cobaltstrike | b6f8e8420b15a68c183c2fe2030d3754b5b83beb7d8a5fe79cb8df9dec5856f4

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23/12/2024, 03:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

4481d4cba2a23246ae320549a249f220
SHA1

4c814de3f1822f4fa6a8b58099775881d28d1ad1
SHA256

b6f8e8420b15a68c183c2fe2030d3754b5b83beb7d8a5fe79cb8df9dec5856f4
SHA512

8a7a9a3176a39c5bd088b6fd3b00c343556f538051b03a3b2e60aeb58043e512b4d57a8cc89fdd4f83251dd70796976f8e573c3e4bcff37e8e0abc0eca06749c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUV:T+q56utgpPF8u/7V

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000e000000013a51-3.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186f8-12.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186f2-11.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018731-23.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018742-29.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001878c-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018bf3-43.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019438-53.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019456-58.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-65.dat	cobalt_reflective_dll
behavioral1/files/0x001700000001866f-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019467-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019506-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962b-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001963b-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e6-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952f-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194fc-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019496-88.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-94.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2384-0-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x000e000000013a51-3.dat	xmrig
behavioral1/files/0x00060000000186f8-12.dat	xmrig
behavioral1/memory/2044-13-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/files/0x00060000000186f2-11.dat	xmrig
behavioral1/memory/2460-22-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2908-17-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018731-23.dat	xmrig
behavioral1/memory/1952-28-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x0006000000018742-29.dat	xmrig
behavioral1/files/0x000700000001878c-39.dat	xmrig
behavioral1/memory/2848-42-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2688-37-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018bf3-43.dat	xmrig
behavioral1/files/0x0007000000019438-53.dat	xmrig
behavioral1/memory/2908-55-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2812-57-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2852-54-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x0005000000019456-58.dat	xmrig
behavioral1/memory/2044-51-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/files/0x000500000001945c-65.dat	xmrig
behavioral1/memory/2688-71-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2560-72-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/1952-66-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2588-64-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2384-44-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x001700000001866f-79.dat	xmrig
behavioral1/memory/2592-81-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x0005000000019467-82.dat	xmrig
behavioral1/files/0x0005000000019506-113.dat	xmrig
behavioral1/files/0x000500000001961f-143.dat	xmrig
behavioral1/files/0x0005000000019625-164.dat	xmrig
behavioral1/files/0x0005000000019629-174.dat	xmrig
behavioral1/memory/1656-611-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2384-593-0x0000000002310000-0x0000000002664000-memory.dmp	xmrig
behavioral1/memory/2384-972-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2560-1344-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2384-667-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2428-605-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2000-601-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x000500000001962b-180.dat	xmrig
behavioral1/files/0x000500000001963b-183.dat	xmrig
behavioral1/files/0x0005000000019627-170.dat	xmrig
behavioral1/files/0x0005000000019623-159.dat	xmrig
behavioral1/files/0x0005000000019621-150.dat	xmrig
behavioral1/files/0x000500000001961d-140.dat	xmrig
behavioral1/files/0x0005000000019622-154.dat	xmrig
behavioral1/files/0x00050000000195a7-129.dat	xmrig
behavioral1/files/0x00050000000195e6-133.dat	xmrig
behavioral1/files/0x000500000001957e-124.dat	xmrig
behavioral1/files/0x000500000001952f-120.dat	xmrig
behavioral1/files/0x00050000000194fc-108.dat	xmrig
behavioral1/files/0x00050000000194d0-100.dat	xmrig
behavioral1/files/0x00050000000194ef-103.dat	xmrig
behavioral1/files/0x0005000000019496-88.dat	xmrig
behavioral1/files/0x00050000000194ad-94.dat	xmrig
behavioral1/memory/2044-4042-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2460-4044-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/1952-4045-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2848-4046-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2688-4047-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2852-4048-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2812-4049-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2588-4050-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2044	akIvuVh.exe
2908	jWESWkm.exe
2460	nSMHapG.exe
1952	pXUDjPZ.exe
2688	vOPwear.exe
2848	Wjjlbqx.exe
2852	XxigYyV.exe
2812	lTywYaJ.exe
2588	VUOoMUj.exe
2560	qGgaYZX.exe
2592	sDIagzw.exe
1656	ziXRcqf.exe
2000	CIGmjcn.exe
2428	wTwfGnb.exe
2340	QWGjVnU.exe
708	zuLHVVV.exe
1552	fXMIqef.exe
2060	RjrRlhW.exe
2080	AeCzcQN.exe
1636	DIUUizT.exe
768	dRnBPYT.exe
1692	ffOcGdg.exe
2276	ufNBQOP.exe
2788	UpEegMr.exe
1504	OZBZZgf.exe
2360	ZfpMIUp.exe
2904	EnvxhOH.exe
2516	NjLJXOK.exe
1188	cGJBjNc.exe
1192	HlVHShC.exe
376	jHKsmgL.exe
328	JfEUTLS.exe
2856	LAFQIzk.exe
1948	VcTqfhq.exe
932	OFZMhhQ.exe
1884	jeAnedu.exe
1712	JuRgXlr.exe
2260	udGNFFg.exe
1732	DHQFaqN.exe
1904	RCTwUDz.exe
3052	YeWNqfr.exe
796	gxwTQgV.exe
1440	wMMjDym.exe
2076	nxwJMvj.exe
568	knjizgq.exe
2248	OAFwMJm.exe
2972	IoEHlWP.exe
696	ZYlAKLA.exe
2284	lKVyHej.exe
912	aWqrges.exe
1936	VvwHrsq.exe
2176	yDUuKft.exe
2272	uclUaYx.exe
1536	EsoBEtb.exe
2088	TWfvqBM.exe
2948	QJqcyIj.exe
2420	cuTEEFD.exe
2768	ATkHKvQ.exe
2720	SdTUmBR.exe
2960	ZtKnREa.exe
2552	FOqHCTx.exe
2092	NvqJwyf.exe
1604	KMSkCyT.exe
2320	wQdahJD.exe

