cobaltstrike | 14ebe668fb68421c6dadb614ed41416320866357158fbb9410eb38c9890a0d59

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
02/02/2025, 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

4d143447a8ca4a74ecc812b9631339fa
SHA1

2855d94f8626f0d7b18e0e8bf8018b8fc800a02d
SHA256

14ebe668fb68421c6dadb614ed41416320866357158fbb9410eb38c9890a0d59
SHA512

8bc64c50f50912acbdd82fafbbc44b39f7eefe47c3df1ba44db0888a05556fa300695479b7e7471a7ac7f184deea3e5235e888699eb69bb129a0240fe4699fb0
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUn:T+q56utgpPF8u/7n

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001202c-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186f1-8.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018704-19.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186f4-14.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018739-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019451-38.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b9-50.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c9-54.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ee-58.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f1-62.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019509-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019683-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962f-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962b-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019641-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196c3-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962d-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-102.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f0-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958e-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019512-78.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-74.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a9-46.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-42.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000187a8-35.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001878e-31.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018744-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 52 IoCs

miner

resource	yara_rule
behavioral1/memory/2064-0-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/files/0x000c00000001202c-3.dat	xmrig
behavioral1/files/0x00070000000186f1-8.dat	xmrig
behavioral1/files/0x0006000000018704-19.dat	xmrig
behavioral1/files/0x00060000000186f4-14.dat	xmrig
behavioral1/files/0x0006000000018739-23.dat	xmrig
behavioral1/files/0x0007000000019451-38.dat	xmrig
behavioral1/files/0x00050000000194b9-50.dat	xmrig
behavioral1/files/0x00050000000194c9-54.dat	xmrig
behavioral1/files/0x00050000000194ee-58.dat	xmrig
behavioral1/files/0x00050000000194f1-62.dat	xmrig
behavioral1/files/0x0005000000019502-66.dat	xmrig
behavioral1/files/0x0005000000019509-70.dat	xmrig
behavioral1/files/0x00050000000195ab-90.dat	xmrig
behavioral1/files/0x0005000000019683-131.dat	xmrig
behavioral1/files/0x000500000001962f-125.dat	xmrig
behavioral1/files/0x000500000001962b-117.dat	xmrig
behavioral1/files/0x0005000000019625-113.dat	xmrig
behavioral1/files/0x0005000000019627-110.dat	xmrig
behavioral1/files/0x0005000000019624-104.dat	xmrig
behavioral1/files/0x0005000000019621-99.dat	xmrig
behavioral1/files/0x0005000000019641-136.dat	xmrig
behavioral1/files/0x00050000000196c3-134.dat	xmrig
behavioral1/files/0x000500000001962d-124.dat	xmrig
behavioral1/files/0x0005000000019629-123.dat	xmrig
behavioral1/files/0x0005000000019623-102.dat	xmrig
behavioral1/files/0x00050000000195f0-94.dat	xmrig
behavioral1/files/0x000500000001958e-86.dat	xmrig
behavioral1/files/0x000500000001957e-82.dat	xmrig
behavioral1/files/0x0005000000019512-78.dat	xmrig
behavioral1/files/0x000500000001950e-74.dat	xmrig
behavioral1/files/0x00050000000194a9-46.dat	xmrig
behavioral1/files/0x0005000000019458-42.dat	xmrig
behavioral1/files/0x00070000000187a8-35.dat	xmrig
behavioral1/files/0x000800000001878e-31.dat	xmrig
behavioral1/files/0x0006000000018744-26.dat	xmrig
behavioral1/memory/1688-3465-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2064-3769-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2356-3770-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/1640-4376-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2576-4389-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/1544-4390-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/800-4391-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2488-4392-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2112-4393-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/800-4394-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2576-4395-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2112-4396-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/1640-4397-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2964-4398-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/1544-4399-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2488-4400-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1688	QqVDPmh.exe
1640	DLqojSD.exe
2576	dLCcRza.exe
2356	rpHTXPr.exe
1544	gJmQztH.exe
800	lAJUgYp.exe
2488	OuYqRZf.exe
2112	hHsSfyi.exe
2964	dPCkXYf.exe
2976	cnwUmzC.exe
3052	arucRFq.exe
3056	qRRiOEH.exe
2812	qBQFShn.exe
2176	YRUfxwY.exe
1348	IsJHqNA.exe
2808	jdjLJsb.exe
2700	drPBZGR.exe
2760	SfWKeTa.exe
1036	nXouiDo.exe
480	PvlkSGY.exe
2308	wHFzxao.exe
1564	WHcTIdj.exe
1796	vvrRWzF.exe
2940	jiPjzNE.exe
1980	tYyhVhb.exe
2152	ZJvzAxa.exe
492	IudSKdT.exe
2336	fKsAyZu.exe
2216	BPvluoa.exe
2104	iLPhyWh.exe
584	fApfhLx.exe
2012	RfjkVGs.exe
1928	lewsxnO.exe
1932	GTywRSj.exe
2180	qBdcCbB.exe
556	dvBpUGO.exe
1848	boJffTV.exe
1664	meIaMme.exe
444	tPEfiCG.exe
2056	YSLkGSR.exe
764	dDRnshl.exe
1280	iMYgtfv.exe
276	FjRNZFg.exe
684	rhlXIMB.exe
2476	GPuCUlW.exe
352	TiPwTib.exe
1800	vxWeMpV.exe
1876	krDgfBT.exe
1584	HlMeWYn.exe
852	RwWmdWA.exe
1288	pDrdVzW.exe
1480	xJOQumR.exe
2264	uRieHbf.exe
2664	iXyRCfQ.exe
1212	GpkgiST.exe
1364	htFkOri.exe
572	NyqPGxD.exe
2432	hSkLNGx.exe
2544	PUIEeWc.exe
2052	diiGQsG.exe
2320	BQsMCAg.exe
1904	gsRRpID.exe
1908	PyTzyYh.exe
1888	RgArehC.exe

