cobaltstrike | 3fd3d253c843ce6a66b4a7131c8258c7abc1114df797c868d6bce71f16165987

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 12:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

878c48b6c9580504df2f3863c1669794
SHA1

768927d08a7b323fc5160fee2d00208e5519b9f0
SHA256

3fd3d253c843ce6a66b4a7131c8258c7abc1114df797c868d6bce71f16165987
SHA512

7297813812cb54f48cbf885ed5724f4b16b1ed841cf364484b54735588956d50292ac433692d124e4ce3a4f0e6eb157e1b3f99d40538114012bfdf12908f3633
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUp:T+q56utgpPF8u/7p

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 39 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012101-3.dat	cobalt_reflective_dll
behavioral1/files/0x0016000000018657-8.dat	cobalt_reflective_dll
behavioral1/files/0x000f000000018662-12.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878d-22.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001867d-21.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000190c6-29.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c6-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c0-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49c-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4aa-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a431-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48c-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a434-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42f-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a345-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a1-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a067-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42b-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-102.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07b-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9f-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb9-84.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db8-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c4-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c8-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48e-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46a-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d44-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c53-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019da4-68.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d20-59.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3a-57.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191fd-45.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000190c9-35.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2120-0-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/files/0x0007000000012101-3.dat	xmrig
behavioral1/files/0x0016000000018657-8.dat	xmrig
behavioral1/files/0x000f000000018662-12.dat	xmrig
behavioral1/files/0x000600000001878d-22.dat	xmrig
behavioral1/files/0x000700000001867d-21.dat	xmrig
behavioral1/files/0x00070000000190c6-29.dat	xmrig
behavioral1/files/0x000500000001a4bb-171.dat	xmrig
behavioral1/memory/2888-76-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2120-737-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4c6-182.dat	xmrig
behavioral1/memory/2916-176-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4c0-174.dat	xmrig
behavioral1/files/0x000500000001a4b5-169.dat	xmrig
behavioral1/files/0x000500000001a49c-168.dat	xmrig
behavioral1/memory/2344-167-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b7-163.dat	xmrig
behavioral1/files/0x000500000001a4aa-154.dat	xmrig
behavioral1/files/0x000500000001a431-146.dat	xmrig
behavioral1/files/0x000500000001a42d-145.dat	xmrig
behavioral1/files/0x000500000001a49a-142.dat	xmrig
behavioral1/files/0x000500000001a48c-135.dat	xmrig
behavioral1/files/0x000500000001a434-127.dat	xmrig
behavioral1/files/0x000500000001a42f-120.dat	xmrig
behavioral1/files/0x000500000001a345-115.dat	xmrig
behavioral1/files/0x000500000001a0a1-113.dat	xmrig
behavioral1/files/0x000500000001a067-111.dat	xmrig
behavioral1/files/0x000500000001a42b-109.dat	xmrig
behavioral1/memory/2540-105-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a301-102.dat	xmrig
behavioral1/files/0x000500000001a07b-95.dat	xmrig
behavioral1/files/0x0005000000019f9f-89.dat	xmrig
behavioral1/memory/2812-88-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019fb9-84.dat	xmrig
behavioral1/files/0x0005000000019db8-75.dat	xmrig
behavioral1/files/0x000500000001a4c4-189.dat	xmrig
behavioral1/files/0x000500000001a4c8-185.dat	xmrig
behavioral1/files/0x000500000001a48e-150.dat	xmrig
behavioral1/files/0x000500000001a46a-149.dat	xmrig
behavioral1/memory/2296-94-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2948-93-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2772-83-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d44-81.dat	xmrig
behavioral1/files/0x0005000000019c53-72.dat	xmrig
behavioral1/memory/2768-71-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2340-69-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x0005000000019da4-68.dat	xmrig
behavioral1/memory/2944-63-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d20-59.dat	xmrig
behavioral1/files/0x0005000000019c3a-57.dat	xmrig
behavioral1/memory/2416-47-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x00070000000191fd-45.dat	xmrig
behavioral1/files/0x00070000000190c9-35.dat	xmrig
behavioral1/memory/2556-34-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2416-3769-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2296-3768-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2540-3771-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2556-3770-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2944-3777-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2340-3776-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2768-3775-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2812-3774-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2948-3773-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2888-3772-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2296	LneKnIu.exe
2556	HqWwZlr.exe
2416	CtGhuzW.exe
2540	QYDfPvN.exe
2944	STXswsr.exe
2340	XrfIsKx.exe
2768	TWPnXXl.exe
2888	qKFVXfL.exe
2772	EUZAFxj.exe
2812	VXDsDdp.exe
2344	yuqzpHC.exe
2916	doGtGHu.exe
2948	ofZcpHE.exe
2684	WzLmMFo.exe
2568	LIbHDha.exe
832	RZcPHls.exe
1740	UtxCspF.exe
2040	QPgKlkS.exe
1748	sRNavwD.exe
2852	JPDMjSZ.exe
2980	njLagVB.exe
904	jyvORaY.exe
1780	QClkFFO.exe
1000	hrhjdof.exe
1620	lhOfbau.exe
1920	CDwjdVy.exe
1552	lmoDOhB.exe
2628	IVlyZyd.exe
1952	ghzrBzM.exe
2436	mtGgxxv.exe
1560	TSjgnXO.exe
1816	KyXjIVr.exe
640	ceoAOJe.exe
1272	EZqRhXa.exe
1924	ZJqcCCz.exe
2832	hZwlIRc.exe
2716	XtxxmUN.exe
1352	EZSqKah.exe
1056	HfPDPLh.exe
1100	ZIWEzdY.exe
2584	qVutWcv.exe
1252	GXFAWMA.exe
296	PMQbkMD.exe
1556	KHQfIug.exe
756	vuQSXGK.exe
628	qkPyvRk.exe
2572	zbtCbIs.exe
2212	GTwTVxL.exe
2388	opsGDWt.exe
2204	WNZCwox.exe
1280	nAMEsor.exe
532	IXiWzqt.exe
2076	wPhYMOO.exe
1512	CwfKiGV.exe
1792	GXpZtrB.exe
1268	GhEFVFB.exe
2412	CbGjIPt.exe
1580	vUAMQwB.exe
2284	kKcBjYv.exe
2316	IJghsQN.exe
2764	eRzgtjb.exe
2744	nGXtIjH.exe
2288	JcOMfZn.exe
2292	QhuuqNu.exe

