cobaltstrike | bdabce77d3b990afc7d4abdb7a22c87e9d162085b7215a7284a28ccff8fc5058

Analysis

max time kernel
108s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 01:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0662c199ad043fb90dd2613607af4cb2
SHA1

724dca134dba2fa0f87eacc49c709eeb73498b36
SHA256

bdabce77d3b990afc7d4abdb7a22c87e9d162085b7215a7284a28ccff8fc5058
SHA512

c2562a0ebab57d0b55fc6520d8d277896703a93286a574d855e1cc6e98b16e7a437043c2f4a98d2e8580264478fa43791c35a95d646bed7b182eb89dbb3eac67
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUO:T+q56utgpPF8u/7O

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012262-3.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001756b-11.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-9.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000016fc9-33.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186b7-27.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186bb-39.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c3-46.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b05-55.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b28-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-75.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-98.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-197.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-192.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-131.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-116.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2776-0-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012262-3.dat	xmrig
behavioral1/files/0x000900000001756b-11.dat	xmrig
behavioral1/memory/2812-13-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2924-16-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-9.dat	xmrig
behavioral1/memory/2848-21-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x000d000000016fc9-33.dat	xmrig
behavioral1/memory/1860-32-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000186b7-27.dat	xmrig
behavioral1/memory/2776-36-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2716-37-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/files/0x00060000000186bb-39.dat	xmrig
behavioral1/memory/2740-44-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2812-43-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/files/0x00060000000186c3-46.dat	xmrig
behavioral1/memory/2924-52-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2720-53-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2848-54-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x0008000000018b05-55.dat	xmrig
behavioral1/memory/432-61-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/1196-69-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x0008000000018b28-65.dat	xmrig
behavioral1/files/0x00050000000195c5-75.dat	xmrig
behavioral1/memory/2004-77-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2740-76-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-85.dat	xmrig
behavioral1/memory/2520-91-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/3004-99-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-98.dat	xmrig
behavioral1/memory/2776-84-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c6-82.dat	xmrig
behavioral1/memory/1872-87-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019643-101.dat	xmrig
behavioral1/memory/1672-105-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001975a-108.dat	xmrig
behavioral1/files/0x0005000000019820-126.dat	xmrig
behavioral1/files/0x0005000000019bf5-137.dat	xmrig
behavioral1/files/0x0005000000019d61-158.dat	xmrig
behavioral1/files/0x0005000000019c3c-152.dat	xmrig
behavioral1/files/0x0005000000019d6d-167.dat	xmrig
behavioral1/files/0x0005000000019fd4-177.dat	xmrig
behavioral1/memory/2776-430-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/1672-385-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/3004-289-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2520-214-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x000500000001a0b6-197.dat	xmrig
behavioral1/files/0x000500000001a049-192.dat	xmrig
behavioral1/files/0x000500000001a03c-187.dat	xmrig
behavioral1/files/0x0005000000019fdd-182.dat	xmrig
behavioral1/files/0x0005000000019e92-172.dat	xmrig
behavioral1/files/0x0005000000019d62-162.dat	xmrig
behavioral1/memory/1872-144-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf9-147.dat	xmrig
behavioral1/files/0x0005000000019bf6-141.dat	xmrig
behavioral1/files/0x000500000001998d-131.dat	xmrig
behavioral1/files/0x00050000000197fd-121.dat	xmrig
behavioral1/files/0x0005000000019761-116.dat	xmrig
behavioral1/memory/2004-109-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2812-1220-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2716-1343-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2740-1519-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2720-1523-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/432-1551-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2812	yRLBnui.exe
2924	OANbJuP.exe
2848	bdochHG.exe
1860	gucvgbN.exe
2716	bazWrYb.exe
2740	bzxgfZX.exe
2720	pWUKHrO.exe
432	UVLNzjd.exe
1196	wytfjTc.exe
2004	lUSshKw.exe
1872	vXgRMQv.exe
2520	eJqvNkq.exe
3004	WdMQyTJ.exe
1672	fPniqWJ.exe
2992	YqcqUER.exe
3000	FZvPGMh.exe
1656	dwNpGhp.exe
1944	KGBoJXW.exe
2020	xRtnbEx.exe
2024	uKtdxBm.exe
1052	eMTxpxt.exe
2164	ggSmsxI.exe
2008	fqyYUqf.exe
2236	NzIWgkm.exe
1144	gINYZPP.exe
2504	uudYxTA.exe
1060	hCrkpgQ.exe
680	MDqOrdR.exe
1552	eTGBEyT.exe
1472	RmKevps.exe
788	AEugkhA.exe
2124	vlqniFs.exe
2552	AVYEEkg.exe
1512	PrcfKnT.exe
364	JVnafHb.exe
2536	XjdGxer.exe
1356	wstTFmS.exe
1736	fWfUgkx.exe
1816	jiMIjUh.exe
1956	osYqZZx.exe
1352	ideXQbX.exe
2336	BLlKMok.exe
544	HJAtlQk.exe
2636	VsjuQWj.exe
1876	wGrUian.exe
1896	QrvOBkQ.exe
284	yJQUdif.exe
1704	QXjnXQx.exe
2436	mVwfWNZ.exe
2856	QpxOjSp.exe
1560	ZkMOgPO.exe
2892	KBsxIHF.exe
2704	jBvftmm.exe
2708	EukSlqd.exe
2724	GNmJhzJ.exe
3048	ukIafFk.exe
1236	VdcRGqL.exe
2976	uwiaZIs.exe
1668	ZeFLHHv.exe
1184	hgtnFgr.exe
2700	FOkQiKT.exe
1372	hhuOzgK.exe
2800	gVeLGAF.exe
2096	GbQcIsq.exe

