cobaltstrike | 8ed1f4a66a6ce9f300169c8e4127460d77fe381ed7a0ed40da38aefad2481fb8

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/01/2025, 06:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

43119984314c4019e2672a5c97f54395
SHA1

0fb7e84b184a6a4d9d7c69256a2acc741acf214d
SHA256

8ed1f4a66a6ce9f300169c8e4127460d77fe381ed7a0ed40da38aefad2481fb8
SHA512

f11e775808cc57e1e4436cdecf384adcfb4808d4b24bbc4080b2b25e34655da1bf00a755ccd2aaaef571a2adce78e2a9798ca1c22e7b5552b6b3acedaff6154b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUp:T+q56utgpPF8u/7p

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012101-6.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001739b-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017474-38.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000174bf-54.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001925d-53.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017481-46.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001746c-30.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173b2-22.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173ee-19.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193ec-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941a-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d9-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019399-159.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194bd-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960e-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f3-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019537-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019436-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019417-119.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d4-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-89.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016e73-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c8-107.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b7-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938b-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019280-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-65.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2484-0-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x0007000000012101-6.dat	xmrig
behavioral1/files/0x000800000001739b-12.dat	xmrig
behavioral1/memory/2396-17-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/1952-31-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/files/0x0007000000017474-38.dat	xmrig
behavioral1/memory/2804-40-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2484-50-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x00090000000174bf-54.dat	xmrig
behavioral1/files/0x000600000001925d-53.dat	xmrig
behavioral1/memory/2752-47-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x0007000000017481-46.dat	xmrig
behavioral1/memory/2484-37-0x0000000002470000-0x00000000027C4000-memory.dmp	xmrig
behavioral1/memory/2964-36-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/files/0x000700000001746c-30.dat	xmrig
behavioral1/memory/2948-29-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/files/0x00080000000173b2-22.dat	xmrig
behavioral1/files/0x00080000000173ee-19.dat	xmrig
behavioral1/files/0x0005000000019278-70.dat	xmrig
behavioral1/files/0x00050000000193ec-108.dat	xmrig
behavioral1/memory/2656-117-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x000500000001941a-124.dat	xmrig
behavioral1/memory/2592-142-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x00050000000195d9-158.dat	xmrig
behavioral1/files/0x0005000000019399-159.dat	xmrig
behavioral1/files/0x00050000000194bd-170.dat	xmrig
behavioral1/files/0x000500000001960d-183.dat	xmrig
behavioral1/memory/2804-662-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2484-1029-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2484-1028-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2484-1037-0x0000000002470000-0x00000000027C4000-memory.dmp	xmrig
behavioral1/memory/2972-911-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2752-906-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/1952-370-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/files/0x000500000001960e-187.dat	xmrig
behavioral1/files/0x000500000001960c-178.dat	xmrig
behavioral1/files/0x000500000001960a-154.dat	xmrig
behavioral1/memory/2484-146-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194f3-145.dat	xmrig
behavioral1/files/0x0005000000019441-144.dat	xmrig
behavioral1/files/0x0005000000019537-143.dat	xmrig
behavioral1/files/0x0005000000019436-128.dat	xmrig
behavioral1/files/0x0005000000019417-119.dat	xmrig
behavioral1/files/0x00050000000193d4-96.dat	xmrig
behavioral1/files/0x00050000000193c1-89.dat	xmrig
behavioral1/memory/2844-135-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016e73-77.dat	xmrig
behavioral1/memory/2820-116-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2948-109-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c8-107.dat	xmrig
behavioral1/files/0x00050000000193b7-106.dat	xmrig
behavioral1/files/0x000500000001938b-105.dat	xmrig
behavioral1/files/0x0005000000019280-81.dat	xmrig
behavioral1/memory/2484-66-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019263-65.dat	xmrig
behavioral1/memory/2972-61-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2484-57-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2368-14-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2368-4001-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2396-4002-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2948-4004-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2964-4003-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/1952-4005-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2804-4006-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2368	JhGkgQp.exe
2396	vjvnOER.exe
2964	tJCoXcP.exe
2948	cOkOOHL.exe
1952	sIBmZZb.exe
2804	Pddumvr.exe
2752	HLZTqeJ.exe
2972	MUgCSfL.exe
2844	YipnMeS.exe
2592	ACYSdNl.exe
2820	oVjVfTy.exe
2656	DuFvtys.exe
2768	JmVfHLG.exe
1668	TOGtMIL.exe
1100	PhaHndg.exe
952	kkilgeD.exe
1384	LPtqiWp.exe
1696	YwuVYuu.exe
2952	dgxUvJA.exe
2116	nrKpiiz.exe
1448	pxDKQVM.exe
684	feJCKRa.exe
2936	kWrlZGR.exe
1892	BRNjfyG.exe
588	XQcFvCW.exe
2416	vjzJjFn.exe
1648	OqulbtD.exe
2312	QZPGJAX.exe
1724	lFpfWcJ.exe
2512	qgMPgLB.exe
1140	AgSiMIJ.exe
2992	JIHmgLQ.exe
1336	UiEwOhO.exe
1972	AeypPEn.exe
1792	zjgbaHO.exe
904	YcykUjT.exe
1880	nYXbfNs.exe
316	QGixoLt.exe
2316	BlcdZMp.exe
1540	xLDOcXf.exe
796	FWLiErU.exe
2020	cQvXeCi.exe
2412	mCXzkBt.exe
3024	gNChuBG.exe
2968	vjPnwaO.exe
3012	bernJis.exe
288	tRRpexd.exe
1036	eoXNlXN.exe
1856	yrdoQYe.exe
2668	KwpYQaJ.exe
1040	NVMVuVZ.exe
2300	uOfwuZJ.exe
1688	RlmautI.exe
2548	MlSeCzg.exe
1716	TdIueJl.exe
1604	LcEhgrw.exe
2128	mMXilyh.exe
2692	FGyMQnb.exe
2200	sZCPThP.exe
2336	EInRTbg.exe
2156	eTTBLLf.exe
2832	LkYgJgQ.exe
3052	UjVwwxn.exe
2788	aTAxLDf.exe

Loads dropped DLL 64 IoCs

pid	Process
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2484-0-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x0007000000012101-6.dat	upx
behavioral1/files/0x000800000001739b-12.dat	upx
behavioral1/memory/2396-17-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/1952-31-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/files/0x0007000000017474-38.dat	upx
behavioral1/memory/2804-40-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2484-50-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x00090000000174bf-54.dat	upx
behavioral1/files/0x000600000001925d-53.dat	upx
behavioral1/memory/2752-47-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x0007000000017481-46.dat	upx
behavioral1/memory/2964-36-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/files/0x000700000001746c-30.dat	upx
behavioral1/memory/2948-29-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/files/0x00080000000173b2-22.dat	upx
behavioral1/files/0x00080000000173ee-19.dat	upx
