cobaltstrike | 55413d9b910118ea226dcbc83280403d2ac45ff7098be62832b7ffd87eb4568b

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
19/12/2024, 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

67dea6b870339325a6538bdf138c0635
SHA1

d9ff254319a800247efdb2273efd3dfae5e60f66
SHA256

55413d9b910118ea226dcbc83280403d2ac45ff7098be62832b7ffd87eb4568b
SHA512

8a9f91878b285b574de9bfca36816d423b9d62c93e73dc3991c1c80c242bd101d5824096396892dc1f57cb39563149230ff03017d17dcdfbcd4fcfe1128415f5
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUt:T+q56utgpPF8u/7t

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001227d-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016875-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016b47-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c66-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd7-41.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017049-49.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf5-54.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c88-32.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-57.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-72.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-94.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-101.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-152.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a6-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-148.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-144.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-124.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2036-0-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x000a00000001227d-6.dat	xmrig
behavioral1/memory/1892-9-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016875-10.dat	xmrig
behavioral1/memory/2572-14-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016b47-12.dat	xmrig
behavioral1/memory/2588-21-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c66-22.dat	xmrig
behavioral1/memory/2548-27-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cd7-41.dat	xmrig
behavioral1/files/0x0008000000017049-49.dat	xmrig
behavioral1/memory/2768-52-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/1988-36-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2384-55-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cf5-54.dat	xmrig
behavioral1/memory/2036-33-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c88-32.dat	xmrig
behavioral1/memory/2572-53-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2808-47-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2036-40-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2588-56-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x0006000000017497-57.dat	xmrig
behavioral1/files/0x000600000001755b-72.dat	xmrig
behavioral1/memory/1704-82-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2808-83-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/1988-80-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/files/0x000600000001749c-79.dat	xmrig
behavioral1/memory/2904-77-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2940-76-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2548-62-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018686-86.dat	xmrig
behavioral1/memory/2036-90-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2384-93-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2308-92-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2768-91-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x00050000000186e7-94.dat	xmrig
behavioral1/memory/1268-100-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2036-98-0x0000000002270000-0x00000000025C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ed-101.dat	xmrig
behavioral1/memory/2860-108-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186f1-109.dat	xmrig
behavioral1/files/0x00050000000186f4-116.dat	xmrig
behavioral1/files/0x0005000000018704-120.dat	xmrig
behavioral1/files/0x000500000001878e-132.dat	xmrig
behavioral1/files/0x0005000000019250-152.dat	xmrig
behavioral1/memory/1268-609-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2548-3533-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2588-3534-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2572-3539-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/1892-3538-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/1988-3541-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2808-3742-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2904-3750-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/1704-3749-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2768-3746-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2384-3772-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2940-3766-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2308-3802-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/1268-3869-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2860-3895-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2036-341-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/1704-208-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a6-180.dat	xmrig
behavioral1/files/0x0005000000019360-176.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1892	AXjjHGi.exe
2572	ArzYXth.exe
2588	PiAILsB.exe
2548	LxknaXu.exe
1988	vuogbdI.exe
2808	GSaKHTt.exe
2768	rPpGGLm.exe
2384	LxoUukc.exe
2940	laullsm.exe
2904	uZsOueB.exe
1704	xWvZHzB.exe
2308	LjJNFsN.exe
1268	DVxwETo.exe
2860	jsfSKHa.exe
1992	QlrcSHs.exe
2692	yjsFyvs.exe
1176	iSuxsKc.exe
1560	tahsqAE.exe
2056	XtjoMhv.exe
1920	ESHJdpI.exe
1760	ukPyjjF.exe
1980	UTvAiQe.exe
3012	MRltvlG.exe
2992	TkywyeN.exe
2828	VgxGQbu.exe
1240	DELRdBu.exe
2576	cmHYJco.exe
2452	EiQqngU.exe
2024	FnlbBsr.exe
2128	kXbQkIS.exe
1124	EJWfJgs.exe
3024	EZxCPXt.exe
740	tuYpEjD.exe
948	UuIuLUC.exe
1844	YAXxnkO.exe
584	MbsPJgo.exe
3040	tJjGRps.exe
780	ychbmtw.exe
2380	PSGmGrs.exe
1732	fFCrhbM.exe
2400	CldIlFa.exe
1700	LqLOEIg.exe
856	GmQVvDS.exe
1544	keetFgN.exe
1540	ealVCUi.exe
304	SGotzXM.exe
1676	ZTFVyIh.exe
676	qssqXdz.exe
628	KWqqrrR.exe
484	euSgPga.exe
2208	jgfAFcq.exe
1284	cLnwPbc.exe
2568	xATAVGK.exe
2372	zCAXSaW.exe
1492	fiCcgeL.exe
1684	USTYCwB.exe
1928	WsyTwgR.exe
2320	JMnocmd.exe
2028	IyejUcS.exe
1708	aPylikH.exe
2020	ZjeLgUE.exe
1640	alEcvNc.exe
760	PUUxaZS.exe
2944	FXdurgl.exe