Loads dropped DLL 64 IoCs

pid	Process
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2384-0-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x000e000000013a51-3.dat	upx
behavioral1/files/0x00060000000186f8-12.dat	upx
behavioral1/memory/2044-13-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x00060000000186f2-11.dat	upx
behavioral1/memory/2460-22-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2908-17-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x0006000000018731-23.dat	upx
behavioral1/memory/1952-28-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x0006000000018742-29.dat	upx
behavioral1/files/0x000700000001878c-39.dat	upx
behavioral1/memory/2848-42-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2688-37-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x0007000000018bf3-43.dat	upx
behavioral1/files/0x0007000000019438-53.dat	upx
behavioral1/memory/2908-55-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2812-57-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2852-54-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x0005000000019456-58.dat	upx
behavioral1/memory/2044-51-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x000500000001945c-65.dat	upx
behavioral1/memory/2688-71-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2560-72-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/1952-66-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2588-64-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2384-44-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x001700000001866f-79.dat	upx
behavioral1/memory/2592-81-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x0005000000019467-82.dat	upx
behavioral1/files/0x0005000000019506-113.dat	upx
behavioral1/files/0x000500000001961f-143.dat	upx
behavioral1/files/0x0005000000019625-164.dat	upx
behavioral1/files/0x0005000000019629-174.dat	upx
behavioral1/memory/1656-611-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2560-1344-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2428-605-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2000-601-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x000500000001962b-180.dat	upx
behavioral1/files/0x000500000001963b-183.dat	upx
behavioral1/files/0x0005000000019627-170.dat	upx
behavioral1/files/0x0005000000019623-159.dat	upx
behavioral1/files/0x0005000000019621-150.dat	upx
behavioral1/files/0x000500000001961d-140.dat	upx
behavioral1/files/0x0005000000019622-154.dat	upx
behavioral1/files/0x00050000000195a7-129.dat	upx
behavioral1/files/0x00050000000195e6-133.dat	upx
behavioral1/files/0x000500000001957e-124.dat	upx
behavioral1/files/0x000500000001952f-120.dat	upx
behavioral1/files/0x00050000000194fc-108.dat	upx
behavioral1/files/0x00050000000194d0-100.dat	upx
behavioral1/files/0x00050000000194ef-103.dat	upx
behavioral1/files/0x0005000000019496-88.dat	upx
behavioral1/files/0x00050000000194ad-94.dat	upx
behavioral1/memory/2044-4042-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2460-4044-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/1952-4045-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2848-4046-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2688-4047-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2852-4048-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2812-4049-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2588-4050-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2560-4051-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2592-4052-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/1656-4053-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZfpMIUp.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JDzMCgB.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OuQmatz.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BILbaiY.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDYGviH.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OuGtkBk.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\emgtUPD.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BPfOtBy.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pIIHwJU.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SyBvbKf.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tEIpEzL.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GUohtqE.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JYVFFwK.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DZYoYFf.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdWySxk.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNLbHCK.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TfpmrOv.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lVzJWrB.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWsieoL.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JCzDUmh.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BdPZERW.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IoEHlWP.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QupQePr.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QUioVyp.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fSbdJwC.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oDXhkmA.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hMXnROX.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hmroCAg.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XLAnwVF.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTpIrum.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvSCMdd.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FMZJFQZ.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JqEmnNP.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HZPfxEQ.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tDbqkRD.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RaBMwwC.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oalMQCx.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WBUDzoQ.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZGvTChJ.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpmyYvV.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BcIFVot.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sDIagzw.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BjygWfn.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BbDpiaU.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\goxlJje.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxdJWwI.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBJLopj.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QUNAEuF.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WksURPQ.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JcoZros.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFtAeHc.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RtpXZPE.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PNuoHIG.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RTHSkmk.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\heSyCud.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pTrsVvD.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BOPWeEJ.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XKOHzsw.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KKSAuxc.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SgEqbjF.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jmbsjLw.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bPrQhEs.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jVyQDnX.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FpMbUaF.exe	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2044	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2384 wrote to memory of 2044	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2384 wrote to memory of 2044	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2384 wrote to memory of 2908	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2384 wrote to memory of 2908	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2384 wrote to memory of 2908	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2384 wrote to memory of 2460	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2384 wrote to memory of 2460	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2384 wrote to memory of 2460	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2384 wrote to memory of 1952	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2384 wrote to memory of 1952	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2384 wrote to memory of 1952	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2384 wrote to memory of 2688	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2384 wrote to memory of 2688	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2384 wrote to memory of 2688	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2384 wrote to memory of 2848	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2384 wrote to memory of 2848	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2384 wrote to memory of 2848	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2384 wrote to memory of 2852	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2384 wrote to memory of 2852	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2384 wrote to memory of 2852	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2384 wrote to memory of 2812	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2384 wrote to memory of 2812	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2384 wrote to memory of 2812	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2384 wrote to memory of 2588	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2384 wrote to memory of 2588	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2384 wrote to memory of 2588	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2384 wrote to memory of 2560	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2384 wrote to memory of 2560	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2384 wrote to memory of 2560	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2384 wrote to memory of 2592	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2384 wrote to memory of 2592	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2384 wrote to memory of 2592	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2384 wrote to memory of 1656	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2384 wrote to memory of 1656	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2384 wrote to memory of 1656	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2384 wrote to memory of 2000	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2384 wrote to memory of 2000	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2384 wrote to memory of 2000	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2384 wrote to memory of 2428	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2384 wrote to memory of 2428	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2384 wrote to memory of 2428	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2384 wrote to memory of 2340	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2384 wrote to memory of 2340	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2384 wrote to memory of 2340	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2384 wrote to memory of 708	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2384 wrote to memory of 708	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2384 wrote to memory of 708	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2384 wrote to memory of 1552	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2384 wrote to memory of 1552	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2384 wrote to memory of 1552	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2384 wrote to memory of 2060	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2384 wrote to memory of 2060	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2384 wrote to memory of 2060	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2384 wrote to memory of 2080	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2384 wrote to memory of 2080	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2384 wrote to memory of 2080	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2384 wrote to memory of 1636	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2384 wrote to memory of 1636	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2384 wrote to memory of 1636	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2384 wrote to memory of 768	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2384 wrote to memory of 768	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2384 wrote to memory of 768	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2384 wrote to memory of 1692	2384	2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-23_4481d4cba2a23246ae320549a249f220_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\System\akIvuVh.exe
  C:\Windows\System\akIvuVh.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\jWESWkm.exe
  C:\Windows\System\jWESWkm.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\nSMHapG.exe
  C:\Windows\System\nSMHapG.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\pXUDjPZ.exe
  C:\Windows\System\pXUDjPZ.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\vOPwear.exe
  C:\Windows\System\vOPwear.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\Wjjlbqx.exe
  C:\Windows\System\Wjjlbqx.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\XxigYyV.exe
  C:\Windows\System\XxigYyV.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\lTywYaJ.exe
  C:\Windows\System\lTywYaJ.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\VUOoMUj.exe
  C:\Windows\System\VUOoMUj.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\qGgaYZX.exe
  C:\Windows\System\qGgaYZX.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\sDIagzw.exe
  C:\Windows\System\sDIagzw.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\ziXRcqf.exe
  C:\Windows\System\ziXRcqf.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\CIGmjcn.exe
  C:\Windows\System\CIGmjcn.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\wTwfGnb.exe
  C:\Windows\System\wTwfGnb.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\QWGjVnU.exe
  C:\Windows\System\QWGjVnU.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\zuLHVVV.exe
  C:\Windows\System\zuLHVVV.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\fXMIqef.exe
  C:\Windows\System\fXMIqef.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\RjrRlhW.exe
  C:\Windows\System\RjrRlhW.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\AeCzcQN.exe
  C:\Windows\System\AeCzcQN.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\DIUUizT.exe
  C:\Windows\System\DIUUizT.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\dRnBPYT.exe
  C:\Windows\System\dRnBPYT.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\ffOcGdg.exe
  C:\Windows\System\ffOcGdg.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\ufNBQOP.exe
  C:\Windows\System\ufNBQOP.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\UpEegMr.exe
  C:\Windows\System\UpEegMr.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\OZBZZgf.exe
  C:\Windows\System\OZBZZgf.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\ZfpMIUp.exe
  C:\Windows\System\ZfpMIUp.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\EnvxhOH.exe
  C:\Windows\System\EnvxhOH.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\NjLJXOK.exe
  C:\Windows\System\NjLJXOK.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\cGJBjNc.exe
  C:\Windows\System\cGJBjNc.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\HlVHShC.exe
  C:\Windows\System\HlVHShC.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\jHKsmgL.exe
  C:\Windows\System\jHKsmgL.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\JfEUTLS.exe
  C:\Windows\System\JfEUTLS.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\LAFQIzk.exe
  C:\Windows\System\LAFQIzk.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\VcTqfhq.exe