behavioral1/files/0x0005000000019278-70.dat	upx
behavioral1/files/0x00050000000193ec-108.dat	upx
behavioral1/memory/2656-117-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x000500000001941a-124.dat	upx
behavioral1/memory/2592-142-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x00050000000195d9-158.dat	upx
behavioral1/files/0x0005000000019399-159.dat	upx
behavioral1/files/0x00050000000194bd-170.dat	upx
behavioral1/files/0x000500000001960d-183.dat	upx
behavioral1/memory/2804-662-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2972-911-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2752-906-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/1952-370-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/files/0x000500000001960e-187.dat	upx
behavioral1/files/0x000500000001960c-178.dat	upx
behavioral1/files/0x000500000001960a-154.dat	upx
behavioral1/files/0x00050000000194f3-145.dat	upx
behavioral1/files/0x0005000000019441-144.dat	upx
behavioral1/files/0x0005000000019537-143.dat	upx
behavioral1/files/0x0005000000019436-128.dat	upx
behavioral1/files/0x0005000000019417-119.dat	upx
behavioral1/files/0x00050000000193d4-96.dat	upx
behavioral1/files/0x00050000000193c1-89.dat	upx
behavioral1/memory/2844-135-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/files/0x0009000000016e73-77.dat	upx
behavioral1/memory/2820-116-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2948-109-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/files/0x00050000000193c8-107.dat	upx
behavioral1/files/0x00050000000193b7-106.dat	upx
behavioral1/files/0x000500000001938b-105.dat	upx
behavioral1/files/0x0005000000019280-81.dat	upx
behavioral1/files/0x0005000000019263-65.dat	upx
behavioral1/memory/2972-61-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2368-14-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2368-4001-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2396-4002-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2948-4004-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2964-4003-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/1952-4005-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2804-4006-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2752-4007-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2592-4008-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2844-4009-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2972-4010-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2656-4011-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2820-4012-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rPXxBeZ.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NvZbRhG.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWJfjeO.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YouxgfD.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ckEisLf.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjvnOER.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qfxAwIJ.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YipnMeS.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpGVEys.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lXkYpxh.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\scFcAiy.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WCmwRQd.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ibvOnnn.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CdBqrBX.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rrQtBBF.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fjhmuKe.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ihQdOdL.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pvBCIeC.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vruKfyx.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMaEpkZ.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pcFkZRB.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OSTKTTS.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vNfvfDn.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ktAfpEd.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FLaiQpT.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VDxhQYC.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lHgSGwy.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zkGEQfJ.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRwpBdG.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVbhBcl.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OTyPrKE.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HdxDVwO.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lhRnJGm.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zetFaxH.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YRTIYGr.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUTiaPJ.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVBHcTF.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BWorUXc.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tXhGuDi.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bfOfVEu.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HbevqdI.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXrxWYx.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yaYskFG.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LPtqiWp.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\odmMXtF.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dHpMhmK.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WCZzFvo.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cNVLaaN.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zRKtBJm.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zUOPUwp.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kCBnfQG.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pQTtPwJ.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ixLLVFZ.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LglojGi.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DldlinH.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GETRYTD.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GmBMwvn.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YVdNfsh.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mfkxwii.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hjsvtKw.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GZKYbPv.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQDyamT.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oHlwqqf.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZFJohuF.exe	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 2368	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2484 wrote to memory of 2368	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2484 wrote to memory of 2368	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2484 wrote to memory of 2396	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2484 wrote to memory of 2396	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2484 wrote to memory of 2396	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2484 wrote to memory of 2964	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2484 wrote to memory of 2964	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2484 wrote to memory of 2964	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2484 wrote to memory of 2948	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2484 wrote to memory of 2948	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2484 wrote to memory of 2948	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2484 wrote to memory of 1952	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2484 wrote to memory of 1952	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2484 wrote to memory of 1952	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2484 wrote to memory of 2804	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2484 wrote to memory of 2804	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2484 wrote to memory of 2804	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2484 wrote to memory of 2752	