cobaltstrike | c894c145d15624a5c7a88c7b89cb33b814942d776a8b3bae7124c1dceaba2359

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-02-2025 09:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

20111572f839dc5aa5009bd0c75e0aca
SHA1

014dfa014e2f2531294b9bc38de8ccb6dbbc4931
SHA256

c894c145d15624a5c7a88c7b89cb33b814942d776a8b3bae7124c1dceaba2359
SHA512

ff8971a90794249957940ced0e40e4c6fb5fbc3a04aa723d275aa4b683abe686689e4cad1f572dd4f29e003511bdb83b24ba83e7129708602e67bc5158cae82f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUo:T+q56utgpPF8u/7o

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012264-3.dat	cobalt_reflective_dll
behavioral1/files/0x0027000000016d69-12.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001756e-10.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000016fc9-24.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c3-41.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186bb-34.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b28-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b05-50.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b50-64.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b8-67.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-87.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-97.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-201.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-196.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-191.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-171.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2172-0-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/files/0x000c000000012264-3.dat	xmrig
behavioral1/files/0x0027000000016d69-12.dat	xmrig
behavioral1/memory/2172-6-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2988-16-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2856-11-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x000900000001756e-10.dat	xmrig
behavioral1/memory/2844-21-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x0014000000016fc9-24.dat	xmrig
behavioral1/memory/3032-29-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2856-38-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x00060000000186c3-41.dat	xmrig
behavioral1/memory/2172-37-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2756-35-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/files/0x00060000000186bb-34.dat	xmrig
behavioral1/files/0x0008000000018b28-52.dat	xmrig
behavioral1/files/0x0007000000018b05-50.dat	xmrig
behavioral1/memory/2844-57-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2600-59-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/3004-42-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/1616-66-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/3032-65-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000018b50-64.dat	xmrig
behavioral1/files/0x00070000000193b8-67.dat	xmrig
behavioral1/memory/1576-75-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2756-68-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/3004-76-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2312-92-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2600-91-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-87.dat	xmrig
behavioral1/memory/2780-82-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-97.dat	xmrig
behavioral1/memory/1252-100-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/1616-99-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c6-81.dat	xmrig
behavioral1/memory/2172-78-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2172-102-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2172-103-0x0000000002490000-0x00000000027E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019643-105.dat	xmrig
behavioral1/memory/2952-106-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2688-109-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/files/0x000500000001975a-115.dat	xmrig
behavioral1/memory/2172-113-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019761-120.dat	xmrig
behavioral1/files/0x00050000000197fd-123.dat	xmrig
behavioral1/files/0x0005000000019820-128.dat	xmrig
behavioral1/files/0x000500000001998d-133.dat	xmrig
behavioral1/files/0x0005000000019bf5-142.dat	xmrig
behavioral1/files/0x0005000000019bf6-146.dat	xmrig
behavioral1/files/0x0005000000019bf9-151.dat	xmrig
behavioral1/files/0x0005000000019c3c-153.dat	xmrig
behavioral1/files/0x0005000000019d62-165.dat	xmrig
behavioral1/memory/1252-166-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d61-161.dat	xmrig
behavioral1/files/0x000500000001a0b6-201.dat	xmrig
behavioral1/memory/2952-250-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2172-229-0x0000000002490000-0x00000000027E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a049-196.dat	xmrig
behavioral1/files/0x000500000001a03c-191.dat	xmrig
behavioral1/files/0x0005000000019fdd-186.dat	xmrig
behavioral1/files/0x0005000000019e92-176.dat	xmrig
behavioral1/files/0x0005000000019fd4-181.dat	xmrig
behavioral1/files/0x0005000000019d6d-171.dat	xmrig
behavioral1/memory/3032-1347-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2856	yvrBbqn.exe
2988	dTZaQqM.exe
2844	AHgndmp.exe
3032	AIDcQFC.exe
2756	oqbJCTX.exe
3004	QsrxRku.exe
2780	JXLIxyM.exe
2600	INqFhZH.exe
1616	XggJqtQ.exe
1576	Tnbzgde.exe
2688	KmlHqkO.exe
2312	iwtmQOs.exe
1252	hKQTLHc.exe
2952	bwSfsQk.exe
2228	nJiuBdr.exe
1952	EsrmaUy.exe
2504	ceFmvlR.exe
1636	HgBowfS.exe
632	jelpnbV.exe
1756	qOMYdzR.exe
2140	DOTyUye.exe
2128	QtimPRX.exe
2104	dbcIxsi.exe
2160	cImNSND.exe
2668	JCBlOjT.exe
2556	esHtFCw.exe
580	xWqYnGn.exe
808	rRJRqJq.exe
2580	EWYqKmT.exe
1872	YMrdhNx.exe
1272	MOoYaBd.exe
2672	ZVmeTZT.exe
1712	sUnqDJW.exe
1332	pwriDpD.exe
764	oIlKuBQ.exe
796	UFclFYO.exe
2644	FeoiCZr.exe
1008	QTFhhbu.exe
1848	rHjtYBV.exe
956	ltOITEZ.exe
1012	JdfQSlW.exe
2008	DxYTMon.exe
2400	WCNKBFG.exe
520	zmgEVYb.exe
2152	sVzVcgc.exe
2324	GlzlkVr.exe
1752	aEfLmXG.exe
868	KUzqHdX.exe
1724	mKKfLJy.exe
1876	vzZkNyE.exe
1536	UdOyLXl.exe
1668	fjjmKIF.exe
2864	HKSpaZt.exe
2432	fgxJLFi.exe
2284	DFpPwrO.exe
2760	pfAhOsC.exe
2572	CzkpEZD.exe
3012	kgCuSaM.exe
432	oMzQXwV.exe
2100	ezvoRVz.exe
2500	EgFcxbz.exe
2732	sDGWoyE.exe
2880	nQbpLAq.exe
2280	mdoHuUn.exe