Loads dropped DLL 64 IoCs

pid	Process
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2776-0-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x000b000000012262-3.dat	upx
behavioral1/files/0x000900000001756b-11.dat	upx
behavioral1/memory/2812-13-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2924-16-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x0002000000018334-9.dat	upx
behavioral1/memory/2848-21-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x000d000000016fc9-33.dat	upx
behavioral1/memory/1860-32-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x00060000000186b7-27.dat	upx
behavioral1/memory/2776-36-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2716-37-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/files/0x00060000000186bb-39.dat	upx
behavioral1/memory/2740-44-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2812-43-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/files/0x00060000000186c3-46.dat	upx
behavioral1/memory/2924-52-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2720-53-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2848-54-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x0008000000018b05-55.dat	upx
behavioral1/memory/432-61-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/1196-69-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x0008000000018b28-65.dat	upx
behavioral1/files/0x00050000000195c5-75.dat	upx
behavioral1/memory/2004-77-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2740-76-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/files/0x00050000000195c7-85.dat	upx
behavioral1/memory/2520-91-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/3004-99-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x000500000001960c-98.dat	upx
behavioral1/files/0x00050000000195c6-82.dat	upx
behavioral1/memory/1872-87-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x0005000000019643-101.dat	upx
behavioral1/memory/1672-105-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x000500000001975a-108.dat	upx
behavioral1/files/0x0005000000019820-126.dat	upx
behavioral1/files/0x0005000000019bf5-137.dat	upx
behavioral1/files/0x0005000000019d61-158.dat	upx
behavioral1/files/0x0005000000019c3c-152.dat	upx
behavioral1/files/0x0005000000019d6d-167.dat	upx
behavioral1/files/0x0005000000019fd4-177.dat	upx
behavioral1/memory/1672-385-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/3004-289-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2520-214-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x000500000001a0b6-197.dat	upx
behavioral1/files/0x000500000001a049-192.dat	upx
behavioral1/files/0x000500000001a03c-187.dat	upx
behavioral1/files/0x0005000000019fdd-182.dat	upx
behavioral1/files/0x0005000000019e92-172.dat	upx
behavioral1/files/0x0005000000019d62-162.dat	upx
behavioral1/memory/1872-144-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x0005000000019bf9-147.dat	upx
behavioral1/files/0x0005000000019bf6-141.dat	upx
behavioral1/files/0x000500000001998d-131.dat	upx
behavioral1/files/0x00050000000197fd-121.dat	upx
behavioral1/files/0x0005000000019761-116.dat	upx
behavioral1/memory/2004-109-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2812-1220-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2716-1343-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2740-1519-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2720-1523-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/432-1551-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/1860-1313-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/1196-1552-0x000000013F130000-0x000000013F484000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\WRfEmZs.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BwXMugY.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RmKevps.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZeFLHHv.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DjCRuNF.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gfMvhcO.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhqiDXp.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\socMayR.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CPbsuVQ.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kfPrTdL.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wGrUian.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EjPEZmP.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uBjVESS.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MZpCZZt.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mkEmUCz.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WXSIADw.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mfasbam.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\csLkdLA.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbqThet.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HIBNhoo.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdYeGyy.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LGLFMiI.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SDtcAzT.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VUbmLqE.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CfYlkJv.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SVrsDpm.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVLGVxy.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eiYrmsO.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HDPLAdY.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UUYmypo.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwudCFK.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RiXfzgQ.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vGbPUQf.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\syXtGJq.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fueuOXe.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Uhznliw.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tJxvetd.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sOYqfzP.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vUTLRdw.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uudYxTA.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KYGtXtd.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wqrctXz.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qnfxniT.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zvIjHcB.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OMZgkiI.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hKLXZrt.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OetwDpt.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AumMYOw.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FrphdXE.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHSFqhL.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dYTrUwt.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iOGxWkS.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\izikALm.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pNRJdji.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rITZwaW.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jOlhiSZ.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EObSnHW.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zgxbtZQ.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hrVQaqX.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tFjtIpy.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IAsLeTd.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QLfwWyv.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TAImiAS.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMXNYFR.exe	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2924	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2776 wrote to memory of 2924	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2776 wrote to memory of 2924	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2776 wrote to memory of 2812	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2776 wrote to memory of 2812	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2776 wrote to memory of 2812	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2776 wrote to memory of 2848	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2776 wrote to memory of 2848	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2776 wrote to memory of 2848	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2776 wrote to memory of 1860	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2776 wrote to memory of 1860	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2776 wrote to memory of 1860	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2776 wrote to memory of 2716	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2776 wrote to memory of 2716	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2776 wrote to memory of 2716	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2776 wrote to memory of 2740	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2776 wrote to memory of 2740	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2776 wrote to memory of 2740	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2776 wrote to memory of 2720	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2776 wrote to memory of 2720	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2776 wrote to memory of 2720	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2776 wrote to memory of 432	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2776 wrote to memory of 432	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2776 wrote to memory of 432	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2776 wrote to memory of 1196	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2776 wrote to memory of 1196	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2776 wrote to memory of 1196	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2776 wrote to memory of 2004	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2776 wrote to memory of 2004	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2776 wrote to memory of 2004	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2776 wrote to memory of 1872	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2776 wrote to memory of 1872	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2776 wrote to memory of 1872	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2776 wrote to memory of 2520	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2776 wrote to memory of 2520	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2776 wrote to memory of 2520	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2776 wrote to memory of 3004	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2776 wrote to memory of 3004	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2776 wrote to memory of 3004	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2776 wrote to memory of 1672	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2776 wrote to memory of 1672	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2776 wrote to memory of 1672	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2776 wrote to memory of 2992	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2776 wrote to memory of 2992	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2776 wrote to memory of 2992	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2776 wrote to memory of 3000	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2776 wrote to memory of 3000	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2776 wrote to memory of 3000	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2776 wrote to memory of 1656	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2776 wrote to memory of 1656	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2776 wrote to memory of 1656	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2776 wrote to memory of 1944	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2776 wrote to memory of 1944	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2776 wrote to memory of 1944	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2776 wrote to memory of 2020	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2776 wrote to memory of 2020	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2776 wrote to memory of 2020	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2776 wrote to memory of 2024	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2776 wrote to memory of 2024	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2776 wrote to memory of 2024	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2776 wrote to memory of 1052	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2776 wrote to memory of 1052	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2776 wrote to memory of 1052	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2776 wrote to memory of 2164	2776	2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_0662c199ad043fb90dd2613607af4cb2_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Windows\System\OANbJuP.exe
  C:\Windows\System\OANbJuP.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\yRLBnui.exe
  C:\Windows\System\yRLBnui.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\bdochHG.exe
  C:\Windows\System\bdochHG.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\gucvgbN.exe
  C:\Windows\System\gucvgbN.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\bazWrYb.exe
  C:\Windows\System\bazWrYb.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\bzxgfZX.exe
  C:\Windows\System\bzxgfZX.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\pWUKHrO.exe
  C:\Windows\System\pWUKHrO.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\UVLNzjd.exe
  C:\Windows\System\UVLNzjd.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\wytfjTc.exe
  C:\Windows\System\wytfjTc.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\lUSshKw.exe
  C:\Windows\System\lUSshKw.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\vXgRMQv.exe
  C:\Windows\System\vXgRMQv.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\eJqvNkq.exe
  C:\Windows\System\eJqvNkq.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\WdMQyTJ.exe
  C:\Windows\System\WdMQyTJ.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\fPniqWJ.exe
  C:\Windows\System\fPniqWJ.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\YqcqUER.exe
  C:\Windows\System\YqcqUER.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\FZvPGMh.exe
  C:\Windows\System\FZvPGMh.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\dwNpGhp.exe
  C:\Windows\System\dwNpGhp.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\KGBoJXW.exe
  C:\Windows\System\KGBoJXW.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\xRtnbEx.exe
  C:\Windows\System\xRtnbEx.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\uKtdxBm.exe
  C:\Windows\System\uKtdxBm.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\eMTxpxt.exe
  C:\Windows\System\eMTxpxt.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\ggSmsxI.exe
  C:\Windows\System\ggSmsxI.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\fqyYUqf.exe
  C:\Windows\System\fqyYUqf.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\NzIWgkm.exe
  C:\Windows\System\NzIWgkm.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\gINYZPP.exe
  C:\Windows\System\gINYZPP.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\uudYxTA.exe
  C:\Windows\System\uudYxTA.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\hCrkpgQ.exe
  C:\Windows\System\hCrkpgQ.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\MDqOrdR.exe
  C:\Windows\System\MDqOrdR.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\eTGBEyT.exe
  C:\Windows\System\eTGBEyT.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\RmKevps.exe
  C:\Windows\System\RmKevps.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\AEugkhA.exe
  C:\Windows\System\AEugkhA.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\vlqniFs.exe
  C:\Windows\System\vlqniFs.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\AVYEEkg.exe