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2484 wrote to memory of 2752	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2484 wrote to memory of 2752	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2484 wrote to memory of 2972	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2484 wrote to memory of 2972	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2484 wrote to memory of 2972	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2484 wrote to memory of 2844	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2484 wrote to memory of 2844	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2484 wrote to memory of 2844	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2484 wrote to memory of 2820	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2484 wrote to memory of 2820	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2484 wrote to memory of 2820	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2484 wrote to memory of 2592	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2484 wrote to memory of 2592	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2484 wrote to memory of 2592	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2484 wrote to memory of 2768	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2484 wrote to memory of 2768	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2484 wrote to memory of 2768	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2484 wrote to memory of 2656	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2484 wrote to memory of 2656	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2484 wrote to memory of 2656	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2484 wrote to memory of 1668	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2484 wrote to memory of 1668	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2484 wrote to memory of 1668	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2484 wrote to memory of 684	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2484 wrote to memory of 684	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2484 wrote to memory of 684	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2484 wrote to memory of 1100	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2484 wrote to memory of 1100	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2484 wrote to memory of 1100	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2484 wrote to memory of 2936	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2484 wrote to memory of 2936	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2484 wrote to memory of 2936	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2484 wrote to memory of 952	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2484 wrote to memory of 952	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2484 wrote to memory of 952	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2484 wrote to memory of 1892	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2484 wrote to memory of 1892	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2484 wrote to memory of 1892	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2484 wrote to memory of 1384	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2484 wrote to memory of 1384	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2484 wrote to memory of 1384	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2484 wrote to memory of 588	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2484 wrote to memory of 588	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2484 wrote to memory of 588	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2484 wrote to memory of 1696	2484	2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_43119984314c4019e2672a5c97f54395_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Windows\System\JhGkgQp.exe
  C:\Windows\System\JhGkgQp.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\vjvnOER.exe
  C:\Windows\System\vjvnOER.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\tJCoXcP.exe
  C:\Windows\System\tJCoXcP.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\cOkOOHL.exe
  C:\Windows\System\cOkOOHL.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\sIBmZZb.exe
  C:\Windows\System\sIBmZZb.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\Pddumvr.exe
  C:\Windows\System\Pddumvr.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\HLZTqeJ.exe
  C:\Windows\System\HLZTqeJ.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\MUgCSfL.exe
  C:\Windows\System\MUgCSfL.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\YipnMeS.exe
  C:\Windows\System\YipnMeS.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\oVjVfTy.exe
  C:\Windows\System\oVjVfTy.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\ACYSdNl.exe
  C:\Windows\System\ACYSdNl.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\JmVfHLG.exe
  C:\Windows\System\JmVfHLG.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\DuFvtys.exe
  C:\Windows\System\DuFvtys.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\TOGtMIL.exe
  C:\Windows\System\TOGtMIL.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\feJCKRa.exe
  C:\Windows\System\feJCKRa.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\PhaHndg.exe
  C:\Windows\System\PhaHndg.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\kWrlZGR.exe
  C:\Windows\System\kWrlZGR.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\kkilgeD.exe
  C:\Windows\System\kkilgeD.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\BRNjfyG.exe
  C:\Windows\System\BRNjfyG.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\LPtqiWp.exe
  C:\Windows\System\LPtqiWp.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\XQcFvCW.exe
  C:\Windows\System\XQcFvCW.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\YwuVYuu.exe
  C:\Windows\System\YwuVYuu.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\vjzJjFn.exe
  C:\Windows\System\vjzJjFn.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\dgxUvJA.exe
  C:\Windows\System\dgxUvJA.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\OqulbtD.exe
  C:\Windows\System\OqulbtD.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\nrKpiiz.exe
  C:\Windows\System\nrKpiiz.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\QZPGJAX.exe
  C:\Windows\System\QZPGJAX.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\pxDKQVM.exe
  C:\Windows\System\pxDKQVM.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\lFpfWcJ.exe
  C:\Windows\System\lFpfWcJ.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\qgMPgLB.exe
  C:\Windows\System\qgMPgLB.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\AgSiMIJ.exe
  C:\Windows\System\AgSiMIJ.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\JIHmgLQ.exe
  C:\Windows\System\JIHmgLQ.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\UiEwOhO.exe
  C:\Windows\System\UiEwOhO.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\AeypPEn.exe
  C:\Windows\System\AeypPEn.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\zjgbaHO.exe
  C:\Windows\System\zjgbaHO.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\YcykUjT.exe
  C:\Windows\System\YcykUjT.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\nYXbfNs.exe
  C:\Windows\System\nYXbfNs.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\QGixoLt.exe
  C:\Windows\System\QGixoLt.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\BlcdZMp.exe
  C:\Windows\System\BlcdZMp.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\xLDOcXf.exe
  C:\Windows\System\xLDOcXf.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\FWLiErU.exe
  C:\Windows\System\FWLiErU.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\cQvXeCi.exe
  C:\Windows\System\cQvXeCi.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\mCXzkBt.exe
  C:\Windows\System\mCXzkBt.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\gNChuBG.exe
  C:\Windows\System\gNChuBG.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\vjPnwaO.exe
