cobaltstrike | 9035f6b5394ac566103096f075851514744c5a6134a1cd0a91505c44697ea6bc

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-12-2024 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

029fca486f375fc12016bbfe1e1b33bb
SHA1

e94536cabcfe8397eb7520a7d389dd38a0472a65
SHA256

9035f6b5394ac566103096f075851514744c5a6134a1cd0a91505c44697ea6bc
SHA512

eeb0f6866e1936d906269d32fe8976dd4563d514e2ced5d80093f419434b986e378025cb82fa1f420e29643dbf9cdcd0db7e172670fff3c02178e3db479a7149
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUd:eOl56utgpPF8u/7d

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012259-3.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001933e-24.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000192f0-25.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000193af-46.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41c-59.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019384-57.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019346-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019273-23.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-68.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019228-73.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001925c-11.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a455-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a497-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ac-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4aa-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a8-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a0-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a2-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48a-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a478-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a486-112.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2064-0-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/files/0x000b000000012259-3.dat	xmrig
behavioral1/files/0x000600000001933e-24.dat	xmrig
behavioral1/files/0x00070000000192f0-25.dat	xmrig
behavioral1/files/0x00080000000193af-46.dat	xmrig
behavioral1/memory/1884-47-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2668-53-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2096-45-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2700-61-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2064-60-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41c-59.dat	xmrig
behavioral1/memory/2692-58-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/files/0x0006000000019384-57.dat	xmrig
behavioral1/memory/2252-41-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2812-37-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x0006000000019346-36.dat	xmrig
behavioral1/files/0x0007000000019273-23.dat	xmrig
behavioral1/memory/2340-14-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2344-18-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41d-68.dat	xmrig
behavioral1/files/0x0008000000019228-73.dat	xmrig
behavioral1/memory/848-79-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2572-72-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x000700000001925c-11.dat	xmrig
behavioral1/files/0x000500000001a41e-80.dat	xmrig
behavioral1/memory/2064-84-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2308-85-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/files/0x000500000001a455-86.dat	xmrig
behavioral1/memory/1560-94-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2668-87-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a477-95.dat	xmrig
behavioral1/files/0x000500000001a497-120.dat	xmrig
behavioral1/files/0x000500000001a4ac-148.dat	xmrig
behavioral1/files/0x000500000001a4b1-155.dat	xmrig
behavioral1/files/0x000500000001a4bd-185.dat	xmrig
behavioral1/files/0x000500000001a4b9-178.dat	xmrig
behavioral1/files/0x000500000001a4bf-191.dat	xmrig
behavioral1/files/0x000500000001a4bb-181.dat	xmrig
behavioral1/memory/2064-939-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/1936-1159-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2308-452-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2064-454-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b5-168.dat	xmrig
behavioral1/files/0x000500000001a4b7-171.dat	xmrig
behavioral1/files/0x000500000001a4b3-161.dat	xmrig
behavioral1/files/0x000500000001a4af-152.dat	xmrig
behavioral1/files/0x000500000001a4aa-142.dat	xmrig
behavioral1/files/0x000500000001a4a8-138.dat	xmrig
behavioral1/files/0x000500000001a4a0-128.dat	xmrig
behavioral1/files/0x000500000001a4a2-132.dat	xmrig
behavioral1/files/0x000500000001a48a-118.dat	xmrig
behavioral1/files/0x000500000001a478-107.dat	xmrig
behavioral1/files/0x000500000001a486-112.dat	xmrig
behavioral1/memory/1936-101-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2700-100-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2064-97-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2692-96-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2812-3966-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2344-3959-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/1884-3957-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2340-3971-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2668-3978-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2252-3987-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2096-4017-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2340	jMWpPWl.exe
2344	DmnQsrD.exe
2252	HGSruke.exe
2812	WbSFZXu.exe
2096	sibFZsi.exe
1884	PqWpiKU.exe
2668	xiwCFmI.exe
2692	gSxLMhp.exe
2700	IEeEwDO.exe
2572	HEufkJE.exe
848	seVMEkC.exe
2308	vvTjYop.exe
1560	EeOKHJW.exe
1936	dxDxujo.exe
2352	GbBkyGE.exe
1932	OupdZRg.exe
2028	BuXUzfD.exe
316	FdZkSKw.exe
588	gvUUvIt.exe
344	kGTJTSK.exe
1232	uNMkSDI.exe
1536	JbCIuKU.exe
2860	GlCNPEN.exe
2116	nYpLjfz.exe
288	HkNhEoG.exe
2152	NGVdmKo.exe
992	GGybYfB.exe
1112	TRWGMqi.exe
2904	kSUTcJZ.exe
1284	wORtuoj.exe
2052	UAUdUoy.exe
1684	KOmBmpz.exe
1904	AOidcHj.exe
916	vTOOyBQ.exe
956	EZFFJnl.exe
548	UKBqjLd.exe
2432	bvCQjTO.exe
1708	LdtemXI.exe
1012	UFNNAZF.exe
2144	PTTxQVR.exe
2916	KPrpSPv.exe
2020	pIgAXXy.exe
2216	RBGwADc.exe
1480	paAGBLs.exe
2180	qWXTXXD.exe
1940	WmnFrMu.exe
3052	pVgoGGc.exe
280	mHdLtIN.exe
884	yQmxpfn.exe
3040	HhFprbZ.exe
1724	sUpCIAO.exe
1524	LThDLDs.exe
2488	WzAUinM.exe
1228	CoXaQCu.exe
868	jmxeBWe.exe
2736	CoWFOTs.exe
2776	ksHGSEL.exe
2576	vSfDOHq.exe
1720	MUkLlen.exe
3028	rHLyNZg.exe
1212	Hhqbywr.exe
380	alMQdTz.exe
332	AFZilor.exe
1412	mZrDgWg.exe