Loads dropped DLL 64 IoCs

pid	Process
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2172-0-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/files/0x000c000000012264-3.dat	upx
behavioral1/files/0x0027000000016d69-12.dat	upx
behavioral1/memory/2988-16-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2856-11-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x000900000001756e-10.dat	upx
behavioral1/memory/2844-21-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x0014000000016fc9-24.dat	upx
behavioral1/memory/3032-29-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2856-38-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x00060000000186c3-41.dat	upx
behavioral1/memory/2172-37-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2756-35-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/files/0x00060000000186bb-34.dat	upx
behavioral1/files/0x0008000000018b28-52.dat	upx
behavioral1/files/0x0007000000018b05-50.dat	upx
behavioral1/memory/2844-57-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2600-59-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/3004-42-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/1616-66-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/3032-65-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x0008000000018b50-64.dat	upx
behavioral1/files/0x00070000000193b8-67.dat	upx
behavioral1/memory/1576-75-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2756-68-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/3004-76-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2312-92-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2600-91-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/files/0x00050000000195c7-87.dat	upx
behavioral1/memory/2780-82-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x000500000001960c-97.dat	upx
behavioral1/memory/1252-100-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/1616-99-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x00050000000195c6-81.dat	upx
behavioral1/files/0x0005000000019643-105.dat	upx
behavioral1/memory/2952-106-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2688-109-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/files/0x000500000001975a-115.dat	upx
behavioral1/files/0x0005000000019761-120.dat	upx
behavioral1/files/0x00050000000197fd-123.dat	upx
behavioral1/files/0x0005000000019820-128.dat	upx
behavioral1/files/0x000500000001998d-133.dat	upx
behavioral1/files/0x0005000000019bf5-142.dat	upx
behavioral1/files/0x0005000000019bf6-146.dat	upx
behavioral1/files/0x0005000000019bf9-151.dat	upx
behavioral1/files/0x0005000000019c3c-153.dat	upx
behavioral1/files/0x0005000000019d62-165.dat	upx
behavioral1/memory/1252-166-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/files/0x0005000000019d61-161.dat	upx
behavioral1/files/0x000500000001a0b6-201.dat	upx
behavioral1/memory/2952-250-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/files/0x000500000001a049-196.dat	upx
behavioral1/files/0x000500000001a03c-191.dat	upx
behavioral1/files/0x0005000000019fdd-186.dat	upx
behavioral1/files/0x0005000000019e92-176.dat	upx
behavioral1/files/0x0005000000019fd4-181.dat	upx
behavioral1/files/0x0005000000019d6d-171.dat	upx
behavioral1/memory/3032-1347-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/3004-1356-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2756-1362-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2780-1368-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2600-1379-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2856-1343-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2988-1340-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\eaLEECE.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PrWhmYR.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DksqPJm.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lItaGOj.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jXztZEq.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhpgjON.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NEWpsQU.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VEubDEx.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ARPcLlM.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LmYTeEJ.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oCUkpBJ.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHsKvLt.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cLSNxDU.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRpYtup.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AnrNznP.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SxRJSHz.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HBzJqdF.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IPuHxlm.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZEincSH.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ixfzbLb.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sPiSeyg.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jkEcyCe.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CrRllFP.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VqLtHqs.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqPSrkS.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aLpuGbV.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tsxogRx.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DYUOuzT.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mcQMyjK.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gHnpFPh.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bcsgHZI.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZOQsGYG.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MlLRAkN.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfOUxEi.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dNktukT.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ThXAOmJ.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHzWRxH.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZotiUpr.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\COEGNNW.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VUdWtIr.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\osgctta.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zlaPXuH.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvSouEP.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YcSbGuq.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\urHiyUu.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QuVnSZJ.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dnjNThr.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MurKsOr.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZNRbKcY.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GopiAZe.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KoaMowB.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FjDxzty.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tDTDzSR.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IUMgOkY.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ArdPlAj.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RsXlICk.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKpkawS.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BdWJBuv.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QRUnplC.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UNFNOxe.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RhqqlBm.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fEOABHi.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZVmeTZT.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hMsHPSp.exe	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2856	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2172 wrote to memory of 2856	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2172 wrote to memory of 2856	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2172 wrote to memory of 2988	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2172 wrote to memory of 2988	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2172 wrote to memory of 2988	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2172 wrote to memory of 2844	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2172 wrote to memory of 2844	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2172 wrote to memory of 2844	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2172 wrote to memory of 3032	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2172 wrote to memory of 3032	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2172 wrote to memory of 3032	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2172 wrote to memory of 2756	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2172 wrote to memory of 2756	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2172 wrote to memory of 2756	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2172 wrote to memory of 3004	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2172 wrote to memory of 3004	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2172 wrote to memory of 3004	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2172 wrote to memory of 2780	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2172 wrote to memory of 2780	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2172 wrote to memory of 2780	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2172 wrote to memory of 2600	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2172 wrote to memory of 2600	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2172 wrote to memory of 2600	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2172 wrote to memory of 1616	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2172 wrote to memory of 1616	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2172 wrote to memory of 1616	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2172 wrote to memory of 1576	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2172 wrote to memory of 1576	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2172 wrote to memory of 1576	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2172 wrote to memory of 2688	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2172 wrote to memory of 2688	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2172 wrote to memory of 2688	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2172 wrote to memory of 2312	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2172 wrote to memory of 2312	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2172 wrote to memory of 2312	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2172 wrote to memory of 1252	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2172 wrote to memory of 1252	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2172 wrote to memory of 1252	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2172 wrote to memory of 2952	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2172 wrote to memory of 2952	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2172 wrote to memory of 2952	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2172 wrote to memory of 2228	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2172 wrote to memory of 2228	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2172 wrote to memory of 2228	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2172 wrote to memory of 1952	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2172 wrote to memory of 1952	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2172 wrote to memory of 1952	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2172 wrote to memory of 2504	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2172 wrote to memory of 2504	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2172 wrote to memory of 2504	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2172 wrote to memory of 1636	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2172 wrote to memory of 1636	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2172 wrote to memory of 1636	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2172 wrote to memory of 632	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2172 wrote to memory of 632	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2172 wrote to memory of 632	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2172 wrote to memory of 1756	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2172 wrote to memory of 1756	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2172 wrote to memory of 1756	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2172 wrote to memory of 2140	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2172 wrote to memory of 2140	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2172 wrote to memory of 2140	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2172 wrote to memory of 2128	2172	2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-18_20111572f839dc5aa5009bd0c75e0aca_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\System\yvrBbqn.exe
  C:\Windows\System\yvrBbqn.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\dTZaQqM.exe
  C:\Windows\System\dTZaQqM.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\AHgndmp.exe
  C:\Windows\System\AHgndmp.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\AIDcQFC.exe
  C:\Windows\System\AIDcQFC.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\oqbJCTX.exe
  C:\Windows\System\oqbJCTX.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\QsrxRku.exe
  C:\Windows\System\QsrxRku.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\JXLIxyM.exe
  C:\Windows\System\JXLIxyM.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\INqFhZH.exe
  C:\Windows\System\INqFhZH.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\XggJqtQ.exe
  C:\Windows\System\XggJqtQ.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\Tnbzgde.exe
  C:\Windows\System\Tnbzgde.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\KmlHqkO.exe
  C:\Windows\System\KmlHqkO.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\iwtmQOs.exe
  C:\Windows\System\iwtmQOs.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\hKQTLHc.exe
  C:\Windows\System\hKQTLHc.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\bwSfsQk.exe
  C:\Windows\System\bwSfsQk.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\nJiuBdr.exe
  C:\Windows\System\nJiuBdr.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\EsrmaUy.exe
  C:\Windows\System\EsrmaUy.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\ceFmvlR.exe
  C:\Windows\System\ceFmvlR.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\HgBowfS.exe
  C:\Windows\System\HgBowfS.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\jelpnbV.exe
  C:\Windows\System\jelpnbV.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\qOMYdzR.exe
  C:\Windows\System\qOMYdzR.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\DOTyUye.exe
  C:\Windows\System\DOTyUye.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\QtimPRX.exe
  C:\Windows\System\QtimPRX.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\dbcIxsi.exe
  C:\Windows\System\dbcIxsi.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\cImNSND.exe
  C:\Windows\System\cImNSND.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\JCBlOjT.exe
  C:\Windows\System\JCBlOjT.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\esHtFCw.exe
  C:\Windows\System\esHtFCw.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\xWqYnGn.exe
  C:\Windows\System\xWqYnGn.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\rRJRqJq.exe
  C:\Windows\System\rRJRqJq.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\EWYqKmT.exe
  C:\Windows\System\EWYqKmT.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\YMrdhNx.exe
  C:\Windows\System\YMrdhNx.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\MOoYaBd.exe
  C:\Windows\System\MOoYaBd.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\ZVmeTZT.exe
  C:\Windows\System\ZVmeTZT.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\sUnqDJW.exe