  C:\Windows\System\VcTqfhq.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\OFZMhhQ.exe
  C:\Windows\System\OFZMhhQ.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\jeAnedu.exe
  C:\Windows\System\jeAnedu.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\JuRgXlr.exe
  C:\Windows\System\JuRgXlr.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\udGNFFg.exe
  C:\Windows\System\udGNFFg.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\DHQFaqN.exe
  C:\Windows\System\DHQFaqN.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\RCTwUDz.exe
  C:\Windows\System\RCTwUDz.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\YeWNqfr.exe
  C:\Windows\System\YeWNqfr.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\gxwTQgV.exe
  C:\Windows\System\gxwTQgV.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\wMMjDym.exe
  C:\Windows\System\wMMjDym.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\nxwJMvj.exe
  C:\Windows\System\nxwJMvj.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\knjizgq.exe
  C:\Windows\System\knjizgq.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\OAFwMJm.exe
  C:\Windows\System\OAFwMJm.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\IoEHlWP.exe
  C:\Windows\System\IoEHlWP.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\ZYlAKLA.exe
  C:\Windows\System\ZYlAKLA.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\lKVyHej.exe
  C:\Windows\System\lKVyHej.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\aWqrges.exe
  C:\Windows\System\aWqrges.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\VvwHrsq.exe
  C:\Windows\System\VvwHrsq.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\yDUuKft.exe
  C:\Windows\System\yDUuKft.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\uclUaYx.exe
  C:\Windows\System\uclUaYx.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\EsoBEtb.exe
  C:\Windows\System\EsoBEtb.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\TWfvqBM.exe
  C:\Windows\System\TWfvqBM.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\QJqcyIj.exe
  C:\Windows\System\QJqcyIj.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\cuTEEFD.exe
  C:\Windows\System\cuTEEFD.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\ATkHKvQ.exe
  C:\Windows\System\ATkHKvQ.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\SdTUmBR.exe
  C:\Windows\System\SdTUmBR.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\ZtKnREa.exe
  C:\Windows\System\ZtKnREa.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\FOqHCTx.exe
  C:\Windows\System\FOqHCTx.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\NvqJwyf.exe
  C:\Windows\System\NvqJwyf.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\wQdahJD.exe
  C:\Windows\System\wQdahJD.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\KMSkCyT.exe
  C:\Windows\System\KMSkCyT.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\FfzxyMq.exe
  C:\Windows\System\FfzxyMq.exe
  2⤵
  PID:2332
- C:\Windows\System\TlYLqyE.exe
  C:\Windows\System\TlYLqyE.exe
  2⤵
  PID:112
- C:\Windows\System\qCUCXwT.exe
  C:\Windows\System\qCUCXwT.exe
  2⤵
  PID:1524
- C:\Windows\System\OsfvamN.exe
  C:\Windows\System\OsfvamN.exe
  2⤵
  PID:2604
- C:\Windows\System\rIgDWPA.exe
  C:\Windows\System\rIgDWPA.exe
  2⤵
  PID:2640
- C:\Windows\System\EFNgsIp.exe
  C:\Windows\System\EFNgsIp.exe
  2⤵
  PID:2524
- C:\Windows\System\jnZOrMG.exe
  C:\Windows\System\jnZOrMG.exe
  2⤵
  PID:1972
- C:\Windows\System\sSEnZWU.exe
  C:\Windows\System\sSEnZWU.exe
  2⤵
  PID:712
- C:\Windows\System\WQXvwqf.exe
  C:\Windows\System\WQXvwqf.exe
  2⤵
  PID:1676
- C:\Windows\System\ffQpXUx.exe
  C:\Windows\System\ffQpXUx.exe
  2⤵
  PID:1680
- C:\Windows\System\bwbzkIY.exe
  C:\Windows\System\bwbzkIY.exe
  2⤵
  PID:684
- C:\Windows\System\xtAsgyR.exe
  C:\Windows\System\xtAsgyR.exe
  2⤵
  PID:1668
- C:\Windows\System\ViVLqjL.exe
  C:\Windows\System\ViVLqjL.exe
  2⤵
  PID:1264
- C:\Windows\System\PEbKTKI.exe
  C:\Windows\System\PEbKTKI.exe
  2⤵
  PID:1220
- C:\Windows\System\QupQePr.exe
  C:\Windows\System\QupQePr.exe
  2⤵
  PID:788
- C:\Windows\System\dTXSqaJ.exe
  C:\Windows\System\dTXSqaJ.exe
  2⤵
  PID:1368
- C:\Windows\System\uScKnOs.exe
  C:\Windows\System\uScKnOs.exe
  2⤵
  PID:2496
- C:\Windows\System\KGGEcoW.exe
  C:\Windows\System\KGGEcoW.exe
  2⤵
  PID:2724
- C:\Windows\System\TxXxrSe.exe
  C:\Windows\System\TxXxrSe.exe
  2⤵
  PID:2084
- C:\Windows\System\RTieNow.exe
  C:\Windows\System\RTieNow.exe
  2⤵
  PID:1584
- C:\Windows\System\JDzMCgB.exe
  C:\Windows\System\JDzMCgB.exe
  2⤵
  PID:1016
- C:\Windows\System\hxdQYyb.exe
  C:\Windows\System\hxdQYyb.exe
  2⤵
  PID:904
- C:\Windows\System\SlWlNNV.exe
  C:\Windows\System\SlWlNNV.exe
  2⤵
  PID:2116
- C:\Windows\System\UciOgdr.exe
  C:\Windows\System\UciOgdr.exe
  2⤵
  PID:1532
- C:\Windows\System\alUOzUg.exe
  C:\Windows\System\alUOzUg.exe
  2⤵
  PID:2952
- C:\Windows\System\fhJNVwC.exe
  C:\Windows\System\fhJNVwC.exe
  2⤵
  PID:2748
- C:\Windows\System\KwnBCla.exe
  C:\Windows\System\KwnBCla.exe
  2⤵
  PID:2656
- C:\Windows\System\LXWBMSx.exe
  C:\Windows\System\LXWBMSx.exe
  2⤵
  PID:2400
- C:\Windows\System\gDADdce.exe
  C:\Windows\System\gDADdce.exe
  2⤵
  PID:2784
- C:\Windows\System\hLeByBl.exe
  C:\Windows\System\hLeByBl.exe
  2⤵
  PID:1316
- C:\Windows\System\ZfnjtwB.exe
  C:\Windows\System\ZfnjtwB.exe
  2⤵
  PID:1672
- C:\Windows\System\DEeXnrU.exe
  C:\Windows\System\DEeXnrU.exe
  2⤵
  PID:276
- C:\Windows\System\ylslMte.exe
  C:\Windows\System\ylslMte.exe
  2⤵
  PID:2512
- C:\Windows\System\VVIccya.exe
  C:\Windows\System\VVIccya.exe
  2⤵
  PID:2424
- C:\Windows\System\ifmvgLG.exe
  C:\Windows\System\ifmvgLG.exe
  2⤵
  PID:1740
- C:\Windows\System\jRvTqeG.exe
  C:\Windows\System\jRvTqeG.exe
  2⤵
  PID:1556
- C:\Windows\System\TBhdfwI.exe
  C:\Windows\System\TBhdfwI.exe
  2⤵
  PID:1940
- C:\Windows\System\kMcMzps.exe
  C:\Windows\System\kMcMzps.exe
  2⤵
  PID:1484
- C:\Windows\System\FgJFrNJ.exe
  C:\Windows\System\FgJFrNJ.exe
  2⤵
  PID:620
- C:\Windows\System\BjygWfn.exe
  C:\Windows\System\BjygWfn.exe
  2⤵
  PID:1468
- C:\Windows\System\WdNmgCK.exe
  C:\Windows\System\WdNmgCK.exe
  2⤵
  PID:844
- C:\Windows\System\ayXgDMY.exe
  C:\Windows\System\ayXgDMY.exe
  2⤵
  PID:2224
- C:\Windows\System\ipiDjBn.exe
  C:\Windows\System\ipiDjBn.exe
  2⤵
  PID:2352
- C:\Windows\System\LkvhOOJ.exe
  C:\Windows\System\LkvhOOJ.exe
  2⤵
  PID:1888
- C:\Windows\System\rjDYzqI.exe
  C:\Windows\System\rjDYzqI.exe
  2⤵
  PID:1544
- C:\Windows\System\uhONjwL.exe
  C:\Windows\System\uhONjwL.exe
  2⤵
  PID:2780
- C:\Windows\System\rOLsCAz.exe
  C:\Windows\System\rOLsCAz.exe
  2⤵
  PID:324
- C:\Windows\System\xCIuHlw.exe
  C:\Windows\System\xCIuHlw.exe
  2⤵
  PID:2596
- C:\Windows\System\bilYlUV.exe
  C:\Windows\System\bilYlUV.exe
  2⤵
  PID:2740
- C:\Windows\System\YfLfFUu.exe
  C:\Windows\System\YfLfFUu.exe
  2⤵
  PID:2328
- C:\Windows\System\AkLGoBo.exe
  C:\Windows\System\AkLGoBo.exe
  2⤵
  PID:2376
- C:\Windows\System\oriJemL.exe
  C:\Windows\System\oriJemL.exe
  2⤵
  PID:1744
- C:\Windows\System\ViUORWX.exe
  C:\Windows\System\ViUORWX.exe
  2⤵
  PID:948
- C:\Windows\System\VGfRbVP.exe
  C:\Windows\System\VGfRbVP.exe
  2⤵
  PID:1728
- C:\Windows\System\cYakypx.exe
  C:\Windows\System\cYakypx.exe
  2⤵
  PID:920
- C:\Windows\System\VvRIEdl.exe
  C:\Windows\System\VvRIEdl.exe
  2⤵
  PID:2564
- C:\Windows\System\mGoyZJX.exe
  C:\Windows\System\mGoyZJX.exe
  2⤵
  PID:2156
- C:\Windows\System\tKfqZtB.exe
  C:\Windows\System\tKfqZtB.exe
  2⤵
  PID:2832
- C:\Windows\System\KnSvuJV.exe
  C:\Windows\System\KnSvuJV.exe
  2⤵
  PID:2168
- C:\Windows\System\ExnhBIY.exe
  C:\Windows\System\ExnhBIY.exe
  2⤵
  PID:484
- C:\Windows\System\heSyCud.exe
  C:\Windows\System\heSyCud.exe
  2⤵
  PID:2892
- C:\Windows\System\RFtAeHc.exe
  C:\Windows\System\RFtAeHc.exe
  2⤵
  PID:1568
- C:\Windows\System\RZNPkim.exe
  C:\Windows\System\RZNPkim.exe
  2⤵
  PID:2804
- C:\Windows\System\CZjeGkZ.exe
  C:\Windows\System\CZjeGkZ.exe
  2⤵
  PID:444
- C:\Windows\System\ENyCSFx.exe
  C:\Windows\System\ENyCSFx.exe
  2⤵
  PID:2868
- C:\Windows\System\PszmFyi.exe
  C:\Windows\System\PszmFyi.exe
  2⤵
  PID:2928
- C:\Windows\System\LLGanhz.exe
  C:\Windows\System\LLGanhz.exe
  2⤵
  PID:2624
- C:\Windows\System\DEXGLda.exe
  C:\Windows\System\DEXGLda.exe
  2⤵
  PID:2700
- C:\Windows\System\UXrrWHk.exe
  C:\Windows\System\UXrrWHk.exe
  2⤵
  PID:2616
- C:\Windows\System\yNLbHCK.exe
  C:\Windows\System\yNLbHCK.exe
  2⤵
  PID:1396
- C:\Windows\System\rHYjjLd.exe
  C:\Windows\System\rHYjjLd.exe
  2⤵
  PID:2392
- C:\Windows\System\RWRnspi.exe
  C:\Windows\System\RWRnspi.exe
  2⤵
  PID:2456
- C:\Windows\System\uORmhmN.exe
  C:\Windows\System\uORmhmN.exe
  2⤵
  PID:3088
- C:\Windows\System\odudOJc.exe
  C:\Windows\System\odudOJc.exe
  2⤵
  PID:3108
- C:\Windows\System\DhkaIoh.exe
  C:\Windows\System\DhkaIoh.exe
  2⤵
  PID:3128
- C:\Windows\System\aYFiAxm.exe
  C:\Windows\System\aYFiAxm.exe
  2⤵
  PID:3144
- C:\Windows\System\dkbJMJH.exe
  C:\Windows\System\dkbJMJH.exe
  2⤵
  PID:3168
- C:\Windows\System\ZYuxZms.exe
  C:\Windows\System\ZYuxZms.exe
  2⤵
  PID:3184
- C:\Windows\System\emgtUPD.exe
  C:\Windows\System\emgtUPD.exe
  2⤵
  PID:3208
- C:\Windows\System\LBsXbia.exe
  C:\Windows\System\LBsXbia.exe
  2⤵
  PID:3224
- C:\Windows\System\bHUElzG.exe
  C:\Windows\System\bHUElzG.exe
  2⤵
  PID:3248
- C:\Windows\System\IFowzpm.exe
  C:\Windows\System\IFowzpm.exe
  2⤵
  PID:3268
- C:\Windows\System\rwXFVyu.exe
  C:\Windows\System\rwXFVyu.exe
  2⤵
  PID:3288
- C:\Windows\System\bZgVZpT.exe
  C:\Windows\System\bZgVZpT.exe
  2⤵
  PID:3304
- C:\Windows\System\SZlpgIT.exe
  C:\Windows\System\SZlpgIT.exe
  2⤵
  PID:3328
- C:\Windows\System\BFwMAgI.exe
  C:\Windows\System\BFwMAgI.exe
  2⤵
  PID:3344
- C:\Windows\System\BOzlPCA.exe
  C:\Windows\System\BOzlPCA.exe
  2⤵
  PID:3368
- C:\Windows\System\OkSvjcg.exe
  C:\Windows\System\OkSvjcg.exe
  2⤵
  PID:3388
- C:\Windows\System\uwbmORX.exe
  C:\Windows\System\uwbmORX.exe
  2⤵
  PID:3408
- C:\Windows\System\zYLjwkg.exe
  C:\Windows\System\zYLjwkg.exe
  2⤵
  PID:3428
- C:\Windows\System\sbgWSXC.exe
  C:\Windows\System\sbgWSXC.exe
  2⤵
  PID:3448
- C:\Windows\System\UaxVvLa.exe
  C:\Windows\System\UaxVvLa.exe
  2⤵
  PID:3464
- C:\Windows\System\JSRbrao.exe
  C:\Windows\System\JSRbrao.exe
  2⤵
  PID:3488
- C:\Windows\System\ToAyWSN.exe
  C:\Windows\System\ToAyWSN.exe
  2⤵
  PID:3508
- C:\Windows\System\rabAUAZ.exe
  C:\Windows\System\rabAUAZ.exe
  2⤵
  PID:3528
- C:\Windows\System\ZdSZbHB.exe
  C:\Windows\System\ZdSZbHB.exe
  2⤵
  PID:3548
- C:\Windows\System\YMYmNIa.exe
  C:\Windows\System\YMYmNIa.exe
  2⤵
  PID:3568
- C:\Windows\System\OeoUZyG.exe
  C:\Windows\System\OeoUZyG.exe
  2⤵
  PID:3584
- C:\Windows\System\MyRICbZ.exe
  C:\Windows\System\MyRICbZ.exe
  2⤵
  PID:3608
- C:\Windows\System\wuaeIMl.exe
  C:\Windows\System\wuaeIMl.exe
  2⤵
  PID:3628
- C:\Windows\System\jMblChx.exe
  C:\Windows\System\jMblChx.exe
  2⤵
  PID:3648
- C:\Windows\System\hFmzmBe.exe
  C:\Windows\System\hFmzmBe.exe
  2⤵
  PID:3664
- C:\Windows\System\BwCcpcb.exe
  C:\Windows\System\BwCcpcb.exe
  2⤵
  PID:3684
- C:\Windows\System\XZcYHNE.exe
  C:\Windows\System\XZcYHNE.exe
  2⤵
  PID:3700
- C:\Windows\System\EXNaEuo.exe
  C:\Windows\System\EXNaEuo.exe
  2⤵
  PID:3728
- C:\Windows\System\uhYkJzW.exe
  C:\Windows\System\uhYkJzW.exe
  2⤵
  PID:3744
- C:\Windows\System\BbDpiaU.exe
  C:\Windows\System\BbDpiaU.exe
  2⤵
  PID:3764
- C:\Windows\System\SpSRKig.exe
  C:\Windows\System\SpSRKig.exe
  2⤵
  PID:3804
- C:\Windows\System\gchrTTn.exe
  C:\Windows\System\gchrTTn.exe
  2⤵
  PID:3820
- C:\Windows\System\uYUiwMO.exe
  C:\Windows\System\uYUiwMO.exe
  2⤵
  PID:3840
- C:\Windows\System\JazURKE.exe
  C:\Windows\System\JazURKE.exe
  2⤵
  PID:3856
- C:\Windows\System\OIcOXGd.exe
  C:\Windows\System\OIcOXGd.exe
  2⤵
  PID:3876
- C:\Windows\System\wFdibfk.exe
  C:\Windows\System\wFdibfk.exe
  2⤵
  PID:3892
- C:\Windows\System\KtaIKIM.exe
  C:\Windows\System\KtaIKIM.exe
  2⤵
  PID:3912
- C:\Windows\System\wJgyAcb.exe
  C:\Windows\System\wJgyAcb.exe
  2⤵
  PID:3936
- C:\Windows\System\xCEHOeP.exe
  C:\Windows\System\xCEHOeP.exe
  2⤵
  PID:3952
- C:\Windows\System\RIlePTh.exe
  C:\Windows\System\RIlePTh.exe
  2⤵
  PID:3968
- C:\Windows\System\RIzhTVZ.exe
  C:\Windows\System\RIzhTVZ.exe
  2⤵
  PID:3984
- C:\Windows\System\pYpCuCb.exe
  C:\Windows\System\pYpCuCb.exe
  2⤵
  PID:4004
- C:\Windows\System\gpeGpUr.exe
  C:\Windows\System\gpeGpUr.exe
  2⤵
  PID:4020
- C:\Windows\System\vkuhrmh.exe
  C:\Windows\System\vkuhrmh.exe
  2⤵
  PID:4064
- C:\Windows\System\DZYoYFf.exe
  C:\Windows\System\DZYoYFf.exe
  2⤵
  PID:4080
- C:\Windows\System\cSSfqQB.exe
  C:\Windows\System\cSSfqQB.exe
  2⤵
  PID:2432
- C:\Windows\System\nrkPbdg.exe
  C:\Windows\System\nrkPbdg.exe
  2⤵
  PID:1868
- C:\Windows\System\bzcaFoy.exe
  C:\Windows\System\bzcaFoy.exe
  2⤵
  PID:1576
- C:\Windows\System\thZnNUo.exe
  C:\Windows\System\thZnNUo.exe
  2⤵
  PID:2896
- C:\Windows\System\yxtpgRP.exe
  C:\Windows\System\yxtpgRP.exe
  2⤵
  PID:3100
- C:\Windows\System\QzSfxIW.exe
  C:\Windows\System\QzSfxIW.exe
  2⤵
  PID:3164
- C:\Windows\System\eZlnMaq.exe
  C:\Windows\System\eZlnMaq.exe
  2⤵
  PID:3204
- C:\Windows\System\JzneXSg.exe
  C:\Windows\System\JzneXSg.exe
  2⤵
  PID:3176
- C:\Windows\System\xVSXPtE.exe
  C:\Windows\System\xVSXPtE.exe
  2⤵
  PID:2544
- C:\Windows\System\irmiRBe.exe
  C:\Windows\System\irmiRBe.exe
  2⤵
  PID:3260
- C:\Windows\System\avhZUKJ.exe
  C:\Windows\System\avhZUKJ.exe
  2⤵
  PID:3320
- C:\Windows\System\HYxuOwu.exe
  C:\Windows\System\HYxuOwu.exe
  2⤵
  PID:3300
- C:\Windows\System\FuPkDbS.exe
  C:\Windows\System\FuPkDbS.exe
  2⤵
  PID:3360
- C:\Windows\System\jmbsjLw.exe
  C:\Windows\System\jmbsjLw.exe
  2⤵
  PID:3404
- C:\Windows\System\RnyYUeu.exe
  C:\Windows\System\RnyYUeu.exe
  2⤵
  PID:3416
- C:\Windows\System\GsVzAFH.exe
  C:\Windows\System\GsVzAFH.exe
  2⤵
  PID:3472
- C:\Windows\System\BGnHKTu.exe
  C:\Windows\System\BGnHKTu.exe
  2⤵
  PID:3460
- C:\Windows\System\ikGsipY.exe
  C:\Windows\System\ikGsipY.exe
  2⤵
  PID:3496
- C:\Windows\System\urWpAJP.exe
  C:\Windows\System\urWpAJP.exe
  2⤵
  PID:3556
- C:\Windows\System\KHOEkrG.exe
  C:\Windows\System\KHOEkrG.exe
  2⤵
  PID:3540
- C:\Windows\System\MzDJYny.exe
  C:\Windows\System\MzDJYny.exe
  2⤵
  PID:3600
- C:\Windows\System\XwMCHEy.exe
  C:\Windows\System\XwMCHEy.exe
  2⤵
  PID:3640
- C:\Windows\System\gYguYQT.exe
  C:\Windows\System\gYguYQT.exe
  2⤵
  PID:3576
- C:\Windows\System\ztAGpFu.exe
  C:\Windows\System\ztAGpFu.exe
  2⤵
  PID:3620
- C:\Windows\System\MjlaTEP.exe
  C:\Windows\System\MjlaTEP.exe
  2⤵
  PID:3692
- C:\Windows\System\zRzTmzw.exe
  C:\Windows\System\zRzTmzw.exe
  2⤵
  PID:3740
- C:\Windows\System\BQBoFit.exe
  C:\Windows\System\BQBoFit.exe
  2⤵
  PID:3784
- C:\Windows\System\tMjHJTb.exe
  C:\Windows\System\tMjHJTb.exe
  2⤵
  PID:3720
- C:\Windows\System\XKUkabS.exe
  C:\Windows\System\XKUkabS.exe
  2⤵
  PID:3996
- C:\Windows\System\hdhiqLc.exe
  C:\Windows\System\hdhiqLc.exe
  2⤵
  PID:3828
- C:\Windows\System\xuryDeA.exe
  C:\Windows\System\xuryDeA.exe
  2⤵
  PID:3908
- C:\Windows\System\ngPcnqW.exe
  C:\Windows\System\ngPcnqW.exe
  2⤵
  PID:4056
- C:\Windows\System\sdwpmDm.exe
  C:\Windows\System\sdwpmDm.exe
  2⤵
  PID:4040
- C:\Windows\System\MPAZnkV.exe
  C:\Windows\System\MPAZnkV.exe
  2⤵
  PID:2520
- C:\Windows\System\sZEYAvC.exe
  C:\Windows\System\sZEYAvC.exe
  2⤵
  PID:2836
- C:\Windows\System\PnxXrwk.exe
  C:\Windows\System\PnxXrwk.exe
  2⤵
  PID:3948
- C:\Windows\System\nfLGZFX.exe
  C:\Windows\System\nfLGZFX.exe
  2⤵
  PID:1428
- C:\Windows\System\ZDkgxZz.exe
  C:\Windows\System\ZDkgxZz.exe
  2⤵
  PID:2468
- C:\Windows\System\qaPbLsQ.exe
  C:\Windows\System\qaPbLsQ.exe
  2⤵
  PID:1916
- C:\Windows\System\pMJlcZK.exe
  C:\Windows\System\pMJlcZK.exe
  2⤵
  PID:2708
- C:\Windows\System\emqXHvk.exe
  C:\Windows\System\emqXHvk.exe
  2⤵
  PID:3116
