cobaltstrike | 85d8e04a71e86a04b770acd255353517937eaa9512301592f6eeaf4c33a0d179

Analysis

max time kernel
125s
max time network
122s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
28/02/2025, 21:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.2MB
MD5

1a36cc1c5264c5033b3510b8bc22f236
SHA1

66b10fe8aafc89ae1ba434c4023b778e3a28b8d3
SHA256

85d8e04a71e86a04b770acd255353517937eaa9512301592f6eeaf4c33a0d179
SHA512

22d78e8cf3e7507042548f1a9730d1838e696dcf0a462c064f26cc3b772d0015ef27781bde6b0fec4b14023a8cc9f20a1ad4bf42e6f8fcb2abf99abb7aacd138
SSDEEP

49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lO:RWWBibf56utgpPFotBER/mQ32lUa

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001225e-3.dat	cobalt_reflective_dll
behavioral1/files/0x000b00000001926b-10.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001930d-14.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001932d-18.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001933b-22.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019374-25.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001939b-30.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b5-37.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-41.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-49.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a9-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48b-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-127.dat	cobalt_reflective_dll
behavioral1/files/0x0036000000019240-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-92.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-61.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-57.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-53.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-45.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b3-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 28 IoCs

miner

resource	yara_rule
behavioral1/memory/2232-665-0x000000013FF80000-0x00000001402D1000-memory.dmp	xmrig
behavioral1/memory/2808-922-0x000000013F840000-0x000000013FB91000-memory.dmp	xmrig
behavioral1/memory/2256-931-0x000000013FD70000-0x00000001400C1000-memory.dmp	xmrig
behavioral1/memory/2576-925-0x000000013F380000-0x000000013F6D1000-memory.dmp	xmrig
behavioral1/memory/2392-921-0x000000013F350000-0x000000013F6A1000-memory.dmp	xmrig
behavioral1/memory/2856-920-0x000000013F850000-0x000000013FBA1000-memory.dmp	xmrig
behavioral1/memory/1228-934-0x000000013F180000-0x000000013F4D1000-memory.dmp	xmrig
behavioral1/memory/2616-81-0x000000013FBF0000-0x000000013FF41000-memory.dmp	xmrig
behavioral1/memory/2736-77-0x000000013F8A0000-0x000000013FBF1000-memory.dmp	xmrig
behavioral1/memory/2732-109-0x000000013F810000-0x000000013FB61000-memory.dmp	xmrig
behavioral1/memory/1776-105-0x000000013F020000-0x000000013F371000-memory.dmp	xmrig
behavioral1/memory/2644-98-0x000000013FBC0000-0x000000013FF11000-memory.dmp	xmrig
behavioral1/memory/2696-94-0x000000013F350000-0x000000013F6A1000-memory.dmp	xmrig
behavioral1/memory/3020-88-0x000000013F470000-0x000000013F7C1000-memory.dmp	xmrig
behavioral1/memory/2856-4482-0x000000013F850000-0x000000013FBA1000-memory.dmp	xmrig
behavioral1/memory/2616-4517-0x000000013FBF0000-0x000000013FF41000-memory.dmp	xmrig
behavioral1/memory/2696-4516-0x000000013F350000-0x000000013F6A1000-memory.dmp	xmrig
behavioral1/memory/2736-4551-0x000000013F8A0000-0x000000013FBF1000-memory.dmp	xmrig
behavioral1/memory/3020-4552-0x000000013F470000-0x000000013F7C1000-memory.dmp	xmrig
behavioral1/memory/2644-4553-0x000000013FBC0000-0x000000013FF11000-memory.dmp	xmrig
behavioral1/memory/2808-4559-0x000000013F840000-0x000000013FB91000-memory.dmp	xmrig
behavioral1/memory/2256-4558-0x000000013FD70000-0x00000001400C1000-memory.dmp	xmrig
behavioral1/memory/1228-4566-0x000000013F180000-0x000000013F4D1000-memory.dmp	xmrig
behavioral1/memory/2392-4565-0x000000013F350000-0x000000013F6A1000-memory.dmp	xmrig
behavioral1/memory/2732-4557-0x000000013F810000-0x000000013FB61000-memory.dmp	xmrig
behavioral1/memory/2576-4556-0x000000013F380000-0x000000013F6D1000-memory.dmp	xmrig
behavioral1/memory/1776-4555-0x000000013F020000-0x000000013F371000-memory.dmp	xmrig
behavioral1/memory/2764-4728-0x000000013F500000-0x000000013F851000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2732	eZiskyw.exe
2856	WkZxaYe.exe
2736	vFJQfmz.exe
2392	cftDPsP.exe
2616	sfqNzAI.exe
2808	ZMxynug.exe
3020	tHdaMWU.exe
2764	EcFCXBZ.exe
2696	PPlCqwC.exe
2576	jQQOyjR.exe
2644	egqWbvC.exe
2256	oOwcHzR.exe
1776	cQadezb.exe
1228	OCUDvCA.exe
900	fbiyMJy.exe
1520	LrRbAnB.exe
1740	JgIfVsV.exe
2620	IQTXQeX.exe
2836	egAWElB.exe
2344	aOpzhpC.exe
2088	NeSCPaY.exe
1300	RAwZovy.exe
2852	yjAUmJq.exe
680	aTJCBEM.exe
2136	uoAVchN.exe
2340	ScUmjHi.exe
1908	gjZJhvF.exe
1144	HRAnhpS.exe
1668	tVRymfE.exe
1244	dDBdXjA.exe
1856	qsPvXcp.exe
1556	mmHgwQA.exe
828	ScjxNBZ.exe
2540	IlIlowz.exe
1796	VAOCdWG.exe
2524	vrFtlya.exe
2284	YLZUlLd.exe
1536	xYtfSPZ.exe
1992	DwnHuxe.exe
3012	cElNUfL.exe
664	mtxOiEh.exe
1656	WCABphF.exe
2504	aBGvVqO.exe
2428	GPnHzRF.exe
1712	kkxdzUL.exe
876	onrHeeT.exe
2112	VIeqAgN.exe
2236	fBCkcga.exe
1492	RzDOxwY.exe
2692	GCgXLBZ.exe
2880	ZllkbSq.exe
2708	vQpQMQK.exe
2604	nSrfrPT.exe
2600	ooipjNN.exe
2892	xcgMMAo.exe
2436	kgjrmkn.exe
296	yPVCJwA.exe
2648	NxhlKKf.exe
1140	NbRWKAL.exe
2940	GErRNOb.exe
3064	SonNvNM.exe
1688	bzkKnXX.exe
2552	iledxyy.exe
1696	EmtvfnL.exe

