cobaltstrike | 8121ab80d05fd105d8cc23c0d3fab85b3484e83775aa2d344636cb1c7f6eb6e7

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
17/12/2024, 12:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e434003af2a4985961b26363c819601b
SHA1

637e71ee27bbc959d393dd1d5e6fd9932144846d
SHA256

8121ab80d05fd105d8cc23c0d3fab85b3484e83775aa2d344636cb1c7f6eb6e7
SHA512

cadd969411a074b707cac3f06514e1acacef7dc87bd7e2c339627b4c4bb73862a80dbec8a8dbaf5129ce543f34f26a793c0d59e38f032b3a24850f7c72535e08
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUM:T+q56utgpPF8u/7M

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012280-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d41-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d59-16.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d79-23.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d81-33.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d18-35.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001610d-72.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-101.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-145.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-141.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-137.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-133.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-129.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ecf-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df3-121.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-117.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-109.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d77-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6b-93.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d54-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d67-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4b-67.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001604c-66.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f25-56.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ec4-43.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2128-0-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x000b000000012280-3.dat	xmrig
behavioral1/files/0x0009000000015d41-8.dat	xmrig
behavioral1/files/0x0008000000015d59-16.dat	xmrig
behavioral1/memory/2560-15-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2568-21-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d79-23.dat	xmrig
behavioral1/memory/2128-19-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/memory/2092-14-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2840-28-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d81-33.dat	xmrig
behavioral1/files/0x0009000000015d18-35.dat	xmrig
behavioral1/files/0x000800000001610d-72.dat	xmrig
behavioral1/memory/2824-87-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2960-78-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d6f-101.dat	xmrig
behavioral1/files/0x0006000000016de8-111.dat	xmrig
behavioral1/memory/1664-1105-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2656-928-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2428-774-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2840-523-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2568-295-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x0005000000018739-169.dat	xmrig
behavioral1/files/0x0005000000018704-165.dat	xmrig
behavioral1/files/0x00050000000186f4-161.dat	xmrig
behavioral1/files/0x00050000000186f1-157.dat	xmrig
behavioral1/files/0x00050000000186ed-153.dat	xmrig
behavioral1/files/0x00050000000186e7-149.dat	xmrig
behavioral1/files/0x0005000000018686-145.dat	xmrig
behavioral1/files/0x000600000001755b-141.dat	xmrig
behavioral1/files/0x000600000001749c-137.dat	xmrig
behavioral1/files/0x0006000000017497-133.dat	xmrig
behavioral1/files/0x0006000000017049-129.dat	xmrig
behavioral1/files/0x0006000000016ecf-125.dat	xmrig
behavioral1/files/0x0006000000016df3-121.dat	xmrig
behavioral1/files/0x0006000000016dea-117.dat	xmrig
behavioral1/files/0x0006000000016d9f-109.dat	xmrig
behavioral1/files/0x0006000000016d77-105.dat	xmrig
behavioral1/memory/1664-98-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2128-97-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2128-95-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d6b-93.dat	xmrig
behavioral1/memory/2656-88-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d54-76.dat	xmrig
behavioral1/memory/3016-75-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2128-73-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2808-71-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2792-84-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2428-83-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2772-82-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d67-81.dat	xmrig
behavioral1/files/0x0006000000016d4b-67.dat	xmrig
behavioral1/files/0x000800000001604c-66.dat	xmrig
behavioral1/memory/2464-52-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f25-56.dat	xmrig
behavioral1/files/0x0007000000015ec4-43.dat	xmrig
behavioral1/memory/2092-3680-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2568-3698-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2560-3714-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2464-3726-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2840-3730-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2960-3790-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2772-3789-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2792-3787-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2092	XcfXzlH.exe
2560	nhhTVRR.exe
2568	MbEQmmO.exe
2840	TSiGnoi.exe
2464	KRPSiJP.exe
2792	sUSKRqo.exe
2808	CRnreCY.exe
3016	GvafYep.exe
2960	tJjJgoE.exe
2772	xpteTGR.exe
2824	nvfjxqI.exe
2656	zExdEQI.exe
2428	TzhYoff.exe
1664	TGJemQK.exe
2728	kGtsNMw.exe
2120	LNQLoNe.exe
1672	CyaPCJr.exe
904	BClpfPj.exe
1344	TrJEbeT.exe
1660	qKDaFZi.exe
1148	LUxePkk.exe
1704	RJzSjFn.exe
1960	jqDDqWv.exe
2948	pdBEOHm.exe
2956	cMXthzX.exe
2964	DbnwKBU.exe
2760	JXcEUke.exe
2256	rPCKjfc.exe
1876	boFjsQK.exe
2412	ZxbYLLw.exe
2200	vmGMiMQ.exe
3000	baOCsLz.exe
448	PbKXwFy.exe
2952	KacSWOI.exe
2644	wtwLwaS.exe
600	SAglkrh.exe
1016	DKIBCRs.exe
1276	iKAETmL.exe
1852	QjbRwuu.exe
976	qkdKNWd.exe
1788	mfwhhlw.exe
1296	qhrhisV.exe
1472	tZyisYA.exe
3028	PSizRaC.exe
708	ApNDvbF.exe
1240	zCRPDQD.exe
744	beNGEmB.exe
1400	PmDQOce.exe
2304	ZEruQQG.exe
2236	JiAPdSB.exe
1000	dolsbCW.exe
3004	ukIRMUO.exe
2636	WqPUySJ.exe
2532	uZGuQId.exe
1972	FtUFzZA.exe
2580	tWITAhh.exe
1976	lsaOyaY.exe
2528	SCDrVTk.exe
888	aEaLLPY.exe
2424	IDNBEpe.exe
1912	VAhCVfW.exe
1772	joLksfX.exe
2372	bqLTrNZ.exe
800	UMKXXzb.exe

