\ajkqiQa.exe
  C:\Windows\System\ajkqiQa.exe
  2⤵
  PID:8796
- C:\Windows\System\hwFSIdD.exe
  C:\Windows\System\hwFSIdD.exe
  2⤵
  PID:8812
- C:\Windows\System\iIqsBqE.exe
  C:\Windows\System\iIqsBqE.exe
  2⤵
  PID:8828
- C:\Windows\System\upMTzlM.exe
  C:\Windows\System\upMTzlM.exe
  2⤵
  PID:8844
- C:\Windows\System\WnxXtpB.exe
  C:\Windows\System\WnxXtpB.exe
  2⤵
  PID:8860
- C:\Windows\System\WjdJPPK.exe
  C:\Windows\System\WjdJPPK.exe
  2⤵
  PID:8876
- C:\Windows\System\POQqAeH.exe
  C:\Windows\System\POQqAeH.exe
  2⤵
  PID:8892
- C:\Windows\System\SLqfwsD.exe
  C:\Windows\System\SLqfwsD.exe
  2⤵
  PID:8908
- C:\Windows\System\VDcQDnM.exe
  C:\Windows\System\VDcQDnM.exe
  2⤵
  PID:8924
- C:\Windows\System\fmoIxFx.exe
  C:\Windows\System\fmoIxFx.exe
  2⤵
  PID:8940
- C:\Windows\System\yYuQKBA.exe
  C:\Windows\System\yYuQKBA.exe
  2⤵
  PID:8960
- C:\Windows\System\JFptrVv.exe
  C:\Windows\System\JFptrVv.exe
  2⤵
  PID:8976
- C:\Windows\System\atHLWij.exe
  C:\Windows\System\atHLWij.exe
  2⤵
  PID:8992
- C:\Windows\System\suRYLJd.exe
  C:\Windows\System\suRYLJd.exe
  2⤵
  PID:9008
- C:\Windows\System\JNgtjku.exe
  C:\Windows\System\JNgtjku.exe
  2⤵
  PID:9024
- C:\Windows\System\YzEIhZq.exe
  C:\Windows\System\YzEIhZq.exe
  2⤵
  PID:9040
- C:\Windows\System\ZkeRqyj.exe
  C:\Windows\System\ZkeRqyj.exe
  2⤵
  PID:9056
- C:\Windows\System\jmOugnb.exe
  C:\Windows\System\jmOugnb.exe
  2⤵
  PID:9072
- C:\Windows\System\hAdCZJN.exe
  C:\Windows\System\hAdCZJN.exe
  2⤵
  PID:9088
- C:\Windows\System\OkzGpQT.exe
  C:\Windows\System\OkzGpQT.exe
  2⤵
  PID:9104
- C:\Windows\System\qiSIdKz.exe
  C:\Windows\System\qiSIdKz.exe
  2⤵
  PID:9124
- C:\Windows\System\atCkfcn.exe
  C:\Windows\System\atCkfcn.exe
  2⤵
  PID:9140
- C:\Windows\System\cQtJGly.exe
  C:\Windows\System\cQtJGly.exe
  2⤵
  PID:9156
- C:\Windows\System\eDSTEHB.exe
  C:\Windows\System\eDSTEHB.exe
  2⤵
  PID:9172
- C:\Windows\System\vGZEakP.exe
  C:\Windows\System\vGZEakP.exe
  2⤵
  PID:9188
- C:\Windows\System\NffAmUV.exe
  C:\Windows\System\NffAmUV.exe
  2⤵
  PID:9204
- C:\Windows\System\hoAPdRG.exe
  C:\Windows\System\hoAPdRG.exe
  2⤵
  PID:7552
- C:\Windows\System\jlNfxdE.exe
  C:\Windows\System\jlNfxdE.exe
  2⤵
  PID:7604
- C:\Windows\System\QSrkate.exe
  C:\Windows\System\QSrkate.exe
  2⤵
  PID:8212
- C:\Windows\System\nhRtZNS.exe
  C:\Windows\System\nhRtZNS.exe
  2⤵
  PID:6824
- C:\Windows\System\CyAdpsw.exe
  C:\Windows\System\CyAdpsw.exe
  2⤵
  PID:8260
- C:\Windows\System\BKHvkgC.exe
  C:\Windows\System\BKHvkgC.exe
  2⤵
  PID:8276
- C:\Windows\System\KFiHONb.exe
  C:\Windows\System\KFiHONb.exe
  2⤵
  PID:8228
- C:\Windows\System\WtmTskE.exe
  C:\Windows\System\WtmTskE.exe
  2⤵
  PID:8340
- C:\Windows\System\lfZjReZ.exe
  C:\Windows\System\lfZjReZ.exe
  2⤵
  PID:6920
- C:\Windows\System\RmVCzMS.exe
  C:\Windows\System\RmVCzMS.exe
  2⤵
  PID:8388
- C:\Windows\System\xvUffnN.exe
  C:\Windows\System\xvUffnN.exe
  2⤵
  PID:8416
- C:\Windows\System\qrflrfl.exe
  C:\Windows\System\qrflrfl.exe
  2⤵
  PID:8420
- C:\Windows\System\eKdEndp.exe
  C:\Windows\System\eKdEndp.exe
  2⤵
  PID:8484
- C:\Windows\System\jLQSQQI.exe
  C:\Windows\System\jLQSQQI.exe
  2⤵
  PID:8532
- C:\Windows\System\owyTtKU.exe
  C:\Windows\System\owyTtKU.exe
  2⤵
  PID:8516
- C:\Windows\System\OZUedqv.exe
  C:\Windows\System\OZUedqv.exe
  2⤵
  PID:8624
- C:\Windows\System\qXJRMlz.exe
  C:\Windows\System\qXJRMlz.exe
  2⤵
  PID:8664
- C:\Windows\System\KavOAQS.exe
  C:\Windows\System\KavOAQS.exe
  2⤵
  PID:8696
- C:\Windows\System\ugGtiwC.exe
  C:\Windows\System\ugGtiwC.exe
  2⤵
  PID:8648
- C:\Windows\System\ydhWfcu.exe
  C:\Windows\System\ydhWfcu.exe
  2⤵
  PID:8756