Loads dropped DLL 64 IoCs

pid	Process
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2232-0-0x000000013FF80000-0x00000001402D1000-memory.dmp	upx
behavioral1/files/0x000b00000001225e-3.dat	upx
behavioral1/files/0x000b00000001926b-10.dat	upx
behavioral1/files/0x000700000001930d-14.dat	upx
behavioral1/files/0x000700000001932d-18.dat	upx
behavioral1/files/0x000600000001933b-22.dat	upx
behavioral1/files/0x0006000000019374-25.dat	upx
behavioral1/files/0x000600000001939b-30.dat	upx
behavioral1/files/0x00070000000193b5-37.dat	upx
behavioral1/files/0x0005000000019dbf-41.dat	upx
behavioral1/files/0x0005000000019f94-49.dat	upx
behavioral1/files/0x000500000001a41d-121.dat	upx
behavioral1/files/0x000500000001a48d-159.dat	upx
behavioral1/memory/2232-665-0x000000013FF80000-0x00000001402D1000-memory.dmp	upx
behavioral1/memory/2808-922-0x000000013F840000-0x000000013FB91000-memory.dmp	upx
behavioral1/memory/2256-931-0x000000013FD70000-0x00000001400C1000-memory.dmp	upx
behavioral1/memory/2576-925-0x000000013F380000-0x000000013F6D1000-memory.dmp	upx
behavioral1/memory/2764-923-0x000000013F500000-0x000000013F851000-memory.dmp	upx
behavioral1/memory/2392-921-0x000000013F350000-0x000000013F6A1000-memory.dmp	upx
behavioral1/memory/2856-920-0x000000013F850000-0x000000013FBA1000-memory.dmp	upx
behavioral1/memory/1228-934-0x000000013F180000-0x000000013F4D1000-memory.dmp	upx
behavioral1/files/0x000500000001a4b5-184.dat	upx
behavioral1/files/0x000500000001a4b1-175.dat	upx
behavioral1/files/0x000500000001a4a9-168.dat	upx
behavioral1/files/0x000500000001a46f-157.dat	upx
behavioral1/files/0x000500000001a427-147.dat	upx
behavioral1/files/0x000500000001a4b7-189.dat	upx
behavioral1/files/0x000500000001a4b3-181.dat	upx
behavioral1/files/0x000500000001a4af-174.dat	upx
behavioral1/files/0x000500000001a499-162.dat	upx
behavioral1/files/0x000500000001a48b-152.dat	upx
behavioral1/files/0x000500000001a41b-127.dat	upx
behavioral1/files/0x0036000000019240-123.dat	upx
behavioral1/files/0x000500000001a307-116.dat	upx
behavioral1/files/0x000500000001a42d-142.dat	upx
behavioral1/memory/2808-83-0x000000013F840000-0x000000013FB91000-memory.dmp	upx
behavioral1/memory/2616-81-0x000000013FBF0000-0x000000013FF41000-memory.dmp	upx
behavioral1/memory/2392-79-0x000000013F350000-0x000000013F6A1000-memory.dmp	upx
behavioral1/memory/2736-77-0x000000013F8A0000-0x000000013FBF1000-memory.dmp	upx
behavioral1/memory/2856-76-0x000000013F850000-0x000000013FBA1000-memory.dmp	upx
behavioral1/files/0x000500000001a41e-130.dat	upx
behavioral1/memory/2732-109-0x000000013F810000-0x000000013FB61000-memory.dmp	upx
behavioral1/memory/1228-107-0x000000013F180000-0x000000013F4D1000-memory.dmp	upx
behavioral1/memory/1776-105-0x000000013F020000-0x000000013F371000-memory.dmp	upx
behavioral1/memory/2256-102-0x000000013FD70000-0x00000001400C1000-memory.dmp	upx
behavioral1/memory/2644-98-0x000000013FBC0000-0x000000013FF11000-memory.dmp	upx
behavioral1/memory/2576-96-0x000000013F380000-0x000000013F6D1000-memory.dmp	upx
behavioral1/memory/2696-94-0x000000013F350000-0x000000013F6A1000-memory.dmp	upx
behavioral1/files/0x000500000001a359-92.dat	upx
behavioral1/memory/2764-90-0x000000013F500000-0x000000013F851000-memory.dmp	upx
behavioral1/memory/3020-88-0x000000013F470000-0x000000013F7C1000-memory.dmp	upx
behavioral1/files/0x000500000001a09e-61.dat	upx
behavioral1/files/0x000500000001a07e-57.dat	upx
behavioral1/files/0x000500000001a075-53.dat	upx
behavioral1/files/0x0005000000019f8a-45.dat	upx
behavioral1/files/0x00070000000193b3-34.dat	upx
behavioral1/memory/2856-4482-0x000000013F850000-0x000000013FBA1000-memory.dmp	upx
behavioral1/memory/2616-4517-0x000000013FBF0000-0x000000013FF41000-memory.dmp	upx
behavioral1/memory/2696-4516-0x000000013F350000-0x000000013F6A1000-memory.dmp	upx
behavioral1/memory/2736-4551-0x000000013F8A0000-0x000000013FBF1000-memory.dmp	upx
behavioral1/memory/3020-4552-0x000000013F470000-0x000000013F7C1000-memory.dmp	upx
behavioral1/memory/2644-4553-0x000000013FBC0000-0x000000013FF11000-memory.dmp	upx
behavioral1/memory/2808-4559-0x000000013F840000-0x000000013FB91000-memory.dmp	upx
behavioral1/memory/2256-4558-0x000000013FD70000-0x00000001400C1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\WHBmoIh.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\meovReB.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AMSoXVn.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQTXQeX.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cElNUfL.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SonNvNM.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dCHFTVm.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rGEyVEe.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvEtOdR.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kaeBilt.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdplwtM.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YSiJLlI.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yyzFjLl.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GAiLNAm.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YgFUBLd.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YKISaAz.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RgigTyf.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UpXZRWP.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aivGpKK.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AphqOIW.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qpTlkOT.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nsoxHKp.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eAtsNcf.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BzRNkiu.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mtxOiEh.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HCZBDRW.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ABOVRGe.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LgJWNff.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TcrgRpL.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QZvQgoZ.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PNSMlDo.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QaKBEpU.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWpAhSK.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbFNQLS.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NHgtidZ.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHCrLVP.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bVEYQUt.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\buOkixV.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\viJLuaM.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHAQzUQ.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bGXhSrD.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sMyKDDk.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFVFFPs.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZNoMids.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrpAuip.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XqWNPrX.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uuveHtQ.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IDBHolP.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nQCDhgn.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nfGsRPd.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IhUNRTi.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCWQyAm.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QxAcQPM.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOlcRfx.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aVmFNZv.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VJxpfhJ.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OwGAJPt.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NycBcKz.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oKRoUxQ.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GRNxXsI.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fSUHNOg.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SEYXGDM.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xVnQQnl.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IKZmfEj.exe	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2732	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2232 wrote to memory of 2732	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2232 wrote to memory of 2732	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2232 wrote to memory of 2856	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2232 wrote to memory of 2856	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2232 wrote to memory of 2856	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2232 wrote to memory of 2736	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2232 wrote to memory of 2736	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2232 wrote to memory of 2736	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2232 wrote to memory of 2392	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2232 wrote to memory of 2392	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2232 wrote to memory of 2392	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2232 wrote to memory of 2616	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2232 wrote to memory of 2616	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2232 wrote to memory of 2616	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2232 wrote to memory of 2808	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2232 wrote to memory of 2808	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2232 wrote to memory of 2808	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2232 wrote to memory of 3020	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2232 wrote to memory of 3020	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2232 wrote to memory of 3020	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2232 wrote to memory of 2764	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2232 wrote to memory of 2764	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2232 wrote to memory of 2764	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2232 wrote to memory of 2696	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2232 wrote to memory of 2696	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2232 wrote to memory of 2696	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2232 wrote to memory of 2576	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2232 wrote to memory of 2576	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2232 wrote to memory of 2576	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2232 wrote to memory of 2644	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2232 wrote to memory of 2644	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2232 wrote to memory of 2644	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2232 wrote to memory of 2256	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2232 wrote to memory of 2256	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2232 wrote to memory of 2256	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2232 wrote to memory of 1776	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2232 wrote to memory of 1776	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2232 wrote to memory of 1776	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2232 wrote to memory of 1228	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2232 wrote to memory of 1228	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2232 wrote to memory of 1228	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2232 wrote to memory of 900	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2232 wrote to memory of 900	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2232 wrote to memory of 900	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2232 wrote to memory of 1740	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2232 wrote to memory of 1740	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2232 wrote to memory of 1740	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2232 wrote to memory of 1520	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2232 wrote to memory of 1520	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2232 wrote to memory of 1520	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2232 wrote to memory of 2836	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2232 wrote to memory of 2836	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2232 wrote to memory of 2836	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2232 wrote to memory of 2620	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2232 wrote to memory of 2620	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2232 wrote to memory of 2620	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2232 wrote to memory of 2088	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2232 wrote to memory of 2088	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2232 wrote to memory of 2088	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2232 wrote to memory of 2344	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2232 wrote to memory of 2344	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2232 wrote to memory of 2344	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2232 wrote to memory of 2852	2232	2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-28_1a36cc1c5264c5033b3510b8bc22f236_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\System\eZiskyw.exe
  C:\Windows\System\eZiskyw.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\WkZxaYe.exe
  C:\Windows\System\WkZxaYe.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\vFJQfmz.exe
  C:\Windows\System\vFJQfmz.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\cftDPsP.exe
  C:\Windows\System\cftDPsP.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\sfqNzAI.exe
  C:\Windows\System\sfqNzAI.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\ZMxynug.exe
  C:\Windows\System\ZMxynug.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\tHdaMWU.exe
  C:\Windows\System\tHdaMWU.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\EcFCXBZ.exe
  C:\Windows\System\EcFCXBZ.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\PPlCqwC.exe
  C:\Windows\System\PPlCqwC.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\jQQOyjR.exe
  C:\Windows\System\jQQOyjR.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\egqWbvC.exe
  C:\Windows\System\egqWbvC.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\oOwcHzR.exe
  C:\Windows\System\oOwcHzR.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\cQadezb.exe
  C:\Windows\System\cQadezb.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\OCUDvCA.exe
  C:\Windows\System\OCUDvCA.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\fbiyMJy.exe
  C:\Windows\System\fbiyMJy.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\JgIfVsV.exe
  C:\Windows\System\JgIfVsV.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\LrRbAnB.exe
  C:\Windows\System\LrRbAnB.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\egAWElB.exe
  C:\Windows\System\egAWElB.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\IQTXQeX.exe
  C:\Windows\System\IQTXQeX.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\NeSCPaY.exe
  C:\Windows\System\NeSCPaY.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\aOpzhpC.exe
  C:\Windows\System\aOpzhpC.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\yjAUmJq.exe
  C:\Windows\System\yjAUmJq.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\RAwZovy.exe
  C:\Windows\System\RAwZovy.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\uoAVchN.exe
  C:\Windows\System\uoAVchN.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\aTJCBEM.exe
  C:\Windows\System\aTJCBEM.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\ScUmjHi.exe
  C:\Windows\System\ScUmjHi.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\gjZJhvF.exe
  C:\Windows\System\gjZJhvF.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\HRAnhpS.exe
  C:\Windows\System\HRAnhpS.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\tVRymfE.exe
  C:\Windows\System\tVRymfE.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\ScjxNBZ.exe
  C:\Windows\System\ScjxNBZ.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\dDBdXjA.exe
  C:\Windows\System\dDBdXjA.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\IlIlowz.exe
  C:\Windows\System\IlIlowz.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\qsPvXcp.exe
  C:\Windows\System\qsPvXcp.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\VAOCdWG.exe
  C:\Windows\System\VAOCdWG.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\mmHgwQA.exe
  C:\Windows\System\mmHgwQA.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\vrFtlya.exe
  C:\Windows\System\vrFtlya.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\YLZUlLd.exe
  C:\Windows\System\YLZUlLd.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\xYtfSPZ.exe
  C:\Windows\System\xYtfSPZ.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\DwnHuxe.exe
  C:\Windows\System\DwnHuxe.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\cElNUfL.exe
  C:\Windows\System\cElNUfL.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\mtxOiEh.exe
  C:\Windows\System\mtxOiEh.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\WCABphF.exe
  C:\Windows\System\WCABphF.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\aBGvVqO.exe
  C:\Windows\System\aBGvVqO.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\GPnHzRF.exe
  C:\Windows\System\GPnHzRF.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\kkxdzUL.exe
  C:\Windows\System\kkxdzUL.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\onrHeeT.exe
  C:\Windows\System\onrHeeT.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\VIeqAgN.exe
  C:\Windows\System\VIeqAgN.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\fBCkcga.exe
  C:\Windows\System\fBCkcga.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\RzDOxwY.exe
  C:\Windows\System\RzDOxwY.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\GCgXLBZ.exe
  C:\Windows\System\GCgXLBZ.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\ZllkbSq.exe
  C:\Windows\System\ZllkbSq.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\vQpQMQK.exe
  C:\Windows\System\vQpQMQK.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\nSrfrPT.exe
  C:\Windows\System\nSrfrPT.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\ooipjNN.exe
  C:\Windows\System\ooipjNN.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\xcgMMAo.exe
  C:\Windows\System\xcgMMAo.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\kgjrmkn.exe
  C:\Windows\System\kgjrmkn.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\yPVCJwA.exe
  C:\Windows\System\yPVCJwA.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\NxhlKKf.exe
  C:\Windows\System\NxhlKKf.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\NbRWKAL.exe
  C:\Windows\System\NbRWKAL.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\GErRNOb.exe
  C:\Windows\System\GErRNOb.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\SonNvNM.exe
  C:\Windows\System\SonNvNM.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\bzkKnXX.exe
  C:\Windows\System\bzkKnXX.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\iledxyy.exe