Loads dropped DLL 64 IoCs

pid	Process
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2036-0-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x000a00000001227d-6.dat	upx
behavioral1/memory/1892-9-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x0008000000016875-10.dat	upx
behavioral1/memory/2572-14-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/files/0x0008000000016b47-12.dat	upx
behavioral1/memory/2588-21-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/files/0x0008000000016c66-22.dat	upx
behavioral1/memory/2548-27-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x0007000000016cd7-41.dat	upx
behavioral1/files/0x0008000000017049-49.dat	upx
behavioral1/memory/2768-52-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/1988-36-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2384-55-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x0007000000016cf5-54.dat	upx
behavioral1/memory/2036-33-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x0007000000016c88-32.dat	upx
behavioral1/memory/2572-53-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2808-47-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2036-40-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2588-56-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/files/0x0006000000017497-57.dat	upx
behavioral1/files/0x000600000001755b-72.dat	upx
behavioral1/memory/1704-82-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2808-83-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/1988-80-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x000600000001749c-79.dat	upx
behavioral1/memory/2904-77-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2940-76-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2548-62-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x0005000000018686-86.dat	upx
behavioral1/memory/2384-93-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2308-92-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2768-91-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x00050000000186e7-94.dat	upx
behavioral1/memory/1268-100-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/files/0x00050000000186ed-101.dat	upx
behavioral1/memory/2860-108-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x00050000000186f1-109.dat	upx
behavioral1/files/0x00050000000186f4-116.dat	upx
behavioral1/files/0x0005000000018704-120.dat	upx
behavioral1/files/0x000500000001878e-132.dat	upx
behavioral1/files/0x0005000000019250-152.dat	upx
behavioral1/memory/1268-609-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2548-3533-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2588-3534-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2572-3539-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/1892-3538-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/1988-3541-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2808-3742-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2904-3750-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/1704-3749-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2768-3746-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2384-3772-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2940-3766-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2308-3802-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/1268-3869-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2860-3895-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/1704-208-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x00050000000193a6-180.dat	upx
behavioral1/files/0x0005000000019360-176.dat	upx
behavioral1/files/0x000500000001933f-172.dat	upx
behavioral1/files/0x0005000000019297-168.dat	upx
behavioral1/files/0x0005000000019284-164.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\eewnnZb.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sSnBiLg.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KtfjqkX.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DELRdBu.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xoPZSII.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nYXDhmj.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPOycYi.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dVDpIPh.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\byqmNJi.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ieCduYE.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zWCzqRy.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bTWmdcP.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdAOHMC.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\foHAlUf.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gxDLIwA.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MlYGgSo.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IdrQuwr.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SorftQP.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxqSoxY.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WapSVpZ.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TLjLaHf.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kjqQJzX.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVJxpea.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nOhyTZr.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FFcjgiU.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYrgoEJ.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NvLDCwx.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QmOdiFM.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\URjqbxq.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HJPSkOm.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jEZEmjq.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGjWaWF.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iSxNTur.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXdurgl.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzlYwiu.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWBFEXM.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SzeNeLW.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zTPinNJ.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sccGeWm.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IpuHToE.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JfVcvOk.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MPCtzxc.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yfMNWxz.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GXdmjEb.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzXMFFe.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nzHAyjJ.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WhJvSmQ.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VuBOeOI.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DvcztrH.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NVNuldV.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\evigoyg.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ncibhbv.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dCkPuYW.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KjiwPqD.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hwqbDmt.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oLARzhq.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ToFgMoh.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XFrkIGw.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HBviIeg.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNzzquS.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aixEcJL.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXRMOfy.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\onyKqep.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fjEgkcs.exe	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 1892	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2036 wrote to memory of 1892	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2036 wrote to memory of 1892	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2036 wrote to memory of 2572	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2036 wrote to memory of 2572	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2036 wrote to memory of 2572	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2036 wrote to memory of 2588	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2036 wrote to memory of 2588	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2036 wrote to memory of 2588	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2036 wrote to memory of 2548	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2036 wrote to memory of 2548	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2036 wrote to memory of 2548	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2036 wrote to memory of 1988	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2036 wrote to memory of 1988	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2036 wrote to memory of 1988	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2036 wrote to memory of 2808	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2036 wrote to memory of 2808	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2036 wrote to memory of 2808	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2036 wrote to memory of 2384	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2036 wrote to memory of 2384	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2036 wrote to memory of 2384	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2036 wrote to memory of 2768	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2036 wrote to memory of 2768	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2036 wrote to memory of 2768	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2036 wrote to memory of 2940	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2036 wrote to memory of 2940	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2036 wrote to memory of 2940	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2036 wrote to memory of 1704	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2036 wrote to memory of 1704	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2036 wrote to memory of 1704	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2036 wrote to memory of 2904	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2036 wrote to memory of 2904	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2036 wrote to memory of 2904	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2036 wrote to memory of 2308	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2036 wrote to memory of 2308	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2036 wrote to memory of 2308	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2036 wrote to memory of 1268	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2036 wrote to memory of 1268	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2036 wrote to memory of 1268	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2036 wrote to memory of 2860	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2036 wrote to memory of 2860	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2036 wrote to memory of 2860	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2036 wrote to memory of 1992	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2036 wrote to memory of 1992	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2036 wrote to memory of 1992	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2036 wrote to memory of 2692	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2036 wrote to memory of 2692	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2036 wrote to memory of 2692	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2036 wrote to memory of 1176	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2036 wrote to memory of 1176	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2036 wrote to memory of 1176	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2036 wrote to memory of 1560	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2036 wrote to memory of 1560	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2036 wrote to memory of 1560	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2036 wrote to memory of 2056	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2036 wrote to memory of 2056	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2036 wrote to memory of 2056	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2036 wrote to memory of 1920	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2036 wrote to memory of 1920	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2036 wrote to memory of 1920	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2036 wrote to memory of 1760	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2036 wrote to memory of 1760	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2036 wrote to memory of 1760	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2036 wrote to memory of 1980	2036	2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-19_67dea6b870339325a6538bdf138c0635_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\System\AXjjHGi.exe
  C:\Windows\System\AXjjHGi.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\ArzYXth.exe
  C:\Windows\System\ArzYXth.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\PiAILsB.exe
  C:\Windows\System\PiAILsB.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\LxknaXu.exe
  C:\Windows\System\LxknaXu.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\vuogbdI.exe
  C:\Windows\System\vuogbdI.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\GSaKHTt.exe
  C:\Windows\System\GSaKHTt.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\LxoUukc.exe
  C:\Windows\System\LxoUukc.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\rPpGGLm.exe
  C:\Windows\System\rPpGGLm.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\laullsm.exe
  C:\Windows\System\laullsm.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\xWvZHzB.exe
  C:\Windows\System\xWvZHzB.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\uZsOueB.exe
  C:\Windows\System\uZsOueB.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\LjJNFsN.exe
  C:\Windows\System\LjJNFsN.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\DVxwETo.exe
  C:\Windows\System\DVxwETo.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\jsfSKHa.exe
  C:\Windows\System\jsfSKHa.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\QlrcSHs.exe
  C:\Windows\System\QlrcSHs.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\yjsFyvs.exe
  C:\Windows\System\yjsFyvs.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\iSuxsKc.exe
  C:\Windows\System\iSuxsKc.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\tahsqAE.exe
  C:\Windows\System\tahsqAE.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\XtjoMhv.exe
  C:\Windows\System\XtjoMhv.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\ESHJdpI.exe
  C:\Windows\System\ESHJdpI.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\ukPyjjF.exe
  C:\Windows\System\ukPyjjF.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\UTvAiQe.exe
  C:\Windows\System\UTvAiQe.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\MRltvlG.exe
  C:\Windows\System\MRltvlG.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\TkywyeN.exe
  C:\Windows\System\TkywyeN.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\VgxGQbu.exe
  C:\Windows\System\VgxGQbu.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\DELRdBu.exe
  C:\Windows\System\DELRdBu.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\cmHYJco.exe
  C:\Windows\System\cmHYJco.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\EiQqngU.exe
  C:\Windows\System\EiQqngU.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\FnlbBsr.exe
  C:\Windows\System\FnlbBsr.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\kXbQkIS.exe
  C:\Windows\System\kXbQkIS.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\EJWfJgs.exe
  C:\Windows\System\EJWfJgs.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\EZxCPXt.exe