Loads dropped DLL 64 IoCs

pid	Process
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2064-0-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/files/0x000b000000012259-3.dat	upx
behavioral1/files/0x000600000001933e-24.dat	upx
behavioral1/files/0x00070000000192f0-25.dat	upx
behavioral1/files/0x00080000000193af-46.dat	upx
behavioral1/memory/1884-47-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2668-53-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2096-45-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2700-61-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2064-60-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/files/0x000500000001a41c-59.dat	upx
behavioral1/memory/2692-58-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/files/0x0006000000019384-57.dat	upx
behavioral1/memory/2252-41-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2812-37-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x0006000000019346-36.dat	upx
behavioral1/files/0x0007000000019273-23.dat	upx
behavioral1/memory/2340-14-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2344-18-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/files/0x000500000001a41d-68.dat	upx
behavioral1/files/0x0008000000019228-73.dat	upx
behavioral1/memory/848-79-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2572-72-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x000700000001925c-11.dat	upx
behavioral1/files/0x000500000001a41e-80.dat	upx
behavioral1/memory/2308-85-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/files/0x000500000001a455-86.dat	upx
behavioral1/memory/1560-94-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2668-87-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x000500000001a477-95.dat	upx
behavioral1/files/0x000500000001a497-120.dat	upx
behavioral1/files/0x000500000001a4ac-148.dat	upx
behavioral1/files/0x000500000001a4b1-155.dat	upx
behavioral1/files/0x000500000001a4bd-185.dat	upx
behavioral1/files/0x000500000001a4b9-178.dat	upx
behavioral1/files/0x000500000001a4bf-191.dat	upx
behavioral1/files/0x000500000001a4bb-181.dat	upx
behavioral1/memory/1936-1159-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2308-452-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/files/0x000500000001a4b5-168.dat	upx
behavioral1/files/0x000500000001a4b7-171.dat	upx
behavioral1/files/0x000500000001a4b3-161.dat	upx
behavioral1/files/0x000500000001a4af-152.dat	upx
behavioral1/files/0x000500000001a4aa-142.dat	upx
behavioral1/files/0x000500000001a4a8-138.dat	upx
behavioral1/files/0x000500000001a4a0-128.dat	upx
behavioral1/files/0x000500000001a4a2-132.dat	upx
behavioral1/files/0x000500000001a48a-118.dat	upx
behavioral1/files/0x000500000001a478-107.dat	upx
behavioral1/files/0x000500000001a486-112.dat	upx
behavioral1/memory/1936-101-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2700-100-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2692-96-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2812-3966-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2344-3959-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/1884-3957-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2340-3971-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2668-3978-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2252-3987-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2096-4017-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2700-4031-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/1560-4061-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/1936-4062-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ejaatPd.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XoEtJYq.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EAOqIED.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PvfUEnA.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RpHYYKp.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bOigVxQ.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qTXlboJ.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uFSwosD.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DdMUnYS.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PouYPBV.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lzmnuJE.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZNuDpIq.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nrJLFOm.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IkhIxyN.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZuYGkgD.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bhGvNNx.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\baWIpMl.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVWZWQa.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYMrrOh.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgBPcEo.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SODmDMr.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oKvAZQA.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LqKbOnm.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\worjYAq.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MUXMqsN.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lbqQaqW.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HhFprbZ.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qTqoVYE.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JqJcEYc.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FdZkSKw.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\phvEVoH.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UcZrLko.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TjmywjR.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mqObZQJ.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZaShLci.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wyJVGwR.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZZIqZAq.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZuLkqlR.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hVwpRzv.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\efykwgz.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qWXTXXD.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ksHGSEL.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SHAUbzP.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ssylHzj.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FYMuFVO.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYjFNOR.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BJqfSiZ.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tBkUgKC.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dsvBRtM.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCSxjpn.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zTpcQYb.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vZhYdHQ.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpenmCn.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gArwzai.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YxzDxJJ.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GSkoXGE.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iVhNAbC.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SuNrtyE.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dDAYldf.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LhbXNFw.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GlCNPEN.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DCXUUWs.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NkoUxRl.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rLScWKx.exe	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2340	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2064 wrote to memory of 2340	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2064 wrote to memory of 2340	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2064 wrote to memory of 2344	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2064 wrote to memory of 2344	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2064 wrote to memory of 2344	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2064 wrote to memory of 2252	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2064 wrote to memory of 2252	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2064 wrote to memory of 2252	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2064 wrote to memory of 2812	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2064 wrote to memory of 2812	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2064 wrote to memory of 2812	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2064 wrote to memory of 2096	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2064 wrote to memory of 2096	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2064 wrote to memory of 2096	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2064 wrote to memory of 1884	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2064 wrote to memory of 1884	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2064 wrote to memory of 1884	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2064 wrote to memory of 2692	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2064 wrote to memory of 2692	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2064 wrote to memory of 2692	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2064 wrote to memory of 2668	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2064 wrote to memory of 2668	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2064 wrote to memory of 2668	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2064 wrote to memory of 2700	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2064 wrote to memory of 2700	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2064 wrote to memory of 2700	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2064 wrote to memory of 2572	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2064 wrote to memory of 2572	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2064 wrote to memory of 2572	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2064 wrote to memory of 848	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2064 wrote to memory of 848	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2064 wrote to memory of 848	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2064 wrote to memory of 2308	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2064 wrote to memory of 2308	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2064 wrote to memory of 2308	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2064 wrote to memory of 1560	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2064 wrote to memory of 1560	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2064 wrote to memory of 1560	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2064 wrote to memory of 1936	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2064 wrote to memory of 1936	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2064 wrote to memory of 1936	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2064 wrote to memory of 2352	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2064 wrote to memory of 2352	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2064 wrote to memory of 2352	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2064 wrote to memory of 1932	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2064 wrote to memory of 1932	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2064 wrote to memory of 1932	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2064 wrote to memory of 2028	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2064 wrote to memory of 2028	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2064 wrote to memory of 2028	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2064 wrote to memory of 316	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2064 wrote to memory of 316	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2064 wrote to memory of 316	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2064 wrote to memory of 588	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2064 wrote to memory of 588	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2064 wrote to memory of 588	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2064 wrote to memory of 344	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2064 wrote to memory of 344	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2064 wrote to memory of 344	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2064 wrote to memory of 1232	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2064 wrote to memory of 1232	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2064 wrote to memory of 1232	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2064 wrote to memory of 1536	2064	2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-18_029fca486f375fc12016bbfe1e1b33bb_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\System\jMWpPWl.exe
  C:\Windows\System\jMWpPWl.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\DmnQsrD.exe
  C:\Windows\System\DmnQsrD.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\HGSruke.exe
  C:\Windows\System\HGSruke.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\WbSFZXu.exe
  C:\Windows\System\WbSFZXu.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\sibFZsi.exe
  C:\Windows\System\sibFZsi.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\PqWpiKU.exe
  C:\Windows\System\PqWpiKU.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\gSxLMhp.exe
  C:\Windows\System\gSxLMhp.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\xiwCFmI.exe
  C:\Windows\System\xiwCFmI.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\IEeEwDO.exe
  C:\Windows\System\IEeEwDO.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\HEufkJE.exe
  C:\Windows\System\HEufkJE.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\seVMEkC.exe
  C:\Windows\System\seVMEkC.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\vvTjYop.exe
  C:\Windows\System\vvTjYop.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\EeOKHJW.exe
  C:\Windows\System\EeOKHJW.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\dxDxujo.exe
  C:\Windows\System\dxDxujo.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\GbBkyGE.exe
  C:\Windows\System\GbBkyGE.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\OupdZRg.exe
  C:\Windows\System\OupdZRg.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\BuXUzfD.exe
  C:\Windows\System\BuXUzfD.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\FdZkSKw.exe
  C:\Windows\System\FdZkSKw.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\gvUUvIt.exe
  C:\Windows\System\gvUUvIt.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\kGTJTSK.exe
  C:\Windows\System\kGTJTSK.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\uNMkSDI.exe
  C:\Windows\System\uNMkSDI.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\JbCIuKU.exe
  C:\Windows\System\JbCIuKU.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\GlCNPEN.exe
  C:\Windows\System\GlCNPEN.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\nYpLjfz.exe
  C:\Windows\System\nYpLjfz.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\HkNhEoG.exe
  C:\Windows\System\HkNhEoG.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\NGVdmKo.exe
  C:\Windows\System\NGVdmKo.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\GGybYfB.exe
  C:\Windows\System\GGybYfB.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\TRWGMqi.exe
  C:\Windows\System\TRWGMqi.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\kSUTcJZ.exe
  C:\Windows\System\kSUTcJZ.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\wORtuoj.exe
  C:\Windows\System\wORtuoj.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\UAUdUoy.exe
  C:\Windows\System\UAUdUoy.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\KOmBmpz.exe
  C:\Windows\System\KOmBmpz.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\AOidcHj.exe
  C:\Windows\System\AOidcHj.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\vTOOyBQ.exe