  C:\Windows\System\iledxyy.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\EmtvfnL.exe
  C:\Windows\System\EmtvfnL.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\MuXKaJQ.exe
  C:\Windows\System\MuXKaJQ.exe
  2⤵
  PID:2548
- C:\Windows\System\HuKQLAL.exe
  C:\Windows\System\HuKQLAL.exe
  2⤵
  PID:2476
- C:\Windows\System\NycBcKz.exe
  C:\Windows\System\NycBcKz.exe
  2⤵
  PID:1976
- C:\Windows\System\wKRiwUn.exe
  C:\Windows\System\wKRiwUn.exe
  2⤵
  PID:2660
- C:\Windows\System\bNDNwpm.exe
  C:\Windows\System\bNDNwpm.exe
  2⤵
  PID:1524
- C:\Windows\System\undTKLI.exe
  C:\Windows\System\undTKLI.exe
  2⤵
  PID:1500
- C:\Windows\System\daMcjKm.exe
  C:\Windows\System\daMcjKm.exe
  2⤵
  PID:1704
- C:\Windows\System\vaBhZsl.exe
  C:\Windows\System\vaBhZsl.exe
  2⤵
  PID:1852
- C:\Windows\System\AnLDLTk.exe
  C:\Windows\System\AnLDLTk.exe
  2⤵
  PID:2272
- C:\Windows\System\DLrQcXe.exe
  C:\Windows\System\DLrQcXe.exe
  2⤵
  PID:3052
- C:\Windows\System\yXmolop.exe
  C:\Windows\System\yXmolop.exe
  2⤵
  PID:2516
- C:\Windows\System\CNIIiNm.exe
  C:\Windows\System\CNIIiNm.exe
  2⤵
  PID:2212
- C:\Windows\System\kfbFOIV.exe
  C:\Windows\System\kfbFOIV.exe
  2⤵
  PID:1988
- C:\Windows\System\xzbrLHt.exe
  C:\Windows\System\xzbrLHt.exe
  2⤵
  PID:748
- C:\Windows\System\ounFzUY.exe
  C:\Windows\System\ounFzUY.exe
  2⤵
  PID:2188
- C:\Windows\System\HvEtOdR.exe
  C:\Windows\System\HvEtOdR.exe
  2⤵
  PID:2768
- C:\Windows\System\DoTyEul.exe
  C:\Windows\System\DoTyEul.exe
  2⤵
  PID:2796
- C:\Windows\System\pesyEGx.exe
  C:\Windows\System\pesyEGx.exe
  2⤵
  PID:2996
- C:\Windows\System\ZXEkyQI.exe
  C:\Windows\System\ZXEkyQI.exe
  2⤵
  PID:2260
- C:\Windows\System\VbCcHIh.exe
  C:\Windows\System\VbCcHIh.exe
  2⤵
  PID:2956
- C:\Windows\System\avssJWt.exe
  C:\Windows\System\avssJWt.exe
  2⤵
  PID:1820
- C:\Windows\System\WdprqGN.exe
  C:\Windows\System\WdprqGN.exe
  2⤵
  PID:948
- C:\Windows\System\MUhpqNh.exe
  C:\Windows\System\MUhpqNh.exe
  2⤵
  PID:1432
- C:\Windows\System\OmxxyEq.exe
  C:\Windows\System\OmxxyEq.exe
  2⤵
  PID:1800
- C:\Windows\System\uQBFlRK.exe
  C:\Windows\System\uQBFlRK.exe
  2⤵
  PID:2084
- C:\Windows\System\AkPWaMR.exe
  C:\Windows\System\AkPWaMR.exe
  2⤵
  PID:1752
- C:\Windows\System\qjpBHWX.exe
  C:\Windows\System\qjpBHWX.exe
  2⤵
  PID:2288
- C:\Windows\System\ACHhCkP.exe
  C:\Windows\System\ACHhCkP.exe
  2⤵
  PID:1720
- C:\Windows\System\ucKrqpI.exe
  C:\Windows\System\ucKrqpI.exe
  2⤵
  PID:264
- C:\Windows\System\lRxqEnn.exe
  C:\Windows\System\lRxqEnn.exe
  2⤵
  PID:2240
- C:\Windows\System\xzrdIjh.exe
  C:\Windows\System\xzrdIjh.exe
  2⤵
  PID:2124
- C:\Windows\System\vuiYMNI.exe
  C:\Windows\System\vuiYMNI.exe
  2⤵
  PID:332
- C:\Windows\System\QaYFmpu.exe
  C:\Windows\System\QaYFmpu.exe
  2⤵
  PID:2556
- C:\Windows\System\CskRHui.exe
  C:\Windows\System\CskRHui.exe
  2⤵
  PID:1484
- C:\Windows\System\NFUCifz.exe
  C:\Windows\System\NFUCifz.exe
  2⤵
  PID:2748
- C:\Windows\System\agOgWdL.exe
  C:\Windows\System\agOgWdL.exe
  2⤵
  PID:3084
- C:\Windows\System\CdBSNmW.exe
  C:\Windows\System\CdBSNmW.exe
  2⤵
  PID:3100
- C:\Windows\System\ecZAGuu.exe
  C:\Windows\System\ecZAGuu.exe
  2⤵
  PID:3124
- C:\Windows\System\MXEbIuT.exe
  C:\Windows\System\MXEbIuT.exe
  2⤵
  PID:3140
- C:\Windows\System\nljpPdd.exe
  C:\Windows\System\nljpPdd.exe
  2⤵
  PID:3180
- C:\Windows\System\dgdVqvy.exe
  C:\Windows\System\dgdVqvy.exe
  2⤵
  PID:3196
- C:\Windows\System\IZJduix.exe
  C:\Windows\System\IZJduix.exe
  2⤵
  PID:3220
- C:\Windows\System\tIRUGcY.exe
  C:\Windows\System\tIRUGcY.exe
  2⤵
  PID:3236
- C:\Windows\System\GShdswF.exe
  C:\Windows\System\GShdswF.exe
  2⤵
  PID:3252
- C:\Windows\System\NhnuFkI.exe
  C:\Windows\System\NhnuFkI.exe
  2⤵
  PID:3268
- C:\Windows\System\FSUEdoH.exe
  C:\Windows\System\FSUEdoH.exe
  2⤵
  PID:3284
- C:\Windows\System\qpTlkOT.exe
  C:\Windows\System\qpTlkOT.exe
  2⤵
  PID:3300
- C:\Windows\System\UwdlFrS.exe
  C:\Windows\System\UwdlFrS.exe
  2⤵
  PID:3328
- C:\Windows\System\lBeoxFJ.exe
  C:\Windows\System\lBeoxFJ.exe
  2⤵
  PID:3344
- C:\Windows\System\tfFYddv.exe
  C:\Windows\System\tfFYddv.exe
  2⤵
  PID:3364
- C:\Windows\System\jazqzoE.exe
  C:\Windows\System\jazqzoE.exe
  2⤵
  PID:3380
- C:\Windows\System\uvxfRQs.exe
  C:\Windows\System\uvxfRQs.exe
  2⤵
  PID:3404
- C:\Windows\System\BPhCahd.exe
  C:\Windows\System\BPhCahd.exe
  2⤵
  PID:3420
- C:\Windows\System\crzzTde.exe
  C:\Windows\System\crzzTde.exe
  2⤵
  PID:3440
- C:\Windows\System\afHWAKJ.exe
  C:\Windows\System\afHWAKJ.exe
  2⤵
  PID:3460
- C:\Windows\System\AwhUKff.exe
  C:\Windows\System\AwhUKff.exe
  2⤵
  PID:3504
- C:\Windows\System\caTzzZB.exe
  C:\Windows\System\caTzzZB.exe
  2⤵
  PID:3524
- C:\Windows\System\NdHwoRX.exe
  C:\Windows\System\NdHwoRX.exe
  2⤵
  PID:3544
- C:\Windows\System\dnxicsh.exe
  C:\Windows\System\dnxicsh.exe
  2⤵
  PID:3560
- C:\Windows\System\FLXNQaT.exe
  C:\Windows\System\FLXNQaT.exe
  2⤵
  PID:3580
- C:\Windows\System\YFZjtCL.exe
  C:\Windows\System\YFZjtCL.exe
  2⤵
  PID:3596
- C:\Windows\System\nXMWExz.exe
  C:\Windows\System\nXMWExz.exe
  2⤵
  PID:3616
- C:\Windows\System\xGEhfMg.exe
  C:\Windows\System\xGEhfMg.exe
  2⤵
  PID:3632
- C:\Windows\System\ZQuMfps.exe
  C:\Windows\System\ZQuMfps.exe
  2⤵
  PID:3652
- C:\Windows\System\hGdLaRz.exe
  C:\Windows\System\hGdLaRz.exe
  2⤵
  PID:3668
- C:\Windows\System\WZpweXd.exe
  C:\Windows\System\WZpweXd.exe
  2⤵
  PID:3692
- C:\Windows\System\kPmcUAY.exe
  C:\Windows\System\kPmcUAY.exe
  2⤵
  PID:3720
- C:\Windows\System\WQKetkp.exe
  C:\Windows\System\WQKetkp.exe
  2⤵
  PID:3744
- C:\Windows\System\XHCrLVP.exe
  C:\Windows\System\XHCrLVP.exe
  2⤵
  PID:3764
- C:\Windows\System\KkFEupj.exe
  C:\Windows\System\KkFEupj.exe
  2⤵
  PID:3784
- C:\Windows\System\UknNMEq.exe
  C:\Windows\System\UknNMEq.exe
  2⤵
  PID:3800
- C:\Windows\System\mJYqqdQ.exe
  C:\Windows\System\mJYqqdQ.exe
  2⤵
  PID:3824
- C:\Windows\System\ANwsisk.exe
  C:\Windows\System\ANwsisk.exe
  2⤵
  PID:3844
- C:\Windows\System\nLEMltq.exe
  C:\Windows\System\nLEMltq.exe
  2⤵
  PID:3868
- C:\Windows\System\jjRUqHQ.exe
  C:\Windows\System\jjRUqHQ.exe
  2⤵
  PID:3884
- C:\Windows\System\LwdoBAd.exe
  C:\Windows\System\LwdoBAd.exe
  2⤵
  PID:3900
- C:\Windows\System\NSSLaTo.exe
  C:\Windows\System\NSSLaTo.exe
  2⤵
  PID:3924
- C:\Windows\System\vFmqIVY.exe
  C:\Windows\System\vFmqIVY.exe
  2⤵
  PID:3944
- C:\Windows\System\UVJrMxP.exe
  C:\Windows\System\UVJrMxP.exe
  2⤵
  PID:3960
- C:\Windows\System\GGyxvVN.exe
  C:\Windows\System\GGyxvVN.exe
  2⤵
  PID:3984
- C:\Windows\System\LDappun.exe
  C:\Windows\System\LDappun.exe
  2⤵
  PID:4000
- C:\Windows\System\sFbcrOc.exe
  C:\Windows\System\sFbcrOc.exe
  2⤵
  PID:4016
- C:\Windows\System\QSrGAiE.exe
  C:\Windows\System\QSrGAiE.exe
  2⤵
  PID:4036
- C:\Windows\System\APKHkmc.exe
  C:\Windows\System\APKHkmc.exe
  2⤵
  PID:4052
- C:\Windows\System\uMKODtj.exe
  C:\Windows\System\uMKODtj.exe
  2⤵
  PID:4076
- C:\Windows\System\BmyVjcj.exe
  C:\Windows\System\BmyVjcj.exe
  2⤵
  PID:2744
- C:\Windows\System\rWqgkHV.exe
  C:\Windows\System\rWqgkHV.exe
  2⤵
  PID:2480
- C:\Windows\System\PVDXseE.exe
  C:\Windows\System\PVDXseE.exe
  2⤵
  PID:1700
- C:\Windows\System\KXhktWO.exe
  C:\Windows\System\KXhktWO.exe
  2⤵
  PID:2244
- C:\Windows\System\bVEYQUt.exe
  C:\Windows\System\bVEYQUt.exe
  2⤵
  PID:1980
- C:\Windows\System\uggoJvh.exe
  C:\Windows\System\uggoJvh.exe
  2⤵
  PID:2492
- C:\Windows\System\ZpNzcsf.exe
  C:\Windows\System\ZpNzcsf.exe
  2⤵
  PID:1676
- C:\Windows\System\gwkeudh.exe
  C:\Windows\System\gwkeudh.exe
  2⤵
  PID:3080
- C:\Windows\System\Tkmonma.exe
  C:\Windows\System\Tkmonma.exe
  2⤵
  PID:3120
- C:\Windows\System\vpmpqow.exe
  C:\Windows\System\vpmpqow.exe
  2⤵
  PID:1748
- C:\Windows\System\mNnErgd.exe
  C:\Windows\System\mNnErgd.exe
  2⤵
  PID:2564
- C:\Windows\System\wLeeqjy.exe
  C:\Windows\System\wLeeqjy.exe
  2⤵
  PID:3168
- C:\Windows\System\JtQegoh.exe
  C:\Windows\System\JtQegoh.exe
  2⤵
  PID:3208
- C:\Windows\System\AkeCUFi.exe
  C:\Windows\System\AkeCUFi.exe
  2⤵
  PID:3276
- C:\Windows\System\gQHTBjG.exe
  C:\Windows\System\gQHTBjG.exe
  2⤵
  PID:3096
- C:\Windows\System\UjXjkrE.exe
  C:\Windows\System\UjXjkrE.exe
  2⤵
  PID:1596
- C:\Windows\System\NjtNWmG.exe
  C:\Windows\System\NjtNWmG.exe
  2⤵
  PID:3388
- C:\Windows\System\MoVWLYS.exe
  C:\Windows\System\MoVWLYS.exe
  2⤵
  PID:3428
- C:\Windows\System\vKXKiCD.exe
  C:\Windows\System\vKXKiCD.exe
  2⤵
  PID:3340
- C:\Windows\System\qSNUaEN.exe
  C:\Windows\System\qSNUaEN.exe
  2⤵
  PID:3480
- C:\Windows\System\MVtonhi.exe
  C:\Windows\System\MVtonhi.exe
  2⤵
  PID:3372
- C:\Windows\System\koqHbwv.exe
  C:\Windows\System\koqHbwv.exe
  2⤵
  PID:3452
- C:\Windows\System\QjgnKvz.exe
  C:\Windows\System\QjgnKvz.exe
  2⤵
  PID:3264
- C:\Windows\System\iSrIqyV.exe
  C:\Windows\System\iSrIqyV.exe
  2⤵
  PID:3456
- C:\Windows\System\BQVuFaU.exe
  C:\Windows\System\BQVuFaU.exe
  2⤵
  PID:3540
- C:\Windows\System\ZNoMids.exe
  C:\Windows\System\ZNoMids.exe
  2⤵
  PID:3572
- C:\Windows\System\GAiLNAm.exe
  C:\Windows\System\GAiLNAm.exe
  2⤵
  PID:3648
- C:\Windows\System\ZGhnjbU.exe
  C:\Windows\System\ZGhnjbU.exe
  2⤵
  PID:3684
- C:\Windows\System\RsJeiFp.exe
  C:\Windows\System\RsJeiFp.exe
  2⤵
  PID:3588
- C:\Windows\System\ujLVqNP.exe
  C:\Windows\System\ujLVqNP.exe
  2⤵
  PID:3660
- C:\Windows\System\hUNhyNB.exe
  C:\Windows\System\hUNhyNB.exe
  2⤵
  PID:3732
- C:\Windows\System\wouvoyn.exe
  C:\Windows\System\wouvoyn.exe
  2⤵
  PID:3712
- C:\Windows\System\SqgNRNJ.exe
  C:\Windows\System\SqgNRNJ.exe
  2⤵
  PID:3812
- C:\Windows\System\OFuTtlt.exe
  C:\Windows\System\OFuTtlt.exe
  2⤵
  PID:3856
- C:\Windows\System\BOkHsUu.exe
  C:\Windows\System\BOkHsUu.exe
  2⤵
  PID:3756
- C:\Windows\System\hcVsSeB.exe
  C:\Windows\System\hcVsSeB.exe
  2⤵
  PID:3832
- C:\Windows\System\zirwiqi.exe
  C:\Windows\System\zirwiqi.exe
  2⤵
  PID:3896
- C:\Windows\System\vMLHKOX.exe
  C:\Windows\System\vMLHKOX.exe
  2⤵
  PID:3972
- C:\Windows\System\YColoWG.exe
  C:\Windows\System\YColoWG.exe
  2⤵
  PID:4044
- C:\Windows\System\fTUPHlG.exe
  C:\Windows\System\fTUPHlG.exe
  2⤵
  PID:4092
- C:\Windows\System\HujtCYy.exe
  C:\Windows\System\HujtCYy.exe
  2⤵
  PID:3908
- C:\Windows\System\HOnIVPU.exe
  C:\Windows\System\HOnIVPU.exe
  2⤵
  PID:3956
- C:\Windows\System\PXybNOJ.exe
  C:\Windows\System\PXybNOJ.exe
  2⤵
  PID:4028
- C:\Windows\System\pgfhrsT.exe
  C:\Windows\System\pgfhrsT.exe
  2⤵
  PID:2376
- C:\Windows\System\xxONpBf.exe
  C:\Windows\System\xxONpBf.exe
  2⤵
  PID:2140
- C:\Windows\System\ltxAzKp.exe
  C:\Windows\System\ltxAzKp.exe
  2⤵
  PID:776
- C:\Windows\System\wVXhIeV.exe
  C:\Windows\System\wVXhIeV.exe
  2⤵
  PID:3112
- C:\Windows\System\JdTSazN.exe
  C:\Windows\System\JdTSazN.exe
  2⤵
  PID:2608
- C:\Windows\System\WElFjDD.exe
  C:\Windows\System\WElFjDD.exe
  2⤵
  PID:3532
- C:\Windows\System\qhWqtWY.exe
  C:\Windows\System\qhWqtWY.exe
  2⤵
  PID:3516
- C:\Windows\System\DsJpfpA.exe
  C:\Windows\System\DsJpfpA.exe
  2⤵
  PID:3700
- C:\Windows\System\TuaNhUW.exe
  C:\Windows\System\TuaNhUW.exe
  2⤵
  PID:3780
- C:\Windows\System\NfyxVqH.exe
  C:\Windows\System\NfyxVqH.exe
  2⤵
  PID:3840
- C:\Windows\System\dnxduZb.exe
  C:\Windows\System\dnxduZb.exe
  2⤵
  PID:2584
- C:\Windows\System\fpSAKgy.exe
  C:\Windows\System\fpSAKgy.exe
  2⤵
  PID:4060
- C:\Windows\System\kGfKppj.exe
  C:\Windows\System\kGfKppj.exe
  2⤵
  PID:2512
- C:\Windows\System\ZDmaWzF.exe
  C:\Windows\System\ZDmaWzF.exe
  2⤵
  PID:1488
- C:\Windows\System\feuaiGV.exe
  C:\Windows\System\feuaiGV.exe
  2⤵
  PID:2248
- C:\Windows\System\baqWfnd.exe
  C:\Windows\System\baqWfnd.exe
  2⤵
  PID:3796
- C:\Windows\System\GNhrXqf.exe
  C:\Windows\System\GNhrXqf.exe
  2⤵
  PID:3920
- C:\Windows\System\lJcrFZE.exe
  C:\Windows\System\lJcrFZE.exe
  2⤵
  PID:1928
- C:\Windows\System\vWIChmZ.exe
  C:\Windows\System\vWIChmZ.exe
  2⤵
  PID:3912
- C:\Windows\System\epiASWW.exe
  C:\Windows\System\epiASWW.exe
  2⤵
  PID:3704
- C:\Windows\System\wxJBJXy.exe
  C:\Windows\System\wxJBJXy.exe
  2⤵
  PID:3680
- C:\Windows\System\vmgrdHH.exe
  C:\Windows\System\vmgrdHH.exe
  2⤵
  PID:3232
- C:\Windows\System\JTXHgbE.exe
  C:\Windows\System\JTXHgbE.exe
  2⤵
  PID:3980
- C:\Windows\System\ptMLEWS.exe
  C:\Windows\System\ptMLEWS.exe
  2⤵
  PID:2148
- C:\Windows\System\hIhSTIF.exe
  C:\Windows\System\hIhSTIF.exe
  2⤵
  PID:3316
- C:\Windows\System\niHwxTA.exe
  C:\Windows\System\niHwxTA.exe
  2⤵
  PID:3292
- C:\Windows\System\KxZUuSz.exe
  C:\Windows\System\KxZUuSz.exe
  2⤵
  PID:3864
- C:\Windows\System\BmMgLRw.exe
  C:\Windows\System\BmMgLRw.exe
  2⤵
  PID:3996
- C:\Windows\System\oDVXcDm.exe
  C:\Windows\System\oDVXcDm.exe
  2⤵
  PID:3416
- C:\Windows\System\EuAVoZj.exe
  C:\Windows\System\EuAVoZj.exe
  2⤵
  PID:3776
- C:\Windows\System\ZVYophq.exe
  C:\Windows\System\ZVYophq.exe
  2⤵
  PID:4032
- C:\Windows\System\nEitqDi.exe
  C:\Windows\System\nEitqDi.exe
  2⤵
  PID:3228
- C:\Windows\System\QzkHcxz.exe
  C:\Windows\System\QzkHcxz.exe
  2⤵
  PID:3248
- C:\Windows\System\prPFkGJ.exe
  C:\Windows\System\prPFkGJ.exe
  2⤵
  PID:1204
- C:\Windows\System\xgGrYuY.exe
  C:\Windows\System\xgGrYuY.exe
  2⤵
  PID:3204
- C:\Windows\System\luQuAHD.exe
  C:\Windows\System\luQuAHD.exe
  2⤵
  PID:3624
- C:\Windows\System\spUdCDl.exe
  C:\Windows\System\spUdCDl.exe
  2⤵
  PID:1216
- C:\Windows\System\MAiKYjz.exe
  C:\Windows\System\MAiKYjz.exe
  2⤵
  PID:3708
- C:\Windows\System\cbLpXaj.exe
  C:\Windows\System\cbLpXaj.exe
  2⤵
  PID:4108
- C:\Windows\System\AsdpMVl.exe
  C:\Windows\System\AsdpMVl.exe
  2⤵
  PID:4124
- C:\Windows\System\HWJuUdC.exe
  C:\Windows\System\HWJuUdC.exe
  2⤵
  PID:4140
- C:\Windows\System\YCLQvQW.exe
  C:\Windows\System\YCLQvQW.exe
  2⤵
  PID:4164
- C:\Windows\System\NEmnfga.exe
  C:\Windows\System\NEmnfga.exe
  2⤵
  PID:4184
- C:\Windows\System\WIyABnb.exe
  C:\Windows\System\WIyABnb.exe
  2⤵
  PID:4204
- C:\Windows\System\hoJYfQK.exe
  C:\Windows\System\hoJYfQK.exe
  2⤵
  PID:4232
- C:\Windows\System\sNPueUN.exe
  C:\Windows\System\sNPueUN.exe
  2⤵
  PID:4300
- C:\Windows\System\sTeaAIX.exe
  C:\Windows\System\sTeaAIX.exe
  2⤵
  PID:4316
- C:\Windows\System\FktHcEG.exe
  C:\Windows\System\FktHcEG.exe
  2⤵
  PID:4332
- C:\Windows\System\HlvxVWW.exe
  C:\Windows\System\HlvxVWW.exe
  2⤵
  PID:4348
- C:\Windows\System\nqTCxzf.exe
  C:\Windows\System\nqTCxzf.exe
  2⤵
  PID:4364
- C:\Windows\System\CpFBFkC.exe
  C:\Windows\System\CpFBFkC.exe
  2⤵
  PID:4384
- C:\Windows\System\LgJWNff.exe
  C:\Windows\System\LgJWNff.exe
  2⤵
  PID:4400
- C:\Windows\System\JiUxZVi.exe
  C:\Windows\System\JiUxZVi.exe
  2⤵
  PID:4416
- C:\Windows\System\IqFyUeS.exe
  C:\Windows\System\IqFyUeS.exe
  2⤵
  PID:4432
- C:\Windows\System\KpOAMVL.exe
  C:\Windows\System\KpOAMVL.exe
  2⤵
  PID:4448
- C:\Windows\System\AgyneYy.exe
  C:\Windows\System\AgyneYy.exe
  2⤵
  PID:4464
- C:\Windows\System\iNHkuNL.exe
  C:\Windows\System\iNHkuNL.exe
  2⤵
  PID:4480
- C:\Windows\System\WIJzyuu.exe
  C:\Windows\System\WIJzyuu.exe
  2⤵
  PID:4504
- C:\Windows\System\aSXSCzN.exe
  C:\Windows\System\aSXSCzN.exe
  2⤵
  PID:4520
- C:\Windows\System\pidEaTa.exe
  C:\Windows\System\pidEaTa.exe
  2⤵
  PID:4540
- C:\Windows\System\zpGcXLZ.exe
  C:\Windows\System\zpGcXLZ.exe
  2⤵
  PID:4560
- C:\Windows\System\CfPDJAn.exe
  C:\Windows\System\CfPDJAn.exe
  2⤵
  PID:4584
- C:\Windows\System\hkNrxuS.exe
  C:\Windows\System\hkNrxuS.exe
  2⤵
  PID:4600
- C:\Windows\System\SCfDrCu.exe
  C:\Windows\System\SCfDrCu.exe
  2⤵
  PID:4620
- C:\Windows\System\MJFGBtW.exe
  C:\Windows\System\MJFGBtW.exe
  2⤵
  PID:4636
- C:\Windows\System\GJisayp.exe
  C:\Windows\System\GJisayp.exe
  2⤵
  PID:4656
- C:\Windows\System\yXCKdKJ.exe
  C:\Windows\System\yXCKdKJ.exe
  2⤵
  PID:4672
- C:\Windows\System\MlAbQnr.exe
  C:\Windows\System\MlAbQnr.exe
  2⤵
  PID:4696
- C:\Windows\System\XkCLYEm.exe
  C:\Windows\System\XkCLYEm.exe
  2⤵
  PID:4712
- C:\Windows\System\kyiOlWS.exe
  C:\Windows\System\kyiOlWS.exe
  2⤵
  PID:4736
- C:\Windows\System\XYenUlw.exe
  C:\Windows\System\XYenUlw.exe
  2⤵
  PID:4752
- C:\Windows\System\NMFEbbw.exe
  C:\Windows\System\NMFEbbw.exe
  2⤵
  PID:4772
- C:\Windows\System\mJRplOm.exe
  C:\Windows\System\mJRplOm.exe
  2⤵
  PID:4908
- C:\Windows\System\cUDggao.exe
  C:\Windows\System\cUDggao.exe
  2⤵
  PID:4928
- C:\Windows\System\AbIcdFa.exe
  C:\Windows\System\AbIcdFa.exe
  2⤵
  PID:4948
- C:\Windows\System\ukiTwgR.exe
  C:\Windows\System\ukiTwgR.exe
  2⤵
  PID:4968
- C:\Windows\System\vCuLDOm.exe
  C:\Windows\System\vCuLDOm.exe
  2⤵
  PID:4984
- C:\Windows\System\dTdYips.exe
  C:\Windows\System\dTdYips.exe
  2⤵
  PID:5000
- C:\Windows\System\JVYflPF.exe
  C:\Windows\System\JVYflPF.exe
  2⤵
  PID:5016
- C:\Windows\System\xGIFVUp.exe
  C:\Windows\System\xGIFVUp.exe
  2⤵
  PID:5032
- C:\Windows\System\kRUYCCh.exe
  C:\Windows\System\kRUYCCh.exe
  2⤵
  PID:5048
- C:\Windows\System\DNnfneE.exe
  C:\Windows\System\DNnfneE.exe
  2⤵
  PID:5064
- C:\Windows\System\sKjbRku.exe
  C:\Windows\System\sKjbRku.exe
  2⤵
  PID:5080
- C:\Windows\System\sruKRpu.exe
  C:\Windows\System\sruKRpu.exe
  2⤵
  PID:5096
- C:\Windows\System\TjrDFsg.exe
  C:\Windows\System\TjrDFsg.exe
  2⤵
  PID:5112
- C:\Windows\System\UQtYZap.exe
  C:\Windows\System\UQtYZap.exe
  2⤵
  PID:3324
- C:\Windows\System\RbFtRjZ.exe
  C:\Windows\System\RbFtRjZ.exe
  2⤵
  PID:3500
- C:\Windows\System\UFHszaE.exe
  C:\Windows\System\UFHszaE.exe
  2⤵
  PID:3156
- C:\Windows\System\foBkVLq.exe
  C:\Windows\System\foBkVLq.exe
  2⤵
  PID:1220
- C:\Windows\System\MwdRJck.exe
  C:\Windows\System\MwdRJck.exe
  2⤵
  PID:4068
- C:\Windows\System\UTMhagV.exe
  C:\Windows\System\UTMhagV.exe
  2⤵
  PID:3308
- C:\Windows\System\civhjOM.exe
  C:\Windows\System\civhjOM.exe
  2⤵
  PID:3336
- C:\Windows\System\YwsxSsr.exe
  C:\Windows\System\YwsxSsr.exe
  2⤵
  PID:3412
- C:\Windows\System\cnZJOpf.exe
  C:\Windows\System\cnZJOpf.exe
  2⤵
  PID:3716
- C:\Windows\System\eBLKFnB.exe
  C:\Windows\System\eBLKFnB.exe
  2⤵
  PID:4148
- C:\Windows\System\NDWJXXL.exe
  C:\Windows\System\NDWJXXL.exe
  2⤵
  PID:4192
- C:\Windows\System\DRqEWcf.exe
  C:\Windows\System\DRqEWcf.exe
  2⤵
  PID:4248
- C:\Windows\System\CJDpDRx.exe
  C:\Windows\System\CJDpDRx.exe
  2⤵
  PID:4276
- C:\Windows\System\jRtCARL.exe
  C:\Windows\System\jRtCARL.exe
  2⤵
  PID:4292
- C:\Windows\System\lbtYUHS.exe
  C:\Windows\System\lbtYUHS.exe
  2⤵
  PID:4356
- C:\Windows\System\ZVilTpr.exe
  C:\Windows\System\ZVilTpr.exe
  2⤵
  PID:4424
- C:\Windows\System\CDGqiQT.exe
  C:\Windows\System\CDGqiQT.exe
  2⤵
  PID:4488
- C:\Windows\System\vOIDkpj.exe
  C:\Windows\System\vOIDkpj.exe
  2⤵
  PID:4528
- C:\Windows\System\jmBSePb.exe
  C:\Windows\System\jmBSePb.exe
  2⤵
  PID:2460
- C:\Windows\System\XkNAvrq.exe
  C:\Windows\System\XkNAvrq.exe
  2⤵
  PID:4572
- C:\Windows\System\lXbZNJz.exe
  C:\Windows\System\lXbZNJz.exe
  2⤵
  PID:4132
- C:\Windows\System\ntzFmda.exe
  C:\Windows\System\ntzFmda.exe
  2⤵
  PID:4176
- C:\Windows\System\nvddKTN.exe
  C:\Windows\System\nvddKTN.exe
  2⤵
  PID:4216
- C:\Windows\System\ZDtiarH.exe
  C:\Windows\System\ZDtiarH.exe
  2⤵
  PID:4224
- C:\Windows\System\iwFjcjj.exe
  C:\Windows\System\iwFjcjj.exe
  2⤵
  PID:1936
- C:\Windows\System\mgoTEIA.exe