Loads dropped DLL 64 IoCs

pid	Process
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2120-0-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/files/0x0007000000012101-3.dat	upx
behavioral1/files/0x0016000000018657-8.dat	upx
behavioral1/files/0x000f000000018662-12.dat	upx
behavioral1/files/0x000600000001878d-22.dat	upx
behavioral1/files/0x000700000001867d-21.dat	upx
behavioral1/files/0x00070000000190c6-29.dat	upx
behavioral1/files/0x000500000001a4bb-171.dat	upx
behavioral1/memory/2888-76-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2120-737-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/files/0x000500000001a4c6-182.dat	upx
behavioral1/memory/2916-176-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x000500000001a4c0-174.dat	upx
behavioral1/files/0x000500000001a4b5-169.dat	upx
behavioral1/files/0x000500000001a49c-168.dat	upx
behavioral1/memory/2344-167-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x000500000001a4b7-163.dat	upx
behavioral1/files/0x000500000001a4aa-154.dat	upx
behavioral1/files/0x000500000001a431-146.dat	upx
behavioral1/files/0x000500000001a42d-145.dat	upx
behavioral1/files/0x000500000001a49a-142.dat	upx
behavioral1/files/0x000500000001a48c-135.dat	upx
behavioral1/files/0x000500000001a434-127.dat	upx
behavioral1/files/0x000500000001a42f-120.dat	upx
behavioral1/files/0x000500000001a345-115.dat	upx
behavioral1/files/0x000500000001a0a1-113.dat	upx
behavioral1/files/0x000500000001a067-111.dat	upx
behavioral1/files/0x000500000001a42b-109.dat	upx
behavioral1/memory/2540-105-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x000500000001a301-102.dat	upx
behavioral1/files/0x000500000001a07b-95.dat	upx
behavioral1/files/0x0005000000019f9f-89.dat	upx
behavioral1/memory/2812-88-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/files/0x0005000000019fb9-84.dat	upx
behavioral1/files/0x0005000000019db8-75.dat	upx
behavioral1/files/0x000500000001a4c4-189.dat	upx
behavioral1/files/0x000500000001a4c8-185.dat	upx
behavioral1/files/0x000500000001a48e-150.dat	upx
behavioral1/files/0x000500000001a46a-149.dat	upx
behavioral1/memory/2296-94-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2948-93-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2772-83-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x0005000000019d44-81.dat	upx
behavioral1/files/0x0005000000019c53-72.dat	upx
behavioral1/memory/2768-71-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2340-69-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x0005000000019da4-68.dat	upx
behavioral1/memory/2944-63-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x0005000000019d20-59.dat	upx
behavioral1/files/0x0005000000019c3a-57.dat	upx
behavioral1/memory/2416-47-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x00070000000191fd-45.dat	upx
behavioral1/files/0x00070000000190c9-35.dat	upx
behavioral1/memory/2556-34-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2416-3769-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2296-3768-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2540-3771-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2556-3770-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2944-3777-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2340-3776-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2768-3775-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2812-3774-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2948-3773-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2888-3772-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hbktZjW.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ameoWvo.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SaqOoBI.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BqbCpiE.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\InaMchX.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uGDiPiu.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uuwyEZn.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRfLNdI.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bWCvBfb.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GVNInbt.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftJvPuS.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jyvORaY.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\buBgfls.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xIdMFxF.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQVqOcp.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\asZaxVy.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dDosMaR.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MjlRcaL.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KznVWQc.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wzlwtmF.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mmNitoX.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GmZNnOc.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TWxjgdQ.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mWxGuJo.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MzDPhUL.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmSoQIr.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bIJMVPv.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QTPGqUQ.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hGjvJxu.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SPDthLh.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zTerCaY.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ddzTqyj.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRNavwD.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SXMOYfX.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gCemhxr.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dOdRJTc.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IKFTwDz.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pgLVLMR.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\erODYwi.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKQWInJ.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MizPdxN.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMoyzlS.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RkzIAKH.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JyFfxos.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rTDxQiU.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKnciND.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oIuHZgK.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KGYPzFz.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fWBODPe.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CrTsGcg.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ldyhaMS.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WNZCwox.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nvwHWPm.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFoIQCd.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YNTwHzJ.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xviZooj.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SorpuFw.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IVlyZyd.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DLfZsyk.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ujMNRvF.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IsFZcgX.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ILrhydT.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dpPqYme.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MVaRyoP.exe	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2296	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2120 wrote to memory of 2296	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2120 wrote to memory of 2296	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2120 wrote to memory of 2556	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2120 wrote to memory of 2556	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2120 wrote to memory of 2556	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2120 wrote to memory of 2416	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2120 wrote to memory of 2416	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2120 wrote to memory of 2416	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2120 wrote to memory of 2540	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2120 wrote to memory of 2540	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2120 wrote to memory of 2540	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2120 wrote to memory of 2944	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2120 wrote to memory of 2944	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2120 wrote to memory of 2944	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2120 wrote to memory of 2340	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2120 wrote to memory of 2340	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2120 wrote to memory of 2340	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2120 wrote to memory of 2768	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2120 wrote to memory of 2768	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2120 wrote to memory of 2768	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2120 wrote to memory of 2888	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2120 wrote to memory of 2888	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2120 wrote to memory of 2888	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2120 wrote to memory of 2772	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2120 wrote to memory of 2772	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2120 wrote to memory of 2772	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2120 wrote to memory of 2916	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2120 wrote to memory of 2916	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2120 wrote to memory of 2916	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2120 wrote to memory of 2812	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2120 wrote to memory of 2812	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2120 wrote to memory of 2812	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2120 wrote to memory of 2948	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2120 wrote to memory of 2948	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2120 wrote to memory of 2948	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2120 wrote to memory of 2344	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2120 wrote to memory of 2344	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2120 wrote to memory of 2344	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2120 wrote to memory of 2628	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2120 wrote to memory of 2628	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2120 wrote to memory of 2628	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2120 wrote to memory of 2684	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2120 wrote to memory of 2684	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2120 wrote to memory of 2684	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2120 wrote to memory of 1952	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2120 wrote to memory of 1952	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2120 wrote to memory of 1952	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2120 wrote to memory of 2568	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2120 wrote to memory of 2568	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2120 wrote to memory of 2568	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2120 wrote to memory of 2436	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2120 wrote to memory of 2436	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2120 wrote to memory of 2436	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2120 wrote to memory of 832	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2120 wrote to memory of 832	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2120 wrote to memory of 832	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2120 wrote to memory of 1816	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2120 wrote to memory of 1816	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2120 wrote to memory of 1816	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2120 wrote to memory of 1740	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2120 wrote to memory of 1740	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2120 wrote to memory of 1740	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2120 wrote to memory of 640	2120	2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_878c48b6c9580504df2f3863c1669794_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\System\LneKnIu.exe
  C:\Windows\System\LneKnIu.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\HqWwZlr.exe
  C:\Windows\System\HqWwZlr.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\CtGhuzW.exe
  C:\Windows\System\CtGhuzW.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\QYDfPvN.exe
  C:\Windows\System\QYDfPvN.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\STXswsr.exe
  C:\Windows\System\STXswsr.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\XrfIsKx.exe
  C:\Windows\System\XrfIsKx.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\TWPnXXl.exe
  C:\Windows\System\TWPnXXl.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\qKFVXfL.exe
  C:\Windows\System\qKFVXfL.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\EUZAFxj.exe
  C:\Windows\System\EUZAFxj.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\doGtGHu.exe
  C:\Windows\System\doGtGHu.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\VXDsDdp.exe
  C:\Windows\System\VXDsDdp.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\ofZcpHE.exe
  C:\Windows\System\ofZcpHE.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\yuqzpHC.exe
  C:\Windows\System\yuqzpHC.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\IVlyZyd.exe
  C:\Windows\System\IVlyZyd.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\WzLmMFo.exe
  C:\Windows\System\WzLmMFo.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\ghzrBzM.exe
  C:\Windows\System\ghzrBzM.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\LIbHDha.exe
  C:\Windows\System\LIbHDha.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\mtGgxxv.exe
  C:\Windows\System\mtGgxxv.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\RZcPHls.exe
  C:\Windows\System\RZcPHls.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\KyXjIVr.exe
  C:\Windows\System\KyXjIVr.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\UtxCspF.exe
  C:\Windows\System\UtxCspF.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\ceoAOJe.exe
  C:\Windows\System\ceoAOJe.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\QPgKlkS.exe
  C:\Windows\System\QPgKlkS.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\EZqRhXa.exe
  C:\Windows\System\EZqRhXa.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\sRNavwD.exe
  C:\Windows\System\sRNavwD.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\ZJqcCCz.exe
  C:\Windows\System\ZJqcCCz.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\JPDMjSZ.exe
  C:\Windows\System\JPDMjSZ.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\hZwlIRc.exe
  C:\Windows\System\hZwlIRc.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\njLagVB.exe
  C:\Windows\System\njLagVB.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\XtxxmUN.exe
  C:\Windows\System\XtxxmUN.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\jyvORaY.exe
  C:\Windows\System\jyvORaY.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\EZSqKah.exe
  C:\Windows\System\EZSqKah.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\QClkFFO.exe
  C:\Windows\System\QClkFFO.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\HfPDPLh.exe
  C:\Windows\System\HfPDPLh.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\hrhjdof.exe
  C:\Windows\System\hrhjdof.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\ZIWEzdY.exe
  C:\Windows\System\ZIWEzdY.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\lhOfbau.exe
  C:\Windows\System\lhOfbau.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\qVutWcv.exe
  C:\Windows\System\qVutWcv.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\CDwjdVy.exe
  C:\Windows\System\CDwjdVy.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\GXFAWMA.exe
  C:\Windows\System\GXFAWMA.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\lmoDOhB.exe
  C:\Windows\System\lmoDOhB.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\PMQbkMD.exe
  C:\Windows\System\PMQbkMD.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\TSjgnXO.exe
  C:\Windows\System\TSjgnXO.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\KHQfIug.exe
  C:\Windows\System\KHQfIug.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\vuQSXGK.exe
  C:\Windows\System\vuQSXGK.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\GTwTVxL.exe
  C:\Windows\System\GTwTVxL.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\qkPyvRk.exe
  C:\Windows\System\qkPyvRk.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\opsGDWt.exe
  C:\Windows\System\opsGDWt.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\zbtCbIs.exe
  C:\Windows\System\zbtCbIs.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\nAMEsor.exe
  C:\Windows\System\nAMEsor.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\WNZCwox.exe
  C:\Windows\System\WNZCwox.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\IXiWzqt.exe
  C:\Windows\System\IXiWzqt.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\wPhYMOO.exe
  C:\Windows\System\wPhYMOO.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\CwfKiGV.exe
  C:\Windows\System\CwfKiGV.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\GXpZtrB.exe
  C:\Windows\System\GXpZtrB.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\GhEFVFB.exe
  C:\Windows\System\GhEFVFB.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\CbGjIPt.exe
  C:\Windows\System\CbGjIPt.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\vUAMQwB.exe
  C:\Windows\System\vUAMQwB.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\QhuuqNu.exe
  C:\Windows\System\QhuuqNu.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\kKcBjYv.exe
  C:\Windows\System\kKcBjYv.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\SaqOoBI.exe
  C:\Windows\System\SaqOoBI.exe
  2⤵
  PID:2396
- C:\Windows\System\IJghsQN.exe
  C:\Windows\System\IJghsQN.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\iEOyCBx.exe
  C:\Windows\System\iEOyCBx.exe
  2⤵
  PID:2712
- C:\Windows\System\eRzgtjb.exe
  C:\Windows\System\eRzgtjb.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\UpwYoPu.exe
  C:\Windows\System\UpwYoPu.exe
  2⤵
  PID:2884
- C:\Windows\System\nGXtIjH.exe
  C:\Windows\System\nGXtIjH.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\AConfLC.exe
  C:\Windows\System\AConfLC.exe
  2⤵
  PID:2912
- C:\Windows\System\JcOMfZn.exe
  C:\Windows\System\JcOMfZn.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\IgMkpBq.exe
