cobaltstrike | 2c490706d637909cc23bd790255633dd66e5ef2397c6f3cddb21db957c74587d

Analysis

max time kernel
150s
max time network
20s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

388c333ea81fe7277c282682e1061bcd
SHA1

bbb4bbe682334a7de0c18cd41de13251a833245c
SHA256

2c490706d637909cc23bd790255633dd66e5ef2397c6f3cddb21db957c74587d
SHA512

37a7d152b2fc2d1a4dbe34a10bc113e73296c48b1fb46ebb1113234c7c54456d0a9e3769e529924e4a7c97855e268988b879c722a95122836f640b488ae0f3e2
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUZ:T+q56utgpPF8u/7Z

Score

10^/10

cobaltstrike xmrig 0 backdoor discovery miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012266-3.dat	cobalt_reflective_dll
behavioral1/files/0x0017000000016c92-14.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cf0-13.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0c-24.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d1c-28.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000016cab-41.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-52.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d3f-50.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-71.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-201.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-196.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-191.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-186.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-181.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-177.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-98.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-81.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2116-0-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/files/0x000c000000012266-3.dat	xmrig
behavioral1/files/0x0017000000016c92-14.dat	xmrig
behavioral1/memory/2164-10-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2900-15-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016cf0-13.dat	xmrig
behavioral1/files/0x0007000000016d0c-24.dat	xmrig
behavioral1/memory/584-25-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d1c-28.dat	xmrig
behavioral1/memory/2024-26-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2960-36-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2116-38-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/files/0x000b000000016cab-41.dat	xmrig
behavioral1/memory/2164-42-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2480-43-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-52.dat	xmrig
behavioral1/memory/2116-54-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/584-58-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2512-51-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d3f-50.dat	xmrig
behavioral1/memory/2804-59-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2900-53-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001950f-71.dat	xmrig
behavioral1/memory/2380-76-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2928-66-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ef-65.dat	xmrig
behavioral1/files/0x0005000000019547-86.dat	xmrig
behavioral1/memory/944-91-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2116-95-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2904-100-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ad-126.dat	xmrig
behavioral1/memory/2380-142-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195b5-147.dat	xmrig
behavioral1/files/0x00050000000195c1-167.dat	xmrig
behavioral1/memory/2928-1722-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2512-1718-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2804-1714-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2480-1643-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2024-1618-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2900-1588-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2960-1770-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/584-1774-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2164-1807-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/1316-1805-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2904-1803-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2380-1773-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/944-1772-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/3028-1771-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/3028-486-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2116-434-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2904-396-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/944-293-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/1316-203-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x000500000001975a-201.dat	xmrig
behavioral1/files/0x0005000000019643-196.dat	xmrig
behavioral1/files/0x000500000001960c-191.dat	xmrig
behavioral1/files/0x00050000000195c7-186.dat	xmrig
behavioral1/files/0x00050000000195c6-181.dat	xmrig
behavioral1/files/0x00050000000195c5-177.dat	xmrig
behavioral1/files/0x00050000000195c3-171.dat	xmrig
behavioral1/files/0x00050000000195bd-161.dat	xmrig
behavioral1/files/0x00050000000195bb-156.dat	xmrig
behavioral1/files/0x00050000000195b7-151.dat	xmrig
behavioral1/files/0x00050000000195b3-140.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2164	mMqMdHV.exe
2900	atEujpr.exe
584	ZUCjjtQ.exe
2024	MCXdvVB.exe
2960	iEZcwLZ.exe
2480	EsOELiR.exe
2512	YNEsnyH.exe
2804	GoEEqSb.exe
2928	eLnHpTJ.exe
2380	BLSFdUN.exe
1316	HQSqcPk.exe
944	poWOzmJ.exe
2904	wxGVDpm.exe
3028	reZNgNR.exe
2340	CFwwKPb.exe
2560	yzrIYpO.exe
1108	OIoWwQT.exe
608	OCjISVp.exe
2028	gTzgLIe.exe
1148	uykAsjU.exe
2352	PXQGahH.exe
2504	uMlEZBc.exe
1956	GBomvTg.exe
2060	TXMzVbe.exe
864	kXSatHB.exe
2456	KGooRYi.exe
2472	EkHgUUV.exe
2328	fylhdmM.exe
1716	IvnZjxG.exe
820	DDlcDeJ.exe
2776	KFSjRAB.exe
1680	ngntnxH.exe
1356	kRFspAm.exe
1540	sVBfGtW.exe
2584	tHlZQPW.exe
2300	dSgWaLw.exe
2520	oECigKo.exe
2440	JxAfkOJ.exe
1204	ZQvSyPZ.exe
2704	RFalBjK.exe
2892	QyzIhGP.exe
1768	csYfpha.exe
2608	tiKxwNJ.exe
2616	YNoUDfV.exe
2612	ULgDJHN.exe
1524	KNpFuaT.exe
1816	FxKhrOY.exe
1940	XpTgDUZ.exe
1628	ooxlbeP.exe
2364	LGQwxOb.exe
1704	UPeRaot.exe
2156	UNNZWmf.exe
2956	tLGpEaT.exe
3048	QYuOMSz.exe
2832	VTIXwoH.exe
2872	YhBWVyw.exe
2248	jUitEYj.exe
1872	YWGTShH.exe
3056	tqSVBaG.exe
2664	LgihIen.exe
2460	HFdVmls.exe
452	cdXkmLB.exe
580	KfHoJYt.exe
1304	VSEarET.exe