  C:\Windows\System\AVYEEkg.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\PrcfKnT.exe
  C:\Windows\System\PrcfKnT.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\JVnafHb.exe
  C:\Windows\System\JVnafHb.exe
  2⤵
  - Executes dropped EXE
  PID:364
- C:\Windows\System\XjdGxer.exe
  C:\Windows\System\XjdGxer.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\wstTFmS.exe
  C:\Windows\System\wstTFmS.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\fWfUgkx.exe
  C:\Windows\System\fWfUgkx.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\jiMIjUh.exe
  C:\Windows\System\jiMIjUh.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\osYqZZx.exe
  C:\Windows\System\osYqZZx.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\ideXQbX.exe
  C:\Windows\System\ideXQbX.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\BLlKMok.exe
  C:\Windows\System\BLlKMok.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\HJAtlQk.exe
  C:\Windows\System\HJAtlQk.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\VsjuQWj.exe
  C:\Windows\System\VsjuQWj.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\wGrUian.exe
  C:\Windows\System\wGrUian.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\QrvOBkQ.exe
  C:\Windows\System\QrvOBkQ.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\yJQUdif.exe
  C:\Windows\System\yJQUdif.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\QXjnXQx.exe
  C:\Windows\System\QXjnXQx.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\mVwfWNZ.exe
  C:\Windows\System\mVwfWNZ.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\QpxOjSp.exe
  C:\Windows\System\QpxOjSp.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\ZkMOgPO.exe
  C:\Windows\System\ZkMOgPO.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\KBsxIHF.exe
  C:\Windows\System\KBsxIHF.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\jBvftmm.exe
  C:\Windows\System\jBvftmm.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\EukSlqd.exe
  C:\Windows\System\EukSlqd.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\GNmJhzJ.exe
  C:\Windows\System\GNmJhzJ.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\ukIafFk.exe
  C:\Windows\System\ukIafFk.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\VdcRGqL.exe
  C:\Windows\System\VdcRGqL.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\uwiaZIs.exe
  C:\Windows\System\uwiaZIs.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\ZeFLHHv.exe
  C:\Windows\System\ZeFLHHv.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\hgtnFgr.exe
  C:\Windows\System\hgtnFgr.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\FOkQiKT.exe
  C:\Windows\System\FOkQiKT.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\hhuOzgK.exe
  C:\Windows\System\hhuOzgK.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\gVeLGAF.exe
  C:\Windows\System\gVeLGAF.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\GbQcIsq.exe
  C:\Windows\System\GbQcIsq.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\RFwZZPc.exe
  C:\Windows\System\RFwZZPc.exe
  2⤵
  PID:2132
- C:\Windows\System\moEubmM.exe
  C:\Windows\System\moEubmM.exe
  2⤵
  PID:2932
- C:\Windows\System\OVoEmEf.exe
  C:\Windows\System\OVoEmEf.exe
  2⤵
  PID:760
- C:\Windows\System\PnUMRBV.exe
  C:\Windows\System\PnUMRBV.exe
  2⤵
  PID:316
- C:\Windows\System\vSFDIDl.exe
  C:\Windows\System\vSFDIDl.exe
  2⤵
  PID:2144
- C:\Windows\System\UelerjR.exe
  C:\Windows\System\UelerjR.exe
  2⤵
  PID:2360
- C:\Windows\System\dYTrUwt.exe
  C:\Windows\System\dYTrUwt.exe
  2⤵
  PID:2492
- C:\Windows\System\oGCRdbB.exe
  C:\Windows\System\oGCRdbB.exe
  2⤵
  PID:1980
- C:\Windows\System\dstItJJ.exe
  C:\Windows\System\dstItJJ.exe
  2⤵
  PID:2340
- C:\Windows\System\FdvWKMN.exe
  C:\Windows\System\FdvWKMN.exe
  2⤵
  PID:828
- C:\Windows\System\RuvrCYe.exe
  C:\Windows\System\RuvrCYe.exe
  2⤵
  PID:876
- C:\Windows\System\XRLMFyx.exe
  C:\Windows\System\XRLMFyx.exe
  2⤵
  PID:1916
- C:\Windows\System\UHwvuly.exe
  C:\Windows\System\UHwvuly.exe
  2⤵
  PID:2040
- C:\Windows\System\dHACowK.exe
  C:\Windows\System\dHACowK.exe
  2⤵
  PID:1388
- C:\Windows\System\pnKcSaC.exe
  C:\Windows\System\pnKcSaC.exe
  2⤵
  PID:1812
- C:\Windows\System\iPnMqZk.exe
  C:\Windows\System\iPnMqZk.exe
  2⤵
  PID:2940
- C:\Windows\System\hBlfFgy.exe
  C:\Windows\System\hBlfFgy.exe
  2⤵
  PID:588
- C:\Windows\System\mjOWzpK.exe
  C:\Windows\System\mjOWzpK.exe
  2⤵
  PID:2908
- C:\Windows\System\CVLGVxy.exe
  C:\Windows\System\CVLGVxy.exe
  2⤵
  PID:560
- C:\Windows\System\YuVoDjk.exe
  C:\Windows\System\YuVoDjk.exe
  2⤵
  PID:1004
- C:\Windows\System\UAkyTRq.exe
  C:\Windows\System\UAkyTRq.exe
  2⤵
  PID:2328
- C:\Windows\System\qdNIrBe.exe
  C:\Windows\System\qdNIrBe.exe
  2⤵
  PID:2508
- C:\Windows\System\CuPOhKz.exe
  C:\Windows\System\CuPOhKz.exe
  2⤵
  PID:2596
- C:\Windows\System\teTvcmk.exe
  C:\Windows\System\teTvcmk.exe
  2⤵
  PID:1536
- C:\Windows\System\cYmJIIl.exe
  C:\Windows\System\cYmJIIl.exe
  2⤵
  PID:1564
- C:\Windows\System\vZnzxkI.exe
  C:\Windows\System\vZnzxkI.exe
  2⤵
  PID:2864
- C:\Windows\System\AzqPuTz.exe
  C:\Windows\System\AzqPuTz.exe
  2⤵
  PID:2228
- C:\Windows\System\nxkBntd.exe
  C:\Windows\System\nxkBntd.exe
  2⤵
  PID:1952
- C:\Windows\System\vOuROpe.exe
  C:\Windows\System\vOuROpe.exe
  2⤵
  PID:3012
- C:\Windows\System\VIRUiqu.exe
  C:\Windows\System\VIRUiqu.exe
  2⤵
  PID:1936
- C:\Windows\System\FmBayfk.exe
  C:\Windows\System\FmBayfk.exe
  2⤵
  PID:2688
- C:\Windows\System\WgUnvPR.exe
  C:\Windows\System\WgUnvPR.exe
  2⤵
  PID:2960
- C:\Windows\System\XdgMIST.exe
  C:\Windows\System\XdgMIST.exe
  2⤵
  PID:1968
- C:\Windows\System\EjPEZmP.exe
  C:\Windows\System\EjPEZmP.exe
  2⤵
  PID:2368
- C:\Windows\System\mKcdjKf.exe
  C:\Windows\System\mKcdjKf.exe
  2⤵
  PID:516
- C:\Windows\System\KYGtXtd.exe
  C:\Windows\System\KYGtXtd.exe
  2⤵
  PID:2584
- C:\Windows\System\DjCRuNF.exe
  C:\Windows\System\DjCRuNF.exe
  2⤵
  PID:3036
- C:\Windows\System\gyIEJzx.exe
  C:\Windows\System\gyIEJzx.exe
  2⤵
  PID:520
- C:\Windows\System\KRRNqkT.exe
  C:\Windows\System\KRRNqkT.exe
  2⤵
  PID:2272
- C:\Windows\System\VKRGJPb.exe
  C:\Windows\System\VKRGJPb.exe
  2⤵
  PID:1592
- C:\Windows\System\GcsoCYH.exe
  C:\Windows\System\GcsoCYH.exe
  2⤵
  PID:1800
- C:\Windows\System\MHSqaGl.exe
  C:\Windows\System\MHSqaGl.exe
  2⤵
  PID:324
- C:\Windows\System\xTnEjwo.exe
  C:\Windows\System\xTnEjwo.exe
  2⤵
  PID:1580
- C:\Windows\System\MtmkHWG.exe
  C:\Windows\System\MtmkHWG.exe
  2⤵
  PID:2324
- C:\Windows\System\yQYmYZS.exe
  C:\Windows\System\yQYmYZS.exe
  2⤵
  PID:2312
- C:\Windows\System\EUeirxs.exe
  C:\Windows\System\EUeirxs.exe
  2⤵
  PID:2140
- C:\Windows\System\CuqtfoS.exe
  C:\Windows\System\CuqtfoS.exe
  2⤵
  PID:2840
- C:\Windows\System\AxPRshJ.exe
  C:\Windows\System\AxPRshJ.exe
  2⤵
  PID:3028
- C:\Windows\System\jbBHFBE.exe
  C:\Windows\System\jbBHFBE.exe
  2⤵
  PID:2104
- C:\Windows\System\lzMrDTk.exe
  C:\Windows\System\lzMrDTk.exe
  2⤵
  PID:2076
- C:\Windows\System\XorTUay.exe
  C:\Windows\System\XorTUay.exe
  2⤵
  PID:2212
- C:\Windows\System\AtAjzJw.exe
  C:\Windows\System\AtAjzJw.exe
  2⤵
  PID:920
- C:\Windows\System\ZEzNHmD.exe
  C:\Windows\System\ZEzNHmD.exe
  2⤵
  PID:2176
- C:\Windows\System\lizLCSc.exe
  C:\Windows\System\lizLCSc.exe
  2⤵
  PID:3024
- C:\Windows\System\CHussit.exe
  C:\Windows\System\CHussit.exe
  2⤵
  PID:2548
- C:\Windows\System\GkMzxJw.exe
  C:\Windows\System\GkMzxJw.exe
  2⤵
  PID:2388
- C:\Windows\System\SaMDIlZ.exe
  C:\Windows\System\SaMDIlZ.exe
  2⤵
  PID:3056
- C:\Windows\System\SifnFEx.exe
  C:\Windows\System\SifnFEx.exe
  2⤵
  PID:2208
- C:\Windows\System\jecUoOi.exe
  C:\Windows\System\jecUoOi.exe
  2⤵
  PID:2200
- C:\Windows\System\uzKaVXr.exe
  C:\Windows\System\uzKaVXr.exe
  2⤵
  PID:1320
- C:\Windows\System\LRJDWHw.exe
  C:\Windows\System\LRJDWHw.exe
  2⤵
  PID:2352
- C:\Windows\System\gpbEJbo.exe
  C:\Windows\System\gpbEJbo.exe
  2⤵
  PID:2768
- C:\Windows\System\mPVEcvT.exe
  C:\Windows\System\mPVEcvT.exe
  2⤵
  PID:1156
- C:\Windows\System\xxvqSOU.exe
  C:\Windows\System\xxvqSOU.exe
  2⤵
  PID:1888
- C:\Windows\System\JlIfeKR.exe
  C:\Windows\System\JlIfeKR.exe
  2⤵
  PID:2524
- C:\Windows\System\NBFljio.exe
  C:\Windows\System\NBFljio.exe
  2⤵
  PID:2112
- C:\Windows\System\QvvSQFJ.exe
  C:\Windows\System\QvvSQFJ.exe
  2⤵
  PID:864
- C:\Windows\System\GUNKQBo.exe
  C:\Windows\System\GUNKQBo.exe
  2⤵
  PID:1232
- C:\Windows\System\IbqThet.exe
  C:\Windows\System\IbqThet.exe
  2⤵
  PID:2300
- C:\Windows\System\cdAKZjr.exe
  C:\Windows\System\cdAKZjr.exe
  2⤵
  PID:2404
- C:\Windows\System\pNHNakr.exe
  C:\Windows\System\pNHNakr.exe
  2⤵
  PID:1136
- C:\Windows\System\eFUdDSN.exe
  C:\Windows\System\eFUdDSN.exe
  2⤵
  PID:2000
- C:\Windows\System\jNtxexV.exe
  C:\Windows\System\jNtxexV.exe
  2⤵
  PID:2680
- C:\Windows\System\zLgenmX.exe
  C:\Windows\System\zLgenmX.exe
  2⤵
  PID:2444
- C:\Windows\System\mLBUMYv.exe
  C:\Windows\System\mLBUMYv.exe
  2⤵
  PID:2808
- C:\Windows\System\QgMiftP.exe
  C:\Windows\System\QgMiftP.exe
  2⤵
  PID:612
- C:\Windows\System\buLobyv.exe
  C:\Windows\System\buLobyv.exe
  2⤵
  PID:2500
- C:\Windows\System\jedfBgG.exe
  C:\Windows\System\jedfBgG.exe
  2⤵
  PID:2172
- C:\Windows\System\uQojqZi.exe
  C:\Windows\System\uQojqZi.exe
  2⤵
  PID:1384
- C:\Windows\System\VXGwrGV.exe
  C:\Windows\System\VXGwrGV.exe
  2⤵
  PID:3052
- C:\Windows\System\iOGxWkS.exe
  C:\Windows\System\iOGxWkS.exe
  2⤵
  PID:2344
- C:\Windows\System\lhKWuTY.exe
  C:\Windows\System\lhKWuTY.exe
  2⤵
  PID:2180
- C:\Windows\System\ZmfGDiA.exe
  C:\Windows\System\ZmfGDiA.exe
  2⤵
  PID:1880
- C:\Windows\System\qORDEmU.exe
  C:\Windows\System\qORDEmU.exe
  2⤵
  PID:1924
- C:\Windows\System\ptXRZtH.exe
  C:\Windows\System\ptXRZtH.exe
  2⤵
  PID:2248
- C:\Windows\System\DpkwZdD.exe
  C:\Windows\System\DpkwZdD.exe
  2⤵
  PID:1740
- C:\Windows\System\kdqhMgC.exe
  C:\Windows\System\kdqhMgC.exe
  2⤵
  PID:2120
- C:\Windows\System\eGtjgwe.exe
  C:\Windows\System\eGtjgwe.exe
  2⤵
  PID:2260
- C:\Windows\System\srZcFCW.exe
  C:\Windows\System\srZcFCW.exe
  2⤵
  PID:2380
- C:\Windows\System\CeIWJhW.exe
  C:\Windows\System\CeIWJhW.exe
  2⤵
  PID:1660
- C:\Windows\System\BDlqMur.exe
  C:\Windows\System\BDlqMur.exe
  2⤵
  PID:2072
- C:\Windows\System\CGsgius.exe
  C:\Windows\System\CGsgius.exe
  2⤵
  PID:2748
- C:\Windows\System\PrNHlQN.exe
  C:\Windows\System\PrNHlQN.exe
  2⤵
  PID:2216
- C:\Windows\System\xpcyTIP.exe
  C:\Windows\System\xpcyTIP.exe
  2⤵
  PID:2608
- C:\Windows\System\HIBNhoo.exe
  C:\Windows\System\HIBNhoo.exe
  2⤵
  PID:980
- C:\Windows\System\QJnXQZv.exe
  C:\Windows\System\QJnXQZv.exe
  2⤵
  PID:908
- C:\Windows\System\mpANCiJ.exe
  C:\Windows\System\mpANCiJ.exe
  2⤵
  PID:1576
- C:\Windows\System\UFpnLgt.exe
  C:\Windows\System\UFpnLgt.exe
  2⤵
  PID:2456
- C:\Windows\System\FYsiHpw.exe
  C:\Windows\System\FYsiHpw.exe
  2⤵
  PID:2996
- C:\Windows\System\FwABbKR.exe
  C:\Windows\System\FwABbKR.exe
  2⤵
  PID:2188
- C:\Windows\System\UfHqoUi.exe
  C:\Windows\System\UfHqoUi.exe
  2⤵
  PID:3096
- C:\Windows\System\hBPqMPo.exe
  C:\Windows\System\hBPqMPo.exe
  2⤵
  PID:3112
- C:\Windows\System\cNMULfx.exe
  C:\Windows\System\cNMULfx.exe
  2⤵
  PID:3128
- C:\Windows\System\suAlpdW.exe
  C:\Windows\System\suAlpdW.exe
  2⤵
  PID:3148
- C:\Windows\System\VPzOqnn.exe
  C:\Windows\System\VPzOqnn.exe
  2⤵
  PID:3164
- C:\Windows\System\yQdUPII.exe
  C:\Windows\System\yQdUPII.exe
  2⤵
  PID:3184
- C:\Windows\System\gfMvhcO.exe
  C:\Windows\System\gfMvhcO.exe
  2⤵
  PID:3220
- C:\Windows\System\PyBWlwD.exe
  C:\Windows\System\PyBWlwD.exe
  2⤵
  PID:3236
- C:\Windows\System\vgxnvsG.exe
  C:\Windows\System\vgxnvsG.exe
  2⤵
  PID:3256
- C:\Windows\System\IliwmwI.exe
  C:\Windows\System\IliwmwI.exe
  2⤵
  PID:3280
- C:\Windows\System\LDVigET.exe
  C:\Windows\System\LDVigET.exe
  2⤵
  PID:3296
- C:\Windows\System\isRXEuv.exe
  C:\Windows\System\isRXEuv.exe
  2⤵
  PID:3316
- C:\Windows\System\XwiYvSq.exe
  C:\Windows\System\XwiYvSq.exe
  2⤵
  PID:3332
- C:\Windows\System\ZOeroPU.exe
  C:\Windows\System\ZOeroPU.exe
  2⤵
  PID:3364
- C:\Windows\System\TjdfIAf.exe
  C:\Windows\System\TjdfIAf.exe
  2⤵
  PID:3384
- C:\Windows\System\qQlhBCG.exe
  C:\Windows\System\qQlhBCG.exe
  2⤵
  PID:3400
- C:\Windows\System\IMzGGaV.exe
  C:\Windows\System\IMzGGaV.exe
  2⤵
  PID:3416
- C:\Windows\System\LiTlsfj.exe
  C:\Windows\System\LiTlsfj.exe
  2⤵
  PID:3432
- C:\Windows\System\nIfjiXL.exe
  C:\Windows\System\nIfjiXL.exe
  2⤵
  PID:3456
- C:\Windows\System\hJkeXYa.exe
  C:\Windows\System\hJkeXYa.exe
  2⤵
  PID:3472
- C:\Windows\System\UnlCcTZ.exe
  C:\Windows\System\UnlCcTZ.exe
  2⤵
  PID:3500
- C:\Windows\System\QBMPVtb.exe
  C:\Windows\System\QBMPVtb.exe
  2⤵
  PID:3520
- C:\Windows\System\zwashQK.exe
  C:\Windows\System\zwashQK.exe
  2⤵
  PID:3536
- C:\Windows\System\uWghXTR.exe
  C:\Windows\System\uWghXTR.exe
  2⤵
  PID:3584
- C:\Windows\System\rnOELsi.exe
  C:\Windows\System\rnOELsi.exe
  2⤵
  PID:3604
- C:\Windows\System\qUBmCgo.exe
  C:\Windows\System\qUBmCgo.exe
  2⤵
  PID:3620
- C:\Windows\System\IANxJgM.exe
  C:\Windows\System\IANxJgM.exe
  2⤵
  PID:3636
- C:\Windows\System\tgQCXQS.exe
  C:\Windows\System\tgQCXQS.exe
  2⤵
  PID:3656
- C:\Windows\System\AVlKNCQ.exe
  C:\Windows\System\AVlKNCQ.exe
  2⤵
  PID:3672
- C:\Windows\System\OMZgkiI.exe
  C:\Windows\System\OMZgkiI.exe
  2⤵
  PID:3704
- C:\Windows\System\EaFPyWM.exe
  C:\Windows\System\EaFPyWM.exe
  2⤵
  PID:3728
- C:\Windows\System\RoccxvK.exe
  C:\Windows\System\RoccxvK.exe
  2⤵
  PID:3748
- C:\Windows\System\gCWpqVu.exe
  C:\Windows\System\gCWpqVu.exe
  2⤵
  PID:3768
- C:\Windows\System\lAPxtkr.exe
  C:\Windows\System\lAPxtkr.exe
  2⤵
  PID:3788
- C:\Windows\System\GvQEaxx.exe
  C:\Windows\System\GvQEaxx.exe
  2⤵
  PID:3808
- C:\Windows\System\uGtXpyK.exe
  C:\Windows\System\uGtXpyK.exe
  2⤵
  PID:3824
- C:\Windows\System\hKLXZrt.exe
  C:\Windows\System\hKLXZrt.exe
  2⤵
  PID:3840
- C:\Windows\System\MzjCJfn.exe
  C:\Windows\System\MzjCJfn.exe
  2⤵
  PID:3856
- C:\Windows\System\dtmobIJ.exe
  C:\Windows\System\dtmobIJ.exe
  2⤵
  PID:3872
- C:\Windows\System\RrKszGV.exe
  C:\Windows\System\RrKszGV.exe
  2⤵
  PID:3908
- C:\Windows\System\RnhAXOx.exe
  C:\Windows\System\RnhAXOx.exe
  2⤵
  PID:3924
- C:\Windows\System\ZZIxbpt.exe
  C:\Windows\System\ZZIxbpt.exe
  2⤵
  PID:3944
- C:\Windows\System\mIgeQhh.exe
  C:\Windows\System\mIgeQhh.exe
  2⤵
  PID:3960
- C:\Windows\System\bZYWzHP.exe
  C:\Windows\System\bZYWzHP.exe
  2⤵
  PID:3976
- C:\Windows\System\eLdYJei.exe
  C:\Windows\System\eLdYJei.exe
  2⤵
  PID:3996
- C:\Windows\System\NVShsZG.exe
  C:\Windows\System\NVShsZG.exe
  2⤵
  PID:4012
- C:\Windows\System\iprWhiM.exe
  C:\Windows\System\iprWhiM.exe
  2⤵
  PID:4032
- C:\Windows\System\kdXLXEY.exe
  C:\Windows\System\kdXLXEY.exe
  2⤵
  PID:4068
- C:\Windows\System\XwKQolF.exe
  C:\Windows\System\XwKQolF.exe
  2⤵
  PID:4084
- C:\Windows\System\JYNQdoX.exe
  C:\Windows\System\JYNQdoX.exe
  2⤵
  PID:3080
- C:\Windows\System\nwxtxYU.exe
  C:\Windows\System\nwxtxYU.exe
  2⤵
  PID:1928
- C:\Windows\System\ekCVEZi.exe
  C:\Windows\System\ekCVEZi.exe
  2⤵
  PID:2332
- C:\Windows\System\oapXlTe.exe
  C:\Windows\System\oapXlTe.exe
  2⤵
  PID:3160
- C:\Windows\System\zgxbtZQ.exe
  C:\Windows\System\zgxbtZQ.exe
  2⤵
  PID:3200
- C:\Windows\System\QTvDBVo.exe
  C:\Windows\System\QTvDBVo.exe
  2⤵
  PID:3228
- C:\Windows\System\cHdnvxG.exe
  C:\Windows\System\cHdnvxG.exe
  2⤵
  PID:1188
- C:\Windows\System\wBbboja.exe
  C:\Windows\System\wBbboja.exe
  2⤵
  PID:3252
- C:\Windows\System\BmtgysT.exe
  C:\Windows\System\BmtgysT.exe
  2⤵
  PID:3276
- C:\Windows\System\AxehrxX.exe
  C:\Windows\System\AxehrxX.exe
  2⤵
  PID:3304
- C:\Windows\System\wncBquu.exe
  C:\Windows\System\wncBquu.exe
  2⤵
  PID:3340
- C:\Windows\System\WkWOLLG.exe
  C:\Windows\System\WkWOLLG.exe
  2⤵
  PID:3360
- C:\Windows\System\yoroOdw.exe
  C:\Windows\System\yoroOdw.exe
  2⤵
  PID:3408
- C:\Windows\System\JxoCrPC.exe