  C:\Windows\System\IgMkpBq.exe
  2⤵
  PID:1400
- C:\Windows\System\TcJhsYA.exe
  C:\Windows\System\TcJhsYA.exe
  2⤵
  PID:1736
- C:\Windows\System\aMRwflJ.exe
  C:\Windows\System\aMRwflJ.exe
  2⤵
  PID:1808
- C:\Windows\System\QVqMHaE.exe
  C:\Windows\System\QVqMHaE.exe
  2⤵
  PID:2840
- C:\Windows\System\lFcqhgj.exe
  C:\Windows\System\lFcqhgj.exe
  2⤵
  PID:1484
- C:\Windows\System\PzKGigH.exe
  C:\Windows\System\PzKGigH.exe
  2⤵
  PID:1436
- C:\Windows\System\heUbNpS.exe
  C:\Windows\System\heUbNpS.exe
  2⤵
  PID:648
- C:\Windows\System\ADyrTbd.exe
  C:\Windows\System\ADyrTbd.exe
  2⤵
  PID:3020
- C:\Windows\System\pTyQhPZ.exe
  C:\Windows\System\pTyQhPZ.exe
  2⤵
  PID:952
- C:\Windows\System\nvwHWPm.exe
  C:\Windows\System\nvwHWPm.exe
  2⤵
  PID:2276
- C:\Windows\System\qpdmNpt.exe
  C:\Windows\System\qpdmNpt.exe
  2⤵
  PID:1172
- C:\Windows\System\acNetgZ.exe
  C:\Windows\System\acNetgZ.exe
  2⤵
  PID:1312
- C:\Windows\System\PcWxWie.exe
  C:\Windows\System\PcWxWie.exe
  2⤵
  PID:2364
- C:\Windows\System\nXbUkHm.exe
  C:\Windows\System\nXbUkHm.exe
  2⤵
  PID:2492
- C:\Windows\System\HqweiqB.exe
  C:\Windows\System\HqweiqB.exe
  2⤵
  PID:1812
- C:\Windows\System\FCxRsvz.exe
  C:\Windows\System\FCxRsvz.exe
  2⤵
  PID:1320
- C:\Windows\System\ikRBohe.exe
  C:\Windows\System\ikRBohe.exe
  2⤵
  PID:1608
- C:\Windows\System\AJrUIGZ.exe
  C:\Windows\System\AJrUIGZ.exe
  2⤵
  PID:2748
- C:\Windows\System\fRcoYRj.exe
  C:\Windows\System\fRcoYRj.exe
  2⤵
  PID:2536
- C:\Windows\System\EDcAiiK.exe
  C:\Windows\System\EDcAiiK.exe
  2⤵
  PID:1992
- C:\Windows\System\RlTVtXs.exe
  C:\Windows\System\RlTVtXs.exe
  2⤵
  PID:1988
- C:\Windows\System\WwfKsXo.exe
  C:\Windows\System\WwfKsXo.exe
  2⤵
  PID:3076
- C:\Windows\System\kNhseGR.exe
  C:\Windows\System\kNhseGR.exe
  2⤵
  PID:3092
- C:\Windows\System\GYHpttK.exe
  C:\Windows\System\GYHpttK.exe
  2⤵
  PID:3108
- C:\Windows\System\MQmDhZn.exe
  C:\Windows\System\MQmDhZn.exe
  2⤵
  PID:3124
- C:\Windows\System\ehjCOBr.exe
  C:\Windows\System\ehjCOBr.exe
  2⤵
  PID:3140
- C:\Windows\System\rvuRHVq.exe
  C:\Windows\System\rvuRHVq.exe
  2⤵
  PID:3156
- C:\Windows\System\bizHeJu.exe
  C:\Windows\System\bizHeJu.exe
  2⤵
  PID:3172
- C:\Windows\System\GGjrkbd.exe
  C:\Windows\System\GGjrkbd.exe
  2⤵
  PID:3188
- C:\Windows\System\XyhJgWn.exe
  C:\Windows\System\XyhJgWn.exe
  2⤵
  PID:3204
- C:\Windows\System\EXRWgcq.exe
  C:\Windows\System\EXRWgcq.exe
  2⤵
  PID:3220
- C:\Windows\System\kGyLADY.exe
  C:\Windows\System\kGyLADY.exe
  2⤵
  PID:3236
- C:\Windows\System\CsXfwuj.exe
  C:\Windows\System\CsXfwuj.exe
  2⤵
  PID:3252
- C:\Windows\System\aIMTzFc.exe
  C:\Windows\System\aIMTzFc.exe
  2⤵
  PID:3268
- C:\Windows\System\LlVXNYG.exe
  C:\Windows\System\LlVXNYG.exe
  2⤵
  PID:3284
- C:\Windows\System\xuhUasx.exe
  C:\Windows\System\xuhUasx.exe
  2⤵
  PID:3300
- C:\Windows\System\Amjhelp.exe
  C:\Windows\System\Amjhelp.exe
  2⤵
  PID:3316
- C:\Windows\System\UlgEpXV.exe
  C:\Windows\System\UlgEpXV.exe
  2⤵
  PID:3332
- C:\Windows\System\CWAEypX.exe
  C:\Windows\System\CWAEypX.exe
  2⤵
  PID:3348
- C:\Windows\System\hbPFRzx.exe
  C:\Windows\System\hbPFRzx.exe
  2⤵
  PID:3364
- C:\Windows\System\IDqFaXU.exe
  C:\Windows\System\IDqFaXU.exe
  2⤵
  PID:3420
- C:\Windows\System\vlquiXl.exe
  C:\Windows\System\vlquiXl.exe
  2⤵
  PID:3452
- C:\Windows\System\KNGfWoo.exe
  C:\Windows\System\KNGfWoo.exe
  2⤵
  PID:3468
- C:\Windows\System\CqbtUmq.exe
  C:\Windows\System\CqbtUmq.exe
  2⤵
  PID:3564
- C:\Windows\System\IBtdXIu.exe
  C:\Windows\System\IBtdXIu.exe
  2⤵
  PID:3596
- C:\Windows\System\BqbCpiE.exe
  C:\Windows\System\BqbCpiE.exe
  2⤵
  PID:3620
- C:\Windows\System\yCnLFBR.exe
  C:\Windows\System\yCnLFBR.exe
  2⤵
  PID:3640
- C:\Windows\System\npqdgIW.exe
  C:\Windows\System\npqdgIW.exe
  2⤵
  PID:3656
- C:\Windows\System\GYBHUoE.exe
  C:\Windows\System\GYBHUoE.exe
  2⤵
  PID:3672
- C:\Windows\System\eBrHNFm.exe
  C:\Windows\System\eBrHNFm.exe
  2⤵
  PID:3696
- C:\Windows\System\LBtKMmu.exe
  C:\Windows\System\LBtKMmu.exe
  2⤵
  PID:3712
- C:\Windows\System\jGPRZwN.exe
  C:\Windows\System\jGPRZwN.exe
  2⤵
  PID:3728
- C:\Windows\System\OLEdena.exe
  C:\Windows\System\OLEdena.exe
  2⤵
  PID:3744
- C:\Windows\System\QZhWqbT.exe
  C:\Windows\System\QZhWqbT.exe
  2⤵
  PID:3764
- C:\Windows\System\ekQyiXv.exe
  C:\Windows\System\ekQyiXv.exe
  2⤵
  PID:3784
- C:\Windows\System\ABjYkYF.exe
  C:\Windows\System\ABjYkYF.exe
  2⤵
  PID:3808
- C:\Windows\System\QVPZQZt.exe
  C:\Windows\System\QVPZQZt.exe
  2⤵
  PID:3828
- C:\Windows\System\haJFwmM.exe
  C:\Windows\System\haJFwmM.exe
  2⤵
  PID:3844
- C:\Windows\System\iTPmKCt.exe
  C:\Windows\System\iTPmKCt.exe
  2⤵
  PID:3872
- C:\Windows\System\oXtFRZy.exe
  C:\Windows\System\oXtFRZy.exe
  2⤵
  PID:3892
- C:\Windows\System\GwXERhK.exe
  C:\Windows\System\GwXERhK.exe
  2⤵
  PID:3916
- C:\Windows\System\VUfJDKt.exe
  C:\Windows\System\VUfJDKt.exe
  2⤵
  PID:3936
- C:\Windows\System\luirVHw.exe
  C:\Windows\System\luirVHw.exe
  2⤵
  PID:3956
- C:\Windows\System\opzPOuJ.exe
  C:\Windows\System\opzPOuJ.exe
  2⤵
  PID:3980
- C:\Windows\System\FoJMaEE.exe
  C:\Windows\System\FoJMaEE.exe
  2⤵
  PID:3996
- C:\Windows\System\YdAITcW.exe
  C:\Windows\System\YdAITcW.exe
  2⤵
  PID:4012
- C:\Windows\System\uftTepR.exe
  C:\Windows\System\uftTepR.exe
  2⤵
  PID:4028
- C:\Windows\System\NXcOVCI.exe
  C:\Windows\System\NXcOVCI.exe
  2⤵
  PID:4044
- C:\Windows\System\DaGnMVj.exe
  C:\Windows\System\DaGnMVj.exe
  2⤵
  PID:4064
- C:\Windows\System\semngma.exe
  C:\Windows\System\semngma.exe
  2⤵
  PID:4080
- C:\Windows\System\gTCewCZ.exe
  C:\Windows\System\gTCewCZ.exe
  2⤵
  PID:2164
- C:\Windows\System\CnNEINH.exe
  C:\Windows\System\CnNEINH.exe
  2⤵
  PID:2020
- C:\Windows\System\HIxVnZS.exe
  C:\Windows\System\HIxVnZS.exe
  2⤵
  PID:1596
- C:\Windows\System\LVJZXeL.exe
  C:\Windows\System\LVJZXeL.exe
  2⤵
  PID:2956
- C:\Windows\System\TUWEtTD.exe
  C:\Windows\System\TUWEtTD.exe
  2⤵
  PID:2428
- C:\Windows\System\AmsALKr.exe
  C:\Windows\System\AmsALKr.exe
  2⤵
  PID:1384
- C:\Windows\System\FyHpMKz.exe
  C:\Windows\System\FyHpMKz.exe
  2⤵
  PID:1704
- C:\Windows\System\fMXwDVS.exe
  C:\Windows\System\fMXwDVS.exe
  2⤵
  PID:996
- C:\Windows\System\HuYVyAg.exe
  C:\Windows\System\HuYVyAg.exe
  2⤵
  PID:2280
- C:\Windows\System\qzxmTBn.exe
  C:\Windows\System\qzxmTBn.exe
  2⤵
  PID:884
- C:\Windows\System\omREJmJ.exe
  C:\Windows\System\omREJmJ.exe
  2⤵
  PID:1300
- C:\Windows\System\sxYOJFw.exe
  C:\Windows\System\sxYOJFw.exe
  2⤵
  PID:3004
- C:\Windows\System\PvzTyho.exe
  C:\Windows\System\PvzTyho.exe
  2⤵
  PID:2940
- C:\Windows\System\zEVJgBZ.exe
  C:\Windows\System\zEVJgBZ.exe
  2⤵
  PID:2024
- C:\Windows\System\DZMmDcS.exe
  C:\Windows\System\DZMmDcS.exe
  2⤵
  PID:1500
- C:\Windows\System\pWxIeJG.exe
  C:\Windows\System\pWxIeJG.exe
  2⤵
  PID:3088
- C:\Windows\System\OGXEfbE.exe
  C:\Windows\System\OGXEfbE.exe
  2⤵
  PID:3152
- C:\Windows\System\ETEWNOw.exe
  C:\Windows\System\ETEWNOw.exe
  2⤵
  PID:3248
- C:\Windows\System\XDFgLNS.exe
  C:\Windows\System\XDFgLNS.exe
  2⤵
  PID:3372
- C:\Windows\System\inqhywS.exe
  C:\Windows\System\inqhywS.exe
  2⤵
  PID:3576
- C:\Windows\System\rAkGhmo.exe
  C:\Windows\System\rAkGhmo.exe
  2⤵
  PID:3432
- C:\Windows\System\dphESRO.exe
  C:\Windows\System\dphESRO.exe
  2⤵
  PID:3476
- C:\Windows\System\JkQEWYj.exe
  C:\Windows\System\JkQEWYj.exe
  2⤵
  PID:3328
- C:\Windows\System\jQofKdE.exe
  C:\Windows\System\jQofKdE.exe
  2⤵
  PID:3264
- C:\Windows\System\vqZMpVM.exe
  C:\Windows\System\vqZMpVM.exe
  2⤵
  PID:3200
- C:\Windows\System\nZkyluk.exe
  C:\Windows\System\nZkyluk.exe
  2⤵
  PID:3136
- C:\Windows\System\PtgbyzV.exe
  C:\Windows\System\PtgbyzV.exe
  2⤵
  PID:1104
- C:\Windows\System\gktrcss.exe
  C:\Windows\System\gktrcss.exe
  2⤵
  PID:1688
- C:\Windows\System\xMgRQaO.exe
  C:\Windows\System\xMgRQaO.exe
  2⤵
  PID:3628
- C:\Windows\System\UkIUuML.exe
  C:\Windows\System\UkIUuML.exe
  2⤵
  PID:3504
- C:\Windows\System\grAYgQh.exe
  C:\Windows\System\grAYgQh.exe
  2⤵
  PID:3520
- C:\Windows\System\ZBoxfXR.exe
  C:\Windows\System\ZBoxfXR.exe
  2⤵
  PID:3536
- C:\Windows\System\REZHmkT.exe
  C:\Windows\System\REZHmkT.exe
  2⤵
  PID:3552
- C:\Windows\System\ZDtUmXO.exe
  C:\Windows\System\ZDtUmXO.exe
  2⤵
  PID:3664
- C:\Windows\System\vWXwjQI.exe
  C:\Windows\System\vWXwjQI.exe
  2⤵
  PID:3736
- C:\Windows\System\VPqXqEW.exe
  C:\Windows\System\VPqXqEW.exe
  2⤵
  PID:3780
- C:\Windows\System\USodvqI.exe
  C:\Windows\System\USodvqI.exe
  2⤵
  PID:3652
- C:\Windows\System\XlRTWCK.exe
  C:\Windows\System\XlRTWCK.exe
  2⤵
  PID:3824
- C:\Windows\System\flrxLwF.exe
  C:\Windows\System\flrxLwF.exe
  2⤵
  PID:3864
- C:\Windows\System\buBgfls.exe
  C:\Windows\System\buBgfls.exe
  2⤵
  PID:3912
- C:\Windows\System\IKFTwDz.exe
  C:\Windows\System\IKFTwDz.exe
  2⤵
  PID:3976
- C:\Windows\System\UNLukpM.exe
  C:\Windows\System\UNLukpM.exe
  2⤵
  PID:3880
- C:\Windows\System\AaBNxjY.exe
  C:\Windows\System\AaBNxjY.exe
  2⤵
  PID:1052
- C:\Windows\System\PnJOrgX.exe
  C:\Windows\System\PnJOrgX.exe
  2⤵
  PID:3760
- C:\Windows\System\aLekSbX.exe
  C:\Windows\System\aLekSbX.exe
  2⤵
  PID:3800
- C:\Windows\System\fLGBCbe.exe
  C:\Windows\System\fLGBCbe.exe
  2⤵
  PID:3756
- C:\Windows\System\aHrwQZz.exe
  C:\Windows\System\aHrwQZz.exe
  2⤵
  PID:1232
- C:\Windows\System\TISoBfm.exe
  C:\Windows\System\TISoBfm.exe
  2⤵
  PID:560
- C:\Windows\System\sqHyYqz.exe
  C:\Windows\System\sqHyYqz.exe
  2⤵
  PID:3924
- C:\Windows\System\AQLMPjk.exe
  C:\Windows\System\AQLMPjk.exe
  2⤵
  PID:3968
- C:\Windows\System\lksIkKH.exe
  C:\Windows\System\lksIkKH.exe
  2⤵
  PID:3280
- C:\Windows\System\McsqzSG.exe
  C:\Windows\System\McsqzSG.exe
  2⤵
  PID:1652
- C:\Windows\System\bmOYBOR.exe
  C:\Windows\System\bmOYBOR.exe
  2⤵
  PID:1672
- C:\Windows\System\aYnWWzv.exe
  C:\Windows\System\aYnWWzv.exe
  2⤵
  PID:2456
- C:\Windows\System\uIJeUkT.exe
  C:\Windows\System\uIJeUkT.exe
  2⤵
  PID:1960
- C:\Windows\System\TFoIQCd.exe
  C:\Windows\System\TFoIQCd.exe
  2⤵
  PID:4036
- C:\Windows\System\xAAUcVF.exe
  C:\Windows\System\xAAUcVF.exe
  2⤵
  PID:3356
- C:\Windows\System\InaMchX.exe
  C:\Windows\System\InaMchX.exe
  2⤵
  PID:288
- C:\Windows\System\VmSfRPD.exe
  C:\Windows\System\VmSfRPD.exe
  2⤵
  PID:3104
- C:\Windows\System\fXyAyrF.exe
  C:\Windows\System\fXyAyrF.exe
  2⤵
  PID:3212
- C:\Windows\System\nmPoxAV.exe
  C:\Windows\System\nmPoxAV.exe
  2⤵
  PID:3444
- C:\Windows\System\eExHYWi.exe
  C:\Windows\System\eExHYWi.exe
  2⤵
  PID:3708
- C:\Windows\System\qPDZWNU.exe
  C:\Windows\System\qPDZWNU.exe
  2⤵
  PID:3852
- C:\Windows\System\IbvbWUT.exe
  C:\Windows\System\IbvbWUT.exe
  2⤵
  PID:3396
- C:\Windows\System\WqbRRnK.exe
  C:\Windows\System\WqbRRnK.exe
  2⤵
  PID:3416
- C:\Windows\System\xoeGwNk.exe
  C:\Windows\System\xoeGwNk.exe
  2⤵
  PID:3908
- C:\Windows\System\wbAWmed.exe
  C:\Windows\System\wbAWmed.exe
  2⤵
  PID:4060
- C:\Windows\System\gwFZzgJ.exe
  C:\Windows\System\gwFZzgJ.exe
  2⤵
  PID:1832
- C:\Windows\System\RHQfwgV.exe
  C:\Windows\System\RHQfwgV.exe
  2⤵
  PID:3292
- C:\Windows\System\oyuthon.exe
  C:\Windows\System\oyuthon.exe
  2⤵
  PID:3900
- C:\Windows\System\kzGOZFn.exe
  C:\Windows\System\kzGOZFn.exe
  2⤵
  PID:3836
- C:\Windows\System\qEkIAsF.exe
  C:\Windows\System\qEkIAsF.exe
  2⤵
  PID:2376
- C:\Windows\System\bhcnLnV.exe
  C:\Windows\System\bhcnLnV.exe
  2⤵
  PID:1492
- C:\Windows\System\fVsLBIX.exe
  C:\Windows\System\fVsLBIX.exe
  2⤵
  PID:3632
- C:\Windows\System\JSVeSnq.exe
  C:\Windows\System\JSVeSnq.exe
  2⤵
  PID:3752
- C:\Windows\System\qRIWVqn.exe
  C:\Windows\System\qRIWVqn.exe
  2⤵
  PID:2068
- C:\Windows\System\YNTwHzJ.exe
  C:\Windows\System\YNTwHzJ.exe
  2⤵
  PID:4008
- C:\Windows\System\pXWHLgl.exe
  C:\Windows\System\pXWHLgl.exe
  2⤵
  PID:3228
- C:\Windows\System\XBKEsrv.exe
  C:\Windows\System\XBKEsrv.exe
  2⤵
  PID:3412
- C:\Windows\System\QTKFevb.exe
  C:\Windows\System\QTKFevb.exe
  2⤵
  PID:4052
- C:\Windows\System\LFCgNUo.exe
  C:\Windows\System\LFCgNUo.exe
  2⤵
  PID:3168
- C:\Windows\System\XfIVQLv.exe
  C:\Windows\System\XfIVQLv.exe
  2⤵
  PID:3148
- C:\Windows\System\GwQhiuo.exe
  C:\Windows\System\GwQhiuo.exe
  2⤵
  PID:3312
- C:\Windows\System\vdQVwFd.exe
  C:\Windows\System\vdQVwFd.exe
  2⤵
  PID:3820
- C:\Windows\System\htYFeBF.exe
  C:\Windows\System\htYFeBF.exe
  2⤵
  PID:920
- C:\Windows\System\mrapEmI.exe
  C:\Windows\System\mrapEmI.exe
  2⤵
  PID:3720
- C:\Windows\System\Fueabja.exe
  C:\Windows\System\Fueabja.exe
  2⤵
  PID:1092
- C:\Windows\System\XQnFVlQ.exe
  C:\Windows\System\XQnFVlQ.exe
  2⤵
  PID:2576
- C:\Windows\System\dnlvmzj.exe
  C:\Windows\System\dnlvmzj.exe
  2⤵
  PID:3592
- C:\Windows\System\QZoHllk.exe
  C:\Windows\System\QZoHllk.exe
  2⤵
  PID:3380
- C:\Windows\System\mhxexcW.exe
  C:\Windows\System\mhxexcW.exe
  2⤵
  PID:3516
- C:\Windows\System\vgQQArh.exe
  C:\Windows\System\vgQQArh.exe
  2⤵
  PID:2816
- C:\Windows\System\VoVsWKC.exe
  C:\Windows\System\VoVsWKC.exe
  2⤵
  PID:1716
- C:\Windows\System\OULncpt.exe
  C:\Windows\System\OULncpt.exe
  2⤵
  PID:1804
- C:\Windows\System\KpLROSi.exe
  C:\Windows\System\KpLROSi.exe
  2⤵
  PID:2724
- C:\Windows\System\FPxNGDP.exe
  C:\Windows\System\FPxNGDP.exe
  2⤵
  PID:3704
- C:\Windows\System\LZHZzrN.exe
  C:\Windows\System\LZHZzrN.exe
  2⤵
  PID:1860
- C:\Windows\System\uZJpaRE.exe
  C:\Windows\System\uZJpaRE.exe
  2⤵
  PID:1796
- C:\Windows\System\mpQOESz.exe
  C:\Windows\System\mpQOESz.exe
  2⤵
  PID:3052
- C:\Windows\System\NWJSKjs.exe
  C:\Windows\System\NWJSKjs.exe
  2⤵
  PID:3000
- C:\Windows\System\DLfZsyk.exe
  C:\Windows\System\DLfZsyk.exe
  2⤵
  PID:3232
- C:\Windows\System\Dacolug.exe
  C:\Windows\System\Dacolug.exe
  2⤵
  PID:1444
- C:\Windows\System\ShnjuSH.exe
  C:\Windows\System\ShnjuSH.exe
  2⤵
  PID:2384
- C:\Windows\System\QJoJqAW.exe
  C:\Windows\System\QJoJqAW.exe
  2⤵
  PID:2468
- C:\Windows\System\RkzIAKH.exe
  C:\Windows\System\RkzIAKH.exe
  2⤵
  PID:2672
- C:\Windows\System\KtHBQMf.exe
  C:\Windows\System\KtHBQMf.exe
  2⤵
  PID:4112
- C:\Windows\System\UctXkWK.exe
  C:\Windows\System\UctXkWK.exe
  2⤵
  PID:4128
- C:\Windows\System\JyFfxos.exe
  C:\Windows\System\JyFfxos.exe
  2⤵
  PID:4148
- C:\Windows\System\OemMHPg.exe
  C:\Windows\System\OemMHPg.exe
  2⤵
  PID:4164
- C:\Windows\System\DNlsQLS.exe
  C:\Windows\System\DNlsQLS.exe
  2⤵
  PID:4184
- C:\Windows\System\cEdikGN.exe
  C:\Windows\System\cEdikGN.exe
  2⤵
  PID:4208
- C:\Windows\System\WyshNok.exe
  C:\Windows\System\WyshNok.exe
  2⤵
  PID:4228
- C:\Windows\System\ATBGOGV.exe
  C:\Windows\System\ATBGOGV.exe
  2⤵
  PID:4244
- C:\Windows\System\mpelStu.exe
  C:\Windows\System\mpelStu.exe
  2⤵
  PID:4260
- C:\Windows\System\CVCuqPQ.exe
  C:\Windows\System\CVCuqPQ.exe
  2⤵
  PID:4276
- C:\Windows\System\AWgpZlV.exe
  C:\Windows\System\AWgpZlV.exe
  2⤵
  PID:4300
- C:\Windows\System\ZSnDctV.exe
  C:\Windows\System\ZSnDctV.exe
  2⤵
  PID:4316
- C:\Windows\System\LPwyQmW.exe
  C:\Windows\System\LPwyQmW.exe
  2⤵
  PID:4332
- C:\Windows\System\XgRVHLc.exe
  C:\Windows\System\XgRVHLc.exe
  2⤵
  PID:4348
- C:\Windows\System\LBEwRHM.exe
  C:\Windows\System\LBEwRHM.exe
  2⤵
  PID:4372
- C:\Windows\System\RZaQQnv.exe
  C:\Windows\System\RZaQQnv.exe
  2⤵
  PID:4388
- C:\Windows\System\xhLayXl.exe
  C:\Windows\System\xhLayXl.exe
  2⤵
  PID:4408
- C:\Windows\System\oAHGkex.exe
  C:\Windows\System\oAHGkex.exe
  2⤵
  PID:4424
- C:\Windows\System\qKeKfQk.exe
  C:\Windows\System\qKeKfQk.exe
  2⤵
  PID:4440
- C:\Windows\System\BGjivNl.exe
  C:\Windows\System\BGjivNl.exe
  2⤵
  PID:4460
- C:\Windows\System\NXmEwwG.exe
  C:\Windows\System\NXmEwwG.exe
  2⤵
  PID:4504
- C:\Windows\System\SBdlDEk.exe
  C:\Windows\System\SBdlDEk.exe
  2⤵
  PID:4520
- C:\Windows\System\vqbrySO.exe
  C:\Windows\System\vqbrySO.exe
  2⤵
  PID:4540
- C:\Windows\System\zpgrmlp.exe
  C:\Windows\System\zpgrmlp.exe
  2⤵
  PID:4556
- C:\Windows\System\pBFSbNp.exe
  C:\Windows\System\pBFSbNp.exe
  2⤵
  PID:4572
- C:\Windows\System\hBraqpa.exe
  C:\Windows\System\hBraqpa.exe
  2⤵
  PID:4692
- C:\Windows\System\GvSfqoX.exe
  C:\Windows\System\GvSfqoX.exe
  2⤵
  PID:4708
- C:\Windows\System\tjRUXTL.exe
  C:\Windows\System\tjRUXTL.exe
  2⤵
  PID:4724
- C:\Windows\System\oFtnRzC.exe
  C:\Windows\System\oFtnRzC.exe
  2⤵
  PID:4740
- C:\Windows\System\AefMSSw.exe
  C:\Windows\System\AefMSSw.exe
  2⤵
  PID:4776
- C:\Windows\System\BaxDicW.exe
  C:\Windows\System\BaxDicW.exe
  2⤵
  PID:4792
- C:\Windows\System\yjktaCE.exe
  C:\Windows\System\yjktaCE.exe
  2⤵
  PID:4812
- C:\Windows\System\prUPOfb.exe
  C:\Windows\System\prUPOfb.exe
  2⤵
  PID:4828
- C:\Windows\System\xIdMFxF.exe
  C:\Windows\System\xIdMFxF.exe
  2⤵
  PID:4844
- C:\Windows\System\BtNEYiC.exe
  C:\Windows\System\BtNEYiC.exe
  2⤵
  PID:4860
- C:\Windows\System\bdGbEtj.exe
  C:\Windows\System\bdGbEtj.exe
  2⤵
  PID:4880
- C:\Windows\System\qtwkLZI.exe
  C:\Windows\System\qtwkLZI.exe
  2⤵
  PID:4896
- C:\Windows\System\rTDxQiU.exe
  C:\Windows\System\rTDxQiU.exe
  2⤵
  PID:4932
- C:\Windows\System\uGDiPiu.exe
  C:\Windows\System\uGDiPiu.exe
  2⤵
  PID:4952
- C:\Windows\System\vvEXIyr.exe
  C:\Windows\System\vvEXIyr.exe
  2⤵
  PID:4972
- C:\Windows\System\AESlWeB.exe
  C:\Windows\System\AESlWeB.exe
  2⤵
  PID:4988
- C:\Windows\System\IZERbEU.exe
  C:\Windows\System\IZERbEU.exe
  2⤵
  PID:5004
- C:\Windows\System\ZbETStX.exe
  C:\Windows\System\ZbETStX.exe
  2⤵
  PID:5020
- C:\Windows\System\oLOdCLz.exe
  C:\Windows\System\oLOdCLz.exe
  2⤵
  PID:5036
- C:\Windows\System\fwAtbrh.exe
  C:\Windows\System\fwAtbrh.exe
  2⤵
  PID:5052
- C:\Windows\System\jIzfDVF.exe
  C:\Windows\System\jIzfDVF.exe
  2⤵
  PID:5068
- C:\Windows\System\tjxSpCl.exe
  C:\Windows\System\tjxSpCl.exe
  2⤵
  PID:5084
- C:\Windows\System\JHZwdBB.exe
  C:\Windows\System\JHZwdBB.exe
  2⤵
  PID:5100
- C:\Windows\System\FGaOzeN.exe
  C:\Windows\System\FGaOzeN.exe
  2⤵
  PID:5116
- C:\Windows\System\FzepJWt.exe
  C:\Windows\System\FzepJWt.exe
  2⤵
  PID:2828
- C:\Windows\System\sppnPXu.exe
  C:\Windows\System\sppnPXu.exe
  2⤵
  PID:3804
- C:\Windows\System\mFgdHZe.exe
  C:\Windows\System\mFgdHZe.exe
  2⤵
  PID:4136
- C:\Windows\System\vmLCOyA.exe
  C:\Windows\System\vmLCOyA.exe
  2⤵
  PID:604
- C:\Windows\System\tbcUDCO.exe
  C:\Windows\System\tbcUDCO.exe
  2⤵
  PID:3616
- C:\Windows\System\kUdpCAD.exe
  C:\Windows\System\kUdpCAD.exe
  2⤵
  PID:2720
- C:\Windows\System\MRMntfa.exe
  C:\Windows\System\MRMntfa.exe
  2⤵
  PID:3560
- C:\Windows\System\takYpRV.exe
  C:\Windows\System\takYpRV.exe
  2⤵
  PID:3492
- C:\Windows\System\MmqYDdb.exe
  C:\Windows\System\MmqYDdb.exe
  2⤵
  PID:2728
- C:\Windows\System\KaZCAJJ.exe
  C:\Windows\System\KaZCAJJ.exe
  2⤵
  PID:2544
- C:\Windows\System\TWxjgdQ.exe
  C:\Windows\System\TWxjgdQ.exe
  2⤵
  PID:3384
- C:\Windows\System\SDTlNkj.exe
  C:\Windows\System\SDTlNkj.exe
  2⤵
  PID:3548
- C:\Windows\System\TWdGMKa.exe
  C:\Windows\System\TWdGMKa.exe
  2⤵
  PID:4192
- C:\Windows\System\srTSjod.exe
  C:\Windows\System\srTSjod.exe
  2⤵
  PID:4240
- C:\Windows\System\mNJoRdZ.exe
  C:\Windows\System\mNJoRdZ.exe
  2⤵
  PID:4312
- C:\Windows\System\hBVNyql.exe