Loads dropped DLL 64 IoCs

pid	Process
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 52 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2064-0-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/files/0x000c00000001202c-3.dat	upx
behavioral1/files/0x00070000000186f1-8.dat	upx
behavioral1/files/0x0006000000018704-19.dat	upx
behavioral1/files/0x00060000000186f4-14.dat	upx
behavioral1/files/0x0006000000018739-23.dat	upx
behavioral1/files/0x0007000000019451-38.dat	upx
behavioral1/files/0x00050000000194b9-50.dat	upx
behavioral1/files/0x00050000000194c9-54.dat	upx
behavioral1/files/0x00050000000194ee-58.dat	upx
behavioral1/files/0x00050000000194f1-62.dat	upx
behavioral1/files/0x0005000000019502-66.dat	upx
behavioral1/files/0x0005000000019509-70.dat	upx
behavioral1/files/0x00050000000195ab-90.dat	upx
behavioral1/files/0x0005000000019683-131.dat	upx
behavioral1/files/0x000500000001962f-125.dat	upx
behavioral1/files/0x000500000001962b-117.dat	upx
behavioral1/files/0x0005000000019625-113.dat	upx
behavioral1/files/0x0005000000019627-110.dat	upx
behavioral1/files/0x0005000000019624-104.dat	upx
behavioral1/files/0x0005000000019621-99.dat	upx
behavioral1/files/0x0005000000019641-136.dat	upx
behavioral1/files/0x00050000000196c3-134.dat	upx
behavioral1/files/0x000500000001962d-124.dat	upx
behavioral1/files/0x0005000000019629-123.dat	upx
behavioral1/files/0x0005000000019623-102.dat	upx
behavioral1/files/0x00050000000195f0-94.dat	upx
behavioral1/files/0x000500000001958e-86.dat	upx
behavioral1/files/0x000500000001957e-82.dat	upx
behavioral1/files/0x0005000000019512-78.dat	upx
behavioral1/files/0x000500000001950e-74.dat	upx
behavioral1/files/0x00050000000194a9-46.dat	upx
behavioral1/files/0x0005000000019458-42.dat	upx
behavioral1/files/0x00070000000187a8-35.dat	upx
behavioral1/files/0x000800000001878e-31.dat	upx
behavioral1/files/0x0006000000018744-26.dat	upx
behavioral1/memory/1688-3465-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2064-3769-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2356-3770-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/1640-4376-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2576-4389-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/1544-4390-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/800-4391-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2488-4392-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2112-4393-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/800-4394-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2576-4395-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2112-4396-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/1640-4397-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2964-4398-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/1544-4399-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2488-4400-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\McNiOEc.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pHrphar.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MyCzGkL.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GkodUJL.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JGPigVl.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IXnKqin.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\diiGQsG.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LErUesv.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUuIrYB.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bbFfTor.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hhfEFSs.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ENoWCMj.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFRCwfB.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SLzyocH.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YRrxvSD.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZUYGZxD.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qDJmhGV.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hiZDdWd.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LBUVUxX.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TzTdjEU.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zDRLIoQ.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DTgcsDx.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\algptft.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CrMzPOF.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VmHtRGh.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUVHRuE.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zRdVnQH.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LmwYbvC.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ipjevaF.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pIffRRN.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nQxlrOF.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cmPiank.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EmOZqCb.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QxJosMr.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\URRMDcM.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GEwFsyp.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PMKyZOQ.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZiOmiqa.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JDiuDVr.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHYWwBL.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nGrCbab.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vYQTbsV.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\moDLIAW.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWODFnN.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ydthjlu.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYHGuly.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hKmEZkx.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbzljts.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnlrLxB.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nZcQXXt.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XPoQljp.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CTBBjYe.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FJaQAHt.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GTTdiWL.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LDLeaiZ.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UzKUfEm.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLbvcCb.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kgjOEJC.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hpGonFz.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RuEBvDL.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XcTnCIh.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GODrHRM.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dNoQGXC.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RQKilUh.exe	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 1688	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2064 wrote to memory of 1688	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2064 wrote to memory of 1688	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2064 wrote to memory of 2576	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2064 wrote to memory of 2576	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2064 wrote to memory of 2576	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2064 wrote to memory of 1640	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2064 wrote to memory of 1640	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2064 wrote to memory of 1640	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2064 wrote to memory of 2356	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2064 wrote to memory of 2356	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2064 wrote to memory of 2356	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2064 wrote to memory of 1544	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2064 wrote to memory of 1544	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2064 wrote to memory of 1544	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2064 wrote to memory of 800	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2064 wrote to memory of 800	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2064 wrote to memory of 800	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2064 wrote to memory of 2488	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2064 wrote to memory of 2488	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2064 wrote to memory of 2488	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2064 wrote to memory of 2112	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2064 wrote to memory of 2112	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2064 wrote to memory of 2112	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2064 wrote to memory of 2964	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2064 wrote to memory of 2964	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2064 wrote to memory of 2964	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2064 wrote to memory of 2976	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2064 wrote to memory of 2976	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2064 wrote to memory of 2976	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2064 wrote to memory of 3052	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2064 wrote to memory of 3052	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2064 wrote to memory of 3052	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2064 wrote to memory of 3056	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2064 wrote to memory of 3056	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2064 wrote to memory of 3056	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2064 wrote to memory of 2812	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2064 wrote to memory of 2812	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2064 wrote to memory of 2812	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2064 wrote to memory of 2176	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2064 wrote to memory of 2176	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2064 wrote to memory of 2176	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2064 wrote to memory of 1348	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2064 wrote to memory of 1348	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2064 wrote to memory of 1348	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2064 wrote to memory of 2808	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2064 wrote to memory of 2808	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2064 wrote to memory of 2808	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2064 wrote to memory of 2700	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2064 wrote to memory of 2700	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2064 wrote to memory of 2700	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2064 wrote to memory of 2760	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2064 wrote to memory of 2760	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2064 wrote to memory of 2760	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2064 wrote to memory of 1036	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2064 wrote to memory of 1036	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2064 wrote to memory of 1036	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2064 wrote to memory of 480	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2064 wrote to memory of 480	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2064 wrote to memory of 480	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2064 wrote to memory of 2308	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2064 wrote to memory of 2308	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2064 wrote to memory of 2308	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2064 wrote to memory of 1564	2064	2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-02_4d143447a8ca4a74ecc812b9631339fa_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\System\QqVDPmh.exe
  C:\Windows\System\QqVDPmh.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\dLCcRza.exe
  C:\Windows\System\dLCcRza.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\DLqojSD.exe
  C:\Windows\System\DLqojSD.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\rpHTXPr.exe
  C:\Windows\System\rpHTXPr.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\gJmQztH.exe
  C:\Windows\System\gJmQztH.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\lAJUgYp.exe
  C:\Windows\System\lAJUgYp.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\OuYqRZf.exe
  C:\Windows\System\OuYqRZf.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\hHsSfyi.exe
  C:\Windows\System\hHsSfyi.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\dPCkXYf.exe
  C:\Windows\System\dPCkXYf.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\cnwUmzC.exe
  C:\Windows\System\cnwUmzC.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\arucRFq.exe
  C:\Windows\System\arucRFq.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\qRRiOEH.exe
  C:\Windows\System\qRRiOEH.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\qBQFShn.exe
  C:\Windows\System\qBQFShn.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\YRUfxwY.exe
  C:\Windows\System\YRUfxwY.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\IsJHqNA.exe
  C:\Windows\System\IsJHqNA.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\jdjLJsb.exe
  C:\Windows\System\jdjLJsb.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\drPBZGR.exe
  C:\Windows\System\drPBZGR.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\SfWKeTa.exe
  C:\Windows\System\SfWKeTa.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\nXouiDo.exe
  C:\Windows\System\nXouiDo.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\PvlkSGY.exe
  C:\Windows\System\PvlkSGY.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\wHFzxao.exe
  C:\Windows\System\wHFzxao.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\WHcTIdj.exe
  C:\Windows\System\WHcTIdj.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\vvrRWzF.exe
  C:\Windows\System\vvrRWzF.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\jiPjzNE.exe
  C:\Windows\System\jiPjzNE.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\tYyhVhb.exe
  C:\Windows\System\tYyhVhb.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\RfjkVGs.exe
  C:\Windows\System\RfjkVGs.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\ZJvzAxa.exe
  C:\Windows\System\ZJvzAxa.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\GTywRSj.exe
  C:\Windows\System\GTywRSj.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\IudSKdT.exe
  C:\Windows\System\IudSKdT.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\qBdcCbB.exe
  C:\Windows\System\qBdcCbB.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\fKsAyZu.exe
  C:\Windows\System\fKsAyZu.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\dvBpUGO.exe
  C:\Windows\System\dvBpUGO.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\BPvluoa.exe
  C:\Windows\System\BPvluoa.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\boJffTV.exe
  C:\Windows\System\boJffTV.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\iLPhyWh.exe
  C:\Windows\System\iLPhyWh.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\meIaMme.exe
  C:\Windows\System\meIaMme.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\fApfhLx.exe
  C:\Windows\System\fApfhLx.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\tPEfiCG.exe
  C:\Windows\System\tPEfiCG.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\lewsxnO.exe
  C:\Windows\System\lewsxnO.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\dDRnshl.exe