- C:\Windows\System\MKMPxDw.exe
  C:\Windows\System\MKMPxDw.exe
  2⤵
  PID:8712
- C:\Windows\System\xdVauws.exe
  C:\Windows\System\xdVauws.exe
  2⤵
  PID:8772
- C:\Windows\System\dcPwQvV.exe
  C:\Windows\System\dcPwQvV.exe
  2⤵
  PID:8820
- C:\Windows\System\SWMkBuP.exe
  C:\Windows\System\SWMkBuP.exe
  2⤵
  PID:8808
- C:\Windows\System\CuCmaxM.exe
  C:\Windows\System\CuCmaxM.exe
  2⤵
  PID:2540
- C:\Windows\System\ZKHjuPL.exe
  C:\Windows\System\ZKHjuPL.exe
  2⤵
  PID:8884
- C:\Windows\System\ajaTeOh.exe
  C:\Windows\System\ajaTeOh.exe
  2⤵
  PID:8916
- C:\Windows\System\goAXqmr.exe
  C:\Windows\System\goAXqmr.exe
  2⤵
  PID:8868
- C:\Windows\System\CojzrRt.exe
  C:\Windows\System\CojzrRt.exe
  2⤵
  PID:8936
- C:\Windows\System\OIftdhN.exe
  C:\Windows\System\OIftdhN.exe
  2⤵
  PID:8988
- C:\Windows\System\mvajSNW.exe
  C:\Windows\System\mvajSNW.exe
  2⤵
  PID:9000
- C:\Windows\System\GURqGAm.exe
  C:\Windows\System\GURqGAm.exe
  2⤵
  PID:9080
- C:\Windows\System\jkYfDnr.exe
  C:\Windows\System\jkYfDnr.exe
  2⤵
  PID:9068
- C:\Windows\System\HCNUPIJ.exe
  C:\Windows\System\HCNUPIJ.exe
  2⤵
  PID:9112
- C:\Windows\System\XCqhEdq.exe
  C:\Windows\System\XCqhEdq.exe
  2⤵
  PID:9180
- C:\Windows\System\dwPHTuJ.exe
  C:\Windows\System\dwPHTuJ.exe
  2⤵
  PID:8208
- C:\Windows\System\xWjXdTW.exe
  C:\Windows\System\xWjXdTW.exe
  2⤵
  PID:9132
- C:\Windows\System\qcYnbwI.exe
  C:\Windows\System\qcYnbwI.exe
  2⤵
  PID:8068
- C:\Windows\System\qtuxrDx.exe
  C:\Windows\System\qtuxrDx.exe
  2⤵
  PID:6388
- C:\Windows\System\vKfDtRC.exe
  C:\Windows\System\vKfDtRC.exe
  2⤵
  PID:8224
- C:\Windows\System\KIuUAtC.exe
  C:\Windows\System\KIuUAtC.exe
  2⤵
  PID:8404
- C:\Windows\System\OJOhkgD.exe
  C:\Windows\System\OJOhkgD.exe
  2⤵
  PID:8324
- C:\Windows\System\qhjiwqT.exe
  C:\Windows\System\qhjiwqT.exe
  2⤵
  PID:8480
- C:\Windows\System\VLeWrvp.exe
  C:\Windows\System\VLeWrvp.exe
  2⤵
  PID:8464
- C:\Windows\System\mUHUsoF.exe
  C:\Windows\System\mUHUsoF.exe
  2⤵
  PID:8580
- C:\Windows\System\JDTxtrf.exe
  C:\Windows\System\JDTxtrf.exe
  2⤵
  PID:7280
- C:\Windows\System\EYqUoBT.exe
  C:\Windows\System\EYqUoBT.exe
  2⤵
  PID:8888
- C:\Windows\System\WdKpaGM.exe
  C:\Windows\System\WdKpaGM.exe
  2⤵
  PID:8900
- C:\Windows\System\gevXJAO.exe
  C:\Windows\System\gevXJAO.exe
  2⤵
  PID:8972
- C:\Windows\System\wGLCfvz.exe
  C:\Windows\System\wGLCfvz.exe
  2⤵
  PID:8612
- C:\Windows\System\yTrjqAD.exe
  C:\Windows\System\yTrjqAD.exe
  2⤵
  PID:9036
- C:\Windows\System\wirvZbV.exe
  C:\Windows\System\wirvZbV.exe
  2⤵
  PID:1336
- C:\Windows\System\eMNvrlo.exe
  C:\Windows\System\eMNvrlo.exe
  2⤵
  PID:2204
- C:\Windows\System\KiaYHpa.exe
  C:\Windows\System\KiaYHpa.exe
  2⤵
  PID:1708
- C:\Windows\System\uHyiUZM.exe
  C:\Windows\System\uHyiUZM.exe
  2⤵
  PID:9120
- C:\Windows\System\iBaIbdO.exe
  C:\Windows\System\iBaIbdO.exe
  2⤵
  PID:8100
- C:\Windows\System\DcMHGfZ.exe
  C:\Windows\System\DcMHGfZ.exe
  2⤵
  PID:8356
- C:\Windows\System\PinSnAp.exe
  C:\Windows\System\PinSnAp.exe
  2⤵
  PID:8932
- C:\Windows\System\mgpHVdm.exe
  C:\Windows\System\mgpHVdm.exe
  2⤵
  PID:8724
- C:\Windows\System\DTcrMJB.exe
  C:\Windows\System\DTcrMJB.exe
  2⤵
  PID:9212
- C:\Windows\System\WnsFGst.exe
  C:\Windows\System\WnsFGst.exe
  2⤵
  PID:340
- C:\Windows\System\lOnLtrZ.exe
  C:\Windows\System\lOnLtrZ.exe
  2⤵
  PID:8256
- C:\Windows\System\DRmnqMp.exe
  C:\Windows\System\DRmnqMp.exe
  2⤵
  PID:8628
- C:\Windows\System\CfcHJJc.exe
  C:\Windows\System\CfcHJJc.exe
  2⤵
  PID:8984
- C:\Windows\System\vCmZIqG.exe
  C:\Windows\System\vCmZIqG.exe
  2⤵
  PID:9052
- C:\Windows\System\CLYpgSa.exe
  C:\Windows\System\CLYpgSa.exe
  2⤵
  PID:9200