  C:\Windows\System\hBVNyql.exe
  2⤵
  PID:4500
- C:\Windows\System\nsZRruv.exe
  C:\Windows\System\nsZRruv.exe
  2⤵
  PID:4324
- C:\Windows\System\ldbFCIF.exe
  C:\Windows\System\ldbFCIF.exe
  2⤵
  PID:4360
- C:\Windows\System\rmnlHtJ.exe
  C:\Windows\System\rmnlHtJ.exe
  2⤵
  PID:4404
- C:\Windows\System\GLNzHQU.exe
  C:\Windows\System\GLNzHQU.exe
  2⤵
  PID:4528
- C:\Windows\System\TqJRkWa.exe
  C:\Windows\System\TqJRkWa.exe
  2⤵
  PID:4484
- C:\Windows\System\rHFBTFM.exe
  C:\Windows\System\rHFBTFM.exe
  2⤵
  PID:4532
- C:\Windows\System\MuPxlig.exe
  C:\Windows\System\MuPxlig.exe
  2⤵
  PID:4564
- C:\Windows\System\lSTlUxZ.exe
  C:\Windows\System\lSTlUxZ.exe
  2⤵
  PID:4548
- C:\Windows\System\iMbYlBL.exe
  C:\Windows\System\iMbYlBL.exe
  2⤵
  PID:2132
- C:\Windows\System\kxLuDrg.exe
  C:\Windows\System\kxLuDrg.exe
  2⤵
  PID:4604
- C:\Windows\System\FOqwBnJ.exe
  C:\Windows\System\FOqwBnJ.exe
  2⤵
  PID:4616
- C:\Windows\System\PhOWwpQ.exe
  C:\Windows\System\PhOWwpQ.exe
  2⤵
  PID:4628
- C:\Windows\System\NNueVoF.exe
  C:\Windows\System\NNueVoF.exe
  2⤵
  PID:4644
- C:\Windows\System\bfRfsoI.exe
  C:\Windows\System\bfRfsoI.exe
  2⤵
  PID:4676
- C:\Windows\System\bwsolpI.exe
  C:\Windows\System\bwsolpI.exe
  2⤵
  PID:2932
- C:\Windows\System\wgOheDv.exe
  C:\Windows\System\wgOheDv.exe
  2⤵
  PID:4704
- C:\Windows\System\ODYJdel.exe
  C:\Windows\System\ODYJdel.exe
  2⤵
  PID:2272
- C:\Windows\System\nBIWfMr.exe
  C:\Windows\System\nBIWfMr.exe
  2⤵
  PID:2172
- C:\Windows\System\UHBOoBF.exe
  C:\Windows\System\UHBOoBF.exe
  2⤵
  PID:4772
- C:\Windows\System\MpIxuZZ.exe
  C:\Windows\System\MpIxuZZ.exe
  2⤵
  PID:4784
- C:\Windows\System\DkBCkNJ.exe
  C:\Windows\System\DkBCkNJ.exe
  2⤵
  PID:4824
- C:\Windows\System\qJUrGGb.exe
  C:\Windows\System\qJUrGGb.exe
  2⤵
  PID:4888
- C:\Windows\System\QOaFJTv.exe
  C:\Windows\System\QOaFJTv.exe
  2⤵
  PID:4804
- C:\Windows\System\CbKEGnL.exe
  C:\Windows\System\CbKEGnL.exe
  2⤵
  PID:4868
- C:\Windows\System\AVDNzwp.exe
  C:\Windows\System\AVDNzwp.exe
  2⤵
  PID:4904
- C:\Windows\System\dDRGIUM.exe
  C:\Windows\System\dDRGIUM.exe
  2⤵
  PID:4920
- C:\Windows\System\GEYiklB.exe
  C:\Windows\System\GEYiklB.exe
  2⤵
  PID:4940
- C:\Windows\System\KbgQtbz.exe
  C:\Windows\System\KbgQtbz.exe
  2⤵
  PID:4960
- C:\Windows\System\NpuNhOd.exe
  C:\Windows\System\NpuNhOd.exe
  2⤵
  PID:2644
- C:\Windows\System\ineOtkN.exe
  C:\Windows\System\ineOtkN.exe
  2⤵
  PID:5044
- C:\Windows\System\sfEPVBS.exe
  C:\Windows\System\sfEPVBS.exe
  2⤵
  PID:5108
- C:\Windows\System\larwGss.exe
  C:\Windows\System\larwGss.exe
  2⤵
  PID:4024
- C:\Windows\System\wChBVnb.exe
  C:\Windows\System\wChBVnb.exe
  2⤵
  PID:5032
- C:\Windows\System\FnAHCBl.exe
  C:\Windows\System\FnAHCBl.exe
  2⤵
  PID:5096
- C:\Windows\System\GlefnYc.exe
  C:\Windows\System\GlefnYc.exe
  2⤵
  PID:1824
- C:\Windows\System\umdABOl.exe
  C:\Windows\System\umdABOl.exe
  2⤵
  PID:4100
- C:\Windows\System\ZRKyTTm.exe
  C:\Windows\System\ZRKyTTm.exe
  2⤵
  PID:3688
- C:\Windows\System\koBTxpz.exe
  C:\Windows\System\koBTxpz.exe
  2⤵
  PID:3404
- C:\Windows\System\XYLOnxw.exe
  C:\Windows\System\XYLOnxw.exe
  2⤵
  PID:3360
- C:\Windows\System\hhNLXnI.exe
  C:\Windows\System\hhNLXnI.exe
  2⤵
  PID:564
- C:\Windows\System\VYEgMmp.exe
  C:\Windows\System\VYEgMmp.exe
  2⤵
  PID:4236
- C:\Windows\System\VuOCPEe.exe
  C:\Windows\System\VuOCPEe.exe
  2⤵
  PID:4256
- C:\Windows\System\Mavadky.exe
  C:\Windows\System\Mavadky.exe
  2⤵
  PID:1936
- C:\Windows\System\KDCFvJf.exe
  C:\Windows\System\KDCFvJf.exe
  2⤵
  PID:4156
- C:\Windows\System\BXmkjBr.exe
  C:\Windows\System\BXmkjBr.exe
  2⤵
  PID:2616
- C:\Windows\System\iZMybPg.exe
  C:\Windows\System\iZMybPg.exe
  2⤵
  PID:4448
- C:\Windows\System\ZaSyBst.exe
  C:\Windows\System\ZaSyBst.exe
  2⤵
  PID:4220
- C:\Windows\System\ETnvtKV.exe
  C:\Windows\System\ETnvtKV.exe
  2⤵
  PID:4292
- C:\Windows\System\LQUzbAu.exe
  C:\Windows\System\LQUzbAu.exe
  2⤵
  PID:4296
- C:\Windows\System\piYExXH.exe
  C:\Windows\System\piYExXH.exe
  2⤵
  PID:4480
- C:\Windows\System\sCtkwef.exe
  C:\Windows\System\sCtkwef.exe
  2⤵
  PID:4356
- C:\Windows\System\TMqFmoF.exe
  C:\Windows\System\TMqFmoF.exe
  2⤵
  PID:4492
- C:\Windows\System\xGAAbwf.exe
  C:\Windows\System\xGAAbwf.exe
  2⤵
  PID:4584
- C:\Windows\System\msGUryC.exe
  C:\Windows\System\msGUryC.exe
  2⤵
  PID:4620
- C:\Windows\System\APChwUE.exe
  C:\Windows\System\APChwUE.exe
  2⤵
  PID:4624
- C:\Windows\System\xpwhfZf.exe
  C:\Windows\System\xpwhfZf.exe
  2⤵
  PID:4656
- C:\Windows\System\phzOPAh.exe
  C:\Windows\System\phzOPAh.exe
  2⤵
  PID:4672
- C:\Windows\System\fKnciND.exe
  C:\Windows\System\fKnciND.exe
  2⤵
  PID:2804
- C:\Windows\System\YlFGviQ.exe
  C:\Windows\System\YlFGviQ.exe
  2⤵
  PID:4732
- C:\Windows\System\ENtOWmd.exe
  C:\Windows\System\ENtOWmd.exe
  2⤵
  PID:4760
- C:\Windows\System\knibBZV.exe
  C:\Windows\System\knibBZV.exe
  2⤵
  PID:4856
- C:\Windows\System\HHuDJoL.exe
  C:\Windows\System\HHuDJoL.exe
  2⤵
  PID:4840
- C:\Windows\System\WMMTHCK.exe
  C:\Windows\System\WMMTHCK.exe
  2⤵
  PID:2004
- C:\Windows\System\dWwPYOf.exe
  C:\Windows\System\dWwPYOf.exe
  2⤵
  PID:4800
- C:\Windows\System\SzyWkHJ.exe
  C:\Windows\System\SzyWkHJ.exe
  2⤵
  PID:4968
- C:\Windows\System\aUcZlCW.exe
  C:\Windows\System\aUcZlCW.exe
  2⤵
  PID:4980
- C:\Windows\System\xCTgumz.exe
  C:\Windows\System\xCTgumz.exe
  2⤵
  PID:4020
- C:\Windows\System\geNdftH.exe
  C:\Windows\System\geNdftH.exe
  2⤵
  PID:1788
- C:\Windows\System\XAjdKYE.exe
  C:\Windows\System\XAjdKYE.exe
  2⤵
  PID:4144
- C:\Windows\System\cuXCdnq.exe
  C:\Windows\System\cuXCdnq.exe
  2⤵
  PID:2972
- C:\Windows\System\TIyTaDu.exe
  C:\Windows\System\TIyTaDu.exe
  2⤵
  PID:3584
- C:\Windows\System\xviZooj.exe
  C:\Windows\System\xviZooj.exe
  2⤵
  PID:5076
- C:\Windows\System\cvBeFHs.exe
  C:\Windows\System\cvBeFHs.exe
  2⤵
  PID:2936
- C:\Windows\System\uwEgXXz.exe
  C:\Windows\System\uwEgXXz.exe
  2⤵
  PID:4104
- C:\Windows\System\ZbfPODx.exe
  C:\Windows\System\ZbfPODx.exe
  2⤵
  PID:4120
- C:\Windows\System\uuwyEZn.exe
  C:\Windows\System\uuwyEZn.exe
  2⤵
  PID:4196
- C:\Windows\System\Yrqptct.exe
  C:\Windows\System\Yrqptct.exe
  2⤵
  PID:4476
- C:\Windows\System\iIeFEVG.exe
  C:\Windows\System\iIeFEVG.exe
  2⤵
  PID:2676
- C:\Windows\System\hqarssz.exe
  C:\Windows\System\hqarssz.exe
  2⤵
  PID:4272
- C:\Windows\System\bHgnZyu.exe
  C:\Windows\System\bHgnZyu.exe
  2⤵
  PID:2700
- C:\Windows\System\ICGjDXj.exe
  C:\Windows\System\ICGjDXj.exe
  2⤵
  PID:1344
- C:\Windows\System\pxAjffi.exe
  C:\Windows\System\pxAjffi.exe
  2⤵
  PID:1428
- C:\Windows\System\soJrrwG.exe
  C:\Windows\System\soJrrwG.exe
  2⤵
  PID:2708
- C:\Windows\System\JSuVQIp.exe
  C:\Windows\System\JSuVQIp.exe
  2⤵
  PID:4664
- C:\Windows\System\tvExbhd.exe
  C:\Windows\System\tvExbhd.exe
  2⤵
  PID:4756
- C:\Windows\System\XWUuUOP.exe
  C:\Windows\System\XWUuUOP.exe
  2⤵
  PID:2032
- C:\Windows\System\whbLtum.exe
  C:\Windows\System\whbLtum.exe
  2⤵
  PID:1940
- C:\Windows\System\ZGefjvh.exe
  C:\Windows\System\ZGefjvh.exe
  2⤵
  PID:1820
- C:\Windows\System\CQDhJvj.exe
  C:\Windows\System\CQDhJvj.exe
  2⤵
  PID:4892
- C:\Windows\System\dsrCtam.exe
  C:\Windows\System\dsrCtam.exe
  2⤵
  PID:1692
- C:\Windows\System\jZcahCv.exe
  C:\Windows\System\jZcahCv.exe
  2⤵
  PID:3496
- C:\Windows\System\srPkznK.exe
  C:\Windows\System\srPkznK.exe
  2⤵
  PID:4108
- C:\Windows\System\EZwvwYS.exe
  C:\Windows\System\EZwvwYS.exe
  2⤵
  PID:4380
- C:\Windows\System\HLvgdFG.exe
  C:\Windows\System\HLvgdFG.exe
  2⤵
  PID:2964
- C:\Windows\System\aJJgGmh.exe
  C:\Windows\System\aJJgGmh.exe
  2⤵
  PID:2380
- C:\Windows\System\BWYbtgs.exe
  C:\Windows\System\BWYbtgs.exe
  2⤵
  PID:4396
- C:\Windows\System\KaqXuuq.exe
  C:\Windows\System\KaqXuuq.exe
  2⤵
  PID:4652
- C:\Windows\System\yRuEkro.exe
  C:\Windows\System\yRuEkro.exe
  2⤵
  PID:4660
- C:\Windows\System\HdFNerJ.exe
  C:\Windows\System\HdFNerJ.exe
  2⤵
  PID:2600
- C:\Windows\System\SxTtwDg.exe
  C:\Windows\System\SxTtwDg.exe
  2⤵
  PID:1200
- C:\Windows\System\njvGGCo.exe
  C:\Windows\System\njvGGCo.exe
  2⤵
  PID:4716
- C:\Windows\System\MlTjYBi.exe
  C:\Windows\System\MlTjYBi.exe
  2⤵
  PID:4420
- C:\Windows\System\xHdwZUL.exe
  C:\Windows\System\xHdwZUL.exe
  2⤵
  PID:4252
- C:\Windows\System\AXnTfYD.exe
  C:\Windows\System\AXnTfYD.exe
  2⤵
  PID:1980
- C:\Windows\System\atjEnZF.exe
  C:\Windows\System\atjEnZF.exe
  2⤵
  PID:2664
- C:\Windows\System\dqOXzud.exe
  C:\Windows\System\dqOXzud.exe
  2⤵
  PID:4916
- C:\Windows\System\BFBGAnw.exe
  C:\Windows\System\BFBGAnw.exe
  2⤵
  PID:4180
- C:\Windows\System\xtklszz.exe
  C:\Windows\System\xtklszz.exe
  2⤵
  PID:5132
- C:\Windows\System\ZrPMNNS.exe
  C:\Windows\System\ZrPMNNS.exe
  2⤵
  PID:5148
- C:\Windows\System\eFvLlhG.exe
  C:\Windows\System\eFvLlhG.exe
  2⤵
  PID:5164
- C:\Windows\System\wMaLiDr.exe
  C:\Windows\System\wMaLiDr.exe
  2⤵
  PID:5180
- C:\Windows\System\UsphSUa.exe
  C:\Windows\System\UsphSUa.exe
  2⤵
  PID:5196
- C:\Windows\System\QURFFvR.exe
  C:\Windows\System\QURFFvR.exe
  2⤵
  PID:5212
- C:\Windows\System\PhJuqFR.exe
  C:\Windows\System\PhJuqFR.exe
  2⤵
  PID:5232
- C:\Windows\System\yvpQDyz.exe
  C:\Windows\System\yvpQDyz.exe
  2⤵
  PID:5248
- C:\Windows\System\GEGvPfl.exe
  C:\Windows\System\GEGvPfl.exe
  2⤵
  PID:5264
- C:\Windows\System\mWxGuJo.exe
  C:\Windows\System\mWxGuJo.exe
  2⤵
  PID:5280
- C:\Windows\System\PSHbyYe.exe
  C:\Windows\System\PSHbyYe.exe
  2⤵
  PID:5296
- C:\Windows\System\rMPGEVI.exe
  C:\Windows\System\rMPGEVI.exe
  2⤵
  PID:5312
- C:\Windows\System\qcbLoLV.exe
  C:\Windows\System\qcbLoLV.exe
  2⤵
  PID:5328
- C:\Windows\System\tgpDTwa.exe
  C:\Windows\System\tgpDTwa.exe
  2⤵
  PID:5344
- C:\Windows\System\KfEIzkp.exe
  C:\Windows\System\KfEIzkp.exe
  2⤵
  PID:5360
- C:\Windows\System\XoHqdeU.exe
  C:\Windows\System\XoHqdeU.exe
  2⤵
  PID:5376
- C:\Windows\System\GXsaEst.exe
  C:\Windows\System\GXsaEst.exe
  2⤵
  PID:5392
- C:\Windows\System\rRxSJnQ.exe
  C:\Windows\System\rRxSJnQ.exe
  2⤵
  PID:5408
- C:\Windows\System\VmVXPxU.exe
  C:\Windows\System\VmVXPxU.exe
  2⤵
  PID:5424
- C:\Windows\System\MKSKSWU.exe
  C:\Windows\System\MKSKSWU.exe
  2⤵
  PID:5440
- C:\Windows\System\GMGLJdK.exe
  C:\Windows\System\GMGLJdK.exe
  2⤵
  PID:5456
- C:\Windows\System\oIuHZgK.exe
  C:\Windows\System\oIuHZgK.exe
  2⤵
  PID:5476
- C:\Windows\System\fxzeoTf.exe
  C:\Windows\System\fxzeoTf.exe
  2⤵
  PID:5492
- C:\Windows\System\IrplsmM.exe
  C:\Windows\System\IrplsmM.exe
  2⤵
  PID:5508
- C:\Windows\System\hNsbUrJ.exe
  C:\Windows\System\hNsbUrJ.exe
  2⤵
  PID:5524
- C:\Windows\System\pDjMQFa.exe
  C:\Windows\System\pDjMQFa.exe
  2⤵
  PID:5540
- C:\Windows\System\sYhKJZm.exe
  C:\Windows\System\sYhKJZm.exe
  2⤵
  PID:5556
- C:\Windows\System\BlFyIQO.exe
  C:\Windows\System\BlFyIQO.exe
  2⤵
  PID:5572
- C:\Windows\System\qVnYMSi.exe
  C:\Windows\System\qVnYMSi.exe
  2⤵
  PID:5588
- C:\Windows\System\yQnnejn.exe
  C:\Windows\System\yQnnejn.exe
  2⤵
  PID:5604
- C:\Windows\System\OsjkTeG.exe
  C:\Windows\System\OsjkTeG.exe
  2⤵
  PID:5620
- C:\Windows\System\HlzDSWx.exe
  C:\Windows\System\HlzDSWx.exe
  2⤵
  PID:5636
- C:\Windows\System\MpulmaU.exe
  C:\Windows\System\MpulmaU.exe
  2⤵
  PID:5652
- C:\Windows\System\UtghVDH.exe
  C:\Windows\System\UtghVDH.exe
  2⤵
  PID:5668
- C:\Windows\System\MzDPhUL.exe
  C:\Windows\System\MzDPhUL.exe
  2⤵
  PID:5684
- C:\Windows\System\NfVKHco.exe
  C:\Windows\System\NfVKHco.exe
  2⤵
  PID:5700
- C:\Windows\System\LbDyoUE.exe
  C:\Windows\System\LbDyoUE.exe
  2⤵
  PID:5716
- C:\Windows\System\ILrhydT.exe
  C:\Windows\System\ILrhydT.exe
  2⤵
  PID:5732
- C:\Windows\System\otiaiBu.exe
  C:\Windows\System\otiaiBu.exe
  2⤵
  PID:5748
- C:\Windows\System\mywfnhK.exe
  C:\Windows\System\mywfnhK.exe
  2⤵
  PID:5764
- C:\Windows\System\mFsxYjA.exe
  C:\Windows\System\mFsxYjA.exe
  2⤵
  PID:5780
- C:\Windows\System\JXUqycO.exe
  C:\Windows\System\JXUqycO.exe
  2⤵
  PID:5796
- C:\Windows\System\AxplnWZ.exe
  C:\Windows\System\AxplnWZ.exe
  2⤵
  PID:5812
- C:\Windows\System\eYxsOeb.exe
  C:\Windows\System\eYxsOeb.exe
  2⤵
  PID:5828
- C:\Windows\System\sNPQESD.exe
  C:\Windows\System\sNPQESD.exe
  2⤵
  PID:5844
- C:\Windows\System\cNfQdMf.exe
  C:\Windows\System\cNfQdMf.exe
  2⤵
  PID:5860
- C:\Windows\System\ChbdiGw.exe
  C:\Windows\System\ChbdiGw.exe
  2⤵
  PID:5876
- C:\Windows\System\irbrQyS.exe
  C:\Windows\System\irbrQyS.exe
  2⤵
  PID:5892
- C:\Windows\System\xKecyIr.exe
  C:\Windows\System\xKecyIr.exe
  2⤵
  PID:5908
- C:\Windows\System\vZkaKKv.exe
  C:\Windows\System\vZkaKKv.exe
  2⤵
  PID:5924
- C:\Windows\System\bFUmLad.exe
  C:\Windows\System\bFUmLad.exe
  2⤵
  PID:5940
- C:\Windows\System\mnldsjP.exe
  C:\Windows\System\mnldsjP.exe
  2⤵
  PID:5956
- C:\Windows\System\vuLbTCp.exe
  C:\Windows\System\vuLbTCp.exe
  2⤵
  PID:5972
- C:\Windows\System\PRfLNdI.exe
  C:\Windows\System\PRfLNdI.exe
  2⤵
  PID:5988
- C:\Windows\System\BfeqkXP.exe
  C:\Windows\System\BfeqkXP.exe
  2⤵
  PID:6004
- C:\Windows\System\BmSoQIr.exe
  C:\Windows\System\BmSoQIr.exe
  2⤵
  PID:6020
- C:\Windows\System\cbtBHJh.exe
  C:\Windows\System\cbtBHJh.exe
  2⤵
  PID:6036
- C:\Windows\System\PSOzrlO.exe
  C:\Windows\System\PSOzrlO.exe
  2⤵
  PID:6052
- C:\Windows\System\XABrAef.exe
  C:\Windows\System\XABrAef.exe
  2⤵
  PID:6068
- C:\Windows\System\HtcjLkY.exe
  C:\Windows\System\HtcjLkY.exe
  2⤵
  PID:6084
- C:\Windows\System\byPgPyW.exe
  C:\Windows\System\byPgPyW.exe
  2⤵
  PID:6100
- C:\Windows\System\peHrSAw.exe
  C:\Windows\System\peHrSAw.exe
  2⤵
  PID:6116
- C:\Windows\System\fbAiqqs.exe
  C:\Windows\System\fbAiqqs.exe
  2⤵
  PID:6132
- C:\Windows\System\nBRThiK.exe
  C:\Windows\System\nBRThiK.exe
  2⤵
  PID:5128
- C:\Windows\System\eFWMOWO.exe
  C:\Windows\System\eFWMOWO.exe
  2⤵
  PID:5156
- C:\Windows\System\BIuhPSC.exe
  C:\Windows\System\BIuhPSC.exe
  2⤵
  PID:5260
- C:\Windows\System\ygXLRce.exe
  C:\Windows\System\ygXLRce.exe
  2⤵
  PID:5092
- C:\Windows\System\zszIAzX.exe
  C:\Windows\System\zszIAzX.exe
  2⤵
  PID:4468
- C:\Windows\System\ZTKZXhe.exe
  C:\Windows\System\ZTKZXhe.exe
  2⤵
  PID:5176
- C:\Windows\System\UCzfZHC.exe
  C:\Windows\System\UCzfZHC.exe
  2⤵
  PID:5240
- C:\Windows\System\DzIpKae.exe
  C:\Windows\System\DzIpKae.exe
  2⤵
  PID:5276
- C:\Windows\System\TWeiqlw.exe
  C:\Windows\System\TWeiqlw.exe
  2⤵
  PID:5140
- C:\Windows\System\xaSFlKi.exe
  C:\Windows\System\xaSFlKi.exe
  2⤵
  PID:5308
- C:\Windows\System\wOxJUFV.exe
  C:\Windows\System\wOxJUFV.exe
  2⤵
  PID:5272
- C:\Windows\System\XXkmhft.exe
  C:\Windows\System\XXkmhft.exe
  2⤵
  PID:5404
- C:\Windows\System\xUBnivT.exe
  C:\Windows\System\xUBnivT.exe
  2⤵
  PID:5448
- C:\Windows\System\sPjvAzq.exe
  C:\Windows\System\sPjvAzq.exe
  2⤵
  PID:5464
- C:\Windows\System\UFrENBZ.exe
  C:\Windows\System\UFrENBZ.exe
  2⤵
  PID:5552
- C:\Windows\System\GVLlHmE.exe
  C:\Windows\System\GVLlHmE.exe
  2⤵
  PID:5584
- C:\Windows\System\SorpuFw.exe
  C:\Windows\System\SorpuFw.exe
  2⤵
  PID:5648
- C:\Windows\System\SXMOYfX.exe
  C:\Windows\System\SXMOYfX.exe
  2⤵
  PID:5708
- C:\Windows\System\bgRPJYP.exe
  C:\Windows\System\bgRPJYP.exe
  2⤵
  PID:5804
- C:\Windows\System\HXofHDW.exe
  C:\Windows\System\HXofHDW.exe
  2⤵
  PID:5872
- C:\Windows\System\CjBFjgB.exe
  C:\Windows\System\CjBFjgB.exe
  2⤵
  PID:5932
- C:\Windows\System\BvnIdLZ.exe
  C:\Windows\System\BvnIdLZ.exe
  2⤵
  PID:5996
- C:\Windows\System\NsDfMac.exe
  C:\Windows\System\NsDfMac.exe
  2⤵
  PID:6060
- C:\Windows\System\etTqeGg.exe
  C:\Windows\System\etTqeGg.exe
  2⤵
  PID:5792
- C:\Windows\System\tQZfRIe.exe
  C:\Windows\System\tQZfRIe.exe
  2⤵
  PID:5600
- C:\Windows\System\lqYxOuZ.exe
  C:\Windows\System\lqYxOuZ.exe
  2⤵
  PID:5692
- C:\Windows\System\TOtDRJg.exe
  C:\Windows\System\TOtDRJg.exe
  2⤵
  PID:6128
- C:\Windows\System\XpnVSYc.exe
  C:\Windows\System\XpnVSYc.exe
  2⤵
  PID:5500
- C:\Windows\System\qIwzyWg.exe
  C:\Windows\System\qIwzyWg.exe
  2⤵
  PID:5568
- C:\Windows\System\ssekjiR.exe
  C:\Windows\System\ssekjiR.exe
  2⤵
  PID:5664
- C:\Windows\System\ffFYkGg.exe
  C:\Windows\System\ffFYkGg.exe
  2⤵
  PID:5852
- C:\Windows\System\GVNSZrl.exe
  C:\Windows\System\GVNSZrl.exe
  2⤵
  PID:5916
- C:\Windows\System\hbktZjW.exe
  C:\Windows\System\hbktZjW.exe
  2⤵
  PID:6140
- C:\Windows\System\JScoMLs.exe
  C:\Windows\System\JScoMLs.exe
  2⤵
  PID:6108
- C:\Windows\System\BMNHVMc.exe
  C:\Windows\System\BMNHVMc.exe
  2⤵
  PID:5228
- C:\Windows\System\FyhpTzy.exe
  C:\Windows\System\FyhpTzy.exe
  2⤵
  PID:5356
- C:\Windows\System\NeXholn.exe
  C:\Windows\System\NeXholn.exe
  2⤵
  PID:5616
- C:\Windows\System\ZIdyKkT.exe
  C:\Windows\System\ZIdyKkT.exe
  2⤵
  PID:5836
- C:\Windows\System\seVuGjh.exe
  C:\Windows\System\seVuGjh.exe
  2⤵
  PID:5756
- C:\Windows\System\kSuXPRV.exe
  C:\Windows\System\kSuXPRV.exe
  2⤵
  PID:5788
- C:\Windows\System\YtcPdNT.exe
  C:\Windows\System\YtcPdNT.exe
  2⤵
  PID:5660
- C:\Windows\System\GvOJIak.exe
  C:\Windows\System\GvOJIak.exe
  2⤵
  PID:5884
- C:\Windows\System\ecHcEVf.exe
  C:\Windows\System\ecHcEVf.exe
  2⤵
  PID:6080
- C:\Windows\System\APWbXgI.exe
  C:\Windows\System\APWbXgI.exe
  2⤵
  PID:6028
- C:\Windows\System\QUXpcWP.exe
  C:\Windows\System\QUXpcWP.exe
  2⤵
  PID:5536
- C:\Windows\System\QVDqAAI.exe
  C:\Windows\System\QVDqAAI.exe
  2⤵
  PID:6016
- C:\Windows\System\JaPjVtQ.exe
  C:\Windows\System\JaPjVtQ.exe
  2⤵
  PID:1488
- C:\Windows\System\NXpRxZD.exe
  C:\Windows\System\NXpRxZD.exe
  2⤵
  PID:5388
- C:\Windows\System\ONkfPsI.exe
  C:\Windows\System\ONkfPsI.exe
  2⤵
  PID:5472
- C:\Windows\System\ZrRgKdu.exe
  C:\Windows\System\ZrRgKdu.exe
  2⤵
  PID:5580
- C:\Windows\System\jOFXrpo.exe
  C:\Windows\System\jOFXrpo.exe
  2⤵
  PID:3408
- C:\Windows\System\GRxkZcm.exe
  C:\Windows\System\GRxkZcm.exe
  2⤵
  PID:5980
- C:\Windows\System\yXGVbka.exe
  C:\Windows\System\yXGVbka.exe
  2⤵
  PID:5904
- C:\Windows\System\ujMNRvF.exe
  C:\Windows\System\ujMNRvF.exe
  2⤵
  PID:5304
- C:\Windows\System\Iabgoek.exe
  C:\Windows\System\Iabgoek.exe
  2⤵
  PID:5968
- C:\Windows\System\obQqkRT.exe
  C:\Windows\System\obQqkRT.exe
  2⤵
  PID:6048
- C:\Windows\System\kEdqdPp.exe
  C:\Windows\System\kEdqdPp.exe
  2⤵
  PID:6012
- C:\Windows\System\arfkkYU.exe
  C:\Windows\System\arfkkYU.exe
  2⤵
  PID:5488
- C:\Windows\System\YefNfZg.exe
  C:\Windows\System\YefNfZg.exe
  2⤵
  PID:5644
- C:\Windows\System\yOLqOkG.exe
  C:\Windows\System\yOLqOkG.exe
  2⤵
  PID:5188
- C:\Windows\System\LWLIWgP.exe
  C:\Windows\System\LWLIWgP.exe
  2⤵
  PID:6152
- C:\Windows\System\kxebegk.exe
  C:\Windows\System\kxebegk.exe
  2⤵
  PID:6168
- C:\Windows\System\oIrRrMk.exe
  C:\Windows\System\oIrRrMk.exe
  2⤵
  PID:6184
- C:\Windows\System\CkZTolr.exe
  C:\Windows\System\CkZTolr.exe
  2⤵
  PID:6200
- C:\Windows\System\iiYxGaJ.exe
  C:\Windows\System\iiYxGaJ.exe
  2⤵
  PID:6216
- C:\Windows\System\TQQqRaT.exe
  C:\Windows\System\TQQqRaT.exe
  2⤵
  PID:6232
- C:\Windows\System\zNcfTzB.exe
  C:\Windows\System\zNcfTzB.exe
  2⤵
  PID:6248
- C:\Windows\System\ZNuSVzT.exe
  C:\Windows\System\ZNuSVzT.exe
  2⤵
  PID:6268
- C:\Windows\System\AeDkbYx.exe