  C:\Windows\System\vjPnwaO.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\bernJis.exe
  C:\Windows\System\bernJis.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\tRRpexd.exe
  C:\Windows\System\tRRpexd.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\eoXNlXN.exe
  C:\Windows\System\eoXNlXN.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\yrdoQYe.exe
  C:\Windows\System\yrdoQYe.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\KwpYQaJ.exe
  C:\Windows\System\KwpYQaJ.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\NVMVuVZ.exe
  C:\Windows\System\NVMVuVZ.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\uOfwuZJ.exe
  C:\Windows\System\uOfwuZJ.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\RlmautI.exe
  C:\Windows\System\RlmautI.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\MlSeCzg.exe
  C:\Windows\System\MlSeCzg.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\TdIueJl.exe
  C:\Windows\System\TdIueJl.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\LcEhgrw.exe
  C:\Windows\System\LcEhgrw.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\mMXilyh.exe
  C:\Windows\System\mMXilyh.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\FGyMQnb.exe
  C:\Windows\System\FGyMQnb.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\sZCPThP.exe
  C:\Windows\System\sZCPThP.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\EInRTbg.exe
  C:\Windows\System\EInRTbg.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\eTTBLLf.exe
  C:\Windows\System\eTTBLLf.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\LkYgJgQ.exe
  C:\Windows\System\LkYgJgQ.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\UjVwwxn.exe
  C:\Windows\System\UjVwwxn.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\aTAxLDf.exe
  C:\Windows\System\aTAxLDf.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\dtCvGPM.exe
  C:\Windows\System\dtCvGPM.exe
  2⤵
  PID:1316
- C:\Windows\System\kCBnfQG.exe
  C:\Windows\System\kCBnfQG.exe
  2⤵
  PID:2956
- C:\Windows\System\EAuvhYB.exe
  C:\Windows\System\EAuvhYB.exe
  2⤵
  PID:2672
- C:\Windows\System\nXnUcDi.exe
  C:\Windows\System\nXnUcDi.exe
  2⤵
  PID:2224
- C:\Windows\System\AETevfk.exe
  C:\Windows\System\AETevfk.exe
  2⤵
  PID:636
- C:\Windows\System\rVLWwms.exe
  C:\Windows\System\rVLWwms.exe
  2⤵
  PID:696
- C:\Windows\System\oHlwqqf.exe
  C:\Windows\System\oHlwqqf.exe
  2⤵
  PID:1824
- C:\Windows\System\LEjQHHp.exe
  C:\Windows\System\LEjQHHp.exe
  2⤵
  PID:440
- C:\Windows\System\RBNBpZQ.exe
  C:\Windows\System\RBNBpZQ.exe
  2⤵
  PID:1500
- C:\Windows\System\skHvNdf.exe
  C:\Windows\System\skHvNdf.exe
  2⤵
  PID:1720
- C:\Windows\System\fpuDkmE.exe
  C:\Windows\System\fpuDkmE.exe
  2⤵
  PID:844
- C:\Windows\System\tNZUWLB.exe
  C:\Windows\System\tNZUWLB.exe
  2⤵
  PID:1612
- C:\Windows\System\qMaEpkZ.exe
  C:\Windows\System\qMaEpkZ.exe
  2⤵
  PID:2136
- C:\Windows\System\fMNAPea.exe
  C:\Windows\System\fMNAPea.exe
  2⤵
  PID:1760
- C:\Windows\System\zbaQjXC.exe
  C:\Windows\System\zbaQjXC.exe
  2⤵
  PID:1756
- C:\Windows\System\MfUQAYB.exe
  C:\Windows\System\MfUQAYB.exe
  2⤵
  PID:1556
- C:\Windows\System\gYwiTBh.exe
  C:\Windows\System\gYwiTBh.exe
  2⤵
  PID:1840
- C:\Windows\System\pfBKeyJ.exe
  C:\Windows\System\pfBKeyJ.exe
  2⤵
  PID:692
- C:\Windows\System\qrpJLYr.exe
  C:\Windows\System\qrpJLYr.exe
  2⤵
  PID:3016
- C:\Windows\System\yFqheZD.exe
  C:\Windows\System\yFqheZD.exe
  2⤵
  PID:2216
- C:\Windows\System\afdJoPz.exe
  C:\Windows\System\afdJoPz.exe
  2⤵
  PID:1704
- C:\Windows\System\bSkPNiY.exe
  C:\Windows\System\bSkPNiY.exe
  2⤵
  PID:1028
- C:\Windows\System\JGQZoXw.exe
  C:\Windows\System\JGQZoXw.exe
  2⤵
  PID:2532
- C:\Windows\System\IAOrIQI.exe
  C:\Windows\System\IAOrIQI.exe
  2⤵
  PID:900
- C:\Windows\System\TcnThST.exe
  C:\Windows\System\TcnThST.exe
  2⤵
  PID:1712
- C:\Windows\System\gAxmZYy.exe
  C:\Windows\System\gAxmZYy.exe
  2⤵
  PID:2564
- C:\Windows\System\AqWZqhd.exe
  C:\Windows\System\AqWZqhd.exe
  2⤵
  PID:2428
- C:\Windows\System\uYkjfvd.exe
  C:\Windows\System\uYkjfvd.exe
  2⤵
  PID:2976
- C:\Windows\System\MTzlOKL.exe
  C:\Windows\System\MTzlOKL.exe
  2⤵
  PID:3044
- C:\Windows\System\StVVwPK.exe
  C:\Windows\System\StVVwPK.exe
  2⤵
  PID:2504
- C:\Windows\System\rTLzsXa.exe
  C:\Windows\System\rTLzsXa.exe
  2⤵
  PID:1900
- C:\Windows\System\YNJPEMW.exe
  C:\Windows\System\YNJPEMW.exe
  2⤵
  PID:2720
- C:\Windows\System\ktAfpEd.exe
  C:\Windows\System\ktAfpEd.exe
  2⤵
  PID:2124
- C:\Windows\System\XBbeulV.exe
  C:\Windows\System\XBbeulV.exe
  2⤵
  PID:2924
- C:\Windows\System\jigfuct.exe
  C:\Windows\System\jigfuct.exe
  2⤵
  PID:1268
- C:\Windows\System\zgPmkXt.exe
  C:\Windows\System\zgPmkXt.exe
  2⤵
  PID:2084
- C:\Windows\System\zGuBimL.exe
  C:\Windows\System\zGuBimL.exe
  2⤵
  PID:2352
- C:\Windows\System\IFOxaSq.exe
  C:\Windows\System\IFOxaSq.exe
  2⤵
  PID:1628
- C:\Windows\System\dZlLpax.exe
  C:\Windows\System\dZlLpax.exe
  2⤵
  PID:2068
- C:\Windows\System\pziULQi.exe
  C:\Windows\System\pziULQi.exe
  2⤵
  PID:1156
- C:\Windows\System\IaTGcAQ.exe
  C:\Windows\System\IaTGcAQ.exe
  2⤵
  PID:3036
- C:\Windows\System\ENdpNTW.exe
  C:\Windows\System\ENdpNTW.exe
  2⤵
  PID:2468
- C:\Windows\System\FLaiQpT.exe
  C:\Windows\System\FLaiQpT.exe
  2⤵
  PID:1608
- C:\Windows\System\zNOoMTL.exe
  C:\Windows\System\zNOoMTL.exe
  2⤵
  PID:2240
- C:\Windows\System\AZgFRhc.exe
  C:\Windows\System\AZgFRhc.exe
  2⤵
  PID:1796
- C:\Windows\System\ptrnUbI.exe
  C:\Windows\System\ptrnUbI.exe
  2⤵
  PID:2320
- C:\Windows\System\ydlCsfR.exe
  C:\Windows\System\ydlCsfR.exe
  2⤵
  PID:576
- C:\Windows\System\izycDVB.exe
  C:\Windows\System\izycDVB.exe
  2⤵
  PID:1440
- C:\Windows\System\GIIxvgS.exe
  C:\Windows\System\GIIxvgS.exe
  2⤵
  PID:2060
- C:\Windows\System\ZcimIuM.exe
  C:\Windows\System\ZcimIuM.exe
  2⤵
  PID:2280
- C:\Windows\System\HsPIYkc.exe
  C:\Windows\System\HsPIYkc.exe
  2⤵
  PID:1496
- C:\Windows\System\ibvOnnn.exe
  C:\Windows\System\ibvOnnn.exe
  2⤵
  PID:404
- C:\Windows\System\zSlZjIE.exe
  C:\Windows\System\zSlZjIE.exe
  2⤵
  PID:1884
- C:\Windows\System\znDkVHd.exe
  C:\Windows\System\znDkVHd.exe
  2⤵
  PID:892
- C:\Windows\System\rteEyZX.exe
  C:\Windows\System\rteEyZX.exe
  2⤵
  PID:3040
- C:\Windows\System\zgEoDXw.exe
  C:\Windows\System\zgEoDXw.exe
  2⤵
  PID:2388
- C:\Windows\System\hHlxOFT.exe
  C:\Windows\System\hHlxOFT.exe
  2⤵
  PID:2732
- C:\Windows\System\FlabgIR.exe
  C:\Windows\System\FlabgIR.exe
  2⤵
  PID:2244
- C:\Windows\System\nADNkCc.exe
  C:\Windows\System\nADNkCc.exe
  2⤵
  PID:2660
- C:\Windows\System\KQZzmrz.exe
  C:\Windows\System\KQZzmrz.exe
  2⤵
  PID:2292
- C:\Windows\System\zmZMZte.exe
  C:\Windows\System\zmZMZte.exe
  2⤵
  PID:2580
- C:\Windows\System\xvZLQiS.exe
  C:\Windows\System\xvZLQiS.exe
  2⤵
  PID:2036
- C:\Windows\System\UlNcuNU.exe
  C:\Windows\System\UlNcuNU.exe
  2⤵
  PID:2220
- C:\Windows\System\kqoxsTT.exe
  C:\Windows\System\kqoxsTT.exe
  2⤵
  PID:1740
- C:\Windows\System\qOdlLxW.exe
  C:\Windows\System\qOdlLxW.exe
  2⤵
  PID:2616
- C:\Windows\System\ZFJohuF.exe
  C:\Windows\System\ZFJohuF.exe
  2⤵
  PID:3084
- C:\Windows\System\uMennah.exe
  C:\Windows\System\uMennah.exe
  2⤵
  PID:3104
- C:\Windows\System\FeIiyvY.exe
  C:\Windows\System\FeIiyvY.exe
  2⤵
  PID:3120
- C:\Windows\System\nfQQSjq.exe
  C:\Windows\System\nfQQSjq.exe
  2⤵
  PID:3144
- C:\Windows\System\EbJVYJM.exe
  C:\Windows\System\EbJVYJM.exe
  2⤵
  PID:3160
- C:\Windows\System\yIrwBmW.exe
  C:\Windows\System\yIrwBmW.exe
  2⤵
  PID:3184
- C:\Windows\System\kTKGJdx.exe
  C:\Windows\System\kTKGJdx.exe
  2⤵
  PID:3200
- C:\Windows\System\WNqqksa.exe
  C:\Windows\System\WNqqksa.exe
  2⤵
  PID:3220
- C:\Windows\System\jPrfAIO.exe
  C:\Windows\System\jPrfAIO.exe
  2⤵
  PID:3240
- C:\Windows\System\BoKBRqx.exe
  C:\Windows\System\BoKBRqx.exe
  2⤵
  PID:3264
- C:\Windows\System\WeGMXao.exe
  C:\Windows\System\WeGMXao.exe
  2⤵
  PID:3284
- C:\Windows\System\QWHGxcf.exe
  C:\Windows\System\QWHGxcf.exe
  2⤵
  PID:3304