Loads dropped DLL 64 IoCs

pid	Process
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2116-0-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/files/0x000c000000012266-3.dat	upx
behavioral1/files/0x0017000000016c92-14.dat	upx
behavioral1/memory/2164-10-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2900-15-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x0008000000016cf0-13.dat	upx
behavioral1/files/0x0007000000016d0c-24.dat	upx
behavioral1/memory/584-25-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x0007000000016d1c-28.dat	upx
behavioral1/memory/2024-26-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2960-36-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2116-38-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/files/0x000b000000016cab-41.dat	upx
behavioral1/memory/2164-42-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2480-43-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x0002000000018334-52.dat	upx
behavioral1/memory/584-58-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2512-51-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x0009000000016d3f-50.dat	upx
behavioral1/memory/2804-59-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2900-53-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x000500000001950f-71.dat	upx
behavioral1/memory/2380-76-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2928-66-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x00050000000194ef-65.dat	upx
behavioral1/files/0x0005000000019547-86.dat	upx
behavioral1/memory/944-91-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2904-100-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x00050000000195ad-126.dat	upx
behavioral1/memory/2380-142-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x00050000000195b5-147.dat	upx
behavioral1/files/0x00050000000195c1-167.dat	upx
behavioral1/memory/2928-1722-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2512-1718-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2804-1714-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2480-1643-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2024-1618-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2900-1588-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2960-1770-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/584-1774-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2164-1807-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/1316-1805-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2904-1803-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2380-1773-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/944-1772-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/3028-1771-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/3028-486-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2904-396-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/944-293-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/1316-203-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x000500000001975a-201.dat	upx
behavioral1/files/0x0005000000019643-196.dat	upx
behavioral1/files/0x000500000001960c-191.dat	upx
behavioral1/files/0x00050000000195c7-186.dat	upx
behavioral1/files/0x00050000000195c6-181.dat	upx
behavioral1/files/0x00050000000195c5-177.dat	upx
behavioral1/files/0x00050000000195c3-171.dat	upx
behavioral1/files/0x00050000000195bd-161.dat	upx
behavioral1/files/0x00050000000195bb-156.dat	upx
behavioral1/files/0x00050000000195b7-151.dat	upx
behavioral1/files/0x00050000000195b3-140.dat	upx
behavioral1/files/0x00050000000195b1-136.dat	upx
behavioral1/files/0x00050000000195af-130.dat	upx
behavioral1/files/0x00050000000195ab-120.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EEFSOWs.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTeCECt.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PAdYrbe.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vdzXivJ.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SyxdaNF.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHkjbwH.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SijbbKA.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RbJdAMa.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzqcvQD.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRaCFme.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qlUTqxe.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IuaIjgL.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iBkaUoy.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IEuVuqD.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKEYGJY.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fHNphTa.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VCzBTtc.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gXZtFza.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFDJOSs.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KEdTftb.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tCLmIRh.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vGpHgiL.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WTxELBa.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXugNpK.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pcSrZhq.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EPVOUgd.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ssHAoNa.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tCPqvgE.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FiEOOBD.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TmFtbcx.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\soFxJac.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gXabWqN.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Sxzndgw.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cjncnjL.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NIzbuON.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cWMxLsx.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YphPWDj.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VsNoVnL.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JrOulaA.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dqZxPVf.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JUEoPbK.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uykAsjU.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mzWceCe.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\InZGOVt.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SdyDsHh.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tAVfBtS.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LsYHypP.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGoLlHb.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jVJTLce.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gKKXiXL.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMoUayb.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zSzojiA.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EePBfVa.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JZayKTy.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQHMgfi.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WXcMeSL.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\udinTTJ.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wUYfGOz.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBgiEAd.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fPEXaGR.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvjlOjd.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtWvawW.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rzmOhzq.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kTszTzk.exe	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
10640	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2164	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2116 wrote to memory of 2164	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2116 wrote to memory of 2164	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2116 wrote to memory of 2900	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2116 wrote to memory of 2900	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2116 wrote to memory of 2900	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2116 wrote to memory of 584	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2116 wrote to memory of 584	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2116 wrote to memory of 584	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2116 wrote to memory of 2024	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2116 wrote to memory of 2024	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2116 wrote to memory of 2024	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2116 wrote to memory of 2960	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2116 wrote to memory of 2960	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2116 wrote to memory of 2960	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2116 wrote to memory of 2480	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2116 wrote to memory of 2480	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2116 wrote to memory of 2480	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2116 wrote to memory of 2512	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2116 wrote to memory of 2512	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2116 wrote to memory of 2512	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2116 wrote to memory of 2804	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2116 wrote to memory of 2804	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2116 wrote to memory of 2804	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2116 wrote to memory of 2928	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2116 wrote to memory of 2928	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2116 wrote to memory of 2928	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2116 wrote to memory of 2380	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2116 wrote to memory of 2380	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2116 wrote to memory of 2380	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2116 wrote to memory of 1316	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2116 wrote to memory of 1316	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2116 wrote to memory of 1316	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2116 wrote to memory of 944	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2116 wrote to memory of 944	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2116 wrote to memory of 944	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2116 wrote to memory of 2904	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2116 wrote to memory of 2904	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2116 wrote to memory of 2904	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2116 wrote to memory of 3028	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2116 wrote to memory of 3028	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2116 wrote to memory of 3028	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2116 wrote to memory of 2340	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2116 wrote to memory of 2340	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2116 wrote to memory of 2340	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2116 wrote to memory of 2560	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2116 wrote to memory of 2560	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2116 wrote to memory of 2560	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2116 wrote to memory of 1108	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2116 wrote to memory of 1108	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2116 wrote to memory of 1108	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2116 wrote to memory of 608	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2116 wrote to memory of 608	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2116 wrote to memory of 608	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2116 wrote to memory of 2028	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2116 wrote to memory of 2028	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2116 wrote to memory of 2028	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2116 wrote to memory of 1148	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2116 wrote to memory of 1148	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2116 wrote to memory of 1148	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2116 wrote to memory of 2352	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2116 wrote to memory of 2352	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2116 wrote to memory of 2352	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2116 wrote to memory of 2504	2116	2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_388c333ea81fe7277c282682e1061bcd_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\System\mMqMdHV.exe
  C:\Windows\System\mMqMdHV.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\atEujpr.exe
  C:\Windows\System\atEujpr.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\ZUCjjtQ.exe
  C:\Windows\System\ZUCjjtQ.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\MCXdvVB.exe
  C:\Windows\System\MCXdvVB.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\iEZcwLZ.exe
  C:\Windows\System\iEZcwLZ.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\EsOELiR.exe
  C:\Windows\System\EsOELiR.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\YNEsnyH.exe
  C:\Windows\System\YNEsnyH.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\GoEEqSb.exe
  C:\Windows\System\GoEEqSb.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\eLnHpTJ.exe
  C:\Windows\System\eLnHpTJ.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\BLSFdUN.exe
  C:\Windows\System\BLSFdUN.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\HQSqcPk.exe
  C:\Windows\System\HQSqcPk.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\poWOzmJ.exe
  C:\Windows\System\poWOzmJ.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\wxGVDpm.exe
  C:\Windows\System\wxGVDpm.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\reZNgNR.exe
  C:\Windows\System\reZNgNR.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\CFwwKPb.exe
  C:\Windows\System\CFwwKPb.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\yzrIYpO.exe
  C:\Windows\System\yzrIYpO.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\OIoWwQT.exe
  C:\Windows\System\OIoWwQT.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\OCjISVp.exe
  C:\Windows\System\OCjISVp.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\gTzgLIe.exe
  C:\Windows\System\gTzgLIe.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\uykAsjU.exe
  C:\Windows\System\uykAsjU.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\PXQGahH.exe
  C:\Windows\System\PXQGahH.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\uMlEZBc.exe
  C:\Windows\System\uMlEZBc.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\GBomvTg.exe
  C:\Windows\System\GBomvTg.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\TXMzVbe.exe
  C:\Windows\System\TXMzVbe.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\kXSatHB.exe
  C:\Windows\System\kXSatHB.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\KGooRYi.exe
  C:\Windows\System\KGooRYi.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\EkHgUUV.exe
  C:\Windows\System\EkHgUUV.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\fylhdmM.exe
  C:\Windows\System\fylhdmM.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\IvnZjxG.exe
  C:\Windows\System\IvnZjxG.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\DDlcDeJ.exe
  C:\Windows\System\DDlcDeJ.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\KFSjRAB.exe
  C:\Windows\System\KFSjRAB.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\ngntnxH.exe