- C:\Windows\System\HCOxOuJ.exe
  C:\Windows\System\HCOxOuJ.exe
  2⤵
  PID:3192
- C:\Windows\System\gMsdsJC.exe
  C:\Windows\System\gMsdsJC.exe
  2⤵
  PID:3152
- C:\Windows\System\uGkheyT.exe
  C:\Windows\System\uGkheyT.exe
  2⤵
  PID:2652
- C:\Windows\System\FuHLlMj.exe
  C:\Windows\System\FuHLlMj.exe
  2⤵
  PID:3216
- C:\Windows\System\ZQTrTyk.exe
  C:\Windows\System\ZQTrTyk.exe
  2⤵
  PID:2668
- C:\Windows\System\hbMaNiL.exe
  C:\Windows\System\hbMaNiL.exe
  2⤵
  PID:3364
- C:\Windows\System\DbnYChl.exe
  C:\Windows\System\DbnYChl.exe
  2⤵
  PID:3456
- C:\Windows\System\dNlUUKl.exe
  C:\Windows\System\dNlUUKl.exe
  2⤵
  PID:3604
- C:\Windows\System\rBdRqXS.exe
  C:\Windows\System\rBdRqXS.exe
  2⤵
  PID:3420
- C:\Windows\System\xNKgRSB.exe
  C:\Windows\System\xNKgRSB.exe
  2⤵
  PID:3524
- C:\Windows\System\cqRrVtD.exe
  C:\Windows\System\cqRrVtD.exe
  2⤵
  PID:3888
- C:\Windows\System\SBuhRds.exe
  C:\Windows\System\SBuhRds.exe
  2⤵
  PID:3932
- C:\Windows\System\xjbnWCW.exe
  C:\Windows\System\xjbnWCW.exe
  2⤵
  PID:3752
- C:\Windows\System\EThUTbu.exe
  C:\Windows\System\EThUTbu.exe
  2⤵
  PID:3644
- C:\Windows\System\WnjyRLS.exe
  C:\Windows\System\WnjyRLS.exe
  2⤵
  PID:3016
- C:\Windows\System\qTOAWOC.exe
  C:\Windows\System\qTOAWOC.exe
  2⤵
  PID:3816
- C:\Windows\System\xgrNUCV.exe
  C:\Windows\System\xgrNUCV.exe
  2⤵
  PID:4032
- C:\Windows\System\uTgTkOf.exe
  C:\Windows\System\uTgTkOf.exe
  2⤵
  PID:2568
- C:\Windows\System\QUioVyp.exe
  C:\Windows\System\QUioVyp.exe
  2⤵
  PID:4048
- C:\Windows\System\hDoLoPA.exe
  C:\Windows\System\hDoLoPA.exe
  2⤵
  PID:2644
- C:\Windows\System\DsxiNdy.exe
  C:\Windows\System\DsxiNdy.exe
  2⤵
  PID:3220
- C:\Windows\System\glzauQB.exe
  C:\Windows\System\glzauQB.exe
  2⤵
  PID:3200
- C:\Windows\System\WlwXfxh.exe
  C:\Windows\System\WlwXfxh.exe
  2⤵
  PID:3256
- C:\Windows\System\GtddxSh.exe
  C:\Windows\System\GtddxSh.exe
  2⤵
  PID:3080
- C:\Windows\System\goxlJje.exe
  C:\Windows\System\goxlJje.exe
  2⤵
  PID:4076
- C:\Windows\System\KIEETMe.exe
  C:\Windows\System\KIEETMe.exe
  2⤵
  PID:3596
- C:\Windows\System\fPhedCB.exe
  C:\Windows\System\fPhedCB.exe
  2⤵
  PID:3520
- C:\Windows\System\OweCtoG.exe
  C:\Windows\System\OweCtoG.exe
  2⤵
  PID:4000
- C:\Windows\System\ORbcDoU.exe
  C:\Windows\System\ORbcDoU.exe
  2⤵
  PID:3380
- C:\Windows\System\fZNjXEh.exe
  C:\Windows\System\fZNjXEh.exe
  2⤵
  PID:3660
- C:\Windows\System\csNcATe.exe
  C:\Windows\System\csNcATe.exe
  2⤵
  PID:3852
- C:\Windows\System\TPhXpsd.exe
  C:\Windows\System\TPhXpsd.exe
  2⤵
  PID:4088
- C:\Windows\System\poFYUyE.exe
  C:\Windows\System\poFYUyE.exe
  2⤵
  PID:3624
- C:\Windows\System\RjUtyPK.exe
  C:\Windows\System\RjUtyPK.exe
  2⤵
  PID:3976
- C:\Windows\System\XivkzkL.exe
  C:\Windows\System\XivkzkL.exe
  2⤵
  PID:3232
- C:\Windows\System\nsWldfi.exe
  C:\Windows\System\nsWldfi.exe
  2⤵
  PID:3928
- C:\Windows\System\tjEYELr.exe
  C:\Windows\System\tjEYELr.exe
  2⤵
  PID:3900
- C:\Windows\System\bbEtryp.exe
  C:\Windows\System\bbEtryp.exe
  2⤵
  PID:3656
- C:\Windows\System\prfXEoO.exe
  C:\Windows\System\prfXEoO.exe
  2⤵
  PID:3296
- C:\Windows\System\gJwlssH.exe
  C:\Windows\System\gJwlssH.exe
  2⤵
  PID:3736
- C:\Windows\System\OMfttyh.exe
  C:\Windows\System\OMfttyh.exe
  2⤵
  PID:3424
- C:\Windows\System\BjAiQIU.exe
  C:\Windows\System\BjAiQIU.exe
  2⤵
  PID:3544
- C:\Windows\System\WEyLkUf.exe
  C:\Windows\System\WEyLkUf.exe
  2⤵
  PID:3396
- C:\Windows\System\gkPyAwf.exe
  C:\Windows\System\gkPyAwf.exe
  2⤵
  PID:3772
- C:\Windows\System\QjmeyVD.exe
  C:\Windows\System\QjmeyVD.exe
  2⤵
  PID:3716
- C:\Windows\System\oalMQCx.exe
  C:\Windows\System\oalMQCx.exe
  2⤵
  PID:4012
- C:\Windows\System\sqOJyLW.exe
  C:\Windows\System\sqOJyLW.exe
  2⤵
  PID:3240
- C:\Windows\System\qDFsrpA.exe
  C:\Windows\System\qDFsrpA.exe
  2⤵
  PID:2336
- C:\Windows\System\OollYeX.exe
  C:\Windows\System\OollYeX.exe
  2⤵
  PID:3832
- C:\Windows\System\lfrcaPL.exe
  C:\Windows\System\lfrcaPL.exe
  2⤵
  PID:3708
- C:\Windows\System\HFLWTHQ.exe
  C:\Windows\System\HFLWTHQ.exe
  2⤵
  PID:4108
- C:\Windows\System\pYFDzMS.exe
  C:\Windows\System\pYFDzMS.exe
  2⤵
  PID:4124
- C:\Windows\System\tyNznMd.exe
  C:\Windows\System\tyNznMd.exe
  2⤵
  PID:4140
- C:\Windows\System\bOyiQEf.exe
  C:\Windows\System\bOyiQEf.exe
  2⤵
  PID:4156
- C:\Windows\System\JgGmwmc.exe
  C:\Windows\System\JgGmwmc.exe
  2⤵
  PID:4172
- C:\Windows\System\hBuyEKC.exe
  C:\Windows\System\hBuyEKC.exe
  2⤵
  PID:4188
- C:\Windows\System\DbXNceO.exe
  C:\Windows\System\DbXNceO.exe
  2⤵
  PID:4204
- C:\Windows\System\PttnzOB.exe
  C:\Windows\System\PttnzOB.exe
  2⤵
  PID:4220
- C:\Windows\System\LJXTBKd.exe
  C:\Windows\System\LJXTBKd.exe
  2⤵
  PID:4236
- C:\Windows\System\rnoKuif.exe
  C:\Windows\System\rnoKuif.exe
  2⤵
  PID:4252
- C:\Windows\System\ihQAzpR.exe
  C:\Windows\System\ihQAzpR.exe
  2⤵
  PID:4268
- C:\Windows\System\nmaPrEE.exe
  C:\Windows\System\nmaPrEE.exe
  2⤵
  PID:4284
- C:\Windows\System\wvIUXee.exe
  C:\Windows\System\wvIUXee.exe
  2⤵
  PID:4300
- C:\Windows\System\BWejbsn.exe
  C:\Windows\System\BWejbsn.exe
  2⤵
  PID:4316
- C:\Windows\System\ZdNUOVc.exe
  C:\Windows\System\ZdNUOVc.exe
  2⤵
  PID:4412
- C:\Windows\System\SgjASnX.exe
  C:\Windows\System\SgjASnX.exe
  2⤵
  PID:4432
- C:\Windows\System\RZrTEUG.exe
  C:\Windows\System\RZrTEUG.exe
  2⤵
  PID:4452
- C:\Windows\System\BEoWJFN.exe
  C:\Windows\System\BEoWJFN.exe
  2⤵
  PID:4468
- C:\Windows\System\cTNPWSV.exe
  C:\Windows\System\cTNPWSV.exe
  2⤵
  PID:4488
- C:\Windows\System\ACoamDZ.exe
  C:\Windows\System\ACoamDZ.exe
  2⤵
  PID:4504
- C:\Windows\System\BHojvpI.exe
  C:\Windows\System\BHojvpI.exe
  2⤵
  PID:4524
- C:\Windows\System\CrFROIi.exe
  C:\Windows\System\CrFROIi.exe
  2⤵
  PID:4540
- C:\Windows\System\cIxgbAm.exe
  C:\Windows\System\cIxgbAm.exe
  2⤵
  PID:4564
- C:\Windows\System\AfZSicr.exe
  C:\Windows\System\AfZSicr.exe
  2⤵
  PID:4588
- C:\Windows\System\muHngby.exe
  C:\Windows\System\muHngby.exe
  2⤵
  PID:4604
- C:\Windows\System\qPmwOlC.exe
  C:\Windows\System\qPmwOlC.exe
  2⤵
  PID:4620
- C:\Windows\System\orcWJwX.exe
  C:\Windows\System\orcWJwX.exe
  2⤵
  PID:4636
- C:\Windows\System\cvKBcTC.exe
  C:\Windows\System\cvKBcTC.exe
  2⤵
  PID:4652
- C:\Windows\System\nSufUBA.exe
  C:\Windows\System\nSufUBA.exe
  2⤵
  PID:4676
- C:\Windows\System\gNLnoKF.exe
  C:\Windows\System\gNLnoKF.exe
  2⤵
  PID:4700
- C:\Windows\System\EghDTrW.exe
  C:\Windows\System\EghDTrW.exe
  2⤵
  PID:4716
- C:\Windows\System\MHdKwAF.exe
  C:\Windows\System\MHdKwAF.exe
  2⤵
  PID:4748
- C:\Windows\System\WDqHIkf.exe
  C:\Windows\System\WDqHIkf.exe
  2⤵
  PID:4768
- C:\Windows\System\kZYjLVL.exe
  C:\Windows\System\kZYjLVL.exe
  2⤵
  PID:4792
- C:\Windows\System\kfzIsWR.exe
  C:\Windows\System\kfzIsWR.exe
  2⤵
  PID:4812
- C:\Windows\System\bBhQWmD.exe
  C:\Windows\System\bBhQWmD.exe
  2⤵
  PID:4828
- C:\Windows\System\DKtUAiz.exe
  C:\Windows\System\DKtUAiz.exe
  2⤵
  PID:4848
- C:\Windows\System\qZepPWl.exe
  C:\Windows\System\qZepPWl.exe
  2⤵
  PID:4864
- C:\Windows\System\BPfOtBy.exe
  C:\Windows\System\BPfOtBy.exe
  2⤵
  PID:4880
- C:\Windows\System\WeywEeC.exe
  C:\Windows\System\WeywEeC.exe
  2⤵
  PID:4900
- C:\Windows\System\QhskWRh.exe
  C:\Windows\System\QhskWRh.exe
  2⤵
  PID:4916
- C:\Windows\System\tVKPUsP.exe
  C:\Windows\System\tVKPUsP.exe
  2⤵
  PID:4952
- C:\Windows\System\akvMxNq.exe
  C:\Windows\System\akvMxNq.exe
  2⤵
  PID:4972
- C:\Windows\System\ASIzryC.exe
  C:\Windows\System\ASIzryC.exe
  2⤵
  PID:4988
- C:\Windows\System\BFOIlcY.exe
  C:\Windows\System\BFOIlcY.exe
  2⤵
  PID:5004
- C:\Windows\System\XNpDvJO.exe
  C:\Windows\System\XNpDvJO.exe
  2⤵
  PID:5032
- C:\Windows\System\TEpHYbz.exe
  C:\Windows\System\TEpHYbz.exe
  2⤵
  PID:5052
- C:\Windows\System\iYaqzTs.exe
  C:\Windows\System\iYaqzTs.exe
  2⤵
  PID:5068
- C:\Windows\System\mGyGpfj.exe
  C:\Windows\System\mGyGpfj.exe
  2⤵
  PID:5084
- C:\Windows\System\fZRWVFj.exe
  C:\Windows\System\fZRWVFj.exe
  2⤵
  PID:5100
- C:\Windows\System\JJTFBKG.exe
  C:\Windows\System\JJTFBKG.exe
  2⤵
  PID:5116
- C:\Windows\System\cpNzrjB.exe
  C:\Windows\System\cpNzrjB.exe
  2⤵
  PID:4116
- C:\Windows\System\anYoEyF.exe
  C:\Windows\System\anYoEyF.exe
  2⤵
  PID:4184
- C:\Windows\System\AswtFAo.exe
  C:\Windows\System\AswtFAo.exe
  2⤵
  PID:4248
- C:\Windows\System\kWZeNEw.exe
  C:\Windows\System\kWZeNEw.exe
  2⤵
  PID:4344
- C:\Windows\System\QbwCnBk.exe
  C:\Windows\System\QbwCnBk.exe
  2⤵
  PID:4340
- C:\Windows\System\ZMxpROV.exe
  C:\Windows\System\ZMxpROV.exe
  2⤵
  PID:4296
- C:\Windows\System\YfrdGiF.exe
  C:\Windows\System\YfrdGiF.exe
  2⤵
  PID:4352
- C:\Windows\System\xzyQIYo.exe
  C:\Windows\System\xzyQIYo.exe
  2⤵
  PID:4132
- C:\Windows\System\LstxVxq.exe
  C:\Windows\System\LstxVxq.exe
  2⤵
  PID:4364
- C:\Windows\System\dHmSSca.exe
  C:\Windows\System\dHmSSca.exe
  2⤵
  PID:4380
- C:\Windows\System\REDFjll.exe
  C:\Windows\System\REDFjll.exe
  2⤵
  PID:4396
- C:\Windows\System\ZqEeoNJ.exe
  C:\Windows\System\ZqEeoNJ.exe
  2⤵
  PID:1628
- C:\Windows\System\JjfheOV.exe
  C:\Windows\System\JjfheOV.exe
  2⤵
  PID:4356
- C:\Windows\System\ldOxifX.exe
  C:\Windows\System\ldOxifX.exe
  2⤵
  PID:2916
- C:\Windows\System\JBjJsyH.exe
  C:\Windows\System\JBjJsyH.exe
  2⤵
  PID:4516
- C:\Windows\System\HHThMjt.exe
  C:\Windows\System\HHThMjt.exe
  2⤵
  PID:4576
- C:\Windows\System\shCZfmk.exe
  C:\Windows\System\shCZfmk.exe
  2⤵
  PID:4616
- C:\Windows\System\QtaFNZi.exe
  C:\Windows\System\QtaFNZi.exe
  2⤵
  PID:4552
- C:\Windows\System\vRaMCHC.exe
  C:\Windows\System\vRaMCHC.exe
  2⤵
  PID:4692
- C:\Windows\System\leLwfZa.exe
  C:\Windows\System\leLwfZa.exe
  2⤵
  PID:4736
- C:\Windows\System\IxQjSsz.exe
  C:\Windows\System\IxQjSsz.exe
  2⤵
  PID:3780
- C:\Windows\System\KGNbJJD.exe
  C:\Windows\System\KGNbJJD.exe
  2⤵
  PID:4780
- C:\Windows\System\lOYDdYW.exe
  C:\Windows\System\lOYDdYW.exe
  2⤵
  PID:4668
- C:\Windows\System\AMLPoUX.exe
  C:\Windows\System\AMLPoUX.exe
  2⤵
  PID:4548
- C:\Windows\System\LpKzDoi.exe
  C:\Windows\System\LpKzDoi.exe
  2⤵
  PID:4820
- C:\Windows\System\FWioxZP.exe
  C:\Windows\System\FWioxZP.exe
  2⤵
  PID:4764
- C:\Windows\System\GHvtaNu.exe
  C:\Windows\System\GHvtaNu.exe
  2⤵
  PID:4888
- C:\Windows\System\WyJCiMR.exe
  C:\Windows\System\WyJCiMR.exe
  2⤵
  PID:4896
- C:\Windows\System\NuTYmII.exe
  C:\Windows\System\NuTYmII.exe
  2⤵
  PID:4872
- C:\Windows\System\UjlRaeH.exe
  C:\Windows\System\UjlRaeH.exe
  2⤵
  PID:4908
- C:\Windows\System\fHygzCG.exe
  C:\Windows\System\fHygzCG.exe
  2⤵
  PID:4968
- C:\Windows\System\FHRZtMZ.exe
  C:\Windows\System\FHRZtMZ.exe
  2⤵
  PID:4996
- C:\Windows\System\PEsBRUF.exe
  C:\Windows\System\PEsBRUF.exe
  2⤵
  PID:5016
- C:\Windows\System\sfnnKUn.exe
  C:\Windows\System\sfnnKUn.exe
  2⤵
  PID:5096
- C:\Windows\System\QrIkWSf.exe
  C:\Windows\System\QrIkWSf.exe
  2⤵
  PID:792
- C:\Windows\System\sVQvuKo.exe
  C:\Windows\System\sVQvuKo.exe
  2⤵
  PID:5044
- C:\Windows\System\MyFKXFS.exe
  C:\Windows\System\MyFKXFS.exe
  2⤵
  PID:5080
- C:\Windows\System\LCJjMRv.exe
  C:\Windows\System\LCJjMRv.exe
  2⤵
  PID:4152
- C:\Windows\System\SbZAkta.exe
  C:\Windows\System\SbZAkta.exe
  2⤵
  PID:4392
- C:\Windows\System\EDnTGRI.exe
  C:\Windows\System\EDnTGRI.exe
  2⤵
  PID:3724
- C:\Windows\System\ORmuCMH.exe
  C:\Windows\System\ORmuCMH.exe
  2⤵
  PID:1588
- C:\Windows\System\htftdtv.exe
  C:\Windows\System\htftdtv.exe
  2⤵
  PID:4308
- C:\Windows\System\okLMmCY.exe
  C:\Windows\System\okLMmCY.exe
  2⤵
  PID:4444
- C:\Windows\System\SPEwPpY.exe
  C:\Windows\System\SPEwPpY.exe
  2⤵
  PID:4612
- C:\Windows\System\QUpCXhL.exe
  C:\Windows\System\QUpCXhL.exe
  2⤵
  PID:4728
- C:\Windows\System\wgFOrSU.exe
  C:\Windows\System\wgFOrSU.exe
  2⤵
  PID:4600
- C:\Windows\System\OJnDPoo.exe
  C:\Windows\System\OJnDPoo.exe
  2⤵
  PID:4536
- C:\Windows\System\KHCnmhz.exe
  C:\Windows\System\KHCnmhz.exe
  2⤵
  PID:4428
- C:\Windows\System\uPPFDJz.exe
  C:\Windows\System\uPPFDJz.exe
  2⤵
  PID:4932
- C:\Windows\System\cLVmgPB.exe
  C:\Windows\System\cLVmgPB.exe
  2⤵
  PID:5028
- C:\Windows\System\WlhKFBa.exe
  C:\Windows\System\WlhKFBa.exe
  2⤵
  PID:4244
- C:\Windows\System\pNMLaxx.exe
  C:\Windows\System\pNMLaxx.exe
  2⤵
  PID:4804
- C:\Windows\System\UlfNVsz.exe
  C:\Windows\System\UlfNVsz.exe
  2⤵
  PID:4328
- C:\Windows\System\FwwGMUP.exe
  C:\Windows\System\FwwGMUP.exe
  2⤵
  PID:4136
- C:\Windows\System\bhbXLsf.exe
  C:\Windows\System\bhbXLsf.exe
  2⤵
  PID:4724
- C:\Windows\System\qXQVxSk.exe
  C:\Windows\System\qXQVxSk.exe
  2⤵
  PID:5064
- C:\Windows\System\XLAnwVF.exe
  C:\Windows\System\XLAnwVF.exe
  2⤵
  PID:3356
- C:\Windows\System\uWttQzy.exe
  C:\Windows\System\uWttQzy.exe
  2⤵
  PID:5076
- C:\Windows\System\YVAmQZL.exe
  C:\Windows\System\YVAmQZL.exe
  2⤵
  PID:4388
- C:\Windows\System\oTVlFBx.exe
  C:\Windows\System\oTVlFBx.exe
  2⤵
  PID:4480
- C:\Windows\System\ASuFvtt.exe
  C:\Windows\System\ASuFvtt.exe
  2⤵
  PID:1260
- C:\Windows\System\YRpAIMN.exe
  C:\Windows\System\YRpAIMN.exe
  2⤵
  PID:4376
- C:\Windows\System\rIduJqK.exe
  C:\Windows\System\rIduJqK.exe
  2⤵
  PID:4292
- C:\Windows\System\PTEDRYE.exe
  C:\Windows\System\PTEDRYE.exe
  2⤵
  PID:4232
- C:\Windows\System\RqDYpNo.exe
  C:\Windows\System\RqDYpNo.exe
  2⤵
  PID:2196
- C:\Windows\System\ArWLUOw.exe
  C:\Windows\System\ArWLUOw.exe
  2⤵
  PID:4280
- C:\Windows\System\JXCfteS.exe
  C:\Windows\System\JXCfteS.exe
  2⤵
  PID:5012
- C:\Windows\System\iaGTyax.exe
  C:\Windows\System\iaGTyax.exe
  2⤵
  PID:4856
- C:\Windows\System\pgeGJlx.exe
  C:\Windows\System\pgeGJlx.exe
  2⤵
  PID:4836
- C:\Windows\System\XzBnTcF.exe
  C:\Windows\System\XzBnTcF.exe
  2⤵
  PID:4584
- C:\Windows\System\DcecgdS.exe
  C:\Windows\System\DcecgdS.exe
  2⤵
  PID:3788
- C:\Windows\System\ATEoliV.exe
  C:\Windows\System\ATEoliV.exe
  2⤵
  PID:4712
- C:\Windows\System\VYWFEAJ.exe
  C:\Windows\System\VYWFEAJ.exe
  2⤵
  PID:4448
- C:\Windows\System\owQBlAe.exe
  C:\Windows\System\owQBlAe.exe
  2⤵
  PID:4944
- C:\Windows\System\GebvFYm.exe
  C:\Windows\System\GebvFYm.exe
  2⤵
  PID:4948
- C:\Windows\System\rSTzMBo.exe
  C:\Windows\System\rSTzMBo.exe
  2⤵
  PID:1928
- C:\Windows\System\jcWUJUQ.exe
  C:\Windows\System\jcWUJUQ.exe
  2⤵
  PID:4912
- C:\Windows\System\CDKwCTN.exe
  C:\Windows\System\CDKwCTN.exe
  2⤵
  PID:5112
- C:\Windows\System\tVkXHFP.exe
  C:\Windows\System\tVkXHFP.exe
  2⤵
  PID:4348
- C:\Windows\System\hmYlrmW.exe
  C:\Windows\System\hmYlrmW.exe
  2⤵
  PID:4464
- C:\Windows\System\RzeMXxI.exe
  C:\Windows\System\RzeMXxI.exe
  2⤵
  PID:5020
- C:\Windows\System\YPNPlLY.exe
  C:\Windows\System\YPNPlLY.exe
  2⤵
  PID:4228
- C:\Windows\System\DWwIXDj.exe
  C:\Windows\System\DWwIXDj.exe
  2⤵
  PID:4800
- C:\Windows\System\TnWrCgb.exe
  C:\Windows\System\TnWrCgb.exe
  2⤵
  PID:4684
- C:\Windows\System\iOKWcNW.exe
  C:\Windows\System\iOKWcNW.exe
  2⤵
  PID:4776
- C:\Windows\System\gNHTmRM.exe
  C:\Windows\System\gNHTmRM.exe
  2⤵
  PID:5128
- C:\Windows\System\njtnljK.exe
  C:\Windows\System\njtnljK.exe
  2⤵
  PID:5148
- C:\Windows\System\AAvrEGV.exe
  C:\Windows\System\AAvrEGV.exe
  2⤵
  PID:5164
- C:\Windows\System\qbZfZub.exe
  C:\Windows\System\qbZfZub.exe
  2⤵
  PID:5204
- C:\Windows\System\LSKfSgL.exe
  C:\Windows\System\LSKfSgL.exe
  2⤵
  PID:5220
- C:\Windows\System\nNzoRwt.exe
  C:\Windows\System\nNzoRwt.exe
  2⤵
  PID:5236
- C:\Windows\System\jyxYMsc.exe
  C:\Windows\System\jyxYMsc.exe
  2⤵
  PID:5252
- C:\Windows\System\ZcCduUu.exe
  C:\Windows\System\ZcCduUu.exe
  2⤵
  PID:5280
- C:\Windows\System\GLUCKBy.exe
  C:\Windows\System\GLUCKBy.exe
  2⤵
  PID:5296
- C:\Windows\System\YSDySUE.exe
  C:\Windows\System\YSDySUE.exe
  2⤵
  PID:5312
- C:\Windows\System\rYvwydm.exe
  C:\Windows\System\rYvwydm.exe
  2⤵
  PID:5328
- C:\Windows\System\xYMQJzL.exe
  C:\Windows\System\xYMQJzL.exe
  2⤵
  PID:5344
- C:\Windows\System\QwUMply.exe
  C:\Windows\System\QwUMply.exe
  2⤵
  PID:5360
- C:\Windows\System\wuNYeZU.exe