- C:\Windows\System\dxdthGN.exe
  C:\Windows\System\dxdthGN.exe
  2⤵
  PID:8968
- C:\Windows\System\lslLJdx.exe
  C:\Windows\System\lslLJdx.exe
  2⤵
  PID:2728
- C:\Windows\System\xedEEIK.exe
  C:\Windows\System\xedEEIK.exe
  2⤵
  PID:9116
- C:\Windows\System\QDEtErO.exe
  C:\Windows\System\QDEtErO.exe
  2⤵
  PID:8660
- C:\Windows\System\NtqtzfM.exe
  C:\Windows\System\NtqtzfM.exe
  2⤵
  PID:8640
- C:\Windows\System\cHrQHrn.exe
  C:\Windows\System\cHrQHrn.exe
  2⤵
  PID:8804
- C:\Windows\System\NOUmGla.exe
  C:\Windows\System\NOUmGla.exe
  2⤵
  PID:2716
- C:\Windows\System\JzFakaU.exe
  C:\Windows\System\JzFakaU.exe
  2⤵
  PID:1064
- C:\Windows\System\fWuxFVp.exe
  C:\Windows\System\fWuxFVp.exe
  2⤵
  PID:9152
- C:\Windows\System\ZVacXLf.exe
  C:\Windows\System\ZVacXLf.exe
  2⤵
  PID:8596
- C:\Windows\System\qLqfNEU.exe
  C:\Windows\System\qLqfNEU.exe
  2⤵
  PID:8948
- C:\Windows\System\IbvHrMY.exe
  C:\Windows\System\IbvHrMY.exe
  2⤵
  PID:9232
- C:\Windows\System\kRLUBOb.exe
  C:\Windows\System\kRLUBOb.exe
  2⤵
  PID:9252
- C:\Windows\System\MBCNVhQ.exe
  C:\Windows\System\MBCNVhQ.exe
  2⤵
  PID:9268
- C:\Windows\System\jCHVnWP.exe
  C:\Windows\System\jCHVnWP.exe
  2⤵
  PID:9284
- C:\Windows\System\zwNouaj.exe
  C:\Windows\System\zwNouaj.exe
  2⤵
  PID:9300
- C:\Windows\System\SxthceS.exe
  C:\Windows\System\SxthceS.exe
  2⤵
  PID:9316
- C:\Windows\System\bBrFnGX.exe
  C:\Windows\System\bBrFnGX.exe
  2⤵
  PID:9332
- C:\Windows\System\vknYtIs.exe
  C:\Windows\System\vknYtIs.exe
  2⤵
  PID:9348
- C:\Windows\System\ZlrUXue.exe
  C:\Windows\System\ZlrUXue.exe
  2⤵
  PID:9364
- C:\Windows\System\oOAcqVl.exe
  C:\Windows\System\oOAcqVl.exe
  2⤵
  PID:9380
- C:\Windows\System\BBnGJcp.exe
  C:\Windows\System\BBnGJcp.exe
  2⤵
  PID:9396
- C:\Windows\System\olnGYrY.exe
  C:\Windows\System\olnGYrY.exe
  2⤵
  PID:9412
- C:\Windows\System\lKxldlw.exe
  C:\Windows\System\lKxldlw.exe
  2⤵
  PID:9428
- C:\Windows\System\sdawJiG.exe
  C:\Windows\System\sdawJiG.exe
  2⤵
  PID:9444
- C:\Windows\System\YtIBjyT.exe
  C:\Windows\System\YtIBjyT.exe
  2⤵
  PID:9460
- C:\Windows\System\diZLYsK.exe
  C:\Windows\System\diZLYsK.exe
  2⤵
  PID:9476
- C:\Windows\System\laXobxJ.exe
  C:\Windows\System\laXobxJ.exe
  2⤵
  PID:9492
- C:\Windows\System\sPOjlOJ.exe
  C:\Windows\System\sPOjlOJ.exe
  2⤵
  PID:9512
- C:\Windows\System\ZlPbZCL.exe
  C:\Windows\System\ZlPbZCL.exe
  2⤵
  PID:9528
- C:\Windows\System\LaPvuKt.exe
  C:\Windows\System\LaPvuKt.exe
  2⤵
  PID:9544
- C:\Windows\System\EwUahLX.exe
  C:\Windows\System\EwUahLX.exe
  2⤵
  PID:9560
- C:\Windows\System\kknmUHN.exe
  C:\Windows\System\kknmUHN.exe
  2⤵
  PID:9576
- C:\Windows\System\UfDeNGW.exe
  C:\Windows\System\UfDeNGW.exe
  2⤵
  PID:9592
- C:\Windows\System\zcdEwSy.exe
  C:\Windows\System\zcdEwSy.exe
  2⤵
  PID:9608
- C:\Windows\System\IWSvPFa.exe
  C:\Windows\System\IWSvPFa.exe
  2⤵
  PID:9624
- C:\Windows\System\suXdkHR.exe
  C:\Windows\System\suXdkHR.exe
  2⤵
  PID:9640
- C:\Windows\System\pbPMxMZ.exe
  C:\Windows\System\pbPMxMZ.exe
  2⤵
  PID:9656
- C:\Windows\System\npYnapb.exe
  C:\Windows\System\npYnapb.exe
  2⤵
  PID:9672
- C:\Windows\System\hNDzWuZ.exe
  C:\Windows\System\hNDzWuZ.exe
  2⤵
  PID:9688
- C:\Windows\System\mhyihug.exe
  C:\Windows\System\mhyihug.exe
  2⤵
  PID:9704
- C:\Windows\System\IsLEbiC.exe
  C:\Windows\System\IsLEbiC.exe
  2⤵
  PID:9720
- C:\Windows\System\vxwEfVB.exe
  C:\Windows\System\vxwEfVB.exe
  2⤵
  PID:9736
- C:\Windows\System\CCpRpeS.exe
  C:\Windows\System\CCpRpeS.exe
  2⤵
  PID:9752
- C:\Windows\System\tMbCjSn.exe
  C:\Windows\System\tMbCjSn.exe
  2⤵
  PID:9768
- C:\Windows\System\WVqqmHP.exe
  C:\Windows\System\WVqqmHP.exe
  2⤵
  PID:9784