  C:\Windows\System\ngntnxH.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\kRFspAm.exe
  C:\Windows\System\kRFspAm.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\sVBfGtW.exe
  C:\Windows\System\sVBfGtW.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\tHlZQPW.exe
  C:\Windows\System\tHlZQPW.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\dSgWaLw.exe
  C:\Windows\System\dSgWaLw.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\oECigKo.exe
  C:\Windows\System\oECigKo.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\JxAfkOJ.exe
  C:\Windows\System\JxAfkOJ.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\ZQvSyPZ.exe
  C:\Windows\System\ZQvSyPZ.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\RFalBjK.exe
  C:\Windows\System\RFalBjK.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\QyzIhGP.exe
  C:\Windows\System\QyzIhGP.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\csYfpha.exe
  C:\Windows\System\csYfpha.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\tiKxwNJ.exe
  C:\Windows\System\tiKxwNJ.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\YNoUDfV.exe
  C:\Windows\System\YNoUDfV.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\ULgDJHN.exe
  C:\Windows\System\ULgDJHN.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\KNpFuaT.exe
  C:\Windows\System\KNpFuaT.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\FxKhrOY.exe
  C:\Windows\System\FxKhrOY.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\XpTgDUZ.exe
  C:\Windows\System\XpTgDUZ.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\ooxlbeP.exe
  C:\Windows\System\ooxlbeP.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\LGQwxOb.exe
  C:\Windows\System\LGQwxOb.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\UPeRaot.exe
  C:\Windows\System\UPeRaot.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\UNNZWmf.exe
  C:\Windows\System\UNNZWmf.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\tLGpEaT.exe
  C:\Windows\System\tLGpEaT.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\QYuOMSz.exe
  C:\Windows\System\QYuOMSz.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\VTIXwoH.exe
  C:\Windows\System\VTIXwoH.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\YhBWVyw.exe
  C:\Windows\System\YhBWVyw.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\jUitEYj.exe
  C:\Windows\System\jUitEYj.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\YWGTShH.exe
  C:\Windows\System\YWGTShH.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\tqSVBaG.exe
  C:\Windows\System\tqSVBaG.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\LgihIen.exe
  C:\Windows\System\LgihIen.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\HFdVmls.exe
  C:\Windows\System\HFdVmls.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\cdXkmLB.exe
  C:\Windows\System\cdXkmLB.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\KfHoJYt.exe
  C:\Windows\System\KfHoJYt.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\VSEarET.exe
  C:\Windows\System\VSEarET.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\TpTvAzj.exe
  C:\Windows\System\TpTvAzj.exe
  2⤵
  PID:1532
- C:\Windows\System\ByeWzMk.exe
  C:\Windows\System\ByeWzMk.exe
  2⤵
  PID:3008
- C:\Windows\System\UPjwDdA.exe
  C:\Windows\System\UPjwDdA.exe
  2⤵
  PID:1964
- C:\Windows\System\PUEtnJT.exe
  C:\Windows\System\PUEtnJT.exe
  2⤵
  PID:2200
- C:\Windows\System\bIJwtdW.exe
  C:\Windows\System\bIJwtdW.exe
  2⤵
  PID:2672
- C:\Windows\System\nNNxvUE.exe
  C:\Windows\System\nNNxvUE.exe
  2⤵
  PID:612
- C:\Windows\System\CBgiEAd.exe
  C:\Windows\System\CBgiEAd.exe
  2⤵
  PID:1700
- C:\Windows\System\IOiNsGz.exe
  C:\Windows\System\IOiNsGz.exe
  2⤵
  PID:1972
- C:\Windows\System\dNuBQPu.exe
  C:\Windows\System\dNuBQPu.exe
  2⤵
  PID:2764
- C:\Windows\System\xsPpkjY.exe
  C:\Windows\System\xsPpkjY.exe
  2⤵
  PID:2072
- C:\Windows\System\kFwRxyu.exe
  C:\Windows\System\kFwRxyu.exe
  2⤵
  PID:1708
- C:\Windows\System\gbwiFpL.exe
  C:\Windows\System\gbwiFpL.exe
  2⤵
  PID:2388
- C:\Windows\System\ivmKnKD.exe
  C:\Windows\System\ivmKnKD.exe
  2⤵
  PID:544
- C:\Windows\System\HYeyrRu.exe
  C:\Windows\System\HYeyrRu.exe
  2⤵
  PID:1544
- C:\Windows\System\kZtwpNe.exe
  C:\Windows\System\kZtwpNe.exe
  2⤵
  PID:1748
- C:\Windows\System\rqYqRTM.exe
  C:\Windows\System\rqYqRTM.exe
  2⤵
  PID:2320
- C:\Windows\System\GdIxGzR.exe
  C:\Windows\System\GdIxGzR.exe
  2⤵
  PID:2288
- C:\Windows\System\hVevuxL.exe
  C:\Windows\System\hVevuxL.exe
  2⤵
  PID:1616
- C:\Windows\System\ZHGVifi.exe
  C:\Windows\System\ZHGVifi.exe
  2⤵
  PID:2424
- C:\Windows\System\Sxzndgw.exe
  C:\Windows\System\Sxzndgw.exe
  2⤵
  PID:2304
- C:\Windows\System\WBwrWDY.exe
  C:\Windows\System\WBwrWDY.exe
  2⤵
  PID:2856
- C:\Windows\System\NRkWQOI.exe
  C:\Windows\System\NRkWQOI.exe
  2⤵
  PID:2540
- C:\Windows\System\bycpgEH.exe
  C:\Windows\System\bycpgEH.exe
  2⤵
  PID:432
- C:\Windows\System\PQOzHdi.exe
  C:\Windows\System\PQOzHdi.exe
  2⤵
  PID:2344
- C:\Windows\System\fnDKYaT.exe
  C:\Windows\System\fnDKYaT.exe
  2⤵
  PID:696
- C:\Windows\System\SCizBRU.exe
  C:\Windows\System\SCizBRU.exe
  2⤵
  PID:2032
- C:\Windows\System\llCAVxo.exe
  C:\Windows\System\llCAVxo.exe
  2⤵
  PID:2436
- C:\Windows\System\eCrKXED.exe
  C:\Windows\System\eCrKXED.exe
  2⤵
  PID:2192
- C:\Windows\System\KUwhaTn.exe
  C:\Windows\System\KUwhaTn.exe
  2⤵
  PID:2428
- C:\Windows\System\zFHmqaX.exe
  C:\Windows\System\zFHmqaX.exe
  2⤵
  PID:1572
- C:\Windows\System\fEXjDtR.exe
  C:\Windows\System\fEXjDtR.exe
  2⤵
  PID:1996
- C:\Windows\System\rsrROTp.exe
  C:\Windows\System\rsrROTp.exe
  2⤵
  PID:2532
- C:\Windows\System\ooYdljT.exe
  C:\Windows\System\ooYdljT.exe
  2⤵
  PID:2628
- C:\Windows\System\QNqrTwu.exe
  C:\Windows\System\QNqrTwu.exe
  2⤵
  PID:932
- C:\Windows\System\ZlBVmWn.exe
  C:\Windows\System\ZlBVmWn.exe
  2⤵
  PID:2112
- C:\Windows\System\TlrtWax.exe
  C:\Windows\System\TlrtWax.exe
  2⤵
  PID:3084
- C:\Windows\System\XRnCACD.exe
  C:\Windows\System\XRnCACD.exe
  2⤵
  PID:3108
- C:\Windows\System\IPBzNPK.exe
  C:\Windows\System\IPBzNPK.exe
  2⤵
  PID:3128
- C:\Windows\System\EIGcWNs.exe
  C:\Windows\System\EIGcWNs.exe
  2⤵
  PID:3148
- C:\Windows\System\jvPFgUy.exe
  C:\Windows\System\jvPFgUy.exe
  2⤵
  PID:3168
- C:\Windows\System\pFGnOSZ.exe
  C:\Windows\System\pFGnOSZ.exe
  2⤵
  PID:3192
- C:\Windows\System\aJuMvCQ.exe
  C:\Windows\System\aJuMvCQ.exe
  2⤵
  PID:3212
- C:\Windows\System\VNFmAGV.exe
  C:\Windows\System\VNFmAGV.exe
  2⤵
  PID:3232
- C:\Windows\System\BDtRvrQ.exe
  C:\Windows\System\BDtRvrQ.exe
  2⤵
  PID:3256
- C:\Windows\System\KdjbawV.exe
  C:\Windows\System\KdjbawV.exe
  2⤵
  PID:3276
- C:\Windows\System\QPGqAfR.exe
  C:\Windows\System\QPGqAfR.exe
  2⤵
  PID:3296
- C:\Windows\System\eOssnoe.exe
  C:\Windows\System\eOssnoe.exe
  2⤵
  PID:3316
- C:\Windows\System\zZRjigd.exe
  C:\Windows\System\zZRjigd.exe
  2⤵
  PID:3340
- C:\Windows\System\wuUPFow.exe
  C:\Windows\System\wuUPFow.exe
  2⤵
  PID:3360
- C:\Windows\System\KcqKjCh.exe
  C:\Windows\System\KcqKjCh.exe
  2⤵
  PID:3380
- C:\Windows\System\pygGWTB.exe
  C:\Windows\System\pygGWTB.exe
  2⤵
  PID:3400
- C:\Windows\System\QzeOcVK.exe
  C:\Windows\System\QzeOcVK.exe
  2⤵
  PID:3420
- C:\Windows\System\HyyATNu.exe
  C:\Windows\System\HyyATNu.exe
  2⤵
  PID:3440
- C:\Windows\System\ljrXseh.exe
  C:\Windows\System\ljrXseh.exe
  2⤵
  PID:3460
- C:\Windows\System\oAMPEeI.exe
  C:\Windows\System\oAMPEeI.exe
  2⤵
  PID:3476
- C:\Windows\System\JxzOksZ.exe
  C:\Windows\System\JxzOksZ.exe
  2⤵
  PID:3496
- C:\Windows\System\TkSFCIe.exe
  C:\Windows\System\TkSFCIe.exe
  2⤵
  PID:3520
- C:\Windows\System\KyFMdAj.exe
  C:\Windows\System\KyFMdAj.exe
  2⤵
  PID:3540
- C:\Windows\System\ckWpRFY.exe
  C:\Windows\System\ckWpRFY.exe
  2⤵
  PID:3560
- C:\Windows\System\voYjUlA.exe
  C:\Windows\System\voYjUlA.exe
  2⤵
  PID:3584
- C:\Windows\System\EZUsfjp.exe
  C:\Windows\System\EZUsfjp.exe
  2⤵
  PID:3608
- C:\Windows\System\ODMSUgg.exe
  C:\Windows\System\ODMSUgg.exe
  2⤵
  PID:3628
- C:\Windows\System\xsZKIII.exe
  C:\Windows\System\xsZKIII.exe
  2⤵
  PID:3648
- C:\Windows\System\fnQwKtL.exe
  C:\Windows\System\fnQwKtL.exe
  2⤵
  PID:3668
- C:\Windows\System\LtvuLhn.exe
  C:\Windows\System\LtvuLhn.exe
  2⤵
  PID:3692
- C:\Windows\System\pxaymrk.exe
  C:\Windows\System\pxaymrk.exe
  2⤵
  PID:3712
- C:\Windows\System\rAuAfst.exe
  C:\Windows\System\rAuAfst.exe
  2⤵
  PID:3732
- C:\Windows\System\ZKhfnvK.exe
  C:\Windows\System\ZKhfnvK.exe
  2⤵
  PID:3752
- C:\Windows\System\tnTCYPS.exe
  C:\Windows\System\tnTCYPS.exe
  2⤵
  PID:3772
- C:\Windows\System\aFMYcUs.exe
  C:\Windows\System\aFMYcUs.exe
  2⤵
  PID:3792
- C:\Windows\System\SRXpZrV.exe
  C:\Windows\System\SRXpZrV.exe
  2⤵
  PID:3812
- C:\Windows\System\aTdJdff.exe
  C:\Windows\System\aTdJdff.exe
  2⤵
  PID:3832
- C:\Windows\System\vAxNMoE.exe
  C:\Windows\System\vAxNMoE.exe
  2⤵
  PID:3852
- C:\Windows\System\GyyvFTc.exe
  C:\Windows\System\GyyvFTc.exe
  2⤵
  PID:3872
- C:\Windows\System\mdwkUxT.exe
  C:\Windows\System\mdwkUxT.exe
  2⤵
  PID:3892
- C:\Windows\System\yGwHfBT.exe
  C:\Windows\System\yGwHfBT.exe
  2⤵
  PID:3908
- C:\Windows\System\tUXClef.exe
  C:\Windows\System\tUXClef.exe
  2⤵
  PID:3952
- C:\Windows\System\PSGDYYE.exe
  C:\Windows\System\PSGDYYE.exe
  2⤵
  PID:3972
- C:\Windows\System\MkVNBmT.exe
  C:\Windows\System\MkVNBmT.exe
  2⤵
  PID:3996
- C:\Windows\System\KTCLoKH.exe
  C:\Windows\System\KTCLoKH.exe
  2⤵
  PID:4016
- C:\Windows\System\VdklBMZ.exe
  C:\Windows\System\VdklBMZ.exe
  2⤵
  PID:4040
- C:\Windows\System\ITipEhs.exe
  C:\Windows\System\ITipEhs.exe
  2⤵
  PID:4060
- C:\Windows\System\iAgumld.exe
  C:\Windows\System\iAgumld.exe
  2⤵
  PID:4080
- C:\Windows\System\tNODmDi.exe
  C:\Windows\System\tNODmDi.exe
  2⤵
  PID:1828
- C:\Windows\System\CqtbIpc.exe
  C:\Windows\System\CqtbIpc.exe
  2⤵
  PID:2008
- C:\Windows\System\auDNdhU.exe
  C:\Windows\System\auDNdhU.exe
  2⤵
  PID:2924
- C:\Windows\System\bzQRSXt.exe
  C:\Windows\System\bzQRSXt.exe
  2⤵
  PID:2160
- C:\Windows\System\NfPaUvP.exe
  C:\Windows\System\NfPaUvP.exe
  2⤵
  PID:2272
- C:\Windows\System\gaLHUbj.exe
  C:\Windows\System\gaLHUbj.exe
  2⤵
  PID:1632
- C:\Windows\System\joDGPqN.exe
  C:\Windows\System\joDGPqN.exe
  2⤵
  PID:2284
- C:\Windows\System\TBPKRyk.exe
  C:\Windows\System\TBPKRyk.exe
  2⤵
  PID:2336
- C:\Windows\System\zKpclcA.exe
  C:\Windows\System\zKpclcA.exe
  2⤵
  PID:2148
- C:\Windows\System\jSmPhlY.exe
  C:\Windows\System\jSmPhlY.exe
  2⤵
  PID:2376
- C:\Windows\System\KQwNfMD.exe
  C:\Windows\System\KQwNfMD.exe
  2⤵
  PID:2140
- C:\Windows\System\iYqxWsa.exe
  C:\Windows\System\iYqxWsa.exe
  2⤵
  PID:2604
- C:\Windows\System\HPVzfxw.exe
  C:\Windows\System\HPVzfxw.exe
  2⤵
  PID:3080
- C:\Windows\System\PqqrcxB.exe
  C:\Windows\System\PqqrcxB.exe
  2⤵
  PID:3124
- C:\Windows\System\BPxGXDq.exe
  C:\Windows\System\BPxGXDq.exe
  2⤵
  PID:3164
- C:\Windows\System\NRrIaSH.exe
  C:\Windows\System\NRrIaSH.exe
  2⤵
  PID:3220
- C:\Windows\System\Epqdnjn.exe
  C:\Windows\System\Epqdnjn.exe
  2⤵
  PID:3304
- C:\Windows\System\DdCevWx.exe
  C:\Windows\System\DdCevWx.exe
  2⤵
  PID:3356
- C:\Windows\System\BSeFezS.exe
  C:\Windows\System\BSeFezS.exe
  2⤵
  PID:3336
- C:\Windows\System\RApUyeh.exe
  C:\Windows\System\RApUyeh.exe
  2⤵
  PID:3392
- C:\Windows\System\VORlrUt.exe
  C:\Windows\System\VORlrUt.exe
  2⤵
  PID:3468
- C:\Windows\System\kXwnEok.exe
  C:\Windows\System\kXwnEok.exe
  2⤵
  PID:3452
- C:\Windows\System\lpqpjQp.exe
  C:\Windows\System\lpqpjQp.exe
  2⤵
  PID:3488
- C:\Windows\System\EKxaeTA.exe
  C:\Windows\System\EKxaeTA.exe
  2⤵
  PID:3556
- C:\Windows\System\DaWrsNN.exe
  C:\Windows\System\DaWrsNN.exe
  2⤵
  PID:3592
- C:\Windows\System\VkrDOtV.exe
  C:\Windows\System\VkrDOtV.exe
  2⤵
  PID:3616
- C:\Windows\System\YMeFzzE.exe
  C:\Windows\System\YMeFzzE.exe
  2⤵
  PID:3640
- C:\Windows\System\SwyDHQV.exe
  C:\Windows\System\SwyDHQV.exe
  2⤵
  PID:3576
- C:\Windows\System\XYsCRVJ.exe
  C:\Windows\System\XYsCRVJ.exe
  2⤵
  PID:3708
- C:\Windows\System\aJmdkEn.exe
  C:\Windows\System\aJmdkEn.exe
  2⤵
  PID:3744
- C:\Windows\System\aZZweaO.exe
  C:\Windows\System\aZZweaO.exe
  2⤵
  PID:3780
- C:\Windows\System\GSNWsVs.exe
  C:\Windows\System\GSNWsVs.exe
  2⤵
  PID:3848
- C:\Windows\System\mEuNSPP.exe
  C:\Windows\System\mEuNSPP.exe
  2⤵
  PID:3860
- C:\Windows\System\ZQdmZuQ.exe
  C:\Windows\System\ZQdmZuQ.exe
  2⤵
  PID:3884
- C:\Windows\System\pOUpdcp.exe
  C:\Windows\System\pOUpdcp.exe
  2⤵
  PID:3928
- C:\Windows\System\lhgvEKO.exe
  C:\Windows\System\lhgvEKO.exe
  2⤵
  PID:3980
- C:\Windows\System\zbKgeiZ.exe
  C:\Windows\System\zbKgeiZ.exe
  2⤵
  PID:3964
- C:\Windows\System\eDljMqW.exe
  C:\Windows\System\eDljMqW.exe
  2⤵
  PID:4004
- C:\Windows\System\NpbwSAa.exe
  C:\Windows\System\NpbwSAa.exe
  2⤵
  PID:4012
- C:\Windows\System\okEpoMt.exe
  C:\Windows\System\okEpoMt.exe
  2⤵
  PID:4052
- C:\Windows\System\ZApqdym.exe
  C:\Windows\System\ZApqdym.exe
  2⤵
  PID:2044
- C:\Windows\System\fvdavRq.exe
  C:\Windows\System\fvdavRq.exe
  2⤵
  PID:1620
- C:\Windows\System\meyarTt.exe
  C:\Windows\System\meyarTt.exe
  2⤵
  PID:2860
- C:\Windows\System\sKjSPuw.exe
  C:\Windows\System\sKjSPuw.exe
  2⤵
  PID:2996
- C:\Windows\System\pLTsrhT.exe
  C:\Windows\System\pLTsrhT.exe
  2⤵
  PID:1168
- C:\Windows\System\SijbbKA.exe
  C:\Windows\System\SijbbKA.exe
  2⤵
  PID:2204
- C:\Windows\System\yOwkLzU.exe
  C:\Windows\System\yOwkLzU.exe
  2⤵
  PID:632
- C:\Windows\System\wITzwfF.exe
  C:\Windows\System\wITzwfF.exe
  2⤵
  PID:3116
- C:\Windows\System\ivtWcIn.exe
  C:\Windows\System\ivtWcIn.exe
  2⤵
  PID:3176
- C:\Windows\System\fsfHzZG.exe
  C:\Windows\System\fsfHzZG.exe
  2⤵
  PID:3208
- C:\Windows\System\fOGwiTa.exe
  C:\Windows\System\fOGwiTa.exe
  2⤵
  PID:3308
- C:\Windows\System\NddlwBn.exe
  C:\Windows\System\NddlwBn.exe
  2⤵
  PID:3324
- C:\Windows\System\FVDRFoG.exe
  C:\Windows\System\FVDRFoG.exe
  2⤵
  PID:3416
- C:\Windows\System\wLwqwzA.exe
  C:\Windows\System\wLwqwzA.exe
  2⤵
  PID:3428
- C:\Windows\System\zevxtSj.exe
  C:\Windows\System\zevxtSj.exe
  2⤵
  PID:3484
- C:\Windows\System\QDhZmgw.exe
  C:\Windows\System\QDhZmgw.exe
  2⤵
  PID:3600
- C:\Windows\System\udtxagB.exe
  C:\Windows\System\udtxagB.exe
  2⤵
  PID:3808
- C:\Windows\System\MWCdiPn.exe
  C:\Windows\System\MWCdiPn.exe
  2⤵
  PID:3644
- C:\Windows\System\gLyqlQw.exe
  C:\Windows\System\gLyqlQw.exe
  2⤵
  PID:3748
- C:\Windows\System\rAkbKpZ.exe
  C:\Windows\System\rAkbKpZ.exe
  2⤵
  PID:3768
- C:\Windows\System\QeGPRMV.exe
  C:\Windows\System\QeGPRMV.exe
  2⤵
  PID:3864
- C:\Windows\System\iKcOoTS.exe
  C:\Windows\System\iKcOoTS.exe
  2⤵
  PID:2324
- C:\Windows\System\MrsHxRh.exe
  C:\Windows\System\MrsHxRh.exe
  2⤵
  PID:3984
- C:\Windows\System\XQbOaHQ.exe
  C:\Windows\System\XQbOaHQ.exe
  2⤵
  PID:4036
- C:\Windows\System\CFkEhrt.exe
  C:\Windows\System\CFkEhrt.exe
  2⤵
  PID:1492
- C:\Windows\System\nUoXZfc.exe
  C:\Windows\System\nUoXZfc.exe
  2⤵
  PID:2312
- C:\Windows\System\VnBJJmH.exe
  C:\Windows\System\VnBJJmH.exe
  2⤵
  PID:980
- C:\Windows\System\mosepAf.exe
  C:\Windows\System\mosepAf.exe
  2⤵
  PID:1424
- C:\Windows\System\LAgsbof.exe
  C:\Windows\System\LAgsbof.exe
  2⤵
  PID:1808
- C:\Windows\System\peGNFyQ.exe
  C:\Windows\System\peGNFyQ.exe
  2⤵
  PID:4100
- C:\Windows\System\ATtXTIi.exe
  C:\Windows\System\ATtXTIi.exe
  2⤵
  PID:4120
- C:\Windows\System\duhznnK.exe
  C:\Windows\System\duhznnK.exe
  2⤵
  PID:4144
- C:\Windows\System\vqWcIuP.exe
  C:\Windows\System\vqWcIuP.exe
  2⤵
  PID:4164
- C:\Windows\System\efFpqPJ.exe
  C:\Windows\System\efFpqPJ.exe
  2⤵
  PID:4184
- C:\Windows\System\PztNAIs.exe
  C:\Windows\System\PztNAIs.exe
  2⤵
  PID:4204
- C:\Windows\System\fHebCVh.exe
  C:\Windows\System\fHebCVh.exe
  2⤵
  PID:4224
- C:\Windows\System\kIQpUAh.exe
  C:\Windows\System\kIQpUAh.exe
  2⤵
  PID:4244
- C:\Windows\System\lxzTxwh.exe
  C:\Windows\System\lxzTxwh.exe
  2⤵
  PID:4264
- C:\Windows\System\mzWceCe.exe
  C:\Windows\System\mzWceCe.exe