  C:\Windows\System\JxoCrPC.exe
  2⤵
  PID:3444
- C:\Windows\System\AAzhOpZ.exe
  C:\Windows\System\AAzhOpZ.exe
  2⤵
  PID:3464
- C:\Windows\System\noqGReL.exe
  C:\Windows\System\noqGReL.exe
  2⤵
  PID:3484
- C:\Windows\System\yLzQFxe.exe
  C:\Windows\System\yLzQFxe.exe
  2⤵
  PID:3512
- C:\Windows\System\LTYXjvO.exe
  C:\Windows\System\LTYXjvO.exe
  2⤵
  PID:3516
- C:\Windows\System\NYXKxKG.exe
  C:\Windows\System\NYXKxKG.exe
  2⤵
  PID:3084
- C:\Windows\System\RCLoEgu.exe
  C:\Windows\System\RCLoEgu.exe
  2⤵
  PID:1776
- C:\Windows\System\NzkBIRM.exe
  C:\Windows\System\NzkBIRM.exe
  2⤵
  PID:3592
- C:\Windows\System\uwVnEMI.exe
  C:\Windows\System\uwVnEMI.exe
  2⤵
  PID:3628
- C:\Windows\System\WXSIADw.exe
  C:\Windows\System\WXSIADw.exe
  2⤵
  PID:3668
- C:\Windows\System\GeFyVuT.exe
  C:\Windows\System\GeFyVuT.exe
  2⤵
  PID:3680
- C:\Windows\System\wGvGUwW.exe
  C:\Windows\System\wGvGUwW.exe
  2⤵
  PID:3736
- C:\Windows\System\cDVcTxE.exe
  C:\Windows\System\cDVcTxE.exe
  2⤵
  PID:3764
- C:\Windows\System\zYbCMWx.exe
  C:\Windows\System\zYbCMWx.exe
  2⤵
  PID:3804
- C:\Windows\System\kExifwv.exe
  C:\Windows\System\kExifwv.exe
  2⤵
  PID:3864
- C:\Windows\System\KDvZkmV.exe
  C:\Windows\System\KDvZkmV.exe
  2⤵
  PID:3884
- C:\Windows\System\pueigDF.exe
  C:\Windows\System\pueigDF.exe
  2⤵
  PID:3900
- C:\Windows\System\IMnndMv.exe
  C:\Windows\System\IMnndMv.exe
  2⤵
  PID:3932
- C:\Windows\System\VCpqIdY.exe
  C:\Windows\System\VCpqIdY.exe
  2⤵
  PID:3984
- C:\Windows\System\pRcjprI.exe
  C:\Windows\System\pRcjprI.exe
  2⤵
  PID:3972
- C:\Windows\System\TpdPmdd.exe
  C:\Windows\System\TpdPmdd.exe
  2⤵
  PID:4056
- C:\Windows\System\yMSgJjs.exe
  C:\Windows\System\yMSgJjs.exe
  2⤵
  PID:4044
- C:\Windows\System\mEMVPOd.exe
  C:\Windows\System\mEMVPOd.exe
  2⤵
  PID:996
- C:\Windows\System\syXtGJq.exe
  C:\Windows\System\syXtGJq.exe
  2⤵
  PID:3104
- C:\Windows\System\Fkzefvc.exe
  C:\Windows\System\Fkzefvc.exe
  2⤵
  PID:3124
- C:\Windows\System\jpLxmhX.exe
  C:\Windows\System\jpLxmhX.exe
  2⤵
  PID:3144
- C:\Windows\System\OetwDpt.exe
  C:\Windows\System\OetwDpt.exe
  2⤵
  PID:3172
- C:\Windows\System\cnRBwvz.exe
  C:\Windows\System\cnRBwvz.exe
  2⤵
  PID:3264
- C:\Windows\System\VBzHLvY.exe
  C:\Windows\System\VBzHLvY.exe
  2⤵
  PID:3308
- C:\Windows\System\QNZmIdy.exe
  C:\Windows\System\QNZmIdy.exe
  2⤵
  PID:3428
- C:\Windows\System\Ikvmjsb.exe
  C:\Windows\System\Ikvmjsb.exe
  2⤵
  PID:3396
- C:\Windows\System\dobhxJl.exe
  C:\Windows\System\dobhxJl.exe
  2⤵
  PID:3452
- C:\Windows\System\ZYyuReF.exe
  C:\Windows\System\ZYyuReF.exe
  2⤵
  PID:3488
- C:\Windows\System\MoratPD.exe
  C:\Windows\System\MoratPD.exe
  2⤵
  PID:1652
- C:\Windows\System\GuRiMfJ.exe
  C:\Windows\System\GuRiMfJ.exe
  2⤵
  PID:2220
- C:\Windows\System\ySfuraf.exe
  C:\Windows\System\ySfuraf.exe
  2⤵
  PID:3644
- C:\Windows\System\GnajFMV.exe
  C:\Windows\System\GnajFMV.exe
  2⤵
  PID:3740
- C:\Windows\System\xoKbDll.exe
  C:\Windows\System\xoKbDll.exe
  2⤵
  PID:3848
- C:\Windows\System\nvJlKyz.exe
  C:\Windows\System\nvJlKyz.exe
  2⤵
  PID:3716
- C:\Windows\System\qlSkesn.exe
  C:\Windows\System\qlSkesn.exe
  2⤵
  PID:3820
- C:\Windows\System\VWmORPD.exe
  C:\Windows\System\VWmORPD.exe
  2⤵
  PID:3988
- C:\Windows\System\BqybugZ.exe
  C:\Windows\System\BqybugZ.exe
  2⤵
  PID:4024
- C:\Windows\System\FpjDYjZ.exe
  C:\Windows\System\FpjDYjZ.exe
  2⤵
  PID:3936
- C:\Windows\System\gwonUgj.exe
  C:\Windows\System\gwonUgj.exe
  2⤵
  PID:4052
- C:\Windows\System\LMRuAXX.exe
  C:\Windows\System\LMRuAXX.exe
  2⤵
  PID:3120
- C:\Windows\System\qtCfHHy.exe
  C:\Windows\System\qtCfHHy.exe
  2⤵
  PID:3192
- C:\Windows\System\jDEcqps.exe
  C:\Windows\System\jDEcqps.exe
  2⤵
  PID:992
- C:\Windows\System\AnJCDiS.exe
  C:\Windows\System\AnJCDiS.exe
  2⤵
  PID:3348
- C:\Windows\System\xqmQLaJ.exe
  C:\Windows\System\xqmQLaJ.exe
  2⤵
  PID:3528
- C:\Windows\System\GEmkAmL.exe
  C:\Windows\System\GEmkAmL.exe
  2⤵
  PID:3600
- C:\Windows\System\gJUYqQZ.exe
  C:\Windows\System\gJUYqQZ.exe
  2⤵
  PID:3688
- C:\Windows\System\HoOsuQL.exe
  C:\Windows\System\HoOsuQL.exe
  2⤵
  PID:3832
- C:\Windows\System\tCaKMZx.exe
  C:\Windows\System\tCaKMZx.exe
  2⤵
  PID:3904
- C:\Windows\System\AgCKUeD.exe
  C:\Windows\System\AgCKUeD.exe
  2⤵
  PID:3868
- C:\Windows\System\EpyyWkJ.exe
  C:\Windows\System\EpyyWkJ.exe
  2⤵
  PID:3940
- C:\Windows\System\mQEDmBw.exe
  C:\Windows\System\mQEDmBw.exe
  2⤵
  PID:3920
- C:\Windows\System\qKIDWnS.exe
  C:\Windows\System\qKIDWnS.exe
  2⤵
  PID:3156
- C:\Windows\System\zkiPieP.exe
  C:\Windows\System\zkiPieP.exe
  2⤵
  PID:3092
- C:\Windows\System\UBMbahs.exe
  C:\Windows\System\UBMbahs.exe
  2⤵
  PID:3328
- C:\Windows\System\iSPwHVK.exe
  C:\Windows\System\iSPwHVK.exe
  2⤵
  PID:3424
- C:\Windows\System\KCcZmVd.exe
  C:\Windows\System\KCcZmVd.exe
  2⤵
  PID:3696
- C:\Windows\System\iKUhHEi.exe
  C:\Windows\System\iKUhHEi.exe
  2⤵
  PID:3664
- C:\Windows\System\WIJUReq.exe
  C:\Windows\System\WIJUReq.exe
  2⤵
  PID:2016
- C:\Windows\System\DRTJpiM.exe
  C:\Windows\System\DRTJpiM.exe
  2⤵
  PID:4040
- C:\Windows\System\wTOVXBh.exe
  C:\Windows\System\wTOVXBh.exe
  2⤵
  PID:4048
- C:\Windows\System\UAHGaNY.exe
  C:\Windows\System\UAHGaNY.exe
  2⤵
  PID:732
- C:\Windows\System\AkJMLYi.exe
  C:\Windows\System\AkJMLYi.exe
  2⤵
  PID:3380
- C:\Windows\System\fKEHAYj.exe
  C:\Windows\System\fKEHAYj.exe
  2⤵
  PID:3356
- C:\Windows\System\ZuJeRse.exe
  C:\Windows\System\ZuJeRse.exe
  2⤵
  PID:3556
- C:\Windows\System\ZLxOZnH.exe
  C:\Windows\System\ZLxOZnH.exe
  2⤵
  PID:4020
- C:\Windows\System\dAFfEis.exe
  C:\Windows\System\dAFfEis.exe
  2⤵
  PID:4116
- C:\Windows\System\TIyUmeE.exe
  C:\Windows\System\TIyUmeE.exe
  2⤵
  PID:4136
- C:\Windows\System\mvlzWfb.exe
  C:\Windows\System\mvlzWfb.exe
  2⤵
  PID:4160
- C:\Windows\System\VAosZNw.exe
  C:\Windows\System\VAosZNw.exe
  2⤵
  PID:4180
- C:\Windows\System\bpQwoYB.exe
  C:\Windows\System\bpQwoYB.exe
  2⤵
  PID:4200
- C:\Windows\System\AumMYOw.exe
  C:\Windows\System\AumMYOw.exe
  2⤵
  PID:4236
- C:\Windows\System\JjeqtEX.exe
  C:\Windows\System\JjeqtEX.exe
  2⤵
  PID:4252
- C:\Windows\System\xywRFGV.exe
  C:\Windows\System\xywRFGV.exe
  2⤵
  PID:4272
- C:\Windows\System\hciMlkz.exe
  C:\Windows\System\hciMlkz.exe
  2⤵
  PID:4300
- C:\Windows\System\StTWVlT.exe
  C:\Windows\System\StTWVlT.exe
  2⤵
  PID:4324
- C:\Windows\System\OkOnpgI.exe
  C:\Windows\System\OkOnpgI.exe
  2⤵
  PID:4348
- C:\Windows\System\LqPibrs.exe
  C:\Windows\System\LqPibrs.exe
  2⤵
  PID:4364
- C:\Windows\System\RiXfzgQ.exe
  C:\Windows\System\RiXfzgQ.exe
  2⤵
  PID:4384
- C:\Windows\System\DkKuUol.exe
  C:\Windows\System\DkKuUol.exe
  2⤵
  PID:4400
- C:\Windows\System\ItwUtFO.exe
  C:\Windows\System\ItwUtFO.exe
  2⤵
  PID:4416
- C:\Windows\System\lpsoYqr.exe
  C:\Windows\System\lpsoYqr.exe
  2⤵
  PID:4436
- C:\Windows\System\EorRzOT.exe
  C:\Windows\System\EorRzOT.exe
  2⤵
  PID:4460
- C:\Windows\System\SZuGCJe.exe
  C:\Windows\System\SZuGCJe.exe
  2⤵
  PID:4480
- C:\Windows\System\SNMfwVj.exe
  C:\Windows\System\SNMfwVj.exe
  2⤵
  PID:4504
- C:\Windows\System\IzDioVn.exe
  C:\Windows\System\IzDioVn.exe
  2⤵
  PID:4520
- C:\Windows\System\aSkjEBy.exe
  C:\Windows\System\aSkjEBy.exe
  2⤵
  PID:4544
- C:\Windows\System\iJxxoDa.exe
  C:\Windows\System\iJxxoDa.exe
  2⤵
  PID:4564
- C:\Windows\System\vyBeAns.exe
  C:\Windows\System\vyBeAns.exe
  2⤵
  PID:4584
- C:\Windows\System\hrVQaqX.exe
  C:\Windows\System\hrVQaqX.exe
  2⤵
  PID:4600
- C:\Windows\System\kvDWeIp.exe
  C:\Windows\System\kvDWeIp.exe
  2⤵
  PID:4620
- C:\Windows\System\aipUxgI.exe
  C:\Windows\System\aipUxgI.exe
  2⤵
  PID:4644
- C:\Windows\System\peSoXRC.exe
  C:\Windows\System\peSoXRC.exe
  2⤵
  PID:4660
- C:\Windows\System\fYEiOgf.exe
  C:\Windows\System\fYEiOgf.exe
  2⤵
  PID:4680
- C:\Windows\System\SsjaVJQ.exe
  C:\Windows\System\SsjaVJQ.exe
  2⤵
  PID:4696
- C:\Windows\System\wUFvIvx.exe
  C:\Windows\System\wUFvIvx.exe
  2⤵
  PID:4720
- C:\Windows\System\LYGjCEx.exe
  C:\Windows\System\LYGjCEx.exe
  2⤵
  PID:4752
- C:\Windows\System\hQhWmXB.exe
  C:\Windows\System\hQhWmXB.exe
  2⤵
  PID:4768
- C:\Windows\System\FrphdXE.exe
  C:\Windows\System\FrphdXE.exe
  2⤵
  PID:4784
- C:\Windows\System\DsXEIxg.exe
  C:\Windows\System\DsXEIxg.exe
  2⤵
  PID:4800
- C:\Windows\System\szFigeT.exe
  C:\Windows\System\szFigeT.exe
  2⤵
  PID:4832
- C:\Windows\System\XwiHacx.exe
  C:\Windows\System\XwiHacx.exe
  2⤵
  PID:4848
- C:\Windows\System\IlzgBfy.exe
  C:\Windows\System\IlzgBfy.exe
  2⤵
  PID:4868
- C:\Windows\System\iyBSTNF.exe
  C:\Windows\System\iyBSTNF.exe
  2⤵
  PID:4888
- C:\Windows\System\MXaruLI.exe
  C:\Windows\System\MXaruLI.exe
  2⤵
  PID:4912
- C:\Windows\System\IJPrAni.exe
  C:\Windows\System\IJPrAni.exe
  2⤵
  PID:4928
- C:\Windows\System\YHRlNGq.exe
  C:\Windows\System\YHRlNGq.exe
  2⤵
  PID:4952
- C:\Windows\System\leibynb.exe
  C:\Windows\System\leibynb.exe
  2⤵
  PID:4968
- C:\Windows\System\TMUFthP.exe
  C:\Windows\System\TMUFthP.exe
  2⤵
  PID:4992
- C:\Windows\System\tGimLTx.exe
  C:\Windows\System\tGimLTx.exe
  2⤵
  PID:5012
- C:\Windows\System\qwVjxWB.exe
  C:\Windows\System\qwVjxWB.exe
  2⤵
  PID:5028
- C:\Windows\System\CrpVKSN.exe
  C:\Windows\System\CrpVKSN.exe
  2⤵
  PID:5056
- C:\Windows\System\QlIXpnq.exe
  C:\Windows\System\QlIXpnq.exe
  2⤵
  PID:5076
- C:\Windows\System\kuNqISB.exe
  C:\Windows\System\kuNqISB.exe
  2⤵
  PID:5108
- C:\Windows\System\szIjaMD.exe
  C:\Windows\System\szIjaMD.exe
  2⤵
  PID:3712
- C:\Windows\System\LiahvFc.exe
  C:\Windows\System\LiahvFc.exe
  2⤵
  PID:4104
- C:\Windows\System\lKQhwsN.exe
  C:\Windows\System\lKQhwsN.exe
  2⤵
  PID:4152
- C:\Windows\System\icBcjRz.exe
  C:\Windows\System\icBcjRz.exe
  2⤵
  PID:3076
- C:\Windows\System\VmEplXL.exe
  C:\Windows\System\VmEplXL.exe
  2⤵
  PID:4172
- C:\Windows\System\ammknls.exe
  C:\Windows\System\ammknls.exe
  2⤵
  PID:4220
- C:\Windows\System\smTWkaO.exe
  C:\Windows\System\smTWkaO.exe
  2⤵
  PID:4132
- C:\Windows\System\CkbZxAw.exe
  C:\Windows\System\CkbZxAw.exe
  2⤵
  PID:4168
- C:\Windows\System\OTdjWqS.exe
  C:\Windows\System\OTdjWqS.exe
  2⤵
  PID:4292
- C:\Windows\System\tYzPrnV.exe
  C:\Windows\System\tYzPrnV.exe
  2⤵
  PID:4332
- C:\Windows\System\BGMbQCt.exe
  C:\Windows\System\BGMbQCt.exe
  2⤵
  PID:4376
- C:\Windows\System\fnxItfm.exe
  C:\Windows\System\fnxItfm.exe
  2⤵
  PID:4360
- C:\Windows\System\rMXNkFK.exe
  C:\Windows\System\rMXNkFK.exe
  2⤵
  PID:4456
- C:\Windows\System\Ybaemlz.exe
  C:\Windows\System\Ybaemlz.exe
  2⤵
  PID:4500
- C:\Windows\System\YQjWkHt.exe
  C:\Windows\System\YQjWkHt.exe
  2⤵
  PID:4536
- C:\Windows\System\aQyglLi.exe
  C:\Windows\System\aQyglLi.exe
  2⤵
  PID:4512
- C:\Windows\System\tLbaieF.exe
  C:\Windows\System\tLbaieF.exe
  2⤵
  PID:4580
- C:\Windows\System\zuoOXKO.exe
  C:\Windows\System\zuoOXKO.exe
  2⤵
  PID:4596
- C:\Windows\System\YXzJhNI.exe
  C:\Windows\System\YXzJhNI.exe
  2⤵
  PID:4636
- C:\Windows\System\okLkRbH.exe
  C:\Windows\System\okLkRbH.exe
  2⤵
  PID:4688
- C:\Windows\System\SCyoPiE.exe
  C:\Windows\System\SCyoPiE.exe
  2⤵
  PID:4716
- C:\Windows\System\NKxbSyh.exe
  C:\Windows\System\NKxbSyh.exe
  2⤵
  PID:4748
- C:\Windows\System\qGtxwUi.exe
  C:\Windows\System\qGtxwUi.exe
  2⤵
  PID:4808
- C:\Windows\System\OWxCxyp.exe
  C:\Windows\System\OWxCxyp.exe
  2⤵
  PID:4792
- C:\Windows\System\tcbvtOq.exe
  C:\Windows\System\tcbvtOq.exe
  2⤵
  PID:4828
- C:\Windows\System\IhGVmkm.exe
  C:\Windows\System\IhGVmkm.exe
  2⤵
  PID:4864
- C:\Windows\System\EPmIFah.exe
  C:\Windows\System\EPmIFah.exe
  2⤵
  PID:4900
- C:\Windows\System\JlXCvlI.exe
  C:\Windows\System\JlXCvlI.exe
  2⤵
  PID:4936
- C:\Windows\System\HTrEhiZ.exe
  C:\Windows\System\HTrEhiZ.exe
  2⤵
  PID:4964
- C:\Windows\System\CfSCluR.exe
  C:\Windows\System\CfSCluR.exe
  2⤵
  PID:5020
- C:\Windows\System\tNRepjW.exe
  C:\Windows\System\tNRepjW.exe
  2⤵
  PID:5052
- C:\Windows\System\yLtPugE.exe
  C:\Windows\System\yLtPugE.exe
  2⤵
  PID:5084
- C:\Windows\System\KUomqtx.exe
  C:\Windows\System\KUomqtx.exe
  2⤵
  PID:5096
- C:\Windows\System\iSMyLcj.exe
  C:\Windows\System\iSMyLcj.exe
  2⤵
  PID:4004
- C:\Windows\System\QwsfGOK.exe
  C:\Windows\System\QwsfGOK.exe
  2⤵
  PID:936
- C:\Windows\System\KZpzEqn.exe
  C:\Windows\System\KZpzEqn.exe
  2⤵
  PID:896
- C:\Windows\System\tpSgJYv.exe
  C:\Windows\System\tpSgJYv.exe
  2⤵
  PID:1616
- C:\Windows\System\tbnpfZb.exe
  C:\Windows\System\tbnpfZb.exe
  2⤵
  PID:4192
- C:\Windows\System\xOtdbZm.exe
  C:\Windows\System\xOtdbZm.exe
  2⤵
  PID:4244
- C:\Windows\System\wsIskOd.exe
  C:\Windows\System\wsIskOd.exe
  2⤵
  PID:4128
- C:\Windows\System\oKPjAlq.exe
  C:\Windows\System\oKPjAlq.exe
  2⤵
  PID:4268
- C:\Windows\System\iqaqeXj.exe
  C:\Windows\System\iqaqeXj.exe
  2⤵
  PID:4448
- C:\Windows\System\rrhxtUB.exe
  C:\Windows\System\rrhxtUB.exe
  2⤵
  PID:4408
- C:\Windows\System\XPCqSOL.exe
  C:\Windows\System\XPCqSOL.exe
  2⤵
  PID:4392
- C:\Windows\System\BsVMXOk.exe
  C:\Windows\System\BsVMXOk.exe
  2⤵
  PID:4428
- C:\Windows\System\FObsegv.exe
  C:\Windows\System\FObsegv.exe
  2⤵
  PID:4472
- C:\Windows\System\gEbQRuU.exe
  C:\Windows\System\gEbQRuU.exe
  2⤵
  PID:4560
- C:\Windows\System\oOgAEBa.exe
  C:\Windows\System\oOgAEBa.exe
  2⤵
  PID:4616
- C:\Windows\System\jHScuuh.exe
  C:\Windows\System\jHScuuh.exe
  2⤵
  PID:4656
- C:\Windows\System\KxIApdX.exe
  C:\Windows\System\KxIApdX.exe
  2⤵
  PID:4744
- C:\Windows\System\VjgGWhd.exe
  C:\Windows\System\VjgGWhd.exe
  2⤵
  PID:4712
- C:\Windows\System\oysHlej.exe
  C:\Windows\System\oysHlej.exe
  2⤵
  PID:4876
- C:\Windows\System\QLfwWyv.exe
  C:\Windows\System\QLfwWyv.exe
  2⤵
  PID:4856
- C:\Windows\System\JkrNQkN.exe
  C:\Windows\System\JkrNQkN.exe
  2⤵
  PID:5000
- C:\Windows\System\FCWtaMJ.exe
  C:\Windows\System\FCWtaMJ.exe
  2⤵
  PID:5064
- C:\Windows\System\LMyBxir.exe
  C:\Windows\System\LMyBxir.exe
  2⤵
  PID:5008
- C:\Windows\System\BPDGidu.exe
  C:\Windows\System\BPDGidu.exe
  2⤵
  PID:5088
- C:\Windows\System\fTbdpzl.exe
  C:\Windows\System\fTbdpzl.exe
  2⤵
  PID:2760
- C:\Windows\System\KIVwIZu.exe
  C:\Windows\System\KIVwIZu.exe
  2⤵
  PID:4188
- C:\Windows\System\PZbAQpz.exe
  C:\Windows\System\PZbAQpz.exe
  2⤵
  PID:4248
- C:\Windows\System\rolBQoD.exe
  C:\Windows\System\rolBQoD.exe
  2⤵
  PID:2084
- C:\Windows\System\oZxTwxj.exe
  C:\Windows\System\oZxTwxj.exe
  2⤵
  PID:4340
- C:\Windows\System\LrHBcMZ.exe
  C:\Windows\System\LrHBcMZ.exe
  2⤵
  PID:4320
- C:\Windows\System\aNcolfU.exe
  C:\Windows\System\aNcolfU.exe
  2⤵
  PID:4612
- C:\Windows\System\cJTkUJx.exe
  C:\Windows\System\cJTkUJx.exe
  2⤵
  PID:1484
- C:\Windows\System\Ltkujou.exe
  C:\Windows\System\Ltkujou.exe
  2⤵
  PID:4676
- C:\Windows\System\vgvqOWy.exe
  C:\Windows\System\vgvqOWy.exe
  2⤵
  PID:4760
- C:\Windows\System\GUZOyRr.exe
  C:\Windows\System\GUZOyRr.exe
  2⤵
  PID:4840
- C:\Windows\System\NpQlYYP.exe
  C:\Windows\System\NpQlYYP.exe
  2⤵
  PID:5044
- C:\Windows\System\jyHIcxB.exe
  C:\Windows\System\jyHIcxB.exe
  2⤵
  PID:4148
- C:\Windows\System\naPjwRC.exe
  C:\Windows\System\naPjwRC.exe
  2⤵
  PID:4316
- C:\Windows\System\srOXqBu.exe
  C:\Windows\System\srOXqBu.exe
  2⤵
  PID:4740
- C:\Windows\System\WFeytUs.exe
  C:\Windows\System\WFeytUs.exe
  2⤵
  PID:2852
- C:\Windows\System\lYNRSgz.exe
  C:\Windows\System\lYNRSgz.exe
  2⤵
  PID:4312
- C:\Windows\System\QkVvATC.exe
  C:\Windows\System\QkVvATC.exe
  2⤵
  PID:4488
- C:\Windows\System\ySPutmH.exe
  C:\Windows\System\ySPutmH.exe
  2⤵
  PID:4884
- C:\Windows\System\wTMxqnT.exe
  C:\Windows\System\wTMxqnT.exe
  2⤵
  PID:740
- C:\Windows\System\KVlCVMu.exe
  C:\Windows\System\KVlCVMu.exe
  2⤵
  PID:4732
- C:\Windows\System\DqurmAY.exe
  C:\Windows\System\DqurmAY.exe
  2⤵
  PID:2244
- C:\Windows\System\CaidSvB.exe
  C:\Windows\System\CaidSvB.exe
  2⤵
  PID:4280
- C:\Windows\System\SgXWufh.exe
  C:\Windows\System\SgXWufh.exe
  2⤵
  PID:1720
- C:\Windows\System\FJMmNGK.exe
  C:\Windows\System\FJMmNGK.exe