  C:\Windows\System\dDRnshl.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\YSLkGSR.exe
  C:\Windows\System\YSLkGSR.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\iMYgtfv.exe
  C:\Windows\System\iMYgtfv.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\FjRNZFg.exe
  C:\Windows\System\FjRNZFg.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\rhlXIMB.exe
  C:\Windows\System\rhlXIMB.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\GPuCUlW.exe
  C:\Windows\System\GPuCUlW.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\TiPwTib.exe
  C:\Windows\System\TiPwTib.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\vxWeMpV.exe
  C:\Windows\System\vxWeMpV.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\krDgfBT.exe
  C:\Windows\System\krDgfBT.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\HlMeWYn.exe
  C:\Windows\System\HlMeWYn.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\RwWmdWA.exe
  C:\Windows\System\RwWmdWA.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\pDrdVzW.exe
  C:\Windows\System\pDrdVzW.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\xJOQumR.exe
  C:\Windows\System\xJOQumR.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\uRieHbf.exe
  C:\Windows\System\uRieHbf.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\iXyRCfQ.exe
  C:\Windows\System\iXyRCfQ.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\GpkgiST.exe
  C:\Windows\System\GpkgiST.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\htFkOri.exe
  C:\Windows\System\htFkOri.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\NyqPGxD.exe
  C:\Windows\System\NyqPGxD.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\hSkLNGx.exe
  C:\Windows\System\hSkLNGx.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\PUIEeWc.exe
  C:\Windows\System\PUIEeWc.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\diiGQsG.exe
  C:\Windows\System\diiGQsG.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\BQsMCAg.exe
  C:\Windows\System\BQsMCAg.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\gsRRpID.exe
  C:\Windows\System\gsRRpID.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\PyTzyYh.exe
  C:\Windows\System\PyTzyYh.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\RgArehC.exe
  C:\Windows\System\RgArehC.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\diJXyzi.exe
  C:\Windows\System\diJXyzi.exe
  2⤵
  PID:1436
- C:\Windows\System\USIwWxT.exe
  C:\Windows\System\USIwWxT.exe
  2⤵
  PID:888
- C:\Windows\System\JvbdaUH.exe
  C:\Windows\System\JvbdaUH.exe
  2⤵
  PID:2132
- C:\Windows\System\ttkBylp.exe
  C:\Windows\System\ttkBylp.exe
  2⤵
  PID:2168
- C:\Windows\System\mKCLrjm.exe
  C:\Windows\System\mKCLrjm.exe
  2⤵
  PID:1504
- C:\Windows\System\DdqJzha.exe
  C:\Windows\System\DdqJzha.exe
  2⤵
  PID:2776
- C:\Windows\System\nnfFkMP.exe
  C:\Windows\System\nnfFkMP.exe
  2⤵
  PID:1860
- C:\Windows\System\fOukUVp.exe
  C:\Windows\System\fOukUVp.exe
  2⤵
  PID:1936
- C:\Windows\System\flLSHRT.exe
  C:\Windows\System\flLSHRT.exe
  2⤵
  PID:2200
- C:\Windows\System\gmQrEmY.exe
  C:\Windows\System\gmQrEmY.exe
  2⤵
  PID:2972
- C:\Windows\System\XXDQYDQ.exe
  C:\Windows\System\XXDQYDQ.exe
  2⤵
  PID:3040
- C:\Windows\System\PhjiAHJ.exe
  C:\Windows\System\PhjiAHJ.exe
  2⤵
  PID:3048
- C:\Windows\System\hdrNPNL.exe
  C:\Windows\System\hdrNPNL.exe
  2⤵
  PID:2744
- C:\Windows\System\CTBBjYe.exe
  C:\Windows\System\CTBBjYe.exe
  2⤵
  PID:2728
- C:\Windows\System\klrwMDE.exe
  C:\Windows\System\klrwMDE.exe
  2⤵
  PID:1724
- C:\Windows\System\myshTtb.exe
  C:\Windows\System\myshTtb.exe
  2⤵
  PID:1460
- C:\Windows\System\SLzyocH.exe
  C:\Windows\System\SLzyocH.exe
  2⤵
  PID:3032
- C:\Windows\System\mLgtbiE.exe
  C:\Windows\System\mLgtbiE.exe
  2⤵
  PID:2252
- C:\Windows\System\NyLdtrm.exe
  C:\Windows\System\NyLdtrm.exe
  2⤵
  PID:2632
- C:\Windows\System\csHlAss.exe
  C:\Windows\System\csHlAss.exe
  2⤵
  PID:1884
- C:\Windows\System\dNoQGXC.exe
  C:\Windows\System\dNoQGXC.exe
  2⤵
  PID:2248
- C:\Windows\System\grpBvzP.exe
  C:\Windows\System\grpBvzP.exe
  2⤵
  PID:1244
- C:\Windows\System\NAGnXFB.exe
  C:\Windows\System\NAGnXFB.exe
  2⤵
  PID:2272
- C:\Windows\System\udZQGAE.exe
  C:\Windows\System\udZQGAE.exe
  2⤵
  PID:2172
- C:\Windows\System\oGXxCEY.exe
  C:\Windows\System\oGXxCEY.exe
  2⤵
  PID:1108
- C:\Windows\System\ntQfRds.exe
  C:\Windows\System\ntQfRds.exe
  2⤵
  PID:1612
- C:\Windows\System\xchUFDW.exe
  C:\Windows\System\xchUFDW.exe
  2⤵
  PID:1944
- C:\Windows\System\pLWuUfu.exe
  C:\Windows\System\pLWuUfu.exe
  2⤵
  PID:1868
- C:\Windows\System\kcUShIf.exe
  C:\Windows\System\kcUShIf.exe
  2⤵
  PID:1736
- C:\Windows\System\JrHoHpE.exe
  C:\Windows\System\JrHoHpE.exe
  2⤵
  PID:588
- C:\Windows\System\DJtKiAH.exe
  C:\Windows\System\DJtKiAH.exe
  2⤵
  PID:1488
- C:\Windows\System\fjNObVp.exe
  C:\Windows\System\fjNObVp.exe
  2⤵
  PID:2144
- C:\Windows\System\lTxBxZR.exe
  C:\Windows\System\lTxBxZR.exe
  2⤵
  PID:2292
- C:\Windows\System\qjZzQfp.exe
  C:\Windows\System\qjZzQfp.exe
  2⤵
  PID:696
- C:\Windows\System\BgTnPWc.exe
  C:\Windows\System\BgTnPWc.exe
  2⤵
  PID:1620
- C:\Windows\System\jSmoXFi.exe
  C:\Windows\System\jSmoXFi.exe
  2⤵
  PID:1004
- C:\Windows\System\qzFIEcd.exe
  C:\Windows\System\qzFIEcd.exe
  2⤵
  PID:2212
- C:\Windows\System\FJaQAHt.exe
  C:\Windows\System\FJaQAHt.exe
  2⤵
  PID:2388
- C:\Windows\System\ThnauFi.exe
  C:\Windows\System\ThnauFi.exe
  2⤵
  PID:2328
- C:\Windows\System\ayxhmOb.exe
  C:\Windows\System\ayxhmOb.exe
  2⤵
  PID:1540
- C:\Windows\System\rmDxkWN.exe
  C:\Windows\System\rmDxkWN.exe
  2⤵
  PID:2428
- C:\Windows\System\EmkFhdS.exe
  C:\Windows\System\EmkFhdS.exe
  2⤵
  PID:2844
- C:\Windows\System\AGLkamr.exe
  C:\Windows\System\AGLkamr.exe
  2⤵
  PID:776
- C:\Windows\System\lrXRnBz.exe
  C:\Windows\System\lrXRnBz.exe
  2⤵
  PID:2696
- C:\Windows\System\dzTrLGR.exe
  C:\Windows\System\dzTrLGR.exe
  2⤵
  PID:2936
- C:\Windows\System\CiHscwF.exe
  C:\Windows\System\CiHscwF.exe
  2⤵
  PID:1940
- C:\Windows\System\KJJPCkY.exe
  C:\Windows\System\KJJPCkY.exe
  2⤵
  PID:2520
- C:\Windows\System\IaYawBE.exe
  C:\Windows\System\IaYawBE.exe
  2⤵
  PID:1560
- C:\Windows\System\PEqDdar.exe
  C:\Windows\System\PEqDdar.exe
  2⤵
  PID:1052
- C:\Windows\System\NgSZkmN.exe
  C:\Windows\System\NgSZkmN.exe
  2⤵
  PID:236
- C:\Windows\System\Wkcpwgc.exe
  C:\Windows\System\Wkcpwgc.exe
  2⤵
  PID:1804
- C:\Windows\System\ROdtAUL.exe
  C:\Windows\System\ROdtAUL.exe
  2⤵
  PID:1020
- C:\Windows\System\ddBeeOy.exe
  C:\Windows\System\ddBeeOy.exe
  2⤵
  PID:1624
- C:\Windows\System\grMHiJH.exe
  C:\Windows\System\grMHiJH.exe
  2⤵
  PID:2500
- C:\Windows\System\hfLbQuM.exe
  C:\Windows\System\hfLbQuM.exe
  2⤵
  PID:988
- C:\Windows\System\DOhiSoG.exe
  C:\Windows\System\DOhiSoG.exe
  2⤵
  PID:3080
- C:\Windows\System\CyPGyvA.exe
  C:\Windows\System\CyPGyvA.exe
  2⤵
  PID:3096
- C:\Windows\System\cyGFkpu.exe
  C:\Windows\System\cyGFkpu.exe
  2⤵
  PID:3112
- C:\Windows\System\klTsdwR.exe
  C:\Windows\System\klTsdwR.exe
  2⤵
  PID:3128
- C:\Windows\System\kIVDqDi.exe
  C:\Windows\System\kIVDqDi.exe
  2⤵
  PID:3144
- C:\Windows\System\UaxsStI.exe
  C:\Windows\System\UaxsStI.exe
  2⤵
  PID:3160
- C:\Windows\System\UPWvnFv.exe
  C:\Windows\System\UPWvnFv.exe
  2⤵
  PID:3176
- C:\Windows\System\jlxUVQg.exe
  C:\Windows\System\jlxUVQg.exe
  2⤵
  PID:3192
- C:\Windows\System\xDgrfsH.exe
  C:\Windows\System\xDgrfsH.exe
  2⤵
  PID:3208
- C:\Windows\System\cGzvgUj.exe
  C:\Windows\System\cGzvgUj.exe
  2⤵
  PID:3224
- C:\Windows\System\nVGVgPi.exe
  C:\Windows\System\nVGVgPi.exe
  2⤵
  PID:3240
- C:\Windows\System\QhdgTeh.exe
  C:\Windows\System\QhdgTeh.exe
  2⤵
  PID:3256
- C:\Windows\System\xgbTYBH.exe
  C:\Windows\System\xgbTYBH.exe
  2⤵
  PID:3272
- C:\Windows\System\CQSXwri.exe
  C:\Windows\System\CQSXwri.exe
  2⤵
  PID:3288
- C:\Windows\System\TeRmFen.exe
  C:\Windows\System\TeRmFen.exe
  2⤵
  PID:3304
- C:\Windows\System\OUEVKxr.exe
  C:\Windows\System\OUEVKxr.exe
  2⤵
  PID:3320
- C:\Windows\System\ExxDvoX.exe
  C:\Windows\System\ExxDvoX.exe
  2⤵
  PID:3336
- C:\Windows\System\rSWYanH.exe
  C:\Windows\System\rSWYanH.exe
  2⤵
  PID:3352
- C:\Windows\System\QjlTvXR.exe
  C:\Windows\System\QjlTvXR.exe
  2⤵
  PID:3368
- C:\Windows\System\ENlKcnl.exe
  C:\Windows\System\ENlKcnl.exe
  2⤵
  PID:3384
- C:\Windows\System\lOICFOk.exe
  C:\Windows\System\lOICFOk.exe
  2⤵
  PID:3400
- C:\Windows\System\suvMuve.exe
  C:\Windows\System\suvMuve.exe
  2⤵
  PID:3416
- C:\Windows\System\OAAIBVR.exe
  C:\Windows\System\OAAIBVR.exe
  2⤵
  PID:3432
- C:\Windows\System\BQDkOWd.exe
  C:\Windows\System\BQDkOWd.exe
  2⤵
  PID:3448
- C:\Windows\System\sHdifIy.exe
  C:\Windows\System\sHdifIy.exe
  2⤵
  PID:3464
- C:\Windows\System\NypfgDI.exe
  C:\Windows\System\NypfgDI.exe
  2⤵
  PID:3480
- C:\Windows\System\ysWizLI.exe
  C:\Windows\System\ysWizLI.exe
  2⤵
  PID:3496
- C:\Windows\System\GTTdiWL.exe
  C:\Windows\System\GTTdiWL.exe
  2⤵
  PID:3512
- C:\Windows\System\GAIfyXc.exe
  C:\Windows\System\GAIfyXc.exe
  2⤵
  PID:3528
- C:\Windows\System\GXrTnaD.exe
  C:\Windows\System\GXrTnaD.exe
  2⤵
  PID:3544
- C:\Windows\System\IvUDahM.exe
  C:\Windows\System\IvUDahM.exe
  2⤵
  PID:3560
- C:\Windows\System\FFctvkP.exe
  C:\Windows\System\FFctvkP.exe
  2⤵
  PID:3576
- C:\Windows\System\EawvqmX.exe
  C:\Windows\System\EawvqmX.exe
  2⤵
  PID:3592
- C:\Windows\System\SektohC.exe
  C:\Windows\System\SektohC.exe
  2⤵
  PID:3608
- C:\Windows\System\tjaZebC.exe
  C:\Windows\System\tjaZebC.exe
  2⤵
  PID:3624
- C:\Windows\System\ksYLTct.exe
  C:\Windows\System\ksYLTct.exe
  2⤵
  PID:3640
- C:\Windows\System\cLjgAFW.exe
  C:\Windows\System\cLjgAFW.exe
  2⤵
  PID:3656
- C:\Windows\System\DmYwlbe.exe
  C:\Windows\System\DmYwlbe.exe
  2⤵
  PID:3672
- C:\Windows\System\CTixLUA.exe
  C:\Windows\System\CTixLUA.exe
  2⤵
  PID:3688
- C:\Windows\System\tvhjYwI.exe
  C:\Windows\System\tvhjYwI.exe
  2⤵
  PID:3704
- C:\Windows\System\JZphjgQ.exe
  C:\Windows\System\JZphjgQ.exe
  2⤵
  PID:3720
- C:\Windows\System\mXNNLIV.exe
  C:\Windows\System\mXNNLIV.exe
  2⤵
  PID:3736
- C:\Windows\System\IQFlXXc.exe
  C:\Windows\System\IQFlXXc.exe
  2⤵
  PID:3752
- C:\Windows\System\LCHThZK.exe
  C:\Windows\System\LCHThZK.exe
  2⤵
  PID:3768
- C:\Windows\System\GlWGtdT.exe
  C:\Windows\System\GlWGtdT.exe
  2⤵
  PID:3784
- C:\Windows\System\xkFogMz.exe
  C:\Windows\System\xkFogMz.exe
  2⤵
  PID:3800
- C:\Windows\System\QNfBeFA.exe
  C:\Windows\System\QNfBeFA.exe
  2⤵
  PID:3816
- C:\Windows\System\TPrAala.exe
  C:\Windows\System\TPrAala.exe
  2⤵
  PID:3832
- C:\Windows\System\raqGSWN.exe
  C:\Windows\System\raqGSWN.exe
  2⤵
  PID:3848
- C:\Windows\System\UUZpdiW.exe
  C:\Windows\System\UUZpdiW.exe
  2⤵
  PID:3864
- C:\Windows\System\NFNZLKA.exe
  C:\Windows\System\NFNZLKA.exe
  2⤵
  PID:3880
- C:\Windows\System\LiedpyZ.exe
  C:\Windows\System\LiedpyZ.exe
  2⤵
  PID:3896
- C:\Windows\System\ANfLyPe.exe
  C:\Windows\System\ANfLyPe.exe
  2⤵
  PID:3912
- C:\Windows\System\bZpjLbO.exe
  C:\Windows\System\bZpjLbO.exe
  2⤵
  PID:3932
- C:\Windows\System\uwBZwLx.exe
  C:\Windows\System\uwBZwLx.exe
  2⤵
  PID:3948
- C:\Windows\System\iUCnUXL.exe
  C:\Windows\System\iUCnUXL.exe
  2⤵
  PID:3964
- C:\Windows\System\MOFlnco.exe
  C:\Windows\System\MOFlnco.exe
  2⤵
  PID:3980
- C:\Windows\System\pTVFEuD.exe
  C:\Windows\System\pTVFEuD.exe
  2⤵
  PID:3996
- C:\Windows\System\sKXvIaE.exe
  C:\Windows\System\sKXvIaE.exe
  2⤵
  PID:4012
- C:\Windows\System\LlLKeVo.exe
  C:\Windows\System\LlLKeVo.exe
  2⤵
  PID:4028
- C:\Windows\System\qCrmRYm.exe
  C:\Windows\System\qCrmRYm.exe
  2⤵
  PID:4044
- C:\Windows\System\cmRYOJc.exe
  C:\Windows\System\cmRYOJc.exe
  2⤵
  PID:4060
- C:\Windows\System\KOohwMT.exe
  C:\Windows\System\KOohwMT.exe
  2⤵
  PID:4076
- C:\Windows\System\eFdYjgO.exe
  C:\Windows\System\eFdYjgO.exe
  2⤵
  PID:4092
- C:\Windows\System\dvaKvwk.exe
  C:\Windows\System\dvaKvwk.exe
  2⤵
  PID:1580
- C:\Windows\System\gomIpOC.exe
  C:\Windows\System\gomIpOC.exe
  2⤵
  PID:1532
- C:\Windows\System\YbZeYLV.exe
  C:\Windows\System\YbZeYLV.exe
  2⤵
  PID:1144
- C:\Windows\System\gwKtehZ.exe
  C:\Windows\System\gwKtehZ.exe
  2⤵
  PID:2736
- C:\Windows\System\BSGHLgC.exe
  C:\Windows\System\BSGHLgC.exe
  2⤵
  PID:1204
- C:\Windows\System\IxTDnhq.exe
  C:\Windows\System\IxTDnhq.exe
  2⤵
  PID:2516
- C:\Windows\System\yRxWBiX.exe
  C:\Windows\System\yRxWBiX.exe
  2⤵
  PID:844
- C:\Windows\System\vDzqHJn.exe
  C:\Windows\System\vDzqHJn.exe
  2⤵
  PID:2316
- C:\Windows\System\sTwpiKf.exe
  C:\Windows\System\sTwpiKf.exe
  2⤵
  PID:700
- C:\Windows\System\ERdbSXl.exe
  C:\Windows\System\ERdbSXl.exe
  2⤵
  PID:3076
- C:\Windows\System\peMsXhJ.exe
  C:\Windows\System\peMsXhJ.exe
  2⤵
  PID:3108
- C:\Windows\System\ukwJKea.exe
  C:\Windows\System\ukwJKea.exe
  2⤵
  PID:3152
- C:\Windows\System\DXIOvmO.exe
  C:\Windows\System\DXIOvmO.exe
  2⤵
  PID:3168
- C:\Windows\System\PXPezLG.exe
  C:\Windows\System\PXPezLG.exe
  2⤵
  PID:3204
- C:\Windows\System\sOMsGdJ.exe
  C:\Windows\System\sOMsGdJ.exe
  2⤵
  PID:3236
- C:\Windows\System\ajsxVjg.exe
  C:\Windows\System\ajsxVjg.exe
  2⤵
  PID:3268
- C:\Windows\System\lOIJwVo.exe
  C:\Windows\System\lOIJwVo.exe
  2⤵
  PID:3300
- C:\Windows\System\teArFXc.exe
  C:\Windows\System\teArFXc.exe
  2⤵
  PID:3332
- C:\Windows\System\XQGWMcc.exe
  C:\Windows\System\XQGWMcc.exe
  2⤵
  PID:3376
- C:\Windows\System\dLgOhHM.exe
  C:\Windows\System\dLgOhHM.exe
  2⤵
  PID:3396
- C:\Windows\System\lREnqzj.exe
  C:\Windows\System\lREnqzj.exe
  2⤵
  PID:3440
- C:\Windows\System\SULsndf.exe
  C:\Windows\System\SULsndf.exe
  2⤵
  PID:3460
- C:\Windows\System\joGmfzI.exe
  C:\Windows\System\joGmfzI.exe
  2⤵
  PID:3504
- C:\Windows\System\NXGMnHn.exe
  C:\Windows\System\NXGMnHn.exe
  2⤵
  PID:3524
- C:\Windows\System\ZOCAtrD.exe
  C:\Windows\System\ZOCAtrD.exe
  2⤵
  PID:3568
- C:\Windows\System\mXaoCPn.exe
  C:\Windows\System\mXaoCPn.exe
  2⤵
  PID:3600
- C:\Windows\System\dOxFHsf.exe
  C:\Windows\System\dOxFHsf.exe
  2⤵
  PID:3620
- C:\Windows\System\vpLgwNG.exe
  C:\Windows\System\vpLgwNG.exe
  2⤵
  PID:3652
- C:\Windows\System\fgzsnjZ.exe
  C:\Windows\System\fgzsnjZ.exe
  2⤵
  PID:3684
- C:\Windows\System\ujjcjgW.exe
  C:\Windows\System\ujjcjgW.exe
  2⤵
  PID:3728
- C:\Windows\System\OtJapBa.exe
  C:\Windows\System\OtJapBa.exe
  2⤵
  PID:3748
- C:\Windows\System\fkJnTsh.exe
  C:\Windows\System\fkJnTsh.exe
  2⤵
  PID:3796
- C:\Windows\System\uoMEEIY.exe
  C:\Windows\System\uoMEEIY.exe
  2⤵
  PID:3828
- C:\Windows\System\cmeaBOc.exe
  C:\Windows\System\cmeaBOc.exe
  2⤵
  PID:3844
- C:\Windows\System\STZkKtL.exe
  C:\Windows\System\STZkKtL.exe
  2⤵
  PID:3892
- C:\Windows\System\KtQjnNm.exe
  C:\Windows\System\KtQjnNm.exe
  2⤵
  PID:3924
- C:\Windows\System\CacSWQO.exe
  C:\Windows\System\CacSWQO.exe
  2⤵
  PID:3960
- C:\Windows\System\exocsog.exe
  C:\Windows\System\exocsog.exe
  2⤵
  PID:3992
- C:\Windows\System\FzUJKUZ.exe
  C:\Windows\System\FzUJKUZ.exe
  2⤵
  PID:4024
- C:\Windows\System\xZvQieS.exe
  C:\Windows\System\xZvQieS.exe
  2⤵
  PID:4056
- C:\Windows\System\nQyCllI.exe
  C:\Windows\System\nQyCllI.exe
  2⤵
  PID:4088
- C:\Windows\System\algptft.exe
  C:\Windows\System\algptft.exe
  2⤵
  PID:1256
- C:\Windows\System\CdLWbRZ.exe
  C:\Windows\System\CdLWbRZ.exe
  2⤵
  PID:2888
- C:\Windows\System\ANgeYzW.exe
  C:\Windows\System\ANgeYzW.exe
  2⤵
  PID:2136
- C:\Windows\System\LHBdDjM.exe
  C:\Windows\System\LHBdDjM.exe
  2⤵
  PID:1268
- C:\Windows\System\nSSxikc.exe
  C:\Windows\System\nSSxikc.exe
  2⤵
  PID:1920
- C:\Windows\System\wAjerJA.exe
  C:\Windows\System\wAjerJA.exe
  2⤵
  PID:3104
- C:\Windows\System\UojGWlU.exe
  C:\Windows\System\UojGWlU.exe
  2⤵
  PID:3172
- C:\Windows\System\QYoxApp.exe
  C:\Windows\System\QYoxApp.exe
  2⤵
  PID:3248
- C:\Windows\System\SmHeGIv.exe
  C:\Windows\System\SmHeGIv.exe
  2⤵