- C:\Windows\System\rixYHjs.exe
  C:\Windows\System\rixYHjs.exe
  2⤵
  PID:9800
- C:\Windows\System\unJMCvJ.exe
  C:\Windows\System\unJMCvJ.exe
  2⤵
  PID:9820
- C:\Windows\System\KnIzCOP.exe
  C:\Windows\System\KnIzCOP.exe
  2⤵
  PID:9836
- C:\Windows\System\LykKner.exe
  C:\Windows\System\LykKner.exe
  2⤵
  PID:9852
- C:\Windows\System\NgNSjZS.exe
  C:\Windows\System\NgNSjZS.exe
  2⤵
  PID:9868
- C:\Windows\System\kyUzbcK.exe
  C:\Windows\System\kyUzbcK.exe
  2⤵
  PID:9884
- C:\Windows\System\YTtlWGy.exe
  C:\Windows\System\YTtlWGy.exe
  2⤵
  PID:9904
- C:\Windows\System\OWghJwc.exe
  C:\Windows\System\OWghJwc.exe
  2⤵
  PID:9920
- C:\Windows\System\NyAemhF.exe
  C:\Windows\System\NyAemhF.exe
  2⤵
  PID:9936
- C:\Windows\System\eQnKWWV.exe
  C:\Windows\System\eQnKWWV.exe
  2⤵
  PID:9952
- C:\Windows\System\bHGanrF.exe
  C:\Windows\System\bHGanrF.exe
  2⤵
  PID:9968
- C:\Windows\System\SpvfdlB.exe
  C:\Windows\System\SpvfdlB.exe
  2⤵
  PID:9988
- C:\Windows\System\vaPSqUb.exe
  C:\Windows\System\vaPSqUb.exe
  2⤵
  PID:10004
- C:\Windows\System\MfSLYsZ.exe
  C:\Windows\System\MfSLYsZ.exe
  2⤵
  PID:10020
- C:\Windows\System\qhewXmB.exe
  C:\Windows\System\qhewXmB.exe
  2⤵
  PID:10036
- C:\Windows\System\UCnyEBv.exe
  C:\Windows\System\UCnyEBv.exe
  2⤵
  PID:10052
- C:\Windows\System\elVzbnR.exe
  C:\Windows\System\elVzbnR.exe
  2⤵
  PID:10068
- C:\Windows\System\cpvEgqJ.exe
  C:\Windows\System\cpvEgqJ.exe
  2⤵
  PID:10084
- C:\Windows\System\KxdOanU.exe
  C:\Windows\System\KxdOanU.exe
  2⤵
  PID:10100
- C:\Windows\System\lPZNBKH.exe
  C:\Windows\System\lPZNBKH.exe
  2⤵
  PID:10116
- C:\Windows\System\zZRsHGR.exe
  C:\Windows\System\zZRsHGR.exe
  2⤵
  PID:10132
- C:\Windows\System\hhuqjCu.exe
  C:\Windows\System\hhuqjCu.exe
  2⤵
  PID:10148
- C:\Windows\System\TllQRDj.exe
  C:\Windows\System\TllQRDj.exe
  2⤵
  PID:10164
- C:\Windows\System\KuBYUDC.exe
  C:\Windows\System\KuBYUDC.exe
  2⤵
  PID:10180
- C:\Windows\System\jiYFlkz.exe
  C:\Windows\System\jiYFlkz.exe
  2⤵
  PID:10196
- C:\Windows\System\ytJXjiJ.exe
  C:\Windows\System\ytJXjiJ.exe
  2⤵
  PID:10212
- C:\Windows\System\ZKSNpYM.exe
  C:\Windows\System\ZKSNpYM.exe
  2⤵
  PID:10228
- C:\Windows\System\ybFkztH.exe
  C:\Windows\System\ybFkztH.exe
  2⤵
  PID:8644
- C:\Windows\System\UhwbzuZ.exe
  C:\Windows\System\UhwbzuZ.exe
  2⤵
  PID:9248
- C:\Windows\System\IQlbUfH.exe
  C:\Windows\System\IQlbUfH.exe
  2⤵
  PID:9224
- C:\Windows\System\rpYmSHk.exe
  C:\Windows\System\rpYmSHk.exe
  2⤵
  PID:9296
- C:\Windows\System\mKbvoXt.exe
  C:\Windows\System\mKbvoXt.exe
  2⤵
  PID:9340
- C:\Windows\System\oPqMkjL.exe
  C:\Windows\System\oPqMkjL.exe
  2⤵
  PID:9376
- C:\Windows\System\WFjWoDR.exe
  C:\Windows\System\WFjWoDR.exe
  2⤵
  PID:9388
- C:\Windows\System\alFYAgt.exe
  C:\Windows\System\alFYAgt.exe
  2⤵
  PID:9408
- C:\Windows\System\TtMqEfS.exe
  C:\Windows\System\TtMqEfS.exe
  2⤵
  PID:9468
- C:\Windows\System\eNVidrm.exe
  C:\Windows\System\eNVidrm.exe
  2⤵
  PID:9504
- C:\Windows\System\ybmFOLo.exe
  C:\Windows\System\ybmFOLo.exe
  2⤵
  PID:9456
- C:\Windows\System\ivhpVJz.exe
  C:\Windows\System\ivhpVJz.exe
  2⤵
  PID:9540
- C:\Windows\System\ZtIbsDz.exe
  C:\Windows\System\ZtIbsDz.exe
  2⤵
  PID:9572
- C:\Windows\System\qSSmIBj.exe
  C:\Windows\System\qSSmIBj.exe
  2⤵
  PID:9632
- C:\Windows\System\vGeJcqr.exe
  C:\Windows\System\vGeJcqr.exe
  2⤵
  PID:9648
- C:\Windows\System\XFktSzH.exe
  C:\Windows\System\XFktSzH.exe
  2⤵
  PID:9668
- C:\Windows\System\WhFkNBG.exe
  C:\Windows\System\WhFkNBG.exe
  2⤵
  PID:9684
- C:\Windows\System\nBcVbWg.exe
  C:\Windows\System\nBcVbWg.exe
  2⤵
  PID:9748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BEhkxVl.exe