  2⤵
  PID:4092
- C:\Windows\System\AGpZMkB.exe
  C:\Windows\System\AGpZMkB.exe
  2⤵
  PID:4920
- C:\Windows\System\PkYsjMp.exe
  C:\Windows\System\PkYsjMp.exe
  2⤵
  PID:4232
- C:\Windows\System\cEzbOTI.exe
  C:\Windows\System\cEzbOTI.exe
  2⤵
  PID:4528
- C:\Windows\System\BCWTyzV.exe
  C:\Windows\System\BCWTyzV.exe
  2⤵
  PID:4960
- C:\Windows\System\bJopRPQ.exe
  C:\Windows\System\bJopRPQ.exe
  2⤵
  PID:1292
- C:\Windows\System\gnIxmVv.exe
  C:\Windows\System\gnIxmVv.exe
  2⤵
  PID:4396
- C:\Windows\System\STByYRs.exe
  C:\Windows\System\STByYRs.exe
  2⤵
  PID:5140
- C:\Windows\System\ADFLjCD.exe
  C:\Windows\System\ADFLjCD.exe
  2⤵
  PID:5156
- C:\Windows\System\dnNmKbG.exe
  C:\Windows\System\dnNmKbG.exe
  2⤵
  PID:5172
- C:\Windows\System\wmdXZsC.exe
  C:\Windows\System\wmdXZsC.exe
  2⤵
  PID:5196
- C:\Windows\System\vGbPUQf.exe
  C:\Windows\System\vGbPUQf.exe
  2⤵
  PID:5228
- C:\Windows\System\EBeWUqJ.exe
  C:\Windows\System\EBeWUqJ.exe
  2⤵
  PID:5244
- C:\Windows\System\iZSMvSB.exe
  C:\Windows\System\iZSMvSB.exe
  2⤵
  PID:5264
- C:\Windows\System\RTtpxui.exe
  C:\Windows\System\RTtpxui.exe
  2⤵
  PID:5284
- C:\Windows\System\xAxjLQy.exe
  C:\Windows\System\xAxjLQy.exe
  2⤵
  PID:5308
- C:\Windows\System\pwdccHp.exe
  C:\Windows\System\pwdccHp.exe
  2⤵
  PID:5324
- C:\Windows\System\hFOVEfn.exe
  C:\Windows\System\hFOVEfn.exe
  2⤵
  PID:5340
- C:\Windows\System\jzHFjhC.exe
  C:\Windows\System\jzHFjhC.exe
  2⤵
  PID:5360
- C:\Windows\System\KJuoyIi.exe
  C:\Windows\System\KJuoyIi.exe
  2⤵
  PID:5392
- C:\Windows\System\YwmGDlw.exe
  C:\Windows\System\YwmGDlw.exe
  2⤵
  PID:5408
- C:\Windows\System\kWmlAVs.exe
  C:\Windows\System\kWmlAVs.exe
  2⤵
  PID:5428
- C:\Windows\System\NlGYdTk.exe
  C:\Windows\System\NlGYdTk.exe
  2⤵
  PID:5448
- C:\Windows\System\IgxIMky.exe
  C:\Windows\System\IgxIMky.exe
  2⤵
  PID:5464
- C:\Windows\System\HDPLAdY.exe
  C:\Windows\System\HDPLAdY.exe
  2⤵
  PID:5484
- C:\Windows\System\fBXcYvx.exe
  C:\Windows\System\fBXcYvx.exe
  2⤵
  PID:5512
- C:\Windows\System\SyJWrbp.exe
  C:\Windows\System\SyJWrbp.exe
  2⤵
  PID:5528
- C:\Windows\System\pNRJdji.exe
  C:\Windows\System\pNRJdji.exe
  2⤵
  PID:5552
- C:\Windows\System\KfPjjIw.exe
  C:\Windows\System\KfPjjIw.exe
  2⤵
  PID:5568
- C:\Windows\System\hDsVylR.exe
  C:\Windows\System\hDsVylR.exe
  2⤵
  PID:5592
- C:\Windows\System\xhVorLw.exe
  C:\Windows\System\xhVorLw.exe
  2⤵
  PID:5612
- C:\Windows\System\VCkxmGp.exe
  C:\Windows\System\VCkxmGp.exe
  2⤵
  PID:5628
- C:\Windows\System\HPEavBG.exe
  C:\Windows\System\HPEavBG.exe
  2⤵
  PID:5648
- C:\Windows\System\EgxfRrX.exe
  C:\Windows\System\EgxfRrX.exe
  2⤵
  PID:5668
- C:\Windows\System\BwTguhh.exe
  C:\Windows\System\BwTguhh.exe
  2⤵
  PID:5688
- C:\Windows\System\eednrBa.exe
  C:\Windows\System\eednrBa.exe
  2⤵
  PID:5704
- C:\Windows\System\LJOhfwR.exe
  C:\Windows\System\LJOhfwR.exe
  2⤵
  PID:5728
- C:\Windows\System\ahCvJTY.exe
  C:\Windows\System\ahCvJTY.exe
  2⤵
  PID:5744
- C:\Windows\System\dcNSqFN.exe
  C:\Windows\System\dcNSqFN.exe
  2⤵
  PID:5764
- C:\Windows\System\memMipq.exe
  C:\Windows\System\memMipq.exe
  2⤵
  PID:5788
- C:\Windows\System\cJbnoME.exe
  C:\Windows\System\cJbnoME.exe
  2⤵
  PID:5804
- C:\Windows\System\MdxyCza.exe
  C:\Windows\System\MdxyCza.exe
  2⤵
  PID:5820
- C:\Windows\System\uKBTXdH.exe
  C:\Windows\System\uKBTXdH.exe
  2⤵
  PID:5840
- C:\Windows\System\uSNWDmi.exe
  C:\Windows\System\uSNWDmi.exe
  2⤵
  PID:5864
- C:\Windows\System\KXiWlGr.exe
  C:\Windows\System\KXiWlGr.exe
  2⤵
  PID:5888
- C:\Windows\System\WAvXGSI.exe
  C:\Windows\System\WAvXGSI.exe
  2⤵
  PID:5908
- C:\Windows\System\rhpZZSE.exe
  C:\Windows\System\rhpZZSE.exe
  2⤵
  PID:5928
- C:\Windows\System\MGXJsfZ.exe
  C:\Windows\System\MGXJsfZ.exe
  2⤵
  PID:5960
- C:\Windows\System\wGoNsXB.exe
  C:\Windows\System\wGoNsXB.exe
  2⤵
  PID:5976
- C:\Windows\System\arlxTTf.exe
  C:\Windows\System\arlxTTf.exe
  2⤵
  PID:5996
- C:\Windows\System\JvmkzWx.exe
  C:\Windows\System\JvmkzWx.exe
  2⤵
  PID:6012
- C:\Windows\System\jumYTWM.exe
  C:\Windows\System\jumYTWM.exe
  2⤵
  PID:6040
- C:\Windows\System\fpcKkkd.exe
  C:\Windows\System\fpcKkkd.exe
  2⤵
  PID:6056
- C:\Windows\System\hiFuiFp.exe
  C:\Windows\System\hiFuiFp.exe
  2⤵
  PID:6112
- C:\Windows\System\QjAHMBO.exe
  C:\Windows\System\QjAHMBO.exe
  2⤵
  PID:6128
- C:\Windows\System\OLUGiQO.exe
  C:\Windows\System\OLUGiQO.exe
  2⤵
  PID:3684
- C:\Windows\System\YebRmwL.exe
  C:\Windows\System\YebRmwL.exe
  2⤵
  PID:5152
- C:\Windows\System\xGFZpoV.exe
  C:\Windows\System\xGFZpoV.exe
  2⤵
  PID:5180
- C:\Windows\System\eNjpInz.exe
  C:\Windows\System\eNjpInz.exe
  2⤵
  PID:5208
- C:\Windows\System\snEPsLx.exe
  C:\Windows\System\snEPsLx.exe
  2⤵
  PID:5224
- C:\Windows\System\nONjfcx.exe
  C:\Windows\System\nONjfcx.exe
  2⤵
  PID:5256
- C:\Windows\System\OnmVeSZ.exe
  C:\Windows\System\OnmVeSZ.exe
  2⤵
  PID:5276
- C:\Windows\System\ouhdSXG.exe
  C:\Windows\System\ouhdSXG.exe
  2⤵
  PID:5332
- C:\Windows\System\eBvnZjw.exe
  C:\Windows\System\eBvnZjw.exe
  2⤵
  PID:5348
- C:\Windows\System\BjDmjKy.exe
  C:\Windows\System\BjDmjKy.exe
  2⤵
  PID:5388
- C:\Windows\System\WRfEmZs.exe
  C:\Windows\System\WRfEmZs.exe
  2⤵
  PID:5420
- C:\Windows\System\KHxSKKa.exe
  C:\Windows\System\KHxSKKa.exe
  2⤵
  PID:5472
- C:\Windows\System\zovdBAO.exe
  C:\Windows\System\zovdBAO.exe
  2⤵
  PID:5492
- C:\Windows\System\yFfcICI.exe
  C:\Windows\System\yFfcICI.exe
  2⤵
  PID:5504
- C:\Windows\System\ofJpViR.exe
  C:\Windows\System\ofJpViR.exe
  2⤵
  PID:5548
- C:\Windows\System\dqynfMW.exe
  C:\Windows\System\dqynfMW.exe
  2⤵
  PID:5580
- C:\Windows\System\EChCgGl.exe
  C:\Windows\System\EChCgGl.exe
  2⤵
  PID:5640
- C:\Windows\System\mWmAsEM.exe
  C:\Windows\System\mWmAsEM.exe
  2⤵
  PID:5660
- C:\Windows\System\YCSnOHp.exe
  C:\Windows\System\YCSnOHp.exe
  2⤵
  PID:5676
- C:\Windows\System\aQQAyIQ.exe
  C:\Windows\System\aQQAyIQ.exe
  2⤵
  PID:5716
- C:\Windows\System\lrydPSm.exe
  C:\Windows\System\lrydPSm.exe
  2⤵
  PID:5760
- C:\Windows\System\HrknFAz.exe
  C:\Windows\System\HrknFAz.exe
  2⤵
  PID:5848
- C:\Windows\System\vUdaYXD.exe
  C:\Windows\System\vUdaYXD.exe
  2⤵
  PID:5800
- C:\Windows\System\WkMFvkA.exe
  C:\Windows\System\WkMFvkA.exe
  2⤵
  PID:5900
- C:\Windows\System\nDIdeui.exe
  C:\Windows\System\nDIdeui.exe
  2⤵
  PID:5752
- C:\Windows\System\ZkhRhKN.exe
  C:\Windows\System\ZkhRhKN.exe
  2⤵
  PID:5944
- C:\Windows\System\kvoeBcJ.exe
  C:\Windows\System\kvoeBcJ.exe
  2⤵
  PID:5956
- C:\Windows\System\AkvPvpw.exe
  C:\Windows\System\AkvPvpw.exe
  2⤵
  PID:5968
- C:\Windows\System\JyyuTuS.exe
  C:\Windows\System\JyyuTuS.exe
  2⤵
  PID:6008
- C:\Windows\System\eNSUyys.exe
  C:\Windows\System\eNSUyys.exe
  2⤵
  PID:6068
- C:\Windows\System\KOstTSJ.exe
  C:\Windows\System\KOstTSJ.exe
  2⤵
  PID:4908
- C:\Windows\System\ttLWTKs.exe
  C:\Windows\System\ttLWTKs.exe
  2⤵
  PID:6076
- C:\Windows\System\kycLyYp.exe
  C:\Windows\System\kycLyYp.exe
  2⤵
  PID:5128
- C:\Windows\System\fRiTxHa.exe
  C:\Windows\System\fRiTxHa.exe
  2⤵
  PID:5132
- C:\Windows\System\mwpWaWq.exe
  C:\Windows\System\mwpWaWq.exe
  2⤵
  PID:2988
- C:\Windows\System\CsxQvZX.exe
  C:\Windows\System\CsxQvZX.exe
  2⤵
  PID:5236
- C:\Windows\System\wwdAjAM.exe
  C:\Windows\System\wwdAjAM.exe
  2⤵
  PID:5296
- C:\Windows\System\UUYmypo.exe
  C:\Windows\System\UUYmypo.exe
  2⤵
  PID:5380
- C:\Windows\System\OCPTdrG.exe
  C:\Windows\System\OCPTdrG.exe
  2⤵
  PID:5436
- C:\Windows\System\omyThZj.exe
  C:\Windows\System\omyThZj.exe
  2⤵
  PID:5520
- C:\Windows\System\ISjWDkL.exe
  C:\Windows\System\ISjWDkL.exe
  2⤵
  PID:5584
- C:\Windows\System\eIjatlj.exe
  C:\Windows\System\eIjatlj.exe
  2⤵
  PID:5600
- C:\Windows\System\CeqQQYy.exe
  C:\Windows\System\CeqQQYy.exe
  2⤵
  PID:5624
- C:\Windows\System\zRfGdSe.exe
  C:\Windows\System\zRfGdSe.exe
  2⤵
  PID:5740
- C:\Windows\System\rnLokYq.exe
  C:\Windows\System\rnLokYq.exe
  2⤵
  PID:5680
- C:\Windows\System\yCSWJhD.exe
  C:\Windows\System\yCSWJhD.exe
  2⤵
  PID:5816
- C:\Windows\System\ksDFtwv.exe
  C:\Windows\System\ksDFtwv.exe
  2⤵
  PID:5372
- C:\Windows\System\dqvRaMF.exe
  C:\Windows\System\dqvRaMF.exe
  2⤵
  PID:5952
- C:\Windows\System\DhqiDXp.exe
  C:\Windows\System\DhqiDXp.exe
  2⤵
  PID:6080
- C:\Windows\System\UmifnTQ.exe
  C:\Windows\System\UmifnTQ.exe
  2⤵
  PID:6124
- C:\Windows\System\UUMntOv.exe
  C:\Windows\System\UUMntOv.exe
  2⤵
  PID:5992
- C:\Windows\System\BIRGAGf.exe
  C:\Windows\System\BIRGAGf.exe
  2⤵
  PID:4940
- C:\Windows\System\vRzdCQa.exe
  C:\Windows\System\vRzdCQa.exe
  2⤵
  PID:5220
- C:\Windows\System\BVkhfov.exe
  C:\Windows\System\BVkhfov.exe
  2⤵
  PID:5292
- C:\Windows\System\JlgiKlG.exe
  C:\Windows\System\JlgiKlG.exe
  2⤵
  PID:5368
- C:\Windows\System\ZgCdiui.exe
  C:\Windows\System\ZgCdiui.exe
  2⤵
  PID:5444
- C:\Windows\System\prNnCUN.exe
  C:\Windows\System\prNnCUN.exe
  2⤵
  PID:5608
- C:\Windows\System\MRcnhlV.exe
  C:\Windows\System\MRcnhlV.exe
  2⤵
  PID:5440
- C:\Windows\System\sonnxne.exe
  C:\Windows\System\sonnxne.exe
  2⤵
  PID:5780
- C:\Windows\System\NCJLnKz.exe
  C:\Windows\System\NCJLnKz.exe
  2⤵
  PID:5924
- C:\Windows\System\XcAuDuW.exe
  C:\Windows\System\XcAuDuW.exe
  2⤵
  PID:5784
- C:\Windows\System\kAzkmAh.exe
  C:\Windows\System\kAzkmAh.exe
  2⤵
  PID:6120
- C:\Windows\System\jJfEKXg.exe
  C:\Windows\System\jJfEKXg.exe
  2⤵
  PID:628
- C:\Windows\System\TScOSor.exe
  C:\Windows\System\TScOSor.exe
  2⤵
  PID:6104
- C:\Windows\System\yFkelZf.exe
  C:\Windows\System\yFkelZf.exe
  2⤵
  PID:5304
- C:\Windows\System\kxQspzj.exe
  C:\Windows\System\kxQspzj.exe
  2⤵
  PID:5544
- C:\Windows\System\lXIvtNs.exe
  C:\Windows\System\lXIvtNs.exe
  2⤵
  PID:5480
- C:\Windows\System\mXLxxay.exe
  C:\Windows\System\mXLxxay.exe
  2⤵
  PID:5836
- C:\Windows\System\pVrcikg.exe
  C:\Windows\System\pVrcikg.exe
  2⤵
  PID:5948
- C:\Windows\System\dHrcLuy.exe
  C:\Windows\System\dHrcLuy.exe
  2⤵
  PID:5812
- C:\Windows\System\pkobMWK.exe
  C:\Windows\System\pkobMWK.exe
  2⤵
  PID:5352
- C:\Windows\System\MAIjHmz.exe
  C:\Windows\System\MAIjHmz.exe
  2⤵
  PID:5404
- C:\Windows\System\bCVQBfa.exe
  C:\Windows\System\bCVQBfa.exe
  2⤵
  PID:5604
- C:\Windows\System\jCSzNKX.exe
  C:\Windows\System\jCSzNKX.exe
  2⤵
  PID:5696
- C:\Windows\System\fTTiRTw.exe
  C:\Windows\System\fTTiRTw.exe
  2⤵
  PID:5148
- C:\Windows\System\qGIoMKL.exe
  C:\Windows\System\qGIoMKL.exe
  2⤵
  PID:5724
- C:\Windows\System\ZqKSdVc.exe
  C:\Windows\System\ZqKSdVc.exe
  2⤵
  PID:6052
- C:\Windows\System\TMelQya.exe
  C:\Windows\System\TMelQya.exe
  2⤵
  PID:5984
- C:\Windows\System\OCDazQF.exe
  C:\Windows\System\OCDazQF.exe
  2⤵
  PID:1884
- C:\Windows\System\IHcssii.exe
  C:\Windows\System\IHcssii.exe
  2⤵
  PID:6152
- C:\Windows\System\NhxnfNe.exe
  C:\Windows\System\NhxnfNe.exe
  2⤵
  PID:6172
- C:\Windows\System\iHDcSKf.exe
  C:\Windows\System\iHDcSKf.exe
  2⤵
  PID:6196
- C:\Windows\System\QtPjnvZ.exe
  C:\Windows\System\QtPjnvZ.exe
  2⤵
  PID:6224
- C:\Windows\System\ZRsRoqB.exe
  C:\Windows\System\ZRsRoqB.exe
  2⤵
  PID:6240
- C:\Windows\System\RJsOOAb.exe
  C:\Windows\System\RJsOOAb.exe
  2⤵
  PID:6264
- C:\Windows\System\JNvANvA.exe
  C:\Windows\System\JNvANvA.exe
  2⤵
  PID:6280
- C:\Windows\System\cTQqLdI.exe
  C:\Windows\System\cTQqLdI.exe
  2⤵
  PID:6296
- C:\Windows\System\mbOgitM.exe
  C:\Windows\System\mbOgitM.exe
  2⤵
  PID:6316
- C:\Windows\System\COQUbht.exe
  C:\Windows\System\COQUbht.exe
  2⤵
  PID:6344
- C:\Windows\System\MRRgKsi.exe
  C:\Windows\System\MRRgKsi.exe
  2⤵
  PID:6360
- C:\Windows\System\IXNarBN.exe
  C:\Windows\System\IXNarBN.exe
  2⤵
  PID:6376
- C:\Windows\System\yxMKqrt.exe
  C:\Windows\System\yxMKqrt.exe
  2⤵
  PID:6396
- C:\Windows\System\iNiflRf.exe
  C:\Windows\System\iNiflRf.exe
  2⤵
  PID:6412
- C:\Windows\System\xCrqfZf.exe
  C:\Windows\System\xCrqfZf.exe
  2⤵
  PID:6432
- C:\Windows\System\EFDyQJJ.exe
  C:\Windows\System\EFDyQJJ.exe
  2⤵
  PID:6464
- C:\Windows\System\KqjyJqN.exe
  C:\Windows\System\KqjyJqN.exe
  2⤵
  PID:6480
- C:\Windows\System\sUUNaGb.exe
  C:\Windows\System\sUUNaGb.exe
  2⤵
  PID:6496
- C:\Windows\System\ZuJVaNB.exe
  C:\Windows\System\ZuJVaNB.exe
  2⤵
  PID:6512
- C:\Windows\System\iyCPZEs.exe
  C:\Windows\System\iyCPZEs.exe
  2⤵
  PID:6532
- C:\Windows\System\yWiRJAw.exe
  C:\Windows\System\yWiRJAw.exe
  2⤵
  PID:6564
- C:\Windows\System\otYalwQ.exe
  C:\Windows\System\otYalwQ.exe
  2⤵
  PID:6580
- C:\Windows\System\xhCZnsb.exe
  C:\Windows\System\xhCZnsb.exe
  2⤵
  PID:6600
- C:\Windows\System\fZntexP.exe
  C:\Windows\System\fZntexP.exe
  2⤵
  PID:6620
- C:\Windows\System\lJWFESL.exe
  C:\Windows\System\lJWFESL.exe
  2⤵
  PID:6644
- C:\Windows\System\SIsvzEN.exe
  C:\Windows\System\SIsvzEN.exe
  2⤵
  PID:6660
- C:\Windows\System\TZxZboh.exe
  C:\Windows\System\TZxZboh.exe
  2⤵
  PID:6680
- C:\Windows\System\RXiDTif.exe
  C:\Windows\System\RXiDTif.exe
  2⤵
  PID:6704
- C:\Windows\System\QGEAqNW.exe
  C:\Windows\System\QGEAqNW.exe
  2⤵
  PID:6720
- C:\Windows\System\VSQjmPs.exe
  C:\Windows\System\VSQjmPs.exe
  2⤵
  PID:6740
- C:\Windows\System\dDnfAUd.exe
  C:\Windows\System\dDnfAUd.exe
  2⤵
  PID:6756
- C:\Windows\System\FOpMQOM.exe
  C:\Windows\System\FOpMQOM.exe
  2⤵
  PID:6772
- C:\Windows\System\XCYwgiG.exe
  C:\Windows\System\XCYwgiG.exe
  2⤵
  PID:6792
- C:\Windows\System\dPfZTGT.exe
  C:\Windows\System\dPfZTGT.exe
  2⤵
  PID:6812
- C:\Windows\System\lDhanri.exe
  C:\Windows\System\lDhanri.exe
  2⤵
  PID:6848
- C:\Windows\System\uJLWUQl.exe
  C:\Windows\System\uJLWUQl.exe
  2⤵
  PID:6868
- C:\Windows\System\rtFuspt.exe
  C:\Windows\System\rtFuspt.exe
  2⤵
  PID:6884
- C:\Windows\System\aOlHVNL.exe
  C:\Windows\System\aOlHVNL.exe
  2⤵
  PID:6900
- C:\Windows\System\sDncrZC.exe
  C:\Windows\System\sDncrZC.exe
  2⤵
  PID:6920
- C:\Windows\System\wWKJzyq.exe
  C:\Windows\System\wWKJzyq.exe
  2⤵
  PID:6936
- C:\Windows\System\trlrTRs.exe
  C:\Windows\System\trlrTRs.exe
  2⤵
  PID:6956
- C:\Windows\System\GAXieKX.exe
  C:\Windows\System\GAXieKX.exe
  2⤵
  PID:6972
- C:\Windows\System\GJDAezm.exe
  C:\Windows\System\GJDAezm.exe
  2⤵
  PID:6992
- C:\Windows\System\kjrYkcq.exe
  C:\Windows\System\kjrYkcq.exe
  2⤵
  PID:7020
- C:\Windows\System\AxQaMvw.exe
  C:\Windows\System\AxQaMvw.exe
  2⤵
  PID:7036
- C:\Windows\System\JwwCyDS.exe
  C:\Windows\System\JwwCyDS.exe
  2⤵
  PID:7052
- C:\Windows\System\ZTeSeFP.exe
  C:\Windows\System\ZTeSeFP.exe
  2⤵
  PID:7076
- C:\Windows\System\qErYUPR.exe
  C:\Windows\System\qErYUPR.exe
  2⤵
  PID:7108
- C:\Windows\System\fikUYHE.exe
  C:\Windows\System\fikUYHE.exe
  2⤵
  PID:7128
- C:\Windows\System\eiYrmsO.exe
  C:\Windows\System\eiYrmsO.exe
  2⤵
  PID:7148
- C:\Windows\System\riUFsTF.exe
  C:\Windows\System\riUFsTF.exe
  2⤵
  PID:7164
- C:\Windows\System\itaCGMN.exe
  C:\Windows\System\itaCGMN.exe
  2⤵
  PID:6180
- C:\Windows\System\CJNdULx.exe
  C:\Windows\System\CJNdULx.exe
  2⤵
  PID:6168
- C:\Windows\System\JYmPEol.exe
  C:\Windows\System\JYmPEol.exe
  2⤵
  PID:6188
- C:\Windows\System\uzVaVaf.exe
  C:\Windows\System\uzVaVaf.exe
  2⤵
  PID:6248
- C:\Windows\System\UBGSZIp.exe
  C:\Windows\System\UBGSZIp.exe
  2⤵
  PID:6288
- C:\Windows\System\ijpAURS.exe
  C:\Windows\System\ijpAURS.exe
  2⤵
  PID:6276
- C:\Windows\System\XTsOMic.exe
  C:\Windows\System\XTsOMic.exe
  2⤵
  PID:6404
- C:\Windows\System\HucIXpC.exe
  C:\Windows\System\HucIXpC.exe
  2⤵
  PID:6448
- C:\Windows\System\BaSTREt.exe
  C:\Windows\System\BaSTREt.exe
  2⤵
  PID:6352
- C:\Windows\System\RFbCkza.exe
  C:\Windows\System\RFbCkza.exe
  2⤵
  PID:6456
- C:\Windows\System\ZSFBstk.exe
  C:\Windows\System\ZSFBstk.exe
  2⤵
  PID:6476
- C:\Windows\System\gzWCTIs.exe
  C:\Windows\System\gzWCTIs.exe
  2⤵
  PID:6548
- C:\Windows\System\TvKMGHY.exe
  C:\Windows\System\TvKMGHY.exe
  2⤵
  PID:6572
- C:\Windows\System\xJFspMj.exe
  C:\Windows\System\xJFspMj.exe
  2⤵
  PID:6616
- C:\Windows\System\WnzwUdl.exe
  C:\Windows\System\WnzwUdl.exe
  2⤵
  PID:6636