  PID:3328
- C:\Windows\System\OoXLbuF.exe
  C:\Windows\System\OoXLbuF.exe
  2⤵
  PID:3364
- C:\Windows\System\WzdttSq.exe
  C:\Windows\System\WzdttSq.exe
  2⤵
  PID:3428
- C:\Windows\System\NCTdduK.exe
  C:\Windows\System\NCTdduK.exe
  2⤵
  PID:3492
- C:\Windows\System\VkLQgWb.exe
  C:\Windows\System\VkLQgWb.exe
  2⤵
  PID:3556
- C:\Windows\System\gaGVTIo.exe
  C:\Windows\System\gaGVTIo.exe
  2⤵
  PID:3632
- C:\Windows\System\AeWTFAT.exe
  C:\Windows\System\AeWTFAT.exe
  2⤵
  PID:3696
- C:\Windows\System\gLbvcCb.exe
  C:\Windows\System\gLbvcCb.exe
  2⤵
  PID:3760
- C:\Windows\System\pUEirLT.exe
  C:\Windows\System\pUEirLT.exe
  2⤵
  PID:3812
- C:\Windows\System\HsEHNAz.exe
  C:\Windows\System\HsEHNAz.exe
  2⤵
  PID:3876
- C:\Windows\System\sghiopH.exe
  C:\Windows\System\sghiopH.exe
  2⤵
  PID:3944
- C:\Windows\System\hhcEacF.exe
  C:\Windows\System\hhcEacF.exe
  2⤵
  PID:4008
- C:\Windows\System\eEtIYjY.exe
  C:\Windows\System\eEtIYjY.exe
  2⤵
  PID:2492
- C:\Windows\System\DEnYfVb.exe
  C:\Windows\System\DEnYfVb.exe
  2⤵
  PID:2948
- C:\Windows\System\NGRcBqs.exe
  C:\Windows\System\NGRcBqs.exe
  2⤵
  PID:760
- C:\Windows\System\DyUsafg.exe
  C:\Windows\System\DyUsafg.exe
  2⤵
  PID:3120
- C:\Windows\System\Lpkvwyc.exe
  C:\Windows\System\Lpkvwyc.exe
  2⤵
  PID:3776
- C:\Windows\System\DdMouIr.exe
  C:\Windows\System\DdMouIr.exe
  2⤵
  PID:3424
- C:\Windows\System\xnrZttn.exe
  C:\Windows\System\xnrZttn.exe
  2⤵
  PID:4100
- C:\Windows\System\naWrjBj.exe
  C:\Windows\System\naWrjBj.exe
  2⤵
  PID:4116
- C:\Windows\System\mFaluQs.exe
  C:\Windows\System\mFaluQs.exe
  2⤵
  PID:4132
- C:\Windows\System\JGKIPRs.exe
  C:\Windows\System\JGKIPRs.exe
  2⤵
  PID:4148
- C:\Windows\System\KIibWTr.exe
  C:\Windows\System\KIibWTr.exe
  2⤵
  PID:4164
- C:\Windows\System\EBulfDR.exe
  C:\Windows\System\EBulfDR.exe
  2⤵
  PID:4180
- C:\Windows\System\ePJrDjg.exe
  C:\Windows\System\ePJrDjg.exe
  2⤵
  PID:4200
- C:\Windows\System\XMwCspJ.exe
  C:\Windows\System\XMwCspJ.exe
  2⤵
  PID:4216
- C:\Windows\System\fXzhSSq.exe
  C:\Windows\System\fXzhSSq.exe
  2⤵
  PID:4232
- C:\Windows\System\CtJQUUu.exe
  C:\Windows\System\CtJQUUu.exe
  2⤵
  PID:4248
- C:\Windows\System\nwQycWo.exe
  C:\Windows\System\nwQycWo.exe
  2⤵
  PID:4264
- C:\Windows\System\LBUVUxX.exe
  C:\Windows\System\LBUVUxX.exe
  2⤵
  PID:4280
- C:\Windows\System\AKPiqqR.exe
  C:\Windows\System\AKPiqqR.exe
  2⤵
  PID:4296
- C:\Windows\System\lcMdySX.exe
  C:\Windows\System\lcMdySX.exe
  2⤵
  PID:4312
- C:\Windows\System\wZlNUbu.exe
  C:\Windows\System\wZlNUbu.exe
  2⤵
  PID:4328
- C:\Windows\System\aqgbfAm.exe
  C:\Windows\System\aqgbfAm.exe
  2⤵
  PID:4344
- C:\Windows\System\pHrphar.exe
  C:\Windows\System\pHrphar.exe
  2⤵
  PID:4360
- C:\Windows\System\PbTnflP.exe
  C:\Windows\System\PbTnflP.exe
  2⤵
  PID:4376
- C:\Windows\System\MrLzKaH.exe
  C:\Windows\System\MrLzKaH.exe
  2⤵
  PID:4392
- C:\Windows\System\KrSVZus.exe
  C:\Windows\System\KrSVZus.exe
  2⤵
  PID:4408
- C:\Windows\System\FhrtMEl.exe
  C:\Windows\System\FhrtMEl.exe
  2⤵
  PID:4424
- C:\Windows\System\nWEBUdP.exe
  C:\Windows\System\nWEBUdP.exe
  2⤵
  PID:4440
- C:\Windows\System\RQKilUh.exe
  C:\Windows\System\RQKilUh.exe
  2⤵
  PID:4456
- C:\Windows\System\XpkSmsY.exe
  C:\Windows\System\XpkSmsY.exe
  2⤵
  PID:4472
- C:\Windows\System\nQxlrOF.exe
  C:\Windows\System\nQxlrOF.exe
  2⤵
  PID:4488
- C:\Windows\System\kKhqYov.exe
  C:\Windows\System\kKhqYov.exe
  2⤵
  PID:4504
- C:\Windows\System\WXbPMqI.exe
  C:\Windows\System\WXbPMqI.exe
  2⤵
  PID:4520
- C:\Windows\System\hXykHKl.exe
  C:\Windows\System\hXykHKl.exe
  2⤵
  PID:4536
- C:\Windows\System\eqAVbGv.exe
  C:\Windows\System\eqAVbGv.exe
  2⤵
  PID:4552
- C:\Windows\System\DvEPMQc.exe
  C:\Windows\System\DvEPMQc.exe
  2⤵
  PID:4568
- C:\Windows\System\FxjiNtn.exe
  C:\Windows\System\FxjiNtn.exe
  2⤵
  PID:4584
- C:\Windows\System\PPoyLxK.exe
  C:\Windows\System\PPoyLxK.exe
  2⤵
  PID:4604
- C:\Windows\System\MTxShMS.exe
  C:\Windows\System\MTxShMS.exe
  2⤵
  PID:4620
- C:\Windows\System\FNjNtsD.exe
  C:\Windows\System\FNjNtsD.exe
  2⤵
  PID:4636
- C:\Windows\System\tuMOkVV.exe
  C:\Windows\System\tuMOkVV.exe
  2⤵
  PID:4652
- C:\Windows\System\JWZauiW.exe
  C:\Windows\System\JWZauiW.exe
  2⤵
  PID:4668
- C:\Windows\System\CVcmgVs.exe
  C:\Windows\System\CVcmgVs.exe
  2⤵
  PID:4684
- C:\Windows\System\corBFiQ.exe
  C:\Windows\System\corBFiQ.exe
  2⤵
  PID:4700
- C:\Windows\System\LrNpWzC.exe
  C:\Windows\System\LrNpWzC.exe
  2⤵
  PID:4716
- C:\Windows\System\cYQUVjB.exe
  C:\Windows\System\cYQUVjB.exe
  2⤵
  PID:4732
- C:\Windows\System\WelCdcN.exe
  C:\Windows\System\WelCdcN.exe
  2⤵
  PID:4748
- C:\Windows\System\BEXHxpy.exe
  C:\Windows\System\BEXHxpy.exe
  2⤵
  PID:4764
- C:\Windows\System\hNoFZCX.exe
  C:\Windows\System\hNoFZCX.exe
  2⤵
  PID:4780
- C:\Windows\System\GTlUwBZ.exe
  C:\Windows\System\GTlUwBZ.exe
  2⤵
  PID:4796
- C:\Windows\System\zwRYGfl.exe
  C:\Windows\System\zwRYGfl.exe
  2⤵
  PID:4812
- C:\Windows\System\hiuVzrn.exe
  C:\Windows\System\hiuVzrn.exe
  2⤵
  PID:4828
- C:\Windows\System\mbnKbbd.exe
  C:\Windows\System\mbnKbbd.exe
  2⤵
  PID:4844
- C:\Windows\System\zhmLEmw.exe
  C:\Windows\System\zhmLEmw.exe
  2⤵
  PID:4864
- C:\Windows\System\oWsSDwm.exe
  C:\Windows\System\oWsSDwm.exe
  2⤵
  PID:4880
- C:\Windows\System\LmwYbvC.exe
  C:\Windows\System\LmwYbvC.exe
  2⤵
  PID:4896
- C:\Windows\System\WPGcoJq.exe
  C:\Windows\System\WPGcoJq.exe
  2⤵
  PID:4912
- C:\Windows\System\QaxyXit.exe
  C:\Windows\System\QaxyXit.exe
  2⤵
  PID:4928
- C:\Windows\System\UTxweWM.exe
  C:\Windows\System\UTxweWM.exe
  2⤵
  PID:4944
- C:\Windows\System\PeGbagQ.exe
  C:\Windows\System\PeGbagQ.exe
  2⤵
  PID:4960
- C:\Windows\System\iIVjBoV.exe
  C:\Windows\System\iIVjBoV.exe
  2⤵
  PID:4976
- C:\Windows\System\KAiJVyb.exe
  C:\Windows\System\KAiJVyb.exe
  2⤵
  PID:4992
- C:\Windows\System\wTtQNMQ.exe
  C:\Windows\System\wTtQNMQ.exe
  2⤵
  PID:5008
- C:\Windows\System\djvZLum.exe
  C:\Windows\System\djvZLum.exe
  2⤵
  PID:5024
- C:\Windows\System\MnSWkYX.exe
  C:\Windows\System\MnSWkYX.exe
  2⤵
  PID:5040
- C:\Windows\System\hClCRKg.exe
  C:\Windows\System\hClCRKg.exe
  2⤵
  PID:5056
- C:\Windows\System\ZpgwyGr.exe
  C:\Windows\System\ZpgwyGr.exe
  2⤵
  PID:5072
- C:\Windows\System\YBOBiJw.exe
  C:\Windows\System\YBOBiJw.exe
  2⤵
  PID:5088
- C:\Windows\System\tmdtKfT.exe
  C:\Windows\System\tmdtKfT.exe
  2⤵
  PID:5104
- C:\Windows\System\SRjxaQY.exe
  C:\Windows\System\SRjxaQY.exe
  2⤵
  PID:3552
- C:\Windows\System\NcDXWQY.exe
  C:\Windows\System\NcDXWQY.exe
  2⤵
  PID:3648
- C:\Windows\System\jqQrXkM.exe
  C:\Windows\System\jqQrXkM.exe
  2⤵
  PID:3824
- C:\Windows\System\VuFQTHb.exe
  C:\Windows\System\VuFQTHb.exe
  2⤵
  PID:3888
- C:\Windows\System\ueubMBa.exe
  C:\Windows\System\ueubMBa.exe
  2⤵
  PID:4020
- C:\Windows\System\KgYFXiU.exe
  C:\Windows\System\KgYFXiU.exe
  2⤵
  PID:3928
- C:\Windows\System\vLHHCvO.exe
  C:\Windows\System\vLHHCvO.exe
  2⤵
  PID:3136
- C:\Windows\System\qBIgoEz.exe
  C:\Windows\System\qBIgoEz.exe
  2⤵
  PID:3456
- C:\Windows\System\UAQVTsJ.exe
  C:\Windows\System\UAQVTsJ.exe
  2⤵
  PID:4124
- C:\Windows\System\osyqgZQ.exe
  C:\Windows\System\osyqgZQ.exe
  2⤵
  PID:4156
- C:\Windows\System\bGsnaDG.exe
  C:\Windows\System\bGsnaDG.exe
  2⤵
  PID:4176
- C:\Windows\System\eJqtmYt.exe
  C:\Windows\System\eJqtmYt.exe
  2⤵
  PID:4224
- C:\Windows\System\kPAOtdC.exe
  C:\Windows\System\kPAOtdC.exe
  2⤵
  PID:4256
- C:\Windows\System\AfQiACL.exe
  C:\Windows\System\AfQiACL.exe
  2⤵
  PID:4276
- C:\Windows\System\GzpfWaB.exe
  C:\Windows\System\GzpfWaB.exe
  2⤵
  PID:4308
- C:\Windows\System\UrYcicM.exe
  C:\Windows\System\UrYcicM.exe
  2⤵
  PID:4340
- C:\Windows\System\Befajji.exe
  C:\Windows\System\Befajji.exe
  2⤵
  PID:4368
- C:\Windows\System\ZYzlNcb.exe
  C:\Windows\System\ZYzlNcb.exe
  2⤵
  PID:4400
- C:\Windows\System\qNobHMf.exe
  C:\Windows\System\qNobHMf.exe
  2⤵
  PID:4448
- C:\Windows\System\BIEQeSd.exe
  C:\Windows\System\BIEQeSd.exe
  2⤵
  PID:4480
- C:\Windows\System\ShZkGyl.exe
  C:\Windows\System\ShZkGyl.exe
  2⤵
  PID:4496
- C:\Windows\System\cVzpVjA.exe
  C:\Windows\System\cVzpVjA.exe
  2⤵
  PID:4528
- C:\Windows\System\svLspOZ.exe
  C:\Windows\System\svLspOZ.exe
  2⤵
  PID:4560
- C:\Windows\System\NgcvXHx.exe
  C:\Windows\System\NgcvXHx.exe
  2⤵
  PID:4592
- C:\Windows\System\uGElqgQ.exe
  C:\Windows\System\uGElqgQ.exe
  2⤵
  PID:4628
- C:\Windows\System\nsKQBaS.exe
  C:\Windows\System\nsKQBaS.exe
  2⤵
  PID:4676
- C:\Windows\System\vAWTcKR.exe
  C:\Windows\System\vAWTcKR.exe
  2⤵
  PID:4692
- C:\Windows\System\iVskOzY.exe
  C:\Windows\System\iVskOzY.exe
  2⤵
  PID:4724
- C:\Windows\System\iYlnMlk.exe
  C:\Windows\System\iYlnMlk.exe
  2⤵
  PID:4756
- C:\Windows\System\LErUesv.exe
  C:\Windows\System\LErUesv.exe
  2⤵
  PID:4788
- C:\Windows\System\tEstBgn.exe
  C:\Windows\System\tEstBgn.exe
  2⤵
  PID:4820
- C:\Windows\System\vgTPewm.exe
  C:\Windows\System\vgTPewm.exe
  2⤵
  PID:4852
- C:\Windows\System\DdwVJVh.exe
  C:\Windows\System\DdwVJVh.exe
  2⤵
  PID:4888
- C:\Windows\System\WuOEozA.exe
  C:\Windows\System\WuOEozA.exe
  2⤵
  PID:4920
- C:\Windows\System\yuZDLJN.exe
  C:\Windows\System\yuZDLJN.exe
  2⤵
  PID:4952
- C:\Windows\System\PQKedNQ.exe
  C:\Windows\System\PQKedNQ.exe
  2⤵
  PID:4988
- C:\Windows\System\zYlztYU.exe
  C:\Windows\System\zYlztYU.exe
  2⤵
  PID:5020
- C:\Windows\System\FdsTyQv.exe
  C:\Windows\System\FdsTyQv.exe
  2⤵
  PID:5052
- C:\Windows\System\pBRXOWC.exe
  C:\Windows\System\pBRXOWC.exe
  2⤵
  PID:5096
- C:\Windows\System\JctaTlk.exe
  C:\Windows\System\JctaTlk.exe
  2⤵
  PID:5116
- C:\Windows\System\FUWtZcM.exe
  C:\Windows\System\FUWtZcM.exe
  2⤵
  PID:3680
- C:\Windows\System\LbHhEQL.exe
  C:\Windows\System\LbHhEQL.exe
  2⤵
  PID:3988
- C:\Windows\System\AlvCiJB.exe
  C:\Windows\System\AlvCiJB.exe
  2⤵
  PID:2464
- C:\Windows\System\zxSXyTZ.exe
  C:\Windows\System\zxSXyTZ.exe
  2⤵
  PID:3488
- C:\Windows\System\RMBBlim.exe
  C:\Windows\System\RMBBlim.exe
  2⤵
  PID:4160
- C:\Windows\System\LXyLtVo.exe
  C:\Windows\System\LXyLtVo.exe
  2⤵
  PID:4228
- C:\Windows\System\hWhILxB.exe
  C:\Windows\System\hWhILxB.exe
  2⤵
  PID:4292
- C:\Windows\System\bztHnLk.exe
  C:\Windows\System\bztHnLk.exe
  2⤵
  PID:4356
- C:\Windows\System\gwdlTYW.exe
  C:\Windows\System\gwdlTYW.exe
  2⤵
  PID:4420
- C:\Windows\System\pNJqnBI.exe
  C:\Windows\System\pNJqnBI.exe
  2⤵
  PID:4192
- C:\Windows\System\vtdSlAP.exe
  C:\Windows\System\vtdSlAP.exe
  2⤵
  PID:4532
- C:\Windows\System\PMKyZOQ.exe
  C:\Windows\System\PMKyZOQ.exe
  2⤵
  PID:4616
- C:\Windows\System\BWcLyhi.exe
  C:\Windows\System\BWcLyhi.exe
  2⤵
  PID:4680
- C:\Windows\System\JjilSVB.exe
  C:\Windows\System\JjilSVB.exe
  2⤵
  PID:4744
- C:\Windows\System\txZdlcA.exe
  C:\Windows\System\txZdlcA.exe
  2⤵
  PID:4824
- C:\Windows\System\BcABPnr.exe
  C:\Windows\System\BcABPnr.exe
  2⤵
  PID:4876
- C:\Windows\System\sZEhuCf.exe
  C:\Windows\System\sZEhuCf.exe
  2⤵
  PID:4940
- C:\Windows\System\IUdorqQ.exe
  C:\Windows\System\IUdorqQ.exe
  2⤵
  PID:5016
- C:\Windows\System\HIRrbxW.exe
  C:\Windows\System\HIRrbxW.exe
  2⤵
  PID:5132
- C:\Windows\System\BcHKitd.exe
  C:\Windows\System\BcHKitd.exe
  2⤵
  PID:5148
- C:\Windows\System\xiZpaBt.exe
  C:\Windows\System\xiZpaBt.exe
  2⤵
  PID:5164
- C:\Windows\System\zpBkrPe.exe
  C:\Windows\System\zpBkrPe.exe
  2⤵
  PID:5180
- C:\Windows\System\RqpDMiW.exe
  C:\Windows\System\RqpDMiW.exe
  2⤵
  PID:5196
- C:\Windows\System\wqAUkpz.exe
  C:\Windows\System\wqAUkpz.exe
  2⤵
  PID:5212
- C:\Windows\System\klQzYMQ.exe
  C:\Windows\System\klQzYMQ.exe
  2⤵
  PID:5228
- C:\Windows\System\ERRbAiw.exe
  C:\Windows\System\ERRbAiw.exe
  2⤵
  PID:5244
- C:\Windows\System\hVRQnAm.exe
  C:\Windows\System\hVRQnAm.exe
  2⤵
  PID:5260
- C:\Windows\System\LYIltUC.exe
  C:\Windows\System\LYIltUC.exe
  2⤵
  PID:5276
- C:\Windows\System\ZqZOdGU.exe
  C:\Windows\System\ZqZOdGU.exe
  2⤵
  PID:5292
- C:\Windows\System\YbBWtXB.exe
  C:\Windows\System\YbBWtXB.exe
  2⤵
  PID:5308
- C:\Windows\System\xPewCGF.exe
  C:\Windows\System\xPewCGF.exe
  2⤵
  PID:5324
- C:\Windows\System\otNclSv.exe
  C:\Windows\System\otNclSv.exe
  2⤵
  PID:5340
- C:\Windows\System\FAobXfH.exe
  C:\Windows\System\FAobXfH.exe
  2⤵
  PID:5356
- C:\Windows\System\ZSXCUbh.exe
  C:\Windows\System\ZSXCUbh.exe
  2⤵
  PID:5372
- C:\Windows\System\pOpSHHX.exe
  C:\Windows\System\pOpSHHX.exe
  2⤵
  PID:5388
- C:\Windows\System\mEkiCZc.exe
  C:\Windows\System\mEkiCZc.exe
  2⤵
  PID:5404
- C:\Windows\System\SwxAdfR.exe
  C:\Windows\System\SwxAdfR.exe
  2⤵
  PID:5420
- C:\Windows\System\BEYSJcy.exe
  C:\Windows\System\BEYSJcy.exe
  2⤵
  PID:5436
- C:\Windows\System\dHOrXta.exe
  C:\Windows\System\dHOrXta.exe
  2⤵
  PID:5452
- C:\Windows\System\flyDYDz.exe
  C:\Windows\System\flyDYDz.exe
  2⤵
  PID:5468
- C:\Windows\System\XrXAtxF.exe
  C:\Windows\System\XrXAtxF.exe
  2⤵
  PID:5484
- C:\Windows\System\dCkwMRH.exe
  C:\Windows\System\dCkwMRH.exe
  2⤵
  PID:5500
- C:\Windows\System\TRHorcl.exe
  C:\Windows\System\TRHorcl.exe
  2⤵
  PID:5516
- C:\Windows\System\mpaLAxa.exe
  C:\Windows\System\mpaLAxa.exe
  2⤵
  PID:5532
- C:\Windows\System\MyCzGkL.exe
  C:\Windows\System\MyCzGkL.exe
  2⤵
  PID:5548
- C:\Windows\System\AFeGZmj.exe
  C:\Windows\System\AFeGZmj.exe
  2⤵
  PID:5564
- C:\Windows\System\YRrxvSD.exe
  C:\Windows\System\YRrxvSD.exe
  2⤵
  PID:5580
- C:\Windows\System\zzVlRKR.exe
  C:\Windows\System\zzVlRKR.exe
  2⤵
  PID:5596
- C:\Windows\System\QzlqoKD.exe
  C:\Windows\System\QzlqoKD.exe
  2⤵
  PID:5612
- C:\Windows\System\DeBJAuJ.exe
  C:\Windows\System\DeBJAuJ.exe
  2⤵
  PID:5628
- C:\Windows\System\gEpBsmE.exe
  C:\Windows\System\gEpBsmE.exe
  2⤵
  PID:5644
- C:\Windows\System\RwSMiyP.exe
  C:\Windows\System\RwSMiyP.exe
  2⤵
  PID:5660
- C:\Windows\System\NkeZaMv.exe
  C:\Windows\System\NkeZaMv.exe
  2⤵
  PID:5680
- C:\Windows\System\uwPmxki.exe
  C:\Windows\System\uwPmxki.exe
  2⤵
  PID:5696
- C:\Windows\System\xZuUkjc.exe
  C:\Windows\System\xZuUkjc.exe
  2⤵
  PID:5712
- C:\Windows\System\rNGwCBm.exe
  C:\Windows\System\rNGwCBm.exe
  2⤵
  PID:5732
- C:\Windows\System\gItTBMB.exe
  C:\Windows\System\gItTBMB.exe
  2⤵
  PID:5748
- C:\Windows\System\UigrNZB.exe
  C:\Windows\System\UigrNZB.exe
  2⤵
  PID:5764
- C:\Windows\System\UGFqFYT.exe
  C:\Windows\System\UGFqFYT.exe
  2⤵
  PID:5780
- C:\Windows\System\NPgxoop.exe
  C:\Windows\System\NPgxoop.exe
  2⤵
  PID:5796
- C:\Windows\System\KhDwfAG.exe
  C:\Windows\System\KhDwfAG.exe
  2⤵
  PID:5812
- C:\Windows\System\WvSFvtL.exe
  C:\Windows\System\WvSFvtL.exe
  2⤵
  PID:5828
- C:\Windows\System\ZUYGZxD.exe
  C:\Windows\System\ZUYGZxD.exe
  2⤵
  PID:5844
- C:\Windows\System\Nogvrgu.exe
  C:\Windows\System\Nogvrgu.exe
  2⤵
  PID:5860
- C:\Windows\System\qMxEOwJ.exe
  C:\Windows\System\qMxEOwJ.exe
  2⤵
  PID:5876
- C:\Windows\System\TCGGwkH.exe
  C:\Windows\System\TCGGwkH.exe
  2⤵
  PID:5892
- C:\Windows\System\SAOlDuA.exe
  C:\Windows\System\SAOlDuA.exe
  2⤵
  PID:5908
- C:\Windows\System\oWxLJki.exe
  C:\Windows\System\oWxLJki.exe
  2⤵
  PID:5924
- C:\Windows\System\mJkjBdU.exe
  C:\Windows\System\mJkjBdU.exe
  2⤵
  PID:5940
- C:\Windows\System\ZyRFINr.exe
  C:\Windows\System\ZyRFINr.exe
  2⤵
  PID:5956
- C:\Windows\System\YGQRyNo.exe
  C:\Windows\System\YGQRyNo.exe
  2⤵
  PID:5972
- C:\Windows\System\ieCAvAf.exe
  C:\Windows\System\ieCAvAf.exe
  2⤵
  PID:5988
- C:\Windows\System\kTxywaC.exe
  C:\Windows\System\kTxywaC.exe
  2⤵
  PID:6004
- C:\Windows\System\jKKnoSk.exe
  C:\Windows\System\jKKnoSk.exe
  2⤵
  PID:6020
- C:\Windows\System\BroBvPM.exe
  C:\Windows\System\BroBvPM.exe
  2⤵
  PID:6036
- C:\Windows\System\QuqCTvE.exe
  C:\Windows\System\QuqCTvE.exe
  2⤵
  PID:6052
- C:\Windows\System\sZwUQEj.exe
  C:\Windows\System\sZwUQEj.exe
  2⤵
  PID:6068
- C:\Windows\System\MfuNypD.exe
  C:\Windows\System\MfuNypD.exe