- C:\Windows\System\OFiplIY.exe
  C:\Windows\System\OFiplIY.exe
  2⤵
  PID:3324
- C:\Windows\System\waphGhS.exe
  C:\Windows\System\waphGhS.exe
  2⤵
  PID:3344
- C:\Windows\System\rkCSSJb.exe
  C:\Windows\System\rkCSSJb.exe
  2⤵
  PID:3364
- C:\Windows\System\csGLXZZ.exe
  C:\Windows\System\csGLXZZ.exe
  2⤵
  PID:3384
- C:\Windows\System\RTiFgkS.exe
  C:\Windows\System\RTiFgkS.exe
  2⤵
  PID:3404
- C:\Windows\System\JyclPMf.exe
  C:\Windows\System\JyclPMf.exe
  2⤵
  PID:3424
- C:\Windows\System\ikKTBgc.exe
  C:\Windows\System\ikKTBgc.exe
  2⤵
  PID:3444
- C:\Windows\System\UqybaZn.exe
  C:\Windows\System\UqybaZn.exe
  2⤵
  PID:3464
- C:\Windows\System\rPXxBeZ.exe
  C:\Windows\System\rPXxBeZ.exe
  2⤵
  PID:3484
- C:\Windows\System\ELLBkRU.exe
  C:\Windows\System\ELLBkRU.exe
  2⤵
  PID:3504
- C:\Windows\System\VBCSmpJ.exe
  C:\Windows\System\VBCSmpJ.exe
  2⤵
  PID:3528
- C:\Windows\System\EItEBfC.exe
  C:\Windows\System\EItEBfC.exe
  2⤵
  PID:3548
- C:\Windows\System\jZPghFz.exe
  C:\Windows\System\jZPghFz.exe
  2⤵
  PID:3568
- C:\Windows\System\KvZmbpI.exe
  C:\Windows\System\KvZmbpI.exe
  2⤵
  PID:3588
- C:\Windows\System\ShayNoG.exe
  C:\Windows\System\ShayNoG.exe
  2⤵
  PID:3608
- C:\Windows\System\qCJxClz.exe
  C:\Windows\System\qCJxClz.exe
  2⤵
  PID:3628
- C:\Windows\System\VNHGKMO.exe
  C:\Windows\System\VNHGKMO.exe
  2⤵
  PID:3652
- C:\Windows\System\HcaPzSW.exe
  C:\Windows\System\HcaPzSW.exe
  2⤵
  PID:3672
- C:\Windows\System\eKimigp.exe
  C:\Windows\System\eKimigp.exe
  2⤵
  PID:3692
- C:\Windows\System\adRoHHT.exe
  C:\Windows\System\adRoHHT.exe
  2⤵
  PID:3712
- C:\Windows\System\lwoAPBN.exe
  C:\Windows\System\lwoAPBN.exe
  2⤵
  PID:3732
- C:\Windows\System\WagcGTq.exe
  C:\Windows\System\WagcGTq.exe
  2⤵
  PID:3752
- C:\Windows\System\GKLrifn.exe
  C:\Windows\System\GKLrifn.exe
  2⤵
  PID:3772
- C:\Windows\System\KPdVVBR.exe
  C:\Windows\System\KPdVVBR.exe
  2⤵
  PID:3792
- C:\Windows\System\NaIjwxq.exe
  C:\Windows\System\NaIjwxq.exe
  2⤵
  PID:3808
- C:\Windows\System\pQTtPwJ.exe
  C:\Windows\System\pQTtPwJ.exe
  2⤵
  PID:3832
- C:\Windows\System\UudjXLX.exe
  C:\Windows\System\UudjXLX.exe
  2⤵
  PID:3848
- C:\Windows\System\QnxNXRk.exe
  C:\Windows\System\QnxNXRk.exe
  2⤵
  PID:3872
- C:\Windows\System\iqfPMBP.exe
  C:\Windows\System\iqfPMBP.exe
  2⤵
  PID:3888
- C:\Windows\System\GIxnQgj.exe
  C:\Windows\System\GIxnQgj.exe
  2⤵
  PID:3912
- C:\Windows\System\GMUFEpw.exe
  C:\Windows\System\GMUFEpw.exe
  2⤵
  PID:3932
- C:\Windows\System\zThfIij.exe
  C:\Windows\System\zThfIij.exe
  2⤵
  PID:3952
- C:\Windows\System\HvhWdDp.exe
  C:\Windows\System\HvhWdDp.exe
  2⤵
  PID:3972
- C:\Windows\System\nuSThZB.exe
  C:\Windows\System\nuSThZB.exe
  2⤵
  PID:3992
- C:\Windows\System\Juuxuhn.exe
  C:\Windows\System\Juuxuhn.exe
  2⤵
  PID:4012
- C:\Windows\System\abSFEot.exe
  C:\Windows\System\abSFEot.exe
  2⤵
  PID:4032
- C:\Windows\System\qEENMxW.exe
  C:\Windows\System\qEENMxW.exe
  2⤵
  PID:4052
- C:\Windows\System\sGiQHIE.exe
  C:\Windows\System\sGiQHIE.exe
  2⤵
  PID:4072
- C:\Windows\System\aVJITyU.exe
  C:\Windows\System\aVJITyU.exe
  2⤵
  PID:4092
- C:\Windows\System\sTMxCuu.exe
  C:\Windows\System\sTMxCuu.exe
  2⤵
  PID:2144
- C:\Windows\System\LTpSSMm.exe
  C:\Windows\System\LTpSSMm.exe
  2⤵
  PID:296
- C:\Windows\System\DMFlxpt.exe
  C:\Windows\System\DMFlxpt.exe
  2⤵
  PID:1584
- C:\Windows\System\RJDxsiK.exe
  C:\Windows\System\RJDxsiK.exe
  2⤵
  PID:3100
- C:\Windows\System\toIEtYl.exe
  C:\Windows\System\toIEtYl.exe
  2⤵
  PID:3128
- C:\Windows\System\MgmoIjZ.exe
  C:\Windows\System\MgmoIjZ.exe
  2⤵
  PID:3116
- C:\Windows\System\pjwUWEa.exe
  C:\Windows\System\pjwUWEa.exe
  2⤵
  PID:3156
- C:\Windows\System\qGAMvnS.exe
  C:\Windows\System\qGAMvnS.exe
  2⤵
  PID:3196
- C:\Windows\System\OtHIMyn.exe
  C:\Windows\System\OtHIMyn.exe
  2⤵
  PID:3248
- C:\Windows\System\bUUOqpR.exe
  C:\Windows\System\bUUOqpR.exe
  2⤵
  PID:3300
- C:\Windows\System\kBffTMk.exe
  C:\Windows\System\kBffTMk.exe
  2⤵
  PID:3332
- C:\Windows\System\itIeOqZ.exe
  C:\Windows\System\itIeOqZ.exe
  2⤵
  PID:3316
- C:\Windows\System\gCwqKMU.exe
  C:\Windows\System\gCwqKMU.exe
  2⤵
  PID:3376
- C:\Windows\System\nEKjPiu.exe
  C:\Windows\System\nEKjPiu.exe
  2⤵
  PID:3416
- C:\Windows\System\OzqolvH.exe
  C:\Windows\System\OzqolvH.exe
  2⤵
  PID:3456
- C:\Windows\System\dzGeOii.exe
  C:\Windows\System\dzGeOii.exe
  2⤵
  PID:3492
- C:\Windows\System\tudCelP.exe
  C:\Windows\System\tudCelP.exe
  2⤵
  PID:3476
- C:\Windows\System\xzuzLNA.exe
  C:\Windows\System\xzuzLNA.exe
  2⤵
  PID:3524
- C:\Windows\System\VgijKGg.exe
  C:\Windows\System\VgijKGg.exe
  2⤵
  PID:3560
- C:\Windows\System\QPNynZm.exe
  C:\Windows\System\QPNynZm.exe
  2⤵
  PID:3616
- C:\Windows\System\cMlKKzD.exe
  C:\Windows\System\cMlKKzD.exe
  2⤵
  PID:3604
- C:\Windows\System\krDMzWa.exe
  C:\Windows\System\krDMzWa.exe
  2⤵
  PID:3648
- C:\Windows\System\BHzMmjv.exe
  C:\Windows\System\BHzMmjv.exe
  2⤵
  PID:3684
- C:\Windows\System\XKQPnSj.exe
  C:\Windows\System\XKQPnSj.exe
  2⤵
  PID:3720
- C:\Windows\System\FgnRWOT.exe
  C:\Windows\System\FgnRWOT.exe
  2⤵
  PID:3784
- C:\Windows\System\rvcVVnu.exe
  C:\Windows\System\rvcVVnu.exe
  2⤵
  PID:3824
- C:\Windows\System\RCFZwod.exe
  C:\Windows\System\RCFZwod.exe
  2⤵
  PID:3856
- C:\Windows\System\FNjqtko.exe
  C:\Windows\System\FNjqtko.exe
  2⤵
  PID:3804
- C:\Windows\System\tmTfOlk.exe
  C:\Windows\System\tmTfOlk.exe
  2⤵
  PID:3908
- C:\Windows\System\kLLIuzE.exe
  C:\Windows\System\kLLIuzE.exe
  2⤵
  PID:3944
- C:\Windows\System\vpGVEys.exe
  C:\Windows\System\vpGVEys.exe
  2⤵
  PID:3924
- C:\Windows\System\HmmtujZ.exe
  C:\Windows\System\HmmtujZ.exe
  2⤵
  PID:3988
- C:\Windows\System\ExXphSH.exe
  C:\Windows\System\ExXphSH.exe
  2⤵
  PID:4000
- C:\Windows\System\XuEiXXa.exe
  C:\Windows\System\XuEiXXa.exe
  2⤵
  PID:4064
- C:\Windows\System\nHYMynA.exe
  C:\Windows\System\nHYMynA.exe
  2⤵
  PID:4080
- C:\Windows\System\kRJrlhU.exe
  C:\Windows\System\kRJrlhU.exe
  2⤵
  PID:4088
- C:\Windows\System\GqBMbca.exe
  C:\Windows\System\GqBMbca.exe
  2⤵
  PID:2996
- C:\Windows\System\uSQXlnp.exe
  C:\Windows\System\uSQXlnp.exe
  2⤵
  PID:3152
- C:\Windows\System\rcHLZzx.exe
  C:\Windows\System\rcHLZzx.exe
  2⤵
  PID:3112
- C:\Windows\System\osSlWOW.exe
  C:\Windows\System\osSlWOW.exe
  2⤵
  PID:3236
- C:\Windows\System\Ohqxzrt.exe
  C:\Windows\System\Ohqxzrt.exe
  2⤵
  PID:3312
- C:\Windows\System\eTrCbom.exe
  C:\Windows\System\eTrCbom.exe
  2⤵
  PID:3356
- C:\Windows\System\PwfRBiS.exe
  C:\Windows\System\PwfRBiS.exe
  2⤵
  PID:3400
- C:\Windows\System\DHcWomd.exe
  C:\Windows\System\DHcWomd.exe
  2⤵
  PID:3336
- C:\Windows\System\EgTdQmZ.exe
  C:\Windows\System\EgTdQmZ.exe
  2⤵
  PID:3472
- C:\Windows\System\lfwqDyH.exe
  C:\Windows\System\lfwqDyH.exe
  2⤵
  PID:3460
- C:\Windows\System\sNEOHtg.exe
  C:\Windows\System\sNEOHtg.exe
  2⤵
  PID:3620
- C:\Windows\System\OionPeZ.exe
  C:\Windows\System\OionPeZ.exe
  2⤵
  PID:3644
- C:\Windows\System\rEvyMeM.exe
  C:\Windows\System\rEvyMeM.exe
  2⤵
  PID:3664
- C:\Windows\System\Kqfdggl.exe
  C:\Windows\System\Kqfdggl.exe
  2⤵
  PID:3728
- C:\Windows\System\fxDFXyV.exe
  C:\Windows\System\fxDFXyV.exe
  2⤵
  PID:3744
- C:\Windows\System\pOPXMsN.exe
  C:\Windows\System\pOPXMsN.exe
  2⤵
  PID:3800
- C:\Windows\System\MLFiAyL.exe
  C:\Windows\System\MLFiAyL.exe
  2⤵
  PID:3884
- C:\Windows\System\WgQGDCq.exe
  C:\Windows\System\WgQGDCq.exe
  2⤵
  PID:2800
- C:\Windows\System\WSThqoM.exe
  C:\Windows\System\WSThqoM.exe
  2⤵
  PID:4060
- C:\Windows\System\lNHqQmN.exe
  C:\Windows\System\lNHqQmN.exe
  2⤵
  PID:3940
- C:\Windows\System\CtpPPxw.exe
  C:\Windows\System\CtpPPxw.exe
  2⤵
  PID:1576
- C:\Windows\System\ySgctcU.exe
  C:\Windows\System\ySgctcU.exe
  2⤵
  PID:3092
- C:\Windows\System\UOdHoUY.exe
  C:\Windows\System\UOdHoUY.exe
  2⤵
  PID:3140
- C:\Windows\System\SWZYJzC.exe
  C:\Windows\System\SWZYJzC.exe
  2⤵
  PID:3076
- C:\Windows\System\jAJwpwo.exe
  C:\Windows\System\jAJwpwo.exe
  2⤵