Filesize
6.0MB

MD5
ef69ce2dcb2b8751479b0b8b0a1ffa43

SHA1
f3e59fa9e3a4b9a32c59baf8e77aa86dc76d5896

SHA256
7645256f6b2273b3f1776f3cad119af8911a2eb7177b047ab27f98b031f7e703

SHA512
9a7b4a4e0fe506696dc2d31b14d8933e918fc43218b78dcd5180c8ff4950031cef81467ebc0a3234d3c926965b55e75d9ef2d42865dde14a0a5b7bffff05e2ba

Download Submit
C:\Windows\system\CQAQgfd.exe

Filesize
6.0MB

MD5
9d6bdb4763bc7fbe153b8b0457ce4be2

SHA1
835541d81efb7a12d0b3ac5d1ab31827771b16cd

SHA256
af55d317a5f9cc7925629220468f1bb867dd890c383517879b41df8e59810a6e

SHA512
58638a15d9626981b28055a2e6c4ac0849ff345f441192ac556adb57d71f0ebe9c2bb04220ffc65cb81ef54f15518ea783cc40f04f45ba37608f970fc0eba2f8

Download Submit
C:\Windows\system\KufECaX.exe

Filesize
6.0MB

MD5
f107b628da2c34770f7b5e3d88debc4c

SHA1
e9fb78d62bec5cba4c1efd4a5a8cc761f9d18d62

SHA256
9059e593c6906aa07b453472205832ef541c695eb84fb9c2268db6f3765872f1

SHA512
8f006976bcdb670505dde91233f1b6b0d0958b4f8f1e1fe936e84a64f658a8bc28bd1e2bdc82efa4fc579070f3efedd4d8172b7bb2931a828c4a0167d05fd985

Download Submit
C:\Windows\system\LpFpkvi.exe

Filesize
6.0MB

MD5
c7a4cd90521557a795743e8a9ef48bc3

SHA1
7d53733d2446a1ceec3c905363616d537239e0f2

SHA256
6e74ec9822c512d0faa5675d43f4dfaaf9f37e167fa835018fec89883b9beedd

SHA512
93a2e81702a549f70f6775ffe7f5f817b4dab64429733c9957520b7f997a0f2173874a918af548d086a944d30282418480a921a8909bd3493de65956cb46c9e3

Download Submit
C:\Windows\system\MdINTyO.exe

Filesize
6.0MB

MD5
15457f97157a7db72c2a6966af0ea74f

SHA1
c3ab576dd874d8fcc04da94b046eea75cfe63218

SHA256
1076dd3779f715ed9b1b2adfa7b0764557c1391676a84561c8685c5f4fb0849b

SHA512
c46448656e40fe3259a304abf8321518147ebe53796482cad53de4a8808628ce2182e067951ee2102ad2370ea0b3e477f7b09b1a326c2a86a4fc1b6092e5e03a