  2⤵
  PID:4284
- C:\Windows\System\xwSbxhf.exe
  C:\Windows\System\xwSbxhf.exe
  2⤵
  PID:4304
- C:\Windows\System\YRoKcyz.exe
  C:\Windows\System\YRoKcyz.exe
  2⤵
  PID:4324
- C:\Windows\System\kvmVwDT.exe
  C:\Windows\System\kvmVwDT.exe
  2⤵
  PID:4344
- C:\Windows\System\dlGTocj.exe
  C:\Windows\System\dlGTocj.exe
  2⤵
  PID:4364
- C:\Windows\System\aYAticL.exe
  C:\Windows\System\aYAticL.exe
  2⤵
  PID:4384
- C:\Windows\System\JsGwUVc.exe
  C:\Windows\System\JsGwUVc.exe
  2⤵
  PID:4404
- C:\Windows\System\aKjkjBx.exe
  C:\Windows\System\aKjkjBx.exe
  2⤵
  PID:4424
- C:\Windows\System\kucYThW.exe
  C:\Windows\System\kucYThW.exe
  2⤵
  PID:4444
- C:\Windows\System\xNbZbsG.exe
  C:\Windows\System\xNbZbsG.exe
  2⤵
  PID:4464
- C:\Windows\System\JGSBxgT.exe
  C:\Windows\System\JGSBxgT.exe
  2⤵
  PID:4484
- C:\Windows\System\dadJFGh.exe
  C:\Windows\System\dadJFGh.exe
  2⤵
  PID:4504
- C:\Windows\System\fGqEygJ.exe
  C:\Windows\System\fGqEygJ.exe
  2⤵
  PID:4528
- C:\Windows\System\QdbMshj.exe
  C:\Windows\System\QdbMshj.exe
  2⤵
  PID:4548
- C:\Windows\System\wQQzqZl.exe
  C:\Windows\System\wQQzqZl.exe
  2⤵
  PID:4568
- C:\Windows\System\GgLZgSr.exe
  C:\Windows\System\GgLZgSr.exe
  2⤵
  PID:4588
- C:\Windows\System\CIyNFWy.exe
  C:\Windows\System\CIyNFWy.exe
  2⤵
  PID:4608
- C:\Windows\System\sFmtAEH.exe
  C:\Windows\System\sFmtAEH.exe
  2⤵
  PID:4628
- C:\Windows\System\yGWcEft.exe
  C:\Windows\System\yGWcEft.exe
  2⤵
  PID:4648
- C:\Windows\System\IjAudSK.exe
  C:\Windows\System\IjAudSK.exe
  2⤵
  PID:4668
- C:\Windows\System\oVQTeMm.exe
  C:\Windows\System\oVQTeMm.exe
  2⤵
  PID:4688
- C:\Windows\System\NqkxgYS.exe
  C:\Windows\System\NqkxgYS.exe
  2⤵
  PID:4708
- C:\Windows\System\lbOWefV.exe
  C:\Windows\System\lbOWefV.exe
  2⤵
  PID:4728
- C:\Windows\System\ovptLqV.exe
  C:\Windows\System\ovptLqV.exe
  2⤵
  PID:4748
- C:\Windows\System\NiFTOXl.exe
  C:\Windows\System\NiFTOXl.exe
  2⤵
  PID:4768
- C:\Windows\System\RSzYyjN.exe
  C:\Windows\System\RSzYyjN.exe
  2⤵
  PID:4788
- C:\Windows\System\CwvOyNp.exe
  C:\Windows\System\CwvOyNp.exe
  2⤵
  PID:4808
- C:\Windows\System\NbbAJTi.exe
  C:\Windows\System\NbbAJTi.exe
  2⤵
  PID:4828
- C:\Windows\System\xNXaaQD.exe
  C:\Windows\System\xNXaaQD.exe
  2⤵
  PID:4848
- C:\Windows\System\VgYfXaB.exe
  C:\Windows\System\VgYfXaB.exe
  2⤵
  PID:4868
- C:\Windows\System\wdLfCST.exe
  C:\Windows\System\wdLfCST.exe
  2⤵
  PID:4888
- C:\Windows\System\XLfJsQv.exe
  C:\Windows\System\XLfJsQv.exe
  2⤵
  PID:4912
- C:\Windows\System\PmjGQqo.exe
  C:\Windows\System\PmjGQqo.exe
  2⤵
  PID:4932
- C:\Windows\System\VhlBRbJ.exe
  C:\Windows\System\VhlBRbJ.exe
  2⤵
  PID:4952
- C:\Windows\System\xxxCSiS.exe
  C:\Windows\System\xxxCSiS.exe
  2⤵
  PID:4972
- C:\Windows\System\mfkwrXC.exe
  C:\Windows\System\mfkwrXC.exe
  2⤵
  PID:4992
- C:\Windows\System\isMxcvm.exe
  C:\Windows\System\isMxcvm.exe
  2⤵
  PID:5012
- C:\Windows\System\vRkKKZy.exe
  C:\Windows\System\vRkKKZy.exe
  2⤵
  PID:5032
- C:\Windows\System\wGqLzRh.exe
  C:\Windows\System\wGqLzRh.exe
  2⤵
  PID:5048
- C:\Windows\System\TdCrxJm.exe
  C:\Windows\System\TdCrxJm.exe
  2⤵
  PID:5072
- C:\Windows\System\IQJeoCm.exe
  C:\Windows\System\IQJeoCm.exe
  2⤵
  PID:5092
- C:\Windows\System\LHXmGPM.exe
  C:\Windows\System\LHXmGPM.exe
  2⤵
  PID:5112
- C:\Windows\System\NwxYGhw.exe
  C:\Windows\System\NwxYGhw.exe
  2⤵
  PID:3144
- C:\Windows\System\ArDPyQm.exe
  C:\Windows\System\ArDPyQm.exe
  2⤵
  PID:3388
- C:\Windows\System\JZayKTy.exe
  C:\Windows\System\JZayKTy.exe
  2⤵
  PID:3288
- C:\Windows\System\lsTarld.exe
  C:\Windows\System\lsTarld.exe
  2⤵
  PID:3328
- C:\Windows\System\wUnmiTq.exe
  C:\Windows\System\wUnmiTq.exe
  2⤵
  PID:3508
- C:\Windows\System\eLUlMIC.exe
  C:\Windows\System\eLUlMIC.exe
  2⤵
  PID:3572
- C:\Windows\System\YRQMZtW.exe
  C:\Windows\System\YRQMZtW.exe
  2⤵
  PID:3688
- C:\Windows\System\ZyjAkqH.exe
  C:\Windows\System\ZyjAkqH.exe
  2⤵
  PID:3804
- C:\Windows\System\mheiwCG.exe
  C:\Windows\System\mheiwCG.exe
  2⤵
  PID:3844
- C:\Windows\System\MNpdwFo.exe
  C:\Windows\System\MNpdwFo.exe
  2⤵
  PID:3924
- C:\Windows\System\rkcXjtv.exe
  C:\Windows\System\rkcXjtv.exe
  2⤵
  PID:4056
- C:\Windows\System\rlnVETE.exe
  C:\Windows\System\rlnVETE.exe
  2⤵
  PID:2568
- C:\Windows\System\mvkNdOD.exe
  C:\Windows\System\mvkNdOD.exe
  2⤵
  PID:2884
- C:\Windows\System\juZwCjE.exe
  C:\Windows\System\juZwCjE.exe
  2⤵
  PID:3096
- C:\Windows\System\eNQUjZf.exe
  C:\Windows\System\eNQUjZf.exe
  2⤵
  PID:4116
- C:\Windows\System\YFVEAER.exe
  C:\Windows\System\YFVEAER.exe
  2⤵
  PID:4180
- C:\Windows\System\NSHoYHc.exe
  C:\Windows\System\NSHoYHc.exe
  2⤵
  PID:4212
- C:\Windows\System\RLuSJRx.exe
  C:\Windows\System\RLuSJRx.exe
  2⤵
  PID:4232
- C:\Windows\System\cGOuquz.exe
  C:\Windows\System\cGOuquz.exe
  2⤵
  PID:4256
- C:\Windows\System\InZGOVt.exe
  C:\Windows\System\InZGOVt.exe
  2⤵
  PID:4280
- C:\Windows\System\KqNCnvL.exe
  C:\Windows\System\KqNCnvL.exe
  2⤵
  PID:4320
- C:\Windows\System\qslriCb.exe
  C:\Windows\System\qslriCb.exe
  2⤵
  PID:4380
- C:\Windows\System\XGoWUqq.exe
  C:\Windows\System\XGoWUqq.exe
  2⤵
  PID:4412
- C:\Windows\System\rcfQbdf.exe
  C:\Windows\System\rcfQbdf.exe
  2⤵
  PID:4396
- C:\Windows\System\DJZRCTY.exe
  C:\Windows\System\DJZRCTY.exe
  2⤵
  PID:4460
- C:\Windows\System\OLQDMfI.exe
  C:\Windows\System\OLQDMfI.exe
  2⤵
  PID:4480
- C:\Windows\System\AxGfjYh.exe
  C:\Windows\System\AxGfjYh.exe
  2⤵
  PID:4524
- C:\Windows\System\MQKiklj.exe
  C:\Windows\System\MQKiklj.exe
  2⤵
  PID:4556
- C:\Windows\System\YwweXyb.exe
  C:\Windows\System\YwweXyb.exe
  2⤵
  PID:4616
- C:\Windows\System\fVdTyQw.exe
  C:\Windows\System\fVdTyQw.exe
  2⤵
  PID:4620
- C:\Windows\System\AKHfVfP.exe
  C:\Windows\System\AKHfVfP.exe
  2⤵
  PID:4664
- C:\Windows\System\qCqgrCB.exe
  C:\Windows\System\qCqgrCB.exe
  2⤵
  PID:4676
- C:\Windows\System\BJmNvKT.exe
  C:\Windows\System\BJmNvKT.exe
  2⤵
  PID:4740
- C:\Windows\System\NpJXqrg.exe
  C:\Windows\System\NpJXqrg.exe
  2⤵
  PID:4764
- C:\Windows\System\NAOMewH.exe
  C:\Windows\System\NAOMewH.exe
  2⤵
  PID:4904
- C:\Windows\System\tnINaxB.exe
  C:\Windows\System\tnINaxB.exe
  2⤵
  PID:4800
- C:\Windows\System\mOPolqs.exe
  C:\Windows\System\mOPolqs.exe
  2⤵
  PID:4896
- C:\Windows\System\dvBWQup.exe
  C:\Windows\System\dvBWQup.exe
  2⤵
  PID:4900
- C:\Windows\System\nFoKGTv.exe
  C:\Windows\System\nFoKGTv.exe
  2⤵
  PID:4948
- C:\Windows\System\XGSoPaF.exe
  C:\Windows\System\XGSoPaF.exe
  2⤵
  PID:4960
- C:\Windows\System\hcitnpB.exe
  C:\Windows\System\hcitnpB.exe
  2⤵
  PID:4984
- C:\Windows\System\nVOuzmf.exe
  C:\Windows\System\nVOuzmf.exe
  2⤵
  PID:5000
- C:\Windows\System\ygkXoqV.exe
  C:\Windows\System\ygkXoqV.exe
  2⤵
  PID:5060
- C:\Windows\System\fHPYyFn.exe
  C:\Windows\System\fHPYyFn.exe
  2⤵
  PID:5108
- C:\Windows\System\YVlLqpB.exe
  C:\Windows\System\YVlLqpB.exe
  2⤵
  PID:3100
- C:\Windows\System\ULwliIt.exe
  C:\Windows\System\ULwliIt.exe
  2⤵
  PID:2836
- C:\Windows\System\htKuljU.exe
  C:\Windows\System\htKuljU.exe
  2⤵
  PID:3412
- C:\Windows\System\GjgeSvd.exe
  C:\Windows\System\GjgeSvd.exe
  2⤵
  PID:3244
- C:\Windows\System\yUzzMLv.exe
  C:\Windows\System\yUzzMLv.exe
  2⤵
  PID:3636
- C:\Windows\System\NtvIKJm.exe
  C:\Windows\System\NtvIKJm.exe
  2⤵
  PID:3968
- C:\Windows\System\bYvgPAD.exe
  C:\Windows\System\bYvgPAD.exe
  2⤵
  PID:4072
- C:\Windows\System\wCphclB.exe
  C:\Windows\System\wCphclB.exe
  2⤵
  PID:2400
- C:\Windows\System\IltdlmK.exe
  C:\Windows\System\IltdlmK.exe
  2⤵
  PID:1944
- C:\Windows\System\jkicxhX.exe
  C:\Windows\System\jkicxhX.exe
  2⤵
  PID:4172
- C:\Windows\System\xTMbyRf.exe
  C:\Windows\System\xTMbyRf.exe
  2⤵
  PID:4160
- C:\Windows\System\TRZaHvs.exe
  C:\Windows\System\TRZaHvs.exe
  2⤵
  PID:4200
- C:\Windows\System\zPVrciS.exe
  C:\Windows\System\zPVrciS.exe
  2⤵
  PID:4236
- C:\Windows\System\SkXInil.exe
  C:\Windows\System\SkXInil.exe
  2⤵
  PID:4352
- C:\Windows\System\kVCPnKL.exe
  C:\Windows\System\kVCPnKL.exe
  2⤵
  PID:4356
- C:\Windows\System\bpSZibX.exe
  C:\Windows\System\bpSZibX.exe
  2⤵
  PID:4492
- C:\Windows\System\ttbRsib.exe
  C:\Windows\System\ttbRsib.exe
  2⤵
  PID:4500
- C:\Windows\System\ZUEaXBe.exe
  C:\Windows\System\ZUEaXBe.exe
  2⤵
  PID:2852
- C:\Windows\System\HpZudNR.exe
  C:\Windows\System\HpZudNR.exe
  2⤵
  PID:4600
- C:\Windows\System\ChjyNXw.exe
  C:\Windows\System\ChjyNXw.exe
  2⤵
  PID:4700
- C:\Windows\System\CLJhCMU.exe
  C:\Windows\System\CLJhCMU.exe
  2⤵
  PID:4720
- C:\Windows\System\ZJalVFV.exe
  C:\Windows\System\ZJalVFV.exe
  2⤵
  PID:4760
- C:\Windows\System\QTOTJDd.exe
  C:\Windows\System\QTOTJDd.exe
  2⤵
  PID:4784
- C:\Windows\System\lMemhcL.exe
  C:\Windows\System\lMemhcL.exe
  2⤵
  PID:4860
- C:\Windows\System\ETqQtOP.exe
  C:\Windows\System\ETqQtOP.exe
  2⤵
  PID:4940
- C:\Windows\System\QQHMgfi.exe
  C:\Windows\System\QQHMgfi.exe
  2⤵
  PID:5028
- C:\Windows\System\hVpPjmG.exe
  C:\Windows\System\hVpPjmG.exe
  2⤵
  PID:5100
- C:\Windows\System\wClOQNd.exe
  C:\Windows\System\wClOQNd.exe
  2⤵
  PID:3188
- C:\Windows\System\IhHFvDh.exe
  C:\Windows\System\IhHFvDh.exe
  2⤵
  PID:3184
- C:\Windows\System\usXqmgr.exe
  C:\Windows\System\usXqmgr.exe
  2⤵
  PID:3372
- C:\Windows\System\ERRVdWV.exe
  C:\Windows\System\ERRVdWV.exe
  2⤵
  PID:3580
- C:\Windows\System\GyiMvdq.exe
  C:\Windows\System\GyiMvdq.exe
  2⤵
  PID:4136
- C:\Windows\System\lthmBgu.exe
  C:\Windows\System\lthmBgu.exe
  2⤵
  PID:2212
- C:\Windows\System\FyEoXGE.exe
  C:\Windows\System\FyEoXGE.exe
  2⤵
  PID:2732
- C:\Windows\System\xWmIdPz.exe
  C:\Windows\System\xWmIdPz.exe
  2⤵
  PID:3268
- C:\Windows\System\gfTjkur.exe
  C:\Windows\System\gfTjkur.exe
  2⤵
  PID:4332
- C:\Windows\System\umUGIdm.exe
  C:\Windows\System\umUGIdm.exe
  2⤵
  PID:4376
- C:\Windows\System\hgxWHbt.exe
  C:\Windows\System\hgxWHbt.exe
  2⤵
  PID:4312
- C:\Windows\System\KxuoIWY.exe
  C:\Windows\System\KxuoIWY.exe
  2⤵
  PID:4472
- C:\Windows\System\CrIXXuA.exe
  C:\Windows\System\CrIXXuA.exe
  2⤵
  PID:4604
- C:\Windows\System\UjrSMZU.exe
  C:\Windows\System\UjrSMZU.exe
  2⤵
  PID:4736
- C:\Windows\System\psmpvNS.exe
  C:\Windows\System\psmpvNS.exe
  2⤵
  PID:4780
- C:\Windows\System\qKrWEJJ.exe
  C:\Windows\System\qKrWEJJ.exe
  2⤵
  PID:4928
- C:\Windows\System\RTihDZy.exe
  C:\Windows\System\RTihDZy.exe
  2⤵
  PID:5004
- C:\Windows\System\kpXYxbf.exe
  C:\Windows\System\kpXYxbf.exe
  2⤵
  PID:5064
- C:\Windows\System\gKEVbXl.exe
  C:\Windows\System\gKEVbXl.exe
  2⤵
  PID:3248
- C:\Windows\System\ictjmOt.exe
  C:\Windows\System\ictjmOt.exe
  2⤵
  PID:3660
- C:\Windows\System\KMsFNIV.exe
  C:\Windows\System\KMsFNIV.exe
  2⤵
  PID:5140
- C:\Windows\System\lqHPdfB.exe
  C:\Windows\System\lqHPdfB.exe
  2⤵
  PID:5156
- C:\Windows\System\CwniuEc.exe
  C:\Windows\System\CwniuEc.exe
  2⤵
  PID:5180
- C:\Windows\System\tTnsttr.exe
  C:\Windows\System\tTnsttr.exe
  2⤵
  PID:5200
- C:\Windows\System\EhXtZTq.exe
  C:\Windows\System\EhXtZTq.exe
  2⤵
  PID:5220
- C:\Windows\System\EEFSOWs.exe
  C:\Windows\System\EEFSOWs.exe
  2⤵
  PID:5236
- C:\Windows\System\iPCEGIT.exe
  C:\Windows\System\iPCEGIT.exe
  2⤵
  PID:5260
- C:\Windows\System\CSdKiGU.exe
  C:\Windows\System\CSdKiGU.exe
  2⤵
  PID:5276
- C:\Windows\System\YxlsYvm.exe
  C:\Windows\System\YxlsYvm.exe
  2⤵
  PID:5300
- C:\Windows\System\cjncnjL.exe
  C:\Windows\System\cjncnjL.exe
  2⤵
  PID:5320
- C:\Windows\System\TnaXlEp.exe
  C:\Windows\System\TnaXlEp.exe
  2⤵
  PID:5340
- C:\Windows\System\UIwZNjX.exe
  C:\Windows\System\UIwZNjX.exe
  2⤵
  PID:5360
- C:\Windows\System\CqTxxJv.exe
  C:\Windows\System\CqTxxJv.exe
  2⤵
  PID:5380
- C:\Windows\System\Tmtbrhi.exe
  C:\Windows\System\Tmtbrhi.exe
  2⤵
  PID:5396
- C:\Windows\System\AxlJlfs.exe
  C:\Windows\System\AxlJlfs.exe
  2⤵
  PID:5420
- C:\Windows\System\yPPkKSO.exe
  C:\Windows\System\yPPkKSO.exe
  2⤵
  PID:5436
- C:\Windows\System\oEytYja.exe
  C:\Windows\System\oEytYja.exe
  2⤵
  PID:5464
- C:\Windows\System\AiAfTHc.exe
  C:\Windows\System\AiAfTHc.exe
  2⤵
  PID:5484
- C:\Windows\System\TTeKSwW.exe
  C:\Windows\System\TTeKSwW.exe
  2⤵
  PID:5504
- C:\Windows\System\diMHeyG.exe
  C:\Windows\System\diMHeyG.exe
  2⤵
  PID:5524
- C:\Windows\System\gaKjFWV.exe
  C:\Windows\System\gaKjFWV.exe
  2⤵
  PID:5544
- C:\Windows\System\xAEJPeR.exe
  C:\Windows\System\xAEJPeR.exe
  2⤵
  PID:5560
- C:\Windows\System\xqxYFXW.exe
  C:\Windows\System\xqxYFXW.exe
  2⤵
  PID:5584
- C:\Windows\System\XHnrPBk.exe
  C:\Windows\System\XHnrPBk.exe
  2⤵
  PID:5600
- C:\Windows\System\aENYNVG.exe
  C:\Windows\System\aENYNVG.exe
  2⤵
  PID:5624
- C:\Windows\System\JDoLCHR.exe
  C:\Windows\System\JDoLCHR.exe
  2⤵
  PID:5644
- C:\Windows\System\JuNRjsB.exe
  C:\Windows\System\JuNRjsB.exe
  2⤵
  PID:5664
- C:\Windows\System\MfOHwhC.exe
  C:\Windows\System\MfOHwhC.exe
  2⤵
  PID:5684
- C:\Windows\System\VuqiRaX.exe
  C:\Windows\System\VuqiRaX.exe
  2⤵
  PID:5704
- C:\Windows\System\rJARPpA.exe
  C:\Windows\System\rJARPpA.exe
  2⤵
  PID:5724
- C:\Windows\System\bAXTNcM.exe
  C:\Windows\System\bAXTNcM.exe
  2⤵
  PID:5744
- C:\Windows\System\RycTHna.exe
  C:\Windows\System\RycTHna.exe
  2⤵
  PID:5764
- C:\Windows\System\dhEEyjx.exe
  C:\Windows\System\dhEEyjx.exe
  2⤵
  PID:5784
- C:\Windows\System\ZuRtHHZ.exe
  C:\Windows\System\ZuRtHHZ.exe
  2⤵
  PID:5804
- C:\Windows\System\qDljdPv.exe
  C:\Windows\System\qDljdPv.exe
  2⤵
  PID:5824
- C:\Windows\System\CEGRBJH.exe
  C:\Windows\System\CEGRBJH.exe
  2⤵
  PID:5844
- C:\Windows\System\XtNhrjk.exe
  C:\Windows\System\XtNhrjk.exe
  2⤵
  PID:5864
- C:\Windows\System\eLMaStr.exe
  C:\Windows\System\eLMaStr.exe
  2⤵
  PID:5888
- C:\Windows\System\SOSJqLE.exe
  C:\Windows\System\SOSJqLE.exe
  2⤵
  PID:5908
- C:\Windows\System\edhBnqy.exe
  C:\Windows\System\edhBnqy.exe
  2⤵
  PID:5928
- C:\Windows\System\wUYnjZm.exe
  C:\Windows\System\wUYnjZm.exe
  2⤵
  PID:5948
- C:\Windows\System\MJXOaJU.exe
  C:\Windows\System\MJXOaJU.exe
  2⤵
  PID:5968
- C:\Windows\System\JGFodRF.exe
  C:\Windows\System\JGFodRF.exe
  2⤵
  PID:5988
- C:\Windows\System\bLsGMqG.exe
  C:\Windows\System\bLsGMqG.exe
  2⤵
  PID:6008
- C:\Windows\System\vpRQTIT.exe
  C:\Windows\System\vpRQTIT.exe
  2⤵
  PID:6028
- C:\Windows\System\hpAGvil.exe
  C:\Windows\System\hpAGvil.exe
  2⤵
  PID:6048
- C:\Windows\System\RIrDjWy.exe
  C:\Windows\System\RIrDjWy.exe
  2⤵
  PID:6068
- C:\Windows\System\jLCFQSA.exe
  C:\Windows\System\jLCFQSA.exe
  2⤵
  PID:6088
- C:\Windows\System\RbJdAMa.exe
  C:\Windows\System\RbJdAMa.exe
  2⤵
  PID:6108
- C:\Windows\System\RpoZQXJ.exe
  C:\Windows\System\RpoZQXJ.exe
  2⤵
  PID:6128
- C:\Windows\System\xWilCzn.exe
  C:\Windows\System\xWilCzn.exe
  2⤵
  PID:3824
- C:\Windows\System\QsgnxJj.exe
  C:\Windows\System\QsgnxJj.exe
  2⤵
  PID:1264
- C:\Windows\System\UnaWqkc.exe
  C:\Windows\System\UnaWqkc.exe
  2⤵
  PID:4048
- C:\Windows\System\izIllCN.exe
  C:\Windows\System\izIllCN.exe
  2⤵
  PID:4216
- C:\Windows\System\lXdqYVF.exe
  C:\Windows\System\lXdqYVF.exe
  2⤵
  PID:4416
- C:\Windows\System\cwmIzIG.exe
  C:\Windows\System\cwmIzIG.exe
  2⤵
  PID:2180
- C:\Windows\System\AnSoZaP.exe
  C:\Windows\System\AnSoZaP.exe
  2⤵
  PID:4496
- C:\Windows\System\nbrVhIt.exe
  C:\Windows\System\nbrVhIt.exe
  2⤵
  PID:4840
- C:\Windows\System\TPCodrD.exe
  C:\Windows\System\TPCodrD.exe
  2⤵
  PID:4924
- C:\Windows\System\gxliGtj.exe
  C:\Windows\System\gxliGtj.exe
  2⤵
  PID:3548
- C:\Windows\System\LECVuMl.exe
  C:\Windows\System\LECVuMl.exe
  2⤵
  PID:5044
- C:\Windows\System\UdItMUI.exe
  C:\Windows\System\UdItMUI.exe
  2⤵
  PID:5104
- C:\Windows\System\OqNpcci.exe
  C:\Windows\System\OqNpcci.exe
  2⤵
  PID:5148
- C:\Windows\System\WHdRyaj.exe
  C:\Windows\System\WHdRyaj.exe
  2⤵
  PID:5216
- C:\Windows\System\KQlxEJI.exe
  C:\Windows\System\KQlxEJI.exe
  2⤵
  PID:5252
- C:\Windows\System\aqIDakL.exe
  C:\Windows\System\aqIDakL.exe
  2⤵
  PID:5292
- C:\Windows\System\cbMjPfO.exe
  C:\Windows\System\cbMjPfO.exe
  2⤵
  PID:5272
- C:\Windows\System\aDZhFDr.exe
