cobaltstrike | 4686923ed7ae1a57f69267f1c4c6b22f71942babd382bb14319fc5595626bd65

Analysis

max time kernel
87s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02-02-2025 04:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

3f03c1dd158796802d25973c75f6c00e
SHA1

288557bc317daf5ef6c4aaa669e506c6623203ff
SHA256

4686923ed7ae1a57f69267f1c4c6b22f71942babd382bb14319fc5595626bd65
SHA512

c1a694c8b769853be0e13a114ea376c82e225010a403df6e56122302d5b7904241b69957e533842834d77c6e84363c6f4164b21db60d1e4cb5542b880a34031b
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUa:eOl56utgpPF8u/7a

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fd-6.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186ca-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018710-23.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018766-33.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001933b-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-192.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-90.dat	cobalt_reflective_dll
behavioral1/files/0x0035000000017530-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-69.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018bf3-67.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b62-47.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018780-39.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186d9-10.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1740-0-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-6.dat	xmrig
behavioral1/files/0x00070000000186ca-8.dat	xmrig
behavioral1/memory/1376-22-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2352-21-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018710-23.dat	xmrig
behavioral1/memory/2904-29-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018766-33.dat	xmrig
behavioral1/memory/2788-36-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2756-41-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/files/0x000700000001933b-56.dat	xmrig
behavioral1/memory/2636-72-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2756-80-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2736-87-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2580-93-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/1740-99-0x0000000002300000-0x0000000002654000-memory.dmp	xmrig
behavioral1/files/0x0005000000019926-108.dat	xmrig
behavioral1/files/0x0005000000019dbf-160.dat	xmrig
behavioral1/files/0x000500000001a41b-192.dat	xmrig
behavioral1/memory/2976-1100-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/1740-1099-0x0000000002300000-0x0000000002654000-memory.dmp	xmrig
behavioral1/memory/2580-844-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x000500000001a307-182.dat	xmrig
behavioral1/files/0x000500000001a359-186.dat	xmrig
behavioral1/files/0x000500000001a09e-177.dat	xmrig
behavioral1/files/0x000500000001a07e-172.dat	xmrig
behavioral1/files/0x0005000000019f94-158.dat	xmrig
behavioral1/files/0x000500000001a075-164.dat	xmrig
behavioral1/files/0x0005000000019f8a-155.dat	xmrig
behavioral1/files/0x0005000000019d8e-147.dat	xmrig
behavioral1/files/0x0005000000019cca-142.dat	xmrig
behavioral1/files/0x0005000000019c57-131.dat	xmrig
behavioral1/files/0x0005000000019c3c-130.dat	xmrig
behavioral1/files/0x0005000000019cba-137.dat	xmrig
behavioral1/files/0x0005000000019c3e-125.dat	xmrig
behavioral1/files/0x0005000000019c34-115.dat	xmrig
behavioral1/memory/1740-113-0x0000000002300000-0x0000000002654000-memory.dmp	xmrig
behavioral1/memory/2696-101-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x00050000000196a1-106.dat	xmrig
behavioral1/memory/2976-100-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/1740-98-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x0005000000019667-97.dat	xmrig
behavioral1/files/0x000500000001961e-90.dat	xmrig
behavioral1/files/0x0035000000017530-84.dat	xmrig
behavioral1/memory/2864-79-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2944-71-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x000500000001961c-76.dat	xmrig
behavioral1/files/0x000500000001960c-69.dat	xmrig
behavioral1/files/0x0009000000018bf3-67.dat	xmrig
behavioral1/memory/2696-65-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/1740-62-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/1740-51-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2128-50-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b62-47.dat	xmrig
behavioral1/files/0x0006000000018780-39.dat	xmrig
behavioral1/memory/2952-19-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x00070000000186d9-10.dat	xmrig
behavioral1/memory/2788-4164-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2352-4163-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2128-4166-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2756-4165-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2580-4168-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2864-4167-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2944-4170-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1376	vyLjPIx.exe
2952	rpsVSBB.exe
2352	oLYarmS.exe
2904	OfqxDLY.exe
2788	ursMTOe.exe
2756	ZbjSshW.exe
2128	kZwYCMm.exe
2696	WVqHplM.exe
2944	UpEmbBR.exe
2636	maUCKKT.exe
2864	coFGygF.exe
2736	GkooGAf.exe
2580	AfNUQZE.exe
2976	hWqYSTh.exe
2336	usfsLWJ.exe
1964	frmGxXn.exe
448	BansMjR.exe
2980	AWEsjDl.exe
2936	VwBtGOe.exe
1172	Ebvvpem.exe
1484	LfVJGZE.exe
1944	utySxyN.exe
588	RXXtrjJ.exe
3040	ScjWtOq.exe
3048	DGYygGW.exe
2228	dgcveeL.exe
2400	dYochEi.exe
2120	JDkXJkk.exe
2248	MKsoeKf.exe
400	wQuPfXf.exe
592	YZVHdhB.exe
2528	tkjHGVa.exe
696	lUfFDYx.exe
1368	dtEIfYd.exe
2452	RDutOwN.exe
2588	TysXOHO.exe
2308	iEulVWp.exe
1804	tqBQDMe.exe
1672	sVkrdtr.exe
2456	yzDFAmp.exe
1760	FDubFhx.exe
1924	EXVXiXc.exe
1840	haBOIYb.exe
948	sfRwkdP.exe
584	cUGVDlC.exe
836	GSBBrTt.exe
648	jQCaDqD.exe
2408	VRAmOdQ.exe
1088	aPJcPut.exe
888	TeRHEIZ.exe
2100	qRXYzED.exe
1084	hSjcaRp.exe
1592	RScdLvy.exe
1620	iXWORLp.exe
2132	IsKrFog.exe
2772	DkbZeIz.exe
2888	CTglqrE.exe
2836	EWPnPAM.exe
1360	kdxcTpC.exe
2688	ksXAsHp.exe
2424	EZAEChc.exe
1544	YLJiSAg.exe
1292	oiMkpCa.exe
2476	utjnDFw.exe