  C:\Windows\System\AeDkbYx.exe
  2⤵
  PID:6316
- C:\Windows\System\jOwqiVj.exe
  C:\Windows\System\jOwqiVj.exe
  2⤵
  PID:6332
- C:\Windows\System\TztIpMd.exe
  C:\Windows\System\TztIpMd.exe
  2⤵
  PID:6348
- C:\Windows\System\UzlPlFf.exe
  C:\Windows\System\UzlPlFf.exe
  2⤵
  PID:6364
- C:\Windows\System\IlqSDGU.exe
  C:\Windows\System\IlqSDGU.exe
  2⤵
  PID:6380
- C:\Windows\System\qjWWwey.exe
  C:\Windows\System\qjWWwey.exe
  2⤵
  PID:6396
- C:\Windows\System\bPDeNYS.exe
  C:\Windows\System\bPDeNYS.exe
  2⤵
  PID:6412
- C:\Windows\System\SiFQOfK.exe
  C:\Windows\System\SiFQOfK.exe
  2⤵
  PID:6428
- C:\Windows\System\fyvcIyo.exe
  C:\Windows\System\fyvcIyo.exe
  2⤵
  PID:6444
- C:\Windows\System\XEWUICR.exe
  C:\Windows\System\XEWUICR.exe
  2⤵
  PID:6460
- C:\Windows\System\qoBgUyG.exe
  C:\Windows\System\qoBgUyG.exe
  2⤵
  PID:6476
- C:\Windows\System\jTIweza.exe
  C:\Windows\System\jTIweza.exe
  2⤵
  PID:6492
- C:\Windows\System\vNJlrKF.exe
  C:\Windows\System\vNJlrKF.exe
  2⤵
  PID:6508
- C:\Windows\System\SKPeEXn.exe
  C:\Windows\System\SKPeEXn.exe
  2⤵
  PID:6524
- C:\Windows\System\EvYlPTK.exe
  C:\Windows\System\EvYlPTK.exe
  2⤵
  PID:6540
- C:\Windows\System\fPHKAWy.exe
  C:\Windows\System\fPHKAWy.exe
  2⤵
  PID:6556
- C:\Windows\System\XWMzwFP.exe
  C:\Windows\System\XWMzwFP.exe
  2⤵
  PID:6572
- C:\Windows\System\wSBHknv.exe
  C:\Windows\System\wSBHknv.exe
  2⤵
  PID:6588
- C:\Windows\System\ZmwAktF.exe
  C:\Windows\System\ZmwAktF.exe
  2⤵
  PID:6604
- C:\Windows\System\WbiiIMC.exe
  C:\Windows\System\WbiiIMC.exe
  2⤵
  PID:6620
- C:\Windows\System\KSPXOVI.exe
  C:\Windows\System\KSPXOVI.exe
  2⤵
  PID:6636
- C:\Windows\System\gWgKatg.exe
  C:\Windows\System\gWgKatg.exe
  2⤵
  PID:6652
- C:\Windows\System\uOllBza.exe
  C:\Windows\System\uOllBza.exe
  2⤵
  PID:6668
- C:\Windows\System\dgRUIsQ.exe
  C:\Windows\System\dgRUIsQ.exe
  2⤵
  PID:6684
- C:\Windows\System\OOrtOdx.exe
  C:\Windows\System\OOrtOdx.exe
  2⤵
  PID:6700
- C:\Windows\System\XwzSShs.exe
  C:\Windows\System\XwzSShs.exe
  2⤵
  PID:6716
- C:\Windows\System\TZHAwPH.exe
  C:\Windows\System\TZHAwPH.exe
  2⤵
  PID:6736
- C:\Windows\System\vusprvI.exe
  C:\Windows\System\vusprvI.exe
  2⤵
  PID:6752
- C:\Windows\System\VWUojHi.exe
  C:\Windows\System\VWUojHi.exe
  2⤵
  PID:6768
- C:\Windows\System\hHnDUpm.exe
  C:\Windows\System\hHnDUpm.exe
  2⤵
  PID:6784
- C:\Windows\System\TvvyTEt.exe
  C:\Windows\System\TvvyTEt.exe
  2⤵
  PID:6800
- C:\Windows\System\pCWGrCT.exe
  C:\Windows\System\pCWGrCT.exe
  2⤵
  PID:6816
- C:\Windows\System\AwCbqqg.exe
  C:\Windows\System\AwCbqqg.exe
  2⤵
  PID:6832
- C:\Windows\System\YVZIbvu.exe
  C:\Windows\System\YVZIbvu.exe
  2⤵
  PID:6848
- C:\Windows\System\KMXLzpC.exe
  C:\Windows\System\KMXLzpC.exe
  2⤵
  PID:6864
- C:\Windows\System\CAltMHV.exe
  C:\Windows\System\CAltMHV.exe
  2⤵
  PID:6880
- C:\Windows\System\YEvCyAA.exe
  C:\Windows\System\YEvCyAA.exe
  2⤵
  PID:6896
- C:\Windows\System\pjEQujb.exe
  C:\Windows\System\pjEQujb.exe
  2⤵
  PID:6912
- C:\Windows\System\HtkoFJg.exe
  C:\Windows\System\HtkoFJg.exe
  2⤵
  PID:6928
- C:\Windows\System\TsHJEGu.exe
  C:\Windows\System\TsHJEGu.exe
  2⤵
  PID:6944
- C:\Windows\System\xcZVnXB.exe
  C:\Windows\System\xcZVnXB.exe
  2⤵
  PID:6960
- C:\Windows\System\KGYPzFz.exe
  C:\Windows\System\KGYPzFz.exe
  2⤵
  PID:6976
- C:\Windows\System\VQvBnmA.exe
  C:\Windows\System\VQvBnmA.exe
  2⤵
  PID:6992
- C:\Windows\System\lilKcHd.exe
  C:\Windows\System\lilKcHd.exe
  2⤵
  PID:7008
- C:\Windows\System\TEwUdAX.exe
  C:\Windows\System\TEwUdAX.exe
  2⤵
  PID:7024
- C:\Windows\System\kjxAzcT.exe
  C:\Windows\System\kjxAzcT.exe
  2⤵
  PID:7048
- C:\Windows\System\dftiDYd.exe
  C:\Windows\System\dftiDYd.exe
  2⤵
  PID:7080
- C:\Windows\System\YBjxhry.exe
  C:\Windows\System\YBjxhry.exe
  2⤵
  PID:7096
- C:\Windows\System\gdnePTc.exe
  C:\Windows\System\gdnePTc.exe
  2⤵
  PID:7112
- C:\Windows\System\ykQxWyu.exe
  C:\Windows\System\ykQxWyu.exe
  2⤵
  PID:7136
- C:\Windows\System\reIIBnd.exe
  C:\Windows\System\reIIBnd.exe
  2⤵
  PID:7152
- C:\Windows\System\VucLOny.exe
  C:\Windows\System\VucLOny.exe
  2⤵
  PID:5340
- C:\Windows\System\UDbQNBf.exe
  C:\Windows\System\UDbQNBf.exe
  2⤵
  PID:6192
- C:\Windows\System\XqNnazZ.exe
  C:\Windows\System\XqNnazZ.exe
  2⤵
  PID:6264
- C:\Windows\System\eCrCflG.exe
  C:\Windows\System\eCrCflG.exe
  2⤵
  PID:6208
- C:\Windows\System\YWptAer.exe
  C:\Windows\System\YWptAer.exe
  2⤵
  PID:6112
- C:\Windows\System\TleSrNw.exe
  C:\Windows\System\TleSrNw.exe
  2⤵
  PID:5416
- C:\Windows\System\igmIbYQ.exe
  C:\Windows\System\igmIbYQ.exe
  2⤵
  PID:5868
- C:\Windows\System\hGjvJxu.exe
  C:\Windows\System\hGjvJxu.exe
  2⤵
  PID:4600
- C:\Windows\System\eVbZSqf.exe
  C:\Windows\System\eVbZSqf.exe
  2⤵
  PID:6240
- C:\Windows\System\rjVeSNL.exe
  C:\Windows\System\rjVeSNL.exe
  2⤵
  PID:6284
- C:\Windows\System\fejhGWV.exe
  C:\Windows\System\fejhGWV.exe
  2⤵
  PID:6300
- C:\Windows\System\CeHTjuk.exe
  C:\Windows\System\CeHTjuk.exe
  2⤵
  PID:6356
- C:\Windows\System\LhZRjzz.exe
  C:\Windows\System\LhZRjzz.exe
  2⤵
  PID:6424
- C:\Windows\System\MTcsEiZ.exe
  C:\Windows\System\MTcsEiZ.exe
  2⤵
  PID:6488
- C:\Windows\System\zFFdsnc.exe
  C:\Windows\System\zFFdsnc.exe
  2⤵
  PID:6520
- C:\Windows\System\pHjJzFf.exe
  C:\Windows\System\pHjJzFf.exe
  2⤵
  PID:6392
- C:\Windows\System\KfBqQjR.exe
  C:\Windows\System\KfBqQjR.exe
  2⤵
  PID:6644
- C:\Windows\System\aAYPkyJ.exe
  C:\Windows\System\aAYPkyJ.exe
  2⤵
  PID:6436
- C:\Windows\System\bPWXVPs.exe
  C:\Windows\System\bPWXVPs.exe
  2⤵
  PID:6344
- C:\Windows\System\LFrdOJT.exe
  C:\Windows\System\LFrdOJT.exe
  2⤵
  PID:6408
- C:\Windows\System\VwKijrJ.exe
  C:\Windows\System\VwKijrJ.exe
  2⤵
  PID:6500
- C:\Windows\System\nbNckJn.exe
  C:\Windows\System\nbNckJn.exe
  2⤵
  PID:6564
- C:\Windows\System\zIHfeon.exe
  C:\Windows\System\zIHfeon.exe
  2⤵
  PID:6628
- C:\Windows\System\wurklkw.exe
  C:\Windows\System\wurklkw.exe
  2⤵
  PID:6692
- C:\Windows\System\pCfgUac.exe
  C:\Windows\System\pCfgUac.exe
  2⤵
  PID:6748
- C:\Windows\System\wStPGau.exe
  C:\Windows\System\wStPGau.exe
  2⤵
  PID:6812
- C:\Windows\System\cXytebS.exe
  C:\Windows\System\cXytebS.exe
  2⤵
  PID:6760
- C:\Windows\System\yPNwJUq.exe
  C:\Windows\System\yPNwJUq.exe
  2⤵
  PID:6844
- C:\Windows\System\vGbJvph.exe
  C:\Windows\System\vGbJvph.exe
  2⤵
  PID:6724
- C:\Windows\System\EAudvYo.exe
  C:\Windows\System\EAudvYo.exe
  2⤵
  PID:6792
- C:\Windows\System\dhVDCaK.exe
  C:\Windows\System\dhVDCaK.exe
  2⤵
  PID:6920
- C:\Windows\System\kEFTtYA.exe
  C:\Windows\System\kEFTtYA.exe
  2⤵
  PID:6860
- C:\Windows\System\PFHdIVY.exe
  C:\Windows\System\PFHdIVY.exe
  2⤵
  PID:6924
- C:\Windows\System\RBYdugS.exe
  C:\Windows\System\RBYdugS.exe
  2⤵
  PID:7020
- C:\Windows\System\molHiUE.exe
  C:\Windows\System\molHiUE.exe
  2⤵
  PID:7040
- C:\Windows\System\LjoItIs.exe
  C:\Windows\System\LjoItIs.exe
  2⤵
  PID:7044
- C:\Windows\System\SlLPLov.exe
  C:\Windows\System\SlLPLov.exe
  2⤵
  PID:7088
- C:\Windows\System\qzquPkr.exe
  C:\Windows\System\qzquPkr.exe
  2⤵
  PID:7120
- C:\Windows\System\cUuFHKr.exe
  C:\Windows\System\cUuFHKr.exe
  2⤵
  PID:7132
- C:\Windows\System\ymxQQQV.exe
  C:\Windows\System\ymxQQQV.exe
  2⤵
  PID:6256
- C:\Windows\System\eUqesOw.exe
  C:\Windows\System\eUqesOw.exe
  2⤵
  PID:5368
- C:\Windows\System\iGmNFaL.exe
  C:\Windows\System\iGmNFaL.exe
  2⤵
  PID:5900
- C:\Windows\System\RuBNNUS.exe
  C:\Windows\System\RuBNNUS.exe
  2⤵
  PID:6296
- C:\Windows\System\PjEDUua.exe
  C:\Windows\System\PjEDUua.exe
  2⤵
  PID:6388
- C:\Windows\System\xOEvXeW.exe
  C:\Windows\System\xOEvXeW.exe
  2⤵
  PID:6616
- C:\Windows\System\ygRZJbk.exe
  C:\Windows\System\ygRZJbk.exe
  2⤵
  PID:5436
- C:\Windows\System\AHfkLIt.exe
  C:\Windows\System\AHfkLIt.exe
  2⤵
  PID:6308
- C:\Windows\System\ghFMOZM.exe
  C:\Windows\System\ghFMOZM.exe
  2⤵
  PID:6456
- C:\Windows\System\capJglk.exe
  C:\Windows\System\capJglk.exe
  2⤵
  PID:6372
- C:\Windows\System\FQEOiRt.exe
  C:\Windows\System\FQEOiRt.exe
  2⤵
  PID:6472
- C:\Windows\System\HmKnZDM.exe
  C:\Windows\System\HmKnZDM.exe
  2⤵
  PID:6744
- C:\Windows\System\SPDthLh.exe
  C:\Windows\System\SPDthLh.exe
  2⤵
  PID:6904
- C:\Windows\System\Nclzjwi.exe
  C:\Windows\System\Nclzjwi.exe
  2⤵
  PID:6808
- C:\Windows\System\VyLRAQR.exe
  C:\Windows\System\VyLRAQR.exe
  2⤵
  PID:6732
- C:\Windows\System\pfEUVQV.exe
  C:\Windows\System\pfEUVQV.exe
  2⤵
  PID:6888
- C:\Windows\System\YenrmYW.exe
  C:\Windows\System\YenrmYW.exe
  2⤵
  PID:6856
- C:\Windows\System\dxHuZrf.exe
  C:\Windows\System\dxHuZrf.exe
  2⤵
  PID:7036
- C:\Windows\System\GQVqOcp.exe
  C:\Windows\System\GQVqOcp.exe
  2⤵
  PID:7108
- C:\Windows\System\euwjVqP.exe
  C:\Windows\System\euwjVqP.exe
  2⤵
  PID:6292
- C:\Windows\System\sdfPGBb.exe
  C:\Windows\System\sdfPGBb.exe
  2⤵
  PID:7060
- C:\Windows\System\hnUmOaP.exe
  C:\Windows\System\hnUmOaP.exe
  2⤵
  PID:6940
- C:\Windows\System\myfBcBE.exe
  C:\Windows\System\myfBcBE.exe
  2⤵
  PID:6404
- C:\Windows\System\TaFaZpz.exe
  C:\Windows\System\TaFaZpz.exe
  2⤵
  PID:6952
- C:\Windows\System\GgBjyYh.exe
  C:\Windows\System\GgBjyYh.exe
  2⤵
  PID:6180
- C:\Windows\System\STOTAHi.exe
  C:\Windows\System\STOTAHi.exe
  2⤵
  PID:5520
- C:\Windows\System\ZmuxwuZ.exe
  C:\Windows\System\ZmuxwuZ.exe
  2⤵
  PID:5484
- C:\Windows\System\LovCeTd.exe
  C:\Windows\System\LovCeTd.exe
  2⤵
  PID:7144
- C:\Windows\System\lDYEWfQ.exe
  C:\Windows\System\lDYEWfQ.exe
  2⤵
  PID:6280
- C:\Windows\System\sNfkkIr.exe
  C:\Windows\System\sNfkkIr.exe
  2⤵
  PID:6328
- C:\Windows\System\WLZnYLU.exe
  C:\Windows\System\WLZnYLU.exe
  2⤵
  PID:6176
- C:\Windows\System\ltAiEfT.exe
  C:\Windows\System\ltAiEfT.exe
  2⤵
  PID:6312
- C:\Windows\System\OGvFAyr.exe
  C:\Windows\System\OGvFAyr.exe
  2⤵
  PID:6712
- C:\Windows\System\bEEMGqO.exe
  C:\Windows\System\bEEMGqO.exe
  2⤵
  PID:6552
- C:\Windows\System\EBsgtva.exe
  C:\Windows\System\EBsgtva.exe
  2⤵
  PID:6532
- C:\Windows\System\aipXHju.exe
  C:\Windows\System\aipXHju.exe
  2⤵
  PID:7164
- C:\Windows\System\upVdigw.exe
  C:\Windows\System\upVdigw.exe
  2⤵
  PID:6324
- C:\Windows\System\YkxMaMd.exe
  C:\Windows\System\YkxMaMd.exe
  2⤵
  PID:7076
- C:\Windows\System\sPRkRcU.exe
  C:\Windows\System\sPRkRcU.exe
  2⤵
  PID:7188
- C:\Windows\System\bBcmWUJ.exe
  C:\Windows\System\bBcmWUJ.exe
  2⤵
  PID:7208
- C:\Windows\System\PZZhCeS.exe
  C:\Windows\System\PZZhCeS.exe
  2⤵
  PID:7224
- C:\Windows\System\NnHSaED.exe
  C:\Windows\System\NnHSaED.exe
  2⤵
  PID:7240
- C:\Windows\System\BYUGkMm.exe
  C:\Windows\System\BYUGkMm.exe
  2⤵
  PID:7256
- C:\Windows\System\edGcCMA.exe
  C:\Windows\System\edGcCMA.exe
  2⤵
  PID:7272
- C:\Windows\System\tvlVJFk.exe
  C:\Windows\System\tvlVJFk.exe
  2⤵
  PID:7288
- C:\Windows\System\qhvomwC.exe
  C:\Windows\System\qhvomwC.exe
  2⤵
  PID:7304
- C:\Windows\System\HyzYlZA.exe
  C:\Windows\System\HyzYlZA.exe
  2⤵
  PID:7320
- C:\Windows\System\UKSbkIV.exe
  C:\Windows\System\UKSbkIV.exe
  2⤵
  PID:7336
- C:\Windows\System\UvlMCTK.exe
  C:\Windows\System\UvlMCTK.exe
  2⤵
  PID:7352
- C:\Windows\System\ldIShXn.exe
  C:\Windows\System\ldIShXn.exe
  2⤵
  PID:7368
- C:\Windows\System\fBbuhdi.exe
  C:\Windows\System\fBbuhdi.exe
  2⤵
  PID:7384
- C:\Windows\System\avWEZEK.exe
  C:\Windows\System\avWEZEK.exe
  2⤵
  PID:7400
- C:\Windows\System\azAFixN.exe
  C:\Windows\System\azAFixN.exe
  2⤵
  PID:7416
- C:\Windows\System\ynGwuQJ.exe
  C:\Windows\System\ynGwuQJ.exe
  2⤵
  PID:7432
- C:\Windows\System\XANXfDP.exe
  C:\Windows\System\XANXfDP.exe
  2⤵
  PID:7448
- C:\Windows\System\WaAdLvh.exe
  C:\Windows\System\WaAdLvh.exe
  2⤵
  PID:7464
- C:\Windows\System\eXmbMIF.exe
  C:\Windows\System\eXmbMIF.exe
  2⤵
  PID:7480
- C:\Windows\System\pgLVLMR.exe
  C:\Windows\System\pgLVLMR.exe
  2⤵
  PID:7496
- C:\Windows\System\AImMsvw.exe
  C:\Windows\System\AImMsvw.exe
  2⤵
  PID:7512
- C:\Windows\System\caxMApX.exe
  C:\Windows\System\caxMApX.exe
  2⤵
  PID:7528
- C:\Windows\System\tAIZzDe.exe
  C:\Windows\System\tAIZzDe.exe
  2⤵
  PID:7544
- C:\Windows\System\reWajFo.exe
  C:\Windows\System\reWajFo.exe
  2⤵
  PID:7560
- C:\Windows\System\cmJHpMv.exe
  C:\Windows\System\cmJHpMv.exe
  2⤵
  PID:7576
- C:\Windows\System\aAsCACz.exe
  C:\Windows\System\aAsCACz.exe
  2⤵
  PID:7592
- C:\Windows\System\txPoKtx.exe
  C:\Windows\System\txPoKtx.exe
  2⤵
  PID:7608
- C:\Windows\System\RLhQozH.exe
  C:\Windows\System\RLhQozH.exe
  2⤵
  PID:7624
- C:\Windows\System\cWyoJvY.exe
  C:\Windows\System\cWyoJvY.exe
  2⤵
  PID:7640
- C:\Windows\System\rDgTXDI.exe
  C:\Windows\System\rDgTXDI.exe
  2⤵
  PID:7656
- C:\Windows\System\YQymtrM.exe
  C:\Windows\System\YQymtrM.exe
  2⤵
  PID:7672
- C:\Windows\System\bIJMVPv.exe
  C:\Windows\System\bIJMVPv.exe
  2⤵
  PID:7688
- C:\Windows\System\XsQmlmN.exe
  C:\Windows\System\XsQmlmN.exe
  2⤵
  PID:7704
- C:\Windows\System\NZHemFo.exe
  C:\Windows\System\NZHemFo.exe
  2⤵
  PID:7720
- C:\Windows\System\xhjAFhZ.exe
  C:\Windows\System\xhjAFhZ.exe
  2⤵
  PID:7736
- C:\Windows\System\nBUOMYE.exe
  C:\Windows\System\nBUOMYE.exe
  2⤵
  PID:7756
- C:\Windows\System\LBbfyZy.exe
  C:\Windows\System\LBbfyZy.exe
  2⤵
  PID:7772
- C:\Windows\System\AwMSVRr.exe
  C:\Windows\System\AwMSVRr.exe
  2⤵
  PID:7788
- C:\Windows\System\qFIEgEX.exe
  C:\Windows\System\qFIEgEX.exe
  2⤵
  PID:7804
- C:\Windows\System\ameoWvo.exe
  C:\Windows\System\ameoWvo.exe
  2⤵
  PID:7820
- C:\Windows\System\tvuhFvH.exe
  C:\Windows\System\tvuhFvH.exe
  2⤵
  PID:7836
- C:\Windows\System\FlCwqqX.exe
  C:\Windows\System\FlCwqqX.exe
  2⤵
  PID:7852
- C:\Windows\System\yaXACDW.exe
  C:\Windows\System\yaXACDW.exe
  2⤵
  PID:7868
- C:\Windows\System\PUfnSye.exe
  C:\Windows\System\PUfnSye.exe
  2⤵
  PID:7884
- C:\Windows\System\pMgSKdM.exe
  C:\Windows\System\pMgSKdM.exe
  2⤵
  PID:7900
- C:\Windows\System\ozkaROQ.exe
  C:\Windows\System\ozkaROQ.exe
  2⤵
  PID:7916
- C:\Windows\System\skjBUMp.exe
  C:\Windows\System\skjBUMp.exe
  2⤵
  PID:7932
- C:\Windows\System\NPyvDKz.exe
  C:\Windows\System\NPyvDKz.exe
  2⤵
  PID:7948
- C:\Windows\System\riABTFW.exe
  C:\Windows\System\riABTFW.exe
  2⤵
  PID:7964
- C:\Windows\System\ipNFgtg.exe
  C:\Windows\System\ipNFgtg.exe
  2⤵
  PID:7980
- C:\Windows\System\EhKitaw.exe
  C:\Windows\System\EhKitaw.exe
  2⤵
  PID:7996
- C:\Windows\System\VgmTdFS.exe
  C:\Windows\System\VgmTdFS.exe
  2⤵
  PID:8012
- C:\Windows\System\zlLTXSD.exe
  C:\Windows\System\zlLTXSD.exe
  2⤵
  PID:8028
- C:\Windows\System\eNqQaQm.exe
  C:\Windows\System\eNqQaQm.exe
  2⤵
  PID:8044
- C:\Windows\System\CpYDMEK.exe
  C:\Windows\System\CpYDMEK.exe
  2⤵
  PID:8060
- C:\Windows\System\oLOKJcR.exe
  C:\Windows\System\oLOKJcR.exe
  2⤵
  PID:8076
- C:\Windows\System\gjlzjVR.exe
  C:\Windows\System\gjlzjVR.exe
  2⤵
  PID:8092
- C:\Windows\System\dKdCAcG.exe
  C:\Windows\System\dKdCAcG.exe
  2⤵
  PID:8108
- C:\Windows\System\CNAHskq.exe
  C:\Windows\System\CNAHskq.exe
  2⤵
  PID:8124
- C:\Windows\System\BWPeKhe.exe
  C:\Windows\System\BWPeKhe.exe
  2⤵
  PID:8140
- C:\Windows\System\XcVnLMt.exe
  C:\Windows\System\XcVnLMt.exe
  2⤵
  PID:8156
- C:\Windows\System\MVQQKMx.exe
  C:\Windows\System\MVQQKMx.exe
  2⤵
  PID:8172
- C:\Windows\System\TwMJQsf.exe
  C:\Windows\System\TwMJQsf.exe
  2⤵
  PID:8188
- C:\Windows\System\MBdvilu.exe
  C:\Windows\System\MBdvilu.exe
  2⤵
  PID:5224
- C:\Windows\System\jOqnoqE.exe
  C:\Windows\System\jOqnoqE.exe
  2⤵
  PID:7232
- C:\Windows\System\BKZsvju.exe
  C:\Windows\System\BKZsvju.exe
  2⤵
  PID:7296
- C:\Windows\System\TubBukU.exe
  C:\Windows\System\TubBukU.exe
  2⤵
  PID:7360
- C:\Windows\System\FJiFqLh.exe
  C:\Windows\System\FJiFqLh.exe
  2⤵
  PID:7424
- C:\Windows\System\qtyWjlE.exe
  C:\Windows\System\qtyWjlE.exe
  2⤵
  PID:7492
- C:\Windows\System\hqzAtea.exe
  C:\Windows\System\hqzAtea.exe
  2⤵
  PID:6728
- C:\Windows\System\bGNrEvF.exe
  C:\Windows\System\bGNrEvF.exe
  2⤵
  PID:7616
- C:\Windows\System\vlJdiFJ.exe
  C:\Windows\System\vlJdiFJ.exe
  2⤵
  PID:7556
- C:\Windows\System\qUCDDZb.exe
  C:\Windows\System\qUCDDZb.exe
  2⤵
  PID:7716
- C:\Windows\System\nMPulTj.exe
  C:\Windows\System\nMPulTj.exe
  2⤵
  PID:7248
- C:\Windows\System\IqAPYax.exe
  C:\Windows\System\IqAPYax.exe
  2⤵
  PID:7312
- C:\Windows\System\xazaJoJ.exe
  C:\Windows\System\xazaJoJ.exe
  2⤵
  PID:7376
- C:\Windows\System\zLYDvyn.exe
  C:\Windows\System\zLYDvyn.exe
  2⤵
  PID:7440
- C:\Windows\System\LqGPVCt.exe
  C:\Windows\System\LqGPVCt.exe
  2⤵
  PID:7504
- C:\Windows\System\isRYJst.exe
  C:\Windows\System\isRYJst.exe
  2⤵
  PID:7572
- C:\Windows\System\vfCCmRQ.exe
  C:\Windows\System\vfCCmRQ.exe
  2⤵
  PID:7636
- C:\Windows\System\pclIsHI.exe
  C:\Windows\System\pclIsHI.exe
  2⤵
  PID:7728
- C:\Windows\System\pDwZUvo.exe
  C:\Windows\System\pDwZUvo.exe
  2⤵
  PID:7748
- C:\Windows\System\vmrGXoE.exe
  C:\Windows\System\vmrGXoE.exe
  2⤵
  PID:7812
- C:\Windows\System\tPEWOOL.exe
  C:\Windows\System\tPEWOOL.exe
  2⤵
  PID:7876
- C:\Windows\System\ZUyJKLu.exe
  C:\Windows\System\ZUyJKLu.exe
  2⤵
  PID:7972
- C:\Windows\System\EJdwjWv.exe
  C:\Windows\System\EJdwjWv.exe
  2⤵
  PID:7880
- C:\Windows\System\MizPdxN.exe
  C:\Windows\System\MizPdxN.exe
  2⤵
  PID:8004
- C:\Windows\System\CxsYwjK.exe
  C:\Windows\System\CxsYwjK.exe
  2⤵
  PID:8132
- C:\Windows\System\izcXpte.exe
  C:\Windows\System\izcXpte.exe
  2⤵
  PID:7072
- C:\Windows\System\MeXpblC.exe
  C:\Windows\System\MeXpblC.exe
  2⤵
  PID:7392
- C:\Windows\System\erODYwi.exe
  C:\Windows\System\erODYwi.exe
  2⤵
  PID:7648
- C:\Windows\System\COXMbjD.exe
  C:\Windows\System\COXMbjD.exe
  2⤵
  PID:7344
- C:\Windows\System\MvkgJfd.exe
  C:\Windows\System\MvkgJfd.exe
  2⤵
  PID:8180
- C:\Windows\System\dwmUnXA.exe
  C:\Windows\System\dwmUnXA.exe
  2⤵
  PID:8116
- C:\Windows\System\NBnasyG.exe
  C:\Windows\System\NBnasyG.exe
  2⤵
  PID:7472
- C:\Windows\System\VMPULAe.exe
  C:\Windows\System\VMPULAe.exe
  2⤵
  PID:7768
- C:\Windows\System\bFffqFN.exe
  C:\Windows\System\bFffqFN.exe
  2⤵
  PID:7864
- C:\Windows\System\vEVBknb.exe
  C:\Windows\System\vEVBknb.exe
  2⤵
  PID:7960
- C:\Windows\System\FnRcCds.exe
  C:\Windows\System\FnRcCds.exe
  2⤵
  PID:8020
- C:\Windows\System\wpRVijI.exe
  C:\Windows\System\wpRVijI.exe
  2⤵
  PID:8084
- C:\Windows\System\qeEjZnz.exe
  C:\Windows\System\qeEjZnz.exe
  2⤵
  PID:8184
- C:\Windows\System\RYzUCPo.exe
  C:\Windows\System\RYzUCPo.exe
  2⤵
  PID:7460
- C:\Windows\System\zErlaEk.exe
  C:\Windows\System\zErlaEk.exe
  2⤵
  PID:7712
- C:\Windows\System\CKItPDl.exe
  C:\Windows\System\CKItPDl.exe
  2⤵
  PID:7732
- C:\Windows\System\zGcoolj.exe
  C:\Windows\System\zGcoolj.exe
  2⤵
  PID:7540
- C:\Windows\System\yvvJHmm.exe
  C:\Windows\System\yvvJHmm.exe
  2⤵
  PID:7784
- C:\Windows\System\jlIxbmR.exe
  C:\Windows\System\jlIxbmR.exe
  2⤵
  PID:8040
- C:\Windows\System\SdtRyQx.exe
  C:\Windows\System\SdtRyQx.exe
  2⤵
  PID:7264
- C:\Windows\System\iNWIGCr.exe
  C:\Windows\System\iNWIGCr.exe
  2⤵
  PID:7828
- C:\Windows\System\MDPopWA.exe
  C:\Windows\System\MDPopWA.exe
  2⤵
  PID:7924
- C:\Windows\System\VAWopLO.exe
  C:\Windows\System\VAWopLO.exe
  2⤵
  PID:8056