  2⤵
  PID:6084
- C:\Windows\System\QmZRmoa.exe
  C:\Windows\System\QmZRmoa.exe
  2⤵
  PID:6100
- C:\Windows\System\CnzOYPB.exe
  C:\Windows\System\CnzOYPB.exe
  2⤵
  PID:6116
- C:\Windows\System\CIfgoWh.exe
  C:\Windows\System\CIfgoWh.exe
  2⤵
  PID:6132
- C:\Windows\System\seWHfXT.exe
  C:\Windows\System\seWHfXT.exe
  2⤵
  PID:5068
- C:\Windows\System\DVqNnRc.exe
  C:\Windows\System\DVqNnRc.exe
  2⤵
  PID:4860
- C:\Windows\System\GdVxxoW.exe
  C:\Windows\System\GdVxxoW.exe
  2⤵
  PID:4072
- C:\Windows\System\OSQYbBP.exe
  C:\Windows\System\OSQYbBP.exe
  2⤵
  PID:4128
- C:\Windows\System\eHZRoBr.exe
  C:\Windows\System\eHZRoBr.exe
  2⤵
  PID:4260
- C:\Windows\System\REFMkyC.exe
  C:\Windows\System\REFMkyC.exe
  2⤵
  PID:4384
- C:\Windows\System\YViTuAr.exe
  C:\Windows\System\YViTuAr.exe
  2⤵
  PID:4516
- C:\Windows\System\yPEoraK.exe
  C:\Windows\System\yPEoraK.exe
  2⤵
  PID:4648
- C:\Windows\System\wUHWgEX.exe
  C:\Windows\System\wUHWgEX.exe
  2⤵
  PID:4776
- C:\Windows\System\sHxhfBh.exe
  C:\Windows\System\sHxhfBh.exe
  2⤵
  PID:4908
- C:\Windows\System\JPdBplO.exe
  C:\Windows\System\JPdBplO.exe
  2⤵
  PID:5124
- C:\Windows\System\hhDlhJX.exe
  C:\Windows\System\hhDlhJX.exe
  2⤵
  PID:5144
- C:\Windows\System\rNJQmwH.exe
  C:\Windows\System\rNJQmwH.exe
  2⤵
  PID:5176
- C:\Windows\System\AAhebBL.exe
  C:\Windows\System\AAhebBL.exe
  2⤵
  PID:5208
- C:\Windows\System\zllhyJY.exe
  C:\Windows\System\zllhyJY.exe
  2⤵
  PID:5240
- C:\Windows\System\OxmfhsM.exe
  C:\Windows\System\OxmfhsM.exe
  2⤵
  PID:5272
- C:\Windows\System\KKQgxsU.exe
  C:\Windows\System\KKQgxsU.exe
  2⤵
  PID:5304
- C:\Windows\System\mdxBgcY.exe
  C:\Windows\System\mdxBgcY.exe
  2⤵
  PID:5336
- C:\Windows\System\FEXNTBi.exe
  C:\Windows\System\FEXNTBi.exe
  2⤵
  PID:5380
- C:\Windows\System\dAqCRjZ.exe
  C:\Windows\System\dAqCRjZ.exe
  2⤵
  PID:5412
- C:\Windows\System\IUnzmWB.exe
  C:\Windows\System\IUnzmWB.exe
  2⤵
  PID:5444
- C:\Windows\System\dEEJavJ.exe
  C:\Windows\System\dEEJavJ.exe
  2⤵
  PID:5476
- C:\Windows\System\DeKGWXj.exe
  C:\Windows\System\DeKGWXj.exe
  2⤵
  PID:5508
- C:\Windows\System\lkLXkyL.exe
  C:\Windows\System\lkLXkyL.exe
  2⤵
  PID:5540
- C:\Windows\System\kxVBsZF.exe
  C:\Windows\System\kxVBsZF.exe
  2⤵
  PID:5588
- C:\Windows\System\qtBFOpq.exe
  C:\Windows\System\qtBFOpq.exe
  2⤵
  PID:5608
- C:\Windows\System\rcNMXDF.exe
  C:\Windows\System\rcNMXDF.exe
  2⤵
  PID:5640
- C:\Windows\System\gnamrqR.exe
  C:\Windows\System\gnamrqR.exe
  2⤵
  PID:5672
- C:\Windows\System\yAvrBPQ.exe
  C:\Windows\System\yAvrBPQ.exe
  2⤵
  PID:5708
- C:\Windows\System\gkjIPVm.exe
  C:\Windows\System\gkjIPVm.exe
  2⤵
  PID:5744
- C:\Windows\System\CCFGOvi.exe
  C:\Windows\System\CCFGOvi.exe
  2⤵
  PID:5776
- C:\Windows\System\pCzBTvE.exe
  C:\Windows\System\pCzBTvE.exe
  2⤵
  PID:5808
- C:\Windows\System\GkodUJL.exe
  C:\Windows\System\GkodUJL.exe
  2⤵
  PID:5840
- C:\Windows\System\vUzbQzY.exe
  C:\Windows\System\vUzbQzY.exe
  2⤵
  PID:5872
- C:\Windows\System\cIERANp.exe
  C:\Windows\System\cIERANp.exe
  2⤵
  PID:5904
- C:\Windows\System\ZvfwHwE.exe
  C:\Windows\System\ZvfwHwE.exe
  2⤵
  PID:5936
- C:\Windows\System\Wouhswr.exe
  C:\Windows\System\Wouhswr.exe
  2⤵
  PID:5968
- C:\Windows\System\SIQuoBY.exe
  C:\Windows\System\SIQuoBY.exe
  2⤵
  PID:6000
- C:\Windows\System\spDZpjv.exe
  C:\Windows\System\spDZpjv.exe
  2⤵
  PID:6028
- C:\Windows\System\HwinHil.exe
  C:\Windows\System\HwinHil.exe
  2⤵
  PID:6060
- C:\Windows\System\xzmUTGl.exe
  C:\Windows\System\xzmUTGl.exe
  2⤵
  PID:6092
- C:\Windows\System\cyAwary.exe
  C:\Windows\System\cyAwary.exe
  2⤵
  PID:6124
- C:\Windows\System\uPnhVKt.exe
  C:\Windows\System\uPnhVKt.exe
  2⤵
  PID:5100
- C:\Windows\System\vpIReRt.exe
  C:\Windows\System\vpIReRt.exe
  2⤵
  PID:3296
- C:\Windows\System\oNTjMfr.exe
  C:\Windows\System\oNTjMfr.exe
  2⤵
  PID:4324
- C:\Windows\System\hTnYFnW.exe
  C:\Windows\System\hTnYFnW.exe
  2⤵
  PID:4580
- C:\Windows\System\brhXcLJ.exe
  C:\Windows\System\brhXcLJ.exe
  2⤵
  PID:4840
- C:\Windows\System\SKFktjN.exe
  C:\Windows\System\SKFktjN.exe
  2⤵
  PID:5128
- C:\Windows\System\EOVwimd.exe
  C:\Windows\System\EOVwimd.exe
  2⤵
  PID:5192
- C:\Windows\System\VHbAwzs.exe
  C:\Windows\System\VHbAwzs.exe
  2⤵
  PID:5252
- C:\Windows\System\QpYJtwZ.exe
  C:\Windows\System\QpYJtwZ.exe
  2⤵
  PID:5320
- C:\Windows\System\IZKdlQy.exe
  C:\Windows\System\IZKdlQy.exe
  2⤵
  PID:5396
- C:\Windows\System\tDPEqqy.exe
  C:\Windows\System\tDPEqqy.exe
  2⤵
  PID:5448
- C:\Windows\System\nwsxmJT.exe
  C:\Windows\System\nwsxmJT.exe
  2⤵
  PID:5524
- C:\Windows\System\fMWpeCT.exe
  C:\Windows\System\fMWpeCT.exe
  2⤵
  PID:5592
- C:\Windows\System\zrBMuTF.exe
  C:\Windows\System\zrBMuTF.exe
  2⤵
  PID:5656
- C:\Windows\System\QjHfLOI.exe
  C:\Windows\System\QjHfLOI.exe
  2⤵
  PID:5724
- C:\Windows\System\JAdQUrS.exe
  C:\Windows\System\JAdQUrS.exe
  2⤵
  PID:5792
- C:\Windows\System\pCXEkzD.exe
  C:\Windows\System\pCXEkzD.exe
  2⤵
  PID:5888
- C:\Windows\System\kvIRmeq.exe
  C:\Windows\System\kvIRmeq.exe
  2⤵
  PID:5952
- C:\Windows\System\pycSSvd.exe
  C:\Windows\System\pycSSvd.exe
  2⤵
  PID:5996
- C:\Windows\System\iDRjtzP.exe
  C:\Windows\System\iDRjtzP.exe
  2⤵
  PID:6048
- C:\Windows\System\MpkAxMI.exe
  C:\Windows\System\MpkAxMI.exe
  2⤵
  PID:6112
- C:\Windows\System\PDHQMdZ.exe
  C:\Windows\System\PDHQMdZ.exe
  2⤵
  PID:3908
- C:\Windows\System\LFHfkYJ.exe
  C:\Windows\System\LFHfkYJ.exe
  2⤵
  PID:4452
- C:\Windows\System\gwRPuih.exe
  C:\Windows\System\gwRPuih.exe
  2⤵
  PID:4972
- C:\Windows\System\jIAxtad.exe
  C:\Windows\System\jIAxtad.exe
  2⤵
  PID:6156
- C:\Windows\System\hUCbYaq.exe
  C:\Windows\System\hUCbYaq.exe
  2⤵
  PID:6172
- C:\Windows\System\rEAGwtX.exe
  C:\Windows\System\rEAGwtX.exe
  2⤵
  PID:6188
- C:\Windows\System\qDJmhGV.exe
  C:\Windows\System\qDJmhGV.exe
  2⤵
  PID:6204
- C:\Windows\System\qfGynVs.exe
  C:\Windows\System\qfGynVs.exe
  2⤵
  PID:6220
- C:\Windows\System\ElCPfAH.exe
  C:\Windows\System\ElCPfAH.exe
  2⤵
  PID:6236
- C:\Windows\System\qcKitks.exe
  C:\Windows\System\qcKitks.exe
  2⤵
  PID:6252
- C:\Windows\System\Vsfxqzk.exe
  C:\Windows\System\Vsfxqzk.exe
  2⤵
  PID:6268
- C:\Windows\System\GUueXwC.exe
  C:\Windows\System\GUueXwC.exe
  2⤵
  PID:6288
- C:\Windows\System\fmnUlQq.exe
  C:\Windows\System\fmnUlQq.exe
  2⤵
  PID:6304
- C:\Windows\System\cjzOiPu.exe
  C:\Windows\System\cjzOiPu.exe
  2⤵
  PID:6320
- C:\Windows\System\ligjbac.exe
  C:\Windows\System\ligjbac.exe
  2⤵
  PID:6336
- C:\Windows\System\LDLeaiZ.exe
  C:\Windows\System\LDLeaiZ.exe
  2⤵
  PID:6352
- C:\Windows\System\KYrhpBf.exe
  C:\Windows\System\KYrhpBf.exe
  2⤵
  PID:6368
- C:\Windows\System\iehgMou.exe
  C:\Windows\System\iehgMou.exe
  2⤵
  PID:6384
- C:\Windows\System\LfUwgLm.exe
  C:\Windows\System\LfUwgLm.exe
  2⤵
  PID:6400
- C:\Windows\System\TlfeGcf.exe
  C:\Windows\System\TlfeGcf.exe
  2⤵
  PID:6416
- C:\Windows\System\HoZkdre.exe
  C:\Windows\System\HoZkdre.exe
  2⤵
  PID:6432
- C:\Windows\System\QPkkWxx.exe
  C:\Windows\System\QPkkWxx.exe
  2⤵
  PID:6448
- C:\Windows\System\ISOlTQH.exe
  C:\Windows\System\ISOlTQH.exe
  2⤵
  PID:6464
- C:\Windows\System\IRCxrvX.exe
  C:\Windows\System\IRCxrvX.exe
  2⤵
  PID:6480
- C:\Windows\System\PnjFxDY.exe
  C:\Windows\System\PnjFxDY.exe
  2⤵
  PID:6496
- C:\Windows\System\KxnwqcJ.exe
  C:\Windows\System\KxnwqcJ.exe
  2⤵
  PID:6512
- C:\Windows\System\GUmdZHF.exe
  C:\Windows\System\GUmdZHF.exe
  2⤵
  PID:6528
- C:\Windows\System\ncQfExo.exe
  C:\Windows\System\ncQfExo.exe
  2⤵
  PID:6544
- C:\Windows\System\VqVpjeb.exe
  C:\Windows\System\VqVpjeb.exe
  2⤵
  PID:6560
- C:\Windows\System\JDjgxxI.exe
  C:\Windows\System\JDjgxxI.exe
  2⤵
  PID:6576
- C:\Windows\System\wgoaVcl.exe
  C:\Windows\System\wgoaVcl.exe
  2⤵
  PID:6592
- C:\Windows\System\rDLAPwD.exe
  C:\Windows\System\rDLAPwD.exe
  2⤵
  PID:6608
- C:\Windows\System\jiZvAQA.exe
  C:\Windows\System\jiZvAQA.exe
  2⤵
  PID:6624
- C:\Windows\System\FIAqevo.exe
  C:\Windows\System\FIAqevo.exe
  2⤵
  PID:6640
- C:\Windows\System\TzTdjEU.exe
  C:\Windows\System\TzTdjEU.exe
  2⤵
  PID:6656
- C:\Windows\System\GZrhETJ.exe
  C:\Windows\System\GZrhETJ.exe
  2⤵
  PID:6672
- C:\Windows\System\WJdjUeJ.exe
  C:\Windows\System\WJdjUeJ.exe
  2⤵
  PID:6688
- C:\Windows\System\UzQoCig.exe
  C:\Windows\System\UzQoCig.exe
  2⤵
  PID:6704
- C:\Windows\System\SrSSHqm.exe
  C:\Windows\System\SrSSHqm.exe
  2⤵
  PID:6720
- C:\Windows\System\nZPSUyE.exe
  C:\Windows\System\nZPSUyE.exe
  2⤵
  PID:6736
- C:\Windows\System\zqUhHXL.exe
  C:\Windows\System\zqUhHXL.exe
  2⤵
  PID:6752
- C:\Windows\System\tChcUSn.exe
  C:\Windows\System\tChcUSn.exe
  2⤵
  PID:6768
- C:\Windows\System\iExPrQu.exe
  C:\Windows\System\iExPrQu.exe
  2⤵
  PID:6784
- C:\Windows\System\MUKQUjg.exe
  C:\Windows\System\MUKQUjg.exe
  2⤵
  PID:6800
- C:\Windows\System\ipjevaF.exe
  C:\Windows\System\ipjevaF.exe
  2⤵
  PID:6816
- C:\Windows\System\YSytMrY.exe
  C:\Windows\System\YSytMrY.exe
  2⤵
  PID:6832
- C:\Windows\System\tYzAzQQ.exe
  C:\Windows\System\tYzAzQQ.exe
  2⤵
  PID:6848
- C:\Windows\System\fRtQMwN.exe
  C:\Windows\System\fRtQMwN.exe
  2⤵
  PID:6864
- C:\Windows\System\iidDpmw.exe
  C:\Windows\System\iidDpmw.exe
  2⤵
  PID:6880
- C:\Windows\System\ACNJuYf.exe
  C:\Windows\System\ACNJuYf.exe
  2⤵
  PID:6896
- C:\Windows\System\ppQbkOw.exe
  C:\Windows\System\ppQbkOw.exe
  2⤵
  PID:6912
- C:\Windows\System\dcUNffn.exe
  C:\Windows\System\dcUNffn.exe
  2⤵
  PID:6928
- C:\Windows\System\pIffRRN.exe
  C:\Windows\System\pIffRRN.exe
  2⤵
  PID:6944
- C:\Windows\System\OsXHAML.exe
  C:\Windows\System\OsXHAML.exe
  2⤵
  PID:6960
- C:\Windows\System\WDtGjcw.exe
  C:\Windows\System\WDtGjcw.exe
  2⤵
  PID:6980
- C:\Windows\System\KNRGhqL.exe
  C:\Windows\System\KNRGhqL.exe
  2⤵
  PID:6996
- C:\Windows\System\Lladajn.exe
  C:\Windows\System\Lladajn.exe
  2⤵
  PID:7012
- C:\Windows\System\kKdhwNi.exe
  C:\Windows\System\kKdhwNi.exe
  2⤵
  PID:7028
- C:\Windows\System\ypdOtkB.exe
  C:\Windows\System\ypdOtkB.exe
  2⤵
  PID:7044
- C:\Windows\System\puwUZic.exe
  C:\Windows\System\puwUZic.exe
  2⤵
  PID:7060
- C:\Windows\System\SUyuocN.exe
  C:\Windows\System\SUyuocN.exe
  2⤵
  PID:7076
- C:\Windows\System\LfaXtZE.exe
  C:\Windows\System\LfaXtZE.exe
  2⤵
  PID:7092
- C:\Windows\System\nKGfWNn.exe
  C:\Windows\System\nKGfWNn.exe
  2⤵
  PID:7112
- C:\Windows\System\cmPiank.exe
  C:\Windows\System\cmPiank.exe
  2⤵
  PID:7128
- C:\Windows\System\EbHXuTB.exe
  C:\Windows\System\EbHXuTB.exe
  2⤵
  PID:7144
- C:\Windows\System\WRxBnDx.exe
  C:\Windows\System\WRxBnDx.exe
  2⤵
  PID:7160
- C:\Windows\System\PvjVJFk.exe
  C:\Windows\System\PvjVJFk.exe
  2⤵
  PID:5224
- C:\Windows\System\vQXkksS.exe
  C:\Windows\System\vQXkksS.exe
  2⤵
  PID:5352
- C:\Windows\System\lGeSVMF.exe
  C:\Windows\System\lGeSVMF.exe
  2⤵
  PID:5492
- C:\Windows\System\yQhzRxB.exe
  C:\Windows\System\yQhzRxB.exe
  2⤵
  PID:5624
- C:\Windows\System\JLiTIsD.exe
  C:\Windows\System\JLiTIsD.exe
  2⤵
  PID:5740
- C:\Windows\System\iIJNcXm.exe
  C:\Windows\System\iIJNcXm.exe
  2⤵
  PID:5900
- C:\Windows\System\lRAsmVy.exe
  C:\Windows\System\lRAsmVy.exe
  2⤵
  PID:6016
- C:\Windows\System\xZddQwP.exe
  C:\Windows\System\xZddQwP.exe
  2⤵
  PID:5048
- C:\Windows\System\HwUCJqA.exe
  C:\Windows\System\HwUCJqA.exe
  2⤵
  PID:4712
- C:\Windows\System\jKXqOrQ.exe
  C:\Windows\System\jKXqOrQ.exe
  2⤵
  PID:6164
- C:\Windows\System\fnqDBsy.exe
  C:\Windows\System\fnqDBsy.exe
  2⤵
  PID:6196
- C:\Windows\System\rfsUOjh.exe
  C:\Windows\System\rfsUOjh.exe
  2⤵
  PID:2780
- C:\Windows\System\btEWknw.exe
  C:\Windows\System\btEWknw.exe
  2⤵
  PID:6244
- C:\Windows\System\pBhLBXH.exe
  C:\Windows\System\pBhLBXH.exe
  2⤵
  PID:6276
- C:\Windows\System\OzCFOBp.exe
  C:\Windows\System\OzCFOBp.exe
  2⤵
  PID:6312
- C:\Windows\System\trTWcPX.exe
  C:\Windows\System\trTWcPX.exe
  2⤵
  PID:6344
- C:\Windows\System\nYyzUCh.exe
  C:\Windows\System\nYyzUCh.exe
  2⤵
  PID:6376
- C:\Windows\System\dPUVjzi.exe
  C:\Windows\System\dPUVjzi.exe
  2⤵
  PID:6396
- C:\Windows\System\yOLSMQg.exe
  C:\Windows\System\yOLSMQg.exe
  2⤵
  PID:6440
- C:\Windows\System\WCQJSCS.exe
  C:\Windows\System\WCQJSCS.exe
  2⤵
  PID:6460
- C:\Windows\System\HeJjOcr.exe
  C:\Windows\System\HeJjOcr.exe
  2⤵
  PID:6504
- C:\Windows\System\LATsctv.exe
  C:\Windows\System\LATsctv.exe
  2⤵
  PID:6536
- C:\Windows\System\wTxYIGz.exe
  C:\Windows\System\wTxYIGz.exe
  2⤵
  PID:6568
- C:\Windows\System\ZemtFvd.exe
  C:\Windows\System\ZemtFvd.exe
  2⤵
  PID:6588
- C:\Windows\System\wquisXk.exe
  C:\Windows\System\wquisXk.exe
  2⤵
  PID:6620
- C:\Windows\System\ndkcbRd.exe
  C:\Windows\System\ndkcbRd.exe
  2⤵
  PID:6664
- C:\Windows\System\UBnUiTS.exe
  C:\Windows\System\UBnUiTS.exe
  2⤵
  PID:6684
- C:\Windows\System\aQBlQYq.exe
  C:\Windows\System\aQBlQYq.exe
  2⤵
  PID:6728
- C:\Windows\System\HZRpkBC.exe
  C:\Windows\System\HZRpkBC.exe
  2⤵
  PID:6748
- C:\Windows\System\qUsWfPK.exe
  C:\Windows\System\qUsWfPK.exe
  2⤵
  PID:6780
- C:\Windows\System\jLzHzfn.exe
  C:\Windows\System\jLzHzfn.exe
  2⤵
  PID:6812
- C:\Windows\System\QFwymYP.exe
  C:\Windows\System\QFwymYP.exe
  2⤵
  PID:6844
- C:\Windows\System\VaaDijp.exe
  C:\Windows\System\VaaDijp.exe
  2⤵
  PID:6876
- C:\Windows\System\wfHPNpk.exe
  C:\Windows\System\wfHPNpk.exe
  2⤵
  PID:6920
- C:\Windows\System\uLLKQwe.exe
  C:\Windows\System\uLLKQwe.exe
  2⤵
  PID:6940
- C:\Windows\System\AVlDgFu.exe
  C:\Windows\System\AVlDgFu.exe
  2⤵
  PID:6976
- C:\Windows\System\dcpfCWs.exe
  C:\Windows\System\dcpfCWs.exe
  2⤵
  PID:7020
- C:\Windows\System\AMtjnyC.exe
  C:\Windows\System\AMtjnyC.exe
  2⤵
  PID:7040
- C:\Windows\System\SMqlwwU.exe
  C:\Windows\System\SMqlwwU.exe
  2⤵
  PID:7072
- C:\Windows\System\uBxxFRI.exe
  C:\Windows\System\uBxxFRI.exe
  2⤵
  PID:7120
- C:\Windows\System\hCKCsum.exe
  C:\Windows\System\hCKCsum.exe
  2⤵
  PID:7152
- C:\Windows\System\Aeihkgy.exe
  C:\Windows\System\Aeihkgy.exe
  2⤵
  PID:5172
- C:\Windows\System\abxIpWu.exe
  C:\Windows\System\abxIpWu.exe
  2⤵
  PID:5556
- C:\Windows\System\ZeYTkrd.exe
  C:\Windows\System\ZeYTkrd.exe
  2⤵
  PID:5824
- C:\Windows\System\EBgiPIl.exe
  C:\Windows\System\EBgiPIl.exe
  2⤵
  PID:5984
- C:\Windows\System\QXLpDrd.exe
  C:\Windows\System\QXLpDrd.exe
  2⤵
  PID:4208
- C:\Windows\System\eqGhbjN.exe
  C:\Windows\System\eqGhbjN.exe
  2⤵
  PID:6216
- C:\Windows\System\XZVkHVf.exe
  C:\Windows\System\XZVkHVf.exe
  2⤵
  PID:6260
- C:\Windows\System\biaaEbN.exe
  C:\Windows\System\biaaEbN.exe
  2⤵
  PID:6328
- C:\Windows\System\VxVLCYo.exe
  C:\Windows\System\VxVLCYo.exe
  2⤵
  PID:6364
- C:\Windows\System\GqepUzh.exe
  C:\Windows\System\GqepUzh.exe
  2⤵
  PID:6428
- C:\Windows\System\hsbierP.exe
  C:\Windows\System\hsbierP.exe
  2⤵
  PID:6488
- C:\Windows\System\tbqdOOs.exe
  C:\Windows\System\tbqdOOs.exe
  2⤵
  PID:6552
- C:\Windows\System\iGabQGs.exe
  C:\Windows\System\iGabQGs.exe
  2⤵
  PID:6604
- C:\Windows\System\anUbnGP.exe
  C:\Windows\System\anUbnGP.exe
  2⤵
  PID:6668
- C:\Windows\System\gOUBSrq.exe
  C:\Windows\System\gOUBSrq.exe
  2⤵
  PID:6732
- C:\Windows\System\owUZViZ.exe
  C:\Windows\System\owUZViZ.exe
  2⤵
  PID:6808
- C:\Windows\System\Ugaypko.exe
  C:\Windows\System\Ugaypko.exe
  2⤵
  PID:6872
- C:\Windows\System\WEDIJnk.exe
  C:\Windows\System\WEDIJnk.exe
  2⤵
  PID:6936
- C:\Windows\System\nQpFQhk.exe
  C:\Windows\System\nQpFQhk.exe
  2⤵
  PID:7004
- C:\Windows\System\gqcqIGV.exe
  C:\Windows\System\gqcqIGV.exe
  2⤵
  PID:7068
- C:\Windows\System\FqhYHKc.exe
  C:\Windows\System\FqhYHKc.exe
  2⤵
  PID:7136
- C:\Windows\System\xdcHmEv.exe
  C:\Windows\System\xdcHmEv.exe
  2⤵
  PID:5416
- C:\Windows\System\kSMWYav.exe
  C:\Windows\System\kSMWYav.exe
  2⤵
  PID:5964
- C:\Windows\System\QsfcEwL.exe
  C:\Windows\System\QsfcEwL.exe
  2⤵
  PID:6168
- C:\Windows\System\fJDZgpW.exe