Loads dropped DLL 64 IoCs

pid	Process
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1740-0-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-6.dat	upx
behavioral1/files/0x00070000000186ca-8.dat	upx
behavioral1/memory/1376-22-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2352-21-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/files/0x0007000000018710-23.dat	upx
behavioral1/memory/2904-29-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/files/0x0006000000018766-33.dat	upx
behavioral1/memory/2788-36-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2756-41-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/files/0x000700000001933b-56.dat	upx
behavioral1/memory/2636-72-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2756-80-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2736-87-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2580-93-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x0005000000019926-108.dat	upx
behavioral1/files/0x0005000000019dbf-160.dat	upx
behavioral1/files/0x000500000001a41b-192.dat	upx
behavioral1/memory/2976-1100-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2580-844-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x000500000001a307-182.dat	upx
behavioral1/files/0x000500000001a359-186.dat	upx
behavioral1/files/0x000500000001a09e-177.dat	upx
behavioral1/files/0x000500000001a07e-172.dat	upx
behavioral1/files/0x0005000000019f94-158.dat	upx
behavioral1/files/0x000500000001a075-164.dat	upx
behavioral1/files/0x0005000000019f8a-155.dat	upx
behavioral1/files/0x0005000000019d8e-147.dat	upx
behavioral1/files/0x0005000000019cca-142.dat	upx
behavioral1/files/0x0005000000019c57-131.dat	upx
behavioral1/files/0x0005000000019c3c-130.dat	upx
behavioral1/files/0x0005000000019cba-137.dat	upx
behavioral1/files/0x0005000000019c3e-125.dat	upx
behavioral1/files/0x0005000000019c34-115.dat	upx
behavioral1/memory/2696-101-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x00050000000196a1-106.dat	upx
behavioral1/memory/2976-100-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x0005000000019667-97.dat	upx
behavioral1/files/0x000500000001961e-90.dat	upx
behavioral1/files/0x0035000000017530-84.dat	upx
behavioral1/memory/2864-79-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2944-71-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x000500000001961c-76.dat	upx
behavioral1/files/0x000500000001960c-69.dat	upx
behavioral1/files/0x0009000000018bf3-67.dat	upx
behavioral1/memory/2696-65-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/1740-51-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2128-50-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x0007000000018b62-47.dat	upx
behavioral1/files/0x0006000000018780-39.dat	upx
behavioral1/memory/2952-19-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/files/0x00070000000186d9-10.dat	upx
behavioral1/memory/1376-4161-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2788-4164-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2352-4163-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2128-4166-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2756-4165-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2580-4168-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2864-4167-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2944-4170-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2696-4169-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2636-4172-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2736-4171-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2976-4173-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\poOkQYg.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EXVXiXc.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IIupcNc.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RnlZuhP.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jivJGcD.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IaKLKXo.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ffZNweI.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sJnJyIQ.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RZcTQsL.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FqHuhoM.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AhmbJOr.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xhldevB.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LbOtBfN.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cLhoGcq.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QnHhTiy.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhxoeCn.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVFCvQD.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pUGxHuY.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NgQmHNj.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wOXHfur.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cDsFFaC.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uTJyWsg.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aTTHiOM.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KCflkuf.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yrjzdZh.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FvvIKwn.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YmkgcqQ.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sjwubVr.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dVmDKqY.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VAhRVGo.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XkEwmeo.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IsKrFog.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OPwswoS.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MPGRCLp.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KrZCCmN.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DFChbkx.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VojRlQx.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xhEuViH.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HGneUcB.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\orSsPdo.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LAUiEYN.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zURfciy.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fHxHish.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mbyUtbn.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhiEPck.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FCBTXhG.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQNObSb.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oJnBOJV.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OxQNYGN.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qCeDcyR.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Cinendj.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jVvyCTF.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxEdSok.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EZAEChc.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DimqOpK.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VKCzXSV.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhYGFWG.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYlutKB.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGaxexI.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BxAtfWo.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vvlRvaY.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sLkieAz.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wadlmPE.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JNIdTNu.exe	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 1376	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1740 wrote to memory of 1376	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1740 wrote to memory of 1376	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1740 wrote to memory of 2952	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1740 wrote to memory of 2952	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1740 wrote to memory of 2952	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1740 wrote to memory of 2352	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1740 wrote to memory of 2352	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1740 wrote to memory of 2352	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1740 wrote to memory of 2904	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1740 wrote to memory of 2904	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1740 wrote to memory of 2904	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1740 wrote to memory of 2788	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1740 wrote to memory of 2788	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1740 wrote to memory of 2788	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1740 wrote to memory of 2756	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1740 wrote to memory of 2756	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1740 wrote to memory of 2756	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1740 wrote to memory of 2128	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1740 wrote to memory of 2128	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1740 wrote to memory of 2128	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1740 wrote to memory of 2944	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1740 wrote to memory of 2944	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1740 wrote to memory of 2944	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1740 wrote to memory of 2696	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1740 wrote to memory of 2696	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1740 wrote to memory of 2696	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1740 wrote to memory of 2636	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1740 wrote to memory of 2636	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1740 wrote to memory of 2636	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1740 wrote to memory of 2864	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1740 wrote to memory of 2864	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1740 wrote to memory of 2864	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1740 wrote to memory of 2736	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1740 wrote to memory of 2736	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1740 wrote to memory of 2736	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1740 wrote to memory of 2580	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1740 wrote to memory of 2580	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1740 wrote to memory of 2580	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1740 wrote to memory of 2976	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1740 wrote to memory of 2976	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1740 wrote to memory of 2976	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1740 wrote to memory of 2336	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1740 wrote to memory of 2336	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1740 wrote to memory of 2336	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1740 wrote to memory of 448	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1740 wrote to memory of 448	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1740 wrote to memory of 448	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1740 wrote to memory of 1964	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1740 wrote to memory of 1964	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1740 wrote to memory of 1964	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1740 wrote to memory of 2936	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1740 wrote to memory of 2936	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1740 wrote to memory of 2936	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1740 wrote to memory of 2980	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1740 wrote to memory of 2980	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1740 wrote to memory of 2980	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1740 wrote to memory of 1172	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1740 wrote to memory of 1172	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1740 wrote to memory of 1172	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1740 wrote to memory of 1484	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1740 wrote to memory of 1484	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1740 wrote to memory of 1484	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1740 wrote to memory of 1944	1740	2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-02_3f03c1dd158796802d25973c75f6c00e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Windows\System\vyLjPIx.exe
  C:\Windows\System\vyLjPIx.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\rpsVSBB.exe
  C:\Windows\System\rpsVSBB.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\oLYarmS.exe
  C:\Windows\System\oLYarmS.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\OfqxDLY.exe
  C:\Windows\System\OfqxDLY.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\ursMTOe.exe
  C:\Windows\System\ursMTOe.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\ZbjSshW.exe
  C:\Windows\System\ZbjSshW.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\kZwYCMm.exe
  C:\Windows\System\kZwYCMm.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\UpEmbBR.exe
  C:\Windows\System\UpEmbBR.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\WVqHplM.exe
  C:\Windows\System\WVqHplM.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\maUCKKT.exe
  C:\Windows\System\maUCKKT.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\coFGygF.exe
  C:\Windows\System\coFGygF.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\GkooGAf.exe
  C:\Windows\System\GkooGAf.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\AfNUQZE.exe
  C:\Windows\System\AfNUQZE.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\hWqYSTh.exe
  C:\Windows\System\hWqYSTh.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\usfsLWJ.exe
  C:\Windows\System\usfsLWJ.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\BansMjR.exe
  C:\Windows\System\BansMjR.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\frmGxXn.exe
  C:\Windows\System\frmGxXn.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\VwBtGOe.exe
  C:\Windows\System\VwBtGOe.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\AWEsjDl.exe
  C:\Windows\System\AWEsjDl.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\Ebvvpem.exe
  C:\Windows\System\Ebvvpem.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\LfVJGZE.exe
  C:\Windows\System\LfVJGZE.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\utySxyN.exe
  C:\Windows\System\utySxyN.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\RXXtrjJ.exe
  C:\Windows\System\RXXtrjJ.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\DGYygGW.exe
  C:\Windows\System\DGYygGW.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\ScjWtOq.exe
  C:\Windows\System\ScjWtOq.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\dYochEi.exe
  C:\Windows\System\dYochEi.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\dgcveeL.exe
  C:\Windows\System\dgcveeL.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\JDkXJkk.exe
  C:\Windows\System\JDkXJkk.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\MKsoeKf.exe
  C:\Windows\System\MKsoeKf.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\wQuPfXf.exe
  C:\Windows\System\wQuPfXf.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\YZVHdhB.exe
  C:\Windows\System\YZVHdhB.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\tkjHGVa.exe
  C:\Windows\System\tkjHGVa.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\lUfFDYx.exe
  C:\Windows\System\lUfFDYx.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\dtEIfYd.exe