- C:\Windows\System\IPkbenM.exe
  C:\Windows\System\IPkbenM.exe
  2⤵
  PID:7632
- C:\Windows\System\jReMChu.exe
  C:\Windows\System\jReMChu.exe
  2⤵
  PID:7476
- C:\Windows\System\JsOVKNK.exe
  C:\Windows\System\JsOVKNK.exe
  2⤵
  PID:7284
- C:\Windows\System\tRnlltw.exe
  C:\Windows\System\tRnlltw.exe
  2⤵
  PID:8200
- C:\Windows\System\pykWhqS.exe
  C:\Windows\System\pykWhqS.exe
  2⤵
  PID:8216
- C:\Windows\System\DqzfEwt.exe
  C:\Windows\System\DqzfEwt.exe
  2⤵
  PID:8232
- C:\Windows\System\MQACzJa.exe
  C:\Windows\System\MQACzJa.exe
  2⤵
  PID:8248
- C:\Windows\System\HzacBHB.exe
  C:\Windows\System\HzacBHB.exe
  2⤵
  PID:8264
- C:\Windows\System\DnUEKIQ.exe
  C:\Windows\System\DnUEKIQ.exe
  2⤵
  PID:8280
- C:\Windows\System\dGAPPQN.exe
  C:\Windows\System\dGAPPQN.exe
  2⤵
  PID:8296
- C:\Windows\System\TTQLEge.exe
  C:\Windows\System\TTQLEge.exe
  2⤵
  PID:8312
- C:\Windows\System\ZqAsKXq.exe
  C:\Windows\System\ZqAsKXq.exe
  2⤵
  PID:8328
- C:\Windows\System\IuzVxye.exe
  C:\Windows\System\IuzVxye.exe
  2⤵
  PID:8344
- C:\Windows\System\TjUMkfU.exe
  C:\Windows\System\TjUMkfU.exe
  2⤵
  PID:8360
- C:\Windows\System\WvLyGSv.exe
  C:\Windows\System\WvLyGSv.exe
  2⤵
  PID:8376
- C:\Windows\System\mbueZXf.exe
  C:\Windows\System\mbueZXf.exe
  2⤵
  PID:8392
- C:\Windows\System\XNYhYyI.exe
  C:\Windows\System\XNYhYyI.exe
  2⤵
  PID:8408
- C:\Windows\System\gDzqjBz.exe
  C:\Windows\System\gDzqjBz.exe
  2⤵
  PID:8424
- C:\Windows\System\XkJAaFT.exe
  C:\Windows\System\XkJAaFT.exe
  2⤵
  PID:8440
- C:\Windows\System\TFJNDDo.exe
  C:\Windows\System\TFJNDDo.exe
  2⤵
  PID:8456
- C:\Windows\System\OeoJepz.exe
  C:\Windows\System\OeoJepz.exe
  2⤵
  PID:8472
- C:\Windows\System\ULacOxV.exe
  C:\Windows\System\ULacOxV.exe
  2⤵
  PID:8488
- C:\Windows\System\Lmnsgsm.exe
  C:\Windows\System\Lmnsgsm.exe
  2⤵
  PID:8504
- C:\Windows\System\vtfDGob.exe
  C:\Windows\System\vtfDGob.exe
  2⤵
  PID:8520
- C:\Windows\System\LDKCgjW.exe
  C:\Windows\System\LDKCgjW.exe
  2⤵
  PID:8536
- C:\Windows\System\EdwDyjw.exe
  C:\Windows\System\EdwDyjw.exe
  2⤵
  PID:8552
- C:\Windows\System\qrSetBu.exe
  C:\Windows\System\qrSetBu.exe
  2⤵
  PID:8568
- C:\Windows\System\nkyGUBG.exe
  C:\Windows\System\nkyGUBG.exe
  2⤵
  PID:8584
- C:\Windows\System\bipXBfI.exe
  C:\Windows\System\bipXBfI.exe
  2⤵
  PID:8600
- C:\Windows\System\kuLBMGQ.exe
  C:\Windows\System\kuLBMGQ.exe
  2⤵
  PID:8620
- C:\Windows\System\DntBecJ.exe
  C:\Windows\System\DntBecJ.exe
  2⤵
  PID:8636
- C:\Windows\System\YmFhQNJ.exe
  C:\Windows\System\YmFhQNJ.exe
  2⤵
  PID:8652
- C:\Windows\System\IaiwQpl.exe
  C:\Windows\System\IaiwQpl.exe
  2⤵
  PID:8668
- C:\Windows\System\PBEtWnI.exe
  C:\Windows\System\PBEtWnI.exe
  2⤵
  PID:8684
- C:\Windows\System\lQzKAmo.exe
  C:\Windows\System\lQzKAmo.exe
  2⤵
  PID:8700
- C:\Windows\System\EXsBrhq.exe
  C:\Windows\System\EXsBrhq.exe
  2⤵
  PID:8716
- C:\Windows\System\BzveTit.exe
  C:\Windows\System\BzveTit.exe
  2⤵
  PID:8732
- C:\Windows\System\PFdcTTE.exe
  C:\Windows\System\PFdcTTE.exe
  2⤵
  PID:8748
- C:\Windows\System\kMaQnbe.exe
  C:\Windows\System\kMaQnbe.exe
  2⤵
  PID:8772
- C:\Windows\System\sgMftqP.exe
  C:\Windows\System\sgMftqP.exe
  2⤵
  PID:8788
- C:\Windows\System\ZqPynJP.exe
  C:\Windows\System\ZqPynJP.exe
  2⤵
  PID:8804
- C:\Windows\System\CEIfFGT.exe
  C:\Windows\System\CEIfFGT.exe
  2⤵
  PID:8820
- C:\Windows\System\UDFtSaN.exe
  C:\Windows\System\UDFtSaN.exe
  2⤵
  PID:8836
- C:\Windows\System\PQICAma.exe
  C:\Windows\System\PQICAma.exe
  2⤵
  PID:8852
- C:\Windows\System\kWjyyGf.exe
  C:\Windows\System\kWjyyGf.exe
  2⤵
  PID:8872
- C:\Windows\System\YMoyzlS.exe
  C:\Windows\System\YMoyzlS.exe
  2⤵
  PID:8888
- C:\Windows\System\qbhNPjC.exe
  C:\Windows\System\qbhNPjC.exe
  2⤵
  PID:8904
- C:\Windows\System\UjSYzdf.exe
  C:\Windows\System\UjSYzdf.exe
  2⤵
  PID:8920
- C:\Windows\System\uLFYjOH.exe
  C:\Windows\System\uLFYjOH.exe
  2⤵
  PID:8936
- C:\Windows\System\GOOAcYL.exe
  C:\Windows\System\GOOAcYL.exe
  2⤵
  PID:8952
- C:\Windows\System\asZaxVy.exe
  C:\Windows\System\asZaxVy.exe
  2⤵
  PID:8968
- C:\Windows\System\xYDUwrc.exe
  C:\Windows\System\xYDUwrc.exe
  2⤵
  PID:8984
- C:\Windows\System\KxgSXQo.exe
  C:\Windows\System\KxgSXQo.exe
  2⤵
  PID:9000
- C:\Windows\System\qIrgHMs.exe
  C:\Windows\System\qIrgHMs.exe
  2⤵
  PID:9016
- C:\Windows\System\MjlRcaL.exe
  C:\Windows\System\MjlRcaL.exe
  2⤵
  PID:9032
- C:\Windows\System\CYBoLSa.exe
  C:\Windows\System\CYBoLSa.exe
  2⤵
  PID:9048
- C:\Windows\System\JmFiFfj.exe
  C:\Windows\System\JmFiFfj.exe
  2⤵
  PID:9064
- C:\Windows\System\AcubfJx.exe
  C:\Windows\System\AcubfJx.exe
  2⤵
  PID:9080
- C:\Windows\System\MjhkeBM.exe
  C:\Windows\System\MjhkeBM.exe
  2⤵
  PID:9096
- C:\Windows\System\oKsClPF.exe
  C:\Windows\System\oKsClPF.exe
  2⤵
  PID:9112
- C:\Windows\System\HuelRwr.exe
  C:\Windows\System\HuelRwr.exe
  2⤵
  PID:9128
- C:\Windows\System\fjCjsZa.exe
  C:\Windows\System\fjCjsZa.exe
  2⤵
  PID:9144
- C:\Windows\System\IWzOLKu.exe
  C:\Windows\System\IWzOLKu.exe
  2⤵
  PID:9160
- C:\Windows\System\bYKKyAI.exe
  C:\Windows\System\bYKKyAI.exe
  2⤵
  PID:9176
- C:\Windows\System\PAZPWQU.exe
  C:\Windows\System\PAZPWQU.exe
  2⤵
  PID:9192
- C:\Windows\System\GijezmM.exe
  C:\Windows\System\GijezmM.exe
  2⤵
  PID:9208
- C:\Windows\System\mAiMXjX.exe
  C:\Windows\System\mAiMXjX.exe
  2⤵
  PID:7488
- C:\Windows\System\dnpoOEK.exe
  C:\Windows\System\dnpoOEK.exe
  2⤵
  PID:7428
- C:\Windows\System\CoJCBCC.exe
  C:\Windows\System\CoJCBCC.exe
  2⤵
  PID:7524
- C:\Windows\System\fzRgJoP.exe
  C:\Windows\System\fzRgJoP.exe
  2⤵
  PID:7684
- C:\Windows\System\pFfgKnk.exe
  C:\Windows\System\pFfgKnk.exe
  2⤵
  PID:8244
- C:\Windows\System\KKezpZX.exe
  C:\Windows\System\KKezpZX.exe
  2⤵
  PID:8272
- C:\Windows\System\GuTZVgi.exe
  C:\Windows\System\GuTZVgi.exe
  2⤵
  PID:8152
- C:\Windows\System\xAYHcED.exe
  C:\Windows\System\xAYHcED.exe
  2⤵
  PID:7220
- C:\Windows\System\pmMimHZ.exe
  C:\Windows\System\pmMimHZ.exe
  2⤵
  PID:7332
- C:\Windows\System\bqVcUal.exe
  C:\Windows\System\bqVcUal.exe
  2⤵
  PID:8256
- C:\Windows\System\BmOZKOl.exe
  C:\Windows\System\BmOZKOl.exe
  2⤵
  PID:8292
- C:\Windows\System\wqhzgpj.exe
  C:\Windows\System\wqhzgpj.exe
  2⤵
  PID:8336
- C:\Windows\System\uDaDvhO.exe
  C:\Windows\System\uDaDvhO.exe
  2⤵
  PID:8356
- C:\Windows\System\hXGVKIb.exe
  C:\Windows\System\hXGVKIb.exe
  2⤵
  PID:8388
- C:\Windows\System\lbgGONE.exe
  C:\Windows\System\lbgGONE.exe
  2⤵
  PID:8432
- C:\Windows\System\JHlNYtY.exe
  C:\Windows\System\JHlNYtY.exe
  2⤵
  PID:8452
- C:\Windows\System\LWSKRGp.exe
  C:\Windows\System\LWSKRGp.exe
  2⤵
  PID:8484
- C:\Windows\System\aXvNKPe.exe
  C:\Windows\System\aXvNKPe.exe
  2⤵
  PID:8516
- C:\Windows\System\UVsGFxt.exe
  C:\Windows\System\UVsGFxt.exe
  2⤵
  PID:8548
- C:\Windows\System\GNIojMu.exe
  C:\Windows\System\GNIojMu.exe
  2⤵
  PID:8628
- C:\Windows\System\IsoQtPg.exe
  C:\Windows\System\IsoQtPg.exe
  2⤵
  PID:8692
- C:\Windows\System\MRIcDYF.exe
  C:\Windows\System\MRIcDYF.exe
  2⤵
  PID:8576
- C:\Windows\System\yPAyeeG.exe
  C:\Windows\System\yPAyeeG.exe
  2⤵
  PID:8676
- C:\Windows\System\pEbBmQH.exe
  C:\Windows\System\pEbBmQH.exe
  2⤵
  PID:8756
- C:\Windows\System\bqHvEBw.exe
  C:\Windows\System\bqHvEBw.exe
  2⤵
  PID:8708
- C:\Windows\System\ZRRlVmy.exe
  C:\Windows\System\ZRRlVmy.exe
  2⤵
  PID:8760
- C:\Windows\System\mYQWgMj.exe
  C:\Windows\System\mYQWgMj.exe
  2⤵
  PID:8832
- C:\Windows\System\eejtUsm.exe
  C:\Windows\System\eejtUsm.exe
  2⤵
  PID:8928
- C:\Windows\System\uvBXAzM.exe
  C:\Windows\System\uvBXAzM.exe
  2⤵
  PID:8868
- C:\Windows\System\fUunKpZ.exe
  C:\Windows\System\fUunKpZ.exe
  2⤵
  PID:9028
- C:\Windows\System\gTyeyfU.exe
  C:\Windows\System\gTyeyfU.exe
  2⤵
  PID:8916
- C:\Windows\System\oOrxhsB.exe
  C:\Windows\System\oOrxhsB.exe
  2⤵
  PID:8980
- C:\Windows\System\eTABCDj.exe
  C:\Windows\System\eTABCDj.exe
  2⤵
  PID:8816
- C:\Windows\System\jDRThLZ.exe
  C:\Windows\System\jDRThLZ.exe
  2⤵
  PID:8848
- C:\Windows\System\zQdXUqn.exe
  C:\Windows\System\zQdXUqn.exe
  2⤵
  PID:9012
- C:\Windows\System\GuOsABH.exe
  C:\Windows\System\GuOsABH.exe
  2⤵
  PID:9120
- C:\Windows\System\PAbnwFb.exe
  C:\Windows\System\PAbnwFb.exe
  2⤵
  PID:9136
- C:\Windows\System\hUzphpG.exe
  C:\Windows\System\hUzphpG.exe
  2⤵
  PID:9172
- C:\Windows\System\OjNHOQW.exe
  C:\Windows\System\OjNHOQW.exe
  2⤵
  PID:7976
- C:\Windows\System\iHLfTUO.exe
  C:\Windows\System\iHLfTUO.exe
  2⤵
  PID:9204
- C:\Windows\System\lCxbEux.exe
  C:\Windows\System\lCxbEux.exe
  2⤵
  PID:7912
- C:\Windows\System\LHnQlKk.exe
  C:\Windows\System\LHnQlKk.exe
  2⤵
  PID:8100
- C:\Windows\System\fWBODPe.exe
  C:\Windows\System\fWBODPe.exe
  2⤵
  PID:7216
- C:\Windows\System\RieOhCL.exe
  C:\Windows\System\RieOhCL.exe
  2⤵
  PID:7552
- C:\Windows\System\GQMmBAG.exe
  C:\Windows\System\GQMmBAG.exe
  2⤵
  PID:8368
- C:\Windows\System\wNfwROZ.exe
  C:\Windows\System\wNfwROZ.exe
  2⤵
  PID:8496
- C:\Windows\System\lJPQoZP.exe
  C:\Windows\System\lJPQoZP.exe
  2⤵
  PID:8384
- C:\Windows\System\dlewwxT.exe
  C:\Windows\System\dlewwxT.exe
  2⤵
  PID:8512
- C:\Windows\System\CIbQqlu.exe
  C:\Windows\System\CIbQqlu.exe
  2⤵
  PID:8592
- C:\Windows\System\LnCHqYs.exe
  C:\Windows\System\LnCHqYs.exe
  2⤵
  PID:8724
- C:\Windows\System\lWRAQQA.exe
  C:\Windows\System\lWRAQQA.exe
  2⤵
  PID:8612
- C:\Windows\System\sykuPge.exe
  C:\Windows\System\sykuPge.exe
  2⤵
  PID:8964
- C:\Windows\System\DVoHANJ.exe
  C:\Windows\System\DVoHANJ.exe
  2⤵
  PID:8900
- C:\Windows\System\VYMQorD.exe
  C:\Windows\System\VYMQorD.exe
  2⤵
  PID:8896
- C:\Windows\System\wDHOjcD.exe
  C:\Windows\System\wDHOjcD.exe
  2⤵
  PID:8784
- C:\Windows\System\VhxCEZi.exe
  C:\Windows\System\VhxCEZi.exe
  2⤵
  PID:9156
- C:\Windows\System\fCJcxnH.exe
  C:\Windows\System\fCJcxnH.exe
  2⤵
  PID:8212
- C:\Windows\System\PKtPQbY.exe
  C:\Windows\System\PKtPQbY.exe
  2⤵
  PID:8120
- C:\Windows\System\ALwPUzy.exe
  C:\Windows\System\ALwPUzy.exe
  2⤵
  PID:8352
- C:\Windows\System\SVMoqjG.exe
  C:\Windows\System\SVMoqjG.exe
  2⤵
  PID:7004
- C:\Windows\System\LXjLanK.exe
  C:\Windows\System\LXjLanK.exe
  2⤵
  PID:8464
- C:\Windows\System\CAthGnC.exe
  C:\Windows\System\CAthGnC.exe
  2⤵
  PID:8664
- C:\Windows\System\dpPqYme.exe
  C:\Windows\System\dpPqYme.exe
  2⤵
  PID:8912
- C:\Windows\System\kJUhUPt.exe
  C:\Windows\System\kJUhUPt.exe
  2⤵
  PID:8960
- C:\Windows\System\jQQzYgE.exe
  C:\Windows\System\jQQzYgE.exe
  2⤵
  PID:9044
- C:\Windows\System\kUCSEEX.exe
  C:\Windows\System\kUCSEEX.exe
  2⤵
  PID:9152
- C:\Windows\System\ATbMPRq.exe
  C:\Windows\System\ATbMPRq.exe
  2⤵
  PID:9124
- C:\Windows\System\dQprwIq.exe
  C:\Windows\System\dQprwIq.exe
  2⤵
  PID:1576
- C:\Windows\System\ZZJVpmP.exe
  C:\Windows\System\ZZJVpmP.exe
  2⤵
  PID:7944
- C:\Windows\System\RhcTkuO.exe
  C:\Windows\System\RhcTkuO.exe
  2⤵
  PID:8944
- C:\Windows\System\LEWOilG.exe
  C:\Windows\System\LEWOilG.exe
  2⤵
  PID:7780
- C:\Windows\System\RYvXKQr.exe
  C:\Windows\System\RYvXKQr.exe
  2⤵
  PID:9220
- C:\Windows\System\dgjTXcd.exe
  C:\Windows\System\dgjTXcd.exe
  2⤵
  PID:9236
- C:\Windows\System\lJiloOS.exe
  C:\Windows\System\lJiloOS.exe
  2⤵
  PID:9252
- C:\Windows\System\WDoPPwB.exe
  C:\Windows\System\WDoPPwB.exe
  2⤵
  PID:9268
- C:\Windows\System\CXwTDBe.exe
  C:\Windows\System\CXwTDBe.exe
  2⤵
  PID:9284
- C:\Windows\System\eeRnNUL.exe
  C:\Windows\System\eeRnNUL.exe
  2⤵
  PID:9300
- C:\Windows\System\CAApFgn.exe
  C:\Windows\System\CAApFgn.exe
  2⤵
  PID:9316
- C:\Windows\System\DRUsuMb.exe
  C:\Windows\System\DRUsuMb.exe
  2⤵
  PID:9332
- C:\Windows\System\RFmjCmL.exe
  C:\Windows\System\RFmjCmL.exe
  2⤵
  PID:9348
- C:\Windows\System\swdVXhS.exe
  C:\Windows\System\swdVXhS.exe
  2⤵
  PID:9364
- C:\Windows\System\wwychne.exe
  C:\Windows\System\wwychne.exe
  2⤵
  PID:9380
- C:\Windows\System\YMapXUr.exe
  C:\Windows\System\YMapXUr.exe
  2⤵
  PID:9396
- C:\Windows\System\aMsNQNA.exe
  C:\Windows\System\aMsNQNA.exe
  2⤵
  PID:9412
- C:\Windows\System\AZRHTvN.exe
  C:\Windows\System\AZRHTvN.exe
  2⤵
  PID:9428
- C:\Windows\System\WOmHDuC.exe
  C:\Windows\System\WOmHDuC.exe
  2⤵
  PID:9444
- C:\Windows\System\gCemhxr.exe
  C:\Windows\System\gCemhxr.exe
  2⤵
  PID:9460
- C:\Windows\System\BmxEUvN.exe
  C:\Windows\System\BmxEUvN.exe
  2⤵
  PID:9476
- C:\Windows\System\JKDmOoz.exe
  C:\Windows\System\JKDmOoz.exe
  2⤵
  PID:9492
- C:\Windows\System\mkUDvrD.exe
  C:\Windows\System\mkUDvrD.exe
  2⤵
  PID:9508
- C:\Windows\System\JeCTdkq.exe
  C:\Windows\System\JeCTdkq.exe
  2⤵
  PID:9524
- C:\Windows\System\KvSbHln.exe
  C:\Windows\System\KvSbHln.exe
  2⤵
  PID:9540
- C:\Windows\System\hZNknPV.exe
  C:\Windows\System\hZNknPV.exe
  2⤵
  PID:9556
- C:\Windows\System\CPWLMUJ.exe
  C:\Windows\System\CPWLMUJ.exe
  2⤵
  PID:9572
- C:\Windows\System\onWDalx.exe
  C:\Windows\System\onWDalx.exe
  2⤵
  PID:9588
- C:\Windows\System\glPdZSY.exe
  C:\Windows\System\glPdZSY.exe
  2⤵
  PID:9604
- C:\Windows\System\INnOcnT.exe
  C:\Windows\System\INnOcnT.exe
  2⤵
  PID:9620
- C:\Windows\System\GlPpItj.exe
  C:\Windows\System\GlPpItj.exe
  2⤵
  PID:9640
- C:\Windows\System\uFExAje.exe
  C:\Windows\System\uFExAje.exe
  2⤵
  PID:9656
- C:\Windows\System\GAVpXpZ.exe
  C:\Windows\System\GAVpXpZ.exe
  2⤵
  PID:9672
- C:\Windows\System\lcbqGAi.exe
  C:\Windows\System\lcbqGAi.exe
  2⤵
  PID:9688
- C:\Windows\System\zjogkTl.exe
  C:\Windows\System\zjogkTl.exe
  2⤵
  PID:9704
- C:\Windows\System\jaIgvQH.exe
  C:\Windows\System\jaIgvQH.exe
  2⤵
  PID:9720
- C:\Windows\System\JQnmtnf.exe
  C:\Windows\System\JQnmtnf.exe
  2⤵
  PID:9736
- C:\Windows\System\rxTLBFZ.exe
  C:\Windows\System\rxTLBFZ.exe
  2⤵
  PID:9752
- C:\Windows\System\SBaiHKc.exe
  C:\Windows\System\SBaiHKc.exe
  2⤵
  PID:9768
- C:\Windows\System\bslXAHu.exe
  C:\Windows\System\bslXAHu.exe
  2⤵
  PID:9784
- C:\Windows\System\wlfDyWh.exe
  C:\Windows\System\wlfDyWh.exe
  2⤵
  PID:9804
- C:\Windows\System\JsPinCF.exe
  C:\Windows\System\JsPinCF.exe
  2⤵
  PID:9824
- C:\Windows\System\VMWtaxD.exe
  C:\Windows\System\VMWtaxD.exe
  2⤵
  PID:9844
- C:\Windows\System\AahrSks.exe
  C:\Windows\System\AahrSks.exe
  2⤵
  PID:9868
- C:\Windows\System\DzRIgBB.exe
  C:\Windows\System\DzRIgBB.exe
  2⤵
  PID:9888
- C:\Windows\System\YlQUOzF.exe
  C:\Windows\System\YlQUOzF.exe
  2⤵
  PID:9908
- C:\Windows\System\RJgWmrJ.exe
  C:\Windows\System\RJgWmrJ.exe
  2⤵
  PID:9956
- C:\Windows\System\dDosMaR.exe
  C:\Windows\System\dDosMaR.exe
  2⤵
  PID:9972
- C:\Windows\System\WJUSsqs.exe
  C:\Windows\System\WJUSsqs.exe
  2⤵
  PID:9988
- C:\Windows\System\hJXIcBQ.exe
  C:\Windows\System\hJXIcBQ.exe
  2⤵
  PID:10004
- C:\Windows\System\yFqFgvB.exe
  C:\Windows\System\yFqFgvB.exe
  2⤵
  PID:10024
- C:\Windows\System\Kkdijye.exe
  C:\Windows\System\Kkdijye.exe
  2⤵
  PID:10040
- C:\Windows\System\tIIweCU.exe
  C:\Windows\System\tIIweCU.exe
  2⤵
  PID:10056
- C:\Windows\System\YPUKXfG.exe
  C:\Windows\System\YPUKXfG.exe
  2⤵
  PID:10072
- C:\Windows\System\igmPEIE.exe
  C:\Windows\System\igmPEIE.exe
  2⤵
  PID:10088
- C:\Windows\System\yeJiBcx.exe
  C:\Windows\System\yeJiBcx.exe
  2⤵
  PID:10104
- C:\Windows\System\CoAfXPJ.exe
  C:\Windows\System\CoAfXPJ.exe
  2⤵
  PID:10120
- C:\Windows\System\lbHJBpQ.exe
  C:\Windows\System\lbHJBpQ.exe
  2⤵
  PID:10136
- C:\Windows\System\beZZUJo.exe
  C:\Windows\System\beZZUJo.exe
  2⤵
  PID:10152
- C:\Windows\System\ZoipSke.exe
  C:\Windows\System\ZoipSke.exe
  2⤵
  PID:10168
- C:\Windows\System\iQmHfNP.exe
  C:\Windows\System\iQmHfNP.exe
  2⤵
  PID:10184
- C:\Windows\System\qKcNPfO.exe
  C:\Windows\System\qKcNPfO.exe
  2⤵
  PID:10200
- C:\Windows\System\aoQIMtt.exe
  C:\Windows\System\aoQIMtt.exe
  2⤵
  PID:10216
- C:\Windows\System\zjcbcOi.exe
  C:\Windows\System\zjcbcOi.exe
  2⤵
  PID:10232
- C:\Windows\System\PazDfuc.exe
  C:\Windows\System\PazDfuc.exe
  2⤵
  PID:9260
- C:\Windows\System\xcceqhR.exe
  C:\Windows\System\xcceqhR.exe
  2⤵
  PID:9324
- C:\Windows\System\mSMNHpR.exe
  C:\Windows\System\mSMNHpR.exe
  2⤵
  PID:7988
- C:\Windows\System\jQdPPfR.exe
  C:\Windows\System\jQdPPfR.exe
  2⤵
  PID:8320
- C:\Windows\System\HbLaptF.exe
  C:\Windows\System\HbLaptF.exe
  2⤵
  PID:8596
- C:\Windows\System\BggVUUd.exe
  C:\Windows\System\BggVUUd.exe
  2⤵
  PID:9452
- C:\Windows\System\ZiCdESe.exe
  C:\Windows\System\ZiCdESe.exe
  2⤵
  PID:8800
- C:\Windows\System\FAzPkOO.exe
  C:\Windows\System\FAzPkOO.exe
  2⤵
  PID:8208
- C:\Windows\System\VoeBOYS.exe
  C:\Windows\System\VoeBOYS.exe
  2⤵
  PID:9344
- C:\Windows\System\kPMrIkX.exe
  C:\Windows\System\kPMrIkX.exe
  2⤵
  PID:9404
- C:\Windows\System\PqsPoDv.exe
  C:\Windows\System\PqsPoDv.exe
  2⤵
  PID:9436
- C:\Windows\System\bgJtmzn.exe
  C:\Windows\System\bgJtmzn.exe
  2⤵
  PID:8768
- C:\Windows\System\JOABdjc.exe
  C:\Windows\System\JOABdjc.exe
  2⤵
  PID:9280
- C:\Windows\System\mMHVovU.exe
  C:\Windows\System\mMHVovU.exe
  2⤵
  PID:9468
- C:\Windows\System\dXoOukk.exe
  C:\Windows\System\dXoOukk.exe
  2⤵
  PID:9552
- C:\Windows\System\sQDmlWN.exe
  C:\Windows\System\sQDmlWN.exe
  2⤵
  PID:9584
- C:\Windows\System\zvbAXsh.exe
  C:\Windows\System\zvbAXsh.exe
  2⤵
  PID:9616
- C:\Windows\System\gpWCSjT.exe
  C:\Windows\System\gpWCSjT.exe
  2⤵
  PID:9636
- C:\Windows\System\dXXLeXE.exe
  C:\Windows\System\dXXLeXE.exe
  2⤵
  PID:9684
- C:\Windows\System\twcyWdb.exe
  C:\Windows\System\twcyWdb.exe
  2⤵
  PID:9716
- C:\Windows\System\MrsaOWw.exe
  C:\Windows\System\MrsaOWw.exe
  2⤵
  PID:9760
- C:\Windows\System\UfczLyi.exe
  C:\Windows\System\UfczLyi.exe
  2⤵
  PID:9792
- C:\Windows\System\qKrFSsv.exe
  C:\Windows\System\qKrFSsv.exe
  2⤵
  PID:9820
- C:\Windows\System\yoiROPB.exe
  C:\Windows\System\yoiROPB.exe
  2⤵
  PID:9864
- C:\Windows\System\iMnDtNU.exe
  C:\Windows\System\iMnDtNU.exe
  2⤵
  PID:9896
- C:\Windows\System\yOVVsvE.exe
  C:\Windows\System\yOVVsvE.exe
  2⤵
  PID:9916
- C:\Windows\System\LzroMON.exe
  C:\Windows\System\LzroMON.exe
  2⤵
  PID:9932
- C:\Windows\System\qlikDsY.exe
  C:\Windows\System\qlikDsY.exe
  2⤵
  PID:9968
- C:\Windows\System\PaqZvAK.exe
  C:\Windows\System\PaqZvAK.exe
  2⤵
  PID:9952
- C:\Windows\System\UNgIZWe.exe
  C:\Windows\System\UNgIZWe.exe
  2⤵
  PID:10032
- C:\Windows\System\MyNSIcn.exe
  C:\Windows\System\MyNSIcn.exe
  2⤵
  PID:10128
- C:\Windows\System\CjylbUU.exe
  C:\Windows\System\CjylbUU.exe
  2⤵
  PID:10064
- C:\Windows\System\MXKpxFs.exe
  C:\Windows\System\MXKpxFs.exe
  2⤵
  PID:10224
- C:\Windows\System\eyIpuYn.exe
  C:\Windows\System\eyIpuYn.exe
  2⤵
  PID:10080
- C:\Windows\System\ioTNmff.exe
  C:\Windows\System\ioTNmff.exe
  2⤵
  PID:9228
- C:\Windows\System\HHXUdUW.exe
  C:\Windows\System\HHXUdUW.exe
  2⤵
  PID:10144
- C:\Windows\System\HYvdZWy.exe
  C:\Windows\System\HYvdZWy.exe
  2⤵
  PID:9232
- C:\Windows\System\SdLERCd.exe
  C:\Windows\System\SdLERCd.exe
  2⤵
  PID:9420
- C:\Windows\System\oSUAnLG.exe
  C:\Windows\System\oSUAnLG.exe
  2⤵
  PID:9168
- C:\Windows\System\sNMNrRH.exe
  C:\Windows\System\sNMNrRH.exe
  2⤵
  PID:8644
- C:\Windows\System\UIFaegm.exe
  C:\Windows\System\UIFaegm.exe
  2⤵
  PID:9580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EUZAFxj.exe