  C:\Windows\System\vTOOyBQ.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\UKBqjLd.exe
  C:\Windows\System\UKBqjLd.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\EZFFJnl.exe
  C:\Windows\System\EZFFJnl.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\bvCQjTO.exe
  C:\Windows\System\bvCQjTO.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\LdtemXI.exe
  C:\Windows\System\LdtemXI.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\UFNNAZF.exe
  C:\Windows\System\UFNNAZF.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\PTTxQVR.exe
  C:\Windows\System\PTTxQVR.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\KPrpSPv.exe
  C:\Windows\System\KPrpSPv.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\pIgAXXy.exe
  C:\Windows\System\pIgAXXy.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\RBGwADc.exe
  C:\Windows\System\RBGwADc.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\paAGBLs.exe
  C:\Windows\System\paAGBLs.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\qWXTXXD.exe
  C:\Windows\System\qWXTXXD.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\WmnFrMu.exe
  C:\Windows\System\WmnFrMu.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\pVgoGGc.exe
  C:\Windows\System\pVgoGGc.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\mHdLtIN.exe
  C:\Windows\System\mHdLtIN.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\yQmxpfn.exe
  C:\Windows\System\yQmxpfn.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\HhFprbZ.exe
  C:\Windows\System\HhFprbZ.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\sUpCIAO.exe
  C:\Windows\System\sUpCIAO.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\LThDLDs.exe
  C:\Windows\System\LThDLDs.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\WzAUinM.exe
  C:\Windows\System\WzAUinM.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\CoXaQCu.exe
  C:\Windows\System\CoXaQCu.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\jmxeBWe.exe
  C:\Windows\System\jmxeBWe.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\CoWFOTs.exe
  C:\Windows\System\CoWFOTs.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\ksHGSEL.exe
  C:\Windows\System\ksHGSEL.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\vSfDOHq.exe
  C:\Windows\System\vSfDOHq.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\MUkLlen.exe
  C:\Windows\System\MUkLlen.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\rHLyNZg.exe
  C:\Windows\System\rHLyNZg.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\Hhqbywr.exe
  C:\Windows\System\Hhqbywr.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\alMQdTz.exe
  C:\Windows\System\alMQdTz.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\AFZilor.exe
  C:\Windows\System\AFZilor.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\mZrDgWg.exe
  C:\Windows\System\mZrDgWg.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\mIjfsPd.exe
  C:\Windows\System\mIjfsPd.exe
  2⤵
  PID:892
- C:\Windows\System\rzqvfnP.exe
  C:\Windows\System\rzqvfnP.exe
  2⤵
  PID:1944
- C:\Windows\System\ByPvbfr.exe
  C:\Windows\System\ByPvbfr.exe
  2⤵
  PID:2892
- C:\Windows\System\POxYSjh.exe
  C:\Windows\System\POxYSjh.exe
  2⤵
  PID:2192
- C:\Windows\System\RmUEKtj.exe
  C:\Windows\System\RmUEKtj.exe
  2⤵
  PID:2148
- C:\Windows\System\WCKiCzA.exe
  C:\Windows\System\WCKiCzA.exe
  2⤵
  PID:2976
- C:\Windows\System\UjlsjzL.exe
  C:\Windows\System\UjlsjzL.exe
  2⤵
  PID:1796
- C:\Windows\System\erhalzr.exe
  C:\Windows\System\erhalzr.exe
  2⤵
  PID:2376
- C:\Windows\System\mMHUtAp.exe
  C:\Windows\System\mMHUtAp.exe
  2⤵
  PID:840
- C:\Windows\System\fVPOZVF.exe
  C:\Windows\System\fVPOZVF.exe
  2⤵
  PID:1864
- C:\Windows\System\WGDGiVh.exe
  C:\Windows\System\WGDGiVh.exe
  2⤵
  PID:2112
- C:\Windows\System\jDVWRZq.exe
  C:\Windows\System\jDVWRZq.exe
  2⤵
  PID:616
- C:\Windows\System\TNofJqL.exe
  C:\Windows\System\TNofJqL.exe
  2⤵
  PID:1252
- C:\Windows\System\ufCweOl.exe
  C:\Windows\System\ufCweOl.exe
  2⤵
  PID:2264
- C:\Windows\System\vxHxfxC.exe
  C:\Windows\System\vxHxfxC.exe
  2⤵
  PID:568
- C:\Windows\System\CqGxItp.exe
  C:\Windows\System\CqGxItp.exe
  2⤵
  PID:1984
- C:\Windows\System\SPUGRNt.exe
  C:\Windows\System\SPUGRNt.exe
  2⤵
  PID:2936
- C:\Windows\System\eMkfdjP.exe
  C:\Windows\System\eMkfdjP.exe
  2⤵
  PID:2944
- C:\Windows\System\hiYCdvs.exe
  C:\Windows\System\hiYCdvs.exe
  2⤵
  PID:1216
- C:\Windows\System\irLCgJg.exe
  C:\Windows\System\irLCgJg.exe
  2⤵
  PID:2740
- C:\Windows\System\rxJbKZo.exe
  C:\Windows\System\rxJbKZo.exe
  2⤵
  PID:1528
- C:\Windows\System\SftQfkm.exe
  C:\Windows\System\SftQfkm.exe
  2⤵
  PID:2056
- C:\Windows\System\WIvGUAZ.exe
  C:\Windows\System\WIvGUAZ.exe
  2⤵
  PID:1632
- C:\Windows\System\xpXrrrp.exe
  C:\Windows\System\xpXrrrp.exe
  2⤵
  PID:2748
- C:\Windows\System\RaNlvGM.exe
  C:\Windows\System\RaNlvGM.exe
  2⤵
  PID:1344
- C:\Windows\System\nBgKorK.exe
  C:\Windows\System\nBgKorK.exe
  2⤵
  PID:2752
- C:\Windows\System\KcviaeF.exe
  C:\Windows\System\KcviaeF.exe
  2⤵
  PID:2796
- C:\Windows\System\KmcasVY.exe
  C:\Windows\System\KmcasVY.exe
  2⤵
  PID:376
- C:\Windows\System\lOLQdoN.exe
  C:\Windows\System\lOLQdoN.exe
  2⤵
  PID:536
- C:\Windows\System\pJnBndC.exe
  C:\Windows\System\pJnBndC.exe
  2⤵
  PID:1516
- C:\Windows\System\wyJVGwR.exe
  C:\Windows\System\wyJVGwR.exe
  2⤵
  PID:2444
- C:\Windows\System\peLocGP.exe
  C:\Windows\System\peLocGP.exe
  2⤵
  PID:2868
- C:\Windows\System\yaDDMkE.exe
  C:\Windows\System\yaDDMkE.exe
  2⤵
  PID:804
- C:\Windows\System\rYtTOqp.exe
  C:\Windows\System\rYtTOqp.exe
  2⤵
  PID:2424
- C:\Windows\System\baWIpMl.exe
  C:\Windows\System\baWIpMl.exe
  2⤵
  PID:408
- C:\Windows\System\YDwSPzB.exe
  C:\Windows\System\YDwSPzB.exe
  2⤵
  PID:2520
- C:\Windows\System\qEqHPnp.exe
  C:\Windows\System\qEqHPnp.exe
  2⤵
  PID:2932
- C:\Windows\System\qDVhSIV.exe
  C:\Windows\System\qDVhSIV.exe
  2⤵
  PID:1456
- C:\Windows\System\tvfdpBl.exe
  C:\Windows\System\tvfdpBl.exe
  2⤵
  PID:2396
- C:\Windows\System\EYxERkZ.exe
  C:\Windows\System\EYxERkZ.exe
  2⤵
  PID:1444
- C:\Windows\System\dAqcdCs.exe
  C:\Windows\System\dAqcdCs.exe
  2⤵
  PID:2384
- C:\Windows\System\XezYPFj.exe
  C:\Windows\System\XezYPFj.exe
  2⤵
  PID:1732
- C:\Windows\System\RfAqZeT.exe
  C:\Windows\System\RfAqZeT.exe
  2⤵
  PID:2212
- C:\Windows\System\hKfQIOT.exe
  C:\Windows\System\hKfQIOT.exe
  2⤵
  PID:2836
- C:\Windows\System\FFxyZup.exe
  C:\Windows\System\FFxyZup.exe
  2⤵
  PID:2200
- C:\Windows\System\NInjJpy.exe
  C:\Windows\System\NInjJpy.exe
  2⤵
  PID:2256
- C:\Windows\System\lKlCjFv.exe
  C:\Windows\System\lKlCjFv.exe
  2⤵
  PID:1656
- C:\Windows\System\DdMUnYS.exe
  C:\Windows\System\DdMUnYS.exe
  2⤵
  PID:2792
- C:\Windows\System\DwmviBt.exe
  C:\Windows\System\DwmviBt.exe
  2⤵
  PID:2660
- C:\Windows\System\skxOnaW.exe
  C:\Windows\System\skxOnaW.exe
  2⤵
  PID:2640
- C:\Windows\System\JuRnrAT.exe
  C:\Windows\System\JuRnrAT.exe
  2⤵
  PID:1636
- C:\Windows\System\gjNpbum.exe
  C:\Windows\System\gjNpbum.exe
  2⤵
  PID:1952
- C:\Windows\System\pEMXJEb.exe
  C:\Windows\System\pEMXJEb.exe
  2⤵
  PID:2288
- C:\Windows\System\qTqoVYE.exe
  C:\Windows\System\qTqoVYE.exe
  2⤵
  PID:1740
- C:\Windows\System\UmLvrcd.exe
  C:\Windows\System\UmLvrcd.exe
  2⤵
  PID:2012
- C:\Windows\System\leAAuro.exe
  C:\Windows\System\leAAuro.exe
  2⤵
  PID:236
- C:\Windows\System\zuhSLYv.exe
  C:\Windows\System\zuhSLYv.exe
  2⤵
  PID:600
- C:\Windows\System\PDsIzfI.exe
  C:\Windows\System\PDsIzfI.exe
  2⤵
  PID:904
- C:\Windows\System\OJwKHUK.exe
  C:\Windows\System\OJwKHUK.exe
  2⤵
  PID:2268
- C:\Windows\System\fIPSbSS.exe
  C:\Windows\System\fIPSbSS.exe
  2⤵
  PID:1876
- C:\Windows\System\wiaykXN.exe
  C:\Windows\System\wiaykXN.exe
  2⤵
  PID:2956
- C:\Windows\System\YhDflqt.exe
  C:\Windows\System\YhDflqt.exe
  2⤵
  PID:780
- C:\Windows\System\bvWIDQs.exe
  C:\Windows\System\bvWIDQs.exe
  2⤵
  PID:2160
- C:\Windows\System\IuinxWg.exe
  C:\Windows\System\IuinxWg.exe
  2⤵
  PID:1780
- C:\Windows\System\krIHoQn.exe
  C:\Windows\System\krIHoQn.exe
  2⤵
  PID:3000
- C:\Windows\System\vpZyQlN.exe
  C:\Windows\System\vpZyQlN.exe
  2⤵
  PID:2856
- C:\Windows\System\ABhIyYI.exe
  C:\Windows\System\ABhIyYI.exe
  2⤵
  PID:1068
- C:\Windows\System\CmMKofh.exe
  C:\Windows\System\CmMKofh.exe
  2⤵
  PID:2612
- C:\Windows\System\CVWZWQa.exe
  C:\Windows\System\CVWZWQa.exe
  2⤵
  PID:1660
- C:\Windows\System\DMVKqAF.exe
  C:\Windows\System\DMVKqAF.exe
  2⤵
  PID:2688
- C:\Windows\System\XeNXelq.exe
  C:\Windows\System\XeNXelq.exe
  2⤵
  PID:2120
- C:\Windows\System\QPPOrbA.exe
  C:\Windows\System\QPPOrbA.exe
  2⤵
  PID:2080
- C:\Windows\System\WNrjhoh.exe
  C:\Windows\System\WNrjhoh.exe
  2⤵
  PID:2500
- C:\Windows\System\UdQHwCN.exe
  C:\Windows\System\UdQHwCN.exe
  2⤵
  PID:3108
- C:\Windows\System\AnHsqTf.exe
  C:\Windows\System\AnHsqTf.exe
  2⤵
  PID:3144
- C:\Windows\System\MnyIHmw.exe
  C:\Windows\System\MnyIHmw.exe
  2⤵
  PID:3188
- C:\Windows\System\zdfhFtO.exe
  C:\Windows\System\zdfhFtO.exe
  2⤵
  PID:3204
- C:\Windows\System\yWPZdhv.exe
  C:\Windows\System\yWPZdhv.exe
  2⤵
  PID:3220
- C:\Windows\System\TxndYMq.exe
  C:\Windows\System\TxndYMq.exe
  2⤵
  PID:3240
- C:\Windows\System\xZveBAe.exe
  C:\Windows\System\xZveBAe.exe
  2⤵
  PID:3260
- C:\Windows\System\OurtyXM.exe
  C:\Windows\System\OurtyXM.exe
  2⤵
  PID:3276
- C:\Windows\System\fWFWyqu.exe
  C:\Windows\System\fWFWyqu.exe
  2⤵
  PID:3324
- C:\Windows\System\nUFlqHH.exe
  C:\Windows\System\nUFlqHH.exe
  2⤵
  PID:3352
- C:\Windows\System\NlbyRUv.exe
  C:\Windows\System\NlbyRUv.exe
  2⤵
  PID:3368
- C:\Windows\System\AEImkYe.exe
  C:\Windows\System\AEImkYe.exe
  2⤵
  PID:3384
- C:\Windows\System\iJDwxeg.exe
  C:\Windows\System\iJDwxeg.exe
  2⤵
  PID:3408
- C:\Windows\System\EAOqIED.exe
  C:\Windows\System\EAOqIED.exe
  2⤵
  PID:3424
- C:\Windows\System\onKvgfi.exe
  C:\Windows\System\onKvgfi.exe
  2⤵
  PID:3440
- C:\Windows\System\ZktZaBG.exe
  C:\Windows\System\ZktZaBG.exe
  2⤵
  PID:3456
- C:\Windows\System\WAQrjHP.exe
  C:\Windows\System\WAQrjHP.exe
  2⤵
  PID:3476
- C:\Windows\System\iKqaDjA.exe
  C:\Windows\System\iKqaDjA.exe
  2⤵
  PID:3508
- C:\Windows\System\bgtdXMg.exe
  C:\Windows\System\bgtdXMg.exe
  2⤵
  PID:3532
- C:\Windows\System\BfHakJV.exe
  C:\Windows\System\BfHakJV.exe
  2⤵
  PID:3548
- C:\Windows\System\wuEfFKz.exe
  C:\Windows\System\wuEfFKz.exe
  2⤵
  PID:3568
- C:\Windows\System\inwJEIe.exe
  C:\Windows\System\inwJEIe.exe
  2⤵
  PID:3584
- C:\Windows\System\lFlwMFm.exe
  C:\Windows\System\lFlwMFm.exe
  2⤵
  PID:3600
- C:\Windows\System\XjvFVde.exe
  C:\Windows\System\XjvFVde.exe
  2⤵
  PID:3620
- C:\Windows\System\HFtpJAd.exe
  C:\Windows\System\HFtpJAd.exe
  2⤵
  PID:3636
- C:\Windows\System\dNpTeWj.exe
  C:\Windows\System\dNpTeWj.exe
  2⤵
  PID:3656
- C:\Windows\System\qaKVFrx.exe
  C:\Windows\System\qaKVFrx.exe
  2⤵
  PID:3672
- C:\Windows\System\ZZyMqZx.exe
  C:\Windows\System\ZZyMqZx.exe
  2⤵
  PID:3688
- C:\Windows\System\GnwGexi.exe
  C:\Windows\System\GnwGexi.exe
  2⤵
  PID:3704
- C:\Windows\System\JfIzGYz.exe
  C:\Windows\System\JfIzGYz.exe
  2⤵
  PID:3728
- C:\Windows\System\esHSwww.exe
  C:\Windows\System\esHSwww.exe
  2⤵
  PID:3744
- C:\Windows\System\SODmDMr.exe
  C:\Windows\System\SODmDMr.exe
  2⤵
  PID:3760
- C:\Windows\System\lVHlkRr.exe
  C:\Windows\System\lVHlkRr.exe
  2⤵
  PID:3776
- C:\Windows\System\dJGFczI.exe
  C:\Windows\System\dJGFczI.exe
  2⤵
  PID:3796
- C:\Windows\System\IbmKclX.exe
  C:\Windows\System\IbmKclX.exe
  2⤵
  PID:3816
- C:\Windows\System\tsRayxW.exe
  C:\Windows\System\tsRayxW.exe
  2⤵
  PID:3836
- C:\Windows\System\lpenmCn.exe
  C:\Windows\System\lpenmCn.exe
  2⤵
  PID:3856
- C:\Windows\System\clywcUv.exe
  C:\Windows\System\clywcUv.exe
  2⤵
  PID:3872
- C:\Windows\System\kKMBnla.exe
  C:\Windows\System\kKMBnla.exe
  2⤵
  PID:3896
- C:\Windows\System\depkYXF.exe
  C:\Windows\System\depkYXF.exe
  2⤵
  PID:3916
- C:\Windows\System\heqEhVe.exe
  C:\Windows\System\heqEhVe.exe
  2⤵
  PID:3932
- C:\Windows\System\aMbAtdn.exe
  C:\Windows\System\aMbAtdn.exe
  2⤵
  PID:3948
- C:\Windows\System\CZomkcu.exe
  C:\Windows\System\CZomkcu.exe
  2⤵
  PID:3964
- C:\Windows\System\oFFenOp.exe
  C:\Windows\System\oFFenOp.exe
  2⤵
  PID:3984
- C:\Windows\System\BIjcyJb.exe
  C:\Windows\System\BIjcyJb.exe
  2⤵
  PID:4036
- C:\Windows\System\XLQamlt.exe
  C:\Windows\System\XLQamlt.exe
  2⤵
  PID:4052
- C:\Windows\System\fEcCtwX.exe
  C:\Windows\System\fEcCtwX.exe
  2⤵
  PID:4072
- C:\Windows\System\cSiVgAE.exe
  C:\Windows\System\cSiVgAE.exe
  2⤵
  PID:4088
- C:\Windows\System\zrnVtOo.exe
  C:\Windows\System\zrnVtOo.exe
  2⤵
  PID:1596
- C:\Windows\System\olxGeXx.exe
  C:\Windows\System\olxGeXx.exe
  2⤵
  PID:2480
- C:\Windows\System\tDtwlWM.exe
  C:\Windows\System\tDtwlWM.exe
  2⤵
  PID:2312
- C:\Windows\System\hlziRUl.exe
  C:\Windows\System\hlziRUl.exe
  2⤵
  PID:2628
- C:\Windows\System\UqCcUdI.exe
  C:\Windows\System\UqCcUdI.exe
  2⤵
  PID:3120
- C:\Windows\System\sOFwZAt.exe
  C:\Windows\System\sOFwZAt.exe
  2⤵
  PID:3140
- C:\Windows\System\dLnvcbb.exe
  C:\Windows\System\dLnvcbb.exe
  2⤵
  PID:3196
- C:\Windows\System\XXARJFl.exe
  C:\Windows\System\XXARJFl.exe
  2⤵
  PID:3088
- C:\Windows\System\rSxWYwn.exe
  C:\Windows\System\rSxWYwn.exe
  2⤵
  PID:3104
- C:\Windows\System\WcwRHbw.exe
  C:\Windows\System\WcwRHbw.exe
  2⤵
  PID:3272
- C:\Windows\System\TsVXGCV.exe
  C:\Windows\System\TsVXGCV.exe
  2⤵
  PID:3176
- C:\Windows\System\ncGaMJN.exe
  C:\Windows\System\ncGaMJN.exe
  2⤵
  PID:3304
- C:\Windows\System\fTkAXtz.exe
  C:\Windows\System\fTkAXtz.exe
  2⤵
  PID:3308
- C:\Windows\System\QeUxFCP.exe
  C:\Windows\System\QeUxFCP.exe
  2⤵
  PID:3316
- C:\Windows\System\GAJLDwl.exe
  C:\Windows\System\GAJLDwl.exe
  2⤵
  PID:3344
- C:\Windows\System\NcmoqAy.exe
  C:\Windows\System\NcmoqAy.exe
  2⤵
  PID:3376
- C:\Windows\System\MRvvNZo.exe
  C:\Windows\System\MRvvNZo.exe
  2⤵
  PID:3400
- C:\Windows\System\yKIQAHU.exe
  C:\Windows\System\yKIQAHU.exe
  2⤵
  PID:3420
- C:\Windows\System\oOfxYiX.exe
  C:\Windows\System\oOfxYiX.exe
  2⤵
  PID:3464
- C:\Windows\System\DbLjbqp.exe
  C:\Windows\System\DbLjbqp.exe
  2⤵
  PID:3492
- C:\Windows\System\HXDtRAz.exe
  C:\Windows\System\HXDtRAz.exe
  2⤵
  PID:3504
- C:\Windows\System\MGXPyaC.exe
  C:\Windows\System\MGXPyaC.exe
  2⤵
  PID:3516
- C:\Windows\System\tEWUYri.exe
  C:\Windows\System\tEWUYri.exe
  2⤵
  PID:3608
- C:\Windows\System\wLKjQpM.exe
  C:\Windows\System\wLKjQpM.exe
  2⤵
  PID:3752
- C:\Windows\System\kEnPFff.exe
  C:\Windows\System\kEnPFff.exe
  2⤵
  PID:3564
- C:\Windows\System\UOkgRmZ.exe
  C:\Windows\System\UOkgRmZ.exe
  2⤵
  PID:3832
- C:\Windows\System\TyZUmHj.exe
  C:\Windows\System\TyZUmHj.exe
  2⤵
  PID:3868
- C:\Windows\System\BrHSlND.exe
  C:\Windows\System\BrHSlND.exe
  2⤵
  PID:3940
- C:\Windows\System\sMMWyrD.exe
  C:\Windows\System\sMMWyrD.exe
  2⤵
  PID:3596
- C:\Windows\System\QWpNKrh.exe
  C:\Windows\System\QWpNKrh.exe
  2⤵
  PID:3768
- C:\Windows\System\XYWpQaD.exe
  C:\Windows\System\XYWpQaD.exe
  2⤵
  PID:3812
- C:\Windows\System\blEKEGN.exe
  C:\Windows\System\blEKEGN.exe
  2⤵
  PID:3852
- C:\Windows\System\EGhVIQL.exe
  C:\Windows\System\EGhVIQL.exe
  2⤵
  PID:3888
- C:\Windows\System\bIVvdVF.exe
  C:\Windows\System\bIVvdVF.exe
  2⤵
  PID:3956
- C:\Windows\System\OUFGjyW.exe
  C:\Windows\System\OUFGjyW.exe
  2⤵
  PID:3880
- C:\Windows\System\iCIoqvP.exe
  C:\Windows\System\iCIoqvP.exe
  2⤵
  PID:2104
- C:\Windows\System\lNtzmvx.exe
  C:\Windows\System\lNtzmvx.exe
  2⤵
  PID:2852
- C:\Windows\System\vVDPeUw.exe
  C:\Windows\System\vVDPeUw.exe
  2⤵
  PID:3060
- C:\Windows\System\YAsJlNN.exe
  C:\Windows\System\YAsJlNN.exe
  2⤵
  PID:692
- C:\Windows\System\lmnZVxR.exe
  C:\Windows\System\lmnZVxR.exe
  2⤵
  PID:3996
- C:\Windows\System\YqSvNEE.exe
  C:\Windows\System\YqSvNEE.exe
  2⤵
  PID:4008
- C:\Windows\System\PIcCElk.exe
  C:\Windows\System\PIcCElk.exe
  2⤵
  PID:4064
- C:\Windows\System\CHLTPWe.exe