  C:\Windows\System\dtEIfYd.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\RDutOwN.exe
  C:\Windows\System\RDutOwN.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\TysXOHO.exe
  C:\Windows\System\TysXOHO.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\iEulVWp.exe
  C:\Windows\System\iEulVWp.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\tqBQDMe.exe
  C:\Windows\System\tqBQDMe.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\sVkrdtr.exe
  C:\Windows\System\sVkrdtr.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\FDubFhx.exe
  C:\Windows\System\FDubFhx.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\yzDFAmp.exe
  C:\Windows\System\yzDFAmp.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\EXVXiXc.exe
  C:\Windows\System\EXVXiXc.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\haBOIYb.exe
  C:\Windows\System\haBOIYb.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\sfRwkdP.exe
  C:\Windows\System\sfRwkdP.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\cUGVDlC.exe
  C:\Windows\System\cUGVDlC.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\jQCaDqD.exe
  C:\Windows\System\jQCaDqD.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\GSBBrTt.exe
  C:\Windows\System\GSBBrTt.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\aPJcPut.exe
  C:\Windows\System\aPJcPut.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\VRAmOdQ.exe
  C:\Windows\System\VRAmOdQ.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\TeRHEIZ.exe
  C:\Windows\System\TeRHEIZ.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\qRXYzED.exe
  C:\Windows\System\qRXYzED.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\hSjcaRp.exe
  C:\Windows\System\hSjcaRp.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\RScdLvy.exe
  C:\Windows\System\RScdLvy.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\iXWORLp.exe
  C:\Windows\System\iXWORLp.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\IsKrFog.exe
  C:\Windows\System\IsKrFog.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\EWPnPAM.exe
  C:\Windows\System\EWPnPAM.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\DkbZeIz.exe
  C:\Windows\System\DkbZeIz.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\kdxcTpC.exe
  C:\Windows\System\kdxcTpC.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\CTglqrE.exe
  C:\Windows\System\CTglqrE.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\ksXAsHp.exe
  C:\Windows\System\ksXAsHp.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\EZAEChc.exe
  C:\Windows\System\EZAEChc.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\utjnDFw.exe
  C:\Windows\System\utjnDFw.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\YLJiSAg.exe
  C:\Windows\System\YLJiSAg.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\zPmanht.exe
  C:\Windows\System\zPmanht.exe
  2⤵
  PID:2876
- C:\Windows\System\oiMkpCa.exe
  C:\Windows\System\oiMkpCa.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\tTqrWVj.exe
  C:\Windows\System\tTqrWVj.exe
  2⤵
  PID:2956
- C:\Windows\System\otghjjJ.exe
  C:\Windows\System\otghjjJ.exe
  2⤵
  PID:2972
- C:\Windows\System\hkKCGhZ.exe
  C:\Windows\System\hkKCGhZ.exe
  2⤵
  PID:1972
- C:\Windows\System\TNEVaSg.exe
  C:\Windows\System\TNEVaSg.exe
  2⤵
  PID:1984
- C:\Windows\System\iIoEBoP.exe
  C:\Windows\System\iIoEBoP.exe
  2⤵
  PID:2284
- C:\Windows\System\tVSHRwg.exe
  C:\Windows\System\tVSHRwg.exe
  2⤵
  PID:2168
- C:\Windows\System\hxwHYEQ.exe
  C:\Windows\System\hxwHYEQ.exe
  2⤵
  PID:788
- C:\Windows\System\wpbmPic.exe
  C:\Windows\System\wpbmPic.exe
  2⤵
  PID:1648
- C:\Windows\System\ILEiSFB.exe
  C:\Windows\System\ILEiSFB.exe
  2⤵
  PID:1636
- C:\Windows\System\elVqkvV.exe
  C:\Windows\System\elVqkvV.exe
  2⤵
  PID:1836
- C:\Windows\System\CVFCvQD.exe
  C:\Windows\System\CVFCvQD.exe
  2⤵
  PID:2320
- C:\Windows\System\eokuoiq.exe
  C:\Windows\System\eokuoiq.exe
  2⤵
  PID:1052
- C:\Windows\System\wnxKrQD.exe
  C:\Windows\System\wnxKrQD.exe
  2⤵
  PID:2068
- C:\Windows\System\FmGuITX.exe
  C:\Windows\System\FmGuITX.exe
  2⤵
  PID:2276
- C:\Windows\System\djxCZCP.exe
  C:\Windows\System\djxCZCP.exe
  2⤵
  PID:1764
- C:\Windows\System\awhnrsP.exe
  C:\Windows\System\awhnrsP.exe
  2⤵
  PID:1912
- C:\Windows\System\yQFcZMb.exe
  C:\Windows\System\yQFcZMb.exe
  2⤵
  PID:2392
- C:\Windows\System\clFOEAc.exe
  C:\Windows\System\clFOEAc.exe
  2⤵
  PID:1608
- C:\Windows\System\GLCRORo.exe
  C:\Windows\System\GLCRORo.exe
  2⤵
  PID:3016
- C:\Windows\System\hUmbHWH.exe
  C:\Windows\System\hUmbHWH.exe
  2⤵
  PID:2572
- C:\Windows\System\hrIaNQE.exe
  C:\Windows\System\hrIaNQE.exe
  2⤵
  PID:2152
- C:\Windows\System\yNPQZMS.exe
  C:\Windows\System\yNPQZMS.exe
  2⤵
  PID:2732
- C:\Windows\System\nlXFQnk.exe
  C:\Windows\System\nlXFQnk.exe
  2⤵
  PID:2648
- C:\Windows\System\LbWRrAw.exe
  C:\Windows\System\LbWRrAw.exe
  2⤵
  PID:2412
- C:\Windows\System\LYjLKun.exe
  C:\Windows\System\LYjLKun.exe
  2⤵
  PID:2916
- C:\Windows\System\SJzNBdj.exe
  C:\Windows\System\SJzNBdj.exe
  2⤵
  PID:2784
- C:\Windows\System\RtnseZA.exe
  C:\Windows\System\RtnseZA.exe
  2⤵
  PID:2760
- C:\Windows\System\IRYkGRB.exe
  C:\Windows\System\IRYkGRB.exe
  2⤵
  PID:2524
- C:\Windows\System\faUJkts.exe
  C:\Windows\System\faUJkts.exe
  2⤵
  PID:2092
- C:\Windows\System\adOAgSl.exe
  C:\Windows\System\adOAgSl.exe
  2⤵
  PID:1148
- C:\Windows\System\zLOxBuO.exe
  C:\Windows\System\zLOxBuO.exe
  2⤵
  PID:1968
- C:\Windows\System\BAWONaM.exe
  C:\Windows\System\BAWONaM.exe
  2⤵
  PID:3052
- C:\Windows\System\vnhjEuO.exe
  C:\Windows\System\vnhjEuO.exe
  2⤵
  PID:684
- C:\Windows\System\QptZnvH.exe
  C:\Windows\System\QptZnvH.exe
  2⤵
  PID:780
- C:\Windows\System\kWJoJxS.exe
  C:\Windows\System\kWJoJxS.exe
  2⤵
  PID:3084
- C:\Windows\System\pUGxHuY.exe
  C:\Windows\System\pUGxHuY.exe
  2⤵
  PID:3104
- C:\Windows\System\wXzxFbh.exe
  C:\Windows\System\wXzxFbh.exe
  2⤵
  PID:3120
- C:\Windows\System\ODdoGgq.exe
  C:\Windows\System\ODdoGgq.exe
  2⤵
  PID:3140
- C:\Windows\System\GQNObSb.exe
  C:\Windows\System\GQNObSb.exe
  2⤵
  PID:3160
- C:\Windows\System\EpDSxic.exe
  C:\Windows\System\EpDSxic.exe
  2⤵
  PID:3180
- C:\Windows\System\MChrtZE.exe
  C:\Windows\System\MChrtZE.exe
  2⤵
  PID:3220
- C:\Windows\System\shZatOQ.exe
  C:\Windows\System\shZatOQ.exe
  2⤵
  PID:3236
- C:\Windows\System\lppIXYs.exe
  C:\Windows\System\lppIXYs.exe
  2⤵
  PID:3256
- C:\Windows\System\RhKIbQk.exe
  C:\Windows\System\RhKIbQk.exe
  2⤵
  PID:3272
- C:\Windows\System\cOZtiJN.exe
  C:\Windows\System\cOZtiJN.exe
  2⤵
  PID:3292
- C:\Windows\System\sUqfQBB.exe
  C:\Windows\System\sUqfQBB.exe
  2⤵
  PID:3312
- C:\Windows\System\EWsBjZg.exe
  C:\Windows\System\EWsBjZg.exe
  2⤵
  PID:3332
- C:\Windows\System\TmQvfzh.exe
  C:\Windows\System\TmQvfzh.exe
  2⤵
  PID:3348
- C:\Windows\System\YXAsszk.exe
  C:\Windows\System\YXAsszk.exe
  2⤵
  PID:3368
- C:\Windows\System\CFSPBfF.exe
  C:\Windows\System\CFSPBfF.exe
  2⤵
  PID:3388
- C:\Windows\System\DJrGOUR.exe
  C:\Windows\System\DJrGOUR.exe
  2⤵
  PID:3416
- C:\Windows\System\ZdiGfLT.exe
  C:\Windows\System\ZdiGfLT.exe
  2⤵
  PID:3436
- C:\Windows\System\Ahynlpe.exe
  C:\Windows\System\Ahynlpe.exe
  2⤵
  PID:3460
- C:\Windows\System\OLOYFDy.exe
  C:\Windows\System\OLOYFDy.exe
  2⤵
  PID:3476
- C:\Windows\System\YmETwnJ.exe
  C:\Windows\System\YmETwnJ.exe
  2⤵
  PID:3496
- C:\Windows\System\skhyiYC.exe
  C:\Windows\System\skhyiYC.exe
  2⤵
  PID:3516
- C:\Windows\System\gVsKauh.exe
  C:\Windows\System\gVsKauh.exe
  2⤵
  PID:3540
- C:\Windows\System\RLgHTsh.exe
  C:\Windows\System\RLgHTsh.exe
  2⤵
  PID:3556
- C:\Windows\System\wbOQjeh.exe
  C:\Windows\System\wbOQjeh.exe
  2⤵
  PID:3576
- C:\Windows\System\oJnBOJV.exe
  C:\Windows\System\oJnBOJV.exe
  2⤵
  PID:3596
- C:\Windows\System\CVkLtBd.exe
  C:\Windows\System\CVkLtBd.exe
  2⤵
  PID:3620
- C:\Windows\System\tGbDxqL.exe
  C:\Windows\System\tGbDxqL.exe
  2⤵
  PID:3636
- C:\Windows\System\AhmbJOr.exe
  C:\Windows\System\AhmbJOr.exe
  2⤵
  PID:3660
- C:\Windows\System\DaQujVo.exe
  C:\Windows\System\DaQujVo.exe
  2⤵
  PID:3680
- C:\Windows\System\bpAjAIb.exe
  C:\Windows\System\bpAjAIb.exe
  2⤵
  PID:3700
- C:\Windows\System\fYWJAXq.exe
  C:\Windows\System\fYWJAXq.exe
  2⤵
  PID:3720
- C:\Windows\System\RkYfRDL.exe
  C:\Windows\System\RkYfRDL.exe
  2⤵
  PID:3740
- C:\Windows\System\npxdiVh.exe
  C:\Windows\System\npxdiVh.exe
  2⤵
  PID:3756
- C:\Windows\System\sJnJyIQ.exe
  C:\Windows\System\sJnJyIQ.exe
  2⤵
  PID:3776
- C:\Windows\System\EULKThL.exe
  C:\Windows\System\EULKThL.exe
  2⤵
  PID:3796
- C:\Windows\System\iSurXXl.exe
  C:\Windows\System\iSurXXl.exe
  2⤵
  PID:3816
- C:\Windows\System\StCZRcH.exe
  C:\Windows\System\StCZRcH.exe
  2⤵
  PID:3836
- C:\Windows\System\OxQNYGN.exe
  C:\Windows\System\OxQNYGN.exe
  2⤵
  PID:3856
- C:\Windows\System\vvlRvaY.exe
  C:\Windows\System\vvlRvaY.exe
  2⤵
  PID:3872
- C:\Windows\System\PkIXLBx.exe
  C:\Windows\System\PkIXLBx.exe
  2⤵
  PID:3892
- C:\Windows\System\rFyStHE.exe
  C:\Windows\System\rFyStHE.exe
  2⤵
  PID:3912
- C:\Windows\System\dnbsbiV.exe
  C:\Windows\System\dnbsbiV.exe
  2⤵
  PID:3928
- C:\Windows\System\ekRIgeq.exe
  C:\Windows\System\ekRIgeq.exe
  2⤵
  PID:3960
- C:\Windows\System\GBclQdE.exe
  C:\Windows\System\GBclQdE.exe
  2⤵
  PID:3976
- C:\Windows\System\UpuzLaX.exe
  C:\Windows\System\UpuzLaX.exe
  2⤵
  PID:4000
- C:\Windows\System\DimqOpK.exe
  C:\Windows\System\DimqOpK.exe
  2⤵
  PID:4024
- C:\Windows\System\YFeSfYe.exe
  C:\Windows\System\YFeSfYe.exe
  2⤵
  PID:4044
- C:\Windows\System\PNQHCMC.exe
  C:\Windows\System\PNQHCMC.exe
  2⤵
  PID:4064
- C:\Windows\System\gqAHSyO.exe
  C:\Windows\System\gqAHSyO.exe
  2⤵
  PID:4080
- C:\Windows\System\exZfZbb.exe
  C:\Windows\System\exZfZbb.exe
  2⤵
  PID:3028
- C:\Windows\System\IWzzcxk.exe
  C:\Windows\System\IWzzcxk.exe
  2⤵
  PID:2256
- C:\Windows\System\zKeaXIg.exe
  C:\Windows\System\zKeaXIg.exe
  2⤵
  PID:2596
- C:\Windows\System\pkkQZez.exe
  C:\Windows\System\pkkQZez.exe
  2⤵
  PID:2172
- C:\Windows\System\ZWeYYOL.exe
  C:\Windows\System\ZWeYYOL.exe
  2⤵
  PID:1816
- C:\Windows\System\zUvSomC.exe
  C:\Windows\System\zUvSomC.exe
  2⤵
  PID:2444
- C:\Windows\System\dqhyiqY.exe
  C:\Windows\System\dqhyiqY.exe
  2⤵
  PID:2964
- C:\Windows\System\IKtSiAZ.exe
  C:\Windows\System\IKtSiAZ.exe
  2⤵
  PID:1932
- C:\Windows\System\QkNOAvm.exe
  C:\Windows\System\QkNOAvm.exe
  2⤵
  PID:2544
- C:\Windows\System\hDyVYEy.exe
  C:\Windows\System\hDyVYEy.exe
  2⤵
  PID:2260
- C:\Windows\System\mcKdLdw.exe
  C:\Windows\System\mcKdLdw.exe
  2⤵
  PID:2640
- C:\Windows\System\rjeYDOp.exe
  C:\Windows\System\rjeYDOp.exe
  2⤵
  PID:2156
- C:\Windows\System\NCJEWWy.exe
  C:\Windows\System\NCJEWWy.exe
  2⤵
  PID:3116
- C:\Windows\System\zlUapxD.exe
  C:\Windows\System\zlUapxD.exe
  2⤵
  PID:2312
- C:\Windows\System\LRkooUK.exe
  C:\Windows\System\LRkooUK.exe
  2⤵
  PID:3100
- C:\Windows\System\byPQaxe.exe
  C:\Windows\System\byPQaxe.exe
  2⤵
  PID:3200
- C:\Windows\System\BLErmEU.exe
  C:\Windows\System\BLErmEU.exe
  2⤵
  PID:3168
- C:\Windows\System\ikpxSEB.exe
  C:\Windows\System\ikpxSEB.exe
  2⤵
  PID:3288
- C:\Windows\System\SqhOrbr.exe
  C:\Windows\System\SqhOrbr.exe
  2⤵
  PID:3092
- C:\Windows\System\UaWLISI.exe
  C:\Windows\System\UaWLISI.exe
  2⤵
  PID:1676
- C:\Windows\System\TjZgCCy.exe
  C:\Windows\System\TjZgCCy.exe
  2⤵
  PID:3320
- C:\Windows\System\mhOvLJp.exe
  C:\Windows\System\mhOvLJp.exe
  2⤵
  PID:3396
- C:\Windows\System\LOLgdQV.exe
  C:\Windows\System\LOLgdQV.exe
  2⤵
  PID:3444
- C:\Windows\System\uTPBlSB.exe
  C:\Windows\System\uTPBlSB.exe
  2⤵
  PID:3232
- C:\Windows\System\uMyxoOz.exe
  C:\Windows\System\uMyxoOz.exe
  2⤵
  PID:3304
- C:\Windows\System\QxGpMUi.exe
  C:\Windows\System\QxGpMUi.exe
  2⤵
  PID:3484
- C:\Windows\System\yXvjNPW.exe
  C:\Windows\System\yXvjNPW.exe
  2⤵
  PID:3468
- C:\Windows\System\bmbQElM.exe
  C:\Windows\System\bmbQElM.exe
  2⤵
  PID:3524
- C:\Windows\System\thXyNJL.exe
  C:\Windows\System\thXyNJL.exe
  2⤵
  PID:3568
- C:\Windows\System\KiWgRRr.exe
  C:\Windows\System\KiWgRRr.exe
  2⤵
  PID:3616
- C:\Windows\System\STLghZK.exe
  C:\Windows\System\STLghZK.exe
  2⤵
  PID:3512
- C:\Windows\System\ZJwZUHn.exe
  C:\Windows\System\ZJwZUHn.exe
  2⤵
  PID:3592
- C:\Windows\System\LyMzBRc.exe
  C:\Windows\System\LyMzBRc.exe
  2⤵
  PID:3656
- C:\Windows\System\VipVJzQ.exe
  C:\Windows\System\VipVJzQ.exe
  2⤵
  PID:3696
- C:\Windows\System\IIupcNc.exe
  C:\Windows\System\IIupcNc.exe
  2⤵
  PID:3716
- C:\Windows\System\HrWzWFJ.exe
  C:\Windows\System\HrWzWFJ.exe
  2⤵
  PID:3712
- C:\Windows\System\HNAKMme.exe
  C:\Windows\System\HNAKMme.exe
  2⤵
  PID:3804
- C:\Windows\System\bkAXtpF.exe
  C:\Windows\System\bkAXtpF.exe
  2⤵
  PID:3852
- C:\Windows\System\FKnvNee.exe
  C:\Windows\System\FKnvNee.exe
  2⤵
  PID:3864
- C:\Windows\System\orSsPdo.exe
  C:\Windows\System\orSsPdo.exe
  2⤵
  PID:3824
- C:\Windows\System\TlcDjbf.exe
  C:\Windows\System\TlcDjbf.exe
  2⤵
  PID:3884
- C:\Windows\System\LYwcdQK.exe
  C:\Windows\System\LYwcdQK.exe
  2⤵
  PID:3904
- C:\Windows\System\coiWpVS.exe
  C:\Windows\System\coiWpVS.exe
  2⤵
  PID:3952
- C:\Windows\System\IkeIkhD.exe
  C:\Windows\System\IkeIkhD.exe
  2⤵
  PID:3908
- C:\Windows\System\hYUFfqH.exe
  C:\Windows\System\hYUFfqH.exe
  2⤵
  PID:4012
- C:\Windows\System\SwwLnbC.exe
  C:\Windows\System\SwwLnbC.exe
  2⤵
  PID:4032
- C:\Windows\System\yCVYwre.exe
  C:\Windows\System\yCVYwre.exe
  2⤵
  PID:4088
- C:\Windows\System\nBOycsQ.exe
  C:\Windows\System\nBOycsQ.exe
  2⤵
  PID:4076
- C:\Windows\System\oRBbzmS.exe
  C:\Windows\System\oRBbzmS.exe
  2⤵
  PID:2508
- C:\Windows\System\pCGIRsW.exe
  C:\Windows\System\pCGIRsW.exe
  2⤵
  PID:2236
- C:\Windows\System\WpEFQVd.exe
  C:\Windows\System\WpEFQVd.exe
  2⤵
  PID:1692
- C:\Windows\System\jQcMfco.exe
  C:\Windows\System\jQcMfco.exe
  2⤵
  PID:2160
- C:\Windows\System\kQhVobk.exe
  C:\Windows\System\kQhVobk.exe
  2⤵
  PID:2492
- C:\Windows\System\nCXRMPq.exe
  C:\Windows\System\nCXRMPq.exe
  2⤵
  PID:3008
- C:\Windows\System\CzeBUgq.exe
  C:\Windows\System\CzeBUgq.exe
  2⤵
  PID:3172
- C:\Windows\System\nvaZkmg.exe
  C:\Windows\System\nvaZkmg.exe
  2⤵
  PID:3452
- C:\Windows\System\ItXufOA.exe
  C:\Windows\System\ItXufOA.exe
  2⤵
  PID:3528
- C:\Windows\System\lMJiQOJ.exe
  C:\Windows\System\lMJiQOJ.exe
  2⤵
  PID:3648
- C:\Windows\System\GQrDtPz.exe
  C:\Windows\System\GQrDtPz.exe
  2⤵
  PID:3156
- C:\Windows\System\LUmkwVQ.exe
  C:\Windows\System\LUmkwVQ.exe
  2⤵
  PID:3196
- C:\Windows\System\LFThpFw.exe
  C:\Windows\System\LFThpFw.exe
  2⤵
  PID:3284
- C:\Windows\System\QbwYvgz.exe
  C:\Windows\System\QbwYvgz.exe
  2⤵
  PID:3880
- C:\Windows\System\dHgdxZt.exe
  C:\Windows\System\dHgdxZt.exe
  2⤵
  PID:3888
- C:\Windows\System\yYytyCH.exe
  C:\Windows\System\yYytyCH.exe
  2⤵
  PID:3328
- C:\Windows\System\cxJbhwc.exe
  C:\Windows\System\cxJbhwc.exe
  2⤵
  PID:3344
- C:\Windows\System\sLkieAz.exe
  C:\Windows\System\sLkieAz.exe
  2⤵
  PID:3456
- C:\Windows\System\GUKxnTC.exe
  C:\Windows\System\GUKxnTC.exe
  2⤵
  PID:4040
- C:\Windows\System\lpwrvKj.exe
  C:\Windows\System\lpwrvKj.exe
  2⤵
  PID:3552
- C:\Windows\System\zaufwGm.exe
  C:\Windows\System\zaufwGm.exe
  2⤵
  PID:3984
- C:\Windows\System\PzbBKiD.exe
  C:\Windows\System\PzbBKiD.exe
  2⤵
  PID:2600
- C:\Windows\System\ETWgPBd.exe
  C:\Windows\System\ETWgPBd.exe
  2⤵
  PID:1268
- C:\Windows\System\oIeSdxP.exe
  C:\Windows\System\oIeSdxP.exe
  2⤵
  PID:2620
- C:\Windows\System\OgsYsfU.exe
  C:\Windows\System\OgsYsfU.exe
  2⤵
  PID:2396
- C:\Windows\System\qkIeHPT.exe
  C:\Windows\System\qkIeHPT.exe
  2⤵
  PID:4016
- C:\Windows\System\jOKbaEp.exe
  C:\Windows\System\jOKbaEp.exe
  2⤵
  PID:3924
- C:\Windows\System\idaJIyR.exe
  C:\Windows\System\idaJIyR.exe
  2⤵
  PID:3812
- C:\Windows\System\eeTreiR.exe
  C:\Windows\System\eeTreiR.exe
  2⤵
  PID:3628
- C:\Windows\System\uilCBKP.exe
  C:\Windows\System\uilCBKP.exe