- C:\Windows\System\EiPiLbz.exe
  C:\Windows\System\EiPiLbz.exe
  2⤵
  PID:6672
- C:\Windows\System\TLTegzq.exe
  C:\Windows\System\TLTegzq.exe
  2⤵
  PID:6696
- C:\Windows\System\gadEZqq.exe
  C:\Windows\System\gadEZqq.exe
  2⤵
  PID:6732
- C:\Windows\System\TAZxFwB.exe
  C:\Windows\System\TAZxFwB.exe
  2⤵
  PID:6804
- C:\Windows\System\gqCOWUh.exe
  C:\Windows\System\gqCOWUh.exe
  2⤵
  PID:6828
- C:\Windows\System\lihxcBF.exe
  C:\Windows\System\lihxcBF.exe
  2⤵
  PID:6784
- C:\Windows\System\jwwqROZ.exe
  C:\Windows\System\jwwqROZ.exe
  2⤵
  PID:6824
- C:\Windows\System\EklXyej.exe
  C:\Windows\System\EklXyej.exe
  2⤵
  PID:6928
- C:\Windows\System\dsrXneL.exe
  C:\Windows\System\dsrXneL.exe
  2⤵
  PID:7008
- C:\Windows\System\LktcStt.exe
  C:\Windows\System\LktcStt.exe
  2⤵
  PID:6944
- C:\Windows\System\fueuOXe.exe
  C:\Windows\System\fueuOXe.exe
  2⤵
  PID:6980
- C:\Windows\System\BOEneDF.exe
  C:\Windows\System\BOEneDF.exe
  2⤵
  PID:5904
- C:\Windows\System\ArVViJV.exe
  C:\Windows\System\ArVViJV.exe
  2⤵
  PID:7072
- C:\Windows\System\bvbEjdo.exe
  C:\Windows\System\bvbEjdo.exe
  2⤵
  PID:7096
- C:\Windows\System\SVrZTxE.exe
  C:\Windows\System\SVrZTxE.exe
  2⤵
  PID:7124
- C:\Windows\System\ZNlVwqV.exe
  C:\Windows\System\ZNlVwqV.exe
  2⤵
  PID:7160
- C:\Windows\System\IYOZEmZ.exe
  C:\Windows\System\IYOZEmZ.exe
  2⤵
  PID:6164
- C:\Windows\System\xdxGQyP.exe
  C:\Windows\System\xdxGQyP.exe
  2⤵
  PID:6208
- C:\Windows\System\akQERBA.exe
  C:\Windows\System\akQERBA.exe
  2⤵
  PID:6324
- C:\Windows\System\XbhXfAx.exe
  C:\Windows\System\XbhXfAx.exe
  2⤵
  PID:6308
- C:\Windows\System\HRRZCgu.exe
  C:\Windows\System\HRRZCgu.exe
  2⤵
  PID:6088
- C:\Windows\System\FkJklCC.exe
  C:\Windows\System\FkJklCC.exe
  2⤵
  PID:6260
- C:\Windows\System\MBVRrTw.exe
  C:\Windows\System\MBVRrTw.exe
  2⤵
  PID:6332
- C:\Windows\System\dDtphVW.exe
  C:\Windows\System\dDtphVW.exe
  2⤵
  PID:6488
- C:\Windows\System\HNqLaPE.exe
  C:\Windows\System\HNqLaPE.exe
  2⤵
  PID:6424
- C:\Windows\System\vwYtWbQ.exe
  C:\Windows\System\vwYtWbQ.exe
  2⤵
  PID:6556
- C:\Windows\System\iWKeBlZ.exe
  C:\Windows\System\iWKeBlZ.exe
  2⤵
  PID:6596
- C:\Windows\System\KKUqnpS.exe
  C:\Windows\System\KKUqnpS.exe
  2⤵
  PID:6632
- C:\Windows\System\oryNila.exe
  C:\Windows\System\oryNila.exe
  2⤵
  PID:6656
- C:\Windows\System\fTRAFWN.exe
  C:\Windows\System\fTRAFWN.exe
  2⤵
  PID:6808
- C:\Windows\System\frlUBkH.exe
  C:\Windows\System\frlUBkH.exe
  2⤵
  PID:6748
- C:\Windows\System\ShNUNDQ.exe
  C:\Windows\System\ShNUNDQ.exe
  2⤵
  PID:6892
- C:\Windows\System\AnSTKSE.exe
  C:\Windows\System\AnSTKSE.exe
  2⤵
  PID:7004
- C:\Windows\System\ujkUbmJ.exe
  C:\Windows\System\ujkUbmJ.exe
  2⤵
  PID:7016
- C:\Windows\System\WxDnmiz.exe
  C:\Windows\System\WxDnmiz.exe
  2⤵
  PID:6948
- C:\Windows\System\XQdfkCh.exe
  C:\Windows\System\XQdfkCh.exe
  2⤵
  PID:7084
- C:\Windows\System\yYkhmOs.exe
  C:\Windows\System\yYkhmOs.exe
  2⤵
  PID:7104
- C:\Windows\System\kWmaHNa.exe
  C:\Windows\System\kWmaHNa.exe
  2⤵
  PID:5560
- C:\Windows\System\EZckYbE.exe
  C:\Windows\System\EZckYbE.exe
  2⤵
  PID:900
- C:\Windows\System\uMXNYFR.exe
  C:\Windows\System\uMXNYFR.exe
  2⤵
  PID:6368
- C:\Windows\System\BPBccdV.exe
  C:\Windows\System\BPBccdV.exe
  2⤵
  PID:6840
- C:\Windows\System\eHnQuYX.exe
  C:\Windows\System\eHnQuYX.exe
  2⤵
  PID:6444
- C:\Windows\System\czVuIdn.exe
  C:\Windows\System\czVuIdn.exe
  2⤵
  PID:6528
- C:\Windows\System\SiklVPv.exe
  C:\Windows\System\SiklVPv.exe
  2⤵
  PID:6084
- C:\Windows\System\GRjhspR.exe
  C:\Windows\System\GRjhspR.exe
  2⤵
  PID:6728
- C:\Windows\System\ETwwJUy.exe
  C:\Windows\System\ETwwJUy.exe
  2⤵
  PID:6780
- C:\Windows\System\qnfxniT.exe
  C:\Windows\System\qnfxniT.exe
  2⤵
  PID:7000
- C:\Windows\System\znONZMR.exe
  C:\Windows\System\znONZMR.exe
  2⤵
  PID:6908
- C:\Windows\System\odDRcKr.exe
  C:\Windows\System\odDRcKr.exe
  2⤵
  PID:7064
- C:\Windows\System\uNndrIP.exe
  C:\Windows\System\uNndrIP.exe
  2⤵
  PID:6336
- C:\Windows\System\avwCdxW.exe
  C:\Windows\System\avwCdxW.exe
  2⤵
  PID:7136
- C:\Windows\System\vlnCiLe.exe
  C:\Windows\System\vlnCiLe.exe
  2⤵
  PID:6108
- C:\Windows\System\MrRQBXf.exe
  C:\Windows\System\MrRQBXf.exe
  2⤵
  PID:6216
- C:\Windows\System\MxiNfPA.exe
  C:\Windows\System\MxiNfPA.exe
  2⤵
  PID:6524
- C:\Windows\System\OMqbZvy.exe
  C:\Windows\System\OMqbZvy.exe
  2⤵
  PID:6736
- C:\Windows\System\QDcFVud.exe
  C:\Windows\System\QDcFVud.exe
  2⤵
  PID:6964
- C:\Windows\System\GZYjePB.exe
  C:\Windows\System\GZYjePB.exe
  2⤵
  PID:7140
- C:\Windows\System\SqhuoJv.exe
  C:\Windows\System\SqhuoJv.exe
  2⤵
  PID:6392
- C:\Windows\System\hDMdvWt.exe
  C:\Windows\System\hDMdvWt.exe
  2⤵
  PID:6100
- C:\Windows\System\eyuyftt.exe
  C:\Windows\System\eyuyftt.exe
  2⤵
  PID:6856
- C:\Windows\System\RtbFYQA.exe
  C:\Windows\System\RtbFYQA.exe
  2⤵
  PID:6692
- C:\Windows\System\NdaCQoP.exe
  C:\Windows\System\NdaCQoP.exe
  2⤵
  PID:6896
- C:\Windows\System\sdYeGyy.exe
  C:\Windows\System\sdYeGyy.exe
  2⤵
  PID:6452
- C:\Windows\System\UVuqDPI.exe
  C:\Windows\System\UVuqDPI.exe
  2⤵
  PID:6096
- C:\Windows\System\NuuqRkY.exe
  C:\Windows\System\NuuqRkY.exe
  2⤵
  PID:6252
- C:\Windows\System\wKevJvU.exe
  C:\Windows\System\wKevJvU.exe
  2⤵
  PID:7176
- C:\Windows\System\XiPnLMN.exe
  C:\Windows\System\XiPnLMN.exe
  2⤵
  PID:7192
- C:\Windows\System\XipedJL.exe
  C:\Windows\System\XipedJL.exe
  2⤵
  PID:7212
- C:\Windows\System\jDrtivk.exe
  C:\Windows\System\jDrtivk.exe
  2⤵
  PID:7244
- C:\Windows\System\HYzuHPM.exe
  C:\Windows\System\HYzuHPM.exe
  2⤵
  PID:7260
- C:\Windows\System\PGIqwKc.exe
  C:\Windows\System\PGIqwKc.exe
  2⤵
  PID:7280
- C:\Windows\System\HzAKccR.exe
  C:\Windows\System\HzAKccR.exe
  2⤵
  PID:7304
- C:\Windows\System\ARxfQUu.exe
  C:\Windows\System\ARxfQUu.exe
  2⤵
  PID:7320
- C:\Windows\System\BQJoIse.exe
  C:\Windows\System\BQJoIse.exe
  2⤵
  PID:7348
- C:\Windows\System\VeNeBwR.exe
  C:\Windows\System\VeNeBwR.exe
  2⤵
  PID:7364
- C:\Windows\System\rkBdAJQ.exe
  C:\Windows\System\rkBdAJQ.exe
  2⤵
  PID:7380
- C:\Windows\System\DHYULzT.exe
  C:\Windows\System\DHYULzT.exe
  2⤵
  PID:7396
- C:\Windows\System\uWlzxMK.exe
  C:\Windows\System\uWlzxMK.exe
  2⤵
  PID:7420
- C:\Windows\System\gpJzmjD.exe
  C:\Windows\System\gpJzmjD.exe
  2⤵
  PID:7436
- C:\Windows\System\tRTllTR.exe
  C:\Windows\System\tRTllTR.exe
  2⤵
  PID:7468
- C:\Windows\System\KPrxJCv.exe
  C:\Windows\System\KPrxJCv.exe
  2⤵
  PID:7484
- C:\Windows\System\xxsIjDz.exe
  C:\Windows\System\xxsIjDz.exe
  2⤵
  PID:7500
- C:\Windows\System\qlULsIP.exe
  C:\Windows\System\qlULsIP.exe
  2⤵
  PID:7516
- C:\Windows\System\IzaTpTr.exe
  C:\Windows\System\IzaTpTr.exe
  2⤵
  PID:7536
- C:\Windows\System\lRpmLyr.exe
  C:\Windows\System\lRpmLyr.exe
  2⤵
  PID:7572
- C:\Windows\System\uqDcLsU.exe
  C:\Windows\System\uqDcLsU.exe
  2⤵
  PID:7588
- C:\Windows\System\RiosyTb.exe
  C:\Windows\System\RiosyTb.exe
  2⤵
  PID:7608
- C:\Windows\System\MhIgpEe.exe
  C:\Windows\System\MhIgpEe.exe
  2⤵
  PID:7632
- C:\Windows\System\YWvrMxs.exe
  C:\Windows\System\YWvrMxs.exe
  2⤵
  PID:7648
- C:\Windows\System\OQqFNzT.exe
  C:\Windows\System\OQqFNzT.exe
  2⤵
  PID:7672
- C:\Windows\System\UyuaiuT.exe
  C:\Windows\System\UyuaiuT.exe
  2⤵
  PID:7688
- C:\Windows\System\NsTfpmJ.exe
  C:\Windows\System\NsTfpmJ.exe
  2⤵
  PID:7704
- C:\Windows\System\bbuotIe.exe
  C:\Windows\System\bbuotIe.exe
  2⤵
  PID:7728
- C:\Windows\System\VRWJMwJ.exe
  C:\Windows\System\VRWJMwJ.exe
  2⤵
  PID:7744
- C:\Windows\System\pxsYiui.exe
  C:\Windows\System\pxsYiui.exe
  2⤵
  PID:7760
- C:\Windows\System\cnpFlat.exe
  C:\Windows\System\cnpFlat.exe
  2⤵
  PID:7792
- C:\Windows\System\aUPXKIo.exe
  C:\Windows\System\aUPXKIo.exe
  2⤵
  PID:7808
- C:\Windows\System\MfdQqTa.exe
  C:\Windows\System\MfdQqTa.exe
  2⤵
  PID:7824
- C:\Windows\System\xeeMZwQ.exe
  C:\Windows\System\xeeMZwQ.exe
  2⤵
  PID:7840
- C:\Windows\System\DxlOXCE.exe
  C:\Windows\System\DxlOXCE.exe
  2⤵
  PID:7860
- C:\Windows\System\FAZeryV.exe
  C:\Windows\System\FAZeryV.exe
  2⤵
  PID:7876
- C:\Windows\System\jmmyhmm.exe
  C:\Windows\System\jmmyhmm.exe
  2⤵
  PID:7896
- C:\Windows\System\RAyEhOh.exe
  C:\Windows\System\RAyEhOh.exe
  2⤵
  PID:7912
- C:\Windows\System\vsoNBGG.exe
  C:\Windows\System\vsoNBGG.exe
  2⤵
  PID:7932
- C:\Windows\System\wSyipSA.exe
  C:\Windows\System\wSyipSA.exe
  2⤵
  PID:7948
- C:\Windows\System\mFiaQzB.exe
  C:\Windows\System\mFiaQzB.exe
  2⤵
  PID:7988
- C:\Windows\System\MNSGhta.exe
  C:\Windows\System\MNSGhta.exe
  2⤵
  PID:8008
- C:\Windows\System\Uhznliw.exe
  C:\Windows\System\Uhznliw.exe
  2⤵
  PID:8024
- C:\Windows\System\nLBxwNO.exe
  C:\Windows\System\nLBxwNO.exe
  2⤵
  PID:8048
- C:\Windows\System\TtqIPLh.exe
  C:\Windows\System\TtqIPLh.exe
  2⤵
  PID:8068
- C:\Windows\System\XydElpE.exe
  C:\Windows\System\XydElpE.exe
  2⤵
  PID:8084
- C:\Windows\System\MEQEjuo.exe
  C:\Windows\System\MEQEjuo.exe
  2⤵
  PID:8108
- C:\Windows\System\beJgfcT.exe
  C:\Windows\System\beJgfcT.exe
  2⤵
  PID:8124
- C:\Windows\System\TCouQfm.exe
  C:\Windows\System\TCouQfm.exe
  2⤵
  PID:8160
- C:\Windows\System\ewUrYkP.exe
  C:\Windows\System\ewUrYkP.exe
  2⤵
  PID:8176
- C:\Windows\System\DMsqNPV.exe
  C:\Windows\System\DMsqNPV.exe
  2⤵
  PID:7092
- C:\Windows\System\qKSbrqu.exe
  C:\Windows\System\qKSbrqu.exe
  2⤵
  PID:7200
- C:\Windows\System\zdXNoQq.exe
  C:\Windows\System\zdXNoQq.exe
  2⤵
  PID:7220
- C:\Windows\System\YHSFqhL.exe
  C:\Windows\System\YHSFqhL.exe
  2⤵
  PID:7232
- C:\Windows\System\pvxsoHM.exe
  C:\Windows\System\pvxsoHM.exe
  2⤵
  PID:7276
- C:\Windows\System\OEUBUNW.exe
  C:\Windows\System\OEUBUNW.exe
  2⤵
  PID:7292
- C:\Windows\System\BJKfnpP.exe
  C:\Windows\System\BJKfnpP.exe
  2⤵
  PID:2568
- C:\Windows\System\pNWtfWn.exe
  C:\Windows\System\pNWtfWn.exe
  2⤵
  PID:7300
- C:\Windows\System\qxjzbRX.exe
  C:\Windows\System\qxjzbRX.exe
  2⤵
  PID:7312
- C:\Windows\System\GPBkGZk.exe
  C:\Windows\System\GPBkGZk.exe
  2⤵
  PID:7428
- C:\Windows\System\LGLFMiI.exe
  C:\Windows\System\LGLFMiI.exe
  2⤵
  PID:7404
- C:\Windows\System\ybneAHV.exe
  C:\Windows\System\ybneAHV.exe
  2⤵
  PID:7444
- C:\Windows\System\izikALm.exe
  C:\Windows\System\izikALm.exe
  2⤵
  PID:7456
- C:\Windows\System\TAImiAS.exe
  C:\Windows\System\TAImiAS.exe
  2⤵
  PID:7528
- C:\Windows\System\IfszCiv.exe
  C:\Windows\System\IfszCiv.exe
  2⤵
  PID:7544
- C:\Windows\System\WfOmUbz.exe
  C:\Windows\System\WfOmUbz.exe
  2⤵
  PID:7476
- C:\Windows\System\KlFTwBD.exe
  C:\Windows\System\KlFTwBD.exe
  2⤵
  PID:7584
- C:\Windows\System\SDtcAzT.exe
  C:\Windows\System\SDtcAzT.exe
  2⤵
  PID:7644
- C:\Windows\System\cCyfYKH.exe
  C:\Windows\System\cCyfYKH.exe
  2⤵
  PID:7696
- C:\Windows\System\lyEJHmD.exe
  C:\Windows\System\lyEJHmD.exe
  2⤵
  PID:7712
- C:\Windows\System\CwXnjYt.exe
  C:\Windows\System\CwXnjYt.exe
  2⤵
  PID:7736
- C:\Windows\System\lviHidG.exe
  C:\Windows\System\lviHidG.exe
  2⤵
  PID:7780
- C:\Windows\System\QETQKUx.exe
  C:\Windows\System\QETQKUx.exe
  2⤵
  PID:7816
- C:\Windows\System\XqFHins.exe
  C:\Windows\System\XqFHins.exe
  2⤵
  PID:7804
- C:\Windows\System\WkKqNag.exe
  C:\Windows\System\WkKqNag.exe
  2⤵
  PID:7924
- C:\Windows\System\jSRYWrH.exe
  C:\Windows\System\jSRYWrH.exe
  2⤵
  PID:7868
- C:\Windows\System\pYjlUbk.exe
  C:\Windows\System\pYjlUbk.exe
  2⤵
  PID:7968
- C:\Windows\System\XffPQew.exe
  C:\Windows\System\XffPQew.exe
  2⤵
  PID:7832
- C:\Windows\System\GqmBfeV.exe
  C:\Windows\System\GqmBfeV.exe
  2⤵
  PID:8016
- C:\Windows\System\WcTXPnZ.exe
  C:\Windows\System\WcTXPnZ.exe
  2⤵
  PID:8040
- C:\Windows\System\kPyEyAZ.exe
  C:\Windows\System\kPyEyAZ.exe
  2⤵
  PID:8064
- C:\Windows\System\yeULENF.exe
  C:\Windows\System\yeULENF.exe
  2⤵
  PID:8076
- C:\Windows\System\rITZwaW.exe
  C:\Windows\System\rITZwaW.exe
  2⤵
  PID:8120
- C:\Windows\System\jIbYCmk.exe
  C:\Windows\System\jIbYCmk.exe
  2⤵
  PID:8156
- C:\Windows\System\MzGsSza.exe
  C:\Windows\System\MzGsSza.exe
  2⤵
  PID:8184
- C:\Windows\System\AyxNtjS.exe
  C:\Windows\System\AyxNtjS.exe
  2⤵
  PID:7172
- C:\Windows\System\XSvkPIy.exe
  C:\Windows\System\XSvkPIy.exe
  2⤵
  PID:7188
- C:\Windows\System\YhCyqry.exe
  C:\Windows\System\YhCyqry.exe
  2⤵
  PID:7256
- C:\Windows\System\QJgYdnL.exe
  C:\Windows\System\QJgYdnL.exe
  2⤵
  PID:2108
- C:\Windows\System\yqSaFGU.exe
  C:\Windows\System\yqSaFGU.exe
  2⤵
  PID:7360
- C:\Windows\System\GXqGTUG.exe
  C:\Windows\System\GXqGTUG.exe
  2⤵
  PID:7356
- C:\Windows\System\TXWDzgx.exe
  C:\Windows\System\TXWDzgx.exe
  2⤵
  PID:7376
- C:\Windows\System\zVvGVHs.exe
  C:\Windows\System\zVvGVHs.exe
  2⤵
  PID:7412
- C:\Windows\System\OqSKXXK.exe
  C:\Windows\System\OqSKXXK.exe
  2⤵
  PID:7560
- C:\Windows\System\NQBBPuw.exe
  C:\Windows\System\NQBBPuw.exe
  2⤵
  PID:7512
- C:\Windows\System\tKyaqfo.exe
  C:\Windows\System\tKyaqfo.exe
  2⤵
  PID:2416
- C:\Windows\System\kxNXNkH.exe
  C:\Windows\System\kxNXNkH.exe
  2⤵
  PID:7480
- C:\Windows\System\tVJCfYM.exe
  C:\Windows\System\tVJCfYM.exe
  2⤵
  PID:7580
- C:\Windows\System\EvAkTix.exe
  C:\Windows\System\EvAkTix.exe
  2⤵
  PID:7596
- C:\Windows\System\AxgbBnG.exe
  C:\Windows\System\AxgbBnG.exe
  2⤵
  PID:6092
- C:\Windows\System\baModUI.exe
  C:\Windows\System\baModUI.exe
  2⤵
  PID:7680
- C:\Windows\System\sZDquXn.exe
  C:\Windows\System\sZDquXn.exe
  2⤵
  PID:7756
- C:\Windows\System\ULiynFu.exe
  C:\Windows\System\ULiynFu.exe
  2⤵
  PID:7856
- C:\Windows\System\krjmzjV.exe
  C:\Windows\System\krjmzjV.exe
  2⤵
  PID:7956
- C:\Windows\System\ZBUynCY.exe
  C:\Windows\System\ZBUynCY.exe
  2⤵
  PID:8032
- C:\Windows\System\kLVAhHB.exe
  C:\Windows\System\kLVAhHB.exe
  2⤵
  PID:8096
- C:\Windows\System\hyhTtBL.exe
  C:\Windows\System\hyhTtBL.exe
  2⤵
  PID:7852
- C:\Windows\System\ZJIdKsG.exe
  C:\Windows\System\ZJIdKsG.exe
  2⤵
  PID:7920
- C:\Windows\System\KzVOQMQ.exe
  C:\Windows\System\KzVOQMQ.exe
  2⤵
  PID:7996
- C:\Windows\System\yDPJjzZ.exe
  C:\Windows\System\yDPJjzZ.exe
  2⤵
  PID:8060
- C:\Windows\System\sUYXWeV.exe
  C:\Windows\System\sUYXWeV.exe
  2⤵
  PID:6968
- C:\Windows\System\EMbdfeA.exe
  C:\Windows\System\EMbdfeA.exe
  2⤵
  PID:8172
- C:\Windows\System\PxnSpqu.exe
  C:\Windows\System\PxnSpqu.exe
  2⤵
  PID:7328
- C:\Windows\System\GRRxuBf.exe
  C:\Windows\System\GRRxuBf.exe
  2⤵
  PID:7236
- C:\Windows\System\VUbmLqE.exe
  C:\Windows\System\VUbmLqE.exe
  2⤵
  PID:7416
- C:\Windows\System\UqkDQSA.exe
  C:\Windows\System\UqkDQSA.exe
  2⤵
  PID:7432
- C:\Windows\System\nxNWmqj.exe
  C:\Windows\System\nxNWmqj.exe
  2⤵
  PID:1808
- C:\Windows\System\BfZSXzl.exe
  C:\Windows\System\BfZSXzl.exe
  2⤵
  PID:2944
- C:\Windows\System\qeDghGz.exe
  C:\Windows\System\qeDghGz.exe
  2⤵
  PID:7564
- C:\Windows\System\FqvJXjY.exe
  C:\Windows\System\FqvJXjY.exe
  2⤵
  PID:7628
- C:\Windows\System\NZfEzJr.exe
  C:\Windows\System\NZfEzJr.exe
  2⤵
  PID:7752
- C:\Windows\System\ROFFphQ.exe
  C:\Windows\System\ROFFphQ.exe
  2⤵
  PID:1496
- C:\Windows\System\oJXKHgG.exe
  C:\Windows\System\oJXKHgG.exe
  2⤵
  PID:8036
- C:\Windows\System\MQNDXEj.exe
  C:\Windows\System\MQNDXEj.exe
  2⤵
  PID:8148
- C:\Windows\System\ZvCQHOt.exe
  C:\Windows\System\ZvCQHOt.exe
  2⤵
  PID:8144
- C:\Windows\System\JOhSFUu.exe
  C:\Windows\System\JOhSFUu.exe
  2⤵
  PID:8168
- C:\Windows\System\jMHDPYf.exe
  C:\Windows\System\jMHDPYf.exe
  2⤵
  PID:1992
- C:\Windows\System\IfJTkop.exe
  C:\Windows\System\IfJTkop.exe
  2⤵
  PID:2600
- C:\Windows\System\pdyFHBX.exe
  C:\Windows\System\pdyFHBX.exe
  2⤵
  PID:7892
- C:\Windows\System\hWDCjbJ.exe
  C:\Windows\System\hWDCjbJ.exe
  2⤵
  PID:7388
- C:\Windows\System\fGHSsNM.exe
  C:\Windows\System\fGHSsNM.exe
  2⤵
  PID:7492
- C:\Windows\System\RwxschN.exe
  C:\Windows\System\RwxschN.exe
  2⤵
  PID:7788
- C:\Windows\System\ePrdbDx.exe
  C:\Windows\System\ePrdbDx.exe
  2⤵
  PID:7768
- C:\Windows\System\FgSaSiz.exe
  C:\Windows\System\FgSaSiz.exe
  2⤵
  PID:8080
- C:\Windows\System\tyMYliF.exe
