cobaltstrike | 294d1c61b96a5154dcb153d1c1f4bec8de36bba15203405a710d2b316d0dd113

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
30-01-2025 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

4e15f721c26247ddb4e8bf8726e81728
SHA1

544508019b3cbe1d333005e3aa7c7fbc72801d59
SHA256

294d1c61b96a5154dcb153d1c1f4bec8de36bba15203405a710d2b316d0dd113
SHA512

7159a996ee3c722e79f7a21a08c84f7ec7cf9b69df165fe2cf3e663d890364ceb4fedc1332c3a3f9740d45ae3cbcf6fbc5ce8760cb8d9a33f594fd885230c979
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUl:T+q56utgpPF8u/7l

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fd-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f10-10.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000160a5-19.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000160ab-24.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000162f6-39.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000165b9-59.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019230-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001930d-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939b-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c4-163.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e3-182.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e9-192.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e7-187.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d2-172.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194db-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194cd-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001949e-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f7-152.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e8-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b5-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019374-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933b-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932d-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018bf3-72.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001648f-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019223-77.dat	cobalt_reflective_dll
behavioral1/files/0x000c000000015d51-50.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001629c-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3052-0-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-3.dat	xmrig
behavioral1/memory/2748-9-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x0008000000015f10-10.dat	xmrig
behavioral1/memory/2696-15-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x00070000000160a5-19.dat	xmrig
behavioral1/memory/2672-23-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x00070000000160ab-24.dat	xmrig
behavioral1/memory/3052-38-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/files/0x00070000000162f6-39.dat	xmrig
behavioral1/memory/2460-46-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x00090000000165b9-59.dat	xmrig
behavioral1/memory/1460-70-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2096-80-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x0005000000019230-84.dat	xmrig
behavioral1/memory/1228-93-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/3052-99-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/files/0x000500000001930d-112.dat	xmrig
behavioral1/files/0x000500000001939b-132.dat	xmrig
behavioral1/files/0x00050000000194c4-163.dat	xmrig
behavioral1/files/0x00050000000194e3-182.dat	xmrig
behavioral1/memory/1964-523-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2436-975-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/3052-974-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/memory/1228-744-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2096-324-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x00050000000194e9-192.dat	xmrig
behavioral1/files/0x00050000000194e7-187.dat	xmrig
behavioral1/files/0x00050000000194d2-172.dat	xmrig
behavioral1/files/0x00050000000194db-176.dat	xmrig
behavioral1/files/0x00050000000194cd-167.dat	xmrig
behavioral1/files/0x000500000001949e-157.dat	xmrig
behavioral1/files/0x00050000000193f7-152.dat	xmrig
behavioral1/files/0x00050000000193e8-147.dat	xmrig
behavioral1/files/0x00050000000193b5-142.dat	xmrig
behavioral1/files/0x00050000000193b3-136.dat	xmrig
behavioral1/files/0x0005000000019374-126.dat	xmrig
behavioral1/files/0x000500000001933b-122.dat	xmrig
behavioral1/files/0x000500000001932d-116.dat	xmrig
behavioral1/files/0x000500000001926b-106.dat	xmrig
behavioral1/memory/2436-100-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/3052-98-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x0005000000019246-97.dat	xmrig
behavioral1/files/0x0005000000019240-90.dat	xmrig
behavioral1/memory/1964-85-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2368-74-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018bf3-72.dat	xmrig
behavioral1/memory/1720-71-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x000900000001648f-66.dat	xmrig
behavioral1/files/0x0005000000019223-77.dat	xmrig
behavioral1/memory/2696-55-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2748-45-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2604-53-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/files/0x000c000000015d51-50.dat	xmrig
behavioral1/memory/2996-37-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/files/0x000700000001629c-34.dat	xmrig
behavioral1/memory/2572-30-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2748-4124-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2672-4125-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2096-4126-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/1720-4131-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/1228-4130-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/1460-4129-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2460-4128-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2748	MXShbWB.exe
2696	DNdJOQM.exe
2672	rgCTikz.exe
2572	JQqlhTR.exe
2996	wfdFEVK.exe
2460	SMCcGtD.exe
2604	ynGoKtn.exe
1460	qxbmsqp.exe
1720	RVWjOvp.exe
2368	Vcmjxch.exe
2096	cEjNuGI.exe
1964	NGjDGXP.exe
1228	gAMMsaq.exe
2436	DYHZQmQ.exe
648	BgAsiDp.exe
2504	FjQPZzm.exe
2508	WREetmk.exe
444	usKacdd.exe
2576	AiTnqnf.exe
1072	jlhvXPV.exe
1628	oRiMJWe.exe
1864	vmgDjkq.exe
2228	ypCHXkC.exe
2164	AZtCyxj.exe
2316	rwhUMXJ.exe
2116	mzdRYzt.exe
3040	lXxyRwC.exe
2224	ArzQNks.exe
2176	pBCwsEL.exe
1496	MXoPlzU.exe
892	SmOTiOs.exe
1776	OkcoTts.exe
1156	eZeIJAY.exe
1948	eVouRcF.exe
1368	edzJRuy.exe
1808	DjzcOFo.exe
860	XHCTGxX.exe
1928	VxxeZtJ.exe
2252	QiclgwW.exe
696	fATjqAp.exe
3036	mQFfKJv.exe
1244	EIlGzdZ.exe
2500	fDmzBiy.exe
1336	DTkzALA.exe
1184	GvpHFxF.exe
756	YfCijMe.exe
1052	ICAJitO.exe
2148	JUgRqcN.exe
2928	ZsVGPsg.exe
1820	xfbbJbM.exe
2184	sQKChAB.exe
2016	jmjuVTB.exe
2260	anwAKJh.exe
2688	DcGtHwm.exe
2740	CcxSZiG.exe
2728	yITWtDl.exe
2716	rNdlZiv.exe
2708	wcIIMWW.exe
2104	gibBmjc.exe
2956	dqTMlJw.exe
2372	rYlgxKB.exe
2896	PiTntHv.exe
3020	FpjoSbx.exe
1420	VvlEndy.exe