Loads dropped DLL 64 IoCs

pid	Process
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2128-0-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x000b000000012280-3.dat	upx
behavioral1/files/0x0009000000015d41-8.dat	upx
behavioral1/files/0x0008000000015d59-16.dat	upx
behavioral1/memory/2560-15-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2568-21-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x0008000000015d79-23.dat	upx
behavioral1/memory/2092-14-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2840-28-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x0008000000015d81-33.dat	upx
behavioral1/files/0x0009000000015d18-35.dat	upx
behavioral1/files/0x000800000001610d-72.dat	upx
behavioral1/memory/2824-87-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2960-78-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x0006000000016d6f-101.dat	upx
behavioral1/files/0x0006000000016de8-111.dat	upx
behavioral1/memory/1664-1105-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2656-928-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2428-774-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2840-523-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2568-295-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x0005000000018739-169.dat	upx
behavioral1/files/0x0005000000018704-165.dat	upx
behavioral1/files/0x00050000000186f4-161.dat	upx
behavioral1/files/0x00050000000186f1-157.dat	upx
behavioral1/files/0x00050000000186ed-153.dat	upx
behavioral1/files/0x00050000000186e7-149.dat	upx
behavioral1/files/0x0005000000018686-145.dat	upx
behavioral1/files/0x000600000001755b-141.dat	upx
behavioral1/files/0x000600000001749c-137.dat	upx
behavioral1/files/0x0006000000017497-133.dat	upx
behavioral1/files/0x0006000000017049-129.dat	upx
behavioral1/files/0x0006000000016ecf-125.dat	upx
behavioral1/files/0x0006000000016df3-121.dat	upx
behavioral1/files/0x0006000000016dea-117.dat	upx
behavioral1/files/0x0006000000016d9f-109.dat	upx
behavioral1/files/0x0006000000016d77-105.dat	upx
behavioral1/memory/1664-98-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2128-95-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x0006000000016d6b-93.dat	upx
behavioral1/memory/2656-88-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x0006000000016d54-76.dat	upx
behavioral1/memory/3016-75-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2808-71-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2792-84-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2428-83-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2772-82-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x0006000000016d67-81.dat	upx
behavioral1/files/0x0006000000016d4b-67.dat	upx
behavioral1/files/0x000800000001604c-66.dat	upx
behavioral1/memory/2464-52-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x0007000000015f25-56.dat	upx
behavioral1/files/0x0007000000015ec4-43.dat	upx
behavioral1/memory/2092-3680-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2568-3698-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2560-3714-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2464-3726-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2840-3730-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2960-3790-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2772-3789-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2792-3787-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2808-3801-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2824-3816-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/3016-3829-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\IllJPxd.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMtIsuD.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MpqQUEe.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cZJzapc.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yjreYNT.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bYvJynP.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WhvqTww.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\avRYaFi.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BpgctXL.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EwoQeaX.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kVfmwTg.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTQpkEm.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OeMJsnM.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DfqwmJi.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aNQayhL.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PAjGnfI.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pXqnJgH.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\szWGvGr.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCwURxa.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bgqzqSL.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pHWWZBS.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FdZYwBf.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tViMgFE.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpCYsji.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HXcfowV.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LngjuXY.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BjMMMKb.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sIlSIwO.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YdqXPMx.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XgjYoqs.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqzlxwt.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sUSKRqo.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zxnJiDc.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TfOsdYH.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMEcwiI.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vOjffzn.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bLwabZb.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YAqSEVk.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EmFNJOS.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hveXzUA.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UmXWLwC.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tdWywls.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CNufcrL.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\imbGFql.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHyasCt.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KzwgKSk.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oElSUHn.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmKNAlf.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xVGVQIV.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QqeiTwd.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MSkwXXw.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZJHHpml.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zZeXVbw.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HiUlYRb.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JMlLhpg.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sWUrESq.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LitiwUx.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yImbTfe.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VAhCVfW.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xicrwmm.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btrpKtt.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zCiqJZo.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gkwqGwx.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mvmBcLp.exe	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2092	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2128 wrote to memory of 2092	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2128 wrote to memory of 2092	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2128 wrote to memory of 2560	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2128 wrote to memory of 2560	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2128 wrote to memory of 2560	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2128 wrote to memory of 2568	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2128 wrote to memory of 2568	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2128 wrote to memory of 2568	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2128 wrote to memory of 2840	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2128 wrote to memory of 2840	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2128 wrote to memory of 2840	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2128 wrote to memory of 2464	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2128 wrote to memory of 2464	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2128 wrote to memory of 2464	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2128 wrote to memory of 2808	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2128 wrote to memory of 2808	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2128 wrote to memory of 2808	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2128 wrote to memory of 2792	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2128 wrote to memory of 2792	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2128 wrote to memory of 2792	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2128 wrote to memory of 3016	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2128 wrote to memory of 3016	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2128 wrote to memory of 3016	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2128 wrote to memory of 2960	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2128 wrote to memory of 2960	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2128 wrote to memory of 2960	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2128 wrote to memory of 2824	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2128 wrote to memory of 2824	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2128 wrote to memory of 2824	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2128 wrote to memory of 2772	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2128 wrote to memory of 2772	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2128 wrote to memory of 2772	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2128 wrote to memory of 2656	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2128 wrote to memory of 2656	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2128 wrote to memory of 2656	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2128 wrote to memory of 2428	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2128 wrote to memory of 2428	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2128 wrote to memory of 2428	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2128 wrote to memory of 1664	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2128 wrote to memory of 1664	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2128 wrote to memory of 1664	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2128 wrote to memory of 2728	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2128 wrote to memory of 2728	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2128 wrote to memory of 2728	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2128 wrote to memory of 2120	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2128 wrote to memory of 2120	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2128 wrote to memory of 2120	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2128 wrote to memory of 1672	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2128 wrote to memory of 1672	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2128 wrote to memory of 1672	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2128 wrote to memory of 904	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2128 wrote to memory of 904	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2128 wrote to memory of 904	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2128 wrote to memory of 1344	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2128 wrote to memory of 1344	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2128 wrote to memory of 1344	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2128 wrote to memory of 1660	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2128 wrote to memory of 1660	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2128 wrote to memory of 1660	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2128 wrote to memory of 1148	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2128 wrote to memory of 1148	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2128 wrote to memory of 1148	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2128 wrote to memory of 1704	2128	2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-17_e434003af2a4985961b26363c819601b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Windows\System\XcfXzlH.exe
  C:\Windows\System\XcfXzlH.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\nhhTVRR.exe
  C:\Windows\System\nhhTVRR.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\MbEQmmO.exe
  C:\Windows\System\MbEQmmO.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\TSiGnoi.exe
  C:\Windows\System\TSiGnoi.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\KRPSiJP.exe
  C:\Windows\System\KRPSiJP.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\CRnreCY.exe
  C:\Windows\System\CRnreCY.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\sUSKRqo.exe
  C:\Windows\System\sUSKRqo.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\GvafYep.exe
  C:\Windows\System\GvafYep.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\tJjJgoE.exe
  C:\Windows\System\tJjJgoE.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\nvfjxqI.exe
  C:\Windows\System\nvfjxqI.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\xpteTGR.exe
  C:\Windows\System\xpteTGR.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\zExdEQI.exe
  C:\Windows\System\zExdEQI.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\TzhYoff.exe
  C:\Windows\System\TzhYoff.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\TGJemQK.exe
  C:\Windows\System\TGJemQK.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\kGtsNMw.exe
  C:\Windows\System\kGtsNMw.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\LNQLoNe.exe
  C:\Windows\System\LNQLoNe.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\CyaPCJr.exe
  C:\Windows\System\CyaPCJr.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\BClpfPj.exe
  C:\Windows\System\BClpfPj.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\TrJEbeT.exe
  C:\Windows\System\TrJEbeT.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\qKDaFZi.exe
  C:\Windows\System\qKDaFZi.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\LUxePkk.exe
  C:\Windows\System\LUxePkk.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\RJzSjFn.exe
  C:\Windows\System\RJzSjFn.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\jqDDqWv.exe
  C:\Windows\System\jqDDqWv.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\pdBEOHm.exe
  C:\Windows\System\pdBEOHm.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\cMXthzX.exe
  C:\Windows\System\cMXthzX.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\DbnwKBU.exe
  C:\Windows\System\DbnwKBU.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\JXcEUke.exe
  C:\Windows\System\JXcEUke.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\rPCKjfc.exe
  C:\Windows\System\rPCKjfc.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\boFjsQK.exe
  C:\Windows\System\boFjsQK.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\ZxbYLLw.exe
  C:\Windows\System\ZxbYLLw.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\vmGMiMQ.exe
  C:\Windows\System\vmGMiMQ.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\baOCsLz.exe
  C:\Windows\System\baOCsLz.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\PbKXwFy.exe
  C:\Windows\System\PbKXwFy.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\KacSWOI.exe