  C:\Windows\System\tyMYliF.exe
  2⤵
  PID:8196
- C:\Windows\System\sLRlTqP.exe
  C:\Windows\System\sLRlTqP.exe
  2⤵
  PID:8212
- C:\Windows\System\ZboKNDV.exe
  C:\Windows\System\ZboKNDV.exe
  2⤵
  PID:8228
- C:\Windows\System\ddOstAp.exe
  C:\Windows\System\ddOstAp.exe
  2⤵
  PID:8244
- C:\Windows\System\weZSbfR.exe
  C:\Windows\System\weZSbfR.exe
  2⤵
  PID:8260
- C:\Windows\System\ueONYIm.exe
  C:\Windows\System\ueONYIm.exe
  2⤵
  PID:8276
- C:\Windows\System\cVjZWtc.exe
  C:\Windows\System\cVjZWtc.exe
  2⤵
  PID:8292
- C:\Windows\System\RCAafIW.exe
  C:\Windows\System\RCAafIW.exe
  2⤵
  PID:8312
- C:\Windows\System\bSDLYDM.exe
  C:\Windows\System\bSDLYDM.exe
  2⤵
  PID:8336
- C:\Windows\System\JXarlXJ.exe
  C:\Windows\System\JXarlXJ.exe
  2⤵
  PID:8356
- C:\Windows\System\hjbzSZz.exe
  C:\Windows\System\hjbzSZz.exe
  2⤵
  PID:8376
- C:\Windows\System\yzSbSTD.exe
  C:\Windows\System\yzSbSTD.exe
  2⤵
  PID:8396
- C:\Windows\System\wvWVPBf.exe
  C:\Windows\System\wvWVPBf.exe
  2⤵
  PID:8412
- C:\Windows\System\dbliUvv.exe
  C:\Windows\System\dbliUvv.exe
  2⤵
  PID:8436
- C:\Windows\System\tFjtIpy.exe
  C:\Windows\System\tFjtIpy.exe
  2⤵
  PID:8452
- C:\Windows\System\OLZxhLH.exe
  C:\Windows\System\OLZxhLH.exe
  2⤵
  PID:8468
- C:\Windows\System\ifUQXiE.exe
  C:\Windows\System\ifUQXiE.exe
  2⤵
  PID:8484
- C:\Windows\System\aNhgxZA.exe
  C:\Windows\System\aNhgxZA.exe
  2⤵
  PID:8504
- C:\Windows\System\QoAKsfs.exe
  C:\Windows\System\QoAKsfs.exe
  2⤵
  PID:8520
- C:\Windows\System\gxUzrPt.exe
  C:\Windows\System\gxUzrPt.exe
  2⤵
  PID:8536
- C:\Windows\System\tgjYsxM.exe
  C:\Windows\System\tgjYsxM.exe
  2⤵
  PID:8552
- C:\Windows\System\qCILjiU.exe
  C:\Windows\System\qCILjiU.exe
  2⤵
  PID:8568
- C:\Windows\System\haaIcPP.exe
  C:\Windows\System\haaIcPP.exe
  2⤵
  PID:8584
- C:\Windows\System\goYCBcD.exe
  C:\Windows\System\goYCBcD.exe
  2⤵
  PID:8600
- C:\Windows\System\HtrjrgH.exe
  C:\Windows\System\HtrjrgH.exe
  2⤵
  PID:8616
- C:\Windows\System\zrRXete.exe
  C:\Windows\System\zrRXete.exe
  2⤵
  PID:8632
- C:\Windows\System\LMUBkwq.exe
  C:\Windows\System\LMUBkwq.exe
  2⤵
  PID:8648
- C:\Windows\System\AVOQfxH.exe
  C:\Windows\System\AVOQfxH.exe
  2⤵
  PID:8664
- C:\Windows\System\UWeYiuS.exe
  C:\Windows\System\UWeYiuS.exe
  2⤵
  PID:8680
- C:\Windows\System\IQQlyGp.exe
  C:\Windows\System\IQQlyGp.exe
  2⤵
  PID:8696
- C:\Windows\System\SlbGkTF.exe
  C:\Windows\System\SlbGkTF.exe
  2⤵
  PID:8716
- C:\Windows\System\NHIWYRW.exe
  C:\Windows\System\NHIWYRW.exe
  2⤵
  PID:8732
- C:\Windows\System\hfJrAGN.exe
  C:\Windows\System\hfJrAGN.exe
  2⤵
  PID:8988
- C:\Windows\System\KqyqQIy.exe
  C:\Windows\System\KqyqQIy.exe
  2⤵
  PID:9004
- C:\Windows\System\piBilZM.exe
  C:\Windows\System\piBilZM.exe
  2⤵
  PID:9060
- C:\Windows\System\YURtPiq.exe
  C:\Windows\System\YURtPiq.exe
  2⤵
  PID:9076
- C:\Windows\System\vQKStUn.exe
  C:\Windows\System\vQKStUn.exe
  2⤵
  PID:9096
- C:\Windows\System\CiYuzQt.exe
  C:\Windows\System\CiYuzQt.exe
  2⤵
  PID:9116
- C:\Windows\System\RUVYXeC.exe
  C:\Windows\System\RUVYXeC.exe
  2⤵
  PID:9132
- C:\Windows\System\bNLCuQj.exe
  C:\Windows\System\bNLCuQj.exe
  2⤵
  PID:9152
- C:\Windows\System\ZAhaQXp.exe
  C:\Windows\System\ZAhaQXp.exe
  2⤵
  PID:9172
- C:\Windows\System\EHrNDEq.exe
  C:\Windows\System\EHrNDEq.exe
  2⤵
  PID:9192
- C:\Windows\System\xeCMLpX.exe
  C:\Windows\System\xeCMLpX.exe
  2⤵
  PID:9212
- C:\Windows\System\OtXQhAl.exe
  C:\Windows\System\OtXQhAl.exe
  2⤵
  PID:1904
- C:\Windows\System\tuewqgp.exe
  C:\Windows\System\tuewqgp.exe
  2⤵
  PID:8256
- C:\Windows\System\GAvrGkp.exe
  C:\Windows\System\GAvrGkp.exe
  2⤵
  PID:8344
- C:\Windows\System\zsYXPPT.exe
  C:\Windows\System\zsYXPPT.exe
  2⤵
  PID:8364
- C:\Windows\System\rtvuRBk.exe
  C:\Windows\System\rtvuRBk.exe
  2⤵
  PID:8388
- C:\Windows\System\fZSEonJ.exe
  C:\Windows\System\fZSEonJ.exe
  2⤵
  PID:8460
- C:\Windows\System\KxugFxD.exe
  C:\Windows\System\KxugFxD.exe
  2⤵
  PID:8492
- C:\Windows\System\YeXrOhl.exe
  C:\Windows\System\YeXrOhl.exe
  2⤵
  PID:8512
- C:\Windows\System\RXFmyQk.exe
  C:\Windows\System\RXFmyQk.exe
  2⤵
  PID:8548
- C:\Windows\System\ZrqHzXG.exe
  C:\Windows\System\ZrqHzXG.exe
  2⤵
  PID:8564
- C:\Windows\System\tJxvetd.exe
  C:\Windows\System\tJxvetd.exe
  2⤵
  PID:7068
- C:\Windows\System\bnFUfnh.exe
  C:\Windows\System\bnFUfnh.exe
  2⤵
  PID:8612
- C:\Windows\System\HjmQHxH.exe
  C:\Windows\System\HjmQHxH.exe
  2⤵
  PID:8672
- C:\Windows\System\lIBjIXH.exe
  C:\Windows\System\lIBjIXH.exe
  2⤵
  PID:8676
- C:\Windows\System\nkCYCsm.exe
  C:\Windows\System\nkCYCsm.exe
  2⤵
  PID:8712
- C:\Windows\System\FVmutHR.exe
  C:\Windows\System\FVmutHR.exe
  2⤵
  PID:8748
- C:\Windows\System\NmsHQZO.exe
  C:\Windows\System\NmsHQZO.exe
  2⤵
  PID:8768
- C:\Windows\System\FUpzfxa.exe
  C:\Windows\System\FUpzfxa.exe
  2⤵
  PID:8784
- C:\Windows\System\cjpkOdW.exe
  C:\Windows\System\cjpkOdW.exe
  2⤵
  PID:8804
- C:\Windows\System\oAEXkVy.exe
  C:\Windows\System\oAEXkVy.exe
  2⤵
  PID:8816
- C:\Windows\System\HTQGWhd.exe
  C:\Windows\System\HTQGWhd.exe
  2⤵
  PID:8832
- C:\Windows\System\QSZBNpw.exe
  C:\Windows\System\QSZBNpw.exe
  2⤵
  PID:8848
- C:\Windows\System\RMwtlOi.exe
  C:\Windows\System\RMwtlOi.exe
  2⤵
  PID:8864
- C:\Windows\System\FzxKHNF.exe
  C:\Windows\System\FzxKHNF.exe
  2⤵
  PID:8884
- C:\Windows\System\rMZLqWC.exe
  C:\Windows\System\rMZLqWC.exe
  2⤵
  PID:8896
- C:\Windows\System\UNYcZEc.exe
  C:\Windows\System\UNYcZEc.exe
  2⤵
  PID:8912
- C:\Windows\System\utNmLnZ.exe
  C:\Windows\System\utNmLnZ.exe
  2⤵
  PID:340
- C:\Windows\System\brMZOgo.exe
  C:\Windows\System\brMZOgo.exe
  2⤵
  PID:8936
- C:\Windows\System\WUUMRlx.exe
  C:\Windows\System\WUUMRlx.exe
  2⤵
  PID:8972
- C:\Windows\System\AmktDZd.exe
  C:\Windows\System\AmktDZd.exe
  2⤵
  PID:8940
- C:\Windows\System\JsUybah.exe
  C:\Windows\System\JsUybah.exe
  2⤵
  PID:9024
- C:\Windows\System\EEcFVNb.exe
  C:\Windows\System\EEcFVNb.exe
  2⤵
  PID:8960
- C:\Windows\System\nfxwvOz.exe
  C:\Windows\System\nfxwvOz.exe
  2⤵
  PID:9068
- C:\Windows\System\bEcJBXQ.exe
  C:\Windows\System\bEcJBXQ.exe
  2⤵
  PID:9040
- C:\Windows\System\QqFEvum.exe
  C:\Windows\System\QqFEvum.exe
  2⤵
  PID:9108
- C:\Windows\System\jqQLksu.exe
  C:\Windows\System\jqQLksu.exe
  2⤵
  PID:9056
- C:\Windows\System\FmtsIuh.exe
  C:\Windows\System\FmtsIuh.exe
  2⤵
  PID:9092
- C:\Windows\System\ZgiVFGK.exe
  C:\Windows\System\ZgiVFGK.exe
  2⤵
  PID:9180
- C:\Windows\System\dDGwAao.exe
  C:\Windows\System\dDGwAao.exe
  2⤵
  PID:9204
- C:\Windows\System\uETqYDi.exe
  C:\Windows\System\uETqYDi.exe
  2⤵
  PID:9168
- C:\Windows\System\ScuQmRY.exe
  C:\Windows\System\ScuQmRY.exe
  2⤵
  PID:8288
- C:\Windows\System\fXkxilO.exe
  C:\Windows\System\fXkxilO.exe
  2⤵
  PID:8268
- C:\Windows\System\aJLsBBp.exe
  C:\Windows\System\aJLsBBp.exe
  2⤵
  PID:8372
- C:\Windows\System\XmSqiqo.exe
  C:\Windows\System\XmSqiqo.exe
  2⤵
  PID:8352
- C:\Windows\System\ZrJmzIa.exe
  C:\Windows\System\ZrJmzIa.exe
  2⤵
  PID:8432
- C:\Windows\System\JKuNVMM.exe
  C:\Windows\System\JKuNVMM.exe
  2⤵
  PID:8544
- C:\Windows\System\zQHviyJ.exe
  C:\Windows\System\zQHviyJ.exe
  2⤵
  PID:8624
- C:\Windows\System\rZSVwke.exe
  C:\Windows\System\rZSVwke.exe
  2⤵
  PID:8688
- C:\Windows\System\HchjxYN.exe
  C:\Windows\System\HchjxYN.exe
  2⤵
  PID:8724
- C:\Windows\System\WLjLeJd.exe
  C:\Windows\System\WLjLeJd.exe
  2⤵
  PID:8796
- C:\Windows\System\DopQZiY.exe
  C:\Windows\System\DopQZiY.exe
  2⤵
  PID:8808
- C:\Windows\System\WwTtQNC.exe
  C:\Windows\System\WwTtQNC.exe
  2⤵
  PID:8856
- C:\Windows\System\gTPCtem.exe
  C:\Windows\System\gTPCtem.exe
  2⤵
  PID:8892
- C:\Windows\System\KxVxrYA.exe
  C:\Windows\System\KxVxrYA.exe
  2⤵
  PID:8904
- C:\Windows\System\GecUuoZ.exe
  C:\Windows\System\GecUuoZ.exe
  2⤵
  PID:8932
- C:\Windows\System\gttQwDt.exe
  C:\Windows\System\gttQwDt.exe
  2⤵
  PID:8968
- C:\Windows\System\stugUzW.exe
  C:\Windows\System\stugUzW.exe
  2⤵
  PID:9028
- C:\Windows\System\csLkdLA.exe
  C:\Windows\System\csLkdLA.exe
  2⤵
  PID:8956
- C:\Windows\System\ISFoFOz.exe
  C:\Windows\System\ISFoFOz.exe
  2⤵
  PID:9088
- C:\Windows\System\MRTSgeU.exe
  C:\Windows\System\MRTSgeU.exe
  2⤵
  PID:9144
- C:\Windows\System\ONfhBCT.exe
  C:\Windows\System\ONfhBCT.exe
  2⤵
  PID:9160
- C:\Windows\System\afDeQvx.exe
  C:\Windows\System\afDeQvx.exe
  2⤵
  PID:9164
- C:\Windows\System\FdbzHum.exe
  C:\Windows\System\FdbzHum.exe
  2⤵
  PID:8428
- C:\Windows\System\VIwdUXJ.exe
  C:\Windows\System\VIwdUXJ.exe
  2⤵
  PID:8220
- C:\Windows\System\PtfzLhv.exe
  C:\Windows\System\PtfzLhv.exe
  2⤵
  PID:8444
- C:\Windows\System\vCUwNKP.exe
  C:\Windows\System\vCUwNKP.exe
  2⤵
  PID:8692
- C:\Windows\System\lTrgjgm.exe
  C:\Windows\System\lTrgjgm.exe
  2⤵
  PID:8780
- C:\Windows\System\DKwFOAy.exe
  C:\Windows\System\DKwFOAy.exe
  2⤵
  PID:8824
- C:\Windows\System\socMayR.exe
  C:\Windows\System\socMayR.exe
  2⤵
  PID:8876
- C:\Windows\System\oUjNaKu.exe
  C:\Windows\System\oUjNaKu.exe
  2⤵
  PID:8984
- C:\Windows\System\ZyjBcmD.exe
  C:\Windows\System\ZyjBcmD.exe
  2⤵
  PID:9048
- C:\Windows\System\RpSoGwb.exe
  C:\Windows\System\RpSoGwb.exe
  2⤵
  PID:1688
- C:\Windows\System\tszcpWv.exe
  C:\Windows\System\tszcpWv.exe
  2⤵
  PID:9112
- C:\Windows\System\nfgfXpI.exe
  C:\Windows\System\nfgfXpI.exe
  2⤵
  PID:8464
- C:\Windows\System\TiDQLLe.exe
  C:\Windows\System\TiDQLLe.exe
  2⤵
  PID:8756
- C:\Windows\System\hbuNhPQ.exe
  C:\Windows\System\hbuNhPQ.exe
  2⤵
  PID:8760
- C:\Windows\System\WtXsZBC.exe
  C:\Windows\System\WtXsZBC.exe
  2⤵
  PID:8952
- C:\Windows\System\vJBgDvC.exe
  C:\Windows\System\vJBgDvC.exe
  2⤵
  PID:8924
- C:\Windows\System\gvdjEbv.exe
  C:\Windows\System\gvdjEbv.exe
  2⤵
  PID:8764
- C:\Windows\System\OHWuCZT.exe
  C:\Windows\System\OHWuCZT.exe
  2⤵
  PID:8704
- C:\Windows\System\QcfhzJV.exe
  C:\Windows\System\QcfhzJV.exe
  2⤵
  PID:8576
- C:\Windows\System\uMqQLgO.exe
  C:\Windows\System\uMqQLgO.exe
  2⤵
  PID:8404
- C:\Windows\System\gzOZeOG.exe
  C:\Windows\System\gzOZeOG.exe
  2⤵
  PID:9224
- C:\Windows\System\KxWegGy.exe
  C:\Windows\System\KxWegGy.exe
  2⤵
  PID:9240
- C:\Windows\System\bIpVVUM.exe
  C:\Windows\System\bIpVVUM.exe
  2⤵
  PID:9256
- C:\Windows\System\IfEnqyG.exe
  C:\Windows\System\IfEnqyG.exe
  2⤵
  PID:9272
- C:\Windows\System\NYeITSZ.exe
  C:\Windows\System\NYeITSZ.exe
  2⤵
  PID:9288
- C:\Windows\System\iwFyuzP.exe
  C:\Windows\System\iwFyuzP.exe
  2⤵
  PID:9304
- C:\Windows\System\yfUxBaq.exe
  C:\Windows\System\yfUxBaq.exe
  2⤵
  PID:9320
- C:\Windows\System\tqOJHUU.exe
  C:\Windows\System\tqOJHUU.exe
  2⤵
  PID:9340
- C:\Windows\System\ZPRwJoP.exe
  C:\Windows\System\ZPRwJoP.exe
  2⤵
  PID:9356
- C:\Windows\System\ivaWEcW.exe
  C:\Windows\System\ivaWEcW.exe
  2⤵
  PID:9372
- C:\Windows\System\kObAIup.exe
  C:\Windows\System\kObAIup.exe
  2⤵
  PID:9388
- C:\Windows\System\dVXfwxv.exe
  C:\Windows\System\dVXfwxv.exe
  2⤵
  PID:9420
- C:\Windows\System\bidUpyn.exe
  C:\Windows\System\bidUpyn.exe
  2⤵
  PID:9440
- C:\Windows\System\dIrZFlo.exe
  C:\Windows\System\dIrZFlo.exe
  2⤵
  PID:9460
- C:\Windows\System\HLdGesT.exe
  C:\Windows\System\HLdGesT.exe
  2⤵
  PID:9480
- C:\Windows\System\xGqigJH.exe
  C:\Windows\System\xGqigJH.exe
  2⤵
  PID:9496
- C:\Windows\System\CUxgNTc.exe
  C:\Windows\System\CUxgNTc.exe
  2⤵
  PID:9512
- C:\Windows\System\JGrpeAZ.exe
  C:\Windows\System\JGrpeAZ.exe
  2⤵
  PID:9528
- C:\Windows\System\DeAdUFU.exe
  C:\Windows\System\DeAdUFU.exe
  2⤵
  PID:9544
- C:\Windows\System\FlhCOfi.exe
  C:\Windows\System\FlhCOfi.exe
  2⤵
  PID:9560
- C:\Windows\System\rGjnfHg.exe
  C:\Windows\System\rGjnfHg.exe
  2⤵
  PID:9576
- C:\Windows\System\ySyVsed.exe
  C:\Windows\System\ySyVsed.exe
  2⤵
  PID:9592
- C:\Windows\System\MbaasGj.exe
  C:\Windows\System\MbaasGj.exe
  2⤵
  PID:9608
- C:\Windows\System\KrrpIdK.exe
  C:\Windows\System\KrrpIdK.exe
  2⤵
  PID:9624
- C:\Windows\System\NjXBBie.exe
  C:\Windows\System\NjXBBie.exe
  2⤵
  PID:9640
- C:\Windows\System\RqMxlmE.exe
  C:\Windows\System\RqMxlmE.exe
  2⤵
  PID:9656
- C:\Windows\System\gYNYxEh.exe
  C:\Windows\System\gYNYxEh.exe
  2⤵
  PID:9672
- C:\Windows\System\rWmAutd.exe
  C:\Windows\System\rWmAutd.exe
  2⤵
  PID:9688
- C:\Windows\System\ZkERSrh.exe
  C:\Windows\System\ZkERSrh.exe
  2⤵
  PID:9708
- C:\Windows\System\WnLcrwL.exe
  C:\Windows\System\WnLcrwL.exe
  2⤵
  PID:9724
- C:\Windows\System\brgvuJb.exe
  C:\Windows\System\brgvuJb.exe
  2⤵
  PID:9744
- C:\Windows\System\uyoRSsV.exe
  C:\Windows\System\uyoRSsV.exe
  2⤵
  PID:9772
- C:\Windows\System\qTfEjAl.exe
  C:\Windows\System\qTfEjAl.exe
  2⤵
  PID:9788
- C:\Windows\System\iqcwbAB.exe
  C:\Windows\System\iqcwbAB.exe
  2⤵
  PID:9804
- C:\Windows\System\NhagjLb.exe
  C:\Windows\System\NhagjLb.exe
  2⤵
  PID:9824
- C:\Windows\System\wYOcczt.exe
  C:\Windows\System\wYOcczt.exe
  2⤵
  PID:9840
- C:\Windows\System\FMScsAx.exe
  C:\Windows\System\FMScsAx.exe
  2⤵
  PID:9860
- C:\Windows\System\tVgcTZY.exe
  C:\Windows\System\tVgcTZY.exe
  2⤵
  PID:9876
- C:\Windows\System\ENsDWCW.exe
  C:\Windows\System\ENsDWCW.exe
  2⤵
  PID:9896
- C:\Windows\System\LmuwhdS.exe
  C:\Windows\System\LmuwhdS.exe
  2⤵
  PID:9912
- C:\Windows\System\aPMGits.exe
  C:\Windows\System\aPMGits.exe
  2⤵
  PID:9928
- C:\Windows\System\IKlJjDI.exe
  C:\Windows\System\IKlJjDI.exe
  2⤵
  PID:9944
- C:\Windows\System\TDVigHf.exe
  C:\Windows\System\TDVigHf.exe
  2⤵
  PID:9960
- C:\Windows\System\byqDirv.exe
  C:\Windows\System\byqDirv.exe
  2⤵
  PID:9980
- C:\Windows\System\kwydPXu.exe
  C:\Windows\System\kwydPXu.exe
  2⤵
  PID:9996
- C:\Windows\System\wshZSwk.exe
  C:\Windows\System\wshZSwk.exe
  2⤵
  PID:10012
- C:\Windows\System\flzjznF.exe
  C:\Windows\System\flzjznF.exe
  2⤵
  PID:10044
- C:\Windows\System\AXNzgIG.exe
  C:\Windows\System\AXNzgIG.exe
  2⤵
  PID:10096
- C:\Windows\System\vFoKNON.exe
  C:\Windows\System\vFoKNON.exe
  2⤵
  PID:10112
- C:\Windows\System\bZpnvAJ.exe
  C:\Windows\System\bZpnvAJ.exe
  2⤵
  PID:10128
- C:\Windows\System\TKEYgSa.exe
  C:\Windows\System\TKEYgSa.exe
  2⤵
  PID:10148
- C:\Windows\System\mOknVGS.exe
  C:\Windows\System\mOknVGS.exe
  2⤵
  PID:10180
- C:\Windows\System\aADWDHs.exe
  C:\Windows\System\aADWDHs.exe
  2⤵
  PID:10224
- C:\Windows\System\JisRyDD.exe
  C:\Windows\System\JisRyDD.exe
  2⤵
  PID:9220
- C:\Windows\System\ecleltx.exe
  C:\Windows\System\ecleltx.exe
  2⤵
  PID:9284
- C:\Windows\System\YMZuXHq.exe
  C:\Windows\System\YMZuXHq.exe
  2⤵
  PID:9332
- C:\Windows\System\NqxifeO.exe
  C:\Windows\System\NqxifeO.exe
  2⤵
  PID:9380
- C:\Windows\System\DDAGirW.exe
  C:\Windows\System\DDAGirW.exe
  2⤵
  PID:9400
- C:\Windows\System\kRKnjpu.exe
  C:\Windows\System\kRKnjpu.exe
  2⤵
  PID:9416
- C:\Windows\System\ZJRlVBl.exe
  C:\Windows\System\ZJRlVBl.exe
  2⤵
  PID:9448
- C:\Windows\System\bXQVSKK.exe
  C:\Windows\System\bXQVSKK.exe
  2⤵
  PID:9468
- C:\Windows\System\ampUsnH.exe
  C:\Windows\System\ampUsnH.exe
  2⤵
  PID:8660
- C:\Windows\System\kDLvRfQ.exe
  C:\Windows\System\kDLvRfQ.exe
  2⤵
  PID:9524
- C:\Windows\System\ZxdrzyG.exe
  C:\Windows\System\ZxdrzyG.exe
  2⤵
  PID:9572
- C:\Windows\System\LmNbUIB.exe
  C:\Windows\System\LmNbUIB.exe
  2⤵
  PID:9616
- C:\Windows\System\YdKKdrB.exe
  C:\Windows\System\YdKKdrB.exe
  2⤵
  PID:9600
- C:\Windows\System\GDFOtTT.exe
  C:\Windows\System\GDFOtTT.exe
  2⤵
  PID:9648
- C:\Windows\System\nfAqCwH.exe
  C:\Windows\System\nfAqCwH.exe
  2⤵
  PID:9668
- C:\Windows\System\yMkyRui.exe
  C:\Windows\System\yMkyRui.exe
  2⤵
  PID:9732
- C:\Windows\System\qPkvhhm.exe
  C:\Windows\System\qPkvhhm.exe
  2⤵
  PID:9740
- C:\Windows\System\UhlhagZ.exe
  C:\Windows\System\UhlhagZ.exe
  2⤵
  PID:9780
- C:\Windows\System\BwXMugY.exe
  C:\Windows\System\BwXMugY.exe
  2⤵
  PID:9816
- C:\Windows\System\ZZCjZiE.exe
  C:\Windows\System\ZZCjZiE.exe
  2⤵
  PID:9856
- C:\Windows\System\NEpEUCI.exe
  C:\Windows\System\NEpEUCI.exe
  2⤵
  PID:9736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AEugkhA.exe