Filesize
6.0MB

MD5
9c56fa61315df52861119556a94461eb

SHA1
dc888594264b040e6b82efacfaa3330111144f66

SHA256
b47beb41a4352100294f298e30a566da7ff0e64a90e8bc7cba9656b31f19827e

SHA512
8c2cde8e8a8e54259c785faaf8b429e67bd1053b0f6b7ddfaa063088e918916d77bf4f30afd3d335dafcc92a4b78f11b0a7481b381b76661c8a9564d3db0efb8

Download Submit
C:\Windows\system\JPDMjSZ.exe

Filesize
6.0MB

MD5
88b2612608f0785ccdc18d2d2a1af31f

SHA1
3cb905f45031fb2b093d3062b2de85fd484b29b8

SHA256
e6ee8dcf659b42de908e279569eb6f629047f4da9d94021d54965ae4da7a115b

SHA512
7b11dcbe0abd766f9ff01a5261672f2fc94a012cded1658205c8b67766dcd1393e9def7a190c2bfd00f6007328f9612d6e978f51e7c5624a72c11c8d29881220

Download Submit
C:\Windows\system\LIbHDha.exe

Filesize
6.0MB

MD5
dd78f4444416696fbad81ed4cb912682

SHA1
2f62f25268e3249c4b726faa538d2403822937ab

SHA256
3a40da132760c24e4ea2a6a692571cf4edb435571e09721f5cb1bb3bbeb907b6

SHA512
a191e050a2a8bd139f5ded94c50424b327fca58b2fa82ee6ede454d2cb41ba2b748cc1f205d522d5dfdbff6c9532a33c01754d530e7bcf47e213ce078b86562c