  C:\Windows\System\KacSWOI.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\wtwLwaS.exe
  C:\Windows\System\wtwLwaS.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\SAglkrh.exe
  C:\Windows\System\SAglkrh.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\DKIBCRs.exe
  C:\Windows\System\DKIBCRs.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\iKAETmL.exe
  C:\Windows\System\iKAETmL.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\QjbRwuu.exe
  C:\Windows\System\QjbRwuu.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\qkdKNWd.exe
  C:\Windows\System\qkdKNWd.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\mfwhhlw.exe
  C:\Windows\System\mfwhhlw.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\qhrhisV.exe
  C:\Windows\System\qhrhisV.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\tZyisYA.exe
  C:\Windows\System\tZyisYA.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\PSizRaC.exe
  C:\Windows\System\PSizRaC.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\ApNDvbF.exe
  C:\Windows\System\ApNDvbF.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\zCRPDQD.exe
  C:\Windows\System\zCRPDQD.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\beNGEmB.exe
  C:\Windows\System\beNGEmB.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\PmDQOce.exe
  C:\Windows\System\PmDQOce.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\ZEruQQG.exe
  C:\Windows\System\ZEruQQG.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\JiAPdSB.exe
  C:\Windows\System\JiAPdSB.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\dolsbCW.exe
  C:\Windows\System\dolsbCW.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\ukIRMUO.exe
  C:\Windows\System\ukIRMUO.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\WqPUySJ.exe
  C:\Windows\System\WqPUySJ.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\uZGuQId.exe
  C:\Windows\System\uZGuQId.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\FtUFzZA.exe
  C:\Windows\System\FtUFzZA.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\tWITAhh.exe
  C:\Windows\System\tWITAhh.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\lsaOyaY.exe
  C:\Windows\System\lsaOyaY.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\SCDrVTk.exe
  C:\Windows\System\SCDrVTk.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\aEaLLPY.exe
  C:\Windows\System\aEaLLPY.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\IDNBEpe.exe
  C:\Windows\System\IDNBEpe.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\VAhCVfW.exe
  C:\Windows\System\VAhCVfW.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\joLksfX.exe
  C:\Windows\System\joLksfX.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\bqLTrNZ.exe
  C:\Windows\System\bqLTrNZ.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\UMKXXzb.exe
  C:\Windows\System\UMKXXzb.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\LJupLLO.exe
  C:\Windows\System\LJupLLO.exe
  2⤵
  PID:1496
- C:\Windows\System\TColGMA.exe
  C:\Windows\System\TColGMA.exe
  2⤵
  PID:2176
- C:\Windows\System\OBcXYUL.exe
  C:\Windows\System\OBcXYUL.exe
  2⤵
  PID:2100
- C:\Windows\System\rqTKsVd.exe
  C:\Windows\System\rqTKsVd.exe
  2⤵
  PID:2332
- C:\Windows\System\FAlfLRr.exe
  C:\Windows\System\FAlfLRr.exe
  2⤵
  PID:2936
- C:\Windows\System\IzVIBUC.exe
  C:\Windows\System\IzVIBUC.exe
  2⤵
  PID:2164
- C:\Windows\System\UhbZbLg.exe
  C:\Windows\System\UhbZbLg.exe
  2⤵
  PID:3024
- C:\Windows\System\RygQexh.exe
  C:\Windows\System\RygQexh.exe
  2⤵
  PID:2940
- C:\Windows\System\ZmKUZdq.exe
  C:\Windows\System\ZmKUZdq.exe
  2⤵
  PID:2832
- C:\Windows\System\DLlzuUI.exe
  C:\Windows\System\DLlzuUI.exe
  2⤵
  PID:1256
- C:\Windows\System\ZGTHDqU.exe
  C:\Windows\System\ZGTHDqU.exe
  2⤵
  PID:2664
- C:\Windows\System\QoXSDYz.exe
  C:\Windows\System\QoXSDYz.exe
  2⤵
  PID:2736
- C:\Windows\System\fwWrWZQ.exe
  C:\Windows\System\fwWrWZQ.exe
  2⤵
  PID:400
- C:\Windows\System\UuevksN.exe
  C:\Windows\System\UuevksN.exe
  2⤵
  PID:764
- C:\Windows\System\iEfHcaN.exe
  C:\Windows\System\iEfHcaN.exe
  2⤵
  PID:2416
- C:\Windows\System\iODQXAy.exe
  C:\Windows\System\iODQXAy.exe
  2⤵
  PID:1720
- C:\Windows\System\UMnIZjB.exe
  C:\Windows\System\UMnIZjB.exe
  2⤵
  PID:1804
- C:\Windows\System\MazDUoJ.exe
  C:\Windows\System\MazDUoJ.exe
  2⤵
  PID:2976
- C:\Windows\System\GyhvTIB.exe
  C:\Windows\System\GyhvTIB.exe
  2⤵
  PID:2276
- C:\Windows\System\uxwLiLp.exe
  C:\Windows\System\uxwLiLp.exe
  2⤵
  PID:1740
- C:\Windows\System\wJssLRG.exe
  C:\Windows\System\wJssLRG.exe
  2⤵
  PID:2536
- C:\Windows\System\FmLGZjn.exe
  C:\Windows\System\FmLGZjn.exe
  2⤵
  PID:1084
- C:\Windows\System\SAHWHTX.exe
  C:\Windows\System\SAHWHTX.exe
  2⤵
  PID:1476
- C:\Windows\System\iklmwYt.exe
  C:\Windows\System\iklmwYt.exe
  2⤵
  PID:676
- C:\Windows\System\Dfhklxc.exe
  C:\Windows\System\Dfhklxc.exe
  2⤵
  PID:1144
- C:\Windows\System\SbnyVur.exe
  C:\Windows\System\SbnyVur.exe
  2⤵
  PID:352
- C:\Windows\System\FcWgJDZ.exe
  C:\Windows\System\FcWgJDZ.exe
  2⤵
  PID:1244
- C:\Windows\System\goeTtje.exe
  C:\Windows\System\goeTtje.exe
  2⤵
  PID:1896
- C:\Windows\System\egYjmsi.exe
  C:\Windows\System\egYjmsi.exe
  2⤵
  PID:988
- C:\Windows\System\aHyVpEe.exe
  C:\Windows\System\aHyVpEe.exe
  2⤵
  PID:2232
- C:\Windows\System\cClRNFP.exe
  C:\Windows\System\cClRNFP.exe
  2⤵
  PID:2432
- C:\Windows\System\zZeXVbw.exe
  C:\Windows\System\zZeXVbw.exe
  2⤵
  PID:1536
- C:\Windows\System\xvnNxUQ.exe
  C:\Windows\System\xvnNxUQ.exe
  2⤵
  PID:2624
- C:\Windows\System\akeEJTe.exe
  C:\Windows\System\akeEJTe.exe
  2⤵
  PID:1640
- C:\Windows\System\mgJrXuW.exe
  C:\Windows\System\mgJrXuW.exe
  2⤵
  PID:2308
- C:\Windows\System\xMPlVlm.exe
  C:\Windows\System\xMPlVlm.exe
  2⤵
  PID:1424
- C:\Windows\System\ErCauZe.exe
  C:\Windows\System\ErCauZe.exe
  2⤵
  PID:3068
- C:\Windows\System\fPgxSZv.exe
  C:\Windows\System\fPgxSZv.exe
  2⤵
  PID:1520
- C:\Windows\System\gpHODxz.exe
  C:\Windows\System\gpHODxz.exe
  2⤵
  PID:2080
- C:\Windows\System\UhCAsvp.exe
  C:\Windows\System\UhCAsvp.exe
  2⤵
  PID:2572
- C:\Windows\System\ahKGvRe.exe
  C:\Windows\System\ahKGvRe.exe
  2⤵
  PID:2764
- C:\Windows\System\rkEgKFh.exe
  C:\Windows\System\rkEgKFh.exe
  2⤵
  PID:1840
- C:\Windows\System\aVlKjwc.exe
  C:\Windows\System\aVlKjwc.exe
  2⤵
  PID:2828
- C:\Windows\System\lQUKBwI.exe
  C:\Windows\System\lQUKBwI.exe
  2⤵
  PID:1868
- C:\Windows\System\Eycjnbp.exe
  C:\Windows\System\Eycjnbp.exe
  2⤵
  PID:1284
- C:\Windows\System\xkRuHQS.exe
  C:\Windows\System\xkRuHQS.exe
  2⤵
  PID:2944
- C:\Windows\System\EpIYgdk.exe
  C:\Windows\System\EpIYgdk.exe
  2⤵
  PID:2996
- C:\Windows\System\flegguH.exe
  C:\Windows\System\flegguH.exe
  2⤵
  PID:3044
- C:\Windows\System\WBuPDGT.exe
  C:\Windows\System\WBuPDGT.exe
  2⤵
  PID:2272
- C:\Windows\System\nvMnztG.exe
  C:\Windows\System\nvMnztG.exe
  2⤵
  PID:1420
- C:\Windows\System\kdPUbJY.exe
  C:\Windows\System\kdPUbJY.exe
  2⤵
  PID:3172
- C:\Windows\System\dHOKxez.exe
  C:\Windows\System\dHOKxez.exe
  2⤵
  PID:3220
- C:\Windows\System\tCPqovR.exe
  C:\Windows\System\tCPqovR.exe
  2⤵
  PID:3420
- C:\Windows\System\JKfimiY.exe
  C:\Windows\System\JKfimiY.exe
  2⤵
  PID:3436
- C:\Windows\System\xBzOiBI.exe
  C:\Windows\System\xBzOiBI.exe
  2⤵
  PID:3460
- C:\Windows\System\KNrSnoT.exe
  C:\Windows\System\KNrSnoT.exe
  2⤵
  PID:3480
- C:\Windows\System\ZJHHpml.exe
  C:\Windows\System\ZJHHpml.exe
  2⤵
  PID:3500
- C:\Windows\System\sVzQKoo.exe
  C:\Windows\System\sVzQKoo.exe
  2⤵
  PID:3520
- C:\Windows\System\DYUmjNs.exe
  C:\Windows\System\DYUmjNs.exe
  2⤵
  PID:3540
- C:\Windows\System\lqtklUY.exe
  C:\Windows\System\lqtklUY.exe
  2⤵
  PID:3560
- C:\Windows\System\bAyrsAG.exe
  C:\Windows\System\bAyrsAG.exe
  2⤵
  PID:3580
- C:\Windows\System\lASoAmZ.exe
  C:\Windows\System\lASoAmZ.exe
  2⤵
  PID:3596
- C:\Windows\System\uNMxpHO.exe
  C:\Windows\System\uNMxpHO.exe
  2⤵
  PID:3612
- C:\Windows\System\uOTULLK.exe
  C:\Windows\System\uOTULLK.exe
  2⤵
  PID:3636
- C:\Windows\System\JRlfUrf.exe
  C:\Windows\System\JRlfUrf.exe
  2⤵
  PID:3656
- C:\Windows\System\mwgoFLa.exe
  C:\Windows\System\mwgoFLa.exe
  2⤵
  PID:3672
- C:\Windows\System\AFEYQtX.exe
  C:\Windows\System\AFEYQtX.exe
  2⤵
  PID:3700
- C:\Windows\System\kVfmwTg.exe
  C:\Windows\System\kVfmwTg.exe
  2⤵
  PID:3716
- C:\Windows\System\EYUbuVy.exe
  C:\Windows\System\EYUbuVy.exe
  2⤵
  PID:3740
- C:\Windows\System\IHapssJ.exe
  C:\Windows\System\IHapssJ.exe
  2⤵
  PID:3760
- C:\Windows\System\BUmUIQy.exe
  C:\Windows\System\BUmUIQy.exe
  2⤵
  PID:3780
- C:\Windows\System\rPzXDso.exe
  C:\Windows\System\rPzXDso.exe
  2⤵
  PID:3804
- C:\Windows\System\iysUNcA.exe
  C:\Windows\System\iysUNcA.exe
  2⤵
  PID:3824
- C:\Windows\System\mgqhelC.exe
  C:\Windows\System\mgqhelC.exe
  2⤵
  PID:3844
- C:\Windows\System\YVqKRth.exe
  C:\Windows\System\YVqKRth.exe
  2⤵
  PID:3864
- C:\Windows\System\LDYrVty.exe
  C:\Windows\System\LDYrVty.exe
  2⤵
  PID:3884
- C:\Windows\System\OmXcOlw.exe
  C:\Windows\System\OmXcOlw.exe
  2⤵
  PID:3900
- C:\Windows\System\TKdgWKV.exe
  C:\Windows\System\TKdgWKV.exe
  2⤵
  PID:3916
- C:\Windows\System\ZuQJvJa.exe
  C:\Windows\System\ZuQJvJa.exe
  2⤵
  PID:3936
- C:\Windows\System\coYDMXc.exe
  C:\Windows\System\coYDMXc.exe
  2⤵
  PID:3964
- C:\Windows\System\IlTKlej.exe
  C:\Windows\System\IlTKlej.exe
  2⤵
  PID:3988
- C:\Windows\System\SLxweVW.exe
  C:\Windows\System\SLxweVW.exe
  2⤵
  PID:4004
- C:\Windows\System\VPhPslq.exe
  C:\Windows\System\VPhPslq.exe
  2⤵
  PID:4020
- C:\Windows\System\YfzpkKF.exe
  C:\Windows\System\YfzpkKF.exe
  2⤵
  PID:4044
- C:\Windows\System\lzsZoKf.exe
  C:\Windows\System\lzsZoKf.exe
  2⤵
  PID:4064
- C:\Windows\System\grqejCY.exe
  C:\Windows\System\grqejCY.exe
  2⤵
  PID:4088
- C:\Windows\System\HiUlYRb.exe
  C:\Windows\System\HiUlYRb.exe
  2⤵
  PID:996
- C:\Windows\System\DJCzoUr.exe
  C:\Windows\System\DJCzoUr.exe
  2⤵
  PID:2140
- C:\Windows\System\YdJEecN.exe
  C:\Windows\System\YdJEecN.exe
  2⤵
  PID:332
- C:\Windows\System\SFYCJKR.exe
  C:\Windows\System\SFYCJKR.exe
  2⤵
  PID:2448
- C:\Windows\System\YXBBjRK.exe
  C:\Windows\System\YXBBjRK.exe
  2⤵
  PID:3184
- C:\Windows\System\SRKwLQs.exe
  C:\Windows\System\SRKwLQs.exe
  2⤵
  PID:3212
- C:\Windows\System\tFbalaF.exe
  C:\Windows\System\tFbalaF.exe
  2⤵
  PID:2476
- C:\Windows\System\AcgnrSd.exe
  C:\Windows\System\AcgnrSd.exe
  2⤵
  PID:1460
- C:\Windows\System\aBozfHW.exe
  C:\Windows\System\aBozfHW.exe
  2⤵
  PID:2380
- C:\Windows\System\HJwXMLQ.exe
  C:\Windows\System\HJwXMLQ.exe
  2⤵
  PID:2076
- C:\Windows\System\OjLPZwX.exe
  C:\Windows\System\OjLPZwX.exe
  2⤵
  PID:2692
- C:\Windows\System\VqYNgbE.exe
  C:\Windows\System\VqYNgbE.exe
  2⤵
  PID:1192
- C:\Windows\System\swbNMMp.exe
  C:\Windows\System\swbNMMp.exe
  2⤵
  PID:3092
- C:\Windows\System\lDAZVnA.exe
  C:\Windows\System\lDAZVnA.exe
  2⤵
  PID:3112
- C:\Windows\System\gallUdP.exe
  C:\Windows\System\gallUdP.exe
  2⤵
  PID:3132
- C:\Windows\System\qPqCgpp.exe
  C:\Windows\System\qPqCgpp.exe
  2⤵
  PID:3144
- C:\Windows\System\nyFfpht.exe
  C:\Windows\System\nyFfpht.exe
  2⤵
  PID:3160
- C:\Windows\System\aufAOHj.exe
  C:\Windows\System\aufAOHj.exe
  2⤵
  PID:3232
- C:\Windows\System\JjLEGvI.exe
  C:\Windows\System\JjLEGvI.exe
  2⤵
  PID:3248
- C:\Windows\System\YnDJVeZ.exe
  C:\Windows\System\YnDJVeZ.exe
  2⤵
  PID:3276
- C:\Windows\System\nGoAQeP.exe
  C:\Windows\System\nGoAQeP.exe
  2⤵
  PID:3300
- C:\Windows\System\FoExBDz.exe
  C:\Windows\System\FoExBDz.exe
  2⤵
  PID:3320
- C:\Windows\System\nEXlnxQ.exe
  C:\Windows\System\nEXlnxQ.exe
  2⤵
  PID:3340
- C:\Windows\System\UFotTIO.exe
  C:\Windows\System\UFotTIO.exe
  2⤵
  PID:3360
- C:\Windows\System\mKqvvJD.exe
  C:\Windows\System\mKqvvJD.exe
  2⤵
  PID:3376
- C:\Windows\System\DqrSXUD.exe
  C:\Windows\System\DqrSXUD.exe
  2⤵
  PID:3392
- C:\Windows\System\pOncWJn.exe
  C:\Windows\System\pOncWJn.exe
  2⤵
  PID:3428
- C:\Windows\System\xcIlWnO.exe
  C:\Windows\System\xcIlWnO.exe
  2⤵
  PID:3412
- C:\Windows\System\OOJNxnH.exe
  C:\Windows\System\OOJNxnH.exe
  2⤵
  PID:3456
- C:\Windows\System\ucfbiyR.exe
  C:\Windows\System\ucfbiyR.exe
  2⤵
  PID:3488
- C:\Windows\System\frsBMfb.exe
  C:\Windows\System\frsBMfb.exe
  2⤵
  PID:3548
- C:\Windows\System\yjreYNT.exe
  C:\Windows\System\yjreYNT.exe
  2⤵
  PID:3532
- C:\Windows\System\PEYcwFZ.exe
  C:\Windows\System\PEYcwFZ.exe
  2⤵
  PID:3620
- C:\Windows\System\femsIVw.exe
  C:\Windows\System\femsIVw.exe
  2⤵
  PID:3664
- C:\Windows\System\zoLpfIi.exe
  C:\Windows\System\zoLpfIi.exe
  2⤵
  PID:3680
- C:\Windows\System\xhFspzr.exe
  C:\Windows\System\xhFspzr.exe
  2⤵
  PID:3788
- C:\Windows\System\EVzKUmG.exe
  C:\Windows\System\EVzKUmG.exe
  2⤵
  PID:3736
- C:\Windows\System\tEgYZXm.exe
  C:\Windows\System\tEgYZXm.exe
  2⤵
  PID:3800
- C:\Windows\System\SOAbMgH.exe
  C:\Windows\System\SOAbMgH.exe
  2⤵
  PID:3816
- C:\Windows\System\QWDPHzt.exe
  C:\Windows\System\QWDPHzt.exe
  2⤵
  PID:3880
- C:\Windows\System\DYAabyA.exe
  C:\Windows\System\DYAabyA.exe
  2⤵
  PID:3856
- C:\Windows\System\EpVWNKL.exe
  C:\Windows\System\EpVWNKL.exe
  2⤵
  PID:3932
- C:\Windows\System\sxZZsnc.exe
  C:\Windows\System\sxZZsnc.exe
  2⤵
  PID:3924
- C:\Windows\System\NbFmmEv.exe
  C:\Windows\System\NbFmmEv.exe
  2⤵
  PID:3980
- C:\Windows\System\RhoPSZd.exe
  C:\Windows\System\RhoPSZd.exe
  2⤵
  PID:4000
- C:\Windows\System\PYFfUGw.exe
  C:\Windows\System\PYFfUGw.exe
  2⤵
  PID:4084
- C:\Windows\System\iZPNDwU.exe
  C:\Windows\System\iZPNDwU.exe
  2⤵
  PID:1452
- C:\Windows\System\lWWmqtB.exe
  C:\Windows\System\lWWmqtB.exe
  2⤵
  PID:1808
- C:\Windows\System\kzEYIfk.exe
  C:\Windows\System\kzEYIfk.exe
  2⤵
  PID:2264
- C:\Windows\System\ZhesVlZ.exe
  C:\Windows\System\ZhesVlZ.exe
  2⤵
  PID:3192
- C:\Windows\System\ZNwPFkj.exe
  C:\Windows\System\ZNwPFkj.exe
  2⤵
  PID:2360
- C:\Windows\System\FuBpnBO.exe
  C:\Windows\System\FuBpnBO.exe
  2⤵
  PID:1920
- C:\Windows\System\zIOfgLx.exe
  C:\Windows\System\zIOfgLx.exe
  2⤵
  PID:2252
- C:\Windows\System\bFocvrt.exe
  C:\Windows\System\bFocvrt.exe
  2⤵
  PID:2012
- C:\Windows\System\eNNPrlK.exe
  C:\Windows\System\eNNPrlK.exe
  2⤵
  PID:3136
- C:\Windows\System\DYTiDJF.exe
  C:\Windows\System\DYTiDJF.exe
  2⤵
  PID:2516
- C:\Windows\System\HfrImRn.exe
  C:\Windows\System\HfrImRn.exe
  2⤵
  PID:3344
- C:\Windows\System\ZTooGoR.exe
  C:\Windows\System\ZTooGoR.exe
  2⤵
  PID:3088
- C:\Windows\System\RdtDoVT.exe
  C:\Windows\System\RdtDoVT.exe
  2⤵
  PID:3468
- C:\Windows\System\ounMqsd.exe
  C:\Windows\System\ounMqsd.exe
  2⤵
  PID:3536
- C:\Windows\System\vlVqDEl.exe
  C:\Windows\System\vlVqDEl.exe
  2⤵
  PID:3292
- C:\Windows\System\bgBmZWB.exe
  C:\Windows\System\bgBmZWB.exe
  2⤵
  PID:3572
- C:\Windows\System\VOBXLKG.exe
  C:\Windows\System\VOBXLKG.exe
  2⤵
  PID:3244
- C:\Windows\System\TcrKEhq.exe
  C:\Windows\System\TcrKEhq.exe
  2⤵
  PID:3332
- C:\Windows\System\OixBMMg.exe
  C:\Windows\System\OixBMMg.exe
  2⤵
  PID:3712
- C:\Windows\System\EqYmlzn.exe
  C:\Windows\System\EqYmlzn.exe
  2⤵
  PID:3860
- C:\Windows\System\aiUHWwX.exe
  C:\Windows\System\aiUHWwX.exe
  2⤵
  PID:3444
- C:\Windows\System\pjOhyNl.exe
  C:\Windows\System\pjOhyNl.exe
  2⤵
  PID:4040
- C:\Windows\System\HLsJbty.exe
  C:\Windows\System\HLsJbty.exe
  2⤵
  PID:1816
- C:\Windows\System\uNUClGG.exe
  C:\Windows\System\uNUClGG.exe
  2⤵
  PID:3644
- C:\Windows\System\LvPWOYq.exe
  C:\Windows\System\LvPWOYq.exe
  2⤵
  PID:3588
- C:\Windows\System\wwtoIBJ.exe
  C:\Windows\System\wwtoIBJ.exe
  2⤵
  PID:3408
- C:\Windows\System\NLxcoXu.exe
  C:\Windows\System\NLxcoXu.exe
  2⤵
  PID:972
- C:\Windows\System\WmKNAlf.exe
  C:\Windows\System\WmKNAlf.exe
  2⤵
  PID:3732
- C:\Windows\System\XiFxxpG.exe
  C:\Windows\System\XiFxxpG.exe
  2⤵
  PID:1612
- C:\Windows\System\TmTHWyw.exe
  C:\Windows\System\TmTHWyw.exe
  2⤵
  PID:1900
- C:\Windows\System\FxKdmuz.exe
  C:\Windows\System\FxKdmuz.exe
  2⤵
  PID:3912