  C:\Windows\System\wuNYeZU.exe
  2⤵
  PID:5376
- C:\Windows\System\YZEypos.exe
  C:\Windows\System\YZEypos.exe
  2⤵
  PID:5392
- C:\Windows\System\RtUDzMF.exe
  C:\Windows\System\RtUDzMF.exe
  2⤵
  PID:5408
- C:\Windows\System\DPTXZbv.exe
  C:\Windows\System\DPTXZbv.exe
  2⤵
  PID:5424
- C:\Windows\System\gCtvnKE.exe
  C:\Windows\System\gCtvnKE.exe
  2⤵
  PID:5440
- C:\Windows\System\OUQVDJR.exe
  C:\Windows\System\OUQVDJR.exe
  2⤵
  PID:5456
- C:\Windows\System\suTzAxH.exe
  C:\Windows\System\suTzAxH.exe
  2⤵
  PID:5472
- C:\Windows\System\oVCQagN.exe
  C:\Windows\System\oVCQagN.exe
  2⤵
  PID:5552
- C:\Windows\System\BMIbuHT.exe
  C:\Windows\System\BMIbuHT.exe
  2⤵
  PID:5568
- C:\Windows\System\DhfAgvF.exe
  C:\Windows\System\DhfAgvF.exe
  2⤵
  PID:5584
- C:\Windows\System\EdWEagW.exe
  C:\Windows\System\EdWEagW.exe
  2⤵
  PID:5600
- C:\Windows\System\QkRcoNO.exe
  C:\Windows\System\QkRcoNO.exe
  2⤵
  PID:5616
- C:\Windows\System\PEfLMDz.exe
  C:\Windows\System\PEfLMDz.exe
  2⤵
  PID:5632
- C:\Windows\System\BYcwkOu.exe
  C:\Windows\System\BYcwkOu.exe
  2⤵
  PID:5648
- C:\Windows\System\wksiOUy.exe
  C:\Windows\System\wksiOUy.exe
  2⤵
  PID:5664
- C:\Windows\System\DpLWUqv.exe
  C:\Windows\System\DpLWUqv.exe
  2⤵
  PID:5680
- C:\Windows\System\YzroxOS.exe
  C:\Windows\System\YzroxOS.exe
  2⤵
  PID:5696
- C:\Windows\System\ExObgcF.exe
  C:\Windows\System\ExObgcF.exe
  2⤵
  PID:5712
- C:\Windows\System\qxRgMEM.exe
  C:\Windows\System\qxRgMEM.exe
  2⤵
  PID:5728
- C:\Windows\System\hXsDTIn.exe
  C:\Windows\System\hXsDTIn.exe
  2⤵
  PID:5744
- C:\Windows\System\pIIHwJU.exe
  C:\Windows\System\pIIHwJU.exe
  2⤵
  PID:5760
- C:\Windows\System\gTQQUVC.exe
  C:\Windows\System\gTQQUVC.exe
  2⤵
  PID:5776
- C:\Windows\System\aFDLeZz.exe
  C:\Windows\System\aFDLeZz.exe
  2⤵
  PID:5808
- C:\Windows\System\cVuMrsp.exe
  C:\Windows\System\cVuMrsp.exe
  2⤵
  PID:5824
- C:\Windows\System\HFtmETc.exe
  C:\Windows\System\HFtmETc.exe
  2⤵
  PID:5892
- C:\Windows\System\oUBbvTK.exe
  C:\Windows\System\oUBbvTK.exe
  2⤵
  PID:5908
- C:\Windows\System\GQoZGam.exe
  C:\Windows\System\GQoZGam.exe
  2⤵
  PID:5924
- C:\Windows\System\NXzJclR.exe
  C:\Windows\System\NXzJclR.exe
  2⤵
  PID:5944
- C:\Windows\System\CZsZucU.exe
  C:\Windows\System\CZsZucU.exe
  2⤵
  PID:5960
- C:\Windows\System\NyzbgsL.exe
  C:\Windows\System\NyzbgsL.exe
  2⤵
  PID:5976
- C:\Windows\System\ZlpwDUZ.exe
  C:\Windows\System\ZlpwDUZ.exe
  2⤵
  PID:5992
- C:\Windows\System\fQyPWBL.exe
  C:\Windows\System\fQyPWBL.exe
  2⤵
  PID:6008
- C:\Windows\System\TglCYbr.exe
  C:\Windows\System\TglCYbr.exe
  2⤵
  PID:6040
- C:\Windows\System\aaIkQZM.exe
  C:\Windows\System\aaIkQZM.exe
  2⤵
  PID:6056
- C:\Windows\System\SBapTTp.exe
  C:\Windows\System\SBapTTp.exe
  2⤵
  PID:6084
- C:\Windows\System\NoFMHfg.exe
  C:\Windows\System\NoFMHfg.exe
  2⤵
  PID:6104
- C:\Windows\System\dAmHkQe.exe
  C:\Windows\System\dAmHkQe.exe
  2⤵
  PID:6128
- C:\Windows\System\hQohpfi.exe
  C:\Windows\System\hQohpfi.exe
  2⤵
  PID:4744
- C:\Windows\System\zaeqPoi.exe
  C:\Windows\System\zaeqPoi.exe
  2⤵
  PID:2316
- C:\Windows\System\LHFycqn.exe
  C:\Windows\System\LHFycqn.exe
  2⤵
  PID:5144
- C:\Windows\System\LwVWXhL.exe
  C:\Windows\System\LwVWXhL.exe
  2⤵
  PID:4648
- C:\Windows\System\ERSISaC.exe
  C:\Windows\System\ERSISaC.exe
  2⤵
  PID:5188
- C:\Windows\System\aFWFvpO.exe
  C:\Windows\System\aFWFvpO.exe
  2⤵
  PID:5228
- C:\Windows\System\KJSestU.exe
  C:\Windows\System\KJSestU.exe
  2⤵
  PID:5268
- C:\Windows\System\YLqoWFm.exe
  C:\Windows\System\YLqoWFm.exe
  2⤵
  PID:1876
- C:\Windows\System\NVifqKz.exe
  C:\Windows\System\NVifqKz.exe
  2⤵
  PID:5336
- C:\Windows\System\AvSCMdd.exe
  C:\Windows\System\AvSCMdd.exe
  2⤵
  PID:5368
- C:\Windows\System\RNGxcoW.exe
  C:\Windows\System\RNGxcoW.exe
  2⤵
  PID:5432
- C:\Windows\System\TfpmrOv.exe
  C:\Windows\System\TfpmrOv.exe
  2⤵
  PID:5244
- C:\Windows\System\rTONDkf.exe
  C:\Windows\System\rTONDkf.exe
  2⤵
  PID:5384
- C:\Windows\System\FMZJFQZ.exe
  C:\Windows\System\FMZJFQZ.exe
  2⤵
  PID:5448
- C:\Windows\System\CTxCXtD.exe
  C:\Windows\System\CTxCXtD.exe
  2⤵
  PID:2216
- C:\Windows\System\cPSLKKJ.exe
  C:\Windows\System\cPSLKKJ.exe
  2⤵
  PID:5496
- C:\Windows\System\IYqkPfr.exe
  C:\Windows\System\IYqkPfr.exe
  2⤵
  PID:5216
- C:\Windows\System\ILtiYEa.exe
  C:\Windows\System\ILtiYEa.exe
  2⤵
  PID:5324
- C:\Windows\System\OuQmatz.exe
  C:\Windows\System\OuQmatz.exe
  2⤵
  PID:5624
- C:\Windows\System\OrlNuGc.exe
  C:\Windows\System\OrlNuGc.exe
  2⤵
  PID:5752
- C:\Windows\System\jkFlTZx.exe
  C:\Windows\System\jkFlTZx.exe
  2⤵
  PID:5608
- C:\Windows\System\zafNdyz.exe
  C:\Windows\System\zafNdyz.exe
  2⤵
  PID:5672
- C:\Windows\System\zOLTuUj.exe
  C:\Windows\System\zOLTuUj.exe
  2⤵
  PID:5768
- C:\Windows\System\FTdgyTZ.exe
  C:\Windows\System\FTdgyTZ.exe
  2⤵
  PID:5856
- C:\Windows\System\dlPtjNH.exe
  C:\Windows\System\dlPtjNH.exe
  2⤵
  PID:5872
- C:\Windows\System\vDwqDlT.exe
  C:\Windows\System\vDwqDlT.exe
  2⤵
  PID:5888
- C:\Windows\System\OdcHvFu.exe
  C:\Windows\System\OdcHvFu.exe
  2⤵
  PID:5740
- C:\Windows\System\xXwmwEa.exe
  C:\Windows\System\xXwmwEa.exe
  2⤵
  PID:5984
- C:\Windows\System\ecEMiwi.exe
  C:\Windows\System\ecEMiwi.exe
  2⤵
  PID:1708
- C:\Windows\System\ohynauv.exe
  C:\Windows\System\ohynauv.exe
  2⤵
  PID:6028
- C:\Windows\System\actGbfY.exe
  C:\Windows\System\actGbfY.exe
  2⤵
  PID:6068
- C:\Windows\System\ufxKQnU.exe
  C:\Windows\System\ufxKQnU.exe
  2⤵
  PID:6080
- C:\Windows\System\hJLVzvC.exe
  C:\Windows\System\hJLVzvC.exe
  2⤵
  PID:6124
- C:\Windows\System\pyIrpju.exe
  C:\Windows\System\pyIrpju.exe
  2⤵
  PID:5904
- C:\Windows\System\FmIpSOc.exe
  C:\Windows\System\FmIpSOc.exe
  2⤵
  PID:5968
- C:\Windows\System\jVPglMa.exe
  C:\Windows\System\jVPglMa.exe
  2⤵
  PID:5200
- C:\Windows\System\ExmRqGH.exe
  C:\Windows\System\ExmRqGH.exe
  2⤵
  PID:5464
- C:\Windows\System\CqGwDiQ.exe
  C:\Windows\System\CqGwDiQ.exe
  2⤵
  PID:5492
- C:\Windows\System\oWhKGJj.exe
  C:\Windows\System\oWhKGJj.exe
  2⤵
  PID:5520
- C:\Windows\System\PSifuLU.exe
  C:\Windows\System\PSifuLU.exe
  2⤵
  PID:5140
- C:\Windows\System\dNMykih.exe
  C:\Windows\System\dNMykih.exe
  2⤵
  PID:5264
- C:\Windows\System\tHTaJQv.exe
  C:\Windows\System\tHTaJQv.exe
  2⤵
  PID:5356
- C:\Windows\System\ivXoOEN.exe
  C:\Windows\System\ivXoOEN.exe
  2⤵
  PID:5596
- C:\Windows\System\LoOBkKG.exe
  C:\Windows\System\LoOBkKG.exe
  2⤵
  PID:5784
- C:\Windows\System\WBUDzoQ.exe
  C:\Windows\System\WBUDzoQ.exe
  2⤵
  PID:5800
- C:\Windows\System\WAmJHCU.exe
  C:\Windows\System\WAmJHCU.exe
  2⤵
  PID:5528
- C:\Windows\System\vQYwPYp.exe
  C:\Windows\System\vQYwPYp.exe
  2⤵
  PID:5536
- C:\Windows\System\RtpXZPE.exe
  C:\Windows\System\RtpXZPE.exe
  2⤵
  PID:5320
- C:\Windows\System\nnVYTLk.exe
  C:\Windows\System\nnVYTLk.exe
  2⤵
  PID:5704
- C:\Windows\System\rnnSKBn.exe
  C:\Windows\System\rnnSKBn.exe
  2⤵
  PID:5852
- C:\Windows\System\oLtNYBn.exe
  C:\Windows\System\oLtNYBn.exe
  2⤵
  PID:5952
- C:\Windows\System\KFQIrQJ.exe
  C:\Windows\System\KFQIrQJ.exe
  2⤵
  PID:6072
- C:\Windows\System\fcpMPiY.exe
  C:\Windows\System\fcpMPiY.exe
  2⤵
  PID:5840
- C:\Windows\System\OKwLxaM.exe
  C:\Windows\System\OKwLxaM.exe
  2⤵
  PID:5420
- C:\Windows\System\SveZBHb.exe
  C:\Windows\System\SveZBHb.exe
  2⤵
  PID:6116
- C:\Windows\System\IdkBhbY.exe
  C:\Windows\System\IdkBhbY.exe
  2⤵
  PID:6004
- C:\Windows\System\YtQVfvi.exe
  C:\Windows\System\YtQVfvi.exe
  2⤵
  PID:6036
- C:\Windows\System\XcztLDI.exe
  C:\Windows\System\XcztLDI.exe
  2⤵
  PID:3836
- C:\Windows\System\yGZFDaK.exe
  C:\Windows\System\yGZFDaK.exe
  2⤵
  PID:1960
- C:\Windows\System\uhnmCHl.exe
  C:\Windows\System\uhnmCHl.exe
  2⤵
  PID:2744
- C:\Windows\System\acqcIAF.exe
  C:\Windows\System\acqcIAF.exe
  2⤵
  PID:5276
- C:\Windows\System\RvwBjNG.exe
  C:\Windows\System\RvwBjNG.exe
  2⤵
  PID:4324
- C:\Windows\System\dQulISw.exe
  C:\Windows\System\dQulISw.exe
  2⤵
  PID:6096
- C:\Windows\System\uTqexUL.exe
  C:\Windows\System\uTqexUL.exe
  2⤵
  PID:5832
- C:\Windows\System\OqSLwXc.exe
  C:\Windows\System\OqSLwXc.exe
  2⤵
  PID:5864
- C:\Windows\System\TvDmEkB.exe
  C:\Windows\System\TvDmEkB.exe
  2⤵
  PID:5656
- C:\Windows\System\QiXURnv.exe
  C:\Windows\System\QiXURnv.exe
  2⤵
  PID:5836
- C:\Windows\System\miebkdM.exe
  C:\Windows\System\miebkdM.exe
  2⤵
  PID:5848
- C:\Windows\System\YOBMVPa.exe
  C:\Windows\System\YOBMVPa.exe
  2⤵
  PID:6064
- C:\Windows\System\nrFkQAt.exe
  C:\Windows\System\nrFkQAt.exe
  2⤵
  PID:6184
- C:\Windows\System\OJyHSTq.exe
  C:\Windows\System\OJyHSTq.exe
  2⤵
  PID:6204
- C:\Windows\System\qscejBm.exe
  C:\Windows\System\qscejBm.exe
  2⤵
  PID:6220
- C:\Windows\System\JszWoKQ.exe
  C:\Windows\System\JszWoKQ.exe
  2⤵
  PID:6240
- C:\Windows\System\zSugStR.exe
  C:\Windows\System\zSugStR.exe
  2⤵
  PID:6256
- C:\Windows\System\rUBWirB.exe
  C:\Windows\System\rUBWirB.exe
  2⤵
  PID:6272
- C:\Windows\System\sJzRanY.exe
  C:\Windows\System\sJzRanY.exe
  2⤵
  PID:6292
- C:\Windows\System\rSmPwll.exe
  C:\Windows\System\rSmPwll.exe
  2⤵
  PID:6308
- C:\Windows\System\lOrDBWP.exe
  C:\Windows\System\lOrDBWP.exe
  2⤵
  PID:6324
- C:\Windows\System\mHnBmOZ.exe
  C:\Windows\System\mHnBmOZ.exe
  2⤵
  PID:6344
- C:\Windows\System\kSDmBWe.exe
  C:\Windows\System\kSDmBWe.exe
  2⤵
  PID:6368
- C:\Windows\System\GVfDBeq.exe
  C:\Windows\System\GVfDBeq.exe
  2⤵
  PID:6388
- C:\Windows\System\dyZxkCm.exe
  C:\Windows\System\dyZxkCm.exe
  2⤵
  PID:6404
- C:\Windows\System\GgIoJII.exe
  C:\Windows\System\GgIoJII.exe
  2⤵
  PID:6420
- C:\Windows\System\SyBvbKf.exe
  C:\Windows\System\SyBvbKf.exe
  2⤵
  PID:6436
- C:\Windows\System\paVPrLV.exe
  C:\Windows\System\paVPrLV.exe
  2⤵
  PID:6452
- C:\Windows\System\lVzJWrB.exe
  C:\Windows\System\lVzJWrB.exe
  2⤵
  PID:6492
- C:\Windows\System\ynGAkZe.exe
  C:\Windows\System\ynGAkZe.exe
  2⤵
  PID:6508
- C:\Windows\System\kqXlrqo.exe
  C:\Windows\System\kqXlrqo.exe
  2⤵
  PID:6544
- C:\Windows\System\laKfPzs.exe
  C:\Windows\System\laKfPzs.exe
  2⤵
  PID:6560
- C:\Windows\System\XgkkxJd.exe
  C:\Windows\System\XgkkxJd.exe
  2⤵
  PID:6576
- C:\Windows\System\MvRkHAl.exe
  C:\Windows\System\MvRkHAl.exe
  2⤵
  PID:6592
- C:\Windows\System\SsRKGdL.exe
  C:\Windows\System\SsRKGdL.exe
  2⤵
  PID:6608
- C:\Windows\System\XtvOMzG.exe
  C:\Windows\System\XtvOMzG.exe
  2⤵
  PID:6624
- C:\Windows\System\DFpnkDS.exe
  C:\Windows\System\DFpnkDS.exe
  2⤵
  PID:6644
- C:\Windows\System\UbTxaOs.exe
  C:\Windows\System\UbTxaOs.exe
  2⤵
  PID:6664
- C:\Windows\System\PMlodVe.exe
  C:\Windows\System\PMlodVe.exe
  2⤵
  PID:6684
- C:\Windows\System\ELJzaTo.exe
  C:\Windows\System\ELJzaTo.exe
  2⤵
  PID:6708
- C:\Windows\System\ZVBCmmy.exe
  C:\Windows\System\ZVBCmmy.exe
  2⤵
  PID:6736
- C:\Windows\System\CnDERyu.exe
  C:\Windows\System\CnDERyu.exe
  2⤵
  PID:6752
- C:\Windows\System\yuhOgTt.exe
  C:\Windows\System\yuhOgTt.exe
  2⤵
  PID:6768
- C:\Windows\System\DchFJCA.exe
  C:\Windows\System\DchFJCA.exe
  2⤵
  PID:6804
- C:\Windows\System\tEIpEzL.exe
  C:\Windows\System\tEIpEzL.exe
  2⤵
  PID:6820
- C:\Windows\System\fnlPppC.exe
  C:\Windows\System\fnlPppC.exe
  2⤵
  PID:6836
- C:\Windows\System\juSmOvL.exe
  C:\Windows\System\juSmOvL.exe
  2⤵
  PID:6852
- C:\Windows\System\WfRWUhA.exe
  C:\Windows\System\WfRWUhA.exe
  2⤵
  PID:6868
- C:\Windows\System\ZVBCOQp.exe
  C:\Windows\System\ZVBCOQp.exe
  2⤵
  PID:6884
- C:\Windows\System\PeVbkok.exe
  C:\Windows\System\PeVbkok.exe
  2⤵
  PID:6900
- C:\Windows\System\Tbsfnpr.exe
  C:\Windows\System\Tbsfnpr.exe
  2⤵
  PID:6916
- C:\Windows\System\jTxnrtt.exe
  C:\Windows\System\jTxnrtt.exe
  2⤵
  PID:6936
- C:\Windows\System\iVkTJnJ.exe
  C:\Windows\System\iVkTJnJ.exe
  2⤵
  PID:6984
- C:\Windows\System\xgdxBFx.exe
  C:\Windows\System\xgdxBFx.exe
  2⤵
  PID:7004
- C:\Windows\System\RZSiwNO.exe
  C:\Windows\System\RZSiwNO.exe
  2⤵
  PID:7020
- C:\Windows\System\rBlKlvT.exe
  C:\Windows\System\rBlKlvT.exe
  2⤵
  PID:7036
- C:\Windows\System\kzvkyuM.exe
  C:\Windows\System\kzvkyuM.exe
  2⤵
  PID:7052
- C:\Windows\System\IPWHBIq.exe
  C:\Windows\System\IPWHBIq.exe
  2⤵
  PID:7068
- C:\Windows\System\GalHVgK.exe
  C:\Windows\System\GalHVgK.exe
  2⤵
  PID:7096
- C:\Windows\System\tahxjek.exe
  C:\Windows\System\tahxjek.exe
  2⤵
  PID:7112
- C:\Windows\System\vGXrWYa.exe
  C:\Windows\System\vGXrWYa.exe
  2⤵
  PID:7128
- C:\Windows\System\FGFKsRz.exe
  C:\Windows\System\FGFKsRz.exe
  2⤵
  PID:7144
- C:\Windows\System\VcgkYLa.exe
  C:\Windows\System\VcgkYLa.exe
  2⤵
  PID:7160
- C:\Windows\System\lVIokwe.exe
  C:\Windows\System\lVIokwe.exe
  2⤵
  PID:5136
- C:\Windows\System\BIRgInW.exe
  C:\Windows\System\BIRgInW.exe
  2⤵
  PID:5404
- C:\Windows\System\UAJtcCW.exe
  C:\Windows\System\UAJtcCW.exe
  2⤵
  PID:6092
- C:\Windows\System\uybJclu.exe
  C:\Windows\System\uybJclu.exe
  2⤵
  PID:5592
- C:\Windows\System\dEcPYMp.exe
  C:\Windows\System\dEcPYMp.exe
  2⤵
  PID:5900
- C:\Windows\System\JqEmnNP.exe
  C:\Windows\System\JqEmnNP.exe
  2⤵
  PID:3036
- C:\Windows\System\NWeJhLD.exe
  C:\Windows\System\NWeJhLD.exe
  2⤵
  PID:3096
- C:\Windows\System\PNuoHIG.exe
  C:\Windows\System\PNuoHIG.exe
  2⤵
  PID:6180
- C:\Windows\System\QdaIHVl.exe
  C:\Windows\System\QdaIHVl.exe
  2⤵
  PID:4532
- C:\Windows\System\vPEVyVn.exe
  C:\Windows\System\vPEVyVn.exe
  2⤵
  PID:2504
- C:\Windows\System\OxcnSnw.exe
  C:\Windows\System\OxcnSnw.exe
  2⤵
  PID:6280
- C:\Windows\System\xSkCEjm.exe
  C:\Windows\System\xSkCEjm.exe
  2⤵
  PID:6192
- C:\Windows\System\Xescthw.exe
  C:\Windows\System\Xescthw.exe
  2⤵
  PID:6400
- C:\Windows\System\cCmUcyX.exe
  C:\Windows\System\cCmUcyX.exe
  2⤵
  PID:6412
- C:\Windows\System\oHKliFG.exe
  C:\Windows\System\oHKliFG.exe
  2⤵
  PID:6444
- C:\Windows\System\mwqfFBI.exe
  C:\Windows\System\mwqfFBI.exe
  2⤵
  PID:6228
- C:\Windows\System\zcWaaIB.exe
  C:\Windows\System\zcWaaIB.exe
  2⤵
  PID:6464
- C:\Windows\System\QLKmlSn.exe
  C:\Windows\System\QLKmlSn.exe
  2⤵
  PID:6516
- C:\Windows\System\OnqwvMX.exe
  C:\Windows\System\OnqwvMX.exe
  2⤵
  PID:6532
- C:\Windows\System\nYwioTo.exe
  C:\Windows\System\nYwioTo.exe
  2⤵
  PID:6572
- C:\Windows\System\CnGsDqp.exe
  C:\Windows\System\CnGsDqp.exe
  2⤵
  PID:6636
- C:\Windows\System\adDmVTu.exe
  C:\Windows\System\adDmVTu.exe
  2⤵
  PID:6716
- C:\Windows\System\RuZXynw.exe
  C:\Windows\System\RuZXynw.exe
  2⤵
  PID:6728
- C:\Windows\System\vjAyoPN.exe
  C:\Windows\System\vjAyoPN.exe
  2⤵
  PID:6500
- C:\Windows\System\oyKwyfw.exe
  C:\Windows\System\oyKwyfw.exe
  2⤵
  PID:6700
- C:\Windows\System\RbZwFNh.exe
  C:\Windows\System\RbZwFNh.exe
  2⤵
  PID:6776
- C:\Windows\System\bVKHsHV.exe
  C:\Windows\System\bVKHsHV.exe
  2⤵
  PID:6792
- C:\Windows\System\vOXInVb.exe
  C:\Windows\System\vOXInVb.exe
  2⤵
  PID:6780
- C:\Windows\System\DVFzEBq.exe
  C:\Windows\System\DVFzEBq.exe
  2⤵
  PID:2372
- C:\Windows\System\RpowXHT.exe
  C:\Windows\System\RpowXHT.exe
  2⤵
  PID:6828
- C:\Windows\System\ujNYHRj.exe
  C:\Windows\System\ujNYHRj.exe
  2⤵
  PID:6844
- C:\Windows\System\rMFyVaR.exe
  C:\Windows\System\rMFyVaR.exe
  2⤵
  PID:6812
- C:\Windows\System\OBmYWIC.exe
  C:\Windows\System\OBmYWIC.exe
  2⤵
  PID:6960
- C:\Windows\System\KgwuBlu.exe
  C:\Windows\System\KgwuBlu.exe
  2⤵
  PID:6972
- C:\Windows\System\sOlvUVs.exe
  C:\Windows\System\sOlvUVs.exe
  2⤵
  PID:2932
- C:\Windows\System\tSwvzMh.exe
  C:\Windows\System\tSwvzMh.exe
  2⤵
  PID:7032
- C:\Windows\System\ANPIXUp.exe
  C:\Windows\System\ANPIXUp.exe
  2⤵
  PID:7140
- C:\Windows\System\LyCaZOp.exe
  C:\Windows\System\LyCaZOp.exe
  2⤵
  PID:7044
- C:\Windows\System\lxqHKXC.exe
  C:\Windows\System\lxqHKXC.exe
  2⤵
  PID:7088
- C:\Windows\System\XiBmIEL.exe
  C:\Windows\System\XiBmIEL.exe
  2⤵
  PID:1292
- C:\Windows\System\paAuQTV.exe
  C:\Windows\System\paAuQTV.exe
  2⤵
  PID:5936
- C:\Windows\System\IiuisBo.exe
  C:\Windows\System\IiuisBo.exe
  2⤵
  PID:5288
- C:\Windows\System\YxhJLNN.exe