  C:\Windows\System\EZxCPXt.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\tuYpEjD.exe
  C:\Windows\System\tuYpEjD.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\UuIuLUC.exe
  C:\Windows\System\UuIuLUC.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\YAXxnkO.exe
  C:\Windows\System\YAXxnkO.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\MbsPJgo.exe
  C:\Windows\System\MbsPJgo.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\tJjGRps.exe
  C:\Windows\System\tJjGRps.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\ychbmtw.exe
  C:\Windows\System\ychbmtw.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\PSGmGrs.exe
  C:\Windows\System\PSGmGrs.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\fFCrhbM.exe
  C:\Windows\System\fFCrhbM.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\CldIlFa.exe
  C:\Windows\System\CldIlFa.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\LqLOEIg.exe
  C:\Windows\System\LqLOEIg.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\GmQVvDS.exe
  C:\Windows\System\GmQVvDS.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\keetFgN.exe
  C:\Windows\System\keetFgN.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\ealVCUi.exe
  C:\Windows\System\ealVCUi.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\SGotzXM.exe
  C:\Windows\System\SGotzXM.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\ZTFVyIh.exe
  C:\Windows\System\ZTFVyIh.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\qssqXdz.exe
  C:\Windows\System\qssqXdz.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\KWqqrrR.exe
  C:\Windows\System\KWqqrrR.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\euSgPga.exe
  C:\Windows\System\euSgPga.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\jgfAFcq.exe
  C:\Windows\System\jgfAFcq.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\cLnwPbc.exe
  C:\Windows\System\cLnwPbc.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\xATAVGK.exe
  C:\Windows\System\xATAVGK.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\zCAXSaW.exe
  C:\Windows\System\zCAXSaW.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\fiCcgeL.exe
  C:\Windows\System\fiCcgeL.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\USTYCwB.exe
  C:\Windows\System\USTYCwB.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\WsyTwgR.exe
  C:\Windows\System\WsyTwgR.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\JMnocmd.exe
  C:\Windows\System\JMnocmd.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\IyejUcS.exe
  C:\Windows\System\IyejUcS.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\aPylikH.exe
  C:\Windows\System\aPylikH.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\ZjeLgUE.exe
  C:\Windows\System\ZjeLgUE.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\alEcvNc.exe
  C:\Windows\System\alEcvNc.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\PUUxaZS.exe
  C:\Windows\System\PUUxaZS.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\FXdurgl.exe
  C:\Windows\System\FXdurgl.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\INUlVIm.exe
  C:\Windows\System\INUlVIm.exe
  2⤵
  PID:3048
- C:\Windows\System\gvTudjH.exe
  C:\Windows\System\gvTudjH.exe
  2⤵
  PID:1272
- C:\Windows\System\dbTcYhg.exe
  C:\Windows\System\dbTcYhg.exe
  2⤵
  PID:2232
- C:\Windows\System\myPdNSc.exe
  C:\Windows\System\myPdNSc.exe
  2⤵
  PID:2788
- C:\Windows\System\ZKgdtwj.exe
  C:\Windows\System\ZKgdtwj.exe
  2⤵
  PID:2908
- C:\Windows\System\wSzZJnW.exe
  C:\Windows\System\wSzZJnW.exe
  2⤵
  PID:2528
- C:\Windows\System\zOipYpx.exe
  C:\Windows\System\zOipYpx.exe
  2⤵
  PID:1144
- C:\Windows\System\ceKlciQ.exe
  C:\Windows\System\ceKlciQ.exe
  2⤵
  PID:2716
- C:\Windows\System\cMtZJXZ.exe
  C:\Windows\System\cMtZJXZ.exe
  2⤵
  PID:2092
- C:\Windows\System\avytPAz.exe
  C:\Windows\System\avytPAz.exe
  2⤵
  PID:2688
- C:\Windows\System\NplOIsT.exe
  C:\Windows\System\NplOIsT.exe
  2⤵
  PID:2416
- C:\Windows\System\RERKiHC.exe
  C:\Windows\System\RERKiHC.exe
  2⤵
  PID:848
- C:\Windows\System\tvfUmLS.exe
  C:\Windows\System\tvfUmLS.exe
  2⤵
  PID:2296
- C:\Windows\System\TSJOxkx.exe
  C:\Windows\System\TSJOxkx.exe
  2⤵
  PID:1412
- C:\Windows\System\NcchoDv.exe
  C:\Windows\System\NcchoDv.exe
  2⤵
  PID:2000
- C:\Windows\System\PWySrNA.exe
  C:\Windows\System\PWySrNA.exe
  2⤵
  PID:1916
- C:\Windows\System\IdQGHhn.exe
  C:\Windows\System\IdQGHhn.exe
  2⤵
  PID:1488
- C:\Windows\System\JYsFoYL.exe
  C:\Windows\System\JYsFoYL.exe
  2⤵
  PID:2964
- C:\Windows\System\IGmViml.exe
  C:\Windows\System\IGmViml.exe
  2⤵
  PID:3000
- C:\Windows\System\TZMLvcv.exe
  C:\Windows\System\TZMLvcv.exe
  2⤵
  PID:2340
- C:\Windows\System\YBGlHDh.exe
  C:\Windows\System\YBGlHDh.exe
  2⤵
  PID:2052
- C:\Windows\System\kjUuBmy.exe
  C:\Windows\System\kjUuBmy.exe
  2⤵
  PID:2136
- C:\Windows\System\IIoFblE.exe
  C:\Windows\System\IIoFblE.exe
  2⤵
  PID:1608
- C:\Windows\System\BIhenDk.exe
  C:\Windows\System\BIhenDk.exe
  2⤵
  PID:2224
- C:\Windows\System\YPeBKRG.exe
  C:\Windows\System\YPeBKRG.exe
  2⤵
  PID:1500
- C:\Windows\System\uoXUpKv.exe
  C:\Windows\System\uoXUpKv.exe
  2⤵
  PID:1376
- C:\Windows\System\FoYkGqF.exe
  C:\Windows\System\FoYkGqF.exe
  2⤵
  PID:684
- C:\Windows\System\hZZCmRd.exe
  C:\Windows\System\hZZCmRd.exe
  2⤵
  PID:2228
- C:\Windows\System\UvGubOr.exe
  C:\Windows\System\UvGubOr.exe
  2⤵
  PID:2196
- C:\Windows\System\HzjAoTQ.exe
  C:\Windows\System\HzjAoTQ.exe
  2⤵
  PID:900
- C:\Windows\System\wEZWYuK.exe
  C:\Windows\System\wEZWYuK.exe
  2⤵
  PID:1572
- C:\Windows\System\kFlYGCV.exe
  C:\Windows\System\kFlYGCV.exe
  2⤵
  PID:2724
- C:\Windows\System\IVsHlOH.exe
  C:\Windows\System\IVsHlOH.exe
  2⤵
  PID:300
- C:\Windows\System\DnULeQA.exe
  C:\Windows\System\DnULeQA.exe
  2⤵
  PID:1628
- C:\Windows\System\mOhpYPq.exe
  C:\Windows\System\mOhpYPq.exe
  2⤵
  PID:2600
- C:\Windows\System\KcVAQYi.exe
  C:\Windows\System\KcVAQYi.exe
  2⤵
  PID:2184
- C:\Windows\System\FwWdygG.exe
  C:\Windows\System\FwWdygG.exe
  2⤵
  PID:2404
- C:\Windows\System\PsxNQOl.exe
  C:\Windows\System\PsxNQOl.exe
  2⤵
  PID:2192
- C:\Windows\System\IBRMxrg.exe
  C:\Windows\System\IBRMxrg.exe
  2⤵
  PID:1596
- C:\Windows\System\glWOkQD.exe
  C:\Windows\System\glWOkQD.exe
  2⤵
  PID:1984
- C:\Windows\System\FpmReXX.exe
  C:\Windows\System\FpmReXX.exe
  2⤵
  PID:2888
- C:\Windows\System\iCkgWGV.exe
  C:\Windows\System\iCkgWGV.exe
  2⤵
  PID:1840
- C:\Windows\System\rpfnLZw.exe
  C:\Windows\System\rpfnLZw.exe
  2⤵
  PID:2328
- C:\Windows\System\KZzfztw.exe
  C:\Windows\System\KZzfztw.exe
  2⤵
  PID:2644
- C:\Windows\System\stroZyV.exe
  C:\Windows\System\stroZyV.exe
  2⤵
  PID:292
- C:\Windows\System\yuXeIKR.exe
  C:\Windows\System\yuXeIKR.exe
  2⤵
  PID:2468
- C:\Windows\System\FWysftU.exe
  C:\Windows\System\FWysftU.exe
  2⤵
  PID:2100
- C:\Windows\System\ojDxKEy.exe
  C:\Windows\System\ojDxKEy.exe
  2⤵
  PID:2520
- C:\Windows\System\XGPRNLU.exe
  C:\Windows\System\XGPRNLU.exe
  2⤵
  PID:2440
- C:\Windows\System\qAFpJfz.exe
  C:\Windows\System\qAFpJfz.exe
  2⤵
  PID:1764
- C:\Windows\System\jCyNUzG.exe
  C:\Windows\System\jCyNUzG.exe
  2⤵
  PID:2996
- C:\Windows\System\aKHJFcb.exe
  C:\Windows\System\aKHJFcb.exe
  2⤵
  PID:3028
- C:\Windows\System\pEokdLx.exe
  C:\Windows\System\pEokdLx.exe
  2⤵
  PID:1884
- C:\Windows\System\FHtIJBd.exe
  C:\Windows\System\FHtIJBd.exe
  2⤵
  PID:2068
- C:\Windows\System\fPfVOJD.exe
  C:\Windows\System\fPfVOJD.exe
  2⤵
  PID:1616
- C:\Windows\System\SnWODMN.exe
  C:\Windows\System\SnWODMN.exe
  2⤵
  PID:1824
- C:\Windows\System\tKMkLxX.exe
  C:\Windows\System\tKMkLxX.exe
  2⤵
  PID:2976
- C:\Windows\System\uUoejLh.exe
  C:\Windows\System\uUoejLh.exe
  2⤵
  PID:768
- C:\Windows\System\rkJYsNe.exe
  C:\Windows\System\rkJYsNe.exe
  2⤵
  PID:1956
- C:\Windows\System\DBdiWAa.exe
  C:\Windows\System\DBdiWAa.exe
  2⤵
  PID:2412
- C:\Windows\System\xoPZSII.exe
  C:\Windows\System\xoPZSII.exe
  2⤵
  PID:1556
- C:\Windows\System\dkgotkZ.exe
  C:\Windows\System\dkgotkZ.exe
  2⤵
  PID:2252
- C:\Windows\System\lEJnBAU.exe
  C:\Windows\System\lEJnBAU.exe
  2⤵
  PID:2632
- C:\Windows\System\vrWbVVI.exe
  C:\Windows\System\vrWbVVI.exe
  2⤵
  PID:2016
- C:\Windows\System\VgUFhYC.exe
  C:\Windows\System\VgUFhYC.exe
  2⤵
  PID:2680
- C:\Windows\System\GNbHVmP.exe
  C:\Windows\System\GNbHVmP.exe
  2⤵
  PID:2736
- C:\Windows\System\OOFbmeE.exe
  C:\Windows\System\OOFbmeE.exe
  2⤵
  PID:2032
- C:\Windows\System\qasQIwO.exe
  C:\Windows\System\qasQIwO.exe
  2⤵
  PID:1464
- C:\Windows\System\vNdBNMI.exe
  C:\Windows\System\vNdBNMI.exe
  2⤵
  PID:1720
- C:\Windows\System\zSiWSum.exe
  C:\Windows\System\zSiWSum.exe
  2⤵
  PID:556
- C:\Windows\System\JkWrJtn.exe
  C:\Windows\System\JkWrJtn.exe
  2⤵
  PID:2204
- C:\Windows\System\tWnYwqk.exe
  C:\Windows\System\tWnYwqk.exe
  2⤵
  PID:1592
- C:\Windows\System\oWzXAhR.exe
  C:\Windows\System\oWzXAhR.exe
  2⤵
  PID:2532
- C:\Windows\System\GvaRUPA.exe
  C:\Windows\System\GvaRUPA.exe
  2⤵
  PID:2624
- C:\Windows\System\osaJnXc.exe
  C:\Windows\System\osaJnXc.exe
  2⤵
  PID:2428
- C:\Windows\System\zOPAbfD.exe
  C:\Windows\System\zOPAbfD.exe
  2⤵
  PID:2040
- C:\Windows\System\bklfebi.exe
  C:\Windows\System\bklfebi.exe
  2⤵
  PID:1680
- C:\Windows\System\UExIDbL.exe
  C:\Windows\System\UExIDbL.exe
  2⤵
  PID:2236
- C:\Windows\System\QWgjRqy.exe
  C:\Windows\System\QWgjRqy.exe
  2⤵
  PID:2896
- C:\Windows\System\CwEypYK.exe
  C:\Windows\System\CwEypYK.exe
  2⤵
  PID:3084
- C:\Windows\System\UtoAUrS.exe
  C:\Windows\System\UtoAUrS.exe
  2⤵
  PID:3100
- C:\Windows\System\kAvdjkp.exe
  C:\Windows\System\kAvdjkp.exe
  2⤵
  PID:3116
- C:\Windows\System\YtORBkp.exe
  C:\Windows\System\YtORBkp.exe
  2⤵
  PID:3132
- C:\Windows\System\HJPSkOm.exe
  C:\Windows\System\HJPSkOm.exe
  2⤵
  PID:3148
- C:\Windows\System\CQwXpAi.exe
  C:\Windows\System\CQwXpAi.exe
  2⤵
  PID:3164
- C:\Windows\System\uBvdDel.exe
  C:\Windows\System\uBvdDel.exe
  2⤵
  PID:3180
- C:\Windows\System\BHKLhXW.exe
  C:\Windows\System\BHKLhXW.exe
  2⤵
  PID:3196
- C:\Windows\System\yfZjmNG.exe
  C:\Windows\System\yfZjmNG.exe
  2⤵
  PID:3212
- C:\Windows\System\vQhvStp.exe
  C:\Windows\System\vQhvStp.exe
  2⤵
  PID:3228
- C:\Windows\System\kfGUqYa.exe
  C:\Windows\System\kfGUqYa.exe
  2⤵
  PID:3244
- C:\Windows\System\OJJPlXw.exe
  C:\Windows\System\OJJPlXw.exe
  2⤵
  PID:3260
- C:\Windows\System\HFxEItC.exe
  C:\Windows\System\HFxEItC.exe
  2⤵
  PID:3276
- C:\Windows\System\PBYkqAc.exe
  C:\Windows\System\PBYkqAc.exe
  2⤵
  PID:3292
- C:\Windows\System\wQMZYkH.exe
  C:\Windows\System\wQMZYkH.exe
  2⤵
  PID:3308
- C:\Windows\System\pYVvpzo.exe
  C:\Windows\System\pYVvpzo.exe
  2⤵
  PID:3324
- C:\Windows\System\MMRLuHL.exe
  C:\Windows\System\MMRLuHL.exe
  2⤵
  PID:3340
- C:\Windows\System\gQfJybE.exe
  C:\Windows\System\gQfJybE.exe
  2⤵
  PID:3356
- C:\Windows\System\pTApmZl.exe
  C:\Windows\System\pTApmZl.exe
  2⤵
  PID:3372
- C:\Windows\System\SfroCuf.exe
  C:\Windows\System\SfroCuf.exe
  2⤵
  PID:3388
- C:\Windows\System\khVJnbE.exe
  C:\Windows\System\khVJnbE.exe
  2⤵
  PID:3404
- C:\Windows\System\AKJjxEm.exe
  C:\Windows\System\AKJjxEm.exe
  2⤵
  PID:3420
- C:\Windows\System\EUXVoKB.exe
  C:\Windows\System\EUXVoKB.exe
  2⤵
  PID:3436
- C:\Windows\System\uJiXYGY.exe
  C:\Windows\System\uJiXYGY.exe
  2⤵
  PID:3452
- C:\Windows\System\HDzhYOM.exe
  C:\Windows\System\HDzhYOM.exe
  2⤵
  PID:3468
- C:\Windows\System\eVkIjwh.exe
  C:\Windows\System\eVkIjwh.exe
  2⤵
  PID:3484
- C:\Windows\System\QmOdiFM.exe
  C:\Windows\System\QmOdiFM.exe
  2⤵
  PID:3500
- C:\Windows\System\LuqIIkX.exe
  C:\Windows\System\LuqIIkX.exe
  2⤵
  PID:3516
- C:\Windows\System\JZKetdL.exe
  C:\Windows\System\JZKetdL.exe
  2⤵
  PID:3532
- C:\Windows\System\CbqThFm.exe
  C:\Windows\System\CbqThFm.exe
  2⤵
  PID:3548
- C:\Windows\System\sLgMnZR.exe
  C:\Windows\System\sLgMnZR.exe
  2⤵
  PID:3564
- C:\Windows\System\OVlxceY.exe
  C:\Windows\System\OVlxceY.exe
  2⤵
  PID:3580
- C:\Windows\System\RMvPfnX.exe
  C:\Windows\System\RMvPfnX.exe
  2⤵
  PID:3596
- C:\Windows\System\hPujmqM.exe
  C:\Windows\System\hPujmqM.exe
  2⤵
  PID:3612
- C:\Windows\System\cekpNaR.exe
  C:\Windows\System\cekpNaR.exe
  2⤵
  PID:3628
- C:\Windows\System\qyNZfvv.exe
  C:\Windows\System\qyNZfvv.exe
  2⤵
  PID:3644
- C:\Windows\System\ZTZXqSa.exe
  C:\Windows\System\ZTZXqSa.exe
  2⤵
  PID:3660
- C:\Windows\System\rOkJhgZ.exe
  C:\Windows\System\rOkJhgZ.exe
  2⤵
  PID:3676
- C:\Windows\System\JxvqqyB.exe
  C:\Windows\System\JxvqqyB.exe
  2⤵
  PID:3692
- C:\Windows\System\NNNwuib.exe
  C:\Windows\System\NNNwuib.exe
  2⤵
  PID:3708
- C:\Windows\System\qTCXPgH.exe
  C:\Windows\System\qTCXPgH.exe
  2⤵
  PID:3724
- C:\Windows\System\hJEqZBl.exe
  C:\Windows\System\hJEqZBl.exe
  2⤵
  PID:3740
- C:\Windows\System\yGhTnJv.exe
  C:\Windows\System\yGhTnJv.exe
  2⤵
  PID:3756
- C:\Windows\System\JoMhSHo.exe
  C:\Windows\System\JoMhSHo.exe
  2⤵
  PID:3772
- C:\Windows\System\dvSBeHN.exe
  C:\Windows\System\dvSBeHN.exe
  2⤵
  PID:3788
- C:\Windows\System\TYlGaoH.exe
  C:\Windows\System\TYlGaoH.exe
  2⤵
  PID:3808
- C:\Windows\System\GbXaOJd.exe
  C:\Windows\System\GbXaOJd.exe
  2⤵
  PID:3824
- C:\Windows\System\ZkdHOmy.exe
  C:\Windows\System\ZkdHOmy.exe
  2⤵
  PID:3840
- C:\Windows\System\YEMnMlW.exe
  C:\Windows\System\YEMnMlW.exe
  2⤵
  PID:3856
- C:\Windows\System\ncibhbv.exe
  C:\Windows\System\ncibhbv.exe
  2⤵
  PID:3872
- C:\Windows\System\nmbMWFJ.exe
  C:\Windows\System\nmbMWFJ.exe
  2⤵
  PID:3888
- C:\Windows\System\SorftQP.exe
  C:\Windows\System\SorftQP.exe
  2⤵
  PID:3904
- C:\Windows\System\QszQlgU.exe
  C:\Windows\System\QszQlgU.exe
  2⤵
  PID:3920
- C:\Windows\System\HOKFVkD.exe
  C:\Windows\System\HOKFVkD.exe
  2⤵
  PID:3936
- C:\Windows\System\DLXxCbi.exe
  C:\Windows\System\DLXxCbi.exe
  2⤵
  PID:3952
- C:\Windows\System\UmAwZPR.exe
  C:\Windows\System\UmAwZPR.exe
  2⤵
  PID:3968
- C:\Windows\System\kicqMWe.exe
  C:\Windows\System\kicqMWe.exe
  2⤵
  PID:3984
- C:\Windows\System\qFajalQ.exe
  C:\Windows\System\qFajalQ.exe
  2⤵
  PID:4000
- C:\Windows\System\CqdYmue.exe
  C:\Windows\System\CqdYmue.exe
  2⤵
  PID:4016
- C:\Windows\System\qJXEiWG.exe
  C:\Windows\System\qJXEiWG.exe
  2⤵
  PID:4032
- C:\Windows\System\LYMcevE.exe
  C:\Windows\System\LYMcevE.exe
  2⤵
  PID:4048
- C:\Windows\System\QjwpCUE.exe
  C:\Windows\System\QjwpCUE.exe
  2⤵
  PID:4064
- C:\Windows\System\KzLjIEO.exe
  C:\Windows\System\KzLjIEO.exe
  2⤵
  PID:4080
- C:\Windows\System\XWPDxIl.exe
  C:\Windows\System\XWPDxIl.exe
  2⤵
  PID:2880
- C:\Windows\System\FFhTIgy.exe
  C:\Windows\System\FFhTIgy.exe
  2⤵
  PID:2420
- C:\Windows\System\sqaYlQd.exe
  C:\Windows\System\sqaYlQd.exe
  2⤵
  PID:3076
- C:\Windows\System\KrOxnKA.exe
  C:\Windows\System\KrOxnKA.exe
  2⤵
  PID:3112
- C:\Windows\System\WnpxBmX.exe
  C:\Windows\System\WnpxBmX.exe
  2⤵
  PID:3140
- C:\Windows\System\dOVPBWy.exe
  C:\Windows\System\dOVPBWy.exe
  2⤵
  PID:3156
- C:\Windows\System\eaTVMau.exe
  C:\Windows\System\eaTVMau.exe
  2⤵
  PID:3204
- C:\Windows\System\ATpqrJw.exe
  C:\Windows\System\ATpqrJw.exe
  2⤵
  PID:3236
- C:\Windows\System\zElvDYU.exe
  C:\Windows\System\zElvDYU.exe
  2⤵
  PID:3268
- C:\Windows\System\ykONlcF.exe
  C:\Windows\System\ykONlcF.exe
  2⤵
  PID:3300
- C:\Windows\System\vVCpKoR.exe
  C:\Windows\System\vVCpKoR.exe
  2⤵
  PID:3332
- C:\Windows\System\uUqLRCT.exe
  C:\Windows\System\uUqLRCT.exe
  2⤵
  PID:3364
- C:\Windows\System\VFWqhOm.exe
  C:\Windows\System\VFWqhOm.exe
  2⤵
  PID:3380
- C:\Windows\System\qqXfNPn.exe
  C:\Windows\System\qqXfNPn.exe
  2⤵
  PID:3428
- C:\Windows\System\ZqSlmHw.exe
  C:\Windows\System\ZqSlmHw.exe
  2⤵
  PID:3460
- C:\Windows\System\dpMMrpF.exe
  C:\Windows\System\dpMMrpF.exe
  2⤵
  PID:3476
- C:\Windows\System\PxslOuS.exe
  C:\Windows\System\PxslOuS.exe
  2⤵
  PID:2640
- C:\Windows\System\zRMRwMc.exe
  C:\Windows\System\zRMRwMc.exe
  2⤵
  PID:3528
- C:\Windows\System\EwUiZXg.exe
  C:\Windows\System\EwUiZXg.exe
  2⤵
  PID:3560
- C:\Windows\System\qCItoqc.exe
  C:\Windows\System\qCItoqc.exe