  C:\Windows\System\CHLTPWe.exe
  2⤵
  PID:2908
- C:\Windows\System\MSIdHcz.exe
  C:\Windows\System\MSIdHcz.exe
  2⤵
  PID:2172
- C:\Windows\System\NVyxTFl.exe
  C:\Windows\System\NVyxTFl.exe
  2⤵
  PID:3252
- C:\Windows\System\fcpczAy.exe
  C:\Windows\System\fcpczAy.exe
  2⤵
  PID:3396
- C:\Windows\System\IRiSaOG.exe
  C:\Windows\System\IRiSaOG.exe
  2⤵
  PID:1968
- C:\Windows\System\SGsuatC.exe
  C:\Windows\System\SGsuatC.exe
  2⤵
  PID:3500
- C:\Windows\System\kDdWIye.exe
  C:\Windows\System\kDdWIye.exe
  2⤵
  PID:3312
- C:\Windows\System\mLWlCeJ.exe
  C:\Windows\System\mLWlCeJ.exe
  2⤵
  PID:3556
- C:\Windows\System\MTghgnZ.exe
  C:\Windows\System\MTghgnZ.exe
  2⤵
  PID:3652
- C:\Windows\System\NDmDBje.exe
  C:\Windows\System\NDmDBje.exe
  2⤵
  PID:3824
- C:\Windows\System\sOQrUyF.exe
  C:\Windows\System\sOQrUyF.exe
  2⤵
  PID:3576
- C:\Windows\System\QhxfdTE.exe
  C:\Windows\System\QhxfdTE.exe
  2⤵
  PID:3756
- C:\Windows\System\WPNiVUy.exe
  C:\Windows\System\WPNiVUy.exe
  2⤵
  PID:3696
- C:\Windows\System\uZvUaMJ.exe
  C:\Windows\System\uZvUaMJ.exe
  2⤵
  PID:2364
- C:\Windows\System\OcdGhrt.exe
  C:\Windows\System\OcdGhrt.exe
  2⤵
  PID:3560
- C:\Windows\System\cKitxwn.exe
  C:\Windows\System\cKitxwn.exe
  2⤵
  PID:3924
- C:\Windows\System\LgSGdHn.exe
  C:\Windows\System\LgSGdHn.exe
  2⤵
  PID:2832
- C:\Windows\System\LyvfiWC.exe
  C:\Windows\System\LyvfiWC.exe
  2⤵
  PID:4080
- C:\Windows\System\PCggADj.exe
  C:\Windows\System\PCggADj.exe
  2⤵
  PID:3992
- C:\Windows\System\kJlzqOe.exe
  C:\Windows\System\kJlzqOe.exe
  2⤵
  PID:2568
- C:\Windows\System\ycoOyXp.exe
  C:\Windows\System\ycoOyXp.exe
  2⤵
  PID:4060
- C:\Windows\System\vTDmRva.exe
  C:\Windows\System\vTDmRva.exe
  2⤵
  PID:3096
- C:\Windows\System\IXPcJqI.exe
  C:\Windows\System\IXPcJqI.exe
  2⤵
  PID:2800
- C:\Windows\System\CoTfooW.exe
  C:\Windows\System\CoTfooW.exe
  2⤵
  PID:3296
- C:\Windows\System\CsHUPak.exe
  C:\Windows\System\CsHUPak.exe
  2⤵
  PID:1920
- C:\Windows\System\qFhHnTi.exe
  C:\Windows\System\qFhHnTi.exe
  2⤵
  PID:3392
- C:\Windows\System\yNAMsnl.exe
  C:\Windows\System\yNAMsnl.exe
  2⤵
  PID:1248
- C:\Windows\System\PvfUEnA.exe
  C:\Windows\System\PvfUEnA.exe
  2⤵
  PID:3484
- C:\Windows\System\XQIQQuR.exe
  C:\Windows\System\XQIQQuR.exe
  2⤵
  PID:3340
- C:\Windows\System\tpjfKhh.exe
  C:\Windows\System\tpjfKhh.exe
  2⤵
  PID:3284
- C:\Windows\System\givbZVw.exe
  C:\Windows\System\givbZVw.exe
  2⤵
  PID:3180
- C:\Windows\System\ZHdXHMv.exe
  C:\Windows\System\ZHdXHMv.exe
  2⤵
  PID:3716
- C:\Windows\System\uoeqkqE.exe
  C:\Windows\System\uoeqkqE.exe
  2⤵
  PID:3736
- C:\Windows\System\EfSfEHu.exe
  C:\Windows\System\EfSfEHu.exe
  2⤵
  PID:3528
- C:\Windows\System\oHpZnlf.exe
  C:\Windows\System\oHpZnlf.exe
  2⤵
  PID:3668
- C:\Windows\System\CFOdojw.exe
  C:\Windows\System\CFOdojw.exe
  2⤵
  PID:324
- C:\Windows\System\UrFdVGd.exe
  C:\Windows\System\UrFdVGd.exe
  2⤵
  PID:3632
- C:\Windows\System\dBUULjg.exe
  C:\Windows\System\dBUULjg.exe
  2⤵
  PID:1452
- C:\Windows\System\dlbNYRP.exe
  C:\Windows\System\dlbNYRP.exe
  2⤵
  PID:2720
- C:\Windows\System\oKvAZQA.exe
  C:\Windows\System\oKvAZQA.exe
  2⤵
  PID:3004
- C:\Windows\System\SiqQKSy.exe
  C:\Windows\System\SiqQKSy.exe
  2⤵
  PID:3100
- C:\Windows\System\DegqzkP.exe
  C:\Windows\System\DegqzkP.exe
  2⤵
  PID:2600
- C:\Windows\System\DCXUUWs.exe
  C:\Windows\System\DCXUUWs.exe
  2⤵
  PID:3616
- C:\Windows\System\IVTsrRY.exe
  C:\Windows\System\IVTsrRY.exe
  2⤵
  PID:3976
- C:\Windows\System\YbSaVlh.exe
  C:\Windows\System\YbSaVlh.exe
  2⤵
  PID:3544
- C:\Windows\System\UJcAeqR.exe
  C:\Windows\System\UJcAeqR.exe
  2⤵
  PID:3884
- C:\Windows\System\CtxPedM.exe
  C:\Windows\System\CtxPedM.exe
  2⤵
  PID:1916
- C:\Windows\System\iMfMhFC.exe
  C:\Windows\System\iMfMhFC.exe
  2⤵
  PID:2164
- C:\Windows\System\nUbozNk.exe
  C:\Windows\System\nUbozNk.exe
  2⤵
  PID:3472
- C:\Windows\System\aaUfjUY.exe
  C:\Windows\System\aaUfjUY.exe
  2⤵
  PID:3128
- C:\Windows\System\wRQenQM.exe
  C:\Windows\System\wRQenQM.exe
  2⤵
  PID:1956
- C:\Windows\System\vpLGLKd.exe
  C:\Windows\System\vpLGLKd.exe
  2⤵
  PID:584
- C:\Windows\System\ulPjWqq.exe
  C:\Windows\System\ulPjWqq.exe
  2⤵
  PID:3332
- C:\Windows\System\XHeTIAa.exe
  C:\Windows\System\XHeTIAa.exe
  2⤵
  PID:2636
- C:\Windows\System\PbfcMbS.exe
  C:\Windows\System\PbfcMbS.exe
  2⤵
  PID:3404
- C:\Windows\System\jVtcWFS.exe
  C:\Windows\System\jVtcWFS.exe
  2⤵
  PID:4104
- C:\Windows\System\YZcSbvI.exe
  C:\Windows\System\YZcSbvI.exe
  2⤵
  PID:4120
- C:\Windows\System\PmLbCGh.exe
  C:\Windows\System\PmLbCGh.exe
  2⤵
  PID:4136
- C:\Windows\System\odMjQfA.exe
  C:\Windows\System\odMjQfA.exe
  2⤵
  PID:4152
- C:\Windows\System\hMJHBbX.exe
  C:\Windows\System\hMJHBbX.exe
  2⤵
  PID:4204
- C:\Windows\System\wSQmhnb.exe
  C:\Windows\System\wSQmhnb.exe
  2⤵
  PID:4220
- C:\Windows\System\KHaHuha.exe
  C:\Windows\System\KHaHuha.exe
  2⤵
  PID:4236
- C:\Windows\System\ALoiQWC.exe
  C:\Windows\System\ALoiQWC.exe
  2⤵
  PID:4252
- C:\Windows\System\qytakzx.exe
  C:\Windows\System\qytakzx.exe
  2⤵
  PID:4276
- C:\Windows\System\YxzDxJJ.exe
  C:\Windows\System\YxzDxJJ.exe
  2⤵
  PID:4292
- C:\Windows\System\XDvDvxg.exe
  C:\Windows\System\XDvDvxg.exe
  2⤵
  PID:4308
- C:\Windows\System\hpjsPxR.exe
  C:\Windows\System\hpjsPxR.exe
  2⤵
  PID:4328
- C:\Windows\System\rzoIYCC.exe
  C:\Windows\System\rzoIYCC.exe
  2⤵
  PID:4364
- C:\Windows\System\iEjOFBQ.exe
  C:\Windows\System\iEjOFBQ.exe
  2⤵
  PID:4380
- C:\Windows\System\MEcZNiX.exe
  C:\Windows\System\MEcZNiX.exe
  2⤵
  PID:4396
- C:\Windows\System\CgjQvFI.exe
  C:\Windows\System\CgjQvFI.exe
  2⤵
  PID:4412
- C:\Windows\System\WYjFNOR.exe
  C:\Windows\System\WYjFNOR.exe
  2⤵
  PID:4428
- C:\Windows\System\zTpcQYb.exe
  C:\Windows\System\zTpcQYb.exe
  2⤵
  PID:4444
- C:\Windows\System\VNDciKG.exe
  C:\Windows\System\VNDciKG.exe
  2⤵
  PID:4460
- C:\Windows\System\YCZdams.exe
  C:\Windows\System\YCZdams.exe
  2⤵
  PID:4476
- C:\Windows\System\DbMWfVX.exe
  C:\Windows\System\DbMWfVX.exe
  2⤵
  PID:4492
- C:\Windows\System\IzYNpwc.exe
  C:\Windows\System\IzYNpwc.exe
  2⤵
  PID:4520
- C:\Windows\System\iWdiAdn.exe
  C:\Windows\System\iWdiAdn.exe
  2⤵
  PID:4544
- C:\Windows\System\HJMmDaX.exe
  C:\Windows\System\HJMmDaX.exe
  2⤵
  PID:4564
- C:\Windows\System\eAmrvFR.exe
  C:\Windows\System\eAmrvFR.exe
  2⤵
  PID:4580
- C:\Windows\System\yRzgnwF.exe
  C:\Windows\System\yRzgnwF.exe
  2⤵
  PID:4596
- C:\Windows\System\STCYwUu.exe
  C:\Windows\System\STCYwUu.exe
  2⤵
  PID:4616
- C:\Windows\System\WaoSBLA.exe
  C:\Windows\System\WaoSBLA.exe
  2⤵
  PID:4632
- C:\Windows\System\suYIhjF.exe
  C:\Windows\System\suYIhjF.exe
  2⤵
  PID:4648
- C:\Windows\System\lxGeAwG.exe
  C:\Windows\System\lxGeAwG.exe
  2⤵
  PID:4664
- C:\Windows\System\EKiqCfN.exe
  C:\Windows\System\EKiqCfN.exe
  2⤵
  PID:4680
- C:\Windows\System\gXIbkrf.exe
  C:\Windows\System\gXIbkrf.exe
  2⤵
  PID:4696
- C:\Windows\System\JnCNYzv.exe
  C:\Windows\System\JnCNYzv.exe
  2⤵
  PID:4716
- C:\Windows\System\ECEDYCx.exe
  C:\Windows\System\ECEDYCx.exe
  2⤵
  PID:4736
- C:\Windows\System\PcogEoZ.exe
  C:\Windows\System\PcogEoZ.exe
  2⤵
  PID:4752
- C:\Windows\System\myxTkFq.exe
  C:\Windows\System\myxTkFq.exe
  2⤵
  PID:4768
- C:\Windows\System\URZKGKf.exe
  C:\Windows\System\URZKGKf.exe
  2⤵
  PID:4784
- C:\Windows\System\ssDSfrW.exe
  C:\Windows\System\ssDSfrW.exe
  2⤵
  PID:4800
- C:\Windows\System\csKWfJS.exe
  C:\Windows\System\csKWfJS.exe
  2⤵
  PID:4816
- C:\Windows\System\crOQhwI.exe
  C:\Windows\System\crOQhwI.exe
  2⤵
  PID:4900
- C:\Windows\System\QmOpYGG.exe
  C:\Windows\System\QmOpYGG.exe
  2⤵
  PID:4916
- C:\Windows\System\IRiMCIj.exe
  C:\Windows\System\IRiMCIj.exe
  2⤵
  PID:4932
- C:\Windows\System\aKfZerT.exe
  C:\Windows\System\aKfZerT.exe
  2⤵
  PID:4956
- C:\Windows\System\gyGpAAr.exe
  C:\Windows\System\gyGpAAr.exe
  2⤵
  PID:4972
- C:\Windows\System\jATpbUv.exe
  C:\Windows\System\jATpbUv.exe
  2⤵
  PID:4992
- C:\Windows\System\qLuwSiL.exe
  C:\Windows\System\qLuwSiL.exe
  2⤵
  PID:5008
- C:\Windows\System\EzCOhKn.exe
  C:\Windows\System\EzCOhKn.exe
  2⤵
  PID:5024
- C:\Windows\System\JZJnlrw.exe
  C:\Windows\System\JZJnlrw.exe
  2⤵
  PID:5040
- C:\Windows\System\fJSZvnH.exe
  C:\Windows\System\fJSZvnH.exe
  2⤵
  PID:5056
- C:\Windows\System\qvIygdL.exe
  C:\Windows\System\qvIygdL.exe
  2⤵
  PID:5076
- C:\Windows\System\jcPRxYo.exe
  C:\Windows\System\jcPRxYo.exe
  2⤵
  PID:5104
- C:\Windows\System\JeGhske.exe
  C:\Windows\System\JeGhske.exe
  2⤵
  PID:2196
- C:\Windows\System\qGFsVmL.exe
  C:\Windows\System\qGFsVmL.exe
  2⤵
  PID:4172
- C:\Windows\System\glXYFcn.exe
  C:\Windows\System\glXYFcn.exe
  2⤵
  PID:3808
- C:\Windows\System\aFFYAvP.exe
  C:\Windows\System\aFFYAvP.exe
  2⤵
  PID:4032
- C:\Windows\System\vmtVBlQ.exe
  C:\Windows\System\vmtVBlQ.exe
  2⤵
  PID:4112
- C:\Windows\System\vNQQMrK.exe
  C:\Windows\System\vNQQMrK.exe
  2⤵
  PID:4192
- C:\Windows\System\xvMUsGP.exe
  C:\Windows\System\xvMUsGP.exe
  2⤵
  PID:4260
- C:\Windows\System\osOwYAn.exe
  C:\Windows\System\osOwYAn.exe
  2⤵
  PID:4336
- C:\Windows\System\XAbmBtC.exe
  C:\Windows\System\XAbmBtC.exe
  2⤵
  PID:4212
- C:\Windows\System\rHYuclO.exe
  C:\Windows\System\rHYuclO.exe
  2⤵
  PID:4284
- C:\Windows\System\ZVlpuzF.exe
  C:\Windows\System\ZVlpuzF.exe
  2⤵
  PID:4348
- C:\Windows\System\dPvCXNj.exe
  C:\Windows\System\dPvCXNj.exe
  2⤵
  PID:4360
- C:\Windows\System\pBPjuzp.exe
  C:\Windows\System\pBPjuzp.exe
  2⤵
  PID:4424
- C:\Windows\System\LuviRyL.exe
  C:\Windows\System\LuviRyL.exe
  2⤵
  PID:4372
- C:\Windows\System\TwCcnFz.exe
  C:\Windows\System\TwCcnFz.exe
  2⤵
  PID:4404
- C:\Windows\System\JtHbTHa.exe
  C:\Windows\System\JtHbTHa.exe
  2⤵
  PID:2608
- C:\Windows\System\FaDkeTU.exe
  C:\Windows\System\FaDkeTU.exe
  2⤵
  PID:4608
- C:\Windows\System\xleLnJA.exe
  C:\Windows\System\xleLnJA.exe
  2⤵
  PID:4748
- C:\Windows\System\wFlwXvI.exe
  C:\Windows\System\wFlwXvI.exe
  2⤵
  PID:4440
- C:\Windows\System\lNTcvZL.exe
  C:\Windows\System\lNTcvZL.exe
  2⤵
  PID:4552
- C:\Windows\System\QrcykRk.exe
  C:\Windows\System\QrcykRk.exe
  2⤵
  PID:2496
- C:\Windows\System\hFzXHGd.exe
  C:\Windows\System\hFzXHGd.exe
  2⤵
  PID:4912
- C:\Windows\System\tZbiYYp.exe
  C:\Windows\System\tZbiYYp.exe
  2⤵
  PID:4660
- C:\Windows\System\jXzRUII.exe
  C:\Windows\System\jXzRUII.exe
  2⤵
  PID:4728
- C:\Windows\System\ISbdUwm.exe
  C:\Windows\System\ISbdUwm.exe
  2⤵
  PID:4836
- C:\Windows\System\pAvbRhf.exe
  C:\Windows\System\pAvbRhf.exe
  2⤵
  PID:4856
- C:\Windows\System\grcOzig.exe
  C:\Windows\System\grcOzig.exe
  2⤵
  PID:4952
- C:\Windows\System\zLLrhjx.exe
  C:\Windows\System\zLLrhjx.exe
  2⤵
  PID:5048
- C:\Windows\System\henuHOZ.exe
  C:\Windows\System\henuHOZ.exe
  2⤵
  PID:1556
- C:\Windows\System\yVcmzEY.exe
  C:\Windows\System\yVcmzEY.exe
  2⤵
  PID:4892
- C:\Windows\System\AahlgSz.exe
  C:\Windows\System\AahlgSz.exe
  2⤵
  PID:4884
- C:\Windows\System\ZPaqeiY.exe
  C:\Windows\System\ZPaqeiY.exe
  2⤵
  PID:4880
- C:\Windows\System\LXpNkCg.exe
  C:\Windows\System\LXpNkCg.exe
  2⤵
  PID:4924
- C:\Windows\System\QuSPUuW.exe
  C:\Windows\System\QuSPUuW.exe
  2⤵
  PID:5004
- C:\Windows\System\RXLUkeC.exe
  C:\Windows\System\RXLUkeC.exe
  2⤵
  PID:5068
- C:\Windows\System\DFVTqeO.exe
  C:\Windows\System\DFVTqeO.exe
  2⤵
  PID:5096
- C:\Windows\System\hWRZrzd.exe
  C:\Windows\System\hWRZrzd.exe
  2⤵
  PID:4160
- C:\Windows\System\DxkaTrf.exe
  C:\Windows\System\DxkaTrf.exe
  2⤵
  PID:3792
- C:\Windows\System\jTktQGU.exe
  C:\Windows\System\jTktQGU.exe
  2⤵
  PID:4188
- C:\Windows\System\uzqVcXt.exe
  C:\Windows\System\uzqVcXt.exe
  2⤵
  PID:4300
- C:\Windows\System\TAvKjMG.exe
  C:\Windows\System\TAvKjMG.exe
  2⤵
  PID:4324
- C:\Windows\System\ZQyHMnE.exe
  C:\Windows\System\ZQyHMnE.exe
  2⤵
  PID:4316
- C:\Windows\System\wZRvRvC.exe
  C:\Windows\System\wZRvRvC.exe
  2⤵
  PID:4456
- C:\Windows\System\XmBILJF.exe
  C:\Windows\System\XmBILJF.exe
  2⤵
  PID:4392
- C:\Windows\System\BOxWxvh.exe
  C:\Windows\System\BOxWxvh.exe
  2⤵
  PID:4344
- C:\Windows\System\LqKbOnm.exe
  C:\Windows\System\LqKbOnm.exe
  2⤵
  PID:4704
- C:\Windows\System\FGMlPVv.exe
  C:\Windows\System\FGMlPVv.exe
  2⤵
  PID:4712
- C:\Windows\System\YDoOvyX.exe
  C:\Windows\System\YDoOvyX.exe
  2⤵
  PID:4812
- C:\Windows\System\RxRcEfp.exe
  C:\Windows\System\RxRcEfp.exe
  2⤵
  PID:112
- C:\Windows\System\oxVyZFs.exe
  C:\Windows\System\oxVyZFs.exe
  2⤵
  PID:4516
- C:\Windows\System\yYTcIhr.exe
  C:\Windows\System\yYTcIhr.exe
  2⤵
  PID:4840
- C:\Windows\System\ClbBMQI.exe
  C:\Windows\System\ClbBMQI.exe
  2⤵
  PID:4984
- C:\Windows\System\NjaeHQb.exe
  C:\Windows\System\NjaeHQb.exe
  2⤵
  PID:4764
- C:\Windows\System\aQoMQCT.exe
  C:\Windows\System\aQoMQCT.exe
  2⤵
  PID:5000
- C:\Windows\System\PQtwtHH.exe
  C:\Windows\System\PQtwtHH.exe
  2⤵
  PID:2816
- C:\Windows\System\PMacDlb.exe
  C:\Windows\System\PMacDlb.exe
  2⤵
  PID:4184
- C:\Windows\System\qaCzwEF.exe
  C:\Windows\System\qaCzwEF.exe
  2⤵
  PID:2132
- C:\Windows\System\KeoiqcP.exe
  C:\Windows\System\KeoiqcP.exe
  2⤵
  PID:5084
- C:\Windows\System\gqIHkUh.exe
  C:\Windows\System\gqIHkUh.exe
  2⤵
  PID:3256
- C:\Windows\System\lzmnuJE.exe
  C:\Windows\System\lzmnuJE.exe
  2⤵
  PID:4196
- C:\Windows\System\GAfCgPx.exe
  C:\Windows\System\GAfCgPx.exe
  2⤵
  PID:1296
- C:\Windows\System\ZsKGsge.exe
  C:\Windows\System\ZsKGsge.exe
  2⤵
  PID:4832
- C:\Windows\System\wfmKGJi.exe
  C:\Windows\System\wfmKGJi.exe
  2⤵
  PID:3136
- C:\Windows\System\MdexZNQ.exe
  C:\Windows\System\MdexZNQ.exe
  2⤵
  PID:1648
- C:\Windows\System\sYExIlt.exe
  C:\Windows\System\sYExIlt.exe
  2⤵
  PID:1304
- C:\Windows\System\ekWqSIn.exe
  C:\Windows\System\ekWqSIn.exe
  2⤵
  PID:4796
- C:\Windows\System\cLdkOVY.exe
  C:\Windows\System\cLdkOVY.exe
  2⤵
  PID:4588
- C:\Windows\System\vqhWKLH.exe
  C:\Windows\System\vqhWKLH.exe
  2⤵
  PID:4644
- C:\Windows\System\NLffKrC.exe
  C:\Windows\System\NLffKrC.exe
  2⤵
  PID:4944
- C:\Windows\System\lqSZOaB.exe
  C:\Windows\System\lqSZOaB.exe
  2⤵
  PID:4656
- C:\Windows\System\ttjWaEu.exe
  C:\Windows\System\ttjWaEu.exe
  2⤵
  PID:5036
- C:\Windows\System\FqsqDOK.exe
  C:\Windows\System\FqsqDOK.exe
  2⤵
  PID:4436
- C:\Windows\System\PouYPBV.exe
  C:\Windows\System\PouYPBV.exe
  2⤵
  PID:4132
- C:\Windows\System\qpMMBHs.exe
  C:\Windows\System\qpMMBHs.exe
  2⤵
  PID:4532
- C:\Windows\System\sxlYoyP.exe
  C:\Windows\System\sxlYoyP.exe
  2⤵
  PID:1208
- C:\Windows\System\mcvYGBq.exe
  C:\Windows\System\mcvYGBq.exe
  2⤵
  PID:1548
- C:\Windows\System\EeHfCda.exe
  C:\Windows\System\EeHfCda.exe
  2⤵
  PID:4908
- C:\Windows\System\cHygyJK.exe
  C:\Windows\System\cHygyJK.exe
  2⤵
  PID:1356
- C:\Windows\System\tVIanmo.exe
  C:\Windows\System\tVIanmo.exe
  2⤵
  PID:5092
- C:\Windows\System\yXTfLmV.exe
  C:\Windows\System\yXTfLmV.exe
  2⤵
  PID:4472
- C:\Windows\System\NFUNMix.exe
  C:\Windows\System\NFUNMix.exe
  2⤵
  PID:5064
- C:\Windows\System\QYKVOQd.exe
  C:\Windows\System\QYKVOQd.exe
  2⤵
  PID:5020
- C:\Windows\System\kuPufgs.exe
  C:\Windows\System\kuPufgs.exe
  2⤵
  PID:1896
- C:\Windows\System\ZRIMEsK.exe
  C:\Windows\System\ZRIMEsK.exe
  2⤵
  PID:5132
- C:\Windows\System\NysejCY.exe
  C:\Windows\System\NysejCY.exe
  2⤵
  PID:5156
- C:\Windows\System\oGiIbaY.exe
  C:\Windows\System\oGiIbaY.exe
  2⤵
  PID:5172
- C:\Windows\System\vThYeWC.exe
  C:\Windows\System\vThYeWC.exe
  2⤵
  PID:5188
- C:\Windows\System\OjYULUs.exe
  C:\Windows\System\OjYULUs.exe
  2⤵
  PID:5204
- C:\Windows\System\BVOglLg.exe
  C:\Windows\System\BVOglLg.exe
  2⤵
  PID:5224
- C:\Windows\System\padUfnh.exe
  C:\Windows\System\padUfnh.exe
  2⤵
  PID:5244
- C:\Windows\System\GOXwCFA.exe
  C:\Windows\System\GOXwCFA.exe
  2⤵
  PID:5260
- C:\Windows\System\BkpHkUI.exe
  C:\Windows\System\BkpHkUI.exe
  2⤵
  PID:5276
- C:\Windows\System\wjkdtVV.exe
  C:\Windows\System\wjkdtVV.exe
  2⤵
  PID:5292
- C:\Windows\System\fpXEGwW.exe