Loads dropped DLL 64 IoCs

pid	Process
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3052-0-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-3.dat	upx
behavioral1/memory/2748-9-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x0008000000015f10-10.dat	upx
behavioral1/memory/2696-15-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x00070000000160a5-19.dat	upx
behavioral1/memory/2672-23-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x00070000000160ab-24.dat	upx
behavioral1/memory/3052-38-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/files/0x00070000000162f6-39.dat	upx
behavioral1/memory/2460-46-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x00090000000165b9-59.dat	upx
behavioral1/memory/1460-70-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2096-80-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x0005000000019230-84.dat	upx
behavioral1/memory/1228-93-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x000500000001930d-112.dat	upx
behavioral1/files/0x000500000001939b-132.dat	upx
behavioral1/files/0x00050000000194c4-163.dat	upx
behavioral1/files/0x00050000000194e3-182.dat	upx
behavioral1/memory/1964-523-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2436-975-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/1228-744-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2096-324-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x00050000000194e9-192.dat	upx
behavioral1/files/0x00050000000194e7-187.dat	upx
behavioral1/files/0x00050000000194d2-172.dat	upx
behavioral1/files/0x00050000000194db-176.dat	upx
behavioral1/files/0x00050000000194cd-167.dat	upx
behavioral1/files/0x000500000001949e-157.dat	upx
behavioral1/files/0x00050000000193f7-152.dat	upx
behavioral1/files/0x00050000000193e8-147.dat	upx
behavioral1/files/0x00050000000193b5-142.dat	upx
behavioral1/files/0x00050000000193b3-136.dat	upx
behavioral1/files/0x0005000000019374-126.dat	upx
behavioral1/files/0x000500000001933b-122.dat	upx
behavioral1/files/0x000500000001932d-116.dat	upx
behavioral1/files/0x000500000001926b-106.dat	upx
behavioral1/memory/2436-100-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/files/0x0005000000019246-97.dat	upx
behavioral1/files/0x0005000000019240-90.dat	upx
behavioral1/memory/1964-85-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2368-74-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x0006000000018bf3-72.dat	upx
behavioral1/memory/1720-71-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x000900000001648f-66.dat	upx
behavioral1/files/0x0005000000019223-77.dat	upx
behavioral1/memory/2696-55-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2748-45-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2604-53-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/files/0x000c000000015d51-50.dat	upx
behavioral1/memory/2996-37-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/files/0x000700000001629c-34.dat	upx
behavioral1/memory/2572-30-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2696-3838-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2748-4124-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2672-4125-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2096-4126-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/1720-4131-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/1228-4130-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/1460-4129-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2460-4128-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2604-4127-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2996-4132-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jzqovWT.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ItCuiHq.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RMJzvmq.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bjqFBbW.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\huNMQQY.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RYRFWjL.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpoWqTR.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gibBmjc.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhfcOvT.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vUKNPfQ.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tgffLib.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\flIJSMY.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxFxVLj.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KSTEPbQ.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nKPnFZv.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PwWGLkt.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TpNNCoB.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qKcUEhk.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbfPYKO.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\beZWoek.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YoRvUEp.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yeyATvU.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GKjzmNt.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tgLgJUY.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BXjoLip.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AuPNTAc.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgIvcRf.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtjRZRG.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dhNDFnG.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JJaOivO.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OtdfYni.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xkStIQG.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pmvcNAU.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hgDcrqo.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpRFmNy.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XshzRfH.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mYRyKze.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ridbwlD.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xjmKQmM.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QHYIMmB.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aRKPGvd.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mklFGZQ.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WZQDqxs.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ehZuRYv.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qXjAgBq.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BSUOcAJ.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DNdJOQM.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kiRHuuQ.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xgxQmMM.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBcHvzY.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gkZbyOE.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PCOjsuZ.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GvpHFxF.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\irBowrc.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BopKNWp.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KKDdkft.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yXVHAQh.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yKegQTF.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SPIdeGf.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gwquGhN.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DyZPmnl.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uuGMxHu.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SmOTiOs.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bwVJSZI.exe	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 2748	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3052 wrote to memory of 2748	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3052 wrote to memory of 2748	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3052 wrote to memory of 2696	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3052 wrote to memory of 2696	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3052 wrote to memory of 2696	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3052 wrote to memory of 2672	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3052 wrote to memory of 2672	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3052 wrote to memory of 2672	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3052 wrote to memory of 2572	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3052 wrote to memory of 2572	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3052 wrote to memory of 2572	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3052 wrote to memory of 2996	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3052 wrote to memory of 2996	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3052 wrote to memory of 2996	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3052 wrote to memory of 2460	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3052 wrote to memory of 2460	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3052 wrote to memory of 2460	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3052 wrote to memory of 2604	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3052 wrote to memory of 2604	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3052 wrote to memory of 2604	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3052 wrote to memory of 1720	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3052 wrote to memory of 1720	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3052 wrote to memory of 1720	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3052 wrote to memory of 1460	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3052 wrote to memory of 1460	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3052 wrote to memory of 1460	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3052 wrote to memory of 2368	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3052 wrote to memory of 2368	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3052 wrote to memory of 2368	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3052 wrote to memory of 2096	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3052 wrote to memory of 2096	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3052 wrote to memory of 2096	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3052 wrote to memory of 1964	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3052 wrote to memory of 1964	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3052 wrote to memory of 1964	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3052 wrote to memory of 1228	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3052 wrote to memory of 1228	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3052 wrote to memory of 1228	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3052 wrote to memory of 2436	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3052 wrote to memory of 2436	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3052 wrote to memory of 2436	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3052 wrote to memory of 648	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3052 wrote to memory of 648	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3052 wrote to memory of 648	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3052 wrote to memory of 2504	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3052 wrote to memory of 2504	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3052 wrote to memory of 2504	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3052 wrote to memory of 2508	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3052 wrote to memory of 2508	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3052 wrote to memory of 2508	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3052 wrote to memory of 444	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3052 wrote to memory of 444	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3052 wrote to memory of 444	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3052 wrote to memory of 2576	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3052 wrote to memory of 2576	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3052 wrote to memory of 2576	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3052 wrote to memory of 1072	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3052 wrote to memory of 1072	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3052 wrote to memory of 1072	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3052 wrote to memory of 1628	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3052 wrote to memory of 1628	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3052 wrote to memory of 1628	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3052 wrote to memory of 1864	3052	2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-30_4e15f721c26247ddb4e8bf8726e81728_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Windows\System\MXShbWB.exe
  C:\Windows\System\MXShbWB.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\DNdJOQM.exe
  C:\Windows\System\DNdJOQM.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\rgCTikz.exe
  C:\Windows\System\rgCTikz.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\JQqlhTR.exe
  C:\Windows\System\JQqlhTR.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\wfdFEVK.exe
  C:\Windows\System\wfdFEVK.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\SMCcGtD.exe
  C:\Windows\System\SMCcGtD.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\ynGoKtn.exe
  C:\Windows\System\ynGoKtn.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\RVWjOvp.exe
  C:\Windows\System\RVWjOvp.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\qxbmsqp.exe
  C:\Windows\System\qxbmsqp.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\Vcmjxch.exe
  C:\Windows\System\Vcmjxch.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\cEjNuGI.exe
  C:\Windows\System\cEjNuGI.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\NGjDGXP.exe
  C:\Windows\System\NGjDGXP.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\gAMMsaq.exe
  C:\Windows\System\gAMMsaq.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\DYHZQmQ.exe
  C:\Windows\System\DYHZQmQ.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\BgAsiDp.exe
  C:\Windows\System\BgAsiDp.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\FjQPZzm.exe
  C:\Windows\System\FjQPZzm.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\WREetmk.exe
  C:\Windows\System\WREetmk.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\usKacdd.exe
  C:\Windows\System\usKacdd.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\AiTnqnf.exe
  C:\Windows\System\AiTnqnf.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\jlhvXPV.exe
  C:\Windows\System\jlhvXPV.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\oRiMJWe.exe
  C:\Windows\System\oRiMJWe.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\vmgDjkq.exe
  C:\Windows\System\vmgDjkq.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\ypCHXkC.exe
  C:\Windows\System\ypCHXkC.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\AZtCyxj.exe
  C:\Windows\System\AZtCyxj.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\rwhUMXJ.exe
  C:\Windows\System\rwhUMXJ.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\mzdRYzt.exe
  C:\Windows\System\mzdRYzt.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\lXxyRwC.exe
  C:\Windows\System\lXxyRwC.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\ArzQNks.exe
  C:\Windows\System\ArzQNks.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\pBCwsEL.exe
  C:\Windows\System\pBCwsEL.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\MXoPlzU.exe
  C:\Windows\System\MXoPlzU.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\SmOTiOs.exe
  C:\Windows\System\SmOTiOs.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\OkcoTts.exe
  C:\Windows\System\OkcoTts.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\eZeIJAY.exe
  C:\Windows\System\eZeIJAY.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\eVouRcF.exe