  C:\Windows\System\mgoTEIA.exe
  2⤵
  PID:4644
- C:\Windows\System\xNvVeiy.exe
  C:\Windows\System\xNvVeiy.exe
  2⤵
  PID:4680
- C:\Windows\System\VDCKJpt.exe
  C:\Windows\System\VDCKJpt.exe
  2⤵
  PID:4720
- C:\Windows\System\lZjrlPF.exe
  C:\Windows\System\lZjrlPF.exe
  2⤵
  PID:4760
- C:\Windows\System\QEVYyax.exe
  C:\Windows\System\QEVYyax.exe
  2⤵
  PID:4444
- C:\Windows\System\oKRoUxQ.exe
  C:\Windows\System\oKRoUxQ.exe
  2⤵
  PID:4516
- C:\Windows\System\qhllRTF.exe
  C:\Windows\System\qhllRTF.exe
  2⤵
  PID:4596
- C:\Windows\System\wGLcUbF.exe
  C:\Windows\System\wGLcUbF.exe
  2⤵
  PID:4668
- C:\Windows\System\oUZEDVr.exe
  C:\Windows\System\oUZEDVr.exe
  2⤵
  PID:4748
- C:\Windows\System\wGCFbHW.exe
  C:\Windows\System\wGCFbHW.exe
  2⤵
  PID:4440
- C:\Windows\System\iFazLMe.exe
  C:\Windows\System\iFazLMe.exe
  2⤵
  PID:4372
- C:\Windows\System\ZOaLeZC.exe
  C:\Windows\System\ZOaLeZC.exe
  2⤵
  PID:3048
- C:\Windows\System\aAtSyiH.exe
  C:\Windows\System\aAtSyiH.exe
  2⤵
  PID:1364
- C:\Windows\System\eCazJVZ.exe
  C:\Windows\System\eCazJVZ.exe
  2⤵
  PID:2832
- C:\Windows\System\IIqDqjU.exe
  C:\Windows\System\IIqDqjU.exe
  2⤵
  PID:4804
- C:\Windows\System\krvWCgd.exe
  C:\Windows\System\krvWCgd.exe
  2⤵
  PID:4820
- C:\Windows\System\OkUuSua.exe
  C:\Windows\System\OkUuSua.exe
  2⤵
  PID:4920
- C:\Windows\System\Hmfplcc.exe
  C:\Windows\System\Hmfplcc.exe
  2⤵
  PID:4956
- C:\Windows\System\jsbeoWn.exe
  C:\Windows\System\jsbeoWn.exe
  2⤵
  PID:4848
- C:\Windows\System\DZjJjZv.exe
  C:\Windows\System\DZjJjZv.exe
  2⤵
  PID:4864
- C:\Windows\System\tiCyuAa.exe
  C:\Windows\System\tiCyuAa.exe
  2⤵
  PID:3628
- C:\Windows\System\gXVltaM.exe
  C:\Windows\System\gXVltaM.exe
  2⤵
  PID:5028
- C:\Windows\System\rgLOVQQ.exe
  C:\Windows\System\rgLOVQQ.exe
  2⤵
  PID:4936
- C:\Windows\System\GvieoCX.exe
  C:\Windows\System\GvieoCX.exe
  2⤵
  PID:5012
- C:\Windows\System\LpVvssr.exe
  C:\Windows\System\LpVvssr.exe
  2⤵
  PID:5072
- C:\Windows\System\fdqWVQw.exe
  C:\Windows\System\fdqWVQw.exe
  2⤵
  PID:1600
- C:\Windows\System\rzjUXId.exe
  C:\Windows\System\rzjUXId.exe
  2⤵
  PID:4084
- C:\Windows\System\stmsvYN.exe
  C:\Windows\System\stmsvYN.exe
  2⤵
  PID:3576
- C:\Windows\System\ZRwBsIp.exe
  C:\Windows\System\ZRwBsIp.exe
  2⤵
  PID:1612
- C:\Windows\System\NyPGzJT.exe
  C:\Windows\System\NyPGzJT.exe
  2⤵
  PID:3880
- C:\Windows\System\EHbKslt.exe
  C:\Windows\System\EHbKslt.exe
  2⤵
  PID:3836
- C:\Windows\System\NhtKfNx.exe
  C:\Windows\System\NhtKfNx.exe
  2⤵
  PID:4120
- C:\Windows\System\DIZRtZD.exe
  C:\Windows\System\DIZRtZD.exe
  2⤵
  PID:4260
- C:\Windows\System\XjliTgh.exe
  C:\Windows\System\XjliTgh.exe
  2⤵
  PID:2052
- C:\Windows\System\VYbCngR.exe
  C:\Windows\System\VYbCngR.exe
  2⤵
  PID:4460
- C:\Windows\System\WuIWPCc.exe
  C:\Windows\System\WuIWPCc.exe
  2⤵
  PID:4392
- C:\Windows\System\CPkeMlP.exe
  C:\Windows\System\CPkeMlP.exe
  2⤵
  PID:4100
- C:\Windows\System\ISWbeqz.exe
  C:\Windows\System\ISWbeqz.exe
  2⤵
  PID:3512
- C:\Windows\System\OmbKdPX.exe
  C:\Windows\System\OmbKdPX.exe
  2⤵
  PID:4576
- C:\Windows\System\csHdVBS.exe
  C:\Windows\System\csHdVBS.exe
  2⤵
  PID:4172
- C:\Windows\System\KpSknLQ.exe
  C:\Windows\System\KpSknLQ.exe
  2⤵
  PID:292
- C:\Windows\System\gaPfSzm.exe
  C:\Windows\System\gaPfSzm.exe
  2⤵
  PID:4512
- C:\Windows\System\RnFSlGd.exe
  C:\Windows\System\RnFSlGd.exe
  2⤵
  PID:4692
- C:\Windows\System\eLRQYcA.exe
  C:\Windows\System\eLRQYcA.exe
  2⤵
  PID:4768
- C:\Windows\System\OJlUyxr.exe
  C:\Windows\System\OJlUyxr.exe
  2⤵
  PID:4592
- C:\Windows\System\uJqScUS.exe
  C:\Windows\System\uJqScUS.exe
  2⤵
  PID:4812
- C:\Windows\System\GRNxXsI.exe
  C:\Windows\System\GRNxXsI.exe
  2⤵
  PID:4856
- C:\Windows\System\QmDlJCN.exe
  C:\Windows\System\QmDlJCN.exe
  2⤵
  PID:5044
- C:\Windows\System\HCZBDRW.exe
  C:\Windows\System\HCZBDRW.exe
  2⤵
  PID:3296
- C:\Windows\System\IzBJAXU.exe
  C:\Windows\System\IzBJAXU.exe
  2⤵
  PID:4152
- C:\Windows\System\oCsgCIZ.exe
  C:\Windows\System\oCsgCIZ.exe
  2⤵
  PID:4580
- C:\Windows\System\IUOSCIq.exe
  C:\Windows\System\IUOSCIq.exe
  2⤵
  PID:2056
- C:\Windows\System\CWWmXLa.exe
  C:\Windows\System\CWWmXLa.exe
  2⤵
  PID:4552
- C:\Windows\System\piySOEj.exe
  C:\Windows\System\piySOEj.exe
  2⤵
  PID:3556
- C:\Windows\System\YhOycKt.exe
  C:\Windows\System\YhOycKt.exe
  2⤵
  PID:2800
- C:\Windows\System\bujqaaR.exe
  C:\Windows\System\bujqaaR.exe
  2⤵
  PID:2780
- C:\Windows\System\tHZBGBU.exe
  C:\Windows\System\tHZBGBU.exe
  2⤵
  PID:4212
- C:\Windows\System\upTwejR.exe
  C:\Windows\System\upTwejR.exe
  2⤵
  PID:2720
- C:\Windows\System\SCKaTFv.exe
  C:\Windows\System\SCKaTFv.exe
  2⤵
  PID:4160
- C:\Windows\System\wktczgA.exe
  C:\Windows\System\wktczgA.exe
  2⤵
  PID:4664
- C:\Windows\System\aKjQUyl.exe
  C:\Windows\System\aKjQUyl.exe
  2⤵
  PID:2640
- C:\Windows\System\rMcSDki.exe
  C:\Windows\System\rMcSDki.exe
  2⤵
  PID:4916
- C:\Windows\System\CfYdles.exe
  C:\Windows\System\CfYdles.exe
  2⤵
  PID:2348
- C:\Windows\System\rarfrTL.exe
  C:\Windows\System\rarfrTL.exe
  2⤵
  PID:4836
- C:\Windows\System\Hkldogn.exe
  C:\Windows\System\Hkldogn.exe
  2⤵
  PID:4844
- C:\Windows\System\bmWkofv.exe
  C:\Windows\System\bmWkofv.exe
  2⤵
  PID:4980
- C:\Windows\System\pjdvGQm.exe
  C:\Windows\System\pjdvGQm.exe
  2⤵
  PID:5108
- C:\Windows\System\MsduPyL.exe
  C:\Windows\System\MsduPyL.exe
  2⤵
  PID:2100
- C:\Windows\System\SQvEXWE.exe
  C:\Windows\System\SQvEXWE.exe
  2⤵
  PID:1240
- C:\Windows\System\wnBwRcD.exe
  C:\Windows\System\wnBwRcD.exe
  2⤵
  PID:1052
- C:\Windows\System\MQUntog.exe
  C:\Windows\System\MQUntog.exe
  2⤵
  PID:3852
- C:\Windows\System\cMMAhBy.exe
  C:\Windows\System\cMMAhBy.exe
  2⤵
  PID:4492
- C:\Windows\System\CKIMkGJ.exe
  C:\Windows\System\CKIMkGJ.exe
  2⤵
  PID:4228
- C:\Windows\System\stcRTcH.exe
  C:\Windows\System\stcRTcH.exe
  2⤵
  PID:1932
- C:\Windows\System\AjgvSXU.exe
  C:\Windows\System\AjgvSXU.exe
  2⤵
  PID:4788
- C:\Windows\System\KNtUVai.exe
  C:\Windows\System\KNtUVai.exe
  2⤵
  PID:2752
- C:\Windows\System\YGVghAR.exe
  C:\Windows\System\YGVghAR.exe
  2⤵
  PID:2416
- C:\Windows\System\yMLmQfS.exe
  C:\Windows\System\yMLmQfS.exe
  2⤵
  PID:448
- C:\Windows\System\CAEoJrD.exe
  C:\Windows\System\CAEoJrD.exe
  2⤵
  PID:2932
- C:\Windows\System\VmSQnJu.exe
  C:\Windows\System\VmSQnJu.exe
  2⤵
  PID:2008
- C:\Windows\System\RjXcETl.exe
  C:\Windows\System\RjXcETl.exe
  2⤵
  PID:3060
- C:\Windows\System\RDBhhMR.exe
  C:\Windows\System\RDBhhMR.exe
  2⤵
  PID:4288
- C:\Windows\System\gapuQMq.exe
  C:\Windows\System\gapuQMq.exe
  2⤵
  PID:1088
- C:\Windows\System\yTzQnTB.exe
  C:\Windows\System\yTzQnTB.exe
  2⤵
  PID:3108
- C:\Windows\System\cGUvHRD.exe
  C:\Windows\System\cGUvHRD.exe
  2⤵
  PID:4456
- C:\Windows\System\fgWrTpS.exe
  C:\Windows\System\fgWrTpS.exe
  2⤵
  PID:4380
- C:\Windows\System\oMfqdqS.exe
  C:\Windows\System\oMfqdqS.exe
  2⤵
  PID:5024
- C:\Windows\System\mrvdhGV.exe
  C:\Windows\System\mrvdhGV.exe
  2⤵
  PID:2916
- C:\Windows\System\ritjQsH.exe
  C:\Windows\System\ritjQsH.exe
  2⤵
  PID:2876
- C:\Windows\System\bOpVjgd.exe
  C:\Windows\System\bOpVjgd.exe
  2⤵
  PID:2064
- C:\Windows\System\YgFUBLd.exe
  C:\Windows\System\YgFUBLd.exe
  2⤵
  PID:2828
- C:\Windows\System\pEPaINu.exe
  C:\Windows\System\pEPaINu.exe
  2⤵
  PID:4652
- C:\Windows\System\GrfDFqN.exe
  C:\Windows\System\GrfDFqN.exe
  2⤵
  PID:4976
- C:\Windows\System\SbMcrey.exe
  C:\Windows\System\SbMcrey.exe
  2⤵
  PID:2632
- C:\Windows\System\NpzKonk.exe
  C:\Windows\System\NpzKonk.exe
  2⤵
  PID:1996
- C:\Windows\System\EOhsRNc.exe
  C:\Windows\System\EOhsRNc.exe
  2⤵
  PID:1424
- C:\Windows\System\fpzCKoL.exe
  C:\Windows\System\fpzCKoL.exe
  2⤵
  PID:3004
- C:\Windows\System\TJjYEyS.exe
  C:\Windows\System\TJjYEyS.exe
  2⤵
  PID:2356
- C:\Windows\System\leSrcio.exe
  C:\Windows\System\leSrcio.exe
  2⤵
  PID:4888
- C:\Windows\System\WDLeLcZ.exe
  C:\Windows\System\WDLeLcZ.exe
  2⤵
  PID:1276
- C:\Windows\System\xFfzmZA.exe
  C:\Windows\System\xFfzmZA.exe
  2⤵
  PID:1164
- C:\Windows\System\ExWoHbn.exe
  C:\Windows\System\ExWoHbn.exe
  2⤵
  PID:5128
- C:\Windows\System\raZqIVe.exe
  C:\Windows\System\raZqIVe.exe
  2⤵
  PID:5144
- C:\Windows\System\YkYKzCA.exe
  C:\Windows\System\YkYKzCA.exe
  2⤵
  PID:5168
- C:\Windows\System\dKcxOAJ.exe
  C:\Windows\System\dKcxOAJ.exe
  2⤵
  PID:5184
- C:\Windows\System\xsecAkY.exe
  C:\Windows\System\xsecAkY.exe
  2⤵
  PID:5204
- C:\Windows\System\lseTKSC.exe
  C:\Windows\System\lseTKSC.exe
  2⤵
  PID:5220
- C:\Windows\System\hKWEjPo.exe
  C:\Windows\System\hKWEjPo.exe
  2⤵
  PID:5236
- C:\Windows\System\WEcFUQy.exe
  C:\Windows\System\WEcFUQy.exe
  2⤵
  PID:5256
- C:\Windows\System\kjxfeOe.exe
  C:\Windows\System\kjxfeOe.exe
  2⤵
  PID:5272
- C:\Windows\System\tPImDLp.exe
  C:\Windows\System\tPImDLp.exe
  2⤵
  PID:5288
- C:\Windows\System\ikpBtTV.exe
  C:\Windows\System\ikpBtTV.exe
  2⤵
  PID:5344
- C:\Windows\System\abUXxkW.exe
  C:\Windows\System\abUXxkW.exe
  2⤵
  PID:5360
- C:\Windows\System\IYiAQBq.exe
  C:\Windows\System\IYiAQBq.exe
  2⤵
  PID:5376
- C:\Windows\System\xlaAfgp.exe
  C:\Windows\System\xlaAfgp.exe
  2⤵
  PID:5392
- C:\Windows\System\YoyWndK.exe
  C:\Windows\System\YoyWndK.exe
  2⤵
  PID:5412
- C:\Windows\System\ycwFRPK.exe
  C:\Windows\System\ycwFRPK.exe
  2⤵
  PID:5432
- C:\Windows\System\TcrgRpL.exe
  C:\Windows\System\TcrgRpL.exe
  2⤵
  PID:5448
- C:\Windows\System\buNFIVX.exe
  C:\Windows\System\buNFIVX.exe
  2⤵
  PID:5464
- C:\Windows\System\HjvtbdJ.exe
  C:\Windows\System\HjvtbdJ.exe
  2⤵
  PID:5480
- C:\Windows\System\iSbPSZQ.exe
  C:\Windows\System\iSbPSZQ.exe
  2⤵
  PID:5496
- C:\Windows\System\HJAMqOj.exe
  C:\Windows\System\HJAMqOj.exe
  2⤵
  PID:5512
- C:\Windows\System\QumDwYL.exe
  C:\Windows\System\QumDwYL.exe
  2⤵
  PID:5528
- C:\Windows\System\cnhhhmh.exe
  C:\Windows\System\cnhhhmh.exe
  2⤵
  PID:5544
- C:\Windows\System\KBRydpI.exe
  C:\Windows\System\KBRydpI.exe
  2⤵
  PID:5560
- C:\Windows\System\iUPSKWw.exe
  C:\Windows\System\iUPSKWw.exe
  2⤵
  PID:5576
- C:\Windows\System\QfASHnF.exe
  C:\Windows\System\QfASHnF.exe
  2⤵
  PID:5592
- C:\Windows\System\LeAnvjx.exe
  C:\Windows\System\LeAnvjx.exe
  2⤵
  PID:5608
- C:\Windows\System\rmTdSZg.exe
  C:\Windows\System\rmTdSZg.exe
  2⤵
  PID:5624
- C:\Windows\System\NIctNPv.exe
  C:\Windows\System\NIctNPv.exe
  2⤵
  PID:5640
- C:\Windows\System\tOFswpi.exe
  C:\Windows\System\tOFswpi.exe
  2⤵
  PID:5656
- C:\Windows\System\tgZTswS.exe
  C:\Windows\System\tgZTswS.exe
  2⤵
  PID:5672
- C:\Windows\System\NcrJPNH.exe
  C:\Windows\System\NcrJPNH.exe
  2⤵
  PID:5688
- C:\Windows\System\ALdprwE.exe
  C:\Windows\System\ALdprwE.exe
  2⤵
  PID:5704
- C:\Windows\System\UAZuffX.exe
  C:\Windows\System\UAZuffX.exe
  2⤵
  PID:5720
- C:\Windows\System\XUmpLge.exe
  C:\Windows\System\XUmpLge.exe
  2⤵
  PID:5736
- C:\Windows\System\ymAodrR.exe
  C:\Windows\System\ymAodrR.exe
  2⤵
  PID:5752
- C:\Windows\System\aJEvPnb.exe
  C:\Windows\System\aJEvPnb.exe
  2⤵
  PID:5768
- C:\Windows\System\avPStPQ.exe
  C:\Windows\System\avPStPQ.exe
  2⤵
  PID:5784
- C:\Windows\System\klpjuWm.exe
  C:\Windows\System\klpjuWm.exe
  2⤵
  PID:5800
- C:\Windows\System\mavDrVc.exe
  C:\Windows\System\mavDrVc.exe
  2⤵
  PID:5816
- C:\Windows\System\NxEkRqJ.exe
  C:\Windows\System\NxEkRqJ.exe
  2⤵
  PID:5832
- C:\Windows\System\CswSCke.exe
  C:\Windows\System\CswSCke.exe
  2⤵
  PID:5848
- C:\Windows\System\JbOpaXV.exe
  C:\Windows\System\JbOpaXV.exe
  2⤵
  PID:5864
- C:\Windows\System\YhGunkC.exe
  C:\Windows\System\YhGunkC.exe
  2⤵
  PID:5880
- C:\Windows\System\vohGAkb.exe
  C:\Windows\System\vohGAkb.exe
  2⤵
  PID:5896
- C:\Windows\System\RrbuBXv.exe
  C:\Windows\System\RrbuBXv.exe
  2⤵
  PID:5912
- C:\Windows\System\uwNUObk.exe
  C:\Windows\System\uwNUObk.exe
  2⤵
  PID:5928
- C:\Windows\System\JGreSRZ.exe
  C:\Windows\System\JGreSRZ.exe
  2⤵
  PID:5944
- C:\Windows\System\dLQEuYu.exe
  C:\Windows\System\dLQEuYu.exe
  2⤵
  PID:5960
- C:\Windows\System\ZdIPMHU.exe
  C:\Windows\System\ZdIPMHU.exe
  2⤵
  PID:5976
- C:\Windows\System\qpwhqbO.exe
  C:\Windows\System\qpwhqbO.exe
  2⤵
  PID:5992
- C:\Windows\System\pZMeapG.exe
  C:\Windows\System\pZMeapG.exe
  2⤵
  PID:6008
- C:\Windows\System\lMjiAuh.exe
  C:\Windows\System\lMjiAuh.exe
  2⤵
  PID:6024
- C:\Windows\System\ojgHduU.exe
  C:\Windows\System\ojgHduU.exe
  2⤵
  PID:6040
- C:\Windows\System\baLKloH.exe
  C:\Windows\System\baLKloH.exe
  2⤵
  PID:6056
- C:\Windows\System\ZlEbqeA.exe
  C:\Windows\System\ZlEbqeA.exe
  2⤵
  PID:6072
- C:\Windows\System\vPFrwYI.exe
  C:\Windows\System\vPFrwYI.exe
  2⤵
  PID:6088
- C:\Windows\System\APUvULj.exe
  C:\Windows\System\APUvULj.exe
  2⤵
  PID:6104
- C:\Windows\System\JexeMCK.exe
  C:\Windows\System\JexeMCK.exe
  2⤵
  PID:6120
- C:\Windows\System\TEhXwAt.exe
  C:\Windows\System\TEhXwAt.exe
  2⤵
  PID:6136
- C:\Windows\System\gLYAUTy.exe
  C:\Windows\System\gLYAUTy.exe
  2⤵
  PID:2844
- C:\Windows\System\xXZLzwM.exe
  C:\Windows\System\xXZLzwM.exe
  2⤵
  PID:4476
- C:\Windows\System\DhAnapZ.exe
  C:\Windows\System\DhAnapZ.exe
  2⤵
  PID:2364
- C:\Windows\System\NMomQzZ.exe
  C:\Windows\System\NMomQzZ.exe
  2⤵
  PID:5152
- C:\Windows\System\buOkixV.exe
  C:\Windows\System\buOkixV.exe
  2⤵
  PID:5228
- C:\Windows\System\GuNUymh.exe
  C:\Windows\System\GuNUymh.exe
  2⤵
  PID:4964
- C:\Windows\System\qJSWOfw.exe
  C:\Windows\System\qJSWOfw.exe
  2⤵
  PID:5088
- C:\Windows\System\viJLuaM.exe
  C:\Windows\System\viJLuaM.exe
  2⤵
  PID:5200
- C:\Windows\System\YODqcPX.exe
  C:\Windows\System\YODqcPX.exe
  2⤵
  PID:764
- C:\Windows\System\sQmIULV.exe
  C:\Windows\System\sQmIULV.exe
  2⤵
  PID:4884
- C:\Windows\System\qCqGsUA.exe
  C:\Windows\System\qCqGsUA.exe
  2⤵
  PID:5212
- C:\Windows\System\foaXSqY.exe
  C:\Windows\System\foaXSqY.exe
  2⤵
  PID:5252
- C:\Windows\System\ozEfqBg.exe
  C:\Windows\System\ozEfqBg.exe
  2⤵
  PID:1940
- C:\Windows\System\heRpiwi.exe
  C:\Windows\System\heRpiwi.exe
  2⤵
  PID:796
- C:\Windows\System\woXNuBj.exe
  C:\Windows\System\woXNuBj.exe
  2⤵
  PID:5300
- C:\Windows\System\suLctvw.exe
  C:\Windows\System\suLctvw.exe
  2⤵
  PID:5308
- C:\Windows\System\SKpYfNQ.exe
  C:\Windows\System\SKpYfNQ.exe
  2⤵
  PID:5328
- C:\Windows\System\mfMEhxv.exe
  C:\Windows\System\mfMEhxv.exe
  2⤵
  PID:5372
- C:\Windows\System\wQlbgVu.exe
  C:\Windows\System\wQlbgVu.exe
  2⤵
  PID:5388
- C:\Windows\System\MrpAuip.exe
  C:\Windows\System\MrpAuip.exe
  2⤵
  PID:5444
- C:\Windows\System\hNRVhvR.exe
  C:\Windows\System\hNRVhvR.exe
  2⤵
  PID:5424
- C:\Windows\System\TvFlmbB.exe
  C:\Windows\System\TvFlmbB.exe
  2⤵
  PID:5664
- C:\Windows\System\bWAUxIf.exe
  C:\Windows\System\bWAUxIf.exe
  2⤵
  PID:5728
- C:\Windows\System\exNAyWt.exe
  C:\Windows\System\exNAyWt.exe
  2⤵
  PID:5572
- C:\Windows\System\xdXyUkG.exe
  C:\Windows\System\xdXyUkG.exe
  2⤵
  PID:5540
- C:\Windows\System\qIfLDYE.exe
  C:\Windows\System\qIfLDYE.exe
  2⤵
  PID:5792
- C:\Windows\System\EaMsNnj.exe
  C:\Windows\System\EaMsNnj.exe
  2⤵
  PID:5588
- C:\Windows\System\DoEIhuQ.exe
  C:\Windows\System\DoEIhuQ.exe
  2⤵
  PID:5652
- C:\Windows\System\YfyOykN.exe
  C:\Windows\System\YfyOykN.exe
  2⤵
  PID:5716
- C:\Windows\System\sDnFYbK.exe
  C:\Windows\System\sDnFYbK.exe
  2⤵
  PID:5776
- C:\Windows\System\ruvadQC.exe
  C:\Windows\System\ruvadQC.exe
  2⤵
  PID:5872
- C:\Windows\System\WPByJjX.exe
  C:\Windows\System\WPByJjX.exe
  2⤵
  PID:5936
- C:\Windows\System\lDXUMBQ.exe
  C:\Windows\System\lDXUMBQ.exe
  2⤵
  PID:6016
- C:\Windows\System\kIkJPqA.exe
  C:\Windows\System\kIkJPqA.exe
  2⤵
  PID:6052
- C:\Windows\System\TYctEwY.exe
  C:\Windows\System\TYctEwY.exe
  2⤵
  PID:5844
- C:\Windows\System\acusGvr.exe
  C:\Windows\System\acusGvr.exe
  2⤵
  PID:6004
- C:\Windows\System\GFyVqgz.exe
  C:\Windows\System\GFyVqgz.exe
  2⤵
  PID:6064
- C:\Windows\System\ZUUnZdy.exe
  C:\Windows\System\ZUUnZdy.exe
  2⤵
  PID:6116
- C:\Windows\System\NrwhnDD.exe
  C:\Windows\System\NrwhnDD.exe
  2⤵
  PID:5192
- C:\Windows\System\KJMHgRb.exe
  C:\Windows\System\KJMHgRb.exe
  2⤵
  PID:5268
- C:\Windows\System\hCquJWf.exe
  C:\Windows\System\hCquJWf.exe
  2⤵
  PID:4860
- C:\Windows\System\DTZEioH.exe
  C:\Windows\System\DTZEioH.exe
  2⤵
  PID:5176
- C:\Windows\System\ndAkvIW.exe
  C:\Windows\System\ndAkvIW.exe
  2⤵
  PID:1532
- C:\Windows\System\ZmUksEn.exe
  C:\Windows\System\ZmUksEn.exe
  2⤵
  PID:5264
- C:\Windows\System\Xklqnti.exe
  C:\Windows\System\Xklqnti.exe
  2⤵
  PID:4892
- C:\Windows\System\mRaaDhu.exe
  C:\Windows\System\mRaaDhu.exe
  2⤵
  PID:1540
- C:\Windows\System\wnOzSpK.exe
  C:\Windows\System\wnOzSpK.exe
  2⤵
  PID:5304
- C:\Windows\System\eaRjfiw.exe
  C:\Windows\System\eaRjfiw.exe
  2⤵
  PID:5472
- C:\Windows\System\PqLNHqQ.exe
  C:\Windows\System\PqLNHqQ.exe
  2⤵
  PID:5320
- C:\Windows\System\AOZZQaa.exe
  C:\Windows\System\AOZZQaa.exe
  2⤵
  PID:5508
- C:\Windows\System\fTkaYem.exe
  C:\Windows\System\fTkaYem.exe
  2⤵
  PID:5384
- C:\Windows\System\jzhXZbi.exe
  C:\Windows\System\jzhXZbi.exe
  2⤵
  PID:5568
- C:\Windows\System\etpdzJh.exe
  C:\Windows\System\etpdzJh.exe
  2⤵
  PID:5700
- C:\Windows\System\QzgzTSi.exe
  C:\Windows\System\QzgzTSi.exe
  2⤵
  PID:5632
- C:\Windows\System\ZeYgtIN.exe
  C:\Windows\System\ZeYgtIN.exe
  2⤵
  PID:5764
- C:\Windows\System\XqwBlKj.exe
  C:\Windows\System\XqwBlKj.exe
  2⤵
  PID:5556
- C:\Windows\System\TbnMZTd.exe
  C:\Windows\System\TbnMZTd.exe
  2⤵
  PID:5956
- C:\Windows\System\KFGtOGU.exe
  C:\Windows\System\KFGtOGU.exe
  2⤵
  PID:5780
- C:\Windows\System\fSUHNOg.exe
  C:\Windows\System\fSUHNOg.exe
  2⤵
  PID:4896
- C:\Windows\System\JsPBOhA.exe
  C:\Windows\System\JsPBOhA.exe
  2⤵
  PID:2380
- C:\Windows\System\PxfsWKL.exe
  C:\Windows\System\PxfsWKL.exe
  2⤵
  PID:5280
- C:\Windows\System\EqYDiKP.exe
  C:\Windows\System\EqYDiKP.exe
  2⤵
  PID:6128
- C:\Windows\System\eRdjYvy.exe
  C:\Windows\System\eRdjYvy.exe
  2⤵
  PID:6048
- C:\Windows\System\amLDEwB.exe
  C:\Windows\System\amLDEwB.exe
  2⤵
  PID:5456
- C:\Windows\System\LGGVozn.exe
  C:\Windows\System\LGGVozn.exe
  2⤵
  PID:4880
- C:\Windows\System\LmxACUT.exe
  C:\Windows\System\LmxACUT.exe
  2⤵
  PID:5600
- C:\Windows\System\BAgqApq.exe
  C:\Windows\System\BAgqApq.exe
  2⤵
  PID:5340
- C:\Windows\System\CfoGUhH.exe
  C:\Windows\System\CfoGUhH.exe
  2⤵
  PID:5324
- C:\Windows\System\Byzstvi.exe
  C:\Windows\System\Byzstvi.exe
  2⤵
  PID:5636
- C:\Windows\System\xLvUfpo.exe
  C:\Windows\System\xLvUfpo.exe
  2⤵
  PID:6036
- C:\Windows\System\YKISaAz.exe
  C:\Windows\System\YKISaAz.exe
  2⤵
  PID:5604
- C:\Windows\System\AkDcgMR.exe
  C:\Windows\System\AkDcgMR.exe
  2⤵
  PID:5840
- C:\Windows\System\XhPOcYR.exe
  C:\Windows\System\XhPOcYR.exe
  2⤵
  PID:5648
- C:\Windows\System\Trrkvou.exe
  C:\Windows\System\Trrkvou.exe
  2⤵
  PID:1452
- C:\Windows\System\AOMiRXB.exe
  C:\Windows\System\AOMiRXB.exe
  2⤵
  PID:872
- C:\Windows\System\pwpnejj.exe
  C:\Windows\System\pwpnejj.exe
  2⤵
  PID:5952
- C:\Windows\System\IGLGqVg.exe
  C:\Windows\System\IGLGqVg.exe
  2⤵
  PID:5732
- C:\Windows\System\OZAKsnk.exe
  C:\Windows\System\OZAKsnk.exe
  2⤵
  PID:5856
- C:\Windows\System\RjtcFHv.exe
  C:\Windows\System\RjtcFHv.exe
  2⤵
  PID:2680
- C:\Windows\System\CkiGSAw.exe
  C:\Windows\System\CkiGSAw.exe
  2⤵