  C:\Windows\System\fpXEGwW.exe
  2⤵
  PID:5312
- C:\Windows\System\cuUxImg.exe
  C:\Windows\System\cuUxImg.exe
  2⤵
  PID:5332
- C:\Windows\System\CoqUfRS.exe
  C:\Windows\System\CoqUfRS.exe
  2⤵
  PID:5348
- C:\Windows\System\MutYOlS.exe
  C:\Windows\System\MutYOlS.exe
  2⤵
  PID:5364
- C:\Windows\System\zAXKWgT.exe
  C:\Windows\System\zAXKWgT.exe
  2⤵
  PID:5404
- C:\Windows\System\PPcXIdW.exe
  C:\Windows\System\PPcXIdW.exe
  2⤵
  PID:5420
- C:\Windows\System\WJhGAKC.exe
  C:\Windows\System\WJhGAKC.exe
  2⤵
  PID:5440
- C:\Windows\System\mWzWCdV.exe
  C:\Windows\System\mWzWCdV.exe
  2⤵
  PID:5468
- C:\Windows\System\FOGKhPH.exe
  C:\Windows\System\FOGKhPH.exe
  2⤵
  PID:5484
- C:\Windows\System\KvPAlfo.exe
  C:\Windows\System\KvPAlfo.exe
  2⤵
  PID:5504
- C:\Windows\System\tWIDKvX.exe
  C:\Windows\System\tWIDKvX.exe
  2⤵
  PID:5532
- C:\Windows\System\uHpWFgd.exe
  C:\Windows\System\uHpWFgd.exe
  2⤵
  PID:5552
- C:\Windows\System\proBAbl.exe
  C:\Windows\System\proBAbl.exe
  2⤵
  PID:5568
- C:\Windows\System\UlhFxbW.exe
  C:\Windows\System\UlhFxbW.exe
  2⤵
  PID:5588
- C:\Windows\System\lJjBUky.exe
  C:\Windows\System\lJjBUky.exe
  2⤵
  PID:5644
- C:\Windows\System\OBJyEPS.exe
  C:\Windows\System\OBJyEPS.exe
  2⤵
  PID:5668
- C:\Windows\System\uIPWGtx.exe
  C:\Windows\System\uIPWGtx.exe
  2⤵
  PID:5684
- C:\Windows\System\LUXOxsi.exe
  C:\Windows\System\LUXOxsi.exe
  2⤵
  PID:5704
- C:\Windows\System\WZZxIxt.exe
  C:\Windows\System\WZZxIxt.exe
  2⤵
  PID:5720
- C:\Windows\System\BlwYUol.exe
  C:\Windows\System\BlwYUol.exe
  2⤵
  PID:5740
- C:\Windows\System\uzVWMLm.exe
  C:\Windows\System\uzVWMLm.exe
  2⤵
  PID:5756
- C:\Windows\System\cgwLIlm.exe
  C:\Windows\System\cgwLIlm.exe
  2⤵
  PID:5772
- C:\Windows\System\qQTylTg.exe
  C:\Windows\System\qQTylTg.exe
  2⤵
  PID:5792
- C:\Windows\System\FGPFyBB.exe
  C:\Windows\System\FGPFyBB.exe
  2⤵
  PID:5812
- C:\Windows\System\JpgniLX.exe
  C:\Windows\System\JpgniLX.exe
  2⤵
  PID:5828
- C:\Windows\System\dQjXTRM.exe
  C:\Windows\System\dQjXTRM.exe
  2⤵
  PID:5852
- C:\Windows\System\ZNuDpIq.exe
  C:\Windows\System\ZNuDpIq.exe
  2⤵
  PID:5884
- C:\Windows\System\GzdMVfT.exe
  C:\Windows\System\GzdMVfT.exe
  2⤵
  PID:5904
- C:\Windows\System\TVjbKwH.exe
  C:\Windows\System\TVjbKwH.exe
  2⤵
  PID:5920
- C:\Windows\System\KFYmZQv.exe
  C:\Windows\System\KFYmZQv.exe
  2⤵
  PID:5936
- C:\Windows\System\ANWTfnG.exe
  C:\Windows\System\ANWTfnG.exe
  2⤵
  PID:5956
- C:\Windows\System\zCmNOgV.exe
  C:\Windows\System\zCmNOgV.exe
  2⤵
  PID:5972
- C:\Windows\System\ciUImGX.exe
  C:\Windows\System\ciUImGX.exe
  2⤵
  PID:5992
- C:\Windows\System\cwfhtbx.exe
  C:\Windows\System\cwfhtbx.exe
  2⤵
  PID:6024
- C:\Windows\System\EPjuEof.exe
  C:\Windows\System\EPjuEof.exe
  2⤵
  PID:6040
- C:\Windows\System\CvxnAGt.exe
  C:\Windows\System\CvxnAGt.exe
  2⤵
  PID:6056
- C:\Windows\System\wQXvYZt.exe
  C:\Windows\System\wQXvYZt.exe
  2⤵
  PID:6072
- C:\Windows\System\wsAHuPA.exe
  C:\Windows\System\wsAHuPA.exe
  2⤵
  PID:6096
- C:\Windows\System\dFEPcDf.exe
  C:\Windows\System\dFEPcDf.exe
  2⤵
  PID:6116
- C:\Windows\System\GgdKimE.exe
  C:\Windows\System\GgdKimE.exe
  2⤵
  PID:6132
- C:\Windows\System\bfMnxDb.exe
  C:\Windows\System\bfMnxDb.exe
  2⤵
  PID:4540
- C:\Windows\System\fDanLFz.exe
  C:\Windows\System\fDanLFz.exe
  2⤵
  PID:4100
- C:\Windows\System\jEMJIyY.exe
  C:\Windows\System\jEMJIyY.exe
  2⤵
  PID:5232
- C:\Windows\System\quUYZRc.exe
  C:\Windows\System\quUYZRc.exe
  2⤵
  PID:5268
- C:\Windows\System\mCbJfVT.exe
  C:\Windows\System\mCbJfVT.exe
  2⤵
  PID:5340
- C:\Windows\System\nBBUIzk.exe
  C:\Windows\System\nBBUIzk.exe
  2⤵
  PID:5388
- C:\Windows\System\ErrYxlW.exe
  C:\Windows\System\ErrYxlW.exe
  2⤵
  PID:5428
- C:\Windows\System\TqJQntT.exe
  C:\Windows\System\TqJQntT.exe
  2⤵
  PID:5520
- C:\Windows\System\RnpryqU.exe
  C:\Windows\System\RnpryqU.exe
  2⤵
  PID:5524
- C:\Windows\System\NbcdznZ.exe
  C:\Windows\System\NbcdznZ.exe
  2⤵
  PID:4512
- C:\Windows\System\vZhYdHQ.exe
  C:\Windows\System\vZhYdHQ.exe
  2⤵
  PID:4128
- C:\Windows\System\ymtMKVs.exe
  C:\Windows\System\ymtMKVs.exe
  2⤵
  PID:2168
- C:\Windows\System\tYWBNKo.exe
  C:\Windows\System\tYWBNKo.exe
  2⤵
  PID:5596
- C:\Windows\System\ogTlNzD.exe
  C:\Windows\System\ogTlNzD.exe
  2⤵
  PID:5180
- C:\Windows\System\UjovBbO.exe
  C:\Windows\System\UjovBbO.exe
  2⤵
  PID:5284
- C:\Windows\System\ymKPcVU.exe
  C:\Windows\System\ymKPcVU.exe
  2⤵
  PID:5360
- C:\Windows\System\LQmSSgW.exe
  C:\Windows\System\LQmSSgW.exe
  2⤵
  PID:5416
- C:\Windows\System\MmLcloz.exe
  C:\Windows\System\MmLcloz.exe
  2⤵
  PID:5460
- C:\Windows\System\CaqQVeb.exe
  C:\Windows\System\CaqQVeb.exe
  2⤵
  PID:5492
- C:\Windows\System\kNJbSaH.exe
  C:\Windows\System\kNJbSaH.exe
  2⤵
  PID:5216
- C:\Windows\System\bOqPYNx.exe
  C:\Windows\System\bOqPYNx.exe
  2⤵
  PID:5652
- C:\Windows\System\UBHWUtW.exe
  C:\Windows\System\UBHWUtW.exe
  2⤵
  PID:5676
- C:\Windows\System\RaaanYs.exe
  C:\Windows\System\RaaanYs.exe
  2⤵
  PID:5784
- C:\Windows\System\bDqdGtQ.exe
  C:\Windows\System\bDqdGtQ.exe
  2⤵
  PID:2124
- C:\Windows\System\sRjyMZr.exe
  C:\Windows\System\sRjyMZr.exe
  2⤵
  PID:5820
- C:\Windows\System\dUHjgvK.exe
  C:\Windows\System\dUHjgvK.exe
  2⤵
  PID:5808
- C:\Windows\System\CRrDPFn.exe
  C:\Windows\System\CRrDPFn.exe
  2⤵
  PID:5840
- C:\Windows\System\bOrCYIx.exe
  C:\Windows\System\bOrCYIx.exe
  2⤵
  PID:5872
- C:\Windows\System\NCjoMwh.exe
  C:\Windows\System\NCjoMwh.exe
  2⤵
  PID:5916
- C:\Windows\System\aWScrnS.exe
  C:\Windows\System\aWScrnS.exe
  2⤵
  PID:5952
- C:\Windows\System\kPoUWKL.exe
  C:\Windows\System\kPoUWKL.exe
  2⤵
  PID:5892
- C:\Windows\System\EzFraRA.exe
  C:\Windows\System\EzFraRA.exe
  2⤵
  PID:5932
- C:\Windows\System\DytSNxz.exe
  C:\Windows\System\DytSNxz.exe
  2⤵
  PID:6064
- C:\Windows\System\YRZODIl.exe
  C:\Windows\System\YRZODIl.exe
  2⤵
  PID:6112
- C:\Windows\System\VSKmuut.exe
  C:\Windows\System\VSKmuut.exe
  2⤵
  PID:6012
- C:\Windows\System\sniPzvu.exe
  C:\Windows\System\sniPzvu.exe
  2⤵
  PID:1856
- C:\Windows\System\XdJRbrW.exe
  C:\Windows\System\XdJRbrW.exe
  2⤵
  PID:6016
- C:\Windows\System\rZCbaMk.exe
  C:\Windows\System\rZCbaMk.exe
  2⤵
  PID:6084
- C:\Windows\System\gBsVmCR.exe
  C:\Windows\System\gBsVmCR.exe
  2⤵
  PID:5152
- C:\Windows\System\nrJLFOm.exe
  C:\Windows\System\nrJLFOm.exe
  2⤵
  PID:1868
- C:\Windows\System\JiRVBcT.exe
  C:\Windows\System\JiRVBcT.exe
  2⤵
  PID:5480
- C:\Windows\System\MLFxziG.exe
  C:\Windows\System\MLFxziG.exe
  2⤵
  PID:5528
- C:\Windows\System\jHAsHLh.exe
  C:\Windows\System\jHAsHLh.exe
  2⤵
  PID:5320
- C:\Windows\System\wyzOURq.exe
  C:\Windows\System\wyzOURq.exe
  2⤵
  PID:2060
- C:\Windows\System\NqEIqlJ.exe
  C:\Windows\System\NqEIqlJ.exe
  2⤵
  PID:5540
- C:\Windows\System\ejaatPd.exe
  C:\Windows\System\ejaatPd.exe
  2⤵
  PID:4640
- C:\Windows\System\EgfueWU.exe
  C:\Windows\System\EgfueWU.exe
  2⤵
  PID:5624
- C:\Windows\System\SdtYQhS.exe
  C:\Windows\System\SdtYQhS.exe
  2⤵
  PID:2332
- C:\Windows\System\kudMVSb.exe
  C:\Windows\System\kudMVSb.exe
  2⤵
  PID:5576
- C:\Windows\System\FDBFOan.exe
  C:\Windows\System\FDBFOan.exe
  2⤵
  PID:5752
- C:\Windows\System\bqjLGUx.exe
  C:\Windows\System\bqjLGUx.exe
  2⤵
  PID:5664
- C:\Windows\System\siPYitr.exe
  C:\Windows\System\siPYitr.exe
  2⤵
  PID:5968
- C:\Windows\System\jlhVmQB.exe
  C:\Windows\System\jlhVmQB.exe
  2⤵
  PID:5384
- C:\Windows\System\xLUSkJX.exe
  C:\Windows\System\xLUSkJX.exe
  2⤵
  PID:5564
- C:\Windows\System\VwtRZZk.exe
  C:\Windows\System\VwtRZZk.exe
  2⤵
  PID:5148
- C:\Windows\System\klXlBzA.exe
  C:\Windows\System\klXlBzA.exe
  2⤵
  PID:5640
- C:\Windows\System\XcCqLeQ.exe
  C:\Windows\System\XcCqLeQ.exe
  2⤵
  PID:5696
- C:\Windows\System\GCzLDWx.exe
  C:\Windows\System\GCzLDWx.exe
  2⤵
  PID:5700
- C:\Windows\System\VowXYZm.exe
  C:\Windows\System\VowXYZm.exe
  2⤵
  PID:6128
- C:\Windows\System\LtRghTu.exe
  C:\Windows\System\LtRghTu.exe
  2⤵
  PID:5304
- C:\Windows\System\BGziSiv.exe
  C:\Windows\System\BGziSiv.exe
  2⤵
  PID:5396
- C:\Windows\System\spYscnU.exe
  C:\Windows\System\spYscnU.exe
  2⤵
  PID:5252
- C:\Windows\System\qmLCSbd.exe
  C:\Windows\System\qmLCSbd.exe
  2⤵
  PID:6036
- C:\Windows\System\MYwJLTV.exe
  C:\Windows\System\MYwJLTV.exe
  2⤵
  PID:5880
- C:\Windows\System\pLZdapc.exe
  C:\Windows\System\pLZdapc.exe
  2⤵
  PID:5660
- C:\Windows\System\XgYatNl.exe
  C:\Windows\System\XgYatNl.exe
  2⤵
  PID:5800
- C:\Windows\System\hZKMPPZ.exe
  C:\Windows\System\hZKMPPZ.exe
  2⤵
  PID:5240
- C:\Windows\System\SWQjvIi.exe
  C:\Windows\System\SWQjvIi.exe
  2⤵
  PID:6032
- C:\Windows\System\hMRFdWj.exe
  C:\Windows\System\hMRFdWj.exe
  2⤵
  PID:5464
- C:\Windows\System\zwLYiuM.exe
  C:\Windows\System\zwLYiuM.exe
  2⤵
  PID:6020
- C:\Windows\System\tItDpFv.exe
  C:\Windows\System\tItDpFv.exe
  2⤵
  PID:5692
- C:\Windows\System\KPgFYuH.exe
  C:\Windows\System\KPgFYuH.exe
  2⤵
  PID:5164
- C:\Windows\System\CHiTnUG.exe
  C:\Windows\System\CHiTnUG.exe
  2⤵
  PID:6092
- C:\Windows\System\efgIAHs.exe
  C:\Windows\System\efgIAHs.exe
  2⤵
  PID:5900
- C:\Windows\System\FfMthlP.exe
  C:\Windows\System\FfMthlP.exe
  2⤵
  PID:5748
- C:\Windows\System\OFBaFwT.exe
  C:\Windows\System\OFBaFwT.exe
  2⤵
  PID:5544
- C:\Windows\System\cCEAwPT.exe
  C:\Windows\System\cCEAwPT.exe
  2⤵
  PID:4968
- C:\Windows\System\Mdzterl.exe
  C:\Windows\System\Mdzterl.exe
  2⤵
  PID:5376
- C:\Windows\System\CGrMLZy.exe
  C:\Windows\System\CGrMLZy.exe
  2⤵
  PID:5868
- C:\Windows\System\TNUcnZb.exe
  C:\Windows\System\TNUcnZb.exe
  2⤵
  PID:6080
- C:\Windows\System\epokbsP.exe
  C:\Windows\System\epokbsP.exe
  2⤵
  PID:6168
- C:\Windows\System\brYHztz.exe
  C:\Windows\System\brYHztz.exe
  2⤵
  PID:6188
- C:\Windows\System\SlykEmc.exe
  C:\Windows\System\SlykEmc.exe
  2⤵
  PID:6204
- C:\Windows\System\JLefzoY.exe
  C:\Windows\System\JLefzoY.exe
  2⤵
  PID:6252
- C:\Windows\System\LLqluyp.exe
  C:\Windows\System\LLqluyp.exe
  2⤵
  PID:6272
- C:\Windows\System\rbowgjk.exe
  C:\Windows\System\rbowgjk.exe
  2⤵
  PID:6288
- C:\Windows\System\zWiofQS.exe
  C:\Windows\System\zWiofQS.exe
  2⤵
  PID:6304
- C:\Windows\System\SThFYyX.exe
  C:\Windows\System\SThFYyX.exe
  2⤵
  PID:6324
- C:\Windows\System\FpdlATz.exe
  C:\Windows\System\FpdlATz.exe
  2⤵
  PID:6348
- C:\Windows\System\IngIhPh.exe
  C:\Windows\System\IngIhPh.exe
  2⤵
  PID:6368
- C:\Windows\System\DKCzAiL.exe
  C:\Windows\System\DKCzAiL.exe
  2⤵
  PID:6384
- C:\Windows\System\ksFKSDM.exe
  C:\Windows\System\ksFKSDM.exe
  2⤵
  PID:6404
- C:\Windows\System\wzGlmZg.exe
  C:\Windows\System\wzGlmZg.exe
  2⤵
  PID:6420
- C:\Windows\System\MVgVYVJ.exe
  C:\Windows\System\MVgVYVJ.exe
  2⤵
  PID:6436
- C:\Windows\System\seiVcdF.exe
  C:\Windows\System\seiVcdF.exe
  2⤵
  PID:6452
- C:\Windows\System\GvpkxfD.exe
  C:\Windows\System\GvpkxfD.exe
  2⤵
  PID:6472
- C:\Windows\System\ayKOYQK.exe
  C:\Windows\System\ayKOYQK.exe
  2⤵
  PID:6492
- C:\Windows\System\HUjvRgL.exe
  C:\Windows\System\HUjvRgL.exe
  2⤵
  PID:6532
- C:\Windows\System\dZeqsWV.exe
  C:\Windows\System\dZeqsWV.exe
  2⤵
  PID:6548
- C:\Windows\System\YKLoxTE.exe
  C:\Windows\System\YKLoxTE.exe
  2⤵
  PID:6564
- C:\Windows\System\SkZkHSB.exe
  C:\Windows\System\SkZkHSB.exe
  2⤵
  PID:6580
- C:\Windows\System\eEoFlse.exe
  C:\Windows\System\eEoFlse.exe
  2⤵
  PID:6596
- C:\Windows\System\KKEfXrg.exe
  C:\Windows\System\KKEfXrg.exe
  2⤵
  PID:6612
- C:\Windows\System\spuVgyp.exe
  C:\Windows\System\spuVgyp.exe
  2⤵
  PID:6628
- C:\Windows\System\UUdRRFM.exe
  C:\Windows\System\UUdRRFM.exe
  2⤵
  PID:6644
- C:\Windows\System\rcueSkn.exe
  C:\Windows\System\rcueSkn.exe
  2⤵
  PID:6660
- C:\Windows\System\RpHYYKp.exe
  C:\Windows\System\RpHYYKp.exe
  2⤵
  PID:6676
- C:\Windows\System\NGATUpo.exe
  C:\Windows\System\NGATUpo.exe
  2⤵
  PID:6696
- C:\Windows\System\rLScWKx.exe
  C:\Windows\System\rLScWKx.exe
  2⤵
  PID:6720
- C:\Windows\System\VtZaICb.exe
  C:\Windows\System\VtZaICb.exe
  2⤵
  PID:6744
- C:\Windows\System\IKuIPcR.exe
  C:\Windows\System\IKuIPcR.exe
  2⤵
  PID:6768
- C:\Windows\System\jgkAhWW.exe
  C:\Windows\System\jgkAhWW.exe
  2⤵
  PID:6808
- C:\Windows\System\ETfIjbW.exe
  C:\Windows\System\ETfIjbW.exe
  2⤵
  PID:6828
- C:\Windows\System\zeBJZUH.exe
  C:\Windows\System\zeBJZUH.exe
  2⤵
  PID:6844
- C:\Windows\System\wLEMAfS.exe
  C:\Windows\System\wLEMAfS.exe
  2⤵
  PID:6860
- C:\Windows\System\kXsKnfE.exe
  C:\Windows\System\kXsKnfE.exe
  2⤵
  PID:6876
- C:\Windows\System\EkrvlXE.exe
  C:\Windows\System\EkrvlXE.exe
  2⤵
  PID:6892
- C:\Windows\System\XNCHtfa.exe
  C:\Windows\System\XNCHtfa.exe
  2⤵
  PID:6908
- C:\Windows\System\gtyiaHE.exe
  C:\Windows\System\gtyiaHE.exe
  2⤵
  PID:6932
- C:\Windows\System\RXwWXzm.exe
  C:\Windows\System\RXwWXzm.exe
  2⤵
  PID:6952
- C:\Windows\System\CpCCKwE.exe
  C:\Windows\System\CpCCKwE.exe
  2⤵
  PID:6988
- C:\Windows\System\DiiPesL.exe
  C:\Windows\System\DiiPesL.exe
  2⤵
  PID:7004
- C:\Windows\System\VELprIL.exe
  C:\Windows\System\VELprIL.exe
  2⤵
  PID:7020
- C:\Windows\System\tbYQZEc.exe
  C:\Windows\System\tbYQZEc.exe
  2⤵
  PID:7036
- C:\Windows\System\vNtpcWW.exe
  C:\Windows\System\vNtpcWW.exe
  2⤵
  PID:7052
- C:\Windows\System\cayBAVS.exe
  C:\Windows\System\cayBAVS.exe
  2⤵
  PID:7068
- C:\Windows\System\tMQAlKA.exe
  C:\Windows\System\tMQAlKA.exe
  2⤵
  PID:7084
- C:\Windows\System\OvFdDxO.exe
  C:\Windows\System\OvFdDxO.exe
  2⤵
  PID:7100
- C:\Windows\System\InCEiht.exe
  C:\Windows\System\InCEiht.exe
  2⤵
  PID:7116
- C:\Windows\System\qGCIvho.exe
  C:\Windows\System\qGCIvho.exe
  2⤵
  PID:448
- C:\Windows\System\rJorQSh.exe
  C:\Windows\System\rJorQSh.exe
  2⤵
  PID:6152
- C:\Windows\System\BfoJpnk.exe
  C:\Windows\System\BfoJpnk.exe
  2⤵
  PID:4508
- C:\Windows\System\SYXHnjp.exe
  C:\Windows\System\SYXHnjp.exe
  2⤵
  PID:4004
- C:\Windows\System\qrmJvan.exe
  C:\Windows\System\qrmJvan.exe
  2⤵
  PID:6196
- C:\Windows\System\TaXtNZp.exe
  C:\Windows\System\TaXtNZp.exe
  2⤵
  PID:6180
- C:\Windows\System\NeEzypN.exe
  C:\Windows\System\NeEzypN.exe
  2⤵
  PID:6212
- C:\Windows\System\rmozfAS.exe
  C:\Windows\System\rmozfAS.exe
  2⤵
  PID:6224
- C:\Windows\System\KBvNgPk.exe
  C:\Windows\System\KBvNgPk.exe
  2⤵
  PID:6248
- C:\Windows\System\flUzAJw.exe
  C:\Windows\System\flUzAJw.exe
  2⤵
  PID:6300
- C:\Windows\System\slsqnqY.exe
  C:\Windows\System\slsqnqY.exe
  2⤵
  PID:6316
- C:\Windows\System\VuuCnpY.exe
  C:\Windows\System\VuuCnpY.exe
  2⤵
  PID:6432
- C:\Windows\System\IRJhklO.exe
  C:\Windows\System\IRJhklO.exe
  2⤵
  PID:6500
- C:\Windows\System\FmyzwgB.exe
  C:\Windows\System\FmyzwgB.exe
  2⤵
  PID:6520
- C:\Windows\System\MXcqoHx.exe
  C:\Windows\System\MXcqoHx.exe
  2⤵
  PID:6416
- C:\Windows\System\FiawWZX.exe
  C:\Windows\System\FiawWZX.exe
  2⤵
  PID:6484
- C:\Windows\System\wtMpqCf.exe
  C:\Windows\System\wtMpqCf.exe
  2⤵
  PID:6540
- C:\Windows\System\qkKlWjR.exe
  C:\Windows\System\qkKlWjR.exe
  2⤵
  PID:6572
- C:\Windows\System\tHrvAuh.exe
  C:\Windows\System\tHrvAuh.exe
  2⤵
  PID:6640
- C:\Windows\System\KrlmAXf.exe
  C:\Windows\System\KrlmAXf.exe
  2⤵
  PID:6732
- C:\Windows\System\BJqfSiZ.exe
  C:\Windows\System\BJqfSiZ.exe
  2⤵
  PID:6688
- C:\Windows\System\AwSwDLM.exe
  C:\Windows\System\AwSwDLM.exe
  2⤵
  PID:6716
- C:\Windows\System\FXFOlGg.exe
  C:\Windows\System\FXFOlGg.exe
  2⤵
  PID:6624
- C:\Windows\System\qtHQmsn.exe
  C:\Windows\System\qtHQmsn.exe
  2⤵
  PID:6760
- C:\Windows\System\Kgxwdfd.exe
  C:\Windows\System\Kgxwdfd.exe
  2⤵
  PID:6820
- C:\Windows\System\omFjQBe.exe
  C:\Windows\System\omFjQBe.exe
  2⤵
  PID:6784
- C:\Windows\System\UTmxxpx.exe
  C:\Windows\System\UTmxxpx.exe
  2⤵
  PID:6804
- C:\Windows\System\xBkhkBI.exe
  C:\Windows\System\xBkhkBI.exe
  2⤵
  PID:6972
- C:\Windows\System\SvsmTCL.exe
  C:\Windows\System\SvsmTCL.exe
  2⤵
  PID:6872
- C:\Windows\System\pYjkLUc.exe
  C:\Windows\System\pYjkLUc.exe
  2⤵
  PID:6964
- C:\Windows\System\MqmvyWh.exe
  C:\Windows\System\MqmvyWh.exe