  C:\Windows\System\YxhJLNN.exe
  2⤵
  PID:6152
- C:\Windows\System\znARRFp.exe
  C:\Windows\System\znARRFp.exe
  2⤵
  PID:5788
- C:\Windows\System\uZdpCaT.exe
  C:\Windows\System\uZdpCaT.exe
  2⤵
  PID:6352
- C:\Windows\System\AzswMKe.exe
  C:\Windows\System\AzswMKe.exe
  2⤵
  PID:6364
- C:\Windows\System\dDhgtuq.exe
  C:\Windows\System\dDhgtuq.exe
  2⤵
  PID:6396
- C:\Windows\System\tNewqYh.exe
  C:\Windows\System\tNewqYh.exe
  2⤵
  PID:6384
- C:\Windows\System\cxhTePQ.exe
  C:\Windows\System\cxhTePQ.exe
  2⤵
  PID:6472
- C:\Windows\System\sKLBbGO.exe
  C:\Windows\System\sKLBbGO.exe
  2⤵
  PID:6488
- C:\Windows\System\xalMdXm.exe
  C:\Windows\System\xalMdXm.exe
  2⤵
  PID:6232
- C:\Windows\System\sGHituM.exe
  C:\Windows\System\sGHituM.exe
  2⤵
  PID:6632
- C:\Windows\System\TTknoDQ.exe
  C:\Windows\System\TTknoDQ.exe
  2⤵
  PID:6460
- C:\Windows\System\MiRHVfe.exe
  C:\Windows\System\MiRHVfe.exe
  2⤵
  PID:6656
- C:\Windows\System\qSVBfng.exe
  C:\Windows\System\qSVBfng.exe
  2⤵
  PID:4404
- C:\Windows\System\TPnNQEq.exe
  C:\Windows\System\TPnNQEq.exe
  2⤵
  PID:6832
- C:\Windows\System\tCnhRul.exe
  C:\Windows\System\tCnhRul.exe
  2⤵
  PID:6924
- C:\Windows\System\QGDTIcw.exe
  C:\Windows\System\QGDTIcw.exe
  2⤵
  PID:6880
- C:\Windows\System\ybJnhNd.exe
  C:\Windows\System\ybJnhNd.exe
  2⤵
  PID:6968
- C:\Windows\System\oEggLWs.exe
  C:\Windows\System\oEggLWs.exe
  2⤵
  PID:7136
- C:\Windows\System\LXdytGT.exe
  C:\Windows\System\LXdytGT.exe
  2⤵
  PID:7124
- C:\Windows\System\FafYvFs.exe
  C:\Windows\System\FafYvFs.exe
  2⤵
  PID:6020
- C:\Windows\System\cjRyjUG.exe
  C:\Windows\System\cjRyjUG.exe
  2⤵
  PID:5532
- C:\Windows\System\iSAGFzi.exe
  C:\Windows\System\iSAGFzi.exe
  2⤵
  PID:6788
- C:\Windows\System\SWFZIMp.exe
  C:\Windows\System\SWFZIMp.exe
  2⤵
  PID:6248
- C:\Windows\System\KMMQGTh.exe
  C:\Windows\System\KMMQGTh.exe
  2⤵
  PID:6172
- C:\Windows\System\GnECfhV.exe
  C:\Windows\System\GnECfhV.exe
  2⤵
  PID:6212
- C:\Windows\System\YYWFkuI.exe
  C:\Windows\System\YYWFkuI.exe
  2⤵
  PID:6024
- C:\Windows\System\DTGfGxW.exe
  C:\Windows\System\DTGfGxW.exe
  2⤵
  PID:6356
- C:\Windows\System\eyneZjk.exe
  C:\Windows\System\eyneZjk.exe
  2⤵
  PID:6340
- C:\Windows\System\YbyigQg.exe
  C:\Windows\System\YbyigQg.exe
  2⤵
  PID:6332
- C:\Windows\System\WdWySxk.exe
  C:\Windows\System\WdWySxk.exe
  2⤵
  PID:6928
- C:\Windows\System\cApaZdn.exe
  C:\Windows\System\cApaZdn.exe
  2⤵
  PID:7120
- C:\Windows\System\taJgxrm.exe
  C:\Windows\System\taJgxrm.exe
  2⤵
  PID:6468
- C:\Windows\System\dyTQuVh.exe
  C:\Windows\System\dyTQuVh.exe
  2⤵
  PID:5844
- C:\Windows\System\GuNTLsb.exe
  C:\Windows\System\GuNTLsb.exe
  2⤵
  PID:6744
- C:\Windows\System\hlTHmMU.exe
  C:\Windows\System\hlTHmMU.exe
  2⤵
  PID:1432
- C:\Windows\System\qhheHjW.exe
  C:\Windows\System\qhheHjW.exe
  2⤵
  PID:6432
- C:\Windows\System\tcmCzEs.exe
  C:\Windows\System\tcmCzEs.exe
  2⤵
  PID:7180
- C:\Windows\System\XKMXUTp.exe
  C:\Windows\System\XKMXUTp.exe
  2⤵
  PID:7196
- C:\Windows\System\OhbJWFX.exe
  C:\Windows\System\OhbJWFX.exe
  2⤵
  PID:7212
- C:\Windows\System\pTrsVvD.exe
  C:\Windows\System\pTrsVvD.exe
  2⤵
  PID:7228
- C:\Windows\System\jrSoIVG.exe
  C:\Windows\System\jrSoIVG.exe
  2⤵
  PID:7244
- C:\Windows\System\bXOoBih.exe
  C:\Windows\System\bXOoBih.exe
  2⤵
  PID:7260
- C:\Windows\System\sHiqnwr.exe
  C:\Windows\System\sHiqnwr.exe
  2⤵
  PID:7276
- C:\Windows\System\MRJDbyy.exe
  C:\Windows\System\MRJDbyy.exe
  2⤵
  PID:7292
- C:\Windows\System\YAkJPRV.exe
  C:\Windows\System\YAkJPRV.exe
  2⤵
  PID:7308
- C:\Windows\System\laWQEAC.exe
  C:\Windows\System\laWQEAC.exe
  2⤵
  PID:7324
- C:\Windows\System\QBzuzwj.exe
  C:\Windows\System\QBzuzwj.exe
  2⤵
  PID:7340
- C:\Windows\System\hflyvBa.exe
  C:\Windows\System\hflyvBa.exe
  2⤵
  PID:7356
- C:\Windows\System\ycaUZUu.exe
  C:\Windows\System\ycaUZUu.exe
  2⤵
  PID:7372
- C:\Windows\System\dSHWazu.exe
  C:\Windows\System\dSHWazu.exe
  2⤵
  PID:7388
- C:\Windows\System\scigCDe.exe
  C:\Windows\System\scigCDe.exe
  2⤵
  PID:7404
- C:\Windows\System\RtngkVF.exe
  C:\Windows\System\RtngkVF.exe
  2⤵
  PID:7420
- C:\Windows\System\gyIALfn.exe
  C:\Windows\System\gyIALfn.exe
  2⤵
  PID:7440
- C:\Windows\System\JNPCZGE.exe
  C:\Windows\System\JNPCZGE.exe
  2⤵
  PID:7460
- C:\Windows\System\sghJwbb.exe
  C:\Windows\System\sghJwbb.exe
  2⤵
  PID:7492
- C:\Windows\System\RXEXVRQ.exe
  C:\Windows\System\RXEXVRQ.exe
  2⤵
  PID:7508
- C:\Windows\System\NtXrzRY.exe
  C:\Windows\System\NtXrzRY.exe
  2⤵
  PID:7524
- C:\Windows\System\VsZyfeH.exe
  C:\Windows\System\VsZyfeH.exe
  2⤵
  PID:7544
- C:\Windows\System\QvkRLxN.exe
  C:\Windows\System\QvkRLxN.exe
  2⤵
  PID:7572
- C:\Windows\System\ZcmWdYg.exe
  C:\Windows\System\ZcmWdYg.exe
  2⤵
  PID:7592
- C:\Windows\System\xNYpkAu.exe
  C:\Windows\System\xNYpkAu.exe
  2⤵
  PID:7616
- C:\Windows\System\yoqsnXZ.exe
  C:\Windows\System\yoqsnXZ.exe
  2⤵
  PID:7644
- C:\Windows\System\TVWDBpX.exe
  C:\Windows\System\TVWDBpX.exe
  2⤵
  PID:7664
- C:\Windows\System\uCvRkhx.exe
  C:\Windows\System\uCvRkhx.exe
  2⤵
  PID:7684
- C:\Windows\System\QwJTBjk.exe
  C:\Windows\System\QwJTBjk.exe
  2⤵
  PID:7792
- C:\Windows\System\AFCHaJB.exe
  C:\Windows\System\AFCHaJB.exe
  2⤵
  PID:7808
- C:\Windows\System\EJQkLnI.exe
  C:\Windows\System\EJQkLnI.exe
  2⤵
  PID:7832
- C:\Windows\System\BjCBWQd.exe
  C:\Windows\System\BjCBWQd.exe
  2⤵
  PID:7848
- C:\Windows\System\uytNnsF.exe
  C:\Windows\System\uytNnsF.exe
  2⤵
  PID:7868
- C:\Windows\System\DTSXgWg.exe
  C:\Windows\System\DTSXgWg.exe
  2⤵
  PID:7884
- C:\Windows\System\EsnrYTH.exe
  C:\Windows\System\EsnrYTH.exe
  2⤵
  PID:7900
- C:\Windows\System\nCBZqzB.exe
  C:\Windows\System\nCBZqzB.exe
  2⤵
  PID:7924
- C:\Windows\System\ALgjthp.exe
  C:\Windows\System\ALgjthp.exe
  2⤵
  PID:7940
- C:\Windows\System\rhNvKKF.exe
  C:\Windows\System\rhNvKKF.exe
  2⤵
  PID:7956
- C:\Windows\System\vuSKfhp.exe
  C:\Windows\System\vuSKfhp.exe
  2⤵
  PID:7972
- C:\Windows\System\PskdiCY.exe
  C:\Windows\System\PskdiCY.exe
  2⤵
  PID:7992
- C:\Windows\System\XHmNHlw.exe
  C:\Windows\System\XHmNHlw.exe
  2⤵
  PID:8012
- C:\Windows\System\FscjNjo.exe
  C:\Windows\System\FscjNjo.exe
  2⤵
  PID:8028
- C:\Windows\System\HZPfxEQ.exe
  C:\Windows\System\HZPfxEQ.exe
  2⤵
  PID:8048
- C:\Windows\System\fvfRruq.exe
  C:\Windows\System\fvfRruq.exe
  2⤵
  PID:8064
- C:\Windows\System\VACAstU.exe
  C:\Windows\System\VACAstU.exe
  2⤵
  PID:8084
- C:\Windows\System\DWRHjnW.exe
  C:\Windows\System\DWRHjnW.exe
  2⤵
  PID:8100
- C:\Windows\System\MbCOYXL.exe
  C:\Windows\System\MbCOYXL.exe
  2⤵
  PID:8148
- C:\Windows\System\BLJXqwe.exe
  C:\Windows\System\BLJXqwe.exe
  2⤵
  PID:8164
- C:\Windows\System\yrktssi.exe
  C:\Windows\System\yrktssi.exe
  2⤵
  PID:8184
- C:\Windows\System\dqsNbAY.exe
  C:\Windows\System\dqsNbAY.exe
  2⤵
  PID:6264
- C:\Windows\System\lzxEQDQ.exe
  C:\Windows\System\lzxEQDQ.exe
  2⤵
  PID:6520
- C:\Windows\System\XWKTBIH.exe
  C:\Windows\System\XWKTBIH.exe
  2⤵
  PID:6892
- C:\Windows\System\tzJJOGh.exe
  C:\Windows\System\tzJJOGh.exe
  2⤵
  PID:6956
- C:\Windows\System\SXeqUhS.exe
  C:\Windows\System\SXeqUhS.exe
  2⤵
  PID:7256
- C:\Windows\System\hZcugCy.exe
  C:\Windows\System\hZcugCy.exe
  2⤵
  PID:7320
- C:\Windows\System\QSHnTwe.exe
  C:\Windows\System\QSHnTwe.exe
  2⤵
  PID:7288
- C:\Windows\System\GXDNMBL.exe
  C:\Windows\System\GXDNMBL.exe
  2⤵
  PID:2344
- C:\Windows\System\RfzXfjT.exe
  C:\Windows\System\RfzXfjT.exe
  2⤵
  PID:7500
- C:\Windows\System\AXuRxpI.exe
  C:\Windows\System\AXuRxpI.exe
  2⤵
  PID:7540
- C:\Windows\System\HLrbNRc.exe
  C:\Windows\System\HLrbNRc.exe
  2⤵
  PID:7632
- C:\Windows\System\JrrvpSa.exe
  C:\Windows\System\JrrvpSa.exe
  2⤵
  PID:6672
- C:\Windows\System\gisZGTR.exe
  C:\Windows\System\gisZGTR.exe
  2⤵
  PID:6680
- C:\Windows\System\jGTjInC.exe
  C:\Windows\System\jGTjInC.exe
  2⤵
  PID:7672
- C:\Windows\System\OVaVGGd.exe
  C:\Windows\System\OVaVGGd.exe
  2⤵
  PID:7268
- C:\Windows\System\mIiuJUU.exe
  C:\Windows\System\mIiuJUU.exe
  2⤵
  PID:7396
- C:\Windows\System\iHSvkVT.exe
  C:\Windows\System\iHSvkVT.exe
  2⤵
  PID:7436
- C:\Windows\System\ebGpJEs.exe
  C:\Windows\System\ebGpJEs.exe
  2⤵
  PID:5916
- C:\Windows\System\tqnZbqN.exe
  C:\Windows\System\tqnZbqN.exe
  2⤵
  PID:7012
- C:\Windows\System\wUvBrkk.exe
  C:\Windows\System\wUvBrkk.exe
  2⤵
  PID:7468
- C:\Windows\System\YHDMCfG.exe
  C:\Windows\System\YHDMCfG.exe
  2⤵
  PID:7484
- C:\Windows\System\hZiiEGX.exe
  C:\Windows\System\hZiiEGX.exe
  2⤵
  PID:7560
- C:\Windows\System\oRRhtnJ.exe
  C:\Windows\System\oRRhtnJ.exe
  2⤵
  PID:7652
- C:\Windows\System\igKTKwB.exe
  C:\Windows\System\igKTKwB.exe
  2⤵
  PID:7700
- C:\Windows\System\HdnySKt.exe
  C:\Windows\System\HdnySKt.exe
  2⤵
  PID:7724
- C:\Windows\System\xPuueHh.exe
  C:\Windows\System\xPuueHh.exe
  2⤵
  PID:7744
- C:\Windows\System\fKJPTWN.exe
  C:\Windows\System\fKJPTWN.exe
  2⤵
  PID:6588
- C:\Windows\System\xvJqCjn.exe
  C:\Windows\System\xvJqCjn.exe
  2⤵
  PID:7800
- C:\Windows\System\AGFpEri.exe
  C:\Windows\System\AGFpEri.exe
  2⤵
  PID:7840
- C:\Windows\System\llywKrP.exe
  C:\Windows\System\llywKrP.exe
  2⤵
  PID:7912
- C:\Windows\System\bGVKneX.exe
  C:\Windows\System\bGVKneX.exe
  2⤵
  PID:7948
- C:\Windows\System\tHgzMRc.exe
  C:\Windows\System\tHgzMRc.exe
  2⤵
  PID:8020
- C:\Windows\System\KpJqxQR.exe
  C:\Windows\System\KpJqxQR.exe
  2⤵
  PID:8096
- C:\Windows\System\QDNllFJ.exe
  C:\Windows\System\QDNllFJ.exe
  2⤵
  PID:7828
- C:\Windows\System\rgVEjrZ.exe
  C:\Windows\System\rgVEjrZ.exe
  2⤵
  PID:8072
- C:\Windows\System\zVDBlgI.exe
  C:\Windows\System\zVDBlgI.exe
  2⤵
  PID:8108
- C:\Windows\System\WPMGnXN.exe
  C:\Windows\System\WPMGnXN.exe
  2⤵
  PID:8120
- C:\Windows\System\GUohtqE.exe
  C:\Windows\System\GUohtqE.exe
  2⤵
  PID:6376
- C:\Windows\System\kGjkcwE.exe
  C:\Windows\System\kGjkcwE.exe
  2⤵
  PID:8040
- C:\Windows\System\BILbaiY.exe
  C:\Windows\System\BILbaiY.exe
  2⤵
  PID:8180
- C:\Windows\System\wsitMze.exe
  C:\Windows\System\wsitMze.exe
  2⤵
  PID:8172
- C:\Windows\System\rBpRtJQ.exe
  C:\Windows\System\rBpRtJQ.exe
  2⤵
  PID:7220
- C:\Windows\System\wgYjgOb.exe
  C:\Windows\System\wgYjgOb.exe
  2⤵
  PID:6912
- C:\Windows\System\ZHvSdvv.exe
  C:\Windows\System\ZHvSdvv.exe
  2⤵
  PID:7284
- C:\Windows\System\nIaRiso.exe
  C:\Windows\System\nIaRiso.exe
  2⤵
  PID:7348
- C:\Windows\System\tQAnCMw.exe
  C:\Windows\System\tQAnCMw.exe
  2⤵
  PID:7588
- C:\Windows\System\oTuTEdA.exe
  C:\Windows\System\oTuTEdA.exe
  2⤵
  PID:5580
- C:\Windows\System\GrypVGH.exe
  C:\Windows\System\GrypVGH.exe
  2⤵
  PID:7208
- C:\Windows\System\QXCNmMy.exe
  C:\Windows\System\QXCNmMy.exe
  2⤵
  PID:7432
- C:\Windows\System\EkYEllb.exe
  C:\Windows\System\EkYEllb.exe
  2⤵
  PID:7608
- C:\Windows\System\gEcXGOi.exe
  C:\Windows\System\gEcXGOi.exe
  2⤵
  PID:7028
- C:\Windows\System\UUoLYlk.exe
  C:\Windows\System\UUoLYlk.exe
  2⤵
  PID:7536
- C:\Windows\System\GJFKGMq.exe
  C:\Windows\System\GJFKGMq.exe
  2⤵
  PID:7720
- C:\Windows\System\ZwgImYc.exe
  C:\Windows\System\ZwgImYc.exe
  2⤵
  PID:7756
- C:\Windows\System\LXlIxbR.exe
  C:\Windows\System\LXlIxbR.exe
  2⤵
  PID:7680
- C:\Windows\System\SjmMIcL.exe
  C:\Windows\System\SjmMIcL.exe
  2⤵
  PID:7660
- C:\Windows\System\CQOyXnM.exe
  C:\Windows\System\CQOyXnM.exe
  2⤵
  PID:7788
- C:\Windows\System\SceFJYT.exe
  C:\Windows\System\SceFJYT.exe
  2⤵
  PID:8056
- C:\Windows\System\pYgmnBK.exe
  C:\Windows\System\pYgmnBK.exe
  2⤵
  PID:8008
- C:\Windows\System\xhegPMz.exe
  C:\Windows\System\xhegPMz.exe
  2⤵
  PID:2100
- C:\Windows\System\mBAfHff.exe
  C:\Windows\System\mBAfHff.exe
  2⤵
  PID:6484
- C:\Windows\System\LpuqoZG.exe
  C:\Windows\System\LpuqoZG.exe
  2⤵
  PID:7876
- C:\Windows\System\VQiURec.exe
  C:\Windows\System\VQiURec.exe
  2⤵
  PID:7932
- C:\Windows\System\jenRZYx.exe
  C:\Windows\System\jenRZYx.exe
  2⤵
  PID:7412
- C:\Windows\System\wtQKuJs.exe
  C:\Windows\System\wtQKuJs.exe
  2⤵
  PID:7084
- C:\Windows\System\ldPIDAk.exe
  C:\Windows\System\ldPIDAk.exe
  2⤵
  PID:8128
- C:\Windows\System\mORSaiG.exe
  C:\Windows\System\mORSaiG.exe
  2⤵
  PID:6568
- C:\Windows\System\tzUWoSV.exe
  C:\Windows\System\tzUWoSV.exe
  2⤵
  PID:7568
- C:\Windows\System\eWYyrAQ.exe
  C:\Windows\System\eWYyrAQ.exe
  2⤵
  PID:7532
- C:\Windows\System\JVuMkwT.exe
  C:\Windows\System\JVuMkwT.exe
  2⤵
  PID:6360
- C:\Windows\System\gGmFAMz.exe
  C:\Windows\System\gGmFAMz.exe
  2⤵
  PID:2304
- C:\Windows\System\PFUdVTc.exe
  C:\Windows\System\PFUdVTc.exe
  2⤵
  PID:7784
- C:\Windows\System\HRnQcZZ.exe
  C:\Windows\System\HRnQcZZ.exe
  2⤵
  PID:7516
- C:\Windows\System\uXIiZuK.exe
  C:\Windows\System\uXIiZuK.exe
  2⤵
  PID:5196
- C:\Windows\System\kWsieoL.exe
  C:\Windows\System\kWsieoL.exe
  2⤵
  PID:8076
- C:\Windows\System\DAmoXtP.exe
  C:\Windows\System\DAmoXtP.exe
  2⤵
  PID:8124
- C:\Windows\System\XXNAzyn.exe
  C:\Windows\System\XXNAzyn.exe
  2⤵
  PID:8112
- C:\Windows\System\zmuNzbO.exe
  C:\Windows\System\zmuNzbO.exe
  2⤵
  PID:7064
- C:\Windows\System\bZZKTEM.exe
  C:\Windows\System\bZZKTEM.exe
  2⤵
  PID:7612
- C:\Windows\System\GiXuElC.exe
  C:\Windows\System\GiXuElC.exe
  2⤵
  PID:7968
- C:\Windows\System\YScfKLg.exe
  C:\Windows\System\YScfKLg.exe
  2⤵
  PID:7272
- C:\Windows\System\bFofgee.exe
  C:\Windows\System\bFofgee.exe
  2⤵
  PID:6284
- C:\Windows\System\QbwBhsN.exe
  C:\Windows\System\QbwBhsN.exe
  2⤵
  PID:7192
- C:\Windows\System\jlGUehb.exe
  C:\Windows\System\jlGUehb.exe
  2⤵
  PID:7676
- C:\Windows\System\iUmyxPn.exe
  C:\Windows\System\iUmyxPn.exe
  2⤵
  PID:7952
- C:\Windows\System\ZGvTChJ.exe
  C:\Windows\System\ZGvTChJ.exe
  2⤵
  PID:7936
- C:\Windows\System\cevFdUU.exe
  C:\Windows\System\cevFdUU.exe
  2⤵
  PID:7988
- C:\Windows\System\PzZVFTT.exe
  C:\Windows\System\PzZVFTT.exe
  2⤵
  PID:6164
- C:\Windows\System\feIMFoC.exe
  C:\Windows\System\feIMFoC.exe
  2⤵
  PID:8136
- C:\Windows\System\bPrQhEs.exe
  C:\Windows\System\bPrQhEs.exe
  2⤵
  PID:7224
- C:\Windows\System\xQOFDru.exe
  C:\Windows\System\xQOFDru.exe
  2⤵
  PID:7824
- C:\Windows\System\eOlaORM.exe
  C:\Windows\System\eOlaORM.exe
  2⤵
  PID:7716
- C:\Windows\System\hwGWRma.exe
  C:\Windows\System\hwGWRma.exe
  2⤵
  PID:8160
- C:\Windows\System\IgLniCD.exe
  C:\Windows\System\IgLniCD.exe
  2⤵
  PID:8156
- C:\Windows\System\GcBFdNR.exe
  C:\Windows\System\GcBFdNR.exe
  2⤵
  PID:8236
- C:\Windows\System\SrDajTw.exe
  C:\Windows\System\SrDajTw.exe
  2⤵
  PID:8256
- C:\Windows\System\SPPijdw.exe
  C:\Windows\System\SPPijdw.exe
  2⤵
  PID:8272
- C:\Windows\System\UUYmtWi.exe
  C:\Windows\System\UUYmtWi.exe
  2⤵
  PID:8292
- C:\Windows\System\AISYqZL.exe
  C:\Windows\System\AISYqZL.exe
  2⤵
  PID:8308
- C:\Windows\System\qVVMeFM.exe
  C:\Windows\System\qVVMeFM.exe
  2⤵
  PID:8328
- C:\Windows\System\ZfegdzP.exe
  C:\Windows\System\ZfegdzP.exe
  2⤵
  PID:8356
- C:\Windows\System\MUcKzYd.exe
  C:\Windows\System\MUcKzYd.exe
  2⤵
  PID:8380
- C:\Windows\System\oxfTrLD.exe
  C:\Windows\System\oxfTrLD.exe
  2⤵
  PID:8396
- C:\Windows\System\IqyESkE.exe
  C:\Windows\System\IqyESkE.exe
  2⤵
  PID:8412
- C:\Windows\System\BOPWeEJ.exe
  C:\Windows\System\BOPWeEJ.exe
  2⤵
  PID:8432
- C:\Windows\System\fSbdJwC.exe
  C:\Windows\System\fSbdJwC.exe
  2⤵
  PID:8456
- C:\Windows\System\sxOuKvk.exe
  C:\Windows\System\sxOuKvk.exe
  2⤵
  PID:8480
- C:\Windows\System\jnngZKm.exe
  C:\Windows\System\jnngZKm.exe
  2⤵
  PID:8496
- C:\Windows\System\ysoGldg.exe
  C:\Windows\System\ysoGldg.exe
  2⤵
  PID:8512
- C:\Windows\System\ptPBCWV.exe
  C:\Windows\System\ptPBCWV.exe
  2⤵
  PID:8528
- C:\Windows\System\fsEWikD.exe
  C:\Windows\System\fsEWikD.exe
  2⤵
  PID:8548
- C:\Windows\System\FGOtBxu.exe
  C:\Windows\System\FGOtBxu.exe
  2⤵
  PID:8564
- C:\Windows\System\kFfemrW.exe
  C:\Windows\System\kFfemrW.exe
  2⤵
  PID:8580
- C:\Windows\System\WpKeZXm.exe
  C:\Windows\System\WpKeZXm.exe
  2⤵
  PID:8604
- C:\Windows\System\xEjKAtW.exe
  C:\Windows\System\xEjKAtW.exe