Download Submit
C:\Windows\system\QClkFFO.exe

Filesize
6.0MB

MD5
2afc20485c53ad65619000a5ceb20ca8

SHA1
d134f088dfd11b0ec5052ed1edc1035ff1c81e44

SHA256
e538e601f9a322d4035f282567ddef2353576e9e7aeeddc4f2abe1dfc1d28e87

SHA512
030665e25d3d09406f4739fabe19d42187d32499aaefefecb86df5cae37d4817bfa1622b3af535cea67f4a99753b250774eb1f0dba759868f0fbbd2082e2ee4c

Download Submit
C:\Windows\system\QPgKlkS.exe

Filesize
6.0MB

MD5
ed78da9fe26c9f9147d86c393e5f42a4

SHA1
2547b62c5192ca611b8786ecacce0ffa33e58898

SHA256
77dfcb3bafaf7b796d9db51ec1166ed4f8c96e10873c45ffe28924045a3d94d3

SHA512
a8636c4215138bd9a896dcbb1d9b7d23a1add35ed329d8a7f5c7ca84ab7d4c48d9657668a17b7a4d06a74cc3dfead57c2aabb38f0495cda7ab3278427dbd0efb

Download Submit
C:\Windows\system\QYDfPvN.exe

Filesize
6.0MB

MD5
074ecb1b4e9ca36814e7be1fae6cfa4c

SHA1
e9a4fcf0993cb4e26802a637f21f93ef2420cba4

SHA256
a7e12381f4d93781a6ff021ba985e734e63b49554c2dd7ea58d04100ecb774d5

SHA512
65aab97a1ac6112f9e316bbdd1d291cc8596796156345b43f6f59fbc1c140882ab1a925812014c34b7a8dd364dfc9b03865d5faa821b51d8c9594b72a031941f

Download Submit
C:\Windows\system\RZcPHls.exe

Filesize
6.0MB

MD5
a641bc5340c2c222458af3fa76274bc0

SHA1
62b7a5f787a2ab65bc18f19f70043d0d677da453

SHA256
cd5e60ea12731d8b51af55e82c22d8d91010eeec938395686a28d5cb38022a9d

SHA512
f4417bb879e88f07a389300dbd336dcb0c96d90810d476c543eef1e83d3eaf63c184c7a605374fe60d80ef257f4c6d9d6cc79912691023ff669fc92fe86fdd38

Download Submit
C:\Windows\system\UtxCspF.exe

Filesize
6.0MB

MD5
613d889c52d9d20ced83ad11679631d2

SHA1
c67442fd691f511f61bb1b73a3eff8cd0c93c672

SHA256
83b93d1fbd68349cd03fd7a202b10dbb1855bcf39cf3c5335cf0a245ca426d19

SHA512
acd6f506fa85cb2af6c80e5878589112e21e48ae9f232d39f260b4e13de230c48fb47e1ebcc7437ae5ef71fd596e412902dc360e5ea91e4eb5bd6df9bf001797

Download Submit
C:\Windows\system\VXDsDdp.exe

Filesize
6.0MB

MD5
1388cfcf90cb1af9ac77633cebab3b0d

SHA1
df9163bb035a0d38c5ffba0957e7d1fe84c98e3e

SHA256
419c1f3c9d9fef1aaedfb1a49f51e28075ad67cfdedf6f654734b64cc5b58ba3

SHA512
410ee6351f3ff90e66547e80e6dfaad3f2fbb20ce45bd3b4d728623d2891205629a47711d263b6e1f0031da3efa2e24c3f3f4bc09b8eddb396b0b14e3b76f83d

Download Submit
C:\Windows\system\WzLmMFo.exe

Filesize
6.0MB

MD5
61bbad8d169578089c566e98509296bb

SHA1
4bd5d7914cf3ba9b93f490a40997c400be9a9f4d

SHA256
05a0fd0c44e0ee61d2e6860fb87e84fde5a38bc497a13fba888ecc28c79ecdef

SHA512
b16b824a8d717bf6fc4fade283c76f7285cf13a0409a1ed264b2e066b91f04993e581d5fad0100ff1f55e81a05ce8468f2f7ca4753d2750d20e0c9d41288b7e8

Download Submit
C:\Windows\system\XrfIsKx.exe

Filesize
6.0MB

MD5
4d95fe27f46168c34201451888d30c12

SHA1
753c4abd5909732f30c4ec5b840c90023e502cba

SHA256
02a575bd874368f29818f1f48fe8945c4bd58bf87be16ee177873f5aa11e3da0

SHA512
809cea3b8f652a3c432d6df4f1188997db14946947a8ac3202d8980ffedc53ef2306f4e0cfd9f74c9f50afc8ff2be5d7fd22b1662debd6e4f8fb67882659ba0c

Download Submit
C:\Windows\system\doGtGHu.exe

Filesize
6.0MB

MD5
cfa7d61f8c62539129c15496c92aceeb

SHA1
3f7a364b2871701f00d0270132271ad67a8f0afd

SHA256
53eb03c2add27097af5b5611d5d1a3aac53d1d65b24312b9b8e81ca86c50f48f

SHA512
9c25206388f260fa46a889d102bc89fc2f39db28d1ccfb63984fdd0e571dddc54318d1aae5cea602a44d2c484c5c136098f1e1149b50235c104a9331f144850a

Download Submit
C:\Windows\system\jyvORaY.exe

Filesize
6.0MB

MD5
b44bcb6b91d2ced5c763bb7c8a23114b

SHA1
ec27756fad94ecabaec070a0d453e9ffd6926357

SHA256
4cc47b420f476bc14c88974ca7ff4163cc256223f17f764d7373c15165d356be

SHA512
efd6ece3cfb253ef3b62554d24298f95451dc4c187b78a117091ff02f8e8125fea7313d83cfce8cd0fa0aad532a525cc05a6a9c7e4f570a62f9734b3651846f6

Download Submit
C:\Windows\system\lhOfbau.exe

Filesize
6.0MB

MD5
b2615b2276b5e0b5bd9489e77822c872

SHA1
cace3827a83c9064368f6dd8172a2afce0010a73

SHA256
f1511c313008fa0cedd7e323d750f26f94216bc8743a7db6d96db94cbc64fb64

SHA512
ed73a7c2af935a54f776f98fe9534cce0019b21e9d4aeac2d5644430732c549b3ad9b9fc0cf291f6b37e3ca125754c6d05b0bda98b67a3a11d98c036c85dc2bd

Download Submit
C:\Windows\system\njLagVB.exe

Filesize
6.0MB

MD5
ccd18761def5e65277ee4e898bfe7891

SHA1
57a294fee86494fee0446d2429bdbeee5e3f5378

SHA256
51150e180bd0e176f73fa67849cf472e72f1fd447bc772b1f2f5374eed2e9178

SHA512
96014a1db09fc1b922735b155750efa6105f4e619cda292d31ab7b4d7c09082dc20ed11dfa2b5d5cd97875149e3b65b3b24f143c3ca30949c13d7b3a7087cf8d

Download Submit
C:\Windows\system\ofZcpHE.exe

Filesize
6.0MB

MD5
f781003989e71c480ac521f6724574cc

SHA1
e940d73d2ab28bda80ec9ebe4dd0ae11460296dd

SHA256
17f3a208d995abdddcf5c058a2b37da4a48901a20bf262c3868efbdb4eae011c

SHA512
38b0078407dfd6feb3f82373b458bb5848ce0da1a600035abec354d06aec25351564b30bd7cc197807733b50aea23c57dd8265a829009c25ad487beac53f2a0c

Download Submit
C:\Windows\system\qKFVXfL.exe

Filesize
6.0MB

MD5
05869067354b1e50496131596c5e97c0

SHA1
8456f6b6972e253e40aff56c42777e936ae59ea8

SHA256
d3fd0c70523c593b22eefb75b101c80b7fe17aec2d750cd04ace49eea0494a71

SHA512
1f74d5ff02d45ebba6596cadfe3a8e6b9fb4322ce57a8dab8bb20d530d1cfabc5394f81bf896a545cb70cf004f8f29a6e48f37031422733b90147b0006cdd684

Download Submit
C:\Windows\system\sRNavwD.exe

Filesize
6.0MB

MD5
edd3646b3222dcf9c5a2107d3b2a194f

SHA1
8037a2c410985d3eb385706081f886509a610e62

SHA256
e9a308607655f9f3ce9ec1a462b5490ce3b22268071350f0ba3d2bebbc3cf89a

SHA512
9edcf50771a1f4e677313c1e37141d244345371d24ab6e1cdf4f6016f4fa72ad73de3f4b6c5cfb81e8f367170bd74053cef659d2039867dbaca80beedb928587

Download Submit
C:\Windows\system\yuqzpHC.exe

Filesize
6.0MB

MD5
83a6e9040d15871a52cd48ede6b45c3c

SHA1
1e73ee406d7e223377aa99b638fa501b2c269c48

SHA256
b60ec4f5e57b52e772bfa1abea85fd940eeb89eea9af8d9576014351f91206f4

SHA512
5b72099312e4d2078b33fc18a286cc500b9a28d22bb0366448a5f2e83433e774192329f802fe0b62acb0b06a72bbc02db85ecab330f4dd1952c2b4f87f25dc62

Download Submit
\Windows\system\CDwjdVy.exe

Filesize
6.0MB

MD5
2b6c24751abcabc7f43b12f344f84b94

SHA1
8d4d26ca36f50fbcacab6c157ff1117e829353b6

SHA256
66edcbb34b68e91698e69dc57b144b1f7108a2c529d173a969ed0590755886ac

SHA512
1b13a951a5ad97408ac98321b30f966a46a93ba9a17e8fe8f84cbc701e3adf525a91e4e3442daaba141bbc8fd79c9dc07efe7ed50ad2d43c58cc10fbc58e37b7

Download Submit
\Windows\system\CtGhuzW.exe

Filesize
6.0MB

MD5
0f405eee301b1b21dea37b6ec8c589fc

SHA1
4a688dc86103e7f5039cd8c9f52db9534b903029

SHA256
e7877232968e02f5f8d0aa204507b2e016f534032ea36a1c5470d88b3900fb8f

SHA512
160489eccbe9a6a901be5b5ac6dbadd9dde2e4c89bd75b03e322178884ccb2990bc8d6bf030228971ff23595a3a6c4219e5643886e6a95675bad8b807482c06f

Download Submit
\Windows\system\EZSqKah.exe

Filesize
6.0MB

MD5
559436dcfb01242bf3bc82a3e317db5a

SHA1
6dfd7313cde0aaa3708e662cc381ae165ed2a690

SHA256
34f92f074f8a6b03f4c8d38d874b23c73be6f3434263fc50961a9155de176379

SHA512
df53a6a5ba5bdc00084555dad51b898e975b7f0a1d9cba3352e10ff396a48950879e98cf6dffb7772f9d143ab2423086053e8afa82af5048780b26b69e3e5b35

Download Submit
\Windows\system\EZqRhXa.exe

Filesize
6.0MB

MD5
37293f56cad87d22e777f3eafd5dec72

SHA1
e0fcf0ac7d98ad5d64b06500a06deb048cad8a10

SHA256
7b4f29f099d10b748bba9c8162e46fd5fe55064a49014c86360912ad1984028a

SHA512
dc22498e0353184874323ad020132530af0133b07e687d4a8b249dc5b52a5fc0da908c2690ea154bad879a7a124a739dde4ba5b04a4f4d0a187b132cf5462305

Download Submit
\Windows\system\HfPDPLh.exe

Filesize
6.0MB

MD5
3a33ec153268d9f3756e7cc2f0097622

SHA1
2d27f524289cbcc14a9f3e2e3d069bb1dbd79671

SHA256
f327215bab7edeb7a392c5f95b2a5477889a7e41082f85c173cd3844adaa57de

SHA512
2b4b80289959ab233e791d9b4e688db705b9a2571fb31f4484d9b69dcc9f0b78ff5662568f85053c22d32746a8e2e813c22653760b91847d448150f20a72aaf7

Download Submit
\Windows\system\HqWwZlr.exe

Filesize
6.0MB

MD5
924ee065dffd40e87d02b7b085f6581a

SHA1
05fd626c0de8c0578d1bfdc257ba0b42a14fd46b

SHA256
625315a4a4d39841f3a93e2b5d1263b6595a38324503c85ceeba9244b537914c

SHA512
408e4db411a77959aba1fc357c81bee3fdbe2600a8450ad7a33b7e3827c649887dd6fb9c01caca5b2e348a05e7ead172b736a8f1c0b90b02d3160488e1c3524a

Download Submit
\Windows\system\IVlyZyd.exe

Filesize
6.0MB

MD5
95fb33732a68074a7fa9a44cf3c9adef

SHA1
0cdef848edd22a26a635d51017fa7f5cd0fd0ea0

SHA256
02d4b85724dc33089e468a3897039185cd0251435b66c63c1b07f8683754019a

SHA512
885b8157ef808400522f2f26b90906801efc8047c8a69607be8f9b6e59b01802ec279f67b61e0111524ccba2b24dd89c38b90b5b2215ac116f4e1169ad004b39

Download Submit
\Windows\system\KyXjIVr.exe

Filesize
6.0MB

MD5
5f77ffbebba44c7b32bc0045804f1358

SHA1
6ce44b1fe5e510a6e701f14ec9e508b7f216b622

SHA256
de9107f31989675e330b04a5c1446518c93e6101bd27870659fe51591d71509a

SHA512
b0ac20048bbd1483f5dfe71c1ddcd4c08138de12fb3bf02f5bb8ed3ad29e201b69d085836dd8111c8cf399e0a8aad71df437a0c64fb7325899f783c5301864e8

Download Submit
\Windows\system\LneKnIu.exe

Filesize
6.0MB

MD5
dd0e98d54af01d483f1b6a248daf3674

SHA1
2712761fc6f6b5d04907b7ce73065dec3aa8bef3

SHA256
f5a01786734c04725d59647c38bdb8f1cae0e724c531f61e20bb6021f46ad06c

SHA512
78364d2de46994c6fa6b042d2507c101baef659aeee04d2e2ed7a441bedf8903f040ba21d4a0444e18188b0e5576158efa3b14201bdaabf8b200395b0f0486c3

Download Submit
\Windows\system\STXswsr.exe

Filesize
6.0MB

MD5
2574b00b4b3cef182e75ecfe5f20530f

SHA1
552c107552fdec4ecb4e7d9f622c4a7a389f767e

SHA256
5e92d6e1ff796f4cdc2439fc334b919af85b5ebc7e119d98826c1273208b0175

SHA512
28879ebc016e20d00d039d8397e16eb1f3ea81c3e926a35a6b73ba9e4e33124a94293752b1e126c018dfb70752816703df5f28dac6f428755eef3cd777648039

Download Submit
\Windows\system\TWPnXXl.exe

Filesize
6.0MB

MD5
48e6b97054d9bd8838a346a70e677429

SHA1
e94701032002b794e3a1ca573025f90e690d928e

SHA256
df8ba5f8abbba3bcd0fadc52e31a434c1541a90f1946183cde830d6aa61b7682

SHA512
f966461ea5bd1844d411063c65e7b8617725d0975666c566342942d17ee8e637da80c60b981707cf96f03f37826106f256c67c3e9d2fe1e8291041bbc094e848

Download Submit
\Windows\system\XtxxmUN.exe

Filesize
6.0MB

MD5
1b3338e0ed1cdaf7f48c685cea4ad583

SHA1
a251f821b9bedc44f1dc65f7a2806340ca7ecbca

SHA256
8354d6889c764c4d077613dd65bf9f10a352495c8b9fc5cae1695f65c7d923c9

SHA512
f9794f412fa7bae812a35397804f0828c643b9400d2d5958a1287ce254a4127b8158abf7fff95bbe90d3a69802484163b1c632bd1217a6979d59b77f2d320bbe

Download Submit
\Windows\system\ZIWEzdY.exe

Filesize
6.0MB

MD5
148c6429688b14813f528c3610b81b36

SHA1
04f9e0f5c9950098654ab6995b465d374ae4a001

SHA256
0b74c16a2a9feeab716092b9a598fe40ebda74bfb002ce3f394bed8a7245aa46

SHA512
322cab4365998bd5dbddfc07f3c88af2baa1378101ab5493b2566dc7c3b49aa5a104d089e8dc58382b5a8f7da50554a65fe5b2c33beb6cea3cb83894c700c531

Download Submit
\Windows\system\ZJqcCCz.exe

Filesize
6.0MB

MD5
b2d3a4d4b0a13f3e7531e40199fef12a

SHA1
6559fa0ba89871bad03b86d6f565540aa6dc0bb4

SHA256
8b736c5958c5dfb12b76e8b479bc4f6347ee2b91a11c04f3ea8f7254c7057f91

SHA512
f79670aa4e920ba7f1797b0adfaea4569e1ccdc45f8b1ce841508d8c24db6b15e7572c7294dffe192bc3cc861217bb9d99207dd1fddc2ecfebb1054749102bac

Download Submit
\Windows\system\ceoAOJe.exe

Filesize
6.0MB

MD5
edca70c9649fe1382ee4b4017e43d874

SHA1
0b1acb073f0884cbd77a273db171f9bacb466f8c

SHA256
5ee6e8e779c2be29638bf16bcd234095693c6d3e27947a119521aa9a8805954f

SHA512
f3a5141bfa2b0b6c749f44b86d569cc75bcbfea003eb6edf4ede6173f1826f7715034e0d0aca02991e47dc5c495dd4008dc1eee4c6fd7dd666c9df083b79d491

Download Submit
\Windows\system\ghzrBzM.exe

Filesize
6.0MB

MD5
94bf94cbc458cd9145e3726fdb60e010

SHA1
067c59e04bbc28f52d3563d7b4f64880889bc9cd

SHA256
cb85c4baf39824ef93b19e2f24020e36205c4c6fa7b9e338bc3b823e3bf4b9c9

SHA512
46da39b0bca356191811a00f0d3454786fa632fcd8319827ddcae6a93933f379a22be5ae2a01535beff933f8d2d20288e5f9024cf7c24fce0c70fa32edcd3766

Download Submit
\Windows\system\hZwlIRc.exe

Filesize
6.0MB

MD5
60752d562727e9d42208aa4aa0ef18e1

SHA1
537769240bac8556e13b9c16b732ccb70724fe42

SHA256
91349947e05bf7c08cf3959e5dc549de09e2b8b8bccc55919f872fe4afbc0bc1

SHA512
b09f1aad89eeddd8684b6d95b8252b3fab96ff254e1b19be8513e9397e450de4022f44e711ddbf18fb77f64fd732c9b5d8a3497550c316d9be0578cabf3a6667

Download Submit
\Windows\system\hrhjdof.exe

Filesize
6.0MB

MD5
a811c81208ceaee52af14ed4ebf2bde8

SHA1
6ddbd239225b3caf62d5bb5017e6e94f09070b64

SHA256
79c4cb6c9312231d65f86d046fa38db0d7277f5a68b3f924126598d37e0de598

SHA512
47c9a0b44e1b5fc142c64ffc915b9c31a594eb4165aab6db12a2c599436686543e0a0a56bcf17913cc32c7ab0f4a93433943871d3d93cd8cf788fef8a65de702

Download Submit
\Windows\system\mtGgxxv.exe

Filesize
6.0MB

MD5
ea0f174a2ac7e154fa198636934ae938

SHA1
f410ea0f0cfc9b16199aacb0e3d67fc4d62d6088

SHA256
1bdebcfec627074ec1d3d93e65fa1e12cb2519239c7338312a52863d37fe2730

SHA512
8028f21440eb94172ac6d121117af5ac9eba086f0589838a17341ff6023b673a4513bf2a63ea62926fe913fbe60b1f4a539ecd7f6cd3886a27e9f458785795d1

Download Submit
\Windows\system\qVutWcv.exe

Filesize
6.0MB

MD5
6b78b204236a97b48b978bf14ac4a3c3

SHA1
3a668db39baa90acb015c8945ae33e0066afb421

SHA256
5a417eab4fb053b22a77e80977bf5e8a48d8f52b4c80b8dfae958545fd0c21fc

SHA512
8e04bc53a3322fecc1083d92a92df88b243f447921cd26ec0bd288a33b94cf51f357b3700101591efe01daebfc0e994bc52fc109d032bcf0446a515dbb144b9d

Download Submit
memory/2120-1808-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2120-740-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2120-0-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2120-195-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2120-123-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2120-181-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-162-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2120-192-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2120-737-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1772-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2120-52-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1807-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-33-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2120-74-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2120-130-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1810-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2120-67-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2120-138-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1794-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2120-158-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2296-3768-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2296-94-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2340-69-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2340-3776-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2344-167-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-3780-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-3769-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2416-47-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2540-3771-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-105-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-34-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2556-3770-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3775-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2768-71-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3778-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2772-83-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2812-88-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3774-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-3772-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2888-76-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2916-176-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2916-3779-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2944-63-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2944-3777-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2948-3773-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2948-93-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download