  2⤵
  PID:2668
- C:\Windows\System\GuWHpPb.exe
  C:\Windows\System\GuWHpPb.exe
  2⤵
  PID:3604
- C:\Windows\System\QLrJQZG.exe
  C:\Windows\System\QLrJQZG.exe
  2⤵
  PID:3636
- C:\Windows\System\SuQwgRs.exe
  C:\Windows\System\SuQwgRs.exe
  2⤵
  PID:3668
- C:\Windows\System\PFnqokp.exe
  C:\Windows\System\PFnqokp.exe
  2⤵
  PID:3700
- C:\Windows\System\ZipoWoo.exe
  C:\Windows\System\ZipoWoo.exe
  2⤵
  PID:3748
- C:\Windows\System\eAxbhtT.exe
  C:\Windows\System\eAxbhtT.exe
  2⤵
  PID:3764
- C:\Windows\System\gixQGAj.exe
  C:\Windows\System\gixQGAj.exe
  2⤵
  PID:1320
- C:\Windows\System\JMzyWdm.exe
  C:\Windows\System\JMzyWdm.exe
  2⤵
  PID:3820
- C:\Windows\System\PXxVOch.exe
  C:\Windows\System\PXxVOch.exe
  2⤵
  PID:3852
- C:\Windows\System\dCkPuYW.exe
  C:\Windows\System\dCkPuYW.exe
  2⤵
  PID:3884
- C:\Windows\System\vkUmKUW.exe
  C:\Windows\System\vkUmKUW.exe
  2⤵
  PID:3912
- C:\Windows\System\iJTVmOu.exe
  C:\Windows\System\iJTVmOu.exe
  2⤵
  PID:3948
- C:\Windows\System\IdmAMhH.exe
  C:\Windows\System\IdmAMhH.exe
  2⤵
  PID:3976
- C:\Windows\System\CYPJdzy.exe
  C:\Windows\System\CYPJdzy.exe
  2⤵
  PID:3996
- C:\Windows\System\QYThCcT.exe
  C:\Windows\System\QYThCcT.exe
  2⤵
  PID:4040
- C:\Windows\System\WCAoBhq.exe
  C:\Windows\System\WCAoBhq.exe
  2⤵
  PID:4072
- C:\Windows\System\tNxdcca.exe
  C:\Windows\System\tNxdcca.exe
  2⤵
  PID:4088
- C:\Windows\System\ZUOrWsN.exe
  C:\Windows\System\ZUOrWsN.exe
  2⤵
  PID:2792
- C:\Windows\System\JfVcvOk.exe
  C:\Windows\System\JfVcvOk.exe
  2⤵
  PID:3128
- C:\Windows\System\ejQGvOI.exe
  C:\Windows\System\ejQGvOI.exe
  2⤵
  PID:3208
- C:\Windows\System\gfWoNrL.exe
  C:\Windows\System\gfWoNrL.exe
  2⤵
  PID:3272
- C:\Windows\System\uhjQndM.exe
  C:\Windows\System\uhjQndM.exe
  2⤵
  PID:3336
- C:\Windows\System\qgTOqTS.exe
  C:\Windows\System\qgTOqTS.exe
  2⤵
  PID:3804
- C:\Windows\System\dODQkDH.exe
  C:\Windows\System\dODQkDH.exe
  2⤵
  PID:3412
- C:\Windows\System\CMMyMKg.exe
  C:\Windows\System\CMMyMKg.exe
  2⤵
  PID:2664
- C:\Windows\System\taNFRQk.exe
  C:\Windows\System\taNFRQk.exe
  2⤵
  PID:3496
- C:\Windows\System\waPwGSc.exe
  C:\Windows\System\waPwGSc.exe
  2⤵
  PID:3556
- C:\Windows\System\oCHCjsq.exe
  C:\Windows\System\oCHCjsq.exe
  2⤵
  PID:3576
- C:\Windows\System\JFOAnXR.exe
  C:\Windows\System\JFOAnXR.exe
  2⤵
  PID:3656
- C:\Windows\System\gVCDgDd.exe
  C:\Windows\System\gVCDgDd.exe
  2⤵
  PID:3752
- C:\Windows\System\DIFacUb.exe
  C:\Windows\System\DIFacUb.exe
  2⤵
  PID:3800
- C:\Windows\System\QCQwINh.exe
  C:\Windows\System\QCQwINh.exe
  2⤵
  PID:2676
- C:\Windows\System\qlKeFmM.exe
  C:\Windows\System\qlKeFmM.exe
  2⤵
  PID:3868
- C:\Windows\System\mSEPmTX.exe
  C:\Windows\System\mSEPmTX.exe
  2⤵
  PID:3980
- C:\Windows\System\TmTRTqk.exe
  C:\Windows\System\TmTRTqk.exe
  2⤵
  PID:3992
- C:\Windows\System\NcixiKv.exe
  C:\Windows\System\NcixiKv.exe
  2⤵
  PID:4024
- C:\Windows\System\rBdFlkn.exe
  C:\Windows\System\rBdFlkn.exe
  2⤵
  PID:3172
- C:\Windows\System\CchkJji.exe
  C:\Windows\System\CchkJji.exe
  2⤵
  PID:3284
- C:\Windows\System\kNkoXQg.exe
  C:\Windows\System\kNkoXQg.exe
  2⤵
  PID:3304
- C:\Windows\System\RXtjCZf.exe
  C:\Windows\System\RXtjCZf.exe
  2⤵
  PID:3396
- C:\Windows\System\PJtPfuD.exe
  C:\Windows\System\PJtPfuD.exe
  2⤵
  PID:3444
- C:\Windows\System\QTmCApR.exe
  C:\Windows\System\QTmCApR.exe
  2⤵
  PID:2876
- C:\Windows\System\RRXckpQ.exe
  C:\Windows\System\RRXckpQ.exe
  2⤵
  PID:2436
- C:\Windows\System\tXDcBZd.exe
  C:\Windows\System\tXDcBZd.exe
  2⤵
  PID:1904
- C:\Windows\System\smXZQgl.exe
  C:\Windows\System\smXZQgl.exe
  2⤵
  PID:3896
- C:\Windows\System\zkbmQlI.exe
  C:\Windows\System\zkbmQlI.exe
  2⤵
  PID:3960
- C:\Windows\System\qUiapLF.exe
  C:\Windows\System\qUiapLF.exe
  2⤵
  PID:2672
- C:\Windows\System\koRkwwy.exe
  C:\Windows\System\koRkwwy.exe
  2⤵
  PID:1052
- C:\Windows\System\Vjttnxf.exe
  C:\Windows\System\Vjttnxf.exe
  2⤵
  PID:3592
- C:\Windows\System\gvEqwwJ.exe
  C:\Windows\System\gvEqwwJ.exe
  2⤵
  PID:3736
- C:\Windows\System\dXWqQEQ.exe
  C:\Windows\System\dXWqQEQ.exe
  2⤵
  PID:3816
- C:\Windows\System\wZdUEmo.exe
  C:\Windows\System\wZdUEmo.exe
  2⤵
  PID:4056
- C:\Windows\System\uJTcIjG.exe
  C:\Windows\System\uJTcIjG.exe
  2⤵
  PID:2864
- C:\Windows\System\VrGuCDP.exe
  C:\Windows\System\VrGuCDP.exe
  2⤵
  PID:3608
- C:\Windows\System\pzqCRWB.exe
  C:\Windows\System\pzqCRWB.exe
  2⤵
  PID:620
- C:\Windows\System\uQpdEZa.exe
  C:\Windows\System\uQpdEZa.exe
  2⤵
  PID:4420
- C:\Windows\System\QUssyhd.exe
  C:\Windows\System\QUssyhd.exe
  2⤵
  PID:4440
- C:\Windows\System\ebjdhsc.exe
  C:\Windows\System\ebjdhsc.exe
  2⤵
  PID:4456
- C:\Windows\System\KhnufPO.exe
  C:\Windows\System\KhnufPO.exe
  2⤵
  PID:4472
- C:\Windows\System\EnlUesE.exe
  C:\Windows\System\EnlUesE.exe
  2⤵
  PID:4488
- C:\Windows\System\SmxVfIx.exe
  C:\Windows\System\SmxVfIx.exe
  2⤵
  PID:4504
- C:\Windows\System\ZVYqOVG.exe
  C:\Windows\System\ZVYqOVG.exe
  2⤵
  PID:4520
- C:\Windows\System\WdKYEuJ.exe
  C:\Windows\System\WdKYEuJ.exe
  2⤵
  PID:4536
- C:\Windows\System\OjJmywZ.exe
  C:\Windows\System\OjJmywZ.exe
  2⤵
  PID:4552
- C:\Windows\System\VgcCmEt.exe
  C:\Windows\System\VgcCmEt.exe
  2⤵
  PID:4568
- C:\Windows\System\dxgCIRZ.exe
  C:\Windows\System\dxgCIRZ.exe
  2⤵
  PID:4584
- C:\Windows\System\HBviIeg.exe
  C:\Windows\System\HBviIeg.exe
  2⤵
  PID:4600
- C:\Windows\System\XzBJfhu.exe
  C:\Windows\System\XzBJfhu.exe
  2⤵
  PID:4616
- C:\Windows\System\WbbPGYI.exe
  C:\Windows\System\WbbPGYI.exe
  2⤵
  PID:4632
- C:\Windows\System\MPCtzxc.exe
  C:\Windows\System\MPCtzxc.exe
  2⤵
  PID:4648
- C:\Windows\System\aEIKleN.exe
  C:\Windows\System\aEIKleN.exe
  2⤵
  PID:4664
- C:\Windows\System\hwBuAox.exe
  C:\Windows\System\hwBuAox.exe
  2⤵
  PID:4680
- C:\Windows\System\tytBFAZ.exe
  C:\Windows\System\tytBFAZ.exe
  2⤵
  PID:4696
- C:\Windows\System\XLcmaaR.exe
  C:\Windows\System\XLcmaaR.exe
  2⤵
  PID:4712
- C:\Windows\System\yvbcEUv.exe
  C:\Windows\System\yvbcEUv.exe
  2⤵
  PID:4728
- C:\Windows\System\WnceAJz.exe
  C:\Windows\System\WnceAJz.exe
  2⤵
  PID:4744
- C:\Windows\System\DhRRzDe.exe
  C:\Windows\System\DhRRzDe.exe
  2⤵
  PID:4760
- C:\Windows\System\iqfSnAv.exe
  C:\Windows\System\iqfSnAv.exe
  2⤵
  PID:4776
- C:\Windows\System\kqXaRYP.exe
  C:\Windows\System\kqXaRYP.exe
  2⤵
  PID:4792
- C:\Windows\System\HtXsDJE.exe
  C:\Windows\System\HtXsDJE.exe
  2⤵
  PID:4808
- C:\Windows\System\yfMNWxz.exe
  C:\Windows\System\yfMNWxz.exe
  2⤵
  PID:4824
- C:\Windows\System\idlMhIt.exe
  C:\Windows\System\idlMhIt.exe
  2⤵
  PID:4840
- C:\Windows\System\GDGnBIV.exe
  C:\Windows\System\GDGnBIV.exe
  2⤵
  PID:4856
- C:\Windows\System\ZiHvCRM.exe
  C:\Windows\System\ZiHvCRM.exe
  2⤵
  PID:4872
- C:\Windows\System\LDlawxH.exe
  C:\Windows\System\LDlawxH.exe
  2⤵
  PID:4888
- C:\Windows\System\lWnhYTD.exe
  C:\Windows\System\lWnhYTD.exe
  2⤵
  PID:4928
- C:\Windows\System\gIDPrEo.exe
  C:\Windows\System\gIDPrEo.exe
  2⤵
  PID:4948
- C:\Windows\System\vCZoOLl.exe
  C:\Windows\System\vCZoOLl.exe
  2⤵
  PID:4112
- C:\Windows\System\GlXWIGf.exe
  C:\Windows\System\GlXWIGf.exe
  2⤵
  PID:4132
- C:\Windows\System\GpmnOED.exe
  C:\Windows\System\GpmnOED.exe
  2⤵
  PID:4148
- C:\Windows\System\RXANwrL.exe
  C:\Windows\System\RXANwrL.exe
  2⤵
  PID:4196
- C:\Windows\System\fDWbvSP.exe
  C:\Windows\System\fDWbvSP.exe
  2⤵
  PID:4212
- C:\Windows\System\DDCbCGT.exe
  C:\Windows\System\DDCbCGT.exe
  2⤵
  PID:4232
- C:\Windows\System\IYwKyEj.exe
  C:\Windows\System\IYwKyEj.exe
  2⤵
  PID:4248
- C:\Windows\System\HVfTjQw.exe
  C:\Windows\System\HVfTjQw.exe
  2⤵
  PID:4264
- C:\Windows\System\wkMhzFz.exe
  C:\Windows\System\wkMhzFz.exe
  2⤵
  PID:4280
- C:\Windows\System\IgNwmKb.exe
  C:\Windows\System\IgNwmKb.exe
  2⤵
  PID:4296
- C:\Windows\System\StnyGdV.exe
  C:\Windows\System\StnyGdV.exe
  2⤵
  PID:4312
- C:\Windows\System\NpUMejE.exe
  C:\Windows\System\NpUMejE.exe
  2⤵
  PID:4328
- C:\Windows\System\veIDsFD.exe
  C:\Windows\System\veIDsFD.exe
  2⤵
  PID:4344
- C:\Windows\System\wEvRDHK.exe
  C:\Windows\System\wEvRDHK.exe
  2⤵
  PID:4360
- C:\Windows\System\kxqSoxY.exe
  C:\Windows\System\kxqSoxY.exe
  2⤵
  PID:4380
- C:\Windows\System\jhUnASQ.exe
  C:\Windows\System\jhUnASQ.exe
  2⤵
  PID:4396
- C:\Windows\System\zvEVuKS.exe
  C:\Windows\System\zvEVuKS.exe
  2⤵
  PID:4412
- C:\Windows\System\TDmdpfm.exe
  C:\Windows\System\TDmdpfm.exe
  2⤵
  PID:4448
- C:\Windows\System\yHrNGiW.exe
  C:\Windows\System\yHrNGiW.exe
  2⤵
  PID:4464
- C:\Windows\System\sSmiTzD.exe
  C:\Windows\System\sSmiTzD.exe
  2⤵
  PID:4512
- C:\Windows\System\JnePAsg.exe
  C:\Windows\System\JnePAsg.exe
  2⤵
  PID:4532
- C:\Windows\System\OLVQPjM.exe
  C:\Windows\System\OLVQPjM.exe
  2⤵
  PID:4580
- C:\Windows\System\VuBOeOI.exe
  C:\Windows\System\VuBOeOI.exe
  2⤵
  PID:4612
- C:\Windows\System\ZuBlcAt.exe
  C:\Windows\System\ZuBlcAt.exe
  2⤵
  PID:4708
- C:\Windows\System\kwZDuCp.exe
  C:\Windows\System\kwZDuCp.exe
  2⤵
  PID:4800
- C:\Windows\System\KywBRUC.exe
  C:\Windows\System\KywBRUC.exe
  2⤵
  PID:4624
- C:\Windows\System\AdqSLSd.exe
  C:\Windows\System\AdqSLSd.exe
  2⤵
  PID:4692
- C:\Windows\System\sSNrCTY.exe
  C:\Windows\System\sSNrCTY.exe
  2⤵
  PID:4788
- C:\Windows\System\xpeFfOw.exe
  C:\Windows\System\xpeFfOw.exe
  2⤵
  PID:4864
- C:\Windows\System\jWjzAJQ.exe
  C:\Windows\System\jWjzAJQ.exe
  2⤵
  PID:4880
- C:\Windows\System\ESiSErX.exe
  C:\Windows\System\ESiSErX.exe
  2⤵
  PID:4912
- C:\Windows\System\ktjQjSN.exe
  C:\Windows\System\ktjQjSN.exe
  2⤵
  PID:4936
- C:\Windows\System\CvVodAb.exe
  C:\Windows\System\CvVodAb.exe
  2⤵
  PID:4956
- C:\Windows\System\GVJLtAG.exe
  C:\Windows\System\GVJLtAG.exe
  2⤵
  PID:2476
- C:\Windows\System\bJOTEbl.exe
  C:\Windows\System\bJOTEbl.exe
  2⤵
  PID:4984
- C:\Windows\System\yABDxPK.exe
  C:\Windows\System\yABDxPK.exe
  2⤵
  PID:5000
- C:\Windows\System\nOhyTZr.exe
  C:\Windows\System\nOhyTZr.exe
  2⤵
  PID:5016
- C:\Windows\System\CAUDexD.exe
  C:\Windows\System\CAUDexD.exe
  2⤵
  PID:5032
- C:\Windows\System\mzAUiID.exe
  C:\Windows\System\mzAUiID.exe
  2⤵
  PID:5048
- C:\Windows\System\SWfnNfR.exe
  C:\Windows\System\SWfnNfR.exe
  2⤵
  PID:5064
- C:\Windows\System\RORSKPJ.exe
  C:\Windows\System\RORSKPJ.exe
  2⤵
  PID:5080
- C:\Windows\System\ndTUodN.exe
  C:\Windows\System\ndTUodN.exe
  2⤵
  PID:5100
- C:\Windows\System\bkWdIcX.exe
  C:\Windows\System\bkWdIcX.exe
  2⤵
  PID:5116
- C:\Windows\System\HXCDqYT.exe
  C:\Windows\System\HXCDqYT.exe
  2⤵
  PID:3880
- C:\Windows\System\EFqRhFH.exe
  C:\Windows\System\EFqRhFH.exe
  2⤵
  PID:4104
- C:\Windows\System\HgOvqqY.exe
  C:\Windows\System\HgOvqqY.exe
  2⤵
  PID:1516
- C:\Windows\System\ZVTSKVn.exe
  C:\Windows\System\ZVTSKVn.exe
  2⤵
  PID:4156
- C:\Windows\System\GbxOfnq.exe
  C:\Windows\System\GbxOfnq.exe
  2⤵
  PID:4172
- C:\Windows\System\pMvCHxn.exe
  C:\Windows\System\pMvCHxn.exe
  2⤵
  PID:4188
- C:\Windows\System\nUQRWxf.exe
  C:\Windows\System\nUQRWxf.exe
  2⤵
  PID:4208
- C:\Windows\System\txRqtKg.exe
  C:\Windows\System\txRqtKg.exe
  2⤵
  PID:4240
- C:\Windows\System\tRqpkYz.exe
  C:\Windows\System\tRqpkYz.exe
  2⤵
  PID:268
- C:\Windows\System\ftjaVfA.exe
  C:\Windows\System\ftjaVfA.exe
  2⤵
  PID:4292
- C:\Windows\System\EujjJXC.exe
  C:\Windows\System\EujjJXC.exe
  2⤵
  PID:4340
- C:\Windows\System\cjXEsiq.exe
  C:\Windows\System\cjXEsiq.exe
  2⤵
  PID:4356
- C:\Windows\System\twcAgXC.exe
  C:\Windows\System\twcAgXC.exe
  2⤵
  PID:4388
- C:\Windows\System\DijayGB.exe
  C:\Windows\System\DijayGB.exe
  2⤵
  PID:2796
- C:\Windows\System\bTkMRuX.exe
  C:\Windows\System\bTkMRuX.exe
  2⤵
  PID:4468
- C:\Windows\System\dkZjXup.exe
  C:\Windows\System\dkZjXup.exe
  2⤵
  PID:4528
- C:\Windows\System\WWouxsA.exe
  C:\Windows\System\WWouxsA.exe
  2⤵
  PID:4576
- C:\Windows\System\AxguRuj.exe
  C:\Windows\System\AxguRuj.exe
  2⤵
  PID:4768
- C:\Windows\System\gLeiWzk.exe
  C:\Windows\System\gLeiWzk.exe
  2⤵
  PID:4592
- C:\Windows\System\DyfZKlP.exe
  C:\Windows\System\DyfZKlP.exe
  2⤵
  PID:4816
- C:\Windows\System\IleSXAu.exe
  C:\Windows\System\IleSXAu.exe
  2⤵
  PID:4820
- C:\Windows\System\owSgJWB.exe
  C:\Windows\System\owSgJWB.exe
  2⤵
  PID:4896
- C:\Windows\System\KyXiNCP.exe
  C:\Windows\System\KyXiNCP.exe
  2⤵
  PID:4976
- C:\Windows\System\PxeCLfL.exe
  C:\Windows\System\PxeCLfL.exe
  2⤵
  PID:5076
- C:\Windows\System\dzCxyqU.exe
  C:\Windows\System\dzCxyqU.exe
  2⤵
  PID:4852
- C:\Windows\System\zwzqijE.exe
  C:\Windows\System\zwzqijE.exe
  2⤵
  PID:4968
- C:\Windows\System\SNMAdEG.exe
  C:\Windows\System\SNMAdEG.exe
  2⤵
  PID:5024
- C:\Windows\System\mSidsfb.exe
  C:\Windows\System\mSidsfb.exe
  2⤵
  PID:2332
- C:\Windows\System\dTfNAHB.exe
  C:\Windows\System\dTfNAHB.exe
  2⤵
  PID:5108
- C:\Windows\System\PxJETqj.exe
  C:\Windows\System\PxJETqj.exe
  2⤵
  PID:4228
- C:\Windows\System\KKrugNg.exe
  C:\Windows\System\KKrugNg.exe
  2⤵
  PID:4272
- C:\Windows\System\SsoAptE.exe
  C:\Windows\System\SsoAptE.exe
  2⤵
  PID:4304
- C:\Windows\System\jiFHuOR.exe
  C:\Windows\System\jiFHuOR.exe
  2⤵
  PID:4324
- C:\Windows\System\TpHmOeo.exe
  C:\Windows\System\TpHmOeo.exe
  2⤵
  PID:4392
- C:\Windows\System\rUsqYpY.exe
  C:\Windows\System\rUsqYpY.exe
  2⤵
  PID:4496
- C:\Windows\System\JwAPEId.exe
  C:\Windows\System\JwAPEId.exe
  2⤵
  PID:4688
- C:\Windows\System\sSqbXKU.exe
  C:\Windows\System\sSqbXKU.exe
  2⤵
  PID:4884
- C:\Windows\System\sWkvoLm.exe
  C:\Windows\System\sWkvoLm.exe
  2⤵
  PID:4596
- C:\Windows\System\mwICcQz.exe
  C:\Windows\System\mwICcQz.exe
  2⤵
  PID:5040
- C:\Windows\System\ZDGuDBQ.exe
  C:\Windows\System\ZDGuDBQ.exe
  2⤵
  PID:5044
- C:\Windows\System\ixNXXSj.exe
  C:\Windows\System\ixNXXSj.exe
  2⤵
  PID:4964
- C:\Windows\System\HRCXrVb.exe
  C:\Windows\System\HRCXrVb.exe
  2⤵
  PID:4128
- C:\Windows\System\xgWpttQ.exe
  C:\Windows\System\xgWpttQ.exe
  2⤵
  PID:4224
- C:\Windows\System\VmrNcLC.exe
  C:\Windows\System\VmrNcLC.exe
  2⤵
  PID:4204
- C:\Windows\System\NEtWKIU.exe
  C:\Windows\System\NEtWKIU.exe
  2⤵
  PID:4848
- C:\Windows\System\QHAaCeT.exe
  C:\Windows\System\QHAaCeT.exe
  2⤵
  PID:4704
- C:\Windows\System\KTokhsG.exe
  C:\Windows\System\KTokhsG.exe
  2⤵
  PID:4100
- C:\Windows\System\dIGgpak.exe
  C:\Windows\System\dIGgpak.exe
  2⤵
  PID:4904
- C:\Windows\System\dzlYwiu.exe
  C:\Windows\System\dzlYwiu.exe
  2⤵
  PID:5096
- C:\Windows\System\bIKatsf.exe
  C:\Windows\System\bIKatsf.exe
  2⤵
  PID:4752
- C:\Windows\System\MwlPweu.exe
  C:\Windows\System\MwlPweu.exe
  2⤵
  PID:4772
- C:\Windows\System\BTCCPEt.exe
  C:\Windows\System\BTCCPEt.exe
  2⤵
  PID:4184
- C:\Windows\System\QMLktdt.exe
  C:\Windows\System\QMLktdt.exe
  2⤵
  PID:2856
- C:\Windows\System\dQdhPUD.exe
  C:\Windows\System\dQdhPUD.exe
  2⤵
  PID:4260
- C:\Windows\System\DArQIRy.exe
  C:\Windows\System\DArQIRy.exe
  2⤵
  PID:5072
- C:\Windows\System\eXWEThr.exe
  C:\Windows\System\eXWEThr.exe
  2⤵
  PID:4124
- C:\Windows\System\lsPvwMI.exe
  C:\Windows\System\lsPvwMI.exe
  2⤵
  PID:5088
- C:\Windows\System\URjqbxq.exe
  C:\Windows\System\URjqbxq.exe
  2⤵
  PID:4352
- C:\Windows\System\LqFKkQi.exe
  C:\Windows\System\LqFKkQi.exe
  2⤵
  PID:5124
- C:\Windows\System\ycdYrzG.exe
  C:\Windows\System\ycdYrzG.exe
  2⤵
  PID:5140
- C:\Windows\System\agfMGLa.exe
  C:\Windows\System\agfMGLa.exe
  2⤵
  PID:5156
- C:\Windows\System\EhuhqTC.exe
  C:\Windows\System\EhuhqTC.exe
  2⤵
  PID:5172
- C:\Windows\System\QsquiLn.exe
  C:\Windows\System\QsquiLn.exe
  2⤵
  PID:5188
- C:\Windows\System\fMCtqCe.exe
  C:\Windows\System\fMCtqCe.exe
  2⤵
  PID:5204
- C:\Windows\System\CMZLcrv.exe
  C:\Windows\System\CMZLcrv.exe
  2⤵
  PID:5220
- C:\Windows\System\asskOXQ.exe
  C:\Windows\System\asskOXQ.exe
  2⤵
  PID:5236
- C:\Windows\System\uvwVJkF.exe
  C:\Windows\System\uvwVJkF.exe
  2⤵
  PID:5252
- C:\Windows\System\CCVjmCp.exe
  C:\Windows\System\CCVjmCp.exe
  2⤵
  PID:5268
- C:\Windows\System\gGkToDg.exe
  C:\Windows\System\gGkToDg.exe
  2⤵
  PID:5284
- C:\Windows\System\nJdKbKr.exe