  PID:5988
- C:\Windows\System\MESeVxR.exe
  C:\Windows\System\MESeVxR.exe
  2⤵
  PID:5684
- C:\Windows\System\VEfrECH.exe
  C:\Windows\System\VEfrECH.exe
  2⤵
  PID:5908
- C:\Windows\System\GRSFbLr.exe
  C:\Windows\System\GRSFbLr.exe
  2⤵
  PID:5492
- C:\Windows\System\aeMSXog.exe
  C:\Windows\System\aeMSXog.exe
  2⤵
  PID:6148
- C:\Windows\System\loCWOes.exe
  C:\Windows\System\loCWOes.exe
  2⤵
  PID:6164
- C:\Windows\System\plcwwAX.exe
  C:\Windows\System\plcwwAX.exe
  2⤵
  PID:6180
- C:\Windows\System\lohnxYr.exe
  C:\Windows\System\lohnxYr.exe
  2⤵
  PID:6200
- C:\Windows\System\xqvhcIJ.exe
  C:\Windows\System\xqvhcIJ.exe
  2⤵
  PID:6216
- C:\Windows\System\gmvNuMI.exe
  C:\Windows\System\gmvNuMI.exe
  2⤵
  PID:6232
- C:\Windows\System\GyDQWUM.exe
  C:\Windows\System\GyDQWUM.exe
  2⤵
  PID:6248
- C:\Windows\System\yWwAIeI.exe
  C:\Windows\System\yWwAIeI.exe
  2⤵
  PID:6264
- C:\Windows\System\WLzBczM.exe
  C:\Windows\System\WLzBczM.exe
  2⤵
  PID:6280
- C:\Windows\System\yMaCebr.exe
  C:\Windows\System\yMaCebr.exe
  2⤵
  PID:6296
- C:\Windows\System\gkgdgJY.exe
  C:\Windows\System\gkgdgJY.exe
  2⤵
  PID:6312
- C:\Windows\System\xzhZkKR.exe
  C:\Windows\System\xzhZkKR.exe
  2⤵
  PID:6328
- C:\Windows\System\hSnGVZw.exe
  C:\Windows\System\hSnGVZw.exe
  2⤵
  PID:6348
- C:\Windows\System\SidkfGx.exe
  C:\Windows\System\SidkfGx.exe
  2⤵
  PID:6364
- C:\Windows\System\SwkNwnL.exe
  C:\Windows\System\SwkNwnL.exe
  2⤵
  PID:6380
- C:\Windows\System\mxUxUPX.exe
  C:\Windows\System\mxUxUPX.exe
  2⤵
  PID:6404
- C:\Windows\System\gGmNYsW.exe
  C:\Windows\System\gGmNYsW.exe
  2⤵
  PID:6420
- C:\Windows\System\POaFfMB.exe
  C:\Windows\System\POaFfMB.exe
  2⤵
  PID:6436
- C:\Windows\System\GVKyRdV.exe
  C:\Windows\System\GVKyRdV.exe
  2⤵
  PID:6452
- C:\Windows\System\aZyQLvr.exe
  C:\Windows\System\aZyQLvr.exe
  2⤵
  PID:6468
- C:\Windows\System\hnYiUov.exe
  C:\Windows\System\hnYiUov.exe
  2⤵
  PID:6484
- C:\Windows\System\xjCiLrE.exe
  C:\Windows\System\xjCiLrE.exe
  2⤵
  PID:6504
- C:\Windows\System\YdkPcdj.exe
  C:\Windows\System\YdkPcdj.exe
  2⤵
  PID:6520
- C:\Windows\System\rOhrktL.exe
  C:\Windows\System\rOhrktL.exe
  2⤵
  PID:6536
- C:\Windows\System\uXOHMOV.exe
  C:\Windows\System\uXOHMOV.exe
  2⤵
  PID:6552
- C:\Windows\System\UyKLaVt.exe
  C:\Windows\System\UyKLaVt.exe
  2⤵
  PID:6568
- C:\Windows\System\UWqUfQd.exe
  C:\Windows\System\UWqUfQd.exe
  2⤵
  PID:6620
- C:\Windows\System\mZvvTIt.exe
  C:\Windows\System\mZvvTIt.exe
  2⤵
  PID:6640
- C:\Windows\System\LVUAIRF.exe
  C:\Windows\System\LVUAIRF.exe
  2⤵
  PID:6656
- C:\Windows\System\YcTSUui.exe
  C:\Windows\System\YcTSUui.exe
  2⤵
  PID:6672
- C:\Windows\System\vYcsvBP.exe
  C:\Windows\System\vYcsvBP.exe
  2⤵
  PID:6688
- C:\Windows\System\FaqJxQZ.exe
  C:\Windows\System\FaqJxQZ.exe
  2⤵
  PID:6704
- C:\Windows\System\yASljQz.exe
  C:\Windows\System\yASljQz.exe
  2⤵
  PID:6720
- C:\Windows\System\eajeUiy.exe
  C:\Windows\System\eajeUiy.exe
  2⤵
  PID:6736
- C:\Windows\System\QNSEoYM.exe
  C:\Windows\System\QNSEoYM.exe
  2⤵
  PID:6752
- C:\Windows\System\vNlWxmf.exe
  C:\Windows\System\vNlWxmf.exe
  2⤵
  PID:6768
- C:\Windows\System\MzAEOsp.exe
  C:\Windows\System\MzAEOsp.exe
  2⤵
  PID:6788
- C:\Windows\System\KmIVgHm.exe
  C:\Windows\System\KmIVgHm.exe
  2⤵
  PID:6804
- C:\Windows\System\EWZvEyD.exe
  C:\Windows\System\EWZvEyD.exe
  2⤵
  PID:6820
- C:\Windows\System\fqwqkbm.exe
  C:\Windows\System\fqwqkbm.exe
  2⤵
  PID:6840
- C:\Windows\System\SgwwtbH.exe
  C:\Windows\System\SgwwtbH.exe
  2⤵
  PID:6856
- C:\Windows\System\uCAeqCt.exe
  C:\Windows\System\uCAeqCt.exe
  2⤵
  PID:6872
- C:\Windows\System\BuaEkQa.exe
  C:\Windows\System\BuaEkQa.exe
  2⤵
  PID:6888
- C:\Windows\System\LyhkBVP.exe
  C:\Windows\System\LyhkBVP.exe
  2⤵
  PID:6904
- C:\Windows\System\fLtrhMo.exe
  C:\Windows\System\fLtrhMo.exe
  2⤵
  PID:6920
- C:\Windows\System\uevgmZo.exe
  C:\Windows\System\uevgmZo.exe
  2⤵
  PID:6936
- C:\Windows\System\tHAQzUQ.exe
  C:\Windows\System\tHAQzUQ.exe
  2⤵
  PID:6952
- C:\Windows\System\EjtrBni.exe
  C:\Windows\System\EjtrBni.exe
  2⤵
  PID:6988
- C:\Windows\System\gqBzUEQ.exe
  C:\Windows\System\gqBzUEQ.exe
  2⤵
  PID:7008
- C:\Windows\System\SEYXGDM.exe
  C:\Windows\System\SEYXGDM.exe
  2⤵
  PID:7024
- C:\Windows\System\FILBzKI.exe
  C:\Windows\System\FILBzKI.exe
  2⤵
  PID:7040
- C:\Windows\System\lxOVTLc.exe
  C:\Windows\System\lxOVTLc.exe
  2⤵
  PID:7056
- C:\Windows\System\xFZQKjF.exe
  C:\Windows\System\xFZQKjF.exe
  2⤵
  PID:7072
- C:\Windows\System\skQbXlA.exe
  C:\Windows\System\skQbXlA.exe
  2⤵
  PID:7092
- C:\Windows\System\JMsAzNh.exe
  C:\Windows\System\JMsAzNh.exe
  2⤵
  PID:7108
- C:\Windows\System\SQwbEql.exe
  C:\Windows\System\SQwbEql.exe
  2⤵
  PID:7124
- C:\Windows\System\kFHFWOK.exe
  C:\Windows\System\kFHFWOK.exe
  2⤵
  PID:7140
- C:\Windows\System\zbquYWy.exe
  C:\Windows\System\zbquYWy.exe
  2⤵
  PID:7156
- C:\Windows\System\kkxYiSZ.exe
  C:\Windows\System\kkxYiSZ.exe
  2⤵
  PID:5356
- C:\Windows\System\hVfewiR.exe
  C:\Windows\System\hVfewiR.exe
  2⤵
  PID:5460
- C:\Windows\System\jwpCnlq.exe
  C:\Windows\System\jwpCnlq.exe
  2⤵
  PID:6160
- C:\Windows\System\IvapSCX.exe
  C:\Windows\System\IvapSCX.exe
  2⤵
  PID:6208
- C:\Windows\System\rHtBAkW.exe
  C:\Windows\System\rHtBAkW.exe
  2⤵
  PID:6308
- C:\Windows\System\YaJWicU.exe
  C:\Windows\System\YaJWicU.exe
  2⤵
  PID:6320
- C:\Windows\System\ayxtywI.exe
  C:\Windows\System\ayxtywI.exe
  2⤵
  PID:6292
- C:\Windows\System\hOAmYJm.exe
  C:\Windows\System\hOAmYJm.exe
  2⤵
  PID:6356
- C:\Windows\System\zrFTFHK.exe
  C:\Windows\System\zrFTFHK.exe
  2⤵
  PID:6388
- C:\Windows\System\PdmJZkR.exe
  C:\Windows\System\PdmJZkR.exe
  2⤵
  PID:6428
- C:\Windows\System\LhNKfuH.exe
  C:\Windows\System\LhNKfuH.exe
  2⤵
  PID:6412
- C:\Windows\System\cAaCHXv.exe
  C:\Windows\System\cAaCHXv.exe
  2⤵
  PID:6476
- C:\Windows\System\WqUovVW.exe
  C:\Windows\System\WqUovVW.exe
  2⤵
  PID:6548
- C:\Windows\System\RGvtDQZ.exe
  C:\Windows\System\RGvtDQZ.exe
  2⤵
  PID:6588
- C:\Windows\System\FrvTHmj.exe
  C:\Windows\System\FrvTHmj.exe
  2⤵
  PID:6604
- C:\Windows\System\SgBpQjU.exe
  C:\Windows\System\SgBpQjU.exe
  2⤵
  PID:6560
- C:\Windows\System\mubXHiJ.exe
  C:\Windows\System\mubXHiJ.exe
  2⤵
  PID:6616
- C:\Windows\System\rYDojsl.exe
  C:\Windows\System\rYDojsl.exe
  2⤵
  PID:6680
- C:\Windows\System\iAyOCAk.exe
  C:\Windows\System\iAyOCAk.exe
  2⤵
  PID:6780
- C:\Windows\System\MGhCVpy.exe
  C:\Windows\System\MGhCVpy.exe
  2⤵
  PID:6912
- C:\Windows\System\vbHsRBl.exe
  C:\Windows\System\vbHsRBl.exe
  2⤵
  PID:6848
- C:\Windows\System\hPnLKxJ.exe
  C:\Windows\System\hPnLKxJ.exe
  2⤵
  PID:6628
- C:\Windows\System\zkBYtTm.exe
  C:\Windows\System\zkBYtTm.exe
  2⤵
  PID:6668
- C:\Windows\System\kCfAoGQ.exe
  C:\Windows\System\kCfAoGQ.exe
  2⤵
  PID:6732
- C:\Windows\System\NThuZEk.exe
  C:\Windows\System\NThuZEk.exe
  2⤵
  PID:6800
- C:\Windows\System\PWsoJYx.exe
  C:\Windows\System\PWsoJYx.exe
  2⤵
  PID:6864
- C:\Windows\System\jXsIdnC.exe
  C:\Windows\System\jXsIdnC.exe
  2⤵
  PID:6928
- C:\Windows\System\nsoxHKp.exe
  C:\Windows\System\nsoxHKp.exe
  2⤵
  PID:6968
- C:\Windows\System\XxXBiXF.exe
  C:\Windows\System\XxXBiXF.exe
  2⤵
  PID:6948
- C:\Windows\System\xPIzbJP.exe
  C:\Windows\System\xPIzbJP.exe
  2⤵
  PID:6984
- C:\Windows\System\sELMvDQ.exe
  C:\Windows\System\sELMvDQ.exe
  2⤵
  PID:7064
- C:\Windows\System\wTkxrCD.exe
  C:\Windows\System\wTkxrCD.exe
  2⤵
  PID:7100
- C:\Windows\System\PUdnGxV.exe
  C:\Windows\System\PUdnGxV.exe
  2⤵
  PID:7084
- C:\Windows\System\AGLUFXX.exe
  C:\Windows\System\AGLUFXX.exe
  2⤵
  PID:7116
- C:\Windows\System\EjPZPIg.exe
  C:\Windows\System\EjPZPIg.exe
  2⤵
  PID:7148
- C:\Windows\System\TbesphQ.exe
  C:\Windows\System\TbesphQ.exe
  2⤵
  PID:6020
- C:\Windows\System\phfjEWn.exe
  C:\Windows\System\phfjEWn.exe
  2⤵
  PID:6196
- C:\Windows\System\gavSOsk.exe
  C:\Windows\System\gavSOsk.exe
  2⤵
  PID:6304
- C:\Windows\System\CuwdYMJ.exe
  C:\Windows\System\CuwdYMJ.exe
  2⤵
  PID:6344
- C:\Windows\System\aZVqDzR.exe
  C:\Windows\System\aZVqDzR.exe
  2⤵
  PID:6360
- C:\Windows\System\SsmOVZD.exe
  C:\Windows\System\SsmOVZD.exe
  2⤵
  PID:6492
- C:\Windows\System\kAbYalG.exe
  C:\Windows\System\kAbYalG.exe
  2⤵
  PID:6596
- C:\Windows\System\LBgrvGv.exe
  C:\Windows\System\LBgrvGv.exe
  2⤵
  PID:6716
- C:\Windows\System\rKwGKRL.exe
  C:\Windows\System\rKwGKRL.exe
  2⤵
  PID:6636
- C:\Windows\System\VJopfIg.exe
  C:\Windows\System\VJopfIg.exe
  2⤵
  PID:6584
- C:\Windows\System\lWZWaer.exe
  C:\Windows\System\lWZWaer.exe
  2⤵
  PID:6748
- C:\Windows\System\kMjlTnr.exe
  C:\Windows\System\kMjlTnr.exe
  2⤵
  PID:6836
- C:\Windows\System\EBtjmGV.exe
  C:\Windows\System\EBtjmGV.exe
  2⤵
  PID:6916
- C:\Windows\System\PyCepkq.exe
  C:\Windows\System\PyCepkq.exe
  2⤵
  PID:6944
- C:\Windows\System\qxWgrLn.exe
  C:\Windows\System\qxWgrLn.exe
  2⤵
  PID:6976
- C:\Windows\System\ZLQPCOc.exe
  C:\Windows\System\ZLQPCOc.exe
  2⤵
  PID:6964
- C:\Windows\System\KimBYOZ.exe
  C:\Windows\System\KimBYOZ.exe
  2⤵
  PID:7052
- C:\Windows\System\WkUbJoj.exe
  C:\Windows\System\WkUbJoj.exe
  2⤵
  PID:7032
- C:\Windows\System\VvhqJMf.exe
  C:\Windows\System\VvhqJMf.exe
  2⤵
  PID:6192
- C:\Windows\System\zClaDmm.exe
  C:\Windows\System\zClaDmm.exe
  2⤵
  PID:6464
- C:\Windows\System\OpczAqk.exe
  C:\Windows\System\OpczAqk.exe
  2⤵
  PID:6532
- C:\Windows\System\XqWNPrX.exe
  C:\Windows\System\XqWNPrX.exe
  2⤵
  PID:6812
- C:\Windows\System\RHsUlmv.exe
  C:\Windows\System\RHsUlmv.exe
  2⤵
  PID:7000
- C:\Windows\System\VEHZODH.exe
  C:\Windows\System\VEHZODH.exe
  2⤵
  PID:6244
- C:\Windows\System\agLaiQX.exe
  C:\Windows\System\agLaiQX.exe
  2⤵
  PID:7080
- C:\Windows\System\eAtsNcf.exe
  C:\Windows\System\eAtsNcf.exe
  2⤵
  PID:7180
- C:\Windows\System\OpeqTnK.exe
  C:\Windows\System\OpeqTnK.exe
  2⤵
  PID:7196
- C:\Windows\System\FbLotUF.exe
  C:\Windows\System\FbLotUF.exe
  2⤵
  PID:7212
- C:\Windows\System\grmMvvj.exe
  C:\Windows\System\grmMvvj.exe
  2⤵
  PID:7228
- C:\Windows\System\gRFIiLj.exe
  C:\Windows\System\gRFIiLj.exe
  2⤵
  PID:7244
- C:\Windows\System\ABOVRGe.exe
  C:\Windows\System\ABOVRGe.exe
  2⤵
  PID:7264
- C:\Windows\System\qIxzema.exe
  C:\Windows\System\qIxzema.exe
  2⤵
  PID:7280
- C:\Windows\System\pKzDGHh.exe
  C:\Windows\System\pKzDGHh.exe
  2⤵
  PID:7296
- C:\Windows\System\JxQIJPm.exe
  C:\Windows\System\JxQIJPm.exe
  2⤵
  PID:7312
- C:\Windows\System\IlrfMnd.exe
  C:\Windows\System\IlrfMnd.exe
  2⤵
  PID:7328
- C:\Windows\System\biNFcnX.exe
  C:\Windows\System\biNFcnX.exe
  2⤵
  PID:7344
- C:\Windows\System\EvaarFG.exe
  C:\Windows\System\EvaarFG.exe
  2⤵
  PID:7360
- C:\Windows\System\fSIFOBo.exe
  C:\Windows\System\fSIFOBo.exe
  2⤵
  PID:7376
- C:\Windows\System\nNfnatx.exe
  C:\Windows\System\nNfnatx.exe
  2⤵
  PID:7392
- C:\Windows\System\pTzazRv.exe
  C:\Windows\System\pTzazRv.exe
  2⤵
  PID:7408
- C:\Windows\System\dCHFTVm.exe
  C:\Windows\System\dCHFTVm.exe
  2⤵
  PID:7424
- C:\Windows\System\ckBjYWa.exe
  C:\Windows\System\ckBjYWa.exe
  2⤵
  PID:7440
- C:\Windows\System\SvMBsVL.exe
  C:\Windows\System\SvMBsVL.exe
  2⤵
  PID:7456
- C:\Windows\System\aoxGNbj.exe
  C:\Windows\System\aoxGNbj.exe
  2⤵
  PID:7476
- C:\Windows\System\mDBTwLr.exe
  C:\Windows\System\mDBTwLr.exe
  2⤵
  PID:7492
- C:\Windows\System\shweRuL.exe
  C:\Windows\System\shweRuL.exe
  2⤵
  PID:7508
- C:\Windows\System\UPFGkvs.exe
  C:\Windows\System\UPFGkvs.exe
  2⤵
  PID:7528
- C:\Windows\System\rNoZJEK.exe
  C:\Windows\System\rNoZJEK.exe
  2⤵
  PID:7544
- C:\Windows\System\bGXhSrD.exe
  C:\Windows\System\bGXhSrD.exe
  2⤵
  PID:7560
- C:\Windows\System\QZvQgoZ.exe
  C:\Windows\System\QZvQgoZ.exe
  2⤵
  PID:7576
- C:\Windows\System\DBoCMtY.exe
  C:\Windows\System\DBoCMtY.exe
  2⤵
  PID:7592
- C:\Windows\System\DmSAhEh.exe
  C:\Windows\System\DmSAhEh.exe
  2⤵
  PID:7608
- C:\Windows\System\sskDjYp.exe
  C:\Windows\System\sskDjYp.exe
  2⤵
  PID:7624
- C:\Windows\System\Bxqogaw.exe
  C:\Windows\System\Bxqogaw.exe
  2⤵
  PID:7640
- C:\Windows\System\uNiXwFV.exe
  C:\Windows\System\uNiXwFV.exe
  2⤵
  PID:7656
- C:\Windows\System\JCQqPzz.exe
  C:\Windows\System\JCQqPzz.exe
  2⤵
  PID:7672
- C:\Windows\System\NXJtrZW.exe
  C:\Windows\System\NXJtrZW.exe
  2⤵
  PID:7688
- C:\Windows\System\JsSSWSG.exe
  C:\Windows\System\JsSSWSG.exe
  2⤵
  PID:7704
- C:\Windows\System\PNSMlDo.exe
  C:\Windows\System\PNSMlDo.exe
  2⤵
  PID:7720
- C:\Windows\System\zqWWSSj.exe
  C:\Windows\System\zqWWSSj.exe
  2⤵
  PID:7736
- C:\Windows\System\vqFdoHG.exe
  C:\Windows\System\vqFdoHG.exe
  2⤵
  PID:7752
- C:\Windows\System\THNMcuA.exe
  C:\Windows\System\THNMcuA.exe
  2⤵
  PID:7768
- C:\Windows\System\cWbIcPy.exe
  C:\Windows\System\cWbIcPy.exe
  2⤵
  PID:7784
- C:\Windows\System\HPGdWTO.exe
  C:\Windows\System\HPGdWTO.exe
  2⤵
  PID:7800
- C:\Windows\System\qDGsNPK.exe
  C:\Windows\System\qDGsNPK.exe
  2⤵
  PID:7816
- C:\Windows\System\eAJJWDU.exe
  C:\Windows\System\eAJJWDU.exe
  2⤵
  PID:7832
- C:\Windows\System\FmddprP.exe
  C:\Windows\System\FmddprP.exe
  2⤵
  PID:7848
- C:\Windows\System\zpkCoiT.exe
  C:\Windows\System\zpkCoiT.exe
  2⤵
  PID:7864
- C:\Windows\System\ETnSDty.exe
  C:\Windows\System\ETnSDty.exe
  2⤵
  PID:7880
- C:\Windows\System\IzQnoIR.exe
  C:\Windows\System\IzQnoIR.exe
  2⤵
  PID:7896
- C:\Windows\System\okYqYwb.exe
  C:\Windows\System\okYqYwb.exe
  2⤵
  PID:7912
- C:\Windows\System\aXgJBhu.exe
  C:\Windows\System\aXgJBhu.exe
  2⤵
  PID:7928
- C:\Windows\System\xrCeYiM.exe
  C:\Windows\System\xrCeYiM.exe
  2⤵
  PID:7944
- C:\Windows\System\KjLnfZD.exe
  C:\Windows\System\KjLnfZD.exe
  2⤵
  PID:7960
- C:\Windows\System\goxITwx.exe
  C:\Windows\System\goxITwx.exe
  2⤵
  PID:7976
- C:\Windows\System\zNsnwen.exe
  C:\Windows\System\zNsnwen.exe
  2⤵
  PID:7992
- C:\Windows\System\pTLjUWL.exe
  C:\Windows\System\pTLjUWL.exe
  2⤵
  PID:8008
- C:\Windows\System\GLwikXC.exe
  C:\Windows\System\GLwikXC.exe
  2⤵
  PID:8028
- C:\Windows\System\wQiIjfd.exe
  C:\Windows\System\wQiIjfd.exe
  2⤵
  PID:8044
- C:\Windows\System\RBeKNUL.exe
  C:\Windows\System\RBeKNUL.exe
  2⤵
  PID:8060
- C:\Windows\System\wjLzQRy.exe
  C:\Windows\System\wjLzQRy.exe
  2⤵
  PID:8076
- C:\Windows\System\BHcmQds.exe
  C:\Windows\System\BHcmQds.exe
  2⤵
  PID:8092
- C:\Windows\System\jwTikXE.exe
  C:\Windows\System\jwTikXE.exe
  2⤵
  PID:8112
- C:\Windows\System\UDLDkjk.exe
  C:\Windows\System\UDLDkjk.exe
  2⤵
  PID:8128
- C:\Windows\System\tgBVjnj.exe
  C:\Windows\System\tgBVjnj.exe
  2⤵
  PID:8144
- C:\Windows\System\NZzBFKz.exe
  C:\Windows\System\NZzBFKz.exe
  2⤵
  PID:8160
- C:\Windows\System\cTCvRhE.exe
  C:\Windows\System\cTCvRhE.exe
  2⤵
  PID:8180
- C:\Windows\System\DGFxSLq.exe
  C:\Windows\System\DGFxSLq.exe
  2⤵
  PID:7188
- C:\Windows\System\RVpfPZu.exe
  C:\Windows\System\RVpfPZu.exe
  2⤵
  PID:7192
- C:\Windows\System\KeezPXX.exe
  C:\Windows\System\KeezPXX.exe
  2⤵
  PID:6880
- C:\Windows\System\rATSpWy.exe
  C:\Windows\System\rATSpWy.exe
  2⤵
  PID:6612
- C:\Windows\System\ONgdbwg.exe
  C:\Windows\System\ONgdbwg.exe
  2⤵
  PID:7132
- C:\Windows\System\peGHHAh.exe
  C:\Windows\System\peGHHAh.exe
  2⤵
  PID:6564
- C:\Windows\System\Iyuemut.exe
  C:\Windows\System\Iyuemut.exe
  2⤵
  PID:7224
- C:\Windows\System\ycISCeQ.exe
  C:\Windows\System\ycISCeQ.exe
  2⤵
  PID:7208
- C:\Windows\System\lBMLzsQ.exe
  C:\Windows\System\lBMLzsQ.exe
  2⤵
  PID:7304
- C:\Windows\System\yarVCiY.exe
  C:\Windows\System\yarVCiY.exe
  2⤵
  PID:7340
- C:\Windows\System\FGDmbit.exe
  C:\Windows\System\FGDmbit.exe
  2⤵
  PID:7400
- C:\Windows\System\dnKnZGi.exe
  C:\Windows\System\dnKnZGi.exe
  2⤵
  PID:7324
- C:\Windows\System\srecqVf.exe
  C:\Windows\System\srecqVf.exe
  2⤵
  PID:7388
- C:\Windows\System\uuveHtQ.exe
  C:\Windows\System\uuveHtQ.exe
  2⤵
  PID:7436
- C:\Windows\System\sOpMpWT.exe
  C:\Windows\System\sOpMpWT.exe
  2⤵
  PID:7464
- C:\Windows\System\fTolxnE.exe
  C:\Windows\System\fTolxnE.exe
  2⤵
  PID:7504
- C:\Windows\System\JUhmYMC.exe
  C:\Windows\System\JUhmYMC.exe
  2⤵
  PID:7488
- C:\Windows\System\vpupWFV.exe
  C:\Windows\System\vpupWFV.exe
  2⤵
  PID:7556
- C:\Windows\System\iFuHbcw.exe
  C:\Windows\System\iFuHbcw.exe
  2⤵
  PID:7572
- C:\Windows\System\LEqJRoh.exe
  C:\Windows\System\LEqJRoh.exe
  2⤵
  PID:7620
- C:\Windows\System\DJRIhfv.exe
  C:\Windows\System\DJRIhfv.exe
  2⤵
  PID:7668
- C:\Windows\System\ZYQmQrA.exe
  C:\Windows\System\ZYQmQrA.exe
  2⤵
  PID:7732
- C:\Windows\System\oEnHfkl.exe
  C:\Windows\System\oEnHfkl.exe
  2⤵
  PID:7796
- C:\Windows\System\YsMAemN.exe
  C:\Windows\System\YsMAemN.exe
  2⤵
  PID:7892
- C:\Windows\System\Wlmkcgh.exe
  C:\Windows\System\Wlmkcgh.exe
  2⤵
  PID:7956
- C:\Windows\System\HnDSuUo.exe
  C:\Windows\System\HnDSuUo.exe
  2⤵
  PID:7652
- C:\Windows\System\PRnHPIf.exe
  C:\Windows\System\PRnHPIf.exe
  2⤵
  PID:7716
- C:\Windows\System\FELftcb.exe
  C:\Windows\System\FELftcb.exe
  2⤵
  PID:7780
- C:\Windows\System\kVxhoAd.exe
  C:\Windows\System\kVxhoAd.exe
  2⤵
  PID:7844
- C:\Windows\System\fhduWap.exe
  C:\Windows\System\fhduWap.exe
  2⤵
  PID:7908
- C:\Windows\System\bUSouKs.exe
  C:\Windows\System\bUSouKs.exe
  2⤵
  PID:7972
- C:\Windows\System\RvlhMrn.exe
  C:\Windows\System\RvlhMrn.exe
  2⤵
  PID:8020
- C:\Windows\System\xbEYvMB.exe
  C:\Windows\System\xbEYvMB.exe
  2⤵
  PID:8068
- C:\Windows\System\xywemhT.exe
  C:\Windows\System\xywemhT.exe
  2⤵
  PID:8108
- C:\Windows\System\PShPjJt.exe
  C:\Windows\System\PShPjJt.exe
  2⤵
  PID:8124
- C:\Windows\System\LQdoLkh.exe
  C:\Windows\System\LQdoLkh.exe
  2⤵
  PID:8152
- C:\Windows\System\HoPFLEC.exe
  C:\Windows\System\HoPFLEC.exe
  2⤵
  PID:6172
- C:\Windows\System\ekXmrxQ.exe
  C:\Windows\System\ekXmrxQ.exe
  2⤵
  PID:6900
- C:\Windows\System\gqwSBEc.exe
  C:\Windows\System\gqwSBEc.exe
  2⤵
  PID:7240
- C:\Windows\System\cgAcsYM.exe
  C:\Windows\System\cgAcsYM.exe
  2⤵
  PID:7204
- C:\Windows\System\BmStDst.exe
  C:\Windows\System\BmStDst.exe
  2⤵
  PID:6652
- C:\Windows\System\WHBmoIh.exe
  C:\Windows\System\WHBmoIh.exe
  2⤵
  PID:7120
- C:\Windows\System\KewjlwM.exe
  C:\Windows\System\KewjlwM.exe
  2⤵
  PID:7292
- C:\Windows\System\aDJVAMi.exe
  C:\Windows\System\aDJVAMi.exe
  2⤵
  PID:7256
- C:\Windows\System\mMXCnjJ.exe
  C:\Windows\System\mMXCnjJ.exe
  2⤵
  PID:7452
- C:\Windows\System\OPcikQB.exe
  C:\Windows\System\OPcikQB.exe
  2⤵
  PID:7432
- C:\Windows\System\fvIxTGc.exe
  C:\Windows\System\fvIxTGc.exe
  2⤵
  PID:7520
- C:\Windows\System\kURMvUn.exe
  C:\Windows\System\kURMvUn.exe
  2⤵
  PID:7856
- C:\Windows\System\xzxuJZD.exe
  C:\Windows\System\xzxuJZD.exe
  2⤵
  PID:7828
- C:\Windows\System\jkLLlCl.exe
  C:\Windows\System\jkLLlCl.exe
  2⤵
  PID:7636
- C:\Windows\System\NLeUkYZ.exe
  C:\Windows\System\NLeUkYZ.exe
  2⤵
  PID:7924
- C:\Windows\System\MlnoTBb.exe
  C:\Windows\System\MlnoTBb.exe
  2⤵
  PID:7988
- C:\Windows\System\bfMDMbL.exe
  C:\Windows\System\bfMDMbL.exe
  2⤵
  PID:7776
- C:\Windows\System\NHVLXnz.exe
  C:\Windows\System\NHVLXnz.exe
  2⤵
  PID:7876
- C:\Windows\System\qQccPYt.exe
  C:\Windows\System\qQccPYt.exe
  2⤵
  PID:8040
- C:\Windows\System\eZbkvKJ.exe
  C:\Windows\System\eZbkvKJ.exe
  2⤵
  PID:7260
- C:\Windows\System\ktthZCA.exe
  C:\Windows\System\ktthZCA.exe
  2⤵
  PID:7220
- C:\Windows\System\HYOjQsb.exe