- C:\Windows\System\zdvKtHS.exe
  C:\Windows\System\zdvKtHS.exe
  2⤵
  PID:4012
- C:\Windows\System\hVhqTXS.exe
  C:\Windows\System\hVhqTXS.exe
  2⤵
  PID:3108
- C:\Windows\System\eZOzSuS.exe
  C:\Windows\System\eZOzSuS.exe
  2⤵
  PID:3260
- C:\Windows\System\fHWBsTD.exe
  C:\Windows\System\fHWBsTD.exe
  2⤵
  PID:3316
- C:\Windows\System\IRNOdCP.exe
  C:\Windows\System\IRNOdCP.exe
  2⤵
  PID:3552
- C:\Windows\System\UoPtMhD.exe
  C:\Windows\System\UoPtMhD.exe
  2⤵
  PID:3288
- C:\Windows\System\dgJARGT.exe
  C:\Windows\System\dgJARGT.exe
  2⤵
  PID:3748
- C:\Windows\System\cAIsSso.exe
  C:\Windows\System\cAIsSso.exe
  2⤵
  PID:3776
- C:\Windows\System\KojghYL.exe
  C:\Windows\System\KojghYL.exe
  2⤵
  PID:3512
- C:\Windows\System\ukEpeza.exe
  C:\Windows\System\ukEpeza.exe
  2⤵
  PID:3448
- C:\Windows\System\pdNliyn.exe
  C:\Windows\System\pdNliyn.exe
  2⤵
  PID:3576
- C:\Windows\System\aHjZZiX.exe
  C:\Windows\System\aHjZZiX.exe
  2⤵
  PID:3208
- C:\Windows\System\CLULUil.exe
  C:\Windows\System\CLULUil.exe
  2⤵
  PID:3928
- C:\Windows\System\NdCxpCd.exe
  C:\Windows\System\NdCxpCd.exe
  2⤵
  PID:3328
- C:\Windows\System\WTGBnAk.exe
  C:\Windows\System\WTGBnAk.exe
  2⤵
  PID:3356
- C:\Windows\System\QhgJVYW.exe
  C:\Windows\System\QhgJVYW.exe
  2⤵
  PID:2752
- C:\Windows\System\MBWJzbQ.exe
  C:\Windows\System\MBWJzbQ.exe
  2⤵
  PID:3384
- C:\Windows\System\eFJnmuQ.exe
  C:\Windows\System\eFJnmuQ.exe
  2⤵
  PID:2600
- C:\Windows\System\cCRSRGL.exe
  C:\Windows\System\cCRSRGL.exe
  2⤵
  PID:3124
- C:\Windows\System\TGPpDXK.exe
  C:\Windows\System\TGPpDXK.exe
  2⤵
  PID:3820
- C:\Windows\System\fYKUaWv.exe
  C:\Windows\System\fYKUaWv.exe
  2⤵
  PID:3960
- C:\Windows\System\WjpuRSd.exe
  C:\Windows\System\WjpuRSd.exe
  2⤵
  PID:4112
- C:\Windows\System\imbGFql.exe
  C:\Windows\System\imbGFql.exe
  2⤵
  PID:4132
- C:\Windows\System\hAWtyvT.exe
  C:\Windows\System\hAWtyvT.exe
  2⤵
  PID:4148
- C:\Windows\System\RSKrEkx.exe
  C:\Windows\System\RSKrEkx.exe
  2⤵
  PID:4164
- C:\Windows\System\UNWIVLo.exe
  C:\Windows\System\UNWIVLo.exe
  2⤵
  PID:4188
- C:\Windows\System\EAHOadB.exe
  C:\Windows\System\EAHOadB.exe
  2⤵
  PID:4204
- C:\Windows\System\ttagEya.exe
  C:\Windows\System\ttagEya.exe
  2⤵
  PID:4228
- C:\Windows\System\hsjHMwf.exe
  C:\Windows\System\hsjHMwf.exe
  2⤵
  PID:4248
- C:\Windows\System\ZLtfXFt.exe
  C:\Windows\System\ZLtfXFt.exe
  2⤵
  PID:4268
- C:\Windows\System\cXaRYhO.exe
  C:\Windows\System\cXaRYhO.exe
  2⤵
  PID:4292
- C:\Windows\System\OrlIlMv.exe
  C:\Windows\System\OrlIlMv.exe
  2⤵
  PID:4312
- C:\Windows\System\oFGDcGV.exe
  C:\Windows\System\oFGDcGV.exe
  2⤵
  PID:4332
- C:\Windows\System\QXzxdSt.exe
  C:\Windows\System\QXzxdSt.exe
  2⤵
  PID:4352
- C:\Windows\System\cNgLwaJ.exe
  C:\Windows\System\cNgLwaJ.exe
  2⤵
  PID:4372
- C:\Windows\System\VZwDkri.exe
  C:\Windows\System\VZwDkri.exe
  2⤵
  PID:4392
- C:\Windows\System\GVjjFNR.exe
  C:\Windows\System\GVjjFNR.exe
  2⤵
  PID:4412
- C:\Windows\System\GsnDNJq.exe
  C:\Windows\System\GsnDNJq.exe
  2⤵
  PID:4428
- C:\Windows\System\UiccOpC.exe
  C:\Windows\System\UiccOpC.exe
  2⤵
  PID:4452
- C:\Windows\System\qZHaBBk.exe
  C:\Windows\System\qZHaBBk.exe
  2⤵
  PID:4472
- C:\Windows\System\FGeNMGB.exe
  C:\Windows\System\FGeNMGB.exe
  2⤵
  PID:4492
- C:\Windows\System\gtnYqVH.exe
  C:\Windows\System\gtnYqVH.exe
  2⤵
  PID:4512
- C:\Windows\System\xCIzYyW.exe
  C:\Windows\System\xCIzYyW.exe
  2⤵
  PID:4532
- C:\Windows\System\ZMxfkCu.exe
  C:\Windows\System\ZMxfkCu.exe
  2⤵
  PID:4548
- C:\Windows\System\WnOztZc.exe
  C:\Windows\System\WnOztZc.exe
  2⤵
  PID:4568
- C:\Windows\System\IwGUaCG.exe
  C:\Windows\System\IwGUaCG.exe
  2⤵
  PID:4588
- C:\Windows\System\ptXxwrn.exe
  C:\Windows\System\ptXxwrn.exe
  2⤵
  PID:4612
- C:\Windows\System\VMaOXbT.exe
  C:\Windows\System\VMaOXbT.exe
  2⤵
  PID:4628
- C:\Windows\System\IQWENYK.exe
  C:\Windows\System\IQWENYK.exe
  2⤵
  PID:4644
- C:\Windows\System\ROKIwsg.exe
  C:\Windows\System\ROKIwsg.exe
  2⤵
  PID:4668
- C:\Windows\System\FDHXlyg.exe
  C:\Windows\System\FDHXlyg.exe
  2⤵
  PID:4692
- C:\Windows\System\SWgowdm.exe
  C:\Windows\System\SWgowdm.exe
  2⤵
  PID:4716
- C:\Windows\System\kUSvteJ.exe
  C:\Windows\System\kUSvteJ.exe
  2⤵
  PID:4736
- C:\Windows\System\Svizuym.exe
  C:\Windows\System\Svizuym.exe
  2⤵
  PID:4760
- C:\Windows\System\njMqhPs.exe
  C:\Windows\System\njMqhPs.exe
  2⤵
  PID:4780
- C:\Windows\System\VszaJqc.exe
  C:\Windows\System\VszaJqc.exe
  2⤵
  PID:4800
- C:\Windows\System\fcdXWWJ.exe
  C:\Windows\System\fcdXWWJ.exe
  2⤵
  PID:4820
- C:\Windows\System\ZukxRVp.exe
  C:\Windows\System\ZukxRVp.exe
  2⤵
  PID:4840
- C:\Windows\System\JrBexeB.exe
  C:\Windows\System\JrBexeB.exe
  2⤵
  PID:4860
- C:\Windows\System\mYsumgD.exe
  C:\Windows\System\mYsumgD.exe
  2⤵
  PID:4876
- C:\Windows\System\FUcVKmg.exe
  C:\Windows\System\FUcVKmg.exe
  2⤵
  PID:4900
- C:\Windows\System\PIeccDO.exe
  C:\Windows\System\PIeccDO.exe
  2⤵
  PID:4920
- C:\Windows\System\KiCcdZy.exe
  C:\Windows\System\KiCcdZy.exe
  2⤵
  PID:4940
- C:\Windows\System\pPiPqKE.exe
  C:\Windows\System\pPiPqKE.exe
  2⤵
  PID:4956
- C:\Windows\System\OOKeBQt.exe
  C:\Windows\System\OOKeBQt.exe
  2⤵
  PID:4976
- C:\Windows\System\hWyhsBw.exe
  C:\Windows\System\hWyhsBw.exe
  2⤵
  PID:5000
- C:\Windows\System\cEGYIBp.exe
  C:\Windows\System\cEGYIBp.exe
  2⤵
  PID:5016
- C:\Windows\System\ICKOOVm.exe
  C:\Windows\System\ICKOOVm.exe
  2⤵
  PID:5040
- C:\Windows\System\pRnPFgr.exe
  C:\Windows\System\pRnPFgr.exe
  2⤵
  PID:5060
- C:\Windows\System\OIlHBJb.exe
  C:\Windows\System\OIlHBJb.exe
  2⤵
  PID:5080
- C:\Windows\System\uWJxWpf.exe
  C:\Windows\System\uWJxWpf.exe
  2⤵
  PID:5100
- C:\Windows\System\ljZPahM.exe
  C:\Windows\System\ljZPahM.exe
  2⤵
  PID:3256
- C:\Windows\System\BjMMMKb.exe
  C:\Windows\System\BjMMMKb.exe
  2⤵
  PID:3312
- C:\Windows\System\NUILxjy.exe
  C:\Windows\System\NUILxjy.exe
  2⤵
  PID:3592
- C:\Windows\System\YAJEpNQ.exe
  C:\Windows\System\YAJEpNQ.exe
  2⤵
  PID:1908
- C:\Windows\System\oiyMvrM.exe
  C:\Windows\System\oiyMvrM.exe
  2⤵
  PID:3652
- C:\Windows\System\lqOtuKa.exe
  C:\Windows\System\lqOtuKa.exe
  2⤵
  PID:3388
- C:\Windows\System\vItXDTX.exe
  C:\Windows\System\vItXDTX.exe
  2⤵
  PID:3996
- C:\Windows\System\ALfHJca.exe
  C:\Windows\System\ALfHJca.exe
  2⤵
  PID:3948
- C:\Windows\System\uMAGmFj.exe
  C:\Windows\System\uMAGmFj.exe
  2⤵
  PID:3812
- C:\Windows\System\kFMnEpH.exe
  C:\Windows\System\kFMnEpH.exe
  2⤵
  PID:4160
- C:\Windows\System\QcSaxtg.exe
  C:\Windows\System\QcSaxtg.exe
  2⤵
  PID:4172
- C:\Windows\System\VFefJXE.exe
  C:\Windows\System\VFefJXE.exe
  2⤵
  PID:4244
- C:\Windows\System\wjmCdKQ.exe
  C:\Windows\System\wjmCdKQ.exe
  2⤵
  PID:4216
- C:\Windows\System\DTPOGGp.exe
  C:\Windows\System\DTPOGGp.exe
  2⤵
  PID:4264
- C:\Windows\System\nVioXOo.exe
  C:\Windows\System\nVioXOo.exe
  2⤵
  PID:4368
- C:\Windows\System\uxNGPUN.exe
  C:\Windows\System\uxNGPUN.exe
  2⤵
  PID:4436
- C:\Windows\System\tvKOHeL.exe
  C:\Windows\System\tvKOHeL.exe
  2⤵
  PID:4256
- C:\Windows\System\IeWOPSU.exe
  C:\Windows\System\IeWOPSU.exe
  2⤵
  PID:4348
- C:\Windows\System\xxtQVqn.exe
  C:\Windows\System\xxtQVqn.exe
  2⤵
  PID:4384
- C:\Windows\System\ONOatAR.exe
  C:\Windows\System\ONOatAR.exe
  2⤵
  PID:4520
- C:\Windows\System\BeraVDx.exe
  C:\Windows\System\BeraVDx.exe
  2⤵
  PID:4560
- C:\Windows\System\mJOmpRu.exe
  C:\Windows\System\mJOmpRu.exe
  2⤵
  PID:4636
- C:\Windows\System\LEDmTnk.exe
  C:\Windows\System\LEDmTnk.exe
  2⤵
  PID:4500
- C:\Windows\System\yMQbURk.exe
  C:\Windows\System\yMQbURk.exe
  2⤵
  PID:4580
- C:\Windows\System\fiTDJSW.exe
  C:\Windows\System\fiTDJSW.exe
  2⤵
  PID:4684
- C:\Windows\System\SqCkTUW.exe
  C:\Windows\System\SqCkTUW.exe
  2⤵
  PID:4624
- C:\Windows\System\KywQtDU.exe
  C:\Windows\System\KywQtDU.exe
  2⤵
  PID:4732
- C:\Windows\System\JGJsaZK.exe
  C:\Windows\System\JGJsaZK.exe
  2⤵
  PID:4712
- C:\Windows\System\gqvjMwh.exe
  C:\Windows\System\gqvjMwh.exe
  2⤵
  PID:4772
- C:\Windows\System\bJHZmpM.exe
  C:\Windows\System\bJHZmpM.exe
  2⤵
  PID:4812
- C:\Windows\System\UixKZrK.exe
  C:\Windows\System\UixKZrK.exe
  2⤵
  PID:4848
- C:\Windows\System\uOYYurE.exe
  C:\Windows\System\uOYYurE.exe
  2⤵
  PID:4884
- C:\Windows\System\sjYjAhx.exe
  C:\Windows\System\sjYjAhx.exe
  2⤵
  PID:4908
- C:\Windows\System\VqGjhfq.exe
  C:\Windows\System\VqGjhfq.exe
  2⤵
  PID:4932
- C:\Windows\System\LWHXTzP.exe
  C:\Windows\System\LWHXTzP.exe
  2⤵
  PID:4952
- C:\Windows\System\JObBZPk.exe
  C:\Windows\System\JObBZPk.exe
  2⤵
  PID:4988
- C:\Windows\System\CniNCRZ.exe
  C:\Windows\System\CniNCRZ.exe
  2⤵
  PID:5028
- C:\Windows\System\PMsUWRP.exe
  C:\Windows\System\PMsUWRP.exe
  2⤵
  PID:5088
- C:\Windows\System\diGtgcj.exe
  C:\Windows\System\diGtgcj.exe
  2⤵
  PID:3368
- C:\Windows\System\SGjkDgs.exe
  C:\Windows\System\SGjkDgs.exe
  2⤵
  PID:5116
- C:\Windows\System\OkIJxpn.exe
  C:\Windows\System\OkIJxpn.exe
  2⤵
  PID:2576
- C:\Windows\System\PkBuiHk.exe
  C:\Windows\System\PkBuiHk.exe
  2⤵
  PID:4052
- C:\Windows\System\xAEzuqt.exe
  C:\Windows\System\xAEzuqt.exe
  2⤵
  PID:4128
- C:\Windows\System\IVhTxNr.exe
  C:\Windows\System\IVhTxNr.exe
  2⤵
  PID:4156
- C:\Windows\System\IhtIkas.exe
  C:\Windows\System\IhtIkas.exe
  2⤵
  PID:4184
- C:\Windows\System\EgFVBLC.exe
  C:\Windows\System\EgFVBLC.exe
  2⤵
  PID:4288
- C:\Windows\System\cqueFYV.exe
  C:\Windows\System\cqueFYV.exe
  2⤵
  PID:4212
- C:\Windows\System\uYHZSwe.exe
  C:\Windows\System\uYHZSwe.exe
  2⤵
  PID:4324
- C:\Windows\System\ACbiwll.exe
  C:\Windows\System\ACbiwll.exe
  2⤵
  PID:4304
- C:\Windows\System\GSARzaN.exe
  C:\Windows\System\GSARzaN.exe
  2⤵
  PID:4424
- C:\Windows\System\qfhSFZY.exe
  C:\Windows\System\qfhSFZY.exe
  2⤵
  PID:4608
- C:\Windows\System\ciyLmfO.exe
  C:\Windows\System\ciyLmfO.exe
  2⤵
  PID:4556
- C:\Windows\System\domATJg.exe
  C:\Windows\System\domATJg.exe
  2⤵
  PID:4544
- C:\Windows\System\EgjrGHg.exe
  C:\Windows\System\EgjrGHg.exe
  2⤵
  PID:4664
- C:\Windows\System\gBZGfiH.exe
  C:\Windows\System\gBZGfiH.exe
  2⤵
  PID:4724
- C:\Windows\System\cEjbaKL.exe
  C:\Windows\System\cEjbaKL.exe
  2⤵
  PID:4852
- C:\Windows\System\ufyYXWP.exe
  C:\Windows\System\ufyYXWP.exe
  2⤵
  PID:4744
- C:\Windows\System\bGfjIWd.exe
  C:\Windows\System\bGfjIWd.exe
  2⤵
  PID:4868
- C:\Windows\System\IYnKPBA.exe
  C:\Windows\System\IYnKPBA.exe
  2⤵
  PID:4928
- C:\Windows\System\HFcutcs.exe
  C:\Windows\System\HFcutcs.exe
  2⤵
  PID:4968
- C:\Windows\System\oFccfhN.exe
  C:\Windows\System\oFccfhN.exe
  2⤵
  PID:5072
- C:\Windows\System\CVmFfZF.exe
  C:\Windows\System\CVmFfZF.exe
  2⤵
  PID:5112
- C:\Windows\System\xvehzNL.exe
  C:\Windows\System\xvehzNL.exe
  2⤵
  PID:3632
- C:\Windows\System\yGJRpTb.exe
  C:\Windows\System\yGJRpTb.exe
  2⤵
  PID:4104
- C:\Windows\System\BsXHbVv.exe
  C:\Windows\System\BsXHbVv.exe
  2⤵
  PID:4200
- C:\Windows\System\Nsgrvpc.exe
  C:\Windows\System\Nsgrvpc.exe
  2⤵
  PID:3836
- C:\Windows\System\neeHfLl.exe
  C:\Windows\System\neeHfLl.exe
  2⤵
  PID:4276
- C:\Windows\System\cisEsce.exe
  C:\Windows\System\cisEsce.exe
  2⤵
  PID:4308
- C:\Windows\System\TBsjVXd.exe
  C:\Windows\System\TBsjVXd.exe
  2⤵
  PID:4540
- C:\Windows\System\UiIJahu.exe
  C:\Windows\System\UiIJahu.exe
  2⤵
  PID:5136
- C:\Windows\System\LyeAVOO.exe
  C:\Windows\System\LyeAVOO.exe
  2⤵
  PID:5160
- C:\Windows\System\tgqcebF.exe
  C:\Windows\System\tgqcebF.exe
  2⤵
  PID:5176
- C:\Windows\System\rVcmNEr.exe
  C:\Windows\System\rVcmNEr.exe
  2⤵
  PID:5204
- C:\Windows\System\dcpgQYv.exe
  C:\Windows\System\dcpgQYv.exe
  2⤵
  PID:5220
- C:\Windows\System\ZocUmSW.exe
  C:\Windows\System\ZocUmSW.exe
  2⤵
  PID:5244
- C:\Windows\System\HXiXdKV.exe
  C:\Windows\System\HXiXdKV.exe
  2⤵
  PID:5268
- C:\Windows\System\Wwnsiin.exe
  C:\Windows\System\Wwnsiin.exe
  2⤵
  PID:5292
- C:\Windows\System\XTwuDRy.exe
  C:\Windows\System\XTwuDRy.exe
  2⤵
  PID:5308
- C:\Windows\System\FaiGgrX.exe
  C:\Windows\System\FaiGgrX.exe
  2⤵
  PID:5324
- C:\Windows\System\SsQQGwQ.exe
  C:\Windows\System\SsQQGwQ.exe
  2⤵
  PID:5348
- C:\Windows\System\dcHMstd.exe
  C:\Windows\System\dcHMstd.exe
  2⤵
  PID:5368
- C:\Windows\System\kiQuWhM.exe
  C:\Windows\System\kiQuWhM.exe
  2⤵
  PID:5388
- C:\Windows\System\aqpKirE.exe
  C:\Windows\System\aqpKirE.exe
  2⤵
  PID:5412
- C:\Windows\System\SBvesIG.exe
  C:\Windows\System\SBvesIG.exe
  2⤵
  PID:5440
- C:\Windows\System\vxjYWqA.exe
  C:\Windows\System\vxjYWqA.exe
  2⤵
  PID:5460
- C:\Windows\System\rLZHkxr.exe
  C:\Windows\System\rLZHkxr.exe
  2⤵
  PID:5488
- C:\Windows\System\vZQMJbr.exe
  C:\Windows\System\vZQMJbr.exe
  2⤵
  PID:5508
- C:\Windows\System\rWaTqAw.exe
  C:\Windows\System\rWaTqAw.exe
  2⤵
  PID:5528
- C:\Windows\System\rKhloXJ.exe
  C:\Windows\System\rKhloXJ.exe
  2⤵
  PID:5544
- C:\Windows\System\iOAZOuA.exe
  C:\Windows\System\iOAZOuA.exe
  2⤵
  PID:5568
- C:\Windows\System\bOFIWva.exe
  C:\Windows\System\bOFIWva.exe
  2⤵
  PID:5588
- C:\Windows\System\bLwabZb.exe
  C:\Windows\System\bLwabZb.exe
  2⤵
  PID:5608
- C:\Windows\System\grVOvPR.exe
  C:\Windows\System\grVOvPR.exe
  2⤵
  PID:5628
- C:\Windows\System\YCtMxUh.exe
  C:\Windows\System\YCtMxUh.exe
  2⤵
  PID:5644
- C:\Windows\System\MmlawDn.exe
  C:\Windows\System\MmlawDn.exe
  2⤵
  PID:5660
- C:\Windows\System\MIMfQdE.exe
  C:\Windows\System\MIMfQdE.exe
  2⤵
  PID:5684
- C:\Windows\System\OGJCIQF.exe
  C:\Windows\System\OGJCIQF.exe
  2⤵
  PID:5700
- C:\Windows\System\uleMukn.exe
  C:\Windows\System\uleMukn.exe
  2⤵
  PID:5720
- C:\Windows\System\VcCIxMV.exe
  C:\Windows\System\VcCIxMV.exe
  2⤵
  PID:5744
- C:\Windows\System\KeRSixi.exe
  C:\Windows\System\KeRSixi.exe
  2⤵
  PID:5760
- C:\Windows\System\MhNYQIU.exe
  C:\Windows\System\MhNYQIU.exe
  2⤵
  PID:5780
- C:\Windows\System\nCScJPb.exe
  C:\Windows\System\nCScJPb.exe
  2⤵
  PID:5800
- C:\Windows\System\LngjuXY.exe
  C:\Windows\System\LngjuXY.exe
  2⤵
  PID:5824
- C:\Windows\System\ffQWgdj.exe
  C:\Windows\System\ffQWgdj.exe
  2⤵
  PID:5844
- C:\Windows\System\ruXyleu.exe
  C:\Windows\System\ruXyleu.exe
  2⤵
  PID:5864
- C:\Windows\System\fmbHOqu.exe
  C:\Windows\System\fmbHOqu.exe
  2⤵
  PID:5888
- C:\Windows\System\YjfIGHV.exe
  C:\Windows\System\YjfIGHV.exe
  2⤵
  PID:5912
- C:\Windows\System\pXKLZkH.exe
  C:\Windows\System\pXKLZkH.exe
  2⤵
  PID:5932
- C:\Windows\System\XfmMzpj.exe
  C:\Windows\System\XfmMzpj.exe
  2⤵
  PID:5956
- C:\Windows\System\UwAuEoa.exe
  C:\Windows\System\UwAuEoa.exe
  2⤵
  PID:5972
- C:\Windows\System\rhNugsl.exe
  C:\Windows\System\rhNugsl.exe
  2⤵
  PID:5996
- C:\Windows\System\LCuSYQe.exe
  C:\Windows\System\LCuSYQe.exe
  2⤵
  PID:6016
- C:\Windows\System\JtckNPF.exe
  C:\Windows\System\JtckNPF.exe
  2⤵
  PID:6036
- C:\Windows\System\fTCyMcu.exe
  C:\Windows\System\fTCyMcu.exe
  2⤵
  PID:6056
- C:\Windows\System\zsrhXod.exe
  C:\Windows\System\zsrhXod.exe
  2⤵
  PID:6076
- C:\Windows\System\pcndSSL.exe
  C:\Windows\System\pcndSSL.exe
  2⤵
  PID:6092
- C:\Windows\System\KvLyfsZ.exe
  C:\Windows\System\KvLyfsZ.exe
  2⤵
  PID:6116
- C:\Windows\System\KAjnzXu.exe
  C:\Windows\System\KAjnzXu.exe
  2⤵
  PID:6136
- C:\Windows\System\zxnJiDc.exe
  C:\Windows\System\zxnJiDc.exe
  2⤵
  PID:4488
- C:\Windows\System\RzTgELT.exe
  C:\Windows\System\RzTgELT.exe
  2⤵
  PID:4468
- C:\Windows\System\akeKDld.exe
  C:\Windows\System\akeKDld.exe
  2⤵
  PID:4652
- C:\Windows\System\CBKonRN.exe
  C:\Windows\System\CBKonRN.exe
  2⤵
  PID:4828
- C:\Windows\System\LTEJXtr.exe
  C:\Windows\System\LTEJXtr.exe
  2⤵
  PID:4832
- C:\Windows\System\cZJzapc.exe
  C:\Windows\System\cZJzapc.exe
  2⤵
  PID:5092
- C:\Windows\System\kzxaxyh.exe
  C:\Windows\System\kzxaxyh.exe
  2⤵
  PID:2452
- C:\Windows\System\qTuSLhB.exe
  C:\Windows\System\qTuSLhB.exe
  2⤵
  PID:5068
- C:\Windows\System\GyNrwrg.exe
  C:\Windows\System\GyNrwrg.exe
  2⤵
  PID:2364
- C:\Windows\System\GmteWkE.exe
  C:\Windows\System\GmteWkE.exe
  2⤵
  PID:2160
- C:\Windows\System\kBBdrUA.exe