  2⤵
  PID:3492
- C:\Windows\System\Lwuimof.exe
  C:\Windows\System\Lwuimof.exe
  2⤵
  PID:964
- C:\Windows\System\hBswbrL.exe
  C:\Windows\System\hBswbrL.exe
  2⤵
  PID:3732
- C:\Windows\System\orrMyqF.exe
  C:\Windows\System\orrMyqF.exe
  2⤵
  PID:3280
- C:\Windows\System\IojliNc.exe
  C:\Windows\System\IojliNc.exe
  2⤵
  PID:4104
- C:\Windows\System\ylJZgCy.exe
  C:\Windows\System\ylJZgCy.exe
  2⤵
  PID:4120
- C:\Windows\System\dbXMkol.exe
  C:\Windows\System\dbXMkol.exe
  2⤵
  PID:4140
- C:\Windows\System\boHccGi.exe
  C:\Windows\System\boHccGi.exe
  2⤵
  PID:4164
- C:\Windows\System\xLsvziI.exe
  C:\Windows\System\xLsvziI.exe
  2⤵
  PID:4196
- C:\Windows\System\HekjDhc.exe
  C:\Windows\System\HekjDhc.exe
  2⤵
  PID:4216
- C:\Windows\System\DOpZpPU.exe
  C:\Windows\System\DOpZpPU.exe
  2⤵
  PID:4240
- C:\Windows\System\ZQGJZtu.exe
  C:\Windows\System\ZQGJZtu.exe
  2⤵
  PID:4260
- C:\Windows\System\RZcTQsL.exe
  C:\Windows\System\RZcTQsL.exe
  2⤵
  PID:4276
- C:\Windows\System\AlyUIVz.exe
  C:\Windows\System\AlyUIVz.exe
  2⤵
  PID:4300
- C:\Windows\System\NNEUMRH.exe
  C:\Windows\System\NNEUMRH.exe
  2⤵
  PID:4316
- C:\Windows\System\FwqjhHE.exe
  C:\Windows\System\FwqjhHE.exe
  2⤵
  PID:4340
- C:\Windows\System\esKzSpP.exe
  C:\Windows\System\esKzSpP.exe
  2⤵
  PID:4360
- C:\Windows\System\TIouNmz.exe
  C:\Windows\System\TIouNmz.exe
  2⤵
  PID:4380
- C:\Windows\System\FzuKbyh.exe
  C:\Windows\System\FzuKbyh.exe
  2⤵
  PID:4400
- C:\Windows\System\wehUMWO.exe
  C:\Windows\System\wehUMWO.exe
  2⤵
  PID:4420
- C:\Windows\System\aUKOdof.exe
  C:\Windows\System\aUKOdof.exe
  2⤵
  PID:4436
- C:\Windows\System\beUKMCO.exe
  C:\Windows\System\beUKMCO.exe
  2⤵
  PID:4456
- C:\Windows\System\IiawxsZ.exe
  C:\Windows\System\IiawxsZ.exe
  2⤵
  PID:4476
- C:\Windows\System\HHlUCFn.exe
  C:\Windows\System\HHlUCFn.exe
  2⤵
  PID:4496
- C:\Windows\System\uNFtppM.exe
  C:\Windows\System\uNFtppM.exe
  2⤵
  PID:4516
- C:\Windows\System\tkfLrLP.exe
  C:\Windows\System\tkfLrLP.exe
  2⤵
  PID:4540
- C:\Windows\System\oZCxycu.exe
  C:\Windows\System\oZCxycu.exe
  2⤵
  PID:4556
- C:\Windows\System\yrjzdZh.exe
  C:\Windows\System\yrjzdZh.exe
  2⤵
  PID:4572
- C:\Windows\System\LAUiEYN.exe
  C:\Windows\System\LAUiEYN.exe
  2⤵
  PID:4592
- C:\Windows\System\QoDzfTp.exe
  C:\Windows\System\QoDzfTp.exe
  2⤵
  PID:4608
- C:\Windows\System\OirhKiO.exe
  C:\Windows\System\OirhKiO.exe
  2⤵
  PID:4636
- C:\Windows\System\pBDecPM.exe
  C:\Windows\System\pBDecPM.exe
  2⤵
  PID:4656
- C:\Windows\System\ktusEut.exe
  C:\Windows\System\ktusEut.exe
  2⤵
  PID:4684
- C:\Windows\System\VFwpaDh.exe
  C:\Windows\System\VFwpaDh.exe
  2⤵
  PID:4704
- C:\Windows\System\bbXSsxW.exe
  C:\Windows\System\bbXSsxW.exe
  2⤵
  PID:4724
- C:\Windows\System\qkuYUkJ.exe
  C:\Windows\System\qkuYUkJ.exe
  2⤵
  PID:4744
- C:\Windows\System\fAoPzzO.exe
  C:\Windows\System\fAoPzzO.exe
  2⤵
  PID:4760
- C:\Windows\System\yhmgKir.exe
  C:\Windows\System\yhmgKir.exe
  2⤵
  PID:4780
- C:\Windows\System\RCQvoYl.exe
  C:\Windows\System\RCQvoYl.exe
  2⤵
  PID:4800
- C:\Windows\System\RoroFni.exe
  C:\Windows\System\RoroFni.exe
  2⤵
  PID:4820
- C:\Windows\System\fuhYnYq.exe
  C:\Windows\System\fuhYnYq.exe
  2⤵
  PID:4840
- C:\Windows\System\bEWTMkR.exe
  C:\Windows\System\bEWTMkR.exe
  2⤵
  PID:4860
- C:\Windows\System\kHJZVxO.exe
  C:\Windows\System\kHJZVxO.exe
  2⤵
  PID:4876
- C:\Windows\System\JYvQvfv.exe
  C:\Windows\System\JYvQvfv.exe
  2⤵
  PID:4900
- C:\Windows\System\pwhMgjN.exe
  C:\Windows\System\pwhMgjN.exe
  2⤵
  PID:4924
- C:\Windows\System\SFvnnkO.exe
  C:\Windows\System\SFvnnkO.exe
  2⤵
  PID:4948
- C:\Windows\System\TvRJMxV.exe
  C:\Windows\System\TvRJMxV.exe
  2⤵
  PID:4968
- C:\Windows\System\fAlvtMs.exe
  C:\Windows\System\fAlvtMs.exe
  2⤵
  PID:4988
- C:\Windows\System\rNbwtSC.exe
  C:\Windows\System\rNbwtSC.exe
  2⤵
  PID:5008
- C:\Windows\System\AsDDcXA.exe
  C:\Windows\System\AsDDcXA.exe
  2⤵
  PID:5028
- C:\Windows\System\rgoxcIy.exe
  C:\Windows\System\rgoxcIy.exe
  2⤵
  PID:5048
- C:\Windows\System\oNDQkFE.exe
  C:\Windows\System\oNDQkFE.exe
  2⤵
  PID:5068
- C:\Windows\System\qqBFvXm.exe
  C:\Windows\System\qqBFvXm.exe
  2⤵
  PID:5088
- C:\Windows\System\BCrTomj.exe
  C:\Windows\System\BCrTomj.exe
  2⤵
  PID:5104
- C:\Windows\System\XhEqAjf.exe
  C:\Windows\System\XhEqAjf.exe
  2⤵
  PID:3364
- C:\Windows\System\ESTUGgg.exe
  C:\Windows\System\ESTUGgg.exe
  2⤵
  PID:3948
- C:\Windows\System\nPUeRWr.exe
  C:\Windows\System\nPUeRWr.exe
  2⤵
  PID:3772
- C:\Windows\System\wSFCaVL.exe
  C:\Windows\System\wSFCaVL.exe
  2⤵
  PID:4036
- C:\Windows\System\ziQAlVh.exe
  C:\Windows\System\ziQAlVh.exe
  2⤵
  PID:2680
- C:\Windows\System\OcKWnUe.exe
  C:\Windows\System\OcKWnUe.exe
  2⤵
  PID:3112
- C:\Windows\System\pRZbCLd.exe
  C:\Windows\System\pRZbCLd.exe
  2⤵
  PID:3988
- C:\Windows\System\pQfDKql.exe
  C:\Windows\System\pQfDKql.exe
  2⤵
  PID:3672
- C:\Windows\System\HrInRUr.exe
  C:\Windows\System\HrInRUr.exe
  2⤵
  PID:3588
- C:\Windows\System\zXplMBi.exe
  C:\Windows\System\zXplMBi.exe
  2⤵
  PID:1228
- C:\Windows\System\QjWfyaJ.exe
  C:\Windows\System\QjWfyaJ.exe
  2⤵
  PID:1628
- C:\Windows\System\NdnHgNw.exe
  C:\Windows\System\NdnHgNw.exe
  2⤵
  PID:4112
- C:\Windows\System\aeybuUy.exe
  C:\Windows\System\aeybuUy.exe
  2⤵
  PID:4160
- C:\Windows\System\olJSPwK.exe
  C:\Windows\System\olJSPwK.exe
  2⤵
  PID:3428
- C:\Windows\System\TTAKNbt.exe
  C:\Windows\System\TTAKNbt.exe
  2⤵
  PID:4100
- C:\Windows\System\yxaiXpM.exe
  C:\Windows\System\yxaiXpM.exe
  2⤵
  PID:3792
- C:\Windows\System\kCXlXze.exe
  C:\Windows\System\kCXlXze.exe
  2⤵
  PID:4224
- C:\Windows\System\GSVOsqh.exe
  C:\Windows\System\GSVOsqh.exe
  2⤵
  PID:4236
- C:\Windows\System\fiSsAax.exe
  C:\Windows\System\fiSsAax.exe
  2⤵
  PID:4292
- C:\Windows\System\odITZjD.exe
  C:\Windows\System\odITZjD.exe
  2⤵
  PID:4368
- C:\Windows\System\niHrrDe.exe
  C:\Windows\System\niHrrDe.exe
  2⤵
  PID:3432
- C:\Windows\System\jYRFXoi.exe
  C:\Windows\System\jYRFXoi.exe
  2⤵
  PID:4348
- C:\Windows\System\ZwJhoyN.exe
  C:\Windows\System\ZwJhoyN.exe
  2⤵
  PID:4396
- C:\Windows\System\CwKjZKb.exe
  C:\Windows\System\CwKjZKb.exe
  2⤵
  PID:4484
- C:\Windows\System\hToFISC.exe
  C:\Windows\System\hToFISC.exe
  2⤵
  PID:4536
- C:\Windows\System\ERqGmvM.exe
  C:\Windows\System\ERqGmvM.exe
  2⤵
  PID:4604
- C:\Windows\System\NPnkxpl.exe
  C:\Windows\System\NPnkxpl.exe
  2⤵
  PID:4584
- C:\Windows\System\BhJUUtQ.exe
  C:\Windows\System\BhJUUtQ.exe
  2⤵
  PID:4472
- C:\Windows\System\khRZAoq.exe
  C:\Windows\System\khRZAoq.exe
  2⤵
  PID:4644
- C:\Windows\System\XOYlEkC.exe
  C:\Windows\System\XOYlEkC.exe
  2⤵
  PID:2844
- C:\Windows\System\RhubgmH.exe
  C:\Windows\System\RhubgmH.exe
  2⤵
  PID:4732
- C:\Windows\System\dZPMjvK.exe
  C:\Windows\System\dZPMjvK.exe
  2⤵
  PID:4768
- C:\Windows\System\yzNdsnZ.exe
  C:\Windows\System\yzNdsnZ.exe
  2⤵
  PID:4772
- C:\Windows\System\ieGYbzp.exe
  C:\Windows\System\ieGYbzp.exe
  2⤵
  PID:4856
- C:\Windows\System\DFChbkx.exe
  C:\Windows\System\DFChbkx.exe
  2⤵
  PID:4756
- C:\Windows\System\RZhrhKp.exe
  C:\Windows\System\RZhrhKp.exe
  2⤵
  PID:4836
- C:\Windows\System\vsuVPGb.exe
  C:\Windows\System\vsuVPGb.exe
  2⤵
  PID:4888
- C:\Windows\System\XIwvOYM.exe
  C:\Windows\System\XIwvOYM.exe
  2⤵
  PID:4940
- C:\Windows\System\UtzPeAC.exe
  C:\Windows\System\UtzPeAC.exe
  2⤵
  PID:4980
- C:\Windows\System\fKIvuhS.exe
  C:\Windows\System\fKIvuhS.exe
  2⤵
  PID:5024
- C:\Windows\System\WzOzych.exe
  C:\Windows\System\WzOzych.exe
  2⤵
  PID:5056
- C:\Windows\System\GzcIuMx.exe
  C:\Windows\System\GzcIuMx.exe
  2⤵
  PID:5060
- C:\Windows\System\ekODmfe.exe
  C:\Windows\System\ekODmfe.exe
  2⤵
  PID:5044
- C:\Windows\System\CqCGwNh.exe
  C:\Windows\System\CqCGwNh.exe
  2⤵
  PID:3548
- C:\Windows\System\iuFAtGr.exe
  C:\Windows\System\iuFAtGr.exe
  2⤵
  PID:5084
- C:\Windows\System\hGNSYPY.exe
  C:\Windows\System\hGNSYPY.exe
  2⤵
  PID:3996
- C:\Windows\System\bhgKQQL.exe
  C:\Windows\System\bhgKQQL.exe
  2⤵
  PID:112
- C:\Windows\System\uZhWmSJ.exe
  C:\Windows\System\uZhWmSJ.exe
  2⤵
  PID:3096
- C:\Windows\System\lPHKRKe.exe
  C:\Windows\System\lPHKRKe.exe
  2⤵
  PID:2032
- C:\Windows\System\iJxVwqX.exe
  C:\Windows\System\iJxVwqX.exe
  2⤵
  PID:3252
- C:\Windows\System\rfjtnUt.exe
  C:\Windows\System\rfjtnUt.exe
  2⤵
  PID:3604
- C:\Windows\System\pdOBPMk.exe
  C:\Windows\System\pdOBPMk.exe
  2⤵
  PID:2828
- C:\Windows\System\UnSwzXv.exe
  C:\Windows\System\UnSwzXv.exe
  2⤵
  PID:4132
- C:\Windows\System\vtgiGEX.exe
  C:\Windows\System\vtgiGEX.exe
  2⤵
  PID:4256
- C:\Windows\System\nvTSMZx.exe
  C:\Windows\System\nvTSMZx.exe
  2⤵
  PID:4336
- C:\Windows\System\BjsYClq.exe
  C:\Windows\System\BjsYClq.exe
  2⤵
  PID:4412
- C:\Windows\System\RJaOTbX.exe
  C:\Windows\System\RJaOTbX.exe
  2⤵
  PID:4416
- C:\Windows\System\OBfTryj.exe
  C:\Windows\System\OBfTryj.exe
  2⤵
  PID:4392
- C:\Windows\System\OtnfBXw.exe
  C:\Windows\System\OtnfBXw.exe
  2⤵
  PID:4600
- C:\Windows\System\FkRVfHM.exe
  C:\Windows\System\FkRVfHM.exe
  2⤵
  PID:4648
- C:\Windows\System\AVALoxN.exe
  C:\Windows\System\AVALoxN.exe
  2⤵
  PID:4632
- C:\Windows\System\ycEZvIy.exe
  C:\Windows\System\ycEZvIy.exe
  2⤵
  PID:4668
- C:\Windows\System\pEkQAMW.exe
  C:\Windows\System\pEkQAMW.exe
  2⤵
  PID:4508
- C:\Windows\System\knsqEQH.exe
  C:\Windows\System\knsqEQH.exe
  2⤵
  PID:4776
- C:\Windows\System\CgZNxlU.exe
  C:\Windows\System\CgZNxlU.exe
  2⤵
  PID:4788
- C:\Windows\System\ELMMZuU.exe
  C:\Windows\System\ELMMZuU.exe
  2⤵
  PID:4896
- C:\Windows\System\vBOylYy.exe
  C:\Windows\System\vBOylYy.exe
  2⤵
  PID:4828
- C:\Windows\System\tpbwyOZ.exe
  C:\Windows\System\tpbwyOZ.exe
  2⤵
  PID:4964
- C:\Windows\System\yiLgSVk.exe
  C:\Windows\System\yiLgSVk.exe
  2⤵
  PID:4960
- C:\Windows\System\MziomCK.exe
  C:\Windows\System\MziomCK.exe
  2⤵
  PID:5000
- C:\Windows\System\BoJNgos.exe
  C:\Windows\System\BoJNgos.exe
  2⤵
  PID:5076
- C:\Windows\System\GsFGgDv.exe
  C:\Windows\System\GsFGgDv.exe
  2⤵
  PID:3020
- C:\Windows\System\OPtdKnh.exe
  C:\Windows\System\OPtdKnh.exe
  2⤵
  PID:2932
- C:\Windows\System\HdggHbp.exe
  C:\Windows\System\HdggHbp.exe
  2⤵
  PID:992
- C:\Windows\System\SGXDpph.exe
  C:\Windows\System\SGXDpph.exe
  2⤵
  PID:796
- C:\Windows\System\NKKMmQf.exe
  C:\Windows\System\NKKMmQf.exe
  2⤵
  PID:4212
- C:\Windows\System\rLBMSEU.exe
  C:\Windows\System\rLBMSEU.exe
  2⤵
  PID:3784
- C:\Windows\System\SzaUqIX.exe
  C:\Windows\System\SzaUqIX.exe
  2⤵
  PID:4296
- C:\Windows\System\gdwMkaK.exe
  C:\Windows\System\gdwMkaK.exe
  2⤵
  PID:4452
- C:\Windows\System\OSMlIiJ.exe
  C:\Windows\System\OSMlIiJ.exe
  2⤵
  PID:4432
- C:\Windows\System\wthumYY.exe
  C:\Windows\System\wthumYY.exe
  2⤵
  PID:4624
- C:\Windows\System\sqXOukL.exe
  C:\Windows\System\sqXOukL.exe
  2⤵
  PID:4672
- C:\Windows\System\AypYvBV.exe
  C:\Windows\System\AypYvBV.exe
  2⤵
  PID:4720
- C:\Windows\System\TffnujW.exe
  C:\Windows\System\TffnujW.exe
  2⤵
  PID:2856
- C:\Windows\System\WvKKKbu.exe
  C:\Windows\System\WvKKKbu.exe
  2⤵
  PID:4920
- C:\Windows\System\mDmpccn.exe
  C:\Windows\System\mDmpccn.exe
  2⤵
  PID:5100
- C:\Windows\System\VjYHzUo.exe
  C:\Windows\System\VjYHzUo.exe
  2⤵
  PID:5040
- C:\Windows\System\jAzUHFR.exe
  C:\Windows\System\jAzUHFR.exe
  2⤵
  PID:2776
- C:\Windows\System\GIOOjAq.exe
  C:\Windows\System\GIOOjAq.exe
  2⤵
  PID:5136
- C:\Windows\System\MKXvkzW.exe
  C:\Windows\System\MKXvkzW.exe
  2⤵
  PID:5160
- C:\Windows\System\vXZwlob.exe
  C:\Windows\System\vXZwlob.exe
  2⤵
  PID:5176
- C:\Windows\System\hIIqONn.exe
  C:\Windows\System\hIIqONn.exe
  2⤵
  PID:5192
- C:\Windows\System\PxVDrdW.exe
  C:\Windows\System\PxVDrdW.exe
  2⤵
  PID:5212
- C:\Windows\System\TgHGCcN.exe
  C:\Windows\System\TgHGCcN.exe
  2⤵
  PID:5228
- C:\Windows\System\ZlsknCj.exe
  C:\Windows\System\ZlsknCj.exe
  2⤵
  PID:5252
- C:\Windows\System\gyLpXSJ.exe
  C:\Windows\System\gyLpXSJ.exe
  2⤵
  PID:5276
- C:\Windows\System\WLCOjQu.exe
  C:\Windows\System\WLCOjQu.exe
  2⤵
  PID:5292
- C:\Windows\System\UCnDtpn.exe
  C:\Windows\System\UCnDtpn.exe
  2⤵
  PID:5320
- C:\Windows\System\RNAwjeB.exe
  C:\Windows\System\RNAwjeB.exe
  2⤵
  PID:5336
- C:\Windows\System\gFKriWc.exe
  C:\Windows\System\gFKriWc.exe
  2⤵
  PID:5356
- C:\Windows\System\hNLmevS.exe
  C:\Windows\System\hNLmevS.exe
  2⤵
  PID:5376
- C:\Windows\System\lloPfhT.exe
  C:\Windows\System\lloPfhT.exe
  2⤵
  PID:5396
- C:\Windows\System\fEkEsqn.exe
  C:\Windows\System\fEkEsqn.exe
  2⤵
  PID:5416
- C:\Windows\System\ugywfJF.exe
  C:\Windows\System\ugywfJF.exe
  2⤵
  PID:5432
- C:\Windows\System\XnJtHEW.exe
  C:\Windows\System\XnJtHEW.exe
  2⤵
  PID:5452
- C:\Windows\System\CmxFyzI.exe
  C:\Windows\System\CmxFyzI.exe
  2⤵
  PID:5476
- C:\Windows\System\kvicmgS.exe
  C:\Windows\System\kvicmgS.exe
  2⤵
  PID:5496
- C:\Windows\System\RSPoeMl.exe
  C:\Windows\System\RSPoeMl.exe
  2⤵
  PID:5516
- C:\Windows\System\xKUXEaS.exe
  C:\Windows\System\xKUXEaS.exe
  2⤵
  PID:5540
- C:\Windows\System\ZfXQLUc.exe
  C:\Windows\System\ZfXQLUc.exe
  2⤵
  PID:5560
- C:\Windows\System\BQEmpRM.exe
  C:\Windows\System\BQEmpRM.exe
  2⤵
  PID:5580
- C:\Windows\System\FXxCjtQ.exe
  C:\Windows\System\FXxCjtQ.exe
  2⤵
  PID:5600
- C:\Windows\System\usFteVQ.exe
  C:\Windows\System\usFteVQ.exe
  2⤵
  PID:5620
- C:\Windows\System\OPwswoS.exe
  C:\Windows\System\OPwswoS.exe
  2⤵
  PID:5640
- C:\Windows\System\OJSvJHC.exe
  C:\Windows\System\OJSvJHC.exe
  2⤵
  PID:5660
- C:\Windows\System\thDXumQ.exe
  C:\Windows\System\thDXumQ.exe
  2⤵
  PID:5680
- C:\Windows\System\vdTlDUz.exe
  C:\Windows\System\vdTlDUz.exe
  2⤵
  PID:5696
- C:\Windows\System\bRRkxzU.exe
  C:\Windows\System\bRRkxzU.exe
  2⤵
  PID:5712
- C:\Windows\System\vhAZLAq.exe
  C:\Windows\System\vhAZLAq.exe
  2⤵
  PID:5736
- C:\Windows\System\sVhpsQq.exe
  C:\Windows\System\sVhpsQq.exe
  2⤵
  PID:5760
- C:\Windows\System\VKCzXSV.exe
  C:\Windows\System\VKCzXSV.exe
  2⤵
  PID:5780
- C:\Windows\System\NQupCfN.exe
  C:\Windows\System\NQupCfN.exe
  2⤵
  PID:5796
- C:\Windows\System\NObbKEp.exe
  C:\Windows\System\NObbKEp.exe
  2⤵
  PID:5816
- C:\Windows\System\QjdfWvV.exe
  C:\Windows\System\QjdfWvV.exe
  2⤵
  PID:5840
- C:\Windows\System\VokYpaq.exe
  C:\Windows\System\VokYpaq.exe
  2⤵
  PID:5860
- C:\Windows\System\RyoqGYs.exe
  C:\Windows\System\RyoqGYs.exe
  2⤵
  PID:5876
- C:\Windows\System\WKWTluW.exe
  C:\Windows\System\WKWTluW.exe
  2⤵
  PID:5892
- C:\Windows\System\eEWgYpt.exe
  C:\Windows\System\eEWgYpt.exe
  2⤵
  PID:5916
- C:\Windows\System\fOuwpIx.exe
  C:\Windows\System\fOuwpIx.exe
  2⤵
  PID:5940
- C:\Windows\System\VGyZWne.exe
  C:\Windows\System\VGyZWne.exe
  2⤵
  PID:5964
- C:\Windows\System\uMVvXaL.exe
  C:\Windows\System\uMVvXaL.exe
  2⤵
  PID:5980
- C:\Windows\System\FqHuhoM.exe
  C:\Windows\System\FqHuhoM.exe
  2⤵
  PID:6004
- C:\Windows\System\RPfCSYH.exe
  C:\Windows\System\RPfCSYH.exe
  2⤵
  PID:6024
- C:\Windows\System\nOFbRZx.exe
  C:\Windows\System\nOFbRZx.exe
  2⤵
  PID:6044
- C:\Windows\System\Hzjiyzr.exe
  C:\Windows\System\Hzjiyzr.exe
  2⤵
  PID:6064
- C:\Windows\System\jFXCAns.exe
  C:\Windows\System\jFXCAns.exe
  2⤵
  PID:6084
- C:\Windows\System\WrFXWbQ.exe
  C:\Windows\System\WrFXWbQ.exe
  2⤵
  PID:6104
- C:\Windows\System\rgHOkkY.exe
  C:\Windows\System\rgHOkkY.exe
  2⤵
  PID:6124
- C:\Windows\System\HrFluMp.exe
  C:\Windows\System\HrFluMp.exe
  2⤵
  PID:3844
- C:\Windows\System\imIVTfl.exe
  C:\Windows\System\imIVTfl.exe
  2⤵
  PID:3692
- C:\Windows\System\wFgfbft.exe
  C:\Windows\System\wFgfbft.exe
  2⤵
  PID:4308
- C:\Windows\System\ybVyWZC.exe
  C:\Windows\System\ybVyWZC.exe
  2⤵
  PID:4620
- C:\Windows\System\ebDpDib.exe
  C:\Windows\System\ebDpDib.exe
  2⤵
  PID:4204
- C:\Windows\System\xlKGeLA.exe
  C:\Windows\System\xlKGeLA.exe
  2⤵
  PID:4408
- C:\Windows\System\zLyoUFj.exe
  C:\Windows\System\zLyoUFj.exe
  2⤵
  PID:4736
- C:\Windows\System\LvqQpiT.exe
  C:\Windows\System\LvqQpiT.exe
  2⤵
  PID:4716