  C:\Windows\System\HYOjQsb.exe
  2⤵
  PID:7320
- C:\Windows\System\UMUNJbf.exe
  C:\Windows\System\UMUNJbf.exe
  2⤵
  PID:6684
- C:\Windows\System\hxzvrqV.exe
  C:\Windows\System\hxzvrqV.exe
  2⤵
  PID:7792
- C:\Windows\System\WtXiBXq.exe
  C:\Windows\System\WtXiBXq.exe
  2⤵
  PID:6444
- C:\Windows\System\YuOAXDU.exe
  C:\Windows\System\YuOAXDU.exe
  2⤵
  PID:8104
- C:\Windows\System\NApTPvG.exe
  C:\Windows\System\NApTPvG.exe
  2⤵
  PID:8168
- C:\Windows\System\eixVpJP.exe
  C:\Windows\System\eixVpJP.exe
  2⤵
  PID:7420
- C:\Windows\System\NPkQAUU.exe
  C:\Windows\System\NPkQAUU.exe
  2⤵
  PID:7616
- C:\Windows\System\typJPRt.exe
  C:\Windows\System\typJPRt.exe
  2⤵
  PID:7712
- C:\Windows\System\JTDyneE.exe
  C:\Windows\System\JTDyneE.exe
  2⤵
  PID:5888
- C:\Windows\System\CHlhStD.exe
  C:\Windows\System\CHlhStD.exe
  2⤵
  PID:7500
- C:\Windows\System\pkBfAkf.exe
  C:\Windows\System\pkBfAkf.exe
  2⤵
  PID:8056
- C:\Windows\System\BzRNkiu.exe
  C:\Windows\System\BzRNkiu.exe
  2⤵
  PID:8188
- C:\Windows\System\KXqJJkT.exe
  C:\Windows\System\KXqJJkT.exe
  2⤵
  PID:8196
- C:\Windows\System\PmbApXN.exe
  C:\Windows\System\PmbApXN.exe
  2⤵
  PID:8212
- C:\Windows\System\DqgTsPo.exe
  C:\Windows\System\DqgTsPo.exe
  2⤵
  PID:8228
- C:\Windows\System\NWJdYEe.exe
  C:\Windows\System\NWJdYEe.exe
  2⤵
  PID:8248
- C:\Windows\System\JtuQjqa.exe
  C:\Windows\System\JtuQjqa.exe
  2⤵
  PID:8264
- C:\Windows\System\fvjkmqz.exe
  C:\Windows\System\fvjkmqz.exe
  2⤵
  PID:8280
- C:\Windows\System\vtmkntP.exe
  C:\Windows\System\vtmkntP.exe
  2⤵
  PID:8296
- C:\Windows\System\gImJJqI.exe
  C:\Windows\System\gImJJqI.exe
  2⤵
  PID:8312
- C:\Windows\System\uXMdTZh.exe
  C:\Windows\System\uXMdTZh.exe
  2⤵
  PID:8328
- C:\Windows\System\GDSaBRR.exe
  C:\Windows\System\GDSaBRR.exe
  2⤵
  PID:8344
- C:\Windows\System\xzzVagO.exe
  C:\Windows\System\xzzVagO.exe
  2⤵
  PID:8364
- C:\Windows\System\OsUzEcA.exe
  C:\Windows\System\OsUzEcA.exe
  2⤵
  PID:8380
- C:\Windows\System\PZrGfPE.exe
  C:\Windows\System\PZrGfPE.exe
  2⤵
  PID:8396
- C:\Windows\System\VzTYBmL.exe
  C:\Windows\System\VzTYBmL.exe
  2⤵
  PID:8416
- C:\Windows\System\qTwmZar.exe
  C:\Windows\System\qTwmZar.exe
  2⤵
  PID:8432
- C:\Windows\System\KoUQNxM.exe
  C:\Windows\System\KoUQNxM.exe
  2⤵
  PID:8448
- C:\Windows\System\BQImLZT.exe
  C:\Windows\System\BQImLZT.exe
  2⤵
  PID:8464
- C:\Windows\System\nRXtxaR.exe
  C:\Windows\System\nRXtxaR.exe
  2⤵
  PID:8484
- C:\Windows\System\NCFrtRP.exe
  C:\Windows\System\NCFrtRP.exe
  2⤵
  PID:8508
- C:\Windows\System\whpRmkh.exe
  C:\Windows\System\whpRmkh.exe
  2⤵
  PID:8524
- C:\Windows\System\aMbNQEw.exe
  C:\Windows\System\aMbNQEw.exe
  2⤵
  PID:8540
- C:\Windows\System\gTAylxC.exe
  C:\Windows\System\gTAylxC.exe
  2⤵
  PID:8556
- C:\Windows\System\GJKFjPJ.exe
  C:\Windows\System\GJKFjPJ.exe
  2⤵
  PID:8572
- C:\Windows\System\RgigTyf.exe
  C:\Windows\System\RgigTyf.exe
  2⤵
  PID:8588
- C:\Windows\System\dAktbRD.exe
  C:\Windows\System\dAktbRD.exe
  2⤵
  PID:8608
- C:\Windows\System\TTHzBdT.exe
  C:\Windows\System\TTHzBdT.exe
  2⤵
  PID:8624
- C:\Windows\System\ZTshPdC.exe
  C:\Windows\System\ZTshPdC.exe
  2⤵
  PID:8640
- C:\Windows\System\lBsRcVA.exe
  C:\Windows\System\lBsRcVA.exe
  2⤵
  PID:8656
- C:\Windows\System\EaQUqxd.exe
  C:\Windows\System\EaQUqxd.exe
  2⤵
  PID:8672
- C:\Windows\System\AXbxvEm.exe
  C:\Windows\System\AXbxvEm.exe
  2⤵
  PID:8688
- C:\Windows\System\AHGmgsV.exe
  C:\Windows\System\AHGmgsV.exe
  2⤵
  PID:8704
- C:\Windows\System\YBZGCYw.exe
  C:\Windows\System\YBZGCYw.exe
  2⤵
  PID:8720
- C:\Windows\System\yyZqZiY.exe
  C:\Windows\System\yyZqZiY.exe
  2⤵
  PID:8736
- C:\Windows\System\fJVHiNL.exe
  C:\Windows\System\fJVHiNL.exe
  2⤵
  PID:8752
- C:\Windows\System\bEqlVhq.exe
  C:\Windows\System\bEqlVhq.exe
  2⤵
  PID:8768
- C:\Windows\System\wAmJyDb.exe
  C:\Windows\System\wAmJyDb.exe
  2⤵
  PID:8784
- C:\Windows\System\ybLsdLa.exe
  C:\Windows\System\ybLsdLa.exe
  2⤵
  PID:8800
- C:\Windows\System\VtIHKMZ.exe
  C:\Windows\System\VtIHKMZ.exe
  2⤵
  PID:8816
- C:\Windows\System\VEDWNTD.exe
  C:\Windows\System\VEDWNTD.exe
  2⤵
  PID:8832
- C:\Windows\System\LnnVufe.exe
  C:\Windows\System\LnnVufe.exe
  2⤵
  PID:8848
- C:\Windows\System\AgKwtDP.exe
  C:\Windows\System\AgKwtDP.exe
  2⤵
  PID:8864
- C:\Windows\System\yqbZbZN.exe
  C:\Windows\System\yqbZbZN.exe
  2⤵
  PID:8884
- C:\Windows\System\aSJnKqq.exe
  C:\Windows\System\aSJnKqq.exe
  2⤵
  PID:8900
- C:\Windows\System\fhVFQwW.exe
  C:\Windows\System\fhVFQwW.exe
  2⤵
  PID:8916
- C:\Windows\System\HuGUTrk.exe
  C:\Windows\System\HuGUTrk.exe
  2⤵
  PID:8932
- C:\Windows\System\lkjFPgB.exe
  C:\Windows\System\lkjFPgB.exe
  2⤵
  PID:8948
- C:\Windows\System\JJWlMjc.exe
  C:\Windows\System\JJWlMjc.exe
  2⤵
  PID:8964
- C:\Windows\System\VnzffBO.exe
  C:\Windows\System\VnzffBO.exe
  2⤵
  PID:8980
- C:\Windows\System\QuHMuhR.exe
  C:\Windows\System\QuHMuhR.exe
  2⤵
  PID:8996
- C:\Windows\System\eAcvdjf.exe
  C:\Windows\System\eAcvdjf.exe
  2⤵
  PID:9012
- C:\Windows\System\egHTWJr.exe
  C:\Windows\System\egHTWJr.exe
  2⤵
  PID:9028
- C:\Windows\System\WGEUTkp.exe
  C:\Windows\System\WGEUTkp.exe
  2⤵
  PID:9044
- C:\Windows\System\mUUXqNB.exe
  C:\Windows\System\mUUXqNB.exe
  2⤵
  PID:9060
- C:\Windows\System\FnVTkCa.exe
  C:\Windows\System\FnVTkCa.exe
  2⤵
  PID:9076
- C:\Windows\System\onVSphs.exe
  C:\Windows\System\onVSphs.exe
  2⤵
  PID:9092
- C:\Windows\System\ZDDaJxH.exe
  C:\Windows\System\ZDDaJxH.exe
  2⤵
  PID:9148
- C:\Windows\System\OYKngQm.exe
  C:\Windows\System\OYKngQm.exe
  2⤵
  PID:9164
- C:\Windows\System\fAzvTyQ.exe
  C:\Windows\System\fAzvTyQ.exe
  2⤵
  PID:9180
- C:\Windows\System\mvuTTWQ.exe
  C:\Windows\System\mvuTTWQ.exe
  2⤵
  PID:9200
- C:\Windows\System\mwHdjAo.exe
  C:\Windows\System\mwHdjAo.exe
  2⤵
  PID:8088
- C:\Windows\System\jncBEmw.exe
  C:\Windows\System\jncBEmw.exe
  2⤵
  PID:7764
- C:\Windows\System\tGWQWtg.exe
  C:\Windows\System\tGWQWtg.exe
  2⤵
  PID:6156
- C:\Windows\System\knXTINK.exe
  C:\Windows\System\knXTINK.exe
  2⤵
  PID:7484
- C:\Windows\System\dLdXOxt.exe
  C:\Windows\System\dLdXOxt.exe
  2⤵
  PID:8208
- C:\Windows\System\dlQmLhJ.exe
  C:\Windows\System\dlQmLhJ.exe
  2⤵
  PID:8240
- C:\Windows\System\gWWtNBA.exe
  C:\Windows\System\gWWtNBA.exe
  2⤵
  PID:8352
- C:\Windows\System\BIkeear.exe
  C:\Windows\System\BIkeear.exe
  2⤵
  PID:8392
- C:\Windows\System\RsRTWoU.exe
  C:\Windows\System\RsRTWoU.exe
  2⤵
  PID:8460
- C:\Windows\System\EXptESF.exe
  C:\Windows\System\EXptESF.exe
  2⤵
  PID:8412
- C:\Windows\System\WrzTRyg.exe
  C:\Windows\System\WrzTRyg.exe
  2⤵
  PID:8304
- C:\Windows\System\PfvVnIb.exe
  C:\Windows\System\PfvVnIb.exe
  2⤵
  PID:8340
- C:\Windows\System\gUsoTUH.exe
  C:\Windows\System\gUsoTUH.exe
  2⤵
  PID:8440
- C:\Windows\System\ZgWHxnA.exe
  C:\Windows\System\ZgWHxnA.exe
  2⤵
  PID:8504
- C:\Windows\System\cnnLuEj.exe
  C:\Windows\System\cnnLuEj.exe
  2⤵
  PID:8568
- C:\Windows\System\klKURxE.exe
  C:\Windows\System\klKURxE.exe
  2⤵
  PID:8584
- C:\Windows\System\fwLiBhX.exe
  C:\Windows\System\fwLiBhX.exe
  2⤵
  PID:8604
- C:\Windows\System\HvpIEjP.exe
  C:\Windows\System\HvpIEjP.exe
  2⤵
  PID:8664
- C:\Windows\System\xVnQQnl.exe
  C:\Windows\System\xVnQQnl.exe
  2⤵
  PID:8728
- C:\Windows\System\GKBfYzM.exe
  C:\Windows\System\GKBfYzM.exe
  2⤵
  PID:8792
- C:\Windows\System\zjgyMzB.exe
  C:\Windows\System\zjgyMzB.exe
  2⤵
  PID:8616
- C:\Windows\System\TgoOHIt.exe
  C:\Windows\System\TgoOHIt.exe
  2⤵
  PID:8648
- C:\Windows\System\tQxKCXa.exe
  C:\Windows\System\tQxKCXa.exe
  2⤵
  PID:8780
- C:\Windows\System\bvIZijX.exe
  C:\Windows\System\bvIZijX.exe
  2⤵
  PID:8748
- C:\Windows\System\qgOJIyD.exe
  C:\Windows\System\qgOJIyD.exe
  2⤵
  PID:8840
- C:\Windows\System\TpbHmQS.exe
  C:\Windows\System\TpbHmQS.exe
  2⤵
  PID:8896
- C:\Windows\System\dHLOwFK.exe
  C:\Windows\System\dHLOwFK.exe
  2⤵
  PID:8960
- C:\Windows\System\Fmxqxxp.exe
  C:\Windows\System\Fmxqxxp.exe
  2⤵
  PID:9024
- C:\Windows\System\mrXaJGL.exe
  C:\Windows\System\mrXaJGL.exe
  2⤵
  PID:9040
- C:\Windows\System\ooYzcvD.exe
  C:\Windows\System\ooYzcvD.exe
  2⤵
  PID:9004
- C:\Windows\System\vmCZjYN.exe
  C:\Windows\System\vmCZjYN.exe
  2⤵
  PID:9100
- C:\Windows\System\ryRCtfF.exe
  C:\Windows\System\ryRCtfF.exe
  2⤵
  PID:9088
- C:\Windows\System\npTCdjl.exe
  C:\Windows\System\npTCdjl.exe
  2⤵
  PID:9192
- C:\Windows\System\TKYcBaw.exe
  C:\Windows\System\TKYcBaw.exe
  2⤵
  PID:9112
- C:\Windows\System\lrCXjKj.exe
  C:\Windows\System\lrCXjKj.exe
  2⤵
  PID:9128
- C:\Windows\System\ufnVAHF.exe
  C:\Windows\System\ufnVAHF.exe
  2⤵
  PID:9172
- C:\Windows\System\oYfxnHK.exe
  C:\Windows\System\oYfxnHK.exe
  2⤵
  PID:8220
- C:\Windows\System\GSgghaE.exe
  C:\Windows\System\GSgghaE.exe
  2⤵
  PID:8256
- C:\Windows\System\hBaWIPR.exe
  C:\Windows\System\hBaWIPR.exe
  2⤵
  PID:6500
- C:\Windows\System\IotEkPe.exe
  C:\Windows\System\IotEkPe.exe
  2⤵
  PID:8292
- C:\Windows\System\mVpaUUt.exe
  C:\Windows\System\mVpaUUt.exe
  2⤵
  PID:8456
- C:\Windows\System\YWKNOhK.exe
  C:\Windows\System\YWKNOhK.exe
  2⤵
  PID:8476
- C:\Windows\System\kbhnPrE.exe
  C:\Windows\System\kbhnPrE.exe
  2⤵
  PID:8552
- C:\Windows\System\WlGpDhl.exe
  C:\Windows\System\WlGpDhl.exe
  2⤵
  PID:8408
- C:\Windows\System\bQtAxTS.exe
  C:\Windows\System\bQtAxTS.exe
  2⤵
  PID:8496
- C:\Windows\System\CFThOCS.exe
  C:\Windows\System\CFThOCS.exe
  2⤵
  PID:8636
- C:\Windows\System\wiUaJKV.exe
  C:\Windows\System\wiUaJKV.exe
  2⤵
  PID:8828
- C:\Windows\System\ifCMUaM.exe
  C:\Windows\System\ifCMUaM.exe
  2⤵
  PID:8860
- C:\Windows\System\sMtZXJP.exe
  C:\Windows\System\sMtZXJP.exe
  2⤵
  PID:8744
- C:\Windows\System\loNBnaR.exe
  C:\Windows\System\loNBnaR.exe
  2⤵
  PID:8812
- C:\Windows\System\vXpEpur.exe
  C:\Windows\System\vXpEpur.exe
  2⤵
  PID:8992
- C:\Windows\System\jMNcLGw.exe
  C:\Windows\System\jMNcLGw.exe
  2⤵
  PID:8976
- C:\Windows\System\jkJDUnW.exe
  C:\Windows\System\jkJDUnW.exe
  2⤵
  PID:9108
- C:\Windows\System\XNTlPfy.exe
  C:\Windows\System\XNTlPfy.exe
  2⤵
  PID:9036
- C:\Windows\System\eLomgsw.exe
  C:\Windows\System\eLomgsw.exe
  2⤵
  PID:9160
- C:\Windows\System\QaKBEpU.exe
  C:\Windows\System\QaKBEpU.exe
  2⤵
  PID:9212
- C:\Windows\System\vNbwRku.exe
  C:\Windows\System\vNbwRku.exe
  2⤵
  PID:8324
- C:\Windows\System\wHIlRIU.exe
  C:\Windows\System\wHIlRIU.exe
  2⤵
  PID:8120
- C:\Windows\System\ONJEJOg.exe
  C:\Windows\System\ONJEJOg.exe
  2⤵
  PID:8376
- C:\Windows\System\IWpAhSK.exe
  C:\Windows\System\IWpAhSK.exe
  2⤵
  PID:8764
- C:\Windows\System\eDRorjr.exe
  C:\Windows\System\eDRorjr.exe
  2⤵
  PID:8472
- C:\Windows\System\sYhxPmC.exe
  C:\Windows\System\sYhxPmC.exe
  2⤵
  PID:8700
- C:\Windows\System\XEKdlTP.exe
  C:\Windows\System\XEKdlTP.exe
  2⤵
  PID:9072
- C:\Windows\System\XcZmnwW.exe
  C:\Windows\System\XcZmnwW.exe
  2⤵
  PID:9144
- C:\Windows\System\IqHvKCr.exe
  C:\Windows\System\IqHvKCr.exe
  2⤵
  PID:8876
- C:\Windows\System\AWivOzW.exe
  C:\Windows\System\AWivOzW.exe
  2⤵
  PID:9120
- C:\Windows\System\xDkmqZV.exe
  C:\Windows\System\xDkmqZV.exe
  2⤵
  PID:8276
- C:\Windows\System\ZDPdEOl.exe
  C:\Windows\System\ZDPdEOl.exe
  2⤵
  PID:7968
- C:\Windows\System\nVBQdVW.exe
  C:\Windows\System\nVBQdVW.exe
  2⤵
  PID:7684
- C:\Windows\System\hcchYxf.exe
  C:\Windows\System\hcchYxf.exe
  2⤵
  PID:8824
- C:\Windows\System\zNBKujc.exe
  C:\Windows\System\zNBKujc.exe
  2⤵
  PID:8908
- C:\Windows\System\luftmeD.exe
  C:\Windows\System\luftmeD.exe
  2⤵
  PID:8632
- C:\Windows\System\PFqzHbH.exe
  C:\Windows\System\PFqzHbH.exe
  2⤵
  PID:9220
- C:\Windows\System\CbUmBwS.exe
  C:\Windows\System\CbUmBwS.exe
  2⤵
  PID:9240
- C:\Windows\System\fnVPbIF.exe
  C:\Windows\System\fnVPbIF.exe
  2⤵
  PID:9260
- C:\Windows\System\ZWzEWND.exe
  C:\Windows\System\ZWzEWND.exe
  2⤵
  PID:9276
- C:\Windows\System\XneDvSP.exe
  C:\Windows\System\XneDvSP.exe
  2⤵
  PID:9292
- C:\Windows\System\qVFLJAz.exe
  C:\Windows\System\qVFLJAz.exe
  2⤵
  PID:9308
- C:\Windows\System\xVtYUsU.exe
  C:\Windows\System\xVtYUsU.exe
  2⤵
  PID:9324
- C:\Windows\System\meovReB.exe
  C:\Windows\System\meovReB.exe
  2⤵
  PID:9340
- C:\Windows\System\MNAPmtC.exe
  C:\Windows\System\MNAPmtC.exe
  2⤵
  PID:9356
- C:\Windows\System\uwWKKrf.exe
  C:\Windows\System\uwWKKrf.exe
  2⤵
  PID:9372
- C:\Windows\System\KVEyiyj.exe
  C:\Windows\System\KVEyiyj.exe
  2⤵
  PID:9388
- C:\Windows\System\nRDtbHA.exe
  C:\Windows\System\nRDtbHA.exe
  2⤵
  PID:9404
- C:\Windows\System\QsYnzWl.exe
  C:\Windows\System\QsYnzWl.exe
  2⤵
  PID:9420
- C:\Windows\System\uRdISmn.exe
  C:\Windows\System\uRdISmn.exe
  2⤵
  PID:9436
- C:\Windows\System\WxMHvlp.exe
  C:\Windows\System\WxMHvlp.exe
  2⤵
  PID:9452
- C:\Windows\System\oanXVBh.exe
  C:\Windows\System\oanXVBh.exe
  2⤵
  PID:9468
- C:\Windows\System\CforWSM.exe
  C:\Windows\System\CforWSM.exe
  2⤵
  PID:9484
- C:\Windows\System\UpXZRWP.exe
  C:\Windows\System\UpXZRWP.exe
  2⤵
  PID:9500
- C:\Windows\System\KssYfsN.exe
  C:\Windows\System\KssYfsN.exe
  2⤵
  PID:9516
- C:\Windows\System\iTSsdhl.exe
  C:\Windows\System\iTSsdhl.exe
  2⤵
  PID:9532
- C:\Windows\System\uLEPsOx.exe
  C:\Windows\System\uLEPsOx.exe
  2⤵
  PID:9548
- C:\Windows\System\txywzHX.exe
  C:\Windows\System\txywzHX.exe
  2⤵
  PID:9564
- C:\Windows\System\brIPmIO.exe
  C:\Windows\System\brIPmIO.exe
  2⤵
  PID:9580
- C:\Windows\System\xDGLHNi.exe
  C:\Windows\System\xDGLHNi.exe
  2⤵
  PID:9600
- C:\Windows\System\aqIctYe.exe
  C:\Windows\System\aqIctYe.exe
  2⤵
  PID:9616
- C:\Windows\System\STDwdHJ.exe
  C:\Windows\System\STDwdHJ.exe
  2⤵
  PID:9632
- C:\Windows\System\IIoUKXU.exe
  C:\Windows\System\IIoUKXU.exe
  2⤵
  PID:9648
- C:\Windows\System\FPGGLdc.exe
  C:\Windows\System\FPGGLdc.exe
  2⤵
  PID:9664
- C:\Windows\System\oydcdXy.exe
  C:\Windows\System\oydcdXy.exe
  2⤵
  PID:9680
- C:\Windows\System\aXVLLRF.exe
  C:\Windows\System\aXVLLRF.exe
  2⤵
  PID:9696
- C:\Windows\System\CPPNoVR.exe
  C:\Windows\System\CPPNoVR.exe
  2⤵
  PID:9712
- C:\Windows\System\IDBHolP.exe
  C:\Windows\System\IDBHolP.exe
  2⤵
  PID:9728
- C:\Windows\System\ycSIYhI.exe
  C:\Windows\System\ycSIYhI.exe
  2⤵
  PID:9744
- C:\Windows\System\KMGKRZE.exe
  C:\Windows\System\KMGKRZE.exe
  2⤵
  PID:9760
- C:\Windows\System\lOnoTkv.exe
  C:\Windows\System\lOnoTkv.exe
  2⤵
  PID:9776
- C:\Windows\System\siXdvOT.exe
  C:\Windows\System\siXdvOT.exe
  2⤵
  PID:9792
- C:\Windows\System\SNLmBsL.exe
  C:\Windows\System\SNLmBsL.exe
  2⤵
  PID:9808
- C:\Windows\System\BXlwykt.exe
  C:\Windows\System\BXlwykt.exe
  2⤵
  PID:9824
- C:\Windows\System\AOOeXgn.exe
  C:\Windows\System\AOOeXgn.exe
  2⤵
  PID:9840
- C:\Windows\System\KHmpjoo.exe
  C:\Windows\System\KHmpjoo.exe
  2⤵
  PID:9856
- C:\Windows\System\TbIDlko.exe
  C:\Windows\System\TbIDlko.exe
  2⤵
  PID:9880
- C:\Windows\System\KcxtHDF.exe
  C:\Windows\System\KcxtHDF.exe
  2⤵
  PID:9952
- C:\Windows\System\mvaxPqB.exe
  C:\Windows\System\mvaxPqB.exe
  2⤵
  PID:9968
- C:\Windows\System\jMHRsfQ.exe
  C:\Windows\System\jMHRsfQ.exe
  2⤵
  PID:9984
- C:\Windows\System\BJbiSad.exe
  C:\Windows\System\BJbiSad.exe
  2⤵
  PID:10004
- C:\Windows\System\GMKnrBO.exe
  C:\Windows\System\GMKnrBO.exe
  2⤵
  PID:10020
- C:\Windows\System\pXVccBm.exe
  C:\Windows\System\pXVccBm.exe
  2⤵
  PID:10036
- C:\Windows\System\pLpLgqL.exe
  C:\Windows\System\pLpLgqL.exe
  2⤵
  PID:10052
- C:\Windows\System\VkZIqaQ.exe
  C:\Windows\System\VkZIqaQ.exe
  2⤵
  PID:10068
- C:\Windows\System\AoALYwy.exe
  C:\Windows\System\AoALYwy.exe
  2⤵
  PID:10084
- C:\Windows\System\kEPiBMN.exe
  C:\Windows\System\kEPiBMN.exe
  2⤵
  PID:10100
- C:\Windows\System\BBMTLJk.exe
  C:\Windows\System\BBMTLJk.exe
  2⤵
  PID:10116
- C:\Windows\System\uFaRHmr.exe
  C:\Windows\System\uFaRHmr.exe
  2⤵
  PID:10132
- C:\Windows\System\jCWQyAm.exe
  C:\Windows\System\jCWQyAm.exe
  2⤵
  PID:10148
- C:\Windows\System\vvxidVZ.exe
  C:\Windows\System\vvxidVZ.exe
  2⤵
  PID:10164
- C:\Windows\System\mVTlFXi.exe
  C:\Windows\System\mVTlFXi.exe
  2⤵
  PID:10180
- C:\Windows\System\gtNGcSq.exe
  C:\Windows\System\gtNGcSq.exe
  2⤵
  PID:10196
- C:\Windows\System\trnZpBy.exe
  C:\Windows\System\trnZpBy.exe
  2⤵
  PID:10212
- C:\Windows\System\DbFNQLS.exe
  C:\Windows\System\DbFNQLS.exe
  2⤵
  PID:10228
- C:\Windows\System\jcdoKtN.exe
  C:\Windows\System\jcdoKtN.exe
  2⤵
  PID:7604
- C:\Windows\System\kaeBilt.exe
  C:\Windows\System\kaeBilt.exe
  2⤵
  PID:8520
- C:\Windows\System\WEqdkTZ.exe
  C:\Windows\System\WEqdkTZ.exe
  2⤵
  PID:9228
- C:\Windows\System\GXICJmP.exe
  C:\Windows\System\GXICJmP.exe
  2⤵
  PID:9256
- C:\Windows\System\USXcyrC.exe
  C:\Windows\System\USXcyrC.exe
  2⤵
  PID:9304
- C:\Windows\System\pAbYXxJ.exe
  C:\Windows\System\pAbYXxJ.exe
  2⤵
  PID:9368
- C:\Windows\System\fWTystN.exe
  C:\Windows\System\fWTystN.exe
  2⤵
  PID:9432
- C:\Windows\System\AwNxhRr.exe
  C:\Windows\System\AwNxhRr.exe
  2⤵
  PID:9496
- C:\Windows\System\rdplwtM.exe
  C:\Windows\System\rdplwtM.exe
  2⤵
  PID:9560
- C:\Windows\System\KdkdUNy.exe
  C:\Windows\System\KdkdUNy.exe
  2⤵
  PID:9316
- C:\Windows\System\PUTptTy.exe
  C:\Windows\System\PUTptTy.exe
  2⤵
  PID:9348
- C:\Windows\System\BFncHgb.exe
  C:\Windows\System\BFncHgb.exe
  2⤵
  PID:9412
- C:\Windows\System\HhbRjsI.exe
  C:\Windows\System\HhbRjsI.exe
  2⤵
  PID:9476
- C:\Windows\System\rGEyVEe.exe
  C:\Windows\System\rGEyVEe.exe
  2⤵
  PID:9544
- C:\Windows\System\oMUkCTK.exe
  C:\Windows\System\oMUkCTK.exe
  2⤵
  PID:9612
- C:\Windows\System\DpPFLbZ.exe
  C:\Windows\System\DpPFLbZ.exe
  2⤵
  PID:9608
- C:\Windows\System\tZApMul.exe
  C:\Windows\System\tZApMul.exe
  2⤵
  PID:9628
- C:\Windows\System\vwkYcRS.exe
  C:\Windows\System\vwkYcRS.exe
  2⤵
  PID:9768
- C:\Windows\System\vTlLovW.exe
  C:\Windows\System\vTlLovW.exe
  2⤵
  PID:9656
- C:\Windows\System\blPrNvf.exe
  C:\Windows\System\blPrNvf.exe
  2⤵
  PID:9756
- C:\Windows\System\tIGJVsG.exe
  C:\Windows\System\tIGJVsG.exe
  2⤵
  PID:9820
- C:\Windows\System\SahbrWe.exe
  C:\Windows\System\SahbrWe.exe
  2⤵
  PID:9772
- C:\Windows\System\cQXTtUZ.exe
  C:\Windows\System\cQXTtUZ.exe
  2⤵
  PID:9864
- C:\Windows\System\dNnvgBI.exe
  C:\Windows\System\dNnvgBI.exe
  2⤵
  PID:9892
- C:\Windows\System\HgKkFLC.exe
  C:\Windows\System\HgKkFLC.exe
  2⤵
  PID:9900
- C:\Windows\System\CHuIwTZ.exe
  C:\Windows\System\CHuIwTZ.exe
  2⤵
  PID:9920
- C:\Windows\System\HyKKeaT.exe
  C:\Windows\System\HyKKeaT.exe
  2⤵
  PID:9948
- C:\Windows\System\uIbUjIY.exe
  C:\Windows\System\uIbUjIY.exe
  2⤵
  PID:9964
- C:\Windows\System\ifqTzke.exe
  C:\Windows\System\ifqTzke.exe
  2⤵
  PID:9996
- C:\Windows\System\yAYdhnU.exe
  C:\Windows\System\yAYdhnU.exe
  2⤵
  PID:10060
- C:\Windows\System\sLvMjht.exe
  C:\Windows\System\sLvMjht.exe
  2⤵
  PID:10016
- C:\Windows\System\YVIVEip.exe
  C:\Windows\System\YVIVEip.exe
  2⤵
  PID:10080
- C:\Windows\System\CZAwhNA.exe
  C:\Windows\System\CZAwhNA.exe
  2⤵
  PID:10096
- C:\Windows\System\jGfDgXI.exe
  C:\Windows\System\jGfDgXI.exe
  2⤵
  PID:10188
- C:\Windows\System\kpwcxiZ.exe
  C:\Windows\System\kpwcxiZ.exe
  2⤵
  PID:10220
- C:\Windows\System\aoADRMb.exe
  C:\Windows\System\aoADRMb.exe
  2⤵
  PID:10208
- C:\Windows\System\rgVBpQT.exe
  C:\Windows\System\rgVBpQT.exe
  2⤵
  PID:8892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EcFCXBZ.exe