  C:\Windows\System\eVouRcF.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\edzJRuy.exe
  C:\Windows\System\edzJRuy.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\DjzcOFo.exe
  C:\Windows\System\DjzcOFo.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\XHCTGxX.exe
  C:\Windows\System\XHCTGxX.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\VxxeZtJ.exe
  C:\Windows\System\VxxeZtJ.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\QiclgwW.exe
  C:\Windows\System\QiclgwW.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\fATjqAp.exe
  C:\Windows\System\fATjqAp.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\mQFfKJv.exe
  C:\Windows\System\mQFfKJv.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\EIlGzdZ.exe
  C:\Windows\System\EIlGzdZ.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\fDmzBiy.exe
  C:\Windows\System\fDmzBiy.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\DTkzALA.exe
  C:\Windows\System\DTkzALA.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\GvpHFxF.exe
  C:\Windows\System\GvpHFxF.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\YfCijMe.exe
  C:\Windows\System\YfCijMe.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\ICAJitO.exe
  C:\Windows\System\ICAJitO.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\JUgRqcN.exe
  C:\Windows\System\JUgRqcN.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\ZsVGPsg.exe
  C:\Windows\System\ZsVGPsg.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\xfbbJbM.exe
  C:\Windows\System\xfbbJbM.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\sQKChAB.exe
  C:\Windows\System\sQKChAB.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\jmjuVTB.exe
  C:\Windows\System\jmjuVTB.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\anwAKJh.exe
  C:\Windows\System\anwAKJh.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\DcGtHwm.exe
  C:\Windows\System\DcGtHwm.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\CcxSZiG.exe
  C:\Windows\System\CcxSZiG.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\yITWtDl.exe
  C:\Windows\System\yITWtDl.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\rNdlZiv.exe
  C:\Windows\System\rNdlZiv.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\wcIIMWW.exe
  C:\Windows\System\wcIIMWW.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\gibBmjc.exe
  C:\Windows\System\gibBmjc.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\dqTMlJw.exe
  C:\Windows\System\dqTMlJw.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\rYlgxKB.exe
  C:\Windows\System\rYlgxKB.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\PiTntHv.exe
  C:\Windows\System\PiTntHv.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\FpjoSbx.exe
  C:\Windows\System\FpjoSbx.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\VvlEndy.exe
  C:\Windows\System\VvlEndy.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\nGgZPDy.exe
  C:\Windows\System\nGgZPDy.exe
  2⤵
  PID:432
- C:\Windows\System\nhYoDoX.exe
  C:\Windows\System\nhYoDoX.exe
  2⤵
  PID:604
- C:\Windows\System\STXTLli.exe
  C:\Windows\System\STXTLli.exe
  2⤵
  PID:1328
- C:\Windows\System\IFqHscF.exe
  C:\Windows\System\IFqHscF.exe
  2⤵
  PID:264
- C:\Windows\System\FPGdLZO.exe
  C:\Windows\System\FPGdLZO.exe
  2⤵
  PID:2240
- C:\Windows\System\rNohSar.exe
  C:\Windows\System\rNohSar.exe
  2⤵
  PID:2188
- C:\Windows\System\gsOCXCQ.exe
  C:\Windows\System\gsOCXCQ.exe
  2⤵
  PID:2132
- C:\Windows\System\oZRqwbc.exe
  C:\Windows\System\oZRqwbc.exe
  2⤵
  PID:1284
- C:\Windows\System\SDgBmhl.exe
  C:\Windows\System\SDgBmhl.exe
  2⤵
  PID:1924
- C:\Windows\System\SJxnhYF.exe
  C:\Windows\System\SJxnhYF.exe
  2⤵
  PID:632
- C:\Windows\System\TZfujfE.exe
  C:\Windows\System\TZfujfE.exe
  2⤵
  PID:2720
- C:\Windows\System\ZoVaRPz.exe
  C:\Windows\System\ZoVaRPz.exe
  2⤵
  PID:1916
- C:\Windows\System\guTVGqW.exe
  C:\Windows\System\guTVGqW.exe
  2⤵
  PID:280
- C:\Windows\System\FKqpcwM.exe
  C:\Windows\System\FKqpcwM.exe
  2⤵
  PID:1984
- C:\Windows\System\bGMhygc.exe
  C:\Windows\System\bGMhygc.exe
  2⤵
  PID:2028
- C:\Windows\System\rvsOATE.exe
  C:\Windows\System\rvsOATE.exe
  2⤵
  PID:2448
- C:\Windows\System\sNAkcgZ.exe
  C:\Windows\System\sNAkcgZ.exe
  2⤵
  PID:2416
- C:\Windows\System\llqcZrb.exe
  C:\Windows\System\llqcZrb.exe
  2⤵
  PID:2020
- C:\Windows\System\DoCDirM.exe
  C:\Windows\System\DoCDirM.exe
  2⤵
  PID:1800
- C:\Windows\System\EtFsaQH.exe
  C:\Windows\System\EtFsaQH.exe
  2⤵
  PID:1640
- C:\Windows\System\WlOeImQ.exe
  C:\Windows\System\WlOeImQ.exe
  2⤵
  PID:2992
- C:\Windows\System\AHMqCmL.exe
  C:\Windows\System\AHMqCmL.exe
  2⤵
  PID:1604
- C:\Windows\System\xgxQmMM.exe
  C:\Windows\System\xgxQmMM.exe
  2⤵
  PID:2732
- C:\Windows\System\hmRvoSV.exe
  C:\Windows\System\hmRvoSV.exe
  2⤵
  PID:2776
- C:\Windows\System\QxJytcj.exe
  C:\Windows\System\QxJytcj.exe
  2⤵
  PID:2656
- C:\Windows\System\rfWgLlZ.exe
  C:\Windows\System\rfWgLlZ.exe
  2⤵
  PID:1716
- C:\Windows\System\EiOLvEq.exe
  C:\Windows\System\EiOLvEq.exe
  2⤵
  PID:1748
- C:\Windows\System\FWlqsrV.exe
  C:\Windows\System\FWlqsrV.exe
  2⤵
  PID:1424
- C:\Windows\System\wUOPjmS.exe
  C:\Windows\System\wUOPjmS.exe
  2⤵
  PID:1956
- C:\Windows\System\vESWMuR.exe
  C:\Windows\System\vESWMuR.exe
  2⤵
  PID:1952
- C:\Windows\System\LVNOzMq.exe
  C:\Windows\System\LVNOzMq.exe
  2⤵
  PID:2168
- C:\Windows\System\QNkoelA.exe
  C:\Windows\System\QNkoelA.exe
  2⤵
  PID:2692
- C:\Windows\System\eXaucSj.exe
  C:\Windows\System\eXaucSj.exe
  2⤵
  PID:3016
- C:\Windows\System\uhHAhhf.exe
  C:\Windows\System\uhHAhhf.exe
  2⤵
  PID:2628
- C:\Windows\System\LMnXZYR.exe
  C:\Windows\System\LMnXZYR.exe
  2⤵
  PID:700
- C:\Windows\System\znhrPrf.exe
  C:\Windows\System\znhrPrf.exe
  2⤵
  PID:1076
- C:\Windows\System\oGoUHFO.exe
  C:\Windows\System\oGoUHFO.exe
  2⤵
  PID:1056
- C:\Windows\System\QZcZAfZ.exe
  C:\Windows\System\QZcZAfZ.exe
  2⤵
  PID:1816
- C:\Windows\System\uBsYBLQ.exe
  C:\Windows\System\uBsYBLQ.exe
  2⤵
  PID:2936
- C:\Windows\System\soptURM.exe
  C:\Windows\System\soptURM.exe
  2⤵
  PID:2180
- C:\Windows\System\xjmKQmM.exe
  C:\Windows\System\xjmKQmM.exe
  2⤵
  PID:868
- C:\Windows\System\eoymBQP.exe
  C:\Windows\System\eoymBQP.exe
  2⤵
  PID:884
- C:\Windows\System\zDLRHLM.exe
  C:\Windows\System\zDLRHLM.exe
  2⤵
  PID:900
- C:\Windows\System\CzWNrmA.exe
  C:\Windows\System\CzWNrmA.exe
  2⤵
  PID:1872
- C:\Windows\System\MtULHvt.exe
  C:\Windows\System\MtULHvt.exe
  2⤵
  PID:1560
- C:\Windows\System\SnxSMgK.exe
  C:\Windows\System\SnxSMgK.exe
  2⤵
  PID:1744
- C:\Windows\System\nAPfYGX.exe
  C:\Windows\System\nAPfYGX.exe
  2⤵
  PID:1652
- C:\Windows\System\nsuhjPB.exe
  C:\Windows\System\nsuhjPB.exe
  2⤵
  PID:2248
- C:\Windows\System\wMrpQLs.exe
  C:\Windows\System\wMrpQLs.exe
  2⤵
  PID:2404
- C:\Windows\System\XtSMKCS.exe
  C:\Windows\System\XtSMKCS.exe
  2⤵
  PID:1552
- C:\Windows\System\VOQxIRq.exe
  C:\Windows\System\VOQxIRq.exe
  2⤵
  PID:1660
- C:\Windows\System\tllBrjr.exe
  C:\Windows\System\tllBrjr.exe
  2⤵
  PID:2456
- C:\Windows\System\lptbzZG.exe
  C:\Windows\System\lptbzZG.exe
  2⤵
  PID:3092
- C:\Windows\System\mZUWszS.exe
  C:\Windows\System\mZUWszS.exe
  2⤵
  PID:3112
- C:\Windows\System\AtUAlIl.exe
  C:\Windows\System\AtUAlIl.exe
  2⤵
  PID:3132
- C:\Windows\System\WFyqXOj.exe
  C:\Windows\System\WFyqXOj.exe
  2⤵
  PID:3152
- C:\Windows\System\PrtAKVe.exe
  C:\Windows\System\PrtAKVe.exe
  2⤵
  PID:3172
- C:\Windows\System\xtOMQYs.exe
  C:\Windows\System\xtOMQYs.exe
  2⤵
  PID:3192
- C:\Windows\System\KYCDyWn.exe
  C:\Windows\System\KYCDyWn.exe
  2⤵
  PID:3212
- C:\Windows\System\RjwVktS.exe
  C:\Windows\System\RjwVktS.exe
  2⤵
  PID:3232
- C:\Windows\System\wfgKTxA.exe
  C:\Windows\System\wfgKTxA.exe
  2⤵
  PID:3252
- C:\Windows\System\CMBtptp.exe
  C:\Windows\System\CMBtptp.exe
  2⤵
  PID:3272
- C:\Windows\System\EMcYixb.exe
  C:\Windows\System\EMcYixb.exe
  2⤵
  PID:3292
- C:\Windows\System\MmWIMAU.exe
  C:\Windows\System\MmWIMAU.exe
  2⤵
  PID:3312
- C:\Windows\System\ckmMpho.exe
  C:\Windows\System\ckmMpho.exe
  2⤵
  PID:3332
- C:\Windows\System\ledCWva.exe
  C:\Windows\System\ledCWva.exe
  2⤵
  PID:3352
- C:\Windows\System\BSyFjgG.exe
  C:\Windows\System\BSyFjgG.exe
  2⤵
  PID:3372
- C:\Windows\System\CxmgkWv.exe
  C:\Windows\System\CxmgkWv.exe
  2⤵
  PID:3392
- C:\Windows\System\TcdfqIH.exe
  C:\Windows\System\TcdfqIH.exe
  2⤵
  PID:3416
- C:\Windows\System\IIFCHzK.exe
  C:\Windows\System\IIFCHzK.exe
  2⤵
  PID:3436
- C:\Windows\System\xkStIQG.exe
  C:\Windows\System\xkStIQG.exe
  2⤵
  PID:3456
- C:\Windows\System\YlrTZyU.exe
  C:\Windows\System\YlrTZyU.exe
  2⤵
  PID:3476
- C:\Windows\System\ZYdREQs.exe
  C:\Windows\System\ZYdREQs.exe
  2⤵
  PID:3496
- C:\Windows\System\NzncByd.exe
  C:\Windows\System\NzncByd.exe
  2⤵
  PID:3516
- C:\Windows\System\rLiNCrR.exe
  C:\Windows\System\rLiNCrR.exe
  2⤵
  PID:3536
- C:\Windows\System\YUrAGrg.exe
  C:\Windows\System\YUrAGrg.exe
  2⤵
  PID:3556
- C:\Windows\System\eMIPjxy.exe
  C:\Windows\System\eMIPjxy.exe
  2⤵
  PID:3576
- C:\Windows\System\qkydJSN.exe
  C:\Windows\System\qkydJSN.exe
  2⤵
  PID:3600
- C:\Windows\System\bwVJSZI.exe
  C:\Windows\System\bwVJSZI.exe
  2⤵
  PID:3620
- C:\Windows\System\WxIuiVG.exe
  C:\Windows\System\WxIuiVG.exe
  2⤵
  PID:3640
- C:\Windows\System\tIFKnYc.exe
  C:\Windows\System\tIFKnYc.exe
  2⤵
  PID:3660
- C:\Windows\System\IPoUpXh.exe
  C:\Windows\System\IPoUpXh.exe
  2⤵
  PID:3680
- C:\Windows\System\vKMlIqo.exe
  C:\Windows\System\vKMlIqo.exe
  2⤵
  PID:3700
- C:\Windows\System\MkZlrZc.exe
  C:\Windows\System\MkZlrZc.exe
  2⤵
  PID:3720
- C:\Windows\System\SSZafKX.exe
  C:\Windows\System\SSZafKX.exe
  2⤵
  PID:3740
- C:\Windows\System\tHDFVxW.exe
  C:\Windows\System\tHDFVxW.exe
  2⤵
  PID:3760
- C:\Windows\System\aKkCrMD.exe
  C:\Windows\System\aKkCrMD.exe
  2⤵
  PID:3780
- C:\Windows\System\swbbGXf.exe
  C:\Windows\System\swbbGXf.exe
  2⤵
  PID:3800
- C:\Windows\System\wjJNfBr.exe
  C:\Windows\System\wjJNfBr.exe
  2⤵
  PID:3820
- C:\Windows\System\QHYIMmB.exe
  C:\Windows\System\QHYIMmB.exe
  2⤵
  PID:3840
- C:\Windows\System\bjqFBbW.exe
  C:\Windows\System\bjqFBbW.exe
  2⤵
  PID:3860
- C:\Windows\System\pomfnpc.exe
  C:\Windows\System\pomfnpc.exe
  2⤵
  PID:3880
- C:\Windows\System\sYMQxey.exe
  C:\Windows\System\sYMQxey.exe
  2⤵
  PID:3900
- C:\Windows\System\WbcUdPU.exe
  C:\Windows\System\WbcUdPU.exe
  2⤵
  PID:3920
- C:\Windows\System\vLYsamj.exe
  C:\Windows\System\vLYsamj.exe
  2⤵
  PID:3940
- C:\Windows\System\cPrCcrQ.exe
  C:\Windows\System\cPrCcrQ.exe
  2⤵
  PID:3960
- C:\Windows\System\dZTkwgQ.exe
  C:\Windows\System\dZTkwgQ.exe
  2⤵
  PID:3980
- C:\Windows\System\GWvQUVu.exe
  C:\Windows\System\GWvQUVu.exe
  2⤵
  PID:4000
- C:\Windows\System\JoxQEwh.exe
  C:\Windows\System\JoxQEwh.exe
  2⤵
  PID:4020
- C:\Windows\System\bmPmepg.exe
  C:\Windows\System\bmPmepg.exe
  2⤵
  PID:4040
- C:\Windows\System\PBcHvzY.exe
  C:\Windows\System\PBcHvzY.exe
  2⤵
  PID:4060
- C:\Windows\System\zPAAUYS.exe
  C:\Windows\System\zPAAUYS.exe
  2⤵
  PID:4080
- C:\Windows\System\WKESbMn.exe
  C:\Windows\System\WKESbMn.exe
  2⤵
  PID:2492
- C:\Windows\System\fhqlEJz.exe
  C:\Windows\System\fhqlEJz.exe
  2⤵
  PID:2796
- C:\Windows\System\AuPNTAc.exe
  C:\Windows\System\AuPNTAc.exe
  2⤵
  PID:2640
- C:\Windows\System\hgsouSx.exe
  C:\Windows\System\hgsouSx.exe
  2⤵
  PID:2980
- C:\Windows\System\jvPFonv.exe
  C:\Windows\System\jvPFonv.exe
  2⤵
  PID:864
- C:\Windows\System\JgIvcRf.exe
  C:\Windows\System\JgIvcRf.exe
  2⤵
  PID:1632
- C:\Windows\System\YzIYUrl.exe
  C:\Windows\System\YzIYUrl.exe
  2⤵
  PID:2172
- C:\Windows\System\DpoRFsR.exe
  C:\Windows\System\DpoRFsR.exe
  2⤵
  PID:1448
- C:\Windows\System\BRKhnzK.exe
  C:\Windows\System\BRKhnzK.exe
  2⤵
  PID:3080
- C:\Windows\System\SLqCDgN.exe
  C:\Windows\System\SLqCDgN.exe
  2⤵
  PID:3104
- C:\Windows\System\DGltaeu.exe
  C:\Windows\System\DGltaeu.exe
  2⤵
  PID:3124
- C:\Windows\System\dnfvOgD.exe
  C:\Windows\System\dnfvOgD.exe
  2⤵
  PID:3164
- C:\Windows\System\scVFitb.exe
  C:\Windows\System\scVFitb.exe
  2⤵
  PID:3224
- C:\Windows\System\XfsAiYq.exe
  C:\Windows\System\XfsAiYq.exe
  2⤵
  PID:3240
- C:\Windows\System\JAdbLQC.exe
  C:\Windows\System\JAdbLQC.exe
  2⤵
  PID:2664
- C:\Windows\System\YMyPWOw.exe
  C:\Windows\System\YMyPWOw.exe
  2⤵
  PID:3308
- C:\Windows\System\pITBXyq.exe
  C:\Windows\System\pITBXyq.exe
  2⤵
  PID:3324
- C:\Windows\System\TPoopEN.exe
  C:\Windows\System\TPoopEN.exe
  2⤵
  PID:3384
- C:\Windows\System\Ofdqchu.exe
  C:\Windows\System\Ofdqchu.exe
  2⤵
  PID:3432
- C:\Windows\System\UQmBbAz.exe
  C:\Windows\System\UQmBbAz.exe
  2⤵
  PID:3464
- C:\Windows\System\eSPqIsR.exe
  C:\Windows\System\eSPqIsR.exe
  2⤵
  PID:3452
- C:\Windows\System\UOyvUuu.exe
  C:\Windows\System\UOyvUuu.exe
  2⤵
  PID:3512
- C:\Windows\System\qjxZZrA.exe
  C:\Windows\System\qjxZZrA.exe
  2⤵
  PID:3552
- C:\Windows\System\PEInaXe.exe
  C:\Windows\System\PEInaXe.exe
  2⤵
  PID:3572
- C:\Windows\System\BtxgLIP.exe
  C:\Windows\System\BtxgLIP.exe
  2⤵
  PID:3608
- C:\Windows\System\ZmmnkmC.exe
  C:\Windows\System\ZmmnkmC.exe
  2⤵
  PID:3632
- C:\Windows\System\ZpdQYsE.exe
  C:\Windows\System\ZpdQYsE.exe
  2⤵
  PID:3676
- C:\Windows\System\AvJBlNp.exe
  C:\Windows\System\AvJBlNp.exe
  2⤵
  PID:3696
- C:\Windows\System\OObwKVC.exe
  C:\Windows\System\OObwKVC.exe
  2⤵
  PID:3748
- C:\Windows\System\jXKRNEg.exe
  C:\Windows\System\jXKRNEg.exe
  2⤵
  PID:3788
- C:\Windows\System\qdOnMVv.exe
  C:\Windows\System\qdOnMVv.exe
  2⤵
  PID:3808
- C:\Windows\System\QunaGGv.exe
  C:\Windows\System\QunaGGv.exe
  2⤵
  PID:3812
- C:\Windows\System\NHOHHPW.exe
  C:\Windows\System\NHOHHPW.exe
  2⤵
  PID:3876
- C:\Windows\System\VLGqZTr.exe
  C:\Windows\System\VLGqZTr.exe
  2⤵
  PID:3888
- C:\Windows\System\LMKsLME.exe
  C:\Windows\System\LMKsLME.exe
  2⤵
  PID:3948
- C:\Windows\System\YeKPEfd.exe
  C:\Windows\System\YeKPEfd.exe
  2⤵
  PID:3968
- C:\Windows\System\MmHOhSh.exe
  C:\Windows\System\MmHOhSh.exe
  2⤵
  PID:3992
- C:\Windows\System\vnSurZo.exe
  C:\Windows\System\vnSurZo.exe
  2⤵
  PID:4032
- C:\Windows\System\kPIfceD.exe
  C:\Windows\System\kPIfceD.exe
  2⤵
  PID:4072
- C:\Windows\System\nQJEUkN.exe
  C:\Windows\System\nQJEUkN.exe
  2⤵
  PID:2452
- C:\Windows\System\vTaEsvS.exe
  C:\Windows\System\vTaEsvS.exe
  2⤵
  PID:2804
- C:\Windows\System\pXtMElY.exe
  C:\Windows\System\pXtMElY.exe
  2⤵
  PID:2584
- C:\Windows\System\ChJbcft.exe
  C:\Windows\System\ChJbcft.exe
  2⤵
  PID:1332
- C:\Windows\System\dJQdtHe.exe
  C:\Windows\System\dJQdtHe.exe
  2⤵
  PID:1996
- C:\Windows\System\kBLJqnJ.exe
  C:\Windows\System\kBLJqnJ.exe
  2⤵
  PID:3100
- C:\Windows\System\uBZqwqP.exe
  C:\Windows\System\uBZqwqP.exe
  2⤵
  PID:3168
- C:\Windows\System\yXVHAQh.exe
  C:\Windows\System\yXVHAQh.exe
  2⤵
  PID:3260
- C:\Windows\System\wWnjuxg.exe
  C:\Windows\System\wWnjuxg.exe
  2⤵
  PID:3264
- C:\Windows\System\TXcWldp.exe
  C:\Windows\System\TXcWldp.exe
  2⤵
  PID:3284
- C:\Windows\System\UTjsfyl.exe
  C:\Windows\System\UTjsfyl.exe
  2⤵
  PID:3368
- C:\Windows\System\bZenhsR.exe
  C:\Windows\System\bZenhsR.exe
  2⤵
  PID:3364
- C:\Windows\System\Xguzlmp.exe
  C:\Windows\System\Xguzlmp.exe
  2⤵
  PID:3504
- C:\Windows\System\QzFpxUP.exe
  C:\Windows\System\QzFpxUP.exe
  2⤵
  PID:3564
- C:\Windows\System\QJMYYxN.exe
  C:\Windows\System\QJMYYxN.exe
  2⤵
  PID:3588
- C:\Windows\System\UYsGKFB.exe
  C:\Windows\System\UYsGKFB.exe
  2⤵
  PID:3656
- C:\Windows\System\rczeCfO.exe
  C:\Windows\System\rczeCfO.exe
  2⤵
  PID:3736
- C:\Windows\System\KfnZqaa.exe
  C:\Windows\System\KfnZqaa.exe
  2⤵
  PID:3836
- C:\Windows\System\SZENKMU.exe
  C:\Windows\System\SZENKMU.exe
  2⤵
  PID:3832
- C:\Windows\System\HFXlFjk.exe
  C:\Windows\System\HFXlFjk.exe
  2⤵
  PID:3400
- C:\Windows\System\zYGeOYV.exe
  C:\Windows\System\zYGeOYV.exe
  2⤵
  PID:3932
- C:\Windows\System\RIpSzjZ.exe
  C:\Windows\System\RIpSzjZ.exe