  C:\Windows\System\sUnqDJW.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\pwriDpD.exe
  C:\Windows\System\pwriDpD.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\oIlKuBQ.exe
  C:\Windows\System\oIlKuBQ.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\UFclFYO.exe
  C:\Windows\System\UFclFYO.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\FeoiCZr.exe
  C:\Windows\System\FeoiCZr.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\QTFhhbu.exe
  C:\Windows\System\QTFhhbu.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\rHjtYBV.exe
  C:\Windows\System\rHjtYBV.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\ltOITEZ.exe
  C:\Windows\System\ltOITEZ.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\JdfQSlW.exe
  C:\Windows\System\JdfQSlW.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\DxYTMon.exe
  C:\Windows\System\DxYTMon.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\WCNKBFG.exe
  C:\Windows\System\WCNKBFG.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\zmgEVYb.exe
  C:\Windows\System\zmgEVYb.exe
  2⤵
  - Executes dropped EXE
  PID:520
- C:\Windows\System\sVzVcgc.exe
  C:\Windows\System\sVzVcgc.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\GlzlkVr.exe
  C:\Windows\System\GlzlkVr.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\aEfLmXG.exe
  C:\Windows\System\aEfLmXG.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\KUzqHdX.exe
  C:\Windows\System\KUzqHdX.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\mKKfLJy.exe
  C:\Windows\System\mKKfLJy.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\vzZkNyE.exe
  C:\Windows\System\vzZkNyE.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\UdOyLXl.exe
  C:\Windows\System\UdOyLXl.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\fjjmKIF.exe
  C:\Windows\System\fjjmKIF.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\HKSpaZt.exe
  C:\Windows\System\HKSpaZt.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\fgxJLFi.exe
  C:\Windows\System\fgxJLFi.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\DFpPwrO.exe
  C:\Windows\System\DFpPwrO.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\pfAhOsC.exe
  C:\Windows\System\pfAhOsC.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\CzkpEZD.exe
  C:\Windows\System\CzkpEZD.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\kgCuSaM.exe
  C:\Windows\System\kgCuSaM.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\oMzQXwV.exe
  C:\Windows\System\oMzQXwV.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\ezvoRVz.exe
  C:\Windows\System\ezvoRVz.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\EgFcxbz.exe
  C:\Windows\System\EgFcxbz.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\sDGWoyE.exe
  C:\Windows\System\sDGWoyE.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\nQbpLAq.exe
  C:\Windows\System\nQbpLAq.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\mdoHuUn.exe
  C:\Windows\System\mdoHuUn.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\IJvFPcf.exe
  C:\Windows\System\IJvFPcf.exe
  2⤵
  PID:1032
- C:\Windows\System\udbDLmm.exe
  C:\Windows\System\udbDLmm.exe
  2⤵
  PID:2148
- C:\Windows\System\sCYjBKz.exe
  C:\Windows\System\sCYjBKz.exe
  2⤵
  PID:3016
- C:\Windows\System\KdsoFAp.exe
  C:\Windows\System\KdsoFAp.exe
  2⤵
  PID:1076
- C:\Windows\System\RWOkEPa.exe
  C:\Windows\System\RWOkEPa.exe
  2⤵
  PID:1772
- C:\Windows\System\ZrORMWI.exe
  C:\Windows\System\ZrORMWI.exe
  2⤵
  PID:3040
- C:\Windows\System\lGFienz.exe
  C:\Windows\System\lGFienz.exe
  2⤵
  PID:968
- C:\Windows\System\sImfdxC.exe
  C:\Windows\System\sImfdxC.exe
  2⤵
  PID:1788
- C:\Windows\System\FHnFKHI.exe
  C:\Windows\System\FHnFKHI.exe
  2⤵
  PID:3000
- C:\Windows\System\AoZJvlP.exe
  C:\Windows\System\AoZJvlP.exe
  2⤵
  PID:2552
- C:\Windows\System\NGTZZHq.exe
  C:\Windows\System\NGTZZHq.exe
  2⤵
  PID:2936
- C:\Windows\System\IgGXNOo.exe
  C:\Windows\System\IgGXNOo.exe
  2⤵
  PID:2192
- C:\Windows\System\siQYDKg.exe
  C:\Windows\System\siQYDKg.exe
  2⤵
  PID:2076
- C:\Windows\System\cXoyLcK.exe
  C:\Windows\System\cXoyLcK.exe
  2⤵
  PID:2336
- C:\Windows\System\BsViljw.exe
  C:\Windows\System\BsViljw.exe
  2⤵
  PID:316
- C:\Windows\System\eXWkgZB.exe
  C:\Windows\System\eXWkgZB.exe
  2⤵
  PID:2616
- C:\Windows\System\EpBYQAX.exe
  C:\Windows\System\EpBYQAX.exe
  2⤵
  PID:1600
- C:\Windows\System\ZQFoPkx.exe
  C:\Windows\System\ZQFoPkx.exe
  2⤵
  PID:2512
- C:\Windows\System\GUveIrz.exe
  C:\Windows\System\GUveIrz.exe
  2⤵
  PID:2384
- C:\Windows\System\sWHgxZF.exe
  C:\Windows\System\sWHgxZF.exe
  2⤵
  PID:2300
- C:\Windows\System\HzQXAvx.exe
  C:\Windows\System\HzQXAvx.exe
  2⤵
  PID:2016
- C:\Windows\System\fleYARo.exe
  C:\Windows\System\fleYARo.exe
  2⤵
  PID:964
- C:\Windows\System\MlLRAkN.exe
  C:\Windows\System\MlLRAkN.exe
  2⤵
  PID:1832
- C:\Windows\System\ZCFvtwB.exe
  C:\Windows\System\ZCFvtwB.exe
  2⤵
  PID:2164
- C:\Windows\System\jACFonn.exe
  C:\Windows\System\jACFonn.exe
  2⤵
  PID:1384
- C:\Windows\System\ZEincSH.exe
  C:\Windows\System\ZEincSH.exe
  2⤵
  PID:2012
- C:\Windows\System\vAoumcB.exe
  C:\Windows\System\vAoumcB.exe
  2⤵
  PID:2376
- C:\Windows\System\Yvahwgm.exe
  C:\Windows\System\Yvahwgm.exe
  2⤵
  PID:936
- C:\Windows\System\UcyRBLF.exe
  C:\Windows\System\UcyRBLF.exe
  2⤵
  PID:1532
- C:\Windows\System\IpHfNwf.exe
  C:\Windows\System\IpHfNwf.exe
  2⤵
  PID:1092
- C:\Windows\System\IWAbvUW.exe
  C:\Windows\System\IWAbvUW.exe
  2⤵
  PID:2368
- C:\Windows\System\rFDiOjb.exe
  C:\Windows\System\rFDiOjb.exe
  2⤵
  PID:2640
- C:\Windows\System\IuexvwF.exe
  C:\Windows\System\IuexvwF.exe
  2⤵
  PID:2236
- C:\Windows\System\CnAbfLm.exe
  C:\Windows\System\CnAbfLm.exe
  2⤵
  PID:2972
- C:\Windows\System\QMqOGbX.exe
  C:\Windows\System\QMqOGbX.exe
  2⤵
  PID:2764
- C:\Windows\System\oCUkpBJ.exe
  C:\Windows\System\oCUkpBJ.exe
  2⤵
  PID:2080
- C:\Windows\System\QhyPvSR.exe
  C:\Windows\System\QhyPvSR.exe
  2⤵
  PID:2532
- C:\Windows\System\fmjDgSc.exe
  C:\Windows\System\fmjDgSc.exe
  2⤵
  PID:1816
- C:\Windows\System\bFpwMtW.exe
  C:\Windows\System\bFpwMtW.exe
  2⤵
  PID:2920
- C:\Windows\System\ZiOicOu.exe
  C:\Windows\System\ZiOicOu.exe
  2⤵
  PID:2632
- C:\Windows\System\MbYBcyZ.exe
  C:\Windows\System\MbYBcyZ.exe
  2⤵
  PID:2836
- C:\Windows\System\eeRixdH.exe
  C:\Windows\System\eeRixdH.exe
  2⤵
  PID:2860
- C:\Windows\System\jBRhaMG.exe
  C:\Windows\System\jBRhaMG.exe
  2⤵
  PID:2488
- C:\Windows\System\WtleXfx.exe
  C:\Windows\System\WtleXfx.exe
  2⤵
  PID:2092
- C:\Windows\System\zTPxFZV.exe
  C:\Windows\System\zTPxFZV.exe
  2⤵
  PID:2956
- C:\Windows\System\gOOhMZT.exe
  C:\Windows\System\gOOhMZT.exe
  2⤵
  PID:2848
- C:\Windows\System\vXFCOTv.exe
  C:\Windows\System\vXFCOTv.exe
  2⤵
  PID:1088
- C:\Windows\System\uHsKvLt.exe
  C:\Windows\System\uHsKvLt.exe
  2⤵
  PID:2136
- C:\Windows\System\ZCNlHCR.exe
  C:\Windows\System\ZCNlHCR.exe
  2⤵
  PID:2452
- C:\Windows\System\tsxogRx.exe
  C:\Windows\System\tsxogRx.exe
  2⤵
  PID:2464
- C:\Windows\System\GhovdNz.exe
  C:\Windows\System\GhovdNz.exe
  2⤵
  PID:2332
- C:\Windows\System\vLNJtgx.exe
  C:\Windows\System\vLNJtgx.exe
  2⤵
  PID:1360
- C:\Windows\System\peiYRLf.exe
  C:\Windows\System\peiYRLf.exe
  2⤵
  PID:1336
- C:\Windows\System\xUYzfma.exe
  C:\Windows\System\xUYzfma.exe
  2⤵
  PID:2940
- C:\Windows\System\fKFKJKi.exe
  C:\Windows\System\fKFKJKi.exe
  2⤵
  PID:2540
- C:\Windows\System\eSzGLco.exe
  C:\Windows\System\eSzGLco.exe
  2⤵
  PID:1792
- C:\Windows\System\IPaBIBp.exe
  C:\Windows\System\IPaBIBp.exe
  2⤵
  PID:1656
- C:\Windows\System\BgTBQOW.exe
  C:\Windows\System\BgTBQOW.exe
  2⤵
  PID:2108
- C:\Windows\System\zOrkICn.exe
  C:\Windows\System\zOrkICn.exe
  2⤵
  PID:904
- C:\Windows\System\cLSNxDU.exe
  C:\Windows\System\cLSNxDU.exe
  2⤵
  PID:2388
- C:\Windows\System\vDfzVeq.exe
  C:\Windows\System\vDfzVeq.exe
  2⤵
  PID:1392
- C:\Windows\System\JibRulc.exe
  C:\Windows\System\JibRulc.exe
  2⤵
  PID:1944
- C:\Windows\System\XhueXBv.exe
  C:\Windows\System\XhueXBv.exe
  2⤵
  PID:996
- C:\Windows\System\SQGRgre.exe
  C:\Windows\System\SQGRgre.exe
  2⤵
  PID:2272
- C:\Windows\System\urEuyQO.exe
  C:\Windows\System\urEuyQO.exe
  2⤵
  PID:2296
- C:\Windows\System\KWkQENH.exe
  C:\Windows\System\KWkQENH.exe
  2⤵
  PID:2548
- C:\Windows\System\HjVbSSL.exe
  C:\Windows\System\HjVbSSL.exe
  2⤵
  PID:1852
- C:\Windows\System\ArDpdqk.exe
  C:\Windows\System\ArDpdqk.exe
  2⤵
  PID:3044
- C:\Windows\System\lJKDXsT.exe
  C:\Windows\System\lJKDXsT.exe
  2⤵
  PID:2884
- C:\Windows\System\faMbnjG.exe
  C:\Windows\System\faMbnjG.exe
  2⤵
  PID:2992
- C:\Windows\System\tfcacCt.exe
  C:\Windows\System\tfcacCt.exe
  2⤵
  PID:1128
- C:\Windows\System\onqJzGI.exe
  C:\Windows\System\onqJzGI.exe
  2⤵
  PID:1748
- C:\Windows\System\RvRjajV.exe
  C:\Windows\System\RvRjajV.exe
  2⤵
  PID:836
- C:\Windows\System\RpISfrN.exe
  C:\Windows\System\RpISfrN.exe
  2⤵
  PID:2536
- C:\Windows\System\IgknomA.exe
  C:\Windows\System\IgknomA.exe
  2⤵
  PID:2508
- C:\Windows\System\Lsoxkxw.exe
  C:\Windows\System\Lsoxkxw.exe
  2⤵
  PID:2728
- C:\Windows\System\TVjjcuq.exe
  C:\Windows\System\TVjjcuq.exe
  2⤵
  PID:468
- C:\Windows\System\irQGWQn.exe
  C:\Windows\System\irQGWQn.exe
  2⤵
  PID:1580
- C:\Windows\System\FgHYYES.exe
  C:\Windows\System\FgHYYES.exe
  2⤵
  PID:1824
- C:\Windows\System\DYUOuzT.exe
  C:\Windows\System\DYUOuzT.exe
  2⤵
  PID:1956
- C:\Windows\System\hwLtMKu.exe
  C:\Windows\System\hwLtMKu.exe
  2⤵
  PID:2180
- C:\Windows\System\KuOgyyv.exe
  C:\Windows\System\KuOgyyv.exe
  2⤵
  PID:928
- C:\Windows\System\ANdXWXS.exe
  C:\Windows\System\ANdXWXS.exe
  2⤵
  PID:2652
- C:\Windows\System\TLAxsup.exe
  C:\Windows\System\TLAxsup.exe
  2⤵
  PID:1980
- C:\Windows\System\vGecuGr.exe
  C:\Windows\System\vGecuGr.exe
  2⤵
  PID:912
- C:\Windows\System\HJwgALl.exe
  C:\Windows\System\HJwgALl.exe
  2⤵
  PID:1796
- C:\Windows\System\sfQNPGn.exe
  C:\Windows\System\sfQNPGn.exe
  2⤵
  PID:2524
- C:\Windows\System\OiADGug.exe
  C:\Windows\System\OiADGug.exe
  2⤵
  PID:1276
- C:\Windows\System\qllGumw.exe
  C:\Windows\System\qllGumw.exe
  2⤵
  PID:2520
- C:\Windows\System\fTlYoHN.exe
  C:\Windows\System\fTlYoHN.exe
  2⤵
  PID:1704
- C:\Windows\System\zdBsOSe.exe
  C:\Windows\System\zdBsOSe.exe
  2⤵
  PID:2268
- C:\Windows\System\qRyHylG.exe
  C:\Windows\System\qRyHylG.exe
  2⤵
  PID:2408
- C:\Windows\System\kFNkFUp.exe
  C:\Windows\System\kFNkFUp.exe
  2⤵
  PID:2320
- C:\Windows\System\RTVnNKt.exe
  C:\Windows\System\RTVnNKt.exe
  2⤵
  PID:2456
- C:\Windows\System\GXTHTnq.exe
  C:\Windows\System\GXTHTnq.exe
  2⤵
  PID:572
- C:\Windows\System\ELLpnet.exe
  C:\Windows\System\ELLpnet.exe
  2⤵
  PID:700
- C:\Windows\System\usOZCqx.exe
  C:\Windows\System\usOZCqx.exe
  2⤵
  PID:856
- C:\Windows\System\axaoEZT.exe
  C:\Windows\System\axaoEZT.exe
  2⤵
  PID:1040
- C:\Windows\System\HzXisKA.exe
  C:\Windows\System\HzXisKA.exe
  2⤵
  PID:1584
- C:\Windows\System\msOsFXJ.exe
  C:\Windows\System\msOsFXJ.exe
  2⤵
  PID:2044
- C:\Windows\System\RUgwsfN.exe
  C:\Windows\System\RUgwsfN.exe
  2⤵
  PID:1432
- C:\Windows\System\kqHwHUC.exe
  C:\Windows\System\kqHwHUC.exe
  2⤵
  PID:1020
- C:\Windows\System\oLWpOkO.exe
  C:\Windows\System\oLWpOkO.exe
  2⤵
  PID:3048
- C:\Windows\System\sWGMuhd.exe
  C:\Windows\System\sWGMuhd.exe
  2⤵
  PID:2712
- C:\Windows\System\cVCDZJz.exe
  C:\Windows\System\cVCDZJz.exe
  2⤵
  PID:2496
- C:\Windows\System\wVelkjl.exe
  C:\Windows\System\wVelkjl.exe
  2⤵
  PID:2676
- C:\Windows\System\YGZNwcz.exe
  C:\Windows\System\YGZNwcz.exe
  2⤵
  PID:2232
- C:\Windows\System\ZbZdMZL.exe
  C:\Windows\System\ZbZdMZL.exe
  2⤵
  PID:2260
- C:\Windows\System\lHGACns.exe
  C:\Windows\System\lHGACns.exe
  2⤵
  PID:2528
- C:\Windows\System\SAnOUQb.exe
  C:\Windows\System\SAnOUQb.exe
  2⤵
  PID:1048
- C:\Windows\System\Fjmmdhp.exe
  C:\Windows\System\Fjmmdhp.exe
  2⤵
  PID:1184
- C:\Windows\System\VkAJEZa.exe
  C:\Windows\System\VkAJEZa.exe
  2⤵
  PID:2896
- C:\Windows\System\cdaADhT.exe
  C:\Windows\System\cdaADhT.exe
  2⤵
  PID:2248
- C:\Windows\System\drSoBVY.exe
  C:\Windows\System\drSoBVY.exe
  2⤵
  PID:944
- C:\Windows\System\DbKAzgY.exe
  C:\Windows\System\DbKAzgY.exe
  2⤵
  PID:2472
- C:\Windows\System\ZQFVonp.exe
  C:\Windows\System\ZQFVonp.exe
  2⤵
  PID:2596
- C:\Windows\System\aRuTZCc.exe
  C:\Windows\System\aRuTZCc.exe
  2⤵
  PID:2908
- C:\Windows\System\wNxRCSH.exe
  C:\Windows\System\wNxRCSH.exe
  2⤵
  PID:3092
- C:\Windows\System\TGHimXf.exe
  C:\Windows\System\TGHimXf.exe
  2⤵
  PID:3124
- C:\Windows\System\uvWXQpM.exe
  C:\Windows\System\uvWXQpM.exe
  2⤵
  PID:3140
- C:\Windows\System\kzSzLDE.exe
  C:\Windows\System\kzSzLDE.exe
  2⤵
  PID:3156
- C:\Windows\System\EmcgmbD.exe
  C:\Windows\System\EmcgmbD.exe
  2⤵
  PID:3176
- C:\Windows\System\VyPDPtD.exe
  C:\Windows\System\VyPDPtD.exe
  2⤵
  PID:3192
- C:\Windows\System\LEvYkgO.exe
  C:\Windows\System\LEvYkgO.exe
  2⤵
  PID:3208
- C:\Windows\System\iNGFOmu.exe
  C:\Windows\System\iNGFOmu.exe
  2⤵
  PID:3240
- C:\Windows\System\CLKxfGM.exe
  C:\Windows\System\CLKxfGM.exe
  2⤵
  PID:3256
- C:\Windows\System\rSzRHhA.exe
  C:\Windows\System\rSzRHhA.exe
  2⤵
  PID:3276
- C:\Windows\System\VqtCfGw.exe
  C:\Windows\System\VqtCfGw.exe
  2⤵
  PID:3296
- C:\Windows\System\mKEKdbh.exe
  C:\Windows\System\mKEKdbh.exe
  2⤵
  PID:3312
- C:\Windows\System\dVKJCqh.exe
  C:\Windows\System\dVKJCqh.exe
  2⤵
  PID:3344
- C:\Windows\System\aHCOkTS.exe
  C:\Windows\System\aHCOkTS.exe
  2⤵
  PID:3360
- C:\Windows\System\QFQIEab.exe
  C:\Windows\System\QFQIEab.exe
  2⤵
  PID:3376
- C:\Windows\System\UySCryG.exe
  C:\Windows\System\UySCryG.exe
  2⤵
  PID:3400
- C:\Windows\System\KWLOVmL.exe
  C:\Windows\System\KWLOVmL.exe
  2⤵
  PID:3420
- C:\Windows\System\TsmUAUA.exe
  C:\Windows\System\TsmUAUA.exe
  2⤵
  PID:3444
- C:\Windows\System\LoSnmnU.exe
  C:\Windows\System\LoSnmnU.exe
  2⤵
  PID:3460
- C:\Windows\System\CjReYNF.exe
  C:\Windows\System\CjReYNF.exe
  2⤵
  PID:3476
- C:\Windows\System\sLnncJm.exe
  C:\Windows\System\sLnncJm.exe
  2⤵
  PID:3496
- C:\Windows\System\mJWkJih.exe
  C:\Windows\System\mJWkJih.exe
  2⤵
  PID:3512
- C:\Windows\System\PxQKPyM.exe
  C:\Windows\System\PxQKPyM.exe
  2⤵
  PID:3528
- C:\Windows\System\wuXPvSW.exe
  C:\Windows\System\wuXPvSW.exe
  2⤵
  PID:3552
- C:\Windows\System\FjDxzty.exe
  C:\Windows\System\FjDxzty.exe
  2⤵
  PID:3576
- C:\Windows\System\BEHYfcs.exe
  C:\Windows\System\BEHYfcs.exe
  2⤵
  PID:3596
- C:\Windows\System\EhHzKpv.exe
  C:\Windows\System\EhHzKpv.exe
  2⤵
  PID:3620
- C:\Windows\System\nZfynPk.exe
  C:\Windows\System\nZfynPk.exe
  2⤵
  PID:3644
- C:\Windows\System\mPOgvQz.exe
  C:\Windows\System\mPOgvQz.exe
  2⤵
  PID:3664
- C:\Windows\System\dITIdsI.exe
  C:\Windows\System\dITIdsI.exe
  2⤵
  PID:3680
- C:\Windows\System\jkEcyCe.exe
  C:\Windows\System\jkEcyCe.exe
  2⤵
  PID:3700
- C:\Windows\System\qJEJcUr.exe
  C:\Windows\System\qJEJcUr.exe
  2⤵
  PID:3716
- C:\Windows\System\EzgqXQx.exe
  C:\Windows\System\EzgqXQx.exe
  2⤵
  PID:3732
- C:\Windows\System\ZqjdxOS.exe
  C:\Windows\System\ZqjdxOS.exe
  2⤵
  PID:3768
- C:\Windows\System\dlPMAWl.exe
  C:\Windows\System\dlPMAWl.exe
  2⤵
  PID:3784
- C:\Windows\System\uwaQaHF.exe
  C:\Windows\System\uwaQaHF.exe
  2⤵
  PID:3800
- C:\Windows\System\JoAlCsg.exe
  C:\Windows\System\JoAlCsg.exe
  2⤵
  PID:3820
- C:\Windows\System\fZDFbuZ.exe
  C:\Windows\System\fZDFbuZ.exe
  2⤵
  PID:3836
- C:\Windows\System\GIgvOZC.exe
  C:\Windows\System\GIgvOZC.exe
  2⤵
  PID:3864
- C:\Windows\System\mYTaLDq.exe
  C:\Windows\System\mYTaLDq.exe
  2⤵
  PID:3884
- C:\Windows\System\IBVsYqH.exe
  C:\Windows\System\IBVsYqH.exe
  2⤵
  PID:3908
- C:\Windows\System\pFrRikP.exe
  C:\Windows\System\pFrRikP.exe
  2⤵
  PID:3924
- C:\Windows\System\wkwUZSu.exe
  C:\Windows\System\wkwUZSu.exe
  2⤵
  PID:3940
- C:\Windows\System\kUdEkGc.exe
  C:\Windows\System\kUdEkGc.exe
  2⤵
  PID:3956
- C:\Windows\System\plIoOAT.exe
  C:\Windows\System\plIoOAT.exe
  2⤵
  PID:3988
- C:\Windows\System\AMYhGRz.exe