- C:\Windows\System\BjICEwY.exe
  C:\Windows\System\BjICEwY.exe
  2⤵
  PID:4944
- C:\Windows\System\IxAsXrG.exe
  C:\Windows\System\IxAsXrG.exe
  2⤵
  PID:5016
- C:\Windows\System\iRKwmld.exe
  C:\Windows\System\iRKwmld.exe
  2⤵
  PID:5156
- C:\Windows\System\qhluVak.exe
  C:\Windows\System\qhluVak.exe
  2⤵
  PID:5188
- C:\Windows\System\kUCiSoA.exe
  C:\Windows\System\kUCiSoA.exe
  2⤵
  PID:5132
- C:\Windows\System\UiNvAsd.exe
  C:\Windows\System\UiNvAsd.exe
  2⤵
  PID:5168
- C:\Windows\System\MxIrajv.exe
  C:\Windows\System\MxIrajv.exe
  2⤵
  PID:5248
- C:\Windows\System\rZFWBCf.exe
  C:\Windows\System\rZFWBCf.exe
  2⤵
  PID:5308
- C:\Windows\System\itPtDXH.exe
  C:\Windows\System\itPtDXH.exe
  2⤵
  PID:5288
- C:\Windows\System\nTyRBVi.exe
  C:\Windows\System\nTyRBVi.exe
  2⤵
  PID:5392
- C:\Windows\System\uOxqHxA.exe
  C:\Windows\System\uOxqHxA.exe
  2⤵
  PID:5468
- C:\Windows\System\lCvHdgu.exe
  C:\Windows\System\lCvHdgu.exe
  2⤵
  PID:5504
- C:\Windows\System\foBluWD.exe
  C:\Windows\System\foBluWD.exe
  2⤵
  PID:5408
- C:\Windows\System\WsHLwdr.exe
  C:\Windows\System\WsHLwdr.exe
  2⤵
  PID:5556
- C:\Windows\System\UvtMpNI.exe
  C:\Windows\System\UvtMpNI.exe
  2⤵
  PID:5628
- C:\Windows\System\qrinhVH.exe
  C:\Windows\System\qrinhVH.exe
  2⤵
  PID:5632
- C:\Windows\System\KijsIon.exe
  C:\Windows\System\KijsIon.exe
  2⤵
  PID:5492
- C:\Windows\System\ocuTfGP.exe
  C:\Windows\System\ocuTfGP.exe
  2⤵
  PID:5532
- C:\Windows\System\wadlmPE.exe
  C:\Windows\System\wadlmPE.exe
  2⤵
  PID:5608
- C:\Windows\System\VZezIHY.exe
  C:\Windows\System\VZezIHY.exe
  2⤵
  PID:5752
- C:\Windows\System\wizeils.exe
  C:\Windows\System\wizeils.exe
  2⤵
  PID:5616
- C:\Windows\System\xYRIihE.exe
  C:\Windows\System\xYRIihE.exe
  2⤵
  PID:5648
- C:\Windows\System\efRnzAv.exe
  C:\Windows\System\efRnzAv.exe
  2⤵
  PID:5692
- C:\Windows\System\qCeDcyR.exe
  C:\Windows\System\qCeDcyR.exe
  2⤵
  PID:5872
- C:\Windows\System\JkaLkot.exe
  C:\Windows\System\JkaLkot.exe
  2⤵
  PID:5772
- C:\Windows\System\dVGhLIv.exe
  C:\Windows\System\dVGhLIv.exe
  2⤵
  PID:5952
- C:\Windows\System\wvkVkJw.exe
  C:\Windows\System\wvkVkJw.exe
  2⤵
  PID:5804
- C:\Windows\System\gYEmSNp.exe
  C:\Windows\System\gYEmSNp.exe
  2⤵
  PID:5856
- C:\Windows\System\wDNNWoa.exe
  C:\Windows\System\wDNNWoa.exe
  2⤵
  PID:5936
- C:\Windows\System\syCIeMr.exe
  C:\Windows\System\syCIeMr.exe
  2⤵
  PID:6072
- C:\Windows\System\RnlZuhP.exe
  C:\Windows\System\RnlZuhP.exe
  2⤵
  PID:6116
- C:\Windows\System\SebpeVb.exe
  C:\Windows\System\SebpeVb.exe
  2⤵
  PID:6016
- C:\Windows\System\BVessJW.exe
  C:\Windows\System\BVessJW.exe
  2⤵
  PID:6056
- C:\Windows\System\XksBJBR.exe
  C:\Windows\System\XksBJBR.exe
  2⤵
  PID:4328
- C:\Windows\System\aMZwUQy.exe
  C:\Windows\System\aMZwUQy.exe
  2⤵
  PID:4272
- C:\Windows\System\IloWDTe.exe
  C:\Windows\System\IloWDTe.exe
  2⤵
  PID:4796
- C:\Windows\System\kuvHycY.exe
  C:\Windows\System\kuvHycY.exe
  2⤵
  PID:4812
- C:\Windows\System\iZjDHXn.exe
  C:\Windows\System\iZjDHXn.exe
  2⤵
  PID:4156
- C:\Windows\System\rScAmhw.exe
  C:\Windows\System\rScAmhw.exe
  2⤵
  PID:4912
- C:\Windows\System\ILydbMV.exe
  C:\Windows\System\ILydbMV.exe
  2⤵
  PID:4872
- C:\Windows\System\jonSJIY.exe
  C:\Windows\System\jonSJIY.exe
  2⤵
  PID:988
- C:\Windows\System\dhEeUIu.exe
  C:\Windows\System\dhEeUIu.exe
  2⤵
  PID:5304
- C:\Windows\System\OjtKUVB.exe
  C:\Windows\System\OjtKUVB.exe
  2⤵
  PID:5204
- C:\Windows\System\yzuXcAT.exe
  C:\Windows\System\yzuXcAT.exe
  2⤵
  PID:5236
- C:\Windows\System\RnaCKeD.exe
  C:\Windows\System\RnaCKeD.exe
  2⤵
  PID:5424
- C:\Windows\System\feVTnNW.exe
  C:\Windows\System\feVTnNW.exe
  2⤵
  PID:2136
- C:\Windows\System\NrVkpcj.exe
  C:\Windows\System\NrVkpcj.exe
  2⤵
  PID:5368
- C:\Windows\System\tJhJxnE.exe
  C:\Windows\System\tJhJxnE.exe
  2⤵
  PID:5592
- C:\Windows\System\FDcHvnv.exe
  C:\Windows\System\FDcHvnv.exe
  2⤵
  PID:5668
- C:\Windows\System\qrnYwEI.exe
  C:\Windows\System\qrnYwEI.exe
  2⤵
  PID:5768
- C:\Windows\System\PRbfTNw.exe
  C:\Windows\System\PRbfTNw.exe
  2⤵
  PID:5672
- C:\Windows\System\YbPREOW.exe
  C:\Windows\System\YbPREOW.exe
  2⤵
  PID:5612
- C:\Windows\System\PtEUcqT.exe
  C:\Windows\System\PtEUcqT.exe
  2⤵
  PID:5656
- C:\Windows\System\HwOhVTU.exe
  C:\Windows\System\HwOhVTU.exe
  2⤵
  PID:5948
- C:\Windows\System\UyDayYH.exe
  C:\Windows\System\UyDayYH.exe
  2⤵
  PID:5956
- C:\Windows\System\ntLRaII.exe
  C:\Windows\System\ntLRaII.exe
  2⤵
  PID:5996
- C:\Windows\System\hsABMhS.exe
  C:\Windows\System\hsABMhS.exe
  2⤵
  PID:6040
- C:\Windows\System\JNRLgIp.exe
  C:\Windows\System\JNRLgIp.exe
  2⤵
  PID:6120
- C:\Windows\System\odEYbeI.exe
  C:\Windows\System\odEYbeI.exe
  2⤵
  PID:2268
- C:\Windows\System\fDHExUV.exe
  C:\Windows\System\fDHExUV.exe
  2⤵
  PID:2724
- C:\Windows\System\evMqFMx.exe
  C:\Windows\System\evMqFMx.exe
  2⤵
  PID:4676
- C:\Windows\System\TkRZavJ.exe
  C:\Windows\System\TkRZavJ.exe
  2⤵
  PID:2924
- C:\Windows\System\vceNiDa.exe
  C:\Windows\System\vceNiDa.exe
  2⤵
  PID:4916
- C:\Windows\System\UpSISLG.exe
  C:\Windows\System\UpSISLG.exe
  2⤵
  PID:2872
- C:\Windows\System\yNQCqGK.exe
  C:\Windows\System\yNQCqGK.exe
  2⤵
  PID:5312
- C:\Windows\System\GqkMAFb.exe
  C:\Windows\System\GqkMAFb.exe
  2⤵
  PID:5208
- C:\Windows\System\xBKkZDr.exe
  C:\Windows\System\xBKkZDr.exe
  2⤵
  PID:5348
- C:\Windows\System\oKICRMq.exe
  C:\Windows\System\oKICRMq.exe
  2⤵
  PID:5372
- C:\Windows\System\cxDZpdg.exe
  C:\Windows\System\cxDZpdg.exe
  2⤵
  PID:6156
- C:\Windows\System\UgHgdOQ.exe
  C:\Windows\System\UgHgdOQ.exe
  2⤵
  PID:6176
- C:\Windows\System\VojRlQx.exe
  C:\Windows\System\VojRlQx.exe
  2⤵
  PID:6196
- C:\Windows\System\VJPDSQK.exe
  C:\Windows\System\VJPDSQK.exe
  2⤵
  PID:6216
- C:\Windows\System\sfGZXkp.exe
  C:\Windows\System\sfGZXkp.exe
  2⤵
  PID:6236
- C:\Windows\System\mIGXenB.exe
  C:\Windows\System\mIGXenB.exe
  2⤵
  PID:6256
- C:\Windows\System\Mnestoh.exe
  C:\Windows\System\Mnestoh.exe
  2⤵
  PID:6276
- C:\Windows\System\hCfczxv.exe
  C:\Windows\System\hCfczxv.exe
  2⤵
  PID:6296
- C:\Windows\System\yeduwIx.exe
  C:\Windows\System\yeduwIx.exe
  2⤵
  PID:6316
- C:\Windows\System\vDoMsnn.exe
  C:\Windows\System\vDoMsnn.exe
  2⤵
  PID:6336
- C:\Windows\System\fywhTEm.exe
  C:\Windows\System\fywhTEm.exe
  2⤵
  PID:6356
- C:\Windows\System\oJRqWtR.exe
  C:\Windows\System\oJRqWtR.exe
  2⤵
  PID:6376
- C:\Windows\System\XQCDyUx.exe
  C:\Windows\System\XQCDyUx.exe
  2⤵
  PID:6396
- C:\Windows\System\iThcTEP.exe
  C:\Windows\System\iThcTEP.exe
  2⤵
  PID:6416
- C:\Windows\System\ihzfIvQ.exe
  C:\Windows\System\ihzfIvQ.exe
  2⤵
  PID:6436
- C:\Windows\System\zEjMMeJ.exe
  C:\Windows\System\zEjMMeJ.exe
  2⤵
  PID:6456
- C:\Windows\System\unmAYBO.exe
  C:\Windows\System\unmAYBO.exe
  2⤵
  PID:6476
- C:\Windows\System\rBISeMp.exe
  C:\Windows\System\rBISeMp.exe
  2⤵
  PID:6496
- C:\Windows\System\HFFKKqE.exe
  C:\Windows\System\HFFKKqE.exe
  2⤵
  PID:6516
- C:\Windows\System\GnRMfXV.exe
  C:\Windows\System\GnRMfXV.exe
  2⤵
  PID:6536
- C:\Windows\System\uuPUzXG.exe
  C:\Windows\System\uuPUzXG.exe
  2⤵
  PID:6556
- C:\Windows\System\yIQvkeo.exe
  C:\Windows\System\yIQvkeo.exe
  2⤵
  PID:6576
- C:\Windows\System\ypwdrrc.exe
  C:\Windows\System\ypwdrrc.exe
  2⤵
  PID:6596
- C:\Windows\System\wXHMBci.exe
  C:\Windows\System\wXHMBci.exe
  2⤵
  PID:6616
- C:\Windows\System\FJOcCol.exe
  C:\Windows\System\FJOcCol.exe
  2⤵
  PID:6640
- C:\Windows\System\iqrJzZo.exe
  C:\Windows\System\iqrJzZo.exe
  2⤵
  PID:6660
- C:\Windows\System\eZsICWL.exe
  C:\Windows\System\eZsICWL.exe
  2⤵
  PID:6680
- C:\Windows\System\aDDcOuk.exe
  C:\Windows\System\aDDcOuk.exe
  2⤵
  PID:6700
- C:\Windows\System\EmPUlux.exe
  C:\Windows\System\EmPUlux.exe
  2⤵
  PID:6720
- C:\Windows\System\eyLwUNe.exe
  C:\Windows\System\eyLwUNe.exe
  2⤵
  PID:6740
- C:\Windows\System\JMAhULL.exe
  C:\Windows\System\JMAhULL.exe
  2⤵
  PID:6760
- C:\Windows\System\jHSdlUw.exe
  C:\Windows\System\jHSdlUw.exe
  2⤵
  PID:6780
- C:\Windows\System\fCdWMJy.exe
  C:\Windows\System\fCdWMJy.exe
  2⤵
  PID:6800
- C:\Windows\System\gqJjDYg.exe
  C:\Windows\System\gqJjDYg.exe
  2⤵
  PID:6820
- C:\Windows\System\ahlBoiw.exe
  C:\Windows\System\ahlBoiw.exe
  2⤵
  PID:6840
- C:\Windows\System\yrbEivU.exe
  C:\Windows\System\yrbEivU.exe
  2⤵
  PID:6860
- C:\Windows\System\BLlupva.exe
  C:\Windows\System\BLlupva.exe
  2⤵
  PID:6880
- C:\Windows\System\nOatNHA.exe
  C:\Windows\System\nOatNHA.exe
  2⤵
  PID:6900
- C:\Windows\System\WvSLRgT.exe
  C:\Windows\System\WvSLRgT.exe
  2⤵
  PID:6920
- C:\Windows\System\ETzwerC.exe
  C:\Windows\System\ETzwerC.exe
  2⤵
  PID:6940
- C:\Windows\System\pSRaOeV.exe
  C:\Windows\System\pSRaOeV.exe
  2⤵
  PID:6960
- C:\Windows\System\JNIdTNu.exe
  C:\Windows\System\JNIdTNu.exe
  2⤵
  PID:6980
- C:\Windows\System\lbaHpxm.exe
  C:\Windows\System\lbaHpxm.exe
  2⤵
  PID:7000
- C:\Windows\System\cScfFyE.exe
  C:\Windows\System\cScfFyE.exe
  2⤵
  PID:7024
- C:\Windows\System\bUPYljh.exe
  C:\Windows\System\bUPYljh.exe
  2⤵
  PID:7044
- C:\Windows\System\wjcPOsk.exe
  C:\Windows\System\wjcPOsk.exe
  2⤵
  PID:7064
- C:\Windows\System\MhnGBeo.exe
  C:\Windows\System\MhnGBeo.exe
  2⤵
  PID:7084
- C:\Windows\System\ibvrSTv.exe
  C:\Windows\System\ibvrSTv.exe
  2⤵
  PID:7104
- C:\Windows\System\EacxxvD.exe
  C:\Windows\System\EacxxvD.exe
  2⤵
  PID:7124
- C:\Windows\System\QnGakRu.exe
  C:\Windows\System\QnGakRu.exe
  2⤵
  PID:7144
- C:\Windows\System\QUzUduf.exe
  C:\Windows\System\QUzUduf.exe
  2⤵
  PID:7164
- C:\Windows\System\uLrPqTo.exe
  C:\Windows\System\uLrPqTo.exe
  2⤵
  PID:5636
- C:\Windows\System\hyQTwGP.exe
  C:\Windows\System\hyQTwGP.exe
  2⤵
  PID:5832
- C:\Windows\System\tLUMdid.exe
  C:\Windows\System\tLUMdid.exe
  2⤵
  PID:2840
- C:\Windows\System\gGoDIDy.exe
  C:\Windows\System\gGoDIDy.exe
  2⤵
  PID:2808
- C:\Windows\System\OWjOUfU.exe
  C:\Windows\System\OWjOUfU.exe
  2⤵
  PID:5812
- C:\Windows\System\IbvgvOI.exe
  C:\Windows\System\IbvgvOI.exe
  2⤵
  PID:5924
- C:\Windows\System\WpcHkGW.exe
  C:\Windows\System\WpcHkGW.exe
  2⤵
  PID:5928
- C:\Windows\System\IoITIzK.exe
  C:\Windows\System\IoITIzK.exe
  2⤵
  PID:2712
- C:\Windows\System\eseKVzQ.exe
  C:\Windows\System\eseKVzQ.exe
  2⤵
  PID:3376
- C:\Windows\System\CAxUSDS.exe
  C:\Windows\System\CAxUSDS.exe
  2⤵
  PID:3752
- C:\Windows\System\yNOoYLs.exe
  C:\Windows\System\yNOoYLs.exe
  2⤵
  PID:5144
- C:\Windows\System\QxnbtYs.exe
  C:\Windows\System\QxnbtYs.exe
  2⤵
  PID:5352
- C:\Windows\System\guNaxcA.exe
  C:\Windows\System\guNaxcA.exe
  2⤵
  PID:5548
- C:\Windows\System\BpOXbzc.exe
  C:\Windows\System\BpOXbzc.exe
  2⤵
  PID:6164
- C:\Windows\System\UISnZoK.exe
  C:\Windows\System\UISnZoK.exe
  2⤵
  PID:6192
- C:\Windows\System\DzCSfxz.exe
  C:\Windows\System\DzCSfxz.exe
  2⤵
  PID:1552
- C:\Windows\System\rqebSFt.exe
  C:\Windows\System\rqebSFt.exe
  2⤵
  PID:6228
- C:\Windows\System\FHuWoAy.exe
  C:\Windows\System\FHuWoAy.exe
  2⤵
  PID:6284
- C:\Windows\System\fJZCkaR.exe
  C:\Windows\System\fJZCkaR.exe
  2⤵
  PID:6312
- C:\Windows\System\GywMMaY.exe
  C:\Windows\System\GywMMaY.exe
  2⤵
  PID:6352
- C:\Windows\System\OyJhkkU.exe
  C:\Windows\System\OyJhkkU.exe
  2⤵
  PID:6384
- C:\Windows\System\LMvwyfr.exe
  C:\Windows\System\LMvwyfr.exe
  2⤵
  PID:6408
- C:\Windows\System\gPCDkTS.exe
  C:\Windows\System\gPCDkTS.exe
  2⤵
  PID:6432
- C:\Windows\System\Moxjcwl.exe
  C:\Windows\System\Moxjcwl.exe
  2⤵
  PID:6484
- C:\Windows\System\VAQfpsn.exe
  C:\Windows\System\VAQfpsn.exe
  2⤵
  PID:6524
- C:\Windows\System\fYinLcc.exe
  C:\Windows\System\fYinLcc.exe
  2⤵
  PID:6552
- C:\Windows\System\pEqAgLw.exe
  C:\Windows\System\pEqAgLw.exe
  2⤵
  PID:6584
- C:\Windows\System\rtyrDxD.exe
  C:\Windows\System\rtyrDxD.exe
  2⤵
  PID:6608
- C:\Windows\System\eePgICW.exe
  C:\Windows\System\eePgICW.exe
  2⤵
  PID:6636
- C:\Windows\System\ekSplLJ.exe
  C:\Windows\System\ekSplLJ.exe
  2⤵
  PID:6688
- C:\Windows\System\VbENcWY.exe
  C:\Windows\System\VbENcWY.exe
  2⤵
  PID:6708
- C:\Windows\System\FvvIKwn.exe
  C:\Windows\System\FvvIKwn.exe
  2⤵
  PID:6732
- C:\Windows\System\tVznoQc.exe
  C:\Windows\System\tVznoQc.exe
  2⤵
  PID:6776
- C:\Windows\System\iBJnMei.exe
  C:\Windows\System\iBJnMei.exe
  2⤵
  PID:6792
- C:\Windows\System\SxpIcIX.exe
  C:\Windows\System\SxpIcIX.exe
  2⤵
  PID:6856
- C:\Windows\System\DAFIWcE.exe
  C:\Windows\System\DAFIWcE.exe
  2⤵
  PID:6888
- C:\Windows\System\hiwHgIw.exe
  C:\Windows\System\hiwHgIw.exe
  2⤵
  PID:6908
- C:\Windows\System\bPFgaFs.exe
  C:\Windows\System\bPFgaFs.exe
  2⤵
  PID:6932
- C:\Windows\System\sAYXBKn.exe
  C:\Windows\System\sAYXBKn.exe
  2⤵
  PID:6972
- C:\Windows\System\IrqYRsD.exe
  C:\Windows\System\IrqYRsD.exe
  2⤵
  PID:7016
- C:\Windows\System\NgQmHNj.exe
  C:\Windows\System\NgQmHNj.exe
  2⤵
  PID:7052
- C:\Windows\System\CAwhQjT.exe
  C:\Windows\System\CAwhQjT.exe
  2⤵
  PID:7076
- C:\Windows\System\PLNSWrH.exe
  C:\Windows\System\PLNSWrH.exe
  2⤵
  PID:7132
- C:\Windows\System\EFXRcJy.exe
  C:\Windows\System\EFXRcJy.exe
  2⤵
  PID:2832
- C:\Windows\System\vNarPnq.exe
  C:\Windows\System\vNarPnq.exe
  2⤵
  PID:2824
- C:\Windows\System\PhBhGAx.exe
  C:\Windows\System\PhBhGAx.exe
  2⤵
  PID:5744
- C:\Windows\System\idItqJr.exe
  C:\Windows\System\idItqJr.exe
  2⤵
  PID:5868
- C:\Windows\System\fHxHish.exe
  C:\Windows\System\fHxHish.exe
  2⤵
  PID:5724
- C:\Windows\System\IBgoGiB.exe
  C:\Windows\System\IBgoGiB.exe
  2⤵
  PID:5976
- C:\Windows\System\uTidcBm.exe
  C:\Windows\System\uTidcBm.exe
  2⤵
  PID:3400
- C:\Windows\System\KGKLbKa.exe
  C:\Windows\System\KGKLbKa.exe
  2⤵
  PID:5224
- C:\Windows\System\BJMWHGs.exe
  C:\Windows\System\BJMWHGs.exe
  2⤵
  PID:5240
- C:\Windows\System\YbKSXaC.exe
  C:\Windows\System\YbKSXaC.exe
  2⤵
  PID:5272
- C:\Windows\System\zdvpxLP.exe
  C:\Windows\System\zdvpxLP.exe
  2⤵
  PID:6204
- C:\Windows\System\iSAZdLU.exe
  C:\Windows\System\iSAZdLU.exe
  2⤵
  PID:6232
- C:\Windows\System\DXzbhEp.exe
  C:\Windows\System\DXzbhEp.exe
  2⤵
  PID:2240
- C:\Windows\System\PEIbuNy.exe
  C:\Windows\System\PEIbuNy.exe
  2⤵
  PID:6364
- C:\Windows\System\FfXEEWW.exe
  C:\Windows\System\FfXEEWW.exe
  2⤵
  PID:6344
- C:\Windows\System\geNVAyh.exe
  C:\Windows\System\geNVAyh.exe
  2⤵
  PID:6452
- C:\Windows\System\uhYGFWG.exe
  C:\Windows\System\uhYGFWG.exe
  2⤵
  PID:6512
- C:\Windows\System\ibeiTyp.exe
  C:\Windows\System\ibeiTyp.exe
  2⤵
  PID:6544
- C:\Windows\System\KeynatQ.exe
  C:\Windows\System\KeynatQ.exe
  2⤵
  PID:6624
- C:\Windows\System\ffKVtrz.exe
  C:\Windows\System\ffKVtrz.exe
  2⤵
  PID:6652
- C:\Windows\System\lRnCwdg.exe
  C:\Windows\System\lRnCwdg.exe
  2⤵
  PID:6692
- C:\Windows\System\FZlXgeS.exe
  C:\Windows\System\FZlXgeS.exe
  2⤵
  PID:6712
- C:\Windows\System\yCYkiGK.exe
  C:\Windows\System\yCYkiGK.exe
  2⤵
  PID:6796
- C:\Windows\System\LUqeBhy.exe
  C:\Windows\System\LUqeBhy.exe
  2⤵
  PID:6892
- C:\Windows\System\cLhoGcq.exe
  C:\Windows\System\cLhoGcq.exe
  2⤵
  PID:6872
- C:\Windows\System\yxWRyLg.exe
  C:\Windows\System\yxWRyLg.exe
  2⤵
  PID:6976
- C:\Windows\System\XFatNqw.exe
  C:\Windows\System\XFatNqw.exe
  2⤵
  PID:7036
- C:\Windows\System\TLUaTQx.exe
  C:\Windows\System\TLUaTQx.exe
  2⤵
  PID:7112
- C:\Windows\System\nDRcdAi.exe
  C:\Windows\System\nDRcdAi.exe
  2⤵
  PID:7136
- C:\Windows\System\rAffdGo.exe
  C:\Windows\System\rAffdGo.exe
  2⤵
  PID:5708
- C:\Windows\System\XYXZsWs.exe
  C:\Windows\System\XYXZsWs.exe
  2⤵
  PID:6000
- C:\Windows\System\wUPxIHq.exe
  C:\Windows\System\wUPxIHq.exe
  2⤵
  PID:6632
- C:\Windows\System\KDkLiHz.exe
  C:\Windows\System\KDkLiHz.exe
  2⤵
  PID:6052
- C:\Windows\System\BpcDExX.exe
  C:\Windows\System\BpcDExX.exe
  2⤵
  PID:5116
- C:\Windows\System\UrUaBWa.exe
  C:\Windows\System\UrUaBWa.exe
  2⤵
  PID:6208
- C:\Windows\System\DlpVKQL.exe
  C:\Windows\System\DlpVKQL.exe
  2⤵
  PID:6304
- C:\Windows\System\utPYBUe.exe
  C:\Windows\System\utPYBUe.exe
  2⤵
  PID:6388
- C:\Windows\System\RYJwLdt.exe