Download Submit
C:\Windows\system\MsRLYuj.exe

Filesize
6.0MB

MD5
62df7d0724df7f1472ee8ad6d86d55b9

SHA1
cbe358d37dfb7dd3c1ad60410911c68051aceadd

SHA256
4c45d08b4c60d052ed0332cda5ef8b92acd5411be6666c7c0ca8f1d1e97c3ee4

SHA512
9dd45d8acf2c866efd258e975565c54baac43bbd7c8e1310a67e46f2cd99b5788369061af049a7fc9fec0a6f23bd8325bd44b79a08daae50f824f89df3e3b2f4

Download Submit
C:\Windows\system\NIUNVHh.exe

Filesize
6.0MB

MD5
450e1de9b8f38fd14288623f292cfc4d

SHA1
5b67faa432f0d865a30e56be20a1a78ade47a6a1

SHA256
c81b7cc0051c3ff448fb8630717daa507f55a9d6c8e0e85de6841a02172481d7

SHA512
91f188faeeb492d3f4acc65a2f8fc98266cb107e2407f1b6f11c02779ba158380e5c6a1441d661b9f5e3dc08337bb4491331c210b3c6e5a4c35ac61629bca364

Download Submit
C:\Windows\system\OpzXzSd.exe

Filesize
6.0MB

MD5
0bcd3e63844b1634a45dcf6e2fc7faf7

SHA1
24f88b4a60b1da8d38cae2ca7a4c41b256806bd3

SHA256
d5445ba2b5e8b222484e3536baedb6eb7573ae671c0563e6be5cb998b88f9a9e

SHA512
0936dc0c69ed09b8c140c71a5dd1014ed0305c799a61eb17b39341ba0e063afdf104d2216972da1e611242f046a737309aba0ded04510966edb97c73afa0c318

Download Submit
C:\Windows\system\RcAKhel.exe

Filesize
6.0MB

MD5
aba110b84ca4e2aaf4f4eccf2ff70155

SHA1
69f3e47c4c1a3fd67750e70d8623737314a2bb73

SHA256
88c0c79f6d76a13bca04670c09610cc2e033e48791822ed80a08a11bcf8464aa

SHA512
cfc38d17c66941aaf876aab12500f0e6932ca41d2e2e25a3d52a52644a140afcd029df73fef5a164dd9fd886a0098e56a0892eefe8ccdc15ada0e4fbcc91934f

Download Submit
C:\Windows\system\RyeiSoL.exe

Filesize
6.0MB

MD5
90a885f4230bce5dde478a30d5aff8a0

SHA1
715bcf3959b7b178c33b5ee4bc898a49f3830a19

SHA256
78457c27b23c229390fe4e652136be3f584f6eaad34a566d2da607b2f09093db

SHA512
4200fd4dad45ec23babf7e4f4713ccceda294e85de796ab40d21a8064185cb1cfdcf762c089468cdec8833dc915182410fa581cb7191ba90834efdcb59d95dfe

Download Submit
C:\Windows\system\UGcAGRU.exe

Filesize
6.0MB

MD5
bb69dc92464c34ae2a3822d1d580aee4

SHA1
1ef35c7f5c9d3bca17b628adf223bbc095b9edbe

SHA256
dc98c8d179249f7498492049cb8daa0a1e7b308b27cc04cb1dcda7bc58c27e16

SHA512
0c02e19cdf2c49c2cd8e2f6e2465e1e3831b430514d61d3ae91d7b11b8951470506db6311bc5b326f5f4bdd7fe6cfa351eecab9d2726a6504171529f4465e373

Download Submit
C:\Windows\system\UXaYqWX.exe

Filesize
6.0MB

MD5
68002bad681edbb36bcb1b850eae1d20

SHA1
3ca7577d4e8dd0193ac6aa191a4c45ba545e586d

SHA256
8530a9add48b3e744837a53f0e82699bdbc3166aa72c321f52a6d3d6db3965e9

SHA512
3f968db77f2900a7e805e59dda152d572d149e96f939b38a69f4d4eb4a43b18c52805e55543a9a4fa68d4d4f28b0ec971dc79f0d767ff327f3a7346e3e9ffaad

Download Submit
C:\Windows\system\YTJgFcA.exe

Filesize
6.0MB

MD5
3d4904309076f59eb33d6c2edfcb0f82

SHA1
1b7457df85a3add5082d86b6e91b53b181bd9160

SHA256
8129e43418a2b32975060d59ba00b2b139321ffa04525b3237de6d28f5f812ed

SHA512
7403825799d851b3cf8ca5c77ca5fe60ada1b09991028e2fac2586871eddd88c65945bec882979503e75d0086f05cc2350e6f53785163c00d3d4f66db743a58e

Download Submit
C:\Windows\system\aHGlARW.exe

Filesize
6.0MB

MD5
7cf4beb2a01b0f22b1d7876730c02d43

SHA1
7555c8f60573051d4435cb25592d22389ba1c112

SHA256
3170a18a5bd42e2ba2a50ef2be8b731a1dae48ba98f98b7bf60d5823e48e4fd3

SHA512
0cbf23cf0bdf1cc5d7e1766191fb86abbc8c982979edc87652bd8c3129d144002459eb20d67e50ed6cccc7fcbff430b6dc1ff14e0b1ef82beeae02956ef5e353