  C:\Windows\System\AMYhGRz.exe
  2⤵
  PID:4008
- C:\Windows\System\MGJdHBs.exe
  C:\Windows\System\MGJdHBs.exe
  2⤵
  PID:4024
- C:\Windows\System\uceNLxb.exe
  C:\Windows\System\uceNLxb.exe
  2⤵
  PID:4040
- C:\Windows\System\GamCMMv.exe
  C:\Windows\System\GamCMMv.exe
  2⤵
  PID:4056
- C:\Windows\System\qzRjYVP.exe
  C:\Windows\System\qzRjYVP.exe
  2⤵
  PID:4088
- C:\Windows\System\ntGpKwq.exe
  C:\Windows\System\ntGpKwq.exe
  2⤵
  PID:528
- C:\Windows\System\FDrEZnW.exe
  C:\Windows\System\FDrEZnW.exe
  2⤵
  PID:3084
- C:\Windows\System\xfzQAap.exe
  C:\Windows\System\xfzQAap.exe
  2⤵
  PID:3112
- C:\Windows\System\Tzlcfwe.exe
  C:\Windows\System\Tzlcfwe.exe
  2⤵
  PID:3132
- C:\Windows\System\WPSudih.exe
  C:\Windows\System\WPSudih.exe
  2⤵
  PID:3164
- C:\Windows\System\XOmAJON.exe
  C:\Windows\System\XOmAJON.exe
  2⤵
  PID:3184
- C:\Windows\System\GjbRTVb.exe
  C:\Windows\System\GjbRTVb.exe
  2⤵
  PID:3216
- C:\Windows\System\RnxEWyX.exe
  C:\Windows\System\RnxEWyX.exe
  2⤵
  PID:3268
- C:\Windows\System\jPxUzMN.exe
  C:\Windows\System\jPxUzMN.exe
  2⤵
  PID:3284
- C:\Windows\System\BGuMqTZ.exe
  C:\Windows\System\BGuMqTZ.exe
  2⤵
  PID:3328
- C:\Windows\System\JSrXOOd.exe
  C:\Windows\System\JSrXOOd.exe
  2⤵
  PID:3356
- C:\Windows\System\AQgoHzf.exe
  C:\Windows\System\AQgoHzf.exe
  2⤵
  PID:3384
- C:\Windows\System\gScDJYG.exe
  C:\Windows\System\gScDJYG.exe
  2⤵
  PID:3412
- C:\Windows\System\OOKiyNP.exe
  C:\Windows\System\OOKiyNP.exe
  2⤵
  PID:3452
- C:\Windows\System\IOQqpUs.exe
  C:\Windows\System\IOQqpUs.exe
  2⤵
  PID:3504
- C:\Windows\System\dQcklzo.exe
  C:\Windows\System\dQcklzo.exe
  2⤵
  PID:3548
- C:\Windows\System\RDBvLbj.exe
  C:\Windows\System\RDBvLbj.exe
  2⤵
  PID:3492
- C:\Windows\System\AABGRfT.exe
  C:\Windows\System\AABGRfT.exe
  2⤵
  PID:3564
- C:\Windows\System\PnNemRV.exe
  C:\Windows\System\PnNemRV.exe
  2⤵
  PID:3572
- C:\Windows\System\SlymCoY.exe
  C:\Windows\System\SlymCoY.exe
  2⤵
  PID:3632
- C:\Windows\System\niypazM.exe
  C:\Windows\System\niypazM.exe
  2⤵
  PID:3672
- C:\Windows\System\UidbEfB.exe
  C:\Windows\System\UidbEfB.exe
  2⤵
  PID:3740
- C:\Windows\System\JLTsEuE.exe
  C:\Windows\System\JLTsEuE.exe
  2⤵
  PID:3728
- C:\Windows\System\FQaiNEB.exe
  C:\Windows\System\FQaiNEB.exe
  2⤵
  PID:3792
- C:\Windows\System\qygvkKv.exe
  C:\Windows\System\qygvkKv.exe
  2⤵
  PID:3872
- C:\Windows\System\jqijatx.exe
  C:\Windows\System\jqijatx.exe
  2⤵
  PID:3816
- C:\Windows\System\gzEtpDh.exe
  C:\Windows\System\gzEtpDh.exe
  2⤵
  PID:3848
- C:\Windows\System\bRPmHMa.exe
  C:\Windows\System\bRPmHMa.exe
  2⤵
  PID:3920
- C:\Windows\System\xYfwewb.exe
  C:\Windows\System\xYfwewb.exe
  2⤵
  PID:3936
- C:\Windows\System\myaksFA.exe
  C:\Windows\System\myaksFA.exe
  2⤵
  PID:3996
- C:\Windows\System\OvZTbAF.exe
  C:\Windows\System\OvZTbAF.exe
  2⤵
  PID:4036
- C:\Windows\System\iZSbrVL.exe
  C:\Windows\System\iZSbrVL.exe
  2⤵
  PID:4072
- C:\Windows\System\NQaUyRi.exe
  C:\Windows\System\NQaUyRi.exe
  2⤵
  PID:2404
- C:\Windows\System\IUaLyWy.exe
  C:\Windows\System\IUaLyWy.exe
  2⤵
  PID:3080
- C:\Windows\System\vFKjGoV.exe
  C:\Windows\System\vFKjGoV.exe
  2⤵
  PID:3108
- C:\Windows\System\LMAVjLD.exe
  C:\Windows\System\LMAVjLD.exe
  2⤵
  PID:3220
- C:\Windows\System\lHzfpaU.exe
  C:\Windows\System\lHzfpaU.exe
  2⤵
  PID:3288
- C:\Windows\System\lfrSOmF.exe
  C:\Windows\System\lfrSOmF.exe
  2⤵
  PID:3292
- C:\Windows\System\dUzgPCA.exe
  C:\Windows\System\dUzgPCA.exe
  2⤵
  PID:3368
- C:\Windows\System\TRkJkuS.exe
  C:\Windows\System\TRkJkuS.exe
  2⤵
  PID:3440
- C:\Windows\System\vbCcHUV.exe
  C:\Windows\System\vbCcHUV.exe
  2⤵
  PID:3472
- C:\Windows\System\CBSyGSX.exe
  C:\Windows\System\CBSyGSX.exe
  2⤵
  PID:3456
- C:\Windows\System\GbvPVHV.exe
  C:\Windows\System\GbvPVHV.exe
  2⤵
  PID:3588
- C:\Windows\System\VOZEZhQ.exe
  C:\Windows\System\VOZEZhQ.exe
  2⤵
  PID:3612
- C:\Windows\System\EOJVbUi.exe
  C:\Windows\System\EOJVbUi.exe
  2⤵
  PID:2900
- C:\Windows\System\UhCdQkV.exe
  C:\Windows\System\UhCdQkV.exe
  2⤵
  PID:3640
- C:\Windows\System\vUOhZTO.exe
  C:\Windows\System\vUOhZTO.exe
  2⤵
  PID:3724
- C:\Windows\System\jutQGqN.exe
  C:\Windows\System\jutQGqN.exe
  2⤵
  PID:3776
- C:\Windows\System\YmaAUOR.exe
  C:\Windows\System\YmaAUOR.exe
  2⤵
  PID:3808
- C:\Windows\System\nnWxGzN.exe
  C:\Windows\System\nnWxGzN.exe
  2⤵
  PID:3904
- C:\Windows\System\RxTFwSG.exe
  C:\Windows\System\RxTFwSG.exe
  2⤵
  PID:3980
- C:\Windows\System\yzpCVFq.exe
  C:\Windows\System\yzpCVFq.exe
  2⤵
  PID:4000
- C:\Windows\System\mcQMyjK.exe
  C:\Windows\System\mcQMyjK.exe
  2⤵
  PID:4076
- C:\Windows\System\UeecVSu.exe
  C:\Windows\System\UeecVSu.exe
  2⤵
  PID:3100
- C:\Windows\System\TpPvKlV.exe
  C:\Windows\System\TpPvKlV.exe
  2⤵
  PID:3204
- C:\Windows\System\SfpgUoU.exe
  C:\Windows\System\SfpgUoU.exe
  2⤵
  PID:3236
- C:\Windows\System\jbdXQuk.exe
  C:\Windows\System\jbdXQuk.exe
  2⤵
  PID:3340
- C:\Windows\System\IcGLhhI.exe
  C:\Windows\System\IcGLhhI.exe
  2⤵
  PID:3428
- C:\Windows\System\TZqERXM.exe
  C:\Windows\System\TZqERXM.exe
  2⤵
  PID:1728
- C:\Windows\System\xsJoqYB.exe
  C:\Windows\System\xsJoqYB.exe
  2⤵
  PID:3584
- C:\Windows\System\jycIVxb.exe
  C:\Windows\System\jycIVxb.exe
  2⤵
  PID:2264
- C:\Windows\System\dsAlfQU.exe
  C:\Windows\System\dsAlfQU.exe
  2⤵
  PID:3712
- C:\Windows\System\ALbxRgx.exe
  C:\Windows\System\ALbxRgx.exe
  2⤵
  PID:3856
- C:\Windows\System\SXxHZRP.exe
  C:\Windows\System\SXxHZRP.exe
  2⤵
  PID:3860
- C:\Windows\System\kaWeeBJ.exe
  C:\Windows\System\kaWeeBJ.exe
  2⤵
  PID:3932
- C:\Windows\System\wiKtkEJ.exe
  C:\Windows\System\wiKtkEJ.exe
  2⤵
  PID:1868
- C:\Windows\System\uYMGwhX.exe
  C:\Windows\System\uYMGwhX.exe
  2⤵
  PID:3308
- C:\Windows\System\GCYewxc.exe
  C:\Windows\System\GCYewxc.exe
  2⤵
  PID:3764
- C:\Windows\System\gXShAVP.exe
  C:\Windows\System\gXShAVP.exe
  2⤵
  PID:2484
- C:\Windows\System\nkGWltB.exe
  C:\Windows\System\nkGWltB.exe
  2⤵
  PID:3748
- C:\Windows\System\SyouZVr.exe
  C:\Windows\System\SyouZVr.exe
  2⤵
  PID:3540
- C:\Windows\System\dZesXRN.exe
  C:\Windows\System\dZesXRN.exe
  2⤵
  PID:3900
- C:\Windows\System\kVynSTu.exe
  C:\Windows\System\kVynSTu.exe
  2⤵
  PID:3952
- C:\Windows\System\rfPOkMk.exe
  C:\Windows\System\rfPOkMk.exe
  2⤵
  PID:3120
- C:\Windows\System\MnEiRko.exe
  C:\Windows\System\MnEiRko.exe
  2⤵
  PID:3560
- C:\Windows\System\cvWwkjo.exe
  C:\Windows\System\cvWwkjo.exe
  2⤵
  PID:3408
- C:\Windows\System\HkFzOPe.exe
  C:\Windows\System\HkFzOPe.exe
  2⤵
  PID:3812
- C:\Windows\System\CqeoVlg.exe
  C:\Windows\System\CqeoVlg.exe
  2⤵
  PID:3972
- C:\Windows\System\xQdwCNR.exe
  C:\Windows\System\xQdwCNR.exe
  2⤵
  PID:3708
- C:\Windows\System\wOWzgqc.exe
  C:\Windows\System\wOWzgqc.exe
  2⤵
  PID:4068
- C:\Windows\System\zyYfzJr.exe
  C:\Windows\System\zyYfzJr.exe
  2⤵
  PID:3484
- C:\Windows\System\edpHiiJ.exe
  C:\Windows\System\edpHiiJ.exe
  2⤵
  PID:3880
- C:\Windows\System\BWawPnm.exe
  C:\Windows\System\BWawPnm.exe
  2⤵
  PID:3304
- C:\Windows\System\aOiYbtY.exe
  C:\Windows\System\aOiYbtY.exe
  2⤵
  PID:4116
- C:\Windows\System\gIrPvhr.exe
  C:\Windows\System\gIrPvhr.exe
  2⤵
  PID:4140
- C:\Windows\System\FxIRvIa.exe
  C:\Windows\System\FxIRvIa.exe
  2⤵
  PID:4164
- C:\Windows\System\VJyQwoE.exe
  C:\Windows\System\VJyQwoE.exe
  2⤵
  PID:4184
- C:\Windows\System\UmcIjJq.exe
  C:\Windows\System\UmcIjJq.exe
  2⤵
  PID:4208
- C:\Windows\System\nRjAanB.exe
  C:\Windows\System\nRjAanB.exe
  2⤵
  PID:4224
- C:\Windows\System\xmStbRl.exe
  C:\Windows\System\xmStbRl.exe
  2⤵
  PID:4244
- C:\Windows\System\SXeBxMQ.exe
  C:\Windows\System\SXeBxMQ.exe
  2⤵
  PID:4260
- C:\Windows\System\vLlkfao.exe
  C:\Windows\System\vLlkfao.exe
  2⤵
  PID:4280
- C:\Windows\System\XjMGoCO.exe
  C:\Windows\System\XjMGoCO.exe
  2⤵
  PID:4308
- C:\Windows\System\XRmWDgv.exe
  C:\Windows\System\XRmWDgv.exe
  2⤵
  PID:4324
- C:\Windows\System\AsYxrYP.exe
  C:\Windows\System\AsYxrYP.exe
  2⤵
  PID:4344
- C:\Windows\System\abAPRgJ.exe
  C:\Windows\System\abAPRgJ.exe
  2⤵
  PID:4360
- C:\Windows\System\uumhTbu.exe
  C:\Windows\System\uumhTbu.exe
  2⤵
  PID:4380
- C:\Windows\System\fmuSHmn.exe
  C:\Windows\System\fmuSHmn.exe
  2⤵
  PID:4408
- C:\Windows\System\ZtRLGge.exe
  C:\Windows\System\ZtRLGge.exe
  2⤵
  PID:4424
- C:\Windows\System\nGuRScA.exe
  C:\Windows\System\nGuRScA.exe
  2⤵
  PID:4440
- C:\Windows\System\nhYDaAs.exe
  C:\Windows\System\nhYDaAs.exe
  2⤵
  PID:4460
- C:\Windows\System\hCblWIF.exe
  C:\Windows\System\hCblWIF.exe
  2⤵
  PID:4480
- C:\Windows\System\mpqmjpK.exe
  C:\Windows\System\mpqmjpK.exe
  2⤵
  PID:4504
- C:\Windows\System\OiUXBvM.exe
  C:\Windows\System\OiUXBvM.exe
  2⤵
  PID:4520
- C:\Windows\System\qhZNxYZ.exe
  C:\Windows\System\qhZNxYZ.exe
  2⤵
  PID:4548
- C:\Windows\System\vjujDYV.exe
  C:\Windows\System\vjujDYV.exe
  2⤵
  PID:4568
- C:\Windows\System\MBUSRnd.exe
  C:\Windows\System\MBUSRnd.exe
  2⤵
  PID:4584
- C:\Windows\System\cHcrzjC.exe
  C:\Windows\System\cHcrzjC.exe
  2⤵
  PID:4600
- C:\Windows\System\mhxUXVC.exe
  C:\Windows\System\mhxUXVC.exe
  2⤵
  PID:4620
- C:\Windows\System\xhwNNwB.exe
  C:\Windows\System\xhwNNwB.exe
  2⤵
  PID:4644
- C:\Windows\System\TzmeCVY.exe
  C:\Windows\System\TzmeCVY.exe
  2⤵
  PID:4660
- C:\Windows\System\PPgIncr.exe
  C:\Windows\System\PPgIncr.exe
  2⤵
  PID:4676
- C:\Windows\System\qiRgsWP.exe
  C:\Windows\System\qiRgsWP.exe
  2⤵
  PID:4696
- C:\Windows\System\FqffgeS.exe
  C:\Windows\System\FqffgeS.exe
  2⤵
  PID:4712
- C:\Windows\System\xXytQht.exe
  C:\Windows\System\xXytQht.exe
  2⤵
  PID:4732
- C:\Windows\System\TkHWkaV.exe
  C:\Windows\System\TkHWkaV.exe
  2⤵
  PID:4756
- C:\Windows\System\wprrpUq.exe
  C:\Windows\System\wprrpUq.exe
  2⤵
  PID:4772
- C:\Windows\System\oCpKlxw.exe
  C:\Windows\System\oCpKlxw.exe
  2⤵
  PID:4796
- C:\Windows\System\wUHoELc.exe
  C:\Windows\System\wUHoELc.exe
  2⤵
  PID:4816
- C:\Windows\System\TdSlqXt.exe
  C:\Windows\System\TdSlqXt.exe
  2⤵
  PID:4840
- C:\Windows\System\KeSWgHh.exe
  C:\Windows\System\KeSWgHh.exe
  2⤵
  PID:4856
- C:\Windows\System\wIJtxuD.exe
  C:\Windows\System\wIJtxuD.exe
  2⤵
  PID:4872
- C:\Windows\System\oXEwyvQ.exe
  C:\Windows\System\oXEwyvQ.exe
  2⤵
  PID:4888
- C:\Windows\System\RyCDXhs.exe
  C:\Windows\System\RyCDXhs.exe
  2⤵
  PID:4908
- C:\Windows\System\wVIhmvr.exe
  C:\Windows\System\wVIhmvr.exe
  2⤵
  PID:4952
- C:\Windows\System\wyWFIHe.exe
  C:\Windows\System\wyWFIHe.exe
  2⤵
  PID:4968
- C:\Windows\System\AtZmNNg.exe
  C:\Windows\System\AtZmNNg.exe
  2⤵
  PID:4984
- C:\Windows\System\LncMhDk.exe
  C:\Windows\System\LncMhDk.exe
  2⤵
  PID:5008
- C:\Windows\System\JqKfsVi.exe
  C:\Windows\System\JqKfsVi.exe
  2⤵
  PID:5028
- C:\Windows\System\bqXtHPU.exe
  C:\Windows\System\bqXtHPU.exe
  2⤵
  PID:5044
- C:\Windows\System\RIBgqZv.exe
  C:\Windows\System\RIBgqZv.exe
  2⤵
  PID:5064
- C:\Windows\System\vvVxyTX.exe
  C:\Windows\System\vvVxyTX.exe
  2⤵
  PID:5092
- C:\Windows\System\PXgNvjK.exe
  C:\Windows\System\PXgNvjK.exe
  2⤵
  PID:5108
- C:\Windows\System\mUKtGYS.exe
  C:\Windows\System\mUKtGYS.exe
  2⤵
  PID:3336
- C:\Windows\System\YicYeTw.exe
  C:\Windows\System\YicYeTw.exe
  2⤵
  PID:4124
- C:\Windows\System\rSlqMHb.exe
  C:\Windows\System\rSlqMHb.exe
  2⤵
  PID:4156
- C:\Windows\System\oCThSTu.exe
  C:\Windows\System\oCThSTu.exe
  2⤵
  PID:4176
- C:\Windows\System\CULaVjf.exe
  C:\Windows\System\CULaVjf.exe
  2⤵
  PID:4236
- C:\Windows\System\iGtlZep.exe
  C:\Windows\System\iGtlZep.exe
  2⤵
  PID:4272
- C:\Windows\System\LxJTSzT.exe
  C:\Windows\System\LxJTSzT.exe
  2⤵
  PID:4292
- C:\Windows\System\cLvcCyr.exe
  C:\Windows\System\cLvcCyr.exe
  2⤵
  PID:4352
- C:\Windows\System\QteSYpT.exe
  C:\Windows\System\QteSYpT.exe
  2⤵
  PID:4340
- C:\Windows\System\kPVDHUq.exe
  C:\Windows\System\kPVDHUq.exe
  2⤵
  PID:4392
- C:\Windows\System\cETEaHd.exe
  C:\Windows\System\cETEaHd.exe
  2⤵
  PID:4432
- C:\Windows\System\IHYmgYK.exe
  C:\Windows\System\IHYmgYK.exe
  2⤵
  PID:4476
- C:\Windows\System\ZbgWGkI.exe
  C:\Windows\System\ZbgWGkI.exe
  2⤵
  PID:4496
- C:\Windows\System\nEnOOmN.exe
  C:\Windows\System\nEnOOmN.exe
  2⤵
  PID:4516
- C:\Windows\System\qeuXBJy.exe
  C:\Windows\System\qeuXBJy.exe
  2⤵
  PID:4556
- C:\Windows\System\iymOTxB.exe
  C:\Windows\System\iymOTxB.exe
  2⤵
  PID:4596
- C:\Windows\System\tDTDzSR.exe
  C:\Windows\System\tDTDzSR.exe
  2⤵
  PID:4640
- C:\Windows\System\uHjlvJh.exe
  C:\Windows\System\uHjlvJh.exe
  2⤵
  PID:4708
- C:\Windows\System\fZjYkBn.exe
  C:\Windows\System\fZjYkBn.exe
  2⤵
  PID:4752
- C:\Windows\System\HOCIcQF.exe
  C:\Windows\System\HOCIcQF.exe
  2⤵
  PID:4788
- C:\Windows\System\FOgWfUk.exe
  C:\Windows\System\FOgWfUk.exe
  2⤵
  PID:4616
- C:\Windows\System\yywkyfp.exe
  C:\Windows\System\yywkyfp.exe
  2⤵
  PID:4804
- C:\Windows\System\nayrMBp.exe
  C:\Windows\System\nayrMBp.exe
  2⤵
  PID:4768
- C:\Windows\System\afveEWm.exe
  C:\Windows\System\afveEWm.exe
  2⤵
  PID:4924
- C:\Windows\System\wjbUXvZ.exe
  C:\Windows\System\wjbUXvZ.exe
  2⤵
  PID:4940
- C:\Windows\System\GeChOTe.exe
  C:\Windows\System\GeChOTe.exe
  2⤵
  PID:4868
- C:\Windows\System\HOIqrKs.exe
  C:\Windows\System\HOIqrKs.exe
  2⤵
  PID:4964
- C:\Windows\System\CDnRNek.exe
  C:\Windows\System\CDnRNek.exe
  2⤵
  PID:5004
- C:\Windows\System\PEFqzhI.exe
  C:\Windows\System\PEFqzhI.exe
  2⤵
  PID:5036
- C:\Windows\System\GMITake.exe
  C:\Windows\System\GMITake.exe
  2⤵
  PID:5056
- C:\Windows\System\ifAVGiG.exe
  C:\Windows\System\ifAVGiG.exe
  2⤵
  PID:5088
- C:\Windows\System\XIGouVI.exe
  C:\Windows\System\XIGouVI.exe
  2⤵
  PID:5100
- C:\Windows\System\ErfLEKY.exe
  C:\Windows\System\ErfLEKY.exe
  2⤵
  PID:3696
- C:\Windows\System\NQPJVnN.exe
  C:\Windows\System\NQPJVnN.exe
  2⤵
  PID:4216
- C:\Windows\System\mBqjEGK.exe
  C:\Windows\System\mBqjEGK.exe
  2⤵
  PID:4252
- C:\Windows\System\wRklwFo.exe
  C:\Windows\System\wRklwFo.exe
  2⤵
  PID:4368
- C:\Windows\System\wpxBkJI.exe
  C:\Windows\System\wpxBkJI.exe
  2⤵
  PID:4320
- C:\Windows\System\KyVAdMg.exe
  C:\Windows\System\KyVAdMg.exe
  2⤵
  PID:4404
- C:\Windows\System\jmGrtOK.exe
  C:\Windows\System\jmGrtOK.exe
  2⤵
  PID:4468
- C:\Windows\System\awTcqJj.exe
  C:\Windows\System\awTcqJj.exe
  2⤵
  PID:4536
- C:\Windows\System\dnjNThr.exe
  C:\Windows\System\dnjNThr.exe
  2⤵
  PID:4528
- C:\Windows\System\suMwuKJ.exe
  C:\Windows\System\suMwuKJ.exe
  2⤵
  PID:4628
- C:\Windows\System\fUyqCoy.exe
  C:\Windows\System\fUyqCoy.exe
  2⤵
  PID:4672
- C:\Windows\System\vZYfhXG.exe
  C:\Windows\System\vZYfhXG.exe
  2⤵
  PID:4780
- C:\Windows\System\xvnqKjM.exe
  C:\Windows\System\xvnqKjM.exe
  2⤵
  PID:4688
- C:\Windows\System\ThVItkT.exe
  C:\Windows\System\ThVItkT.exe
  2⤵
  PID:4864
- C:\Windows\System\cbxKdnW.exe
  C:\Windows\System\cbxKdnW.exe
  2⤵
  PID:4976
- C:\Windows\System\nazYrAH.exe
  C:\Windows\System\nazYrAH.exe
  2⤵
  PID:5072
- C:\Windows\System\oOgzapR.exe
  C:\Windows\System\oOgzapR.exe
  2⤵
  PID:4148
- C:\Windows\System\JdCHIDu.exe
  C:\Windows\System\JdCHIDu.exe
  2⤵
  PID:5104
- C:\Windows\System\pNQQWEn.exe
  C:\Windows\System\pNQQWEn.exe
  2⤵
  PID:4256
- C:\Windows\System\nWLoOpk.exe
  C:\Windows\System\nWLoOpk.exe
  2⤵
  PID:4300
- C:\Windows\System\yNegUPL.exe
  C:\Windows\System\yNegUPL.exe
  2⤵
  PID:4512
- C:\Windows\System\EjWjwfC.exe
  C:\Windows\System\EjWjwfC.exe
  2⤵
  PID:4740
- C:\Windows\System\xrIdoKm.exe
  C:\Windows\System\xrIdoKm.exe
  2⤵
  PID:4824
- C:\Windows\System\KaGkONW.exe
  C:\Windows\System\KaGkONW.exe
  2⤵
  PID:4828
- C:\Windows\System\WjcYiPv.exe
  C:\Windows\System\WjcYiPv.exe
  2⤵
  PID:4720
- C:\Windows\System\ujSFQWe.exe
  C:\Windows\System\ujSFQWe.exe
  2⤵
  PID:4852
- C:\Windows\System\kIaDAoF.exe
  C:\Windows\System\kIaDAoF.exe
  2⤵
  PID:4960
- C:\Windows\System\VoPbqDp.exe
  C:\Windows\System\VoPbqDp.exe
  2⤵
  PID:5020
- C:\Windows\System\wPiygdz.exe
  C:\Windows\System\wPiygdz.exe
  2⤵
  PID:4416
- C:\Windows\System\ParRRRu.exe
  C:\Windows\System\ParRRRu.exe
  2⤵