Filesize
5.2MB

MD5
0dca28dda9ed6de55cf969baec781905

SHA1
6afe5798487dfe73b3db77771402a1cb2fe8e5cd

SHA256
afabc681359310d1af657309b805f76057791a7f04d6b6a2d6e10ad6c3432840

SHA512
c126ec9b8ae9e495f776116c29e97b917a6302bcef597235211f26a19764c1eedee46764bd5a52c9e60f0741b7a7c61db9c0bf8d499438b4adc1cdb84223dbbc

Download Submit
C:\Windows\system\HRAnhpS.exe

Filesize
5.2MB

MD5
d8615129d76f6a7f2520c546fca30a2c

SHA1
438dcecf062a57c30b9d26828286b1f69f92f3fe

SHA256
56047de2e5d6e958c120e8caa005d372b76ba782adfa64c8c24faa6d1203ec08

SHA512
30d85c1642d02947c39280f54060f41b16c6981ed54f7d1042b9b82112a48dadfa3330ed8b282df1af8312ae34881d4a5342e9134e7ac4ae657f71cb222a7a93

Download Submit
C:\Windows\system\IQTXQeX.exe

Filesize
5.2MB

MD5
78e010698281cdcb74547af731d9ec67

SHA1
2c4d939be07abd592474fc9a4567ade2e68cc3a2

SHA256
c42d4e4b91080a9ed95d437daa531f34fe752edb0a773d5f617f267c66042beb

SHA512
005b31a4e3e850a6637f9270eb77da0dc7333f5c0885a2a885f9186c4b0f546280b662ac34c0fa35eb7e1239e284c55165d23ef7dd23efbf4c9d29a18433f728

Download Submit
C:\Windows\system\JgIfVsV.exe

Filesize
5.2MB

MD5
c83a92ccd5fc806b622cac8a5b80183f

SHA1
d09fa87645a86c0733f609f8a44f682b95d22ec8

SHA256
cd5a62682d08d16d9b130cc380dc679767bb2edeba517cd719d9749ad4f2ca26

SHA512
3a714ab2f6d8c96c9f1c488b17408f54696492c2a218b08d571721081030ec3c0139980e203380a7be76112378550b0c561d019a2bdde0cbcdea8e2276aa2233

Download Submit
C:\Windows\system\LrRbAnB.exe

Filesize
5.2MB

MD5
dc9eb37d48bc9096ddaa92810f49924b

SHA1
f002ac6d58ab31b7725d195687ccbd2b226a27e8

SHA256
166ec702884e02e4f93fbcc38710fac6a1bf08846e908fbcaa488da522eb66e9

SHA512
be81ac68d69884650b2c3426948cf29eac4c02a07f92029dd843d25fa9169034e474d04b7087f2dcd60bd5748c244fae9f5d3ca8295a6253cc79d2913436243f

Download Submit
C:\Windows\system\OCUDvCA.exe

Filesize
5.2MB

MD5
89d70b30f8a9153e93252f47296ee733

SHA1
ef82e5bbb4495fb161c15b3b4013a71113a4e180

SHA256
2f025b19502fd0e766d3ab27c708f28aa118c90bb8cb9ef2f06ecfaa3234acac

SHA512
75970761fe019e50229d6dfe753f5cb8463318a09dc1f28d22eb02116c774e9d5984a80db42a640e23cc2fb493b1766418dc64ef67f6ec8feee3783d00d51520