Filesize
6.0MB

MD5
b41ea85050d6777c808881e129e3ecda

SHA1
20fa3c404d5d98bccc5bc22d2d12b3c3dee7a881

SHA256
faaa4b32fc08bd722e24bc09639f507d5cafb347435a969b7d3bf50dbe71baaa

SHA512
eff8f7cd4aec2c714b75abcbe92553dede10b226cd27adfbcbfad7224233ea9a0d8795f13289da303ca8b154cc33cad74338246e970f543ce34f9a9b4aceddb7

Download Submit
C:\Windows\system\FZvPGMh.exe

Filesize
6.0MB

MD5
7fbccc9d7c4b8a06f92323736810eb48

SHA1
e266fd43fa68122d199690a1cf400896383f7235

SHA256
b36cad0b43dd6262a71272d6ddcc3eacb5997c573d82dea05b40dfb04d588c48

SHA512
f21434908f1a7de9c48e18595e4623f2b89ee489a28fc04c300a496355bbe44bbf7cdef16f37949e6efe25ef0e61ce6a95c7ef28af35e1f6d48b7a65bb46d448

Download Submit
C:\Windows\system\KGBoJXW.exe

Filesize
6.0MB

MD5
746e17bd6acbb4a115d8d9090ff4d0d5

SHA1
887506365ffa6981e44d265f04f5edc77d38635a

SHA256
445055b050c74fbaa1ca2e82c786083c3c8b368a28e56f95aa8734fe9fa88d0d

SHA512
37b103cfcb4c66f7d66e8524843f368bb9fba5c811dbc72d9e92876a69036bf28fd75367d5b35df0d1eb00ba623329b72319f0bc7ba29b1e298f86b80c3b79c0

Download Submit
C:\Windows\system\MDqOrdR.exe

Filesize
6.0MB

MD5
31c70ae1006366ab3715f84eb404ae85

SHA1
8faae1c0306952f1efe9ddc3cc038fb1733102de

SHA256
84627cc8b0fc8a1d835fd6eca874956d9c8e5b036f40d6f4f8cd9ce0062be30e

SHA512
0af36813cc5723be09dc0cea664ffa00f1282cb6f18ef724fc1d90eac40c924d7552d2df01e8aed725f0c90bbd198f6b784208cf6eb4b488104ed8191e5f06a9

Download Submit
C:\Windows\system\NzIWgkm.exe

Filesize
6.0MB

MD5
35f1ddc8d3bf877a8bc38e2b573e34e4

SHA1
7e5cc61688e3b36c98861a8971f986c3b1653b77

SHA256
c0d6bcd5c66498d44f5059c18974e923328500942407afbfc6801ca327fa5489

SHA512
d3fe5e9f49f190149e217d3fe33944069f1efb9697fe24bac20eaf75237836162bae5f670de8032edf773b769cceb51b8442b3a620912af32006fdaefbf4fb0d

Download Submit
C:\Windows\system\RmKevps.exe

Filesize
6.0MB

MD5
26fac6d867d6208acf3674b8beef6bb5

SHA1
675c807973165a2e493290a0a76131518dd00be1

SHA256
11dd035ac62c14c2cfa7df75a861ae12f4ca13b1c34a08d26b54bc9a987b20c4

SHA512
34e76355e8ec4484b53c210c56e0df7ca084942d6856c76796ca6dcd6e993105f8051b38878dac2502c6906c85bb9895bc98e54ce7c9b52de0b6bcaa785e360b

Download Submit
C:\Windows\system\WdMQyTJ.exe

Filesize
6.0MB

MD5
6d8c387c776d5210a2f648480e6db61d

SHA1
7aa4c6b8b4c10389e561187c7b09d31e8cd5df9b

SHA256
2bd2b5bfa75398deae15de9afebeeaccd8c6b18a116cbe193ce6999c1297be7d

SHA512
58de5550e98d9d08379abfd8ea3e7caadad8336e8d39590dd843215f9d3a23862cacc4e6f8f7ecaa9fa416a93537088dc49ee86bcdc6f3742b5c3224d448a45d

Download Submit
C:\Windows\system\bazWrYb.exe

Filesize
6.0MB

MD5
1c3f3b977535851a4d4959717107527c

SHA1
45806e6320acc0e107dc6e37665bbd26d4c1899b

SHA256
90641d7927f23e71b54d1fe0e16a50fe6d5b57ea0d70b89c6ce9017194ac053b

SHA512
94de3ff3e11a46914145e7f062652b224c155ade39b4b4c9c1b3c996edc442e0dce865ef52214ecaf3458bc9de1abe75833ca32dfe0e4cf845e55298a26ebc46

Download Submit
C:\Windows\system\bdochHG.exe

Filesize
6.0MB

MD5
108f24c7ed96cb3306947c368e665824

SHA1
625a2dbe9e74730a1937497a97da2091879b0154

SHA256
5972e55885080c74d05c55bec46a2ddffabe7d4b2b61af77ce43bf4601ef6b0f

SHA512
06c5ad4fad9d0fea0f1578f6e5a1512a22e77aa6fa3e2e66ecdc196ab63e84f8d3238eea3327c63d0049e0c8774008d3b34e1cd91af1761d8c328f0770607e58

Download Submit
C:\Windows\system\dwNpGhp.exe

Filesize
6.0MB

MD5
8cdf089580b27b0b32ef5f0e86995e9b

SHA1
0185b42a07d53d6edecbdbbcf656b0f5ed3458ea

SHA256
b36b8b95cf005e817009f965149e98851bc1bbdfb486f1555ff7d1534d3dcb74

SHA512
352494afd07b6a4ba1e99f0e191bde26d082ec2e7ede744e681a36f2f21d3a0858e99116bd40213785d2647fbd99309bfac84827e55bab12e2c8be9d076381a1

Download Submit
C:\Windows\system\eMTxpxt.exe

Filesize
6.0MB

MD5
33c39b78e1ade018a88241d127a33dab

SHA1
ae6a3ae77b7e949714a290473fcac5a5343c9f0f

SHA256
f9a0c958c5e78124747ebce24273afab697e434187182482d88a5601ac648d3a

SHA512
ba3b39ae1f865045fdfe56af32ad865c04dff3e32e6bd74bfac98c9727931ec221cbbe010f23a139c729efc778640197461e918df2cca3d99e8c058d2dacfbe6

Download Submit
C:\Windows\system\eTGBEyT.exe

Filesize
6.0MB

MD5
7e6bd85eb7ae2165dfbf163c0cd3f057

SHA1
f5d68ebb4d4096fa850ce5e01f59186c365dc13c

SHA256
9ef7e6800d8c48a02950f4798792190c6bd54c9f9521d71e1d58ed518a1979be

SHA512
7b523677989816613095b13ec1eca30a3eb298be3e8469ec7f6b60e490a1a02229e15beff0033c46951d6583f84814a9a75a5dc12310007b461628a6841a9657

Download Submit
C:\Windows\system\fqyYUqf.exe

Filesize
6.0MB

MD5
4b5641fc70c3a1d939d088fc51b7fc45

SHA1
d8bf628397ce989b174d47292c26382f34a93499

SHA256
d5219da58e2e9a10720a3a0a909731c9a5976661e263bee4eb7fbb6911da0ab0

SHA512
6ec43aad0d7feceb92635037a0bccfbb195b46fff11ed363d1ad1edf590a19807cf0c22a56d45360253076324494cfa2785bc6ab7f8671e2a20ca2fa5ca83414

Download Submit
C:\Windows\system\gINYZPP.exe

Filesize
6.0MB

MD5
e52f0739a1a7141ab3ecf4a0feb2b435

SHA1
b6f0ff6fb6d8dc5d00c5963d74a4c9889982ad07

SHA256
3d5de105e2a953e36eabbc3bdbc68fb78a632d3d5219959d6088a96f3bf0adda

SHA512
5626c5da12221e165853d1c10477cfab4ad686aec1bc4643df46cba8352bbb361357b591e486bdf9e631f2fa564ea34b9b4b1b958fc8a9c2da2b36dce023867d

Download Submit
C:\Windows\system\ggSmsxI.exe

Filesize
6.0MB

MD5
e5f2fc06337a4ded08fac46aa12bc985

SHA1
66c35022544eb8b7a90d59008d860428baba60a1

SHA256
36d57627fb3a4cf1974c6b4db7581deb9455982114defbf8971faf28f2058c02

SHA512
0a13816d1064c0ba56e46e54098e03b5cf1e4a06997d683a68294ff2b1ca40f60c20b778e5ea8bd34b09f40a044b822fef604ee43b082d4b6a6ba10299dd2bb6

Download Submit
C:\Windows\system\gucvgbN.exe

Filesize
6.0MB

MD5
45772d6b8ac274cb36da91c38d80a0ae

SHA1
ac1ccc1dc3d87d369c4e6dc93ac96a7cfb8823ad

SHA256
98905bd48f5b1b297fc48d483ff0c55762cc47ee6f67829c6b6fde15ef97655e

SHA512
a9b13ef5f4b834aac19943abda4da75d9215ce4a4a252fa7c90bd821d3a340c0b443fe98b7f6c034a6c3ae36677fd6557ec2bf72329d54627a96a3e24a989043

Download Submit
C:\Windows\system\hCrkpgQ.exe

Filesize
6.0MB

MD5
946ebf84b6f7c92807c87b40de835e54

SHA1
54768f5410f942bb1f5977405f438705facf63bf

SHA256
918427580d4e164708a333d5debffe00738ccbd7878f7823c286792a34a57ae9

SHA512
b347416e94497b7c09e6cbbbb1186d3b51d6c1348ce6d2a1dba8494cf3065523b5e2f1cbc4b48e290b3a292102479e8648429d7a16a65e427580013678fb4962

Download Submit
C:\Windows\system\lUSshKw.exe

Filesize
6.0MB

MD5
3e4db82501c375bad47db03b82a2363b

SHA1
f04ef5af52a8ed34e5d499cc81b0421fc1c73929

SHA256
ef956d28c1f2016282b1615d3a8ad9a58d1faf4bda9a6a3cebebd81a436cef0d

SHA512
cf33ec21d60f5c35582b571bf7330b642411fb8f7140d905d5f74aedd4463558934a1236e13b66bd52b06ecf0633340a664efeb03a62ed693a3d5b1a41e08c6d

Download Submit
C:\Windows\system\uKtdxBm.exe

Filesize
6.0MB

MD5
81860015410031a5a72c11d76fac0a55

SHA1
a3387f30aa7d2dadba5197d044b4a0cd0937cd43

SHA256
3c908856648b5860b185f67fbf00efd0b54c12e67e6783641be04f0bf2f441cd

SHA512
370b6050a81bd637a1377b5323ed7836f8768042a57af3774616717cdaaeac84d07b12910ba9cf1f5d66e05f28c92688bc2600d9dbac83fbaa7c200234f89494

Download Submit
C:\Windows\system\uudYxTA.exe

Filesize
6.0MB

MD5
cb981edd977733683881b59c2516181b

SHA1
02b5d8fdb4a6a22ac7281bcf728255d4424aaae4

SHA256
9d74cb111259e1088d3e0bdd69d6c55f264c5a98554d4d4538dbf29ad95c1c38

SHA512
89a844447fe097e2212193345f855dfb42f27591d49f9fa1603abfd4d723c71a8b958b558be0f2ec352a4749c9307b07890d7a04779b5604150872a8bed18237

Download Submit
C:\Windows\system\vXgRMQv.exe

Filesize
6.0MB

MD5
8d1309f7604e4e60653d14e383cb3ef4

SHA1
af10c9278253c84e7d43a1ebde9ae3315d188acd

SHA256
a629faf176c3b56e5f1ced92fa2f9f4786212ccaabafa00213602d72732dc4e5

SHA512
4b301c3245db7f30575d32a67487d322772983944aff1bcfa4e5f94c06f41757c213cadeb7c3226a3ecf2b00dcc2bdd29ff796cb33701797778b055214c05ae7

Download Submit
C:\Windows\system\vlqniFs.exe

Filesize
6.0MB

MD5
f19dff222e1878309f2b7e9359e64d91

SHA1
649894c6a87a8e28720212c6f3c817b43690481e

SHA256
a633acd2acbc1d56a4699f7dc8f870dbca1462ad9ee7a0c906ca22393b5dd4b3

SHA512
9634464e9546dc5030852aa525456c09102cdc10f7705352934b61fd7c5afadf6e599aeec3d83ea78b43f4a49f2b2d33b8917742388b572822d985a02e349c29

Download Submit
C:\Windows\system\wytfjTc.exe

Filesize
6.0MB

MD5
30d4647e2d174b4d296c6746d38b1348

SHA1
1f3f59fb48a3b36721f3760f43e6118885a1caab

SHA256
98dc023d430d313f9e5659d5860e4b70c5027ce00cdea635e3745a2f6cf730dd

SHA512
92541163a104bce8ec4863dbd7073fbca6b247ba0c8bcbdc99fdebb8cabc16489ae3c3fc6503c414eb44032ab3d72d2ca89770adb7b60781ebd425023eb0781f

Download Submit
C:\Windows\system\xRtnbEx.exe

Filesize
6.0MB

MD5
0b55e8593001da8ee53cd7c9cbde4993

SHA1
f70fa23179380225dda1d9d5d9e722a0fea69155

SHA256
3ee004d08d398e720fda01ea6ceb02637efa5a3cf69d2635adc39c674ef63cef

SHA512
5667b30917c38cf7452a03a69ee7d482ec5d5addb9493208df35eeb605cf21e8b294e9a505da8f5e3cbb24b525afb9c2c3fec285a8acb4f9a2f08ae58d4aa345

Download Submit
C:\Windows\system\yRLBnui.exe

Filesize
6.0MB

MD5
0b5faddf41af014a722a8ade2f576a00

SHA1
dc5085f7069499c71a30386696f30a7f9bf7b71b

SHA256
56fd97364901c2f303c2cb7702ba75e35b47e7a2af48ac426c94effe5e088f99

SHA512
e1f6660ca257f7d0fa9312a4c2ea3aa4d3a6557c7056df81a3e24ca9a865bb8d08826d443fa500262fabc9b3694fd0ac29a5c06e1649391b48734a765d29ee77

Download Submit
\Windows\system\OANbJuP.exe

Filesize
6.0MB

MD5
8c283c8881b89af43c87c7a0919aca29

SHA1
60974bc8c8c154d0e50fc3c0c9577e68e222316a

SHA256
cee79d898ddd3e2cd99d7fd1077d60cd78141c18d7068dd16f33b664af4d274f

SHA512
6b7c00bb44321ceb10ec815e4bb7d1328e048fb2e30bbc4dc38c83838fcc82700a02cf752970f09a580b8fd9e1f5312dc11547f5f7cfeaa1142c3bd6ef970481

Download Submit
\Windows\system\UVLNzjd.exe

Filesize
6.0MB

MD5
8df39fd8835e21b40a1dc7f18ac0b0e6

SHA1
0eab12146265dbb2ac25e9c3ebf9363f907c5524

SHA256
41620607a261fdbf9c7e40aaff808b2602d23413a98948e5a16b3d290b42dc3d

SHA512
6f5faad23970914d72350a6e135d7519c8a6fcea8b659a87976c3d234535e4e053d288678ec492621afbd0f74bff6791e7b5e6a7fef3695e1d6165668b481017

Download Submit
\Windows\system\YqcqUER.exe

Filesize
6.0MB

MD5
e8b7c3f2cbbc0b25cdd67b9faf72e548

SHA1
cdc182b091abfece9f3d2651d2d714145213293e

SHA256
6335ee6d570643298a5c171c8970f3e476b5ce9453c8ae2e30370282b98c9af2

SHA512
12beedbaab0db456ab1378fdfbd561e6ec1debc98b24cca9577ff7e0af4a1556fbec678e2836c5dfed869c08ee4ecb6de29e71badbd89e234814bff5f1a29c44

Download Submit
\Windows\system\bzxgfZX.exe

Filesize
6.0MB

MD5
4fdc575388a160e38398ab99ac568eba

SHA1
691d96188c0d00e31e07a44d5fc2c17215617e6c

SHA256
ce0c4ffdcdd744224c0b8cb4de3db81013b4bd3f1a115745b1e432d65c9cbc20

SHA512
0084b69cdaaaf500f8501ac0342f11fe44ea2ff19227a8ba2143b1afeea68a31b6a068dcec6973b65bbd2bd643b24be19fac5ff653bbae134b5838475f20a9e7

Download Submit
\Windows\system\eJqvNkq.exe

Filesize
6.0MB

MD5
17ecbdfa00d73d9a8596f4a5a541dfd4

SHA1
6071f795fe370d21e9458b09312e9717b15100c5

SHA256
cf7bf18ca0493cf2650a012e82d14588d52f01bdc97f9e1177650ab333f2cfd8

SHA512
6001551e6747c85aeebb7765bf642e023f34396e41f4bc91fa977619a790db150aeb3d77366d8e6ce2139d395b3c57dde3ed6c12c70dcbdf710a5a7496a338db

Download Submit
\Windows\system\fPniqWJ.exe

Filesize
6.0MB

MD5
856daf7e31e79f041963c8fac725abb5

SHA1
e2bdb56bdd792f8cf34807d87d698bb2264d354a

SHA256
281335c4c9333168a9eedb841fb26421f26d393979c5cfa31bda795e256b9866

SHA512
80d6b74b3598a3c3042cf17a04c8914bb7c9e5cc2869b69946b428029c38779c7f9eb5ef9e056834ce6f972f7936a7687f08d9fff99cada8c4e9f4140d83d3fb

Download Submit
\Windows\system\pWUKHrO.exe

Filesize
6.0MB

MD5
d5a75097eeda9a5d7bea7a7a770e9130

SHA1
34361d67cb39011d179fd8d5ef74ac03f294a7c5

SHA256
1c4caaa3554ccd4153f61e199b13bb63c713e7b323918b11475dd38397891b3f

SHA512
439103ea594ff4f025a1d3f7195026a187699b0c4fdc3c94acf20c896f92bf59d115871a4902cb3e585f721106552670fc40da86155310511fd1bb3c3c181486

Download Submit
memory/432-61-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/432-1551-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/1196-1552-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1196-69-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1672-385-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1672-105-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1672-1599-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-32-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-1313-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1872-144-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/1872-87-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/1872-1554-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-109-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2004-1553-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2004-77-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2520-91-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2520-1555-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2520-214-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2716-37-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2716-1343-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2720-53-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1523-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2740-76-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-44-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-1519-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-84-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2776-102-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-251-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2776-430-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2776-79-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-0-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-96-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2776-97-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2776-71-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-68-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2776-67-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2776-60-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-10-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-8-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2776-19-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2776-40-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-35-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2776-100-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2776-74-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2776-36-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-38-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1220-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2812-43-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2812-13-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2848-21-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2848-1305-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2848-54-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2924-52-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2924-1223-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2924-16-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/3004-289-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/3004-99-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/3004-2343-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download