  PID:4784
- C:\Windows\System\UftDIVl.exe
  C:\Windows\System\UftDIVl.exe
  2⤵
  PID:4684
- C:\Windows\System\LEjndLM.exe
  C:\Windows\System\LEjndLM.exe
  2⤵
  PID:4904
- C:\Windows\System\lLSvgUS.exe
  C:\Windows\System\lLSvgUS.exe
  2⤵
  PID:5000
- C:\Windows\System\rziAOYI.exe
  C:\Windows\System\rziAOYI.exe
  2⤵
  PID:4192
- C:\Windows\System\dBqFLMV.exe
  C:\Windows\System\dBqFLMV.exe
  2⤵
  PID:4544
- C:\Windows\System\wWIvYMr.exe
  C:\Windows\System\wWIvYMr.exe
  2⤵
  PID:4608
- C:\Windows\System\WDcshZa.exe
  C:\Windows\System\WDcshZa.exe
  2⤵
  PID:4132
- C:\Windows\System\ncGHmdg.exe
  C:\Windows\System\ncGHmdg.exe
  2⤵
  PID:4316
- C:\Windows\System\MKrGNoM.exe
  C:\Windows\System\MKrGNoM.exe
  2⤵
  PID:4936
- C:\Windows\System\SbMTYvL.exe
  C:\Windows\System\SbMTYvL.exe
  2⤵
  PID:4200
- C:\Windows\System\COungrI.exe
  C:\Windows\System\COungrI.exe
  2⤵
  PID:5080
- C:\Windows\System\XneQLvn.exe
  C:\Windows\System\XneQLvn.exe
  2⤵
  PID:5132
- C:\Windows\System\xgpqnHi.exe
  C:\Windows\System\xgpqnHi.exe
  2⤵
  PID:5148
- C:\Windows\System\pTLKJoj.exe
  C:\Windows\System\pTLKJoj.exe
  2⤵
  PID:5168
- C:\Windows\System\RuQPlpc.exe
  C:\Windows\System\RuQPlpc.exe
  2⤵
  PID:5192
- C:\Windows\System\PRpYtup.exe
  C:\Windows\System\PRpYtup.exe
  2⤵
  PID:5212
- C:\Windows\System\sVbFMjT.exe
  C:\Windows\System\sVbFMjT.exe
  2⤵
  PID:5232
- C:\Windows\System\KOkgrov.exe
  C:\Windows\System\KOkgrov.exe
  2⤵
  PID:5252
- C:\Windows\System\lfOUxEi.exe
  C:\Windows\System\lfOUxEi.exe
  2⤵
  PID:5272
- C:\Windows\System\NebwNlZ.exe
  C:\Windows\System\NebwNlZ.exe
  2⤵
  PID:5292
- C:\Windows\System\kBpJMHg.exe
  C:\Windows\System\kBpJMHg.exe
  2⤵
  PID:5312
- C:\Windows\System\qeBoQSP.exe
  C:\Windows\System\qeBoQSP.exe
  2⤵
  PID:5332
- C:\Windows\System\JQcXWyQ.exe
  C:\Windows\System\JQcXWyQ.exe
  2⤵
  PID:5352
- C:\Windows\System\GUevMJk.exe
  C:\Windows\System\GUevMJk.exe
  2⤵
  PID:5368
- C:\Windows\System\atUhfIU.exe
  C:\Windows\System\atUhfIU.exe
  2⤵
  PID:5384
- C:\Windows\System\KEhTwYR.exe
  C:\Windows\System\KEhTwYR.exe
  2⤵
  PID:5404
- C:\Windows\System\jvftbPR.exe
  C:\Windows\System\jvftbPR.exe
  2⤵
  PID:5436
- C:\Windows\System\mAmfFNc.exe
  C:\Windows\System\mAmfFNc.exe
  2⤵
  PID:5452
- C:\Windows\System\GOiycjb.exe
  C:\Windows\System\GOiycjb.exe
  2⤵
  PID:5476
- C:\Windows\System\dXjxkql.exe
  C:\Windows\System\dXjxkql.exe
  2⤵
  PID:5492
- C:\Windows\System\cvhISOp.exe
  C:\Windows\System\cvhISOp.exe
  2⤵
  PID:5508
- C:\Windows\System\GJICkUH.exe
  C:\Windows\System\GJICkUH.exe
  2⤵
  PID:5532
- C:\Windows\System\BbmpAVD.exe
  C:\Windows\System\BbmpAVD.exe
  2⤵
  PID:5552
- C:\Windows\System\nkbLGph.exe
  C:\Windows\System\nkbLGph.exe
  2⤵
  PID:5572
- C:\Windows\System\yXXhGAJ.exe
  C:\Windows\System\yXXhGAJ.exe
  2⤵
  PID:5596
- C:\Windows\System\kXuRPfT.exe
  C:\Windows\System\kXuRPfT.exe
  2⤵
  PID:5620
- C:\Windows\System\kbPVfId.exe
  C:\Windows\System\kbPVfId.exe
  2⤵
  PID:5644
- C:\Windows\System\RsXlICk.exe
  C:\Windows\System\RsXlICk.exe
  2⤵
  PID:5660
- C:\Windows\System\vTOhQYr.exe
  C:\Windows\System\vTOhQYr.exe
  2⤵
  PID:5684
- C:\Windows\System\iBGynBc.exe
  C:\Windows\System\iBGynBc.exe
  2⤵
  PID:5700
- C:\Windows\System\cgwKlWZ.exe
  C:\Windows\System\cgwKlWZ.exe
  2⤵
  PID:5716
- C:\Windows\System\KYnBcDc.exe
  C:\Windows\System\KYnBcDc.exe
  2⤵
  PID:5732
- C:\Windows\System\UklAeSH.exe
  C:\Windows\System\UklAeSH.exe
  2⤵
  PID:5752
- C:\Windows\System\tZVstGi.exe
  C:\Windows\System\tZVstGi.exe
  2⤵
  PID:5772
- C:\Windows\System\FBVpMTi.exe
  C:\Windows\System\FBVpMTi.exe
  2⤵
  PID:5800
- C:\Windows\System\PmAikFc.exe
  C:\Windows\System\PmAikFc.exe
  2⤵
  PID:5816
- C:\Windows\System\hMsHPSp.exe
  C:\Windows\System\hMsHPSp.exe
  2⤵
  PID:5832
- C:\Windows\System\xNhETwr.exe
  C:\Windows\System\xNhETwr.exe
  2⤵
  PID:5860
- C:\Windows\System\dNvyKlJ.exe
  C:\Windows\System\dNvyKlJ.exe
  2⤵
  PID:5876
- C:\Windows\System\HLxusaD.exe
  C:\Windows\System\HLxusaD.exe
  2⤵
  PID:5900
- C:\Windows\System\TnsMQSr.exe
  C:\Windows\System\TnsMQSr.exe
  2⤵
  PID:5920
- C:\Windows\System\AKGLsGh.exe
  C:\Windows\System\AKGLsGh.exe
  2⤵
  PID:5944
- C:\Windows\System\tpVQOjc.exe
  C:\Windows\System\tpVQOjc.exe
  2⤵
  PID:5960
- C:\Windows\System\QuUdQbl.exe
  C:\Windows\System\QuUdQbl.exe
  2⤵
  PID:5988
- C:\Windows\System\hHGAfxn.exe
  C:\Windows\System\hHGAfxn.exe
  2⤵
  PID:6008
- C:\Windows\System\YGUGipS.exe
  C:\Windows\System\YGUGipS.exe
  2⤵
  PID:6024
- C:\Windows\System\vPlPzbi.exe
  C:\Windows\System\vPlPzbi.exe
  2⤵
  PID:6044
- C:\Windows\System\tDzglNq.exe
  C:\Windows\System\tDzglNq.exe
  2⤵
  PID:6064
- C:\Windows\System\XyvLacy.exe
  C:\Windows\System\XyvLacy.exe
  2⤵
  PID:6088
- C:\Windows\System\kGBqqdg.exe
  C:\Windows\System\kGBqqdg.exe
  2⤵
  PID:6104
- C:\Windows\System\fKpkawS.exe
  C:\Windows\System\fKpkawS.exe
  2⤵
  PID:6120
- C:\Windows\System\bpjHypH.exe
  C:\Windows\System\bpjHypH.exe
  2⤵
  PID:4724
- C:\Windows\System\iosABhG.exe
  C:\Windows\System\iosABhG.exe
  2⤵
  PID:5144
- C:\Windows\System\RSoeeGS.exe
  C:\Windows\System\RSoeeGS.exe
  2⤵
  PID:5188
- C:\Windows\System\cWFgMcl.exe
  C:\Windows\System\cWFgMcl.exe
  2⤵
  PID:5200
- C:\Windows\System\gmtTNeO.exe
  C:\Windows\System\gmtTNeO.exe
  2⤵
  PID:5240
- C:\Windows\System\foyBLBE.exe
  C:\Windows\System\foyBLBE.exe
  2⤵
  PID:5268
- C:\Windows\System\PculpEJ.exe
  C:\Windows\System\PculpEJ.exe
  2⤵
  PID:5308
- C:\Windows\System\lslJZbA.exe
  C:\Windows\System\lslJZbA.exe
  2⤵
  PID:5340
- C:\Windows\System\OQSlLBD.exe
  C:\Windows\System\OQSlLBD.exe
  2⤵
  PID:5376
- C:\Windows\System\XmQPMdl.exe
  C:\Windows\System\XmQPMdl.exe
  2⤵
  PID:5364
- C:\Windows\System\LFnNIwe.exe
  C:\Windows\System\LFnNIwe.exe
  2⤵
  PID:5428
- C:\Windows\System\yFKhtCb.exe
  C:\Windows\System\yFKhtCb.exe
  2⤵
  PID:5468
- C:\Windows\System\dDnnWew.exe
  C:\Windows\System\dDnnWew.exe
  2⤵
  PID:5516
- C:\Windows\System\XmvUGEr.exe
  C:\Windows\System\XmvUGEr.exe
  2⤵
  PID:5520
- C:\Windows\System\TXWDmnJ.exe
  C:\Windows\System\TXWDmnJ.exe
  2⤵
  PID:5588
- C:\Windows\System\jISevVU.exe
  C:\Windows\System\jISevVU.exe
  2⤵
  PID:5612
- C:\Windows\System\sqPoVMe.exe
  C:\Windows\System\sqPoVMe.exe
  2⤵
  PID:5608
- C:\Windows\System\WxbtwIX.exe
  C:\Windows\System\WxbtwIX.exe
  2⤵
  PID:5672
- C:\Windows\System\mYqxNqc.exe
  C:\Windows\System\mYqxNqc.exe
  2⤵
  PID:5740
- C:\Windows\System\KTTOMxB.exe
  C:\Windows\System\KTTOMxB.exe
  2⤵
  PID:5792
- C:\Windows\System\CSvLCqq.exe
  C:\Windows\System\CSvLCqq.exe
  2⤵
  PID:5760
- C:\Windows\System\LOJgzTa.exe
  C:\Windows\System\LOJgzTa.exe
  2⤵
  PID:5868
- C:\Windows\System\UVoJSXq.exe
  C:\Windows\System\UVoJSXq.exe
  2⤵
  PID:5812
- C:\Windows\System\SBxQLQe.exe
  C:\Windows\System\SBxQLQe.exe
  2⤵
  PID:5884
- C:\Windows\System\NNRYJsP.exe
  C:\Windows\System\NNRYJsP.exe
  2⤵
  PID:5928
- C:\Windows\System\WeeTcGI.exe
  C:\Windows\System\WeeTcGI.exe
  2⤵
  PID:5940
- C:\Windows\System\xtUCzNN.exe
  C:\Windows\System\xtUCzNN.exe
  2⤵
  PID:5976
- C:\Windows\System\seVOOQF.exe
  C:\Windows\System\seVOOQF.exe
  2⤵
  PID:6036
- C:\Windows\System\oNwqnul.exe
  C:\Windows\System\oNwqnul.exe
  2⤵
  PID:6060
- C:\Windows\System\adQKJgK.exe
  C:\Windows\System\adQKJgK.exe
  2⤵
  PID:6096
- C:\Windows\System\DksqPJm.exe
  C:\Windows\System\DksqPJm.exe
  2⤵
  PID:6128
- C:\Windows\System\FyGzbCD.exe
  C:\Windows\System\FyGzbCD.exe
  2⤵
  PID:5160
- C:\Windows\System\DJMFlKT.exe
  C:\Windows\System\DJMFlKT.exe
  2⤵
  PID:5176
- C:\Windows\System\Gijzwmv.exe
  C:\Windows\System\Gijzwmv.exe
  2⤵
  PID:5264
- C:\Windows\System\xdnxfmr.exe
  C:\Windows\System\xdnxfmr.exe
  2⤵
  PID:5328
- C:\Windows\System\WJpUKgW.exe
  C:\Windows\System\WJpUKgW.exe
  2⤵
  PID:5304
- C:\Windows\System\lkWTgrZ.exe
  C:\Windows\System\lkWTgrZ.exe
  2⤵
  PID:5424
- C:\Windows\System\bWHXykL.exe
  C:\Windows\System\bWHXykL.exe
  2⤵
  PID:5444
- C:\Windows\System\BOHzcyK.exe
  C:\Windows\System\BOHzcyK.exe
  2⤵
  PID:5500
- C:\Windows\System\CrRllFP.exe
  C:\Windows\System\CrRllFP.exe
  2⤵
  PID:5560
- C:\Windows\System\tRjgxHX.exe
  C:\Windows\System\tRjgxHX.exe
  2⤵
  PID:5604
- C:\Windows\System\fWFDrai.exe
  C:\Windows\System\fWFDrai.exe
  2⤵
  PID:5680
- C:\Windows\System\CTAAleG.exe
  C:\Windows\System\CTAAleG.exe
  2⤵
  PID:5712
- C:\Windows\System\JBLAGGh.exe
  C:\Windows\System\JBLAGGh.exe
  2⤵
  PID:5828
- C:\Windows\System\cYZlWwN.exe
  C:\Windows\System\cYZlWwN.exe
  2⤵
  PID:5912
- C:\Windows\System\SjUPmcx.exe
  C:\Windows\System\SjUPmcx.exe
  2⤵
  PID:5892
- C:\Windows\System\ZaMScwU.exe
  C:\Windows\System\ZaMScwU.exe
  2⤵
  PID:5996
- C:\Windows\System\sfDSaJh.exe
  C:\Windows\System\sfDSaJh.exe
  2⤵
  PID:6020
- C:\Windows\System\eaYNoko.exe
  C:\Windows\System\eaYNoko.exe
  2⤵
  PID:6052
- C:\Windows\System\fZQuvBe.exe
  C:\Windows\System\fZQuvBe.exe
  2⤵
  PID:6140
- C:\Windows\System\qzAeiAJ.exe
  C:\Windows\System\qzAeiAJ.exe
  2⤵
  PID:5156
- C:\Windows\System\sSaZVTf.exe
  C:\Windows\System\sSaZVTf.exe
  2⤵
  PID:5244
- C:\Windows\System\AKWqIvs.exe
  C:\Windows\System\AKWqIvs.exe
  2⤵
  PID:5396
- C:\Windows\System\pkvEDzb.exe
  C:\Windows\System\pkvEDzb.exe
  2⤵
  PID:5488
- C:\Windows\System\kbhsiIo.exe
  C:\Windows\System\kbhsiIo.exe
  2⤵
  PID:5464
- C:\Windows\System\FNcOgat.exe
  C:\Windows\System\FNcOgat.exe
  2⤵
  PID:5636
- C:\Windows\System\QQiTQiU.exe
  C:\Windows\System\QQiTQiU.exe
  2⤵
  PID:5668
- C:\Windows\System\BlPXJTP.exe
  C:\Windows\System\BlPXJTP.exe
  2⤵
  PID:5824
- C:\Windows\System\ecKYuCI.exe
  C:\Windows\System\ecKYuCI.exe
  2⤵
  PID:5908
- C:\Windows\System\olfAfJI.exe
  C:\Windows\System\olfAfJI.exe
  2⤵
  PID:5980
- C:\Windows\System\IkRlwra.exe
  C:\Windows\System\IkRlwra.exe
  2⤵
  PID:6116
- C:\Windows\System\rctKWpD.exe
  C:\Windows\System\rctKWpD.exe
  2⤵
  PID:5204
- C:\Windows\System\PVyErmb.exe
  C:\Windows\System\PVyErmb.exe
  2⤵
  PID:5380
- C:\Windows\System\HwWvkvA.exe
  C:\Windows\System\HwWvkvA.exe
  2⤵
  PID:5420
- C:\Windows\System\xpEDrPu.exe
  C:\Windows\System\xpEDrPu.exe
  2⤵
  PID:5528
- C:\Windows\System\xpfUBgW.exe
  C:\Windows\System\xpfUBgW.exe
  2⤵
  PID:5784
- C:\Windows\System\COGfPYp.exe
  C:\Windows\System\COGfPYp.exe
  2⤵
  PID:5968
- C:\Windows\System\XbOpFsX.exe
  C:\Windows\System\XbOpFsX.exe
  2⤵
  PID:6076
- C:\Windows\System\GFGsJYp.exe
  C:\Windows\System\GFGsJYp.exe
  2⤵
  PID:4996
- C:\Windows\System\LsiOHvQ.exe
  C:\Windows\System\LsiOHvQ.exe
  2⤵
  PID:5848
- C:\Windows\System\JNkMTmW.exe
  C:\Windows\System\JNkMTmW.exe
  2⤵
  PID:4920
- C:\Windows\System\aAqEXtC.exe
  C:\Windows\System\aAqEXtC.exe
  2⤵
  PID:5628
- C:\Windows\System\UsnaTTs.exe
  C:\Windows\System\UsnaTTs.exe
  2⤵
  PID:5448
- C:\Windows\System\udOTfYo.exe
  C:\Windows\System\udOTfYo.exe
  2⤵
  PID:4880
- C:\Windows\System\HUoyLYm.exe
  C:\Windows\System\HUoyLYm.exe
  2⤵
  PID:5140
- C:\Windows\System\aHkXPYt.exe
  C:\Windows\System\aHkXPYt.exe
  2⤵
  PID:5504
- C:\Windows\System\mwcqfoJ.exe
  C:\Windows\System\mwcqfoJ.exe
  2⤵
  PID:4808
- C:\Windows\System\HBIEVjV.exe
  C:\Windows\System\HBIEVjV.exe
  2⤵
  PID:6164
- C:\Windows\System\hnfEwvG.exe
  C:\Windows\System\hnfEwvG.exe
  2⤵
  PID:6180
- C:\Windows\System\CUNYGyJ.exe
  C:\Windows\System\CUNYGyJ.exe
  2⤵
  PID:6204
- C:\Windows\System\PHmHJtL.exe
  C:\Windows\System\PHmHJtL.exe
  2⤵
  PID:6220
- C:\Windows\System\UhwMlaq.exe
  C:\Windows\System\UhwMlaq.exe
  2⤵
  PID:6244
- C:\Windows\System\tSMxfHx.exe
  C:\Windows\System\tSMxfHx.exe
  2⤵
  PID:6260
- C:\Windows\System\LDEXZvO.exe
  C:\Windows\System\LDEXZvO.exe
  2⤵
  PID:6284
- C:\Windows\System\oyxrXaR.exe
  C:\Windows\System\oyxrXaR.exe
  2⤵
  PID:6300
- C:\Windows\System\xQldffb.exe
  C:\Windows\System\xQldffb.exe
  2⤵
  PID:6320
- C:\Windows\System\thEIScP.exe
  C:\Windows\System\thEIScP.exe
  2⤵
  PID:6340
- C:\Windows\System\GGvBRwH.exe
  C:\Windows\System\GGvBRwH.exe
  2⤵
  PID:6356
- C:\Windows\System\GawbPjp.exe
  C:\Windows\System\GawbPjp.exe
  2⤵
  PID:6380
- C:\Windows\System\xBjEZdQ.exe
  C:\Windows\System\xBjEZdQ.exe
  2⤵
  PID:6404
- C:\Windows\System\joWgkNk.exe
  C:\Windows\System\joWgkNk.exe
  2⤵
  PID:6424
- C:\Windows\System\JFzQnsU.exe
  C:\Windows\System\JFzQnsU.exe
  2⤵
  PID:6440
- C:\Windows\System\mnimZpB.exe
  C:\Windows\System\mnimZpB.exe
  2⤵
  PID:6460
- C:\Windows\System\EDEfYyW.exe
  C:\Windows\System\EDEfYyW.exe
  2⤵
  PID:6476
- C:\Windows\System\xTcHscV.exe
  C:\Windows\System\xTcHscV.exe
  2⤵
  PID:6496
- C:\Windows\System\eORSaLS.exe
  C:\Windows\System\eORSaLS.exe
  2⤵
  PID:6516
- C:\Windows\System\xiEcSzA.exe
  C:\Windows\System\xiEcSzA.exe
  2⤵
  PID:6540
- C:\Windows\System\KOwYOMo.exe
  C:\Windows\System\KOwYOMo.exe
  2⤵
  PID:6568
- C:\Windows\System\zoTcKoA.exe
  C:\Windows\System\zoTcKoA.exe
  2⤵
  PID:6584
- C:\Windows\System\vNPfqkP.exe
  C:\Windows\System\vNPfqkP.exe
  2⤵
  PID:6608
- C:\Windows\System\sxThGcu.exe
  C:\Windows\System\sxThGcu.exe
  2⤵
  PID:6624
- C:\Windows\System\EzYIDPY.exe
  C:\Windows\System\EzYIDPY.exe
  2⤵
  PID:6648
- C:\Windows\System\vKOvkDd.exe
  C:\Windows\System\vKOvkDd.exe
  2⤵
  PID:6664
- C:\Windows\System\RnBiKMy.exe
  C:\Windows\System\RnBiKMy.exe
  2⤵
  PID:6688
- C:\Windows\System\IpOPvaX.exe
  C:\Windows\System\IpOPvaX.exe
  2⤵
  PID:6704
- C:\Windows\System\IeejlKh.exe
  C:\Windows\System\IeejlKh.exe
  2⤵
  PID:6724
- C:\Windows\System\VcppdNP.exe
  C:\Windows\System\VcppdNP.exe
  2⤵
  PID:6744
- C:\Windows\System\EQGOEmP.exe
  C:\Windows\System\EQGOEmP.exe
  2⤵
  PID:6768
- C:\Windows\System\LtBivoS.exe
  C:\Windows\System\LtBivoS.exe
  2⤵
  PID:6788
- C:\Windows\System\IJGBPTG.exe
  C:\Windows\System\IJGBPTG.exe
  2⤵
  PID:6804
- C:\Windows\System\xrwNRkZ.exe
  C:\Windows\System\xrwNRkZ.exe
  2⤵
  PID:6824
- C:\Windows\System\LyvlHtc.exe
  C:\Windows\System\LyvlHtc.exe
  2⤵
  PID:6840
- C:\Windows\System\sxvrIfL.exe
  C:\Windows\System\sxvrIfL.exe
  2⤵
  PID:6860
- C:\Windows\System\SjyTSiw.exe
  C:\Windows\System\SjyTSiw.exe
  2⤵
  PID:6884
- C:\Windows\System\CRMZeZV.exe
  C:\Windows\System\CRMZeZV.exe
  2⤵
  PID:6900
- C:\Windows\System\OVQwRyC.exe
  C:\Windows\System\OVQwRyC.exe
  2⤵
  PID:6924
- C:\Windows\System\qVdPbzx.exe
  C:\Windows\System\qVdPbzx.exe
  2⤵
  PID:6944
- C:\Windows\System\CDWZPxK.exe
  C:\Windows\System\CDWZPxK.exe
  2⤵
  PID:6960
- C:\Windows\System\dCqzEsb.exe
  C:\Windows\System\dCqzEsb.exe
  2⤵
  PID:6980
- C:\Windows\System\raBOGLD.exe
  C:\Windows\System\raBOGLD.exe
  2⤵
  PID:6996
- C:\Windows\System\TwfsApV.exe
  C:\Windows\System\TwfsApV.exe
  2⤵
  PID:7016
- C:\Windows\System\KEeLeHk.exe
  C:\Windows\System\KEeLeHk.exe
  2⤵
  PID:7040
- C:\Windows\System\sstLbRY.exe
  C:\Windows\System\sstLbRY.exe
  2⤵
  PID:7064
- C:\Windows\System\ZKpddEs.exe
  C:\Windows\System\ZKpddEs.exe
  2⤵
  PID:7088
- C:\Windows\System\CLuVVUq.exe
  C:\Windows\System\CLuVVUq.exe
  2⤵
  PID:7104
- C:\Windows\System\zRkkknq.exe
  C:\Windows\System\zRkkknq.exe
  2⤵
  PID:7124
- C:\Windows\System\UmeroHp.exe
  C:\Windows\System\UmeroHp.exe
  2⤵
  PID:7144
- C:\Windows\System\dnSXMYp.exe
  C:\Windows\System\dnSXMYp.exe
  2⤵
  PID:6000
- C:\Windows\System\KnBqtjY.exe
  C:\Windows\System\KnBqtjY.exe
  2⤵
  PID:6084
- C:\Windows\System\JcxCsmt.exe
  C:\Windows\System\JcxCsmt.exe
  2⤵
  PID:6172
- C:\Windows\System\ewDDBax.exe
  C:\Windows\System\ewDDBax.exe
  2⤵
  PID:6212
- C:\Windows\System\BfaibgL.exe
  C:\Windows\System\BfaibgL.exe
  2⤵
  PID:6240
- C:\Windows\System\ascvIIY.exe
  C:\Windows\System\ascvIIY.exe
  2⤵
  PID:6268
- C:\Windows\System\TjbvFBi.exe
  C:\Windows\System\TjbvFBi.exe
  2⤵
  PID:6296
- C:\Windows\System\LQpZtbP.exe
  C:\Windows\System\LQpZtbP.exe
  2⤵
  PID:6348
- C:\Windows\System\YcmMvCl.exe
  C:\Windows\System\YcmMvCl.exe
  2⤵
  PID:6376
- C:\Windows\System\FIFLAGE.exe
  C:\Windows\System\FIFLAGE.exe
  2⤵
  PID:6400
- C:\Windows\System\JhWuEKP.exe
  C:\Windows\System\JhWuEKP.exe
  2⤵
  PID:6468
- C:\Windows\System\xCufvAH.exe