  C:\Windows\System\aDZhFDr.exe
  2⤵
  PID:5308
- C:\Windows\System\WWqauFQ.exe
  C:\Windows\System\WWqauFQ.exe
  2⤵
  PID:5368
- C:\Windows\System\hIBYhkP.exe
  C:\Windows\System\hIBYhkP.exe
  2⤵
  PID:5404
- C:\Windows\System\ITVoQpR.exe
  C:\Windows\System\ITVoQpR.exe
  2⤵
  PID:5352
- C:\Windows\System\BRkJkCF.exe
  C:\Windows\System\BRkJkCF.exe
  2⤵
  PID:5448
- C:\Windows\System\bHZkLHQ.exe
  C:\Windows\System\bHZkLHQ.exe
  2⤵
  PID:5492
- C:\Windows\System\nNICQkO.exe
  C:\Windows\System\nNICQkO.exe
  2⤵
  PID:5456
- C:\Windows\System\vSCTuFK.exe
  C:\Windows\System\vSCTuFK.exe
  2⤵
  PID:5520
- C:\Windows\System\WhyfIcO.exe
  C:\Windows\System\WhyfIcO.exe
  2⤵
  PID:5568
- C:\Windows\System\pbtKuAx.exe
  C:\Windows\System\pbtKuAx.exe
  2⤵
  PID:5620
- C:\Windows\System\ctQKoXp.exe
  C:\Windows\System\ctQKoXp.exe
  2⤵
  PID:5596
- C:\Windows\System\NPmsBPF.exe
  C:\Windows\System\NPmsBPF.exe
  2⤵
  PID:5636
- C:\Windows\System\offHlRg.exe
  C:\Windows\System\offHlRg.exe
  2⤵
  PID:5680
- C:\Windows\System\UuEGucj.exe
  C:\Windows\System\UuEGucj.exe
  2⤵
  PID:5712
- C:\Windows\System\ANWyIWT.exe
  C:\Windows\System\ANWyIWT.exe
  2⤵
  PID:5752
- C:\Windows\System\MLwsXHW.exe
  C:\Windows\System\MLwsXHW.exe
  2⤵
  PID:5780
- C:\Windows\System\TWDoyWI.exe
  C:\Windows\System\TWDoyWI.exe
  2⤵
  PID:5820
- C:\Windows\System\XnKPLqs.exe
  C:\Windows\System\XnKPLqs.exe
  2⤵
  PID:5840
- C:\Windows\System\WBQpaUe.exe
  C:\Windows\System\WBQpaUe.exe
  2⤵
  PID:5872
- C:\Windows\System\OcIfXWu.exe
  C:\Windows\System\OcIfXWu.exe
  2⤵
  PID:5900
- C:\Windows\System\CebXFUr.exe
  C:\Windows\System\CebXFUr.exe
  2⤵
  PID:5944
- C:\Windows\System\PORkDgs.exe
  C:\Windows\System\PORkDgs.exe
  2⤵
  PID:5964
- C:\Windows\System\CbJoRIb.exe
  C:\Windows\System\CbJoRIb.exe
  2⤵
  PID:6016
- C:\Windows\System\uPXeeNN.exe
  C:\Windows\System\uPXeeNN.exe
  2⤵
  PID:6056
- C:\Windows\System\rVOmsgl.exe
  C:\Windows\System\rVOmsgl.exe
  2⤵
  PID:6076
- C:\Windows\System\AaNixWm.exe
  C:\Windows\System\AaNixWm.exe
  2⤵
  PID:6100
- C:\Windows\System\uYCgfxn.exe
  C:\Windows\System\uYCgfxn.exe
  2⤵
  PID:3724
- C:\Windows\System\MtqBhHr.exe
  C:\Windows\System\MtqBhHr.exe
  2⤵
  PID:872
- C:\Windows\System\MgJjvSj.exe
  C:\Windows\System\MgJjvSj.exe
  2⤵
  PID:3800
- C:\Windows\System\rZFtPBV.exe
  C:\Windows\System\rZFtPBV.exe
  2⤵
  PID:4400
- C:\Windows\System\HOBJFIj.exe
  C:\Windows\System\HOBJFIj.exe
  2⤵
  PID:4440
- C:\Windows\System\RmqsUrx.exe
  C:\Windows\System\RmqsUrx.exe
  2⤵
  PID:4544
- C:\Windows\System\BBZgYFg.exe
  C:\Windows\System\BBZgYFg.exe
  2⤵
  PID:2256
- C:\Windows\System\rYJLjSj.exe
  C:\Windows\System\rYJLjSj.exe
  2⤵
  PID:5176
- C:\Windows\System\pWTBYcP.exe
  C:\Windows\System\pWTBYcP.exe
  2⤵
  PID:1396
- C:\Windows\System\AVTBdgK.exe
  C:\Windows\System\AVTBdgK.exe
  2⤵
  PID:5196
- C:\Windows\System\CEAFvjd.exe
  C:\Windows\System\CEAFvjd.exe
  2⤵
  PID:5228
- C:\Windows\System\JEumitP.exe
  C:\Windows\System\JEumitP.exe
  2⤵
  PID:5248
- C:\Windows\System\OVVCSgp.exe
  C:\Windows\System\OVVCSgp.exe
  2⤵
  PID:5328
- C:\Windows\System\FrIGnQN.exe
  C:\Windows\System\FrIGnQN.exe
  2⤵
  PID:5376
- C:\Windows\System\eLdAcLB.exe
  C:\Windows\System\eLdAcLB.exe
  2⤵
  PID:5392
- C:\Windows\System\fRjcBjV.exe
  C:\Windows\System\fRjcBjV.exe
  2⤵
  PID:5444
- C:\Windows\System\ptZUkLD.exe
  C:\Windows\System\ptZUkLD.exe
  2⤵
  PID:5608
- C:\Windows\System\UThvWtl.exe
  C:\Windows\System\UThvWtl.exe
  2⤵
  PID:5540
- C:\Windows\System\pkXiznx.exe
  C:\Windows\System\pkXiznx.exe
  2⤵
  PID:5660
- C:\Windows\System\eZXPtSL.exe
  C:\Windows\System\eZXPtSL.exe
  2⤵
  PID:1364
- C:\Windows\System\OukMmhw.exe
  C:\Windows\System\OukMmhw.exe
  2⤵
  PID:5800
- C:\Windows\System\wigkZfr.exe
  C:\Windows\System\wigkZfr.exe
  2⤵
  PID:5736
- C:\Windows\System\ngttwTX.exe
  C:\Windows\System\ngttwTX.exe
  2⤵
  PID:2992
- C:\Windows\System\RdPQTRq.exe
  C:\Windows\System\RdPQTRq.exe
  2⤵
  PID:5852
- C:\Windows\System\AzIFPtL.exe
  C:\Windows\System\AzIFPtL.exe
  2⤵
  PID:5940
- C:\Windows\System\CRcYnEg.exe
  C:\Windows\System\CRcYnEg.exe
  2⤵
  PID:2896
- C:\Windows\System\kvOMztS.exe
  C:\Windows\System\kvOMztS.exe
  2⤵
  PID:6000
- C:\Windows\System\YzMvjDF.exe
  C:\Windows\System\YzMvjDF.exe
  2⤵
  PID:6004
- C:\Windows\System\ycRzLHh.exe
  C:\Windows\System\ycRzLHh.exe
  2⤵
  PID:6060
- C:\Windows\System\LKSHgPG.exe
  C:\Windows\System\LKSHgPG.exe
  2⤵
  PID:4820
- C:\Windows\System\wKMdzIm.exe
  C:\Windows\System\wKMdzIm.exe
  2⤵
  PID:5776
- C:\Windows\System\yGcYrIj.exe
  C:\Windows\System\yGcYrIj.exe
  2⤵
  PID:1224
- C:\Windows\System\uNUfcoG.exe
  C:\Windows\System\uNUfcoG.exe
  2⤵
  PID:5128
- C:\Windows\System\CREpgVP.exe
  C:\Windows\System\CREpgVP.exe
  2⤵
  PID:2444
- C:\Windows\System\gXPEaYS.exe
  C:\Windows\System\gXPEaYS.exe
  2⤵
  PID:5232
- C:\Windows\System\dRqOvRt.exe
  C:\Windows\System\dRqOvRt.exe
  2⤵
  PID:2020
- C:\Windows\System\sEjLdSV.exe
  C:\Windows\System\sEjLdSV.exe
  2⤵
  PID:1436
- C:\Windows\System\UmxtIAh.exe
  C:\Windows\System\UmxtIAh.exe
  2⤵
  PID:2316
- C:\Windows\System\QlBFipP.exe
  C:\Windows\System\QlBFipP.exe
  2⤵
  PID:5460
- C:\Windows\System\NWSdmXR.exe
  C:\Windows\System\NWSdmXR.exe
  2⤵
  PID:5580
- C:\Windows\System\xXLQQJM.exe
  C:\Windows\System\xXLQQJM.exe
  2⤵
  PID:5696
- C:\Windows\System\qVFHdfH.exe
  C:\Windows\System\qVFHdfH.exe
  2⤵
  PID:1652
- C:\Windows\System\jrHlJcV.exe
  C:\Windows\System\jrHlJcV.exe
  2⤵
  PID:5816
- C:\Windows\System\PeRFyxs.exe
  C:\Windows\System\PeRFyxs.exe
  2⤵
  PID:5976
- C:\Windows\System\jazIsRw.exe
  C:\Windows\System\jazIsRw.exe
  2⤵
  PID:2220
- C:\Windows\System\SdyDsHh.exe
  C:\Windows\System\SdyDsHh.exe
  2⤵
  PID:6080
- C:\Windows\System\RJtldNi.exe
  C:\Windows\System\RJtldNi.exe
  2⤵
  PID:2984
- C:\Windows\System\eeVqtbK.exe
  C:\Windows\System\eeVqtbK.exe
  2⤵
  PID:1952
- C:\Windows\System\rzmOhzq.exe
  C:\Windows\System\rzmOhzq.exe
  2⤵
  PID:6124
- C:\Windows\System\GfQBXgx.exe
  C:\Windows\System\GfQBXgx.exe
  2⤵
  PID:4644
- C:\Windows\System\SaRKxtn.exe
  C:\Windows\System\SaRKxtn.exe
  2⤵
  PID:4856
- C:\Windows\System\GXuEiKh.exe
  C:\Windows\System\GXuEiKh.exe
  2⤵
  PID:5192
- C:\Windows\System\tRxYLUp.exe
  C:\Windows\System\tRxYLUp.exe
  2⤵
  PID:5332
- C:\Windows\System\cjaTYja.exe
  C:\Windows\System\cjaTYja.exe
  2⤵
  PID:5268
- C:\Windows\System\tzJbwOh.exe
  C:\Windows\System\tzJbwOh.exe
  2⤵
  PID:5452
- C:\Windows\System\eRcDrCn.exe
  C:\Windows\System\eRcDrCn.exe
  2⤵
  PID:2136
- C:\Windows\System\lmPNeks.exe
  C:\Windows\System\lmPNeks.exe
  2⤵
  PID:2128
- C:\Windows\System\TpNtIQN.exe
  C:\Windows\System\TpNtIQN.exe
  2⤵
  PID:5904
- C:\Windows\System\zSzojiA.exe
  C:\Windows\System\zSzojiA.exe
  2⤵
  PID:2040
- C:\Windows\System\CARNaIR.exe
  C:\Windows\System\CARNaIR.exe
  2⤵
  PID:4716
- C:\Windows\System\wBQvfxe.exe
  C:\Windows\System\wBQvfxe.exe
  2⤵
  PID:4980
- C:\Windows\System\ulVsFMO.exe
  C:\Windows\System\ulVsFMO.exe
  2⤵
  PID:4512
- C:\Windows\System\DxQpOkP.exe
  C:\Windows\System\DxQpOkP.exe
  2⤵
  PID:668
- C:\Windows\System\nEaQwvU.exe
  C:\Windows\System\nEaQwvU.exe
  2⤵
  PID:2864
- C:\Windows\System\suNxTYI.exe
  C:\Windows\System\suNxTYI.exe
  2⤵
  PID:5672
- C:\Windows\System\BJRaFeZ.exe
  C:\Windows\System\BJRaFeZ.exe
  2⤵
  PID:5984
- C:\Windows\System\mNhVwXF.exe
  C:\Windows\System\mNhVwXF.exe
  2⤵
  PID:4028
- C:\Windows\System\PqyysJn.exe
  C:\Windows\System\PqyysJn.exe
  2⤵
  PID:5136
- C:\Windows\System\hDiAyxk.exe
  C:\Windows\System\hDiAyxk.exe
  2⤵
  PID:5472
- C:\Windows\System\SazuzFJ.exe
  C:\Windows\System\SazuzFJ.exe
  2⤵
  PID:5760
- C:\Windows\System\NHCFRFK.exe
  C:\Windows\System\NHCFRFK.exe
  2⤵
  PID:6164
- C:\Windows\System\lgSECKG.exe
  C:\Windows\System\lgSECKG.exe
  2⤵
  PID:6184
- C:\Windows\System\maBpKeM.exe
  C:\Windows\System\maBpKeM.exe
  2⤵
  PID:6204
- C:\Windows\System\uCbAgCs.exe
  C:\Windows\System\uCbAgCs.exe
  2⤵
  PID:6224
- C:\Windows\System\ViOJfqF.exe
  C:\Windows\System\ViOJfqF.exe
  2⤵
  PID:6244
- C:\Windows\System\xQsFayS.exe
  C:\Windows\System\xQsFayS.exe
  2⤵
  PID:6264
- C:\Windows\System\cSRClzp.exe
  C:\Windows\System\cSRClzp.exe
  2⤵
  PID:6284
- C:\Windows\System\PxCBBmn.exe
  C:\Windows\System\PxCBBmn.exe
  2⤵
  PID:6304
- C:\Windows\System\NSzJWYE.exe
  C:\Windows\System\NSzJWYE.exe
  2⤵
  PID:6324
- C:\Windows\System\AjWXyOq.exe
  C:\Windows\System\AjWXyOq.exe
  2⤵
  PID:6344
- C:\Windows\System\EOpepvm.exe
  C:\Windows\System\EOpepvm.exe
  2⤵
  PID:6364
- C:\Windows\System\YRQuUon.exe
  C:\Windows\System\YRQuUon.exe
  2⤵
  PID:6384
- C:\Windows\System\iGArDLX.exe
  C:\Windows\System\iGArDLX.exe
  2⤵
  PID:6416
- C:\Windows\System\ympyCCb.exe
  C:\Windows\System\ympyCCb.exe
  2⤵
  PID:6440
- C:\Windows\System\fGimyjG.exe
  C:\Windows\System\fGimyjG.exe
  2⤵
  PID:6492
- C:\Windows\System\tqKIEIg.exe
  C:\Windows\System\tqKIEIg.exe
  2⤵
  PID:6512
- C:\Windows\System\MTbuOFi.exe
  C:\Windows\System\MTbuOFi.exe
  2⤵
  PID:6528
- C:\Windows\System\itVlTzW.exe
  C:\Windows\System\itVlTzW.exe
  2⤵
  PID:6548
- C:\Windows\System\lgrGxNe.exe
  C:\Windows\System\lgrGxNe.exe
  2⤵
  PID:6564
- C:\Windows\System\YUnSNmv.exe
  C:\Windows\System\YUnSNmv.exe
  2⤵
  PID:6580
- C:\Windows\System\HOZunkA.exe
  C:\Windows\System\HOZunkA.exe
  2⤵
  PID:6596
- C:\Windows\System\zMNnqzM.exe
  C:\Windows\System\zMNnqzM.exe
  2⤵
  PID:6612
- C:\Windows\System\qTkQVzt.exe
  C:\Windows\System\qTkQVzt.exe
  2⤵
  PID:6628
- C:\Windows\System\yiescdK.exe
  C:\Windows\System\yiescdK.exe
  2⤵
  PID:6644
- C:\Windows\System\kdIHXkI.exe
  C:\Windows\System\kdIHXkI.exe
  2⤵
  PID:6660
- C:\Windows\System\KfjKntd.exe
  C:\Windows\System\KfjKntd.exe
  2⤵
  PID:6680
- C:\Windows\System\ziYuhuC.exe
  C:\Windows\System\ziYuhuC.exe
  2⤵
  PID:6696
- C:\Windows\System\KNVXXpj.exe
  C:\Windows\System\KNVXXpj.exe
  2⤵
  PID:6712
- C:\Windows\System\CzqcvQD.exe
  C:\Windows\System\CzqcvQD.exe
  2⤵
  PID:6728
- C:\Windows\System\iFXhXyH.exe
  C:\Windows\System\iFXhXyH.exe
  2⤵
  PID:6744
- C:\Windows\System\yRrVXnK.exe
  C:\Windows\System\yRrVXnK.exe
  2⤵
  PID:6760
- C:\Windows\System\DRRkiLm.exe
  C:\Windows\System\DRRkiLm.exe
  2⤵
  PID:6780
- C:\Windows\System\mlzUnHG.exe
  C:\Windows\System\mlzUnHG.exe
  2⤵
  PID:6804
- C:\Windows\System\pvQEMVa.exe
  C:\Windows\System\pvQEMVa.exe
  2⤵
  PID:6828
- C:\Windows\System\ErmUdXm.exe
  C:\Windows\System\ErmUdXm.exe
  2⤵
  PID:6844
- C:\Windows\System\hpHedMB.exe
  C:\Windows\System\hpHedMB.exe
  2⤵
  PID:6900
- C:\Windows\System\DplagcR.exe
  C:\Windows\System\DplagcR.exe
  2⤵
  PID:6924
- C:\Windows\System\nIEruKV.exe
  C:\Windows\System\nIEruKV.exe
  2⤵
  PID:6948
- C:\Windows\System\XVgqCWm.exe
  C:\Windows\System\XVgqCWm.exe
  2⤵
  PID:6964
- C:\Windows\System\AJyIPMO.exe
  C:\Windows\System\AJyIPMO.exe
  2⤵
  PID:6980
- C:\Windows\System\cqOdoVM.exe
  C:\Windows\System\cqOdoVM.exe
  2⤵
  PID:6996
- C:\Windows\System\bQvorOX.exe
  C:\Windows\System\bQvorOX.exe
  2⤵
  PID:7012
- C:\Windows\System\MFYgyyg.exe
  C:\Windows\System\MFYgyyg.exe
  2⤵
  PID:7028
- C:\Windows\System\odwpxxZ.exe
  C:\Windows\System\odwpxxZ.exe
  2⤵
  PID:7052
- C:\Windows\System\COsqdwl.exe
  C:\Windows\System\COsqdwl.exe
  2⤵
  PID:7076
- C:\Windows\System\nVYcKXh.exe
  C:\Windows\System\nVYcKXh.exe
  2⤵
  PID:7092
- C:\Windows\System\TwuhJbj.exe
  C:\Windows\System\TwuhJbj.exe
  2⤵
  PID:7108
- C:\Windows\System\fPEXaGR.exe
  C:\Windows\System\fPEXaGR.exe
  2⤵
  PID:7124
- C:\Windows\System\UbEyGLi.exe
  C:\Windows\System\UbEyGLi.exe
  2⤵
  PID:7140
- C:\Windows\System\iTTFyeK.exe
  C:\Windows\System\iTTFyeK.exe
  2⤵
  PID:7156
- C:\Windows\System\varbbCM.exe
  C:\Windows\System\varbbCM.exe
  2⤵
  PID:3000
- C:\Windows\System\pXjSbLX.exe
  C:\Windows\System\pXjSbLX.exe
  2⤵
  PID:1192
- C:\Windows\System\XRaCFme.exe
  C:\Windows\System\XRaCFme.exe
  2⤵
  PID:5556
- C:\Windows\System\xukMBzW.exe
  C:\Windows\System\xukMBzW.exe
  2⤵
  PID:6172
- C:\Windows\System\qKsuMjP.exe
  C:\Windows\System\qKsuMjP.exe
  2⤵
  PID:6156
- C:\Windows\System\carMtxZ.exe
  C:\Windows\System\carMtxZ.exe
  2⤵
  PID:6200
- C:\Windows\System\YzjSXkN.exe
  C:\Windows\System\YzjSXkN.exe
  2⤵
  PID:6260
- C:\Windows\System\HcomBnK.exe
  C:\Windows\System\HcomBnK.exe
  2⤵
  PID:2276
- C:\Windows\System\kIbKUxf.exe
  C:\Windows\System\kIbKUxf.exe
  2⤵
  PID:6340
- C:\Windows\System\jynyqsL.exe
  C:\Windows\System\jynyqsL.exe
  2⤵
  PID:1460
- C:\Windows\System\LfGrxet.exe
  C:\Windows\System\LfGrxet.exe
  2⤵
  PID:6424
- C:\Windows\System\tHmJijW.exe
  C:\Windows\System\tHmJijW.exe
  2⤵
  PID:928
- C:\Windows\System\wCRStXZ.exe
  C:\Windows\System\wCRStXZ.exe
  2⤵
  PID:6360
- C:\Windows\System\jJTCnZH.exe
  C:\Windows\System\jJTCnZH.exe
  2⤵
  PID:6448
- C:\Windows\System\mFkOxVz.exe
  C:\Windows\System\mFkOxVz.exe
  2⤵
  PID:6472
- C:\Windows\System\vnQBPuR.exe
  C:\Windows\System\vnQBPuR.exe
  2⤵
  PID:1660
- C:\Windows\System\qioWtZD.exe
  C:\Windows\System\qioWtZD.exe
  2⤵
  PID:2452
- C:\Windows\System\tSzNxzG.exe
  C:\Windows\System\tSzNxzG.exe
  2⤵
  PID:1784
- C:\Windows\System\HpUjgEr.exe
  C:\Windows\System\HpUjgEr.exe
  2⤵
  PID:2868
- C:\Windows\System\ohtiWle.exe
  C:\Windows\System\ohtiWle.exe
  2⤵
  PID:624
- C:\Windows\System\KKfMGKA.exe
  C:\Windows\System\KKfMGKA.exe
  2⤵
  PID:6556
- C:\Windows\System\gajFcFG.exe
  C:\Windows\System\gajFcFG.exe
  2⤵
  PID:2000
- C:\Windows\System\cinlrdX.exe
  C:\Windows\System\cinlrdX.exe
  2⤵
  PID:6640
- C:\Windows\System\hgWGttH.exe
  C:\Windows\System\hgWGttH.exe
  2⤵
  PID:6620
- C:\Windows\System\tetGfwL.exe
  C:\Windows\System\tetGfwL.exe
  2⤵
  PID:2600
- C:\Windows\System\QIJoZHd.exe
  C:\Windows\System\QIJoZHd.exe
  2⤵
  PID:2348
- C:\Windows\System\VYsWHpg.exe
  C:\Windows\System\VYsWHpg.exe
  2⤵
  PID:6708
- C:\Windows\System\YsLOYsP.exe
  C:\Windows\System\YsLOYsP.exe
  2⤵
  PID:6736
- C:\Windows\System\hUBiNKU.exe
  C:\Windows\System\hUBiNKU.exe
  2⤵
  PID:556
- C:\Windows\System\NPHUZAs.exe
  C:\Windows\System\NPHUZAs.exe
  2⤵
  PID:6724
- C:\Windows\System\pfPrfTx.exe
  C:\Windows\System\pfPrfTx.exe
  2⤵
  PID:6812
- C:\Windows\System\pXRVhNP.exe
  C:\Windows\System\pXRVhNP.exe
  2⤵
  PID:6788
- C:\Windows\System\BRSYMcm.exe
  C:\Windows\System\BRSYMcm.exe
  2⤵
  PID:6800
- C:\Windows\System\aioqKRB.exe
  C:\Windows\System\aioqKRB.exe
  2⤵
  PID:912
- C:\Windows\System\IqENkQH.exe
  C:\Windows\System\IqENkQH.exe
  2⤵
  PID:6892
- C:\Windows\System\UAmsets.exe
  C:\Windows\System\UAmsets.exe
  2⤵
  PID:6940
- C:\Windows\System\DpxBNeJ.exe
  C:\Windows\System\DpxBNeJ.exe
  2⤵
  PID:6908
- C:\Windows\System\EiCPwKk.exe
  C:\Windows\System\EiCPwKk.exe
  2⤵
  PID:6916
- C:\Windows\System\ZiuYicJ.exe
  C:\Windows\System\ZiuYicJ.exe
  2⤵
  PID:7008
- C:\Windows\System\nfobSNn.exe
  C:\Windows\System\nfobSNn.exe
  2⤵
  PID:7036
- C:\Windows\System\DKMimKr.exe
  C:\Windows\System\DKMimKr.exe
  2⤵
  PID:7068
- C:\Windows\System\OALRwiK.exe
  C:\Windows\System\OALRwiK.exe
  2⤵
  PID:7136
- C:\Windows\System\ZaMuROq.exe
  C:\Windows\System\ZaMuROq.exe
  2⤵
  PID:6084
- C:\Windows\System\qugkPVf.exe
  C:\Windows\System\qugkPVf.exe
  2⤵
  PID:6036
- C:\Windows\System\pbNrElz.exe
  C:\Windows\System\pbNrElz.exe
  2⤵
  PID:2972
- C:\Windows\System\RVNwcFJ.exe
  C:\Windows\System\RVNwcFJ.exe
  2⤵
  PID:2784
- C:\Windows\System\JXKmihA.exe
  C:\Windows\System\JXKmihA.exe
  2⤵
  PID:6192
- C:\Windows\System\xTrmpra.exe
  C:\Windows\System\xTrmpra.exe
  2⤵
  PID:6256
- C:\Windows\System\BLMVesG.exe
  C:\Windows\System\BLMVesG.exe
  2⤵
  PID:6252
- C:\Windows\System\YnXjvGa.exe
  C:\Windows\System\YnXjvGa.exe
  2⤵
  PID:6380
- C:\Windows\System\CMPIvas.exe
  C:\Windows\System\CMPIvas.exe
  2⤵
  PID:2012
- C:\Windows\System\tCPqvgE.exe
  C:\Windows\System\tCPqvgE.exe
  2⤵
  PID:6312
- C:\Windows\System\AWOKfXU.exe
  C:\Windows\System\AWOKfXU.exe
  2⤵
  PID:6396
- C:\Windows\System\wdNOizg.exe
  C:\Windows\System\wdNOizg.exe
  2⤵