  C:\Windows\System\fJDZgpW.exe
  2⤵
  PID:6296
- C:\Windows\System\UHRJdPp.exe
  C:\Windows\System\UHRJdPp.exe
  2⤵
  PID:7176
- C:\Windows\System\asxAguP.exe
  C:\Windows\System\asxAguP.exe
  2⤵
  PID:7192
- C:\Windows\System\dpQCpeM.exe
  C:\Windows\System\dpQCpeM.exe
  2⤵
  PID:7212
- C:\Windows\System\wQTxtFs.exe
  C:\Windows\System\wQTxtFs.exe
  2⤵
  PID:7228
- C:\Windows\System\imrLlYw.exe
  C:\Windows\System\imrLlYw.exe
  2⤵
  PID:7244
- C:\Windows\System\bHZVUSZ.exe
  C:\Windows\System\bHZVUSZ.exe
  2⤵
  PID:7260
- C:\Windows\System\fTjDPGE.exe
  C:\Windows\System\fTjDPGE.exe
  2⤵
  PID:7276
- C:\Windows\System\oMFgvxZ.exe
  C:\Windows\System\oMFgvxZ.exe
  2⤵
  PID:7292
- C:\Windows\System\kzvDomf.exe
  C:\Windows\System\kzvDomf.exe
  2⤵
  PID:7308
- C:\Windows\System\vjTGujN.exe
  C:\Windows\System\vjTGujN.exe
  2⤵
  PID:7324
- C:\Windows\System\kRxLibl.exe
  C:\Windows\System\kRxLibl.exe
  2⤵
  PID:7340
- C:\Windows\System\FyUgZiW.exe
  C:\Windows\System\FyUgZiW.exe
  2⤵
  PID:7356
- C:\Windows\System\SEdfpcZ.exe
  C:\Windows\System\SEdfpcZ.exe
  2⤵
  PID:7372
- C:\Windows\System\ZiOmiqa.exe
  C:\Windows\System\ZiOmiqa.exe
  2⤵
  PID:7388
- C:\Windows\System\AhiKErA.exe
  C:\Windows\System\AhiKErA.exe
  2⤵
  PID:7404
- C:\Windows\System\juNbBQs.exe
  C:\Windows\System\juNbBQs.exe
  2⤵
  PID:7420
- C:\Windows\System\isfwPza.exe
  C:\Windows\System\isfwPza.exe
  2⤵
  PID:7436
- C:\Windows\System\OXbaFUH.exe
  C:\Windows\System\OXbaFUH.exe
  2⤵
  PID:7452
- C:\Windows\System\BPZcmAm.exe
  C:\Windows\System\BPZcmAm.exe
  2⤵
  PID:7468
- C:\Windows\System\USIoJUt.exe
  C:\Windows\System\USIoJUt.exe
  2⤵
  PID:7484
- C:\Windows\System\ZlfOoxo.exe
  C:\Windows\System\ZlfOoxo.exe
  2⤵
  PID:7500
- C:\Windows\System\jdhUyAr.exe
  C:\Windows\System\jdhUyAr.exe
  2⤵
  PID:7516
- C:\Windows\System\rLUPqcL.exe
  C:\Windows\System\rLUPqcL.exe
  2⤵
  PID:7532
- C:\Windows\System\KHIzTJQ.exe
  C:\Windows\System\KHIzTJQ.exe
  2⤵
  PID:7548
- C:\Windows\System\tjvQxBG.exe
  C:\Windows\System\tjvQxBG.exe
  2⤵
  PID:7564
- C:\Windows\System\NgKGLMc.exe
  C:\Windows\System\NgKGLMc.exe
  2⤵
  PID:7580
- C:\Windows\System\awPeVyp.exe
  C:\Windows\System\awPeVyp.exe
  2⤵
  PID:7596
- C:\Windows\System\GPbEQbM.exe
  C:\Windows\System\GPbEQbM.exe
  2⤵
  PID:7612
- C:\Windows\System\kJGIbOE.exe
  C:\Windows\System\kJGIbOE.exe
  2⤵
  PID:7628
- C:\Windows\System\OTFXwgp.exe
  C:\Windows\System\OTFXwgp.exe
  2⤵
  PID:7648
- C:\Windows\System\MTseofT.exe
  C:\Windows\System\MTseofT.exe
  2⤵
  PID:7664
- C:\Windows\System\OnjPodZ.exe
  C:\Windows\System\OnjPodZ.exe
  2⤵
  PID:7680
- C:\Windows\System\XrLJcUQ.exe
  C:\Windows\System\XrLJcUQ.exe
  2⤵
  PID:7696
- C:\Windows\System\ZaQGRpA.exe
  C:\Windows\System\ZaQGRpA.exe
  2⤵
  PID:7712
- C:\Windows\System\UmhbIlf.exe
  C:\Windows\System\UmhbIlf.exe
  2⤵
  PID:7728
- C:\Windows\System\GhatJwc.exe
  C:\Windows\System\GhatJwc.exe
  2⤵
  PID:7744
- C:\Windows\System\dvdzGPX.exe
  C:\Windows\System\dvdzGPX.exe
  2⤵
  PID:7760
- C:\Windows\System\NOZBZfo.exe
  C:\Windows\System\NOZBZfo.exe
  2⤵
  PID:7776
- C:\Windows\System\aTMlUEz.exe
  C:\Windows\System\aTMlUEz.exe
  2⤵
  PID:7792
- C:\Windows\System\RpqwJrm.exe
  C:\Windows\System\RpqwJrm.exe
  2⤵
  PID:7808
- C:\Windows\System\UZSBSmL.exe
  C:\Windows\System\UZSBSmL.exe
  2⤵
  PID:7824
- C:\Windows\System\IihOwUc.exe
  C:\Windows\System\IihOwUc.exe
  2⤵
  PID:7840
- C:\Windows\System\bwJypYk.exe
  C:\Windows\System\bwJypYk.exe
  2⤵
  PID:7856
- C:\Windows\System\uPcWmOe.exe
  C:\Windows\System\uPcWmOe.exe
  2⤵
  PID:7876
- C:\Windows\System\VrzAXLl.exe
  C:\Windows\System\VrzAXLl.exe
  2⤵
  PID:7892
- C:\Windows\System\aAaCmhp.exe
  C:\Windows\System\aAaCmhp.exe
  2⤵
  PID:7908
- C:\Windows\System\HWMWPYj.exe
  C:\Windows\System\HWMWPYj.exe
  2⤵
  PID:7924
- C:\Windows\System\MKekjyD.exe
  C:\Windows\System\MKekjyD.exe
  2⤵
  PID:7940
- C:\Windows\System\CrMzPOF.exe
  C:\Windows\System\CrMzPOF.exe
  2⤵
  PID:7956
- C:\Windows\System\engNMMp.exe
  C:\Windows\System\engNMMp.exe
  2⤵
  PID:7972
- C:\Windows\System\nEoXzLe.exe
  C:\Windows\System\nEoXzLe.exe
  2⤵
  PID:7988
- C:\Windows\System\XGRhSAG.exe
  C:\Windows\System\XGRhSAG.exe
  2⤵
  PID:8004
- C:\Windows\System\UzKUfEm.exe
  C:\Windows\System\UzKUfEm.exe
  2⤵
  PID:8020
- C:\Windows\System\wrzsakq.exe
  C:\Windows\System\wrzsakq.exe
  2⤵
  PID:8036
- C:\Windows\System\ljONShl.exe
  C:\Windows\System\ljONShl.exe
  2⤵
  PID:8052
- C:\Windows\System\QWFjWpr.exe
  C:\Windows\System\QWFjWpr.exe
  2⤵
  PID:8068
- C:\Windows\System\TYuFCQE.exe
  C:\Windows\System\TYuFCQE.exe
  2⤵
  PID:8084
- C:\Windows\System\ZUkafmw.exe
  C:\Windows\System\ZUkafmw.exe
  2⤵
  PID:8100
- C:\Windows\System\dzWzIue.exe
  C:\Windows\System\dzWzIue.exe
  2⤵
  PID:8116
- C:\Windows\System\YViuTWp.exe
  C:\Windows\System\YViuTWp.exe
  2⤵
  PID:8132
- C:\Windows\System\JDiuDVr.exe
  C:\Windows\System\JDiuDVr.exe
  2⤵
  PID:8148
- C:\Windows\System\mJLNeDJ.exe
  C:\Windows\System\mJLNeDJ.exe
  2⤵
  PID:8164
- C:\Windows\System\eRaimRf.exe
  C:\Windows\System\eRaimRf.exe
  2⤵
  PID:8180
- C:\Windows\System\ePrIhpZ.exe
  C:\Windows\System\ePrIhpZ.exe
  2⤵
  PID:6408
- C:\Windows\System\HrKQdLd.exe
  C:\Windows\System\HrKQdLd.exe
  2⤵
  PID:6520
- C:\Windows\System\cPbJjRR.exe
  C:\Windows\System\cPbJjRR.exe
  2⤵
  PID:6636
- C:\Windows\System\AnabTvb.exe
  C:\Windows\System\AnabTvb.exe
  2⤵
  PID:6744
- C:\Windows\System\DbbYlVT.exe
  C:\Windows\System\DbbYlVT.exe
  2⤵
  PID:6904
- C:\Windows\System\WsCZTLs.exe
  C:\Windows\System\WsCZTLs.exe
  2⤵
  PID:7036
- C:\Windows\System\NztYTIO.exe
  C:\Windows\System\NztYTIO.exe
  2⤵
  PID:7268
- C:\Windows\System\lORgBAy.exe
  C:\Windows\System\lORgBAy.exe
  2⤵
  PID:7300
- C:\Windows\System\QsgEemI.exe
  C:\Windows\System\QsgEemI.exe
  2⤵
  PID:7336
- C:\Windows\System\zrzSnBI.exe
  C:\Windows\System\zrzSnBI.exe
  2⤵
  PID:7368
- C:\Windows\System\tyxpyWh.exe
  C:\Windows\System\tyxpyWh.exe
  2⤵
  PID:7400
- C:\Windows\System\dijyCaK.exe
  C:\Windows\System\dijyCaK.exe
  2⤵
  PID:2660
- C:\Windows\System\byzpAKd.exe
  C:\Windows\System\byzpAKd.exe
  2⤵
  PID:7460
- C:\Windows\System\hiZDdWd.exe
  C:\Windows\System\hiZDdWd.exe
  2⤵
  PID:7496
- C:\Windows\System\QOxUWno.exe
  C:\Windows\System\QOxUWno.exe
  2⤵
  PID:2372
- C:\Windows\System\CkESjlY.exe
  C:\Windows\System\CkESjlY.exe
  2⤵
  PID:7556
- C:\Windows\System\YqmShpV.exe
  C:\Windows\System\YqmShpV.exe
  2⤵
  PID:7588
- C:\Windows\System\tRnmWio.exe
  C:\Windows\System\tRnmWio.exe
  2⤵
  PID:7620
- C:\Windows\System\gTQHpzp.exe
  C:\Windows\System\gTQHpzp.exe
  2⤵
  PID:7656
- C:\Windows\System\zYVSnqo.exe
  C:\Windows\System\zYVSnqo.exe
  2⤵
  PID:7688
- C:\Windows\System\nMnbREb.exe
  C:\Windows\System\nMnbREb.exe
  2⤵
  PID:7720
- C:\Windows\System\lfFqSjB.exe
  C:\Windows\System\lfFqSjB.exe
  2⤵
  PID:7752
- C:\Windows\System\IQQZdBr.exe
  C:\Windows\System\IQQZdBr.exe
  2⤵
  PID:7784
- C:\Windows\System\MbpRsFo.exe
  C:\Windows\System\MbpRsFo.exe
  2⤵
  PID:7816
- C:\Windows\System\xuJtJou.exe
  C:\Windows\System\xuJtJou.exe
  2⤵
  PID:7848
- C:\Windows\System\XUdbcAv.exe
  C:\Windows\System\XUdbcAv.exe
  2⤵
  PID:7884
- C:\Windows\System\VsSkVpO.exe
  C:\Windows\System\VsSkVpO.exe
  2⤵
  PID:7916
- C:\Windows\System\VHqWYSA.exe
  C:\Windows\System\VHqWYSA.exe
  2⤵
  PID:7936
- C:\Windows\System\kypfLQY.exe
  C:\Windows\System\kypfLQY.exe
  2⤵
  PID:7968
- C:\Windows\System\gMKghAQ.exe
  C:\Windows\System\gMKghAQ.exe
  2⤵
  PID:8000
- C:\Windows\System\YdWnXLO.exe
  C:\Windows\System\YdWnXLO.exe
  2⤵
  PID:8064
- C:\Windows\System\hbkUaIx.exe
  C:\Windows\System\hbkUaIx.exe
  2⤵
  PID:8096
- C:\Windows\System\DfwxwAG.exe
  C:\Windows\System\DfwxwAG.exe
  2⤵
  PID:8160
- C:\Windows\System\ljqlHZP.exe
  C:\Windows\System\ljqlHZP.exe
  2⤵
  PID:6824
- C:\Windows\System\EmOZqCb.exe
  C:\Windows\System\EmOZqCb.exe
  2⤵
  PID:8016
- C:\Windows\System\LxOqbnG.exe
  C:\Windows\System\LxOqbnG.exe
  2⤵
  PID:8076
- C:\Windows\System\aaCCbmI.exe
  C:\Windows\System\aaCCbmI.exe
  2⤵
  PID:8140
- C:\Windows\System\LENgTaF.exe
  C:\Windows\System\LENgTaF.exe
  2⤵
  PID:6456
- C:\Windows\System\VMOvSpO.exe
  C:\Windows\System\VMOvSpO.exe
  2⤵
  PID:6988
- C:\Windows\System\EXGRIok.exe
  C:\Windows\System\EXGRIok.exe
  2⤵
  PID:2800
- C:\Windows\System\VmHtRGh.exe
  C:\Windows\System\VmHtRGh.exe
  2⤵
  PID:7252
- C:\Windows\System\UJJfHDI.exe
  C:\Windows\System\UJJfHDI.exe
  2⤵
  PID:2828
- C:\Windows\System\ZcIYLvG.exe
  C:\Windows\System\ZcIYLvG.exe
  2⤵
  PID:7316
- C:\Windows\System\BMfkEem.exe
  C:\Windows\System\BMfkEem.exe
  2⤵
  PID:7352
- C:\Windows\System\HvckRCL.exe
  C:\Windows\System\HvckRCL.exe
  2⤵
  PID:2732
- C:\Windows\System\kWNlAXw.exe
  C:\Windows\System\kWNlAXw.exe
  2⤵
  PID:7448
- C:\Windows\System\RIIhCgz.exe
  C:\Windows\System\RIIhCgz.exe
  2⤵
  PID:7512
- C:\Windows\System\lZIRyWx.exe
  C:\Windows\System\lZIRyWx.exe
  2⤵
  PID:2956
- C:\Windows\System\ExcGqal.exe
  C:\Windows\System\ExcGqal.exe
  2⤵
  PID:7544
- C:\Windows\System\vYMyNSK.exe
  C:\Windows\System\vYMyNSK.exe
  2⤵
  PID:7636
- C:\Windows\System\cJRMhhX.exe
  C:\Windows\System\cJRMhhX.exe
  2⤵
  PID:7608
- C:\Windows\System\FfbrCrX.exe
  C:\Windows\System\FfbrCrX.exe
  2⤵
  PID:7676
- C:\Windows\System\mUUaoeg.exe
  C:\Windows\System\mUUaoeg.exe
  2⤵
  PID:7740
- C:\Windows\System\mEZbbZo.exe
  C:\Windows\System\mEZbbZo.exe
  2⤵
  PID:2716
- C:\Windows\System\wRIIbQn.exe
  C:\Windows\System\wRIIbQn.exe
  2⤵
  PID:7836
- C:\Windows\System\KhmMhxl.exe
  C:\Windows\System\KhmMhxl.exe
  2⤵
  PID:7900
- C:\Windows\System\bSkiBVt.exe
  C:\Windows\System\bSkiBVt.exe
  2⤵
  PID:1948
- C:\Windows\System\aWAnPdF.exe
  C:\Windows\System\aWAnPdF.exe
  2⤵
  PID:2348
- C:\Windows\System\IcFzZYV.exe
  C:\Windows\System\IcFzZYV.exe
  2⤵
  PID:2344
- C:\Windows\System\SVNRFFG.exe
  C:\Windows\System\SVNRFFG.exe
  2⤵
  PID:1956
- C:\Windows\System\tPNlGkz.exe
  C:\Windows\System\tPNlGkz.exe
  2⤵
  PID:6584
- C:\Windows\System\ljwXlAS.exe
  C:\Windows\System\ljwXlAS.exe
  2⤵
  PID:2000
- C:\Windows\System\YorWSIh.exe
  C:\Windows\System\YorWSIh.exe
  2⤵
  PID:2016
- C:\Windows\System\GlMkUGP.exe
  C:\Windows\System\GlMkUGP.exe
  2⤵
  PID:2752
- C:\Windows\System\dqIlocD.exe
  C:\Windows\System\dqIlocD.exe
  2⤵
  PID:2420
- C:\Windows\System\leOfAte.exe
  C:\Windows\System\leOfAte.exe
  2⤵
  PID:8176
- C:\Windows\System\IUMuCZp.exe
  C:\Windows\System\IUMuCZp.exe
  2⤵
  PID:3068
- C:\Windows\System\SDhPLLo.exe
  C:\Windows\System\SDhPLLo.exe
  2⤵
  PID:2020
- C:\Windows\System\DeqcZCC.exe
  C:\Windows\System\DeqcZCC.exe
  2⤵
  PID:5704
- C:\Windows\System\SvCQCSs.exe
  C:\Windows\System\SvCQCSs.exe
  2⤵
  PID:2992
- C:\Windows\System\CbrhSBu.exe
  C:\Windows\System\CbrhSBu.exe
  2⤵
  PID:7528
- C:\Windows\System\gzKOPev.exe
  C:\Windows\System\gzKOPev.exe
  2⤵
  PID:1484
- C:\Windows\System\QFYqyOa.exe
  C:\Windows\System\QFYqyOa.exe
  2⤵
  PID:2904
- C:\Windows\System\LhemuNK.exe
  C:\Windows\System\LhemuNK.exe
  2⤵
  PID:7384
- C:\Windows\System\hceHpVj.exe
  C:\Windows\System\hceHpVj.exe
  2⤵
  PID:2232
- C:\Windows\System\JVhfwQJ.exe
  C:\Windows\System\JVhfwQJ.exe
  2⤵
  PID:2952
- C:\Windows\System\uxgaWPZ.exe
  C:\Windows\System\uxgaWPZ.exe
  2⤵
  PID:1232
- C:\Windows\System\sRVCzXS.exe
  C:\Windows\System\sRVCzXS.exe
  2⤵
  PID:2092
- C:\Windows\System\iOBJXIN.exe
  C:\Windows\System\iOBJXIN.exe
  2⤵
  PID:7788
- C:\Windows\System\jrmpWgZ.exe
  C:\Windows\System\jrmpWgZ.exe
  2⤵
  PID:7996
- C:\Windows\System\BkVMPpw.exe
  C:\Windows\System\BkVMPpw.exe
  2⤵
  PID:3016
- C:\Windows\System\AhoJkzU.exe
  C:\Windows\System\AhoJkzU.exe
  2⤵
  PID:7952
- C:\Windows\System\uXQwbzD.exe
  C:\Windows\System\uXQwbzD.exe
  2⤵
  PID:2932
- C:\Windows\System\QbWPiws.exe
  C:\Windows\System\QbWPiws.exe
  2⤵
  PID:8112
- C:\Windows\System\vEsvkCN.exe
  C:\Windows\System\vEsvkCN.exe
  2⤵
  PID:7272
- C:\Windows\System\ZOMkmbD.exe
  C:\Windows\System\ZOMkmbD.exe
  2⤵
  PID:7640
- C:\Windows\System\qlphhBm.exe
  C:\Windows\System\qlphhBm.exe
  2⤵
  PID:7708
- C:\Windows\System\bbgySkl.exe
  C:\Windows\System\bbgySkl.exe
  2⤵
  PID:7904
- C:\Windows\System\ASPxZKL.exe
  C:\Windows\System\ASPxZKL.exe
  2⤵
  PID:1180
- C:\Windows\System\XErXzoA.exe
  C:\Windows\System\XErXzoA.exe
  2⤵
  PID:8200
- C:\Windows\System\rPUhTAK.exe
  C:\Windows\System\rPUhTAK.exe
  2⤵
  PID:8216
- C:\Windows\System\zIVAAoZ.exe
  C:\Windows\System\zIVAAoZ.exe
  2⤵
  PID:8232
- C:\Windows\System\gEGZDub.exe
  C:\Windows\System\gEGZDub.exe
  2⤵
  PID:8248
- C:\Windows\System\kgjOEJC.exe
  C:\Windows\System\kgjOEJC.exe
  2⤵
  PID:8264
- C:\Windows\System\xStpval.exe
  C:\Windows\System\xStpval.exe
  2⤵
  PID:8280
- C:\Windows\System\IzrvAvz.exe
  C:\Windows\System\IzrvAvz.exe
  2⤵
  PID:8296
- C:\Windows\System\MptpuDY.exe
  C:\Windows\System\MptpuDY.exe
  2⤵
  PID:8312
- C:\Windows\System\CJjMebT.exe
  C:\Windows\System\CJjMebT.exe
  2⤵
  PID:8328
- C:\Windows\System\kKacjBS.exe
  C:\Windows\System\kKacjBS.exe
  2⤵
  PID:8344
- C:\Windows\System\uhfycNP.exe
  C:\Windows\System\uhfycNP.exe
  2⤵
  PID:8364
- C:\Windows\System\XewAlCT.exe
  C:\Windows\System\XewAlCT.exe
  2⤵
  PID:8380
- C:\Windows\System\RKRKxzd.exe
  C:\Windows\System\RKRKxzd.exe
  2⤵
  PID:8396
- C:\Windows\System\YzPLIBu.exe
  C:\Windows\System\YzPLIBu.exe
  2⤵
  PID:8412
- C:\Windows\System\AaGwnSf.exe
  C:\Windows\System\AaGwnSf.exe
  2⤵
  PID:8428
- C:\Windows\System\UHhQlPO.exe
  C:\Windows\System\UHhQlPO.exe
  2⤵
  PID:8444
- C:\Windows\System\VJTgPBW.exe
  C:\Windows\System\VJTgPBW.exe
  2⤵
  PID:8460
- C:\Windows\System\HmyaeDG.exe
  C:\Windows\System\HmyaeDG.exe
  2⤵
  PID:8476
- C:\Windows\System\QxJosMr.exe
  C:\Windows\System\QxJosMr.exe
  2⤵
  PID:8492
- C:\Windows\System\BVSZHMB.exe
  C:\Windows\System\BVSZHMB.exe
  2⤵
  PID:8508
- C:\Windows\System\vpUJPqJ.exe
  C:\Windows\System\vpUJPqJ.exe
  2⤵
  PID:8524
- C:\Windows\System\jRyzwmD.exe
  C:\Windows\System\jRyzwmD.exe
  2⤵
  PID:8540
- C:\Windows\System\ELGNhus.exe
  C:\Windows\System\ELGNhus.exe
  2⤵
  PID:8556
- C:\Windows\System\udHzTBB.exe
  C:\Windows\System\udHzTBB.exe
  2⤵
  PID:8572
- C:\Windows\System\NbvALAo.exe
  C:\Windows\System\NbvALAo.exe
  2⤵
  PID:8588
- C:\Windows\System\QWorJoi.exe
  C:\Windows\System\QWorJoi.exe
  2⤵
  PID:8604
- C:\Windows\System\aaSkyqj.exe
  C:\Windows\System\aaSkyqj.exe
  2⤵
  PID:8620
- C:\Windows\System\fqZgGWz.exe
  C:\Windows\System\fqZgGWz.exe
  2⤵
  PID:8636
- C:\Windows\System\wqgoaRM.exe
  C:\Windows\System\wqgoaRM.exe
  2⤵
  PID:8652
- C:\Windows\System\HYgbqjc.exe
  C:\Windows\System\HYgbqjc.exe
  2⤵
  PID:8668
- C:\Windows\System\GWgfNSG.exe
  C:\Windows\System\GWgfNSG.exe
  2⤵
  PID:8684
- C:\Windows\System\ZzcORFl.exe
  C:\Windows\System\ZzcORFl.exe
  2⤵
  PID:8700
- C:\Windows\System\HMdsjUL.exe
  C:\Windows\System\HMdsjUL.exe
  2⤵
  PID:8716
- C:\Windows\System\AqENXOj.exe
  C:\Windows\System\AqENXOj.exe
  2⤵
  PID:8732
- C:\Windows\System\ClZWsEU.exe
  C:\Windows\System\ClZWsEU.exe
  2⤵
  PID:8748
- C:\Windows\System\fVjnVbN.exe
  C:\Windows\System\fVjnVbN.exe
  2⤵
  PID:8764
- C:\Windows\System\sMrCCzk.exe
  C:\Windows\System\sMrCCzk.exe
  2⤵
  PID:8780
- C:\Windows\System\dxIJDIL.exe
  C:\Windows\System\dxIJDIL.exe
  2⤵
  PID:8796
- C:\Windows\System\ncgbiJg.exe
  C:\Windows\System\ncgbiJg.exe
  2⤵
  PID:8812
- C:\Windows\System\AqyIZan.exe
  C:\Windows\System\AqyIZan.exe
  2⤵
  PID:8828
- C:\Windows\System\IUtzrbM.exe
  C:\Windows\System\IUtzrbM.exe
  2⤵
  PID:8844
- C:\Windows\System\NNEDFSc.exe
  C:\Windows\System\NNEDFSc.exe
  2⤵
  PID:8860
- C:\Windows\System\ZkAwgqV.exe
  C:\Windows\System\ZkAwgqV.exe
  2⤵
  PID:8876
- C:\Windows\System\mwknwsi.exe
  C:\Windows\System\mwknwsi.exe
  2⤵
  PID:8892
- C:\Windows\System\iwbWTnO.exe
  C:\Windows\System\iwbWTnO.exe
  2⤵
  PID:8908
- C:\Windows\System\XtwwYVI.exe