  2⤵
  PID:7048
- C:\Windows\System\UyAkMtc.exe
  C:\Windows\System\UyAkMtc.exe
  2⤵
  PID:7096
- C:\Windows\System\sVUefUP.exe
  C:\Windows\System\sVUefUP.exe
  2⤵
  PID:7092
- C:\Windows\System\FjHKoTJ.exe
  C:\Windows\System\FjHKoTJ.exe
  2⤵
  PID:7148
- C:\Windows\System\aeWrXSW.exe
  C:\Windows\System\aeWrXSW.exe
  2⤵
  PID:7152
- C:\Windows\System\sQYhDpt.exe
  C:\Windows\System\sQYhDpt.exe
  2⤵
  PID:5616
- C:\Windows\System\WWstXkT.exe
  C:\Windows\System\WWstXkT.exe
  2⤵
  PID:5912
- C:\Windows\System\etHMdxJ.exe
  C:\Windows\System\etHMdxJ.exe
  2⤵
  PID:5380
- C:\Windows\System\CvpPlYP.exe
  C:\Windows\System\CvpPlYP.exe
  2⤵
  PID:4304
- C:\Windows\System\XBtKsos.exe
  C:\Windows\System\XBtKsos.exe
  2⤵
  PID:2044
- C:\Windows\System\ganbkuJ.exe
  C:\Windows\System\ganbkuJ.exe
  2⤵
  PID:6260
- C:\Windows\System\GSkoXGE.exe
  C:\Windows\System\GSkoXGE.exe
  2⤵
  PID:6340
- C:\Windows\System\zbJDpOf.exe
  C:\Windows\System\zbJDpOf.exe
  2⤵
  PID:6364
- C:\Windows\System\DNPfFjf.exe
  C:\Windows\System\DNPfFjf.exe
  2⤵
  PID:6428
- C:\Windows\System\HMRzSHs.exe
  C:\Windows\System\HMRzSHs.exe
  2⤵
  PID:6380
- C:\Windows\System\HiXJxuc.exe
  C:\Windows\System\HiXJxuc.exe
  2⤵
  PID:1396
- C:\Windows\System\cigQrhe.exe
  C:\Windows\System\cigQrhe.exe
  2⤵
  PID:6656
- C:\Windows\System\HYWGjFv.exe
  C:\Windows\System\HYWGjFv.exe
  2⤵
  PID:6708
- C:\Windows\System\nkZgcBz.exe
  C:\Windows\System\nkZgcBz.exe
  2⤵
  PID:6636
- C:\Windows\System\uwwtZnO.exe
  C:\Windows\System\uwwtZnO.exe
  2⤵
  PID:6712
- C:\Windows\System\flYKVRK.exe
  C:\Windows\System\flYKVRK.exe
  2⤵
  PID:6916
- C:\Windows\System\UMknRqR.exe
  C:\Windows\System\UMknRqR.exe
  2⤵
  PID:6776
- C:\Windows\System\yXcZcQN.exe
  C:\Windows\System\yXcZcQN.exe
  2⤵
  PID:6904
- C:\Windows\System\iQDaUAh.exe
  C:\Windows\System\iQDaUAh.exe
  2⤵
  PID:6980
- C:\Windows\System\nIzTjZD.exe
  C:\Windows\System\nIzTjZD.exe
  2⤵
  PID:7108
- C:\Windows\System\pTPdDzL.exe
  C:\Windows\System\pTPdDzL.exe
  2⤵
  PID:7032
- C:\Windows\System\hsUmIZe.exe
  C:\Windows\System\hsUmIZe.exe
  2⤵
  PID:7164
- C:\Windows\System\iEnAYIU.exe
  C:\Windows\System\iEnAYIU.exe
  2⤵
  PID:5196
- C:\Windows\System\FUnCeMM.exe
  C:\Windows\System\FUnCeMM.exe
  2⤵
  PID:7136
- C:\Windows\System\UeXhWmf.exe
  C:\Windows\System\UeXhWmf.exe
  2⤵
  PID:6312
- C:\Windows\System\xCkzOsE.exe
  C:\Windows\System\xCkzOsE.exe
  2⤵
  PID:6332
- C:\Windows\System\RAJpXNE.exe
  C:\Windows\System\RAJpXNE.exe
  2⤵
  PID:6296
- C:\Windows\System\sDiJZFV.exe
  C:\Windows\System\sDiJZFV.exe
  2⤵
  PID:6396
- C:\Windows\System\GiIILfE.exe
  C:\Windows\System\GiIILfE.exe
  2⤵
  PID:6356
- C:\Windows\System\bOigVxQ.exe
  C:\Windows\System\bOigVxQ.exe
  2⤵
  PID:6448
- C:\Windows\System\FqPsIOc.exe
  C:\Windows\System\FqPsIOc.exe
  2⤵
  PID:6728
- C:\Windows\System\GSjeTaP.exe
  C:\Windows\System\GSjeTaP.exe
  2⤵
  PID:6924
- C:\Windows\System\phvEVoH.exe
  C:\Windows\System\phvEVoH.exe
  2⤵
  PID:5372
- C:\Windows\System\mqObZQJ.exe
  C:\Windows\System\mqObZQJ.exe
  2⤵
  PID:2872
- C:\Windows\System\cagZlUQ.exe
  C:\Windows\System\cagZlUQ.exe
  2⤵
  PID:6968
- C:\Windows\System\lqdxWWf.exe
  C:\Windows\System\lqdxWWf.exe
  2⤵
  PID:5456
- C:\Windows\System\wpYoACK.exe
  C:\Windows\System\wpYoACK.exe
  2⤵
  PID:6996
- C:\Windows\System\IkhIxyN.exe
  C:\Windows\System\IkhIxyN.exe
  2⤵
  PID:6512
- C:\Windows\System\ICOSsGY.exe
  C:\Windows\System\ICOSsGY.exe
  2⤵
  PID:6504
- C:\Windows\System\YjCleER.exe
  C:\Windows\System\YjCleER.exe
  2⤵
  PID:6480
- C:\Windows\System\QzenCxu.exe
  C:\Windows\System\QzenCxu.exe
  2⤵
  PID:6888
- C:\Windows\System\pBsOZVr.exe
  C:\Windows\System\pBsOZVr.exe
  2⤵
  PID:7144
- C:\Windows\System\CJPiSRg.exe
  C:\Windows\System\CJPiSRg.exe
  2⤵
  PID:6468
- C:\Windows\System\xJVVkiK.exe
  C:\Windows\System\xJVVkiK.exe
  2⤵
  PID:6800
- C:\Windows\System\luOLXgr.exe
  C:\Windows\System\luOLXgr.exe
  2⤵
  PID:1948
- C:\Windows\System\zlnRBHQ.exe
  C:\Windows\System\zlnRBHQ.exe
  2⤵
  PID:6268
- C:\Windows\System\SOAfGCx.exe
  C:\Windows\System\SOAfGCx.exe
  2⤵
  PID:6360
- C:\Windows\System\SAnpZUg.exe
  C:\Windows\System\SAnpZUg.exe
  2⤵
  PID:5848
- C:\Windows\System\WbziKLu.exe
  C:\Windows\System\WbziKLu.exe
  2⤵
  PID:6528
- C:\Windows\System\MKxLCHF.exe
  C:\Windows\System\MKxLCHF.exe
  2⤵
  PID:7184
- C:\Windows\System\iHsXvKc.exe
  C:\Windows\System\iHsXvKc.exe
  2⤵
  PID:7220
- C:\Windows\System\RmqAMPd.exe
  C:\Windows\System\RmqAMPd.exe
  2⤵
  PID:7240
- C:\Windows\System\XkSZuat.exe
  C:\Windows\System\XkSZuat.exe
  2⤵
  PID:7264
- C:\Windows\System\djcyeuO.exe
  C:\Windows\System\djcyeuO.exe
  2⤵
  PID:7288
- C:\Windows\System\MyCEOio.exe
  C:\Windows\System\MyCEOio.exe
  2⤵
  PID:7304
- C:\Windows\System\FheDvPj.exe
  C:\Windows\System\FheDvPj.exe
  2⤵
  PID:7320
- C:\Windows\System\hpGviJN.exe
  C:\Windows\System\hpGviJN.exe
  2⤵
  PID:7352
- C:\Windows\System\BOCgAUB.exe
  C:\Windows\System\BOCgAUB.exe
  2⤵
  PID:7368
- C:\Windows\System\NyDylnV.exe
  C:\Windows\System\NyDylnV.exe
  2⤵
  PID:7384
- C:\Windows\System\iVhNAbC.exe
  C:\Windows\System\iVhNAbC.exe
  2⤵
  PID:7400
- C:\Windows\System\alzmfHJ.exe
  C:\Windows\System\alzmfHJ.exe
  2⤵
  PID:7416
- C:\Windows\System\IoAYNMf.exe
  C:\Windows\System\IoAYNMf.exe
  2⤵
  PID:7436
- C:\Windows\System\hRZCvfs.exe
  C:\Windows\System\hRZCvfs.exe
  2⤵
  PID:7456
- C:\Windows\System\yfxFBom.exe
  C:\Windows\System\yfxFBom.exe
  2⤵
  PID:7472
- C:\Windows\System\ZaShLci.exe
  C:\Windows\System\ZaShLci.exe
  2⤵
  PID:7488
- C:\Windows\System\SJAJvTP.exe
  C:\Windows\System\SJAJvTP.exe
  2⤵
  PID:7504
- C:\Windows\System\fCFUHmH.exe
  C:\Windows\System\fCFUHmH.exe
  2⤵
  PID:7524
- C:\Windows\System\XocxxPt.exe
  C:\Windows\System\XocxxPt.exe
  2⤵
  PID:7544
- C:\Windows\System\OKHrslM.exe
  C:\Windows\System\OKHrslM.exe
  2⤵
  PID:7564
- C:\Windows\System\zqKubzB.exe
  C:\Windows\System\zqKubzB.exe
  2⤵
  PID:7580
- C:\Windows\System\AbCtFcC.exe
  C:\Windows\System\AbCtFcC.exe
  2⤵
  PID:7596
- C:\Windows\System\kdYFpFn.exe
  C:\Windows\System\kdYFpFn.exe
  2⤵
  PID:7612
- C:\Windows\System\hlnlYIF.exe
  C:\Windows\System\hlnlYIF.exe
  2⤵
  PID:7628
- C:\Windows\System\iueEyCI.exe
  C:\Windows\System\iueEyCI.exe
  2⤵
  PID:7652
- C:\Windows\System\jfsFrAc.exe
  C:\Windows\System\jfsFrAc.exe
  2⤵
  PID:7668
- C:\Windows\System\dsudPNh.exe
  C:\Windows\System\dsudPNh.exe
  2⤵
  PID:7688
- C:\Windows\System\ioiYetg.exe
  C:\Windows\System\ioiYetg.exe
  2⤵
  PID:7716
- C:\Windows\System\JKbRvJZ.exe
  C:\Windows\System\JKbRvJZ.exe
  2⤵
  PID:7768
- C:\Windows\System\xAEzEhm.exe
  C:\Windows\System\xAEzEhm.exe
  2⤵
  PID:7792
- C:\Windows\System\zpTCWfN.exe
  C:\Windows\System\zpTCWfN.exe
  2⤵
  PID:7816
- C:\Windows\System\ZZIqZAq.exe
  C:\Windows\System\ZZIqZAq.exe
  2⤵
  PID:7832
- C:\Windows\System\EgIXFqf.exe
  C:\Windows\System\EgIXFqf.exe
  2⤵
  PID:7856
- C:\Windows\System\tkoYqhX.exe
  C:\Windows\System\tkoYqhX.exe
  2⤵
  PID:7872
- C:\Windows\System\oBXdRxf.exe
  C:\Windows\System\oBXdRxf.exe
  2⤵
  PID:7888
- C:\Windows\System\QDNajcN.exe
  C:\Windows\System\QDNajcN.exe
  2⤵
  PID:7916
- C:\Windows\System\GDxMbyF.exe
  C:\Windows\System\GDxMbyF.exe
  2⤵
  PID:7932
- C:\Windows\System\Twwjjlv.exe
  C:\Windows\System\Twwjjlv.exe
  2⤵
  PID:7948
- C:\Windows\System\USQzyPQ.exe
  C:\Windows\System\USQzyPQ.exe
  2⤵
  PID:7964
- C:\Windows\System\WpQhJmd.exe
  C:\Windows\System\WpQhJmd.exe
  2⤵
  PID:7980
- C:\Windows\System\FqslyRB.exe
  C:\Windows\System\FqslyRB.exe
  2⤵
  PID:7996
- C:\Windows\System\IawYiDZ.exe
  C:\Windows\System\IawYiDZ.exe
  2⤵
  PID:8012
- C:\Windows\System\WmhvlDr.exe
  C:\Windows\System\WmhvlDr.exe
  2⤵
  PID:8028
- C:\Windows\System\NBnorOn.exe
  C:\Windows\System\NBnorOn.exe
  2⤵
  PID:8044
- C:\Windows\System\hPRPrlJ.exe
  C:\Windows\System\hPRPrlJ.exe
  2⤵
  PID:8064
- C:\Windows\System\zWklZMf.exe
  C:\Windows\System\zWklZMf.exe
  2⤵
  PID:8080
- C:\Windows\System\ZOuxyIU.exe
  C:\Windows\System\ZOuxyIU.exe
  2⤵
  PID:8104
- C:\Windows\System\OsznzIT.exe
  C:\Windows\System\OsznzIT.exe
  2⤵
  PID:8124
- C:\Windows\System\CMrduvL.exe
  C:\Windows\System\CMrduvL.exe
  2⤵
  PID:8184
- C:\Windows\System\DgIIYud.exe
  C:\Windows\System\DgIIYud.exe
  2⤵
  PID:6960
- C:\Windows\System\QVfsZgE.exe
  C:\Windows\System\QVfsZgE.exe
  2⤵
  PID:7180
- C:\Windows\System\dQUScNF.exe
  C:\Windows\System\dQUScNF.exe
  2⤵
  PID:6816
- C:\Windows\System\RFmjOhD.exe
  C:\Windows\System\RFmjOhD.exe
  2⤵
  PID:7196
- C:\Windows\System\mOwJGBw.exe
  C:\Windows\System\mOwJGBw.exe
  2⤵
  PID:7212
- C:\Windows\System\WKbjsuk.exe
  C:\Windows\System\WKbjsuk.exe
  2⤵
  PID:7280
- C:\Windows\System\hKyymiZ.exe
  C:\Windows\System\hKyymiZ.exe
  2⤵
  PID:7252
- C:\Windows\System\tBkUgKC.exe
  C:\Windows\System\tBkUgKC.exe
  2⤵
  PID:7300
- C:\Windows\System\OFQXnPI.exe
  C:\Windows\System\OFQXnPI.exe
  2⤵
  PID:7348
- C:\Windows\System\avjYRwy.exe
  C:\Windows\System\avjYRwy.exe
  2⤵
  PID:7412
- C:\Windows\System\cWWIvFF.exe
  C:\Windows\System\cWWIvFF.exe
  2⤵
  PID:7480
- C:\Windows\System\cLFUcbP.exe
  C:\Windows\System\cLFUcbP.exe
  2⤵
  PID:7560
- C:\Windows\System\eQbNsWw.exe
  C:\Windows\System\eQbNsWw.exe
  2⤵
  PID:7624
- C:\Windows\System\qbWyXpD.exe
  C:\Windows\System\qbWyXpD.exe
  2⤵
  PID:7276
- C:\Windows\System\BqtcMca.exe
  C:\Windows\System\BqtcMca.exe
  2⤵
  PID:7704
- C:\Windows\System\nfikISF.exe
  C:\Windows\System\nfikISF.exe
  2⤵
  PID:7636
- C:\Windows\System\zsixjZU.exe
  C:\Windows\System\zsixjZU.exe
  2⤵
  PID:7316
- C:\Windows\System\YhRmtlR.exe
  C:\Windows\System\YhRmtlR.exe
  2⤵
  PID:7424
- C:\Windows\System\wiLtcNz.exe
  C:\Windows\System\wiLtcNz.exe
  2⤵
  PID:7640
- C:\Windows\System\brLfvxU.exe
  C:\Windows\System\brLfvxU.exe
  2⤵
  PID:7540
- C:\Windows\System\tCbhyIp.exe
  C:\Windows\System\tCbhyIp.exe
  2⤵
  PID:7532
- C:\Windows\System\NLpDKEu.exe
  C:\Windows\System\NLpDKEu.exe
  2⤵
  PID:7744
- C:\Windows\System\zCKrtcb.exe
  C:\Windows\System\zCKrtcb.exe
  2⤵
  PID:7760
- C:\Windows\System\DfIrcAV.exe
  C:\Windows\System\DfIrcAV.exe
  2⤵
  PID:7788
- C:\Windows\System\rHSjQZa.exe
  C:\Windows\System\rHSjQZa.exe
  2⤵
  PID:7808
- C:\Windows\System\UsERJpG.exe
  C:\Windows\System\UsERJpG.exe
  2⤵
  PID:7908
- C:\Windows\System\RojEQzS.exe
  C:\Windows\System\RojEQzS.exe
  2⤵
  PID:7884
- C:\Windows\System\KcfsLPB.exe
  C:\Windows\System\KcfsLPB.exe
  2⤵
  PID:7972
- C:\Windows\System\FvIEPba.exe
  C:\Windows\System\FvIEPba.exe
  2⤵
  PID:7924
- C:\Windows\System\UzKVgeL.exe
  C:\Windows\System\UzKVgeL.exe
  2⤵
  PID:7956
- C:\Windows\System\fCzEvyE.exe
  C:\Windows\System\fCzEvyE.exe
  2⤵
  PID:8116
- C:\Windows\System\qHyNYjS.exe
  C:\Windows\System\qHyNYjS.exe
  2⤵
  PID:8132
- C:\Windows\System\QYDWliq.exe
  C:\Windows\System\QYDWliq.exe
  2⤵
  PID:7992
- C:\Windows\System\kxNJqcK.exe
  C:\Windows\System\kxNJqcK.exe
  2⤵
  PID:8156
- C:\Windows\System\VfuhXjW.exe
  C:\Windows\System\VfuhXjW.exe
  2⤵
  PID:8160
- C:\Windows\System\VUBvCse.exe
  C:\Windows\System\VUBvCse.exe
  2⤵
  PID:8176
- C:\Windows\System\mIhbkAX.exe
  C:\Windows\System\mIhbkAX.exe
  2⤵
  PID:7208
- C:\Windows\System\fKraWNB.exe
  C:\Windows\System\fKraWNB.exe
  2⤵
  PID:7344
- C:\Windows\System\qTXlboJ.exe
  C:\Windows\System\qTXlboJ.exe
  2⤵
  PID:7696
- C:\Windows\System\gYFKjqj.exe
  C:\Windows\System\gYFKjqj.exe
  2⤵
  PID:7496
- C:\Windows\System\uOQDApc.exe
  C:\Windows\System\uOQDApc.exe
  2⤵
  PID:7740
- C:\Windows\System\bWMnmbi.exe
  C:\Windows\System\bWMnmbi.exe
  2⤵
  PID:7848
- C:\Windows\System\ecnfSCM.exe
  C:\Windows\System\ecnfSCM.exe
  2⤵
  PID:8072
- C:\Windows\System\xLRBqlo.exe
  C:\Windows\System\xLRBqlo.exe
  2⤵
  PID:8144
- C:\Windows\System\nbJNhIx.exe
  C:\Windows\System\nbJNhIx.exe
  2⤵
  PID:6796
- C:\Windows\System\enmAXEO.exe
  C:\Windows\System\enmAXEO.exe
  2⤵
  PID:8172
- C:\Windows\System\FwzUyKY.exe
  C:\Windows\System\FwzUyKY.exe
  2⤵
  PID:7428
- C:\Windows\System\fZlCEFL.exe
  C:\Windows\System\fZlCEFL.exe
  2⤵
  PID:8092
- C:\Windows\System\HuThIFm.exe
  C:\Windows\System\HuThIFm.exe
  2⤵
  PID:7988
- C:\Windows\System\uqAbBuv.exe
  C:\Windows\System\uqAbBuv.exe
  2⤵
  PID:1504
- C:\Windows\System\kkgzsWW.exe
  C:\Windows\System\kkgzsWW.exe
  2⤵
  PID:7340
- C:\Windows\System\hQakenS.exe
  C:\Windows\System\hQakenS.exe
  2⤵
  PID:7732
- C:\Windows\System\worjYAq.exe
  C:\Windows\System\worjYAq.exe
  2⤵
  PID:7604
- C:\Windows\System\kBZbXHq.exe
  C:\Windows\System\kBZbXHq.exe
  2⤵
  PID:7784
- C:\Windows\System\ndsrnBM.exe
  C:\Windows\System\ndsrnBM.exe
  2⤵
  PID:7064
- C:\Windows\System\iSRhEMt.exe
  C:\Windows\System\iSRhEMt.exe
  2⤵
  PID:7864
- C:\Windows\System\alnWBVv.exe
  C:\Windows\System\alnWBVv.exe
  2⤵
  PID:7260
- C:\Windows\System\FAlwjGx.exe
  C:\Windows\System\FAlwjGx.exe
  2⤵
  PID:8040
- C:\Windows\System\TckhNbF.exe
  C:\Windows\System\TckhNbF.exe
  2⤵
  PID:8096
- C:\Windows\System\myMdxcn.exe
  C:\Windows\System\myMdxcn.exe
  2⤵
  PID:7512
- C:\Windows\System\JVpLNkE.exe
  C:\Windows\System\JVpLNkE.exe
  2⤵
  PID:7556
- C:\Windows\System\KQTeMiR.exe
  C:\Windows\System\KQTeMiR.exe
  2⤵
  PID:7648
- C:\Windows\System\icixZIr.exe
  C:\Windows\System\icixZIr.exe
  2⤵
  PID:8112
- C:\Windows\System\uRZwVkP.exe
  C:\Windows\System\uRZwVkP.exe
  2⤵
  PID:7192
- C:\Windows\System\AjrlpBe.exe
  C:\Windows\System\AjrlpBe.exe
  2⤵
  PID:8052
- C:\Windows\System\AQqMBvR.exe
  C:\Windows\System\AQqMBvR.exe
  2⤵
  PID:7944
- C:\Windows\System\XTpIqeD.exe
  C:\Windows\System\XTpIqeD.exe
  2⤵
  PID:7844
- C:\Windows\System\XnOjvka.exe
  C:\Windows\System\XnOjvka.exe
  2⤵
  PID:8140
- C:\Windows\System\EfMZDyK.exe
  C:\Windows\System\EfMZDyK.exe
  2⤵
  PID:7312
- C:\Windows\System\WTwvvTc.exe
  C:\Windows\System\WTwvvTc.exe
  2⤵
  PID:7712
- C:\Windows\System\IDFrtul.exe
  C:\Windows\System\IDFrtul.exe
  2⤵
  PID:7204
- C:\Windows\System\CJZOpZt.exe
  C:\Windows\System\CJZOpZt.exe
  2⤵
  PID:7912
- C:\Windows\System\vCPutkd.exe
  C:\Windows\System\vCPutkd.exe
  2⤵
  PID:8020
- C:\Windows\System\vZmANKK.exe
  C:\Windows\System\vZmANKK.exe
  2⤵
  PID:7572
- C:\Windows\System\YhEporH.exe
  C:\Windows\System\YhEporH.exe
  2⤵
  PID:7724
- C:\Windows\System\sObdLri.exe
  C:\Windows\System\sObdLri.exe
  2⤵
  PID:7896
- C:\Windows\System\yWDkQFf.exe
  C:\Windows\System\yWDkQFf.exe
  2⤵
  PID:7708
- C:\Windows\System\fLoRUSk.exe
  C:\Windows\System\fLoRUSk.exe
  2⤵
  PID:7236
- C:\Windows\System\eidVenn.exe
  C:\Windows\System\eidVenn.exe
  2⤵
  PID:7408
- C:\Windows\System\aUXdBLn.exe
  C:\Windows\System\aUXdBLn.exe
  2⤵
  PID:7976
- C:\Windows\System\Nzvxrry.exe
  C:\Windows\System\Nzvxrry.exe
  2⤵
  PID:7028
- C:\Windows\System\AYsdQFE.exe
  C:\Windows\System\AYsdQFE.exe
  2⤵
  PID:7248
- C:\Windows\System\SENDpXY.exe
  C:\Windows\System\SENDpXY.exe
  2⤵
  PID:7552
- C:\Windows\System\zBFPcgo.exe
  C:\Windows\System\zBFPcgo.exe
  2⤵
  PID:8208
- C:\Windows\System\mlOvYZO.exe
  C:\Windows\System\mlOvYZO.exe
  2⤵
  PID:8224
- C:\Windows\System\GojeNir.exe
  C:\Windows\System\GojeNir.exe
  2⤵
  PID:8244
- C:\Windows\System\nNOTvHD.exe
  C:\Windows\System\nNOTvHD.exe
  2⤵
  PID:8260
- C:\Windows\System\CBvKFVZ.exe
  C:\Windows\System\CBvKFVZ.exe
  2⤵
  PID:8284
- C:\Windows\System\npgOHHN.exe
  C:\Windows\System\npgOHHN.exe
  2⤵
  PID:8324
- C:\Windows\System\faMZJhp.exe
  C:\Windows\System\faMZJhp.exe
  2⤵
  PID:8340
- C:\Windows\System\TeAXXhF.exe
  C:\Windows\System\TeAXXhF.exe
  2⤵
  PID:8356
- C:\Windows\System\SuNrtyE.exe
  C:\Windows\System\SuNrtyE.exe
  2⤵
  PID:8372
- C:\Windows\System\iBQCSGr.exe
  C:\Windows\System\iBQCSGr.exe
  2⤵
  PID:8392
- C:\Windows\System\MUXMqsN.exe
  C:\Windows\System\MUXMqsN.exe
  2⤵
  PID:8408
- C:\Windows\System\TbvqjHg.exe
  C:\Windows\System\TbvqjHg.exe
  2⤵
  PID:8424
- C:\Windows\System\iARGcFY.exe
  C:\Windows\System\iARGcFY.exe
  2⤵
  PID:8444
- C:\Windows\System\CgfLDmu.exe
  C:\Windows\System\CgfLDmu.exe
  2⤵