  C:\Windows\System\kBBdrUA.exe
  2⤵
  PID:4380
- C:\Windows\System\ktrXyJm.exe
  C:\Windows\System\ktrXyJm.exe
  2⤵
  PID:5156
- C:\Windows\System\RVcmuKX.exe
  C:\Windows\System\RVcmuKX.exe
  2⤵
  PID:5196
- C:\Windows\System\aDRIyRx.exe
  C:\Windows\System\aDRIyRx.exe
  2⤵
  PID:112
- C:\Windows\System\kvVmTvT.exe
  C:\Windows\System\kvVmTvT.exe
  2⤵
  PID:5172
- C:\Windows\System\yOjUYMk.exe
  C:\Windows\System\yOjUYMk.exe
  2⤵
  PID:5212
- C:\Windows\System\cXtebNR.exe
  C:\Windows\System\cXtebNR.exe
  2⤵
  PID:5280
- C:\Windows\System\pKFejyg.exe
  C:\Windows\System\pKFejyg.exe
  2⤵
  PID:5364
- C:\Windows\System\EzJwizF.exe
  C:\Windows\System\EzJwizF.exe
  2⤵
  PID:5396
- C:\Windows\System\UWIOfxQ.exe
  C:\Windows\System\UWIOfxQ.exe
  2⤵
  PID:5340
- C:\Windows\System\OJHotzO.exe
  C:\Windows\System\OJHotzO.exe
  2⤵
  PID:5504
- C:\Windows\System\uQAQlKH.exe
  C:\Windows\System\uQAQlKH.exe
  2⤵
  PID:5384
- C:\Windows\System\jAeWPXS.exe
  C:\Windows\System\jAeWPXS.exe
  2⤵
  PID:5424
- C:\Windows\System\TIOwOLR.exe
  C:\Windows\System\TIOwOLR.exe
  2⤵
  PID:5580
- C:\Windows\System\CKYwxZf.exe
  C:\Windows\System\CKYwxZf.exe
  2⤵
  PID:5620
- C:\Windows\System\qxMIYUV.exe
  C:\Windows\System\qxMIYUV.exe
  2⤵
  PID:5524
- C:\Windows\System\laMFULu.exe
  C:\Windows\System\laMFULu.exe
  2⤵
  PID:5564
- C:\Windows\System\dNpqBiV.exe
  C:\Windows\System\dNpqBiV.exe
  2⤵
  PID:5636
- C:\Windows\System\jUtmEAB.exe
  C:\Windows\System\jUtmEAB.exe
  2⤵
  PID:5732
- C:\Windows\System\wRPRCZY.exe
  C:\Windows\System\wRPRCZY.exe
  2⤵
  PID:5768
- C:\Windows\System\CsFKmBs.exe
  C:\Windows\System\CsFKmBs.exe
  2⤵
  PID:5712
- C:\Windows\System\rSBWAcn.exe
  C:\Windows\System\rSBWAcn.exe
  2⤵
  PID:5752
- C:\Windows\System\YJfDkIq.exe
  C:\Windows\System\YJfDkIq.exe
  2⤵
  PID:5860
- C:\Windows\System\FiWtRen.exe
  C:\Windows\System\FiWtRen.exe
  2⤵
  PID:5896
- C:\Windows\System\XvssocO.exe
  C:\Windows\System\XvssocO.exe
  2⤵
  PID:5940
- C:\Windows\System\kgJitqH.exe
  C:\Windows\System\kgJitqH.exe
  2⤵
  PID:5948
- C:\Windows\System\UcLSJPW.exe
  C:\Windows\System\UcLSJPW.exe
  2⤵
  PID:5924
- C:\Windows\System\Pjqrzql.exe
  C:\Windows\System\Pjqrzql.exe
  2⤵
  PID:6032
- C:\Windows\System\FCdOnuJ.exe
  C:\Windows\System\FCdOnuJ.exe
  2⤵
  PID:6012
- C:\Windows\System\QRaSNKd.exe
  C:\Windows\System\QRaSNKd.exe
  2⤵
  PID:6068
- C:\Windows\System\qCYaGbk.exe
  C:\Windows\System\qCYaGbk.exe
  2⤵
  PID:6112
- C:\Windows\System\mXxPjdb.exe
  C:\Windows\System\mXxPjdb.exe
  2⤵
  PID:4508
- C:\Windows\System\ICUAqTE.exe
  C:\Windows\System\ICUAqTE.exe
  2⤵
  PID:6128
- C:\Windows\System\FowSqWl.exe
  C:\Windows\System\FowSqWl.exe
  2⤵
  PID:4816
- C:\Windows\System\nwfspFq.exe
  C:\Windows\System\nwfspFq.exe
  2⤵
  PID:4972
- C:\Windows\System\lhSYihJ.exe
  C:\Windows\System\lhSYihJ.exe
  2⤵
  PID:5056
- C:\Windows\System\jrXndBF.exe
  C:\Windows\System\jrXndBF.exe
  2⤵
  PID:4284
- C:\Windows\System\raiyiZz.exe
  C:\Windows\System\raiyiZz.exe
  2⤵
  PID:3832
- C:\Windows\System\roVBfsp.exe
  C:\Windows\System\roVBfsp.exe
  2⤵
  PID:5144
- C:\Windows\System\HmtSnBo.exe
  C:\Windows\System\HmtSnBo.exe
  2⤵
  PID:5132
- C:\Windows\System\YMWBjfo.exe
  C:\Windows\System\YMWBjfo.exe
  2⤵
  PID:5216
- C:\Windows\System\ZQbhJDh.exe
  C:\Windows\System\ZQbhJDh.exe
  2⤵
  PID:5276
- C:\Windows\System\zOunLYn.exe
  C:\Windows\System\zOunLYn.exe
  2⤵
  PID:5356
- C:\Windows\System\TfOsdYH.exe
  C:\Windows\System\TfOsdYH.exe
  2⤵
  PID:5496
- C:\Windows\System\cpRfaET.exe
  C:\Windows\System\cpRfaET.exe
  2⤵
  PID:5536
- C:\Windows\System\jmoifzN.exe
  C:\Windows\System\jmoifzN.exe
  2⤵
  PID:5624
- C:\Windows\System\UmXWLwC.exe
  C:\Windows\System\UmXWLwC.exe
  2⤵
  PID:5556
- C:\Windows\System\xVGVQIV.exe
  C:\Windows\System\xVGVQIV.exe
  2⤵
  PID:5584
- C:\Windows\System\DhqIrgH.exe
  C:\Windows\System\DhqIrgH.exe
  2⤵
  PID:5776
- C:\Windows\System\OPXMkTL.exe
  C:\Windows\System\OPXMkTL.exe
  2⤵
  PID:5856
- C:\Windows\System\vfiqCHo.exe
  C:\Windows\System\vfiqCHo.exe
  2⤵
  PID:5876
- C:\Windows\System\LoGHCKd.exe
  C:\Windows\System\LoGHCKd.exe
  2⤵
  PID:2804
- C:\Windows\System\whLMngU.exe
  C:\Windows\System\whLMngU.exe
  2⤵
  PID:2708
- C:\Windows\System\gmkxuZg.exe
  C:\Windows\System\gmkxuZg.exe
  2⤵
  PID:5832
- C:\Windows\System\HgPHMIi.exe
  C:\Windows\System\HgPHMIi.exe
  2⤵
  PID:5964
- C:\Windows\System\yfJbYeF.exe
  C:\Windows\System\yfJbYeF.exe
  2⤵
  PID:6048
- C:\Windows\System\lhsHnvh.exe
  C:\Windows\System\lhsHnvh.exe
  2⤵
  PID:6044
- C:\Windows\System\iwklltO.exe
  C:\Windows\System\iwklltO.exe
  2⤵
  PID:4996
- C:\Windows\System\efzHVQt.exe
  C:\Windows\System\efzHVQt.exe
  2⤵
  PID:4912
- C:\Windows\System\DwMpvCw.exe
  C:\Windows\System\DwMpvCw.exe
  2⤵
  PID:6132
- C:\Windows\System\bANTBHi.exe
  C:\Windows\System\bANTBHi.exe
  2⤵
  PID:3724
- C:\Windows\System\rCWZUFE.exe
  C:\Windows\System\rCWZUFE.exe
  2⤵
  PID:4328
- C:\Windows\System\AvYZEuu.exe
  C:\Windows\System\AvYZEuu.exe
  2⤵
  PID:5236
- C:\Windows\System\lXzGEJZ.exe
  C:\Windows\System\lXzGEJZ.exe
  2⤵
  PID:5184
- C:\Windows\System\cILKbyQ.exe
  C:\Windows\System\cILKbyQ.exe
  2⤵
  PID:5260
- C:\Windows\System\fhIjoWI.exe
  C:\Windows\System\fhIjoWI.exe
  2⤵
  PID:5560
- C:\Windows\System\yxqyHQD.exe
  C:\Windows\System\yxqyHQD.exe
  2⤵
  PID:5376
- C:\Windows\System\CUpQwDk.exe
  C:\Windows\System\CUpQwDk.exe
  2⤵
  PID:5576
- C:\Windows\System\GQYlssp.exe
  C:\Windows\System\GQYlssp.exe
  2⤵
  PID:5740
- C:\Windows\System\UYHBvVI.exe
  C:\Windows\System\UYHBvVI.exe
  2⤵
  PID:5820
- C:\Windows\System\PbokIGN.exe
  C:\Windows\System\PbokIGN.exe
  2⤵
  PID:5680
- C:\Windows\System\tOsbDvZ.exe
  C:\Windows\System\tOsbDvZ.exe
  2⤵
  PID:5968
- C:\Windows\System\QmqoMBG.exe
  C:\Windows\System\QmqoMBG.exe
  2⤵
  PID:4656
- C:\Windows\System\VbCwPeJ.exe
  C:\Windows\System\VbCwPeJ.exe
  2⤵
  PID:5884
- C:\Windows\System\XLTmhmW.exe
  C:\Windows\System\XLTmhmW.exe
  2⤵
  PID:6088
- C:\Windows\System\bkVMRXW.exe
  C:\Windows\System\bkVMRXW.exe
  2⤵
  PID:2508
- C:\Windows\System\FiwEche.exe
  C:\Windows\System\FiwEche.exe
  2⤵
  PID:5152
- C:\Windows\System\mrkwXAT.exe
  C:\Windows\System\mrkwXAT.exe
  2⤵
  PID:5336
- C:\Windows\System\XlVeBds.exe
  C:\Windows\System\XlVeBds.exe
  2⤵
  PID:5456
- C:\Windows\System\hOlCmwx.exe
  C:\Windows\System\hOlCmwx.exe
  2⤵
  PID:5472
- C:\Windows\System\gxCYtYa.exe
  C:\Windows\System\gxCYtYa.exe
  2⤵
  PID:5516
- C:\Windows\System\EKpFHHz.exe
  C:\Windows\System\EKpFHHz.exe
  2⤵
  PID:1652
- C:\Windows\System\AzusogQ.exe
  C:\Windows\System\AzusogQ.exe
  2⤵
  PID:5788
- C:\Windows\System\fvttvYS.exe
  C:\Windows\System\fvttvYS.exe
  2⤵
  PID:3264
- C:\Windows\System\rGZwqKl.exe
  C:\Windows\System\rGZwqKl.exe
  2⤵
  PID:6124
- C:\Windows\System\yvqTFaJ.exe
  C:\Windows\System\yvqTFaJ.exe
  2⤵
  PID:6152
- C:\Windows\System\cgxOWOO.exe
  C:\Windows\System\cgxOWOO.exe
  2⤵
  PID:6172
- C:\Windows\System\CmBmFbh.exe
  C:\Windows\System\CmBmFbh.exe
  2⤵
  PID:6192
- C:\Windows\System\qiYGuHe.exe
  C:\Windows\System\qiYGuHe.exe
  2⤵
  PID:6212
- C:\Windows\System\reILPie.exe
  C:\Windows\System\reILPie.exe
  2⤵
  PID:6232
- C:\Windows\System\ZzCPatB.exe
  C:\Windows\System\ZzCPatB.exe
  2⤵
  PID:6256
- C:\Windows\System\MWrJoxo.exe
  C:\Windows\System\MWrJoxo.exe
  2⤵
  PID:6272
- C:\Windows\System\FFYGlum.exe
  C:\Windows\System\FFYGlum.exe
  2⤵
  PID:6292
- C:\Windows\System\oElSUHn.exe
  C:\Windows\System\oElSUHn.exe
  2⤵
  PID:6312
- C:\Windows\System\NBJalou.exe
  C:\Windows\System\NBJalou.exe
  2⤵
  PID:6336
- C:\Windows\System\rzDCdBN.exe
  C:\Windows\System\rzDCdBN.exe
  2⤵
  PID:6356
- C:\Windows\System\RvrLWRp.exe
  C:\Windows\System\RvrLWRp.exe
  2⤵
  PID:6376
- C:\Windows\System\ySoAiis.exe
  C:\Windows\System\ySoAiis.exe
  2⤵
  PID:6392
- C:\Windows\System\wQoNrsu.exe
  C:\Windows\System\wQoNrsu.exe
  2⤵
  PID:6412
- C:\Windows\System\CfpetBB.exe
  C:\Windows\System\CfpetBB.exe
  2⤵
  PID:6432
- C:\Windows\System\dUTLmzp.exe
  C:\Windows\System\dUTLmzp.exe
  2⤵
  PID:6456
- C:\Windows\System\raatIHV.exe
  C:\Windows\System\raatIHV.exe
  2⤵
  PID:6472
- C:\Windows\System\JMlLhpg.exe
  C:\Windows\System\JMlLhpg.exe
  2⤵
  PID:6488
- C:\Windows\System\zWfzbwl.exe
  C:\Windows\System\zWfzbwl.exe
  2⤵
  PID:6512
- C:\Windows\System\AYuOSWw.exe
  C:\Windows\System\AYuOSWw.exe
  2⤵
  PID:6536
- C:\Windows\System\tViMgFE.exe
  C:\Windows\System\tViMgFE.exe
  2⤵
  PID:6556
- C:\Windows\System\aPqAPjb.exe
  C:\Windows\System\aPqAPjb.exe
  2⤵
  PID:6576
- C:\Windows\System\jrUxcWE.exe
  C:\Windows\System\jrUxcWE.exe
  2⤵
  PID:6596
- C:\Windows\System\vxufVtz.exe
  C:\Windows\System\vxufVtz.exe
  2⤵
  PID:6616
- C:\Windows\System\SRxXFmC.exe
  C:\Windows\System\SRxXFmC.exe
  2⤵
  PID:6636
- C:\Windows\System\vLDyJyT.exe
  C:\Windows\System\vLDyJyT.exe
  2⤵
  PID:6656
- C:\Windows\System\ypXqqDW.exe
  C:\Windows\System\ypXqqDW.exe
  2⤵
  PID:6676
- C:\Windows\System\gTEuPRQ.exe
  C:\Windows\System\gTEuPRQ.exe
  2⤵
  PID:6696
- C:\Windows\System\CzeWAzN.exe
  C:\Windows\System\CzeWAzN.exe
  2⤵
  PID:6716
- C:\Windows\System\IbttTgq.exe
  C:\Windows\System\IbttTgq.exe
  2⤵
  PID:6736
- C:\Windows\System\XIwBSzw.exe
  C:\Windows\System\XIwBSzw.exe
  2⤵
  PID:6756
- C:\Windows\System\DTtSnyv.exe
  C:\Windows\System\DTtSnyv.exe
  2⤵
  PID:6776
- C:\Windows\System\aVlJaDr.exe
  C:\Windows\System\aVlJaDr.exe
  2⤵
  PID:6796
- C:\Windows\System\NnbSSXo.exe
  C:\Windows\System\NnbSSXo.exe
  2⤵
  PID:6816
- C:\Windows\System\DsLltZy.exe
  C:\Windows\System\DsLltZy.exe
  2⤵
  PID:6836
- C:\Windows\System\NMKRSwY.exe
  C:\Windows\System\NMKRSwY.exe
  2⤵
  PID:6856
- C:\Windows\System\YdpqHub.exe
  C:\Windows\System\YdpqHub.exe
  2⤵
  PID:6876
- C:\Windows\System\lkqfsWV.exe
  C:\Windows\System\lkqfsWV.exe
  2⤵
  PID:6896
- C:\Windows\System\bXujDxN.exe
  C:\Windows\System\bXujDxN.exe
  2⤵
  PID:6916
- C:\Windows\System\bYvJynP.exe
  C:\Windows\System\bYvJynP.exe
  2⤵
  PID:6936
- C:\Windows\System\ufrpDjO.exe
  C:\Windows\System\ufrpDjO.exe
  2⤵
  PID:6956
- C:\Windows\System\wcIXwKM.exe
  C:\Windows\System\wcIXwKM.exe
  2⤵
  PID:6972
- C:\Windows\System\oatIocc.exe
  C:\Windows\System\oatIocc.exe
  2⤵
  PID:6992
- C:\Windows\System\fwepKPv.exe
  C:\Windows\System\fwepKPv.exe
  2⤵
  PID:7012
- C:\Windows\System\lVcTlQT.exe
  C:\Windows\System\lVcTlQT.exe
  2⤵
  PID:7032
- C:\Windows\System\bKWdhJm.exe
  C:\Windows\System\bKWdhJm.exe
  2⤵
  PID:7048
- C:\Windows\System\HwHYBro.exe
  C:\Windows\System\HwHYBro.exe
  2⤵
  PID:7072
- C:\Windows\System\elpYoSh.exe
  C:\Windows\System\elpYoSh.exe
  2⤵
  PID:7092
- C:\Windows\System\RXLIsGE.exe
  C:\Windows\System\RXLIsGE.exe
  2⤵
  PID:7112
- C:\Windows\System\DilqxwW.exe
  C:\Windows\System\DilqxwW.exe
  2⤵
  PID:7140
- C:\Windows\System\NSoSIsR.exe
  C:\Windows\System\NSoSIsR.exe
  2⤵
  PID:7160
- C:\Windows\System\sWUrESq.exe
  C:\Windows\System\sWUrESq.exe
  2⤵
  PID:5692
- C:\Windows\System\vYWnmZy.exe
  C:\Windows\System\vYWnmZy.exe
  2⤵
  PID:5728
- C:\Windows\System\fzbLXFA.exe
  C:\Windows\System\fzbLXFA.exe
  2⤵
  PID:5812
- C:\Windows\System\aYBdQFB.exe
  C:\Windows\System\aYBdQFB.exe
  2⤵
  PID:4220
- C:\Windows\System\sIlSIwO.exe
  C:\Windows\System\sIlSIwO.exe
  2⤵
  PID:6168
- C:\Windows\System\MuPGdBX.exe
  C:\Windows\System\MuPGdBX.exe
  2⤵
  PID:6204
- C:\Windows\System\jQMElZW.exe
  C:\Windows\System\jQMElZW.exe
  2⤵
  PID:2032
- C:\Windows\System\YxOajCY.exe
  C:\Windows\System\YxOajCY.exe
  2⤵
  PID:6188
- C:\Windows\System\zNcWMss.exe
  C:\Windows\System\zNcWMss.exe
  2⤵
  PID:6220
- C:\Windows\System\ZDkhMBh.exe
  C:\Windows\System\ZDkhMBh.exe
  2⤵
  PID:6320
- C:\Windows\System\AjXYODF.exe
  C:\Windows\System\AjXYODF.exe
  2⤵
  PID:6264
- C:\Windows\System\jsvppPl.exe
  C:\Windows\System\jsvppPl.exe
  2⤵
  PID:6372
- C:\Windows\System\JbZOOwe.exe
  C:\Windows\System\JbZOOwe.exe
  2⤵
  PID:6408
- C:\Windows\System\iMXnJIC.exe
  C:\Windows\System\iMXnJIC.exe
  2⤵
  PID:6440
- C:\Windows\System\oONJwCj.exe
  C:\Windows\System\oONJwCj.exe
  2⤵
  PID:6444
- C:\Windows\System\OMCcgsB.exe
  C:\Windows\System\OMCcgsB.exe
  2⤵
  PID:6384
- C:\Windows\System\VhotlCY.exe
  C:\Windows\System\VhotlCY.exe
  2⤵
  PID:6484
- C:\Windows\System\HkKwxYG.exe
  C:\Windows\System\HkKwxYG.exe
  2⤵
  PID:6528
- C:\Windows\System\xOdSMXO.exe
  C:\Windows\System\xOdSMXO.exe
  2⤵
  PID:6564
- C:\Windows\System\fcOzMov.exe
  C:\Windows\System\fcOzMov.exe
  2⤵
  PID:6544
- C:\Windows\System\eWxGbwA.exe
  C:\Windows\System\eWxGbwA.exe
  2⤵
  PID:6604
- C:\Windows\System\kJEQPLs.exe
  C:\Windows\System\kJEQPLs.exe
  2⤵
  PID:6592
- C:\Windows\System\SfJmzvR.exe
  C:\Windows\System\SfJmzvR.exe
  2⤵
  PID:6624
- C:\Windows\System\EAtXDAq.exe
  C:\Windows\System\EAtXDAq.exe
  2⤵
  PID:6728
- C:\Windows\System\dVqtjOB.exe
  C:\Windows\System\dVqtjOB.exe
  2⤵
  PID:6752
- C:\Windows\System\oSDWaLv.exe
  C:\Windows\System\oSDWaLv.exe
  2⤵
  PID:6792
- C:\Windows\System\FylRuXk.exe
  C:\Windows\System\FylRuXk.exe
  2⤵
  PID:6808
- C:\Windows\System\kxPocHl.exe
  C:\Windows\System\kxPocHl.exe
  2⤵
  PID:6848
- C:\Windows\System\szWGvGr.exe
  C:\Windows\System\szWGvGr.exe
  2⤵
  PID:6828
- C:\Windows\System\SwKTIHN.exe
  C:\Windows\System\SwKTIHN.exe
  2⤵
  PID:6932
- C:\Windows\System\UiTBlEH.exe
  C:\Windows\System\UiTBlEH.exe
  2⤵
  PID:6904
- C:\Windows\System\WzJjFGI.exe
  C:\Windows\System\WzJjFGI.exe
  2⤵
  PID:7004
- C:\Windows\System\kgetaNL.exe
  C:\Windows\System\kgetaNL.exe
  2⤵
  PID:6944
- C:\Windows\System\uMASnJk.exe
  C:\Windows\System\uMASnJk.exe
  2⤵
  PID:7060
- C:\Windows\System\AdWbjhX.exe
  C:\Windows\System\AdWbjhX.exe
  2⤵
  PID:7104
- C:\Windows\System\oKtWbRd.exe
  C:\Windows\System\oKtWbRd.exe
  2⤵
  PID:3648
- C:\Windows\System\jguPTnc.exe
  C:\Windows\System\jguPTnc.exe
  2⤵
  PID:7156
- C:\Windows\System\ppiOEQa.exe
  C:\Windows\System\ppiOEQa.exe
  2⤵
  PID:5284
- C:\Windows\System\XXCunJl.exe
  C:\Windows\System\XXCunJl.exe
  2⤵
  PID:5552
- C:\Windows\System\zbQSpRn.exe
  C:\Windows\System\zbQSpRn.exe
  2⤵
  PID:5988
- C:\Windows\System\EprDkNn.exe
  C:\Windows\System\EprDkNn.exe
  2⤵
  PID:6208
- C:\Windows\System\DhsozMD.exe
  C:\Windows\System\DhsozMD.exe
  2⤵
  PID:6284
- C:\Windows\System\UMYaSpf.exe
  C:\Windows\System\UMYaSpf.exe
  2⤵
  PID:2768
- C:\Windows\System\ovpLZtT.exe
  C:\Windows\System\ovpLZtT.exe
  2⤵
  PID:6524
- C:\Windows\System\pvGtewW.exe
  C:\Windows\System\pvGtewW.exe
  2⤵
  PID:3204
- C:\Windows\System\ndiEAQK.exe
  C:\Windows\System\ndiEAQK.exe
  2⤵
  PID:2284
- C:\Windows\System\tUMFQLz.exe
  C:\Windows\System\tUMFQLz.exe
  2⤵
  PID:6248
- C:\Windows\System\jeCopPS.exe
  C:\Windows\System\jeCopPS.exe
  2⤵
  PID:6404
- C:\Windows\System\rIoKqNh.exe
  C:\Windows\System\rIoKqNh.exe
  2⤵
  PID:6648
- C:\Windows\System\wWpQBxG.exe
  C:\Windows\System\wWpQBxG.exe
  2⤵
  PID:6704
- C:\Windows\System\HOhwhjU.exe
  C:\Windows\System\HOhwhjU.exe
  2⤵
  PID:6844
- C:\Windows\System\xRSVLBX.exe
  C:\Windows\System\xRSVLBX.exe
  2⤵
  PID:7000
- C:\Windows\System\FPYwafR.exe
  C:\Windows\System\FPYwafR.exe
  2⤵
  PID:6632
- C:\Windows\System\CkFgYdi.exe
  C:\Windows\System\CkFgYdi.exe
  2⤵
  PID:6724
- C:\Windows\System\mIkRYvn.exe
  C:\Windows\System\mIkRYvn.exe
  2⤵
  PID:6984
- C:\Windows\System\jpDUGry.exe
  C:\Windows\System\jpDUGry.exe
  2⤵
  PID:6148
- C:\Windows\System\BIitaMM.exe
  C:\Windows\System\BIitaMM.exe
  2⤵
  PID:2864
- C:\Windows\System\wLurHfL.exe
  C:\Windows\System\wLurHfL.exe
  2⤵
  PID:6804
- C:\Windows\System\QEmSZSI.exe
  C:\Windows\System\QEmSZSI.exe
  2⤵
  PID:6892
- C:\Windows\System\iOMUWrY.exe
  C:\Windows\System\iOMUWrY.exe
  2⤵
  PID:7020
- C:\Windows\System\YkOoFqU.exe
  C:\Windows\System\YkOoFqU.exe
  2⤵
  PID:7100
- C:\Windows\System\askBLaG.exe
  C:\Windows\System\askBLaG.exe
  2⤵
  PID:6532
- C:\Windows\System\VAoYNnD.exe
  C:\Windows\System\VAoYNnD.exe
  2⤵
  PID:1832
- C:\Windows\System\sUFDSnP.exe