  C:\Windows\System\nJdKbKr.exe
  2⤵
  PID:5304
- C:\Windows\System\EowtUCD.exe
  C:\Windows\System\EowtUCD.exe
  2⤵
  PID:5384
- C:\Windows\System\ZEtfHUw.exe
  C:\Windows\System\ZEtfHUw.exe
  2⤵
  PID:5420
- C:\Windows\System\zylHoFg.exe
  C:\Windows\System\zylHoFg.exe
  2⤵
  PID:5436
- C:\Windows\System\xNtTZId.exe
  C:\Windows\System\xNtTZId.exe
  2⤵
  PID:5464
- C:\Windows\System\WginKyy.exe
  C:\Windows\System\WginKyy.exe
  2⤵
  PID:5488
- C:\Windows\System\uXvkJow.exe
  C:\Windows\System\uXvkJow.exe
  2⤵
  PID:5512
- C:\Windows\System\EfwrKJi.exe
  C:\Windows\System\EfwrKJi.exe
  2⤵
  PID:5528
- C:\Windows\System\ieCduYE.exe
  C:\Windows\System\ieCduYE.exe
  2⤵
  PID:5544
- C:\Windows\System\fGsHBRd.exe
  C:\Windows\System\fGsHBRd.exe
  2⤵
  PID:5560
- C:\Windows\System\sikcdAM.exe
  C:\Windows\System\sikcdAM.exe
  2⤵
  PID:5576
- C:\Windows\System\FHFJaDJ.exe
  C:\Windows\System\FHFJaDJ.exe
  2⤵
  PID:5592
- C:\Windows\System\wOfWXSD.exe
  C:\Windows\System\wOfWXSD.exe
  2⤵
  PID:5608
- C:\Windows\System\OXVPvPQ.exe
  C:\Windows\System\OXVPvPQ.exe
  2⤵
  PID:5624
- C:\Windows\System\wAUNqEK.exe
  C:\Windows\System\wAUNqEK.exe
  2⤵
  PID:5640
- C:\Windows\System\IiCyFOM.exe
  C:\Windows\System\IiCyFOM.exe
  2⤵
  PID:5720
- C:\Windows\System\QoooGDU.exe
  C:\Windows\System\QoooGDU.exe
  2⤵
  PID:5740
- C:\Windows\System\MZeBDSq.exe
  C:\Windows\System\MZeBDSq.exe
  2⤵
  PID:5756
- C:\Windows\System\yCXXfAC.exe
  C:\Windows\System\yCXXfAC.exe
  2⤵
  PID:5772
- C:\Windows\System\rVcuyJP.exe
  C:\Windows\System\rVcuyJP.exe
  2⤵
  PID:5788
- C:\Windows\System\FFOCkXB.exe
  C:\Windows\System\FFOCkXB.exe
  2⤵
  PID:5804
- C:\Windows\System\CsImbBM.exe
  C:\Windows\System\CsImbBM.exe
  2⤵
  PID:5820
- C:\Windows\System\sSQcLSl.exe
  C:\Windows\System\sSQcLSl.exe
  2⤵
  PID:5836
- C:\Windows\System\sVxNcsZ.exe
  C:\Windows\System\sVxNcsZ.exe
  2⤵
  PID:5852
- C:\Windows\System\RJVkAAq.exe
  C:\Windows\System\RJVkAAq.exe
  2⤵
  PID:5868
- C:\Windows\System\KjiwPqD.exe
  C:\Windows\System\KjiwPqD.exe
  2⤵
  PID:5892
- C:\Windows\System\AwYLLQW.exe
  C:\Windows\System\AwYLLQW.exe
  2⤵
  PID:5916
- C:\Windows\System\sFSRXgR.exe
  C:\Windows\System\sFSRXgR.exe
  2⤵
  PID:5944
- C:\Windows\System\fMEfSpN.exe
  C:\Windows\System\fMEfSpN.exe
  2⤵
  PID:5964
- C:\Windows\System\ilyspej.exe
  C:\Windows\System\ilyspej.exe
  2⤵
  PID:5980
- C:\Windows\System\xypsxXH.exe
  C:\Windows\System\xypsxXH.exe
  2⤵
  PID:5996
- C:\Windows\System\qnaJqlQ.exe
  C:\Windows\System\qnaJqlQ.exe
  2⤵
  PID:6016
- C:\Windows\System\kTIJaQl.exe
  C:\Windows\System\kTIJaQl.exe
  2⤵
  PID:6032
- C:\Windows\System\YstMkpi.exe
  C:\Windows\System\YstMkpi.exe
  2⤵
  PID:6048
- C:\Windows\System\FEPRrnV.exe
  C:\Windows\System\FEPRrnV.exe
  2⤵
  PID:6064
- C:\Windows\System\ofosYdO.exe
  C:\Windows\System\ofosYdO.exe
  2⤵
  PID:6080
- C:\Windows\System\OOkNZlW.exe
  C:\Windows\System\OOkNZlW.exe
  2⤵
  PID:6100
- C:\Windows\System\FisApJg.exe
  C:\Windows\System\FisApJg.exe
  2⤵
  PID:6116
- C:\Windows\System\lJqPcuL.exe
  C:\Windows\System\lJqPcuL.exe
  2⤵
  PID:6140
- C:\Windows\System\mwcgjLI.exe
  C:\Windows\System\mwcgjLI.exe
  2⤵
  PID:5164
- C:\Windows\System\bIowGRP.exe
  C:\Windows\System\bIowGRP.exe
  2⤵
  PID:5228
- C:\Windows\System\mEIqlFt.exe
  C:\Windows\System\mEIqlFt.exe
  2⤵
  PID:5292
- C:\Windows\System\rvQzGMA.exe
  C:\Windows\System\rvQzGMA.exe
  2⤵
  PID:1564
- C:\Windows\System\GcYZHjq.exe
  C:\Windows\System\GcYZHjq.exe
  2⤵
  PID:5244
- C:\Windows\System\OdMyaaH.exe
  C:\Windows\System\OdMyaaH.exe
  2⤵
  PID:4452
- C:\Windows\System\rjZBuxZ.exe
  C:\Windows\System\rjZBuxZ.exe
  2⤵
  PID:5212
- C:\Windows\System\mzfafFt.exe
  C:\Windows\System\mzfafFt.exe
  2⤵
  PID:5148
- C:\Windows\System\hcspZSF.exe
  C:\Windows\System\hcspZSF.exe
  2⤵
  PID:5320
- C:\Windows\System\ToZLKlY.exe
  C:\Windows\System\ToZLKlY.exe
  2⤵
  PID:5336
- C:\Windows\System\LWhqNSc.exe
  C:\Windows\System\LWhqNSc.exe
  2⤵
  PID:5352
- C:\Windows\System\JKhehaI.exe
  C:\Windows\System\JKhehaI.exe
  2⤵
  PID:5364
- C:\Windows\System\roGwolQ.exe
  C:\Windows\System\roGwolQ.exe
  2⤵
  PID:5376
- C:\Windows\System\mtbvjEl.exe
  C:\Windows\System\mtbvjEl.exe
  2⤵
  PID:5396
- C:\Windows\System\uuMnWOl.exe
  C:\Windows\System\uuMnWOl.exe
  2⤵
  PID:5412
- C:\Windows\System\JMFJhGn.exe
  C:\Windows\System\JMFJhGn.exe
  2⤵
  PID:5428
- C:\Windows\System\HqErONj.exe
  C:\Windows\System\HqErONj.exe
  2⤵
  PID:5460
- C:\Windows\System\xmLgIPS.exe
  C:\Windows\System\xmLgIPS.exe
  2⤵
  PID:5504
- C:\Windows\System\MGxYWKn.exe
  C:\Windows\System\MGxYWKn.exe
  2⤵
  PID:5540
- C:\Windows\System\rQtTsKJ.exe
  C:\Windows\System\rQtTsKJ.exe
  2⤵
  PID:5600
- C:\Windows\System\RjJIISG.exe
  C:\Windows\System\RjJIISG.exe
  2⤵
  PID:5616
- C:\Windows\System\CIRXKYk.exe
  C:\Windows\System\CIRXKYk.exe
  2⤵
  PID:5520
- C:\Windows\System\KmLkvEx.exe
  C:\Windows\System\KmLkvEx.exe
  2⤵
  PID:4676
- C:\Windows\System\NVuIzjg.exe
  C:\Windows\System\NVuIzjg.exe
  2⤵
  PID:5652
- C:\Windows\System\iaVCcZr.exe
  C:\Windows\System\iaVCcZr.exe
  2⤵
  PID:5668
- C:\Windows\System\NCXmtER.exe
  C:\Windows\System\NCXmtER.exe
  2⤵
  PID:5680
- C:\Windows\System\zDUYLtF.exe
  C:\Windows\System\zDUYLtF.exe
  2⤵
  PID:5700
- C:\Windows\System\uXPrJyv.exe
  C:\Windows\System\uXPrJyv.exe
  2⤵
  PID:5712
- C:\Windows\System\YBUYWOQ.exe
  C:\Windows\System\YBUYWOQ.exe
  2⤵
  PID:5728
- C:\Windows\System\URFedEq.exe
  C:\Windows\System\URFedEq.exe
  2⤵
  PID:5796
- C:\Windows\System\guMAeDq.exe
  C:\Windows\System\guMAeDq.exe
  2⤵
  PID:5860
- C:\Windows\System\vWfNLGH.exe
  C:\Windows\System\vWfNLGH.exe
  2⤵
  PID:5912
- C:\Windows\System\vKudWFK.exe
  C:\Windows\System\vKudWFK.exe
  2⤵
  PID:5816
- C:\Windows\System\hwqbDmt.exe
  C:\Windows\System\hwqbDmt.exe
  2⤵
  PID:5936
- C:\Windows\System\SEAJusQ.exe
  C:\Windows\System\SEAJusQ.exe
  2⤵
  PID:5928
- C:\Windows\System\FKtmZjw.exe
  C:\Windows\System\FKtmZjw.exe
  2⤵
  PID:5960
- C:\Windows\System\vuCXQII.exe
  C:\Windows\System\vuCXQII.exe
  2⤵
  PID:5972
- C:\Windows\System\KigEMsX.exe
  C:\Windows\System\KigEMsX.exe
  2⤵
  PID:6024
- C:\Windows\System\ZEOyjpZ.exe
  C:\Windows\System\ZEOyjpZ.exe
  2⤵
  PID:2660
- C:\Windows\System\wNMhfDz.exe
  C:\Windows\System\wNMhfDz.exe
  2⤵
  PID:6092
- C:\Windows\System\WkFlfaG.exe
  C:\Windows\System\WkFlfaG.exe
  2⤵
  PID:6132
- C:\Windows\System\EzOvbgE.exe
  C:\Windows\System\EzOvbgE.exe
  2⤵
  PID:6044
- C:\Windows\System\qamBKfT.exe
  C:\Windows\System\qamBKfT.exe
  2⤵
  PID:1552
- C:\Windows\System\yrXynUW.exe
  C:\Windows\System\yrXynUW.exe
  2⤵
  PID:5200
- C:\Windows\System\JCLhTFY.exe
  C:\Windows\System\JCLhTFY.exe
  2⤵
  PID:5300
- C:\Windows\System\vzfZhBa.exe
  C:\Windows\System\vzfZhBa.exe
  2⤵
  PID:4168
- C:\Windows\System\XTHmEUb.exe
  C:\Windows\System\XTHmEUb.exe
  2⤵
  PID:1784
- C:\Windows\System\BRbOMut.exe
  C:\Windows\System\BRbOMut.exe
  2⤵
  PID:5328
- C:\Windows\System\UbyXQoG.exe
  C:\Windows\System\UbyXQoG.exe
  2⤵
  PID:5380
- C:\Windows\System\CPeXXiW.exe
  C:\Windows\System\CPeXXiW.exe
  2⤵
  PID:5444
- C:\Windows\System\eWBFEXM.exe
  C:\Windows\System\eWBFEXM.exe
  2⤵
  PID:2840
- C:\Windows\System\LtlkBRN.exe
  C:\Windows\System\LtlkBRN.exe
  2⤵
  PID:5348
- C:\Windows\System\oQsDqgD.exe
  C:\Windows\System\oQsDqgD.exe
  2⤵
  PID:5456
- C:\Windows\System\NwsFujm.exe
  C:\Windows\System\NwsFujm.exe
  2⤵
  PID:5568
- C:\Windows\System\uazdJRx.exe
  C:\Windows\System\uazdJRx.exe
  2⤵
  PID:5648
- C:\Windows\System\cfrIOSg.exe
  C:\Windows\System\cfrIOSg.exe
  2⤵
  PID:5536
- C:\Windows\System\gdUNDCo.exe
  C:\Windows\System\gdUNDCo.exe
  2⤵
  PID:5664
- C:\Windows\System\zjcWuWq.exe
  C:\Windows\System\zjcWuWq.exe
  2⤵
  PID:3096
- C:\Windows\System\mWXpSck.exe
  C:\Windows\System\mWXpSck.exe
  2⤵
  PID:5764
- C:\Windows\System\jViZOIL.exe
  C:\Windows\System\jViZOIL.exe
  2⤵
  PID:5768
- C:\Windows\System\hPPhahL.exe
  C:\Windows\System\hPPhahL.exe
  2⤵
  PID:5904
- C:\Windows\System\JchxWcZ.exe
  C:\Windows\System\JchxWcZ.exe
  2⤵
  PID:5924
- C:\Windows\System\XxtsBkX.exe
  C:\Windows\System\XxtsBkX.exe
  2⤵
  PID:2892
- C:\Windows\System\nLghJpd.exe
  C:\Windows\System\nLghJpd.exe
  2⤵
  PID:5880
- C:\Windows\System\svJwflc.exe
  C:\Windows\System\svJwflc.exe
  2⤵
  PID:5992
- C:\Windows\System\JckKQuR.exe
  C:\Windows\System\JckKQuR.exe
  2⤵
  PID:1380
- C:\Windows\System\oKYEvuW.exe
  C:\Windows\System\oKYEvuW.exe
  2⤵
  PID:2988
- C:\Windows\System\KLYpqJE.exe
  C:\Windows\System\KLYpqJE.exe
  2⤵
  PID:5152
- C:\Windows\System\qLcoYrg.exe
  C:\Windows\System\qLcoYrg.exe
  2⤵
  PID:5316
- C:\Windows\System\eewnnZb.exe
  C:\Windows\System\eewnnZb.exe
  2⤵
  PID:2076
- C:\Windows\System\OWjxcPg.exe
  C:\Windows\System\OWjxcPg.exe
  2⤵
  PID:5372
- C:\Windows\System\GxAmALX.exe
  C:\Windows\System\GxAmALX.exe
  2⤵
  PID:1416
- C:\Windows\System\TkIQAap.exe
  C:\Windows\System\TkIQAap.exe
  2⤵
  PID:5884
- C:\Windows\System\YylAuuQ.exe
  C:\Windows\System\YylAuuQ.exe
  2⤵
  PID:2376
- C:\Windows\System\mLWrOLQ.exe
  C:\Windows\System\mLWrOLQ.exe
  2⤵
  PID:5636
- C:\Windows\System\GuxZZJy.exe
  C:\Windows\System\GuxZZJy.exe
  2⤵
  PID:5832
- C:\Windows\System\hKgbSnq.exe
  C:\Windows\System\hKgbSnq.exe
  2⤵
  PID:6088
- C:\Windows\System\ZVpiCxh.exe
  C:\Windows\System\ZVpiCxh.exe
  2⤵
  PID:5136
- C:\Windows\System\RNZqzXE.exe
  C:\Windows\System\RNZqzXE.exe
  2⤵
  PID:6072
- C:\Windows\System\IWJVUKm.exe
  C:\Windows\System\IWJVUKm.exe
  2⤵
  PID:5448
- C:\Windows\System\iBDIhHM.exe
  C:\Windows\System\iBDIhHM.exe
  2⤵
  PID:5732
- C:\Windows\System\OlInTbf.exe
  C:\Windows\System\OlInTbf.exe
  2⤵
  PID:6128
- C:\Windows\System\oLARzhq.exe
  C:\Windows\System\oLARzhq.exe
  2⤵
  PID:5472
- C:\Windows\System\BtRypVQ.exe
  C:\Windows\System\BtRypVQ.exe
  2⤵
  PID:3004
- C:\Windows\System\SockZar.exe
  C:\Windows\System\SockZar.exe
  2⤵
  PID:2160
- C:\Windows\System\WUvJmbC.exe
  C:\Windows\System\WUvJmbC.exe
  2⤵
  PID:2352
- C:\Windows\System\ftxFRiK.exe
  C:\Windows\System\ftxFRiK.exe
  2⤵
  PID:5508
- C:\Windows\System\kHIUGdW.exe
  C:\Windows\System\kHIUGdW.exe
  2⤵
  PID:5632
- C:\Windows\System\xmQuXRh.exe
  C:\Windows\System\xmQuXRh.exe
  2⤵
  PID:5264
- C:\Windows\System\SlxNnnR.exe
  C:\Windows\System\SlxNnnR.exe
  2⤵
  PID:5524
- C:\Windows\System\GAwTynW.exe
  C:\Windows\System\GAwTynW.exe
  2⤵
  PID:5360
- C:\Windows\System\sjjsppD.exe
  C:\Windows\System\sjjsppD.exe
  2⤵
  PID:6160
- C:\Windows\System\VyYAxNu.exe
  C:\Windows\System\VyYAxNu.exe
  2⤵
  PID:6176
- C:\Windows\System\pZCKLiH.exe
  C:\Windows\System\pZCKLiH.exe
  2⤵
  PID:6192
- C:\Windows\System\klMHiQh.exe
  C:\Windows\System\klMHiQh.exe
  2⤵
  PID:6216
- C:\Windows\System\oPAtKCd.exe
  C:\Windows\System\oPAtKCd.exe
  2⤵
  PID:6244
- C:\Windows\System\QPRDiHK.exe
  C:\Windows\System\QPRDiHK.exe
  2⤵
  PID:6260
- C:\Windows\System\imylNpY.exe
  C:\Windows\System\imylNpY.exe
  2⤵
  PID:6300
- C:\Windows\System\YIojIDC.exe
  C:\Windows\System\YIojIDC.exe
  2⤵
  PID:6336
- C:\Windows\System\rqpOpyw.exe
  C:\Windows\System\rqpOpyw.exe
  2⤵
  PID:6352
- C:\Windows\System\dxEtfZC.exe
  C:\Windows\System\dxEtfZC.exe
  2⤵
  PID:6368
- C:\Windows\System\RsvwAhn.exe
  C:\Windows\System\RsvwAhn.exe
  2⤵
  PID:6384
- C:\Windows\System\aaROqDO.exe
  C:\Windows\System\aaROqDO.exe
  2⤵
  PID:6408
- C:\Windows\System\fFBwMLm.exe
  C:\Windows\System\fFBwMLm.exe
  2⤵
  PID:6424
- C:\Windows\System\srukEap.exe
  C:\Windows\System\srukEap.exe
  2⤵
  PID:6444
- C:\Windows\System\qFdqeNn.exe
  C:\Windows\System\qFdqeNn.exe
  2⤵
  PID:6460
- C:\Windows\System\zWCzqRy.exe
  C:\Windows\System\zWCzqRy.exe
  2⤵
  PID:6476
- C:\Windows\System\kBojNbp.exe
  C:\Windows\System\kBojNbp.exe
  2⤵
  PID:6492
- C:\Windows\System\SNdJlNb.exe
  C:\Windows\System\SNdJlNb.exe
  2⤵
  PID:6512
- C:\Windows\System\LmKEluQ.exe
  C:\Windows\System\LmKEluQ.exe
  2⤵
  PID:6528
- C:\Windows\System\BHTjNGO.exe
  C:\Windows\System\BHTjNGO.exe
  2⤵
  PID:6544
- C:\Windows\System\VTdEieX.exe
  C:\Windows\System\VTdEieX.exe
  2⤵
  PID:6564
- C:\Windows\System\dnsiryI.exe
  C:\Windows\System\dnsiryI.exe
  2⤵
  PID:6580
- C:\Windows\System\WkXdyNV.exe
  C:\Windows\System\WkXdyNV.exe
  2⤵
  PID:6600
- C:\Windows\System\VMlOFtA.exe
  C:\Windows\System\VMlOFtA.exe
  2⤵
  PID:6616
- C:\Windows\System\vSVmheE.exe
  C:\Windows\System\vSVmheE.exe
  2⤵
  PID:6640
- C:\Windows\System\ThFNxov.exe
  C:\Windows\System\ThFNxov.exe
  2⤵
  PID:6656
- C:\Windows\System\UxiGdMT.exe
  C:\Windows\System\UxiGdMT.exe
  2⤵
  PID:6672
- C:\Windows\System\wcGLwrY.exe
  C:\Windows\System\wcGLwrY.exe
  2⤵
  PID:6692
- C:\Windows\System\OSVIiGm.exe
  C:\Windows\System\OSVIiGm.exe
  2⤵
  PID:6708
- C:\Windows\System\gElewad.exe
  C:\Windows\System\gElewad.exe
  2⤵
  PID:6724
- C:\Windows\System\NFMLTJC.exe
  C:\Windows\System\NFMLTJC.exe
  2⤵
  PID:6748
- C:\Windows\System\intSwrb.exe
  C:\Windows\System\intSwrb.exe
  2⤵
  PID:6204
- C:\Windows\System\lXXDMPB.exe
  C:\Windows\System\lXXDMPB.exe
  2⤵
  PID:6212
- C:\Windows\System\EOyZFRW.exe
  C:\Windows\System\EOyZFRW.exe
  2⤵
  PID:6320
- C:\Windows\System\iHIWWlh.exe
  C:\Windows\System\iHIWWlh.exe
  2⤵
  PID:2516
- C:\Windows\System\dsAeoWP.exe
  C:\Windows\System\dsAeoWP.exe
  2⤵
  PID:6332
- C:\Windows\System\VbjbHAC.exe
  C:\Windows\System\VbjbHAC.exe
  2⤵
  PID:6400
- C:\Windows\System\cwwGDRk.exe
  C:\Windows\System\cwwGDRk.exe
  2⤵
  PID:6376
- C:\Windows\System\CusUzvC.exe
  C:\Windows\System\CusUzvC.exe
  2⤵
  PID:6452
- C:\Windows\System\mwkWKUN.exe
  C:\Windows\System\mwkWKUN.exe
  2⤵
  PID:6488
- C:\Windows\System\KTmrBVQ.exe
  C:\Windows\System\KTmrBVQ.exe
  2⤵
  PID:6552
- C:\Windows\System\dwzwKxd.exe
  C:\Windows\System\dwzwKxd.exe
  2⤵
  PID:6536
- C:\Windows\System\PIvBzsr.exe
  C:\Windows\System\PIvBzsr.exe
  2⤵
  PID:6440
- C:\Windows\System\nmMOEki.exe
  C:\Windows\System\nmMOEki.exe
  2⤵
  PID:6588
- C:\Windows\System\QOVJnZn.exe
  C:\Windows\System\QOVJnZn.exe
  2⤵
  PID:6624
- C:\Windows\System\KpGhnxV.exe
  C:\Windows\System\KpGhnxV.exe
  2⤵
  PID:6636
- C:\Windows\System\kHNlvcW.exe
  C:\Windows\System\kHNlvcW.exe
  2⤵
  PID:6664
- C:\Windows\System\QPkzVVS.exe
  C:\Windows\System\QPkzVVS.exe
  2⤵
  PID:6684
- C:\Windows\System\kqMqNDE.exe
  C:\Windows\System\kqMqNDE.exe
  2⤵
  PID:6720
- C:\Windows\System\pfSzkeb.exe
  C:\Windows\System\pfSzkeb.exe
  2⤵
  PID:6756
- C:\Windows\System\JmqnjVQ.exe
  C:\Windows\System\JmqnjVQ.exe
  2⤵
  PID:5848
- C:\Windows\System\aSEGmiT.exe
  C:\Windows\System\aSEGmiT.exe
  2⤵
  PID:6788
- C:\Windows\System\dLKlYvU.exe
  C:\Windows\System\dLKlYvU.exe
  2⤵
  PID:6804
- C:\Windows\System\NlRuAGt.exe
  C:\Windows\System\NlRuAGt.exe
  2⤵
  PID:6820
- C:\Windows\System\GXdmjEb.exe
  C:\Windows\System\GXdmjEb.exe
  2⤵
  PID:6836
- C:\Windows\System\SWHNWVS.exe
  C:\Windows\System\SWHNWVS.exe
  2⤵
  PID:6852
- C:\Windows\System\DvcztrH.exe
  C:\Windows\System\DvcztrH.exe
  2⤵
  PID:6868
- C:\Windows\System\fRUPzfe.exe
  C:\Windows\System\fRUPzfe.exe
  2⤵
  PID:6884
- C:\Windows\System\ElUwQxL.exe
  C:\Windows\System\ElUwQxL.exe
  2⤵
  PID:6900
- C:\Windows\System\ddpMtQD.exe
  C:\Windows\System\ddpMtQD.exe
  2⤵
  PID:6916
- C:\Windows\System\FoqIKXS.exe
  C:\Windows\System\FoqIKXS.exe
  2⤵
  PID:6932
- C:\Windows\System\CvWwiVv.exe
  C:\Windows\System\CvWwiVv.exe
  2⤵
  PID:6948
- C:\Windows\System\arfrKmX.exe
  C:\Windows\System\arfrKmX.exe
  2⤵
  PID:6964
- C:\Windows\System\NVsdsHA.exe
  C:\Windows\System\NVsdsHA.exe
  2⤵
  PID:6980
- C:\Windows\System\bTWmdcP.exe
  C:\Windows\System\bTWmdcP.exe
  2⤵
  PID:6996
- C:\Windows\System\ErnRdfi.exe
  C:\Windows\System\ErnRdfi.exe
  2⤵
  PID:7008
- C:\Windows\System\iTqQdqZ.exe
  C:\Windows\System\iTqQdqZ.exe
  2⤵
  PID:7024
- C:\Windows\System\xtKIAGe.exe
  C:\Windows\System\xtKIAGe.exe
  2⤵
  PID:7044
- C:\Windows\System\bWtRzZF.exe
  C:\Windows\System\bWtRzZF.exe
  2⤵
  PID:7060
- C:\Windows\System\CzXMFFe.exe
  C:\Windows\System\CzXMFFe.exe
  2⤵