Download Submit
C:\Windows\system\aqWaekY.exe

Filesize
6.0MB

MD5
82ed7c81475df83cacc962809e57f7b6

SHA1
01c57611117c2594902040fb7d51aebb37c1f10d

SHA256
195e91192f23443cf9d1ff176ef34584de411ba0dcc9d3a3f715ed621dbe49ae

SHA512
0bb33ec32d8fd766cb851b104387c3c9dfdc08229fffa67c02f5935d75e3b81f9d2dfabb3acfbc6c1f63c02d9ea92432221c9c5ec3fc3c974a8194cc0ed55018

Download Submit
C:\Windows\system\aqbrWlL.exe

Filesize
6.0MB

MD5
8b10964d56d9942690f2c33457901b8b

SHA1
34517c28b0cd942480ab1b64f9b4278f6298e686

SHA256
12dcb7ecfb6c4f6903f54656b43cac9950f19a72ba681ab1fa616052f5197d4e

SHA512
77880ad1218072c874fd369f13206870c6b9daaee3b30ac6999a35d4bb220a16d2dde4adc234d7532794d2fc343fe6e5daa24bf531219a7632b3a5f125013c1c

Download Submit
C:\Windows\system\fULXdfo.exe

Filesize
6.0MB

MD5
9fd9181681d0cf20d360be76cb029f01

SHA1
e293291ab74697e62105f3a66a21bbe59dd30ad1

SHA256
93bea554f766155dc483c715dd12e61e017ac35efc625660bb82d49a0cbac206

SHA512
2a8eac91ce1b66f0779d583791df5eb7c99f1c43d8349ee6265eb6c23a1937cd6fd85219cd15b5bcbaffc9e45c3f7dbb776db391be7d8565bd89976164718184

Download Submit
C:\Windows\system\iEYFCST.exe

Filesize
6.0MB

MD5
a513a706316d8831c24523d7ddc86bdf

SHA1
785a667ab0ada02138c80515111ea4443125661d

SHA256
e248c35b964393981f972bbef8ece92173747ebf27ed22b1e68006c6eca1b113

SHA512
e4401b89c644e421ecea5bb38616815dec4fe2ec67c4cbc1178f9acfbcef0ba421c6bd30c5eb2e01f10cf72beef0f9e8d21741bf4c413fb236c9f2ca95c83b23

Download Submit
C:\Windows\system\juAJJif.exe

Filesize
6.0MB

MD5
4401cb9449f3610baa172a04ccc14804

SHA1
158c64bc04fd5b48231a5e7d1bfd0541c67d9e38

SHA256
e2157c2748bf50895a97b1fbe8d5f855d5d1df8c83a57e3dfd84da73fbea090b

SHA512
d9d03dc3d4aa0554b9824e647f8758a941e257c8e05f6a2539e9244516631f9daf0bb67a271db377f41c2aa95a73aed6a5fab04a480fb56cec9323b093c4ec78

Download Submit
C:\Windows\system\kWIFPbW.exe

Filesize
6.0MB

MD5
7063b5d2f57b487f08ac1289b66e4e07

SHA1
d8d4627246661bb9e3725c002cc109a74addbc26

SHA256
951642f5df7a5acecd392b294aabdd0ddc525a5ff17a883817d432fa5b12d7aa

SHA512
186260af4ab0bb03cc88f08b47a2a6d6b3693c5ed54d22feb14b2c7a812bfa08ba9bbc468c6d62f0fae3bd2c4c4512ee7ec3ae1c1ac293d7e38062bc140dcf3a

Download Submit
C:\Windows\system\lPxcXpq.exe

Filesize
6.0MB

MD5
5c8fe2eb7c4d1ff940e330c97afe0820

SHA1
a972bd398e0926b270f957158be116dd9be696b2

SHA256
c661d2c3d13dd47df4e898d14f90fba7198a5e15f27092e4a25d246570df3d81

SHA512
6b4ab95dfddc7c2d92be7b7f1ed00c968cf467a1aaab25cf4c99794b59c2e236e8745d7786b70236df7f640ac2f41f149313d10cd496aa8f0e994f387087762a

Download Submit
C:\Windows\system\mJJaZwv.exe

Filesize
6.0MB

MD5
2ee833e285ddd0e668bf073e68fc81b4

SHA1
02420a85d6faa9f819df1b03b06e8743c382b704

SHA256
92d82068804329ccf134e3e726706f648efe479d54ae884825b69d98efbad6f9

SHA512
9096132d7399408ffc4936514fdd5f8ac27544815ad443fd76f76517289f36fde54d1a46b3a3a6a2be9dbc34299f22f16c9ec67615fc95aa5e5cf984f4977ec3

Download Submit
C:\Windows\system\pfCsvxb.exe

Filesize
6.0MB

MD5
a6009dc7842f5721e83a765c56b45ece

SHA1
16415ddf40c029ce246e2d431805b64e6bc38584

SHA256
76b8f3d4a5b8ea170ada34b66e199d1bb26e5dc5a006f986d9bc52db4d373b8e

SHA512
42d9260d2f54b12775aa332204546be86a195628240d1e536331da2dd2dbca8ed4fc39eaf92853371851185a7e1075d5ec6036c7a6a7ad09598ec70f27516f70

Download Submit
C:\Windows\system\rUBbMvj.exe

Filesize
6.0MB

MD5
f24d428db511add1d8cf2669c93b03d9

SHA1
4250ea98d48092fbc6e4e8b1c7d8cb4af92290fb

SHA256
cb5e6da2f04da9ebf68ad0464257e77b43a1fbe41c9ebd143818b89d6e48abbd

SHA512
9922ab285b809fee650a6cd23279db0303e573540bc53d274eedd4e41be3e58f2e5e63bca16cb17b3730fe9014f83113b967aff495e78295d30adc4a93fa8f96