  PID:5880
- C:\Windows\System\wyRxGGb.exe
  C:\Windows\System\wyRxGGb.exe
  2⤵
  PID:984
- C:\Windows\System\IYDCTOk.exe
  C:\Windows\System\IYDCTOk.exe
  2⤵
  PID:6652
- C:\Windows\System\FAuOhqM.exe
  C:\Windows\System\FAuOhqM.exe
  2⤵
  PID:2476
- C:\Windows\System\fJCBEmN.exe
  C:\Windows\System\fJCBEmN.exe
  2⤵
  PID:6720
- C:\Windows\System\QSWECVg.exe
  C:\Windows\System\QSWECVg.exe
  2⤵
  PID:6776
- C:\Windows\System\jzBUeuu.exe
  C:\Windows\System\jzBUeuu.exe
  2⤵
  PID:6796
- C:\Windows\System\hVsJlNF.exe
  C:\Windows\System\hVsJlNF.exe
  2⤵
  PID:6972
- C:\Windows\System\csxQlDZ.exe
  C:\Windows\System\csxQlDZ.exe
  2⤵
  PID:6944
- C:\Windows\System\XgwQFDv.exe
  C:\Windows\System\XgwQFDv.exe
  2⤵
  PID:7100
- C:\Windows\System\iqQbIus.exe
  C:\Windows\System\iqQbIus.exe
  2⤵
  PID:7116
- C:\Windows\System\MTeCECt.exe
  C:\Windows\System\MTeCECt.exe
  2⤵
  PID:6044
- C:\Windows\System\fovSNJd.exe
  C:\Windows\System\fovSNJd.exe
  2⤵
  PID:2016
- C:\Windows\System\iBkaUoy.exe
  C:\Windows\System\iBkaUoy.exe
  2⤵
  PID:6160
- C:\Windows\System\NxXHdUO.exe
  C:\Windows\System\NxXHdUO.exe
  2⤵
  PID:6216
- C:\Windows\System\hoqUrgd.exe
  C:\Windows\System\hoqUrgd.exe
  2⤵
  PID:6372
- C:\Windows\System\BAghhYy.exe
  C:\Windows\System\BAghhYy.exe
  2⤵
  PID:6376
- C:\Windows\System\tPQrvwy.exe
  C:\Windows\System\tPQrvwy.exe
  2⤵
  PID:6352
- C:\Windows\System\AGoLlHb.exe
  C:\Windows\System\AGoLlHb.exe
  2⤵
  PID:1340
- C:\Windows\System\DvIZKcb.exe
  C:\Windows\System\DvIZKcb.exe
  2⤵
  PID:840
- C:\Windows\System\iaSZfrh.exe
  C:\Windows\System\iaSZfrh.exe
  2⤵
  PID:2228
- C:\Windows\System\yZxnjsu.exe
  C:\Windows\System\yZxnjsu.exe
  2⤵
  PID:6572
- C:\Windows\System\HbLVxoD.exe
  C:\Windows\System\HbLVxoD.exe
  2⤵
  PID:2792
- C:\Windows\System\XACrbdO.exe
  C:\Windows\System\XACrbdO.exe
  2⤵
  PID:1016
- C:\Windows\System\CtbysPD.exe
  C:\Windows\System\CtbysPD.exe
  2⤵
  PID:2176
- C:\Windows\System\sQoNPeL.exe
  C:\Windows\System\sQoNPeL.exe
  2⤵
  PID:7072
- C:\Windows\System\ljtQruD.exe
  C:\Windows\System\ljtQruD.exe
  2⤵
  PID:1800
- C:\Windows\System\QSpUwfI.exe
  C:\Windows\System\QSpUwfI.exe
  2⤵
  PID:6876
- C:\Windows\System\ZPqmMtr.exe
  C:\Windows\System\ZPqmMtr.exe
  2⤵
  PID:7020
- C:\Windows\System\fHNphTa.exe
  C:\Windows\System\fHNphTa.exe
  2⤵
  PID:7164
- C:\Windows\System\NZqgLLA.exe
  C:\Windows\System\NZqgLLA.exe
  2⤵
  PID:7088
- C:\Windows\System\dEumiaU.exe
  C:\Windows\System\dEumiaU.exe
  2⤵
  PID:6820
- C:\Windows\System\okYywvv.exe
  C:\Windows\System\okYywvv.exe
  2⤵
  PID:6332
- C:\Windows\System\wlEpWqR.exe
  C:\Windows\System\wlEpWqR.exe
  2⤵
  PID:6408
- C:\Windows\System\TDxXWkb.exe
  C:\Windows\System\TDxXWkb.exe
  2⤵
  PID:6500
- C:\Windows\System\snILOQi.exe
  C:\Windows\System\snILOQi.exe
  2⤵
  PID:2384
- C:\Windows\System\xFPRUye.exe
  C:\Windows\System\xFPRUye.exe
  2⤵
  PID:4156
- C:\Windows\System\zFQzVxR.exe
  C:\Windows\System\zFQzVxR.exe
  2⤵
  PID:6868
- C:\Windows\System\BasLjAq.exe
  C:\Windows\System\BasLjAq.exe
  2⤵
  PID:6220
- C:\Windows\System\DYiSDga.exe
  C:\Windows\System\DYiSDga.exe
  2⤵
  PID:2052
- C:\Windows\System\UDAuemV.exe
  C:\Windows\System\UDAuemV.exe
  2⤵
  PID:6752
- C:\Windows\System\CCMiqSc.exe
  C:\Windows\System\CCMiqSc.exe
  2⤵
  PID:5532
- C:\Windows\System\PDHMmvD.exe
  C:\Windows\System\PDHMmvD.exe
  2⤵
  PID:6300
- C:\Windows\System\HiVTTaw.exe
  C:\Windows\System\HiVTTaw.exe
  2⤵
  PID:6404
- C:\Windows\System\ZePilwL.exe
  C:\Windows\System\ZePilwL.exe
  2⤵
  PID:6836
- C:\Windows\System\wSLFOTQ.exe
  C:\Windows\System\wSLFOTQ.exe
  2⤵
  PID:6636
- C:\Windows\System\Mpbumtr.exe
  C:\Windows\System\Mpbumtr.exe
  2⤵
  PID:2196
- C:\Windows\System\UcUJEBw.exe
  C:\Windows\System\UcUJEBw.exe
  2⤵
  PID:5356
- C:\Windows\System\gpdCIon.exe
  C:\Windows\System\gpdCIon.exe
  2⤵
  PID:6824
- C:\Windows\System\ytCInMS.exe
  C:\Windows\System\ytCInMS.exe
  2⤵
  PID:6524
- C:\Windows\System\MgLYIlE.exe
  C:\Windows\System\MgLYIlE.exe
  2⤵
  PID:2404
- C:\Windows\System\pbgjUwi.exe
  C:\Windows\System\pbgjUwi.exe
  2⤵
  PID:6536
- C:\Windows\System\MhHukwW.exe
  C:\Windows\System\MhHukwW.exe
  2⤵
  PID:6960
- C:\Windows\System\YCyYrHe.exe
  C:\Windows\System\YCyYrHe.exe
  2⤵
  PID:7048
- C:\Windows\System\wfQocbt.exe
  C:\Windows\System\wfQocbt.exe
  2⤵
  PID:6932
- C:\Windows\System\JMBsvOr.exe
  C:\Windows\System\JMBsvOr.exe
  2⤵
  PID:5612
- C:\Windows\System\dMFdvUZ.exe
  C:\Windows\System\dMFdvUZ.exe
  2⤵
  PID:6276
- C:\Windows\System\xnrvMrP.exe
  C:\Windows\System\xnrvMrP.exe
  2⤵
  PID:7176
- C:\Windows\System\GBBXoRi.exe
  C:\Windows\System\GBBXoRi.exe
  2⤵
  PID:7200
- C:\Windows\System\hPZoDqM.exe
  C:\Windows\System\hPZoDqM.exe
  2⤵
  PID:7216
- C:\Windows\System\EMYjwgP.exe
  C:\Windows\System\EMYjwgP.exe
  2⤵
  PID:7240
- C:\Windows\System\kTszTzk.exe
  C:\Windows\System\kTszTzk.exe
  2⤵
  PID:7256
- C:\Windows\System\dZaPAtZ.exe
  C:\Windows\System\dZaPAtZ.exe
  2⤵
  PID:7272
- C:\Windows\System\Ndyxyxt.exe
  C:\Windows\System\Ndyxyxt.exe
  2⤵
  PID:7296
- C:\Windows\System\LYQeuDY.exe
  C:\Windows\System\LYQeuDY.exe
  2⤵
  PID:7316
- C:\Windows\System\xQhsvMJ.exe
  C:\Windows\System\xQhsvMJ.exe
  2⤵
  PID:7336
- C:\Windows\System\LFQMGFM.exe
  C:\Windows\System\LFQMGFM.exe
  2⤵
  PID:7356
- C:\Windows\System\PTvxgNS.exe
  C:\Windows\System\PTvxgNS.exe
  2⤵
  PID:7372
- C:\Windows\System\SsBXfvE.exe
  C:\Windows\System\SsBXfvE.exe
  2⤵
  PID:7400
- C:\Windows\System\dmLiYQA.exe
  C:\Windows\System\dmLiYQA.exe
  2⤵
  PID:7416
- C:\Windows\System\BdSuHvB.exe
  C:\Windows\System\BdSuHvB.exe
  2⤵
  PID:7440
- C:\Windows\System\wxwJEEy.exe
  C:\Windows\System\wxwJEEy.exe
  2⤵
  PID:7464
- C:\Windows\System\YlhTwCT.exe
  C:\Windows\System\YlhTwCT.exe
  2⤵
  PID:7480
- C:\Windows\System\nMytkfH.exe
  C:\Windows\System\nMytkfH.exe
  2⤵
  PID:7504
- C:\Windows\System\XjTcESS.exe
  C:\Windows\System\XjTcESS.exe
  2⤵
  PID:7524
- C:\Windows\System\cEwxmEQ.exe
  C:\Windows\System\cEwxmEQ.exe
  2⤵
  PID:7540
- C:\Windows\System\zrJhOsz.exe
  C:\Windows\System\zrJhOsz.exe
  2⤵
  PID:7564
- C:\Windows\System\nNTyQQc.exe
  C:\Windows\System\nNTyQQc.exe
  2⤵
  PID:7580
- C:\Windows\System\kLeAdEf.exe
  C:\Windows\System\kLeAdEf.exe
  2⤵
  PID:7596
- C:\Windows\System\BVhCNaK.exe
  C:\Windows\System\BVhCNaK.exe
  2⤵
  PID:7620
- C:\Windows\System\YeFqqqk.exe
  C:\Windows\System\YeFqqqk.exe
  2⤵
  PID:7636
- C:\Windows\System\iVLCeAn.exe
  C:\Windows\System\iVLCeAn.exe
  2⤵
  PID:7660
- C:\Windows\System\hjVnYst.exe
  C:\Windows\System\hjVnYst.exe
  2⤵
  PID:7676
- C:\Windows\System\lSKFYtp.exe
  C:\Windows\System\lSKFYtp.exe
  2⤵
  PID:7692
- C:\Windows\System\SIDMWLa.exe
  C:\Windows\System\SIDMWLa.exe
  2⤵
  PID:7716
- C:\Windows\System\obJUmbx.exe
  C:\Windows\System\obJUmbx.exe
  2⤵
  PID:7736
- C:\Windows\System\bIOKMvG.exe
  C:\Windows\System\bIOKMvG.exe
  2⤵
  PID:7752
- C:\Windows\System\DkpYICe.exe
  C:\Windows\System\DkpYICe.exe
  2⤵
  PID:7768
- C:\Windows\System\HEbgOgc.exe
  C:\Windows\System\HEbgOgc.exe
  2⤵
  PID:7788
- C:\Windows\System\etmIcmn.exe
  C:\Windows\System\etmIcmn.exe
  2⤵
  PID:7808
- C:\Windows\System\sWTjeyJ.exe
  C:\Windows\System\sWTjeyJ.exe
  2⤵
  PID:7844
- C:\Windows\System\GqvHYGq.exe
  C:\Windows\System\GqvHYGq.exe
  2⤵
  PID:7860
- C:\Windows\System\BCqyGDI.exe
  C:\Windows\System\BCqyGDI.exe
  2⤵
  PID:7884
- C:\Windows\System\GijVzJn.exe
  C:\Windows\System\GijVzJn.exe
  2⤵
  PID:7900
- C:\Windows\System\ZaDTxXQ.exe
  C:\Windows\System\ZaDTxXQ.exe
  2⤵
  PID:7920
- C:\Windows\System\BBTThpH.exe
  C:\Windows\System\BBTThpH.exe
  2⤵
  PID:7940
- C:\Windows\System\CWxowvO.exe
  C:\Windows\System\CWxowvO.exe
  2⤵
  PID:7960
- C:\Windows\System\NazDBrn.exe
  C:\Windows\System\NazDBrn.exe
  2⤵
  PID:7980
- C:\Windows\System\mUxgDQD.exe
  C:\Windows\System\mUxgDQD.exe
  2⤵
  PID:8000
- C:\Windows\System\mMvNFFy.exe
  C:\Windows\System\mMvNFFy.exe
  2⤵
  PID:8020
- C:\Windows\System\DJgJqZn.exe
  C:\Windows\System\DJgJqZn.exe
  2⤵
  PID:8036
- C:\Windows\System\vTbIWLN.exe
  C:\Windows\System\vTbIWLN.exe
  2⤵
  PID:8064
- C:\Windows\System\QQMWXii.exe
  C:\Windows\System\QQMWXii.exe
  2⤵
  PID:8088
- C:\Windows\System\GqlRTHj.exe
  C:\Windows\System\GqlRTHj.exe
  2⤵
  PID:8104
- C:\Windows\System\ZwRxnin.exe
  C:\Windows\System\ZwRxnin.exe
  2⤵
  PID:8124
- C:\Windows\System\gznpDom.exe
  C:\Windows\System\gznpDom.exe
  2⤵
  PID:8140
- C:\Windows\System\XxPCZKX.exe
  C:\Windows\System\XxPCZKX.exe
  2⤵
  PID:8156
- C:\Windows\System\MDnUjFI.exe
  C:\Windows\System\MDnUjFI.exe
  2⤵
  PID:8176
- C:\Windows\System\csoNrPB.exe
  C:\Windows\System\csoNrPB.exe
  2⤵
  PID:7184
- C:\Windows\System\OdVCkYm.exe
  C:\Windows\System\OdVCkYm.exe
  2⤵
  PID:7188
- C:\Windows\System\LdoJzTr.exe
  C:\Windows\System\LdoJzTr.exe
  2⤵
  PID:7236
- C:\Windows\System\CqgvlxL.exe
  C:\Windows\System\CqgvlxL.exe
  2⤵
  PID:7252
- C:\Windows\System\PpwKilk.exe
  C:\Windows\System\PpwKilk.exe
  2⤵
  PID:7292
- C:\Windows\System\kfHLvJf.exe
  C:\Windows\System\kfHLvJf.exe
  2⤵
  PID:7288
- C:\Windows\System\RbHbTqZ.exe
  C:\Windows\System\RbHbTqZ.exe
  2⤵
  PID:7392
- C:\Windows\System\CoDeeUD.exe
  C:\Windows\System\CoDeeUD.exe
  2⤵
  PID:2740
- C:\Windows\System\RExiWBZ.exe
  C:\Windows\System\RExiWBZ.exe
  2⤵
  PID:7432
- C:\Windows\System\ZObUWtw.exe
  C:\Windows\System\ZObUWtw.exe
  2⤵
  PID:7448
- C:\Windows\System\SETSqbx.exe
  C:\Windows\System\SETSqbx.exe
  2⤵
  PID:7492
- C:\Windows\System\xHKQhEn.exe
  C:\Windows\System\xHKQhEn.exe
  2⤵
  PID:7516
- C:\Windows\System\QEZvPaL.exe
  C:\Windows\System\QEZvPaL.exe
  2⤵
  PID:7588
- C:\Windows\System\hiVggCZ.exe
  C:\Windows\System\hiVggCZ.exe
  2⤵
  PID:7632
- C:\Windows\System\owjbqzS.exe
  C:\Windows\System\owjbqzS.exe
  2⤵
  PID:7604
- C:\Windows\System\jjbkaDH.exe
  C:\Windows\System\jjbkaDH.exe
  2⤵
  PID:7704
- C:\Windows\System\xynXPys.exe
  C:\Windows\System\xynXPys.exe
  2⤵
  PID:7688
- C:\Windows\System\kNxMvRS.exe
  C:\Windows\System\kNxMvRS.exe
  2⤵
  PID:7780
- C:\Windows\System\dUMEigT.exe
  C:\Windows\System\dUMEigT.exe
  2⤵
  PID:7796
- C:\Windows\System\MbAYQKx.exe
  C:\Windows\System\MbAYQKx.exe
  2⤵
  PID:7824
- C:\Windows\System\NIzbuON.exe
  C:\Windows\System\NIzbuON.exe
  2⤵
  PID:7832
- C:\Windows\System\WAnarNj.exe
  C:\Windows\System\WAnarNj.exe
  2⤵
  PID:7876
- C:\Windows\System\BFvIMVE.exe
  C:\Windows\System\BFvIMVE.exe
  2⤵
  PID:7912
- C:\Windows\System\xiAWbWt.exe
  C:\Windows\System\xiAWbWt.exe
  2⤵
  PID:7928
- C:\Windows\System\CMGpUEr.exe
  C:\Windows\System\CMGpUEr.exe
  2⤵
  PID:7992
- C:\Windows\System\FiEOOBD.exe
  C:\Windows\System\FiEOOBD.exe
  2⤵
  PID:8032
- C:\Windows\System\KPLlpvy.exe
  C:\Windows\System\KPLlpvy.exe
  2⤵
  PID:8052
- C:\Windows\System\PeSQtzj.exe
  C:\Windows\System\PeSQtzj.exe
  2⤵
  PID:8048
- C:\Windows\System\XRyawLK.exe
  C:\Windows\System\XRyawLK.exe
  2⤵
  PID:8116
- C:\Windows\System\zmKhBQL.exe
  C:\Windows\System\zmKhBQL.exe
  2⤵
  PID:8184
- C:\Windows\System\tOzAGSM.exe
  C:\Windows\System\tOzAGSM.exe
  2⤵
  PID:8172
- C:\Windows\System\ihKusop.exe
  C:\Windows\System\ihKusop.exe
  2⤵
  PID:7192
- C:\Windows\System\uckURHd.exe
  C:\Windows\System\uckURHd.exe
  2⤵
  PID:7228
- C:\Windows\System\jwFgdWL.exe
  C:\Windows\System\jwFgdWL.exe
  2⤵
  PID:7312
- C:\Windows\System\miEOiNu.exe
  C:\Windows\System\miEOiNu.exe
  2⤵
  PID:7328
- C:\Windows\System\pMGSCHO.exe
  C:\Windows\System\pMGSCHO.exe
  2⤵
  PID:7408
- C:\Windows\System\bEFtUdL.exe
  C:\Windows\System\bEFtUdL.exe
  2⤵
  PID:7460
- C:\Windows\System\VCzBTtc.exe
  C:\Windows\System\VCzBTtc.exe
  2⤵
  PID:7548
- C:\Windows\System\wRMWtYV.exe
  C:\Windows\System\wRMWtYV.exe
  2⤵
  PID:7628
- C:\Windows\System\BpaGSZp.exe
  C:\Windows\System\BpaGSZp.exe
  2⤵
  PID:7644
- C:\Windows\System\ychpASK.exe
  C:\Windows\System\ychpASK.exe
  2⤵
  PID:7652
- C:\Windows\System\olsORZy.exe
  C:\Windows\System\olsORZy.exe
  2⤵
  PID:1672
- C:\Windows\System\dBuEQLm.exe
  C:\Windows\System\dBuEQLm.exe
  2⤵
  PID:844
- C:\Windows\System\jVJTLce.exe
  C:\Windows\System\jVJTLce.exe
  2⤵
  PID:7724
- C:\Windows\System\sQSTneP.exe
  C:\Windows\System\sQSTneP.exe
  2⤵
  PID:7748
- C:\Windows\System\YIluUDb.exe
  C:\Windows\System\YIluUDb.exe
  2⤵
  PID:7852
- C:\Windows\System\YnGIgLm.exe
  C:\Windows\System\YnGIgLm.exe
  2⤵
  PID:7908
- C:\Windows\System\FmorcEC.exe
  C:\Windows\System\FmorcEC.exe
  2⤵
  PID:7948
- C:\Windows\System\yYgeLhU.exe
  C:\Windows\System\yYgeLhU.exe
  2⤵
  PID:8028
- C:\Windows\System\wxEqSYK.exe
  C:\Windows\System\wxEqSYK.exe
  2⤵
  PID:8096
- C:\Windows\System\gvrDvoR.exe
  C:\Windows\System\gvrDvoR.exe
  2⤵
  PID:8120
- C:\Windows\System\BrSvudx.exe
  C:\Windows\System\BrSvudx.exe
  2⤵
  PID:2536
- C:\Windows\System\bUdjFVa.exe
  C:\Windows\System\bUdjFVa.exe
  2⤵
  PID:8168
- C:\Windows\System\bZcZhlQ.exe
  C:\Windows\System\bZcZhlQ.exe
  2⤵
  PID:7324
- C:\Windows\System\FPKIGAn.exe
  C:\Windows\System\FPKIGAn.exe
  2⤵
  PID:7284
- C:\Windows\System\HhKQdtw.exe
  C:\Windows\System\HhKQdtw.exe
  2⤵
  PID:7456
- C:\Windows\System\NWFMikg.exe
  C:\Windows\System\NWFMikg.exe
  2⤵
  PID:7576
- C:\Windows\System\zWSGxrW.exe
  C:\Windows\System\zWSGxrW.exe
  2⤵
  PID:2644
- C:\Windows\System\GOVhHif.exe
  C:\Windows\System\GOVhHif.exe
  2⤵
  PID:7820
- C:\Windows\System\WDqoWmX.exe
  C:\Windows\System\WDqoWmX.exe
  2⤵
  PID:7744
- C:\Windows\System\FtdVtMX.exe
  C:\Windows\System\FtdVtMX.exe
  2⤵
  PID:7648
- C:\Windows\System\HeQTkXg.exe
  C:\Windows\System\HeQTkXg.exe
  2⤵
  PID:7996
- C:\Windows\System\zqcYHEi.exe
  C:\Windows\System\zqcYHEi.exe
  2⤵
  PID:7968
- C:\Windows\System\XglVQGW.exe
  C:\Windows\System\XglVQGW.exe
  2⤵
  PID:8084
- C:\Windows\System\FQavPCe.exe
  C:\Windows\System\FQavPCe.exe
  2⤵
  PID:7248
- C:\Windows\System\cNKYHrK.exe
  C:\Windows\System\cNKYHrK.exe
  2⤵
  PID:7308
- C:\Windows\System\UuIuQIc.exe
  C:\Windows\System\UuIuQIc.exe
  2⤵
  PID:7424
- C:\Windows\System\ZCeJFVt.exe
  C:\Windows\System\ZCeJFVt.exe
  2⤵
  PID:7700
- C:\Windows\System\gNeUczf.exe
  C:\Windows\System\gNeUczf.exe
  2⤵
  PID:7880
- C:\Windows\System\DqCBxpQ.exe
  C:\Windows\System\DqCBxpQ.exe
  2⤵
  PID:7952
- C:\Windows\System\Ephqeya.exe
  C:\Windows\System\Ephqeya.exe
  2⤵
  PID:8164
- C:\Windows\System\WddxhTy.exe
  C:\Windows\System\WddxhTy.exe
  2⤵
  PID:8060
- C:\Windows\System\IVApTWz.exe
  C:\Windows\System\IVApTWz.exe
  2⤵
  PID:7428
- C:\Windows\System\tjgQuur.exe
  C:\Windows\System\tjgQuur.exe
  2⤵
  PID:1044
- C:\Windows\System\ZlSZsBV.exe
  C:\Windows\System\ZlSZsBV.exe
  2⤵
  PID:1060
- C:\Windows\System\eghPauL.exe
  C:\Windows\System\eghPauL.exe
  2⤵
  PID:7556
- C:\Windows\System\ewEzbRj.exe
  C:\Windows\System\ewEzbRj.exe
  2⤵
  PID:7828
- C:\Windows\System\CCFbjAv.exe
  C:\Windows\System\CCFbjAv.exe
  2⤵
  PID:8080
- C:\Windows\System\yyYiHul.exe
  C:\Windows\System\yyYiHul.exe
  2⤵
  PID:7476
- C:\Windows\System\gvPVACY.exe
  C:\Windows\System\gvPVACY.exe
  2⤵
  PID:7332
- C:\Windows\System\uDASiUo.exe
  C:\Windows\System\uDASiUo.exe
  2⤵
  PID:8200
- C:\Windows\System\joONMCV.exe
  C:\Windows\System\joONMCV.exe
  2⤵
  PID:8216
- C:\Windows\System\WLeTlxb.exe
  C:\Windows\System\WLeTlxb.exe
  2⤵
  PID:8248
- C:\Windows\System\GWrlBgW.exe
  C:\Windows\System\GWrlBgW.exe
  2⤵
  PID:8264
- C:\Windows\System\BxpUTIU.exe
  C:\Windows\System\BxpUTIU.exe
  2⤵
  PID:8284
- C:\Windows\System\EiybJaM.exe
  C:\Windows\System\EiybJaM.exe
  2⤵
  PID:8304
- C:\Windows\System\BHPDIcL.exe
  C:\Windows\System\BHPDIcL.exe
  2⤵
  PID:8328
- C:\Windows\System\VddwPtF.exe
  C:\Windows\System\VddwPtF.exe
  2⤵
  PID:8344
- C:\Windows\System\bfJSMuV.exe
  C:\Windows\System\bfJSMuV.exe
  2⤵
  PID:8360
- C:\Windows\System\ACBTUYH.exe
  C:\Windows\System\ACBTUYH.exe
  2⤵
  PID:8380
- C:\Windows\System\RJLtLAY.exe
  C:\Windows\System\RJLtLAY.exe
  2⤵
  PID:8396
- C:\Windows\System\fBFZOOw.exe
  C:\Windows\System\fBFZOOw.exe
  2⤵
  PID:8416
- C:\Windows\System\IqSHYqP.exe