  C:\Windows\System\sUFDSnP.exe
  2⤵
  PID:6304
- C:\Windows\System\MXbLJGY.exe
  C:\Windows\System\MXbLJGY.exe
  2⤵
  PID:6240
- C:\Windows\System\vzhpIBZ.exe
  C:\Windows\System\vzhpIBZ.exe
  2⤵
  PID:6732
- C:\Windows\System\PnPxzXc.exe
  C:\Windows\System\PnPxzXc.exe
  2⤵
  PID:6952
- C:\Windows\System\KuXqvEp.exe
  C:\Windows\System\KuXqvEp.exe
  2⤵
  PID:3952
- C:\Windows\System\FdZYwBf.exe
  C:\Windows\System\FdZYwBf.exe
  2⤵
  PID:6672
- C:\Windows\System\XHDvxAq.exe
  C:\Windows\System\XHDvxAq.exe
  2⤵
  PID:6668
- C:\Windows\System\UBuSVeU.exe
  C:\Windows\System\UBuSVeU.exe
  2⤵
  PID:6568
- C:\Windows\System\KxPNNju.exe
  C:\Windows\System\KxPNNju.exe
  2⤵
  PID:2704
- C:\Windows\System\NSzJIzN.exe
  C:\Windows\System\NSzJIzN.exe
  2⤵
  PID:6912
- C:\Windows\System\kMJJCFD.exe
  C:\Windows\System\kMJJCFD.exe
  2⤵
  PID:7064
- C:\Windows\System\ThVLmZx.exe
  C:\Windows\System\ThVLmZx.exe
  2⤵
  PID:6352
- C:\Windows\System\SFCxqUF.exe
  C:\Windows\System\SFCxqUF.exe
  2⤵
  PID:5240
- C:\Windows\System\JrPxVGM.exe
  C:\Windows\System\JrPxVGM.exe
  2⤵
  PID:6424
- C:\Windows\System\BLhIKlq.exe
  C:\Windows\System\BLhIKlq.exe
  2⤵
  PID:6968
- C:\Windows\System\fnIARCE.exe
  C:\Windows\System\fnIARCE.exe
  2⤵
  PID:7148
- C:\Windows\System\bnPNkfM.exe
  C:\Windows\System\bnPNkfM.exe
  2⤵
  PID:6664
- C:\Windows\System\IhxbSMh.exe
  C:\Windows\System\IhxbSMh.exe
  2⤵
  PID:6744
- C:\Windows\System\SgbZnfP.exe
  C:\Windows\System\SgbZnfP.exe
  2⤵
  PID:6548
- C:\Windows\System\xTZDUkz.exe
  C:\Windows\System\xTZDUkz.exe
  2⤵
  PID:5448
- C:\Windows\System\sdAZUtH.exe
  C:\Windows\System\sdAZUtH.exe
  2⤵
  PID:5124
- C:\Windows\System\wPNiBnS.exe
  C:\Windows\System\wPNiBnS.exe
  2⤵
  PID:6504
- C:\Windows\System\bbsoRms.exe
  C:\Windows\System\bbsoRms.exe
  2⤵
  PID:2192
- C:\Windows\System\sxoToPg.exe
  C:\Windows\System\sxoToPg.exe
  2⤵
  PID:7184
- C:\Windows\System\EGAWIfR.exe
  C:\Windows\System\EGAWIfR.exe
  2⤵
  PID:7200
- C:\Windows\System\WpHVKic.exe
  C:\Windows\System\WpHVKic.exe
  2⤵
  PID:7216
- C:\Windows\System\MmRgJhj.exe
  C:\Windows\System\MmRgJhj.exe
  2⤵
  PID:7232
- C:\Windows\System\BITbztl.exe
  C:\Windows\System\BITbztl.exe
  2⤵
  PID:7252
- C:\Windows\System\btvKvem.exe
  C:\Windows\System\btvKvem.exe
  2⤵
  PID:7268
- C:\Windows\System\kaYJjGN.exe
  C:\Windows\System\kaYJjGN.exe
  2⤵
  PID:7284
- C:\Windows\System\ZbXjVuF.exe
  C:\Windows\System\ZbXjVuF.exe
  2⤵
  PID:7300
- C:\Windows\System\BYUXZnu.exe
  C:\Windows\System\BYUXZnu.exe
  2⤵
  PID:7316
- C:\Windows\System\KpkdwgB.exe
  C:\Windows\System\KpkdwgB.exe
  2⤵
  PID:7332
- C:\Windows\System\MCzzlWJ.exe
  C:\Windows\System\MCzzlWJ.exe
  2⤵
  PID:7348
- C:\Windows\System\xcVUGBV.exe
  C:\Windows\System\xcVUGBV.exe
  2⤵
  PID:7364
- C:\Windows\System\FlvMyfQ.exe
  C:\Windows\System\FlvMyfQ.exe
  2⤵
  PID:7380
- C:\Windows\System\Xcwnewb.exe
  C:\Windows\System\Xcwnewb.exe
  2⤵
  PID:7396
- C:\Windows\System\RLVgxqp.exe
  C:\Windows\System\RLVgxqp.exe
  2⤵
  PID:7412
- C:\Windows\System\HOMQxVA.exe
  C:\Windows\System\HOMQxVA.exe
  2⤵
  PID:7428
- C:\Windows\System\RCfjIpb.exe
  C:\Windows\System\RCfjIpb.exe
  2⤵
  PID:7448
- C:\Windows\System\vduLKht.exe
  C:\Windows\System\vduLKht.exe
  2⤵
  PID:7468
- C:\Windows\System\JliVcnh.exe
  C:\Windows\System\JliVcnh.exe
  2⤵
  PID:7484
- C:\Windows\System\vjMWbae.exe
  C:\Windows\System\vjMWbae.exe
  2⤵
  PID:7504
- C:\Windows\System\vOJOuUz.exe
  C:\Windows\System\vOJOuUz.exe
  2⤵
  PID:7520
- C:\Windows\System\EdwdkoL.exe
  C:\Windows\System\EdwdkoL.exe
  2⤵
  PID:7536
- C:\Windows\System\oHpTlff.exe
  C:\Windows\System\oHpTlff.exe
  2⤵
  PID:7552
- C:\Windows\System\oqBMAkr.exe
  C:\Windows\System\oqBMAkr.exe
  2⤵
  PID:7568
- C:\Windows\System\mNZMJoT.exe
  C:\Windows\System\mNZMJoT.exe
  2⤵
  PID:7584
- C:\Windows\System\IKRaxwQ.exe
  C:\Windows\System\IKRaxwQ.exe
  2⤵
  PID:7604
- C:\Windows\System\upnVosa.exe
  C:\Windows\System\upnVosa.exe
  2⤵
  PID:7620
- C:\Windows\System\lyPZucc.exe
  C:\Windows\System\lyPZucc.exe
  2⤵
  PID:7636
- C:\Windows\System\MGpUEAm.exe
  C:\Windows\System\MGpUEAm.exe
  2⤵
  PID:7652
- C:\Windows\System\JJZHKSd.exe
  C:\Windows\System\JJZHKSd.exe
  2⤵
  PID:7668
- C:\Windows\System\wmDaGkI.exe
  C:\Windows\System\wmDaGkI.exe
  2⤵
  PID:7684
- C:\Windows\System\BSXFOit.exe
  C:\Windows\System\BSXFOit.exe
  2⤵
  PID:7700
- C:\Windows\System\hayjvCH.exe
  C:\Windows\System\hayjvCH.exe
  2⤵
  PID:7716
- C:\Windows\System\xqyGZUW.exe
  C:\Windows\System\xqyGZUW.exe
  2⤵
  PID:7736
- C:\Windows\System\DaHsjzE.exe
  C:\Windows\System\DaHsjzE.exe
  2⤵
  PID:7756
- C:\Windows\System\dkDfswj.exe
  C:\Windows\System\dkDfswj.exe
  2⤵
  PID:7772
- C:\Windows\System\NPaBnxU.exe
  C:\Windows\System\NPaBnxU.exe
  2⤵
  PID:7800
- C:\Windows\System\zkkEPoV.exe
  C:\Windows\System\zkkEPoV.exe
  2⤵
  PID:7844
- C:\Windows\System\bjBLVDt.exe
  C:\Windows\System\bjBLVDt.exe
  2⤵
  PID:7864
- C:\Windows\System\TdBkDZq.exe
  C:\Windows\System\TdBkDZq.exe
  2⤵
  PID:7880
- C:\Windows\System\tKCGZEt.exe
  C:\Windows\System\tKCGZEt.exe
  2⤵
  PID:7896
- C:\Windows\System\zinWyes.exe
  C:\Windows\System\zinWyes.exe
  2⤵
  PID:7912
- C:\Windows\System\nKrNoNd.exe
  C:\Windows\System\nKrNoNd.exe
  2⤵
  PID:7928
- C:\Windows\System\ZOPnfpg.exe
  C:\Windows\System\ZOPnfpg.exe
  2⤵
  PID:7948
- C:\Windows\System\DJpdoEX.exe
  C:\Windows\System\DJpdoEX.exe
  2⤵
  PID:7968
- C:\Windows\System\ooUvthR.exe
  C:\Windows\System\ooUvthR.exe
  2⤵
  PID:7984
- C:\Windows\System\ABruYKF.exe
  C:\Windows\System\ABruYKF.exe
  2⤵
  PID:8000
- C:\Windows\System\hozKLro.exe
  C:\Windows\System\hozKLro.exe
  2⤵
  PID:8016
- C:\Windows\System\aavEUtm.exe
  C:\Windows\System\aavEUtm.exe
  2⤵
  PID:8032
- C:\Windows\System\QGudAIe.exe
  C:\Windows\System\QGudAIe.exe
  2⤵
  PID:8048
- C:\Windows\System\bMDnWtV.exe
  C:\Windows\System\bMDnWtV.exe
  2⤵
  PID:8064
- C:\Windows\System\InVGmyn.exe
  C:\Windows\System\InVGmyn.exe
  2⤵
  PID:8080
- C:\Windows\System\nnkjHyY.exe
  C:\Windows\System\nnkjHyY.exe
  2⤵
  PID:8096
- C:\Windows\System\mhdmGWN.exe
  C:\Windows\System\mhdmGWN.exe
  2⤵
  PID:8124
- C:\Windows\System\DPLPUKj.exe
  C:\Windows\System\DPLPUKj.exe
  2⤵
  PID:8140
- C:\Windows\System\buYwwYA.exe
  C:\Windows\System\buYwwYA.exe
  2⤵
  PID:8156
- C:\Windows\System\XvCvqYC.exe
  C:\Windows\System\XvCvqYC.exe
  2⤵
  PID:8172
- C:\Windows\System\iXYnhem.exe
  C:\Windows\System\iXYnhem.exe
  2⤵
  PID:8188
- C:\Windows\System\CTzDoVY.exe
  C:\Windows\System\CTzDoVY.exe
  2⤵
  PID:7192
- C:\Windows\System\WfHjkPg.exe
  C:\Windows\System\WfHjkPg.exe
  2⤵
  PID:6652
- C:\Windows\System\VxuSdLu.exe
  C:\Windows\System\VxuSdLu.exe
  2⤵
  PID:6980
- C:\Windows\System\DJAnHuM.exe
  C:\Windows\System\DJAnHuM.exe
  2⤵
  PID:5676
- C:\Windows\System\svoTnvh.exe
  C:\Windows\System\svoTnvh.exe
  2⤵
  PID:1776
- C:\Windows\System\CiFaUly.exe
  C:\Windows\System\CiFaUly.exe
  2⤵
  PID:6288
- C:\Windows\System\gZRXlsU.exe
  C:\Windows\System\gZRXlsU.exe
  2⤵
  PID:7264
- C:\Windows\System\MCfTGou.exe
  C:\Windows\System\MCfTGou.exe
  2⤵
  PID:7324
- C:\Windows\System\aZDnKZh.exe
  C:\Windows\System\aZDnKZh.exe
  2⤵
  PID:7212
- C:\Windows\System\WNGSMor.exe
  C:\Windows\System\WNGSMor.exe
  2⤵
  PID:108
- C:\Windows\System\aISfeuY.exe
  C:\Windows\System\aISfeuY.exe
  2⤵
  PID:7388
- C:\Windows\System\FZilCOX.exe
  C:\Windows\System\FZilCOX.exe
  2⤵
  PID:7408
- C:\Windows\System\yckhyAE.exe
  C:\Windows\System\yckhyAE.exe
  2⤵
  PID:7276
- C:\Windows\System\oHBeIlH.exe
  C:\Windows\System\oHBeIlH.exe
  2⤵
  PID:7340
- C:\Windows\System\IdLFhIK.exe
  C:\Windows\System\IdLFhIK.exe
  2⤵
  PID:7436
- C:\Windows\System\UwEVtAu.exe
  C:\Windows\System\UwEVtAu.exe
  2⤵
  PID:7460
- C:\Windows\System\LttuNvB.exe
  C:\Windows\System\LttuNvB.exe
  2⤵
  PID:7500
- C:\Windows\System\xicrwmm.exe
  C:\Windows\System\xicrwmm.exe
  2⤵
  PID:7564
- C:\Windows\System\XxNwFDZ.exe
  C:\Windows\System\XxNwFDZ.exe
  2⤵
  PID:7516
- C:\Windows\System\YlmggpO.exe
  C:\Windows\System\YlmggpO.exe
  2⤵
  PID:7580
- C:\Windows\System\VtGsief.exe
  C:\Windows\System\VtGsief.exe
  2⤵
  PID:7632
- C:\Windows\System\kdvsUBF.exe
  C:\Windows\System\kdvsUBF.exe
  2⤵
  PID:7696
- C:\Windows\System\EwHTluC.exe
  C:\Windows\System\EwHTluC.exe
  2⤵
  PID:1724
- C:\Windows\System\HJhbcyf.exe
  C:\Windows\System\HJhbcyf.exe
  2⤵
  PID:7648
- C:\Windows\System\hyuethy.exe
  C:\Windows\System\hyuethy.exe
  2⤵
  PID:7728
- C:\Windows\System\XYDoJhK.exe
  C:\Windows\System\XYDoJhK.exe
  2⤵
  PID:7752
- C:\Windows\System\KNWrkrh.exe
  C:\Windows\System\KNWrkrh.exe
  2⤵
  PID:7788
- C:\Windows\System\orxruQT.exe
  C:\Windows\System\orxruQT.exe
  2⤵
  PID:7812
- C:\Windows\System\IabWQUI.exe
  C:\Windows\System\IabWQUI.exe
  2⤵
  PID:7832
- C:\Windows\System\gkorygO.exe
  C:\Windows\System\gkorygO.exe
  2⤵
  PID:7872
- C:\Windows\System\RNsMWOX.exe
  C:\Windows\System\RNsMWOX.exe
  2⤵
  PID:7904
- C:\Windows\System\bmpVMtN.exe
  C:\Windows\System\bmpVMtN.exe
  2⤵
  PID:7976
- C:\Windows\System\InzGvzZ.exe
  C:\Windows\System\InzGvzZ.exe
  2⤵
  PID:8044
- C:\Windows\System\UhLPjNc.exe
  C:\Windows\System\UhLPjNc.exe
  2⤵
  PID:2152
- C:\Windows\System\CqiCwLe.exe
  C:\Windows\System\CqiCwLe.exe
  2⤵
  PID:7888
- C:\Windows\System\eFDdFNM.exe
  C:\Windows\System\eFDdFNM.exe
  2⤵
  PID:7892
- C:\Windows\System\VPxkViT.exe
  C:\Windows\System\VPxkViT.exe
  2⤵
  PID:7960
- C:\Windows\System\nqZNSGn.exe
  C:\Windows\System\nqZNSGn.exe
  2⤵
  PID:8116
- C:\Windows\System\OgKOudb.exe
  C:\Windows\System\OgKOudb.exe
  2⤵
  PID:7996
- C:\Windows\System\jwaySJZ.exe
  C:\Windows\System\jwaySJZ.exe
  2⤵
  PID:8152
- C:\Windows\System\dWwBfuu.exe
  C:\Windows\System\dWwBfuu.exe
  2⤵
  PID:6332
- C:\Windows\System\fhvzptc.exe
  C:\Windows\System\fhvzptc.exe
  2⤵
  PID:544
- C:\Windows\System\NQLqyUm.exe
  C:\Windows\System\NQLqyUm.exe
  2⤵
  PID:8132
- C:\Windows\System\xdCwXjf.exe
  C:\Windows\System\xdCwXjf.exe
  2⤵
  PID:6688
- C:\Windows\System\kImbQVO.exe
  C:\Windows\System\kImbQVO.exe
  2⤵
  PID:7296
- C:\Windows\System\TvvpZfy.exe
  C:\Windows\System\TvvpZfy.exe
  2⤵
  PID:7308
- C:\Windows\System\mCLkFZP.exe
  C:\Windows\System\mCLkFZP.exe
  2⤵
  PID:7532
- C:\Windows\System\ymxTMUr.exe
  C:\Windows\System\ymxTMUr.exe
  2⤵
  PID:7176
- C:\Windows\System\axfmVTl.exe
  C:\Windows\System\axfmVTl.exe
  2⤵
  PID:7360
- C:\Windows\System\MnfeIvD.exe
  C:\Windows\System\MnfeIvD.exe
  2⤵
  PID:7376
- C:\Windows\System\CUXsPMt.exe
  C:\Windows\System\CUXsPMt.exe
  2⤵
  PID:7496
- C:\Windows\System\gYXQXyK.exe
  C:\Windows\System\gYXQXyK.exe
  2⤵
  PID:7576
- C:\Windows\System\clAZLFg.exe
  C:\Windows\System\clAZLFg.exe
  2⤵
  PID:7628
- C:\Windows\System\WPkCmUI.exe
  C:\Windows\System\WPkCmUI.exe
  2⤵
  PID:7664
- C:\Windows\System\biqDHJa.exe
  C:\Windows\System\biqDHJa.exe
  2⤵
  PID:7768
- C:\Windows\System\mEUMyHQ.exe
  C:\Windows\System\mEUMyHQ.exe
  2⤵
  PID:7940
- C:\Windows\System\FnrOenf.exe
  C:\Windows\System\FnrOenf.exe
  2⤵
  PID:7748
- C:\Windows\System\NJrSjwH.exe
  C:\Windows\System\NJrSjwH.exe
  2⤵
  PID:6884
- C:\Windows\System\uvvKWLN.exe
  C:\Windows\System\uvvKWLN.exe
  2⤵
  PID:7860
- C:\Windows\System\rXGuedm.exe
  C:\Windows\System\rXGuedm.exe
  2⤵
  PID:8108
- C:\Windows\System\HdTqSHS.exe
  C:\Windows\System\HdTqSHS.exe
  2⤵
  PID:8008
- C:\Windows\System\qHjSQDt.exe
  C:\Windows\System\qHjSQDt.exe
  2⤵
  PID:7852
- C:\Windows\System\RKvanGN.exe
  C:\Windows\System\RKvanGN.exe
  2⤵
  PID:7292
- C:\Windows\System\GArotYK.exe
  C:\Windows\System\GArotYK.exe
  2⤵
  PID:7808
- C:\Windows\System\AalpUJS.exe
  C:\Windows\System\AalpUJS.exe
  2⤵
  PID:7456
- C:\Windows\System\sKBsZNN.exe
  C:\Windows\System\sKBsZNN.exe
  2⤵
  PID:7492
- C:\Windows\System\UgnPdOT.exe
  C:\Windows\System\UgnPdOT.exe
  2⤵
  PID:1992
- C:\Windows\System\btrpKtt.exe
  C:\Windows\System\btrpKtt.exe
  2⤵
  PID:7708
- C:\Windows\System\eONjwEp.exe
  C:\Windows\System\eONjwEp.exe
  2⤵
  PID:8028
- C:\Windows\System\ZCOmsOj.exe
  C:\Windows\System\ZCOmsOj.exe
  2⤵
  PID:7876
- C:\Windows\System\uUxseiA.exe
  C:\Windows\System\uUxseiA.exe
  2⤵
  PID:8168
- C:\Windows\System\kOjyWEL.exe
  C:\Windows\System\kOjyWEL.exe
  2⤵
  PID:2084
- C:\Windows\System\tbxHIrp.exe
  C:\Windows\System\tbxHIrp.exe
  2⤵
  PID:876
- C:\Windows\System\pblRmkw.exe
  C:\Windows\System\pblRmkw.exe
  2⤵
  PID:7692
- C:\Windows\System\lFSlOuC.exe
  C:\Windows\System\lFSlOuC.exe
  2⤵
  PID:7208
- C:\Windows\System\wPwLcXB.exe
  C:\Windows\System\wPwLcXB.exe
  2⤵
  PID:2892
- C:\Windows\System\aejpGKT.exe
  C:\Windows\System\aejpGKT.exe
  2⤵
  PID:7824
- C:\Windows\System\CMjyFaj.exe
  C:\Windows\System\CMjyFaj.exe
  2⤵
  PID:2396
- C:\Windows\System\oRRrNCL.exe
  C:\Windows\System\oRRrNCL.exe
  2⤵
  PID:8196
- C:\Windows\System\XsVYcnZ.exe
  C:\Windows\System\XsVYcnZ.exe
  2⤵
  PID:8212
- C:\Windows\System\aBTsSzA.exe
  C:\Windows\System\aBTsSzA.exe
  2⤵
  PID:8228
- C:\Windows\System\DrdlZFE.exe
  C:\Windows\System\DrdlZFE.exe
  2⤵
  PID:8244
- C:\Windows\System\UebmvjU.exe
  C:\Windows\System\UebmvjU.exe
  2⤵
  PID:8260
- C:\Windows\System\HBLpWPd.exe
  C:\Windows\System\HBLpWPd.exe
  2⤵
  PID:8280
- C:\Windows\System\CtyNDfW.exe
  C:\Windows\System\CtyNDfW.exe
  2⤵
  PID:8296
- C:\Windows\System\GYGdscx.exe
  C:\Windows\System\GYGdscx.exe
  2⤵
  PID:8340
- C:\Windows\System\FmqIGNR.exe
  C:\Windows\System\FmqIGNR.exe
  2⤵
  PID:8436
- C:\Windows\System\OFUVgdq.exe
  C:\Windows\System\OFUVgdq.exe
  2⤵
  PID:8452
- C:\Windows\System\sorEbem.exe
  C:\Windows\System\sorEbem.exe
  2⤵
  PID:8468
- C:\Windows\System\KwFTQlC.exe
  C:\Windows\System\KwFTQlC.exe
  2⤵
  PID:8484
- C:\Windows\System\BFjPXdi.exe
  C:\Windows\System\BFjPXdi.exe
  2⤵
  PID:8500
- C:\Windows\System\XHyasCt.exe
  C:\Windows\System\XHyasCt.exe
  2⤵
  PID:8516
- C:\Windows\System\iwrsSdd.exe
  C:\Windows\System\iwrsSdd.exe
  2⤵
  PID:8532
- C:\Windows\System\gLHYViA.exe
  C:\Windows\System\gLHYViA.exe
  2⤵
  PID:8548
- C:\Windows\System\KYOPSdc.exe
  C:\Windows\System\KYOPSdc.exe
  2⤵
  PID:8564
- C:\Windows\System\iMpLkYF.exe
  C:\Windows\System\iMpLkYF.exe
  2⤵
  PID:8580
- C:\Windows\System\eTQpkEm.exe
  C:\Windows\System\eTQpkEm.exe
  2⤵
  PID:8596
- C:\Windows\System\Ffykczk.exe
  C:\Windows\System\Ffykczk.exe
  2⤵
  PID:8612
- C:\Windows\System\rAQzGeR.exe
  C:\Windows\System\rAQzGeR.exe
  2⤵
  PID:8628
- C:\Windows\System\BQwXQkT.exe
  C:\Windows\System\BQwXQkT.exe
  2⤵
  PID:8644
- C:\Windows\System\EIOLcOD.exe
  C:\Windows\System\EIOLcOD.exe
  2⤵
  PID:8660
- C:\Windows\System\avVuzBj.exe
  C:\Windows\System\avVuzBj.exe
  2⤵
  PID:8676
- C:\Windows\System\YhyAdaE.exe
  C:\Windows\System\YhyAdaE.exe
  2⤵
  PID:8692
- C:\Windows\System\cLmcxZT.exe
  C:\Windows\System\cLmcxZT.exe
  2⤵
  PID:8708
- C:\Windows\System\POetkwz.exe
  C:\Windows\System\POetkwz.exe
  2⤵
  PID:8724
- C:\Windows\System\HZeDtYd.exe
  C:\Windows\System\HZeDtYd.exe
  2⤵
  PID:8740
- C:\Windows\System\ApFFPaw.exe
  C:\Windows\System\ApFFPaw.exe
  2⤵
  PID:8756
- C:\Windows\System\hufVvHh.exe
  C:\Windows\System\hufVvHh.exe
  2⤵
  PID:8772
- C:\Windows\System\ftfvXQv.exe
  C:\Windows\System\ftfvXQv.exe
  2⤵
  PID:8792
- C:\Windows\System\frWMgYc.exe
  C:\Windows\System\frWMgYc.exe
  2⤵
  PID:8812
- C:\Windows\System\ZeGShfy.exe
  C:\Windows\System\ZeGShfy.exe
  2⤵
  PID:8828
- C:\Windows\System\ojYPAtV.exe
  C:\Windows\System\ojYPAtV.exe
  2⤵
  PID:8844
- C:\Windows\System\huHdrZv.exe
  C:\Windows\System\huHdrZv.exe
  2⤵
  PID:8860
- C:\Windows\System\Bgypayj.exe
  C:\Windows\System\Bgypayj.exe
  2⤵
  PID:8876
- C:\Windows\System\dINNPwq.exe
  C:\Windows\System\dINNPwq.exe
  2⤵
  PID:8892
- C:\Windows\System\NUBuxFk.exe
  C:\Windows\System\NUBuxFk.exe
  2⤵
  PID:8912
- C:\Windows\System\WDPPahT.exe
  C:\Windows\System\WDPPahT.exe
  2⤵
  PID:8960
- C:\Windows\System\nvpNnNL.exe
  C:\Windows\System\nvpNnNL.exe
  2⤵
  PID:8976
- C:\Windows\System\VwEimaG.exe
  C:\Windows\System\VwEimaG.exe