Download Submit
C:\Windows\system\rbjEJQT.exe

Filesize
6.0MB

MD5
13faf50afa6e6e2efb6ecf19e3709840

SHA1
b1bc935d0e92fda9bc9c58654dff3c18802407e3

SHA256
a20e94afc703f357defb51e9531529fab3fd03e9e2412de177348062cb911148

SHA512
3349aa152ee8103b240df22922663dd695c932fb6fdf3e112d84ca2ee008f6a9aea1e9458b9b3f288b032012f1ec631f5463abde2ff93b3f5f6985f1270609ee

Download Submit
C:\Windows\system\rzaquPP.exe

Filesize
6.0MB

MD5
dd027405be9346e97e28fc0979f274b0

SHA1
58771856de619119bf48e8b73565acdc410a33a3

SHA256
2f4cd3c0e8f3b48490f79b7f2e39710eac3fff7c54a6eee2a04543d9c56a51d4

SHA512
0004d8d2a39329cb1d7291eecb5a74e9356b00cf0a702d0c1c68ce3c00c2b21b045b17aea7419ab662e9b28e332137fbc703c917db08677728a1195ab43a4fb2

Download Submit
C:\Windows\system\tDudEtf.exe

Filesize
6.0MB

MD5
76ffe0c0bedc82a06b07c37935a368a4

SHA1
a622500dfd990d29455248d23f308350973878f5

SHA256
7fbade0c9a50d61c37a798b91568e272c4e1ced78dade4fb24ceb8094f68f9c0

SHA512
95bef16c681483e310c8ceba4dfd8c674a08f729567b926f064c2a255222fbc964fa069f4d3b56b05ad13ac5346991041b5774e70514d913478b06305c125160

Download Submit
C:\Windows\system\uIRlTgL.exe

Filesize
6.0MB

MD5
78896f44cc984e6293b73d988b64a65d

SHA1
eb15361ba7c937cb40581d7a318ae1b1d9931476

SHA256
3fb9f9bb97e7d6ead7b82a72a8ca02dda4cb79b4cf4af8746924a53059d87664

SHA512
2f14ab3947d97e3ce51071729d86a1d1fb15d1807d97a10f52563d3dfe3228429144b7bee0286589397a46308fab722fd10ef8d132eaa0a8b3273574fa27b3c9

Download Submit
C:\Windows\system\uuPlPjp.exe

Filesize
6.0MB

MD5
f4d1effb4e1f779e2ddc8ab5df28c977

SHA1
4018e9222e46126e2f66bd53512e78ad9ff91b40

SHA256
0e2beb7d887744edf224e161f9bbb11332dec44b8ce8f269e024cd995c562de1

SHA512
b751e698afb599b68cc29fa4eb42a7da71895e9506c1a4de812e65e57f67dee63568b7fbdac42aff43436118c50f5edf78a8d7ec59b759b4212e1a3c8ad3d69b

Download Submit
\Windows\system\PQkZDtF.exe

Filesize
6.0MB

MD5
820f900ea218dfa9627726ebb8c4fb63

SHA1
fa939e44279cd7d6a9860162fa64e342fc6bab01

SHA256
693eff0786e9a6070e93e42f959a83bef56a9754468a9feaeb48a5243efcc0c2

SHA512
e8feacd2df8328599ae938bde117437fe72be22fd2223498533bb948d9dcc95f0fa873b07e0e8d8094f6ad292a5ce1a60750f20f51ae2699c6b60b2f299c2745

Download Submit
\Windows\system\ooguULv.exe

Filesize
6.0MB

MD5
4fc0b3f5278d5f206479633f93b99462

SHA1
fafcc3104f34eceefa74037cc13533445e2e17a5

SHA256
94178514d89337f22e5365f2f16739bd40e40ee9643c8a24dde67f25f5c4745d

SHA512
cabfce0c1b71b8b1f9c56fac2c3697aaa1a23b845ecaed735ac161233127325aecd305a63716214eb744a255387c48d7075c78a03940e9aa2272c79f08dbd550

Download Submit
\Windows\system\wtjAQtg.exe

Filesize
6.0MB

MD5
26699b26fe4757acda16fc43d107e881

SHA1
3b13f1309994002d3d3a2eae922daa7d3925c75c

SHA256
bc0ccb018c8ac4fe11e2b05d624fef4ca8bb1c9953158560cb27aa02c38bc90e

SHA512
6b51d392fe88b937f9f62d39f875747bbc301232db272cf6201b84bc909625343c3a2626b6545a8c5a1f5c0d75883507c006e1d7b5229e6499dd9e825955b6c4

Download Submit
memory/108-222-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/108-1505-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/108-83-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/1376-88-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1376-1597-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1376-338-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1612-96-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/1612-1595-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2132-22-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-1334-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2152-1337-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2152-21-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1423-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2644-59-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2732-146-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-270-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2732-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/2732-337-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-0-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-109-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2732-10-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2732-86-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-20-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-17-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-65-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2732-54-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2732-69-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-53-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-37-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2732-28-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-102-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2732-50-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2732-100-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-41-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-80-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2816-51-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1373-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2824-66-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2824-1430-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2872-23-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1336-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-39-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2936-74-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2936-1360-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2956-1634-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2956-101-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2956-409-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2968-1484-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-75-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-1376-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/3004-85-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/3004-43-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/3052-67-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-29-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-1363-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download