  2⤵
  PID:4036
- C:\Windows\System\dgRJlUD.exe
  C:\Windows\System\dgRJlUD.exe
  2⤵
  PID:4028
- C:\Windows\System\iImXLzX.exe
  C:\Windows\System\iImXLzX.exe
  2⤵
  PID:1572
- C:\Windows\System\AYAeVjG.exe
  C:\Windows\System\AYAeVjG.exe
  2⤵
  PID:4092
- C:\Windows\System\pOIcOZg.exe
  C:\Windows\System\pOIcOZg.exe
  2⤵
  PID:2344
- C:\Windows\System\TTkuooe.exe
  C:\Windows\System\TTkuooe.exe
  2⤵
  PID:2700
- C:\Windows\System\CjsMPuh.exe
  C:\Windows\System\CjsMPuh.exe
  2⤵
  PID:3228
- C:\Windows\System\SdlgqCQ.exe
  C:\Windows\System\SdlgqCQ.exe
  2⤵
  PID:3140
- C:\Windows\System\BARzQwl.exe
  C:\Windows\System\BARzQwl.exe
  2⤵
  PID:3300
- C:\Windows\System\GFjpmog.exe
  C:\Windows\System\GFjpmog.exe
  2⤵
  PID:3472
- C:\Windows\System\tbfPYKO.exe
  C:\Windows\System\tbfPYKO.exe
  2⤵
  PID:3488
- C:\Windows\System\XjcYUFG.exe
  C:\Windows\System\XjcYUFG.exe
  2⤵
  PID:3712
- C:\Windows\System\mkRmzOE.exe
  C:\Windows\System\mkRmzOE.exe
  2⤵
  PID:3792
- C:\Windows\System\bkopGcB.exe
  C:\Windows\System\bkopGcB.exe
  2⤵
  PID:3768
- C:\Windows\System\ZSMcmaO.exe
  C:\Windows\System\ZSMcmaO.exe
  2⤵
  PID:4116
- C:\Windows\System\dWSvhUR.exe
  C:\Windows\System\dWSvhUR.exe
  2⤵
  PID:4136
- C:\Windows\System\gUUUAfY.exe
  C:\Windows\System\gUUUAfY.exe
  2⤵
  PID:4156
- C:\Windows\System\TIunVKc.exe
  C:\Windows\System\TIunVKc.exe
  2⤵
  PID:4176
- C:\Windows\System\ycyZidb.exe
  C:\Windows\System\ycyZidb.exe
  2⤵
  PID:4196
- C:\Windows\System\dqrTVaJ.exe
  C:\Windows\System\dqrTVaJ.exe
  2⤵
  PID:4216
- C:\Windows\System\deySlFN.exe
  C:\Windows\System\deySlFN.exe
  2⤵
  PID:4236
- C:\Windows\System\pmvcNAU.exe
  C:\Windows\System\pmvcNAU.exe
  2⤵
  PID:4256
- C:\Windows\System\pRObTRm.exe
  C:\Windows\System\pRObTRm.exe
  2⤵
  PID:4276
- C:\Windows\System\fvwBhDF.exe
  C:\Windows\System\fvwBhDF.exe
  2⤵
  PID:4296
- C:\Windows\System\UFuPehA.exe
  C:\Windows\System\UFuPehA.exe
  2⤵
  PID:4316
- C:\Windows\System\zcfjSok.exe
  C:\Windows\System\zcfjSok.exe
  2⤵
  PID:4336
- C:\Windows\System\mPILWLz.exe
  C:\Windows\System\mPILWLz.exe
  2⤵
  PID:4356
- C:\Windows\System\ALKtYic.exe
  C:\Windows\System\ALKtYic.exe
  2⤵
  PID:4376
- C:\Windows\System\aRKPGvd.exe
  C:\Windows\System\aRKPGvd.exe
  2⤵
  PID:4396
- C:\Windows\System\qvgjPPQ.exe
  C:\Windows\System\qvgjPPQ.exe
  2⤵
  PID:4416
- C:\Windows\System\UQPDLrn.exe
  C:\Windows\System\UQPDLrn.exe
  2⤵
  PID:4436
- C:\Windows\System\QZetPRQ.exe
  C:\Windows\System\QZetPRQ.exe
  2⤵
  PID:4456
- C:\Windows\System\AiKBsxe.exe
  C:\Windows\System\AiKBsxe.exe
  2⤵
  PID:4476
- C:\Windows\System\nNmNHTy.exe
  C:\Windows\System\nNmNHTy.exe
  2⤵
  PID:4496
- C:\Windows\System\DOhAhRY.exe
  C:\Windows\System\DOhAhRY.exe
  2⤵
  PID:4516
- C:\Windows\System\PHtCBxx.exe
  C:\Windows\System\PHtCBxx.exe
  2⤵
  PID:4536
- C:\Windows\System\sgjoCyV.exe
  C:\Windows\System\sgjoCyV.exe
  2⤵
  PID:4552
- C:\Windows\System\AxgWEXy.exe
  C:\Windows\System\AxgWEXy.exe
  2⤵
  PID:4576
- C:\Windows\System\IPkSIln.exe
  C:\Windows\System\IPkSIln.exe
  2⤵
  PID:4592
- C:\Windows\System\RJUPiXd.exe
  C:\Windows\System\RJUPiXd.exe
  2⤵
  PID:4612
- C:\Windows\System\fZxwXre.exe
  C:\Windows\System\fZxwXre.exe
  2⤵
  PID:4628
- C:\Windows\System\QVwkuLe.exe
  C:\Windows\System\QVwkuLe.exe
  2⤵
  PID:4656
- C:\Windows\System\gPdxnqH.exe
  C:\Windows\System\gPdxnqH.exe
  2⤵
  PID:4676
- C:\Windows\System\muBOfHP.exe
  C:\Windows\System\muBOfHP.exe
  2⤵
  PID:4696
- C:\Windows\System\ZyXsSCv.exe
  C:\Windows\System\ZyXsSCv.exe
  2⤵
  PID:4720
- C:\Windows\System\aKMkhAW.exe
  C:\Windows\System\aKMkhAW.exe
  2⤵
  PID:4736
- C:\Windows\System\JxmkKgM.exe
  C:\Windows\System\JxmkKgM.exe
  2⤵
  PID:4752
- C:\Windows\System\ocSUXEF.exe
  C:\Windows\System\ocSUXEF.exe
  2⤵
  PID:4776
- C:\Windows\System\yRxqPXS.exe
  C:\Windows\System\yRxqPXS.exe
  2⤵
  PID:4796
- C:\Windows\System\AkGimpf.exe
  C:\Windows\System\AkGimpf.exe
  2⤵
  PID:4820
- C:\Windows\System\UxwptUM.exe
  C:\Windows\System\UxwptUM.exe
  2⤵
  PID:4836
- C:\Windows\System\nXDRAFH.exe
  C:\Windows\System\nXDRAFH.exe
  2⤵
  PID:4860
- C:\Windows\System\jKDDkjd.exe
  C:\Windows\System\jKDDkjd.exe
  2⤵
  PID:4880
- C:\Windows\System\QeCyTkk.exe
  C:\Windows\System\QeCyTkk.exe
  2⤵
  PID:4896
- C:\Windows\System\xFucFmx.exe
  C:\Windows\System\xFucFmx.exe
  2⤵
  PID:4916
- C:\Windows\System\zlxHkUt.exe
  C:\Windows\System\zlxHkUt.exe
  2⤵
  PID:4936
- C:\Windows\System\GtxntAD.exe
  C:\Windows\System\GtxntAD.exe
  2⤵
  PID:4960
- C:\Windows\System\mklFGZQ.exe
  C:\Windows\System\mklFGZQ.exe
  2⤵
  PID:4976
- C:\Windows\System\uViSTPl.exe
  C:\Windows\System\uViSTPl.exe
  2⤵
  PID:5000
- C:\Windows\System\jFycNZB.exe
  C:\Windows\System\jFycNZB.exe
  2⤵
  PID:5020
- C:\Windows\System\tSKGzxn.exe
  C:\Windows\System\tSKGzxn.exe
  2⤵
  PID:5040
- C:\Windows\System\QIOWCAU.exe
  C:\Windows\System\QIOWCAU.exe
  2⤵
  PID:5060
- C:\Windows\System\MfIyTbe.exe
  C:\Windows\System\MfIyTbe.exe
  2⤵
  PID:5080
- C:\Windows\System\xmqibGU.exe
  C:\Windows\System\xmqibGU.exe
  2⤵
  PID:5100
- C:\Windows\System\RpbVwRV.exe
  C:\Windows\System\RpbVwRV.exe
  2⤵
  PID:3908
- C:\Windows\System\XFQfinw.exe
  C:\Windows\System\XFQfinw.exe
  2⤵
  PID:4016
- C:\Windows\System\zouhlLq.exe
  C:\Windows\System\zouhlLq.exe
  2⤵
  PID:3988
- C:\Windows\System\hgDcrqo.exe
  C:\Windows\System\hgDcrqo.exe
  2⤵
  PID:840
- C:\Windows\System\EVxlnGI.exe
  C:\Windows\System\EVxlnGI.exe
  2⤵
  PID:848
- C:\Windows\System\EpRFmNy.exe
  C:\Windows\System\EpRFmNy.exe
  2⤵
  PID:3160
- C:\Windows\System\DfxvIhl.exe
  C:\Windows\System\DfxvIhl.exe
  2⤵
  PID:3128
- C:\Windows\System\TezJyiq.exe
  C:\Windows\System\TezJyiq.exe
  2⤵
  PID:3484
- C:\Windows\System\cmJWARE.exe
  C:\Windows\System\cmJWARE.exe
  2⤵
  PID:3544
- C:\Windows\System\HvazlIj.exe
  C:\Windows\System\HvazlIj.exe
  2⤵
  PID:3732
- C:\Windows\System\QLbEfjP.exe
  C:\Windows\System\QLbEfjP.exe
  2⤵
  PID:4124
- C:\Windows\System\ifgrErl.exe
  C:\Windows\System\ifgrErl.exe
  2⤵
  PID:4144
- C:\Windows\System\qKcUEhk.exe
  C:\Windows\System\qKcUEhk.exe
  2⤵
  PID:4184
- C:\Windows\System\UxQthut.exe
  C:\Windows\System\UxQthut.exe
  2⤵
  PID:4224
- C:\Windows\System\qOenWHY.exe
  C:\Windows\System\qOenWHY.exe
  2⤵
  PID:4252
- C:\Windows\System\mRApvrE.exe
  C:\Windows\System\mRApvrE.exe
  2⤵
  PID:4268
- C:\Windows\System\ZkAssVh.exe
  C:\Windows\System\ZkAssVh.exe
  2⤵
  PID:4328
- C:\Windows\System\DXYdCRQ.exe
  C:\Windows\System\DXYdCRQ.exe
  2⤵
  PID:4348
- C:\Windows\System\IgqAQdQ.exe
  C:\Windows\System\IgqAQdQ.exe
  2⤵
  PID:4384
- C:\Windows\System\CWpmZuX.exe
  C:\Windows\System\CWpmZuX.exe
  2⤵
  PID:4444
- C:\Windows\System\RSamVhG.exe
  C:\Windows\System\RSamVhG.exe
  2⤵
  PID:4484
- C:\Windows\System\pZUVQHi.exe
  C:\Windows\System\pZUVQHi.exe
  2⤵
  PID:4464
- C:\Windows\System\LzupkjH.exe
  C:\Windows\System\LzupkjH.exe
  2⤵
  PID:4532
- C:\Windows\System\wXMdiBf.exe
  C:\Windows\System\wXMdiBf.exe
  2⤵
  PID:4568
- C:\Windows\System\GtguzEm.exe
  C:\Windows\System\GtguzEm.exe
  2⤵
  PID:4604
- C:\Windows\System\sNZggzJ.exe
  C:\Windows\System\sNZggzJ.exe
  2⤵
  PID:4640
- C:\Windows\System\aQFlVmz.exe
  C:\Windows\System\aQFlVmz.exe
  2⤵
  PID:4684
- C:\Windows\System\QFRjPCU.exe
  C:\Windows\System\QFRjPCU.exe
  2⤵
  PID:4672
- C:\Windows\System\yzzGtLh.exe
  C:\Windows\System\yzzGtLh.exe
  2⤵
  PID:4704
- C:\Windows\System\ZYEdhmW.exe
  C:\Windows\System\ZYEdhmW.exe
  2⤵
  PID:4768
- C:\Windows\System\TiqpcDM.exe
  C:\Windows\System\TiqpcDM.exe
  2⤵
  PID:4748
- C:\Windows\System\QzKjETv.exe
  C:\Windows\System\QzKjETv.exe
  2⤵
  PID:4816
- C:\Windows\System\UDkXdMu.exe
  C:\Windows\System\UDkXdMu.exe
  2⤵
  PID:4856
- C:\Windows\System\ysjayfa.exe
  C:\Windows\System\ysjayfa.exe
  2⤵
  PID:4892
- C:\Windows\System\YBCrEsh.exe
  C:\Windows\System\YBCrEsh.exe
  2⤵
  PID:4924
- C:\Windows\System\VifGOgK.exe
  C:\Windows\System\VifGOgK.exe
  2⤵
  PID:4912
- C:\Windows\System\qkDlXyS.exe
  C:\Windows\System\qkDlXyS.exe
  2⤵
  PID:4972
- C:\Windows\System\UnEfCyC.exe
  C:\Windows\System\UnEfCyC.exe
  2⤵
  PID:4988
- C:\Windows\System\RIdteuP.exe
  C:\Windows\System\RIdteuP.exe
  2⤵
  PID:5056
- C:\Windows\System\TNIRTmK.exe
  C:\Windows\System\TNIRTmK.exe
  2⤵
  PID:5036
- C:\Windows\System\GpuIzrT.exe
  C:\Windows\System\GpuIzrT.exe
  2⤵
  PID:5068
- C:\Windows\System\MtjRZRG.exe
  C:\Windows\System\MtjRZRG.exe
  2⤵
  PID:3928
- C:\Windows\System\NLRoKNk.exe
  C:\Windows\System\NLRoKNk.exe
  2⤵
  PID:2660
- C:\Windows\System\VkAJwvz.exe
  C:\Windows\System\VkAJwvz.exe
  2⤵
  PID:3996
- C:\Windows\System\XXkmaVW.exe
  C:\Windows\System\XXkmaVW.exe
  2⤵
  PID:3208
- C:\Windows\System\QRxVhiQ.exe
  C:\Windows\System\QRxVhiQ.exe
  2⤵
  PID:2560
- C:\Windows\System\kYWwdph.exe
  C:\Windows\System\kYWwdph.exe
  2⤵
  PID:3752
- C:\Windows\System\PknNBVf.exe
  C:\Windows\System\PknNBVf.exe
  2⤵
  PID:4112
- C:\Windows\System\yBhNTxz.exe
  C:\Windows\System\yBhNTxz.exe
  2⤵
  PID:4212
- C:\Windows\System\BLOKqzS.exe
  C:\Windows\System\BLOKqzS.exe
  2⤵
  PID:4272
- C:\Windows\System\WkddMvn.exe
  C:\Windows\System\WkddMvn.exe
  2⤵
  PID:4172
- C:\Windows\System\Vfbzntw.exe
  C:\Windows\System\Vfbzntw.exe
  2⤵
  PID:4352
- C:\Windows\System\uvevspM.exe
  C:\Windows\System\uvevspM.exe
  2⤵
  PID:4372
- C:\Windows\System\WpSiCQG.exe
  C:\Windows\System\WpSiCQG.exe
  2⤵
  PID:4432
- C:\Windows\System\mouxWeL.exe
  C:\Windows\System\mouxWeL.exe
  2⤵
  PID:4528
- C:\Windows\System\FXWQPNS.exe
  C:\Windows\System\FXWQPNS.exe
  2⤵
  PID:4448
- C:\Windows\System\wrLizCE.exe
  C:\Windows\System\wrLizCE.exe
  2⤵
  PID:4668
- C:\Windows\System\zWblBie.exe
  C:\Windows\System\zWblBie.exe
  2⤵
  PID:4524
- C:\Windows\System\BGeYyTl.exe
  C:\Windows\System\BGeYyTl.exe
  2⤵
  PID:4716
- C:\Windows\System\HgIZRvy.exe
  C:\Windows\System\HgIZRvy.exe
  2⤵
  PID:4744
- C:\Windows\System\WQxTtiz.exe
  C:\Windows\System\WQxTtiz.exe
  2⤵
  PID:4832
- C:\Windows\System\rfXQWvp.exe
  C:\Windows\System\rfXQWvp.exe
  2⤵
  PID:2652
- C:\Windows\System\BhhaSLN.exe
  C:\Windows\System\BhhaSLN.exe
  2⤵
  PID:5016
- C:\Windows\System\ZhNboaL.exe
  C:\Windows\System\ZhNboaL.exe
  2⤵
  PID:4792
- C:\Windows\System\HuIHdxh.exe
  C:\Windows\System\HuIHdxh.exe
  2⤵
  PID:4952
- C:\Windows\System\EoyBsLY.exe
  C:\Windows\System\EoyBsLY.exe
  2⤵
  PID:5116
- C:\Windows\System\hNEtDMZ.exe
  C:\Windows\System\hNEtDMZ.exe
  2⤵
  PID:2736
- C:\Windows\System\kjbBaeU.exe
  C:\Windows\System\kjbBaeU.exe
  2⤵
  PID:5072
- C:\Windows\System\KKxeQNy.exe
  C:\Windows\System\KKxeQNy.exe
  2⤵
  PID:3388
- C:\Windows\System\yYchcJR.exe
  C:\Windows\System\yYchcJR.exe
  2⤵
  PID:3528
- C:\Windows\System\bRrpmoz.exe
  C:\Windows\System\bRrpmoz.exe
  2⤵
  PID:4204
- C:\Windows\System\VNgcsDU.exe
  C:\Windows\System\VNgcsDU.exe
  2⤵
  PID:4244
- C:\Windows\System\AYOiiYz.exe
  C:\Windows\System\AYOiiYz.exe
  2⤵
  PID:3612
- C:\Windows\System\vFwUZBQ.exe
  C:\Windows\System\vFwUZBQ.exe
  2⤵
  PID:4412
- C:\Windows\System\LnGiNrv.exe
  C:\Windows\System\LnGiNrv.exe
  2⤵
  PID:4584
- C:\Windows\System\IJLFRlS.exe
  C:\Windows\System\IJLFRlS.exe
  2⤵
  PID:4600
- C:\Windows\System\xKvsrkR.exe
  C:\Windows\System\xKvsrkR.exe
  2⤵
  PID:2596
- C:\Windows\System\nebHyPC.exe
  C:\Windows\System\nebHyPC.exe
  2⤵
  PID:2200
- C:\Windows\System\aXhJIRc.exe
  C:\Windows\System\aXhJIRc.exe
  2⤵
  PID:4428
- C:\Windows\System\TRLIwNq.exe
  C:\Windows\System\TRLIwNq.exe
  2⤵
  PID:4504
- C:\Windows\System\zMrKswq.exe
  C:\Windows\System\zMrKswq.exe
  2⤵
  PID:4876
- C:\Windows\System\JAzPooS.exe
  C:\Windows\System\JAzPooS.exe
  2⤵
  PID:4908
- C:\Windows\System\bRYByHJ.exe
  C:\Windows\System\bRYByHJ.exe
  2⤵
  PID:4956
- C:\Windows\System\phPejPM.exe
  C:\Windows\System\phPejPM.exe
  2⤵
  PID:4828
- C:\Windows\System\rhhqhVm.exe
  C:\Windows\System\rhhqhVm.exe
  2⤵
  PID:2884
- C:\Windows\System\BREMnFl.exe
  C:\Windows\System\BREMnFl.exe
  2⤵
  PID:2872
- C:\Windows\System\TnPeJcO.exe
  C:\Windows\System\TnPeJcO.exe
  2⤵
  PID:5108
- C:\Windows\System\uTqcHdm.exe
  C:\Windows\System\uTqcHdm.exe
  2⤵
  PID:2752
- C:\Windows\System\RqzOUCB.exe
  C:\Windows\System\RqzOUCB.exe
  2⤵
  PID:760
- C:\Windows\System\pEHYfyf.exe
  C:\Windows\System\pEHYfyf.exe
  2⤵
  PID:4188
- C:\Windows\System\MGwKYTq.exe
  C:\Windows\System\MGwKYTq.exe
  2⤵
  PID:4728
- C:\Windows\System\DdYYTeL.exe
  C:\Windows\System\DdYYTeL.exe
  2⤵
  PID:4424
- C:\Windows\System\tQcJCID.exe
  C:\Windows\System\tQcJCID.exe
  2⤵
  PID:1276
- C:\Windows\System\BKisKLo.exe
  C:\Windows\System\BKisKLo.exe
  2⤵
  PID:2312
- C:\Windows\System\NrdbeYD.exe
  C:\Windows\System\NrdbeYD.exe
  2⤵
  PID:4844
- C:\Windows\System\rrEXURa.exe
  C:\Windows\System\rrEXURa.exe
  2⤵
  PID:4904
- C:\Windows\System\wlHLRyC.exe
  C:\Windows\System\wlHLRyC.exe
  2⤵
  PID:4284
- C:\Windows\System\tjvZTEl.exe
  C:\Windows\System\tjvZTEl.exe
  2⤵
  PID:4324
- C:\Windows\System\uQVjoxG.exe
  C:\Windows\System\uQVjoxG.exe
  2⤵
  PID:5132
- C:\Windows\System\eABtcMN.exe
  C:\Windows\System\eABtcMN.exe
  2⤵
  PID:5148
- C:\Windows\System\DbkOZzY.exe
  C:\Windows\System\DbkOZzY.exe
  2⤵
  PID:5168
- C:\Windows\System\QmWPcTF.exe
  C:\Windows\System\QmWPcTF.exe
  2⤵
  PID:5192
- C:\Windows\System\lzrnJkW.exe
  C:\Windows\System\lzrnJkW.exe
  2⤵
  PID:5212
- C:\Windows\System\qlZdrbS.exe
  C:\Windows\System\qlZdrbS.exe
  2⤵
  PID:5232
- C:\Windows\System\XyZZTdI.exe
  C:\Windows\System\XyZZTdI.exe
  2⤵
  PID:5248
- C:\Windows\System\wAeGmgM.exe
  C:\Windows\System\wAeGmgM.exe
  2⤵
  PID:5272
- C:\Windows\System\CwbZYmJ.exe
  C:\Windows\System\CwbZYmJ.exe
  2⤵
  PID:5292
- C:\Windows\System\TLYDlsJ.exe
  C:\Windows\System\TLYDlsJ.exe
  2⤵
  PID:5312
- C:\Windows\System\UHexjtu.exe
  C:\Windows\System\UHexjtu.exe
  2⤵
  PID:5332
- C:\Windows\System\gVxcAOO.exe
  C:\Windows\System\gVxcAOO.exe
  2⤵
  PID:5356
- C:\Windows\System\qBnIafd.exe
  C:\Windows\System\qBnIafd.exe
  2⤵
  PID:5372
- C:\Windows\System\fYJzGYt.exe
  C:\Windows\System\fYJzGYt.exe
  2⤵
  PID:5396
- C:\Windows\System\yuzVquo.exe
  C:\Windows\System\yuzVquo.exe
  2⤵
  PID:5416
- C:\Windows\System\WIzuejz.exe
  C:\Windows\System\WIzuejz.exe
  2⤵
  PID:5436
- C:\Windows\System\CbAjnFC.exe
  C:\Windows\System\CbAjnFC.exe
  2⤵
  PID:5456
- C:\Windows\System\KSTEPbQ.exe
  C:\Windows\System\KSTEPbQ.exe
  2⤵
  PID:5476
- C:\Windows\System\oIabVbs.exe
  C:\Windows\System\oIabVbs.exe
  2⤵
  PID:5492
- C:\Windows\System\hKlgQvh.exe
  C:\Windows\System\hKlgQvh.exe
  2⤵
  PID:5516
- C:\Windows\System\XBrqluQ.exe
  C:\Windows\System\XBrqluQ.exe
  2⤵
  PID:5536
- C:\Windows\System\HKdrhBu.exe
  C:\Windows\System\HKdrhBu.exe
  2⤵
  PID:5556
- C:\Windows\System\cpsjNcp.exe
  C:\Windows\System\cpsjNcp.exe
  2⤵
  PID:5576
- C:\Windows\System\julFRXh.exe
  C:\Windows\System\julFRXh.exe
  2⤵
  PID:5596
- C:\Windows\System\yUczRWI.exe
  C:\Windows\System\yUczRWI.exe
  2⤵
  PID:5612
- C:\Windows\System\JtLqehy.exe
  C:\Windows\System\JtLqehy.exe
  2⤵
  PID:5636
- C:\Windows\System\nUBAAvc.exe
  C:\Windows\System\nUBAAvc.exe
  2⤵
  PID:5656
- C:\Windows\System\wEOdtgV.exe
  C:\Windows\System\wEOdtgV.exe
  2⤵
  PID:5676
- C:\Windows\System\wFNyTUb.exe
  C:\Windows\System\wFNyTUb.exe
  2⤵
  PID:5696
- C:\Windows\System\ikqtrhf.exe
  C:\Windows\System\ikqtrhf.exe
  2⤵
  PID:5716
- C:\Windows\System\uAiddzZ.exe
  C:\Windows\System\uAiddzZ.exe
  2⤵
  PID:5736
- C:\Windows\System\gdBSnUZ.exe
  C:\Windows\System\gdBSnUZ.exe
  2⤵
  PID:5756
- C:\Windows\System\MeNSXpw.exe
  C:\Windows\System\MeNSXpw.exe
  2⤵
  PID:5776
- C:\Windows\System\vgcCyPm.exe
  C:\Windows\System\vgcCyPm.exe
  2⤵
  PID:5796
- C:\Windows\System\TayrvsK.exe
  C:\Windows\System\TayrvsK.exe
  2⤵
  PID:5816
- C:\Windows\System\qzZAhgh.exe
  C:\Windows\System\qzZAhgh.exe
  2⤵
  PID:5836
- C:\Windows\System\GCkGpRW.exe
  C:\Windows\System\GCkGpRW.exe
  2⤵
  PID:5856
- C:\Windows\System\NTbZecP.exe
  C:\Windows\System\NTbZecP.exe
  2⤵
  PID:5876