  C:\Windows\System\xCufvAH.exe
  2⤵
  PID:6512
- C:\Windows\System\xYnJVDR.exe
  C:\Windows\System\xYnJVDR.exe
  2⤵
  PID:6556
- C:\Windows\System\bZQdUJy.exe
  C:\Windows\System\bZQdUJy.exe
  2⤵
  PID:6532
- C:\Windows\System\KekZNSk.exe
  C:\Windows\System\KekZNSk.exe
  2⤵
  PID:6528
- C:\Windows\System\cATOJIU.exe
  C:\Windows\System\cATOJIU.exe
  2⤵
  PID:6600
- C:\Windows\System\bheAsWK.exe
  C:\Windows\System\bheAsWK.exe
  2⤵
  PID:6640
- C:\Windows\System\hPaBuCC.exe
  C:\Windows\System\hPaBuCC.exe
  2⤵
  PID:6656
- C:\Windows\System\cJjJOiq.exe
  C:\Windows\System\cJjJOiq.exe
  2⤵
  PID:6712
- C:\Windows\System\qPJyyQp.exe
  C:\Windows\System\qPJyyQp.exe
  2⤵
  PID:6732
- C:\Windows\System\LpcIkvU.exe
  C:\Windows\System\LpcIkvU.exe
  2⤵
  PID:6756
- C:\Windows\System\LElJchY.exe
  C:\Windows\System\LElJchY.exe
  2⤵
  PID:6740
- C:\Windows\System\SIQwbTX.exe
  C:\Windows\System\SIQwbTX.exe
  2⤵
  PID:6868
- C:\Windows\System\KtygVEs.exe
  C:\Windows\System\KtygVEs.exe
  2⤵
  PID:6816
- C:\Windows\System\WbbgXWN.exe
  C:\Windows\System\WbbgXWN.exe
  2⤵
  PID:6856
- C:\Windows\System\mOMBfHZ.exe
  C:\Windows\System\mOMBfHZ.exe
  2⤵
  PID:6916
- C:\Windows\System\hAqnaGx.exe
  C:\Windows\System\hAqnaGx.exe
  2⤵
  PID:6940
- C:\Windows\System\NFZelOB.exe
  C:\Windows\System\NFZelOB.exe
  2⤵
  PID:6976
- C:\Windows\System\FnRddBd.exe
  C:\Windows\System\FnRddBd.exe
  2⤵
  PID:7032
- C:\Windows\System\equNOct.exe
  C:\Windows\System\equNOct.exe
  2⤵
  PID:7056
- C:\Windows\System\sqFfwwZ.exe
  C:\Windows\System\sqFfwwZ.exe
  2⤵
  PID:7084
- C:\Windows\System\kgLlMyA.exe
  C:\Windows\System\kgLlMyA.exe
  2⤵
  PID:7120
- C:\Windows\System\IcprYEl.exe
  C:\Windows\System\IcprYEl.exe
  2⤵
  PID:7164
- C:\Windows\System\qqhzRhn.exe
  C:\Windows\System\qqhzRhn.exe
  2⤵
  PID:5228
- C:\Windows\System\KrSHuRa.exe
  C:\Windows\System\KrSHuRa.exe
  2⤵
  PID:6200
- C:\Windows\System\tZTaDKc.exe
  C:\Windows\System\tZTaDKc.exe
  2⤵
  PID:6280
- C:\Windows\System\qxmSiYS.exe
  C:\Windows\System\qxmSiYS.exe
  2⤵
  PID:6368
- C:\Windows\System\kirpmDn.exe
  C:\Windows\System\kirpmDn.exe
  2⤵
  PID:6316
- C:\Windows\System\zPQBpkY.exe
  C:\Windows\System\zPQBpkY.exe
  2⤵
  PID:6416
- C:\Windows\System\urYtfMc.exe
  C:\Windows\System\urYtfMc.exe
  2⤵
  PID:6508
- C:\Windows\System\WnchyqI.exe
  C:\Windows\System\WnchyqI.exe
  2⤵
  PID:6456
- C:\Windows\System\CIueDsW.exe
  C:\Windows\System\CIueDsW.exe
  2⤵
  PID:6580
- C:\Windows\System\KvFwyRV.exe
  C:\Windows\System\KvFwyRV.exe
  2⤵
  PID:5936
- C:\Windows\System\XDeiCIe.exe
  C:\Windows\System\XDeiCIe.exe
  2⤵
  PID:5916
- C:\Windows\System\TuFoHIk.exe
  C:\Windows\System\TuFoHIk.exe
  2⤵
  PID:6720
- C:\Windows\System\eLPQeSP.exe
  C:\Windows\System\eLPQeSP.exe
  2⤵
  PID:6800
- C:\Windows\System\lRxnFSR.exe
  C:\Windows\System\lRxnFSR.exe
  2⤵
  PID:6848
- C:\Windows\System\KYXemvL.exe
  C:\Windows\System\KYXemvL.exe
  2⤵
  PID:6956
- C:\Windows\System\wmZFWIw.exe
  C:\Windows\System\wmZFWIw.exe
  2⤵
  PID:6896
- C:\Windows\System\GuHZGvD.exe
  C:\Windows\System\GuHZGvD.exe
  2⤵
  PID:7008
- C:\Windows\System\GGehJVJ.exe
  C:\Windows\System\GGehJVJ.exe
  2⤵
  PID:7076
- C:\Windows\System\dFgfnXk.exe
  C:\Windows\System\dFgfnXk.exe
  2⤵
  PID:7116
- C:\Windows\System\MfXCaKo.exe
  C:\Windows\System\MfXCaKo.exe
  2⤵
  PID:7152
- C:\Windows\System\ZIdyORN.exe
  C:\Windows\System\ZIdyORN.exe
  2⤵
  PID:5548
- C:\Windows\System\TEOQgsG.exe
  C:\Windows\System\TEOQgsG.exe
  2⤵
  PID:6252
- C:\Windows\System\kopAVbi.exe
  C:\Windows\System\kopAVbi.exe
  2⤵
  PID:6312
- C:\Windows\System\KQcDzup.exe
  C:\Windows\System\KQcDzup.exe
  2⤵
  PID:6436
- C:\Windows\System\hMBIqBQ.exe
  C:\Windows\System\hMBIqBQ.exe
  2⤵
  PID:6620
- C:\Windows\System\gwUYxSc.exe
  C:\Windows\System\gwUYxSc.exe
  2⤵
  PID:6836
- C:\Windows\System\dTjUJUG.exe
  C:\Windows\System\dTjUJUG.exe
  2⤵
  PID:6700
- C:\Windows\System\QNvOHga.exe
  C:\Windows\System\QNvOHga.exe
  2⤵
  PID:6912
- C:\Windows\System\cpxeeQq.exe
  C:\Windows\System\cpxeeQq.exe
  2⤵
  PID:6760
- C:\Windows\System\dYXSehL.exe
  C:\Windows\System\dYXSehL.exe
  2⤵
  PID:7060
- C:\Windows\System\VqLtHqs.exe
  C:\Windows\System\VqLtHqs.exe
  2⤵
  PID:6160
- C:\Windows\System\jXzogjf.exe
  C:\Windows\System\jXzogjf.exe
  2⤵
  PID:7156
- C:\Windows\System\bMChQvE.exe
  C:\Windows\System\bMChQvE.exe
  2⤵
  PID:6256
- C:\Windows\System\ePQOSGh.exe
  C:\Windows\System\ePQOSGh.exe
  2⤵
  PID:6592
- C:\Windows\System\hsRTJlw.exe
  C:\Windows\System\hsRTJlw.exe
  2⤵
  PID:6452
- C:\Windows\System\OifTKRp.exe
  C:\Windows\System\OifTKRp.exe
  2⤵
  PID:6876
- C:\Windows\System\KnETvHn.exe
  C:\Windows\System\KnETvHn.exe
  2⤵
  PID:7072
- C:\Windows\System\noIwjUu.exe
  C:\Windows\System\noIwjUu.exe
  2⤵
  PID:7012
- C:\Windows\System\LnbDGyA.exe
  C:\Windows\System\LnbDGyA.exe
  2⤵
  PID:6176
- C:\Windows\System\nZgRDNU.exe
  C:\Windows\System\nZgRDNU.exe
  2⤵
  PID:6504
- C:\Windows\System\oWmEepK.exe
  C:\Windows\System\oWmEepK.exe
  2⤵
  PID:6752
- C:\Windows\System\SmFGxvj.exe
  C:\Windows\System\SmFGxvj.exe
  2⤵
  PID:6908
- C:\Windows\System\brboZCb.exe
  C:\Windows\System\brboZCb.exe
  2⤵
  PID:6796
- C:\Windows\System\DLCnVDO.exe
  C:\Windows\System\DLCnVDO.exe
  2⤵
  PID:7112
- C:\Windows\System\BfhDPJL.exe
  C:\Windows\System\BfhDPJL.exe
  2⤵
  PID:7176
- C:\Windows\System\oqhBiVW.exe
  C:\Windows\System\oqhBiVW.exe
  2⤵
  PID:7212
- C:\Windows\System\IOtWJJy.exe
  C:\Windows\System\IOtWJJy.exe
  2⤵
  PID:7232
- C:\Windows\System\IHhpuII.exe
  C:\Windows\System\IHhpuII.exe
  2⤵
  PID:7252
- C:\Windows\System\SuqbJUw.exe
  C:\Windows\System\SuqbJUw.exe
  2⤵
  PID:7276
- C:\Windows\System\syYsWNt.exe
  C:\Windows\System\syYsWNt.exe
  2⤵
  PID:7296
- C:\Windows\System\bGjBxKe.exe
  C:\Windows\System\bGjBxKe.exe
  2⤵
  PID:7312
- C:\Windows\System\SmtULTB.exe
  C:\Windows\System\SmtULTB.exe
  2⤵
  PID:7336
- C:\Windows\System\nSnZgXa.exe
  C:\Windows\System\nSnZgXa.exe
  2⤵
  PID:7352
- C:\Windows\System\xrAIxAx.exe
  C:\Windows\System\xrAIxAx.exe
  2⤵
  PID:7368
- C:\Windows\System\lHKFYuh.exe
  C:\Windows\System\lHKFYuh.exe
  2⤵
  PID:7388
- C:\Windows\System\vVRojvD.exe
  C:\Windows\System\vVRojvD.exe
  2⤵
  PID:7416
- C:\Windows\System\alDcTkn.exe
  C:\Windows\System\alDcTkn.exe
  2⤵
  PID:7436
- C:\Windows\System\yUmDxOF.exe
  C:\Windows\System\yUmDxOF.exe
  2⤵
  PID:7456
- C:\Windows\System\hOTQYnM.exe
  C:\Windows\System\hOTQYnM.exe
  2⤵
  PID:7472
- C:\Windows\System\YkHVoXk.exe
  C:\Windows\System\YkHVoXk.exe
  2⤵
  PID:7492
- C:\Windows\System\bZPwutp.exe
  C:\Windows\System\bZPwutp.exe
  2⤵
  PID:7512
- C:\Windows\System\MBSnijJ.exe
  C:\Windows\System\MBSnijJ.exe
  2⤵
  PID:7532
- C:\Windows\System\gtfxTqT.exe
  C:\Windows\System\gtfxTqT.exe
  2⤵
  PID:7552
- C:\Windows\System\miouCTR.exe
  C:\Windows\System\miouCTR.exe
  2⤵
  PID:7576
- C:\Windows\System\lgeyUHg.exe
  C:\Windows\System\lgeyUHg.exe
  2⤵
  PID:7592
- C:\Windows\System\AQvDCBD.exe
  C:\Windows\System\AQvDCBD.exe
  2⤵
  PID:7616
- C:\Windows\System\BFnINxC.exe
  C:\Windows\System\BFnINxC.exe
  2⤵
  PID:7632
- C:\Windows\System\FvtIYJP.exe
  C:\Windows\System\FvtIYJP.exe
  2⤵
  PID:7648
- C:\Windows\System\xcAquSo.exe
  C:\Windows\System\xcAquSo.exe
  2⤵
  PID:7672
- C:\Windows\System\OSRRIdl.exe
  C:\Windows\System\OSRRIdl.exe
  2⤵
  PID:7696
- C:\Windows\System\WkrYdSD.exe
  C:\Windows\System\WkrYdSD.exe
  2⤵
  PID:7712
- C:\Windows\System\QNdFOjD.exe
  C:\Windows\System\QNdFOjD.exe
  2⤵
  PID:7732
- C:\Windows\System\rtyEAMb.exe
  C:\Windows\System\rtyEAMb.exe
  2⤵
  PID:7748
- C:\Windows\System\tYaruPw.exe
  C:\Windows\System\tYaruPw.exe
  2⤵
  PID:7772
- C:\Windows\System\ApwGIXj.exe
  C:\Windows\System\ApwGIXj.exe
  2⤵
  PID:7792
- C:\Windows\System\RroaLtT.exe
  C:\Windows\System\RroaLtT.exe
  2⤵
  PID:7808
- C:\Windows\System\wpgspGQ.exe
  C:\Windows\System\wpgspGQ.exe
  2⤵
  PID:7828
- C:\Windows\System\UNIZRGN.exe
  C:\Windows\System\UNIZRGN.exe
  2⤵
  PID:7848
- C:\Windows\System\RmoBiZR.exe
  C:\Windows\System\RmoBiZR.exe
  2⤵
  PID:7880
- C:\Windows\System\HeJfpOH.exe
  C:\Windows\System\HeJfpOH.exe
  2⤵
  PID:7900
- C:\Windows\System\WGLWRvN.exe
  C:\Windows\System\WGLWRvN.exe
  2⤵
  PID:7916
- C:\Windows\System\jeJgaor.exe
  C:\Windows\System\jeJgaor.exe
  2⤵
  PID:7932
- C:\Windows\System\EHQVhNA.exe
  C:\Windows\System\EHQVhNA.exe
  2⤵
  PID:7948
- C:\Windows\System\IEWdsOw.exe
  C:\Windows\System\IEWdsOw.exe
  2⤵
  PID:7980
- C:\Windows\System\CEYrTiG.exe
  C:\Windows\System\CEYrTiG.exe
  2⤵
  PID:7996
- C:\Windows\System\GVCgXTF.exe
  C:\Windows\System\GVCgXTF.exe
  2⤵
  PID:8012
- C:\Windows\System\XMGrdUt.exe
  C:\Windows\System\XMGrdUt.exe
  2⤵
  PID:8032
- C:\Windows\System\GTBuXMz.exe
  C:\Windows\System\GTBuXMz.exe
  2⤵
  PID:8048
- C:\Windows\System\muLoRea.exe
  C:\Windows\System\muLoRea.exe
  2⤵
  PID:8068
- C:\Windows\System\UEAPYjU.exe
  C:\Windows\System\UEAPYjU.exe
  2⤵
  PID:8096
- C:\Windows\System\VdGSdkX.exe
  C:\Windows\System\VdGSdkX.exe
  2⤵
  PID:8112
- C:\Windows\System\rkliLkK.exe
  C:\Windows\System\rkliLkK.exe
  2⤵
  PID:8132
- C:\Windows\System\PBmcqfj.exe
  C:\Windows\System\PBmcqfj.exe
  2⤵
  PID:8152
- C:\Windows\System\TqSoCEe.exe
  C:\Windows\System\TqSoCEe.exe
  2⤵
  PID:8180
- C:\Windows\System\IsLgGPz.exe
  C:\Windows\System\IsLgGPz.exe
  2⤵
  PID:6564
- C:\Windows\System\qDLbOmM.exe
  C:\Windows\System\qDLbOmM.exe
  2⤵
  PID:6148
- C:\Windows\System\OHTjJra.exe
  C:\Windows\System\OHTjJra.exe
  2⤵
  PID:7204
- C:\Windows\System\EyOfPhd.exe
  C:\Windows\System\EyOfPhd.exe
  2⤵
  PID:6392
- C:\Windows\System\zHDvJEN.exe
  C:\Windows\System\zHDvJEN.exe
  2⤵
  PID:7244
- C:\Windows\System\nDQrLWx.exe
  C:\Windows\System\nDQrLWx.exe
  2⤵
  PID:7264
- C:\Windows\System\cQPdMIm.exe
  C:\Windows\System\cQPdMIm.exe
  2⤵
  PID:7304
- C:\Windows\System\pIYInDQ.exe
  C:\Windows\System\pIYInDQ.exe
  2⤵
  PID:7332
- C:\Windows\System\jPEflkl.exe
  C:\Windows\System\jPEflkl.exe
  2⤵
  PID:7384
- C:\Windows\System\svbMSHj.exe
  C:\Windows\System\svbMSHj.exe
  2⤵
  PID:7408
- C:\Windows\System\PacotJe.exe
  C:\Windows\System\PacotJe.exe
  2⤵
  PID:7428
- C:\Windows\System\jjhnNCm.exe
  C:\Windows\System\jjhnNCm.exe
  2⤵
  PID:7480
- C:\Windows\System\wuRgbUl.exe
  C:\Windows\System\wuRgbUl.exe
  2⤵
  PID:7520
- C:\Windows\System\ddNoqzO.exe
  C:\Windows\System\ddNoqzO.exe
  2⤵
  PID:7544
- C:\Windows\System\xWwymDZ.exe
  C:\Windows\System\xWwymDZ.exe
  2⤵
  PID:7564
- C:\Windows\System\pxKokFG.exe
  C:\Windows\System\pxKokFG.exe
  2⤵
  PID:7588
- C:\Windows\System\tlxHFgM.exe
  C:\Windows\System\tlxHFgM.exe
  2⤵
  PID:7644
- C:\Windows\System\LuOLeha.exe
  C:\Windows\System\LuOLeha.exe
  2⤵
  PID:7656
- C:\Windows\System\GPGIMnr.exe
  C:\Windows\System\GPGIMnr.exe
  2⤵
  PID:7720
- C:\Windows\System\SIIZlCt.exe
  C:\Windows\System\SIIZlCt.exe
  2⤵
  PID:7756
- C:\Windows\System\DchBWVm.exe
  C:\Windows\System\DchBWVm.exe
  2⤵
  PID:7744
- C:\Windows\System\sCuUknc.exe
  C:\Windows\System\sCuUknc.exe
  2⤵
  PID:7804
- C:\Windows\System\wYTTrPC.exe
  C:\Windows\System\wYTTrPC.exe
  2⤵
  PID:7844
- C:\Windows\System\wdwvYtM.exe
  C:\Windows\System\wdwvYtM.exe
  2⤵
  PID:7864
- C:\Windows\System\lcMNNni.exe
  C:\Windows\System\lcMNNni.exe
  2⤵
  PID:7928
- C:\Windows\System\SsxZjjV.exe
  C:\Windows\System\SsxZjjV.exe
  2⤵
  PID:7972
- C:\Windows\System\VSjWEts.exe
  C:\Windows\System\VSjWEts.exe
  2⤵
  PID:7976
- C:\Windows\System\sAJxwhi.exe
  C:\Windows\System\sAJxwhi.exe
  2⤵
  PID:8044
- C:\Windows\System\lhilcJG.exe
  C:\Windows\System\lhilcJG.exe
  2⤵
  PID:8088
- C:\Windows\System\igVNcRJ.exe
  C:\Windows\System\igVNcRJ.exe
  2⤵
  PID:7992
- C:\Windows\System\JxriRBW.exe
  C:\Windows\System\JxriRBW.exe
  2⤵
  PID:8128
- C:\Windows\System\MurKsOr.exe
  C:\Windows\System\MurKsOr.exe
  2⤵
  PID:8164
- C:\Windows\System\haujZVl.exe
  C:\Windows\System\haujZVl.exe
  2⤵
  PID:8172
- C:\Windows\System\mQtGyox.exe
  C:\Windows\System\mQtGyox.exe
  2⤵
  PID:6352
- C:\Windows\System\spzoxCf.exe
  C:\Windows\System\spzoxCf.exe
  2⤵
  PID:7220
- C:\Windows\System\nWeNFvd.exe
  C:\Windows\System\nWeNFvd.exe
  2⤵
  PID:7224
- C:\Windows\System\tjjlFNG.exe
  C:\Windows\System\tjjlFNG.exe
  2⤵
  PID:7320
- C:\Windows\System\fbwCPvf.exe
  C:\Windows\System\fbwCPvf.exe
  2⤵
  PID:7360
- C:\Windows\System\zPEFdOB.exe
  C:\Windows\System\zPEFdOB.exe
  2⤵
  PID:7376
- C:\Windows\System\jDyFMbo.exe
  C:\Windows\System\jDyFMbo.exe
  2⤵
  PID:7424
- C:\Windows\System\HyZITgG.exe
  C:\Windows\System\HyZITgG.exe
  2⤵
  PID:7508
- C:\Windows\System\njYzEeC.exe
  C:\Windows\System\njYzEeC.exe
  2⤵
  PID:7560
- C:\Windows\System\wFpeFIe.exe
  C:\Windows\System\wFpeFIe.exe
  2⤵
  PID:7608
- C:\Windows\System\RNlnhLk.exe
  C:\Windows\System\RNlnhLk.exe
  2⤵
  PID:7728
- C:\Windows\System\lqyLHzm.exe
  C:\Windows\System\lqyLHzm.exe
  2⤵
  PID:7760
- C:\Windows\System\iuTfQII.exe
  C:\Windows\System\iuTfQII.exe
  2⤵
  PID:7800
- C:\Windows\System\mwuKzqt.exe
  C:\Windows\System\mwuKzqt.exe
  2⤵
  PID:7836
- C:\Windows\System\jqPaSrQ.exe
  C:\Windows\System\jqPaSrQ.exe
  2⤵
  PID:7896
- C:\Windows\System\sZPxZWj.exe
  C:\Windows\System\sZPxZWj.exe
  2⤵
  PID:7960
- C:\Windows\System\GOIqXmj.exe
  C:\Windows\System\GOIqXmj.exe
  2⤵
  PID:8076
- C:\Windows\System\qEvjWQm.exe
  C:\Windows\System\qEvjWQm.exe
  2⤵
  PID:8120
- C:\Windows\System\VOJavph.exe
  C:\Windows\System\VOJavph.exe
  2⤵
  PID:8060
- C:\Windows\System\VQUOpsf.exe
  C:\Windows\System\VQUOpsf.exe
  2⤵
  PID:6448
- C:\Windows\System\Ezpubfp.exe
  C:\Windows\System\Ezpubfp.exe
  2⤵
  PID:7196
- C:\Windows\System\LNBxQRQ.exe
  C:\Windows\System\LNBxQRQ.exe
  2⤵
  PID:7272
- C:\Windows\System\NAVnCnW.exe
  C:\Windows\System\NAVnCnW.exe
  2⤵
  PID:7324
- C:\Windows\System\LABTows.exe
  C:\Windows\System\LABTows.exe
  2⤵
  PID:7432
- C:\Windows\System\jyECbdx.exe
  C:\Windows\System\jyECbdx.exe
  2⤵
  PID:7488
- C:\Windows\System\KOpoZPJ.exe
  C:\Windows\System\KOpoZPJ.exe
  2⤵
  PID:7668
- C:\Windows\System\olaYPzN.exe
  C:\Windows\System\olaYPzN.exe
  2⤵
  PID:7840
- C:\Windows\System\wBVjtkJ.exe
  C:\Windows\System\wBVjtkJ.exe
  2⤵
  PID:7788
- C:\Windows\System\FcXKjwh.exe
  C:\Windows\System\FcXKjwh.exe
  2⤵
  PID:7924
- C:\Windows\System\MlddQkH.exe
  C:\Windows\System\MlddQkH.exe
  2⤵
  PID:8040
- C:\Windows\System\LGJpTMo.exe
  C:\Windows\System\LGJpTMo.exe
  2⤵
  PID:8124
- C:\Windows\System\kNUsATS.exe
  C:\Windows\System\kNUsATS.exe
  2⤵
  PID:6672
- C:\Windows\System\XMVsQja.exe
  C:\Windows\System\XMVsQja.exe
  2⤵
  PID:7268
- C:\Windows\System\UhUNScq.exe
  C:\Windows\System\UhUNScq.exe
  2⤵
  PID:7484
- C:\Windows\System\oqGqLCh.exe
  C:\Windows\System\oqGqLCh.exe
  2⤵
  PID:7396
- C:\Windows\System\wJdeToE.exe
  C:\Windows\System\wJdeToE.exe
  2⤵
  PID:7452
- C:\Windows\System\CbRuYEc.exe
  C:\Windows\System\CbRuYEc.exe
  2⤵
  PID:7200
- C:\Windows\System\Hlnxsod.exe
  C:\Windows\System\Hlnxsod.exe
  2⤵
  PID:8144
- C:\Windows\System\CHhUorV.exe
  C:\Windows\System\CHhUorV.exe
  2⤵
  PID:8004
- C:\Windows\System\RjWMgFG.exe
  C:\Windows\System\RjWMgFG.exe
  2⤵
  PID:6524
- C:\Windows\System\JJdZkwu.exe
  C:\Windows\System\JJdZkwu.exe
  2⤵
  PID:7612
- C:\Windows\System\VFWHJxM.exe
  C:\Windows\System\VFWHJxM.exe
  2⤵
  PID:7584
- C:\Windows\System\SJjmMrm.exe
  C:\Windows\System\SJjmMrm.exe
  2⤵
  PID:7876
- C:\Windows\System\nsjYLuB.exe
  C:\Windows\System\nsjYLuB.exe
  2⤵
  PID:7448
- C:\Windows\System\yRttTEg.exe
  C:\Windows\System\yRttTEg.exe
  2⤵
  PID:7572
- C:\Windows\System\CdiKnHi.exe
  C:\Windows\System\CdiKnHi.exe
  2⤵
  PID:2020
- C:\Windows\System\WGrHDSY.exe
  C:\Windows\System\WGrHDSY.exe
  2⤵
  PID:692
- C:\Windows\System\LUzubay.exe
  C:\Windows\System\LUzubay.exe
  2⤵
  PID:7660
- C:\Windows\System\LFOoSFr.exe
  C:\Windows\System\LFOoSFr.exe
  2⤵
  PID:7820
- C:\Windows\System\xnaFNih.exe
  C:\Windows\System\xnaFNih.exe
  2⤵
  PID:688
- C:\Windows\System\AuFzrzV.exe
  C:\Windows\System\AuFzrzV.exe