  C:\Windows\System\RYJwLdt.exe
  2⤵
  PID:6372
- C:\Windows\System\rICmLMW.exe
  C:\Windows\System\rICmLMW.exe
  2⤵
  PID:6508
- C:\Windows\System\ZJiRVnS.exe
  C:\Windows\System\ZJiRVnS.exe
  2⤵
  PID:2768
- C:\Windows\System\nmilhkS.exe
  C:\Windows\System\nmilhkS.exe
  2⤵
  PID:6676
- C:\Windows\System\ZxmOaov.exe
  C:\Windows\System\ZxmOaov.exe
  2⤵
  PID:6808
- C:\Windows\System\KEwCYnJ.exe
  C:\Windows\System\KEwCYnJ.exe
  2⤵
  PID:6956
- C:\Windows\System\NAwwPDs.exe
  C:\Windows\System\NAwwPDs.exe
  2⤵
  PID:7040
- C:\Windows\System\PFsFeFh.exe
  C:\Windows\System\PFsFeFh.exe
  2⤵
  PID:6996
- C:\Windows\System\GZAGBNe.exe
  C:\Windows\System\GZAGBNe.exe
  2⤵
  PID:7152
- C:\Windows\System\zRLKljv.exe
  C:\Windows\System\zRLKljv.exe
  2⤵
  PID:5912
- C:\Windows\System\GVFlzXJ.exe
  C:\Windows\System\GVFlzXJ.exe
  2⤵
  PID:5332
- C:\Windows\System\IaCRgXt.exe
  C:\Windows\System\IaCRgXt.exe
  2⤵
  PID:7184
- C:\Windows\System\jLNtLvM.exe
  C:\Windows\System\jLNtLvM.exe
  2⤵
  PID:7204
- C:\Windows\System\EUOHtZZ.exe
  C:\Windows\System\EUOHtZZ.exe
  2⤵
  PID:7228
- C:\Windows\System\iyocbXO.exe
  C:\Windows\System\iyocbXO.exe
  2⤵
  PID:7248
- C:\Windows\System\VHrDcsy.exe
  C:\Windows\System\VHrDcsy.exe
  2⤵
  PID:7268
- C:\Windows\System\DgXkmwC.exe
  C:\Windows\System\DgXkmwC.exe
  2⤵
  PID:7288
- C:\Windows\System\vdPcaHI.exe
  C:\Windows\System\vdPcaHI.exe
  2⤵
  PID:7304
- C:\Windows\System\qSwWkoy.exe
  C:\Windows\System\qSwWkoy.exe
  2⤵
  PID:7328
- C:\Windows\System\tICkksd.exe
  C:\Windows\System\tICkksd.exe
  2⤵
  PID:7348
- C:\Windows\System\dXRhyRe.exe
  C:\Windows\System\dXRhyRe.exe
  2⤵
  PID:7368
- C:\Windows\System\fXikRkQ.exe
  C:\Windows\System\fXikRkQ.exe
  2⤵
  PID:7388
- C:\Windows\System\eWjEBOp.exe
  C:\Windows\System\eWjEBOp.exe
  2⤵
  PID:7408
- C:\Windows\System\MMCMYHX.exe
  C:\Windows\System\MMCMYHX.exe
  2⤵
  PID:7428
- C:\Windows\System\EDVVGgQ.exe
  C:\Windows\System\EDVVGgQ.exe
  2⤵
  PID:7448
- C:\Windows\System\gWFMEqP.exe
  C:\Windows\System\gWFMEqP.exe
  2⤵
  PID:7468
- C:\Windows\System\dURJHli.exe
  C:\Windows\System\dURJHli.exe
  2⤵
  PID:7488
- C:\Windows\System\qzKuDDN.exe
  C:\Windows\System\qzKuDDN.exe
  2⤵
  PID:7508
- C:\Windows\System\mqRmBSm.exe
  C:\Windows\System\mqRmBSm.exe
  2⤵
  PID:7528
- C:\Windows\System\NcZYUkR.exe
  C:\Windows\System\NcZYUkR.exe
  2⤵
  PID:7548
- C:\Windows\System\sIQeVxp.exe
  C:\Windows\System\sIQeVxp.exe
  2⤵
  PID:7568
- C:\Windows\System\pMLYsYm.exe
  C:\Windows\System\pMLYsYm.exe
  2⤵
  PID:7588
- C:\Windows\System\OnhbsIN.exe
  C:\Windows\System\OnhbsIN.exe
  2⤵
  PID:7608
- C:\Windows\System\PIdqLSl.exe
  C:\Windows\System\PIdqLSl.exe
  2⤵
  PID:7628
- C:\Windows\System\IulCzHB.exe
  C:\Windows\System\IulCzHB.exe
  2⤵
  PID:7644
- C:\Windows\System\cvqfTjz.exe
  C:\Windows\System\cvqfTjz.exe
  2⤵
  PID:7668
- C:\Windows\System\CpwzoGf.exe
  C:\Windows\System\CpwzoGf.exe
  2⤵
  PID:7688
- C:\Windows\System\DvnBhui.exe
  C:\Windows\System\DvnBhui.exe
  2⤵
  PID:7708
- C:\Windows\System\KsNPsth.exe
  C:\Windows\System\KsNPsth.exe
  2⤵
  PID:7728
- C:\Windows\System\ORCfMjx.exe
  C:\Windows\System\ORCfMjx.exe
  2⤵
  PID:7744
- C:\Windows\System\mbxBGej.exe
  C:\Windows\System\mbxBGej.exe
  2⤵
  PID:7768
- C:\Windows\System\rqQeZxm.exe
  C:\Windows\System\rqQeZxm.exe
  2⤵
  PID:7788
- C:\Windows\System\WEkQiwD.exe
  C:\Windows\System\WEkQiwD.exe
  2⤵
  PID:7808
- C:\Windows\System\LLCZbWX.exe
  C:\Windows\System\LLCZbWX.exe
  2⤵
  PID:7832
- C:\Windows\System\gBkJMZL.exe
  C:\Windows\System\gBkJMZL.exe
  2⤵
  PID:7852
- C:\Windows\System\zdLVbDW.exe
  C:\Windows\System\zdLVbDW.exe
  2⤵
  PID:7872
- C:\Windows\System\XhzqbHi.exe
  C:\Windows\System\XhzqbHi.exe
  2⤵
  PID:7892
- C:\Windows\System\cJZBXSN.exe
  C:\Windows\System\cJZBXSN.exe
  2⤵
  PID:7912
- C:\Windows\System\EVqJzsH.exe
  C:\Windows\System\EVqJzsH.exe
  2⤵
  PID:7932
- C:\Windows\System\qOYGRZU.exe
  C:\Windows\System\qOYGRZU.exe
  2⤵
  PID:7952
- C:\Windows\System\DMDcdpr.exe
  C:\Windows\System\DMDcdpr.exe
  2⤵
  PID:7972
- C:\Windows\System\DOzAnER.exe
  C:\Windows\System\DOzAnER.exe
  2⤵
  PID:7992
- C:\Windows\System\UaMTcpZ.exe
  C:\Windows\System\UaMTcpZ.exe
  2⤵
  PID:8012
- C:\Windows\System\cDPzWro.exe
  C:\Windows\System\cDPzWro.exe
  2⤵
  PID:8032
- C:\Windows\System\tOVYLWa.exe
  C:\Windows\System\tOVYLWa.exe
  2⤵
  PID:8052
- C:\Windows\System\gJtaWOn.exe
  C:\Windows\System\gJtaWOn.exe
  2⤵
  PID:8072
- C:\Windows\System\AVFBTAL.exe
  C:\Windows\System\AVFBTAL.exe
  2⤵
  PID:8092
- C:\Windows\System\SOZrDaC.exe
  C:\Windows\System\SOZrDaC.exe
  2⤵
  PID:8108
- C:\Windows\System\zizxMIt.exe
  C:\Windows\System\zizxMIt.exe
  2⤵
  PID:8132
- C:\Windows\System\MuiBNeg.exe
  C:\Windows\System\MuiBNeg.exe
  2⤵
  PID:8148
- C:\Windows\System\kjrUMzC.exe
  C:\Windows\System\kjrUMzC.exe
  2⤵
  PID:8172
- C:\Windows\System\dBkFaew.exe
  C:\Windows\System\dBkFaew.exe
  2⤵
  PID:2592
- C:\Windows\System\niphokm.exe
  C:\Windows\System\niphokm.exe
  2⤵
  PID:6152
- C:\Windows\System\HmipnUV.exe
  C:\Windows\System\HmipnUV.exe
  2⤵
  PID:6212
- C:\Windows\System\vHJMOhV.exe
  C:\Windows\System\vHJMOhV.exe
  2⤵
  PID:6464
- C:\Windows\System\PlTssfg.exe
  C:\Windows\System\PlTssfg.exe
  2⤵
  PID:6668
- C:\Windows\System\aQzAuUA.exe
  C:\Windows\System\aQzAuUA.exe
  2⤵
  PID:2096
- C:\Windows\System\IAlFEYL.exe
  C:\Windows\System\IAlFEYL.exe
  2⤵
  PID:6852
- C:\Windows\System\qnZMeVS.exe
  C:\Windows\System\qnZMeVS.exe
  2⤵
  PID:7100
- C:\Windows\System\KIEjBgN.exe
  C:\Windows\System\KIEjBgN.exe
  2⤵
  PID:1732
- C:\Windows\System\xmPvLrk.exe
  C:\Windows\System\xmPvLrk.exe
  2⤵
  PID:7172
- C:\Windows\System\bBKeCnt.exe
  C:\Windows\System\bBKeCnt.exe
  2⤵
  PID:7196
- C:\Windows\System\vOZjTOp.exe
  C:\Windows\System\vOZjTOp.exe
  2⤵
  PID:7244
- C:\Windows\System\qmoDwEI.exe
  C:\Windows\System\qmoDwEI.exe
  2⤵
  PID:7284
- C:\Windows\System\pNrJfwT.exe
  C:\Windows\System\pNrJfwT.exe
  2⤵
  PID:7320
- C:\Windows\System\FQedynp.exe
  C:\Windows\System\FQedynp.exe
  2⤵
  PID:7356
- C:\Windows\System\NjaaWJv.exe
  C:\Windows\System\NjaaWJv.exe
  2⤵
  PID:7376
- C:\Windows\System\PKgxyMB.exe
  C:\Windows\System\PKgxyMB.exe
  2⤵
  PID:7400
- C:\Windows\System\oORYJXv.exe
  C:\Windows\System\oORYJXv.exe
  2⤵
  PID:7420
- C:\Windows\System\zPPtHVF.exe
  C:\Windows\System\zPPtHVF.exe
  2⤵
  PID:7480
- C:\Windows\System\CdLHynS.exe
  C:\Windows\System\CdLHynS.exe
  2⤵
  PID:7496
- C:\Windows\System\WaqoGrt.exe
  C:\Windows\System\WaqoGrt.exe
  2⤵
  PID:7544
- C:\Windows\System\FueAQgJ.exe
  C:\Windows\System\FueAQgJ.exe
  2⤵
  PID:7576
- C:\Windows\System\yGUHnLa.exe
  C:\Windows\System\yGUHnLa.exe
  2⤵
  PID:7600
- C:\Windows\System\OAYsQDl.exe
  C:\Windows\System\OAYsQDl.exe
  2⤵
  PID:7620
- C:\Windows\System\BCizUnw.exe
  C:\Windows\System\BCizUnw.exe
  2⤵
  PID:7660
- C:\Windows\System\gqSGuNy.exe
  C:\Windows\System\gqSGuNy.exe
  2⤵
  PID:7716
- C:\Windows\System\qspkTbB.exe
  C:\Windows\System\qspkTbB.exe
  2⤵
  PID:7752
- C:\Windows\System\bLrrbyA.exe
  C:\Windows\System\bLrrbyA.exe
  2⤵
  PID:7740
- C:\Windows\System\FbAqWBR.exe
  C:\Windows\System\FbAqWBR.exe
  2⤵
  PID:7804
- C:\Windows\System\RTAPNZh.exe
  C:\Windows\System\RTAPNZh.exe
  2⤵
  PID:7828
- C:\Windows\System\PPfpTfB.exe
  C:\Windows\System\PPfpTfB.exe
  2⤵
  PID:7884
- C:\Windows\System\aSGpqrJ.exe
  C:\Windows\System\aSGpqrJ.exe
  2⤵
  PID:7864
- C:\Windows\System\JRqHpMF.exe
  C:\Windows\System\JRqHpMF.exe
  2⤵
  PID:7924
- C:\Windows\System\dYklHEl.exe
  C:\Windows\System\dYklHEl.exe
  2⤵
  PID:7948
- C:\Windows\System\tJQaBwD.exe
  C:\Windows\System\tJQaBwD.exe
  2⤵
  PID:8008
- C:\Windows\System\frkbUQQ.exe
  C:\Windows\System\frkbUQQ.exe
  2⤵
  PID:7984
- C:\Windows\System\AHkFBir.exe
  C:\Windows\System\AHkFBir.exe
  2⤵
  PID:8024
- C:\Windows\System\jpfhQtx.exe
  C:\Windows\System\jpfhQtx.exe
  2⤵
  PID:8116
- C:\Windows\System\njpaIPd.exe
  C:\Windows\System\njpaIPd.exe
  2⤵
  PID:8128
- C:\Windows\System\NTJdxnk.exe
  C:\Windows\System\NTJdxnk.exe
  2⤵
  PID:8168
- C:\Windows\System\ANOJAxR.exe
  C:\Windows\System\ANOJAxR.exe
  2⤵
  PID:4512
- C:\Windows\System\HiqzNJB.exe
  C:\Windows\System\HiqzNJB.exe
  2⤵
  PID:8184
- C:\Windows\System\THLPmAp.exe
  C:\Windows\System\THLPmAp.exe
  2⤵
  PID:6448
- C:\Windows\System\VnuRXnf.exe
  C:\Windows\System\VnuRXnf.exe
  2⤵
  PID:6488
- C:\Windows\System\JCSmrGE.exe
  C:\Windows\System\JCSmrGE.exe
  2⤵
  PID:6916
- C:\Windows\System\NWJmjYZ.exe
  C:\Windows\System\NWJmjYZ.exe
  2⤵
  PID:5488
- C:\Windows\System\HZNWqoH.exe
  C:\Windows\System\HZNWqoH.exe
  2⤵
  PID:7200
- C:\Windows\System\bnsQtKO.exe
  C:\Windows\System\bnsQtKO.exe
  2⤵
  PID:7280
- C:\Windows\System\FXmvzDg.exe
  C:\Windows\System\FXmvzDg.exe
  2⤵
  PID:2272
- C:\Windows\System\RcYJPHY.exe
  C:\Windows\System\RcYJPHY.exe
  2⤵
  PID:7360
- C:\Windows\System\EIhgdbD.exe
  C:\Windows\System\EIhgdbD.exe
  2⤵
  PID:7384
- C:\Windows\System\SeNVwYa.exe
  C:\Windows\System\SeNVwYa.exe
  2⤵
  PID:7464
- C:\Windows\System\xYSjSPI.exe
  C:\Windows\System\xYSjSPI.exe
  2⤵
  PID:7564
- C:\Windows\System\owCCMSt.exe
  C:\Windows\System\owCCMSt.exe
  2⤵
  PID:7640
- C:\Windows\System\KGRhoTj.exe
  C:\Windows\System\KGRhoTj.exe
  2⤵
  PID:7616
- C:\Windows\System\MusyKQG.exe
  C:\Windows\System\MusyKQG.exe
  2⤵
  PID:3024
- C:\Windows\System\OgSFTFI.exe
  C:\Windows\System\OgSFTFI.exe
  2⤵
  PID:7680
- C:\Windows\System\iCCHGmq.exe
  C:\Windows\System\iCCHGmq.exe
  2⤵
  PID:7764
- C:\Windows\System\aPrkLph.exe
  C:\Windows\System\aPrkLph.exe
  2⤵
  PID:7784
- C:\Windows\System\sozWGVs.exe
  C:\Windows\System\sozWGVs.exe
  2⤵
  PID:7888
- C:\Windows\System\hkHozch.exe
  C:\Windows\System\hkHozch.exe
  2⤵
  PID:7904
- C:\Windows\System\QHZOXCY.exe
  C:\Windows\System\QHZOXCY.exe
  2⤵
  PID:8000
- C:\Windows\System\hKpqKsE.exe
  C:\Windows\System\hKpqKsE.exe
  2⤵
  PID:8088
- C:\Windows\System\JVgBCyb.exe
  C:\Windows\System\JVgBCyb.exe
  2⤵
  PID:8068
- C:\Windows\System\YLnEHva.exe
  C:\Windows\System\YLnEHva.exe
  2⤵
  PID:8160
- C:\Windows\System\ClBCpmU.exe
  C:\Windows\System\ClBCpmU.exe
  2⤵
  PID:8180
- C:\Windows\System\mulfUch.exe
  C:\Windows\System\mulfUch.exe
  2⤵
  PID:6568
- C:\Windows\System\ArhBmLf.exe
  C:\Windows\System\ArhBmLf.exe
  2⤵
  PID:6756
- C:\Windows\System\whQMadd.exe
  C:\Windows\System\whQMadd.exe
  2⤵
  PID:5596
- C:\Windows\System\LDxzySy.exe
  C:\Windows\System\LDxzySy.exe
  2⤵
  PID:5992
- C:\Windows\System\BukrcMi.exe
  C:\Windows\System\BukrcMi.exe
  2⤵
  PID:7276
- C:\Windows\System\EoLqfrx.exe
  C:\Windows\System\EoLqfrx.exe
  2⤵
  PID:7444
- C:\Windows\System\wWmdOyQ.exe
  C:\Windows\System\wWmdOyQ.exe
  2⤵
  PID:7524
- C:\Windows\System\axKEVNX.exe
  C:\Windows\System\axKEVNX.exe
  2⤵
  PID:7604
- C:\Windows\System\dQjErmu.exe
  C:\Windows\System\dQjErmu.exe
  2⤵
  PID:7652
- C:\Windows\System\rRGezve.exe
  C:\Windows\System\rRGezve.exe
  2⤵
  PID:7684
- C:\Windows\System\OVCqdtz.exe
  C:\Windows\System\OVCqdtz.exe
  2⤵
  PID:7848
- C:\Windows\System\ZzYuCXF.exe
  C:\Windows\System\ZzYuCXF.exe
  2⤵
  PID:7928
- C:\Windows\System\WHvzDfk.exe
  C:\Windows\System\WHvzDfk.exe
  2⤵
  PID:2668
- C:\Windows\System\RGCHhsG.exe
  C:\Windows\System\RGCHhsG.exe
  2⤵
  PID:8144
- C:\Windows\System\skhAGRN.exe
  C:\Windows\System\skhAGRN.exe
  2⤵
  PID:8124
- C:\Windows\System\gXbabLe.exe
  C:\Windows\System\gXbabLe.exe
  2⤵
  PID:6768
- C:\Windows\System\iChUJDB.exe
  C:\Windows\System\iChUJDB.exe
  2⤵
  PID:8208
- C:\Windows\System\YmkgcqQ.exe
  C:\Windows\System\YmkgcqQ.exe
  2⤵
  PID:8228
- C:\Windows\System\KMeuAPJ.exe
  C:\Windows\System\KMeuAPJ.exe
  2⤵
  PID:8248
- C:\Windows\System\xhDmvyO.exe
  C:\Windows\System\xhDmvyO.exe
  2⤵
  PID:8268
- C:\Windows\System\WQnbrCV.exe
  C:\Windows\System\WQnbrCV.exe
  2⤵
  PID:8288
- C:\Windows\System\UYlutKB.exe
  C:\Windows\System\UYlutKB.exe
  2⤵
  PID:8308
- C:\Windows\System\IFlTvzh.exe
  C:\Windows\System\IFlTvzh.exe
  2⤵
  PID:8328
- C:\Windows\System\QWpjmfC.exe
  C:\Windows\System\QWpjmfC.exe
  2⤵
  PID:8348
- C:\Windows\System\NHPkRpP.exe
  C:\Windows\System\NHPkRpP.exe
  2⤵
  PID:8368
- C:\Windows\System\lQOjprP.exe
  C:\Windows\System\lQOjprP.exe
  2⤵
  PID:8388
- C:\Windows\System\CEDlqii.exe
  C:\Windows\System\CEDlqii.exe
  2⤵
  PID:8408
- C:\Windows\System\LqVWiRo.exe
  C:\Windows\System\LqVWiRo.exe
  2⤵
  PID:8428
- C:\Windows\System\prgbMTN.exe
  C:\Windows\System\prgbMTN.exe
  2⤵
  PID:8448
- C:\Windows\System\nNiwWUC.exe
  C:\Windows\System\nNiwWUC.exe
  2⤵
  PID:8468
- C:\Windows\System\mavyiGK.exe
  C:\Windows\System\mavyiGK.exe
  2⤵
  PID:8484
- C:\Windows\System\ZypBiyE.exe
  C:\Windows\System\ZypBiyE.exe
  2⤵
  PID:8508
- C:\Windows\System\HJcoWlO.exe
  C:\Windows\System\HJcoWlO.exe
  2⤵
  PID:8524
- C:\Windows\System\McauRZV.exe
  C:\Windows\System\McauRZV.exe
  2⤵
  PID:8548
- C:\Windows\System\cacSQGH.exe
  C:\Windows\System\cacSQGH.exe
  2⤵
  PID:8568
- C:\Windows\System\nKXMEQG.exe
  C:\Windows\System\nKXMEQG.exe
  2⤵
  PID:8588
- C:\Windows\System\KgdXzXe.exe
  C:\Windows\System\KgdXzXe.exe
  2⤵
  PID:8612
- C:\Windows\System\CUAHVGe.exe
  C:\Windows\System\CUAHVGe.exe
  2⤵
  PID:8628
- C:\Windows\System\qRkxWGi.exe
  C:\Windows\System\qRkxWGi.exe
  2⤵
  PID:8648
- C:\Windows\System\Cinendj.exe
  C:\Windows\System\Cinendj.exe
  2⤵
  PID:8664
- C:\Windows\System\WgjnIqm.exe
  C:\Windows\System\WgjnIqm.exe
  2⤵
  PID:8688
- C:\Windows\System\vcHfRCK.exe
  C:\Windows\System\vcHfRCK.exe
  2⤵
  PID:8704
- C:\Windows\System\qccMHzp.exe
  C:\Windows\System\qccMHzp.exe
  2⤵
  PID:8728
- C:\Windows\System\OiRlcpX.exe
  C:\Windows\System\OiRlcpX.exe
  2⤵
  PID:8748
- C:\Windows\System\QtcizxF.exe
  C:\Windows\System\QtcizxF.exe
  2⤵
  PID:8768
- C:\Windows\System\UIzjaQy.exe
  C:\Windows\System\UIzjaQy.exe
  2⤵
  PID:8788
- C:\Windows\System\FJUSDtv.exe
  C:\Windows\System\FJUSDtv.exe
  2⤵
  PID:8808
- C:\Windows\System\IXeidGt.exe
  C:\Windows\System\IXeidGt.exe
  2⤵
  PID:8824
- C:\Windows\System\uLBLXOR.exe
  C:\Windows\System\uLBLXOR.exe
  2⤵
  PID:8848
- C:\Windows\System\YIsQLAU.exe
  C:\Windows\System\YIsQLAU.exe
  2⤵
  PID:8932
- C:\Windows\System\gfghQYz.exe
  C:\Windows\System\gfghQYz.exe
  2⤵
  PID:8956
- C:\Windows\System\jmIELcL.exe
  C:\Windows\System\jmIELcL.exe
  2⤵
  PID:8980
- C:\Windows\System\UsoxQhT.exe
  C:\Windows\System\UsoxQhT.exe
  2⤵
  PID:8996
- C:\Windows\System\CizBPwo.exe
  C:\Windows\System\CizBPwo.exe
  2⤵
  PID:9020
- C:\Windows\System\uMATDMS.exe
  C:\Windows\System\uMATDMS.exe
  2⤵
  PID:9036
- C:\Windows\System\PjgVamN.exe
  C:\Windows\System\PjgVamN.exe
  2⤵
  PID:9056
- C:\Windows\System\ObwSDNX.exe
  C:\Windows\System\ObwSDNX.exe
  2⤵
  PID:9080
- C:\Windows\System\UHSdLiM.exe
  C:\Windows\System\UHSdLiM.exe
  2⤵
  PID:9100
- C:\Windows\System\EYqXOls.exe
  C:\Windows\System\EYqXOls.exe
  2⤵
  PID:9120
- C:\Windows\System\qPqzexc.exe
  C:\Windows\System\qPqzexc.exe
  2⤵
  PID:9136
- C:\Windows\System\ybohZGD.exe
  C:\Windows\System\ybohZGD.exe
  2⤵
  PID:9156
- C:\Windows\System\raLelCX.exe
  C:\Windows\System\raLelCX.exe
  2⤵
  PID:9176
- C:\Windows\System\cvtckmN.exe
  C:\Windows\System\cvtckmN.exe
  2⤵
  PID:9196
- C:\Windows\System\ANfmvEg.exe
  C:\Windows\System\ANfmvEg.exe
  2⤵
  PID:7224
- C:\Windows\System\TJVBpaK.exe
  C:\Windows\System\TJVBpaK.exe
  2⤵
  PID:5836
- C:\Windows\System\hRTtYJg.exe
  C:\Windows\System\hRTtYJg.exe
  2⤵
  PID:7300
- C:\Windows\System\UVvOaFt.exe
  C:\Windows\System\UVvOaFt.exe
  2⤵
  PID:7316
- C:\Windows\System\bcjqmOx.exe
  C:\Windows\System\bcjqmOx.exe
  2⤵
  PID:7484
- C:\Windows\System\qtgcGzM.exe
  C:\Windows\System\qtgcGzM.exe
  2⤵
  PID:7424
- C:\Windows\System\bVIzXCB.exe
  C:\Windows\System\bVIzXCB.exe
  2⤵
  PID:7580
- C:\Windows\System\TcDDSlR.exe
  C:\Windows\System\TcDDSlR.exe
  2⤵
  PID:7844
- C:\Windows\System\hmqEUKQ.exe
  C:\Windows\System\hmqEUKQ.exe
  2⤵
  PID:7964
- C:\Windows\System\wOXHfur.exe
  C:\Windows\System\wOXHfur.exe