  C:\Windows\System\IqSHYqP.exe
  2⤵
  PID:8432
- C:\Windows\System\cijtUcf.exe
  C:\Windows\System\cijtUcf.exe
  2⤵
  PID:8448
- C:\Windows\System\nklfsvx.exe
  C:\Windows\System\nklfsvx.exe
  2⤵
  PID:8472
- C:\Windows\System\LaclHvP.exe
  C:\Windows\System\LaclHvP.exe
  2⤵
  PID:8496
- C:\Windows\System\HTJCzae.exe
  C:\Windows\System\HTJCzae.exe
  2⤵
  PID:8512
- C:\Windows\System\NkifeWw.exe
  C:\Windows\System\NkifeWw.exe
  2⤵
  PID:8528
- C:\Windows\System\fNilAUC.exe
  C:\Windows\System\fNilAUC.exe
  2⤵
  PID:8544
- C:\Windows\System\ClhhxNX.exe
  C:\Windows\System\ClhhxNX.exe
  2⤵
  PID:8568
- C:\Windows\System\DWtFKXp.exe
  C:\Windows\System\DWtFKXp.exe
  2⤵
  PID:8584
- C:\Windows\System\YQZjalg.exe
  C:\Windows\System\YQZjalg.exe
  2⤵
  PID:8612
- C:\Windows\System\qmdAxVK.exe
  C:\Windows\System\qmdAxVK.exe
  2⤵
  PID:8628
- C:\Windows\System\cgfkaiG.exe
  C:\Windows\System\cgfkaiG.exe
  2⤵
  PID:8652
- C:\Windows\System\juZCExX.exe
  C:\Windows\System\juZCExX.exe
  2⤵
  PID:8672
- C:\Windows\System\nnrFxgM.exe
  C:\Windows\System\nnrFxgM.exe
  2⤵
  PID:8688
- C:\Windows\System\eKZcliE.exe
  C:\Windows\System\eKZcliE.exe
  2⤵
  PID:8704
- C:\Windows\System\NhqONie.exe
  C:\Windows\System\NhqONie.exe
  2⤵
  PID:8720
- C:\Windows\System\HMBzWHj.exe
  C:\Windows\System\HMBzWHj.exe
  2⤵
  PID:8740
- C:\Windows\System\gKKXiXL.exe
  C:\Windows\System\gKKXiXL.exe
  2⤵
  PID:8756
- C:\Windows\System\FWUFczz.exe
  C:\Windows\System\FWUFczz.exe
  2⤵
  PID:8772
- C:\Windows\System\MSpZuMo.exe
  C:\Windows\System\MSpZuMo.exe
  2⤵
  PID:8788
- C:\Windows\System\UErwvrQ.exe
  C:\Windows\System\UErwvrQ.exe
  2⤵
  PID:8808
- C:\Windows\System\AsMYlKO.exe
  C:\Windows\System\AsMYlKO.exe
  2⤵
  PID:8824
- C:\Windows\System\lfbsCAP.exe
  C:\Windows\System\lfbsCAP.exe
  2⤵
  PID:8840
- C:\Windows\System\uTWCSkH.exe
  C:\Windows\System\uTWCSkH.exe
  2⤵
  PID:8856
- C:\Windows\System\ySSzyJk.exe
  C:\Windows\System\ySSzyJk.exe
  2⤵
  PID:8876
- C:\Windows\System\NOeZNqC.exe
  C:\Windows\System\NOeZNqC.exe
  2⤵
  PID:8892
- C:\Windows\System\toNHjva.exe
  C:\Windows\System\toNHjva.exe
  2⤵
  PID:8908
- C:\Windows\System\bOhJKbk.exe
  C:\Windows\System\bOhJKbk.exe
  2⤵
  PID:8932
- C:\Windows\System\sehbpks.exe
  C:\Windows\System\sehbpks.exe
  2⤵
  PID:8964
- C:\Windows\System\sohSUNB.exe
  C:\Windows\System\sohSUNB.exe
  2⤵
  PID:8980
- C:\Windows\System\rwtGvFW.exe
  C:\Windows\System\rwtGvFW.exe
  2⤵
  PID:9000
- C:\Windows\System\iRAlAlA.exe
  C:\Windows\System\iRAlAlA.exe
  2⤵
  PID:9016
- C:\Windows\System\oKsfEIl.exe
  C:\Windows\System\oKsfEIl.exe
  2⤵
  PID:9036
- C:\Windows\System\vLObPlB.exe
  C:\Windows\System\vLObPlB.exe
  2⤵
  PID:9052
- C:\Windows\System\TpChEXV.exe
  C:\Windows\System\TpChEXV.exe
  2⤵
  PID:9072
- C:\Windows\System\NhzkROZ.exe
  C:\Windows\System\NhzkROZ.exe
  2⤵
  PID:9096
- C:\Windows\System\taekCZT.exe
  C:\Windows\System\taekCZT.exe
  2⤵
  PID:9112
- C:\Windows\System\vVIMSBo.exe
  C:\Windows\System\vVIMSBo.exe
  2⤵
  PID:9136
- C:\Windows\System\QTTTOSL.exe
  C:\Windows\System\QTTTOSL.exe
  2⤵
  PID:9152
- C:\Windows\System\ccqqrsL.exe
  C:\Windows\System\ccqqrsL.exe
  2⤵
  PID:9172
- C:\Windows\System\EWkKqAD.exe
  C:\Windows\System\EWkKqAD.exe
  2⤵
  PID:9192
- C:\Windows\System\GszTudE.exe
  C:\Windows\System\GszTudE.exe
  2⤵
  PID:9208
- C:\Windows\System\PAdYrbe.exe
  C:\Windows\System\PAdYrbe.exe
  2⤵
  PID:8196
- C:\Windows\System\keEOJzy.exe
  C:\Windows\System\keEOJzy.exe
  2⤵
  PID:8208
- C:\Windows\System\Dckbrnd.exe
  C:\Windows\System\Dckbrnd.exe
  2⤵
  PID:8276
- C:\Windows\System\HzReCNU.exe
  C:\Windows\System\HzReCNU.exe
  2⤵
  PID:8292
- C:\Windows\System\UexdzAI.exe
  C:\Windows\System\UexdzAI.exe
  2⤵
  PID:8316
- C:\Windows\System\bDJhxsS.exe
  C:\Windows\System\bDJhxsS.exe
  2⤵
  PID:8388
- C:\Windows\System\qceforA.exe
  C:\Windows\System\qceforA.exe
  2⤵
  PID:8428
- C:\Windows\System\QtzOxbo.exe
  C:\Windows\System\QtzOxbo.exe
  2⤵
  PID:8468
- C:\Windows\System\JPSFSks.exe
  C:\Windows\System\JPSFSks.exe
  2⤵
  PID:8540
- C:\Windows\System\AHgrcPC.exe
  C:\Windows\System\AHgrcPC.exe
  2⤵
  PID:8624
- C:\Windows\System\AyCMeqA.exe
  C:\Windows\System\AyCMeqA.exe
  2⤵
  PID:8408
- C:\Windows\System\AXugNpK.exe
  C:\Windows\System\AXugNpK.exe
  2⤵
  PID:8660
- C:\Windows\System\XREnoXF.exe
  C:\Windows\System\XREnoXF.exe
  2⤵
  PID:8404
- C:\Windows\System\ujUysua.exe
  C:\Windows\System\ujUysua.exe
  2⤵
  PID:8556
- C:\Windows\System\slLvBjF.exe
  C:\Windows\System\slLvBjF.exe
  2⤵
  PID:8800
- C:\Windows\System\mCrMZgt.exe
  C:\Windows\System\mCrMZgt.exe
  2⤵
  PID:8864
- C:\Windows\System\dbdWvEK.exe
  C:\Windows\System\dbdWvEK.exe
  2⤵
  PID:8900
- C:\Windows\System\sUpTQOo.exe
  C:\Windows\System\sUpTQOo.exe
  2⤵
  PID:8888
- C:\Windows\System\cYZiyPf.exe
  C:\Windows\System\cYZiyPf.exe
  2⤵
  PID:8924
- C:\Windows\System\FnulkZo.exe
  C:\Windows\System\FnulkZo.exe
  2⤵
  PID:8976
- C:\Windows\System\EHzqSMA.exe
  C:\Windows\System\EHzqSMA.exe
  2⤵
  PID:9012
- C:\Windows\System\sbKGQZI.exe
  C:\Windows\System\sbKGQZI.exe
  2⤵
  PID:9060
- C:\Windows\System\gXZtFza.exe
  C:\Windows\System\gXZtFza.exe
  2⤵
  PID:9080
- C:\Windows\System\iQzzGla.exe
  C:\Windows\System\iQzzGla.exe
  2⤵
  PID:9128
- C:\Windows\System\aIsFgze.exe
  C:\Windows\System\aIsFgze.exe
  2⤵
  PID:9144
- C:\Windows\System\ycJcfvj.exe
  C:\Windows\System\ycJcfvj.exe
  2⤵
  PID:9164
- C:\Windows\System\QNwOPeb.exe
  C:\Windows\System\QNwOPeb.exe
  2⤵
  PID:7800
- C:\Windows\System\OUDHwsm.exe
  C:\Windows\System\OUDHwsm.exe
  2⤵
  PID:8224
- C:\Windows\System\ecsNCKE.exe
  C:\Windows\System\ecsNCKE.exe
  2⤵
  PID:8280
- C:\Windows\System\jAdYzTL.exe
  C:\Windows\System\jAdYzTL.exe
  2⤵
  PID:8424
- C:\Windows\System\jolPtDc.exe
  C:\Windows\System\jolPtDc.exe
  2⤵
  PID:8460
- C:\Windows\System\ndJQZOY.exe
  C:\Windows\System\ndJQZOY.exe
  2⤵
  PID:8340
- C:\Windows\System\tYwRsSW.exe
  C:\Windows\System\tYwRsSW.exe
  2⤵
  PID:8620
- C:\Windows\System\FjXXayp.exe
  C:\Windows\System\FjXXayp.exe
  2⤵
  PID:8372
- C:\Windows\System\YbmejVD.exe
  C:\Windows\System\YbmejVD.exe
  2⤵
  PID:8596
- C:\Windows\System\dmtahuU.exe
  C:\Windows\System\dmtahuU.exe
  2⤵
  PID:956
- C:\Windows\System\qAcsCHP.exe
  C:\Windows\System\qAcsCHP.exe
  2⤵
  PID:8480
- C:\Windows\System\OjOHpsZ.exe
  C:\Windows\System\OjOHpsZ.exe
  2⤵
  PID:9032
- C:\Windows\System\gsPchyZ.exe
  C:\Windows\System\gsPchyZ.exe
  2⤵
  PID:8712
- C:\Windows\System\kqcLvAW.exe
  C:\Windows\System\kqcLvAW.exe
  2⤵
  PID:8768
- C:\Windows\System\OrGJWIc.exe
  C:\Windows\System\OrGJWIc.exe
  2⤵
  PID:8820
- C:\Windows\System\BSlLnmn.exe
  C:\Windows\System\BSlLnmn.exe
  2⤵
  PID:8592
- C:\Windows\System\SdAZNVQ.exe
  C:\Windows\System\SdAZNVQ.exe
  2⤵
  PID:8816
- C:\Windows\System\XfIYZyQ.exe
  C:\Windows\System\XfIYZyQ.exe
  2⤵
  PID:8940
- C:\Windows\System\hFCbSWo.exe
  C:\Windows\System\hFCbSWo.exe
  2⤵
  PID:8884
- C:\Windows\System\sKHFpkt.exe
  C:\Windows\System\sKHFpkt.exe
  2⤵
  PID:9064
- C:\Windows\System\EshlsEf.exe
  C:\Windows\System\EshlsEf.exe
  2⤵
  PID:9044
- C:\Windows\System\YxupXAK.exe
  C:\Windows\System\YxupXAK.exe
  2⤵
  PID:9092
- C:\Windows\System\FXutsrB.exe
  C:\Windows\System\FXutsrB.exe
  2⤵
  PID:8236
- C:\Windows\System\NnfuLXR.exe
  C:\Windows\System\NnfuLXR.exe
  2⤵
  PID:8464
- C:\Windows\System\TcigDzY.exe
  C:\Windows\System\TcigDzY.exe
  2⤵
  PID:9184
- C:\Windows\System\tCLmIRh.exe
  C:\Windows\System\tCLmIRh.exe
  2⤵
  PID:8312
- C:\Windows\System\vKsbBdf.exe
  C:\Windows\System\vKsbBdf.exe
  2⤵
  PID:8508
- C:\Windows\System\LGTREgo.exe
  C:\Windows\System\LGTREgo.exe
  2⤵
  PID:8644
- C:\Windows\System\pvYtrDt.exe
  C:\Windows\System\pvYtrDt.exe
  2⤵
  PID:1020
- C:\Windows\System\DiqbcYu.exe
  C:\Windows\System\DiqbcYu.exe
  2⤵
  PID:8700
- C:\Windows\System\NJWUblQ.exe
  C:\Windows\System\NJWUblQ.exe
  2⤵
  PID:2620
- C:\Windows\System\uvYQrzp.exe
  C:\Windows\System\uvYQrzp.exe
  2⤵
  PID:8836
- C:\Windows\System\LPTogUI.exe
  C:\Windows\System\LPTogUI.exe
  2⤵
  PID:8736
- C:\Windows\System\emZAiAL.exe
  C:\Windows\System\emZAiAL.exe
  2⤵
  PID:8868
- C:\Windows\System\mQPeBbc.exe
  C:\Windows\System\mQPeBbc.exe
  2⤵
  PID:9024
- C:\Windows\System\oQrehod.exe
  C:\Windows\System\oQrehod.exe
  2⤵
  PID:8044
- C:\Windows\System\HmByNXN.exe
  C:\Windows\System\HmByNXN.exe
  2⤵
  PID:8260
- C:\Windows\System\GPxLWOz.exe
  C:\Windows\System\GPxLWOz.exe
  2⤵
  PID:8488
- C:\Windows\System\SWaALMW.exe
  C:\Windows\System\SWaALMW.exe
  2⤵
  PID:1520
- C:\Windows\System\EHRjVmX.exe
  C:\Windows\System\EHRjVmX.exe
  2⤵
  PID:8524
- C:\Windows\System\TqDtxJf.exe
  C:\Windows\System\TqDtxJf.exe
  2⤵
  PID:8728
- C:\Windows\System\IPtRbyX.exe
  C:\Windows\System\IPtRbyX.exe
  2⤵
  PID:8784
- C:\Windows\System\ZjUGyvA.exe
  C:\Windows\System\ZjUGyvA.exe
  2⤵
  PID:8948
- C:\Windows\System\RcfGrWV.exe
  C:\Windows\System\RcfGrWV.exe
  2⤵
  PID:8796
- C:\Windows\System\hwhpiPP.exe
  C:\Windows\System\hwhpiPP.exe
  2⤵
  PID:8240
- C:\Windows\System\eRuIxqF.exe
  C:\Windows\System\eRuIxqF.exe
  2⤵
  PID:8392
- C:\Windows\System\sZiyMfX.exe
  C:\Windows\System\sZiyMfX.exe
  2⤵
  PID:9160
- C:\Windows\System\SgoCgqP.exe
  C:\Windows\System\SgoCgqP.exe
  2⤵
  PID:8444
- C:\Windows\System\eHadqBo.exe
  C:\Windows\System\eHadqBo.exe
  2⤵
  PID:952
- C:\Windows\System\IbagUqB.exe
  C:\Windows\System\IbagUqB.exe
  2⤵
  PID:9204
- C:\Windows\System\KtRswtc.exe
  C:\Windows\System\KtRswtc.exe
  2⤵
  PID:8608
- C:\Windows\System\iHLCyUt.exe
  C:\Windows\System\iHLCyUt.exe
  2⤵
  PID:8944
- C:\Windows\System\RpMTPMb.exe
  C:\Windows\System\RpMTPMb.exe
  2⤵
  PID:9120
- C:\Windows\System\pcSrZhq.exe
  C:\Windows\System\pcSrZhq.exe
  2⤵
  PID:3012
- C:\Windows\System\eClchAB.exe
  C:\Windows\System\eClchAB.exe
  2⤵
  PID:8492
- C:\Windows\System\NDBTGBw.exe
  C:\Windows\System\NDBTGBw.exe
  2⤵
  PID:8956
- C:\Windows\System\Omjtjph.exe
  C:\Windows\System\Omjtjph.exe
  2⤵
  PID:9232
- C:\Windows\System\YPKMMFL.exe
  C:\Windows\System\YPKMMFL.exe
  2⤵
  PID:9248
- C:\Windows\System\cxyZmhC.exe
  C:\Windows\System\cxyZmhC.exe
  2⤵
  PID:9272
- C:\Windows\System\hPMaqwk.exe
  C:\Windows\System\hPMaqwk.exe
  2⤵
  PID:9288
- C:\Windows\System\ysggTju.exe
  C:\Windows\System\ysggTju.exe
  2⤵
  PID:9316
- C:\Windows\System\lszRLqV.exe
  C:\Windows\System\lszRLqV.exe
  2⤵
  PID:9332
- C:\Windows\System\quhyKUW.exe
  C:\Windows\System\quhyKUW.exe
  2⤵
  PID:9352
- C:\Windows\System\ItuMLeQ.exe
  C:\Windows\System\ItuMLeQ.exe
  2⤵
  PID:9376
- C:\Windows\System\OgMeKhf.exe
  C:\Windows\System\OgMeKhf.exe
  2⤵
  PID:9392
- C:\Windows\System\OVwQuFO.exe
  C:\Windows\System\OVwQuFO.exe
  2⤵
  PID:9412
- C:\Windows\System\gHRORJg.exe
  C:\Windows\System\gHRORJg.exe
  2⤵
  PID:9428
- C:\Windows\System\VxDpAtO.exe
  C:\Windows\System\VxDpAtO.exe
  2⤵
  PID:9448
- C:\Windows\System\BfZdIxJ.exe
  C:\Windows\System\BfZdIxJ.exe
  2⤵
  PID:9476
- C:\Windows\System\UsewCqL.exe
  C:\Windows\System\UsewCqL.exe
  2⤵
  PID:9492
- C:\Windows\System\pFYidXh.exe
  C:\Windows\System\pFYidXh.exe
  2⤵
  PID:9516
- C:\Windows\System\RuPbCbR.exe
  C:\Windows\System\RuPbCbR.exe
  2⤵
  PID:9532
- C:\Windows\System\WROhpga.exe
  C:\Windows\System\WROhpga.exe
  2⤵
  PID:9556
- C:\Windows\System\ZgTvXim.exe
  C:\Windows\System\ZgTvXim.exe
  2⤵
  PID:9572
- C:\Windows\System\wdiyciM.exe
  C:\Windows\System\wdiyciM.exe
  2⤵
  PID:9596
- C:\Windows\System\RkCMIPL.exe
  C:\Windows\System\RkCMIPL.exe
  2⤵
  PID:9612
- C:\Windows\System\MkqaNjV.exe
  C:\Windows\System\MkqaNjV.exe
  2⤵
  PID:9632
- C:\Windows\System\YocHqVk.exe
  C:\Windows\System\YocHqVk.exe
  2⤵
  PID:9652
- C:\Windows\System\bjXggBo.exe
  C:\Windows\System\bjXggBo.exe
  2⤵
  PID:9676
- C:\Windows\System\ALVvaCs.exe
  C:\Windows\System\ALVvaCs.exe
  2⤵
  PID:9692
- C:\Windows\System\tZjSlQn.exe
  C:\Windows\System\tZjSlQn.exe
  2⤵
  PID:9712
- C:\Windows\System\wiQAZoP.exe
  C:\Windows\System\wiQAZoP.exe
  2⤵
  PID:9728
- C:\Windows\System\PChOeeG.exe
  C:\Windows\System\PChOeeG.exe
  2⤵
  PID:9756
- C:\Windows\System\yjneusD.exe
  C:\Windows\System\yjneusD.exe
  2⤵
  PID:9772
- C:\Windows\System\dTETDkM.exe
  C:\Windows\System\dTETDkM.exe
  2⤵
  PID:9788
- C:\Windows\System\LDHgzVj.exe
  C:\Windows\System\LDHgzVj.exe
  2⤵
  PID:9804
- C:\Windows\System\uEZuqzn.exe
  C:\Windows\System\uEZuqzn.exe
  2⤵
  PID:9836
- C:\Windows\System\WgQFhGw.exe
  C:\Windows\System\WgQFhGw.exe
  2⤵
  PID:9856
- C:\Windows\System\EcwVLbD.exe
  C:\Windows\System\EcwVLbD.exe
  2⤵
  PID:9876
- C:\Windows\System\EVZccQn.exe
  C:\Windows\System\EVZccQn.exe
  2⤵
  PID:9896
- C:\Windows\System\lMvmfwO.exe
  C:\Windows\System\lMvmfwO.exe
  2⤵
  PID:9920
- C:\Windows\System\dNxNCYL.exe
  C:\Windows\System\dNxNCYL.exe
  2⤵
  PID:9936
- C:\Windows\System\hAPUnHC.exe
  C:\Windows\System\hAPUnHC.exe
  2⤵
  PID:9956
- C:\Windows\System\onPHYjm.exe
  C:\Windows\System\onPHYjm.exe
  2⤵
  PID:9976
- C:\Windows\System\CocbVsK.exe
  C:\Windows\System\CocbVsK.exe
  2⤵
  PID:10000
- C:\Windows\System\dUhtSrU.exe
  C:\Windows\System\dUhtSrU.exe
  2⤵
  PID:10020
- C:\Windows\System\RBOEVoA.exe
  C:\Windows\System\RBOEVoA.exe
  2⤵
  PID:10040
- C:\Windows\System\fGdeTiQ.exe
  C:\Windows\System\fGdeTiQ.exe
  2⤵
  PID:10064
- C:\Windows\System\LFySgde.exe
  C:\Windows\System\LFySgde.exe
  2⤵
  PID:10084
- C:\Windows\System\oSytkYG.exe
  C:\Windows\System\oSytkYG.exe
  2⤵
  PID:10100
- C:\Windows\System\kOTHxcc.exe
  C:\Windows\System\kOTHxcc.exe
  2⤵
  PID:10116
- C:\Windows\System\HVtzwXT.exe
  C:\Windows\System\HVtzwXT.exe
  2⤵
  PID:10136
- C:\Windows\System\GWZkaRR.exe
  C:\Windows\System\GWZkaRR.exe
  2⤵
  PID:10164
- C:\Windows\System\AoLimXq.exe
  C:\Windows\System\AoLimXq.exe
  2⤵
  PID:10200
- C:\Windows\System\nFjlqrY.exe
  C:\Windows\System\nFjlqrY.exe
  2⤵
  PID:10216
- C:\Windows\System\IAZpkdw.exe
  C:\Windows\System\IAZpkdw.exe
  2⤵
  PID:10232
- C:\Windows\System\QlKQiHG.exe
  C:\Windows\System\QlKQiHG.exe
  2⤵
  PID:9008
- C:\Windows\System\wHTObxg.exe
  C:\Windows\System\wHTObxg.exe
  2⤵
  PID:9264
- C:\Windows\System\GULDExX.exe
  C:\Windows\System\GULDExX.exe
  2⤵
  PID:9304
- C:\Windows\System\BIndMlp.exe
  C:\Windows\System\BIndMlp.exe
  2⤵
  PID:9284
- C:\Windows\System\gJfPFtd.exe
  C:\Windows\System\gJfPFtd.exe
  2⤵
  PID:9340
- C:\Windows\System\TggqZzY.exe
  C:\Windows\System\TggqZzY.exe
  2⤵
  PID:9364
- C:\Windows\System\iKzJMvL.exe
  C:\Windows\System\iKzJMvL.exe
  2⤵
  PID:9372
- C:\Windows\System\LyukKBJ.exe
  C:\Windows\System\LyukKBJ.exe
  2⤵
  PID:9404
- C:\Windows\System\wEeCYkJ.exe
  C:\Windows\System\wEeCYkJ.exe
  2⤵
  PID:9444
- C:\Windows\System\qtrlCad.exe
  C:\Windows\System\qtrlCad.exe
  2⤵
  PID:9408
- C:\Windows\System\lqNJqAb.exe
  C:\Windows\System\lqNJqAb.exe
  2⤵
  PID:9484
- C:\Windows\System\xseNrzu.exe
  C:\Windows\System\xseNrzu.exe
  2⤵
  PID:9512
- C:\Windows\System\HWaYJYo.exe
  C:\Windows\System\HWaYJYo.exe
  2⤵
  PID:9544
- C:\Windows\System\VuEckiC.exe
  C:\Windows\System\VuEckiC.exe
  2⤵
  PID:9568
- C:\Windows\System\cTiEHaS.exe
  C:\Windows\System\cTiEHaS.exe
  2⤵
  PID:9620
- C:\Windows\System\jgiZcvA.exe
  C:\Windows\System\jgiZcvA.exe
  2⤵
  PID:9608
- C:\Windows\System\MQRoqtt.exe
  C:\Windows\System\MQRoqtt.exe
  2⤵
  PID:9644
- C:\Windows\System\XEJJKrf.exe
  C:\Windows\System\XEJJKrf.exe
  2⤵
  PID:9700
- C:\Windows\System\IRvsNkM.exe
  C:\Windows\System\IRvsNkM.exe
  2⤵
  PID:9720
- C:\Windows\System\YTFxbzT.exe
  C:\Windows\System\YTFxbzT.exe
  2⤵
  PID:9744
- C:\Windows\System\CJUvsJe.exe
  C:\Windows\System\CJUvsJe.exe
  2⤵
  PID:9800
- C:\Windows\System\JDjiEvT.exe
  C:\Windows\System\JDjiEvT.exe
  2⤵
  PID:9816
- C:\Windows\System\EiKZMkv.exe
  C:\Windows\System\EiKZMkv.exe
  2⤵
  PID:9764
- C:\Windows\System\cBFilPI.exe
  C:\Windows\System\cBFilPI.exe
  2⤵
  PID:9260
- C:\Windows\System\kbRwhjh.exe
  C:\Windows\System\kbRwhjh.exe
  2⤵
  PID:9872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CFwwKPb.exe