  PID:7076
- C:\Windows\System\TpiioAV.exe
  C:\Windows\System\TpiioAV.exe
  2⤵
  PID:7092
- C:\Windows\System\lnNtYXS.exe
  C:\Windows\System\lnNtYXS.exe
  2⤵
  PID:7104
- C:\Windows\System\FjqAUjE.exe
  C:\Windows\System\FjqAUjE.exe
  2⤵
  PID:7124
- C:\Windows\System\JmqCzPt.exe
  C:\Windows\System\JmqCzPt.exe
  2⤵
  PID:7140
- C:\Windows\System\IOYCTlc.exe
  C:\Windows\System\IOYCTlc.exe
  2⤵
  PID:7156
- C:\Windows\System\LkXYUSu.exe
  C:\Windows\System\LkXYUSu.exe
  2⤵
  PID:5572
- C:\Windows\System\OXmnDgU.exe
  C:\Windows\System\OXmnDgU.exe
  2⤵
  PID:5844
- C:\Windows\System\gatGlgb.exe
  C:\Windows\System\gatGlgb.exe
  2⤵
  PID:6232
- C:\Windows\System\sSnBiLg.exe
  C:\Windows\System\sSnBiLg.exe
  2⤵
  PID:5312
- C:\Windows\System\vRGqnwX.exe
  C:\Windows\System\vRGqnwX.exe
  2⤵
  PID:6292
- C:\Windows\System\aQEJyMl.exe
  C:\Windows\System\aQEJyMl.exe
  2⤵
  PID:1796
- C:\Windows\System\CrfkQml.exe
  C:\Windows\System\CrfkQml.exe
  2⤵
  PID:6360
- C:\Windows\System\oVAOpNt.exe
  C:\Windows\System\oVAOpNt.exe
  2⤵
  PID:6392
- C:\Windows\System\kEZmoaB.exe
  C:\Windows\System\kEZmoaB.exe
  2⤵
  PID:6524
- C:\Windows\System\MDEmgvv.exe
  C:\Windows\System\MDEmgvv.exe
  2⤵
  PID:6484
- C:\Windows\System\PzxXobR.exe
  C:\Windows\System\PzxXobR.exe
  2⤵
  PID:6436
- C:\Windows\System\NzcMvRm.exe
  C:\Windows\System\NzcMvRm.exe
  2⤵
  PID:6648
- C:\Windows\System\HYgTgLx.exe
  C:\Windows\System\HYgTgLx.exe
  2⤵
  PID:6572
- C:\Windows\System\sEHiVUc.exe
  C:\Windows\System\sEHiVUc.exe
  2⤵
  PID:6680
- C:\Windows\System\KAjuGtl.exe
  C:\Windows\System\KAjuGtl.exe
  2⤵
  PID:6772
- C:\Windows\System\cqGDDDI.exe
  C:\Windows\System\cqGDDDI.exe
  2⤵
  PID:6780
- C:\Windows\System\rqrGqgP.exe
  C:\Windows\System\rqrGqgP.exe
  2⤵
  PID:6796
- C:\Windows\System\Dkrwqvf.exe
  C:\Windows\System\Dkrwqvf.exe
  2⤵
  PID:6832
- C:\Windows\System\VnvhUBl.exe
  C:\Windows\System\VnvhUBl.exe
  2⤵
  PID:6896
- C:\Windows\System\nWFfxQT.exe
  C:\Windows\System\nWFfxQT.exe
  2⤵
  PID:6908
- C:\Windows\System\CyHGoql.exe
  C:\Windows\System\CyHGoql.exe
  2⤵
  PID:6984
- C:\Windows\System\hKzuNpO.exe
  C:\Windows\System\hKzuNpO.exe
  2⤵
  PID:6912
- C:\Windows\System\PIOFuPr.exe
  C:\Windows\System\PIOFuPr.exe
  2⤵
  PID:7012
- C:\Windows\System\YjxxldY.exe
  C:\Windows\System\YjxxldY.exe
  2⤵
  PID:7084
- C:\Windows\System\hchhCOc.exe
  C:\Windows\System\hchhCOc.exe
  2⤵
  PID:7148
- C:\Windows\System\quZxuBd.exe
  C:\Windows\System\quZxuBd.exe
  2⤵
  PID:7100
- C:\Windows\System\MFRtJUt.exe
  C:\Windows\System\MFRtJUt.exe
  2⤵
  PID:6760
- C:\Windows\System\mPgJDxw.exe
  C:\Windows\System\mPgJDxw.exe
  2⤵
  PID:7108
- C:\Windows\System\LMtUqKG.exe
  C:\Windows\System\LMtUqKG.exe
  2⤵
  PID:7164
- C:\Windows\System\wcvcMIk.exe
  C:\Windows\System\wcvcMIk.exe
  2⤵
  PID:5356
- C:\Windows\System\TBjPoTb.exe
  C:\Windows\System\TBjPoTb.exe
  2⤵
  PID:6364
- C:\Windows\System\FWPxutk.exe
  C:\Windows\System\FWPxutk.exe
  2⤵
  PID:6596
- C:\Windows\System\dTmpwrF.exe
  C:\Windows\System\dTmpwrF.exe
  2⤵
  PID:6740
- C:\Windows\System\yZZXKkp.exe
  C:\Windows\System\yZZXKkp.exe
  2⤵
  PID:6880
- C:\Windows\System\SaOLtSq.exe
  C:\Windows\System\SaOLtSq.exe
  2⤵
  PID:7004
- C:\Windows\System\jbedZHF.exe
  C:\Windows\System\jbedZHF.exe
  2⤵
  PID:6632
- C:\Windows\System\uBLjlEu.exe
  C:\Windows\System\uBLjlEu.exe
  2⤵
  PID:6812
- C:\Windows\System\KLdpojm.exe
  C:\Windows\System\KLdpojm.exe
  2⤵
  PID:6256
- C:\Windows\System\BKlZcFe.exe
  C:\Windows\System\BKlZcFe.exe
  2⤵
  PID:6976
- C:\Windows\System\OUodgEQ.exe
  C:\Windows\System\OUodgEQ.exe
  2⤵
  PID:6892
- C:\Windows\System\YvKYdMK.exe
  C:\Windows\System\YvKYdMK.exe
  2⤵
  PID:7152
- C:\Windows\System\CXjEKYr.exe
  C:\Windows\System\CXjEKYr.exe
  2⤵
  PID:2268
- C:\Windows\System\CpMFpVa.exe
  C:\Windows\System\CpMFpVa.exe
  2⤵
  PID:6828
- C:\Windows\System\VoSAkid.exe
  C:\Windows\System\VoSAkid.exe
  2⤵
  PID:6316
- C:\Windows\System\QXbSlSl.exe
  C:\Windows\System\QXbSlSl.exe
  2⤵
  PID:7056
- C:\Windows\System\nFxqYne.exe
  C:\Windows\System\nFxqYne.exe
  2⤵
  PID:7032
- C:\Windows\System\zMsCSAv.exe
  C:\Windows\System\zMsCSAv.exe
  2⤵
  PID:6956
- C:\Windows\System\SbLouqs.exe
  C:\Windows\System\SbLouqs.exe
  2⤵
  PID:6848
- C:\Windows\System\cGHUhLg.exe
  C:\Windows\System\cGHUhLg.exe
  2⤵
  PID:7180
- C:\Windows\System\KzsASTD.exe
  C:\Windows\System\KzsASTD.exe
  2⤵
  PID:7196
- C:\Windows\System\XBakTXW.exe
  C:\Windows\System\XBakTXW.exe
  2⤵
  PID:7212
- C:\Windows\System\NHOqndU.exe
  C:\Windows\System\NHOqndU.exe
  2⤵
  PID:7228
- C:\Windows\System\ubYjaLR.exe
  C:\Windows\System\ubYjaLR.exe
  2⤵
  PID:7244
- C:\Windows\System\TgOTYdL.exe
  C:\Windows\System\TgOTYdL.exe
  2⤵
  PID:7260
- C:\Windows\System\HyfUGbI.exe
  C:\Windows\System\HyfUGbI.exe
  2⤵
  PID:7276
- C:\Windows\System\ZAkkqWy.exe
  C:\Windows\System\ZAkkqWy.exe
  2⤵
  PID:7292
- C:\Windows\System\XRmmWoW.exe
  C:\Windows\System\XRmmWoW.exe
  2⤵
  PID:7308
- C:\Windows\System\lQJUpOb.exe
  C:\Windows\System\lQJUpOb.exe
  2⤵
  PID:7328
- C:\Windows\System\dZseXpv.exe
  C:\Windows\System\dZseXpv.exe
  2⤵
  PID:7344
- C:\Windows\System\msiLJwV.exe
  C:\Windows\System\msiLJwV.exe
  2⤵
  PID:7360
- C:\Windows\System\egZmgAY.exe
  C:\Windows\System\egZmgAY.exe
  2⤵
  PID:7376
- C:\Windows\System\KcVbyXs.exe
  C:\Windows\System\KcVbyXs.exe
  2⤵
  PID:7392
- C:\Windows\System\hFTDVlv.exe
  C:\Windows\System\hFTDVlv.exe
  2⤵
  PID:7408
- C:\Windows\System\tQIZOII.exe
  C:\Windows\System\tQIZOII.exe
  2⤵
  PID:7424
- C:\Windows\System\inaQxpT.exe
  C:\Windows\System\inaQxpT.exe
  2⤵
  PID:7440
- C:\Windows\System\PYvBHWr.exe
  C:\Windows\System\PYvBHWr.exe
  2⤵
  PID:7456
- C:\Windows\System\RieJwVW.exe
  C:\Windows\System\RieJwVW.exe
  2⤵
  PID:7472
- C:\Windows\System\lxZjjSD.exe
  C:\Windows\System\lxZjjSD.exe
  2⤵
  PID:7488
- C:\Windows\System\OPKkyHm.exe
  C:\Windows\System\OPKkyHm.exe
  2⤵
  PID:7504
- C:\Windows\System\hHmYDEh.exe
  C:\Windows\System\hHmYDEh.exe
  2⤵
  PID:7520
- C:\Windows\System\CwWfMAp.exe
  C:\Windows\System\CwWfMAp.exe
  2⤵
  PID:7536
- C:\Windows\System\FtPNTXX.exe
  C:\Windows\System\FtPNTXX.exe
  2⤵
  PID:7552
- C:\Windows\System\BJyPmiB.exe
  C:\Windows\System\BJyPmiB.exe
  2⤵
  PID:7568
- C:\Windows\System\aOTHglO.exe
  C:\Windows\System\aOTHglO.exe
  2⤵
  PID:7584
- C:\Windows\System\izHdlzm.exe
  C:\Windows\System\izHdlzm.exe
  2⤵
  PID:7600
- C:\Windows\System\IxVKZBt.exe
  C:\Windows\System\IxVKZBt.exe
  2⤵
  PID:7616
- C:\Windows\System\QnPLcCl.exe
  C:\Windows\System\QnPLcCl.exe
  2⤵
  PID:7632
- C:\Windows\System\bCfcHKj.exe
  C:\Windows\System\bCfcHKj.exe
  2⤵
  PID:7648
- C:\Windows\System\repjHCd.exe
  C:\Windows\System\repjHCd.exe
  2⤵
  PID:7664
- C:\Windows\System\VQUjUuu.exe
  C:\Windows\System\VQUjUuu.exe
  2⤵
  PID:7680
- C:\Windows\System\WpGvLPu.exe
  C:\Windows\System\WpGvLPu.exe
  2⤵
  PID:7696
- C:\Windows\System\LYNAzdy.exe
  C:\Windows\System\LYNAzdy.exe
  2⤵
  PID:7712
- C:\Windows\System\QbUdjqm.exe
  C:\Windows\System\QbUdjqm.exe
  2⤵
  PID:7728
- C:\Windows\System\nOxrkQW.exe
  C:\Windows\System\nOxrkQW.exe
  2⤵
  PID:7744
- C:\Windows\System\hstWhrg.exe
  C:\Windows\System\hstWhrg.exe
  2⤵
  PID:7760
- C:\Windows\System\RFQftZc.exe
  C:\Windows\System\RFQftZc.exe
  2⤵
  PID:7776
- C:\Windows\System\xwdhLsK.exe
  C:\Windows\System\xwdhLsK.exe
  2⤵
  PID:7792
- C:\Windows\System\PHMFjYA.exe
  C:\Windows\System\PHMFjYA.exe
  2⤵
  PID:7808
- C:\Windows\System\tcwikxo.exe
  C:\Windows\System\tcwikxo.exe
  2⤵
  PID:7824
- C:\Windows\System\KYIuyZm.exe
  C:\Windows\System\KYIuyZm.exe
  2⤵
  PID:7840
- C:\Windows\System\WDcWnpB.exe
  C:\Windows\System\WDcWnpB.exe
  2⤵
  PID:7856
- C:\Windows\System\pTkCkLA.exe
  C:\Windows\System\pTkCkLA.exe
  2⤵
  PID:7872
- C:\Windows\System\TzVNLZd.exe
  C:\Windows\System\TzVNLZd.exe
  2⤵
  PID:7888
- C:\Windows\System\WapSVpZ.exe
  C:\Windows\System\WapSVpZ.exe
  2⤵
  PID:7904
- C:\Windows\System\AkbSwBY.exe
  C:\Windows\System\AkbSwBY.exe
  2⤵
  PID:7920
- C:\Windows\System\ZJSTvpw.exe
  C:\Windows\System\ZJSTvpw.exe
  2⤵
  PID:7936
- C:\Windows\System\gcvNfho.exe
  C:\Windows\System\gcvNfho.exe
  2⤵
  PID:7952
- C:\Windows\System\MLriHsG.exe
  C:\Windows\System\MLriHsG.exe
  2⤵
  PID:7968
- C:\Windows\System\UsILKWP.exe
  C:\Windows\System\UsILKWP.exe
  2⤵
  PID:7984
- C:\Windows\System\tKONNGH.exe
  C:\Windows\System\tKONNGH.exe
  2⤵
  PID:8000
- C:\Windows\System\mKRbqco.exe
  C:\Windows\System\mKRbqco.exe
  2⤵
  PID:8016
- C:\Windows\System\GgoCCKY.exe
  C:\Windows\System\GgoCCKY.exe
  2⤵
  PID:8032
- C:\Windows\System\kwLEZJi.exe
  C:\Windows\System\kwLEZJi.exe
  2⤵
  PID:8048
- C:\Windows\System\FixRshz.exe
  C:\Windows\System\FixRshz.exe
  2⤵
  PID:8064
- C:\Windows\System\nIyYfAF.exe
  C:\Windows\System\nIyYfAF.exe
  2⤵
  PID:8080
- C:\Windows\System\FFcjgiU.exe
  C:\Windows\System\FFcjgiU.exe
  2⤵
  PID:8096
- C:\Windows\System\wSWfRms.exe
  C:\Windows\System\wSWfRms.exe
  2⤵
  PID:8112
- C:\Windows\System\zTPinNJ.exe
  C:\Windows\System\zTPinNJ.exe
  2⤵
  PID:8128
- C:\Windows\System\sYmuFPh.exe
  C:\Windows\System\sYmuFPh.exe
  2⤵
  PID:8144
- C:\Windows\System\UoQjSpZ.exe
  C:\Windows\System\UoQjSpZ.exe
  2⤵
  PID:8160
- C:\Windows\System\iJLtChC.exe
  C:\Windows\System\iJLtChC.exe
  2⤵
  PID:8176
- C:\Windows\System\exETqWq.exe
  C:\Windows\System\exETqWq.exe
  2⤵
  PID:6876
- C:\Windows\System\hoPuzOB.exe
  C:\Windows\System\hoPuzOB.exe
  2⤵
  PID:7072
- C:\Windows\System\OFWfUif.exe
  C:\Windows\System\OFWfUif.exe
  2⤵
  PID:6732
- C:\Windows\System\OvLFYPB.exe
  C:\Windows\System\OvLFYPB.exe
  2⤵
  PID:7188
- C:\Windows\System\rWMUZai.exe
  C:\Windows\System\rWMUZai.exe
  2⤵
  PID:7224
- C:\Windows\System\eBcdlvI.exe
  C:\Windows\System\eBcdlvI.exe
  2⤵
  PID:7316
- C:\Windows\System\kypVWdX.exe
  C:\Windows\System\kypVWdX.exe
  2⤵
  PID:7384
- C:\Windows\System\UzSscbM.exe
  C:\Windows\System\UzSscbM.exe
  2⤵
  PID:7368
- C:\Windows\System\AXcFpUQ.exe
  C:\Windows\System\AXcFpUQ.exe
  2⤵
  PID:7432
- C:\Windows\System\zdAOHMC.exe
  C:\Windows\System\zdAOHMC.exe
  2⤵
  PID:7304
- C:\Windows\System\HpWnXzP.exe
  C:\Windows\System\HpWnXzP.exe
  2⤵
  PID:7268
- C:\Windows\System\RraKxoX.exe
  C:\Windows\System\RraKxoX.exe
  2⤵
  PID:7204
- C:\Windows\System\JtmYLhm.exe
  C:\Windows\System\JtmYLhm.exe
  2⤵
  PID:6652
- C:\Windows\System\tMRTCJx.exe
  C:\Windows\System\tMRTCJx.exe
  2⤵
  PID:7468
- C:\Windows\System\HKjQHBp.exe
  C:\Windows\System\HKjQHBp.exe
  2⤵
  PID:7516
- C:\Windows\System\oXNAPof.exe
  C:\Windows\System\oXNAPof.exe
  2⤵
  PID:7496
- C:\Windows\System\vYtBThE.exe
  C:\Windows\System\vYtBThE.exe
  2⤵
  PID:7580
- C:\Windows\System\hbAViqM.exe
  C:\Windows\System\hbAViqM.exe
  2⤵
  PID:7628
- C:\Windows\System\sTwshgt.exe
  C:\Windows\System\sTwshgt.exe
  2⤵
  PID:7624
- C:\Windows\System\HKpiOII.exe
  C:\Windows\System\HKpiOII.exe
  2⤵
  PID:7672
- C:\Windows\System\ZikRxmM.exe
  C:\Windows\System\ZikRxmM.exe
  2⤵
  PID:7704
- C:\Windows\System\IDahVTP.exe
  C:\Windows\System\IDahVTP.exe
  2⤵
  PID:7740
- C:\Windows\System\SjmGTap.exe
  C:\Windows\System\SjmGTap.exe
  2⤵
  PID:7752
- C:\Windows\System\kDlBqmS.exe
  C:\Windows\System\kDlBqmS.exe
  2⤵
  PID:7784
- C:\Windows\System\wuhVFTN.exe
  C:\Windows\System\wuhVFTN.exe
  2⤵
  PID:7836
- C:\Windows\System\iTtBMLU.exe
  C:\Windows\System\iTtBMLU.exe
  2⤵
  PID:7868
- C:\Windows\System\HMeARTi.exe
  C:\Windows\System\HMeARTi.exe
  2⤵
  PID:7932
- C:\Windows\System\XJgStJU.exe
  C:\Windows\System\XJgStJU.exe
  2⤵
  PID:7976
- C:\Windows\System\paLzPCW.exe
  C:\Windows\System\paLzPCW.exe
  2⤵
  PID:2844
- C:\Windows\System\ItXXtCL.exe
  C:\Windows\System\ItXXtCL.exe
  2⤵
  PID:7980
- C:\Windows\System\auFzJGy.exe
  C:\Windows\System\auFzJGy.exe
  2⤵
  PID:8028
- C:\Windows\System\svrMqBz.exe
  C:\Windows\System\svrMqBz.exe
  2⤵
  PID:8056
- C:\Windows\System\IGswAOP.exe
  C:\Windows\System\IGswAOP.exe
  2⤵
  PID:8120
- C:\Windows\System\vJDWTNN.exe
  C:\Windows\System\vJDWTNN.exe
  2⤵
  PID:8108
- C:\Windows\System\TLjLaHf.exe
  C:\Windows\System\TLjLaHf.exe
  2⤵
  PID:8076
- C:\Windows\System\nYXDhmj.exe
  C:\Windows\System\nYXDhmj.exe
  2⤵
  PID:8172
- C:\Windows\System\PEejFZY.exe
  C:\Windows\System\PEejFZY.exe
  2⤵
  PID:7420
- C:\Windows\System\GlQJfsW.exe
  C:\Windows\System\GlQJfsW.exe
  2⤵
  PID:7288
- C:\Windows\System\LpYSZEX.exe
  C:\Windows\System\LpYSZEX.exe
  2⤵
  PID:7236
- C:\Windows\System\vzJkeXH.exe
  C:\Windows\System\vzJkeXH.exe
  2⤵
  PID:8184
- C:\Windows\System\rcBjRlH.exe
  C:\Windows\System\rcBjRlH.exe
  2⤵
  PID:7340
- C:\Windows\System\TltVQug.exe
  C:\Windows\System\TltVQug.exe
  2⤵
  PID:7404
- C:\Windows\System\twDPcjB.exe
  C:\Windows\System\twDPcjB.exe
  2⤵
  PID:7484
- C:\Windows\System\UlpNwRy.exe
  C:\Windows\System\UlpNwRy.exe
  2⤵
  PID:7560
- C:\Windows\System\XuVaWyf.exe
  C:\Windows\System\XuVaWyf.exe
  2⤵
  PID:7608
- C:\Windows\System\WkOeVVH.exe
  C:\Windows\System\WkOeVVH.exe
  2⤵
  PID:7656
- C:\Windows\System\iYKVmgZ.exe
  C:\Windows\System\iYKVmgZ.exe
  2⤵
  PID:7692
- C:\Windows\System\QRDNOkH.exe
  C:\Windows\System\QRDNOkH.exe
  2⤵
  PID:7644
- C:\Windows\System\JNiPlDx.exe
  C:\Windows\System\JNiPlDx.exe
  2⤵
  PID:7724
- C:\Windows\System\QmiYVRE.exe
  C:\Windows\System\QmiYVRE.exe
  2⤵
  PID:7832
- C:\Windows\System\MgwQFgk.exe
  C:\Windows\System\MgwQFgk.exe
  2⤵
  PID:7964
- C:\Windows\System\SPBtCZT.exe
  C:\Windows\System\SPBtCZT.exe
  2⤵
  PID:8088
- C:\Windows\System\zCXdByg.exe
  C:\Windows\System\zCXdByg.exe
  2⤵
  PID:8092
- C:\Windows\System\edXnsYs.exe
  C:\Windows\System\edXnsYs.exe
  2⤵
  PID:8012
- C:\Windows\System\IeRsMwK.exe
  C:\Windows\System\IeRsMwK.exe
  2⤵
  PID:8168
- C:\Windows\System\iwGmDaJ.exe
  C:\Windows\System\iwGmDaJ.exe
  2⤵
  PID:7192
- C:\Windows\System\kpXOAdH.exe
  C:\Windows\System\kpXOAdH.exe
  2⤵
  PID:7820
- C:\Windows\System\LWHdQzR.exe
  C:\Windows\System\LWHdQzR.exe
  2⤵
  PID:7528
- C:\Windows\System\wyJWoRE.exe
  C:\Windows\System\wyJWoRE.exe
  2⤵
  PID:7688
- C:\Windows\System\rvWuFRZ.exe
  C:\Windows\System\rvWuFRZ.exe
  2⤵
  PID:7576
- C:\Windows\System\kyYHuUP.exe
  C:\Windows\System\kyYHuUP.exe
  2⤵
  PID:7916
- C:\Windows\System\ojeybZs.exe
  C:\Windows\System\ojeybZs.exe
  2⤵
  PID:7928
- C:\Windows\System\ejZdoLJ.exe
  C:\Windows\System\ejZdoLJ.exe
  2⤵
  PID:7416
- C:\Windows\System\UVsfAsU.exe
  C:\Windows\System\UVsfAsU.exe
  2⤵
  PID:7352
- C:\Windows\System\nwvnijz.exe
  C:\Windows\System\nwvnijz.exe
  2⤵
  PID:8152
- C:\Windows\System\uKempLy.exe
  C:\Windows\System\uKempLy.exe
  2⤵
  PID:7640
- C:\Windows\System\lFcqzPS.exe
  C:\Windows\System\lFcqzPS.exe
  2⤵
  PID:7464
- C:\Windows\System\uKTIQbz.exe
  C:\Windows\System\uKTIQbz.exe
  2⤵
  PID:7220
- C:\Windows\System\ssXFUDn.exe
  C:\Windows\System\ssXFUDn.exe
  2⤵
  PID:8204
- C:\Windows\System\aBIiFQl.exe
  C:\Windows\System\aBIiFQl.exe
  2⤵
  PID:8220
- C:\Windows\System\LUNgHbz.exe
  C:\Windows\System\LUNgHbz.exe
  2⤵
  PID:8236
- C:\Windows\System\hEKHjEf.exe
  C:\Windows\System\hEKHjEf.exe
  2⤵
  PID:8252
- C:\Windows\System\BmOIcUW.exe
  C:\Windows\System\BmOIcUW.exe
  2⤵
  PID:8268
- C:\Windows\System\LHkQznL.exe
  C:\Windows\System\LHkQznL.exe
  2⤵
  PID:8284
- C:\Windows\System\PNXxXZB.exe
  C:\Windows\System\PNXxXZB.exe
  2⤵
  PID:8300
- C:\Windows\System\byuDFZY.exe
  C:\Windows\System\byuDFZY.exe
  2⤵
  PID:8316
- C:\Windows\System\XFXURSC.exe
  C:\Windows\System\XFXURSC.exe
  2⤵
  PID:8332
- C:\Windows\System\kjqQJzX.exe
  C:\Windows\System\kjqQJzX.exe
  2⤵
  PID:8348
- C:\Windows\System\tBnKHaR.exe
  C:\Windows\System\tBnKHaR.exe
  2⤵
  PID:8364
- C:\Windows\System\yEPcPLA.exe
  C:\Windows\System\yEPcPLA.exe
  2⤵
  PID:8380
- C:\Windows\System\ToFgMoh.exe
  C:\Windows\System\ToFgMoh.exe
  2⤵
  PID:8396
- C:\Windows\System\ifwUZSm.exe
  C:\Windows\System\ifwUZSm.exe
  2⤵
  PID:8412
- C:\Windows\System\IGhJfOw.exe
  C:\Windows\System\IGhJfOw.exe
  2⤵
  PID:8428
- C:\Windows\System\SrfUEur.exe