  PID:3176
- C:\Windows\System\iIpGdip.exe
  C:\Windows\System\iIpGdip.exe
  2⤵
  PID:3320
- C:\Windows\System\LdUpGja.exe
  C:\Windows\System\LdUpGja.exe
  2⤵
  PID:3496
- C:\Windows\System\vytReNo.exe
  C:\Windows\System\vytReNo.exe
  2⤵
  PID:3596
- C:\Windows\System\odvvpla.exe
  C:\Windows\System\odvvpla.exe
  2⤵
  PID:3584
- C:\Windows\System\bdsvJob.exe
  C:\Windows\System\bdsvJob.exe
  2⤵
  PID:3740
- C:\Windows\System\NMnleGf.exe
  C:\Windows\System\NMnleGf.exe
  2⤵
  PID:3816
- C:\Windows\System\eCzidTO.exe
  C:\Windows\System\eCzidTO.exe
  2⤵
  PID:4028
- C:\Windows\System\JEBNbbe.exe
  C:\Windows\System\JEBNbbe.exe
  2⤵
  PID:3968
- C:\Windows\System\VDxhQYC.exe
  C:\Windows\System\VDxhQYC.exe
  2⤵
  PID:2120
- C:\Windows\System\lXkYpxh.exe
  C:\Windows\System\lXkYpxh.exe
  2⤵
  PID:1832
- C:\Windows\System\ReFtTKM.exe
  C:\Windows\System\ReFtTKM.exe
  2⤵
  PID:1056
- C:\Windows\System\MAolzMV.exe
  C:\Windows\System\MAolzMV.exe
  2⤵
  PID:3216
- C:\Windows\System\qbksiDe.exe
  C:\Windows\System\qbksiDe.exe
  2⤵
  PID:3512
- C:\Windows\System\gMWqtgM.exe
  C:\Windows\System\gMWqtgM.exe
  2⤵
  PID:3668
- C:\Windows\System\GFzNUfV.exe
  C:\Windows\System\GFzNUfV.exe
  2⤵
  PID:3396
- C:\Windows\System\OjiKAja.exe
  C:\Windows\System\OjiKAja.exe
  2⤵
  PID:2572
- C:\Windows\System\NTWSCos.exe
  C:\Windows\System\NTWSCos.exe
  2⤵
  PID:3820
- C:\Windows\System\NvZbRhG.exe
  C:\Windows\System\NvZbRhG.exe
  2⤵
  PID:3844
- C:\Windows\System\FmeuUOo.exe
  C:\Windows\System\FmeuUOo.exe
  2⤵
  PID:2828
- C:\Windows\System\KFhNWBh.exe
  C:\Windows\System\KFhNWBh.exe
  2⤵
  PID:2760
- C:\Windows\System\WyUhMQP.exe
  C:\Windows\System\WyUhMQP.exe
  2⤵
  PID:1852
- C:\Windows\System\xuvpayt.exe
  C:\Windows\System\xuvpayt.exe
  2⤵
  PID:3748
- C:\Windows\System\vHLDeHl.exe
  C:\Windows\System\vHLDeHl.exe
  2⤵
  PID:4068
- C:\Windows\System\DUVpaWc.exe
  C:\Windows\System\DUVpaWc.exe
  2⤵
  PID:3864
- C:\Windows\System\MuSSjes.exe
  C:\Windows\System\MuSSjes.exe
  2⤵
  PID:3636
- C:\Windows\System\wbTwEDv.exe
  C:\Windows\System\wbTwEDv.exe
  2⤵
  PID:3292
- C:\Windows\System\doRuimV.exe
  C:\Windows\System\doRuimV.exe
  2⤵
  PID:3440
- C:\Windows\System\xKPFrTF.exe
  C:\Windows\System\xKPFrTF.exe
  2⤵
  PID:4104
- C:\Windows\System\wAApoNM.exe
  C:\Windows\System\wAApoNM.exe
  2⤵
  PID:4120
- C:\Windows\System\nFyINKc.exe
  C:\Windows\System\nFyINKc.exe
  2⤵
  PID:4140
- C:\Windows\System\GXEHhey.exe
  C:\Windows\System\GXEHhey.exe
  2⤵
  PID:4160
- C:\Windows\System\eONOsta.exe
  C:\Windows\System\eONOsta.exe
  2⤵
  PID:4176
- C:\Windows\System\lcoNVlQ.exe
  C:\Windows\System\lcoNVlQ.exe
  2⤵
  PID:4208
- C:\Windows\System\DrpzxOa.exe
  C:\Windows\System\DrpzxOa.exe
  2⤵
  PID:4232
- C:\Windows\System\kGZpXGt.exe
  C:\Windows\System\kGZpXGt.exe
  2⤵
  PID:4252
- C:\Windows\System\jJrRodV.exe
  C:\Windows\System\jJrRodV.exe
  2⤵
  PID:4272
- C:\Windows\System\UjynQbm.exe
  C:\Windows\System\UjynQbm.exe
  2⤵
  PID:4288
- C:\Windows\System\GECiXVn.exe
  C:\Windows\System\GECiXVn.exe
  2⤵
  PID:4308
- C:\Windows\System\qaotojU.exe
  C:\Windows\System\qaotojU.exe
  2⤵
  PID:4328
- C:\Windows\System\xCjDIlR.exe
  C:\Windows\System\xCjDIlR.exe
  2⤵
  PID:4348
- C:\Windows\System\yANPejy.exe
  C:\Windows\System\yANPejy.exe
  2⤵
  PID:4368
- C:\Windows\System\HylWsfr.exe
  C:\Windows\System\HylWsfr.exe
  2⤵
  PID:4388
- C:\Windows\System\GWITdsm.exe
  C:\Windows\System\GWITdsm.exe
  2⤵
  PID:4408
- C:\Windows\System\ZVDLICM.exe
  C:\Windows\System\ZVDLICM.exe
  2⤵
  PID:4432
- C:\Windows\System\njQundt.exe
  C:\Windows\System\njQundt.exe
  2⤵
  PID:4452
- C:\Windows\System\spVQhhi.exe
  C:\Windows\System\spVQhhi.exe
  2⤵
  PID:4472
- C:\Windows\System\aVBjyZU.exe
  C:\Windows\System\aVBjyZU.exe
  2⤵
  PID:4488
- C:\Windows\System\mZkVzJL.exe
  C:\Windows\System\mZkVzJL.exe
  2⤵
  PID:4512
- C:\Windows\System\gjIWtBy.exe
  C:\Windows\System\gjIWtBy.exe
  2⤵
  PID:4532
- C:\Windows\System\AZDEdAg.exe
  C:\Windows\System\AZDEdAg.exe
  2⤵
  PID:4552
- C:\Windows\System\OYPGnbS.exe
  C:\Windows\System\OYPGnbS.exe
  2⤵
  PID:4568
- C:\Windows\System\eeCgpWx.exe
  C:\Windows\System\eeCgpWx.exe
  2⤵
  PID:4588
- C:\Windows\System\EHoyjcd.exe
  C:\Windows\System\EHoyjcd.exe
  2⤵
  PID:4608
- C:\Windows\System\ccZlrRV.exe
  C:\Windows\System\ccZlrRV.exe
  2⤵
  PID:4632
- C:\Windows\System\hyVQpLI.exe
  C:\Windows\System\hyVQpLI.exe
  2⤵
  PID:4652
- C:\Windows\System\VFWPwjy.exe
  C:\Windows\System\VFWPwjy.exe
  2⤵
  PID:4672
- C:\Windows\System\CdBqrBX.exe
  C:\Windows\System\CdBqrBX.exe
  2⤵
  PID:4692
- C:\Windows\System\IThTIDv.exe
  C:\Windows\System\IThTIDv.exe
  2⤵
  PID:4712
- C:\Windows\System\qPVmKEd.exe
  C:\Windows\System\qPVmKEd.exe
  2⤵
  PID:4732
- C:\Windows\System\SjhQfLr.exe
  C:\Windows\System\SjhQfLr.exe
  2⤵
  PID:4752
- C:\Windows\System\lIdlLAU.exe
  C:\Windows\System\lIdlLAU.exe
  2⤵
  PID:4772
- C:\Windows\System\qQZBuXq.exe
  C:\Windows\System\qQZBuXq.exe
  2⤵
  PID:4792
- C:\Windows\System\OFwrYzX.exe
  C:\Windows\System\OFwrYzX.exe
  2⤵
  PID:4812
- C:\Windows\System\hnSPwUv.exe
  C:\Windows\System\hnSPwUv.exe
  2⤵
  PID:4836
- C:\Windows\System\QdiDHtR.exe
  C:\Windows\System\QdiDHtR.exe
  2⤵
  PID:4852
- C:\Windows\System\xwbvqAl.exe
  C:\Windows\System\xwbvqAl.exe
  2⤵
  PID:4876
- C:\Windows\System\BhSdsUt.exe
  C:\Windows\System\BhSdsUt.exe
  2⤵
  PID:4892
- C:\Windows\System\iGpxgDz.exe
  C:\Windows\System\iGpxgDz.exe
  2⤵
  PID:4916
- C:\Windows\System\RdeCAcX.exe
  C:\Windows\System\RdeCAcX.exe
  2⤵
  PID:4936
- C:\Windows\System\vnypGSV.exe
  C:\Windows\System\vnypGSV.exe
  2⤵
  PID:4964
- C:\Windows\System\yXCpmRz.exe
  C:\Windows\System\yXCpmRz.exe
  2⤵
  PID:4984
- C:\Windows\System\OtcubSn.exe
  C:\Windows\System\OtcubSn.exe
  2⤵
  PID:5000
- C:\Windows\System\VnEwKQJ.exe
  C:\Windows\System\VnEwKQJ.exe
  2⤵
  PID:5040
- C:\Windows\System\oaMFskD.exe
  C:\Windows\System\oaMFskD.exe
  2⤵
  PID:5056
- C:\Windows\System\KYQBuuW.exe
  C:\Windows\System\KYQBuuW.exe
  2⤵
  PID:5076
- C:\Windows\System\ILJfvtJ.exe
  C:\Windows\System\ILJfvtJ.exe
  2⤵
  PID:5100
- C:\Windows\System\JUrgdik.exe
  C:\Windows\System\JUrgdik.exe
  2⤵
  PID:5116
- C:\Windows\System\uYnrvPU.exe
  C:\Windows\System\uYnrvPU.exe
  2⤵
  PID:2712
- C:\Windows\System\cMJkThm.exe
  C:\Windows\System\cMJkThm.exe
  2⤵
  PID:4136
- C:\Windows\System\VDxFAWk.exe
  C:\Windows\System\VDxFAWk.exe
  2⤵
  PID:2028
- C:\Windows\System\BqZfilQ.exe
  C:\Windows\System\BqZfilQ.exe
  2⤵
  PID:860
- C:\Windows\System\aXIKBen.exe
  C:\Windows\System\aXIKBen.exe
  2⤵
  PID:4228
- C:\Windows\System\WrbNBfl.exe
  C:\Windows\System\WrbNBfl.exe
  2⤵
  PID:4220
- C:\Windows\System\NNliOYU.exe
  C:\Windows\System\NNliOYU.exe
  2⤵
  PID:4196
- C:\Windows\System\JGvxMAq.exe
  C:\Windows\System\JGvxMAq.exe
  2⤵
  PID:4296
- C:\Windows\System\xeNaljv.exe
  C:\Windows\System\xeNaljv.exe
  2⤵
  PID:4340
- C:\Windows\System\sDNAuru.exe
  C:\Windows\System\sDNAuru.exe
  2⤵
  PID:4280
- C:\Windows\System\SzXUppl.exe
  C:\Windows\System\SzXUppl.exe
  2⤵
  PID:4324
- C:\Windows\System\ftthEYL.exe
  C:\Windows\System\ftthEYL.exe
  2⤵
  PID:4424
- C:\Windows\System\CqXeKwF.exe
  C:\Windows\System\CqXeKwF.exe
  2⤵
  PID:4464
- C:\Windows\System\AnnbPlL.exe
  C:\Windows\System\AnnbPlL.exe
  2⤵
  PID:4440
- C:\Windows\System\rkrPtNt.exe
  C:\Windows\System\rkrPtNt.exe
  2⤵
  PID:4504
- C:\Windows\System\JCyzNQF.exe
  C:\Windows\System\JCyzNQF.exe
  2⤵
  PID:4584
- C:\Windows\System\iGKDQlO.exe
  C:\Windows\System\iGKDQlO.exe
  2⤵
  PID:4616
- C:\Windows\System\pcFkZRB.exe
  C:\Windows\System\pcFkZRB.exe
  2⤵
  PID:4524
- C:\Windows\System\sAgkQRd.exe
  C:\Windows\System\sAgkQRd.exe
  2⤵
  PID:4560
- C:\Windows\System\gQpnRJV.exe
  C:\Windows\System\gQpnRJV.exe
  2⤵
  PID:4600
- C:\Windows\System\HqGazgm.exe
  C:\Windows\System\HqGazgm.exe
  2⤵
  PID:4668
- C:\Windows\System\yPFdtRd.exe
  C:\Windows\System\yPFdtRd.exe
  2⤵
  PID:4664
- C:\Windows\System\NYPKMpx.exe
  C:\Windows\System\NYPKMpx.exe