  PID:8460
- C:\Windows\System\SKTdaeh.exe
  C:\Windows\System\SKTdaeh.exe
  2⤵
  PID:8484
- C:\Windows\System\lTuYISE.exe
  C:\Windows\System\lTuYISE.exe
  2⤵
  PID:8500
- C:\Windows\System\wjPjldj.exe
  C:\Windows\System\wjPjldj.exe
  2⤵
  PID:8520
- C:\Windows\System\wUBlyqb.exe
  C:\Windows\System\wUBlyqb.exe
  2⤵
  PID:8536
- C:\Windows\System\lXRCTof.exe
  C:\Windows\System\lXRCTof.exe
  2⤵
  PID:8552
- C:\Windows\System\kaFcrMm.exe
  C:\Windows\System\kaFcrMm.exe
  2⤵
  PID:8608
- C:\Windows\System\nBNETkt.exe
  C:\Windows\System\nBNETkt.exe
  2⤵
  PID:8624
- C:\Windows\System\OuwsKea.exe
  C:\Windows\System\OuwsKea.exe
  2⤵
  PID:8640
- C:\Windows\System\oLctGyH.exe
  C:\Windows\System\oLctGyH.exe
  2⤵
  PID:8656
- C:\Windows\System\ynOWZFA.exe
  C:\Windows\System\ynOWZFA.exe
  2⤵
  PID:8672
- C:\Windows\System\UZmklBs.exe
  C:\Windows\System\UZmklBs.exe
  2⤵
  PID:8696
- C:\Windows\System\dDAYldf.exe
  C:\Windows\System\dDAYldf.exe
  2⤵
  PID:8720
- C:\Windows\System\eCjZxtD.exe
  C:\Windows\System\eCjZxtD.exe
  2⤵
  PID:8744
- C:\Windows\System\XVJsWck.exe
  C:\Windows\System\XVJsWck.exe
  2⤵
  PID:8764
- C:\Windows\System\qhzxdiv.exe
  C:\Windows\System\qhzxdiv.exe
  2⤵
  PID:8780
- C:\Windows\System\aFBUGlP.exe
  C:\Windows\System\aFBUGlP.exe
  2⤵
  PID:8808
- C:\Windows\System\rLOyHhl.exe
  C:\Windows\System\rLOyHhl.exe
  2⤵
  PID:8824
- C:\Windows\System\XwhxTyD.exe
  C:\Windows\System\XwhxTyD.exe
  2⤵
  PID:8844
- C:\Windows\System\ybpnVUU.exe
  C:\Windows\System\ybpnVUU.exe
  2⤵
  PID:8860
- C:\Windows\System\NjijbJY.exe
  C:\Windows\System\NjijbJY.exe
  2⤵
  PID:8876
- C:\Windows\System\rfkRIdl.exe
  C:\Windows\System\rfkRIdl.exe
  2⤵
  PID:8900
- C:\Windows\System\GOYfVwk.exe
  C:\Windows\System\GOYfVwk.exe
  2⤵
  PID:8932
- C:\Windows\System\LxjIxUw.exe
  C:\Windows\System\LxjIxUw.exe
  2⤵
  PID:8948
- C:\Windows\System\FmpbzPm.exe
  C:\Windows\System\FmpbzPm.exe
  2⤵
  PID:8964
- C:\Windows\System\TeiHLLi.exe
  C:\Windows\System\TeiHLLi.exe
  2⤵
  PID:8980
- C:\Windows\System\OWaPdZW.exe
  C:\Windows\System\OWaPdZW.exe
  2⤵
  PID:8996
- C:\Windows\System\lPieDuv.exe
  C:\Windows\System\lPieDuv.exe
  2⤵
  PID:9012
- C:\Windows\System\DZclbtx.exe
  C:\Windows\System\DZclbtx.exe
  2⤵
  PID:9028
- C:\Windows\System\loHHHwk.exe
  C:\Windows\System\loHHHwk.exe
  2⤵
  PID:9044
- C:\Windows\System\zbwKzox.exe
  C:\Windows\System\zbwKzox.exe
  2⤵
  PID:9060
- C:\Windows\System\GfcYCKz.exe
  C:\Windows\System\GfcYCKz.exe
  2⤵
  PID:9076
- C:\Windows\System\ooVtpnZ.exe
  C:\Windows\System\ooVtpnZ.exe
  2⤵
  PID:9148
- C:\Windows\System\ISboQJI.exe
  C:\Windows\System\ISboQJI.exe
  2⤵
  PID:9164
- C:\Windows\System\kZQzGoQ.exe
  C:\Windows\System\kZQzGoQ.exe
  2⤵
  PID:9180
- C:\Windows\System\MvKnACS.exe
  C:\Windows\System\MvKnACS.exe
  2⤵
  PID:9200
- C:\Windows\System\bHwGeIY.exe
  C:\Windows\System\bHwGeIY.exe
  2⤵
  PID:7800
- C:\Windows\System\UGfuyUB.exe
  C:\Windows\System\UGfuyUB.exe
  2⤵
  PID:8272
- C:\Windows\System\SxboRSC.exe
  C:\Windows\System\SxboRSC.exe
  2⤵
  PID:8280
- C:\Windows\System\vgfZbar.exe
  C:\Windows\System\vgfZbar.exe
  2⤵
  PID:8300
- C:\Windows\System\TiyAjwE.exe
  C:\Windows\System\TiyAjwE.exe
  2⤵
  PID:8316
- C:\Windows\System\pKTBvvk.exe
  C:\Windows\System\pKTBvvk.exe
  2⤵
  PID:8352
- C:\Windows\System\ERTTQbT.exe
  C:\Windows\System\ERTTQbT.exe
  2⤵
  PID:8440
- C:\Windows\System\dLnxrDX.exe
  C:\Windows\System\dLnxrDX.exe
  2⤵
  PID:8332
- C:\Windows\System\zTQXCcQ.exe
  C:\Windows\System\zTQXCcQ.exe
  2⤵
  PID:8476
- C:\Windows\System\jxJfWXy.exe
  C:\Windows\System\jxJfWXy.exe
  2⤵
  PID:8532
- C:\Windows\System\NLpspzN.exe
  C:\Windows\System\NLpspzN.exe
  2⤵
  PID:8544
- C:\Windows\System\pQaafVI.exe
  C:\Windows\System\pQaafVI.exe
  2⤵
  PID:8568
- C:\Windows\System\uTmkXVx.exe
  C:\Windows\System\uTmkXVx.exe
  2⤵
  PID:8588
- C:\Windows\System\sOloJLa.exe
  C:\Windows\System\sOloJLa.exe
  2⤵
  PID:8620
- C:\Windows\System\jCMdfyr.exe
  C:\Windows\System\jCMdfyr.exe
  2⤵
  PID:8668
- C:\Windows\System\toyNVGs.exe
  C:\Windows\System\toyNVGs.exe
  2⤵
  PID:8652
- C:\Windows\System\wwaydWl.exe
  C:\Windows\System\wwaydWl.exe
  2⤵
  PID:8760
- C:\Windows\System\eWQIgSk.exe
  C:\Windows\System\eWQIgSk.exe
  2⤵
  PID:8688
- C:\Windows\System\lBxpqeL.exe
  C:\Windows\System\lBxpqeL.exe
  2⤵
  PID:8796
- C:\Windows\System\ZuYGkgD.exe
  C:\Windows\System\ZuYGkgD.exe
  2⤵
  PID:8804
- C:\Windows\System\isikWZR.exe
  C:\Windows\System\isikWZR.exe
  2⤵
  PID:8840
- C:\Windows\System\Bkiearr.exe
  C:\Windows\System\Bkiearr.exe
  2⤵
  PID:8888
- C:\Windows\System\uEqbEEY.exe
  C:\Windows\System\uEqbEEY.exe
  2⤵
  PID:8928
- C:\Windows\System\opuRrAQ.exe
  C:\Windows\System\opuRrAQ.exe
  2⤵
  PID:8960
- C:\Windows\System\uOJcrOH.exe
  C:\Windows\System\uOJcrOH.exe
  2⤵
  PID:8992
- C:\Windows\System\GSTyRCl.exe
  C:\Windows\System\GSTyRCl.exe
  2⤵
  PID:9052
- C:\Windows\System\iWnugRI.exe
  C:\Windows\System\iWnugRI.exe
  2⤵
  PID:9092
- C:\Windows\System\CpYYCMp.exe
  C:\Windows\System\CpYYCMp.exe
  2⤵
  PID:9072
- C:\Windows\System\qSLmliT.exe
  C:\Windows\System\qSLmliT.exe
  2⤵
  PID:9120
- C:\Windows\System\oumVfDc.exe
  C:\Windows\System\oumVfDc.exe
  2⤵
  PID:8924
- C:\Windows\System\gvXbbkQ.exe
  C:\Windows\System\gvXbbkQ.exe
  2⤵
  PID:9176
- C:\Windows\System\mUfmYBy.exe
  C:\Windows\System\mUfmYBy.exe
  2⤵
  PID:8164
- C:\Windows\System\vjKsulm.exe
  C:\Windows\System\vjKsulm.exe
  2⤵
  PID:8200
- C:\Windows\System\AzaUAWD.exe
  C:\Windows\System\AzaUAWD.exe
  2⤵
  PID:8348
- C:\Windows\System\ZfLuyUb.exe
  C:\Windows\System\ZfLuyUb.exe
  2⤵
  PID:8368
- C:\Windows\System\mqlwNLi.exe
  C:\Windows\System\mqlwNLi.exe
  2⤵
  PID:8480
- C:\Windows\System\RgeTQDS.exe
  C:\Windows\System\RgeTQDS.exe
  2⤵
  PID:8580
- C:\Windows\System\CQRwpTv.exe
  C:\Windows\System\CQRwpTv.exe
  2⤵
  PID:8468
- C:\Windows\System\iiNCJyK.exe
  C:\Windows\System\iiNCJyK.exe
  2⤵
  PID:8560
- C:\Windows\System\sJuZcdu.exe
  C:\Windows\System\sJuZcdu.exe
  2⤵
  PID:8684
- C:\Windows\System\wuboiro.exe
  C:\Windows\System\wuboiro.exe
  2⤵
  PID:8616
- C:\Windows\System\ZHkYHJO.exe
  C:\Windows\System\ZHkYHJO.exe
  2⤵
  PID:8716
- C:\Windows\System\XUWSOJR.exe
  C:\Windows\System\XUWSOJR.exe
  2⤵
  PID:8912
- C:\Windows\System\ZtiFZNK.exe
  C:\Windows\System\ZtiFZNK.exe
  2⤵
  PID:8736
- C:\Windows\System\cGDXZJA.exe
  C:\Windows\System\cGDXZJA.exe
  2⤵
  PID:8956
- C:\Windows\System\lrdOLWr.exe
  C:\Windows\System\lrdOLWr.exe
  2⤵
  PID:9084
- C:\Windows\System\XECbBcy.exe
  C:\Windows\System\XECbBcy.exe
  2⤵
  PID:9160
- C:\Windows\System\xXsgYoI.exe
  C:\Windows\System\xXsgYoI.exe
  2⤵
  PID:9024
- C:\Windows\System\OluIAAd.exe
  C:\Windows\System\OluIAAd.exe
  2⤵
  PID:9188
- C:\Windows\System\khLSRgx.exe
  C:\Windows\System\khLSRgx.exe
  2⤵
  PID:9116
- C:\Windows\System\bSqfoWZ.exe
  C:\Windows\System\bSqfoWZ.exe
  2⤵
  PID:8432
- C:\Windows\System\MoqRLym.exe
  C:\Windows\System\MoqRLym.exe
  2⤵
  PID:8400
- C:\Windows\System\qYuCPUa.exe
  C:\Windows\System\qYuCPUa.exe
  2⤵
  PID:8364
- C:\Windows\System\yogWRaN.exe
  C:\Windows\System\yogWRaN.exe
  2⤵
  PID:8516
- C:\Windows\System\VMwNXuu.exe
  C:\Windows\System\VMwNXuu.exe
  2⤵
  PID:8756
- C:\Windows\System\yhGphBj.exe
  C:\Windows\System\yhGphBj.exe
  2⤵
  PID:8832
- C:\Windows\System\CgYQCkZ.exe
  C:\Windows\System\CgYQCkZ.exe
  2⤵
  PID:8740
- C:\Windows\System\vNPuFdg.exe
  C:\Windows\System\vNPuFdg.exe
  2⤵
  PID:8600
- C:\Windows\System\vKNxWzs.exe
  C:\Windows\System\vKNxWzs.exe
  2⤵
  PID:9088
- C:\Windows\System\mApcpHW.exe
  C:\Windows\System\mApcpHW.exe
  2⤵
  PID:8420
- C:\Windows\System\FSaMdIl.exe
  C:\Windows\System\FSaMdIl.exe
  2⤵
  PID:8296
- C:\Windows\System\XoEtJYq.exe
  C:\Windows\System\XoEtJYq.exe
  2⤵
  PID:8920
- C:\Windows\System\amgycYY.exe
  C:\Windows\System\amgycYY.exe
  2⤵
  PID:8436
- C:\Windows\System\GlEllIA.exe
  C:\Windows\System\GlEllIA.exe
  2⤵
  PID:9156
- C:\Windows\System\RqeHHgB.exe
  C:\Windows\System\RqeHHgB.exe
  2⤵
  PID:8800
- C:\Windows\System\wCGbpgE.exe
  C:\Windows\System\wCGbpgE.exe
  2⤵
  PID:8584
- C:\Windows\System\VNUvYlt.exe
  C:\Windows\System\VNUvYlt.exe
  2⤵
  PID:8240
- C:\Windows\System\EzbgNMc.exe
  C:\Windows\System\EzbgNMc.exe
  2⤵
  PID:8268
- C:\Windows\System\RnYplJQ.exe
  C:\Windows\System\RnYplJQ.exe
  2⤵
  PID:8220
- C:\Windows\System\uOcSmtK.exe
  C:\Windows\System\uOcSmtK.exe
  2⤵
  PID:9196
- C:\Windows\System\HzHhNxP.exe
  C:\Windows\System\HzHhNxP.exe
  2⤵
  PID:8528
- C:\Windows\System\hmvEeWZ.exe
  C:\Windows\System\hmvEeWZ.exe
  2⤵
  PID:8908
- C:\Windows\System\oUeXPqV.exe
  C:\Windows\System\oUeXPqV.exe
  2⤵
  PID:9004
- C:\Windows\System\BpZLczh.exe
  C:\Windows\System\BpZLczh.exe
  2⤵
  PID:9224
- C:\Windows\System\GasevOw.exe
  C:\Windows\System\GasevOw.exe
  2⤵
  PID:9240
- C:\Windows\System\EQltwwR.exe
  C:\Windows\System\EQltwwR.exe
  2⤵
  PID:9256
- C:\Windows\System\BNaRHWJ.exe
  C:\Windows\System\BNaRHWJ.exe
  2⤵
  PID:9276
- C:\Windows\System\TUDkNmz.exe
  C:\Windows\System\TUDkNmz.exe
  2⤵
  PID:9292
- C:\Windows\System\hEYfkaW.exe
  C:\Windows\System\hEYfkaW.exe
  2⤵
  PID:9316
- C:\Windows\System\xZjmSMa.exe
  C:\Windows\System\xZjmSMa.exe
  2⤵
  PID:9336
- C:\Windows\System\JvDNrdg.exe
  C:\Windows\System\JvDNrdg.exe
  2⤵
  PID:9360
- C:\Windows\System\Aipwbbi.exe
  C:\Windows\System\Aipwbbi.exe
  2⤵
  PID:9376
- C:\Windows\System\tkPtZcV.exe
  C:\Windows\System\tkPtZcV.exe
  2⤵
  PID:9400
- C:\Windows\System\EmlLSFF.exe
  C:\Windows\System\EmlLSFF.exe
  2⤵
  PID:9416
- C:\Windows\System\eibYBqq.exe
  C:\Windows\System\eibYBqq.exe
  2⤵
  PID:9436
- C:\Windows\System\gKVThXx.exe
  C:\Windows\System\gKVThXx.exe
  2⤵
  PID:9452
- C:\Windows\System\BupcLFF.exe
  C:\Windows\System\BupcLFF.exe
  2⤵
  PID:9468
- C:\Windows\System\MuWBCvp.exe
  C:\Windows\System\MuWBCvp.exe
  2⤵
  PID:9504
- C:\Windows\System\zKEHakG.exe
  C:\Windows\System\zKEHakG.exe
  2⤵
  PID:9520
- C:\Windows\System\PGiuMvt.exe
  C:\Windows\System\PGiuMvt.exe
  2⤵
  PID:9536
- C:\Windows\System\iLFQkWi.exe
  C:\Windows\System\iLFQkWi.exe
  2⤵
  PID:9552
- C:\Windows\System\iOtTCRx.exe
  C:\Windows\System\iOtTCRx.exe
  2⤵
  PID:9592
- C:\Windows\System\ctagItq.exe
  C:\Windows\System\ctagItq.exe
  2⤵
  PID:9608
- C:\Windows\System\qCWLDQu.exe
  C:\Windows\System\qCWLDQu.exe
  2⤵
  PID:9644
- C:\Windows\System\YKxKAKU.exe
  C:\Windows\System\YKxKAKU.exe
  2⤵
  PID:9660
- C:\Windows\System\levMXxq.exe
  C:\Windows\System\levMXxq.exe
  2⤵
  PID:9676
- C:\Windows\System\FPMjARB.exe
  C:\Windows\System\FPMjARB.exe
  2⤵
  PID:9692
- C:\Windows\System\dsvBRtM.exe
  C:\Windows\System\dsvBRtM.exe
  2⤵
  PID:9716
- C:\Windows\System\TGASOfq.exe
  C:\Windows\System\TGASOfq.exe
  2⤵
  PID:9732
- C:\Windows\System\xiXLtMv.exe
  C:\Windows\System\xiXLtMv.exe
  2⤵
  PID:9760
- C:\Windows\System\mQLaCPG.exe
  C:\Windows\System\mQLaCPG.exe
  2⤵
  PID:9788
- C:\Windows\System\fVDYqeL.exe
  C:\Windows\System\fVDYqeL.exe
  2⤵
  PID:9808
- C:\Windows\System\hpubcwz.exe
  C:\Windows\System\hpubcwz.exe
  2⤵
  PID:9824
- C:\Windows\System\jbZJQgc.exe
  C:\Windows\System\jbZJQgc.exe
  2⤵
  PID:9844
- C:\Windows\System\CQcklzs.exe
  C:\Windows\System\CQcklzs.exe
  2⤵
  PID:9868
- C:\Windows\System\GSAuVFh.exe
  C:\Windows\System\GSAuVFh.exe
  2⤵
  PID:9884
- C:\Windows\System\pUvIXyj.exe
  C:\Windows\System\pUvIXyj.exe
  2⤵
  PID:9900
- C:\Windows\System\hNTxvGk.exe
  C:\Windows\System\hNTxvGk.exe
  2⤵
  PID:9920
- C:\Windows\System\QpHvvkT.exe
  C:\Windows\System\QpHvvkT.exe
  2⤵
  PID:9936
- C:\Windows\System\DLWqOMw.exe
  C:\Windows\System\DLWqOMw.exe
  2⤵
  PID:9952
- C:\Windows\System\qjUCBfV.exe
  C:\Windows\System\qjUCBfV.exe
  2⤵
  PID:9976
- C:\Windows\System\SxysHUs.exe
  C:\Windows\System\SxysHUs.exe
  2⤵
  PID:9992
- C:\Windows\System\oYEOIUS.exe
  C:\Windows\System\oYEOIUS.exe
  2⤵
  PID:10008
- C:\Windows\System\HSNWmqO.exe
  C:\Windows\System\HSNWmqO.exe
  2⤵
  PID:10024
- C:\Windows\System\iPMBzsX.exe
  C:\Windows\System\iPMBzsX.exe
  2⤵
  PID:10068
- C:\Windows\System\RmGpglH.exe
  C:\Windows\System\RmGpglH.exe
  2⤵
  PID:10084
- C:\Windows\System\OEDIChY.exe
  C:\Windows\System\OEDIChY.exe
  2⤵
  PID:10100
- C:\Windows\System\IVQSSWA.exe
  C:\Windows\System\IVQSSWA.exe
  2⤵
  PID:10116
- C:\Windows\System\sWYwfjl.exe
  C:\Windows\System\sWYwfjl.exe
  2⤵
  PID:10140
- C:\Windows\System\FhaqkHh.exe
  C:\Windows\System\FhaqkHh.exe
  2⤵
  PID:10160
- C:\Windows\System\BWJPoRI.exe
  C:\Windows\System\BWJPoRI.exe
  2⤵
  PID:10176
- C:\Windows\System\ywlHQud.exe
  C:\Windows\System\ywlHQud.exe
  2⤵
  PID:10204
- C:\Windows\System\EElXgyk.exe
  C:\Windows\System\EElXgyk.exe
  2⤵
  PID:10220
- C:\Windows\System\WYuxqps.exe
  C:\Windows\System\WYuxqps.exe
  2⤵
  PID:10236
- C:\Windows\System\EGWNpVK.exe
  C:\Windows\System\EGWNpVK.exe
  2⤵
  PID:9300
- C:\Windows\System\DqXugQw.exe
  C:\Windows\System\DqXugQw.exe
  2⤵
  PID:9348
- C:\Windows\System\vTwPQys.exe
  C:\Windows\System\vTwPQys.exe
  2⤵
  PID:9396
- C:\Windows\System\bIeemmC.exe
  C:\Windows\System\bIeemmC.exe
  2⤵
  PID:9460
- C:\Windows\System\HtxJaJt.exe
  C:\Windows\System\HtxJaJt.exe
  2⤵
  PID:9512
- C:\Windows\System\nEojcof.exe
  C:\Windows\System\nEojcof.exe
  2⤵
  PID:8252
- C:\Windows\System\XKlQUUU.exe
  C:\Windows\System\XKlQUUU.exe
  2⤵
  PID:9248
- C:\Windows\System\tBPJIjc.exe
  C:\Windows\System\tBPJIjc.exe
  2⤵
  PID:9324
- C:\Windows\System\lthJrNQ.exe
  C:\Windows\System\lthJrNQ.exe
  2⤵
  PID:9444
- C:\Windows\System\YDqUsYe.exe
  C:\Windows\System\YDqUsYe.exe
  2⤵
  PID:9496
- C:\Windows\System\EiYcJQe.exe
  C:\Windows\System\EiYcJQe.exe
  2⤵
  PID:9544
- C:\Windows\System\fudpOlY.exe
  C:\Windows\System\fudpOlY.exe
  2⤵
  PID:9564
- C:\Windows\System\YAFsVIw.exe
  C:\Windows\System\YAFsVIw.exe
  2⤵
  PID:9580
- C:\Windows\System\ZGtnmLS.exe
  C:\Windows\System\ZGtnmLS.exe
  2⤵
  PID:9624
- C:\Windows\System\FbuDOVI.exe
  C:\Windows\System\FbuDOVI.exe
  2⤵
  PID:9656
- C:\Windows\System\ToOvyOR.exe
  C:\Windows\System\ToOvyOR.exe
  2⤵
  PID:9700
- C:\Windows\System\uUkBkjK.exe
  C:\Windows\System\uUkBkjK.exe
  2⤵
  PID:9724
- C:\Windows\System\HWqpmQk.exe
  C:\Windows\System\HWqpmQk.exe
  2⤵
  PID:9744
- C:\Windows\System\jVhOjAF.exe
  C:\Windows\System\jVhOjAF.exe
  2⤵
  PID:9796
- C:\Windows\System\rwSdryd.exe
  C:\Windows\System\rwSdryd.exe
  2⤵
  PID:9860
- C:\Windows\System\WhdZDKS.exe
  C:\Windows\System\WhdZDKS.exe
  2⤵
  PID:9928
- C:\Windows\System\AXhHOvm.exe
  C:\Windows\System\AXhHOvm.exe
  2⤵
  PID:10000
- C:\Windows\System\HTkRzao.exe
  C:\Windows\System\HTkRzao.exe
  2⤵
  PID:10044
- C:\Windows\System\DXsoefG.exe
  C:\Windows\System\DXsoefG.exe
  2⤵
  PID:10052
- C:\Windows\System\ltzHkrM.exe
  C:\Windows\System\ltzHkrM.exe
  2⤵
  PID:10036
- C:\Windows\System\nHZNDEZ.exe
  C:\Windows\System\nHZNDEZ.exe
  2⤵
  PID:10124
- C:\Windows\System\EnCtsUq.exe
  C:\Windows\System\EnCtsUq.exe
  2⤵
  PID:9908
- C:\Windows\System\uFSwosD.exe
  C:\Windows\System\uFSwosD.exe
  2⤵
  PID:10168
- C:\Windows\System\wTnvHDx.exe
  C:\Windows\System\wTnvHDx.exe
  2⤵
  PID:10212
- C:\Windows\System\hEoNHnT.exe
  C:\Windows\System\hEoNHnT.exe
  2⤵
  PID:9268
- C:\Windows\System\JRDuFSg.exe
  C:\Windows\System\JRDuFSg.exe
  2⤵
  PID:10112
- C:\Windows\System\KLoGJgZ.exe
  C:\Windows\System\KLoGJgZ.exe
  2⤵
  PID:9492
- C:\Windows\System\FiwpmcB.exe
  C:\Windows\System\FiwpmcB.exe
  2⤵
  PID:9328
- C:\Windows\System\otLUxUv.exe
  C:\Windows\System\otLUxUv.exe
  2⤵
  PID:8564
- C:\Windows\System\QhhfwDD.exe
  C:\Windows\System\QhhfwDD.exe
  2⤵
  PID:9636
- C:\Windows\System\vmbYOAb.exe
  C:\Windows\System\vmbYOAb.exe
  2⤵
  PID:10200
- C:\Windows\System\sWQcAMi.exe
  C:\Windows\System\sWQcAMi.exe
  2⤵
  PID:9712
- C:\Windows\System\lbqQaqW.exe
  C:\Windows\System\lbqQaqW.exe
  2⤵
  PID:9308
- C:\Windows\System\sCrZGWW.exe
  C:\Windows\System\sCrZGWW.exe
  2⤵
  PID:9672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BuXUzfD.exe