  2⤵
  PID:8992
- C:\Windows\System\IggJJmB.exe
  C:\Windows\System\IggJJmB.exe
  2⤵
  PID:9008
- C:\Windows\System\CkcEvbb.exe
  C:\Windows\System\CkcEvbb.exe
  2⤵
  PID:9028
- C:\Windows\System\FPUyzPX.exe
  C:\Windows\System\FPUyzPX.exe
  2⤵
  PID:9044
- C:\Windows\System\ksvKaOl.exe
  C:\Windows\System\ksvKaOl.exe
  2⤵
  PID:9060
- C:\Windows\System\aJRXCdj.exe
  C:\Windows\System\aJRXCdj.exe
  2⤵
  PID:9076
- C:\Windows\System\YilpAyy.exe
  C:\Windows\System\YilpAyy.exe
  2⤵
  PID:9092
- C:\Windows\System\odHtmhs.exe
  C:\Windows\System\odHtmhs.exe
  2⤵
  PID:9108
- C:\Windows\System\gRWinSs.exe
  C:\Windows\System\gRWinSs.exe
  2⤵
  PID:9124
- C:\Windows\System\BKtHaxp.exe
  C:\Windows\System\BKtHaxp.exe
  2⤵
  PID:9140
- C:\Windows\System\tazauIT.exe
  C:\Windows\System\tazauIT.exe
  2⤵
  PID:9156
- C:\Windows\System\LPpSBTk.exe
  C:\Windows\System\LPpSBTk.exe
  2⤵
  PID:9172
- C:\Windows\System\XpFylRr.exe
  C:\Windows\System\XpFylRr.exe
  2⤵
  PID:9188
- C:\Windows\System\sDZPgNj.exe
  C:\Windows\System\sDZPgNj.exe
  2⤵
  PID:9204
- C:\Windows\System\iUNAFOZ.exe
  C:\Windows\System\iUNAFOZ.exe
  2⤵
  PID:8104
- C:\Windows\System\TTvwzzP.exe
  C:\Windows\System\TTvwzzP.exe
  2⤵
  PID:7732
- C:\Windows\System\NrgQnRB.exe
  C:\Windows\System\NrgQnRB.exe
  2⤵
  PID:7372
- C:\Windows\System\jgMMvYh.exe
  C:\Windows\System\jgMMvYh.exe
  2⤵
  PID:7644
- C:\Windows\System\BGnGIJf.exe
  C:\Windows\System\BGnGIJf.exe
  2⤵
  PID:8224
- C:\Windows\System\RBOPcpG.exe
  C:\Windows\System\RBOPcpG.exe
  2⤵
  PID:8236
- C:\Windows\System\lgeRXqD.exe
  C:\Windows\System\lgeRXqD.exe
  2⤵
  PID:1568
- C:\Windows\System\EpECiic.exe
  C:\Windows\System\EpECiic.exe
  2⤵
  PID:8288
- C:\Windows\System\rqZhdRb.exe
  C:\Windows\System\rqZhdRb.exe
  2⤵
  PID:8308
- C:\Windows\System\YKyQLne.exe
  C:\Windows\System\YKyQLne.exe
  2⤵
  PID:8324
- C:\Windows\System\tdWywls.exe
  C:\Windows\System\tdWywls.exe
  2⤵
  PID:8348
- C:\Windows\System\ROeMQeu.exe
  C:\Windows\System\ROeMQeu.exe
  2⤵
  PID:8360
- C:\Windows\System\UPqoRKh.exe
  C:\Windows\System\UPqoRKh.exe
  2⤵
  PID:8376
- C:\Windows\System\HHNMjsm.exe
  C:\Windows\System\HHNMjsm.exe
  2⤵
  PID:8388
- C:\Windows\System\ZtSVyyW.exe
  C:\Windows\System\ZtSVyyW.exe
  2⤵
  PID:8412
- C:\Windows\System\LNKKfnN.exe
  C:\Windows\System\LNKKfnN.exe
  2⤵
  PID:8416
- C:\Windows\System\pJhBUKx.exe
  C:\Windows\System\pJhBUKx.exe
  2⤵
  PID:8428
- C:\Windows\System\nhKJFzb.exe
  C:\Windows\System\nhKJFzb.exe
  2⤵
  PID:2900
- C:\Windows\System\kuvxWoO.exe
  C:\Windows\System\kuvxWoO.exe
  2⤵
  PID:8508
- C:\Windows\System\WLIBiXR.exe
  C:\Windows\System\WLIBiXR.exe
  2⤵
  PID:8544
- C:\Windows\System\fnQpfOY.exe
  C:\Windows\System\fnQpfOY.exe
  2⤵
  PID:8524
- C:\Windows\System\aHNNOPz.exe
  C:\Windows\System\aHNNOPz.exe
  2⤵
  PID:8668
- C:\Windows\System\vHaJhiJ.exe
  C:\Windows\System\vHaJhiJ.exe
  2⤵
  PID:8732
- C:\Windows\System\LzxVagW.exe
  C:\Windows\System\LzxVagW.exe
  2⤵
  PID:8768
- C:\Windows\System\iZTzcQf.exe
  C:\Windows\System\iZTzcQf.exe
  2⤵
  PID:8560
- C:\Windows\System\wgnHlER.exe
  C:\Windows\System\wgnHlER.exe
  2⤵
  PID:8624
- C:\Windows\System\UqqeChi.exe
  C:\Windows\System\UqqeChi.exe
  2⤵
  PID:8688
- C:\Windows\System\ZTfDmGf.exe
  C:\Windows\System\ZTfDmGf.exe
  2⤵
  PID:8752
- C:\Windows\System\fjdbbBe.exe
  C:\Windows\System\fjdbbBe.exe
  2⤵
  PID:8800
- C:\Windows\System\PsMaAGR.exe
  C:\Windows\System\PsMaAGR.exe
  2⤵
  PID:1540
- C:\Windows\System\TrKpKXu.exe
  C:\Windows\System\TrKpKXu.exe
  2⤵
  PID:8852
- C:\Windows\System\lyTNuYA.exe
  C:\Windows\System\lyTNuYA.exe
  2⤵
  PID:8920
- C:\Windows\System\sYhVHvr.exe
  C:\Windows\System\sYhVHvr.exe
  2⤵
  PID:8940
- C:\Windows\System\DlVlOvW.exe
  C:\Windows\System\DlVlOvW.exe
  2⤵
  PID:8872
- C:\Windows\System\gmMLPTl.exe
  C:\Windows\System\gmMLPTl.exe
  2⤵
  PID:8948
- C:\Windows\System\lHnVNkP.exe
  C:\Windows\System\lHnVNkP.exe
  2⤵
  PID:5036
- C:\Windows\System\wzAyqRb.exe
  C:\Windows\System\wzAyqRb.exe
  2⤵
  PID:8968
- C:\Windows\System\gsjspIP.exe
  C:\Windows\System\gsjspIP.exe
  2⤵
  PID:9016
- C:\Windows\System\UELOCaQ.exe
  C:\Windows\System\UELOCaQ.exe
  2⤵
  PID:9100
- C:\Windows\System\WhvqTww.exe
  C:\Windows\System\WhvqTww.exe
  2⤵
  PID:9036
- C:\Windows\System\zNqqGkC.exe
  C:\Windows\System\zNqqGkC.exe
  2⤵
  PID:9056
- C:\Windows\System\XABiZwM.exe
  C:\Windows\System\XABiZwM.exe
  2⤵
  PID:9152
- C:\Windows\System\BxMtffa.exe
  C:\Windows\System\BxMtffa.exe
  2⤵
  PID:9164
- C:\Windows\System\mpDkJeW.exe
  C:\Windows\System\mpDkJeW.exe
  2⤵
  PID:2320
- C:\Windows\System\vMgVfqH.exe
  C:\Windows\System\vMgVfqH.exe
  2⤵
  PID:7956
- C:\Windows\System\MsEHbfg.exe
  C:\Windows\System\MsEHbfg.exe
  2⤵
  PID:8072
- C:\Windows\System\jlRvdKZ.exe
  C:\Windows\System\jlRvdKZ.exe
  2⤵
  PID:8208
- C:\Windows\System\wTWbGJC.exe
  C:\Windows\System\wTWbGJC.exe
  2⤵
  PID:8184
- C:\Windows\System\SJpORKS.exe
  C:\Windows\System\SJpORKS.exe
  2⤵
  PID:8092
- C:\Windows\System\koAeGlN.exe
  C:\Windows\System\koAeGlN.exe
  2⤵
  PID:2104
- C:\Windows\System\EGtYEUa.exe
  C:\Windows\System\EGtYEUa.exe
  2⤵
  PID:8304
- C:\Windows\System\ZwggRMR.exe
  C:\Windows\System\ZwggRMR.exe
  2⤵
  PID:8368
- C:\Windows\System\DaOMqLv.exe
  C:\Windows\System\DaOMqLv.exe
  2⤵
  PID:8448
- C:\Windows\System\yHQHnTE.exe
  C:\Windows\System\yHQHnTE.exe
  2⤵
  PID:8476
- C:\Windows\System\mGEtEtw.exe
  C:\Windows\System\mGEtEtw.exe
  2⤵
  PID:8608
- C:\Windows\System\POgfKKi.exe
  C:\Windows\System\POgfKKi.exe
  2⤵
  PID:8620
- C:\Windows\System\avRYaFi.exe
  C:\Windows\System\avRYaFi.exe
  2⤵
  PID:8576
- C:\Windows\System\FkETKij.exe
  C:\Windows\System\FkETKij.exe
  2⤵
  PID:8528
- C:\Windows\System\FPLFjjY.exe
  C:\Windows\System\FPLFjjY.exe
  2⤵
  PID:8784
- C:\Windows\System\wKtQoZL.exe
  C:\Windows\System\wKtQoZL.exe
  2⤵
  PID:2628
- C:\Windows\System\HjTMJvn.exe
  C:\Windows\System\HjTMJvn.exe
  2⤵
  PID:8808
- C:\Windows\System\MAUchvj.exe
  C:\Windows\System\MAUchvj.exe
  2⤵
  PID:8904
- C:\Windows\System\derzYWm.exe
  C:\Windows\System\derzYWm.exe
  2⤵
  PID:9004
- C:\Windows\System\TBtSayJ.exe
  C:\Windows\System\TBtSayJ.exe
  2⤵
  PID:9000
- C:\Windows\System\rCwURxa.exe
  C:\Windows\System\rCwURxa.exe
  2⤵
  PID:7600
- C:\Windows\System\cqWBnyt.exe
  C:\Windows\System\cqWBnyt.exe
  2⤵
  PID:8404
- C:\Windows\System\mpJVXpX.exe
  C:\Windows\System\mpJVXpX.exe
  2⤵
  PID:8748
- C:\Windows\System\umxnSCP.exe
  C:\Windows\System\umxnSCP.exe
  2⤵
  PID:8292
- C:\Windows\System\zCiqJZo.exe
  C:\Windows\System\zCiqJZo.exe
  2⤵
  PID:1348
- C:\Windows\System\ABvaaQs.exe
  C:\Windows\System\ABvaaQs.exe
  2⤵
  PID:9104
- C:\Windows\System\QjqYbkK.exe
  C:\Windows\System\QjqYbkK.exe
  2⤵
  PID:2968
- C:\Windows\System\yyLJjBz.exe
  C:\Windows\System\yyLJjBz.exe
  2⤵
  PID:1984
- C:\Windows\System\ShZcfaY.exe
  C:\Windows\System\ShZcfaY.exe
  2⤵
  PID:8220
- C:\Windows\System\ZRGdrLw.exe
  C:\Windows\System\ZRGdrLw.exe
  2⤵
  PID:9212
- C:\Windows\System\dHdsbZD.exe
  C:\Windows\System\dHdsbZD.exe
  2⤵
  PID:2688
- C:\Windows\System\yFDfacm.exe
  C:\Windows\System\yFDfacm.exe
  2⤵
  PID:1552
- C:\Windows\System\OZSiqYV.exe
  C:\Windows\System\OZSiqYV.exe
  2⤵
  PID:4676
- C:\Windows\System\wjkPjRt.exe
  C:\Windows\System\wjkPjRt.exe
  2⤵
  PID:8256
- C:\Windows\System\tgVzbUa.exe
  C:\Windows\System\tgVzbUa.exe
  2⤵
  PID:672
- C:\Windows\System\sXQMgfG.exe
  C:\Windows\System\sXQMgfG.exe
  2⤵
  PID:8372
- C:\Windows\System\akuKsxR.exe
  C:\Windows\System\akuKsxR.exe
  2⤵
  PID:9116
- C:\Windows\System\zeibxMw.exe
  C:\Windows\System\zeibxMw.exe
  2⤵
  PID:9224
- C:\Windows\System\sJDlyor.exe
  C:\Windows\System\sJDlyor.exe
  2⤵
  PID:9248
- C:\Windows\System\JupjyUu.exe
  C:\Windows\System\JupjyUu.exe
  2⤵
  PID:9268
- C:\Windows\System\qvichaA.exe
  C:\Windows\System\qvichaA.exe
  2⤵
  PID:9288
- C:\Windows\System\gBEAPGo.exe
  C:\Windows\System\gBEAPGo.exe
  2⤵
  PID:9304
- C:\Windows\System\VVxUjWv.exe
  C:\Windows\System\VVxUjWv.exe
  2⤵
  PID:9360
- C:\Windows\System\YdqXPMx.exe
  C:\Windows\System\YdqXPMx.exe
  2⤵
  PID:9388
- C:\Windows\System\stIGucO.exe
  C:\Windows\System\stIGucO.exe
  2⤵
  PID:9412
- C:\Windows\System\HlgkwAh.exe
  C:\Windows\System\HlgkwAh.exe
  2⤵
  PID:9448
- C:\Windows\System\MDRSWTk.exe
  C:\Windows\System\MDRSWTk.exe
  2⤵
  PID:9468
- C:\Windows\System\kvUVxAs.exe
  C:\Windows\System\kvUVxAs.exe
  2⤵
  PID:9488
- C:\Windows\System\QpOSTZt.exe
  C:\Windows\System\QpOSTZt.exe
  2⤵
  PID:9504
- C:\Windows\System\uUJMQWq.exe
  C:\Windows\System\uUJMQWq.exe
  2⤵
  PID:9520
- C:\Windows\System\nvIVzYe.exe
  C:\Windows\System\nvIVzYe.exe
  2⤵
  PID:9540
- C:\Windows\System\vMEcwiI.exe
  C:\Windows\System\vMEcwiI.exe
  2⤵
  PID:9556
- C:\Windows\System\GGDoBFQ.exe
  C:\Windows\System\GGDoBFQ.exe
  2⤵
  PID:9572
- C:\Windows\System\hveXzUA.exe
  C:\Windows\System\hveXzUA.exe
  2⤵
  PID:9588
- C:\Windows\System\alIGtCj.exe
  C:\Windows\System\alIGtCj.exe
  2⤵
  PID:9604
- C:\Windows\System\CNBDjCa.exe
  C:\Windows\System\CNBDjCa.exe
  2⤵
  PID:9624
- C:\Windows\System\EKzdGlh.exe
  C:\Windows\System\EKzdGlh.exe
  2⤵
  PID:9648
- C:\Windows\System\wCONoFG.exe
  C:\Windows\System\wCONoFG.exe
  2⤵
  PID:9668
- C:\Windows\System\aUuOqGK.exe
  C:\Windows\System\aUuOqGK.exe
  2⤵
  PID:9688
- C:\Windows\System\VnFaSGE.exe
  C:\Windows\System\VnFaSGE.exe
  2⤵
  PID:9708
- C:\Windows\System\BoTPZxx.exe
  C:\Windows\System\BoTPZxx.exe
  2⤵
  PID:9724
- C:\Windows\System\madZkAj.exe
  C:\Windows\System\madZkAj.exe
  2⤵
  PID:9740
- C:\Windows\System\YbRTawe.exe
  C:\Windows\System\YbRTawe.exe
  2⤵
  PID:9756
- C:\Windows\System\TMToYNm.exe
  C:\Windows\System\TMToYNm.exe
  2⤵
  PID:9776
- C:\Windows\System\RWSAJFf.exe
  C:\Windows\System\RWSAJFf.exe
  2⤵
  PID:9792
- C:\Windows\System\YfUeoMa.exe
  C:\Windows\System\YfUeoMa.exe
  2⤵
  PID:9808
- C:\Windows\System\JrEQZoK.exe
  C:\Windows\System\JrEQZoK.exe
  2⤵
  PID:9824
- C:\Windows\System\IllJPxd.exe
  C:\Windows\System\IllJPxd.exe
  2⤵
  PID:9840
- C:\Windows\System\zNhxHgK.exe
  C:\Windows\System\zNhxHgK.exe
  2⤵
  PID:9880
- C:\Windows\System\NjahyYd.exe
  C:\Windows\System\NjahyYd.exe
  2⤵
  PID:9936
- C:\Windows\System\BLcfKjv.exe
  C:\Windows\System\BLcfKjv.exe
  2⤵
  PID:9952
- C:\Windows\System\VeBdTZA.exe
  C:\Windows\System\VeBdTZA.exe
  2⤵
  PID:9968
- C:\Windows\System\wkoyXKF.exe
  C:\Windows\System\wkoyXKF.exe
  2⤵
  PID:9984
- C:\Windows\System\kTOMmIm.exe
  C:\Windows\System\kTOMmIm.exe
  2⤵
  PID:10000
- C:\Windows\System\sBtKjPJ.exe
  C:\Windows\System\sBtKjPJ.exe
  2⤵
  PID:10016
- C:\Windows\System\KPVYdkY.exe
  C:\Windows\System\KPVYdkY.exe
  2⤵
  PID:10032
- C:\Windows\System\WDgnTiz.exe
  C:\Windows\System\WDgnTiz.exe
  2⤵
  PID:10048
- C:\Windows\System\qAVsbyj.exe
  C:\Windows\System\qAVsbyj.exe
  2⤵
  PID:10068
- C:\Windows\System\onEVSpB.exe
  C:\Windows\System\onEVSpB.exe
  2⤵
  PID:10084
- C:\Windows\System\qitvkUX.exe
  C:\Windows\System\qitvkUX.exe
  2⤵
  PID:10120
- C:\Windows\System\XdTVqQN.exe
  C:\Windows\System\XdTVqQN.exe
  2⤵
  PID:10164
- C:\Windows\System\aMCWBfW.exe
  C:\Windows\System\aMCWBfW.exe
  2⤵
  PID:10180
- C:\Windows\System\vcWHweD.exe
  C:\Windows\System\vcWHweD.exe
  2⤵
  PID:10200
- C:\Windows\System\UqIMgEk.exe
  C:\Windows\System\UqIMgEk.exe
  2⤵
  PID:10216
- C:\Windows\System\aqhBdBT.exe
  C:\Windows\System\aqhBdBT.exe
  2⤵
  PID:10232
- C:\Windows\System\KdxgYRS.exe
  C:\Windows\System\KdxgYRS.exe
  2⤵
  PID:2168
- C:\Windows\System\kyVmHLd.exe
  C:\Windows\System\kyVmHLd.exe
  2⤵
  PID:2756
- C:\Windows\System\dSrZrkD.exe
  C:\Windows\System\dSrZrkD.exe
  2⤵
  PID:9220
- C:\Windows\System\qHZcAJg.exe
  C:\Windows\System\qHZcAJg.exe
  2⤵
  PID:8984
- C:\Windows\System\cBpMjPL.exe
  C:\Windows\System\cBpMjPL.exe
  2⤵
  PID:8460
- C:\Windows\System\zvEUYtk.exe
  C:\Windows\System\zvEUYtk.exe
  2⤵
  PID:9136
- C:\Windows\System\imtbMuP.exe
  C:\Windows\System\imtbMuP.exe
  2⤵
  PID:9316
- C:\Windows\System\nwAtWUd.exe
  C:\Windows\System\nwAtWUd.exe
  2⤵
  PID:9244
- C:\Windows\System\KdekceZ.exe
  C:\Windows\System\KdekceZ.exe
  2⤵
  PID:9324
- C:\Windows\System\ylDjVbZ.exe
  C:\Windows\System\ylDjVbZ.exe
  2⤵
  PID:9340
- C:\Windows\System\UwirRFp.exe
  C:\Windows\System\UwirRFp.exe
  2⤵
  PID:9404
- C:\Windows\System\YAqSEVk.exe
  C:\Windows\System\YAqSEVk.exe
  2⤵
  PID:9420
- C:\Windows\System\vKOmszd.exe
  C:\Windows\System\vKOmszd.exe
  2⤵
  PID:9440
- C:\Windows\System\tFOnOBp.exe
  C:\Windows\System\tFOnOBp.exe
  2⤵
  PID:9484
- C:\Windows\System\EBVVxYj.exe
  C:\Windows\System\EBVVxYj.exe
  2⤵
  PID:9500
- C:\Windows\System\czyfMqy.exe
  C:\Windows\System\czyfMqy.exe
  2⤵
  PID:9580
- C:\Windows\System\cZAImJv.exe
  C:\Windows\System\cZAImJv.exe
  2⤵
  PID:9584
- C:\Windows\System\igZGmKQ.exe
  C:\Windows\System\igZGmKQ.exe
  2⤵
  PID:9660
- C:\Windows\System\HKyfnJy.exe
  C:\Windows\System\HKyfnJy.exe
  2⤵
  PID:9704
- C:\Windows\System\EhUpUUg.exe
  C:\Windows\System\EhUpUUg.exe
  2⤵
  PID:9772
- C:\Windows\System\zCWDcda.exe
  C:\Windows\System\zCWDcda.exe
  2⤵
  PID:9676
- C:\Windows\System\bpIDkiw.exe
  C:\Windows\System\bpIDkiw.exe
  2⤵
  PID:9644
- C:\Windows\System\nzmWARk.exe
  C:\Windows\System\nzmWARk.exe
  2⤵
  PID:9720
- C:\Windows\System\fwdhvBB.exe
  C:\Windows\System\fwdhvBB.exe
  2⤵
  PID:9816
- C:\Windows\System\SoyPPcH.exe
  C:\Windows\System\SoyPPcH.exe
  2⤵
  PID:9852
- C:\Windows\System\lzjWhNn.exe
  C:\Windows\System\lzjWhNn.exe
  2⤵
  PID:9876
- C:\Windows\System\mQHJmxH.exe
  C:\Windows\System\mQHJmxH.exe
  2⤵
  PID:9232
- C:\Windows\System\VslAZoW.exe
  C:\Windows\System\VslAZoW.exe
  2⤵
  PID:9920
- C:\Windows\System\sMUinzE.exe
  C:\Windows\System\sMUinzE.exe
  2⤵
  PID:9928
- C:\Windows\System\bwIYaIp.exe
  C:\Windows\System\bwIYaIp.exe
  2⤵
  PID:9980
- C:\Windows\System\rUNLKZm.exe
  C:\Windows\System\rUNLKZm.exe
  2⤵
  PID:10060
- C:\Windows\System\hMPPTzi.exe
  C:\Windows\System\hMPPTzi.exe
  2⤵
  PID:10080
- C:\Windows\System\SsvfqJo.exe
  C:\Windows\System\SsvfqJo.exe
  2⤵
  PID:10100
- C:\Windows\System\FPbVXua.exe
  C:\Windows\System\FPbVXua.exe
  2⤵
  PID:10108
- C:\Windows\System\infkmcv.exe
  C:\Windows\System\infkmcv.exe
  2⤵
  PID:10144
- C:\Windows\System\BVfLQMS.exe
  C:\Windows\System\BVfLQMS.exe
  2⤵
  PID:10160
- C:\Windows\System\ULwFnHR.exe
  C:\Windows\System\ULwFnHR.exe
  2⤵
  PID:10212
- C:\Windows\System\JtiHkFo.exe
  C:\Windows\System\JtiHkFo.exe
  2⤵
  PID:8928
- C:\Windows\System\itGXVdI.exe
  C:\Windows\System\itGXVdI.exe
  2⤵
  PID:8908
- C:\Windows\System\IiLjbfE.exe
  C:\Windows\System\IiLjbfE.exe
  2⤵
  PID:5480
- C:\Windows\System\ZdGvAKZ.exe
  C:\Windows\System\ZdGvAKZ.exe
  2⤵
  PID:8684
- C:\Windows\System\fQYSQef.exe
  C:\Windows\System\fQYSQef.exe
  2⤵
  PID:9280
- C:\Windows\System\spzFYvk.exe
  C:\Windows\System\spzFYvk.exe
  2⤵
  PID:9328
- C:\Windows\System\LitiwUx.exe
  C:\Windows\System\LitiwUx.exe
  2⤵
  PID:9356
- C:\Windows\System\uWLtYSU.exe
  C:\Windows\System\uWLtYSU.exe
  2⤵
  PID:9352
- C:\Windows\System\vmtHCNH.exe
  C:\Windows\System\vmtHCNH.exe
  2⤵
  PID:9436
- C:\Windows\System\uKvKDbB.exe
  C:\Windows\System\uKvKDbB.exe
  2⤵
  PID:9464
- C:\Windows\System\eJpApvn.exe
  C:\Windows\System\eJpApvn.exe
  2⤵
  PID:9496
- C:\Windows\System\NWivEbE.exe
  C:\Windows\System\NWivEbE.exe
  2⤵
  PID:9564
- C:\Windows\System\ckuSffB.exe
  C:\Windows\System\ckuSffB.exe
  2⤵
  PID:9612
- C:\Windows\System\WkeAjtR.exe
  C:\Windows\System\WkeAjtR.exe
  2⤵
  PID:9700
- C:\Windows\System\YUzqtcp.exe
  C:\Windows\System\YUzqtcp.exe
  2⤵
  PID:9832
- C:\Windows\System\NmPEpic.exe
  C:\Windows\System\NmPEpic.exe
  2⤵
  PID:9892
- C:\Windows\System\SFfJhDR.exe
  C:\Windows\System\SFfJhDR.exe
  2⤵
  PID:9860
- C:\Windows\System\OeMJsnM.exe
  C:\Windows\System\OeMJsnM.exe
  2⤵
  PID:10012
- C:\Windows\System\sSaaIrF.exe
  C:\Windows\System\sSaaIrF.exe
  2⤵
  PID:10024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CyaPCJr.exe