  C:\Windows\System\XtwwYVI.exe
  2⤵
  PID:8924
- C:\Windows\System\BoBfciW.exe
  C:\Windows\System\BoBfciW.exe
  2⤵
  PID:8940
- C:\Windows\System\XHYWwBL.exe
  C:\Windows\System\XHYWwBL.exe
  2⤵
  PID:8956
- C:\Windows\System\JGPigVl.exe
  C:\Windows\System\JGPigVl.exe
  2⤵
  PID:8972
- C:\Windows\System\yxhGERw.exe
  C:\Windows\System\yxhGERw.exe
  2⤵
  PID:8988
- C:\Windows\System\hcDDAZT.exe
  C:\Windows\System\hcDDAZT.exe
  2⤵
  PID:9004
- C:\Windows\System\TzkQsVt.exe
  C:\Windows\System\TzkQsVt.exe
  2⤵
  PID:9020
- C:\Windows\System\uhOSrgz.exe
  C:\Windows\System\uhOSrgz.exe
  2⤵
  PID:9036
- C:\Windows\System\wMirOjw.exe
  C:\Windows\System\wMirOjw.exe
  2⤵
  PID:9052
- C:\Windows\System\khyJgcO.exe
  C:\Windows\System\khyJgcO.exe
  2⤵
  PID:9068
- C:\Windows\System\mScguMe.exe
  C:\Windows\System\mScguMe.exe
  2⤵
  PID:9084
- C:\Windows\System\WkpXKtU.exe
  C:\Windows\System\WkpXKtU.exe
  2⤵
  PID:9100
- C:\Windows\System\XWKFGQy.exe
  C:\Windows\System\XWKFGQy.exe
  2⤵
  PID:9116
- C:\Windows\System\RXMyvhP.exe
  C:\Windows\System\RXMyvhP.exe
  2⤵
  PID:9132
- C:\Windows\System\AXpeUsV.exe
  C:\Windows\System\AXpeUsV.exe
  2⤵
  PID:9148
- C:\Windows\System\xLAAPXF.exe
  C:\Windows\System\xLAAPXF.exe
  2⤵
  PID:9164
- C:\Windows\System\TfmWDoc.exe
  C:\Windows\System\TfmWDoc.exe
  2⤵
  PID:9180
- C:\Windows\System\zpufDce.exe
  C:\Windows\System\zpufDce.exe
  2⤵
  PID:9196
- C:\Windows\System\OctqWHW.exe
  C:\Windows\System\OctqWHW.exe
  2⤵
  PID:9212
- C:\Windows\System\IXSzFVC.exe
  C:\Windows\System\IXSzFVC.exe
  2⤵
  PID:6280
- C:\Windows\System\LlJXtfB.exe
  C:\Windows\System\LlJXtfB.exe
  2⤵
  PID:8260
- C:\Windows\System\VKtUuGs.exe
  C:\Windows\System\VKtUuGs.exe
  2⤵
  PID:8324
- C:\Windows\System\thpveio.exe
  C:\Windows\System\thpveio.exe
  2⤵
  PID:620
- C:\Windows\System\rykqBFX.exe
  C:\Windows\System\rykqBFX.exe
  2⤵
  PID:8356
- C:\Windows\System\nLXVCbr.exe
  C:\Windows\System\nLXVCbr.exe
  2⤵
  PID:8208
- C:\Windows\System\IBpNZyH.exe
  C:\Windows\System\IBpNZyH.exe
  2⤵
  PID:2984
- C:\Windows\System\RsDrWVK.exe
  C:\Windows\System\RsDrWVK.exe
  2⤵
  PID:7576
- C:\Windows\System\sffYRiP.exe
  C:\Windows\System\sffYRiP.exe
  2⤵
  PID:2532
- C:\Windows\System\OMlfMgv.exe
  C:\Windows\System\OMlfMgv.exe
  2⤵
  PID:8128
- C:\Windows\System\cCwUupq.exe
  C:\Windows\System\cCwUupq.exe
  2⤵
  PID:7604
- C:\Windows\System\yCpuKeM.exe
  C:\Windows\System\yCpuKeM.exe
  2⤵
  PID:8308
- C:\Windows\System\aNGHQIw.exe
  C:\Windows\System\aNGHQIw.exe
  2⤵
  PID:8392
- C:\Windows\System\bPylRBK.exe
  C:\Windows\System\bPylRBK.exe
  2⤵
  PID:8456
- C:\Windows\System\mZlbaQR.exe
  C:\Windows\System\mZlbaQR.exe
  2⤵
  PID:8520
- C:\Windows\System\IWIpgAq.exe
  C:\Windows\System\IWIpgAq.exe
  2⤵
  PID:8584
- C:\Windows\System\ogEOLdp.exe
  C:\Windows\System\ogEOLdp.exe
  2⤵
  PID:8500
- C:\Windows\System\zGXFJbi.exe
  C:\Windows\System\zGXFJbi.exe
  2⤵
  PID:8564
- C:\Windows\System\FjwzahK.exe
  C:\Windows\System\FjwzahK.exe
  2⤵
  PID:8404
- C:\Windows\System\wLvGBWc.exe
  C:\Windows\System\wLvGBWc.exe
  2⤵
  PID:8680
- C:\Windows\System\xGPaQYo.exe
  C:\Windows\System\xGPaQYo.exe
  2⤵
  PID:8772
- C:\Windows\System\dIxOYTp.exe
  C:\Windows\System\dIxOYTp.exe
  2⤵
  PID:8472
- C:\Windows\System\MtoNrHg.exe
  C:\Windows\System\MtoNrHg.exe
  2⤵
  PID:8628
- C:\Windows\System\hamOtsk.exe
  C:\Windows\System\hamOtsk.exe
  2⤵
  PID:8788
- C:\Windows\System\KKxjdGm.exe
  C:\Windows\System\KKxjdGm.exe
  2⤵
  PID:8836
- C:\Windows\System\BeuPVPl.exe
  C:\Windows\System\BeuPVPl.exe
  2⤵
  PID:8900
- C:\Windows\System\nbqIfZJ.exe
  C:\Windows\System\nbqIfZJ.exe
  2⤵
  PID:8728
- C:\Windows\System\ybwmzDe.exe
  C:\Windows\System\ybwmzDe.exe
  2⤵
  PID:8936
- C:\Windows\System\qRszmBr.exe
  C:\Windows\System\qRszmBr.exe
  2⤵
  PID:9000
- C:\Windows\System\lZKvjKz.exe
  C:\Windows\System\lZKvjKz.exe
  2⤵
  PID:9060
- C:\Windows\System\TyOXwts.exe
  C:\Windows\System\TyOXwts.exe
  2⤵
  PID:8856
- C:\Windows\System\zRdVnQH.exe
  C:\Windows\System\zRdVnQH.exe
  2⤵
  PID:8888
- C:\Windows\System\dNwSjEh.exe
  C:\Windows\System\dNwSjEh.exe
  2⤵
  PID:8980
- C:\Windows\System\TLHjMbt.exe
  C:\Windows\System\TLHjMbt.exe
  2⤵
  PID:9048
- C:\Windows\System\JNhhlll.exe
  C:\Windows\System\JNhhlll.exe
  2⤵
  PID:9124
- C:\Windows\System\ThgOEHo.exe
  C:\Windows\System\ThgOEHo.exe
  2⤵
  PID:9080
- C:\Windows\System\UOKLEIw.exe
  C:\Windows\System\UOKLEIw.exe
  2⤵
  PID:7396
- C:\Windows\System\SzxCHTc.exe
  C:\Windows\System\SzxCHTc.exe
  2⤵
  PID:9112
- C:\Windows\System\HmPerRa.exe
  C:\Windows\System\HmPerRa.exe
  2⤵
  PID:9176
- C:\Windows\System\jHFCrDm.exe
  C:\Windows\System\jHFCrDm.exe
  2⤵
  PID:8292
- C:\Windows\System\BeSLKja.exe
  C:\Windows\System\BeSLKja.exe
  2⤵
  PID:8304
- C:\Windows\System\gleBLYx.exe
  C:\Windows\System\gleBLYx.exe
  2⤵
  PID:7428
- C:\Windows\System\HFonkgz.exe
  C:\Windows\System\HFonkgz.exe
  2⤵
  PID:1228
- C:\Windows\System\xkEDLUP.exe
  C:\Windows\System\xkEDLUP.exe
  2⤵
  PID:8516
- C:\Windows\System\ZVUFNfC.exe
  C:\Windows\System\ZVUFNfC.exe
  2⤵
  PID:7332
- C:\Windows\System\wfzJjxJ.exe
  C:\Windows\System\wfzJjxJ.exe
  2⤵
  PID:8600
- C:\Windows\System\scnBxbl.exe
  C:\Windows\System\scnBxbl.exe
  2⤵
  PID:8436
- C:\Windows\System\KDktnou.exe
  C:\Windows\System\KDktnou.exe
  2⤵
  PID:8692
- C:\Windows\System\ZfTGukw.exe
  C:\Windows\System\ZfTGukw.exe
  2⤵
  PID:2028
- C:\Windows\System\ZRzcGKz.exe
  C:\Windows\System\ZRzcGKz.exe
  2⤵
  PID:8424
- C:\Windows\System\hhfEFSs.exe
  C:\Windows\System\hhfEFSs.exe
  2⤵
  PID:8948
- C:\Windows\System\ldCpegW.exe
  C:\Windows\System\ldCpegW.exe
  2⤵
  PID:8580
- C:\Windows\System\QrcBYnq.exe
  C:\Windows\System\QrcBYnq.exe
  2⤵
  PID:8724
- C:\Windows\System\WbXQLqK.exe
  C:\Windows\System\WbXQLqK.exe
  2⤵
  PID:8904
- C:\Windows\System\MGQtepE.exe
  C:\Windows\System\MGQtepE.exe
  2⤵
  PID:8824
- C:\Windows\System\OmPiHau.exe
  C:\Windows\System\OmPiHau.exe
  2⤵
  PID:9096
- C:\Windows\System\VugekUc.exe
  C:\Windows\System\VugekUc.exe
  2⤵
  PID:8320
- C:\Windows\System\lTPzcuO.exe
  C:\Windows\System\lTPzcuO.exe
  2⤵
  PID:9016
- C:\Windows\System\OQKjmVR.exe
  C:\Windows\System\OQKjmVR.exe
  2⤵
  PID:2968
- C:\Windows\System\QakCrIw.exe
  C:\Windows\System\QakCrIw.exe
  2⤵
  PID:8740
- C:\Windows\System\YdtqmPZ.exe
  C:\Windows\System\YdtqmPZ.exe
  2⤵
  PID:8256
- C:\Windows\System\jWrGOWw.exe
  C:\Windows\System\jWrGOWw.exe
  2⤵
  PID:8744
- C:\Windows\System\RrTBQJk.exe
  C:\Windows\System\RrTBQJk.exe
  2⤵
  PID:9032
- C:\Windows\System\UqMORTc.exe
  C:\Windows\System\UqMORTc.exe
  2⤵
  PID:940
- C:\Windows\System\XJpzPXQ.exe
  C:\Windows\System\XJpzPXQ.exe
  2⤵
  PID:8388
- C:\Windows\System\UCZoKEi.exe
  C:\Windows\System\UCZoKEi.exe
  2⤵
  PID:8408
- C:\Windows\System\fFhilAe.exe
  C:\Windows\System\fFhilAe.exe
  2⤵
  PID:8244
- C:\Windows\System\bRvWNiZ.exe
  C:\Windows\System\bRvWNiZ.exe
  2⤵
  PID:7256
- C:\Windows\System\yUOFwwr.exe
  C:\Windows\System\yUOFwwr.exe
  2⤵
  PID:9172
- C:\Windows\System\DVjzeIP.exe
  C:\Windows\System\DVjzeIP.exe
  2⤵
  PID:9012
- C:\Windows\System\OrNkCmP.exe
  C:\Windows\System\OrNkCmP.exe
  2⤵
  PID:9144
- C:\Windows\System\REOofFy.exe
  C:\Windows\System\REOofFy.exe
  2⤵
  PID:8552
- C:\Windows\System\HQWnIyf.exe
  C:\Windows\System\HQWnIyf.exe
  2⤵
  PID:9076
- C:\Windows\System\WmjrgNw.exe
  C:\Windows\System\WmjrgNw.exe
  2⤵
  PID:9092
- C:\Windows\System\xJjZuFE.exe
  C:\Windows\System\xJjZuFE.exe
  2⤵
  PID:9224
- C:\Windows\System\zItzzkR.exe
  C:\Windows\System\zItzzkR.exe
  2⤵
  PID:9240
- C:\Windows\System\YRoaawO.exe
  C:\Windows\System\YRoaawO.exe
  2⤵
  PID:9256
- C:\Windows\System\dYMZXkU.exe
  C:\Windows\System\dYMZXkU.exe
  2⤵
  PID:9272
- C:\Windows\System\yWODFnN.exe
  C:\Windows\System\yWODFnN.exe
  2⤵
  PID:9288
- C:\Windows\System\PCHtUgx.exe
  C:\Windows\System\PCHtUgx.exe
  2⤵
  PID:9304
- C:\Windows\System\Mivwfap.exe
  C:\Windows\System\Mivwfap.exe
  2⤵
  PID:9320
- C:\Windows\System\dyKkzpy.exe
  C:\Windows\System\dyKkzpy.exe
  2⤵
  PID:9336
- C:\Windows\System\DOoDKYg.exe
  C:\Windows\System\DOoDKYg.exe
  2⤵
  PID:9352
- C:\Windows\System\hYzcvOE.exe
  C:\Windows\System\hYzcvOE.exe
  2⤵
  PID:9368
- C:\Windows\System\zUXCqhv.exe
  C:\Windows\System\zUXCqhv.exe
  2⤵
  PID:9384
- C:\Windows\System\nXdohsq.exe
  C:\Windows\System\nXdohsq.exe
  2⤵
  PID:9400
- C:\Windows\System\rZbsBIw.exe
  C:\Windows\System\rZbsBIw.exe
  2⤵
  PID:9420
- C:\Windows\System\vciPkBy.exe
  C:\Windows\System\vciPkBy.exe
  2⤵
  PID:9436
- C:\Windows\System\wEZJmGx.exe
  C:\Windows\System\wEZJmGx.exe
  2⤵
  PID:9456
- C:\Windows\System\AuiWVcl.exe
  C:\Windows\System\AuiWVcl.exe
  2⤵
  PID:9472
- C:\Windows\System\EorWPKO.exe
  C:\Windows\System\EorWPKO.exe
  2⤵
  PID:9488
- C:\Windows\System\qDaAkJj.exe
  C:\Windows\System\qDaAkJj.exe
  2⤵
  PID:9508
- C:\Windows\System\zRdErQw.exe
  C:\Windows\System\zRdErQw.exe
  2⤵
  PID:9528
- C:\Windows\System\EaPaBXx.exe
  C:\Windows\System\EaPaBXx.exe
  2⤵
  PID:9544
- C:\Windows\System\eVWuSFP.exe
  C:\Windows\System\eVWuSFP.exe
  2⤵
  PID:9560
- C:\Windows\System\xsCWjxp.exe
  C:\Windows\System\xsCWjxp.exe
  2⤵
  PID:9576
- C:\Windows\System\hpGonFz.exe
  C:\Windows\System\hpGonFz.exe
  2⤵
  PID:9592
- C:\Windows\System\zMQctMM.exe
  C:\Windows\System\zMQctMM.exe
  2⤵
  PID:9608
- C:\Windows\System\pTamXSc.exe
  C:\Windows\System\pTamXSc.exe
  2⤵
  PID:9624
- C:\Windows\System\FRTYvgQ.exe
  C:\Windows\System\FRTYvgQ.exe
  2⤵
  PID:9640
- C:\Windows\System\GNKHzdf.exe
  C:\Windows\System\GNKHzdf.exe
  2⤵
  PID:9656
- C:\Windows\System\SCiJTiM.exe
  C:\Windows\System\SCiJTiM.exe
  2⤵
  PID:9672
- C:\Windows\System\jUAdYyA.exe
  C:\Windows\System\jUAdYyA.exe
  2⤵
  PID:9692
- C:\Windows\System\RuEBvDL.exe
  C:\Windows\System\RuEBvDL.exe
  2⤵
  PID:9708
- C:\Windows\System\LeeyUcZ.exe
  C:\Windows\System\LeeyUcZ.exe
  2⤵
  PID:9724
- C:\Windows\System\AZnGpXe.exe
  C:\Windows\System\AZnGpXe.exe
  2⤵
  PID:9748
- C:\Windows\System\wIBxwhd.exe
  C:\Windows\System\wIBxwhd.exe
  2⤵
  PID:9788
- C:\Windows\System\XcTnCIh.exe
  C:\Windows\System\XcTnCIh.exe
  2⤵
  PID:9804
- C:\Windows\System\oguztnN.exe
  C:\Windows\System\oguztnN.exe
  2⤵
  PID:9820
- C:\Windows\System\AXWkorA.exe
  C:\Windows\System\AXWkorA.exe
  2⤵
  PID:9836
- C:\Windows\System\ULQidBA.exe
  C:\Windows\System\ULQidBA.exe
  2⤵
  PID:9852
- C:\Windows\System\JTqNMhs.exe
  C:\Windows\System\JTqNMhs.exe
  2⤵
  PID:9868
- C:\Windows\System\WjNCrrs.exe
  C:\Windows\System\WjNCrrs.exe
  2⤵
  PID:9884
- C:\Windows\System\pAcHgpG.exe
  C:\Windows\System\pAcHgpG.exe
  2⤵
  PID:9900
- C:\Windows\System\AbfITxv.exe
  C:\Windows\System\AbfITxv.exe
  2⤵
  PID:9916
- C:\Windows\System\dNzTXEg.exe
  C:\Windows\System\dNzTXEg.exe
  2⤵
  PID:9932
- C:\Windows\System\eRyqLqw.exe
  C:\Windows\System\eRyqLqw.exe
  2⤵
  PID:9948
- C:\Windows\System\MoNWpsu.exe
  C:\Windows\System\MoNWpsu.exe
  2⤵
  PID:9964
- C:\Windows\System\JOpAUMD.exe
  C:\Windows\System\JOpAUMD.exe
  2⤵
  PID:9984
- C:\Windows\System\qSnStDR.exe
  C:\Windows\System\qSnStDR.exe
  2⤵
  PID:10000
- C:\Windows\System\yvBlFEp.exe
  C:\Windows\System\yvBlFEp.exe
  2⤵
  PID:10016
- C:\Windows\System\lsHkOOa.exe
  C:\Windows\System\lsHkOOa.exe
  2⤵
  PID:10032
- C:\Windows\System\biwmaEB.exe
  C:\Windows\System\biwmaEB.exe
  2⤵
  PID:10048
- C:\Windows\System\lvpatEp.exe
  C:\Windows\System\lvpatEp.exe
  2⤵
  PID:10064
- C:\Windows\System\bTqyGtY.exe
  C:\Windows\System\bTqyGtY.exe
  2⤵
  PID:10080
- C:\Windows\System\TaaMzTf.exe
  C:\Windows\System\TaaMzTf.exe
  2⤵
  PID:10096
- C:\Windows\System\FEaXojb.exe
  C:\Windows\System\FEaXojb.exe
  2⤵
  PID:10112
- C:\Windows\System\uKTYFmZ.exe
  C:\Windows\System\uKTYFmZ.exe
  2⤵
  PID:10128
- C:\Windows\System\YPiPEPH.exe
  C:\Windows\System\YPiPEPH.exe
  2⤵
  PID:10144
- C:\Windows\System\nGrCbab.exe
  C:\Windows\System\nGrCbab.exe
  2⤵
  PID:10160
- C:\Windows\System\YhOCOgT.exe
  C:\Windows\System\YhOCOgT.exe
  2⤵
  PID:10176
- C:\Windows\System\slktfAv.exe
  C:\Windows\System\slktfAv.exe
  2⤵
  PID:10192
- C:\Windows\System\dIUxZnB.exe
  C:\Windows\System\dIUxZnB.exe
  2⤵
  PID:10208
- C:\Windows\System\oNXsDwa.exe
  C:\Windows\System\oNXsDwa.exe
  2⤵
  PID:10224
- C:\Windows\System\acwDbwz.exe
  C:\Windows\System\acwDbwz.exe
  2⤵
  PID:8596
- C:\Windows\System\VBhqylt.exe
  C:\Windows\System\VBhqylt.exe
  2⤵
  PID:8872
- C:\Windows\System\MIHfuch.exe
  C:\Windows\System\MIHfuch.exe
  2⤵
  PID:9160
- C:\Windows\System\vivOPyZ.exe
  C:\Windows\System\vivOPyZ.exe
  2⤵
  PID:9284
- C:\Windows\System\LUuIrYB.exe
  C:\Windows\System\LUuIrYB.exe
  2⤵
  PID:9348
- C:\Windows\System\VNTRIzW.exe
  C:\Windows\System\VNTRIzW.exe
  2⤵
  PID:9328
- C:\Windows\System\gKOWovT.exe
  C:\Windows\System\gKOWovT.exe
  2⤵
  PID:9376
- C:\Windows\System\bDULmCd.exe
  C:\Windows\System\bDULmCd.exe
  2⤵
  PID:9392
- C:\Windows\System\nWKvPoo.exe
  C:\Windows\System\nWKvPoo.exe
  2⤵
  PID:9416
- C:\Windows\System\lDCuCfW.exe
  C:\Windows\System\lDCuCfW.exe
  2⤵
  PID:9484
- C:\Windows\System\GMtiabl.exe
  C:\Windows\System\GMtiabl.exe
  2⤵
  PID:9520
- C:\Windows\System\UhQfVgg.exe
  C:\Windows\System\UhQfVgg.exe
  2⤵
  PID:9588
- C:\Windows\System\MvIacLw.exe
  C:\Windows\System\MvIacLw.exe
  2⤵
  PID:9468
- C:\Windows\System\YMFWUTE.exe
  C:\Windows\System\YMFWUTE.exe
  2⤵
  PID:9496
- C:\Windows\System\FrQcpxc.exe
  C:\Windows\System\FrQcpxc.exe
  2⤵
  PID:9648
- C:\Windows\System\gYxQwAm.exe
  C:\Windows\System\gYxQwAm.exe
  2⤵
  PID:9684
- C:\Windows\System\PtqALzo.exe
  C:\Windows\System\PtqALzo.exe
  2⤵
  PID:9600
- C:\Windows\System\FsDuBGy.exe
  C:\Windows\System\FsDuBGy.exe
  2⤵
  PID:9732
- C:\Windows\System\TwwsryB.exe
  C:\Windows\System\TwwsryB.exe
  2⤵
  PID:9744
- C:\Windows\System\NQtOVGG.exe
  C:\Windows\System\NQtOVGG.exe
  2⤵
  PID:9768
- C:\Windows\System\AbcvYzZ.exe
  C:\Windows\System\AbcvYzZ.exe
  2⤵
  PID:9780
- C:\Windows\System\cOHKoBT.exe
  C:\Windows\System\cOHKoBT.exe
  2⤵
  PID:9848
- C:\Windows\System\QvasCaE.exe
  C:\Windows\System\QvasCaE.exe
  2⤵
  PID:9912
- C:\Windows\System\KleLtwp.exe
  C:\Windows\System\KleLtwp.exe
  2⤵
  PID:9976
- C:\Windows\System\eLsmFty.exe
  C:\Windows\System\eLsmFty.exe
  2⤵
  PID:9960
- C:\Windows\System\DMUlMSQ.exe
  C:\Windows\System\DMUlMSQ.exe
  2⤵
  PID:9864
- C:\Windows\System\LAuSSLD.exe
  C:\Windows\System\LAuSSLD.exe
  2⤵
  PID:10008
- C:\Windows\System\IXnKqin.exe
  C:\Windows\System\IXnKqin.exe
  2⤵
  PID:10044
- C:\Windows\System\AVjxzWq.exe
  C:\Windows\System\AVjxzWq.exe
  2⤵
  PID:9996
- C:\Windows\System\kUVHRuE.exe
  C:\Windows\System\kUVHRuE.exe
  2⤵
  PID:10076
- C:\Windows\System\lJrosFR.exe
  C:\Windows\System\lJrosFR.exe
  2⤵
  PID:10088
- C:\Windows\System\vCFeuDm.exe
  C:\Windows\System\vCFeuDm.exe
  2⤵
  PID:10124
- C:\Windows\System\OkBoAoz.exe
  C:\Windows\System\OkBoAoz.exe
  2⤵
  PID:10172
- C:\Windows\System\iljTdvP.exe
  C:\Windows\System\iljTdvP.exe
  2⤵
  PID:10232
- C:\Windows\System\rigquSJ.exe
  C:\Windows\System\rigquSJ.exe
  2⤵
  PID:8964
- C:\Windows\System\CHbYmvY.exe
  C:\Windows\System\CHbYmvY.exe
  2⤵
  PID:9252
- C:\Windows\System\FIShnyZ.exe
  C:\Windows\System\FIShnyZ.exe
  2⤵
  PID:9264
- C:\Windows\System\ePxDsWq.exe
  C:\Windows\System\ePxDsWq.exe
  2⤵
  PID:8336
- C:\Windows\System\jbFHPNr.exe
  C:\Windows\System\jbFHPNr.exe
  2⤵
  PID:9432
- C:\Windows\System\AYuWWZC.exe
  C:\Windows\System\AYuWWZC.exe
  2⤵
  PID:9316
- C:\Windows\System\albgKgR.exe
  C:\Windows\System\albgKgR.exe
  2⤵
  PID:9632
- C:\Windows\System\fBgwXOp.exe
  C:\Windows\System\fBgwXOp.exe
  2⤵
  PID:9680
- C:\Windows\System\hNCKwvU.exe
  C:\Windows\System\hNCKwvU.exe
  2⤵
  PID:9568
- C:\Windows\System\TvzSOsl.exe
  C:\Windows\System\TvzSOsl.exe
  2⤵
  PID:9760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BPvluoa.exe