  2⤵
  PID:8640
- C:\Windows\System\NNnQywL.exe
  C:\Windows\System\NNnQywL.exe
  2⤵
  PID:8660
- C:\Windows\System\rajnVVL.exe
  C:\Windows\System\rajnVVL.exe
  2⤵
  PID:8676
- C:\Windows\System\LEqyrfm.exe
  C:\Windows\System\LEqyrfm.exe
  2⤵
  PID:8692
- C:\Windows\System\sylwnWu.exe
  C:\Windows\System\sylwnWu.exe
  2⤵
  PID:8716
- C:\Windows\System\MdfEiUc.exe
  C:\Windows\System\MdfEiUc.exe
  2⤵
  PID:8732
- C:\Windows\System\emTTeEv.exe
  C:\Windows\System\emTTeEv.exe
  2⤵
  PID:8760
- C:\Windows\System\boKCbvG.exe
  C:\Windows\System\boKCbvG.exe
  2⤵
  PID:8776
- C:\Windows\System\iGgLAYZ.exe
  C:\Windows\System\iGgLAYZ.exe
  2⤵
  PID:8796
- C:\Windows\System\GDXIMmK.exe
  C:\Windows\System\GDXIMmK.exe
  2⤵
  PID:8816
- C:\Windows\System\bJmNihZ.exe
  C:\Windows\System\bJmNihZ.exe
  2⤵
  PID:8832
- C:\Windows\System\SKfZVHH.exe
  C:\Windows\System\SKfZVHH.exe
  2⤵
  PID:8852
- C:\Windows\System\PWJaDvm.exe
  C:\Windows\System\PWJaDvm.exe
  2⤵
  PID:8872
- C:\Windows\System\DrPMkZa.exe
  C:\Windows\System\DrPMkZa.exe
  2⤵
  PID:8896
- C:\Windows\System\amZoyLW.exe
  C:\Windows\System\amZoyLW.exe
  2⤵
  PID:8912
- C:\Windows\System\qrWSdcn.exe
  C:\Windows\System\qrWSdcn.exe
  2⤵
  PID:8928
- C:\Windows\System\wGIYXkw.exe
  C:\Windows\System\wGIYXkw.exe
  2⤵
  PID:8944
- C:\Windows\System\nUhkBIx.exe
  C:\Windows\System\nUhkBIx.exe
  2⤵
  PID:8960
- C:\Windows\System\jWdipoS.exe
  C:\Windows\System\jWdipoS.exe
  2⤵
  PID:8980
- C:\Windows\System\QAlmlXP.exe
  C:\Windows\System\QAlmlXP.exe
  2⤵
  PID:9008
- C:\Windows\System\oDXhkmA.exe
  C:\Windows\System\oDXhkmA.exe
  2⤵
  PID:9024
- C:\Windows\System\DKUUwWk.exe
  C:\Windows\System\DKUUwWk.exe
  2⤵
  PID:9048
- C:\Windows\System\nVMtjQF.exe
  C:\Windows\System\nVMtjQF.exe
  2⤵
  PID:9064
- C:\Windows\System\FotZgrw.exe
  C:\Windows\System\FotZgrw.exe
  2⤵
  PID:9088
- C:\Windows\System\cpVwAQJ.exe
  C:\Windows\System\cpVwAQJ.exe
  2⤵
  PID:9104
- C:\Windows\System\xigWAYE.exe
  C:\Windows\System\xigWAYE.exe
  2⤵
  PID:9120
- C:\Windows\System\YRQynXF.exe
  C:\Windows\System\YRQynXF.exe
  2⤵
  PID:9148
- C:\Windows\System\fpOQvXw.exe
  C:\Windows\System\fpOQvXw.exe
  2⤵
  PID:9164
- C:\Windows\System\EGGcwAw.exe
  C:\Windows\System\EGGcwAw.exe
  2⤵
  PID:9188
- C:\Windows\System\FHDqQiG.exe
  C:\Windows\System\FHDqQiG.exe
  2⤵
  PID:7552
- C:\Windows\System\ysOiETf.exe
  C:\Windows\System\ysOiETf.exe
  2⤵
  PID:1496
- C:\Windows\System\BcrOZvg.exe
  C:\Windows\System\BcrOZvg.exe
  2⤵
  PID:8116
- C:\Windows\System\WfRhVEE.exe
  C:\Windows\System\WfRhVEE.exe
  2⤵
  PID:8212
- C:\Windows\System\nPMooBu.exe
  C:\Windows\System\nPMooBu.exe
  2⤵
  PID:8232
- C:\Windows\System\BBTJIdV.exe
  C:\Windows\System\BBTJIdV.exe
  2⤵
  PID:2368
- C:\Windows\System\oqjDlhi.exe
  C:\Windows\System\oqjDlhi.exe
  2⤵
  PID:8304
- C:\Windows\System\WfnapPs.exe
  C:\Windows\System\WfnapPs.exe
  2⤵
  PID:7780
- C:\Windows\System\jxkGWPW.exe
  C:\Windows\System\jxkGWPW.exe
  2⤵
  PID:8340
- C:\Windows\System\vpmyYvV.exe
  C:\Windows\System\vpmyYvV.exe
  2⤵
  PID:8368
- C:\Windows\System\arejDAn.exe
  C:\Windows\System\arejDAn.exe
  2⤵
  PID:8376
- C:\Windows\System\isGKpFK.exe
  C:\Windows\System\isGKpFK.exe
  2⤵
  PID:8408
- C:\Windows\System\PPQflSN.exe
  C:\Windows\System\PPQflSN.exe
  2⤵
  PID:8508
- C:\Windows\System\euxNJgq.exe
  C:\Windows\System\euxNJgq.exe
  2⤵
  PID:8540
- C:\Windows\System\GnXTwPJ.exe
  C:\Windows\System\GnXTwPJ.exe
  2⤵
  PID:8520
- C:\Windows\System\OKnCfzb.exe
  C:\Windows\System\OKnCfzb.exe
  2⤵
  PID:8612
- C:\Windows\System\JeDRmqG.exe
  C:\Windows\System\JeDRmqG.exe
  2⤵
  PID:8592
- C:\Windows\System\ebVpJMa.exe
  C:\Windows\System\ebVpJMa.exe
  2⤵
  PID:8620
- C:\Windows\System\SMZxBNU.exe
  C:\Windows\System\SMZxBNU.exe
  2⤵
  PID:7768
- C:\Windows\System\cLqNSrs.exe
  C:\Windows\System\cLqNSrs.exe
  2⤵
  PID:8652
- C:\Windows\System\CyZtzRM.exe
  C:\Windows\System\CyZtzRM.exe
  2⤵
  PID:8700
- C:\Windows\System\wbhoGtd.exe
  C:\Windows\System\wbhoGtd.exe
  2⤵
  PID:8724
- C:\Windows\System\FaNevro.exe
  C:\Windows\System\FaNevro.exe
  2⤵
  PID:8756
- C:\Windows\System\lxBkkdb.exe
  C:\Windows\System\lxBkkdb.exe
  2⤵
  PID:8828
- C:\Windows\System\BWINbrn.exe
  C:\Windows\System\BWINbrn.exe
  2⤵
  PID:8868
- C:\Windows\System\GUnyVJS.exe
  C:\Windows\System\GUnyVJS.exe
  2⤵
  PID:8968
- C:\Windows\System\MvznzqE.exe
  C:\Windows\System\MvznzqE.exe
  2⤵
  PID:9056
- C:\Windows\System\gVLwZlj.exe
  C:\Windows\System\gVLwZlj.exe
  2⤵
  PID:9132
- C:\Windows\System\GnVLLnZ.exe
  C:\Windows\System\GnVLLnZ.exe
  2⤵
  PID:9080
- C:\Windows\System\PwMcXVM.exe
  C:\Windows\System\PwMcXVM.exe
  2⤵
  PID:9000
- C:\Windows\System\wZjULFk.exe
  C:\Windows\System\wZjULFk.exe
  2⤵
  PID:9032
- C:\Windows\System\bFYIalW.exe
  C:\Windows\System\bFYIalW.exe
  2⤵
  PID:9112
- C:\Windows\System\QpHpRQL.exe
  C:\Windows\System\QpHpRQL.exe
  2⤵
  PID:9040
- C:\Windows\System\ffHrnSs.exe
  C:\Windows\System\ffHrnSs.exe
  2⤵
  PID:9184
- C:\Windows\System\dGGWkOq.exe
  C:\Windows\System\dGGWkOq.exe
  2⤵
  PID:9196
- C:\Windows\System\JjKcGBf.exe
  C:\Windows\System\JjKcGBf.exe
  2⤵
  PID:8196
- C:\Windows\System\IEzMrJi.exe
  C:\Windows\System\IEzMrJi.exe
  2⤵
  PID:7984
- C:\Windows\System\MErVbFA.exe
  C:\Windows\System\MErVbFA.exe
  2⤵
  PID:8208
- C:\Windows\System\YPZgJrx.exe
  C:\Windows\System\YPZgJrx.exe
  2⤵
  PID:7108
- C:\Windows\System\OpeTsdU.exe
  C:\Windows\System\OpeTsdU.exe
  2⤵
  PID:8352
- C:\Windows\System\OCQupYb.exe
  C:\Windows\System\OCQupYb.exe
  2⤵
  PID:8284
- C:\Windows\System\tPthrJX.exe
  C:\Windows\System\tPthrJX.exe
  2⤵
  PID:8472
- C:\Windows\System\JIwwQIp.exe
  C:\Windows\System\JIwwQIp.exe
  2⤵
  PID:8504
- C:\Windows\System\zwNUKMx.exe
  C:\Windows\System\zwNUKMx.exe
  2⤵
  PID:8448
- C:\Windows\System\JCzDUmh.exe
  C:\Windows\System\JCzDUmh.exe
  2⤵
  PID:8560
- C:\Windows\System\hRWtImr.exe
  C:\Windows\System\hRWtImr.exe
  2⤵
  PID:8600
- C:\Windows\System\MWcALya.exe
  C:\Windows\System\MWcALya.exe
  2⤵
  PID:8768
- C:\Windows\System\NcCSMXs.exe
  C:\Windows\System\NcCSMXs.exe
  2⤵
  PID:8788
- C:\Windows\System\SnmikbN.exe
  C:\Windows\System\SnmikbN.exe
  2⤵
  PID:8848
- C:\Windows\System\KSxNAKf.exe
  C:\Windows\System\KSxNAKf.exe
  2⤵
  PID:8864
- C:\Windows\System\gTkeevn.exe
  C:\Windows\System\gTkeevn.exe
  2⤵
  PID:9096
- C:\Windows\System\CTGSKvQ.exe
  C:\Windows\System\CTGSKvQ.exe
  2⤵
  PID:8996
- C:\Windows\System\aJAIJyZ.exe
  C:\Windows\System\aJAIJyZ.exe
  2⤵
  PID:9176
- C:\Windows\System\NzUNWAx.exe
  C:\Windows\System\NzUNWAx.exe
  2⤵
  PID:9208
- C:\Windows\System\TufkvWV.exe
  C:\Windows\System\TufkvWV.exe
  2⤵
  PID:6800
- C:\Windows\System\KplrDHe.exe
  C:\Windows\System\KplrDHe.exe
  2⤵
  PID:8976
- C:\Windows\System\eZdHHtN.exe
  C:\Windows\System\eZdHHtN.exe
  2⤵
  PID:9072
- C:\Windows\System\HfNlmjH.exe
  C:\Windows\System\HfNlmjH.exe
  2⤵
  PID:9160
- C:\Windows\System\pmUOqmm.exe
  C:\Windows\System\pmUOqmm.exe
  2⤵
  PID:8224
- C:\Windows\System\LKnZgUt.exe
  C:\Windows\System\LKnZgUt.exe
  2⤵
  PID:9212
- C:\Windows\System\txPioEO.exe
  C:\Windows\System\txPioEO.exe
  2⤵
  PID:8544
- C:\Windows\System\tEdxXan.exe
  C:\Windows\System\tEdxXan.exe
  2⤵
  PID:8684
- C:\Windows\System\pqWepQp.exe
  C:\Windows\System\pqWepQp.exe
  2⤵
  PID:8708
- C:\Windows\System\fMOdUnj.exe
  C:\Windows\System\fMOdUnj.exe
  2⤵
  PID:8744
- C:\Windows\System\DzYphDd.exe
  C:\Windows\System\DzYphDd.exe
  2⤵
  PID:9128
- C:\Windows\System\OVVlIOw.exe
  C:\Windows\System\OVVlIOw.exe
  2⤵
  PID:8860
- C:\Windows\System\dLdPSOp.exe
  C:\Windows\System\dLdPSOp.exe
  2⤵
  PID:8336
- C:\Windows\System\kxdJWwI.exe
  C:\Windows\System\kxdJWwI.exe
  2⤵
  PID:9016
- C:\Windows\System\kygvREB.exe
  C:\Windows\System\kygvREB.exe
  2⤵
  PID:8344
- C:\Windows\System\lXuKmSS.exe
  C:\Windows\System\lXuKmSS.exe
  2⤵
  PID:8988
- C:\Windows\System\OYgPaNE.exe
  C:\Windows\System\OYgPaNE.exe
  2⤵
  PID:8268
- C:\Windows\System\lJWeUAD.exe
  C:\Windows\System\lJWeUAD.exe
  2⤵
  PID:8492
- C:\Windows\System\yNbCTDg.exe
  C:\Windows\System\yNbCTDg.exe
  2⤵
  PID:7776
- C:\Windows\System\WAUzZjD.exe
  C:\Windows\System\WAUzZjD.exe
  2⤵
  PID:8792
- C:\Windows\System\uzoQjbK.exe
  C:\Windows\System\uzoQjbK.exe
  2⤵
  PID:8388
- C:\Windows\System\WebiPLj.exe
  C:\Windows\System\WebiPLj.exe
  2⤵
  PID:9156
- C:\Windows\System\yUFmDJb.exe
  C:\Windows\System\yUFmDJb.exe
  2⤵
  PID:8392
- C:\Windows\System\JYVFFwK.exe
  C:\Windows\System\JYVFFwK.exe
  2⤵
  PID:8628
- C:\Windows\System\ssMSHwl.exe
  C:\Windows\System\ssMSHwl.exe
  2⤵
  PID:8324
- C:\Windows\System\MlvVfsh.exe
  C:\Windows\System\MlvVfsh.exe
  2⤵
  PID:8428
- C:\Windows\System\Ajqjjau.exe
  C:\Windows\System\Ajqjjau.exe
  2⤵
  PID:8772
- C:\Windows\System\crsgFLp.exe
  C:\Windows\System\crsgFLp.exe
  2⤵
  PID:8364
- C:\Windows\System\omUpbnu.exe
  C:\Windows\System\omUpbnu.exe
  2⤵
  PID:8204
- C:\Windows\System\XcrkrOD.exe
  C:\Windows\System\XcrkrOD.exe
  2⤵
  PID:9204
- C:\Windows\System\LIvczrU.exe
  C:\Windows\System\LIvczrU.exe
  2⤵
  PID:8920
- C:\Windows\System\FUfhTxA.exe
  C:\Windows\System\FUfhTxA.exe
  2⤵
  PID:9236
- C:\Windows\System\SDthvXl.exe
  C:\Windows\System\SDthvXl.exe
  2⤵
  PID:9260
- C:\Windows\System\jNRDdFa.exe
  C:\Windows\System\jNRDdFa.exe
  2⤵
  PID:9276
- C:\Windows\System\SBrRhDT.exe
  C:\Windows\System\SBrRhDT.exe
  2⤵
  PID:9296
- C:\Windows\System\ZUsqpTd.exe
  C:\Windows\System\ZUsqpTd.exe
  2⤵
  PID:9320
- C:\Windows\System\vxxyRbG.exe
  C:\Windows\System\vxxyRbG.exe
  2⤵
  PID:9336
- C:\Windows\System\rXtNlYQ.exe
  C:\Windows\System\rXtNlYQ.exe
  2⤵
  PID:9356
- C:\Windows\System\WYlPJjx.exe
  C:\Windows\System\WYlPJjx.exe
  2⤵
  PID:9372
- C:\Windows\System\VBCEUkE.exe
  C:\Windows\System\VBCEUkE.exe
  2⤵
  PID:9388
- C:\Windows\System\TorRpQO.exe
  C:\Windows\System\TorRpQO.exe
  2⤵
  PID:9404
- C:\Windows\System\BrXnpCq.exe
  C:\Windows\System\BrXnpCq.exe
  2⤵
  PID:9420
- C:\Windows\System\BycIHYn.exe
  C:\Windows\System\BycIHYn.exe
  2⤵
  PID:9436
- C:\Windows\System\RvUMFeY.exe
  C:\Windows\System\RvUMFeY.exe
  2⤵
  PID:9452
- C:\Windows\System\RvlsbdW.exe
  C:\Windows\System\RvlsbdW.exe
  2⤵
  PID:9496
- C:\Windows\System\gVkCtVW.exe
  C:\Windows\System\gVkCtVW.exe
  2⤵
  PID:9516
- C:\Windows\System\PCGFgdN.exe
  C:\Windows\System\PCGFgdN.exe
  2⤵
  PID:9532
- C:\Windows\System\LaBFBcy.exe
  C:\Windows\System\LaBFBcy.exe
  2⤵
  PID:9552
- C:\Windows\System\shoSwcT.exe
  C:\Windows\System\shoSwcT.exe
  2⤵
  PID:9568
- C:\Windows\System\KWanFKK.exe
  C:\Windows\System\KWanFKK.exe
  2⤵
  PID:9584
- C:\Windows\System\KdFZJhI.exe
  C:\Windows\System\KdFZJhI.exe
  2⤵
  PID:9600
- C:\Windows\System\MnPmgTi.exe
  C:\Windows\System\MnPmgTi.exe
  2⤵
  PID:9616
- C:\Windows\System\AlVEhkQ.exe
  C:\Windows\System\AlVEhkQ.exe
  2⤵
  PID:9632
- C:\Windows\System\CjlMphc.exe
  C:\Windows\System\CjlMphc.exe
  2⤵
  PID:9648
- C:\Windows\System\cthnsIx.exe
  C:\Windows\System\cthnsIx.exe
  2⤵
  PID:9664
- C:\Windows\System\laDipFu.exe
  C:\Windows\System\laDipFu.exe
  2⤵
  PID:9684
- C:\Windows\System\VYlfThz.exe
  C:\Windows\System\VYlfThz.exe
  2⤵
  PID:9744
- C:\Windows\System\BDFfgxX.exe
  C:\Windows\System\BDFfgxX.exe
  2⤵
  PID:9760
- C:\Windows\System\EyGMtpa.exe
  C:\Windows\System\EyGMtpa.exe
  2⤵
  PID:9776
- C:\Windows\System\mheiKhl.exe
  C:\Windows\System\mheiKhl.exe
  2⤵
  PID:9796
- C:\Windows\System\HWVbiAL.exe
  C:\Windows\System\HWVbiAL.exe
  2⤵
  PID:9812
- C:\Windows\System\msZcRmG.exe
  C:\Windows\System\msZcRmG.exe
  2⤵
  PID:9828
- C:\Windows\System\KbZVoNd.exe
  C:\Windows\System\KbZVoNd.exe
  2⤵
  PID:9848
- C:\Windows\System\ggAVOCH.exe
  C:\Windows\System\ggAVOCH.exe
  2⤵
  PID:9868
- C:\Windows\System\xqyabqR.exe
  C:\Windows\System\xqyabqR.exe
  2⤵
  PID:9892
- C:\Windows\System\cQvOibQ.exe
  C:\Windows\System\cQvOibQ.exe
  2⤵
  PID:9912
- C:\Windows\System\tMORvRx.exe
  C:\Windows\System\tMORvRx.exe
  2⤵
  PID:9936
- C:\Windows\System\qhCBzbn.exe
  C:\Windows\System\qhCBzbn.exe
  2⤵
  PID:9956
- C:\Windows\System\eAZooQd.exe
  C:\Windows\System\eAZooQd.exe
  2⤵
  PID:9980
- C:\Windows\System\OBJLopj.exe
  C:\Windows\System\OBJLopj.exe
  2⤵
  PID:10000
- C:\Windows\System\Bkgzzor.exe
  C:\Windows\System\Bkgzzor.exe
  2⤵
  PID:10020
- C:\Windows\System\rzIRecF.exe
  C:\Windows\System\rzIRecF.exe
  2⤵
  PID:10036
- C:\Windows\System\XyaLzij.exe
  C:\Windows\System\XyaLzij.exe
  2⤵
  PID:10056
- C:\Windows\System\zqXvXNr.exe
  C:\Windows\System\zqXvXNr.exe
  2⤵
  PID:10076
- C:\Windows\System\IZVIIOF.exe
  C:\Windows\System\IZVIIOF.exe
  2⤵
  PID:10096
- C:\Windows\System\OUQgETn.exe
  C:\Windows\System\OUQgETn.exe
  2⤵
  PID:10112
- C:\Windows\System\tTIpiQH.exe
  C:\Windows\System\tTIpiQH.exe
  2⤵
  PID:10128
- C:\Windows\System\wHKJIIL.exe
  C:\Windows\System\wHKJIIL.exe
  2⤵
  PID:10144
- C:\Windows\System\iJySttt.exe
  C:\Windows\System\iJySttt.exe
  2⤵
  PID:10168
- C:\Windows\System\ORAcHmL.exe
  C:\Windows\System\ORAcHmL.exe
  2⤵
  PID:10200
- C:\Windows\System\EhUGXyh.exe
  C:\Windows\System\EhUGXyh.exe
  2⤵
  PID:10224
- C:\Windows\System\ZYGGaRz.exe
  C:\Windows\System\ZYGGaRz.exe
  2⤵
  PID:9232
- C:\Windows\System\EoeeqZd.exe
  C:\Windows\System\EoeeqZd.exe
  2⤵
  PID:9252
- C:\Windows\System\jVyQDnX.exe
  C:\Windows\System\jVyQDnX.exe
  2⤵
  PID:9288
- C:\Windows\System\AFsaHgK.exe
  C:\Windows\System\AFsaHgK.exe
  2⤵
  PID:9400
- C:\Windows\System\ZDYGviH.exe
  C:\Windows\System\ZDYGviH.exe
  2⤵
  PID:9444
- C:\Windows\System\qJIvojs.exe
  C:\Windows\System\qJIvojs.exe
  2⤵
  PID:9416
- C:\Windows\System\hcovDOq.exe
  C:\Windows\System\hcovDOq.exe
  2⤵
  PID:9380
- C:\Windows\System\MzRkHyj.exe
  C:\Windows\System\MzRkHyj.exe
  2⤵
  PID:9472
- C:\Windows\System\yUJZPYY.exe
  C:\Windows\System\yUJZPYY.exe
  2⤵
  PID:9488
- C:\Windows\System\eDiBQvw.exe
  C:\Windows\System\eDiBQvw.exe
  2⤵
  PID:9540
- C:\Windows\System\hhHKuyb.exe
  C:\Windows\System\hhHKuyb.exe
  2⤵
  PID:9612
- C:\Windows\System\gslvNXM.exe
  C:\Windows\System\gslvNXM.exe
  2⤵
  PID:9528
- C:\Windows\System\FMIUZiA.exe
  C:\Windows\System\FMIUZiA.exe
  2⤵
  PID:9592
- C:\Windows\System\VTfQeAk.exe
  C:\Windows\System\VTfQeAk.exe
  2⤵
  PID:9656
- C:\Windows\System\qqLwXhi.exe
  C:\Windows\System\qqLwXhi.exe
  2⤵
  PID:9712
- C:\Windows\System\FXShBrY.exe
  C:\Windows\System\FXShBrY.exe
  2⤵
  PID:9732
- C:\Windows\System\aWLfVsS.exe
  C:\Windows\System\aWLfVsS.exe
  2⤵
  PID:9808
- C:\Windows\System\uSCiYfm.exe
  C:\Windows\System\uSCiYfm.exe
  2⤵
  PID:9736
- C:\Windows\System\oOVOzpi.exe
  C:\Windows\System\oOVOzpi.exe
  2⤵
  PID:9824
- C:\Windows\System\zfhzOeR.exe
  C:\Windows\System\zfhzOeR.exe
  2⤵
  PID:9840
- C:\Windows\System\wMriiLD.exe
  C:\Windows\System\wMriiLD.exe
  2⤵
  PID:9920
- C:\Windows\System\veIpWuA.exe
  C:\Windows\System\veIpWuA.exe
  2⤵
  PID:9924
- C:\Windows\System\ceTJpKh.exe
  C:\Windows\System\ceTJpKh.exe
  2⤵
  PID:9880
- C:\Windows\System\IFLjgwS.exe
  C:\Windows\System\IFLjgwS.exe
  2⤵
  PID:9972
- C:\Windows\System\Lijogdl.exe
  C:\Windows\System\Lijogdl.exe
  2⤵
  PID:10008
- C:\Windows\System\alkrGFE.exe
  C:\Windows\System\alkrGFE.exe
  2⤵
  PID:10064
- C:\Windows\System\CxMsdbu.exe
  C:\Windows\System\CxMsdbu.exe
  2⤵
  PID:10016
- C:\Windows\System\CpqbsKe.exe
  C:\Windows\System\CpqbsKe.exe
  2⤵
  PID:10120
- C:\Windows\System\OizfiCg.exe
  C:\Windows\System\OizfiCg.exe
  2⤵
  PID:10156
- C:\Windows\System\kGDjbsk.exe
  C:\Windows\System\kGDjbsk.exe
  2⤵
  PID:10176
- C:\Windows\System\HMuSpgb.exe
  C:\Windows\System\HMuSpgb.exe
  2⤵
  PID:10208
- C:\Windows\System\PpuvElG.exe
  C:\Windows\System\PpuvElG.exe
  2⤵
  PID:10232
- C:\Windows\System\ajDgctc.exe
  C:\Windows\System\ajDgctc.exe
  2⤵
  PID:9244
- C:\Windows\System\yDOrKiH.exe
  C:\Windows\System\yDOrKiH.exe
  2⤵
  PID:9308
- C:\Windows\System\VpNSDuS.exe
  C:\Windows\System\VpNSDuS.exe
  2⤵
  PID:9332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AeCzcQN.exe