  2⤵
  PID:4688
- C:\Windows\System\BeCGsMm.exe
  C:\Windows\System\BeCGsMm.exe
  2⤵
  PID:4720
- C:\Windows\System\vUGzioD.exe
  C:\Windows\System\vUGzioD.exe
  2⤵
  PID:4788
- C:\Windows\System\DTTBgWW.exe
  C:\Windows\System\DTTBgWW.exe
  2⤵
  PID:4832
- C:\Windows\System\AsKqUuz.exe
  C:\Windows\System\AsKqUuz.exe
  2⤵
  PID:4860
- C:\Windows\System\uVmwcuD.exe
  C:\Windows\System\uVmwcuD.exe
  2⤵
  PID:4912
- C:\Windows\System\tcfZYFj.exe
  C:\Windows\System\tcfZYFj.exe
  2⤵
  PID:4924
- C:\Windows\System\ddsNvma.exe
  C:\Windows\System\ddsNvma.exe
  2⤵
  PID:4888
- C:\Windows\System\TEAifgx.exe
  C:\Windows\System\TEAifgx.exe
  2⤵
  PID:2808
- C:\Windows\System\BVrYZWZ.exe
  C:\Windows\System\BVrYZWZ.exe
  2⤵
  PID:1924
- C:\Windows\System\mBBlgll.exe
  C:\Windows\System\mBBlgll.exe
  2⤵
  PID:4980
- C:\Windows\System\gzpFRPQ.exe
  C:\Windows\System\gzpFRPQ.exe
  2⤵
  PID:5024
- C:\Windows\System\FHpEpwo.exe
  C:\Windows\System\FHpEpwo.exe
  2⤵
  PID:5036
- C:\Windows\System\BSLUzzm.exe
  C:\Windows\System\BSLUzzm.exe
  2⤵
  PID:5064
- C:\Windows\System\bZuBzyJ.exe
  C:\Windows\System\bZuBzyJ.exe
  2⤵
  PID:3032
- C:\Windows\System\XQnVirv.exe
  C:\Windows\System\XQnVirv.exe
  2⤵
  PID:4100
- C:\Windows\System\VTzTuTP.exe
  C:\Windows\System\VTzTuTP.exe
  2⤵
  PID:564
- C:\Windows\System\TfamUvr.exe
  C:\Windows\System\TfamUvr.exe
  2⤵
  PID:2860
- C:\Windows\System\DhYwlDo.exe
  C:\Windows\System\DhYwlDo.exe
  2⤵
  PID:3056
- C:\Windows\System\LGDPMky.exe
  C:\Windows\System\LGDPMky.exe
  2⤵
  PID:2836
- C:\Windows\System\XwlnKht.exe
  C:\Windows\System\XwlnKht.exe
  2⤵
  PID:1472
- C:\Windows\System\QTugYmV.exe
  C:\Windows\System\QTugYmV.exe
  2⤵
  PID:4156
- C:\Windows\System\xhLXyjz.exe
  C:\Windows\System\xhLXyjz.exe
  2⤵
  PID:4204
- C:\Windows\System\rIbtCqg.exe
  C:\Windows\System\rIbtCqg.exe
  2⤵
  PID:4316
- C:\Windows\System\CJUavaT.exe
  C:\Windows\System\CJUavaT.exe
  2⤵
  PID:1296
- C:\Windows\System\RnThgZH.exe
  C:\Windows\System\RnThgZH.exe
  2⤵
  PID:4496
- C:\Windows\System\ZQATbtZ.exe
  C:\Windows\System\ZQATbtZ.exe
  2⤵
  PID:2628
- C:\Windows\System\MtGvdKJ.exe
  C:\Windows\System\MtGvdKJ.exe
  2⤵
  PID:4480
- C:\Windows\System\rVsVJAp.exe
  C:\Windows\System\rVsVJAp.exe
  2⤵
  PID:4528
- C:\Windows\System\VJOFxmP.exe
  C:\Windows\System\VJOFxmP.exe
  2⤵
  PID:572
- C:\Windows\System\lHgSGwy.exe
  C:\Windows\System\lHgSGwy.exe
  2⤵
  PID:4620
- C:\Windows\System\nORAocE.exe
  C:\Windows\System\nORAocE.exe
  2⤵
  PID:4596
- C:\Windows\System\zkGEQfJ.exe
  C:\Windows\System\zkGEQfJ.exe
  2⤵
  PID:4680
- C:\Windows\System\SzghhlX.exe
  C:\Windows\System\SzghhlX.exe
  2⤵
  PID:4780
- C:\Windows\System\RPmXZHu.exe
  C:\Windows\System\RPmXZHu.exe
  2⤵
  PID:4764
- C:\Windows\System\cEoNpCR.exe
  C:\Windows\System\cEoNpCR.exe
  2⤵
  PID:1876
- C:\Windows\System\sgkuaxv.exe
  C:\Windows\System\sgkuaxv.exe
  2⤵
  PID:4848
- C:\Windows\System\AjzEsyp.exe
  C:\Windows\System\AjzEsyp.exe
  2⤵
  PID:5028
- C:\Windows\System\euPjUeK.exe
  C:\Windows\System\euPjUeK.exe
  2⤵
  PID:2884
- C:\Windows\System\nIAHbeD.exe
  C:\Windows\System\nIAHbeD.exe
  2⤵
  PID:2380
- C:\Windows\System\vXVeAYP.exe
  C:\Windows\System\vXVeAYP.exe
  2⤵
  PID:5068
- C:\Windows\System\SHOgSxB.exe
  C:\Windows\System\SHOgSxB.exe
  2⤵
  PID:2704
- C:\Windows\System\IHeAjXL.exe
  C:\Windows\System\IHeAjXL.exe
  2⤵
  PID:2896
- C:\Windows\System\SkMZuut.exe
  C:\Windows\System\SkMZuut.exe
  2⤵
  PID:1292
- C:\Windows\System\odmMXtF.exe
  C:\Windows\System\odmMXtF.exe
  2⤵
  PID:2908
- C:\Windows\System\gmpNGch.exe
  C:\Windows\System\gmpNGch.exe
  2⤵
  PID:4116
- C:\Windows\System\fzPPdIZ.exe
  C:\Windows\System\fzPPdIZ.exe
  2⤵
  PID:2980
- C:\Windows\System\PDbnlvS.exe
  C:\Windows\System\PDbnlvS.exe
  2⤵
  PID:4240
- C:\Windows\System\iAVcoQJ.exe
  C:\Windows\System\iAVcoQJ.exe
  2⤵
  PID:2612
- C:\Windows\System\sVNJrfF.exe
  C:\Windows\System\sVNJrfF.exe
  2⤵
  PID:4468
- C:\Windows\System\GANCqPc.exe
  C:\Windows\System\GANCqPc.exe
  2⤵
  PID:4576
- C:\Windows\System\wnToGKU.exe
  C:\Windows\System\wnToGKU.exe
  2⤵
  PID:1780
- C:\Windows\System\OgDeDJt.exe
  C:\Windows\System\OgDeDJt.exe
  2⤵
  PID:2568
- C:\Windows\System\oZrlBwY.exe
  C:\Windows\System\oZrlBwY.exe
  2⤵
  PID:4808
- C:\Windows\System\iWKYNYM.exe
  C:\Windows\System\iWKYNYM.exe
  2⤵
  PID:4704
- C:\Windows\System\PVvMXBV.exe
  C:\Windows\System\PVvMXBV.exe
  2⤵
  PID:4768
- C:\Windows\System\XqahoNW.exe
  C:\Windows\System\XqahoNW.exe
  2⤵
  PID:4644
- C:\Windows\System\gzJdeva.exe
  C:\Windows\System\gzJdeva.exe
  2⤵
  PID:5092
- C:\Windows\System\libMyYJ.exe
  C:\Windows\System\libMyYJ.exe
  2⤵
  PID:4972
- C:\Windows\System\redjNaG.exe
  C:\Windows\System\redjNaG.exe
  2⤵
  PID:2664
- C:\Windows\System\zNVhPFH.exe
  C:\Windows\System\zNVhPFH.exe
  2⤵
  PID:2236
- C:\Windows\System\bAJWScs.exe
  C:\Windows\System\bAJWScs.exe
  2⤵
  PID:4184
- C:\Windows\System\lRMyyEQ.exe
  C:\Windows\System\lRMyyEQ.exe
  2⤵
  PID:1968
- C:\Windows\System\lTKbToZ.exe
  C:\Windows\System\lTKbToZ.exe
  2⤵
  PID:2344
- C:\Windows\System\ZcPsVQf.exe
  C:\Windows\System\ZcPsVQf.exe
  2⤵
  PID:4844
- C:\Windows\System\vLUAaoW.exe
  C:\Windows\System\vLUAaoW.exe
  2⤵
  PID:3060
- C:\Windows\System\sRrDIyd.exe
  C:\Windows\System\sRrDIyd.exe
  2⤵
  PID:5048
- C:\Windows\System\rsplIYl.exe
  C:\Windows\System\rsplIYl.exe
  2⤵
  PID:4952
- C:\Windows\System\UJsjGgt.exe
  C:\Windows\System\UJsjGgt.exe
  2⤵
  PID:4868
- C:\Windows\System\DnyLWTT.exe
  C:\Windows\System\DnyLWTT.exe
  2⤵
  PID:1096
- C:\Windows\System\aVwiIhx.exe
  C:\Windows\System\aVwiIhx.exe
  2⤵
  PID:4364
- C:\Windows\System\sOFpToe.exe
  C:\Windows\System\sOFpToe.exe
  2⤵
  PID:4244
- C:\Windows\System\UfAuywY.exe
  C:\Windows\System\UfAuywY.exe
  2⤵
  PID:1004
- C:\Windows\System\zioiWfb.exe
  C:\Windows\System\zioiWfb.exe
  2⤵
  PID:4932
- C:\Windows\System\gaShpFY.exe
  C:\Windows\System\gaShpFY.exe
  2⤵
  PID:4460
- C:\Windows\System\pJtsRfd.exe
  C:\Windows\System\pJtsRfd.exe
  2⤵
  PID:4268
- C:\Windows\System\loJuRrF.exe
  C:\Windows\System\loJuRrF.exe
  2⤵
  PID:4908
- C:\Windows\System\xlGGtnp.exe
  C:\Windows\System\xlGGtnp.exe
  2⤵
  PID:4804
- C:\Windows\System\tNIGuiJ.exe
  C:\Windows\System\tNIGuiJ.exe
  2⤵
  PID:4152
- C:\Windows\System\NDNuvXw.exe
  C:\Windows\System\NDNuvXw.exe
  2⤵
  PID:4928
- C:\Windows\System\mlpXwfv.exe
  C:\Windows\System\mlpXwfv.exe
  2⤵
  PID:4544
- C:\Windows\System\yFzZsrO.exe
  C:\Windows\System\yFzZsrO.exe
  2⤵
  PID:5136
- C:\Windows\System\mANWJiy.exe
  C:\Windows\System\mANWJiy.exe
  2⤵
  PID:5152
- C:\Windows\System\ZeciaAJ.exe
  C:\Windows\System\ZeciaAJ.exe
  2⤵
  PID:5268
- C:\Windows\System\drhaXOX.exe
  C:\Windows\System\drhaXOX.exe
  2⤵
  PID:5284
- C:\Windows\System\klCjBut.exe
  C:\Windows\System\klCjBut.exe
  2⤵
  PID:5300
- C:\Windows\System\oTYMSSt.exe
  C:\Windows\System\oTYMSSt.exe
  2⤵
  PID:5316
- C:\Windows\System\MrQnpYg.exe
  C:\Windows\System\MrQnpYg.exe
  2⤵
  PID:5348
- C:\Windows\System\MwwBATt.exe
  C:\Windows\System\MwwBATt.exe
  2⤵
  PID:5368
- C:\Windows\System\NtzkriC.exe
  C:\Windows\System\NtzkriC.exe
  2⤵
  PID:5384
- C:\Windows\System\lSnhGYO.exe
  C:\Windows\System\lSnhGYO.exe
  2⤵
  PID:5404
- C:\Windows\System\ypIJuyN.exe
  C:\Windows\System\ypIJuyN.exe
  2⤵
  PID:5420
- C:\Windows\System\KoIpNED.exe
  C:\Windows\System\KoIpNED.exe
  2⤵
  PID:5440
- C:\Windows\System\pmShsJb.exe
  C:\Windows\System\pmShsJb.exe
  2⤵
  PID:5456
- C:\Windows\System\EmWLrZc.exe
  C:\Windows\System\EmWLrZc.exe
  2⤵
  PID:5472
- C:\Windows\System\KRxGeXI.exe
  C:\Windows\System\KRxGeXI.exe
  2⤵
  PID:5488
- C:\Windows\System\PRwpBdG.exe
  C:\Windows\System\PRwpBdG.exe
  2⤵
  PID:5504
- C:\Windows\System\drJXAOu.exe
  C:\Windows\System\drJXAOu.exe
  2⤵
  PID:5536
- C:\Windows\System\ZSxJmHa.exe
  C:\Windows\System\ZSxJmHa.exe
  2⤵
  PID:5556
- C:\Windows\System\YJjKzFG.exe
  C:\Windows\System\YJjKzFG.exe
  2⤵
  PID:5572
- C:\Windows\System\CuSRUVX.exe