Filesize
6.0MB

MD5
5ee5ae31b57e5ec0324192bda4d75be9

SHA1
7fb32110da79853a4b81fb2ef7a501c38f78197b

SHA256
943f6ff7c7f19094d3829e93984cca3e1bc155ec17f304cf466a2bf48f67b15c

SHA512
6d6ef6f371f9bde7653df26785058690c90619fb52c60e15fefdb3bf4010e6743d8566b3f519c785d778d84e968e74e92920a4b31dca7b647a52e19847b13c5d

Download Submit
C:\Windows\system\DDlcDeJ.exe

Filesize
6.0MB

MD5
db7438fd4c1e6b19738f6b7302e948e2

SHA1
4e5b80d494587c2ec38d2e76cd255b959f93c22e

SHA256
b59a142cdf1e26aa70995021db8ca809647db1a0a86ca1fe7ec53f76830bdde2

SHA512
8eed14c4f3b73aa3893592e77681a9a35b30005e0a30963ac5b0c8cadf39d4507c5388b5ba7b534f5420af7a1f532f7820b4f348fcb883efce60e4a814540799

Download Submit
C:\Windows\system\EkHgUUV.exe

Filesize
6.0MB

MD5
4c717d914a3311cdb87331420c08959e

SHA1
ed9e7fdaf3e57f515adc3f996963f264373da0c7

SHA256
fe02269fc0c1e2147afeeab5622447d80780f4c1236d421162f6402d3d74b484

SHA512
11d22d16240b753603b88cd311c61eff33127f7934b8de9dde42e9775a74a0b07c9f28880531f228fe6f0ffa5db8abec310d44448cfe9dd763aca1ede9e516a6

Download Submit
C:\Windows\system\EsOELiR.exe

Filesize
6.0MB

MD5
7494a779a8af939745e2ee02fa5cbe5c

SHA1
fcd5c0329fcc306970a9f0151dce23af9b0a4ed8

SHA256
53d7943473dba4de9734736911ad185493502e89a9ef07af9a80870b534452d3

SHA512
b7e36f1a98bae1a3f00d49ef3d246eac8cb5474b2b79b42c65796926671666f496afb99bd57cd1784559d15ac18b2d7564b16f3bd1825ed82fb0f44baec7a9fe

Download Submit
C:\Windows\system\GBomvTg.exe

Filesize
6.0MB

MD5
15beea6c92224c126309b565bdbf0c3e

SHA1
77947c7306467bbb5acdead52818e5c68cbd8ec7

SHA256
1a1c4bb16301bdb3cc464f3914b3ce934e8f3fb74d1781e6e6de02e6e3cdd6ec

SHA512
1732d7e97d10cb177295e3610c903c60481bac7f422a7e1c8dd4ead4289d806a8fd7f12b831a7d2dc82a2e70c28ce1480a3ed3123d5b46f96e8d22d63adc3676

Download Submit
C:\Windows\system\HQSqcPk.exe

Filesize
6.0MB

MD5
39a26c7381a0875db52b650647927b88

SHA1
672773c79005ed54e8040d22cea366dd4bd5e2fe

SHA256
db696b3d65d630f4eee3a28db7ce17fb78763b76d04596a7258ea9b2f7586161

SHA512
ed76a441f9e4d48554c4a2e284d2c011985376623370e036876cbe0cbe023155dfc211c2707d2892bd9938f9f6fbb427c4b85085f808c764a759ae0e834827ba

Download Submit
C:\Windows\system\IvnZjxG.exe

Filesize
6.0MB

MD5
475b75b0449efcf772260b3d57b7c9ef

SHA1
78e0506e0877b5fc2343a3eb281b6c83c2e34cd7

SHA256
690b1655b09f5cff7af38f99991d21c12efa2fc89e55ca581baf5e3eaac9f625

SHA512
80d9bd79a7a5264ad95bacd90192fb97f9af866e6fdd84e91b7b4ebba8b8fd5ac3e150656920b3a02563e90fd4e03e9ae9972522c3422e13f7220dd359173958

Download Submit
C:\Windows\system\KFSjRAB.exe

Filesize
6.0MB

MD5
9f7beaa761445edb39ed6b959a6a4dc6

SHA1
336a8137c4714a0ee7715101599d57f869b9ae88

SHA256
e790b6a644ef854ac7d30f71c48daa85d80c56428a79e50b28e2d795e296b391

SHA512
73a791b5e991c4447a4311eed72a6f53887b460567c3b42c5247070e9f49dd95027f1d2aafdee09840714fb1b42f677b3a997e499eca2cb942844719a0e85fd5

Download Submit
C:\Windows\system\KGooRYi.exe

Filesize
6.0MB

MD5
341e978eb74829ee08dec5ef525f65c8

SHA1
1dcec2c8937db18b246b33e44b2ebb82b030578d

SHA256
fb97e41ac15d5dd548d464c5a294673584757c68c8485f28f33df0fb0b083ece

SHA512
e98e1a941cb49879893ef0acd61369ab8a421a3266840077051ee3710184d6c27314e674aeeae90e0c6591e3f4cf6993ae9b8afd91d7df6373089da836f39556

Download Submit
C:\Windows\system\MCXdvVB.exe

Filesize
6.0MB

MD5
24e17db9ef4b4b1b9f667afc9f52335d

SHA1
05451bce99d636b1a740268d8b41f0154ff6b284

SHA256
0d602464d819790dba2c48a0d332524c7755fd2772fe239d0991fa79c992eb8a

SHA512
5ee8574573712e66bb3acf12704e2a6362b3e7acaf30bace2051067fd1d2ea951fa291a2690c37c08fbd6e4ef3045ddc7fc2f9cad65b37cc4c018e8798c6b2b6

Download Submit
C:\Windows\system\OCjISVp.exe

Filesize
6.0MB

MD5
7f992f17f86f990275c4df8b251f2e9e

SHA1
f170f9e45061e9464dc2f5adb9ed19d9d1299455

SHA256
1f48f5ef74ca5502b28fa10c13bda5a491ae05ad51533e20518a9a393788152c

SHA512
b8ce2369768bcf777363a20a742c4094ca16e229cc3e447f8d006295d35c6970c0b83165d5b46315bf2b16dac8fd6627ca82b9dcd8a655723513650724763cd9

Download Submit
C:\Windows\system\OIoWwQT.exe

Filesize
6.0MB

MD5
ea612e7bef9f79d6481535a60e28b30f

SHA1
4ff1fe3eff2b4f897943b64c8768588190508e69

SHA256
b439f848de6af5a74140c5928668113a7130cd0e188ae5b479125259bce5f852

SHA512
1f262bf8614099144fc73c0d770d8063debc6736929001d156c6e46740206348c8f04e1c93a595dfc056a4144bfb1379ad3bbc9e890c309bb75aa296c683c17f

Download Submit
C:\Windows\system\PXQGahH.exe

Filesize
6.0MB

MD5
022919754f88d49e1d09c10a038223aa

SHA1
e250ea581eda5c3fe93fb297786270f5decb8431

SHA256
746e854f0a6be80e10a50fa271af1dacc663e533644df6ca020d238b64939c4d

SHA512
e119c31d45714ed6c385e2d51ce123844812ce9dae4970eef31f3b26eb2657ff5d36d08e9532b43bbad1683ca74a12a2260805c580ec58e7ecc25175df596e1a

Download Submit
C:\Windows\system\TXMzVbe.exe

Filesize
6.0MB

MD5
bef55b1ee8f0ae40e3c682372b49abcb

SHA1
51b60944a691ff64d742ac3c79de38142d7384b0

SHA256
1ebb9f3fa8514f079e19ba5b557ac3ef80f55d8a960b9b9b1530e0d6bc2778d4

SHA512
8780a82857f62dac08defd7242091309f23ce44edd445d942109e1b65abc2e7ce22ef9ae48d990574444c010c85f58c43f24f4275c5d063655af0104a8ffd147

Download Submit
C:\Windows\system\YNEsnyH.exe

Filesize
6.0MB

MD5
a023c1be643c3400d143c32397a8d119

SHA1
8a6b970c560c5d81197259acf44b118ea8bb84de

SHA256
66d861d28ff1e80740c469057ae428d8483af416283a5bc05fcf4cdbb4d64d84

SHA512
d8f70ef57ffdc96574642eb511e0d1ae428f810b387bb4e9e91cbc4c99c16161eba7e852719819bd584eddf44aea32ba8d8fe7a91423a26257254027975310bf

Download Submit
C:\Windows\system\ZUCjjtQ.exe

Filesize
6.0MB

MD5
cbb2e7b5b951d9f71e5da98bf0e62d53

SHA1
f6c2a10610fb5054582850423edbea564517feb4

SHA256
236537155998507bd2ba9a6f65dbcc108540a442528b751d0a07929f1efa8385

SHA512
811bb9c1ac6f9b401a2ef30a156d07b287ad602fca8fa3add45c9cb2733802758a69782ecfb9ea7cf3f481dc40f38ad03dd2ad884ed6eceec8dad381f34781b2

Download Submit
C:\Windows\system\atEujpr.exe

Filesize
6.0MB

MD5
8beaa48c697cae66d9345659ffcc12a8

SHA1
0ccd06608807b485bc058714552d10e317e626e3

SHA256
7b49540c712bf44ca3c69b82235df18ff77035b326f9dc3337250d05042a60f3

SHA512
772e5cb63f2711951d346237759c8756b350619b7dab3422cda7bc4476ba30afda17bbf36bf88f537704dd60f200b728fff7de9cf4cd8bac70d1661f1b221591

Download Submit
C:\Windows\system\eLnHpTJ.exe

Filesize
6.0MB

MD5
b0b5be418ba2eeb7cf5f20dfda003052

SHA1
506ef96559e700005acc81ca9e71cc368a353937

SHA256
a4a62dbe973cba4044887e3e7af04cd86f2ecf239e3f84d0b1e2a352b42affdc

SHA512
6660ac9f15d980acaa2f07c371c557eb6f2c2ea207e045be2fc338924df6b9abc4e6b2d0b9eeb0fec8b552464929239289ca689037d049ce1b818186993b8fd0

Download Submit
C:\Windows\system\fylhdmM.exe

Filesize
6.0MB

MD5
255fc2375bdf324a7ca98783c958a894

SHA1
864b6490106fc8253e289facda735d7a122bce0f

SHA256
62d80b925e29fc7ce36a5ece65d89e6cbe2f5f4b9d2169ca10f4ab2684fc136e

SHA512
7ff93d57c8e59a5495898de9ce66c8940f474bbdb168345a176b63589185fc2171f71d812628cdd6bbd4d2746900e10147807e2d682fd896341b1a91c019c471

Download Submit
C:\Windows\system\gTzgLIe.exe

Filesize
6.0MB

MD5
7a47e6ffb29c83b4ae71e663d84803f6

SHA1
66a168e4d44e0e9c6d8209742553f6a3c33ad483

SHA256
8bcf8650907a70f524c4133450e9300f8ed3adc854047173f48e9a27d31b5ae7

SHA512
f7387045f2b40be03f13a7ef3e29d075dd3396a7172f73bcd1a21b519bb589ee2c85bbb2b109c3ac41f606091459b722650fce577f5fbd4145b4b0b56b7c78bb

Download Submit
C:\Windows\system\kXSatHB.exe

Filesize
6.0MB

MD5
980c032625f84d79264097f21910eb0d

SHA1
e2a21875ea7da6178a52449e45eee73a3f169455

SHA256
eaf21a6bad48df1266e103daa590cef21a6aeacb8066e5556d793d1254a34e64

SHA512
f7e2b2fb3a0c7262cdc8496c61ebe487d1a2e9448e82ee15ee63828e17e053e3147770c49f78fa33330d9710246c4a535625f4209acd2f17181429e5fe0d2a08

Download Submit
C:\Windows\system\ngntnxH.exe

Filesize
6.0MB

MD5
34db5e940ef1c28d1160e4b4f82830b9

SHA1
c80268f15e37979a9c1e1e0798417c8a5055bc94

SHA256
7ad10227749936715877b9d8b3c8898da84a2545b290f6041a26f2ca45e9063d

SHA512
e8807955591e454a6c62b47169abaec7229a4f7f274ef22016def5255359eb855336fe421a2116a2c0b231a4a0628befa019c15eaf0b0e8e857129c1380687d3

Download Submit
C:\Windows\system\reZNgNR.exe

Filesize
6.0MB

MD5
2e5e908f2962e24e723e2b4c5879f789

SHA1
a779af8b3c6ffd1e6481b959a773ebcca4198013

SHA256
a00b899f4ec9ec50435031d7ad77e7cc86d155bc48ee0dfcf28abb59403097dc

SHA512
0626408f7570deb940c483eb07909151e1a5ee6e7db91ccb1b3cdbc65d1a551fe220cd119ca36caf4bb94bf495697b3671d14db51ee83ef1fb99a2a2fb56b477

Download Submit
C:\Windows\system\uMlEZBc.exe

Filesize
6.0MB

MD5
baa6ad97e0f0d15127dd023b61fda60c

SHA1
4824fa8219f995aea289102d64ca78d08a82ed6e

SHA256
22c2bdbd616f4c5ede24d913bba0da0dfab2d503199b9f0c5ce5a4c1c41e1ad7

SHA512
0788cdb26e1b10e342918d86686c3f7b5ebf022eb112173b442c3a1d7b10a656743f53a726cbf71e5a3d9148b81e6693e9ac9609cebee02f64cf38a37beaaa69

Download Submit
C:\Windows\system\uykAsjU.exe

Filesize
6.0MB

MD5
58005a9de4f81daec2f31b0bb51a734d

SHA1
793723f87e8d6b3a72f6ea97a06cae0cd28a51c4

SHA256
092552154d0cda940a64b3e75b11e30356df48c01cff8f3b790f970389eb7829

SHA512
562e544cb344353d4ea446293c0039478fe8eaf0759b86f246f750daac1d5d599ccaa340d978757bf8af67b46696af356d99d6880ea9fbb6762749d1c80e5a47

Download Submit
C:\Windows\system\wxGVDpm.exe

Filesize
6.0MB

MD5
8ecf51af0af02113af7af3d873c683d8

SHA1
7fdfda1ea608ea56ba069647ee9d04140fb3f341

SHA256
464444e6ce538c0a65d09c56d8cd87455daf679e6c27b1263975c54e6d6e79a9

SHA512
327c35a249ec166f6cfb67d962223340baf488a512790012c79168e6a70c423697353ec6caedd34e1af411e42906dae6068fe9607a40ec5182c5abe07fe84f37

Download Submit
C:\Windows\system\yzrIYpO.exe

Filesize
6.0MB

MD5
ee37d44687f40535ae60c9eb3dffd73c

SHA1
43986ef486d7d901f6e9945eefe7486ab5abf8f6

SHA256
d3c5d45696c86a69257f4ef00e4833c22f73695cf4beaa67ca1ead3f701b08c9

SHA512
f2b4762b576a451195cbcc6af0e010ffbf9ec8a1c5e3a7fd302f2d451bce9b0fcbfcf52fa174ea6cbcb40aa804294d8cd55b9ebacad12280d731f8ff3c14b51a

Download Submit
\Windows\system\BLSFdUN.exe

Filesize
6.0MB

MD5
49c829886e7fbc78fe7b6c09587cc48d

SHA1
2e8d7f5b9e0f81b2bda16cddb448c689546c125b

SHA256
a2d2d5be5f2cf60e53b61097c3958ee60fc9891b4c6e4e3f03e08ccda0e7f8a9

SHA512
3074f08b5aada5ce7b63f31912dcd4414f1fd271d4c91bb41943a94a222db9ceec7c139b745469275234152151cdf71c67c88d8184d0f3223e34e88e16b78854

Download Submit
\Windows\system\GoEEqSb.exe

Filesize
6.0MB

MD5
6700ae559f3a735add18236999622ffa

SHA1
926fae61492992940704c4525096e54972c57ffd

SHA256
bf96ff284b04249b1a1e715467f63f5c70e6e237978671d4322acbcf4337cb34

SHA512
0aa6979b59f5fba65741835b1390ee57c577557da63f21cfbd8ca7d77f5d60e2107811230fb286a2ed0b623fcad719b15a11a0991817375508be93d9d13036d0

Download Submit
\Windows\system\iEZcwLZ.exe

Filesize
6.0MB

MD5
e84ea67053ad2683343cf224f31e59d5

SHA1
eb8e5405414efc0cb6757f381c74eaa97fc8b243

SHA256
ec7abf7c2ded3fe50cb7c4c8d0023fd982ca588efbbf06d2bf588c84e6dacf03

SHA512
108873fe07f94b6a4d1ab5199a2fc062e65ebe3009f37a4bba30eea2aa85efe9a5748829591902f7fbe3e1143f10d4c308ee7bc348d9ee9613bad8d85bd1389d

Download Submit
\Windows\system\mMqMdHV.exe

Filesize
6.0MB

MD5
bdc62daaf3091391ad661bc9e95f72c2

SHA1
8c3707df7025af6a7528d249b9d5958164345000

SHA256
4da4710bddea53a342514ac51af71cf0fbd4564d0518234376a0f2ffb5ed5390

SHA512
804c4f50e6e12f2ad04490a915425051a573851dbfa5932cd008c885de622362ed35cf791f12ae9803d07ac263c7e4d9af2994ace35d0ce9f85268a628eb3008

Download Submit
\Windows\system\poWOzmJ.exe

Filesize
6.0MB

MD5
bf0759b4954c1e0bc56dc9621efeee2c

SHA1
b9276969a86c15f17b2acd25053aeabf126fedbe

SHA256
95e4da75ecc582978fb0a07284e849edff424dc8545a15ea46363c4213e4cc21

SHA512
4b1d5c395b1bae844b46cb3f13af5d45c092d43fbf45a9205dcf8f90535e5069b57406eb24e4150a4159ef5289e4149a0c9390ebe5b33e3ab2d556798ba930c8

Download Submit
memory/584-58-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/584-1774-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/584-25-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/944-91-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/944-293-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/944-1772-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1316-203-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/1316-83-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/1316-1805-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2024-62-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-26-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-1618-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-57-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-47-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2116-72-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2116-63-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2116-87-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-7-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2116-535-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2116-11-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-104-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2116-96-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2116-105-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2116-113-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2116-27-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-34-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2116-434-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2116-38-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-345-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2116-39-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2116-245-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-95-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2116-54-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2116-0-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-10-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2164-1807-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2164-42-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1773-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-76-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-142-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1643-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-43-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-82-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-51-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2512-90-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1718-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2804-59-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2804-99-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2804-1714-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2900-1588-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-53-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-15-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-396-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1803-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2904-100-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2928-108-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2928-1722-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2928-66-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1770-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2960-36-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2960-75-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/3028-109-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1771-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/3028-486-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download