Download Submit
C:\Windows\system\PPlCqwC.exe

Filesize
5.2MB

MD5
52cfd2a86453e7026e548b4aeb079ce3

SHA1
d9d54e7b8f35d09d0857b260d24748d9d26e56fd

SHA256
f96439b841061c6ab8503c9defad44dad8433749acd14e29d44899f8b8bcbdef

SHA512
8a965d25685596625f0f7664707a554f66a6e2e8d23b4782dd375073fb1db2181ebe0d29401e831ca9ae6947aa107eb2f285896e03ab44c5cbc4f4ba3a81d670

Download Submit
C:\Windows\system\RAwZovy.exe

Filesize
5.2MB

MD5
74399f46b7bd8f86821401fd3abdabc0

SHA1
0fe6a61dec39ab81f6b39600bd4f28984df93433

SHA256
78155750dd40965c18e9e0f058dc88cb9284ec730e91e6f622e5d6e2dc345370

SHA512
1dbf22b388d90daae541129fbd088b5a1767f2d2dc18f26899ac4e060bcbcbf57e266cb25766cb656a1b263a94e1db4d77bbf832736551198e6923c826811a12

Download Submit
C:\Windows\system\ScUmjHi.exe

Filesize
5.2MB

MD5
edcee0970d850a3d06ae5214fe1bbfaf

SHA1
a274e126e1025dadf43ac571d233adc37d367bdf

SHA256
ea0cb1879a8d9e18b8d79cfdee0f36a419794d573b53e2142948c2a1a926834d

SHA512
58eeda4b7203007ba220fac6e64a43a047f5d32983d9dd33d17357bd487bcb679092c4aec36dc04db5c79758b2ad34eaa4e9029e937cd4aa845aab6d95df7830

Download Submit
C:\Windows\system\WkZxaYe.exe

Filesize
5.2MB

MD5
2b2b0ff2d156daae95cf3c020b8647f9

SHA1
0dcdd1eff5aa2d1eb347353160c891d4c4293989

SHA256
5170793cc3e8ddd9567a597285df3103ac583913439520135782b3229e6f6fe7

SHA512
198f3075f236dd01b85588eb1bb9adca293a775cd5a7d875d919aac8ba993c2674f82b8e5be1c55853bc5194f6bcebc973c13ff531b023e7d3a0cff052acbf57

Download Submit
C:\Windows\system\ZMxynug.exe

Filesize
5.2MB

MD5
46b7bc50bfc0bdec001dab6a43f9166a

SHA1
4245d60be1fa0153f4b78138b06a5c9fe901694b

SHA256
ac494ed39bd93dc9879ab92f42d398759e9956560c719a06f084c664fb8b6773

SHA512
c5b67ed67177dc7e125b7294a2ee90b75d937614cdad643ada9ee609eccae720317763895ca7543fa4569ef435cfce18679bcd6d3ba27e3d0856d49b4ed196bf

Download Submit
C:\Windows\system\aOpzhpC.exe

Filesize
5.2MB

MD5
8d8273ea98b7b1e5399d09ad54b0fb66

SHA1
37015b365a3fb074396a0f9318a6202645c139c5

SHA256
d064dcb19c8e77f2e98c6cf7d1f6e0ac431803f10007531956937a60fa9e8fe1

SHA512
c05dbf94e3b1d2fedc9c6e87d12d7aebdfd9dca554001758a2bd3420de9460ca45bd7e020e3d1b0de996af349371d1c1b1bbaac615e43eae1af338f04a8dc67e

Download Submit
C:\Windows\system\aTJCBEM.exe

Filesize
5.2MB

MD5
a7a176feab4ea619b3031606fbe1b189

SHA1
6cec9e1865a1f98753875a3e07e2b8a6d918fedd

SHA256
249426ac0b798ddd32ecaa9c86054dc62055e4ac7b7914ff0f5960b26b05a8ea

SHA512
02dd303b3e5447f5af857f54acfd6a7e6ace3b33d9638650c3486a9c748208f0740060eb0aa7f9e05a8601bb09c1ac4c0f0298d6c2bb9da49ae0e518396fae06

Download Submit
C:\Windows\system\cQadezb.exe

Filesize
5.2MB

MD5
9aac08a8423e7e55c8750dfcaadf2bf1

SHA1
0c79753b261cfcaa317fdbed201732e23ad6bf1c

SHA256
a4dca1adb00a212ea04035b9bb201c9a4c87380bd5b8898ca39ed3d23fadaaf8

SHA512
ed7a07b86668773a00b02b04c2d0af42b7c83e077a14cf5263d14784149f054da00da7adc9a9c42985edd15cf03b417c38f3e73fabe417225a8598cc951e359a

Download Submit
C:\Windows\system\cftDPsP.exe

Filesize
5.2MB

MD5
4b1667d748920342a0e5d231c206bb97

SHA1
6df1e917e05df79df2631f6227a0619dac44f866

SHA256
89cbca84545322041a8e0fb127ca771bc0fb1b8a229efdeeeaee6decb3cbade0

SHA512
d90e6ccac38bcc21cc0b27f0c0d685f118df13ad64aa1cfc7703414c344eadd61976648a33e5fbe9cd2720bf0fdba23d2faf2d3c7bc6f04e5c7e5b50faebc595

Download Submit
C:\Windows\system\dDBdXjA.exe

Filesize
5.2MB

MD5
311d9a006a6f51bb539302f452b90457

SHA1
dc9712bdce810feb5eb45058e81af26f7933b082

SHA256
4cb2d5263ad535e29f23a414f93e326d7c011b445360a6835e24a00a41cda40a

SHA512
3542a5fbaffee957a2d330067fb1f7867374f42f3e0d0a8cc1b2259f5a32ea5d972701a5536d11643dbd27cafae152c609aa2d91082caa6f3e153f386a24c634

Download Submit
C:\Windows\system\egAWElB.exe

Filesize
5.2MB

MD5
9f02dfb1fd74eb3013599d65104ffd5a

SHA1
6b7d67883bd3da28fba404937b4e18d4ea6537c2

SHA256
83212201f958f56c426ad40a0c35534af5cbb0f791a8b2b38cb4537b16952bf3

SHA512
6c97245eca384d41b1559c77e4baec417f006fb60e97c43fa890d64dd1140850a8e0e07c28ad15ea6a96b49f043f29aa24fbb9c22f0ecdbcf88b968ab480a849

Download Submit
C:\Windows\system\egqWbvC.exe

Filesize
5.2MB

MD5
b81f7e458508f9490213b653f1134c6e

SHA1
87b6fda59b00fa8ac6f0e5d31fa503d5a487d681

SHA256
159d73df1ba3eff75a543c6de94e5a8722579acaea8dccc4e59b80bb1fb65fb9

SHA512
81d0f8f7d0a393d75686b7ee58919e5822a32c78a0d3b5f1379eedf8266880fd9e888fdc3b0186267e3c0469ea032ca04306a7e5472761120a035087baacb097

Download Submit
C:\Windows\system\fbiyMJy.exe

Filesize
5.2MB

MD5
4b0f8ec96b9bead19fa0ac0a188966be

SHA1
dbba1bcf20d4bb5655a30265619c1d69952c5223

SHA256
d7a581d27d6bca1b3bf4069e7fbb19e2038145fe2b4347db219d8a413a295af6

SHA512
ad13139006968e8f5e19e4cce8b90f492171d572a33df94acd6a9ca25283c95d2a8214d8e3165c37c8ed7bb173f7fff9ac1f9676bbb697f25b14b534a32441e7

Download Submit
C:\Windows\system\gjZJhvF.exe

Filesize
5.2MB

MD5
e6b6b35e2f191968bd671273524e75c4

SHA1
4ae69cc7b0dc782ac6204a3c20de81fdbc8e5d83

SHA256
50d2311808a85f3a2b61b622ac004bf480a4ae09683d7f7610f2dc779050c171

SHA512
59b2cb3eaea180ac7ec1594ddc0a26c1d53345a69836a61e5f1a9c17a48757a79f87ee4d59ee997d196210868eb932350deede1ae6db030cdd42f0c107598cf7

Download Submit
C:\Windows\system\jQQOyjR.exe

Filesize
5.2MB

MD5
23f37c00866465dadaabe2a6d62bb6d3

SHA1
e2583104b5771c8ec5ac4da713ab6f5b7f73d25d

SHA256
73128416c8e96c030a154ef808b1685af7c7f8c2d981e6e07ac3b91a90991673

SHA512
43605fc61432f19b723cabf3e9afd988549d8743cbcaf778d9b2e08572f0b1d1a72569230f2870486a3c922685a049f526d7516bb836cf55f295fa1a7f7158fc

Download Submit
C:\Windows\system\oOwcHzR.exe

Filesize
5.2MB

MD5
bdc34c7bfcabeafde05a9188e1aa35c0

SHA1
6abe5458f3aa55dc0e1918a8455dcb86d4e4f19a

SHA256
af5b37f01f1a8c2f0ac920a0d80c9deebec5e3f95221828a859995535ddb265b

SHA512
3c7a74143f78cfb05cb29f769aa2c01fb755c724b1b2f9ad38a2e504d42f37a23975d4a50ac098dc1f05fc379abd7eb46546073913f4941cec1c359b0d8877ba

Download Submit
C:\Windows\system\qsPvXcp.exe

Filesize
5.2MB

MD5
5a6dea8787e43153a3d6cbe165677b2f

SHA1
bf95f4282639e065d83f45b66a3ab00bd94d49cb

SHA256
c62c3fe60db2d440a21bdecb4027065745a3d2ea5c944576013a9f2f4e0e2d1b

SHA512
cc00bb575a83d354ebfef77ffb30db0b9b69fa7c3d9280d17c67a4169089e79a3bb404e0633b40e4fbf8390f259df583fd5d832d2b392d21d03b31d8c05542b6

Download Submit
C:\Windows\system\sfqNzAI.exe

Filesize
5.2MB

MD5
66c1043fb4a023102259caee75580766

SHA1
cc3de12ab04d29a13c68d1c845b42a962cd02cae

SHA256
578dd958a60398b165f733c72b665160803fa01cb548b73fd5c54c664ecb7b02

SHA512
c693eef97f094cbeacb1b112b2564e58aca09701da281cd7e18a3ee6db9d1c6f8c3635d3107a4a0fabfa586c9312b90fe3358bb9ae509a5c8d88c6dbd9d4516f

Download Submit
C:\Windows\system\tHdaMWU.exe

Filesize
5.2MB

MD5
cdd02278d3aca4d326fba08dcd42f51b

SHA1
bd7df9ea0a678de0bbb3aaba697d3124a85862ae

SHA256
a3f6e1fa7769ec009c6e83968b8f25b75eed9670294925deff916904953a9f3a

SHA512
3ca8023b0fd9eaab37591276724bdb78e76ba87262a0aa9272203c56783c4e516c9b59b172f71d851dc656aecad433cc8d008eed8eefd58e2e8ff824742be231

Download Submit
C:\Windows\system\tVRymfE.exe

Filesize
5.2MB

MD5
88524ed6d4f991bfbada62c1a7c281ba

SHA1
ed517505a9cd9cc4a940ee3569958e9a5ec8d263

SHA256
6eabba55e108312c354a246514e82ebbb7b5c93606ae00ab7405669960915a99

SHA512
0c4f07e789bd0c64612bf38433ae0c7961e9a73c1e3c5d3f3b4b6c00918d28284b7dd42c4cdef7f27651d617d6971d5faa810471db4314ceb88f5720f4390c43

Download Submit
C:\Windows\system\uoAVchN.exe

Filesize
5.2MB

MD5
b7a6bc470ad73e2cf9a5ae8a403de2a6

SHA1
d93d4054f8a13602bd805b394ac4114e91ff22e4

SHA256
b1e964c983de2ddd455bd48216b86d7578e32862d5258e37c11cdf57ff9697b1

SHA512
6ccc0f989c3ddc1fb959f1b5e436eb748c18da52aaffb518c128c89d65d43d7fe8168ba67b24e580f704035ac99321cdc0a6e9dc1e8d989aa174ea533e181f9c

Download Submit
C:\Windows\system\vFJQfmz.exe

Filesize
5.2MB

MD5
8a5a25cbe97caf723333dee424638c98

SHA1
2c7252f51c8dd41ec801e5c3d8d94251067857b3

SHA256
f608da5761690b840da8554a58026b2448ed4f534d54943a290f1ec57b4e3979

SHA512
30a504c170b2e326448e903416bf7108c72f325e56aeb13cbd77c06ee78ffefa911a51245277c5b09d5776b4e7f8efc2a0c51e03d678758eaf2daf5d67cf4513

Download Submit
C:\Windows\system\yjAUmJq.exe

Filesize
5.2MB

MD5
43df9a8777980c31478b82822369558a

SHA1
8f1e25cc3e8bf36b2e2477afd3573696df9b92d0

SHA256
a9859f85ecb29bd234b45fe7d345d1ac9166c2bbb38b93b5391b4cc0f089b2c1

SHA512
18b664d6fa92b4639eabe2a6175836080e41a2c2d62bf736349bc7ed78c0d8535305ffcc8bb6640c01fa01aea7b72c4fb3224ccdad0b45c5a8fd4ab810805cc0

Download Submit
\Windows\system\IlIlowz.exe

Filesize
5.2MB

MD5
6c6e825b55e53a21862dba2a44319386

SHA1
99a36b7681e633194beda5800c2beca3ceae8dfd

SHA256
1df25a583958a73c3c9ef2c694082ae1c47d4283b43078e9edfe725c4adafadc

SHA512
da1a35a73f9fb041b180dfed428bd213bef88f9286d1499e151e1843f2bdf938ce0251d854b7b07ec1020fa951b1a7ff7b0c0c834b5a3573a7f9208d8da21611

Download Submit
\Windows\system\NeSCPaY.exe

Filesize
5.2MB

MD5
c0ab2666e2347f29f20e9f8fac7dc41f

SHA1
14a15cc49dac8e4b12ff6eaae858ba9d93434c68

SHA256
fcb14a06df1d93dd59aae00cd6b420aa31d04b03786fdb231dd2dd5ec63c5042

SHA512
389b3c1c916cc229e4a7eebd9a961c9276da1dd506fc55773cb738fa2616f1133ff8e6e3b59500d9c926a9f770c47c88636398d1b4f5122164f2a4d43cbc143e

Download Submit
\Windows\system\ScjxNBZ.exe

Filesize
5.2MB

MD5
2c345f7d8e15bae7883958916ea24571

SHA1
200ee0ea2a414bc583f79ee170080497204284dd

SHA256
1d764e628c5589143dcc2247792009938615dee4076076b95071663dbaea28a3

SHA512
02e2ae22b47dbd56847bbcf27bbddf4e5704c090036dec8c4229239c68c5f80083a0f75ae00b334f148d296589aab1b0431b575e0192542c4ea03804b17e7ca1

Download Submit
\Windows\system\eZiskyw.exe

Filesize
5.2MB

MD5
5c97b8af7b373f92df0ce029543d5037

SHA1
773cf705578660429e82b9aec4c78a3f1db3f810

SHA256
46b9234ead0f7f1ea5cdfa54faac5dc04fda4dde32c0031cd2b8b98677909457

SHA512
3855b0d84f30e078aa360b1600ec78e849fbf825ada20616816db530ebecfce7c97d7ef816bac370e48b6e277453599c2865cdaef5d62974e6ef1ed034e0d20b

Download Submit
memory/1228-934-0x000000013F180000-0x000000013F4D1000-memory.dmp

Filesize
3.3MB

Download
memory/1228-4566-0x000000013F180000-0x000000013F4D1000-memory.dmp

Filesize
3.3MB

Download
memory/1228-107-0x000000013F180000-0x000000013F4D1000-memory.dmp

Filesize
3.3MB

Download
memory/1776-105-0x000000013F020000-0x000000013F371000-memory.dmp

Filesize
3.3MB

Download
memory/1776-4555-0x000000013F020000-0x000000013F371000-memory.dmp

Filesize
3.3MB

Download
memory/2232-78-0x000000013F350000-0x000000013F6A1000-memory.dmp

Filesize
3.3MB

Download
memory/2232-97-0x000000013FBC0000-0x000000013FF11000-memory.dmp

Filesize
3.3MB

Download
memory/2232-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2232-82-0x000000013F840000-0x000000013FB91000-memory.dmp

Filesize
3.3MB

Download
memory/2232-93-0x000000013F350000-0x000000013F6A1000-memory.dmp

Filesize
3.3MB

Download
memory/2232-80-0x000000013FBF0000-0x000000013FF41000-memory.dmp

Filesize
3.3MB

Download
memory/2232-95-0x000000013F380000-0x000000013F6D1000-memory.dmp

Filesize
3.3MB

Download
memory/2232-0-0x000000013FF80000-0x00000001402D1000-memory.dmp

Filesize
3.3MB

Download
memory/2232-89-0x000000013F500000-0x000000013F851000-memory.dmp

Filesize
3.3MB

Download
memory/2232-108-0x000000013F4A0000-0x000000013F7F1000-memory.dmp

Filesize
3.3MB

Download
memory/2232-75-0x000000013F850000-0x000000013FBA1000-memory.dmp

Filesize
3.3MB

Download
memory/2232-74-0x000000013F810000-0x000000013FB61000-memory.dmp

Filesize
3.3MB

Download
memory/2232-928-0x00000000022B0000-0x0000000002601000-memory.dmp

Filesize
3.3MB

Download
memory/2232-110-0x000000013F8A0000-0x000000013FBF1000-memory.dmp

Filesize
3.3MB

Download
memory/2232-665-0x000000013FF80000-0x00000001402D1000-memory.dmp

Filesize
3.3MB

Download
memory/2232-919-0x000000013F850000-0x000000013FBA1000-memory.dmp

Filesize
3.3MB

Download
memory/2232-106-0x000000013F180000-0x000000013F4D1000-memory.dmp

Filesize
3.3MB

Download
memory/2232-84-0x000000013F470000-0x000000013F7C1000-memory.dmp

Filesize
3.3MB

Download
memory/2232-103-0x000000013F020000-0x000000013F371000-memory.dmp

Filesize
3.3MB

Download
memory/2232-101-0x00000000022B0000-0x0000000002601000-memory.dmp

Filesize
3.3MB

Download
memory/2256-102-0x000000013FD70000-0x00000001400C1000-memory.dmp

Filesize
3.3MB

Download
memory/2256-4558-0x000000013FD70000-0x00000001400C1000-memory.dmp

Filesize
3.3MB

Download
memory/2256-931-0x000000013FD70000-0x00000001400C1000-memory.dmp

Filesize
3.3MB

Download
memory/2392-4565-0x000000013F350000-0x000000013F6A1000-memory.dmp

Filesize
3.3MB

Download
memory/2392-79-0x000000013F350000-0x000000013F6A1000-memory.dmp

Filesize
3.3MB

Download
memory/2392-921-0x000000013F350000-0x000000013F6A1000-memory.dmp

Filesize
3.3MB

Download
memory/2576-96-0x000000013F380000-0x000000013F6D1000-memory.dmp

Filesize
3.3MB

Download
memory/2576-4556-0x000000013F380000-0x000000013F6D1000-memory.dmp

Filesize
3.3MB

Download
memory/2576-925-0x000000013F380000-0x000000013F6D1000-memory.dmp

Filesize
3.3MB

Download
memory/2616-4517-0x000000013FBF0000-0x000000013FF41000-memory.dmp

Filesize
3.3MB

Download
memory/2616-81-0x000000013FBF0000-0x000000013FF41000-memory.dmp

Filesize
3.3MB

Download
memory/2644-98-0x000000013FBC0000-0x000000013FF11000-memory.dmp

Filesize
3.3MB

Download
memory/2644-4553-0x000000013FBC0000-0x000000013FF11000-memory.dmp

Filesize
3.3MB

Download
memory/2696-4516-0x000000013F350000-0x000000013F6A1000-memory.dmp

Filesize
3.3MB

Download
memory/2696-94-0x000000013F350000-0x000000013F6A1000-memory.dmp

Filesize
3.3MB

Download
memory/2732-4557-0x000000013F810000-0x000000013FB61000-memory.dmp

Filesize
3.3MB

Download
memory/2732-109-0x000000013F810000-0x000000013FB61000-memory.dmp

Filesize
3.3MB

Download
memory/2736-77-0x000000013F8A0000-0x000000013FBF1000-memory.dmp

Filesize
3.3MB

Download
memory/2736-4551-0x000000013F8A0000-0x000000013FBF1000-memory.dmp

Filesize
3.3MB

Download
memory/2764-90-0x000000013F500000-0x000000013F851000-memory.dmp

Filesize
3.3MB

Download
memory/2764-923-0x000000013F500000-0x000000013F851000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4728-0x000000013F500000-0x000000013F851000-memory.dmp

Filesize
3.3MB

Download
memory/2808-4559-0x000000013F840000-0x000000013FB91000-memory.dmp

Filesize
3.3MB

Download
memory/2808-922-0x000000013F840000-0x000000013FB91000-memory.dmp

Filesize
3.3MB

Download
memory/2808-83-0x000000013F840000-0x000000013FB91000-memory.dmp

Filesize
3.3MB

Download
memory/2856-920-0x000000013F850000-0x000000013FBA1000-memory.dmp

Filesize
3.3MB

Download
memory/2856-4482-0x000000013F850000-0x000000013FBA1000-memory.dmp

Filesize
3.3MB

Download
memory/2856-76-0x000000013F850000-0x000000013FBA1000-memory.dmp

Filesize
3.3MB

Download
memory/3020-4552-0x000000013F470000-0x000000013F7C1000-memory.dmp

Filesize
3.3MB

Download
memory/3020-88-0x000000013F470000-0x000000013F7C1000-memory.dmp

Filesize
3.3MB

Download