- C:\Windows\System\tHHlAWW.exe
  C:\Windows\System\tHHlAWW.exe
  2⤵
  PID:5896
- C:\Windows\System\apbkDLr.exe
  C:\Windows\System\apbkDLr.exe
  2⤵
  PID:5916
- C:\Windows\System\PkTZSpQ.exe
  C:\Windows\System\PkTZSpQ.exe
  2⤵
  PID:5936
- C:\Windows\System\uabCQMZ.exe
  C:\Windows\System\uabCQMZ.exe
  2⤵
  PID:5956
- C:\Windows\System\sBLRCAd.exe
  C:\Windows\System\sBLRCAd.exe
  2⤵
  PID:5976
- C:\Windows\System\nFwDLLe.exe
  C:\Windows\System\nFwDLLe.exe
  2⤵
  PID:5996
- C:\Windows\System\uIQTvzb.exe
  C:\Windows\System\uIQTvzb.exe
  2⤵
  PID:6016
- C:\Windows\System\meItxZc.exe
  C:\Windows\System\meItxZc.exe
  2⤵
  PID:6036
- C:\Windows\System\KxktyDL.exe
  C:\Windows\System\KxktyDL.exe
  2⤵
  PID:6056
- C:\Windows\System\HlukUoi.exe
  C:\Windows\System\HlukUoi.exe
  2⤵
  PID:6076
- C:\Windows\System\HioUGVu.exe
  C:\Windows\System\HioUGVu.exe
  2⤵
  PID:6096
- C:\Windows\System\wTSpWIS.exe
  C:\Windows\System\wTSpWIS.exe
  2⤵
  PID:6116
- C:\Windows\System\BLhBnLv.exe
  C:\Windows\System\BLhBnLv.exe
  2⤵
  PID:6136
- C:\Windows\System\zWxxBlr.exe
  C:\Windows\System\zWxxBlr.exe
  2⤵
  PID:532
- C:\Windows\System\jZjWUvw.exe
  C:\Windows\System\jZjWUvw.exe
  2⤵
  PID:2580
- C:\Windows\System\sgzYyEQ.exe
  C:\Windows\System\sgzYyEQ.exe
  2⤵
  PID:4228
- C:\Windows\System\iLdjHLQ.exe
  C:\Windows\System\iLdjHLQ.exe
  2⤵
  PID:2244
- C:\Windows\System\tmZjEpE.exe
  C:\Windows\System\tmZjEpE.exe
  2⤵
  PID:2888
- C:\Windows\System\XQawLsS.exe
  C:\Windows\System\XQawLsS.exe
  2⤵
  PID:4652
- C:\Windows\System\twTMVjg.exe
  C:\Windows\System\twTMVjg.exe
  2⤵
  PID:5144
- C:\Windows\System\IMKDfGg.exe
  C:\Windows\System\IMKDfGg.exe
  2⤵
  PID:5184
- C:\Windows\System\KUKhOYH.exe
  C:\Windows\System\KUKhOYH.exe
  2⤵
  PID:5200
- C:\Windows\System\OiTZxNT.exe
  C:\Windows\System\OiTZxNT.exe
  2⤵
  PID:5268
- C:\Windows\System\qiEpvVu.exe
  C:\Windows\System\qiEpvVu.exe
  2⤵
  PID:5280
- C:\Windows\System\djtNdqy.exe
  C:\Windows\System\djtNdqy.exe
  2⤵
  PID:5308
- C:\Windows\System\SjgFYsx.exe
  C:\Windows\System\SjgFYsx.exe
  2⤵
  PID:5380
- C:\Windows\System\WUrhORf.exe
  C:\Windows\System\WUrhORf.exe
  2⤵
  PID:5324
- C:\Windows\System\vYDIjhX.exe
  C:\Windows\System\vYDIjhX.exe
  2⤵
  PID:5432
- C:\Windows\System\YQsLoQN.exe
  C:\Windows\System\YQsLoQN.exe
  2⤵
  PID:5464
- C:\Windows\System\yKegQTF.exe
  C:\Windows\System\yKegQTF.exe
  2⤵
  PID:5500
- C:\Windows\System\PykopSn.exe
  C:\Windows\System\PykopSn.exe
  2⤵
  PID:5508
- C:\Windows\System\ODlfmWX.exe
  C:\Windows\System\ODlfmWX.exe
  2⤵
  PID:5528
- C:\Windows\System\VrelnPN.exe
  C:\Windows\System\VrelnPN.exe
  2⤵
  PID:5568
- C:\Windows\System\XdNfcAk.exe
  C:\Windows\System\XdNfcAk.exe
  2⤵
  PID:5620
- C:\Windows\System\pZDXMie.exe
  C:\Windows\System\pZDXMie.exe
  2⤵
  PID:5644
- C:\Windows\System\kGcEkBV.exe
  C:\Windows\System\kGcEkBV.exe
  2⤵
  PID:5668
- C:\Windows\System\cxzndSN.exe
  C:\Windows\System\cxzndSN.exe
  2⤵
  PID:5688
- C:\Windows\System\saXsulJ.exe
  C:\Windows\System\saXsulJ.exe
  2⤵
  PID:5732
- C:\Windows\System\KxwMjhi.exe
  C:\Windows\System\KxwMjhi.exe
  2⤵
  PID:5768
- C:\Windows\System\BlyriKj.exe
  C:\Windows\System\BlyriKj.exe
  2⤵
  PID:5832
- C:\Windows\System\sjjQQuJ.exe
  C:\Windows\System\sjjQQuJ.exe
  2⤵
  PID:5844
- C:\Windows\System\RXAVQLD.exe
  C:\Windows\System\RXAVQLD.exe
  2⤵
  PID:5868
- C:\Windows\System\vvpjBuZ.exe
  C:\Windows\System\vvpjBuZ.exe
  2⤵
  PID:5892
- C:\Windows\System\OnLEMRq.exe
  C:\Windows\System\OnLEMRq.exe
  2⤵
  PID:5952
- C:\Windows\System\VTeOwzC.exe
  C:\Windows\System\VTeOwzC.exe
  2⤵
  PID:5984
- C:\Windows\System\GfejZFU.exe
  C:\Windows\System\GfejZFU.exe
  2⤵
  PID:6024
- C:\Windows\System\OdICMOe.exe
  C:\Windows\System\OdICMOe.exe
  2⤵
  PID:6028
- C:\Windows\System\uhfcOvT.exe
  C:\Windows\System\uhfcOvT.exe
  2⤵
  PID:6048
- C:\Windows\System\NtWSazO.exe
  C:\Windows\System\NtWSazO.exe
  2⤵
  PID:1216
- C:\Windows\System\nWPMCtL.exe
  C:\Windows\System\nWPMCtL.exe
  2⤵
  PID:3380
- C:\Windows\System\vrZQiIY.exe
  C:\Windows\System\vrZQiIY.exe
  2⤵
  PID:4168
- C:\Windows\System\ntmWwNM.exe
  C:\Windows\System\ntmWwNM.exe
  2⤵
  PID:2540
- C:\Windows\System\jzYoAgv.exe
  C:\Windows\System\jzYoAgv.exe
  2⤵
  PID:2212
- C:\Windows\System\hYIbbre.exe
  C:\Windows\System\hYIbbre.exe
  2⤵
  PID:5128
- C:\Windows\System\PLCRluv.exe
  C:\Windows\System\PLCRluv.exe
  2⤵
  PID:5180
- C:\Windows\System\jJZuOii.exe
  C:\Windows\System\jJZuOii.exe
  2⤵
  PID:5204
- C:\Windows\System\OLzKAFN.exe
  C:\Windows\System\OLzKAFN.exe
  2⤵
  PID:5240
- C:\Windows\System\TVwMbRh.exe
  C:\Windows\System\TVwMbRh.exe
  2⤵
  PID:5348
- C:\Windows\System\YgPBLwv.exe
  C:\Windows\System\YgPBLwv.exe
  2⤵
  PID:5328
- C:\Windows\System\BUQnkYa.exe
  C:\Windows\System\BUQnkYa.exe
  2⤵
  PID:5408
- C:\Windows\System\fxPjSHw.exe
  C:\Windows\System\fxPjSHw.exe
  2⤵
  PID:5512
- C:\Windows\System\qbdvFJh.exe
  C:\Windows\System\qbdvFJh.exe
  2⤵
  PID:5592
- C:\Windows\System\sKKMidJ.exe
  C:\Windows\System\sKKMidJ.exe
  2⤵
  PID:5588
- C:\Windows\System\tLcnfau.exe
  C:\Windows\System\tLcnfau.exe
  2⤵
  PID:5628
- C:\Windows\System\kyphwXB.exe
  C:\Windows\System\kyphwXB.exe
  2⤵
  PID:5744
- C:\Windows\System\JYeZdBY.exe
  C:\Windows\System\JYeZdBY.exe
  2⤵
  PID:5772
- C:\Windows\System\tiyLDvx.exe
  C:\Windows\System\tiyLDvx.exe
  2⤵
  PID:5848
- C:\Windows\System\SuDoTnG.exe
  C:\Windows\System\SuDoTnG.exe
  2⤵
  PID:5904
- C:\Windows\System\pTOhXtH.exe
  C:\Windows\System\pTOhXtH.exe
  2⤵
  PID:5924
- C:\Windows\System\HIOkOJP.exe
  C:\Windows\System\HIOkOJP.exe
  2⤵
  PID:5968
- C:\Windows\System\EfPELBX.exe
  C:\Windows\System\EfPELBX.exe
  2⤵
  PID:6068
- C:\Windows\System\enQEscP.exe
  C:\Windows\System\enQEscP.exe
  2⤵
  PID:6088
- C:\Windows\System\eHoeoIE.exe
  C:\Windows\System\eHoeoIE.exe
  2⤵
  PID:5032
- C:\Windows\System\ArENgAQ.exe
  C:\Windows\System\ArENgAQ.exe
  2⤵
  PID:2904
- C:\Windows\System\JAyYWwf.exe
  C:\Windows\System\JAyYWwf.exe
  2⤵
  PID:2328
- C:\Windows\System\iAAbZLL.exe
  C:\Windows\System\iAAbZLL.exe
  2⤵
  PID:5124
- C:\Windows\System\VDFtSUm.exe
  C:\Windows\System\VDFtSUm.exe
  2⤵
  PID:5260
- C:\Windows\System\SHVfuMi.exe
  C:\Windows\System\SHVfuMi.exe
  2⤵
  PID:5392
- C:\Windows\System\TTQGIGn.exe
  C:\Windows\System\TTQGIGn.exe
  2⤵
  PID:5484
- C:\Windows\System\YSSlRqb.exe
  C:\Windows\System\YSSlRqb.exe
  2⤵
  PID:5532
- C:\Windows\System\DEhbJGz.exe
  C:\Windows\System\DEhbJGz.exe
  2⤵
  PID:5608
- C:\Windows\System\USnrylf.exe
  C:\Windows\System\USnrylf.exe
  2⤵
  PID:5748
- C:\Windows\System\CLhkYmy.exe
  C:\Windows\System\CLhkYmy.exe
  2⤵
  PID:5804
- C:\Windows\System\jdCBERG.exe
  C:\Windows\System\jdCBERG.exe
  2⤵
  PID:5912
- C:\Windows\System\JCnFSAe.exe
  C:\Windows\System\JCnFSAe.exe
  2⤵
  PID:6012
- C:\Windows\System\UXEYuTd.exe
  C:\Windows\System\UXEYuTd.exe
  2⤵
  PID:3596
- C:\Windows\System\SoWPRHX.exe
  C:\Windows\System\SoWPRHX.exe
  2⤵
  PID:2088
- C:\Windows\System\GfKUlcd.exe
  C:\Windows\System\GfKUlcd.exe
  2⤵
  PID:3936
- C:\Windows\System\gSZMHJK.exe
  C:\Windows\System\gSZMHJK.exe
  2⤵
  PID:5224
- C:\Windows\System\HblbnKM.exe
  C:\Windows\System\HblbnKM.exe
  2⤵
  PID:5424
- C:\Windows\System\vUKNPfQ.exe
  C:\Windows\System\vUKNPfQ.exe
  2⤵
  PID:2768
- C:\Windows\System\CnmqHmW.exe
  C:\Windows\System\CnmqHmW.exe
  2⤵
  PID:5604
- C:\Windows\System\rEljFas.exe
  C:\Windows\System\rEljFas.exe
  2⤵
  PID:5764
- C:\Windows\System\xqtWwup.exe
  C:\Windows\System\xqtWwup.exe
  2⤵
  PID:6044
- C:\Windows\System\pqCNyGi.exe
  C:\Windows\System\pqCNyGi.exe
  2⤵
  PID:6160
- C:\Windows\System\PcoGBcQ.exe
  C:\Windows\System\PcoGBcQ.exe
  2⤵
  PID:6180
- C:\Windows\System\bUSJhCO.exe
  C:\Windows\System\bUSJhCO.exe
  2⤵
  PID:6200
- C:\Windows\System\IBUzrIS.exe
  C:\Windows\System\IBUzrIS.exe
  2⤵
  PID:6224
- C:\Windows\System\STVUkYD.exe
  C:\Windows\System\STVUkYD.exe
  2⤵
  PID:6244
- C:\Windows\System\oLgFkGP.exe
  C:\Windows\System\oLgFkGP.exe
  2⤵
  PID:6264
- C:\Windows\System\PWtBQjO.exe
  C:\Windows\System\PWtBQjO.exe
  2⤵
  PID:6284
- C:\Windows\System\FvaWLTH.exe
  C:\Windows\System\FvaWLTH.exe
  2⤵
  PID:6304
- C:\Windows\System\jjFrqQG.exe
  C:\Windows\System\jjFrqQG.exe
  2⤵
  PID:6320
- C:\Windows\System\XXAgFSm.exe
  C:\Windows\System\XXAgFSm.exe
  2⤵
  PID:6344
- C:\Windows\System\btaHyMr.exe
  C:\Windows\System\btaHyMr.exe
  2⤵
  PID:6364
- C:\Windows\System\LpssfYA.exe
  C:\Windows\System\LpssfYA.exe
  2⤵
  PID:6384
- C:\Windows\System\hXIkTVZ.exe
  C:\Windows\System\hXIkTVZ.exe
  2⤵
  PID:6404
- C:\Windows\System\GioZaDa.exe
  C:\Windows\System\GioZaDa.exe
  2⤵
  PID:6424
- C:\Windows\System\hoGdTzj.exe
  C:\Windows\System\hoGdTzj.exe
  2⤵
  PID:6444
- C:\Windows\System\nEssGlr.exe
  C:\Windows\System\nEssGlr.exe
  2⤵
  PID:6464
- C:\Windows\System\hroWgML.exe
  C:\Windows\System\hroWgML.exe
  2⤵
  PID:6484
- C:\Windows\System\rBjfyAM.exe
  C:\Windows\System\rBjfyAM.exe
  2⤵
  PID:6504
- C:\Windows\System\wxLqWGn.exe
  C:\Windows\System\wxLqWGn.exe
  2⤵
  PID:6520
- C:\Windows\System\hPBbkbX.exe
  C:\Windows\System\hPBbkbX.exe
  2⤵
  PID:6544
- C:\Windows\System\BGsXPUI.exe
  C:\Windows\System\BGsXPUI.exe
  2⤵
  PID:6560
- C:\Windows\System\ocNPXQM.exe
  C:\Windows\System\ocNPXQM.exe
  2⤵
  PID:6584
- C:\Windows\System\qtozSzF.exe
  C:\Windows\System\qtozSzF.exe
  2⤵
  PID:6600
- C:\Windows\System\IGnuQuq.exe
  C:\Windows\System\IGnuQuq.exe
  2⤵
  PID:6624
- C:\Windows\System\NsnlMMZ.exe
  C:\Windows\System\NsnlMMZ.exe
  2⤵
  PID:6648
- C:\Windows\System\mdffkGC.exe
  C:\Windows\System\mdffkGC.exe
  2⤵
  PID:6668
- C:\Windows\System\DOeUitV.exe
  C:\Windows\System\DOeUitV.exe
  2⤵
  PID:6688
- C:\Windows\System\Zsvggfn.exe
  C:\Windows\System\Zsvggfn.exe
  2⤵
  PID:6704
- C:\Windows\System\SPIdeGf.exe
  C:\Windows\System\SPIdeGf.exe
  2⤵
  PID:6724
- C:\Windows\System\aqorzFN.exe
  C:\Windows\System\aqorzFN.exe
  2⤵
  PID:6748
- C:\Windows\System\CCPjjTw.exe
  C:\Windows\System\CCPjjTw.exe
  2⤵
  PID:6764
- C:\Windows\System\AYeFFNV.exe
  C:\Windows\System\AYeFFNV.exe
  2⤵
  PID:6788
- C:\Windows\System\WksFwPB.exe
  C:\Windows\System\WksFwPB.exe
  2⤵
  PID:6804
- C:\Windows\System\zHjrfwI.exe
  C:\Windows\System\zHjrfwI.exe
  2⤵
  PID:6828
- C:\Windows\System\beZWoek.exe
  C:\Windows\System\beZWoek.exe
  2⤵
  PID:6844
- C:\Windows\System\qRuRdDT.exe
  C:\Windows\System\qRuRdDT.exe
  2⤵
  PID:6860
- C:\Windows\System\YxfmGSi.exe
  C:\Windows\System\YxfmGSi.exe
  2⤵
  PID:6884
- C:\Windows\System\yxvZXXp.exe
  C:\Windows\System\yxvZXXp.exe
  2⤵
  PID:6904
- C:\Windows\System\WDiwYbL.exe
  C:\Windows\System\WDiwYbL.exe
  2⤵
  PID:6924
- C:\Windows\System\ZbbHxeL.exe
  C:\Windows\System\ZbbHxeL.exe
  2⤵
  PID:6948
- C:\Windows\System\OpKZoBC.exe
  C:\Windows\System\OpKZoBC.exe
  2⤵
  PID:6964
- C:\Windows\System\wdmQbOp.exe
  C:\Windows\System\wdmQbOp.exe
  2⤵
  PID:6984
- C:\Windows\System\zlZgJoW.exe
  C:\Windows\System\zlZgJoW.exe
  2⤵
  PID:7004
- C:\Windows\System\sJvqGhR.exe
  C:\Windows\System\sJvqGhR.exe
  2⤵
  PID:7028
- C:\Windows\System\jfWmEXF.exe
  C:\Windows\System\jfWmEXF.exe
  2⤵
  PID:7044
- C:\Windows\System\GPuNOuW.exe
  C:\Windows\System\GPuNOuW.exe
  2⤵
  PID:7060
- C:\Windows\System\lysfymA.exe
  C:\Windows\System\lysfymA.exe
  2⤵
  PID:7084
- C:\Windows\System\eVHXKGB.exe
  C:\Windows\System\eVHXKGB.exe
  2⤵
  PID:7100
- C:\Windows\System\ZbNydJN.exe
  C:\Windows\System\ZbNydJN.exe
  2⤵
  PID:7120
- C:\Windows\System\NAqdvyy.exe
  C:\Windows\System\NAqdvyy.exe
  2⤵
  PID:7136
- C:\Windows\System\qyacbYX.exe
  C:\Windows\System\qyacbYX.exe
  2⤵
  PID:7164
- C:\Windows\System\qlNFJen.exe
  C:\Windows\System\qlNFJen.exe
  2⤵
  PID:3952
- C:\Windows\System\HDndAMT.exe
  C:\Windows\System\HDndAMT.exe
  2⤵
  PID:4928
- C:\Windows\System\jhtpHPP.exe
  C:\Windows\System\jhtpHPP.exe
  2⤵
  PID:5564
- C:\Windows\System\ibZnuub.exe
  C:\Windows\System\ibZnuub.exe
  2⤵
  PID:5572
- C:\Windows\System\wHkIRUA.exe
  C:\Windows\System\wHkIRUA.exe
  2⤵
  PID:6072
- C:\Windows\System\eEWoLpU.exe
  C:\Windows\System\eEWoLpU.exe
  2⤵
  PID:6208
- C:\Windows\System\csKsGRF.exe
  C:\Windows\System\csKsGRF.exe
  2⤵
  PID:2712
- C:\Windows\System\faThVWv.exe
  C:\Windows\System\faThVWv.exe
  2⤵
  PID:6188
- C:\Windows\System\zhCWTgp.exe
  C:\Windows\System\zhCWTgp.exe
  2⤵
  PID:6240
- C:\Windows\System\NJIKoEq.exe
  C:\Windows\System\NJIKoEq.exe
  2⤵
  PID:6300
- C:\Windows\System\tlMssEP.exe
  C:\Windows\System\tlMssEP.exe
  2⤵
  PID:6332
- C:\Windows\System\inSHyci.exe
  C:\Windows\System\inSHyci.exe
  2⤵
  PID:6372
- C:\Windows\System\yzBbrbp.exe
  C:\Windows\System\yzBbrbp.exe
  2⤵
  PID:6352
- C:\Windows\System\uaoeoFY.exe
  C:\Windows\System\uaoeoFY.exe
  2⤵
  PID:6400
- C:\Windows\System\ebkeOJw.exe
  C:\Windows\System\ebkeOJw.exe
  2⤵
  PID:6456
- C:\Windows\System\XjLUGFX.exe
  C:\Windows\System\XjLUGFX.exe
  2⤵
  PID:6472
- C:\Windows\System\tgffLib.exe
  C:\Windows\System\tgffLib.exe
  2⤵
  PID:6528
- C:\Windows\System\fGRlcRg.exe
  C:\Windows\System\fGRlcRg.exe
  2⤵
  PID:6556
- C:\Windows\System\njROZpk.exe
  C:\Windows\System\njROZpk.exe
  2⤵
  PID:6596
- C:\Windows\System\KaKeMhq.exe
  C:\Windows\System\KaKeMhq.exe
  2⤵
  PID:6632
- C:\Windows\System\URESkHu.exe
  C:\Windows\System\URESkHu.exe
  2⤵
  PID:6744
- C:\Windows\System\OYamNHY.exe
  C:\Windows\System\OYamNHY.exe
  2⤵
  PID:6784
- C:\Windows\System\HBVzHll.exe
  C:\Windows\System\HBVzHll.exe
  2⤵
  PID:6812
- C:\Windows\System\nEmZaVY.exe
  C:\Windows\System\nEmZaVY.exe
  2⤵
  PID:6852
- C:\Windows\System\pCBjnlT.exe
  C:\Windows\System\pCBjnlT.exe
  2⤵
  PID:6892
- C:\Windows\System\oUJLLCc.exe
  C:\Windows\System\oUJLLCc.exe
  2⤵
  PID:6944
- C:\Windows\System\wRMNimc.exe
  C:\Windows\System\wRMNimc.exe
  2⤵
  PID:6872
- C:\Windows\System\RcpgEfq.exe
  C:\Windows\System\RcpgEfq.exe
  2⤵
  PID:6976
- C:\Windows\System\VWlvRIy.exe
  C:\Windows\System\VWlvRIy.exe
  2⤵
  PID:7024
- C:\Windows\System\fZtqKiF.exe
  C:\Windows\System\fZtqKiF.exe
  2⤵
  PID:6912
- C:\Windows\System\ImxTScF.exe
  C:\Windows\System\ImxTScF.exe
  2⤵
  PID:7092
- C:\Windows\System\PxCIpHx.exe
  C:\Windows\System\PxCIpHx.exe
  2⤵
  PID:7132
- C:\Windows\System\jAneITt.exe
  C:\Windows\System\jAneITt.exe
  2⤵
  PID:5908
- C:\Windows\System\NaUjPvh.exe
  C:\Windows\System\NaUjPvh.exe
  2⤵
  PID:7040
- C:\Windows\System\wFlGsNy.exe
  C:\Windows\System\wFlGsNy.exe
  2⤵
  PID:5752
- C:\Windows\System\MNnzECR.exe
  C:\Windows\System\MNnzECR.exe
  2⤵
  PID:7076
- C:\Windows\System\wMIjcLH.exe
  C:\Windows\System\wMIjcLH.exe
  2⤵
  PID:7156
- C:\Windows\System\aANIvmK.exe
  C:\Windows\System\aANIvmK.exe
  2⤵
  PID:4664
- C:\Windows\System\ajuvNBa.exe
  C:\Windows\System\ajuvNBa.exe
  2⤵
  PID:6192
- C:\Windows\System\tWPsEQS.exe
  C:\Windows\System\tWPsEQS.exe
  2⤵
  PID:6176
- C:\Windows\System\HCWxvuz.exe
  C:\Windows\System\HCWxvuz.exe
  2⤵
  PID:6328
- C:\Windows\System\MKfIkaW.exe
  C:\Windows\System\MKfIkaW.exe
  2⤵
  PID:6376
- C:\Windows\System\eTprCYd.exe
  C:\Windows\System\eTprCYd.exe
  2⤵
  PID:2332
- C:\Windows\System\QywmZgS.exe
  C:\Windows\System\QywmZgS.exe
  2⤵
  PID:6460
- C:\Windows\System\XthwbDF.exe
  C:\Windows\System\XthwbDF.exe
  2⤵
  PID:6272
- C:\Windows\System\Kpqpvdn.exe
  C:\Windows\System\Kpqpvdn.exe
  2⤵
  PID:6476
- C:\Windows\System\icFYqMf.exe
  C:\Windows\System\icFYqMf.exe
  2⤵
  PID:6580
- C:\Windows\System\sDDuLfb.exe
  C:\Windows\System\sDDuLfb.exe
  2⤵
  PID:6640
- C:\Windows\System\SadUuPh.exe
  C:\Windows\System\SadUuPh.exe
  2⤵
  PID:6620
- C:\Windows\System\vwjmVpH.exe
  C:\Windows\System\vwjmVpH.exe
  2⤵
  PID:6700
- C:\Windows\System\tychNMH.exe
  C:\Windows\System\tychNMH.exe
  2⤵
  PID:1860
- C:\Windows\System\iayDXNq.exe
  C:\Windows\System\iayDXNq.exe
  2⤵
  PID:6660
- C:\Windows\System\dreDHes.exe
  C:\Windows\System\dreDHes.exe
  2⤵
  PID:6800
- C:\Windows\System\OldGqYT.exe
  C:\Windows\System\OldGqYT.exe
  2⤵
  PID:1724
- C:\Windows\System\OjieZKA.exe