  2⤵
  PID:8200
- C:\Windows\System\eUrIogL.exe
  C:\Windows\System\eUrIogL.exe
  2⤵
  PID:8216
- C:\Windows\System\RlfQqER.exe
  C:\Windows\System\RlfQqER.exe
  2⤵
  PID:8240
- C:\Windows\System\qnFqCJh.exe
  C:\Windows\System\qnFqCJh.exe
  2⤵
  PID:8260
- C:\Windows\System\SFDaEEu.exe
  C:\Windows\System\SFDaEEu.exe
  2⤵
  PID:8280
- C:\Windows\System\GzoGiab.exe
  C:\Windows\System\GzoGiab.exe
  2⤵
  PID:8296
- C:\Windows\System\OrbIapD.exe
  C:\Windows\System\OrbIapD.exe
  2⤵
  PID:8320
- C:\Windows\System\ryXHfWH.exe
  C:\Windows\System\ryXHfWH.exe
  2⤵
  PID:8336
- C:\Windows\System\fiedROa.exe
  C:\Windows\System\fiedROa.exe
  2⤵
  PID:8360
- C:\Windows\System\DOZmhAW.exe
  C:\Windows\System\DOZmhAW.exe
  2⤵
  PID:8376
- C:\Windows\System\YqnRtYd.exe
  C:\Windows\System\YqnRtYd.exe
  2⤵
  PID:8396
- C:\Windows\System\Qtmpvby.exe
  C:\Windows\System\Qtmpvby.exe
  2⤵
  PID:8420
- C:\Windows\System\KKUlHSQ.exe
  C:\Windows\System\KKUlHSQ.exe
  2⤵
  PID:8440
- C:\Windows\System\IVeHGqd.exe
  C:\Windows\System\IVeHGqd.exe
  2⤵
  PID:8456
- C:\Windows\System\APwbJhY.exe
  C:\Windows\System\APwbJhY.exe
  2⤵
  PID:8476
- C:\Windows\System\OMECfpc.exe
  C:\Windows\System\OMECfpc.exe
  2⤵
  PID:8500
- C:\Windows\System\PoHVyQb.exe
  C:\Windows\System\PoHVyQb.exe
  2⤵
  PID:8524
- C:\Windows\System\YYnKNCs.exe
  C:\Windows\System\YYnKNCs.exe
  2⤵
  PID:8540
- C:\Windows\System\AaXcHBc.exe
  C:\Windows\System\AaXcHBc.exe
  2⤵
  PID:8564
- C:\Windows\System\nSNdHem.exe
  C:\Windows\System\nSNdHem.exe
  2⤵
  PID:8580
- C:\Windows\System\UDzFCJm.exe
  C:\Windows\System\UDzFCJm.exe
  2⤵
  PID:8600
- C:\Windows\System\hlkHvwF.exe
  C:\Windows\System\hlkHvwF.exe
  2⤵
  PID:8620
- C:\Windows\System\bxVDGUJ.exe
  C:\Windows\System\bxVDGUJ.exe
  2⤵
  PID:8644
- C:\Windows\System\ontQANH.exe
  C:\Windows\System\ontQANH.exe
  2⤵
  PID:8660
- C:\Windows\System\OQfJMyM.exe
  C:\Windows\System\OQfJMyM.exe
  2⤵
  PID:8676
- C:\Windows\System\ARsynoT.exe
  C:\Windows\System\ARsynoT.exe
  2⤵
  PID:8704
- C:\Windows\System\PrWvHLT.exe
  C:\Windows\System\PrWvHLT.exe
  2⤵
  PID:8724
- C:\Windows\System\pEjGBon.exe
  C:\Windows\System\pEjGBon.exe
  2⤵
  PID:8740
- C:\Windows\System\xvaHPAJ.exe
  C:\Windows\System\xvaHPAJ.exe
  2⤵
  PID:8756
- C:\Windows\System\ZlxvDZx.exe
  C:\Windows\System\ZlxvDZx.exe
  2⤵
  PID:8776
- C:\Windows\System\yEEjFZb.exe
  C:\Windows\System\yEEjFZb.exe
  2⤵
  PID:8792
- C:\Windows\System\lqsETCF.exe
  C:\Windows\System\lqsETCF.exe
  2⤵
  PID:8812
- C:\Windows\System\oeIZCsv.exe
  C:\Windows\System\oeIZCsv.exe
  2⤵
  PID:8828
- C:\Windows\System\KswjVQb.exe
  C:\Windows\System\KswjVQb.exe
  2⤵
  PID:8864
- C:\Windows\System\TRAoMMS.exe
  C:\Windows\System\TRAoMMS.exe
  2⤵
  PID:8884
- C:\Windows\System\uDNNobp.exe
  C:\Windows\System\uDNNobp.exe
  2⤵
  PID:8900
- C:\Windows\System\GNVZTfV.exe
  C:\Windows\System\GNVZTfV.exe
  2⤵
  PID:8916
- C:\Windows\System\RNiduLL.exe
  C:\Windows\System\RNiduLL.exe
  2⤵
  PID:8936
- C:\Windows\System\WxWYRVL.exe
  C:\Windows\System\WxWYRVL.exe
  2⤵
  PID:8956
- C:\Windows\System\atvUeJf.exe
  C:\Windows\System\atvUeJf.exe
  2⤵
  PID:8972
- C:\Windows\System\WmuqMei.exe
  C:\Windows\System\WmuqMei.exe
  2⤵
  PID:8988
- C:\Windows\System\WowLfde.exe
  C:\Windows\System\WowLfde.exe
  2⤵
  PID:9008
- C:\Windows\System\eYpqtOR.exe
  C:\Windows\System\eYpqtOR.exe
  2⤵
  PID:9028
- C:\Windows\System\paCyKTD.exe
  C:\Windows\System\paCyKTD.exe
  2⤵
  PID:9060
- C:\Windows\System\XBkiRQf.exe
  C:\Windows\System\XBkiRQf.exe
  2⤵
  PID:9080
- C:\Windows\System\VoAmlmJ.exe
  C:\Windows\System\VoAmlmJ.exe
  2⤵
  PID:9100
- C:\Windows\System\hmtLFSc.exe
  C:\Windows\System\hmtLFSc.exe
  2⤵
  PID:9116
- C:\Windows\System\yWBztKg.exe
  C:\Windows\System\yWBztKg.exe
  2⤵
  PID:9136
- C:\Windows\System\UbMSDHV.exe
  C:\Windows\System\UbMSDHV.exe
  2⤵
  PID:9164
- C:\Windows\System\IunxyhV.exe
  C:\Windows\System\IunxyhV.exe
  2⤵
  PID:9180
- C:\Windows\System\hdKKjHE.exe
  C:\Windows\System\hdKKjHE.exe
  2⤵
  PID:9208
- C:\Windows\System\rSKmAbY.exe
  C:\Windows\System\rSKmAbY.exe
  2⤵
  PID:2372
- C:\Windows\System\aYGMqUP.exe
  C:\Windows\System\aYGMqUP.exe
  2⤵
  PID:8208
- C:\Windows\System\QgzQuYY.exe
  C:\Windows\System\QgzQuYY.exe
  2⤵
  PID:8236
- C:\Windows\System\AUdEZfd.exe
  C:\Windows\System\AUdEZfd.exe
  2⤵
  PID:8256
- C:\Windows\System\zPwjHHk.exe
  C:\Windows\System\zPwjHHk.exe
  2⤵
  PID:8288
- C:\Windows\System\CcQbibh.exe
  C:\Windows\System\CcQbibh.exe
  2⤵
  PID:8332
- C:\Windows\System\KdxAwdT.exe
  C:\Windows\System\KdxAwdT.exe
  2⤵
  PID:8384
- C:\Windows\System\KMgKWlo.exe
  C:\Windows\System\KMgKWlo.exe
  2⤵
  PID:8412
- C:\Windows\System\cpuFYTI.exe
  C:\Windows\System\cpuFYTI.exe
  2⤵
  PID:8432
- C:\Windows\System\FShGDYU.exe
  C:\Windows\System\FShGDYU.exe
  2⤵
  PID:8468
- C:\Windows\System\SAPzViI.exe
  C:\Windows\System\SAPzViI.exe
  2⤵
  PID:8508
- C:\Windows\System\YQLSIjd.exe
  C:\Windows\System\YQLSIjd.exe
  2⤵
  PID:7260
- C:\Windows\System\MlPZPmJ.exe
  C:\Windows\System\MlPZPmJ.exe
  2⤵
  PID:8536
- C:\Windows\System\kxJbQtl.exe
  C:\Windows\System\kxJbQtl.exe
  2⤵
  PID:8596
- C:\Windows\System\QDyrokb.exe
  C:\Windows\System\QDyrokb.exe
  2⤵
  PID:8616
- C:\Windows\System\qmIvxSU.exe
  C:\Windows\System\qmIvxSU.exe
  2⤵
  PID:8668
- C:\Windows\System\hrFLTHM.exe
  C:\Windows\System\hrFLTHM.exe
  2⤵
  PID:8700
- C:\Windows\System\MYHEGmq.exe
  C:\Windows\System\MYHEGmq.exe
  2⤵
  PID:8720
- C:\Windows\System\IWuYKYB.exe
  C:\Windows\System\IWuYKYB.exe
  2⤵
  PID:8748
- C:\Windows\System\LXgZcph.exe
  C:\Windows\System\LXgZcph.exe
  2⤵
  PID:8736
- C:\Windows\System\IsftTAj.exe
  C:\Windows\System\IsftTAj.exe
  2⤵
  PID:8764
- C:\Windows\System\rDRuyeL.exe
  C:\Windows\System\rDRuyeL.exe
  2⤵
  PID:8856
- C:\Windows\System\BmorzTT.exe
  C:\Windows\System\BmorzTT.exe
  2⤵
  PID:8872
- C:\Windows\System\kapArQy.exe
  C:\Windows\System\kapArQy.exe
  2⤵
  PID:8952
- C:\Windows\System\EKmqhUf.exe
  C:\Windows\System\EKmqhUf.exe
  2⤵
  PID:9024
- C:\Windows\System\rwewwTO.exe
  C:\Windows\System\rwewwTO.exe
  2⤵
  PID:9004
- C:\Windows\System\rwZsXDI.exe
  C:\Windows\System\rwZsXDI.exe
  2⤵
  PID:8896
- C:\Windows\System\iPRXcPo.exe
  C:\Windows\System\iPRXcPo.exe
  2⤵
  PID:9068
- C:\Windows\System\zWqTXmH.exe
  C:\Windows\System\zWqTXmH.exe
  2⤵
  PID:9096
- C:\Windows\System\QzOefnd.exe
  C:\Windows\System\QzOefnd.exe
  2⤵
  PID:9152
- C:\Windows\System\OcDraLo.exe
  C:\Windows\System\OcDraLo.exe
  2⤵
  PID:9176
- C:\Windows\System\NEWpsQU.exe
  C:\Windows\System\NEWpsQU.exe
  2⤵
  PID:9200
- C:\Windows\System\faVTswU.exe
  C:\Windows\System\faVTswU.exe
  2⤵
  PID:2420
- C:\Windows\System\sRUcQop.exe
  C:\Windows\System\sRUcQop.exe
  2⤵
  PID:8252
- C:\Windows\System\ZEqjnyh.exe
  C:\Windows\System\ZEqjnyh.exe
  2⤵
  PID:8228
- C:\Windows\System\IUMgOkY.exe
  C:\Windows\System\IUMgOkY.exe
  2⤵
  PID:8372
- C:\Windows\System\OZKpoie.exe
  C:\Windows\System\OZKpoie.exe
  2⤵
  PID:8388
- C:\Windows\System\BvmVSIz.exe
  C:\Windows\System\BvmVSIz.exe
  2⤵
  PID:8408
- C:\Windows\System\XfCeBRS.exe
  C:\Windows\System\XfCeBRS.exe
  2⤵
  PID:2820
- C:\Windows\System\ioigmPo.exe
  C:\Windows\System\ioigmPo.exe
  2⤵
  PID:8588
- C:\Windows\System\JgmntIE.exe
  C:\Windows\System\JgmntIE.exe
  2⤵
  PID:8640
- C:\Windows\System\KKSgGew.exe
  C:\Windows\System\KKSgGew.exe
  2⤵
  PID:8692
- C:\Windows\System\bxIGMjv.exe
  C:\Windows\System\bxIGMjv.exe
  2⤵
  PID:8608
- C:\Windows\System\wWLqBvn.exe
  C:\Windows\System\wWLqBvn.exe
  2⤵
  PID:8784
- C:\Windows\System\HRQMZsV.exe
  C:\Windows\System\HRQMZsV.exe
  2⤵
  PID:8912
- C:\Windows\System\lUcZJiN.exe
  C:\Windows\System\lUcZJiN.exe
  2⤵
  PID:9000
- C:\Windows\System\VegkjUK.exe
  C:\Windows\System\VegkjUK.exe
  2⤵
  PID:8800
- C:\Windows\System\hpTRtyQ.exe
  C:\Windows\System\hpTRtyQ.exe
  2⤵
  PID:8844
- C:\Windows\System\SJenfsC.exe
  C:\Windows\System\SJenfsC.exe
  2⤵
  PID:9044
- C:\Windows\System\TxuHlpC.exe
  C:\Windows\System\TxuHlpC.exe
  2⤵
  PID:9092
- C:\Windows\System\wWJsgwH.exe
  C:\Windows\System\wWJsgwH.exe
  2⤵
  PID:9124
- C:\Windows\System\ZKGQSDB.exe
  C:\Windows\System\ZKGQSDB.exe
  2⤵
  PID:9144
- C:\Windows\System\ArdPlAj.exe
  C:\Windows\System\ArdPlAj.exe
  2⤵
  PID:9192
- C:\Windows\System\ZFECIvX.exe
  C:\Windows\System\ZFECIvX.exe
  2⤵
  PID:8248
- C:\Windows\System\EpTwBet.exe
  C:\Windows\System\EpTwBet.exe
  2⤵
  PID:8272
- C:\Windows\System\ySYpoAo.exe
  C:\Windows\System\ySYpoAo.exe
  2⤵
  PID:8556
- C:\Windows\System\QrZybmE.exe
  C:\Windows\System\QrZybmE.exe
  2⤵
  PID:8356
- C:\Windows\System\WTUiYFx.exe
  C:\Windows\System\WTUiYFx.exe
  2⤵
  PID:8712
- C:\Windows\System\HramZsw.exe
  C:\Windows\System\HramZsw.exe
  2⤵
  PID:8656
- C:\Windows\System\fsvXJsK.exe
  C:\Windows\System\fsvXJsK.exe
  2⤵
  PID:8892
- C:\Windows\System\fVTEZwd.exe
  C:\Windows\System\fVTEZwd.exe
  2⤵
  PID:8908
- C:\Windows\System\exQElVd.exe
  C:\Windows\System\exQElVd.exe
  2⤵
  PID:8804
- C:\Windows\System\YJmQWbB.exe
  C:\Windows\System\YJmQWbB.exe
  2⤵
  PID:9016
- C:\Windows\System\nOLNbmn.exe
  C:\Windows\System\nOLNbmn.exe
  2⤵
  PID:9112
- C:\Windows\System\wVvJDMQ.exe
  C:\Windows\System\wVvJDMQ.exe
  2⤵
  PID:8428
- C:\Windows\System\eELLZFI.exe
  C:\Windows\System\eELLZFI.exe
  2⤵
  PID:8312
- C:\Windows\System\MVKwUCB.exe
  C:\Windows\System\MVKwUCB.exe
  2⤵
  PID:9088
- C:\Windows\System\zfTENVg.exe
  C:\Windows\System\zfTENVg.exe
  2⤵
  PID:8452
- C:\Windows\System\PEqOdAa.exe
  C:\Windows\System\PEqOdAa.exe
  2⤵
  PID:9052
- C:\Windows\System\nTjqHqN.exe
  C:\Windows\System\nTjqHqN.exe
  2⤵
  PID:8928
- C:\Windows\System\JQrjWpc.exe
  C:\Windows\System\JQrjWpc.exe
  2⤵
  PID:7708
- C:\Windows\System\EqPSrkS.exe
  C:\Windows\System\EqPSrkS.exe
  2⤵
  PID:8576
- C:\Windows\System\LhwQopN.exe
  C:\Windows\System\LhwQopN.exe
  2⤵
  PID:8948
- C:\Windows\System\ccKkdyO.exe
  C:\Windows\System\ccKkdyO.exe
  2⤵
  PID:8684
- C:\Windows\System\mIutqqa.exe
  C:\Windows\System\mIutqqa.exe
  2⤵
  PID:9056
- C:\Windows\System\OgrVaYn.exe
  C:\Windows\System\OgrVaYn.exe
  2⤵
  PID:8840
- C:\Windows\System\xCvxaPz.exe
  C:\Windows\System\xCvxaPz.exe
  2⤵
  PID:8688
- C:\Windows\System\pNyYdPN.exe
  C:\Windows\System\pNyYdPN.exe
  2⤵
  PID:8292
- C:\Windows\System\RpcxcYd.exe
  C:\Windows\System\RpcxcYd.exe
  2⤵
  PID:9228
- C:\Windows\System\hqRCBVt.exe
  C:\Windows\System\hqRCBVt.exe
  2⤵
  PID:9244
- C:\Windows\System\RXXRjDP.exe
  C:\Windows\System\RXXRjDP.exe
  2⤵
  PID:9264
- C:\Windows\System\QBImEeV.exe
  C:\Windows\System\QBImEeV.exe
  2⤵
  PID:9292
- C:\Windows\System\bGDgBBy.exe
  C:\Windows\System\bGDgBBy.exe
  2⤵
  PID:9308
- C:\Windows\System\RwzAZhj.exe
  C:\Windows\System\RwzAZhj.exe
  2⤵
  PID:9328
- C:\Windows\System\gtDiwzW.exe
  C:\Windows\System\gtDiwzW.exe
  2⤵
  PID:9344
- C:\Windows\System\cSCtmUM.exe
  C:\Windows\System\cSCtmUM.exe
  2⤵
  PID:9368
- C:\Windows\System\WhHLKPr.exe
  C:\Windows\System\WhHLKPr.exe
  2⤵
  PID:9388
- C:\Windows\System\MmgnnYu.exe
  C:\Windows\System\MmgnnYu.exe
  2⤵
  PID:9404
- C:\Windows\System\NcEsSoj.exe
  C:\Windows\System\NcEsSoj.exe
  2⤵
  PID:9424
- C:\Windows\System\EhLKCUf.exe
  C:\Windows\System\EhLKCUf.exe
  2⤵
  PID:9444
- C:\Windows\System\cnuumtX.exe
  C:\Windows\System\cnuumtX.exe
  2⤵
  PID:9468
- C:\Windows\System\RYckuxE.exe
  C:\Windows\System\RYckuxE.exe
  2⤵
  PID:9492
- C:\Windows\System\YnLQvSx.exe
  C:\Windows\System\YnLQvSx.exe
  2⤵
  PID:9508
- C:\Windows\System\iXfEEZT.exe
  C:\Windows\System\iXfEEZT.exe
  2⤵
  PID:9524
- C:\Windows\System\jjrHhUf.exe
  C:\Windows\System\jjrHhUf.exe
  2⤵
  PID:9544
- C:\Windows\System\YYRdbsS.exe
  C:\Windows\System\YYRdbsS.exe
  2⤵
  PID:9560
- C:\Windows\System\ZiHLMhh.exe
  C:\Windows\System\ZiHLMhh.exe
  2⤵
  PID:9580
- C:\Windows\System\nyhjobD.exe
  C:\Windows\System\nyhjobD.exe
  2⤵
  PID:9596
- C:\Windows\System\ZAuodMA.exe
  C:\Windows\System\ZAuodMA.exe
  2⤵
  PID:9616
- C:\Windows\System\KwRHCng.exe
  C:\Windows\System\KwRHCng.exe
  2⤵
  PID:9632
- C:\Windows\System\YcuumEo.exe
  C:\Windows\System\YcuumEo.exe
  2⤵
  PID:9660
- C:\Windows\System\pyciisD.exe
  C:\Windows\System\pyciisD.exe
  2⤵
  PID:9684
- C:\Windows\System\ETEpXTw.exe
  C:\Windows\System\ETEpXTw.exe
  2⤵
  PID:9704
- C:\Windows\System\hzhEXHP.exe
  C:\Windows\System\hzhEXHP.exe
  2⤵
  PID:9728
- C:\Windows\System\jpfKcQi.exe
  C:\Windows\System\jpfKcQi.exe
  2⤵
  PID:9744
- C:\Windows\System\jIRIyAi.exe
  C:\Windows\System\jIRIyAi.exe
  2⤵
  PID:9764
- C:\Windows\System\eRJjhXd.exe
  C:\Windows\System\eRJjhXd.exe
  2⤵
  PID:9788
- C:\Windows\System\aMAakfH.exe
  C:\Windows\System\aMAakfH.exe
  2⤵
  PID:9816
- C:\Windows\System\EIwEJPs.exe
  C:\Windows\System\EIwEJPs.exe
  2⤵
  PID:9832
- C:\Windows\System\ixfzbLb.exe
  C:\Windows\System\ixfzbLb.exe
  2⤵
  PID:9848
- C:\Windows\System\wfZYWlv.exe
  C:\Windows\System\wfZYWlv.exe
  2⤵
  PID:9872
- C:\Windows\System\KEypwlM.exe
  C:\Windows\System\KEypwlM.exe
  2⤵
  PID:9892
- C:\Windows\System\XDlipno.exe
  C:\Windows\System\XDlipno.exe
  2⤵
  PID:9916
- C:\Windows\System\DwapkqS.exe
  C:\Windows\System\DwapkqS.exe
  2⤵
  PID:9932
- C:\Windows\System\DUTtkIy.exe
  C:\Windows\System\DUTtkIy.exe
  2⤵
  PID:9952
- C:\Windows\System\lCnRboz.exe
  C:\Windows\System\lCnRboz.exe
  2⤵
  PID:9972
- C:\Windows\System\CMnZcLZ.exe
  C:\Windows\System\CMnZcLZ.exe
  2⤵
  PID:9996
- C:\Windows\System\FzgogLs.exe
  C:\Windows\System\FzgogLs.exe
  2⤵
  PID:10016
- C:\Windows\System\MFuIFpK.exe
  C:\Windows\System\MFuIFpK.exe
  2⤵
  PID:10032
- C:\Windows\System\SiKEgul.exe
  C:\Windows\System\SiKEgul.exe
  2⤵
  PID:10052
- C:\Windows\System\MpbTwGt.exe
  C:\Windows\System\MpbTwGt.exe
  2⤵
  PID:10072
- C:\Windows\System\gDzWlvR.exe
  C:\Windows\System\gDzWlvR.exe
  2⤵
  PID:10092
- C:\Windows\System\KruAsow.exe
  C:\Windows\System\KruAsow.exe
  2⤵
  PID:10112
- C:\Windows\System\LSfdtVE.exe
  C:\Windows\System\LSfdtVE.exe
  2⤵
  PID:10132
- C:\Windows\System\LLIxljL.exe
  C:\Windows\System\LLIxljL.exe
  2⤵
  PID:10152
- C:\Windows\System\xbnnrXJ.exe
  C:\Windows\System\xbnnrXJ.exe
  2⤵
  PID:10172
- C:\Windows\System\eyICTFy.exe
  C:\Windows\System\eyICTFy.exe
  2⤵
  PID:10188
- C:\Windows\System\ousTQeQ.exe
  C:\Windows\System\ousTQeQ.exe
  2⤵
  PID:10212
- C:\Windows\System\yrGWFkj.exe
  C:\Windows\System\yrGWFkj.exe
  2⤵
  PID:10236
- C:\Windows\System\FqNtdfr.exe
  C:\Windows\System\FqNtdfr.exe
  2⤵
  PID:8496
- C:\Windows\System\BXLPwjr.exe
  C:\Windows\System\BXLPwjr.exe
  2⤵
  PID:9260
- C:\Windows\System\sXguJJT.exe
  C:\Windows\System\sXguJJT.exe
  2⤵
  PID:9220
- C:\Windows\System\vPQsxLD.exe
  C:\Windows\System\vPQsxLD.exe
  2⤵
  PID:9272
- C:\Windows\System\BnbaXsF.exe
  C:\Windows\System\BnbaXsF.exe
  2⤵
  PID:9320
- C:\Windows\System\mqxetNK.exe
  C:\Windows\System\mqxetNK.exe
  2⤵
  PID:9352
- C:\Windows\System\LunKYCv.exe
  C:\Windows\System\LunKYCv.exe
  2⤵
  PID:9384
- C:\Windows\System\zbcyfFT.exe
  C:\Windows\System\zbcyfFT.exe
  2⤵
  PID:9420
- C:\Windows\System\SRjSbxT.exe
  C:\Windows\System\SRjSbxT.exe
  2⤵
  PID:9416
- C:\Windows\System\IdyVmHx.exe
  C:\Windows\System\IdyVmHx.exe
  2⤵
  PID:9480
- C:\Windows\System\VNZOzHl.exe
  C:\Windows\System\VNZOzHl.exe
  2⤵
  PID:9520
- C:\Windows\System\uyslakX.exe
  C:\Windows\System\uyslakX.exe
  2⤵
  PID:9536
- C:\Windows\System\zZSDorG.exe
  C:\Windows\System\zZSDorG.exe
  2⤵
  PID:9604
- C:\Windows\System\qNuvRiF.exe
  C:\Windows\System\qNuvRiF.exe
  2⤵
  PID:9628
- C:\Windows\System\wgaIuMc.exe
  C:\Windows\System\wgaIuMc.exe
  2⤵
  PID:9700
- C:\Windows\System\zIIJTlf.exe
  C:\Windows\System\zIIJTlf.exe
  2⤵
  PID:9680
- C:\Windows\System\YlYkPiV.exe
  C:\Windows\System\YlYkPiV.exe
  2⤵
  PID:9760
- C:\Windows\System\wKNSDYQ.exe
  C:\Windows\System\wKNSDYQ.exe
  2⤵
  PID:9772
- C:\Windows\System\MRnohze.exe
  C:\Windows\System\MRnohze.exe
  2⤵
  PID:9800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AHgndmp.exe