Filesize
6.0MB

MD5
819fe082410180ffd1a0cc4555e7b292

SHA1
196210479e4b8f69c6eb27666134e3705d3949d7

SHA256
08c0fa8cae903486fe19c452eca11c0775d0cad6cd0e8390cfcc906893ea8afb

SHA512
2ee78310f384e5ac20a170d60984a27a73de4a4bfd9987fcb93af3358fa5dfb817248e347797835e106fda99cff3137073f26561efd48a5618001b37534e8800

Download Submit
C:\Windows\system\DLqojSD.exe

Filesize
6.0MB

MD5
fa22326fb42757724f06e5ff21807d70

SHA1
aea63c266e608756fdbd6b3c7dbbb3d01a2b89e7

SHA256
2740037fcc93d72d91d173cf0a0892dd2c660a44747fc29e9870f593baed5a08

SHA512
ec3a9ceb870f526abb18c769d7d1256db13bff029c6707bb872d6e001948e4d778344c04296c1a0e376db549dfa959aeae9f4166c8a1e045a01a51376e2d7b2e

Download Submit
C:\Windows\system\IsJHqNA.exe

Filesize
6.0MB

MD5
a46f8e0a8e762d4bd20bc25ad6ac15e5

SHA1
fba47e418950ee033ba4d2d409102a241803b6ce

SHA256
2deb91b2c2afdf5e90afc3fcbed1c87a6664f1849242097ea7ddd15a49746ba0

SHA512
bff99285bb52c31116aa5fda1dd691507f2afffe081cbcc5566f6f7a85b3d322034e8dcb85bad1ab0d8d5f4dace18465b9d3a9e2567db9b34572035a4c301a2e

Download Submit
C:\Windows\system\IudSKdT.exe

Filesize
6.0MB

MD5
d84020cd4b266604d67eb0923573146e

SHA1
034570e465f076656e55eb79b800818486c14990

SHA256
414211f7364f71dba0c7a1cd90a59c22a76e944484e14fba1e61cc14927e232b

SHA512
c55742f07dd5745c10b2b6e175e9928b933770f711a5b3a344d253d29b22fe777890100bb74f367910656c4fcdeee4f57bd5bed9ec588b7078f9ce60e23190ae

Download Submit
C:\Windows\system\OuYqRZf.exe

Filesize
6.0MB

MD5
c7fd18a1da96e9ead58e0578bafb8079

SHA1
e2e5f729a3b5ad4380e27ab118695089f88dda27

SHA256
57da7872d9ed2fbf02e8e2e12915a70fd052818cabbd1f22c773d0ea62bb05a3

SHA512
a00ddd14d1865b46cff78343d82cbc3f6e2fadac9b2764aa129497b0be9120e984c7dd0edf75a811a275fec001fb6f1d0e1fa0a32f0b6086e76625fe48cbd2a5

Download Submit
C:\Windows\system\PvlkSGY.exe

Filesize
6.0MB

MD5
dbca23e6c48d744288160dbcb1d21556

SHA1
d88aaef6e7efb403c4a0f5a17424a9b1928b8d15

SHA256
c5fb234464ff7b898bf34383b94520ddc6f02faa8c569692ba3b6bd0cffffb2c

SHA512
768c6b20277e48c1b1e667d0fd9815feca79f28a2e293f27856b3f4f39a92854c2d7acb38baee09109aa3d58940b5dc066d69852c379cdb75096d25bf48bf13c

Download Submit
C:\Windows\system\SfWKeTa.exe

Filesize
6.0MB

MD5
d9090514faf005f1d60bbab57688a1e8

SHA1
a93e913b9baf95dbb0a322e0396298321ebb1170

SHA256
e6d6f22fd4d90a0ba03f85a3cd720ffbe1207c0bda6996560750be03dfdde88d

SHA512
6209c1b5bd611c6d7cbe27afa9edb775da098593909bb993f3ca86428a351bb51294226b0dfa43a5c8e6559dd2392151aef31a33e9ab1ee23bfc5a99d2ad1b7c

Download Submit
C:\Windows\system\WHcTIdj.exe

Filesize
6.0MB

MD5
91408cb7d32aa1e1e07239dfbe1850f3

SHA1
36f53a3a6fcf2a505aeaa375e3dfe9b3c622f7d0

SHA256
a200afbe2c7925557472de7817dd540aaf0db76d8c943eed54cdd4c04cc48d80

SHA512
158cab0f373b95a242d2d69284ec6871b45ddf88ff80e36b2e10fb62c7682028d2933b28b38dcba4d6bac62bec62892d15d8edc86b7f0e3230faf74dbe7f3847

Download Submit
C:\Windows\system\YRUfxwY.exe

Filesize
6.0MB

MD5
ef818f97e837a09e5f8b13984e51b404

SHA1
179562886ce22613e47bafb958b35c3bffee2ec0

SHA256
13748b131e3ca4c296946d5d5b52c93ce41430595ca293ab834305af85109a58

SHA512
df72b8c27c54ce45c39a56bcf568d49b24d13c52ca633d1c985be2e3f2e19395ee016720fc9f74ae908dbf25485a24531a8deb9a86013236bbaf98b0144cef71

Download Submit
C:\Windows\system\ZJvzAxa.exe

Filesize
6.0MB

MD5
6223e79179cdf738ea9c3b5281b74b80

SHA1
a3e2cb6993239887cd068892000cc2f0cf4f4e0a

SHA256
ce2c9cb12a8e03b71fb5361badece202595ff7e4c83855598b6b37e98d0f59e3

SHA512
98a1a340aaf9d6544e224cac729c4f0eb0ad4f158c7c386519ca09aafb0de0cf8a2b75f116eef8b6b04c3165dafa2fdcf23bf40f0355458a34a52b2e09b73468

Download Submit
C:\Windows\system\arucRFq.exe

Filesize
6.0MB

MD5
566a9452c9d8a821a0c73fa58517b9dc

SHA1
daf3e75100a8f2ccd2a970fb52876e536ee09dea

SHA256
b88d35b6536c608261c99f627e9b17e1b07bc8c008394894a78e5dda42bc4772

SHA512
3666d68268d6cdbc88a288a8f7d8db5fff04769a1d5e606f50eab7352cc5ad431d7d1bc6609494eefb2d4b52f189cf930476da5ec0969bfeb562121e45d28ae1

Download Submit
C:\Windows\system\cnwUmzC.exe

Filesize
6.0MB

MD5
25b15d7b9bbed92d2216eb4878fe2188

SHA1
bdbd954b8d2b8e0d18909cb6abf9f9b7ce486272

SHA256
b1b105a5312ccfabf8256b0d79a23976cf3bf5a675bcb9af2810210531e4ed37

SHA512
9c3bad6d6b7589613fe1bde8855963a34b11557b98db766c3ab8dfaddbcc074b666ba98f9398b2a063045578a822290e7800327e0e697bf85c32400e7c3a5d48

Download Submit
C:\Windows\system\dLCcRza.exe

Filesize
6.0MB

MD5
a94baf1c0595853bf42f65ecaf60ef45

SHA1
0fe0b44f812084087ddf3532f565eb6dc4370b1e

SHA256
130aac1fe3475eff64c915c6a1b288b774cb2eb9b005842a5eec60f3130c83b5

SHA512
7c52766e5ccd6ba24fb43c16e09ebf81f186df13e0224da6631df0b4498a0a25c9280870a04bd726fd3938b652207497e24c9d0e9bbcb5d8ed56d5690ab6245c

Download Submit
C:\Windows\system\dPCkXYf.exe

Filesize
6.0MB

MD5
527fea2302ccd7cd7961dea2cc920f6d

SHA1
43c9e7001560aaf46c8391ce6c2f1bd49e8b7460

SHA256
54e5bf118685b8c821ee7a3841c0063906b3df8937fcb001ce6527e5473fd486

SHA512
ebd1ebbb93386963d2b14e2a847a63e50bba749cb17a8d5cdca5e6149c4dc7e37fdf9c025e0cccbf7ab5765bd58e81fa1146ec7a7d55fd293e9ee0715befdbd7

Download Submit
C:\Windows\system\drPBZGR.exe

Filesize
6.0MB

MD5
c2026e22ee21c348cc01591f2dc62501

SHA1
24468ba2a79314a8d0a2674eb126508a64e14a96

SHA256
4412825b2e3d7e9abdcd769c4ebf0e124c76b07921e5926161d69c69d352da37

SHA512
8117dbb75a458d013732ff3ba4556be654b385600faf0fda587eaa991254e7f648af6f4253cacc1c59128fa89f3fa6fc4619fc8b7b0fb15ac6b58126c2598f15

Download Submit
C:\Windows\system\fKsAyZu.exe

Filesize
6.0MB

MD5
2a53f5b567d002955eed12f6ee73248e

SHA1
d475999a354fb93ed1a220f5b94f65857a77d365

SHA256
314dda81557953d0e35969a8bb62b6542c61411023e90b0ad035dbfb918fd800

SHA512
85ada7f06bce3b474343f9b6801117127dc219455101c9e7fa13e9f9950cba941400a23c5f329dc9570deeed40f8a27ec01ceb8adaa883ce279d10da3a696b6b

Download Submit
C:\Windows\system\gJmQztH.exe

Filesize
6.0MB

MD5
f9287813d766cf2204fa04cc1882b6b4

SHA1
9daeb88114d540728928e114cb004260973078b8

SHA256
8e1e41176852da0f224dd26a3a8e1d39c6df6041ff5bb9ca86c2fde6f0cb1ee9

SHA512
130730ee7b06f0a836d96ef79f27f5f127eba395ac167023c74ddb90c1bc0d92a28307f717ee83f9c494d79580e147569b89ea60a6a1831676edec3a691e6547

Download Submit
C:\Windows\system\hHsSfyi.exe

Filesize
6.0MB

MD5
4ec71c464c8720e195e7bf5dd96fe057

SHA1
237efac1d6cc3450813b9f17c8d79c6e42cc9ad7

SHA256
bbe046fae77acb0b93d1173b0ab2477eb6da74c60a9c6162587e9dd7eb22f452

SHA512
2abeb6e5a317eec4c4b7f3c5286e034a6c996322d5edaa11186011dd975984ddf1289ea1b84f418d008219f3d1117c68294401a5f4e5087bcfdaa1a21c1f1918

Download Submit
C:\Windows\system\jdjLJsb.exe

Filesize
6.0MB

MD5
2df70a00a056f87798265d38ec4f3a52

SHA1
a7f065941d06d86d89cec4dd6f01ce2510688015

SHA256
e2df07f1165c6bb969dd892e53d54c689d36692edb3acff00615be500ccab4d0

SHA512
d4cb824c50b981a8812b539b4c947c1862356f9619e0ed5a988be36da463efc328dd60cd8b28fbd98187858ec7aecece7a3a2efe7887ff4af394d51fb1ca3b3c

Download Submit
C:\Windows\system\jiPjzNE.exe

Filesize
6.0MB

MD5
72b8b5539ee522c31a0ab7a376fe0c74

SHA1
dcfd609afcd827fabc90d12290e777f49bf967c7

SHA256
0378d4d6c192160704d768536e993ef5864a9b261007f9c7434b199550be32e3

SHA512
e9540d66e2f490bdc6a6a15dbec7b455bd2868134d4e4bfecb99378883bc72e106e69b783f23b7adce127a91e0e160a96b50c61b2e4f103ad3c9c9a10b462cb9

Download Submit
C:\Windows\system\lAJUgYp.exe

Filesize
6.0MB

MD5
c1ef4e0b58289e36e54a623a7dcfe4ce

SHA1
b338f1af9aa465da5cb56ce08520738f022874e1

SHA256
367498715adba35783bffd8f757ad9ea5ad948fd3e4cd1e8cae4b736b3d1b0d5

SHA512
da404e2566a56fdf7aded08de5df65c0a1c5ebb72d172bdc1ada8631f2764748987880b90c0960a67fd2f425f731ee44d063fd6cb08af7e5baa5b1d15291aad8

Download Submit
C:\Windows\system\nXouiDo.exe

Filesize
6.0MB

MD5
79b8c0b2206ae2cd113b7584d94bafea

SHA1
82c7acfd5577c13a8ea158491a668a42f8b696e6

SHA256
c39042904be9b615126951dca1161fad7a892df9b5145b2a8486c2c00aa86523

SHA512
1a05ddb614ffe22856a08727bb7f74a1f6552f55415194301be6591230642282b1e9369be009af86cfc9801ef84013d5903c64a263b94bd571e5c085007f6e08

Download Submit
C:\Windows\system\qBQFShn.exe

Filesize
6.0MB

MD5
41501d9c31df6e132b8ac4939e71af0c

SHA1
eac7c1027b9b8f910c8b00c499dd62c5fc47eee3

SHA256
eb3119f5310fdeb8e9120cb9d713e1bdc09da6610d5196cad82138697db20c88

SHA512
ae933bfa5f5542a43727a09a1cece31c19fc232930be88cdc750d1ea393aafe6b2e34fae6f52b8bd0840c9f8fefc261d14b10551a55d615cc503ccd6a9faf02c

Download Submit
C:\Windows\system\qRRiOEH.exe

Filesize
6.0MB

MD5
dee00c08a6fefe59c9e6f529c620e9dc

SHA1
f87294b2d17372e72e3bc9f22eda5d7d44aa0282

SHA256
8d441a7e55477c62910560d950d1fae57a73bf159c654e33e8d991292116fb03

SHA512
24876af53d14f91f43d2bbb2beb5e5532c0e2a867936d2900d8a3536a70110605739510213d43643f8c37f3305a9c4e4ea2a49d6491082df5312e23cb3456127

Download Submit
C:\Windows\system\rpHTXPr.exe

Filesize
6.0MB

MD5
876175071021ac767e781d96fc603e50

SHA1
89f96673e2af69df671c3230599ed52019ccab46

SHA256
49165d74bc754d45bde1ba2fe2210dba5a54559a512d6ba08df1627246a96ddc

SHA512
b218e8b6c0a995a935ef0af3b0a9b5e41b112bbf15be94b3e4260334453325af0c164bbabe49849c4597ccd046d9590d909f07a0dc5e3d8b75b9e2d9587c3439

Download Submit
C:\Windows\system\tYyhVhb.exe

Filesize
6.0MB

MD5
09023a81af5e05ea24d0d59bf8d207a0

SHA1
bb3734e2757750cf0bbceca94dc896af306e140d

SHA256
02b9c738480fc0fe57d9c32bebda09ee209b4114c2eaab35d8e066bea902dc1a

SHA512
d78c3212acf0362c43d55ce7f74fb3a46f0f8e92e26a22d848aef658f7c0ade2b3ae775e19d3d163c0943b7835c4641011bf930a131ca4db49c34f380147966a

Download Submit
C:\Windows\system\vvrRWzF.exe

Filesize
6.0MB

MD5
08bc093e12ab6297c20393593721e19f

SHA1
bfb6aab38a6f080b9b9bea451dc3decb4c5dcfa3

SHA256
ce618d78a8172fd14b73ccadca83e3557f9bb70a7dcd695498543e7d9b5f5a88

SHA512
7f3b0374c25698b273b299a8aa66b13a649b3b6a1e981241aaea612abc938aaa9af43125e885003773f5d0bb5ede0ac26bf4079788d5c85236fd53a0109e4ec9

Download Submit
C:\Windows\system\wHFzxao.exe

Filesize
6.0MB

MD5
162aa31127efce86cd498a19452525c0

SHA1
2e6278f5b3f2615ac6bef13ad796010dcf9fdfc9

SHA256
9eb4b15bfad01154888c58fca00161ec62c1f37f4f573b0eebd7667035192a5a

SHA512
b7c783f427694f9bbf701fe880b6df0c3a4f88be0669d5e8e1fc69361fe171c0a52c74dd21e44c04f20ff67e38eee450c33a249117454a73e97239c682cb1813

Download Submit
\Windows\system\GTywRSj.exe

Filesize
6.0MB

MD5
3c1a65361440d516f168011406751e5c

SHA1
f051fb5e72c959c9c7ad437243035eb601ea2044

SHA256
0a89c50d9ebe6a2df0591a9c077ccc5934efe0db5db9ceede17e20c369b827b2

SHA512
c7abe4f1a3940da6570e1ebf6ede4e461877fc8e461f261c1f42b4dad2076c0893e586d2e9354e02ed4171ed7dcf17c527dfe36e5b6d48c92ff163d235daa623

Download Submit
\Windows\system\QqVDPmh.exe

Filesize
6.0MB

MD5
462a9918e3003fc7f9fdc5ec7c048caa

SHA1
5390520a41ca9e165ff8c3c8445ff779376488bb

SHA256
4b0ddaf61a535c1c83c7de003c9c94ce43f8f91e79389bc44d9b52e6beba31cf

SHA512
eace5cd76937cb95fb15a857ce8e0bd0a64fdb2038859cce54860b53318abec83d40cf2e5273cb4b10e8ee2825a51ff3108b83d69613513db1984acadffabdcc

Download Submit
\Windows\system\RfjkVGs.exe

Filesize
6.0MB

MD5
852ad591610c30fcd5c7f1f18137357e

SHA1
4f8936c34d300ee71d2e6e2f226f5f016c65a8ac

SHA256
77c7abb7028c94357220650f714e18c30272e55bff2bc47fda2b62cbcb0b55f4

SHA512
3c8872a5e32f9fd80b6f55e5ea389098213e45b78928ee97a6299eda294d04231cc14758e9da208424e5844d618fd827d554f7d254f4493609395d01b13bf73e

Download Submit
\Windows\system\boJffTV.exe

Filesize
6.0MB

MD5
f69e55f5868b1bb1e02456decb37b8dc

SHA1
00dac8076c6ec60c7957173dd17b601766007fbe

SHA256
ae7600f4757d3c84be405b2f9bc1fd2683f768a8e85b6789f4c121c73679e7e2

SHA512
83ed95be315501eee87d8101e8b0683bf2921a859804afdf4784dc0dcd02306fe754ada66099e769fb15920e7e9545e474bd4c7396b1b7c2c9edba74fdd4d3bd

Download Submit
\Windows\system\dvBpUGO.exe

Filesize
6.0MB

MD5
3da71066be224bc8830d29195c6416cd

SHA1
8d51df02c85d0258756cbcaedd09004d6f95ab6e

SHA256
44da95ff60e564e2750e5d0a39c05964255797388cf8acb7d6cd1df4b2505482

SHA512
8031d448e3177094001e4ecee03d0e59d0bb6ce464bfeabf3b90bc7fe7aaba83444ebb3b3756589ddee87b6eeb52cc382b6e1e3989cc18e427c7b91ebba17f80

Download Submit
\Windows\system\iLPhyWh.exe

Filesize
6.0MB

MD5
e5ab26f2f6730c811d033b6a61620a49

SHA1
243fab1a8688a42ed9349ef6ab8eabc6cdf20229

SHA256
ba7f21eafd08f35753e1a5021ad78331288445a3b73a741fd8f1aa0917eecf6c

SHA512
f6c34dc660fce92cb684cf2a1db74a486c7353db40ac2ba4bd4f1cac979127d864f6b4f55397bd5158c06f9430f0e33c7bab9ae33dfd001754961f6f34f418db

Download Submit
\Windows\system\qBdcCbB.exe

Filesize
6.0MB

MD5
9137bc304905945c153199b04c4a5d6b

SHA1
3f9aa1dbe058b7455b989fde0da91cbbfb374a94

SHA256
04e6eadc408c13a7ea3871a468c985dacf225927a789b7b542a10feb4f530eba

SHA512
e34deee5e66463b0a3487d665fd755f2855a6c935bad580e5121e01bed84609f7bb77fd571c1f739a9432d8a3d01a1919fc324cc7503375e033b2a85fb9cb526

Download Submit
memory/800-4391-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/800-4394-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1544-4390-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/1544-4399-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/1640-4376-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/1640-4397-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/1688-3465-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2064-3769-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2064-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2064-0-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2064-1464-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-4393-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2112-4396-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2356-3770-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-4392-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-4400-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-4395-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-4389-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-4398-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download