  C:\Windows\System\OjieZKA.exe
  2⤵
  PID:2380
- C:\Windows\System\qkwMZqL.exe
  C:\Windows\System\qkwMZqL.exe
  2⤵
  PID:6868
- C:\Windows\System\vZOegzH.exe
  C:\Windows\System\vZOegzH.exe
  2⤵
  PID:6996
- C:\Windows\System\jXMqWQK.exe
  C:\Windows\System\jXMqWQK.exe
  2⤵
  PID:2196
- C:\Windows\System\aYBzAVz.exe
  C:\Windows\System\aYBzAVz.exe
  2⤵
  PID:5712
- C:\Windows\System\EHQWrRk.exe
  C:\Windows\System\EHQWrRk.exe
  2⤵
  PID:7036
- C:\Windows\System\nUbIVaE.exe
  C:\Windows\System\nUbIVaE.exe
  2⤵
  PID:2108
- C:\Windows\System\OJeSzFp.exe
  C:\Windows\System\OJeSzFp.exe
  2⤵
  PID:5428
- C:\Windows\System\onFZgZV.exe
  C:\Windows\System\onFZgZV.exe
  2⤵
  PID:5792
- C:\Windows\System\qtGOkYa.exe
  C:\Windows\System\qtGOkYa.exe
  2⤵
  PID:6152
- C:\Windows\System\nfLABUe.exe
  C:\Windows\System\nfLABUe.exe
  2⤵
  PID:2816
- C:\Windows\System\hnbEMsf.exe
  C:\Windows\System\hnbEMsf.exe
  2⤵
  PID:6196
- C:\Windows\System\fUYMwmW.exe
  C:\Windows\System\fUYMwmW.exe
  2⤵
  PID:6452
- C:\Windows\System\VbzQXda.exe
  C:\Windows\System\VbzQXda.exe
  2⤵
  PID:852
- C:\Windows\System\QnfmGUv.exe
  C:\Windows\System\QnfmGUv.exe
  2⤵
  PID:1416
- C:\Windows\System\IrRgFsz.exe
  C:\Windows\System\IrRgFsz.exe
  2⤵
  PID:2424
- C:\Windows\System\aSlfzVY.exe
  C:\Windows\System\aSlfzVY.exe
  2⤵
  PID:6612
- C:\Windows\System\wCvImqL.exe
  C:\Windows\System\wCvImqL.exe
  2⤵
  PID:6820
- C:\Windows\System\FGLwAHg.exe
  C:\Windows\System\FGLwAHg.exe
  2⤵
  PID:1544
- C:\Windows\System\AqIhvYH.exe
  C:\Windows\System\AqIhvYH.exe
  2⤵
  PID:2348
- C:\Windows\System\jVbauPL.exe
  C:\Windows\System\jVbauPL.exe
  2⤵
  PID:7056
- C:\Windows\System\kIbWgbV.exe
  C:\Windows\System\kIbWgbV.exe
  2⤵
  PID:7112
- C:\Windows\System\PRMQVHl.exe
  C:\Windows\System\PRMQVHl.exe
  2⤵
  PID:7152
- C:\Windows\System\GkWifiT.exe
  C:\Windows\System\GkWifiT.exe
  2⤵
  PID:2516
- C:\Windows\System\NGKVLxx.exe
  C:\Windows\System\NGKVLxx.exe
  2⤵
  PID:5972
- C:\Windows\System\RKOMjuI.exe
  C:\Windows\System\RKOMjuI.exe
  2⤵
  PID:3852
- C:\Windows\System\RCPWgnt.exe
  C:\Windows\System\RCPWgnt.exe
  2⤵
  PID:6280
- C:\Windows\System\xNQxmhx.exe
  C:\Windows\System\xNQxmhx.exe
  2⤵
  PID:1968
- C:\Windows\System\aBhzjkP.exe
  C:\Windows\System\aBhzjkP.exe
  2⤵
  PID:3856
- C:\Windows\System\jcMPOfL.exe
  C:\Windows\System\jcMPOfL.exe
  2⤵
  PID:6720
- C:\Windows\System\DrgnvCF.exe
  C:\Windows\System\DrgnvCF.exe
  2⤵
  PID:6576
- C:\Windows\System\wUsNWAj.exe
  C:\Windows\System\wUsNWAj.exe
  2⤵
  PID:2100
- C:\Windows\System\EIcgAuv.exe
  C:\Windows\System\EIcgAuv.exe
  2⤵
  PID:6616
- C:\Windows\System\UPoMidq.exe
  C:\Windows\System\UPoMidq.exe
  2⤵
  PID:2496
- C:\Windows\System\KKDdkft.exe
  C:\Windows\System\KKDdkft.exe
  2⤵
  PID:7144
- C:\Windows\System\YqEreDg.exe
  C:\Windows\System\YqEreDg.exe
  2⤵
  PID:6496
- C:\Windows\System\FOdkSyo.exe
  C:\Windows\System\FOdkSyo.exe
  2⤵
  PID:2204
- C:\Windows\System\nfWSxdT.exe
  C:\Windows\System\nfWSxdT.exe
  2⤵
  PID:6440
- C:\Windows\System\tJgvUBp.exe
  C:\Windows\System\tJgvUBp.exe
  2⤵
  PID:6776
- C:\Windows\System\LcSVEwO.exe
  C:\Windows\System\LcSVEwO.exe
  2⤵
  PID:2064
- C:\Windows\System\PrAkoeK.exe
  C:\Windows\System\PrAkoeK.exe
  2⤵
  PID:3636
- C:\Windows\System\HSvDvni.exe
  C:\Windows\System\HSvDvni.exe
  2⤵
  PID:3012
- C:\Windows\System\QDOsEeR.exe
  C:\Windows\System\QDOsEeR.exe
  2⤵
  PID:5964
- C:\Windows\System\NXfpakN.exe
  C:\Windows\System\NXfpakN.exe
  2⤵
  PID:6664
- C:\Windows\System\vZsupCa.exe
  C:\Windows\System\vZsupCa.exe
  2⤵
  PID:6732
- C:\Windows\System\tQrugRT.exe
  C:\Windows\System\tQrugRT.exe
  2⤵
  PID:2632
- C:\Windows\System\xCoKjuE.exe
  C:\Windows\System\xCoKjuE.exe
  2⤵
  PID:7180
- C:\Windows\System\KyGSomw.exe
  C:\Windows\System\KyGSomw.exe
  2⤵
  PID:7200
- C:\Windows\System\nlHsZuN.exe
  C:\Windows\System\nlHsZuN.exe
  2⤵
  PID:7216
- C:\Windows\System\VGSZwlX.exe
  C:\Windows\System\VGSZwlX.exe
  2⤵
  PID:7232
- C:\Windows\System\HOVhKhJ.exe
  C:\Windows\System\HOVhKhJ.exe
  2⤵
  PID:7252
- C:\Windows\System\AKwDJRO.exe
  C:\Windows\System\AKwDJRO.exe
  2⤵
  PID:7268
- C:\Windows\System\ifBOHbY.exe
  C:\Windows\System\ifBOHbY.exe
  2⤵
  PID:7284
- C:\Windows\System\BEiFcFm.exe
  C:\Windows\System\BEiFcFm.exe
  2⤵
  PID:7300
- C:\Windows\System\OfXVMVZ.exe
  C:\Windows\System\OfXVMVZ.exe
  2⤵
  PID:7316
- C:\Windows\System\uIANmoD.exe
  C:\Windows\System\uIANmoD.exe
  2⤵
  PID:7332
- C:\Windows\System\uRcTcvr.exe
  C:\Windows\System\uRcTcvr.exe
  2⤵
  PID:7348
- C:\Windows\System\SskaZgT.exe
  C:\Windows\System\SskaZgT.exe
  2⤵
  PID:7364
- C:\Windows\System\moUMDDw.exe
  C:\Windows\System\moUMDDw.exe
  2⤵
  PID:7380
- C:\Windows\System\YTshbaV.exe
  C:\Windows\System\YTshbaV.exe
  2⤵
  PID:7396
- C:\Windows\System\bVoKwVP.exe
  C:\Windows\System\bVoKwVP.exe
  2⤵
  PID:7420
- C:\Windows\System\lbSWXza.exe
  C:\Windows\System\lbSWXza.exe
  2⤵
  PID:7436
- C:\Windows\System\VwDSsAF.exe
  C:\Windows\System\VwDSsAF.exe
  2⤵
  PID:7452
- C:\Windows\System\ystDlda.exe
  C:\Windows\System\ystDlda.exe
  2⤵
  PID:7468
- C:\Windows\System\VTgxhtP.exe
  C:\Windows\System\VTgxhtP.exe
  2⤵
  PID:7484
- C:\Windows\System\RUKeMrF.exe
  C:\Windows\System\RUKeMrF.exe
  2⤵
  PID:7500
- C:\Windows\System\xYuuIxY.exe
  C:\Windows\System\xYuuIxY.exe
  2⤵
  PID:7516
- C:\Windows\System\oTRXjHM.exe
  C:\Windows\System\oTRXjHM.exe
  2⤵
  PID:7532
- C:\Windows\System\NlglrFW.exe
  C:\Windows\System\NlglrFW.exe
  2⤵
  PID:7548
- C:\Windows\System\GTxIyhu.exe
  C:\Windows\System\GTxIyhu.exe
  2⤵
  PID:7564
- C:\Windows\System\BXxMThz.exe
  C:\Windows\System\BXxMThz.exe
  2⤵
  PID:7580
- C:\Windows\System\bOvZiaz.exe
  C:\Windows\System\bOvZiaz.exe
  2⤵
  PID:7596
- C:\Windows\System\feCsoOE.exe
  C:\Windows\System\feCsoOE.exe
  2⤵
  PID:7612
- C:\Windows\System\LJcvobZ.exe
  C:\Windows\System\LJcvobZ.exe
  2⤵
  PID:7628
- C:\Windows\System\MLiKWeU.exe
  C:\Windows\System\MLiKWeU.exe
  2⤵
  PID:7644
- C:\Windows\System\RYRFWjL.exe
  C:\Windows\System\RYRFWjL.exe
  2⤵
  PID:7660
- C:\Windows\System\WZQDqxs.exe
  C:\Windows\System\WZQDqxs.exe
  2⤵
  PID:7676
- C:\Windows\System\MpFxlxr.exe
  C:\Windows\System\MpFxlxr.exe
  2⤵
  PID:7692
- C:\Windows\System\VAcyXXu.exe
  C:\Windows\System\VAcyXXu.exe
  2⤵
  PID:7708
- C:\Windows\System\elMRBwF.exe
  C:\Windows\System\elMRBwF.exe
  2⤵
  PID:7724
- C:\Windows\System\eQxnTTY.exe
  C:\Windows\System\eQxnTTY.exe
  2⤵
  PID:7740
- C:\Windows\System\mfxwSco.exe
  C:\Windows\System\mfxwSco.exe
  2⤵
  PID:7756
- C:\Windows\System\HpoWqTR.exe
  C:\Windows\System\HpoWqTR.exe
  2⤵
  PID:7772
- C:\Windows\System\YxySCaV.exe
  C:\Windows\System\YxySCaV.exe
  2⤵
  PID:7792
- C:\Windows\System\LAlgpmJ.exe
  C:\Windows\System\LAlgpmJ.exe
  2⤵
  PID:7808
- C:\Windows\System\BoEtcXO.exe
  C:\Windows\System\BoEtcXO.exe
  2⤵
  PID:7824
- C:\Windows\System\RTEcGpt.exe
  C:\Windows\System\RTEcGpt.exe
  2⤵
  PID:7840
- C:\Windows\System\mxgycTM.exe
  C:\Windows\System\mxgycTM.exe
  2⤵
  PID:7856
- C:\Windows\System\iartLPP.exe
  C:\Windows\System\iartLPP.exe
  2⤵
  PID:7872
- C:\Windows\System\jZwtqRO.exe
  C:\Windows\System\jZwtqRO.exe
  2⤵
  PID:7888
- C:\Windows\System\IGeNDxe.exe
  C:\Windows\System\IGeNDxe.exe
  2⤵
  PID:7904
- C:\Windows\System\tFoyTHn.exe
  C:\Windows\System\tFoyTHn.exe
  2⤵
  PID:7920
- C:\Windows\System\vOFDjzj.exe
  C:\Windows\System\vOFDjzj.exe
  2⤵
  PID:7936
- C:\Windows\System\EtCcgKG.exe
  C:\Windows\System\EtCcgKG.exe
  2⤵
  PID:7952
- C:\Windows\System\cuvqOgA.exe
  C:\Windows\System\cuvqOgA.exe
  2⤵
  PID:7968
- C:\Windows\System\NOBncRl.exe
  C:\Windows\System\NOBncRl.exe
  2⤵
  PID:7984
- C:\Windows\System\yLFGJLi.exe
  C:\Windows\System\yLFGJLi.exe
  2⤵
  PID:8000
- C:\Windows\System\irBowrc.exe
  C:\Windows\System\irBowrc.exe
  2⤵
  PID:8016
- C:\Windows\System\NAMCXCt.exe
  C:\Windows\System\NAMCXCt.exe
  2⤵
  PID:8032
- C:\Windows\System\GIqhpen.exe
  C:\Windows\System\GIqhpen.exe
  2⤵
  PID:8048
- C:\Windows\System\aVVkoeO.exe
  C:\Windows\System\aVVkoeO.exe
  2⤵
  PID:8064
- C:\Windows\System\lxOAweK.exe
  C:\Windows\System\lxOAweK.exe
  2⤵
  PID:8080
- C:\Windows\System\ilupGRQ.exe
  C:\Windows\System\ilupGRQ.exe
  2⤵
  PID:8096
- C:\Windows\System\PXEsYvR.exe
  C:\Windows\System\PXEsYvR.exe
  2⤵
  PID:8112
- C:\Windows\System\DNrsann.exe
  C:\Windows\System\DNrsann.exe
  2⤵
  PID:8128
- C:\Windows\System\JoGgJlk.exe
  C:\Windows\System\JoGgJlk.exe
  2⤵
  PID:8144
- C:\Windows\System\UcgemvL.exe
  C:\Windows\System\UcgemvL.exe
  2⤵
  PID:8160
- C:\Windows\System\zoYkkoN.exe
  C:\Windows\System\zoYkkoN.exe
  2⤵
  PID:8176
- C:\Windows\System\uwUtowg.exe
  C:\Windows\System\uwUtowg.exe
  2⤵
  PID:2044
- C:\Windows\System\mOfsoZD.exe
  C:\Windows\System\mOfsoZD.exe
  2⤵
  PID:2476
- C:\Windows\System\jmiCuIB.exe
  C:\Windows\System\jmiCuIB.exe
  2⤵
  PID:6356
- C:\Windows\System\lrosTWZ.exe
  C:\Windows\System\lrosTWZ.exe
  2⤵
  PID:6436
- C:\Windows\System\GXDzAyJ.exe
  C:\Windows\System\GXDzAyJ.exe
  2⤵
  PID:7212
- C:\Windows\System\tPDQcFc.exe
  C:\Windows\System\tPDQcFc.exe
  2⤵
  PID:7276
- C:\Windows\System\DtAIbIR.exe
  C:\Windows\System\DtAIbIR.exe
  2⤵
  PID:7340
- C:\Windows\System\sKfpuDV.exe
  C:\Windows\System\sKfpuDV.exe
  2⤵
  PID:7376
- C:\Windows\System\kxWuxKZ.exe
  C:\Windows\System\kxWuxKZ.exe
  2⤵
  PID:7224
- C:\Windows\System\ueHkwXt.exe
  C:\Windows\System\ueHkwXt.exe
  2⤵
  PID:7292
- C:\Windows\System\HivPtol.exe
  C:\Windows\System\HivPtol.exe
  2⤵
  PID:7356
- C:\Windows\System\diuBQnG.exe
  C:\Windows\System\diuBQnG.exe
  2⤵
  PID:7432
- C:\Windows\System\TXWYyMm.exe
  C:\Windows\System\TXWYyMm.exe
  2⤵
  PID:7508
- C:\Windows\System\MOrpuDC.exe
  C:\Windows\System\MOrpuDC.exe
  2⤵
  PID:7524
- C:\Windows\System\NKMmSTC.exe
  C:\Windows\System\NKMmSTC.exe
  2⤵
  PID:7556
- C:\Windows\System\yoMAAdq.exe
  C:\Windows\System\yoMAAdq.exe
  2⤵
  PID:7588
- C:\Windows\System\kAdWgXw.exe
  C:\Windows\System\kAdWgXw.exe
  2⤵
  PID:7620
- C:\Windows\System\fwKtIXE.exe
  C:\Windows\System\fwKtIXE.exe
  2⤵
  PID:7652
- C:\Windows\System\amfNQFy.exe
  C:\Windows\System\amfNQFy.exe
  2⤵
  PID:7688
- C:\Windows\System\JOIHeuT.exe
  C:\Windows\System\JOIHeuT.exe
  2⤵
  PID:7720
- C:\Windows\System\iOofBza.exe
  C:\Windows\System\iOofBza.exe
  2⤵
  PID:7780
- C:\Windows\System\mEGmTeP.exe
  C:\Windows\System\mEGmTeP.exe
  2⤵
  PID:7836
- C:\Windows\System\ehZuRYv.exe
  C:\Windows\System\ehZuRYv.exe
  2⤵
  PID:7852
- C:\Windows\System\iXfKbFK.exe
  C:\Windows\System\iXfKbFK.exe
  2⤵
  PID:6880
- C:\Windows\System\QLWeECb.exe
  C:\Windows\System\QLWeECb.exe
  2⤵
  PID:7928
- C:\Windows\System\YmtyplS.exe
  C:\Windows\System\YmtyplS.exe
  2⤵
  PID:7948
- C:\Windows\System\gqRwUOP.exe
  C:\Windows\System\gqRwUOP.exe
  2⤵
  PID:8024
- C:\Windows\System\OaQUaQn.exe
  C:\Windows\System\OaQUaQn.exe
  2⤵
  PID:8044
- C:\Windows\System\nbZYLHz.exe
  C:\Windows\System\nbZYLHz.exe
  2⤵
  PID:8120
- C:\Windows\System\VdZwvdB.exe
  C:\Windows\System\VdZwvdB.exe
  2⤵
  PID:8104
- C:\Windows\System\TWYwcNr.exe
  C:\Windows\System\TWYwcNr.exe
  2⤵
  PID:8140
- C:\Windows\System\huNvsAA.exe
  C:\Windows\System\huNvsAA.exe
  2⤵
  PID:8172
- C:\Windows\System\XBXqRpX.exe
  C:\Windows\System\XBXqRpX.exe
  2⤵
  PID:6220
- C:\Windows\System\mmLZdKK.exe
  C:\Windows\System\mmLZdKK.exe
  2⤵
  PID:7176
- C:\Windows\System\QqmnjJV.exe
  C:\Windows\System\QqmnjJV.exe
  2⤵
  PID:7312
- C:\Windows\System\flIJSMY.exe
  C:\Windows\System\flIJSMY.exe
  2⤵
  PID:2296
- C:\Windows\System\rLoktkk.exe
  C:\Windows\System\rLoktkk.exe
  2⤵
  PID:7412
- C:\Windows\System\BopKNWp.exe
  C:\Windows\System\BopKNWp.exe
  2⤵
  PID:7448
- C:\Windows\System\lDJURnx.exe
  C:\Windows\System\lDJURnx.exe
  2⤵
  PID:7244
- C:\Windows\System\RTuwUjj.exe
  C:\Windows\System\RTuwUjj.exe
  2⤵
  PID:588
- C:\Windows\System\fNUNWeM.exe
  C:\Windows\System\fNUNWeM.exe
  2⤵
  PID:7264
- C:\Windows\System\tWVAlDy.exe
  C:\Windows\System\tWVAlDy.exe
  2⤵
  PID:7392
- C:\Windows\System\diPVuyd.exe
  C:\Windows\System\diPVuyd.exe
  2⤵
  PID:7544
- C:\Windows\System\McuCiAA.exe
  C:\Windows\System\McuCiAA.exe
  2⤵
  PID:1524
- C:\Windows\System\zaJKmUA.exe
  C:\Windows\System\zaJKmUA.exe
  2⤵
  PID:7560
- C:\Windows\System\GGcVFwv.exe
  C:\Windows\System\GGcVFwv.exe
  2⤵
  PID:7656
- C:\Windows\System\PAuAOQt.exe
  C:\Windows\System\PAuAOQt.exe
  2⤵
  PID:7800
- C:\Windows\System\BafRgAc.exe
  C:\Windows\System\BafRgAc.exe
  2⤵
  PID:1068
- C:\Windows\System\waqujEK.exe
  C:\Windows\System\waqujEK.exe
  2⤵
  PID:7912
- C:\Windows\System\XsgAkas.exe
  C:\Windows\System\XsgAkas.exe
  2⤵
  PID:7816
- C:\Windows\System\mSTrUgP.exe
  C:\Windows\System\mSTrUgP.exe
  2⤵
  PID:7916
- C:\Windows\System\KXfRrmm.exe
  C:\Windows\System\KXfRrmm.exe
  2⤵
  PID:3044
- C:\Windows\System\VQcmYVB.exe
  C:\Windows\System\VQcmYVB.exe
  2⤵
  PID:7992
- C:\Windows\System\JkIeqEa.exe
  C:\Windows\System\JkIeqEa.exe
  2⤵
  PID:8152
- C:\Windows\System\cMZgOdS.exe
  C:\Windows\System\cMZgOdS.exe
  2⤵
  PID:808
- C:\Windows\System\kHFZaPL.exe
  C:\Windows\System\kHFZaPL.exe
  2⤵
  PID:8056
- C:\Windows\System\yzSvLDi.exe
  C:\Windows\System\yzSvLDi.exe
  2⤵
  PID:8168
- C:\Windows\System\ORSJUNb.exe
  C:\Windows\System\ORSJUNb.exe
  2⤵
  PID:296
- C:\Windows\System\LhZlXgL.exe
  C:\Windows\System\LhZlXgL.exe
  2⤵
  PID:7188
- C:\Windows\System\XshzRfH.exe
  C:\Windows\System\XshzRfH.exe
  2⤵
  PID:7444
- C:\Windows\System\gvvhqqE.exe
  C:\Windows\System\gvvhqqE.exe
  2⤵
  PID:7428
- C:\Windows\System\YjgLpWp.exe
  C:\Windows\System\YjgLpWp.exe
  2⤵
  PID:7372
- C:\Windows\System\TpfsZID.exe
  C:\Windows\System\TpfsZID.exe
  2⤵
  PID:7528
- C:\Windows\System\ymXpdvW.exe
  C:\Windows\System\ymXpdvW.exe
  2⤵
  PID:7576
- C:\Windows\System\XlLjTCQ.exe
  C:\Windows\System\XlLjTCQ.exe
  2⤵
  PID:7700
- C:\Windows\System\ZGDvmKF.exe
  C:\Windows\System\ZGDvmKF.exe
  2⤵
  PID:7848
- C:\Windows\System\axmoPBS.exe
  C:\Windows\System\axmoPBS.exe
  2⤵
  PID:1612
- C:\Windows\System\DrxeKuP.exe
  C:\Windows\System\DrxeKuP.exe
  2⤵
  PID:7896
- C:\Windows\System\NbZnOgN.exe
  C:\Windows\System\NbZnOgN.exe
  2⤵
  PID:1204
- C:\Windows\System\XVuxCXw.exe
  C:\Windows\System\XVuxCXw.exe
  2⤵
  PID:7408
- C:\Windows\System\tSsYcdc.exe
  C:\Windows\System\tSsYcdc.exe
  2⤵
  PID:6756
- C:\Windows\System\aAwslrl.exe
  C:\Windows\System\aAwslrl.exe
  2⤵
  PID:6480
- C:\Windows\System\uizsgCU.exe
  C:\Windows\System\uizsgCU.exe
  2⤵
  PID:2976
- C:\Windows\System\NRQPaet.exe
  C:\Windows\System\NRQPaet.exe
  2⤵
  PID:7716
- C:\Windows\System\dhNDFnG.exe
  C:\Windows\System\dhNDFnG.exe
  2⤵
  PID:8028
- C:\Windows\System\nnxpurX.exe
  C:\Windows\System\nnxpurX.exe
  2⤵
  PID:8076
- C:\Windows\System\aqqGOUt.exe
  C:\Windows\System\aqqGOUt.exe
  2⤵
  PID:8196
- C:\Windows\System\IFUNHUK.exe
  C:\Windows\System\IFUNHUK.exe
  2⤵
  PID:8212
- C:\Windows\System\jZbxOxq.exe
  C:\Windows\System\jZbxOxq.exe
  2⤵
  PID:8228
- C:\Windows\System\ShtCIMM.exe
  C:\Windows\System\ShtCIMM.exe
  2⤵
  PID:8244
- C:\Windows\System\gJhpVRc.exe
  C:\Windows\System\gJhpVRc.exe
  2⤵
  PID:8260
- C:\Windows\System\ASeXybx.exe
  C:\Windows\System\ASeXybx.exe
  2⤵
  PID:8276
- C:\Windows\System\xAYnEQL.exe
  C:\Windows\System\xAYnEQL.exe
  2⤵
  PID:8292
- C:\Windows\System\HSgafUu.exe
  C:\Windows\System\HSgafUu.exe
  2⤵
  PID:8308
- C:\Windows\System\kLOxRXh.exe
  C:\Windows\System\kLOxRXh.exe
  2⤵
  PID:8324
- C:\Windows\System\EZcbQIl.exe
  C:\Windows\System\EZcbQIl.exe
  2⤵
  PID:8340
- C:\Windows\System\nJghHUk.exe
  C:\Windows\System\nJghHUk.exe
  2⤵
  PID:8356
- C:\Windows\System\xtsmKOw.exe
  C:\Windows\System\xtsmKOw.exe
  2⤵
  PID:8372
- C:\Windows\System\JthyRDX.exe
  C:\Windows\System\JthyRDX.exe
  2⤵
  PID:8388
- C:\Windows\System\gkZbyOE.exe
  C:\Windows\System\gkZbyOE.exe
  2⤵
  PID:8404
- C:\Windows\System\MjoLleq.exe
  C:\Windows\System\MjoLleq.exe
  2⤵
  PID:8420
- C:\Windows\System\tAyCYuN.exe
  C:\Windows\System\tAyCYuN.exe