  2⤵
  PID:8048
- C:\Windows\System\vFkMpue.exe
  C:\Windows\System\vFkMpue.exe
  2⤵
  PID:8196
- C:\Windows\System\cNogwxd.exe
  C:\Windows\System\cNogwxd.exe
  2⤵
  PID:8200
- C:\Windows\System\PloLJGQ.exe
  C:\Windows\System\PloLJGQ.exe
  2⤵
  PID:2500
- C:\Windows\System\KnIDpmd.exe
  C:\Windows\System\KnIDpmd.exe
  2⤵
  PID:8296
- C:\Windows\System\ntIordC.exe
  C:\Windows\System\ntIordC.exe
  2⤵
  PID:8344
- C:\Windows\System\jtIWRnn.exe
  C:\Windows\System\jtIWRnn.exe
  2⤵
  PID:2928
- C:\Windows\System\JFKqItg.exe
  C:\Windows\System\JFKqItg.exe
  2⤵
  PID:8376
- C:\Windows\System\jsJXXbu.exe
  C:\Windows\System\jsJXXbu.exe
  2⤵
  PID:8416
- C:\Windows\System\pFNADPy.exe
  C:\Windows\System\pFNADPy.exe
  2⤵
  PID:8404
- C:\Windows\System\BUORHGP.exe
  C:\Windows\System\BUORHGP.exe
  2⤵
  PID:8444
- C:\Windows\System\jrigOJa.exe
  C:\Windows\System\jrigOJa.exe
  2⤵
  PID:8576
- C:\Windows\System\HQiyuoi.exe
  C:\Windows\System\HQiyuoi.exe
  2⤵
  PID:8556
- C:\Windows\System\MPGRCLp.exe
  C:\Windows\System\MPGRCLp.exe
  2⤵
  PID:8560
- C:\Windows\System\FXTcNdH.exe
  C:\Windows\System\FXTcNdH.exe
  2⤵
  PID:2008
- C:\Windows\System\xstSCks.exe
  C:\Windows\System\xstSCks.exe
  2⤵
  PID:8608
- C:\Windows\System\CxTsLsh.exe
  C:\Windows\System\CxTsLsh.exe
  2⤵
  PID:1904
- C:\Windows\System\nGBEpHU.exe
  C:\Windows\System\nGBEpHU.exe
  2⤵
  PID:8672
- C:\Windows\System\faWjHTu.exe
  C:\Windows\System\faWjHTu.exe
  2⤵
  PID:8684
- C:\Windows\System\mAKBSbM.exe
  C:\Windows\System\mAKBSbM.exe
  2⤵
  PID:8816
- C:\Windows\System\GdZDfxT.exe
  C:\Windows\System\GdZDfxT.exe
  2⤵
  PID:560
- C:\Windows\System\mrFnyDr.exe
  C:\Windows\System\mrFnyDr.exe
  2⤵
  PID:8964
- C:\Windows\System\pGaxexI.exe
  C:\Windows\System\pGaxexI.exe
  2⤵
  PID:8712
- C:\Windows\System\yIOQjPe.exe
  C:\Windows\System\yIOQjPe.exe
  2⤵
  PID:8756
- C:\Windows\System\OzeCbYx.exe
  C:\Windows\System\OzeCbYx.exe
  2⤵
  PID:8800
- C:\Windows\System\ZuCrUQR.exe
  C:\Windows\System\ZuCrUQR.exe
  2⤵
  PID:2656
- C:\Windows\System\UvMpwMC.exe
  C:\Windows\System\UvMpwMC.exe
  2⤵
  PID:8948
- C:\Windows\System\ODusIET.exe
  C:\Windows\System\ODusIET.exe
  2⤵
  PID:9008
- C:\Windows\System\EqeCohV.exe
  C:\Windows\System\EqeCohV.exe
  2⤵
  PID:9092
- C:\Windows\System\coGAxao.exe
  C:\Windows\System\coGAxao.exe
  2⤵
  PID:9076
- C:\Windows\System\LgcFIkW.exe
  C:\Windows\System\LgcFIkW.exe
  2⤵
  PID:9132
- C:\Windows\System\SXqmYAn.exe
  C:\Windows\System\SXqmYAn.exe
  2⤵
  PID:9164
- C:\Windows\System\uEmvGBQ.exe
  C:\Windows\System\uEmvGBQ.exe
  2⤵
  PID:9168
- C:\Windows\System\ZnekSZb.exe
  C:\Windows\System\ZnekSZb.exe
  2⤵
  PID:9212
- C:\Windows\System\SKTZRuU.exe
  C:\Windows\System\SKTZRuU.exe
  2⤵
  PID:2968
- C:\Windows\System\ZmMIwHf.exe
  C:\Windows\System\ZmMIwHf.exe
  2⤵
  PID:7240
- C:\Windows\System\LKQLSSq.exe
  C:\Windows\System\LKQLSSq.exe
  2⤵
  PID:2752
- C:\Windows\System\usMqebu.exe
  C:\Windows\System\usMqebu.exe
  2⤵
  PID:2816
- C:\Windows\System\yFRoevb.exe
  C:\Windows\System\yFRoevb.exe
  2⤵
  PID:2108
- C:\Windows\System\CQVekQQ.exe
  C:\Windows\System\CQVekQQ.exe
  2⤵
  PID:7704
- C:\Windows\System\CMGGROE.exe
  C:\Windows\System\CMGGROE.exe
  2⤵
  PID:7796
- C:\Windows\System\RAkkbbl.exe
  C:\Windows\System\RAkkbbl.exe
  2⤵
  PID:2264
- C:\Windows\System\zLOOYcB.exe
  C:\Windows\System\zLOOYcB.exe
  2⤵
  PID:3032
- C:\Windows\System\oAMXugr.exe
  C:\Windows\System\oAMXugr.exe
  2⤵
  PID:8952
- C:\Windows\System\GOgblOC.exe
  C:\Windows\System\GOgblOC.exe
  2⤵
  PID:8256
- C:\Windows\System\AgNsEVX.exe
  C:\Windows\System\AgNsEVX.exe
  2⤵
  PID:8300
- C:\Windows\System\YwttIYo.exe
  C:\Windows\System\YwttIYo.exe
  2⤵
  PID:8284
- C:\Windows\System\PxKxHcW.exe
  C:\Windows\System\PxKxHcW.exe
  2⤵
  PID:8464
- C:\Windows\System\QnHhTiy.exe
  C:\Windows\System\QnHhTiy.exe
  2⤵
  PID:8424
- C:\Windows\System\okGiiVn.exe
  C:\Windows\System\okGiiVn.exe
  2⤵
  PID:8492
- C:\Windows\System\TZeveFp.exe
  C:\Windows\System\TZeveFp.exe
  2⤵
  PID:8532
- C:\Windows\System\GXtEgKZ.exe
  C:\Windows\System\GXtEgKZ.exe
  2⤵
  PID:8544
- C:\Windows\System\DBUtVOh.exe
  C:\Windows\System\DBUtVOh.exe
  2⤵
  PID:8580
- C:\Windows\System\nNJTfPd.exe
  C:\Windows\System\nNJTfPd.exe
  2⤵
  PID:8624
- C:\Windows\System\VmNDQFd.exe
  C:\Windows\System\VmNDQFd.exe
  2⤵
  PID:8476
- C:\Windows\System\CrEIOFb.exe
  C:\Windows\System\CrEIOFb.exe
  2⤵
  PID:8744
- C:\Windows\System\dXNrRVj.exe
  C:\Windows\System\dXNrRVj.exe
  2⤵
  PID:8740
- C:\Windows\System\xLNPctz.exe
  C:\Windows\System\xLNPctz.exe
  2⤵
  PID:9004
- C:\Windows\System\gmVTraT.exe
  C:\Windows\System\gmVTraT.exe
  2⤵
  PID:9088
- C:\Windows\System\owHFifU.exe
  C:\Windows\System\owHFifU.exe
  2⤵
  PID:9028
- C:\Windows\System\eiVKdZZ.exe
  C:\Windows\System\eiVKdZZ.exe
  2⤵
  PID:9148
- C:\Windows\System\tYvBfSG.exe
  C:\Windows\System\tYvBfSG.exe
  2⤵
  PID:7536
- C:\Windows\System\NdWimOO.exe
  C:\Windows\System\NdWimOO.exe
  2⤵
  PID:2060
- C:\Windows\System\gDzxBHE.exe
  C:\Windows\System\gDzxBHE.exe
  2⤵
  PID:9184
- C:\Windows\System\JkFtzEx.exe
  C:\Windows\System\JkFtzEx.exe
  2⤵
  PID:2440
- C:\Windows\System\nyProkk.exe
  C:\Windows\System\nyProkk.exe
  2⤵
  PID:1076
- C:\Windows\System\TmLjdJW.exe
  C:\Windows\System\TmLjdJW.exe
  2⤵
  PID:7736
- C:\Windows\System\SLGYLPk.exe
  C:\Windows\System\SLGYLPk.exe
  2⤵
  PID:8356
- C:\Windows\System\hdWhcAR.exe
  C:\Windows\System\hdWhcAR.exe
  2⤵
  PID:8396
- C:\Windows\System\KqcxlDL.exe
  C:\Windows\System\KqcxlDL.exe
  2⤵
  PID:8380
- C:\Windows\System\DJGQZGF.exe
  C:\Windows\System\DJGQZGF.exe
  2⤵
  PID:8324
- C:\Windows\System\xhldevB.exe
  C:\Windows\System\xhldevB.exe
  2⤵
  PID:1936
- C:\Windows\System\yNUiwfH.exe
  C:\Windows\System\yNUiwfH.exe
  2⤵
  PID:6752
- C:\Windows\System\HpPtYIO.exe
  C:\Windows\System\HpPtYIO.exe
  2⤵
  PID:8516
- C:\Windows\System\TMfbIkQ.exe
  C:\Windows\System\TMfbIkQ.exe
  2⤵
  PID:8696
- C:\Windows\System\ycXDAJs.exe
  C:\Windows\System\ycXDAJs.exe
  2⤵
  PID:2056
- C:\Windows\System\fNKLmQm.exe
  C:\Windows\System\fNKLmQm.exe
  2⤵
  PID:8928
- C:\Windows\System\WdkEnIu.exe
  C:\Windows\System\WdkEnIu.exe
  2⤵
  PID:8676
- C:\Windows\System\UrnUjwJ.exe
  C:\Windows\System\UrnUjwJ.exe
  2⤵
  PID:8976
- C:\Windows\System\hbivBcp.exe
  C:\Windows\System\hbivBcp.exe
  2⤵
  PID:8940
- C:\Windows\System\QWBsFHE.exe
  C:\Windows\System\QWBsFHE.exe
  2⤵
  PID:8844
- C:\Windows\System\gppdOKk.exe
  C:\Windows\System\gppdOKk.exe
  2⤵
  PID:9128
- C:\Windows\System\AVzjezB.exe
  C:\Windows\System\AVzjezB.exe
  2⤵
  PID:9044
- C:\Windows\System\XdEgLeh.exe
  C:\Windows\System\XdEgLeh.exe
  2⤵
  PID:7476
- C:\Windows\System\GQjtQnU.exe
  C:\Windows\System\GQjtQnU.exe
  2⤵
  PID:8260
- C:\Windows\System\jVvyCTF.exe
  C:\Windows\System\jVvyCTF.exe
  2⤵
  PID:8780
- C:\Windows\System\dtQJmpu.exe
  C:\Windows\System\dtQJmpu.exe
  2⤵
  PID:2000
- C:\Windows\System\lMNJpQe.exe
  C:\Windows\System\lMNJpQe.exe
  2⤵
  PID:2812
- C:\Windows\System\TVbcPPQ.exe
  C:\Windows\System\TVbcPPQ.exe
  2⤵
  PID:8992
- C:\Windows\System\NZCacuA.exe
  C:\Windows\System\NZCacuA.exe
  2⤵
  PID:8840
- C:\Windows\System\wRxHHOY.exe
  C:\Windows\System\wRxHHOY.exe
  2⤵
  PID:9112
- C:\Windows\System\NfrTfiI.exe
  C:\Windows\System\NfrTfiI.exe
  2⤵
  PID:9052
- C:\Windows\System\eVjXWTP.exe
  C:\Windows\System\eVjXWTP.exe
  2⤵
  PID:1060
- C:\Windows\System\FXWKBKD.exe
  C:\Windows\System\FXWKBKD.exe
  2⤵
  PID:2748
- C:\Windows\System\dTWxOzs.exe
  C:\Windows\System\dTWxOzs.exe
  2⤵
  PID:2232
- C:\Windows\System\VWhBxOT.exe
  C:\Windows\System\VWhBxOT.exe
  2⤵
  PID:9116
- C:\Windows\System\gProcNy.exe
  C:\Windows\System\gProcNy.exe
  2⤵
  PID:8480
- C:\Windows\System\OuBSnzS.exe
  C:\Windows\System\OuBSnzS.exe
  2⤵
  PID:8968
- C:\Windows\System\ueanwpf.exe
  C:\Windows\System\ueanwpf.exe
  2⤵
  PID:2820
- C:\Windows\System\hcenYmL.exe
  C:\Windows\System\hcenYmL.exe
  2⤵
  PID:8244
- C:\Windows\System\PAgSSqp.exe
  C:\Windows\System\PAgSSqp.exe
  2⤵
  PID:9048
- C:\Windows\System\unkxurv.exe
  C:\Windows\System\unkxurv.exe
  2⤵
  PID:2996
- C:\Windows\System\xhEuViH.exe
  C:\Windows\System\xhEuViH.exe
  2⤵
  PID:2104
- C:\Windows\System\wWYnltC.exe
  C:\Windows\System\wWYnltC.exe
  2⤵
  PID:9228
- C:\Windows\System\zJTVGLM.exe
  C:\Windows\System\zJTVGLM.exe
  2⤵
  PID:9244
- C:\Windows\System\qsALJZE.exe
  C:\Windows\System\qsALJZE.exe
  2⤵
  PID:9260
- C:\Windows\System\GwthGEx.exe
  C:\Windows\System\GwthGEx.exe
  2⤵
  PID:9276
- C:\Windows\System\mNXpgYe.exe
  C:\Windows\System\mNXpgYe.exe
  2⤵
  PID:9292
- C:\Windows\System\gRkGsCI.exe
  C:\Windows\System\gRkGsCI.exe
  2⤵
  PID:9308
- C:\Windows\System\lyBHQjK.exe
  C:\Windows\System\lyBHQjK.exe
  2⤵
  PID:9324
- C:\Windows\System\LWwTPpK.exe
  C:\Windows\System\LWwTPpK.exe
  2⤵
  PID:9340
- C:\Windows\System\rVtXHii.exe
  C:\Windows\System\rVtXHii.exe
  2⤵
  PID:9356
- C:\Windows\System\TGhnCUd.exe
  C:\Windows\System\TGhnCUd.exe
  2⤵
  PID:9376
- C:\Windows\System\bWCdaQQ.exe
  C:\Windows\System\bWCdaQQ.exe
  2⤵
  PID:9392
- C:\Windows\System\xLLGMZp.exe
  C:\Windows\System\xLLGMZp.exe
  2⤵
  PID:9408
- C:\Windows\System\EJXZivq.exe
  C:\Windows\System\EJXZivq.exe
  2⤵
  PID:9424
- C:\Windows\System\EFwYeBV.exe
  C:\Windows\System\EFwYeBV.exe
  2⤵
  PID:9440
- C:\Windows\System\JYiYdqz.exe
  C:\Windows\System\JYiYdqz.exe
  2⤵
  PID:9456
- C:\Windows\System\lJgjQGN.exe
  C:\Windows\System\lJgjQGN.exe
  2⤵
  PID:9472
- C:\Windows\System\sRDoTNR.exe
  C:\Windows\System\sRDoTNR.exe
  2⤵
  PID:9492
- C:\Windows\System\EdrtRWZ.exe
  C:\Windows\System\EdrtRWZ.exe
  2⤵
  PID:9552
- C:\Windows\System\hLnXRNl.exe
  C:\Windows\System\hLnXRNl.exe
  2⤵
  PID:9596
- C:\Windows\System\fwBRiZE.exe
  C:\Windows\System\fwBRiZE.exe
  2⤵
  PID:9640
- C:\Windows\System\mwiNdFg.exe
  C:\Windows\System\mwiNdFg.exe
  2⤵
  PID:9660
- C:\Windows\System\NcqWPmk.exe
  C:\Windows\System\NcqWPmk.exe
  2⤵
  PID:9676
- C:\Windows\System\APVDaLT.exe
  C:\Windows\System\APVDaLT.exe
  2⤵
  PID:9692
- C:\Windows\System\vmcYOYo.exe
  C:\Windows\System\vmcYOYo.exe
  2⤵
  PID:9716
- C:\Windows\System\PCwBgGX.exe
  C:\Windows\System\PCwBgGX.exe
  2⤵
  PID:9740
- C:\Windows\System\YsWjyjQ.exe
  C:\Windows\System\YsWjyjQ.exe
  2⤵
  PID:9764
- C:\Windows\System\CQaFcKV.exe
  C:\Windows\System\CQaFcKV.exe
  2⤵
  PID:9788
- C:\Windows\System\ZVPxXLG.exe
  C:\Windows\System\ZVPxXLG.exe
  2⤵
  PID:9812
- C:\Windows\System\bLvmpxo.exe
  C:\Windows\System\bLvmpxo.exe
  2⤵
  PID:9828
- C:\Windows\System\FQZCRmI.exe
  C:\Windows\System\FQZCRmI.exe
  2⤵
  PID:9844
- C:\Windows\System\LLkWrlY.exe
  C:\Windows\System\LLkWrlY.exe
  2⤵
  PID:9864
- C:\Windows\System\gNTvDRT.exe
  C:\Windows\System\gNTvDRT.exe
  2⤵
  PID:9880
- C:\Windows\System\ohcdFzk.exe
  C:\Windows\System\ohcdFzk.exe
  2⤵
  PID:9904
- C:\Windows\System\SxKlJJl.exe
  C:\Windows\System\SxKlJJl.exe
  2⤵
  PID:9920
- C:\Windows\System\faudfTo.exe
  C:\Windows\System\faudfTo.exe
  2⤵
  PID:9936
- C:\Windows\System\yKFjuNz.exe
  C:\Windows\System\yKFjuNz.exe
  2⤵
  PID:9952
- C:\Windows\System\nlsJaua.exe
  C:\Windows\System\nlsJaua.exe
  2⤵
  PID:9968
- C:\Windows\System\GbimTsh.exe
  C:\Windows\System\GbimTsh.exe
  2⤵
  PID:9984
- C:\Windows\System\FranDzY.exe
  C:\Windows\System\FranDzY.exe
  2⤵
  PID:10000
- C:\Windows\System\gLOMFsQ.exe
  C:\Windows\System\gLOMFsQ.exe
  2⤵
  PID:10020
- C:\Windows\System\dTgyhbo.exe
  C:\Windows\System\dTgyhbo.exe
  2⤵
  PID:10036
- C:\Windows\System\QOnROYw.exe
  C:\Windows\System\QOnROYw.exe
  2⤵
  PID:10052
- C:\Windows\System\FWNzRcz.exe
  C:\Windows\System\FWNzRcz.exe
  2⤵
  PID:10068
- C:\Windows\System\EybtCnK.exe
  C:\Windows\System\EybtCnK.exe
  2⤵
  PID:10084
- C:\Windows\System\hZKjyOn.exe
  C:\Windows\System\hZKjyOn.exe
  2⤵
  PID:10100
- C:\Windows\System\fsSpLEL.exe
  C:\Windows\System\fsSpLEL.exe
  2⤵
  PID:10116
- C:\Windows\System\hdvhGEv.exe
  C:\Windows\System\hdvhGEv.exe
  2⤵
  PID:10132
- C:\Windows\System\gfYcWTo.exe
  C:\Windows\System\gfYcWTo.exe
  2⤵
  PID:10148
- C:\Windows\System\VNXxZrV.exe
  C:\Windows\System\VNXxZrV.exe
  2⤵
  PID:10204
- C:\Windows\System\BKierUo.exe
  C:\Windows\System\BKierUo.exe
  2⤵
  PID:10224
- C:\Windows\System\NNHDCjt.exe
  C:\Windows\System\NNHDCjt.exe
  2⤵
  PID:9240
- C:\Windows\System\PIjSnbQ.exe
  C:\Windows\System\PIjSnbQ.exe
  2⤵
  PID:9304
- C:\Windows\System\vXjiCQX.exe
  C:\Windows\System\vXjiCQX.exe
  2⤵
  PID:9400
- C:\Windows\System\HSEjqjM.exe
  C:\Windows\System\HSEjqjM.exe
  2⤵
  PID:9468
- C:\Windows\System\yxRwEsz.exe
  C:\Windows\System\yxRwEsz.exe
  2⤵
  PID:9320
- C:\Windows\System\kFwJALO.exe
  C:\Windows\System\kFwJALO.exe
  2⤵
  PID:9220
- C:\Windows\System\EJIFxTF.exe
  C:\Windows\System\EJIFxTF.exe
  2⤵
  PID:9484
- C:\Windows\System\rNTwxyl.exe
  C:\Windows\System\rNTwxyl.exe
  2⤵
  PID:9452
- C:\Windows\System\TnQbbAt.exe
  C:\Windows\System\TnQbbAt.exe
  2⤵
  PID:9512
- C:\Windows\System\mbyUtbn.exe
  C:\Windows\System\mbyUtbn.exe
  2⤵
  PID:9544
- C:\Windows\System\Tmmzwib.exe
  C:\Windows\System\Tmmzwib.exe
  2⤵
  PID:9616
- C:\Windows\System\ijhsMUH.exe
  C:\Windows\System\ijhsMUH.exe
  2⤵
  PID:9576
- C:\Windows\System\oNDclBZ.exe
  C:\Windows\System\oNDclBZ.exe
  2⤵
  PID:9568
- C:\Windows\System\VoiVETU.exe
  C:\Windows\System\VoiVETU.exe
  2⤵
  PID:9648
- C:\Windows\System\leQLvuP.exe
  C:\Windows\System\leQLvuP.exe
  2⤵
  PID:9704
- C:\Windows\System\eZCwrxA.exe
  C:\Windows\System\eZCwrxA.exe
  2⤵
  PID:9760
- C:\Windows\System\LulfkeO.exe
  C:\Windows\System\LulfkeO.exe
  2⤵
  PID:9780
- C:\Windows\System\sCxORqo.exe
  C:\Windows\System\sCxORqo.exe
  2⤵
  PID:9820
- C:\Windows\System\uhxoeCn.exe
  C:\Windows\System\uhxoeCn.exe
  2⤵
  PID:9876
- C:\Windows\System\NeFdkSM.exe
  C:\Windows\System\NeFdkSM.exe
  2⤵
  PID:9948
- C:\Windows\System\DHgqwOe.exe
  C:\Windows\System\DHgqwOe.exe
  2⤵
  PID:9996
- C:\Windows\System\EHimrwi.exe
  C:\Windows\System\EHimrwi.exe
  2⤵
  PID:9928
- C:\Windows\System\bxpXzfR.exe
  C:\Windows\System\bxpXzfR.exe
  2⤵
  PID:10028
- C:\Windows\System\QIKmFIh.exe
  C:\Windows\System\QIKmFIh.exe
  2⤵
  PID:10060
- C:\Windows\System\yFvyoys.exe
  C:\Windows\System\yFvyoys.exe
  2⤵
  PID:10092
- C:\Windows\System\TKgnfkj.exe
  C:\Windows\System\TKgnfkj.exe
  2⤵
  PID:9980
- C:\Windows\System\vTMDYGk.exe
  C:\Windows\System\vTMDYGk.exe
  2⤵
  PID:10008
- C:\Windows\System\glNZWQU.exe
  C:\Windows\System\glNZWQU.exe
  2⤵
  PID:10144
- C:\Windows\System\IuVGyGO.exe
  C:\Windows\System\IuVGyGO.exe
  2⤵
  PID:10180
- C:\Windows\System\mOKWswe.exe
  C:\Windows\System\mOKWswe.exe
  2⤵
  PID:9300
- C:\Windows\System\dRCuWwB.exe
  C:\Windows\System\dRCuWwB.exe
  2⤵
  PID:9388
- C:\Windows\System\yBMnxrP.exe
  C:\Windows\System\yBMnxrP.exe
  2⤵
  PID:9516
- C:\Windows\System\AcayoIJ.exe
  C:\Windows\System\AcayoIJ.exe
  2⤵
  PID:9348
- C:\Windows\System\yIlSbDA.exe
  C:\Windows\System\yIlSbDA.exe
  2⤵
  PID:10232
- C:\Windows\System\PbbMcws.exe
  C:\Windows\System\PbbMcws.exe
  2⤵
  PID:8720
- C:\Windows\System\cDsFFaC.exe
  C:\Windows\System\cDsFFaC.exe
  2⤵
  PID:9256
- C:\Windows\System\IghOZuV.exe
  C:\Windows\System\IghOZuV.exe
  2⤵
  PID:9604
- C:\Windows\System\wtZexOi.exe
  C:\Windows\System\wtZexOi.exe
  2⤵
  PID:9636
- C:\Windows\System\qaGmgho.exe
  C:\Windows\System\qaGmgho.exe
  2⤵
  PID:9592
- C:\Windows\System\wwpmVKf.exe
  C:\Windows\System\wwpmVKf.exe
  2⤵
  PID:9728
- C:\Windows\System\VXyRjeJ.exe
  C:\Windows\System\VXyRjeJ.exe
  2⤵
  PID:9708
- C:\Windows\System\fQnUaBA.exe
  C:\Windows\System\fQnUaBA.exe
  2⤵
  PID:9736
- C:\Windows\System\uaWruwl.exe
  C:\Windows\System\uaWruwl.exe
  2⤵
  PID:9784
- C:\Windows\System\TvQMQeu.exe
  C:\Windows\System\TvQMQeu.exe
  2⤵
  PID:9964
- C:\Windows\System\ZniUUVC.exe
  C:\Windows\System\ZniUUVC.exe
  2⤵
  PID:9872
- C:\Windows\System\kHatqbm.exe
  C:\Windows\System\kHatqbm.exe
  2⤵
  PID:10172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AWEsjDl.exe