  C:\Windows\System\SrfUEur.exe
  2⤵
  PID:8444
- C:\Windows\System\YmXqsmH.exe
  C:\Windows\System\YmXqsmH.exe
  2⤵
  PID:8460
- C:\Windows\System\BVnHGTr.exe
  C:\Windows\System\BVnHGTr.exe
  2⤵
  PID:8476
- C:\Windows\System\cXYclIK.exe
  C:\Windows\System\cXYclIK.exe
  2⤵
  PID:8492
- C:\Windows\System\SRUPwtC.exe
  C:\Windows\System\SRUPwtC.exe
  2⤵
  PID:8508
- C:\Windows\System\UXFklvW.exe
  C:\Windows\System\UXFklvW.exe
  2⤵
  PID:8524
- C:\Windows\System\ZSORNAH.exe
  C:\Windows\System\ZSORNAH.exe
  2⤵
  PID:8540
- C:\Windows\System\AklAwiF.exe
  C:\Windows\System\AklAwiF.exe
  2⤵
  PID:8556
- C:\Windows\System\kKrXZmh.exe
  C:\Windows\System\kKrXZmh.exe
  2⤵
  PID:8572
- C:\Windows\System\OqccrDx.exe
  C:\Windows\System\OqccrDx.exe
  2⤵
  PID:8588
- C:\Windows\System\AdLeHmz.exe
  C:\Windows\System\AdLeHmz.exe
  2⤵
  PID:8604
- C:\Windows\System\HZBISQa.exe
  C:\Windows\System\HZBISQa.exe
  2⤵
  PID:8620
- C:\Windows\System\jLlIqjM.exe
  C:\Windows\System\jLlIqjM.exe
  2⤵
  PID:8636
- C:\Windows\System\TVGTAZF.exe
  C:\Windows\System\TVGTAZF.exe
  2⤵
  PID:8652
- C:\Windows\System\tNfiWZo.exe
  C:\Windows\System\tNfiWZo.exe
  2⤵
  PID:8668
- C:\Windows\System\ZVFBdyG.exe
  C:\Windows\System\ZVFBdyG.exe
  2⤵
  PID:8684
- C:\Windows\System\fdsvTZb.exe
  C:\Windows\System\fdsvTZb.exe
  2⤵
  PID:8700
- C:\Windows\System\eRvSGyc.exe
  C:\Windows\System\eRvSGyc.exe
  2⤵
  PID:8716
- C:\Windows\System\wkaladW.exe
  C:\Windows\System\wkaladW.exe
  2⤵
  PID:8732
- C:\Windows\System\KKuyPuR.exe
  C:\Windows\System\KKuyPuR.exe
  2⤵
  PID:8748
- C:\Windows\System\TFZTmaP.exe
  C:\Windows\System\TFZTmaP.exe
  2⤵
  PID:8768
- C:\Windows\System\NlgHxNz.exe
  C:\Windows\System\NlgHxNz.exe
  2⤵
  PID:8784
- C:\Windows\System\yzlBjqZ.exe
  C:\Windows\System\yzlBjqZ.exe
  2⤵
  PID:8800
- C:\Windows\System\fLGnqJu.exe
  C:\Windows\System\fLGnqJu.exe
  2⤵
  PID:8816
- C:\Windows\System\gQNZAca.exe
  C:\Windows\System\gQNZAca.exe
  2⤵
  PID:8832
- C:\Windows\System\RHRuZGY.exe
  C:\Windows\System\RHRuZGY.exe
  2⤵
  PID:8848
- C:\Windows\System\QEjappy.exe
  C:\Windows\System\QEjappy.exe
  2⤵
  PID:8864
- C:\Windows\System\brZztzi.exe
  C:\Windows\System\brZztzi.exe
  2⤵
  PID:8880
- C:\Windows\System\gxDLIwA.exe
  C:\Windows\System\gxDLIwA.exe
  2⤵
  PID:8896
- C:\Windows\System\XNVEBgh.exe
  C:\Windows\System\XNVEBgh.exe
  2⤵
  PID:8912
- C:\Windows\System\KtfjqkX.exe
  C:\Windows\System\KtfjqkX.exe
  2⤵
  PID:8928
- C:\Windows\System\rcJVbZh.exe
  C:\Windows\System\rcJVbZh.exe
  2⤵
  PID:8944
- C:\Windows\System\aWbwxGE.exe
  C:\Windows\System\aWbwxGE.exe
  2⤵
  PID:8960
- C:\Windows\System\DCfADqu.exe
  C:\Windows\System\DCfADqu.exe
  2⤵
  PID:8976
- C:\Windows\System\hneqLAn.exe
  C:\Windows\System\hneqLAn.exe
  2⤵
  PID:8992
- C:\Windows\System\WVwPkxQ.exe
  C:\Windows\System\WVwPkxQ.exe
  2⤵
  PID:9008
- C:\Windows\System\jEZEmjq.exe
  C:\Windows\System\jEZEmjq.exe
  2⤵
  PID:9024
- C:\Windows\System\JxAZyMX.exe
  C:\Windows\System\JxAZyMX.exe
  2⤵
  PID:9040
- C:\Windows\System\QpbDxVI.exe
  C:\Windows\System\QpbDxVI.exe
  2⤵
  PID:9056
- C:\Windows\System\CRaMdAe.exe
  C:\Windows\System\CRaMdAe.exe
  2⤵
  PID:9072
- C:\Windows\System\LSMaEoz.exe
  C:\Windows\System\LSMaEoz.exe
  2⤵
  PID:9088
- C:\Windows\System\AmmcTgf.exe
  C:\Windows\System\AmmcTgf.exe
  2⤵
  PID:9104
- C:\Windows\System\LwlVFoV.exe
  C:\Windows\System\LwlVFoV.exe
  2⤵
  PID:9120
- C:\Windows\System\ZEdYYbh.exe
  C:\Windows\System\ZEdYYbh.exe
  2⤵
  PID:9136
- C:\Windows\System\JscxaPr.exe
  C:\Windows\System\JscxaPr.exe
  2⤵
  PID:9152
- C:\Windows\System\pHZclIB.exe
  C:\Windows\System\pHZclIB.exe
  2⤵
  PID:9168
- C:\Windows\System\RgCvunb.exe
  C:\Windows\System\RgCvunb.exe
  2⤵
  PID:9184
- C:\Windows\System\jkuUnMq.exe
  C:\Windows\System\jkuUnMq.exe
  2⤵
  PID:9200
- C:\Windows\System\TpRcyMC.exe
  C:\Windows\System\TpRcyMC.exe
  2⤵
  PID:6592
- C:\Windows\System\BspCIIy.exe
  C:\Windows\System\BspCIIy.exe
  2⤵
  PID:7880
- C:\Windows\System\wjBbLCc.exe
  C:\Windows\System\wjBbLCc.exe
  2⤵
  PID:8212
- C:\Windows\System\CvEZrwo.exe
  C:\Windows\System\CvEZrwo.exe
  2⤵
  PID:8244
- C:\Windows\System\NeiarhX.exe
  C:\Windows\System\NeiarhX.exe
  2⤵
  PID:8248
- C:\Windows\System\vejYbvo.exe
  C:\Windows\System\vejYbvo.exe
  2⤵
  PID:8324
- C:\Windows\System\sRfTyQL.exe
  C:\Windows\System\sRfTyQL.exe
  2⤵
  PID:8356
- C:\Windows\System\rPUPgzB.exe
  C:\Windows\System\rPUPgzB.exe
  2⤵
  PID:8372
- C:\Windows\System\NVNuldV.exe
  C:\Windows\System\NVNuldV.exe
  2⤵
  PID:8376
- C:\Windows\System\ALXoFAM.exe
  C:\Windows\System\ALXoFAM.exe
  2⤵
  PID:8452
- C:\Windows\System\iMTQBWQ.exe
  C:\Windows\System\iMTQBWQ.exe
  2⤵
  PID:8520
- C:\Windows\System\sccGeWm.exe
  C:\Windows\System\sccGeWm.exe
  2⤵
  PID:8580
- C:\Windows\System\DYqsUjZ.exe
  C:\Windows\System\DYqsUjZ.exe
  2⤵
  PID:8440
- C:\Windows\System\XUjszGC.exe
  C:\Windows\System\XUjszGC.exe
  2⤵
  PID:8532
- C:\Windows\System\gkSlUEz.exe
  C:\Windows\System\gkSlUEz.exe
  2⤵
  PID:8596
- C:\Windows\System\vyHneti.exe
  C:\Windows\System\vyHneti.exe
  2⤵
  PID:8648
- C:\Windows\System\qlGEkiq.exe
  C:\Windows\System\qlGEkiq.exe
  2⤵
  PID:8628
- C:\Windows\System\ahlbQfU.exe
  C:\Windows\System\ahlbQfU.exe
  2⤵
  PID:8712
- C:\Windows\System\lHDAAwk.exe
  C:\Windows\System\lHDAAwk.exe
  2⤵
  PID:8724
- C:\Windows\System\OMpFzvm.exe
  C:\Windows\System\OMpFzvm.exe
  2⤵
  PID:8728
- C:\Windows\System\KlbJIQQ.exe
  C:\Windows\System\KlbJIQQ.exe
  2⤵
  PID:8792
- C:\Windows\System\qliPBoc.exe
  C:\Windows\System\qliPBoc.exe
  2⤵
  PID:8840
- C:\Windows\System\FdRXxrT.exe
  C:\Windows\System\FdRXxrT.exe
  2⤵
  PID:8872
- C:\Windows\System\jjggDeW.exe
  C:\Windows\System\jjggDeW.exe
  2⤵
  PID:8892
- C:\Windows\System\nNobnOD.exe
  C:\Windows\System\nNobnOD.exe
  2⤵
  PID:8936
- C:\Windows\System\SQCNZRi.exe
  C:\Windows\System\SQCNZRi.exe
  2⤵
  PID:8972
- C:\Windows\System\qAKpOjt.exe
  C:\Windows\System\qAKpOjt.exe
  2⤵
  PID:9036
- C:\Windows\System\lGjWaWF.exe
  C:\Windows\System\lGjWaWF.exe
  2⤵
  PID:8952
- C:\Windows\System\OZTsvTC.exe
  C:\Windows\System\OZTsvTC.exe
  2⤵
  PID:9020
- C:\Windows\System\kdTjWrj.exe
  C:\Windows\System\kdTjWrj.exe
  2⤵
  PID:9096
- C:\Windows\System\wecodMM.exe
  C:\Windows\System\wecodMM.exe
  2⤵
  PID:9128
- C:\Windows\System\DKMvKBs.exe
  C:\Windows\System\DKMvKBs.exe
  2⤵
  PID:9160
- C:\Windows\System\BjfUDiE.exe
  C:\Windows\System\BjfUDiE.exe
  2⤵
  PID:7900
- C:\Windows\System\wRrBJoR.exe
  C:\Windows\System\wRrBJoR.exe
  2⤵
  PID:7452
- C:\Windows\System\gyJfmrU.exe
  C:\Windows\System\gyJfmrU.exe
  2⤵
  PID:8296
- C:\Windows\System\CrlEdKL.exe
  C:\Windows\System\CrlEdKL.exe
  2⤵
  PID:8312
- C:\Windows\System\SdJmHlE.exe
  C:\Windows\System\SdJmHlE.exe
  2⤵
  PID:8420
- C:\Windows\System\XryERTT.exe
  C:\Windows\System\XryERTT.exe
  2⤵
  PID:8404
- C:\Windows\System\iJurCkV.exe
  C:\Windows\System\iJurCkV.exe
  2⤵
  PID:8568
- C:\Windows\System\UwNjqcq.exe
  C:\Windows\System\UwNjqcq.exe
  2⤵
  PID:8500
- C:\Windows\System\psiDrNP.exe
  C:\Windows\System\psiDrNP.exe
  2⤵
  PID:8664
- C:\Windows\System\FeOeCuz.exe
  C:\Windows\System\FeOeCuz.exe
  2⤵
  PID:8676
- C:\Windows\System\JiPOxqU.exe
  C:\Windows\System\JiPOxqU.exe
  2⤵
  PID:8812
- C:\Windows\System\pPOycYi.exe
  C:\Windows\System\pPOycYi.exe
  2⤵
  PID:8760
- C:\Windows\System\WUfQvxr.exe
  C:\Windows\System\WUfQvxr.exe
  2⤵
  PID:8920
- C:\Windows\System\ieOPMgm.exe
  C:\Windows\System\ieOPMgm.exe
  2⤵
  PID:8824
- C:\Windows\System\MMmNmqK.exe
  C:\Windows\System\MMmNmqK.exe
  2⤵
  PID:8764
- C:\Windows\System\KerGjvo.exe
  C:\Windows\System\KerGjvo.exe
  2⤵
  PID:9016
- C:\Windows\System\fiIcfGh.exe
  C:\Windows\System\fiIcfGh.exe
  2⤵
  PID:9144
- C:\Windows\System\XwgDGbq.exe
  C:\Windows\System\XwgDGbq.exe
  2⤵
  PID:9208
- C:\Windows\System\LkAYceL.exe
  C:\Windows\System\LkAYceL.exe
  2⤵
  PID:8264
- C:\Windows\System\xkuZHIP.exe
  C:\Windows\System\xkuZHIP.exe
  2⤵
  PID:8536
- C:\Windows\System\XNctmBx.exe
  C:\Windows\System\XNctmBx.exe
  2⤵
  PID:8908
- C:\Windows\System\bBbmrhf.exe
  C:\Windows\System\bBbmrhf.exe
  2⤵
  PID:8660
- C:\Windows\System\iVxQcNY.exe
  C:\Windows\System\iVxQcNY.exe
  2⤵
  PID:9068
- C:\Windows\System\PwXSiQu.exe
  C:\Windows\System\PwXSiQu.exe
  2⤵
  PID:9004
- C:\Windows\System\swEFelZ.exe
  C:\Windows\System\swEFelZ.exe
  2⤵
  PID:8692
- C:\Windows\System\TVwUBYa.exe
  C:\Windows\System\TVwUBYa.exe
  2⤵
  PID:8340
- C:\Windows\System\tgdIVTo.exe
  C:\Windows\System\tgdIVTo.exe
  2⤵
  PID:8292
- C:\Windows\System\VImaEdA.exe
  C:\Windows\System\VImaEdA.exe
  2⤵
  PID:8280
- C:\Windows\System\aZITamh.exe
  C:\Windows\System\aZITamh.exe
  2⤵
  PID:8888
- C:\Windows\System\gbIDPvv.exe
  C:\Windows\System\gbIDPvv.exe
  2⤵
  PID:8424
- C:\Windows\System\wohGCZt.exe
  C:\Windows\System\wohGCZt.exe
  2⤵
  PID:9508
- C:\Windows\System\USZGVCc.exe
  C:\Windows\System\USZGVCc.exe
  2⤵
  PID:9964
- C:\Windows\System\RhNLkNZ.exe
  C:\Windows\System\RhNLkNZ.exe
  2⤵
  PID:9988
- C:\Windows\System\sXkftCT.exe
  C:\Windows\System\sXkftCT.exe
  2⤵
  PID:9400
- C:\Windows\System\GJpIGJh.exe
  C:\Windows\System\GJpIGJh.exe
  2⤵
  PID:9484
- C:\Windows\System\vWFUOcY.exe
  C:\Windows\System\vWFUOcY.exe
  2⤵
  PID:9600
- C:\Windows\System\cYOglnS.exe
  C:\Windows\System\cYOglnS.exe
  2⤵
  PID:9636
- C:\Windows\System\iuNSoZm.exe
  C:\Windows\System\iuNSoZm.exe
  2⤵
  PID:9692
- C:\Windows\System\TTzLUUw.exe
  C:\Windows\System\TTzLUUw.exe
  2⤵
  PID:9724
- C:\Windows\System\qEGFWyY.exe
  C:\Windows\System\qEGFWyY.exe
  2⤵
  PID:9756
- C:\Windows\System\kBJvHnB.exe
  C:\Windows\System\kBJvHnB.exe
  2⤵
  PID:9772
- C:\Windows\System\MQoQejk.exe
  C:\Windows\System\MQoQejk.exe
  2⤵
  PID:9804
- C:\Windows\System\OUooOBG.exe
  C:\Windows\System\OUooOBG.exe
  2⤵
  PID:10184
- C:\Windows\System\JwMUMEH.exe
  C:\Windows\System\JwMUMEH.exe
  2⤵
  PID:10200
- C:\Windows\System\zaQMKIX.exe
  C:\Windows\System\zaQMKIX.exe
  2⤵
  PID:10216
- C:\Windows\System\sNjBOzD.exe
  C:\Windows\System\sNjBOzD.exe
  2⤵
  PID:9220
- C:\Windows\System\XFmbWxl.exe
  C:\Windows\System\XFmbWxl.exe
  2⤵
  PID:8392
- C:\Windows\System\tSYQbNK.exe
  C:\Windows\System\tSYQbNK.exe
  2⤵
  PID:9252
- C:\Windows\System\cjYJAdl.exe
  C:\Windows\System\cjYJAdl.exe
  2⤵
  PID:9276
- C:\Windows\System\bPMAxEM.exe
  C:\Windows\System\bPMAxEM.exe
  2⤵
  PID:9284
- C:\Windows\System\Jbwsjqw.exe
  C:\Windows\System\Jbwsjqw.exe
  2⤵
  PID:9300
- C:\Windows\System\CKXHUKf.exe
  C:\Windows\System\CKXHUKf.exe
  2⤵
  PID:9320
- C:\Windows\System\eMSedoR.exe
  C:\Windows\System\eMSedoR.exe
  2⤵
  PID:9340
- C:\Windows\System\EMalctz.exe
  C:\Windows\System\EMalctz.exe
  2⤵
  PID:9356
- C:\Windows\System\dduefsT.exe
  C:\Windows\System\dduefsT.exe
  2⤵
  PID:9388
- C:\Windows\System\eUPInaR.exe
  C:\Windows\System\eUPInaR.exe
  2⤵
  PID:9424
- C:\Windows\System\LwnQYkl.exe
  C:\Windows\System\LwnQYkl.exe
  2⤵
  PID:9500
- C:\Windows\System\lYverMe.exe
  C:\Windows\System\lYverMe.exe
  2⤵
  PID:9532
- C:\Windows\System\kxSgPwB.exe
  C:\Windows\System\kxSgPwB.exe
  2⤵
  PID:9556
- C:\Windows\System\TXAeBal.exe
  C:\Windows\System\TXAeBal.exe
  2⤵
  PID:9448
- C:\Windows\System\wumbJfj.exe
  C:\Windows\System\wumbJfj.exe
  2⤵
  PID:9464
- C:\Windows\System\itNVIUZ.exe
  C:\Windows\System\itNVIUZ.exe
  2⤵
  PID:9480
- C:\Windows\System\pQYYaSP.exe
  C:\Windows\System\pQYYaSP.exe
  2⤵
  PID:9572
- C:\Windows\System\gxmxYlD.exe
  C:\Windows\System\gxmxYlD.exe
  2⤵
  PID:9576
- C:\Windows\System\kFYDruS.exe
  C:\Windows\System\kFYDruS.exe
  2⤵
  PID:9664
- C:\Windows\System\hDUEkDJ.exe
  C:\Windows\System\hDUEkDJ.exe
  2⤵
  PID:9680
- C:\Windows\System\LTXeLaV.exe
  C:\Windows\System\LTXeLaV.exe
  2⤵
  PID:9612
- C:\Windows\System\bdHQKVS.exe
  C:\Windows\System\bdHQKVS.exe
  2⤵
  PID:9708
- C:\Windows\System\hohgVic.exe
  C:\Windows\System\hohgVic.exe
  2⤵
  PID:9740
- C:\Windows\System\vyZrUlc.exe
  C:\Windows\System\vyZrUlc.exe
  2⤵
  PID:9712
- C:\Windows\System\vwezEGm.exe
  C:\Windows\System\vwezEGm.exe
  2⤵
  PID:9792
- C:\Windows\System\BZFuWXn.exe
  C:\Windows\System\BZFuWXn.exe
  2⤵
  PID:9816
- C:\Windows\System\LAmCdZc.exe
  C:\Windows\System\LAmCdZc.exe
  2⤵
  PID:9828
- C:\Windows\System\JMWNnvc.exe
  C:\Windows\System\JMWNnvc.exe
  2⤵
  PID:9840
- C:\Windows\System\mkIeDsH.exe
  C:\Windows\System\mkIeDsH.exe
  2⤵
  PID:9860
- C:\Windows\System\EXhSeXz.exe
  C:\Windows\System\EXhSeXz.exe
  2⤵
  PID:9880
- C:\Windows\System\MlYGgSo.exe
  C:\Windows\System\MlYGgSo.exe
  2⤵
  PID:9956
- C:\Windows\System\ijtnCiv.exe
  C:\Windows\System\ijtnCiv.exe
  2⤵
  PID:10008
- C:\Windows\System\ggHgWGe.exe
  C:\Windows\System\ggHgWGe.exe
  2⤵
  PID:9916
- C:\Windows\System\bCEvdVJ.exe
  C:\Windows\System\bCEvdVJ.exe
  2⤵
  PID:10012
- C:\Windows\System\dDeHcAC.exe
  C:\Windows\System\dDeHcAC.exe
  2⤵
  PID:10024
- C:\Windows\System\GJhyuNd.exe
  C:\Windows\System\GJhyuNd.exe
  2⤵
  PID:10032
- C:\Windows\System\QTTvFAi.exe
  C:\Windows\System\QTTvFAi.exe
  2⤵
  PID:10056
- C:\Windows\System\yEVUONR.exe
  C:\Windows\System\yEVUONR.exe
  2⤵
  PID:10076
- C:\Windows\System\PiDiEDq.exe
  C:\Windows\System\PiDiEDq.exe
  2⤵
  PID:10096
- C:\Windows\System\WuYwQBL.exe
  C:\Windows\System\WuYwQBL.exe
  2⤵
  PID:10108
- C:\Windows\System\KJyOrgY.exe
  C:\Windows\System\KJyOrgY.exe
  2⤵
  PID:10136
- C:\Windows\System\oogntUU.exe
  C:\Windows\System\oogntUU.exe
  2⤵
  PID:10156
- C:\Windows\System\CgqgHgT.exe
  C:\Windows\System\CgqgHgT.exe
  2⤵
  PID:10180
- C:\Windows\System\SnhxbJO.exe
  C:\Windows\System\SnhxbJO.exe
  2⤵
  PID:10208
- C:\Windows\System\TzdmaSG.exe
  C:\Windows\System\TzdmaSG.exe
  2⤵
  PID:9232
- C:\Windows\System\bypxTTk.exe
  C:\Windows\System\bypxTTk.exe
  2⤵
  PID:9240
- C:\Windows\System\BVcgyrV.exe
  C:\Windows\System\BVcgyrV.exe
  2⤵
  PID:9268
- C:\Windows\System\wgiwIJt.exe
  C:\Windows\System\wgiwIJt.exe
  2⤵
  PID:9312
- C:\Windows\System\BEJKtiy.exe
  C:\Windows\System\BEJKtiy.exe
  2⤵
  PID:9328
- C:\Windows\System\lSjEvoh.exe
  C:\Windows\System\lSjEvoh.exe
  2⤵
  PID:9364
- C:\Windows\System\AerWeQN.exe
  C:\Windows\System\AerWeQN.exe
  2⤵
  PID:9520
- C:\Windows\System\zEzkjZC.exe
  C:\Windows\System\zEzkjZC.exe
  2⤵
  PID:9492
- C:\Windows\System\jRywVsQ.exe
  C:\Windows\System\jRywVsQ.exe
  2⤵
  PID:9440
- C:\Windows\System\YmcUcOV.exe
  C:\Windows\System\YmcUcOV.exe
  2⤵
  PID:9488
- C:\Windows\System\usGKfST.exe
  C:\Windows\System\usGKfST.exe
  2⤵
  PID:9452
- C:\Windows\System\GDeGMWk.exe
  C:\Windows\System\GDeGMWk.exe
  2⤵
  PID:9644
- C:\Windows\System\TfWWJqF.exe
  C:\Windows\System\TfWWJqF.exe
  2⤵
  PID:9372
- C:\Windows\System\kHzXGeg.exe
  C:\Windows\System\kHzXGeg.exe
  2⤵
  PID:9628
- C:\Windows\System\tGoFBZa.exe
  C:\Windows\System\tGoFBZa.exe
  2⤵
  PID:9788
- C:\Windows\System\EgBXEyy.exe
  C:\Windows\System\EgBXEyy.exe
  2⤵
  PID:9844
- C:\Windows\System\GOVXcpr.exe
  C:\Windows\System\GOVXcpr.exe
  2⤵
  PID:9876
- C:\Windows\System\HgGzmZY.exe
  C:\Windows\System\HgGzmZY.exe
  2⤵
  PID:9732
- C:\Windows\System\eOqndeL.exe
  C:\Windows\System\eOqndeL.exe
  2⤵
  PID:9768
- C:\Windows\System\nLlgAvs.exe
  C:\Windows\System\nLlgAvs.exe
  2⤵
  PID:9824
- C:\Windows\System\zbEHHZG.exe
  C:\Windows\System\zbEHHZG.exe
  2⤵
  PID:9900
- C:\Windows\System\ugCgxiA.exe
  C:\Windows\System\ugCgxiA.exe
  2⤵
  PID:9912
- C:\Windows\System\KqoJTHF.exe
  C:\Windows\System\KqoJTHF.exe
  2⤵
  PID:9960
- C:\Windows\System\IHfQQOt.exe
  C:\Windows\System\IHfQQOt.exe
  2⤵
  PID:10044
- C:\Windows\System\AtNojYG.exe
  C:\Windows\System\AtNojYG.exe
  2⤵
  PID:10080
- C:\Windows\System\fQIfhrT.exe
  C:\Windows\System\fQIfhrT.exe
  2⤵
  PID:10132
- C:\Windows\System\NqhLTZb.exe
  C:\Windows\System\NqhLTZb.exe
  2⤵
  PID:10168
- C:\Windows\System\fXVAOQB.exe
  C:\Windows\System\fXVAOQB.exe
  2⤵
  PID:10224
- C:\Windows\System\rhdjSoP.exe
  C:\Windows\System\rhdjSoP.exe
  2⤵
  PID:1000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AXjjHGi.exe