  2⤵
  PID:8436
- C:\Windows\System\hTTKJxr.exe
  C:\Windows\System\hTTKJxr.exe
  2⤵
  PID:8452
- C:\Windows\System\QNvMppB.exe
  C:\Windows\System\QNvMppB.exe
  2⤵
  PID:8468
- C:\Windows\System\SUbxjQE.exe
  C:\Windows\System\SUbxjQE.exe
  2⤵
  PID:8484
- C:\Windows\System\aEbHhMA.exe
  C:\Windows\System\aEbHhMA.exe
  2⤵
  PID:8500
- C:\Windows\System\YkzcCeQ.exe
  C:\Windows\System\YkzcCeQ.exe
  2⤵
  PID:8516
- C:\Windows\System\HxFxVLj.exe
  C:\Windows\System\HxFxVLj.exe
  2⤵
  PID:8532
- C:\Windows\System\AgHaiNo.exe
  C:\Windows\System\AgHaiNo.exe
  2⤵
  PID:8548
- C:\Windows\System\qIzcwBi.exe
  C:\Windows\System\qIzcwBi.exe
  2⤵
  PID:8564
- C:\Windows\System\tztIbUM.exe
  C:\Windows\System\tztIbUM.exe
  2⤵
  PID:8580
- C:\Windows\System\lCDFXZS.exe
  C:\Windows\System\lCDFXZS.exe
  2⤵
  PID:8596
- C:\Windows\System\lcjFVje.exe
  C:\Windows\System\lcjFVje.exe
  2⤵
  PID:8612
- C:\Windows\System\fTEwFqd.exe
  C:\Windows\System\fTEwFqd.exe
  2⤵
  PID:8628
- C:\Windows\System\KmXpwTC.exe
  C:\Windows\System\KmXpwTC.exe
  2⤵
  PID:8648
- C:\Windows\System\cXPqLME.exe
  C:\Windows\System\cXPqLME.exe
  2⤵
  PID:8664
- C:\Windows\System\tyIEtyy.exe
  C:\Windows\System\tyIEtyy.exe
  2⤵
  PID:8680
- C:\Windows\System\dGdpkXi.exe
  C:\Windows\System\dGdpkXi.exe
  2⤵
  PID:8696
- C:\Windows\System\CruNgTx.exe
  C:\Windows\System\CruNgTx.exe
  2⤵
  PID:8712
- C:\Windows\System\HPWhbVt.exe
  C:\Windows\System\HPWhbVt.exe
  2⤵
  PID:8732
- C:\Windows\System\sRtaXMu.exe
  C:\Windows\System\sRtaXMu.exe
  2⤵
  PID:8748
- C:\Windows\System\PHLdvou.exe
  C:\Windows\System\PHLdvou.exe
  2⤵
  PID:8764
- C:\Windows\System\okfmBET.exe
  C:\Windows\System\okfmBET.exe
  2⤵
  PID:8780
- C:\Windows\System\CqaEYyg.exe
  C:\Windows\System\CqaEYyg.exe
  2⤵
  PID:8796
- C:\Windows\System\RWZtRaK.exe
  C:\Windows\System\RWZtRaK.exe
  2⤵
  PID:8812
- C:\Windows\System\BDQODYQ.exe
  C:\Windows\System\BDQODYQ.exe
  2⤵
  PID:8828
- C:\Windows\System\toJoHTM.exe
  C:\Windows\System\toJoHTM.exe
  2⤵
  PID:8844
- C:\Windows\System\yBpCfQg.exe
  C:\Windows\System\yBpCfQg.exe
  2⤵
  PID:8860
- C:\Windows\System\mYzFTlq.exe
  C:\Windows\System\mYzFTlq.exe
  2⤵
  PID:8876
- C:\Windows\System\IrvuvXP.exe
  C:\Windows\System\IrvuvXP.exe
  2⤵
  PID:8892
- C:\Windows\System\VgHJnhh.exe
  C:\Windows\System\VgHJnhh.exe
  2⤵
  PID:8908
- C:\Windows\System\iPXiaAW.exe
  C:\Windows\System\iPXiaAW.exe
  2⤵
  PID:8924
- C:\Windows\System\qFWaDZD.exe
  C:\Windows\System\qFWaDZD.exe
  2⤵
  PID:8940
- C:\Windows\System\VEWZToy.exe
  C:\Windows\System\VEWZToy.exe
  2⤵
  PID:8956
- C:\Windows\System\mWFbeUu.exe
  C:\Windows\System\mWFbeUu.exe
  2⤵
  PID:8972
- C:\Windows\System\nKPnFZv.exe
  C:\Windows\System\nKPnFZv.exe
  2⤵
  PID:8988
- C:\Windows\System\xgGplFy.exe
  C:\Windows\System\xgGplFy.exe
  2⤵
  PID:9004
- C:\Windows\System\aMlMmUr.exe
  C:\Windows\System\aMlMmUr.exe
  2⤵
  PID:9020
- C:\Windows\System\cFPhcBz.exe
  C:\Windows\System\cFPhcBz.exe
  2⤵
  PID:9036
- C:\Windows\System\gpgkxwF.exe
  C:\Windows\System\gpgkxwF.exe
  2⤵
  PID:9052
- C:\Windows\System\uyogoAX.exe
  C:\Windows\System\uyogoAX.exe
  2⤵
  PID:9068
- C:\Windows\System\ZJfbqsI.exe
  C:\Windows\System\ZJfbqsI.exe
  2⤵
  PID:9084
- C:\Windows\System\OrMBsNi.exe
  C:\Windows\System\OrMBsNi.exe
  2⤵
  PID:9100
- C:\Windows\System\NfonsYG.exe
  C:\Windows\System\NfonsYG.exe
  2⤵
  PID:9116
- C:\Windows\System\zqnnjCw.exe
  C:\Windows\System\zqnnjCw.exe
  2⤵
  PID:9132
- C:\Windows\System\ddLYwKl.exe
  C:\Windows\System\ddLYwKl.exe
  2⤵
  PID:9148
- C:\Windows\System\qtUHgjh.exe
  C:\Windows\System\qtUHgjh.exe
  2⤵
  PID:9172
- C:\Windows\System\QEqZwxY.exe
  C:\Windows\System\QEqZwxY.exe
  2⤵
  PID:9192
- C:\Windows\System\RRNEToq.exe
  C:\Windows\System\RRNEToq.exe
  2⤵
  PID:7464
- C:\Windows\System\UKzIBfR.exe
  C:\Windows\System\UKzIBfR.exe
  2⤵
  PID:8224
- C:\Windows\System\VRryGbN.exe
  C:\Windows\System\VRryGbN.exe
  2⤵
  PID:6552
- C:\Windows\System\yIWLmFW.exe
  C:\Windows\System\yIWLmFW.exe
  2⤵
  PID:8240
- C:\Windows\System\QIrjwiU.exe
  C:\Windows\System\QIrjwiU.exe
  2⤵
  PID:8304
- C:\Windows\System\GmJpTZe.exe
  C:\Windows\System\GmJpTZe.exe
  2⤵
  PID:8336
- C:\Windows\System\jQugLdm.exe
  C:\Windows\System\jQugLdm.exe
  2⤵
  PID:8400
- C:\Windows\System\tgalKng.exe
  C:\Windows\System\tgalKng.exe
  2⤵
  PID:8432
- C:\Windows\System\sWzuuqk.exe
  C:\Windows\System\sWzuuqk.exe
  2⤵
  PID:8496
- C:\Windows\System\chIpeOb.exe
  C:\Windows\System\chIpeOb.exe
  2⤵
  PID:8412
- C:\Windows\System\OcKCXiI.exe
  C:\Windows\System\OcKCXiI.exe
  2⤵
  PID:8384
- C:\Windows\System\XnEdpBT.exe
  C:\Windows\System\XnEdpBT.exe
  2⤵
  PID:8444
- C:\Windows\System\fkoEmcz.exe
  C:\Windows\System\fkoEmcz.exe
  2⤵
  PID:8508
- C:\Windows\System\terwVey.exe
  C:\Windows\System\terwVey.exe
  2⤵
  PID:8588
- C:\Windows\System\dVYvjxc.exe
  C:\Windows\System\dVYvjxc.exe
  2⤵
  PID:8572
- C:\Windows\System\IIecUbg.exe
  C:\Windows\System\IIecUbg.exe
  2⤵
  PID:8692
- C:\Windows\System\qsQPZxG.exe
  C:\Windows\System\qsQPZxG.exe
  2⤵
  PID:8724
- C:\Windows\System\LpvUPxV.exe
  C:\Windows\System\LpvUPxV.exe
  2⤵
  PID:8788
- C:\Windows\System\slWdqvK.exe
  C:\Windows\System\slWdqvK.exe
  2⤵
  PID:8640
- C:\Windows\System\FbItaAt.exe
  C:\Windows\System\FbItaAt.exe
  2⤵
  PID:8824
- C:\Windows\System\kMWysYc.exe
  C:\Windows\System\kMWysYc.exe
  2⤵
  PID:8888
- C:\Windows\System\xCMslnR.exe
  C:\Windows\System\xCMslnR.exe
  2⤵
  PID:8952
- C:\Windows\System\lxLqTbQ.exe
  C:\Windows\System\lxLqTbQ.exe
  2⤵
  PID:8740
- C:\Windows\System\rcnJDtu.exe
  C:\Windows\System\rcnJDtu.exe
  2⤵
  PID:8868
- C:\Windows\System\FHSeRMz.exe
  C:\Windows\System\FHSeRMz.exe
  2⤵
  PID:8968
- C:\Windows\System\VqPTiXy.exe
  C:\Windows\System\VqPTiXy.exe
  2⤵
  PID:8900
- C:\Windows\System\MDsQUvx.exe
  C:\Windows\System\MDsQUvx.exe
  2⤵
  PID:8996
- C:\Windows\System\fdkmtMf.exe
  C:\Windows\System\fdkmtMf.exe
  2⤵
  PID:9032
- C:\Windows\System\YjdNOdG.exe
  C:\Windows\System\YjdNOdG.exe
  2⤵
  PID:9076
- C:\Windows\System\bbltFtz.exe
  C:\Windows\System\bbltFtz.exe
  2⤵
  PID:9112
- C:\Windows\System\lIKZSgH.exe
  C:\Windows\System\lIKZSgH.exe
  2⤵
  PID:9096
- C:\Windows\System\CDAAyOD.exe
  C:\Windows\System\CDAAyOD.exe
  2⤵
  PID:9160
- C:\Windows\System\PyTAAsL.exe
  C:\Windows\System\PyTAAsL.exe
  2⤵
  PID:9180
- C:\Windows\System\qXjAgBq.exe
  C:\Windows\System\qXjAgBq.exe
  2⤵
  PID:7608
- C:\Windows\System\yIBydVz.exe
  C:\Windows\System\yIBydVz.exe
  2⤵
  PID:8208
- C:\Windows\System\FMuMUov.exe
  C:\Windows\System\FMuMUov.exe
  2⤵
  PID:9200
- C:\Windows\System\RZpsVEV.exe
  C:\Windows\System\RZpsVEV.exe
  2⤵
  PID:7752
- C:\Windows\System\uRarOKA.exe
  C:\Windows\System\uRarOKA.exe
  2⤵
  PID:8284
- C:\Windows\System\OhQxryO.exe
  C:\Windows\System\OhQxryO.exe
  2⤵
  PID:8396
- C:\Windows\System\cbpkWTa.exe
  C:\Windows\System\cbpkWTa.exe
  2⤵
  PID:8416
- C:\Windows\System\hnOJNcq.exe
  C:\Windows\System\hnOJNcq.exe
  2⤵
  PID:8660
- C:\Windows\System\MBePIfI.exe
  C:\Windows\System\MBePIfI.exe
  2⤵
  PID:8760
- C:\Windows\System\vWNPxTI.exe
  C:\Windows\System\vWNPxTI.exe
  2⤵
  PID:8920
- C:\Windows\System\bTMQTCa.exe
  C:\Windows\System\bTMQTCa.exe
  2⤵
  PID:8476
- C:\Windows\System\MKYBcZw.exe
  C:\Windows\System\MKYBcZw.exe
  2⤵
  PID:8840
- C:\Windows\System\ZjTRDKD.exe
  C:\Windows\System\ZjTRDKD.exe
  2⤵
  PID:9028
- C:\Windows\System\XUwLgfd.exe
  C:\Windows\System\XUwLgfd.exe
  2⤵
  PID:9156
- C:\Windows\System\BRPLUwn.exe
  C:\Windows\System\BRPLUwn.exe
  2⤵
  PID:8332
- C:\Windows\System\uTeheNS.exe
  C:\Windows\System\uTeheNS.exe
  2⤵
  PID:8480
- C:\Windows\System\qWEHOtL.exe
  C:\Windows\System\qWEHOtL.exe
  2⤵
  PID:8756
- C:\Windows\System\BmNbBFD.exe
  C:\Windows\System\BmNbBFD.exe
  2⤵
  PID:9012
- C:\Windows\System\whtRgIl.exe
  C:\Windows\System\whtRgIl.exe
  2⤵
  PID:8704
- C:\Windows\System\qxgyKMO.exe
  C:\Windows\System\qxgyKMO.exe
  2⤵
  PID:9048
- C:\Windows\System\zzosdMM.exe
  C:\Windows\System\zzosdMM.exe
  2⤵
  PID:8088
- C:\Windows\System\bwPnylc.exe
  C:\Windows\System\bwPnylc.exe
  2⤵
  PID:8936
- C:\Windows\System\tqAyaeL.exe
  C:\Windows\System\tqAyaeL.exe
  2⤵
  PID:9092
- C:\Windows\System\wvcVQSN.exe
  C:\Windows\System\wvcVQSN.exe
  2⤵
  PID:9212
- C:\Windows\System\RKBUYWv.exe
  C:\Windows\System\RKBUYWv.exe
  2⤵
  PID:8820
- C:\Windows\System\fbOpYxW.exe
  C:\Windows\System\fbOpYxW.exe
  2⤵
  PID:9128
- C:\Windows\System\VaXLlAz.exe
  C:\Windows\System\VaXLlAz.exe
  2⤵
  PID:8672
- C:\Windows\System\gFTJfgP.exe
  C:\Windows\System\gFTJfgP.exe
  2⤵
  PID:8528
- C:\Windows\System\dARjxnV.exe
  C:\Windows\System\dARjxnV.exe
  2⤵
  PID:9144
- C:\Windows\System\mblFupY.exe
  C:\Windows\System\mblFupY.exe
  2⤵
  PID:8300
- C:\Windows\System\atPCcZl.exe
  C:\Windows\System\atPCcZl.exe
  2⤵
  PID:8252
- C:\Windows\System\pFrnxrr.exe
  C:\Windows\System\pFrnxrr.exe
  2⤵
  PID:9228
- C:\Windows\System\UwyOVBm.exe
  C:\Windows\System\UwyOVBm.exe
  2⤵
  PID:9244
- C:\Windows\System\yJbMQYs.exe
  C:\Windows\System\yJbMQYs.exe
  2⤵
  PID:9260
- C:\Windows\System\swketfy.exe
  C:\Windows\System\swketfy.exe
  2⤵
  PID:9276
- C:\Windows\System\QdXlKJY.exe
  C:\Windows\System\QdXlKJY.exe
  2⤵
  PID:9292
- C:\Windows\System\vsfapsc.exe
  C:\Windows\System\vsfapsc.exe
  2⤵
  PID:9308
- C:\Windows\System\umbLeYv.exe
  C:\Windows\System\umbLeYv.exe
  2⤵
  PID:9328
- C:\Windows\System\gwquGhN.exe
  C:\Windows\System\gwquGhN.exe
  2⤵
  PID:9344
- C:\Windows\System\JOZCYju.exe
  C:\Windows\System\JOZCYju.exe
  2⤵
  PID:9360
- C:\Windows\System\pzvgOFT.exe
  C:\Windows\System\pzvgOFT.exe
  2⤵
  PID:9380
- C:\Windows\System\uCZQcjH.exe
  C:\Windows\System\uCZQcjH.exe
  2⤵
  PID:9396
- C:\Windows\System\rVSdANF.exe
  C:\Windows\System\rVSdANF.exe
  2⤵
  PID:9412
- C:\Windows\System\lxQuqFA.exe
  C:\Windows\System\lxQuqFA.exe
  2⤵
  PID:9428
- C:\Windows\System\utAceII.exe
  C:\Windows\System\utAceII.exe
  2⤵
  PID:9444
- C:\Windows\System\ZssfjcE.exe
  C:\Windows\System\ZssfjcE.exe
  2⤵
  PID:9460
- C:\Windows\System\CyOMWBv.exe
  C:\Windows\System\CyOMWBv.exe
  2⤵
  PID:9476
- C:\Windows\System\kNnAvOd.exe
  C:\Windows\System\kNnAvOd.exe
  2⤵
  PID:9492
- C:\Windows\System\QptumQM.exe
  C:\Windows\System\QptumQM.exe
  2⤵
  PID:9508
- C:\Windows\System\sLEWPXm.exe
  C:\Windows\System\sLEWPXm.exe
  2⤵
  PID:9524
- C:\Windows\System\mVqsapV.exe
  C:\Windows\System\mVqsapV.exe
  2⤵
  PID:9540
- C:\Windows\System\VvtbKdR.exe
  C:\Windows\System\VvtbKdR.exe
  2⤵
  PID:9556
- C:\Windows\System\ViGQwsO.exe
  C:\Windows\System\ViGQwsO.exe
  2⤵
  PID:9572
- C:\Windows\System\kJjkyxG.exe
  C:\Windows\System\kJjkyxG.exe
  2⤵
  PID:9588
- C:\Windows\System\GwmkWDk.exe
  C:\Windows\System\GwmkWDk.exe
  2⤵
  PID:9608
- C:\Windows\System\HOIYadT.exe
  C:\Windows\System\HOIYadT.exe
  2⤵
  PID:9624
- C:\Windows\System\AurqPho.exe
  C:\Windows\System\AurqPho.exe
  2⤵
  PID:9640
- C:\Windows\System\YoRvUEp.exe
  C:\Windows\System\YoRvUEp.exe
  2⤵
  PID:9656
- C:\Windows\System\hwSpFdU.exe
  C:\Windows\System\hwSpFdU.exe
  2⤵
  PID:9672
- C:\Windows\System\PdeahTj.exe
  C:\Windows\System\PdeahTj.exe
  2⤵
  PID:9688
- C:\Windows\System\vsfwUNV.exe
  C:\Windows\System\vsfwUNV.exe
  2⤵
  PID:9704
- C:\Windows\System\WqRFSmJ.exe
  C:\Windows\System\WqRFSmJ.exe
  2⤵
  PID:9720
- C:\Windows\System\rVqhaAh.exe
  C:\Windows\System\rVqhaAh.exe
  2⤵
  PID:9736
- C:\Windows\System\eboyxNH.exe
  C:\Windows\System\eboyxNH.exe
  2⤵
  PID:9752
- C:\Windows\System\CuWLlNs.exe
  C:\Windows\System\CuWLlNs.exe
  2⤵
  PID:9768
- C:\Windows\System\HCqItCU.exe
  C:\Windows\System\HCqItCU.exe
  2⤵
  PID:9784
- C:\Windows\System\LCkkoad.exe
  C:\Windows\System\LCkkoad.exe
  2⤵
  PID:9800
- C:\Windows\System\scJxYRO.exe
  C:\Windows\System\scJxYRO.exe
  2⤵
  PID:9816
- C:\Windows\System\yMHmIfG.exe
  C:\Windows\System\yMHmIfG.exe
  2⤵
  PID:9832
- C:\Windows\System\YBlfvsv.exe
  C:\Windows\System\YBlfvsv.exe
  2⤵
  PID:9848
- C:\Windows\System\pyfLBsS.exe
  C:\Windows\System\pyfLBsS.exe
  2⤵
  PID:9864
- C:\Windows\System\DJJWMEB.exe
  C:\Windows\System\DJJWMEB.exe
  2⤵
  PID:9880
- C:\Windows\System\yucgvWn.exe
  C:\Windows\System\yucgvWn.exe
  2⤵
  PID:9896
- C:\Windows\System\lQyQmOf.exe
  C:\Windows\System\lQyQmOf.exe
  2⤵
  PID:9912
- C:\Windows\System\iVdXTqc.exe
  C:\Windows\System\iVdXTqc.exe
  2⤵
  PID:9928
- C:\Windows\System\MmqCjih.exe
  C:\Windows\System\MmqCjih.exe
  2⤵
  PID:9944
- C:\Windows\System\OcVVOkr.exe
  C:\Windows\System\OcVVOkr.exe
  2⤵
  PID:9960
- C:\Windows\System\YmOVSKw.exe
  C:\Windows\System\YmOVSKw.exe
  2⤵
  PID:9976
- C:\Windows\System\TxgAbQD.exe
  C:\Windows\System\TxgAbQD.exe
  2⤵
  PID:9992
- C:\Windows\System\MRgBcYa.exe
  C:\Windows\System\MRgBcYa.exe
  2⤵
  PID:10008
- C:\Windows\System\jzqovWT.exe
  C:\Windows\System\jzqovWT.exe
  2⤵
  PID:10028
- C:\Windows\System\SGApfEd.exe
  C:\Windows\System\SGApfEd.exe
  2⤵
  PID:10044
- C:\Windows\System\StIddkL.exe
  C:\Windows\System\StIddkL.exe
  2⤵
  PID:10060
- C:\Windows\System\zlwmIvp.exe
  C:\Windows\System\zlwmIvp.exe
  2⤵
  PID:10076
- C:\Windows\System\mbqWMKN.exe
  C:\Windows\System\mbqWMKN.exe
  2⤵
  PID:10092
- C:\Windows\System\GFnZJty.exe
  C:\Windows\System\GFnZJty.exe
  2⤵
  PID:10108
- C:\Windows\System\SycTPoI.exe
  C:\Windows\System\SycTPoI.exe
  2⤵
  PID:10124
- C:\Windows\System\epiYXDy.exe
  C:\Windows\System\epiYXDy.exe
  2⤵
  PID:10144
- C:\Windows\System\tCHNbEg.exe
  C:\Windows\System\tCHNbEg.exe
  2⤵
  PID:10164
- C:\Windows\System\WESWwPa.exe
  C:\Windows\System\WESWwPa.exe
  2⤵
  PID:10184
- C:\Windows\System\iyFkxfM.exe
  C:\Windows\System\iyFkxfM.exe
  2⤵
  PID:10200
- C:\Windows\System\QaLzMyf.exe
  C:\Windows\System\QaLzMyf.exe
  2⤵
  PID:10220
- C:\Windows\System\yLMfKrC.exe
  C:\Windows\System\yLMfKrC.exe
  2⤵
  PID:8624
- C:\Windows\System\lgHTQbx.exe
  C:\Windows\System\lgHTQbx.exe
  2⤵
  PID:9268
- C:\Windows\System\fwBIMCg.exe
  C:\Windows\System\fwBIMCg.exe
  2⤵
  PID:8220
- C:\Windows\System\OCnMHRs.exe
  C:\Windows\System\OCnMHRs.exe
  2⤵
  PID:8604
- C:\Windows\System\bpwdnOp.exe
  C:\Windows\System\bpwdnOp.exe
  2⤵
  PID:9220
- C:\Windows\System\LNaLeEQ.exe
  C:\Windows\System\LNaLeEQ.exe
  2⤵
  PID:9288
- C:\Windows\System\XMPbqpK.exe
  C:\Windows\System\XMPbqpK.exe
  2⤵
  PID:9336
- C:\Windows\System\zVfiBkC.exe
  C:\Windows\System\zVfiBkC.exe
  2⤵
  PID:9376
- C:\Windows\System\GTLsTeu.exe
  C:\Windows\System\GTLsTeu.exe
  2⤵
  PID:9320
- C:\Windows\System\bbIVSdN.exe
  C:\Windows\System\bbIVSdN.exe
  2⤵
  PID:9468
- C:\Windows\System\rvPnAiA.exe
  C:\Windows\System\rvPnAiA.exe
  2⤵
  PID:9324
- C:\Windows\System\fWpNFiP.exe
  C:\Windows\System\fWpNFiP.exe
  2⤵
  PID:9532
- C:\Windows\System\oHLrXBU.exe
  C:\Windows\System\oHLrXBU.exe
  2⤵
  PID:9536
- C:\Windows\System\LopIhPb.exe
  C:\Windows\System\LopIhPb.exe
  2⤵
  PID:9616
- C:\Windows\System\YAmzXzb.exe
  C:\Windows\System\YAmzXzb.exe
  2⤵
  PID:9568
- C:\Windows\System\HRUoLqn.exe
  C:\Windows\System\HRUoLqn.exe
  2⤵
  PID:9580
- C:\Windows\System\NAbJPdu.exe
  C:\Windows\System\NAbJPdu.exe
  2⤵
  PID:9648
- C:\Windows\System\UhvesXC.exe
  C:\Windows\System\UhvesXC.exe
  2⤵
  PID:9696
- C:\Windows\System\oLPZOUv.exe
  C:\Windows\System\oLPZOUv.exe
  2⤵
  PID:9760
- C:\Windows\System\kUkLtmd.exe
  C:\Windows\System\kUkLtmd.exe
  2⤵
  PID:9680
- C:\Windows\System\wDfTzoI.exe
  C:\Windows\System\wDfTzoI.exe
  2⤵
  PID:9776
- C:\Windows\System\ANztrBp.exe
  C:\Windows\System\ANztrBp.exe
  2⤵
  PID:9856
- C:\Windows\System\trzgSFp.exe
  C:\Windows\System\trzgSFp.exe
  2⤵
  PID:9748
- C:\Windows\System\BoILkKF.exe
  C:\Windows\System\BoILkKF.exe
  2⤵
  PID:9872
- C:\Windows\System\myzYKMn.exe
  C:\Windows\System\myzYKMn.exe
  2⤵
  PID:9920
- C:\Windows\System\GAXNloR.exe
  C:\Windows\System\GAXNloR.exe
  2⤵
  PID:9956
- C:\Windows\System\JEoDBKP.exe
  C:\Windows\System\JEoDBKP.exe
  2⤵
  PID:10020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AZtCyxj.exe