Filesize
6.0MB

MD5
6d2d90f70015810dfeb017225f403153

SHA1
e13070b67ba7ffd00f6f17c7b79021b9e76924c6

SHA256
ef63d11b80f04901a26c99e1750ac424df13f7e7fba55958ae390a3411993543

SHA512
149a69f25eaed6b5eaa98997e059060b7172e34e3ee11773f08c12adef8a5230c5b42c087999d41fd72caff3795685220621aabb349ecab1c1695a35fa332b28

Download Submit
C:\Windows\system\DbnwKBU.exe

Filesize
6.0MB

MD5
843116e3bb6b0c26121b73c3c89a10ee

SHA1
46aab05116ce677a4442271fd22d3c4759202d95

SHA256
5a62558783d4fe0779bea2132ad4689dbcb5ca41ae9a7a951ae994a66ce4f6c9

SHA512
9fee88e1462ee25318440e092782ab1d23f5cddac13c092cf0b9e8fbeb9da322b5b126341124c80265ae97a321fed8bb805c92f4573d33fdf9405dce50985afd

Download Submit
C:\Windows\system\GvafYep.exe

Filesize
6.0MB

MD5
2118b53eb2c9ef1c63c82a15e7ab7b15

SHA1
c17174de95f2c6138e2e753dd2c9d21ee37cd3f2

SHA256
d8bb133056fd06fe2c3070d0fab37e691a995dcebd6d6b896ac81e70174a520f

SHA512
92cd2b3bbe3f752a3000e83e9ec67b0e1b2aac383c6f82ff0a28d98e0929dbef239bfa04a9c1c9c4526ecadab8da87f9533e80451fad3423209cc8c666c630b3

Download Submit
C:\Windows\system\JXcEUke.exe

Filesize
6.0MB

MD5
294487313ca07eb61bd3041ce6d95879

SHA1
1c51bd45b63859c2e12cb7bb98fd6b8fd8cdbf9e

SHA256
91c353ba95d1d14bc6a59dcd97055ab784636cf505e5b45d446ef49f3a072564

SHA512
946a31f62bd1f181b9aa1d4c73da993d8cedb18197ebdeb99d9c73f113aa34b3b27dd2c3253b008cd691b10b92063f9d428c3f6ca980968069501e096b2baad5

Download Submit
C:\Windows\system\KRPSiJP.exe

Filesize
6.0MB

MD5
034053e0b6781629795a7e039ca0b7fd

SHA1
7f00e6c38661221a87e80fcbd5d951a5e22a29e3

SHA256
02adad9afa4a04c21f0cf009b626df5a7263f918f1a994d23ea7eec922f94963

SHA512
2f3423d76a86e5863e03c39399f96511487b60645f4832c40e071ad351e62b0ae81b6f08740b33e7b131eb8cbf4e7fc86fd519d0141512d3e64ebdbb805dc91f

Download Submit
C:\Windows\system\LNQLoNe.exe

Filesize
6.0MB

MD5
712bca238ba6ee167d9b9803f1a1b045

SHA1
c127ec3174601f784e2ac4810f1856220e783a7a

SHA256
de4a4b01d13c40ca76b51ea2ec88f61f84c2bec18165473fa5ad4ebac1f9afe6

SHA512
985540340a6d1aec90ae9485643bdb8cf392a161f7d0bf926da1a6b80c40c1c86812155fb37d3fcc08e80f32f610962e383211615e863f7d651511f755c3b3c8

Download Submit
C:\Windows\system\LUxePkk.exe

Filesize
6.0MB

MD5
e6dbf9326254168874aa857bdcfaedbd

SHA1
ae8450cae3de5d32035f51d899f1250ebc8fab77

SHA256
cf1d1551f01193dc4bbcd4989501d781c069811bca1f1a114e4ae7504b1484d9

SHA512
e7ad71e1ce1d8d839c349b081ab9614146620e3045466a5771a8b4cb9c05a4ced073c76cfc04e25f5a5951d252dff438243816fc908bfa8263d58f21a33ec8f9

Download Submit
C:\Windows\system\RJzSjFn.exe

Filesize
6.0MB

MD5
d42f6ab42a113277bb2cd6afaa320e93

SHA1
87196314458888bfd56dee949af2bb76a527cf07

SHA256
528d2bf29e859171169364c43cd80213b7205f0b2a02e88ee793c2aa8011b925

SHA512
e5e8f69591b12c2471974e056a321832126780426ef38c1c5a4461e28ccc4e0e424836bf14d91c0868c46db33c1013ea05f77a2d1868ff13b6bc60de5cc9cb04

Download Submit
C:\Windows\system\TGJemQK.exe

Filesize
6.0MB

MD5
b2d84d16abd9ca92a8775f87fb6368a1

SHA1
1f4796094ded1c27b8d0069fa0dc216da4a87278

SHA256
d0c876d48983f310f4a4f4c66a6b40db6a059af7430a47d609f9d2466bd7efa6

SHA512
73d9e761d6a565802f80bf1b28f217e338d1774dbeb24b7d5cb628cd8f078f26edf2e5506d5be3997d7d78cc4a3af6f63733288aa5d3faf0373cde192a02a7e3

Download Submit
C:\Windows\system\TrJEbeT.exe

Filesize
6.0MB

MD5
4e0a404a8a6e68d37041802f04ca8e3e

SHA1
5b3c4c031c926ca26fded4e27729f3a6db7f2840

SHA256
ec67a3f5297b91cfcc198cd9d9d23e2430126ec901b84e0f23898898c614e9bf

SHA512
e7c0292c2c51a92635064a11d8b180024a09f406c5da29ccff66f063004e01ac55d7a6e3955ea2afac9d7a91c4fdf31fe5f2bb1ec3c5ce313ab8450f61312cf6

Download Submit
C:\Windows\system\TzhYoff.exe

Filesize
6.0MB

MD5
7037c687a0cc7da95b1939cc7b9b1390

SHA1
c0889ddb8f53a9bf536de55eb8e22a97de4931d6

SHA256
5e19fcd98f7b12cf11b94bf7eb2e10605a56eb0982a43809461657856da0c072

SHA512
7d18c628ba7f34f980e553b3d131d28c55da2b85dc42c99606e66e5625b4cf69c86c504c6b94d7d2f0b113dc910e0c51d68047e2fc7ce0e2cbea1c92f5902b8b

Download Submit
C:\Windows\system\ZxbYLLw.exe

Filesize
6.0MB

MD5
81c04a09a3b2004c9968e1dd9614df10

SHA1
0ad57e8be3a2455591d4b68b429d72e642c19969

SHA256
ef2b02f802298d29a2d161400ab0d2e606e0e1bd61b3db0cc91c5119558bdb4c

SHA512
debf402547cf90584aee23bd102a32149918cbba1712de70dc96de9b0ef286093661acd9bbb36ec2b4e7189af3b7d91ace372d80d3122ec61d57d9c0e5bd6192

Download Submit
C:\Windows\system\baOCsLz.exe

Filesize
6.0MB

MD5
d0de85b71fbbcfc3166cc9d71d449887

SHA1
f102fc83b9a342e5765461da13ad53f4b46715af

SHA256
fb2effea14b61b1c9b909f7a3a7daece6cdcd584132fcf3d65c875cbb7592cdf

SHA512
52f0a6d28db5430b2cf7acc3e341157c0c492fdfccd55479df2b3836b6ea84486e3a0ec280bc052c5cca8aa51c49f791374941b3fa7ce1fa12fda21dbbbd8570

Download Submit
C:\Windows\system\boFjsQK.exe

Filesize
6.0MB

MD5
622ba6978fc4fcb605b5085e8ee8b3cc

SHA1
f10c3ff8d3f721ccfe2f497f977a0cdf3f1f7c00

SHA256
76d6ac447baf98dd3fb6b15610ed9fe60e9604a2c9392e5da50ab8ac1fb45e43

SHA512
4a8b7c4815f4e4d0d104b89675f0a244a857fc0a550c2459851bfb21396becc9c8f3c54350ff901e5aec1b0093d1bf993c3a3843fdb57890328776f5d87116c3

Download Submit
C:\Windows\system\cMXthzX.exe

Filesize
6.0MB

MD5
203be845309b02e0f146200b0008f481

SHA1
0058f2557829f5545d1391fd262a4ae84ed51f9f

SHA256
36168a1a9b55e5d6f897906d9742fa42186856811841cef5ddbd54577aef4474

SHA512
1644754d60ac83e9b49cdc89cfb406260da5ba9a3fe83ccba5d39b3ca3447436888a514a3f92d1d4a9c5cbbce35f5a6303548a9e435f74f5ab334f274a34b027

Download Submit
C:\Windows\system\jqDDqWv.exe

Filesize
6.0MB

MD5
d5cffc9aacb42f23b25c45bce8199735

SHA1
ec04225d0babbfd4cfa9f8df30551b4527b95596

SHA256
7fe158842d44027cf426dfeb8ff1e11f0812ce388a13f18af4d6c6413b9064aa

SHA512
18befbe449322d3e85f5446ce168b16b7d61d873b8bc836e64c888e36ea402c7c8d3887c07ae8e11079812913eec9c26f009fd1878a31fa5ff6702139c63197b

Download Submit
C:\Windows\system\kGtsNMw.exe

Filesize
6.0MB

MD5
8ea3b187e9473ba5931c3a77082e7896

SHA1
c8f140191b4915e936d491b2cd6a17b56f89c317

SHA256
92af34825bde8c1b6c4aa0e4de47c8b5d3d7c39b4cbf5c30b4c70d1e1c3106bf

SHA512
8192fedba439432d7da301b703cf655af8aebecca35fdada8eb929ade222f43292ff6e4a71ddfe230fbb115c39ccb6af8ccbc0bf666b4766c7e7e38c55113462

Download Submit
C:\Windows\system\nvfjxqI.exe

Filesize
6.0MB

MD5
7a66847af3e5bc28111f6b3cc97a1a1c

SHA1
68505e7406b73b752862570b174c469a6a320ada

SHA256
b0f7ae99b1459311e28b039f19c4294a3353ea631a2d15bbfba65e28198972c8

SHA512
3e1c46c78b6ba1ba19f7373b026d3ff207167b1b2b1c0e5d2b3c68b3ebcc51012901bcc12d5d1cfbf311bef6701e5395838d89842f2965ff9d6ad5f612d2a68f

Download Submit
C:\Windows\system\pdBEOHm.exe

Filesize
6.0MB

MD5
b8eeb2537bac0da0cec0dfa37ec51a0e

SHA1
722ecc1a29dccec012534f798c3b5d9afc50df1a

SHA256
7d772c0af2396ef0c6fb4ac78c3c06e2bb5945e933b0ee72215a4c55e0340bfa

SHA512
6ea653a09498c311964d2b5619c2f51a91da3122b937fb31113b5afaa274f58254f14e5d7f3dd89f13966eb51a3ab771369da04d3688d64c7f78717b9f1f7764

Download Submit
C:\Windows\system\qKDaFZi.exe

Filesize
6.0MB

MD5
0f95872ea7ff37f32e1b7e12af176fbf

SHA1
242529c4185fec8da7ace870e8967e528316652b

SHA256
c47383734b4c0598d3fbdde745f677da9def1890648299aa89addccdb054648a

SHA512
b191fd198b0ba412c0c3b20dea6e72933d13b3f63145e1c37e7e2792817b9759280ac85027db1eb0b75cf7d0ff3e54c55e6639f5ae710a46549b1b1d29e085e5

Download Submit
C:\Windows\system\rPCKjfc.exe

Filesize
6.0MB

MD5
4d1cce5461a70a72c68ccbfda374a308

SHA1
3fca67af48c6596ceb3dbc4a9242d3f57d3580a0

SHA256
d27e5a3220c89053a65cfecb476779539848907c415f4061c4e4674dab31c4c0

SHA512
280e0979d84f432ab2887c3e045afc84ae3929a5d91b7f66d8938c1d6232a557f2b88baabc271fd17c6e96833af2429cfd7eb79c7744acecaa2e54b44ff02e99

Download Submit
C:\Windows\system\sUSKRqo.exe

Filesize
6.0MB

MD5
f7720f352b4fc16c312d34b724d5609e

SHA1
ef894939d06ba4293b453283ef002bbe007afdc9

SHA256
e368f372310e3ca7cb1a68b237a0f6560be6ab7c1eb19bc097c8857fad0cab2a

SHA512
4ebfc6b44c9fb4165054f99fcc958725bca352bfe277c59c501b723cbcf8e0e891a378ad38793ee83f2accbee870d61fa512e25b7085db9543d58801e837800e

Download Submit
C:\Windows\system\tJjJgoE.exe

Filesize
6.0MB

MD5
f1a0f98c8967419db158eaea4ae85e82

SHA1
ada365b9b782f54ab4f97366b3cf51bb23cab5e2

SHA256
d237e8edd2dbde687b536e3cf78df85cfe43dc21d2bbd1a895510e24abf3bacd

SHA512
71c6fa841430fc1ec81904581f95ab639184e3d653f7b0f22aef39098eab0e7a1074cd3ae24e668e617e64ed811c3b388aa41b1a70a586a5bea4c8abb2c731ab

Download Submit
C:\Windows\system\vmGMiMQ.exe

Filesize
6.0MB

MD5
161a5ef7dbe619410a273e0bf6ff6330

SHA1
375f344d92b39cc287f3a21a68dc69ea268ee935

SHA256
0df42680e89a58fad04251aabdfe5bfdedffa34b7122299958b887d290a8a1fc

SHA512
ec9e53902e1e92f0f11bb24e44b18674de7a728238f65f39fc6db441618da7f444bc98db7f8f476ed175cfd03802a681fb37cdff64c0b4ba5b3f7f66c27cadff

Download Submit
C:\Windows\system\xpteTGR.exe

Filesize
6.0MB

MD5
7ea0a5efdffadae930f114a43837f8b0

SHA1
db33e1b368f7f48a74f95244a1cf2bcf5e70b2ec

SHA256
ea4e360ed2e918a7a96c6dc1265fbe09e469c7ef9f0ffa0a7e6608690c026dfb

SHA512
b1f662f2d2d0f78b62a55ef521f2b2a779f03a03ffcb0f957f0af48f88623b9eb103b3edb3a91b765bd35939ec77b822a1f5c7f472ade1a91d3ec8f7beb0689e

Download Submit
C:\Windows\system\zExdEQI.exe

Filesize
6.0MB

MD5
49efb17624cf6233b93a1dbd3a1f4b84

SHA1
43404da57e64802648687b074d03426388fccbf2

SHA256
ae0c922c8ab0243ac1a0f0fa6bbd2bf535dd987f41491d4e8f06abb8ba8dc965

SHA512
dcaec269578af1f39d9c50d18f7bfff1a7648eba0a800f66fecadb52326911ea4d09e71e8f141f5fb2b972a31b7dbdbcee0ff483aa1cf69b364f19bf035843ac

Download Submit
\Windows\system\BClpfPj.exe

Filesize
6.0MB

MD5
63b5a1aaf8408bcc6175aa8133d2a22e

SHA1
2cc36a52e3c9f0e294835767f126564ef623b04b

SHA256
96bb097b93d3f60918472822e85b66c4db0992e5098f00df38d10604d95d082b

SHA512
c6019715bd126f327379f4e4063b0fd85150f893215ecfb7b9792c5b6d15124ca01c14ec629f06b8dbff64856929f14ecf1a16118175ab5308c4b7e06fa18b40

Download Submit
\Windows\system\CRnreCY.exe

Filesize
6.0MB

MD5
a6a2aff3bf11d9370f77891af57b6fee

SHA1
a0d93d153c21e97cb30d7a86b76292b2a8ad2c08

SHA256
2cc04c80bdba19904670bfe7860ac08b3b1d1c6324a61b633fade224962539da

SHA512
853da1dda3b54e8e6f71ca3d1dab2db33207b2738bd8c4654d3bae24db878c5341878df3a18b3cb94f91a11aeef1392b85864a25d7b12263a3df819fa50fe234

Download Submit
\Windows\system\MbEQmmO.exe

Filesize
6.0MB

MD5
c46b002a3f362813127e12535e0134c7

SHA1
2c8fc57ee14eb42993b053f48ef8fb561a621e0c

SHA256
1fb531e197c35f02bca98c9b6def9380fb93693a945b649116f9ccb4aeedf2ed

SHA512
5cc428188c784b87df7bed0cc6e288caf2c801de27e6655501984e51b57a44e1d3c3cef8e868804b35452b357d737785290f6d40f159034660d7b4a28e72d924

Download Submit
\Windows\system\TSiGnoi.exe

Filesize
6.0MB

MD5
20da775e3c32a4a4091076f592ef54dc

SHA1
e035fa0beddd4c0347b4521b92c8a3c55a576234

SHA256
a3feed7fc3213e441aecf6881378b99beafb63d44528e2e5030e25036fd832a8

SHA512
46b2a1cde263422626a65c5349c62247a3379ef9cdc55e227681026f6d2ba962891283146bbc7ba93d3a1d4aa95c5037448b55fce6813bd0bd0714200cedefcb

Download Submit
\Windows\system\XcfXzlH.exe

Filesize
6.0MB

MD5
13b4e70eeec8d084294f52aa7d688909

SHA1
69028448dea8d67c5311873a5b844a2740cf84f2

SHA256
d05c6b9aae334f906c966dc404a6d4ee60237121166b6c4f76235e211068c8dd

SHA512
5035cbc02244a9725417a2d000a674d6b600ea2ef59b0f815c7b37bb059d196f4f2a93e4fba2988ca9a011828a058a55a694257977b58fd485f18100dee5e235

Download Submit
\Windows\system\nhhTVRR.exe

Filesize
6.0MB

MD5
8039e9f3000af5eac1e35b0917473d90

SHA1
8ef5f6cfa70c383e58a7dbae124790509894737c

SHA256
55f894363bb7ca3a8b3ba50a82534f4ea33311385eaa9d4946d38920e45176a0

SHA512
ba8739f514db3f4dd0b273a79533cbe496bec0b2cd2a75daaeb5a027a4fccb0556df7f4e83750554d2960b72da3f6a37b6e5f486cebe1619152bf6b2e2c77328

Download Submit
memory/1664-1105-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1664-98-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1664-3989-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-3680-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-14-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-41-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2128-12-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2128-1104-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-0-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2128-1459-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2128-69-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-24-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2128-37-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2128-19-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2128-927-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2128-97-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-96-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2128-95-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2128-58-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-77-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2128-89-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2128-643-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2128-86-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2128-85-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2128-73-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2128-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2428-774-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2428-83-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2428-3992-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2464-52-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2464-3726-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3714-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2560-15-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3698-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2568-21-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2568-295-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2656-928-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2656-3978-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2656-88-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3789-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2772-82-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3787-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-84-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-71-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3801-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2824-87-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3816-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2840-28-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3730-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2840-523-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2960-3790-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2960-78-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/3016-75-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-3829-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download