Filesize
6.0MB

MD5
b4afcdb006bec6a9c1e74d48ae9e7c1b

SHA1
fae116fdd4a2ded52445d755fd94057f2d5f4ef6

SHA256
77a0c30f3194741e1938c092be06aa26b2e217c54ee4c5a0e3de71fd244339ce

SHA512
436356f5c4a6f966fa7456d12eefc8abf659ec0336fd36a9d8ecd063c8638421f94bd3b1e4a7abb0efcb0103d5b26c795bcc20ac09e0b1955b4e7d4395e7c741

Download Submit
C:\Windows\system\DELRdBu.exe

Filesize
6.0MB

MD5
d80a317a86ec5d7a180364c534a73ee2

SHA1
1ab3e48da09113c2ca9c7ccf23e6c2628b8a1c38

SHA256
6ca2275809f7edfe10dab252834d599c1ebaf0aa57eed7e729371993ee1da36c

SHA512
2339639507329150e0f8e7a86b2bf08e30a37bf72337af5ea8b3e9584800d3e7294c8102da9cc1be4d8b31add822e83232ad45acfc46f06d90a464a2977dd9fd

Download Submit
C:\Windows\system\EJWfJgs.exe

Filesize
6.0MB

MD5
ddf06c1a2fb22ae738001e05a2026317

SHA1
1c5f4a774b263585f8666fa67971a213ca10caff

SHA256
e8510672859a42fe11348e56227d35cad4c7fdc688e0ad509b86f330775b408c

SHA512
fb1d4ddc5ee0ab2512ce1ced7f53b743f525cb35c3c3ee2ad5e177f3505d30ec73110c746fd9000685b9435b664fdb1a8b76326bd85b942938a4fa68016ea2cf

Download Submit
C:\Windows\system\ESHJdpI.exe

Filesize
6.0MB

MD5
8674838401fbb3e63fc9834b0ccf408d

SHA1
b66d8985e691df19cdd09bc069984fa51de2c404

SHA256
fd38961988a00c357def841e0a01ef15597dd9625baaf42a0bcf3f3042847112

SHA512
08856b276e6559f50f083663f7bea7cf6015e1dbd1808e40874400045cbe9791c50cd20cba4726eac00ca0a87019ed2dd7f067414747e818d424862189c2d437

Download Submit
C:\Windows\system\EZxCPXt.exe

Filesize
6.0MB

MD5
20a920eab130515dcff07a9d05392ca9

SHA1
081cf6c24dd2f34464418d1c7ef722db43902ad3

SHA256
05b31e6ee166901e7a8ce304f4f257e10e5b5bd7f3bb3626357e6d931ede637a

SHA512
13fc2090fe77da8449fd02b8ec10495344ee672d8e16dd9a77fc20539e24a4df1095676730230fcadcc1f80e45e0e7366e7c180970c201e39aefd77692fdd71c

Download Submit
C:\Windows\system\EiQqngU.exe

Filesize
6.0MB

MD5
97f5a1a656570273d387b59280313f9a

SHA1
06a921cc59b8f6d22888466055af44a47651c635

SHA256
70f2be34daaee6199525db2b238a2d69cea1448b8cec1323f5575d17019c94fc

SHA512
446f6edfb168eb6993535c5e0cbca1ebd9b7bfea8fe96cd8a858f51314049dfbcd03312e677989f699df01dde5451acba6225ec63b4ea6d81adec1f90a2039d1

Download Submit
C:\Windows\system\FnlbBsr.exe

Filesize
6.0MB

MD5
ba963d534092c9db0df88c1f6ec9eee5

SHA1
afb597a336bd93ea5079904fb1f364ee8d1be54c

SHA256
44cd8ee33d0d690d71f0aa5d42f61f56fc5efd4cf826279431c48255d9d83b11

SHA512
6514d1bfe605aa0689b987f7d0acbd88eb66e708330c556d3192134c4c3b00dae6ba0f5621bd2d851015558b338d95431025ff8d5d4afcc69d24ea039b3d2891

Download Submit
C:\Windows\system\GSaKHTt.exe

Filesize
6.0MB

MD5
2c9b1a29701247fdb891f518bc6a35fa

SHA1
36635dd1cb441ffe36470407160ca5627acb9d87

SHA256
d0cbd1b8e7c500cc8977feddcb3340c7c828aa595dc866cf72ab2bcb8884b578

SHA512
a7385774a789bc040ba99b81c7a78284da8dbf66c8cc5a241fe6306af1401a1d42afd15ffff44f81afb9a89821df82393230e74348e0815eb2e31a8526048ae5

Download Submit
C:\Windows\system\LjJNFsN.exe

Filesize
6.0MB

MD5
4fe1ab5e9ef902b16c32dbfbec710dbe

SHA1
37ab0f4685a7808f81cf0bebaca7dc13289206c4

SHA256
70dcc3c90d5b02eee4c560ea0daea900b501f2572ae55d21609ad6a3e6afe1f8

SHA512
57d18d560aae8e2ddad3e1629b5633f6bf7f33a00464b2a1f055ad251b4f1f290c4c1f90fcb064b93e52f4835d9e11f63deaa94afeb88c3acf1fd7e617e911d9

Download Submit
C:\Windows\system\LxoUukc.exe

Filesize
6.0MB

MD5
265d4c7d04287579552ad2551c61b1fe

SHA1
2fc337e4886b454ca0a6bf8fc1727e9d903fe8a7

SHA256
d1ac9ad117d165a7deeefd0dbc06c9302953845328d5b9424c55aa5d1b0ce72d

SHA512
e6439e39ad0df222c2a191c6f62e918c71e53c4499eedf46fc538449ce3562571ee88d9830690e2a37d5c867fc22e4372b042c9b1992daee6ee52defce68c11b

Download Submit
C:\Windows\system\MRltvlG.exe

Filesize
6.0MB

MD5
00535355c7b0ee2632722cc73a1bc2e9

SHA1
f2be071d71e07cac378cdf846da916fb10e68394

SHA256
6fbc43eb771cab50817040baea4353dc5f80a8ca77c33408fffbdf45cd6141ab

SHA512
de01424fea9bb397545c3a820f00a7b904ce0271e5fda193a488383713849ed389cc4811d3967fc8e04ca9b6d597793a360b19d36914655c9cd9d180d73595b1

Download Submit
C:\Windows\system\PiAILsB.exe

Filesize
6.0MB

MD5
fc0476b1ce4bd098eb5a1404b21ce625

SHA1
ad05bcf449b371c88be6210fbace98cc7e30adbe

SHA256
1437c7ace97bb7b6c2d66ce6a23f29f36178c9b293e95cb6e28b0330d04f1aa5

SHA512
4063a9b88a80be6e75a9f75047f8052585d95c112fa8744b7cd7a4fdecb85db910c4ddad3d3d89cba34925dae1c4a6ca4d46628ca1dc2361448b30335ed40a78

Download Submit
C:\Windows\system\TkywyeN.exe

Filesize
6.0MB

MD5
33228994389b58775d2e100a0bc848b8

SHA1
0d4470701ed0df3e9a70d81973a5b94145ec7400

SHA256
6062020fe5acfbdf8ea9b140d3f9061f8596b5063ef76d98ade69659b837ab2b

SHA512
d7c89fcc5de332d0abd98e90698a43a303832e1d016446222f328e41b1048e70b387c734f337bd72ace752ed5d617339a25a50b34fa1b8fb914da8f3d48d0fb9

Download Submit
C:\Windows\system\UTvAiQe.exe

Filesize
6.0MB

MD5
1de5816d895987c7735192cc63bbfc5c

SHA1
e1951b76276ca4f37b993af0ed28c0d7f0947d05

SHA256
29d59fcf0bbb61b52cc5c01ff373163894ff1e213983528e4522ef76032b53a9

SHA512
d8d12977eea89a292b2d210ae06cf9eaae250ce9ab8cf2345396d5e3bf4f2d8696cf253efe5867fab4214ea9c209943217e1e4050184373efd02ea5e10a03891

Download Submit
C:\Windows\system\VgxGQbu.exe

Filesize
6.0MB

MD5
0190414f196315101d1102f1be5e808e

SHA1
298e57a8186dc42f1d40551deacef3a32a77d10e

SHA256
bfec244d74ae37220e636717be15dac73489a7e4789b007dd09e8763c59dd1be

SHA512
ac1f387c2ca7ed135d5438293a6a88a267e9922b10de29b698e6f8721e0a46ba35dd53dada60f577f59b3bdacbee7c54b46c1bf79da7121e232ac7515cc35867

Download Submit
C:\Windows\system\XtjoMhv.exe

Filesize
6.0MB

MD5
dcf91d9de16d56bd4ea4474ef311745c

SHA1
f0a5b17456fab2b3d38f7d797e266208b145226a

SHA256
b5ae6d040379bd7c6978696d8bdbc61c5dd97f03d68b8e4a6b12123e2a9a2d52

SHA512
d0bc16317c47f376f4c3bbfe51b6bfc4ca3f73848312c07666dfb479f9d146f4d4cd3b502ab016cfc9ceae5afe6e70ed116344a70cc504f99d5a73a7de49330a

Download Submit
C:\Windows\system\cmHYJco.exe

Filesize
6.0MB

MD5
b07b99c160fd230b0ce158dc3e7900a9

SHA1
3a03e518bdcacbb01a69fa82a309b8d3062315c7

SHA256
7200269f8e326d56de1884e5ab88c28b5ba7d2042e4aa303c3bc28a129cdaf18

SHA512
17e92657a885002591f82460efaa7acab575da4ed90b8d5c8b2f53ab4a6ffa69c71b6b2e29b85762b6eb2953bfccf9a2f13e67d668bbd9ab0108d75b3ce12916

Download Submit
C:\Windows\system\iSuxsKc.exe

Filesize
6.0MB

MD5
1ec87303cec76a483863b187ae8337be

SHA1
2ac50886df1e487af16458f9f9e50cec15bece50

SHA256
423e2429fff742d0ef2956896ff7c416ba53e9b47da96deade6bc44ce0cdc48f

SHA512
e9b84afbca5cdc452e00d2350c30ee73069c8e42a0979e469ac25985063f75714fa7c8fcb25be1b2ba5b94a6e3e70a624172397d70da3c86d832520b8736c612

Download Submit
C:\Windows\system\kXbQkIS.exe

Filesize
6.0MB

MD5
37ac10e6aa456ef4db212f194928f450

SHA1
33406a78d08d1b67e466b08ef4525a7f5fa03f4d

SHA256
67e667a8c7a92e32c1ee13ec5c73fcb68e2e67ea890dffdadf579869e7431412

SHA512
3825dc8742d63c764c802126dd32269a65900556aec192d95be81bb114001a4a1906a2857764154c4ccd0db8fcf9cc7d3c4b4f3b134ea47ae65ca0470b1e58ec

Download Submit
C:\Windows\system\rPpGGLm.exe

Filesize
6.0MB

MD5
b6d93fa84548f14ae01a68f2009f035a

SHA1
88ab51afcd3db063016d2438acd07bc1a7f9983c

SHA256
6d3aee815780c903aabf606e2cc8ddfec5db2c26b9f139ffec68e34594d64da9

SHA512
3785c68fb55cd76f419f0e624119f85e5183e320c5f7d12eaed02582a9eaad3411085b76f30b23e32f18f58c695dc1e8356d3baf3324398e858417bbff91c10c

Download Submit
C:\Windows\system\tahsqAE.exe

Filesize
6.0MB

MD5
d8872631307fdf95ed504fa573cf84a8

SHA1
4f1af3b8bfb4b4a3f809f16c000aff1cd0ac0b38

SHA256
cb4e131c731e350a64484134475c2d31300e371d34aecbca7c9bcba2e2ba4bdc

SHA512
c7807f761a5d360e1d09e43f0f48b4171f4bf0704ca34019b09650ac9776c049ad3067aedefd4f97a659a91b25bd3b9d0e5e3cbbcb5ebd81e9e0c116c7f70da2

Download Submit
C:\Windows\system\uZsOueB.exe

Filesize
6.0MB

MD5
f71048c0e39e2cbd72c5a40b0372f8d0

SHA1
cdb023122e944498416b4af0f08da2dd9c928b33

SHA256
f31cd33a0d0a60937c6eb6c63b014e30829c018691ccfb76da71ccbd97c355e3

SHA512
9f0425410f4f0110c6577c52ffc0322e307d2bc05064655528c3cfc00b4a791d68fe19d8ee26394cf3a5068b29602f6483e507fe6b6f2df848579d3f934c440b

Download Submit
C:\Windows\system\ukPyjjF.exe

Filesize
6.0MB

MD5
002537d4a22f39ca42e91beabfef0ae3

SHA1
2f4945f1bc31e480d90ffb811812886472a62615

SHA256
90d32ec14af5a210e3ab572645122108f5e1cbf923884ec22961bab980fbd4ef

SHA512
6e24c3ab99fae537be2707ca3a0fe6ccbe7237b5ed603901f22d03a796f2e557471a77da62da9897cdd93f7b2af451fca0d78bee8d277203d3904c0167f45a4b

Download Submit
C:\Windows\system\vuogbdI.exe

Filesize
6.0MB

MD5
f74c2336db0f736a67930d3a4f7aafd9

SHA1
92930ece4b1bd011a7a8ecd5061ddc3197cc1b4d

SHA256
1637859b64e8510ada6e09d9155c6dc73cae9d7d2148a9ee0387bb9c9a856f31

SHA512
cd634b944594933d3510c15d53759c45208e45eb70cccdf985d04178ac02fd74935de6402dbd634e5c34f127b1b5f2dcc937a36a48f40b7e7f04a75b720227ff

Download Submit
C:\Windows\system\xWvZHzB.exe

Filesize
6.0MB

MD5
12535913c111abcc9d713e66d5c74c98

SHA1
724282b3d74458f9b75d83ae15ebe15aefd46d66

SHA256
26a851f6a33cc1bb83bb26a7ba8adb5bec3052b414ace001dbf7a688313cc8b2

SHA512
09e473b391d7a8f5e1702e57d470ba7e79434d10413f08d6b28212d9acd4100bf7d75ea55cf01fdce29bba9096b43f6c22dbfe29fd2577cd991471343f7d2627

Download Submit
C:\Windows\system\yjsFyvs.exe

Filesize
6.0MB

MD5
1c11169de006463df2405ecae3516954

SHA1
f325e66c4929e49d3f9448eadbe83d40a36cb99b

SHA256
6c7d73ca1672696d4643835ccce23a552867b7952751c6a00873a994c7fdd0ca

SHA512
6df0290ba22ed7073c03498b12ddea0432c9e89f684e7315bfd95774b3cc8260cbb87edc70d2fff5845cb00daecd87da0ff25f830b96915671b9d80c6d6d6bdc

Download Submit
\Windows\system\ArzYXth.exe

Filesize
6.0MB

MD5
ce9ea68b3f012815cbbc7e11a6d076ee

SHA1
05462e100759f18289dd52dec9393391372c5e7c

SHA256
34e10b125a63960e577b3d5b88eb6dc3ea3a22c9f2fc1aefc8fdd236cbd6f15c

SHA512
bb53be1ddfeaa304f4edfd75cb3a9474b33bee3c976313afaf94b918d6761d66381b089af53877285e79c367672ccada9efe734de9f1b4e32ece5ea0ccbba66d

Download Submit
\Windows\system\DVxwETo.exe

Filesize
6.0MB

MD5
a0c74fa592afe769c6099e0aabb6c7df

SHA1
a1d51136bcfe6254630120616932a48c54ce5168

SHA256
8dc9271a20975f0321ce8f3e9b8386ba3cd35c3e370a8b83f13fc66843ab0246

SHA512
e308178ceebfb3dcc95efb2a0764488c525f6336eae00fac0b0f3de6ec1b4e0f52f49de30d8acc589744df671730d59d3590cc5867273657a7b03c5b48f27497

Download Submit
\Windows\system\LxknaXu.exe

Filesize
6.0MB

MD5
c4ab33b3d109193c772c200b23f7c23c

SHA1
34ea63563a309da7c2f61248c8ce5abe5613321e

SHA256
b8abc9e1fb45f818daef317b58e530916ce35826e87349a84e22f3151ace5ae3

SHA512
316e181ecb2bcfa0fe9ca686817309bdacd3b234daae0dc129cd6653d549f6a06e835a6c05a24e0971d03d1412d7cebf22769515e55c959a0ed30a443a6c9bc5

Download Submit
\Windows\system\QlrcSHs.exe

Filesize
6.0MB

MD5
53725e30db7c2b00889ca9c7e26b242e

SHA1
7d845d4e06ea3ae90e0cd224b62b24b048cbf74c

SHA256
677e25e940edf89e6751a2e7532d0661066f054381396505c166d78dba23a401

SHA512
161d846854fa24d5ef4bf80458b20d2aa9145fed2a4b73effa7e0daabe9bafa4080d9572cd7f71bce74cf09715ae5b1e021337c4b97dae920dd023a4be249098

Download Submit
\Windows\system\jsfSKHa.exe

Filesize
6.0MB

MD5
caf491d8c21128794cd5d8efd808e1d9

SHA1
14bdf51dafd3062db5e3aa7cc2b55ce6d3d830c2

SHA256
323fe5408ff1afb1221d6439bfa987dfc0c366d75bf429a53b47469ed4e37196

SHA512
8c17b0646ad292e5cf29c39ff75ef1b7b77843097800c83f30d55663e32f689fb738ad74a405f05a11abca8ddef888167125496f9af4316b71205bb05e63fc34

Download Submit
\Windows\system\laullsm.exe

Filesize
6.0MB

MD5
ce66697b31c258b3fcd061e9dab689a0

SHA1
fbf1e00c89efdc7157783b461128532df8fb68e5

SHA256
41099ce0b476e9367fb970d130df50d8e0eb4c3bd702fb2271dcfcff8ed444d6

SHA512
386de32934ed9bae941c595caf8d9d5683590d48ebc6b07e2e4766f2bbbf9510b7f8c945a9ab26e99738dc752c5859fdc9bbbd8f74164cb56b07df02bffd188d

Download Submit
memory/1268-100-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1268-609-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1268-3869-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-82-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1704-3749-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1704-208-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1892-3538-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1892-9-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-80-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/1988-36-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/1988-3541-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2036-88-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2036-78-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2036-104-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-341-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2036-98-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-23-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-106-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2036-112-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2036-90-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2036-29-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-75-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2036-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2036-8-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-536-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-40-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-18-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-50-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2036-0-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2036-68-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-33-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2308-3802-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2308-92-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2384-55-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2384-3772-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2384-93-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2548-27-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-3533-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-62-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-53-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-3539-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-14-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-56-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2588-21-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2588-3534-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2768-52-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2768-91-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3746-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3742-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-83-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-47-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-108-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3895-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-3750-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2904-77-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2940-3766-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2940-76-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download