Filesize
6.0MB

MD5
0e6ce57fabf7874ba578380afb13e66d

SHA1
1b6a62ddf0597d2810f168b980e0f7d428349176

SHA256
600e9eeada21147f7f53cd43fa2f025a22ef7a2daa9517f89fbd0602cf56ee5f

SHA512
0c13583142caf12e494707093614b721a3fb940b74418aed2efa17be0ad9dad41aa5445f4d9ab5c16407c3f2b3f690848be7dc3999281aee1e885cb3db00552f

Download Submit
C:\Windows\system\AiTnqnf.exe

Filesize
6.0MB

MD5
847161b7f14e89d16861ea8323d7ed1f

SHA1
9433bc9227a0193e04db261411cc221eb81285a1

SHA256
6b4ded2fad7fe69921ce418ce2a90b702319f2bb26135e8b6115a924f8b556c6

SHA512
c909a240de6a476681947a4a5d505d4bf5d325fb43b98c94e9694c3d8c6e77318f20ea76e486df94a4e20cd66041dd6c40f0dec4a05c8fbed6b3839c758d639e

Download Submit
C:\Windows\system\ArzQNks.exe

Filesize
6.0MB

MD5
82cee4f701d0c6c56be283fbb3601bd9

SHA1
bbcced8dbbb0e6078ba1d9214b9f2afeff53eb86

SHA256
38eb4985e5740d266c06d1f439b97a39a868c6b2e1629a919d05350ba390c3bf

SHA512
e54a8d6a84bf14372ef15073bc5f67353a02ec248185b6202ebd66e5c31dca8d6c592849eefb203fb0fc53d2d8d94b5722ce9f08d7e140b1f839e26d0c7aaa48

Download Submit
C:\Windows\system\BgAsiDp.exe

Filesize
6.0MB

MD5
3904382e1910b9c9fc476b647f2f606c

SHA1
4810fe8f04093889742f16d467471bc549286782

SHA256
fec3651225a1447ceb44f514867534a8f54b4ebb9a588653705a923fb4b76891

SHA512
db8738d3e7b35ac32c89103768831368a7cf34a0a8d09b4553018def6f384ad0fe9fe06494ff80965055c07de9c94a5a3417a416a331deec14a601eeb11e27d8

Download Submit
C:\Windows\system\DYHZQmQ.exe

Filesize
6.0MB

MD5
4a45cb030d458cba3f6cb1bd1dbb199b

SHA1
68a8ec3464c94d5020a31a6f3e0bff48a2e209b7

SHA256
ed50d97f8331b46af31c35073fb3837d74f8a486aa996a2db4f64886e143db8e

SHA512
0446750d20caba3819eb456099fab9f3ce903dfa5176b94e8092ef51cec5ea69412730f83df24e68d091c1ff5fa66a8d9f90c9e998c32b5c7a1701dd0ae067cc

Download Submit
C:\Windows\system\FjQPZzm.exe

Filesize
6.0MB

MD5
d2368e2bdc0ba644235422805ff59699

SHA1
f9954a03e606105440a7ed9597accaee0001f34a

SHA256
3c208b3cb81fc59a3d363f24b498849e513430cdc7017623c737319daa8c464c

SHA512
38653dd70f1ec00f362a5c9275d0f198e0858cda32317d52bddd54698679d41249d4eef425a4f17eee4f8268c5d5f90c64ecfa360db7480283a0f3a2069ececa

Download Submit
C:\Windows\system\MXoPlzU.exe

Filesize
6.0MB

MD5
69de6166147a37044808fda651b06bcb

SHA1
7b9027f8808fda78269b020da573fcd69c300342

SHA256
080aae03b45027626a3c78a037048f9bbcbfd4786db4c743434a2a1e43bea90f

SHA512
2df625b9823f54a342a31a468bb357ae424fd837229eabbb658427626001335ec0c6518b766e8b98d29026b60bc6808a9cb90fd18473a9bfb598f569c5c3d8d0

Download Submit
C:\Windows\system\NGjDGXP.exe

Filesize
6.0MB

MD5
22f1d5d9df5abc642397fd19a0e96256

SHA1
524f2471b61e9d6a392a32344f9ed3f2211b51d1

SHA256
c7cb8116c8f4d695db5e838ed887ea33acc070e22d7633e57bd0b31fe4676f7d

SHA512
44a2fcc643d665314b9102b9e171430147d4adea510534827256f6a94214a318d46c4527739713fe11506125d947ef27e10c5c90ab6cdf6216584063107541b1

Download Submit
C:\Windows\system\OkcoTts.exe

Filesize
6.0MB

MD5
db5222433deb5572636f74990c320069

SHA1
37e251969ba97ea405a58fa1dd0a6b342acc1cd9

SHA256
8da41bcb7a3651418ce406de293090ad82ff2f932bc567f44d5022e426fd2556

SHA512
34bce29da51667fefb4ea5731803df349baf1463103364c895af4a9dcbeed1470311d743a94fa742b53df0a14aeae7f6ad09cce91d78f8fbc6480c96f7892919

Download Submit
C:\Windows\system\RVWjOvp.exe

Filesize
6.0MB

MD5
e23b49400cf9203f892ffd3e59adeb25

SHA1
7df93040e1983dcfdfc9e9bdc9bc8de694c06074

SHA256
ec47f8e205d43418299ef0aa01f4a11fc91681187b25b9d4802560a611aa6fc2

SHA512
d352b26b52f3564228d67618ccf9a5bd78424d4d5cfd116efc4ba83107df84808cf9381ce92cb7a914e0e59df71257804880c9d65348f5f49d3b17813573436d

Download Submit
C:\Windows\system\SmOTiOs.exe

Filesize
6.0MB

MD5
d740e0f1aa844fb847d8379407e6044d

SHA1
71939dea35188ea73e88f90ef49b1f3bac1738df

SHA256
dc07b80e8c264e4e74e4185dbf6215dce081103583eea8f460c1202c1aa0771f

SHA512
a7ab9a331b8538c5d7ce7a6410c44bf42dc80eb1b6f89f2b2172e4d6850517161a7c7bbdea67f318a0772c74e7f32fb9bb2bea4a8b31a7d8391c5e16b3eeacc8

Download Submit
C:\Windows\system\Vcmjxch.exe

Filesize
6.0MB

MD5
d3e40bcad638b35caecd932d1e3e4b1a

SHA1
4b56df0ff17f35a4736e55135b119164e190e8b0

SHA256
01c546d41409e5a842250762ff73807aeb3a53c68c4dd84318451c766080379c

SHA512
661cdf09682113bd5d58f48f9dc68472873eeacbbc1191526f76051d6162898b167f0f6a167ed3c3bcd63053991ce4bb2030550993909a20abb2e4a16303a014

Download Submit
C:\Windows\system\WREetmk.exe

Filesize
6.0MB

MD5
b1f08f47086f217e6de28b492b6ea524

SHA1
a218d092823f2b9b4d20a880367bab793ceadb91

SHA256
bb29b60d2818c81c1c5ca89b1739937bf1569d72fac074192cb9d7d9deac29a8

SHA512
57de67b4f0eabe3b86c997047b3b8eef0d23a6da02c251a8b4cb62183ed9f954193ac484a23ac94a499de47778c94ea2289fbabc32bd9241880252ccd7d4fac6

Download Submit
C:\Windows\system\cEjNuGI.exe

Filesize
6.0MB

MD5
59b1836bcb946272f3d3b25d521e94af

SHA1
28d23d66b81b3029ad8b7167eaeac7713a645ada

SHA256
14ed6c06082dd600989abae1d65deef328b05e6869d419780c1d10a09807e41b

SHA512
faa3c3e36767f3750bded45b2bea69aa83f5db60aa4fb87ab999fd736b64d8df080848461f6edff89195ccf10a446f4ff51245c19e6d57a75102805cf7e41cd4

Download Submit
C:\Windows\system\gAMMsaq.exe

Filesize
6.0MB

MD5
d21a6cf55fde1086b138543648701b5f

SHA1
e4652f5d6aaf59578b55463d46b7976fc6e7af53

SHA256
f530a26e136ba3715267797f4fa78918b6a571760c4e8381bcfea596cfc59196

SHA512
51a0feab6213ef2d962edd384755f38c28b3ecf555bf229b6212139e19fe36717a9f8d8533d32e97d3746c945dad9c39e572bd97c706182b2b13fddfb637ca8a

Download Submit
C:\Windows\system\jlhvXPV.exe

Filesize
6.0MB

MD5
0de478ef5dac8aaa2859d540cccc6201

SHA1
d6789a830f36ac859455f802e170921fe20c7273

SHA256
d393ae7ce11b98fddb2407eb375b72e62ab3eec44f433a224e77f7e4239276e7

SHA512
a680153d7c0d7f01659b471ccec4a43a235e8d6fd9c9086e31cf1e251d589117e5b3e581568799ac4db989e6b0959bbea3ca07722ccd7cbf264f710e52538ce9

Download Submit
C:\Windows\system\lXxyRwC.exe

Filesize
6.0MB

MD5
6848a10df191c5070f21e6c31113b92f

SHA1
479acd962ee800e32c0545548744b114ad833472

SHA256
1d681dbd93eb264b99e5b4eccebedc5efce9e658be34872f3ab1a5ad8041894f

SHA512
c57c6b4ed098140b7c862f8b8c5de3b5097ec159c09cb3a66b688036ec1307492ac83a33f60893d425b6c4049a0cbcb1c98ceead031f2bcfd32e33b0630543a7

Download Submit
C:\Windows\system\mzdRYzt.exe

Filesize
6.0MB

MD5
a27450cc8ffb4f7011706825936acd13

SHA1
a49f7d199cb3fd06440391029b3f23b4e7eea16b

SHA256
f41d2501904d5942c9bebd717ea631a25c57c61cecf039bd9f164cfa3e9c1954

SHA512
dfe8c6beb746e283109acb29236fc6e5d14bb7ecd5dfee2109040daa738ef82bdbf1d81f92a11e9873b5317b49a8fc42f05ac0729c8369d36bddc5b7f021d20f

Download Submit
C:\Windows\system\oRiMJWe.exe

Filesize
6.0MB

MD5
8e1f84775cefd6fbfa32d0f94e604d75

SHA1
97de702f4a1b9e65c001a8ee6fe942fb70a62d53

SHA256
cb049207030add7ced57c9c7a19a399fcc4f8d1c3fa618ca76607a88b10d53ff

SHA512
5fdfefabe859964100e70cf865a1bddcc5f148e6182bb1850d7fc06b4782b81273ee09563f5c42aa54985b9432c40050e260a870b8bab560af8504697df587e0

Download Submit
C:\Windows\system\pBCwsEL.exe

Filesize
6.0MB

MD5
e38218e15b7173add80c6c6ee1f3c2d7

SHA1
f7c5d41928477446e80f273337d04bbf7b61f565

SHA256
f460f27a851f29ef267c345300ab4afa4a762d66acc8408b8b8dbb931ac43157

SHA512
6d35ce4c02764e5c14bf668c3d5c055ae3de2f340ee1d6383da5511f27b733c2c4578bda285966a158cf9c0dd944039576b6809c3cb071f9cee394459cbb806c

Download Submit
C:\Windows\system\rgCTikz.exe

Filesize
6.0MB

MD5
26ad092b3f01c6509714899b99af1314

SHA1
41ccebdd0f8a7671ba06458cf6b3b3661b4e015e

SHA256
4179ab71d36a6f4d7fb3be6da745c63c362c7a05db6833af06cb74616fd2f92f

SHA512
b04e22eabb914c15d8a5d3bc56ebdf453ffffc98ee6a5fbcae7592384fbcd16fca3f21f816d98b520bfc36db5be7bd697420c227e534cff5954c9564f090ca05

Download Submit
C:\Windows\system\rwhUMXJ.exe

Filesize
6.0MB

MD5
4780447296efb2c24f0eb8cf34acbd28

SHA1
68bc25cb4dd79508e2f331520b0b1c383fb067e9

SHA256
c37333e846554b07366f18968391806a0ad019b16cb58cf7f078d77d36583c95

SHA512
33ea455abe59c58f983ae6353959360aa8551e9b7df4c01f5f6de73dfa3daec15b6850ecbc4ae0cdfbb8a0ed8ed110ac2a75b00ed4112067a50991c6cab3d5d9

Download Submit
C:\Windows\system\usKacdd.exe

Filesize
6.0MB

MD5
287f31b8f7d73d5e5f7f54dfd6f27156

SHA1
7a5671e77584520437b3ce083296476be5f9fd83

SHA256
c88cee5a87e4ee40f6c65bb712167e53fb34c35cc9dc8f4f9ea6b605df5ef980

SHA512
58b3e66360d3f40b5052b44c32cc42ed9262181044cf69eedb3a55feadef7f457007ceaf10e0eea13590c53d560081cd0da98352121a519984b1e3621e758492

Download Submit
C:\Windows\system\vmgDjkq.exe

Filesize
6.0MB

MD5
042528b46598beb22aca89cc267fb9a0

SHA1
c3fbee8ac61f4d7acdd588675b7f7e16ae84dd80

SHA256
70f96cf035511fcd675ded988dc5c43413e6a8f3ff357653fdd476e26cd8a850

SHA512
8bd71fe0bf436592baf7a5204c0b83a33bb36c4be7ecdeff79caa7dab116e62efc29079c2d23296d863bc56d7363544f72eede8310ddf02e4b194704b14d4974

Download Submit
C:\Windows\system\wfdFEVK.exe

Filesize
6.0MB

MD5
b2537b62e392ad8b24fdbb79b658ee0c

SHA1
05c8387b602fa83425ebf554e4f22ab7c3958067

SHA256
ef86514d01760e45c2bba69d4e64dd174ae1b30fb32f6a2ce17659e33ed8990c

SHA512
803d01debbda367e19a7f9b85a1f95f37a68ce21c8a36f394249e4b56cc328aed09f5019b0c817ce65c03fea48605f713ebfa47e852878aef569b3cad61584aa

Download Submit
C:\Windows\system\ynGoKtn.exe

Filesize
6.0MB

MD5
221e7f803f5461adbef5c455f6d4b81e

SHA1
1af9de99849120d38df3c26f10be18c9b5067bf1

SHA256
c766127c98e0a0ffb6b867ccc3d68d11032b4034815e22f059485e0c6bf656bf

SHA512
b936e5743f78e1c4b5ee54fce1a31d99fccce1a11c84495b60636a0203906d1411f539cbd03112584fd70f94a4e8a372a56aca589e24585b193af957ac929df1

Download Submit
C:\Windows\system\ypCHXkC.exe

Filesize
6.0MB

MD5
a39c45b54d0404aa94f7965ce4e64d8f

SHA1
630ff728e1e8a778b44b365fa63623a1e96975af

SHA256
f2ef3ff38c4c31e22e34785bc1be4a5e906d38df20fe2f68614cdddfea360881

SHA512
c33a306f340e4ceca862a47108ff9ff4cdd56beea6fbf63a9ab8a950f259fc44db1dd669b1bf99d79b0fa5753bc71d8a57fb62f09db1c7f29e257f4f60f4e08d

Download Submit
\Windows\system\DNdJOQM.exe

Filesize
6.0MB

MD5
8eb5b13e49a7784148b43d29ae10054e

SHA1
1022d61765265212d791744332991513f917399b

SHA256
79ad388c6db3d55043cff46ac0741041a611d6409da944dcdebfb117f71fc86e

SHA512
3e2f2176ad39808ff4f944ceff370f5dee6f971647fbf5776ace0185d7501dec54913da30dc69395061eb2a4f2c167ad0877db20bb976a67a1562ac0b3891884

Download Submit
\Windows\system\JQqlhTR.exe

Filesize
6.0MB

MD5
f3ddc8a28ae9adc8a546fdb2f20834e9

SHA1
259930693266df21cc26a66548b2e3f05eef4c27

SHA256
db042ceb35d9581a513ff76e6a280b44f4d191f0943ab901d5116bf43ec7f630

SHA512
7cafe032ad54428aed9eafa0905dfb44add7e1beeac6249c4b2c138c30d7d324f2a0fa0a5f67ba3266753a726fbc113fd6bed7d6cc308507043db66783cdaf61

Download Submit
\Windows\system\MXShbWB.exe

Filesize
6.0MB

MD5
eb17401f9f09ff328f1f1b026e4310c1

SHA1
af44bcce0d71dab62e46cef745ebcbc1bef29675

SHA256
caf0035d30e5907a87194500568e430c8779e7f6047ff015c71af1278ec1e199

SHA512
19c3974c323755408ffbf190fdae3a6504cdc27c6af2a6c858624a2d699186637acdfcaddfe6e4da705c3ea0d4baf08582fd3c2567bae98f5b04d2dc6289bfda

Download Submit
\Windows\system\SMCcGtD.exe

Filesize
6.0MB

MD5
4a2a935257853feffab3eb09cf9a969d

SHA1
04dc82ac11b83eb59034b4d6c8aa35fb4edf9592

SHA256
28033d19e71edeb08460fed7277b3193b04436d0d170df459994a89cd0c00370

SHA512
4f4466b6d37b24a9a4d4ad064215281e9edacd5c865df8ba0ba3d355103b7653d0a0339c7091b6dadb1578d72fa5ed688a0c5591748a1405a86fe9ffea15c350

Download Submit
\Windows\system\qxbmsqp.exe

Filesize
6.0MB

MD5
e116b221ebd0efafc8dff67788ef257a

SHA1
872ed60c874196b9ac6d82326ca522def4944b91

SHA256
7043e96a02cdee1ec6ada0543d2cff6156a1c48bf2e865a45cb96736ac427279

SHA512
9aec254a566fc4d959d2347643885b340a6afe99fb72efb4d212bc54affcf50e51dc9a7a7c9492e0d26592c67aa9bd5d92180e88a7b967936beab5262fc47c42

Download Submit
memory/1228-744-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1228-93-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1228-4130-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1460-4129-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1460-70-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1720-4131-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/1720-71-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/1964-85-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1964-4133-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1964-523-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2096-80-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2096-324-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2096-4126-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2368-74-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-4138-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-4135-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2436-975-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2436-100-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2460-4128-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2460-46-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2572-30-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2572-4134-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2604-53-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-4127-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-23-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-4125-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-15-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3838-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-55-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-9-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2748-45-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2748-4124-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2996-4132-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-37-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-38-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-56-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/3052-52-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/3052-68-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/3052-69-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-79-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/3052-6-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/3052-92-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-98-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/3052-108-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/3052-13-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/3052-21-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-0-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-25-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/3052-36-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-99-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/3052-40-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/3052-323-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/3052-743-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-974-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download