Filesize
6.0MB

MD5
fa9aad5d3ff9d53cc194207eb1e24422

SHA1
d161133934a7ef6adeaa3b7dafdb991e16012f90

SHA256
b3ddc8a75608f639e3d69780bec98d960de4f68c1dc71d725d8e67d53a5d7786

SHA512
bb20853bc77ec2e8d0c79a271ff3f91c9caa8ac46762fac90203f1fb0e3052ea130f90813d85b25b8605fbf4c60d9238e7f19100da03316ea9f3274c84bd0518

Download Submit
C:\Windows\system\AfNUQZE.exe

Filesize
6.0MB

MD5
e780849368303f34eaafefc684a0168e

SHA1
63c6e7d4e0d5667e8e850515789cc54d2a12b0e1

SHA256
27149ff9708cde4ca9cb00d2b415154a561a08d5629702f4b21b649981ecc346

SHA512
d1bbfb8ef5c7c1848e0b9cb3dd5e06dbd6da25c2c35baf928461773336f421c4c616f881ca45c619fa5d6fe7c32f998745c99f4e6b8131f617a2b45236a6495b

Download Submit
C:\Windows\system\DGYygGW.exe

Filesize
6.0MB

MD5
853e54b564abe5e3789da54c4b0e439e

SHA1
6b162b7f5a21b10d36a986cd1cddf3649638dd88

SHA256
48d38d32a820b0dffa5f8d8cf47dc8c383ef9d49831f0c1f7491ff268e6beb5e

SHA512
36f3c7eca8f1d6dbc3a15fad17b2afeed6181d5d301c321758dd83ac223b2c5086e2392a280aa9f7a0f6c72ad83b06791d396bff7807ee77ca508a2f294255a5

Download Submit
C:\Windows\system\Ebvvpem.exe

Filesize
6.0MB

MD5
1d46b51cfe31ef85dd9ab7134903bfda

SHA1
551c58688c176bf0a33dce907a770f56397f1957

SHA256
9e16ff0225ae11e4c2e106502945faf70758abc51392fb0c0c0d07d86deb3332

SHA512
33e5251b4e41f2c0c0a83657e97e56d0f7a5a1e6d40f6946fbf3b6632788a4164625dc4cdfafb58f68a2d856841ea876b23a1a40ce4dc3e6f1e83affd0acb4a0

Download Submit
C:\Windows\system\GkooGAf.exe

Filesize
6.0MB

MD5
8528c6ffbb39d070152de242aa143522

SHA1
96e1e0767b1d62d0aadd40dfb59ad93be7a5d055

SHA256
a1e078999cdca5a710dab0e1ad7a16be726be972e473a1543a51f241f956317c

SHA512
a948726a9a8621728c95609e79bf244cfb312a078e683b2c74f6c5daf60dc6b13935ba3c7a2516b8e2ba94cbfa6fc36065d78c4ec849a1b0e1fe4aa31211403f

Download Submit
C:\Windows\system\JDkXJkk.exe

Filesize
6.0MB

MD5
9f18c4c15a0f4fc730eebbc831bb5cce

SHA1
6c4d1d021b520a88917ae683d2fd36bf21c66fac

SHA256
078b2761d0aa7d30235ff0904f45d5071fdb1b00cb87a883709ebc53e4bffa34

SHA512
73bd1cc4304ddb0b07f27d47a8b8dba8f6479a1a01a0ce6e744b7330cfc45756812781f1805ffc5fbb702a97734fb9ce30314840dbe9b4fb995ea9d4149fb4b2

Download Submit
C:\Windows\system\LfVJGZE.exe

Filesize
6.0MB

MD5
3aff7f38fb792ac66d6ed8091c2c1383

SHA1
2bfb5544055b7253852169498205b41af6636954

SHA256
201c7a6b5f6b585933fc69bd19d2608326b565de5851f3680f0b635bdf96d680

SHA512
9dc4c6ec5ec3c6144e142a6359fc7a1e51e88ba18d58bde7e0e620b8729764c1302be39af347917c285c6966caa82e9d4bb6b5126cfe44dde6e6f5cb8ddc3a01

Download Submit
C:\Windows\system\MKsoeKf.exe

Filesize
6.0MB

MD5
ce66bc200bbc2c9767c74cccaad5bef8

SHA1
90ee9608e062e15d91dbcccdb9c22a0cc29ecb27

SHA256
3ed6398b9a2acf508f55899cda1fde5a80405bf86bc9f8b70baf838ed7c1a4d0

SHA512
7312b454c86b119133587e84a81351416f953dc0f2b9e3f2968cc3c37d68f890cd6f154dd741c382270010579c1c5406533cd59109bb6665917ed401d3a021b5

Download Submit
C:\Windows\system\RXXtrjJ.exe

Filesize
6.0MB

MD5
ecb19b36a9014a23304be76a1ca3b3a5

SHA1
b817e33fdeee43b34e18a45c3d325a30d44bc8f0

SHA256
6f66c95ace260a84d7446543dc76487c3e6b9867e2a3a72e0822fa02a263543a

SHA512
c9e4063eed67ec315dfb39d95ce25b41338a546fec72c172a54f5e6e7b43437c70e966622e86be1370c586678a3b52acc594f25943bc958a53057e8b916d1623

Download Submit
C:\Windows\system\ScjWtOq.exe

Filesize
6.0MB

MD5
2dcb1b31c429f90a066523edaa726482

SHA1
b7ecd5fee91b7332a44d8dd7d8071062ff7cc948

SHA256
adadd30d75891372690c02b38554a314d7be2e23164a29ef43eb3a9f8c430344

SHA512
3961e2f1b3b6a9080a93ef3a95bf5355ae1fbd27bc3b6fcb8c0cb6233cbc17f9a1d3d21667fc721bb4c738113086b78b1f1e4e15416707735b316336670afae9

Download Submit
C:\Windows\system\UpEmbBR.exe

Filesize
6.0MB

MD5
a6abbbe79167390f758351620ef733e1

SHA1
5046b7264a7f66a1566684560dc2fac805a8c64c

SHA256
af6df761672085cebb7a4818410be3006c37cdd08921e60c9da5f95dfb9c2779

SHA512
cbc4017181d5c2b3481d025733b8c71d1de4c0c653c8985efc840c79e81fb76f16cd7f617a4bf0e0bc19e98df7b960b186e8e22af5b6aeba11c18fbc9398f5e1

Download Submit
C:\Windows\system\VwBtGOe.exe

Filesize
6.0MB

MD5
d870ec5d30cb92185f059c166780a90c

SHA1
8555a41190d0b3648c723a72479491d81c4ab1a4

SHA256
4bdc226eeb9a689ba2c759223ca10412c56d38df9de0b47bc7f08d1a13f3799c

SHA512
c0a097b1165c61fa8c03604eb299a376f72b8d8583ce8f8ae12d8dad00d74c48d8c18f0651da1cd8ee9014ea0c373fb8610f89d03f5b4bdccd897d379818612a

Download Submit
C:\Windows\system\YZVHdhB.exe

Filesize
6.0MB

MD5
764a025018869a959c6b7df46adf9838

SHA1
bdc620c214fcf1863be49185bb728f5d2133c667

SHA256
2dda4df9c6b8988dd7787618bed28046b647a2a3adaa686a0c2fd277fbff5dde

SHA512
09c1974b9d208253a5516dc20b089739c6ec1c8df0180f9028ae16c3261a75200e4646d0a4b8a6e2de5ebb4f1bf253aad5f001581875e613d9a4037181168f74

Download Submit
C:\Windows\system\ZbjSshW.exe

Filesize
6.0MB

MD5
b3b77a4792128c24193a6e502790e904

SHA1
84c52168f6d612a9224acaaae7669a22342ee13c

SHA256
38aed798898ad8ba03ee8e2f13bf04a37a9288ac9080aaa67568812de12fe3b2

SHA512
7817a8ca0dd6f5be10c409bdac31bc3e9a7e6c755dd56b4d7278852448a4af091697038c2178c8131e0f9ce9d6b00f60fd899df8f6be224abc1b856fc7c33f5a

Download Submit
C:\Windows\system\coFGygF.exe

Filesize
6.0MB

MD5
2d4056365b97fe2769cab45a286aa333

SHA1
f11f8b2d5b212aeb6c713b9b40fce31cb40f83ad

SHA256
9adbc156baa0ee5d5d661c7d82f116964561ff4b4da8529a2f4bd4c6b3e65334

SHA512
19d70803db4abd28d77f5f577ea36e3feebfea7238fe6d06fa72de52b2b8744574abc095edf4b8c337ad0467cd83493b709841e90802f90dee4b3c5e8270154d

Download Submit
C:\Windows\system\dgcveeL.exe

Filesize
6.0MB

MD5
67f82a07a356f21cc84cc74f2330c393

SHA1
7801e02bd0546f620c96efee7a2a8e6780f99889

SHA256
e3736c97c92213c46977e138e2bfc2c993a7d3da13ab7c66de3e92d3fb03878b

SHA512
c0fab3b4674d6e270605626d37aa8cfa41f9c2ef9e6867f8fd462d9ee19391952d2ff27c05d753e1afc7f1484179000e5683726fc61541bb11e603004a3c5b66

Download Submit
C:\Windows\system\frmGxXn.exe

Filesize
6.0MB

MD5
24be7dd894ae5d8a386ebb7558014df0

SHA1
3f435ef9795435c8e4b5826ff2a1882f07b8c013

SHA256
b419e71edc5ab6fe5ee6063ceb0996df22ae799c09d8f3b8d52c3caa0dfaf78d

SHA512
ac4b4ca75dfa16af956749f88ed5a00677250c14022167715ea3293a767086f03aeaff11af9fbf978067993d6ef4abf244970e77b4219f09a14cec28f3c32c2d

Download Submit
C:\Windows\system\hWqYSTh.exe

Filesize
6.0MB

MD5
d05b4b766697bcd8c9730760047526df

SHA1
79129b7c1dd2388aeb170322214bcf0527e6ea5a

SHA256
dca7a8d8e82c209bdbca4365661d46f04ae9c35ffdce63af0331a5f9dc81911f

SHA512
b957daf276e75c327835eb493a94fff7a64eb24b0b5ff61623b7d2a24d2d86807d25d5d8b02e8c7866d84d6360c7922f0794e528e34fa0d51879aecbbc3079da

Download Submit
C:\Windows\system\kZwYCMm.exe

Filesize
6.0MB

MD5
9f35aaacbce6f5d5a1a97982e958f7e1

SHA1
2622221a1f73101e9d382431b6a101f5ab929a79

SHA256
96fd9509a11b30875878073d0362b401b9d7c6292d92c530c9c14f6553890934

SHA512
b475a3518b169874a37b4b8ebff3749848b6a0a95520983b05acc4695fb62ab08917c3e87d0024412f1c98e8b9fd2358e967d7f75aa9f463bc1843acea7a64e8

Download Submit
C:\Windows\system\maUCKKT.exe

Filesize
6.0MB

MD5
205cbbc09fc27812b2ac36ebc3b399d1

SHA1
6416bd70d30fe71db1b8e7471f5859f3b62feb22

SHA256
09ce551f064c7185be8dbda2ff04cbd5b5c07949d64890b551ef23b78c0d7613

SHA512
4f3158c3e02c506f35b218fd436799f1f806bc35270df84bd14fdfe9a5cda8c68706366df19b772762437aaba49d1e7f798d2d49cc83bfb2a8f7fb86e380e1b8

Download Submit
C:\Windows\system\oLYarmS.exe

Filesize
6.0MB

MD5
0b83a315e4e3f71746b2f77bbf0610d9

SHA1
638a28cbfc941096eef5b6f2620bcc20be3f8723

SHA256
5e8217fd36ebd5673e4518b239544983169b904600b92c73b7b79b94494e621d

SHA512
8dd416a9b8fea4e2b0477bc8fa22a4a8d80a68a4153cc3bf74af518b108097b632cf90a598aea8f3ac065cf76e9234ae4a9317788c3e4734cc862aad8e9c1c4c

Download Submit
C:\Windows\system\tkjHGVa.exe

Filesize
6.0MB

MD5
cf66e7e48b4dd0cd564fe031611b5d10

SHA1
cbc6843f3023e1d441f7ee13f95b5c1b3f2d98c6

SHA256
7e14d728dfc434ba7e8b18239e94146f7c03f0f4ac742529f8f47a2c30b2be3b

SHA512
4a638a22dfc6249ae6a82476415f8f8b43a857087934909fad859c31d69e3fa9925a03485565fff77a2100eb2b7adf9ba43e343dbe8ba21d65ee94e9ca211dec

Download Submit
C:\Windows\system\ursMTOe.exe

Filesize
6.0MB

MD5
aa4a50d2824c58b3ffeb3f3150a7879a

SHA1
f8cc41d9f3782079e1e4230017d8e65dedf91c9c

SHA256
f8019f2d53d56ee045a5ce31c062fc5b9db1768470eaa715950723cb948aab7e

SHA512
05c74974922a58a4030779d07d7537e815c0ad6d9e7978510c5f3e94e7ddd535b5499951581c4243cb951547882ee756694fa26a32f8739c8c71fe1b98cc4f83

Download Submit
C:\Windows\system\usfsLWJ.exe

Filesize
6.0MB

MD5
88cd9aab4eeb71288f3354eeff5a74e8

SHA1
498ec80a23f78ec95f0663f35960f5f39d153a63

SHA256
ab407ef46086d7ca49912a065a2594ae8210a890c96fc9b66baef0723b69cf7c

SHA512
e2542558080c91db7ec0981e94d6f6d2e30797e359c3336b11b1f1d08602a6bbd150312c945f7c1470d682651e391e580f11de7c8a2c30dd90f707acb7a3ef76

Download Submit
C:\Windows\system\utySxyN.exe

Filesize
6.0MB

MD5
f42c98f156cb6b82ba5a5ae96128c750

SHA1
64f288f2e68fd77bf21a2328419e96b6ea3df0c6

SHA256
184af6853240f88b722fb1a8eea8aae948a3798f1af083d26453b007f272bcf7

SHA512
05b8ce48bce08d6b056b0ff15aff11da9b6dc7015ac1dbf0b39be7515c31209f874aec4750a2ec4d37820eac461ac35d7749e1f30e2707d908f6282788cb570c

Download Submit
C:\Windows\system\vyLjPIx.exe

Filesize
6.0MB

MD5
7a062eb6abbb5f6b9a1b75057865760c

SHA1
1743074b772cec49b279ac54c124f6ff23b98984

SHA256
6fc42048bb8577b65f9e903869f894bff0558510b45a9ab2cbee61c96dcad0ae

SHA512
2580bb4847b394fd4140a0689d4178316f04dbe86c4e0de342de9149b357d534905e95594c64108e6e82c9e2a2c7a6a382a35c8bf807f4e84260e1223133fced

Download Submit
C:\Windows\system\wQuPfXf.exe

Filesize
6.0MB

MD5
931b41b6c97e56353291704eaf5e4719

SHA1
dde0c129023ba8fea8ccf6fc81b4564467726f3a

SHA256
826e5eedb3d27962259f08b1038f279d83dad5493a582e4973f1e118e50c942c

SHA512
9be37f77d247dbbcd66f33b1f459b31097ab7f513e7f70932f884bed40ac5d2f243d1bbb9d80bc8304d0ff80ac67e81353760abeb299b3ba45de703a6119d98c

Download Submit
\Windows\system\BansMjR.exe

Filesize
6.0MB

MD5
994e98af0556c423f23ac5c20d097beb

SHA1
c5736d140793993eaa7ac5c7e3ec5f1cdc3dbf84

SHA256
01757e55d65e8a2ee272fafd5dc800c9bafb04fb25ce05daf8cab71bd66f67da

SHA512
654445959cfa16b4afd8a780b69a17ec7f2e2775705f1439ffa78958185c4613085bce28990b24dc7b38a7b97338528136d7d952b6efe58e8690cc426ccf335c

Download Submit
\Windows\system\OfqxDLY.exe

Filesize
6.0MB

MD5
c90be9aec079247e99e5c4d148150117

SHA1
a6dd7d2f538fc6df0091e89a82af91ffdd1c5fe2

SHA256
8a7399ab6348e9bac0fa0c4308cc29c1b484aea6c07651ef66d9952bd14b6570

SHA512
2967e158cfa97a5640a5350d8803357129be681fd10d2cf87f38ded919f0dd8aef2ad4b17bb4bbeb610e5bdafe03ee59ff98b3c4af6adc33562503dc93390214

Download Submit
\Windows\system\WVqHplM.exe

Filesize
6.0MB

MD5
ce6957c654b081ce4a5977de061d0981

SHA1
29daf8f96c015be3cfec30a4febb58282f59a93b

SHA256
ed1b063e5aac57bf464b1a255ce5460a0b155dbbc20fc9ae700a8106dbbd3855

SHA512
03b396968dd9c9ee404fb6661777ab7a7517219b498eb6b887dbb3ee2c52313bc9f1cd74fba323d303222479f9414cac7de53ea3af0bbf0486e5f288c596de96

Download Submit
\Windows\system\dYochEi.exe

Filesize
6.0MB

MD5
af9f5b06f7860c87456481602b5b0d16

SHA1
674d4203730acd77dd98564c32bc00190f849ed9

SHA256
43bc9b8e9d7e3641fa6e1f196263e91022fc4b9fafbd2b9988419a25e4a0f94f

SHA512
c9c65685a792cf8cdf3c2b440e11a5d1f1291d8dee41753c898a083c15347ced0a1a1e54c74bc154d47bdf6d193f6b5c30d5a0770e1896884b508fd4da4ec4a7

Download Submit
\Windows\system\rpsVSBB.exe

Filesize
6.0MB

MD5
4ff93db4a22400f7b76cea29d1c288b4

SHA1
3a392576fcd4634b3bf70c12199314b9545c28d1

SHA256
01d00689e72b35582167cc2f3455401f65595d60b6c4ecee7f19265c21565833

SHA512
5fd3e97178d8a987e4c1261b65ac9b3e4b3df3f7a3a973da0c5a2914a72edd74bb25a581e1f444be708d63bb385f2a0cf781af11c93b694fa6d0e6163d0a8ad3

Download Submit
memory/1376-22-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1376-4161-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-113-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1740-98-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/1740-1099-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1740-35-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/1740-1293-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1740-0-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/1740-40-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1740-99-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1740-20-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1740-17-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-49-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1740-92-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1740-51-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/1740-86-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-53-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-24-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-78-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1740-62-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1740-64-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/1740-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2128-4166-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2128-50-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2352-4163-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-21-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-4168-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2580-844-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2580-93-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2636-72-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2636-4172-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2696-65-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2696-4169-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2696-101-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2736-87-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-4171-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-4165-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-41-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-80-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-36-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2788-4164-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2864-79-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2864-4167-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2904-29-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-71-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2944-4170-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2952-19-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-100-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1100-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2976-4173-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download