Filesize
6.0MB

MD5
7d896d6840837bce99b43d096e87084c

SHA1
e5f4c9546613faa9a34e948cec47402dbe0436e0

SHA256
7486cce294acf98ec2671bf52dfb73d01d5a037f980e2beb0e00ee9732d45be1

SHA512
a270c477c4642a4fec9f4d563dd080243ee3b8ccf3d8e3314ef84f3b90511ab98265a3422ef2f62fb8fae9774c665eafc2f7ee4cb401877308bd2c707bcd6ba7

Download Submit
C:\Windows\system\DOTyUye.exe

Filesize
6.0MB

MD5
3b97779dc0e981e63a8d44f6a2e13a6a

SHA1
3596cae56af1a7f7c17db58c5cdcfe9bbdf48c73

SHA256
f6d7547b0ec7792a0d5ad13f1254b703fdd2d30cc042f9d138b3b8276c876e23

SHA512
8dd7437c73525461b04cf2a7b4076a0c1533ad9f7d3a82fcd779241a539503b84fcca610b1157f73d8f2099e406b822426a6ac4915b7cdf02e452dbcc4481dea

Download Submit
C:\Windows\system\EWYqKmT.exe

Filesize
6.0MB

MD5
3414e0f2c158ed388e7897bec77057f4

SHA1
8255b89c31b56d779e36ff2af5170d5a0b116d0c

SHA256
e0c73909751cb7e4559e0741f5c1dac04140de7a6184afae865b04a68a1cfda6

SHA512
83d0ddffa24836e4807ce7c0878d544fb14db98126735e172a074826793434eb7d7eec7ad1947c8b2191b0e656146fc56e4647012d3c841d4a3bccd503a21b52

Download Submit
C:\Windows\system\EsrmaUy.exe

Filesize
6.0MB

MD5
d3ca9c0e25155a78ff9b623427b69c61

SHA1
87f8efbc0a2c13270267570312dd6cb41e0e4427

SHA256
606b9f6f602a7bb5a6ce10f951c11d66603d2c1aa93de236d2ac90315cfec5a1

SHA512
e31ef327c0afcf86b536e24242948534be3d7cd0fadc9409542589451f0f7c42cbb44786051c3510f50e59bda50f3c5ea9563bc005684e9d0c522f9bbd505417

Download Submit
C:\Windows\system\JCBlOjT.exe

Filesize
6.0MB

MD5
d1046100e49c54a8d75d63f25a23b24a

SHA1
73e87ea434d842a279d3ad439f0c0a07e807c339

SHA256
9ff68a1c4209548be8e0b2c21659218d1614bca6c9e6659cd0a43fd3c1846449

SHA512
0db4cbdd07684cbac5058a3f5906d5fbe35989fc64b0de6c2ec6abe9af8759a67335eca4fab20bc2cfe054b613af7e605cffb45d10e6ea75ac1db68b6e856970

Download Submit
C:\Windows\system\JXLIxyM.exe

Filesize
6.0MB

MD5
a99a24d3f3bba51fd9934a9fcfaf66eb

SHA1
31ef16dccef6299ac116b235acaae4fa5ff3a3c0

SHA256
9fbad1b7d4856ca65534c3e465b9e5ebf25cb08276a2cb75c410d7e5c237be4b

SHA512
5c7fe2ba6fcaa936689d6d82cddde58ae04a456eabed001f58a70a9b4b47426d79e79a94a0adc359e2bc69780a427b85b0e31771b80b71b02006b906354cb4c5

Download Submit
C:\Windows\system\KmlHqkO.exe

Filesize
6.0MB

MD5
f68e15e6e0931688afa1b8d019a20c93

SHA1
0b20617f23e2b08c11e4dd36c72ec819de7882a5

SHA256
d53c550f3e9c5561e3311715d8a06d3494466a3e4e236cc8d4470d2faf35dcd3

SHA512
56abc0cac7a87fc4edeed32a60a43870fefba995c48e848e83b7654a4a5cac8df08958e9e9e590474f60fb2ddd83bd3206e5f6f570ec3d0e4d23c81dc81687b8

Download Submit
C:\Windows\system\MOoYaBd.exe

Filesize
6.0MB

MD5
55d253485ed63c86c569b55fab27f90f

SHA1
929e18c8c731193b2ef5044960d8caa791ea47f5

SHA256
8eb5ec03c2d84b10354388296142f691d27b9654a8d8eb1fc368b6816d21b7b2

SHA512
20688d6cb723bbaeb5488443754f458da7d361f739b83653fa8ef71238b173fb428ebf81ffebdf9319afb8bfbfe475f518c5512db8a7ac3c61fa5f7ce17eb92f

Download Submit
C:\Windows\system\QsrxRku.exe

Filesize
6.0MB

MD5
b588641892f7fa657eb577d769bed726

SHA1
534c85fbbf30c25c91a6ef0848238eff886c6789

SHA256
3a19e9c00611ba92e9b1f87bef99faae4995ba70b41f8918e56e0a559f657410

SHA512
78e9caf5e0e5861802b0200ea28583d4a3c980c5be46c9655169b0307e9bb9142ee18d5f90bd39bc5bfb59fdfe0e03f1d5d03543738f44de36baa00f6e2ed4d2

Download Submit
C:\Windows\system\QtimPRX.exe

Filesize
6.0MB

MD5
32781039186c0dc1c55fd66f8b49ece4

SHA1
a939e18849d9333caa8ecf50675c9e503377299f

SHA256
157bb3a39c9bf5d89ec95ced1265c5212c692ca17ec7268256e91209abe891e5

SHA512
714cecf599bb48223358c79a5f72f93824f571ef57a28b0dd0f9fbd51d136a013a14c65dc05a4e8ab52f89694540ee625204d03d2da979a9fb158e3752195bf6

Download Submit
C:\Windows\system\XggJqtQ.exe

Filesize
6.0MB

MD5
af6559eef88f78cc4e487ccbc3d4e329

SHA1
8a596765d09b1b9e3ab7d008898f4671507d5adf

SHA256
f8eb0aa8f4f4ce68cd039392b18eac76e015699337d048e1739b70e358e32a61

SHA512
557a8aa5832f88af658a3e53a6ffb2b894f1505a422dfd62d482c762b68ff4bbcabc2d110157017a3779776a96698def1c2d26de2c77f9591bf22b4b9560acc5

Download Submit
C:\Windows\system\YMrdhNx.exe

Filesize
6.0MB

MD5
5237d45592064831f4a6bd11fcfd3c75

SHA1
ad908d5106c3e6f31a4394ae3556e04989058e4b

SHA256
c7390006743b03175b87972d1993c3f3c155c5109c3439645000030cb0e20260

SHA512
c77e5b245628155a3dbc936b51457324e02211001822be81de00df69a2f8ca0b49f2829487a550eddf56420807915b42518c5264a9cf67de0726efedae7c2018

Download Submit
C:\Windows\system\ZVmeTZT.exe

Filesize
6.0MB

MD5
2c01f7d5c436e3b506ab25dff6b0f63a

SHA1
bc4bbaad011ffc78d6fc58bbf403bba1acd8a90c

SHA256
74c1681014dfeca6d9c15449bcd27f417a5f16580eea6d571a9c4e8b749baf15

SHA512
f90b254b332f2d0cabce115b4927ef034f69ab7a7658df4a4aecc6ba1e7104b851a521aa7fcb441b44a308ec2ad9621aed323ddc02ca73edb42427a330b69450

Download Submit
C:\Windows\system\bwSfsQk.exe

Filesize
6.0MB

MD5
7a6a21b8b191d8de337a038fa08dd898

SHA1
c196fed5a489268dcd968323e125839494d5a6ab

SHA256
2db591e84ef393e427859dab76801aad2baead89857afad4c9ef733427201c54

SHA512
7a213d4780b574a28d98f86386e32e7f3b77b108b7bdd97d0758dcad70d8966750b01e587f241c09bd1cf57e3b844e43e5c2dadd4ed3c01971cfaaf78ed35215

Download Submit
C:\Windows\system\cImNSND.exe

Filesize
6.0MB

MD5
f69580aaab9f7f253ff5af4aaf751d27

SHA1
1fb5c54e0da7bda9f46a0d7f4d58242063a7fa59

SHA256
54a75c6087823a838e14b6afe04464274665614dfb90146847652db2fcc3ef20

SHA512
13408ad8a1bf00f1abcd476923c88118a4c4e725f5b1a412c23f1dcd24425251ec06ebfcfee7257a1f32ba4713e5c00951062fd2cbd3925487603ff8ab28e587

Download Submit
C:\Windows\system\dTZaQqM.exe

Filesize
6.0MB

MD5
aab2381d85a1dda9949d7a54c209cfd5

SHA1
ef129446845f44c30c59dac5ab9ecb8c51b875ab

SHA256
a3a779bd04aa0e7d71e2d8d9eb63f9e463b34e12fb7bdc4a6b86a1d9d438d554

SHA512
a388b3e9de2050eb521fec1eea0390e615f754df48876b336032bb273389dced45eedc2cb7eb5d8c123c6e21703929fa79302e26b07bf289453e0245187a8936

Download Submit
C:\Windows\system\esHtFCw.exe

Filesize
6.0MB

MD5
eba25ccc02b72efd38bf3f3f5ee3107a

SHA1
b34400b5e942d2cf3241212b0f9a58f22edc8d07

SHA256
aa0e2360cfa5005329da4f6a245ca99811dfa0b12c136709a5641bbcfe264883

SHA512
1000f1a48034eacd4cdcd6856e2c7ea2dac5a7d30c2cfd2367bfbf385bd02dc7ebc888c855765bc64837bf0ec4343692f2f91ab772ee1c8cb5436946a3b38b85

Download Submit
C:\Windows\system\hKQTLHc.exe

Filesize
6.0MB

MD5
1677d39d3a395c7ed5d3bd02bd22d7ad

SHA1
b20d85390b9312d29a173cb759f3490121830ce6

SHA256
7cd112ae36c972f7ba3a452138ed0e69cb0c237b9e6136f5970a5f6f1e591952

SHA512
2ae35fd7a5696c2ddb07f9f228cc9a2c0c25ef1b80320f8a0dac83321042d786f76b16102f162c39dfae2a2a119e5ed3237e152cc086b6f403b2cad08cf15586

Download Submit
C:\Windows\system\iwtmQOs.exe

Filesize
6.0MB

MD5
9367dd4473f60c6c4e515cf1186f5d35

SHA1
d3d41f7d01e60a6016665458683ef257ad11d368

SHA256
beaeaea86011672aa237637a86473a8d7fb71f9f093d1e31a6da2e8d67b84e56

SHA512
e03f702db138d3379e79ddabe3e485dc1958d1b214b82cd2b07b441e6d17322b3841ad72c72c1f9540e4960fb393bad0e7f4cc789aa430ec1f3bdc0bc8d954d6

Download Submit
C:\Windows\system\nJiuBdr.exe

Filesize
6.0MB

MD5
54f700874d5cc5b0b58e416a8526bc56

SHA1
88cbad0b53e2533b4ce693003c25f231da73bf95

SHA256
71c20f4c72f54b829e7573e8c6bc719e891fb41912683880b671f64cb0872548

SHA512
a1b8a031dcb97de3897e35db6a0d53da801c15bdf9aafffa2f942a7b81730233cf45b8affcc37050857631883f00435e80c7ad185edfe34f5b9ad85e06464a65

Download Submit
C:\Windows\system\oqbJCTX.exe

Filesize
6.0MB

MD5
95f19dc3d838e7aadb52a08e6f2a211f

SHA1
8cb864b469ca484d0448914a02fca5a0979459de

SHA256
65d01c5c14a2cd0b6aab3e542ce462888522bced63eb1e118b3553d36891c2f9

SHA512
671c34cad642b16c0d05ce5e8fb20f4853d1210b8ce97aaae842998f95226260b1223ee8b65b757954552b9ee210227b8355eab601891e497e82e576b48eeac3

Download Submit
C:\Windows\system\qOMYdzR.exe

Filesize
6.0MB

MD5
56853d851629459446c6f82b6c90b59d

SHA1
89c2a2e9b0724caf7a684e3a06062c7b66c5c34f

SHA256
13ad012c843c65011ce01d6c47ef61bee1f4d729824258fa26b92b1e158d3ce2

SHA512
782cf4120e9e894d182131f81a5e5de68c51d380f0ed6613091cd9095ac504d794f87eb0b9521e933de9d4c1e0737e02cf48e21a3c7531668b1bf00390bf51fd

Download Submit
C:\Windows\system\rRJRqJq.exe

Filesize
6.0MB

MD5
415e0f22075fe6d89c55da0708c3a4a1

SHA1
9d74e49daa9d8b919e76c1c2ab9e886463a1ebe7

SHA256
c7ffacaa357a671105df926e62ed2577860c21a13e7d5afbf1f416f36456c00f

SHA512
d3cbd0cec5e5f87a3414c7eb428ebb783240497a6e0463e830ef4b001ff91621648013dab332a4e8d03b09e743bbbfd97d18b8877e88d4317f7e2c2b03ae2e31

Download Submit
C:\Windows\system\xWqYnGn.exe

Filesize
6.0MB

MD5
fbbe6fcc3852c73b0324f6deb7fa0613

SHA1
d002aadc276db32e7abe38fe2c4237c1e65ea140

SHA256
67f59dfdd14c0c26e6731237b9d58fb3099e2a85fdf5ced42eb583ebca732842

SHA512
0e12e1cf551356ee97fffc6405710f303bdf1792e5680e5adf97c56169a76dc28261f5f1baddf406d45ceb3334cf540edcedc1b744bb8259fbaf7e5fe5006315

Download Submit
\Windows\system\AIDcQFC.exe

Filesize
6.0MB

MD5
2cc73a6407192e39b5ce97a7908a947d

SHA1
e4d3f65b5f7b35332608428da9752cae7f6f1060

SHA256
7680fabd414500c8a234a2772af702624247a27360f5d426e4beb35f81a6438b

SHA512
2e9fc5718f66c4d97317ca7931870bd25f2c8a94e28767f8391f75f3f1f87ac57f86ac5f7a647115032f815dc2b9ce07d21bc44584cff49a3c00c3fac2cf369d

Download Submit
\Windows\system\HgBowfS.exe

Filesize
6.0MB

MD5
4eb7f596433750b4f6eb13d825e92f11

SHA1
29a835a289de943b66ca63d4c059e68ba95feea9

SHA256
8f5c4c323a4f9fcc85160db85e7343aa93f23d0a1beac3e126c34819fec2671d

SHA512
c8935d13751649ecc6f9ac0d87ec3c66e84638f6341cfffdf6a2de0ea6b301d5502d9f7222862e7f8541bc6b10b05e156f5aa318dabd4399cbc6094f5eddc401

Download Submit
\Windows\system\INqFhZH.exe

Filesize
6.0MB

MD5
a3c679283c70c96f21f2983e505599cf

SHA1
9bf390a7b60e28430765889e74b2b831be16df70

SHA256
a52926c6ae1a8bf05d794651a3336ae0ba469d2bbc0d497c5b9219d009a9c4a4

SHA512
b3ceb536a3133009d280bd50db15258e7e44704aca5d4ed3ea7127191252c7362cd541641e112faba1b8a349858f4a3195e0f8e599878d5681c38afa2dafc4df

Download Submit
\Windows\system\Tnbzgde.exe

Filesize
6.0MB

MD5
4cfc1e16dc7125cf93703a02118cf5f0

SHA1
d645152dfac66a17d7bc8d92a335b7b56f4bd18a

SHA256
3ec1401bd525d9f63fec3d7f2c1a3929a087bec12c837c4e63a9c14bda442e40

SHA512
60370e44267042702c6e806db0aefab848527fb8ba293cbfc89f23f9dea066762c36a0c26bd742f4bfac287c298c530d3a74ae0fdf3d0d0db3728f174e47778e

Download Submit
\Windows\system\ceFmvlR.exe

Filesize
6.0MB

MD5
0e3133daf648a5a9385f22b47d00dde3

SHA1
8098025f2bb6ff9ef4ec283e1b961219355df95f

SHA256
4a35c3a6944acd1b5c1d0b6543dc6bd72d7267676a29a67f8819f6f6564f0797

SHA512
e0fd73521755fbb721156f30ab68ff0d84017c368aeeb72ef2a87666ec3db17446a7c65f9fd37c55d2d3d0797851a54c4d8a3aaab0fed5e053f0884c06d98aa6

Download Submit
\Windows\system\dbcIxsi.exe

Filesize
6.0MB

MD5
bf4d1f85e8314be5d2e5298f140fee6b

SHA1
088e2bd0fa3263f4e83c22da17d74919d1809243

SHA256
77e8b7c8e01d5ef0bdc5bc2a8ad0ba64db3f3d052c6496d39c17159910042379

SHA512
398088ec06000f41a7d89ea19cb0a9e61f352dc873bcbeaf0d9c7a723b77a43b9efe9294bdb10c2fd43dd1d83d2ce3ba2a1d417a5c3d531fb2de40fd3cffd484

Download Submit
\Windows\system\jelpnbV.exe

Filesize
6.0MB

MD5
789b56e5b21b0ad4836ba29d09980244

SHA1
92c096c343a8f030b0fe0c940a0dd4174c129485

SHA256
54aaa5564ffb713c00ec1bde25c4818796c9e57be0ee7f4fdff148b16ac3179a

SHA512
261cc062054bae027db4a1df749a07669785bb8e0496fe454c89c1c1c3b3ca9433a7046178148e83daca3ed9594fdac8e6ec3642ea4a7254b93e2cfa6e7dfeca

Download Submit
\Windows\system\yvrBbqn.exe

Filesize
6.0MB

MD5
20113b9ff59ae8e2b63eeab3aa4e3219

SHA1
f24689cdc83dfbfc8039b984bccc6a270e3d9827

SHA256
685c33f90f432de8de240052f95bbf91ad3a4c6c014c1455cfbd06d2b7eaf4b3

SHA512
f81dbfd6420b53176f53f01855de6cf46211e42a0f64a98992ddd30c1b046ac27958f0069d765f97c7e78b8118d85e5ef213a57c95356302ad33e75a9c4badd9

Download Submit
memory/1252-166-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/1252-100-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/1252-1787-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/1576-75-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1576-1503-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1616-1504-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1616-66-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1616-99-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-95-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2172-47-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-88-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2172-37-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-25-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-0-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-94-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-85-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2172-78-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2172-102-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2172-103-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2172-6-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2172-110-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2172-31-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-19-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-113-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-69-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2172-61-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-295-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-15-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2172-132-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2172-229-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-53-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2312-1657-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2312-92-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2600-59-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2600-1379-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2600-91-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2688-109-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1648-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2756-68-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-35-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1362-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-82-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-1368-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-57-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-21-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1339-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-11-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2856-38-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2856-1343-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2952-106-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-250-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-1786-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-1340-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2988-16-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/3004-1356-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/3004-42-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/3004-76-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/3032-1347-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-65-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-29-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download