Filesize
6.0MB

MD5
522bdb015e96ed9d56109a3c39925cfd

SHA1
90f05cef44cf36221370565835031251603db59d

SHA256
7c9941e11bad457b0cba2922aa37670c95e7cb2f36a67129579eade02dafb22b

SHA512
db1ab766f8816224d3dda38cc2ba5424c5d38851545508e8b1a750b9f8360eb74863ed050dbf8b6ef46269f46a5de3a62bfc15b19c4f557aa28f9a8af8653203

Download Submit
C:\Windows\system\DmnQsrD.exe

Filesize
6.0MB

MD5
a87e257a3eea9d028fdf7c5ff3ef1628

SHA1
8cb83f7041f30cb474f2e0d7e6614f7138a5853c

SHA256
a566f60983dab3b0de08904633e7622db67ef0e4676d9858e01899fddde47de8

SHA512
33d0b5040f656edd2bf8f0227fd829f0228be3505ca4102d8136db75406126abd4951bf32f03b7c40bc55cf7f847e597448b93f2fdcb18b353dd7e2653f65a7d

Download Submit
C:\Windows\system\GGybYfB.exe

Filesize
6.0MB

MD5
e11fab8154de7a441b5fbd5450ef6a9d

SHA1
d721608f0c79385832d6fe01983c2ea440c946e4

SHA256
492ed271da4fa818efe5ad6ced759e9e87fdd3fdbda42e23be3b94a48a2795da

SHA512
68fb1b65edce28ba322ba1923bbfa9e444e82b7d65d4c0625876664555aded8c9072a2356af0ac9f1ee85adcf8a39c029b7ef54f76f21250e665eabad5224996

Download Submit
C:\Windows\system\GbBkyGE.exe

Filesize
6.0MB

MD5
a6dfbfc36cb2ea8687625a04d3606503

SHA1
d7ee7e991e246488bc7a554581a3466208cb41fd

SHA256
ca6111a7a69e546f4bd9144464552c043fb42489e9913aa38e346fa1d27c6132

SHA512
38e6586a1250050efea537fd3b08f60dd99fcde3580e08906dc907b13170cd004ec081dcc320a1251655e34f50c5a90cca0703a55b922ff42a8420258febfa7a

Download Submit
C:\Windows\system\GlCNPEN.exe

Filesize
6.0MB

MD5
c934bcf03a454bfb3d4b2be77f309d5c

SHA1
bcad594bf8981bfb4feb280f55ba41e68620e382

SHA256
d9d70e9ef2dfdf764783f4a67edbbdf41ba6a35f5c26e7499afcd0d51881e5bb

SHA512
2eaed441652d16be99bbcfa8a10d744f644539d40d19ba1278ce4f8eb678f2e693ca576756c574ab2ad1aa55046aecb2ecab07b11c8d533746e2871c937dce8d

Download Submit
C:\Windows\system\HEufkJE.exe

Filesize
6.0MB

MD5
fcbcf48f5e2a8735d41e675c3781bf5a

SHA1
80cf255f7e6796195baea0e7d6032e181a07bd0e

SHA256
6de66cc98f2efd6d6d70d7a1cdbae2f83500e4c87916707c9b9173de1c7b6fde

SHA512
3c363d2e5059e04439a5c9c0724a108fa7ae116d982ec16121bef1d2a1bbde767059e6bc5cfe6e7b1ba02d94d539e339121cf14321a7c8f6a1179dcdd15fb0be

Download Submit
C:\Windows\system\HGSruke.exe

Filesize
6.0MB

MD5
4cd7e47b9e0e2c51c02a08bb7b212fb8

SHA1
e2d6629a44de3bf72c71121f8af7521944570f4d

SHA256
af6a3be1ac08e7c3b8024ab83b20facd89e45dab27eb6cc83c32fcf5cc09f303

SHA512
e5d545f6632819fcc6df558488c97960758aba576dadd66e70bc26b23dc3a946f2a2f141b724b12b1ce3f8ab12fb1d2eb25ce4cd17496aae3832fc05d6ee6b1f

Download Submit
C:\Windows\system\IEeEwDO.exe

Filesize
6.0MB

MD5
eb9f822ce647dd127b38e57677689cf3

SHA1
eb8c4d145bd887722a1547a4428c27676313d021

SHA256
08011ccf1d65c21b3babdbe7dd2e396437ae0374974543f7a3aa8d95d19db458

SHA512
6997b912a21be4e295858a935736e159c23c4db06122d4ce575c7b02c567c50be53bc860d600c24528a675bf415c85ed8b9934e0f168724f3cba600462ed37dc

Download Submit
C:\Windows\system\JbCIuKU.exe

Filesize
6.0MB

MD5
7b5ec2910a6e5342849205e6219a6c46

SHA1
1e32505fdd3e7dee9d72fee669c686bc97d47bb4

SHA256
6fdfa7a8509aaca8994339091b43e6bd925c401113df9e3540f7574f3ec43683

SHA512
3f94c7cb97169eb85c95dc4b1f678412fa097515113d5e01bb734c57d9513e9f870dc9e277c4de148b978a19aa78a92476d634394ca5a03f7f32cf7222b65dd0

Download Submit
C:\Windows\system\KOmBmpz.exe

Filesize
6.0MB

MD5
94eade8313281a206bce3542123de9c4

SHA1
206ed20e6d0af7eee911f9ab2e7933d5dd0b3626

SHA256
53ba9ecae3a53fdb5e06e8ffb68fde3fe90c74833d926b7ff9b2dba340d49c14

SHA512
e26cdcf3fedc07bbb452fd7f87b721dc83a619be2623d93164de1834387a8dc4c3beddbc98ef7d1b6cdc9ad3f11ac68a7737befb84ca0c9c14cff3e16819ee2f

Download Submit
C:\Windows\system\NGVdmKo.exe

Filesize
6.0MB

MD5
b13afdde576c7a6cb5bab6b5a58ad31b

SHA1
e3b8bd97635eed77a1edb353df21000e661f932e

SHA256
5b2055778341be97dcfd384d35bed3dd30bd448453ff13e0879e4ce4e519d907

SHA512
408df47d167623e0f997fd2daa7f66c31546029e7de0baadacd04134007c5f0196c7fb3194c3cf3ae7410f76525d2adc5aa5d740f216da4e7cb4cc49f098da45

Download Submit
C:\Windows\system\OupdZRg.exe

Filesize
6.0MB

MD5
a3e2f3b4f5618303f063512a8cb12773

SHA1
b6219b31fad6f7fe2f3950e2375b28f607c58af2

SHA256
2da8ad9db72f570f0b6a4258c757c8f6f621c8cf16446c1cb4fd05a26eda64dc

SHA512
fff3b28f018c1e6fce2be639b15c4b916e8463f3fc2256be2b8829d5116d0f8e426615e5d5e65eff02d288f208322ae86a4dbf0af6d1611a5fbf99ac35a8655d

Download Submit
C:\Windows\system\PqWpiKU.exe

Filesize
6.0MB

MD5
c4d8eda24290f9314bb372e09d354a3b

SHA1
007906196109fffb52ac05dd60244de2e4b2a346

SHA256
337484b800bd0cbf90836071b8b38831e3882ba33530ccf945bf787caa93f3e4

SHA512
a7d4ff27369f141242e5b99c4fab8a528e6871bbc190a2e22c5db49162271e8a0ab3697b771e4dcb0345366f000c156594c33430dbbb50ae2c580a01334da313

Download Submit
C:\Windows\system\TRWGMqi.exe

Filesize
6.0MB

MD5
72abaaeda480fc7d9f61f98f65942abe

SHA1
7379fd4d8ec3d2508518ba46ef8de80083184b32

SHA256
48033e1e6bc85d2b7891d68d996b18ad94aa5f8198c41dbb5509362e1b8758a4

SHA512
4f5e934ad9438850ef8b802f9df6d882da9b0ae63d7ca903e8e6e2cc2b188f9676d559c3a48c5a463d1ff5cfaa8b7d571f5dc7c9dd275b82d28c38c59a783907

Download Submit
C:\Windows\system\WbSFZXu.exe

Filesize
6.0MB

MD5
d2e1f10da27e3b9922edbc502da14e75

SHA1
704d94254c6a7038629361ab70d8cf15fb4caf62

SHA256
eb86d08bc1f1dd71da5c71eb72f455fdfddfc14b3c55aa30c2ef2e71454d6675

SHA512
a12a59143d5bca3ad773c5668807b7f72787350828997824a7d31a8e189e6515bb72c494d266d454722e2462068802115ced455a8ab1717af159d7b1d022ca68

Download Submit
C:\Windows\system\gSxLMhp.exe

Filesize
6.0MB

MD5
a9d9dea35e39b06f23812cf73296d869

SHA1
c4145b5f596fb2ebd76095bfb6524f0da48cf5dc

SHA256
3d6ccf86cac2a974e726d796703d8f7bdf65c95aad10b879b80a2d6b0edcde86

SHA512
9569401fcf2f8432ff5014f9fe40967ab2d52cca42e0e36f60130e96efe177674c203875e4548161a72bdef8d196730f5cec3aa7071939b50413f236fce58d37

Download Submit
C:\Windows\system\gvUUvIt.exe

Filesize
6.0MB

MD5
facdabf9710d725592359836d94053ab

SHA1
7e5181ad34cdac6453d666b4e6950a508e04e5b4

SHA256
247901f073f654bcce5a9df779751a79c1a25527a07d89291df8857d45938cac

SHA512
8ab3f422e529fb02d7d9f0e21c2676796fbcb206e9308b04ed032b23267c46901de54714e674dd6082fa15f11e4150a0e2ba92b391aef9bccb46bbf80cb54206

Download Submit
C:\Windows\system\kGTJTSK.exe

Filesize
6.0MB

MD5
a36689401d562f190ec457a7023ccb09

SHA1
8e24951152055584964bcae702d9168b86b1d7b6

SHA256
2938d1497d4501887983abc5f532c02f1b24fbe78abac0a31b9c88ec15d2d735

SHA512
5f60c94af98fe8be745899b60ab3c82a79cce7316393cbf89c4222217d473e82690265ed8b1ede0b34c2b6c22904e43b72494f31d41750ce6aa57f2996be61da

Download Submit
C:\Windows\system\kSUTcJZ.exe

Filesize
6.0MB

MD5
f48b114e21fcd8aafefc9fe79b262dbd

SHA1
e29c71a7e324921d46401e84abf71a217b103fe1

SHA256
dc72569d5dc01aa3192026826f7df749870cdb2b2e8b0b7468905b65cc29a433

SHA512
03aeb5bf14350a13f8c4c0e2c2b8ceddd961fcd72316e61fa3b1a699cb48c6911022ce8fea929d033ff5565efdae3dad08484016f8f1e225c80a6d144515cf1c

Download Submit
C:\Windows\system\nYpLjfz.exe

Filesize
6.0MB

MD5
29ce3cb309acf42a1e5b9ed31a7f0aeb

SHA1
06818de94c40316771b532ce9ca7d679070b74bf

SHA256
e8594d122ebe7ed92f100309801524b412ef2caa7c0c433189238b781f3b659a

SHA512
106f7c1b5f14eea667a6fae5c268eaa2cb08aeebb055d286ecad5c8cbd2963c41d2eb4943f39e3be7a8c193b77ab6949632e6390785bef109c5831990e20ff25

Download Submit
C:\Windows\system\uNMkSDI.exe

Filesize
6.0MB

MD5
1f27e4ca94289cd482e3cfba51d11254

SHA1
5faec3c12dc2c52c1a8010339372bb89b25799ff

SHA256
6e11db9f093fd3f93b8b99ec91330a2782d5cf70ec0b33fe0cb6e3c5f5fa30d3

SHA512
ecde16262922012d5267b5427b224d51c149cc6dd34bc332dc3080b8be2c97ff214fcb346e5396c49b5f104adc8d3a4acbec2da71a406d1f9aa0ce56682512a1

Download Submit
C:\Windows\system\wORtuoj.exe

Filesize
6.0MB

MD5
1e0e085d80f64cfb023ec969e70dfa6c

SHA1
49c18f8417f74f455d64698ccaf90c61c3a03438

SHA256
81cb477b53535266750268c1ad7498488542d8d7418671bb71fbc8418f63afbd

SHA512
48e8d2f7ea4618a2f3d7de80747a4e7486abcb625ae6f3edc89c8cbdc61b5a04e65a01689eeba6358f0c6251dc6ab549ca20530ec982f7313b79dc2838c9d36c

Download Submit
\Windows\system\EeOKHJW.exe

Filesize
6.0MB

MD5
159dee0b2290bce004bfbcaf77af43be

SHA1
0385908533a7d7b90b15f79dc8467bd785b5ac46

SHA256
6dccd276101352eab9ea58e9a09a5047125b6ce04bf1aacb5c532b87412f51d7

SHA512
6a310ea739911a08cb298ea96b55e2957078d0bfc4011410cc0f54c62e161fa607b2c8a5f7ae9be629623898997246399bb6e756fd418405daa9741dcf3acb71

Download Submit
\Windows\system\FdZkSKw.exe

Filesize
6.0MB

MD5
9b531d12b56deba303317cca49c7b959

SHA1
d5ae46e134e163d2ee0f4b2cd54cd0e185e591b0

SHA256
70224ef1c319eb5ea003d47660910d54b6318f1ebfdbca50cbab1978763dbcc3

SHA512
2dbb0bc64637882a9e77dec911c55b9ca704f2fa4912e110f916369aa28769e4638219a063a3a49429ae1e63c559855e8fbb672199018e8ae77a774057e1d618

Download Submit
\Windows\system\HkNhEoG.exe

Filesize
6.0MB

MD5
5671a698c1e6a27adef430a453de1687

SHA1
1f88fbe598e4cbc7e098681c753ddbb361ca44b7

SHA256
d0bae083ed171184162a8775944d71f075b8e4b49a85c25eff47f083dcad0349

SHA512
9af9a0bef816cb21d9a3987d27571d85e7119d91311acabc7fcc55fd87394fce92523f4ad24bc1193891aa955a8ecac0acbe14f224115f3453e6c53416241b76

Download Submit
\Windows\system\UAUdUoy.exe

Filesize
6.0MB

MD5
1263d17777b2a8443192f1a2c8d64b59

SHA1
d76b55f0fd64297688195286c35df8fc6c51e959

SHA256
b1ccc239ff159abb42dd0b3c1de797d43565b66c7727b6bef6b9c4fca8e5bf7c

SHA512
7eaf58747982e10ccaf4e2c3b0c344f6a7ccaf3262b5260aa1d6e436bca3d46d0178419221548c631927b3ec8775f5c2700140baa4cdd6f6a2d31091d0b34ec5

Download Submit
\Windows\system\dxDxujo.exe

Filesize
6.0MB

MD5
0c4d6360e1a183a83c04ab3be4f53a69

SHA1
f4e21847d06a0c50551b06e42247045961e985d5

SHA256
657829cd3fbd16a1e3726be7552b3169092e2512e4504b8d758eceff2e3ba7f6

SHA512
26ec0dd7eb977f93541cc5797222d93c855707bdafc6ccb1bee1c2979a725e9957ebe01762b7ce77d78ef1318b9014904359f515c7bd480da2743f4b3865bbd4

Download Submit
\Windows\system\jMWpPWl.exe

Filesize
6.0MB

MD5
2ebd333c8b98aefe23131a2be0874347

SHA1
41222af596b1eac14a1d4564a7862c4d9c90f8de

SHA256
2fd46a22ae9fb7a6d1cb18ec81c842d6e4aab0db18592559cf19ddd960625eed

SHA512
3b24fcfe090fac873779f15f7732ba9388974848a7faf8f8e1fefb6e4b5602263fa554a0b362253c44ea5fb4175911145a75fa3f2bc7077c94026bfabdcc6d05

Download Submit
\Windows\system\seVMEkC.exe

Filesize
6.0MB

MD5
a3f54be2053eb879dbf4294ea25a9bfa

SHA1
5b097f1773cd90a6d3848f91921fec5ae0f9f832

SHA256
7616168b551fe71adb531b2b497f7d60f96f01cf637033d28c8e3fde4f601c12

SHA512
4ff3afebc015a4c8fb0f9f410ae588c6be0025190dc3226a0ef253b0b89db7a75bd1f12d70f6370fab8a92e5e9c4554ee94301553b56aa6bfb23fe28e8fb9f05

Download Submit
\Windows\system\sibFZsi.exe

Filesize
6.0MB

MD5
e01676d07ac8818d5d312210fa20ee9b

SHA1
dfc82c5ade072a39b14bd67490e9f667a00c6670

SHA256
fa8ec2663c055d5c847bc17659237888c256977458998d8bb1adcc00d2c16f60

SHA512
2c841731c8b680f607577c8b301639b31567592363f64438b3c893e920fa6da6e8e9ab159dfd170e4a64be2aa32e32942551b886a51ee2b19ef7b3d03b23c1e5

Download Submit
\Windows\system\vvTjYop.exe

Filesize
6.0MB

MD5
ab54bff849052a18720ac783cbe0f40a

SHA1
144d208de26fde9c8415fc80433b667c574e8c27

SHA256
83ba7fb9eb27bcaffc3d1947eb6c4bafbed12727d8de12aa1049c3dfafb73417

SHA512
4d770c3fb97884bed8b67bb27fa1e97cccbb7e7fcca97193538bb0cf4382f463510e7ee20bd2cfbf5ab7b10d786135ab195ad1cbe04ffb9e46758b226dffffbd

Download Submit
\Windows\system\xiwCFmI.exe

Filesize
6.0MB

MD5
008c107114120fc7d4c0c0530a034c3e

SHA1
cb8793eda2010eefacec2c575fea00d4dac85167

SHA256
d821adcd445028d7da9339fdd07068860ce7de4677c362b951cc46917f7a1156

SHA512
265085cd929cf053227792d7967cd510ded0210b62e8c6a43ef1ed0df8b0dd914273e7027ac217d45721bd7575f624725e5e89a3e12dc00ecbf9320e4573a3dd

Download Submit
memory/848-79-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1560-4061-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/1560-94-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/1884-47-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1884-3957-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1936-101-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1936-1159-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1936-4062-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-92-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2064-97-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-1-0x0000000000200000-0x0000000000210000-memory.dmp

Filesize
64KB

Download
memory/2064-0-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2064-84-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2064-7-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2064-77-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2064-352-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2064-387-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2064-71-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2064-40-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2064-52-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-939-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-22-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2064-1418-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2064-105-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2064-454-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2064-32-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2064-35-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2064-51-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2064-60-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2064-56-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2096-45-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2096-4017-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2252-41-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2252-3987-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-85-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2308-452-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2340-14-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2340-3971-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2344-3959-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-18-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-72-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3978-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-87-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-53-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-96-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2692-58-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2700-100-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2700-4031-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2700-61-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3966-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2812-37-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download