Filesize
6.0MB

MD5
3fc32331d15dbcef2b95a562d78a8470

SHA1
bdd1ffe65c581b90dcc380ada0934d2526a4f147

SHA256
c14a3199d8ea3e07ea396ba9af915f1547d8c94703c538a8d5b3886cb75b321b

SHA512
bc0acc8ec01b4691f994b03d4c58e27e022c94cd3e6590f8dcc0b8230f4869becc7d6d55cdd15c528a38b1805c45d3e1bc98e68b74bb09d437252280cb794985

Download Submit
C:\Windows\system\CIGmjcn.exe

Filesize
6.0MB

MD5
0e762b4c16ff88e3618ea2e1f0f1f168

SHA1
d2ebf772c6a16cae5d3582b0541f9809a54303a5

SHA256
f46aa0ee68e595e135e44a39f8dce411058b4cfe536a20efcc329158a121412d

SHA512
c52d41b735dac4c06b20728582d5a09300729b0e6f26c3a2eab4ae539be26b03051008c57ad5f98db0f0c86cec4b3e26746785396575e1d2ebf1471378752595

Download Submit
C:\Windows\system\DIUUizT.exe

Filesize
6.0MB

MD5
f929d43580ead82113b851e75d932ce2

SHA1
6a624daead3485923638bcc9ac4b292dd95524c7

SHA256
a2d6dadb55b05c969f63c4590108fc25c1de508da345c87b6dcd938239d0543d

SHA512
f13479c4056ec288b15a2cbd46aead3f36d5212263d0315582608db3fdf36c189a82da8b08ec9f72bc39c5adddc2e0baf49e9be6a53cbb0f534b2666dbe74221

Download Submit
C:\Windows\system\EnvxhOH.exe

Filesize
6.0MB

MD5
b403a621ffdc6c89aea43e69f047bc0d

SHA1
0ccb69a7e535a8abe2fa30ed678713db1f91f6c9

SHA256
4232e5de28a4558d396b4cb8d0f7d11e82becba61a2a2a4962c90eddaab32f3e

SHA512
3b0c83e342169322482476af90ff2b7d96dd4d1bb2f31a20c75476661203e34f42025adcbd71e0d123bc9e694a91a595a831e4a3d4af69823cfcd7faebebce45

Download Submit
C:\Windows\system\HlVHShC.exe

Filesize
6.0MB

MD5
7677f91c3d2e6dc8e8c416527f73a873

SHA1
42db5887049875835263ad832f2b6b796faf889f

SHA256
b92e23d8ad36067975564e067de62b6e4ccf397160e9df81d3adb94ea47aa946

SHA512
7879f07fdd842ed92dc41785a12d1a6aed2637f30911b8b62c693ccaff5efe021a708f1610881c6dfc73150809ee9e0327e3bfc81bfda90fdd819a3c31a03bb0

Download Submit
C:\Windows\system\JfEUTLS.exe

Filesize
6.0MB

MD5
814a8b4f4d174884a58efd502ec2359d

SHA1
6cc0f7a924e574d6b0fd48ba0412ce654f9d9943

SHA256
9a8f07eb89116ac7f133c774a0223c58d91fd9ce5af83d600eac1e0d369043d2

SHA512
28b2656dbd72b8b4be7ba65bbd678158273f083fe332a105b294662f9ade663b5eac82333eec66fd626f70775321a85c4bcefd4f121165f93f5974f627898f4a

Download Submit
C:\Windows\system\NjLJXOK.exe

Filesize
6.0MB

MD5
1149be4f0777efac937dc48bba535eaa

SHA1
1543e1e9bfc2680d0524c8120f9f42c9b05c8833

SHA256
78b3311e510d6f20715f689782719021914584ae4b254c0f767d2ae857e242eb

SHA512
56e11a7fe6d67e4a8b7397f2329db098235d14947746f7ca59bb0ee6ffd0a65f3b4be3fe2b3a9f896b8aa0a76deef9e70bfa20704335a42511724c4e712e487f

Download Submit
C:\Windows\system\OZBZZgf.exe

Filesize
6.0MB

MD5
43e04bd788b4ba07aac609f22271ed5a

SHA1
97c7ea6278a9adadce88e6fa27cae0a5a979b74e

SHA256
ad803f76b660be7b27369abb552c7266abf5c161c95f0a9cf8e2a6e242c40251

SHA512
08b4e74d00b014a7e9d56246e77ea836e3e4a14d3829e325f944f56453b8d7811d41f6dbbe2efff3cd09674e1e79cc4fff7bb36017e06ba80720cef23cd1d8c2

Download Submit
C:\Windows\system\QWGjVnU.exe

Filesize
6.0MB

MD5
3c501fbb1e36d1b79f1c9c4b02fd6602

SHA1
9c781fc380118f2b5f1b6b3d112ac4f0bb1fe801

SHA256
c07ce5f3c06d1cd28f38a94dd7783be2a9d12776367a2f5ab693f3f56c6c7dca

SHA512
3509b35a1f3287bd22e95950a1efc0e5a8ef467dd55a074405f679c584f84d2d1edcc37e8c89064381a4b9a90649b19f1d2af6fc33075aab115d26b5faad00cb

Download Submit
C:\Windows\system\RjrRlhW.exe

Filesize
6.0MB

MD5
f6c08a0d6311382f61ec64d06c8bd8c4

SHA1
c8d659fb3ff1d28524b8dcaf565e2dd0048f6431

SHA256
ceb3407250e7f6fe5cbcff290b5c48852e0015b0c5ac20220d66840398f4270b

SHA512
ce3a1f03045570e96bb801d64dd1037f9575cae8e2256d00e319eb6165e88b492654e485387b77d5674cfa802477c844efd62281b90be2af31aff693d4f99a5e

Download Submit
C:\Windows\system\UpEegMr.exe

Filesize
6.0MB

MD5
44b4f29faec4b0f995a471e7d06f732f

SHA1
d6fa115a65287157e7eef10d0600367532f21f7a

SHA256
8e90e676766db4f3cb8847b5ffde3f0bb519e18a931d3a739e681c51d1e3bd3b

SHA512
91146f0d2f5949b9fdc64fae3309877d7c87ba289473a0f1f6e9f442f091f5362bab00f6e3de8dc33da20c55f662c6d4f60b17e634e4db8df041b6ea085dafbc

Download Submit
C:\Windows\system\Wjjlbqx.exe

Filesize
6.0MB

MD5
56cc53909403775242f42a1373c730e8

SHA1
19e8d472723c0ae25a00aceed0856fc70b56e638

SHA256
7bdb2e14e9b41990fbab010b253f5604c0951e8706b531c54feee06904f1ec5e

SHA512
4ac0dc613d1a19c0c1d2cf498db60f459d1601a41b22fe2e6d4712e80336c73dda69f2fbed41e9174230a9f9235d32aa7c1fa3d77dbcc0110a9c4691171b560b

Download Submit
C:\Windows\system\ZfpMIUp.exe

Filesize
6.0MB

MD5
d0cde9c9e6c6fe723bae4a9c5fe93636

SHA1
222a554613483ef4acd0bd2e5c335fdb6e083f0d

SHA256
6e1c75e32dfc64ea101888866a80a497db066a5d94ee5c7db90c8338f26c2429

SHA512
bcea46909ae877164c50179bde08c3cb2c466e9abb8bbe338c5b77c3737a730d6d6585dac608e2b3b384d0e4217547076c86345ca0fb5d553ae42855d5b024be

Download Submit
C:\Windows\system\cGJBjNc.exe

Filesize
6.0MB

MD5
2c0cffcb83f34e0979007396e1e566a7

SHA1
87de0806e34939fca90a4e22f8f455534ff8f7db

SHA256
3b81785a15de1433569b7acb0f6d62cf70c5c7c918732746a7f2fefbbd5ddd9b

SHA512
d9a69cb5b4e1a36a876d35af7c0f7d1dc34a213c35a6f7c2b20b6c98a825b61267c11196a5ce3042bb36cf225610a410f7f68b5e3b643e669afecade9ea78f75

Download Submit
C:\Windows\system\dRnBPYT.exe

Filesize
6.0MB

MD5
67014aa2b6f92fe75182abe1374c42c8

SHA1
9102ddd3aab776faed2325e5a297b75d15ff033a

SHA256
0bc0948ac6a9942f079915496beeea24ea63d7ca3e866e3ed7e50e7dd5e53dae

SHA512
25a2456b01fdb4ad9a65de2dabfb9d0dad370fd2a8351daea65c8e92507aa489dbd0ecfe348cbaaa6ad758deb74a6ad5515630f6323cd790bfea8a3d801f2ebd

Download Submit
C:\Windows\system\fXMIqef.exe

Filesize
6.0MB

MD5
52fea188da526e2d584a715fe7cd16f5

SHA1
ed0023e60733baa1ab04236ae8c170dc09543ef1

SHA256
b06a7eaa47b394662292b7ec26dac4d3ca565df44a5d4cb8d9e136612dfdd77d

SHA512
f5636a9e314884e4c5ff9f5e849d9594f0d66471c7bc15960cdb67ccf9c0a0bd68a27fca28b5109a0ef347e9d0dfa14f9470760acad7351ef2e9f102743e1bf6

Download Submit
C:\Windows\system\ffOcGdg.exe

Filesize
6.0MB

MD5
c80ced25d122c0925cbfea4fd5ed8741

SHA1
61140c766f3004b81afee71a0f3c834a640eb0c0

SHA256
50eb69d6bb091704fd7a7fcc1f13ef72d5c68f9da851f1f9cdc0f1aa64ac8b7d

SHA512
e314451f8915efceb3bde27c38e71a9408e213211c863a11ed3c289c37e8ed51ad7676a729d2c3957656c5de8090fd253906a29c3bead5de058353ffca91700b

Download Submit
C:\Windows\system\jHKsmgL.exe

Filesize
6.0MB

MD5
a8aef9f44b868b1f7143139503c00680

SHA1
f2cd872290e368a720338c0347bfecc99d6331d8

SHA256
e36b0715d65ff82639858ca12fc2767f5d0277580580f12f848b604ddfad0489

SHA512
4a567c744d8448982907f1944426033b9d00fa5b1583292924e9a8631e8d1c86bae79bef84bc764a17713ee17b31380e6fbba14b4340a41fb6f73c93b84a6e7d

Download Submit
C:\Windows\system\jWESWkm.exe

Filesize
6.0MB

MD5
ff8ae21d6a3a17b10610c803b058fa28

SHA1
2b292d57a2070f96ca6e5eda9be8f98dc596ec21

SHA256
36b3698f7a6aaf27f78a235fe522ed1fdde65dc1898a76d07d7d997e42db64da

SHA512
2f81988a861bbfe56d6b54ef243ca790dc8c56e49cc01e35ee09d4601ae703a5813641ee717ffec33f11dcf15f89e8b04f4df53b0adbe36bbcacf00984bbf3c6

Download Submit
C:\Windows\system\lTywYaJ.exe

Filesize
6.0MB

MD5
da7f4b5f782b367f4c741eb15b32ff3a

SHA1
a8dbb798b918fcdb7eed317024e49b6a7e1bda2c

SHA256
201446a900af9f8fc9e73d032f5f59c3bd7a7d281b1374e8dba28c1be311a200

SHA512
04ccef65de82b60fc799fa5363096edfe0e01eb2a524f2112f8d9c8bb451610eef760c68f927cdf8e32ed34bd1a23c92419b015f639a27025cacc1e19e494e6a

Download Submit
C:\Windows\system\sDIagzw.exe

Filesize
6.0MB

MD5
95a23fd6b7e7ee0da5f4e3f68a442007

SHA1
7aad2ddafaf45d3ad4f264dc854d01520e25ed0e

SHA256
1c7feb5920e5f895b27edbb4e9fdab6d7fa5ebb38060bb0125894bfc723ec3c9

SHA512
75130ae781256bc42211817de7ac4a2f3a17301bca881f081fca9c189d5ed284566279a2d48fed65d8e996778c47d00a08a2e42ccc5feb4aab394e62d0b46cc2

Download Submit
C:\Windows\system\ufNBQOP.exe

Filesize
6.0MB

MD5
d7a09dafe43186b9db158b18ca0d2948

SHA1
e2874c4fdf59cb3b1bdd361e400d36ce9f47282e

SHA256
1e2887c3071abc978303645f0c866db3498069a6ae6dff2d343382c1e86667f5

SHA512
912ee8586adcfdfe884a5d8199235903f09a835d6b47056615c388d0cc2db18d713e27e90c87701d58c64927a0b51ae58d8151c88be9dcb16b3465830d1059a1

Download Submit
C:\Windows\system\wTwfGnb.exe

Filesize
6.0MB

MD5
763ea981f98405b47edf63d011e75973

SHA1
92698c3cb05cba37edf99ddab8f8bffb971217e7

SHA256
204c36f5ab3054bac5ff0d1f7de48516c3089270079b9bc289f8a278febe0eb3

SHA512
48272048f9469aa584c62d336afb184ac4d44f8db35a8a70465dcc0cc7102bb397edc84bd4686797cdb596ad192443914552779de52bf87aee12fa4f918d1484

Download Submit
C:\Windows\system\zuLHVVV.exe

Filesize
6.0MB

MD5
60438d36435aa014d2ae728955af069d

SHA1
35f98d7f9db8bc48ad37368e82a097d3e1e56e00

SHA256
56d36b264912904448326af3c6c971f790090d200bbf6a35471d50a258c5b211

SHA512
9eb3a6bd176cfb55809f94d968523d236461872f598932a071638edcfca23298d80d6740827a62517ceb2e1e1d1dc1011a79d540c6ca8e65b9071e3dd8276029

Download Submit
\Windows\system\VUOoMUj.exe

Filesize
6.0MB

MD5
d283bb3b771a2d4f3b76a2c24419d09c

SHA1
3c9f91b208ef8781a637841471f42405053b81ea

SHA256
7e69caf7c007fc497af9a0e5b9e04f910c0e1f1fbf2101fa12d9ecc4e685990e

SHA512
d82c675fb3eae60068d171fceb58c605428c18da8335b61ef37408777d44b2b1651b10bc584466657507268de7891934790e2f51444884b6102f102fc7efea1f

Download Submit
\Windows\system\XxigYyV.exe

Filesize
6.0MB

MD5
cf5783b802cf5ccb2b1d4ecc25c9617c

SHA1
86240e5b20fa33ae949e7d6165ba21d87c6d90bb

SHA256
7bb11166b40e4cde6527157850e5d50243d90530e2fc9ae8c8c5938cba9c2ecd

SHA512
fe323ec47cb1f0bfb17a555dc8d50a7c98ed112b768438c572ae4ac8acba156043e66d0c7673e86b372f20751cd98d62129cdc905ea2cce84a1aa545f847365f

Download Submit
\Windows\system\akIvuVh.exe

Filesize
6.0MB

MD5
83359641ce0228068dd8b86b7dd3aa6a

SHA1
18e7584a2b0942bb57dc7f8127b4b7106591e27f

SHA256
0b62c92753183a50d2fd0afb7ad75fc8b9315e7b35c9732611efb075c10c0d83

SHA512
bf4086b060a4813bebf726ca12328f6efd51df854c0e31e480923668e35ad28aecdfbea5d5c16eea56e29895c6fce7ede5a6dee28628e5e174867f358e652c5f

Download Submit
\Windows\system\nSMHapG.exe

Filesize
6.0MB

MD5
17810a47252aeb1a2df423c67fab02ab

SHA1
75d47da9eccddc9003b4caa5f18d44cd87d2a92b

SHA256
7a79a626e0f43c62c91031d726f9d6d4377356cf5c3f62b16655b6baa36b3c73

SHA512
2daf93703d0bb254554059915a13e8fd1a9b880dd891cd6c151e2b85fdc82e0cb0c7a595a6bea0852bd23ec80effced67e4ab4a92ec962707677f05cf13aa1c4

Download Submit
\Windows\system\pXUDjPZ.exe

Filesize
6.0MB

MD5
024ee3a60f3e18ca78853239ea6a943a

SHA1
22e11be8a627b2299449b63c95b1b09695f85ce3

SHA256
b9b0c67f860cf2c47af52c34f1d0b32036271ab6f524936b2224652603b55339

SHA512
c12d9b9a200c058dcee3630e38b720c125dead0fa07052e8b55e3ca4ca93d716c38e8dabcc458275175f7028b6dcfd96c4efd08821bab31835c00289d7848228

Download Submit
\Windows\system\qGgaYZX.exe

Filesize
6.0MB

MD5
748e9072f5944f2101e217bf66224f2c

SHA1
6e2f831a5b9b0f139458dcd076f5ed1c0a6d448d

SHA256
ba28854bb57633b4d4d04888a17eb23862fb3801c52350febda74408050637f2

SHA512
abc53e8f701b535a17a00b7b6eb8fb1cb38866a77bbdfc034989484ac1a8f0e8cbbaed1b0ee47d43e75a112d1c29a22b6a2bf3a89bb87ee153b787249c875d24

Download Submit
\Windows\system\vOPwear.exe

Filesize
6.0MB

MD5
da925f38dc1c3ce77959c324db79d16f

SHA1
caaed6f7d1bb96f91b2d90a90a7a2768741a3ac5

SHA256
e45f357bb02eec58dff9d68afa62a53263a08a366a31c481fc89cfeffff5c8bb

SHA512
e899542920ee4c9ca545a68286ddae2ca31542207c85335644499f75c3f500fae2789da50c33c8d714c29d20248a0760cef3f520c96273949158fee3b726daaf

Download Submit
\Windows\system\ziXRcqf.exe

Filesize
6.0MB

MD5
0a0564efe4c112d89221d28f40cace1d

SHA1
ff8876274e1170f2ed3cdb0a05c7917dce08e578

SHA256
40c8542f4d05bed30a221dd1334337491694b5f54e351340ace2bd19305600af

SHA512
1a169eb58a3020cf5abe514d7d60bac9b61bf34e3ec344c5ebc6e0857f4c27e47876a199bb1446b8b690d6996865822d7c97b6d28bd521bf3b55232fae436dd3

Download Submit
memory/1656-611-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/1656-4053-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/1952-4045-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1952-66-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1952-28-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2000-601-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2000-4054-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2044-4042-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2044-13-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2044-51-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2384-663-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2384-61-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2384-593-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2384-606-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2384-44-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2384-972-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2384-2167-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2384-2169-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2384-2168-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-2166-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2384-74-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-667-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2384-78-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2384-603-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-598-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2384-0-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2384-21-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2384-20-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2384-69-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2384-26-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2384-30-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-4055-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-605-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-22-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2460-4044-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2560-1344-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2560-72-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2560-4051-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2588-4050-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2588-64-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2592-81-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2592-4052-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2688-71-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-37-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-4047-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-4049-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2812-57-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2848-42-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-4046-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-4048-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2852-54-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2908-17-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-55-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download