  C:\Windows\System\CuSRUVX.exe
  2⤵
  PID:5588
- C:\Windows\System\hOdpKFo.exe
  C:\Windows\System\hOdpKFo.exe
  2⤵
  PID:5604
- C:\Windows\System\eWefINq.exe
  C:\Windows\System\eWefINq.exe
  2⤵
  PID:5672
- C:\Windows\System\kHqNjid.exe
  C:\Windows\System\kHqNjid.exe
  2⤵
  PID:5688
- C:\Windows\System\NWtLhBy.exe
  C:\Windows\System\NWtLhBy.exe
  2⤵
  PID:5708
- C:\Windows\System\KIIAPAh.exe
  C:\Windows\System\KIIAPAh.exe
  2⤵
  PID:5724
- C:\Windows\System\ykmwKvy.exe
  C:\Windows\System\ykmwKvy.exe
  2⤵
  PID:5744
- C:\Windows\System\uMhnKVt.exe
  C:\Windows\System\uMhnKVt.exe
  2⤵
  PID:5760
- C:\Windows\System\wBIxhIO.exe
  C:\Windows\System\wBIxhIO.exe
  2⤵
  PID:5796
- C:\Windows\System\FVfUDYt.exe
  C:\Windows\System\FVfUDYt.exe
  2⤵
  PID:5812
- C:\Windows\System\JvVpHRt.exe
  C:\Windows\System\JvVpHRt.exe
  2⤵
  PID:5828
- C:\Windows\System\JMXEfva.exe
  C:\Windows\System\JMXEfva.exe
  2⤵
  PID:5848
- C:\Windows\System\eEYPuzY.exe
  C:\Windows\System\eEYPuzY.exe
  2⤵
  PID:5864
- C:\Windows\System\LWYsUbr.exe
  C:\Windows\System\LWYsUbr.exe
  2⤵
  PID:5880
- C:\Windows\System\LdXOykk.exe
  C:\Windows\System\LdXOykk.exe
  2⤵
  PID:5904
- C:\Windows\System\GDQYHyI.exe
  C:\Windows\System\GDQYHyI.exe
  2⤵
  PID:5924
- C:\Windows\System\PLsqDkl.exe
  C:\Windows\System\PLsqDkl.exe
  2⤵
  PID:5940
- C:\Windows\System\wlxWaeD.exe
  C:\Windows\System\wlxWaeD.exe
  2⤵
  PID:5976
- C:\Windows\System\xCVAomJ.exe
  C:\Windows\System\xCVAomJ.exe
  2⤵
  PID:5992
- C:\Windows\System\XBIbJWy.exe
  C:\Windows\System\XBIbJWy.exe
  2⤵
  PID:6012
- C:\Windows\System\nptRXUg.exe
  C:\Windows\System\nptRXUg.exe
  2⤵
  PID:6032
- C:\Windows\System\aOWicGe.exe
  C:\Windows\System\aOWicGe.exe
  2⤵
  PID:6048
- C:\Windows\System\EnBVGru.exe
  C:\Windows\System\EnBVGru.exe
  2⤵
  PID:6064
- C:\Windows\System\oMpzfSF.exe
  C:\Windows\System\oMpzfSF.exe
  2⤵
  PID:6080
- C:\Windows\System\SDcGIhQ.exe
  C:\Windows\System\SDcGIhQ.exe
  2⤵
  PID:6124
- C:\Windows\System\gFFOHAI.exe
  C:\Windows\System\gFFOHAI.exe
  2⤵
  PID:6140
- C:\Windows\System\VkNTyCD.exe
  C:\Windows\System\VkNTyCD.exe
  2⤵
  PID:5088
- C:\Windows\System\YBNxDkE.exe
  C:\Windows\System\YBNxDkE.exe
  2⤵
  PID:4284
- C:\Windows\System\EEKLSSa.exe
  C:\Windows\System\EEKLSSa.exe
  2⤵
  PID:4976
- C:\Windows\System\yHnybJt.exe
  C:\Windows\System\yHnybJt.exe
  2⤵
  PID:1656
- C:\Windows\System\ZRmSttk.exe
  C:\Windows\System\ZRmSttk.exe
  2⤵
  PID:5172
- C:\Windows\System\JZLCNRz.exe
  C:\Windows\System\JZLCNRz.exe
  2⤵
  PID:5216
- C:\Windows\System\RzmPXBD.exe
  C:\Windows\System\RzmPXBD.exe
  2⤵
  PID:5208
- C:\Windows\System\shOqxlY.exe
  C:\Windows\System\shOqxlY.exe
  2⤵
  PID:5212
- C:\Windows\System\qfxAwIJ.exe
  C:\Windows\System\qfxAwIJ.exe
  2⤵
  PID:5252
- C:\Windows\System\wSPsGCJ.exe
  C:\Windows\System\wSPsGCJ.exe
  2⤵
  PID:5260
- C:\Windows\System\CDgbJuM.exe
  C:\Windows\System\CDgbJuM.exe
  2⤵
  PID:5308
- C:\Windows\System\ucKKtsS.exe
  C:\Windows\System\ucKKtsS.exe
  2⤵
  PID:5448
- C:\Windows\System\zetFaxH.exe
  C:\Windows\System\zetFaxH.exe
  2⤵
  PID:5520
- C:\Windows\System\walkSZs.exe
  C:\Windows\System\walkSZs.exe
  2⤵
  PID:5528
- C:\Windows\System\iwazsia.exe
  C:\Windows\System\iwazsia.exe
  2⤵
  PID:5596
- C:\Windows\System\UpRhcBx.exe
  C:\Windows\System\UpRhcBx.exe
  2⤵
  PID:5580
- C:\Windows\System\hduAesh.exe
  C:\Windows\System\hduAesh.exe
  2⤵
  PID:5392
- C:\Windows\System\nLdvCDk.exe
  C:\Windows\System\nLdvCDk.exe
  2⤵
  PID:5496
- C:\Windows\System\VvWFqgN.exe
  C:\Windows\System\VvWFqgN.exe
  2⤵
  PID:5552
- C:\Windows\System\ChkkDHU.exe
  C:\Windows\System\ChkkDHU.exe
  2⤵
  PID:5428
- C:\Windows\System\ixLLVFZ.exe
  C:\Windows\System\ixLLVFZ.exe
  2⤵
  PID:5628
- C:\Windows\System\gCFzJRx.exe
  C:\Windows\System\gCFzJRx.exe
  2⤵
  PID:5640
- C:\Windows\System\IzXBPQM.exe
  C:\Windows\System\IzXBPQM.exe
  2⤵
  PID:5736
- C:\Windows\System\neKjIjm.exe
  C:\Windows\System\neKjIjm.exe
  2⤵
  PID:5836
- C:\Windows\System\jdBPlfl.exe
  C:\Windows\System\jdBPlfl.exe
  2⤵
  PID:5916
- C:\Windows\System\eouEzKT.exe
  C:\Windows\System\eouEzKT.exe
  2⤵
  PID:5972
- C:\Windows\System\QGiFSnw.exe
  C:\Windows\System\QGiFSnw.exe
  2⤵
  PID:5784
- C:\Windows\System\PdtTlfs.exe
  C:\Windows\System\PdtTlfs.exe
  2⤵
  PID:5772
- C:\Windows\System\pbpdwbg.exe
  C:\Windows\System\pbpdwbg.exe
  2⤵
  PID:6004
- C:\Windows\System\aZeHjVy.exe
  C:\Windows\System\aZeHjVy.exe
  2⤵
  PID:5936
- C:\Windows\System\aSdlQAk.exe
  C:\Windows\System\aSdlQAk.exe
  2⤵
  PID:6020
- C:\Windows\System\fuCeLPg.exe
  C:\Windows\System\fuCeLPg.exe
  2⤵
  PID:6028
- C:\Windows\System\OVbhBcl.exe
  C:\Windows\System\OVbhBcl.exe
  2⤵
  PID:5984
- C:\Windows\System\BKbwciz.exe
  C:\Windows\System\BKbwciz.exe
  2⤵
  PID:6112
- C:\Windows\System\xTRXXJE.exe
  C:\Windows\System\xTRXXJE.exe
  2⤵
  PID:6136
- C:\Windows\System\cqnwbqd.exe
  C:\Windows\System\cqnwbqd.exe
  2⤵
  PID:1060
- C:\Windows\System\RvdeKom.exe
  C:\Windows\System\RvdeKom.exe
  2⤵
  PID:2072
- C:\Windows\System\YqkwLqU.exe
  C:\Windows\System\YqkwLqU.exe
  2⤵
  PID:2940
- C:\Windows\System\ZqdPsUH.exe
  C:\Windows\System\ZqdPsUH.exe
  2⤵
  PID:5280
- C:\Windows\System\hSLHlPz.exe
  C:\Windows\System\hSLHlPz.exe
  2⤵
  PID:5148
- C:\Windows\System\Vudzxmw.exe
  C:\Windows\System\Vudzxmw.exe
  2⤵
  PID:4628
- C:\Windows\System\bwlaZWx.exe
  C:\Windows\System\bwlaZWx.exe
  2⤵
  PID:4956
- C:\Windows\System\pyVEWcL.exe
  C:\Windows\System\pyVEWcL.exe
  2⤵
  PID:5400
- C:\Windows\System\YkjaBHh.exe
  C:\Windows\System\YkjaBHh.exe
  2⤵
  PID:5624
- C:\Windows\System\BWorUXc.exe
  C:\Windows\System\BWorUXc.exe
  2⤵
  PID:5360
- C:\Windows\System\QgrlfbD.exe
  C:\Windows\System\QgrlfbD.exe
  2⤵
  PID:5484
- C:\Windows\System\dLwSeUG.exe
  C:\Windows\System\dLwSeUG.exe
  2⤵
  PID:5684
- C:\Windows\System\VNCoJDl.exe
  C:\Windows\System\VNCoJDl.exe
  2⤵
  PID:5948
- C:\Windows\System\TTjoIIK.exe
  C:\Windows\System\TTjoIIK.exe
  2⤵
  PID:5716
- C:\Windows\System\QcqAYoy.exe
  C:\Windows\System\QcqAYoy.exe
  2⤵
  PID:5652
- C:\Windows\System\dIXuQXI.exe
  C:\Windows\System\dIXuQXI.exe
  2⤵
  PID:4960
- C:\Windows\System\TdAiUbV.exe
  C:\Windows\System\TdAiUbV.exe
  2⤵
  PID:5776
- C:\Windows\System\NPmRBdM.exe
  C:\Windows\System\NPmRBdM.exe
  2⤵
  PID:5824
- C:\Windows\System\rrQtBBF.exe
  C:\Windows\System\rrQtBBF.exe
  2⤵
  PID:5324
- C:\Windows\System\kxbWmYt.exe
  C:\Windows\System\kxbWmYt.exe
  2⤵
  PID:5780
- C:\Windows\System\nBXQNTb.exe
  C:\Windows\System\nBXQNTb.exe
  2⤵
  PID:5380
- C:\Windows\System\mqDpZiU.exe
  C:\Windows\System\mqDpZiU.exe
  2⤵
  PID:5196
- C:\Windows\System\vcXyuWG.exe
  C:\Windows\System\vcXyuWG.exe
  2⤵
  PID:6088
- C:\Windows\System\tksqfpR.exe
  C:\Windows\System\tksqfpR.exe
  2⤵
  PID:2988
- C:\Windows\System\OnROetj.exe
  C:\Windows\System\OnROetj.exe
  2⤵
  PID:5232
- C:\Windows\System\BCKtRmA.exe
  C:\Windows\System\BCKtRmA.exe
  2⤵
  PID:5332
- C:\Windows\System\LaUZwEV.exe
  C:\Windows\System\LaUZwEV.exe
  2⤵
  PID:5512
- C:\Windows\System\CYkVAFC.exe
  C:\Windows\System\CYkVAFC.exe
  2⤵
  PID:5704
- C:\Windows\System\ziIzUqT.exe
  C:\Windows\System\ziIzUqT.exe
  2⤵
  PID:5844
- C:\Windows\System\UHyhmTY.exe
  C:\Windows\System\UHyhmTY.exe
  2⤵
  PID:5968
- C:\Windows\System\DKiCdDL.exe
  C:\Windows\System\DKiCdDL.exe
  2⤵
  PID:5900
- C:\Windows\System\qgwzTxX.exe
  C:\Windows\System\qgwzTxX.exe
  2⤵
  PID:4320
- C:\Windows\System\lcoGDWI.exe
  C:\Windows\System\lcoGDWI.exe
  2⤵
  PID:5336
- C:\Windows\System\HrzhoEi.exe
  C:\Windows\System\HrzhoEi.exe
  2⤵
  PID:5432
- C:\Windows\System\GTVZnDa.exe
  C:\Windows\System\GTVZnDa.exe
  2⤵
  PID:5240
- C:\Windows\System\iwenLTl.exe
  C:\Windows\System\iwenLTl.exe
  2⤵
  PID:5544
- C:\Windows\System\zzmTECW.exe
  C:\Windows\System\zzmTECW.exe
  2⤵
  PID:6044
- C:\Windows\System\EJaLKsp.exe
  C:\Windows\System\EJaLKsp.exe
  2⤵
  PID:5188
- C:\Windows\System\JgwfkUf.exe
  C:\Windows\System\JgwfkUf.exe
  2⤵
  PID:5328
- C:\Windows\System\gnzdlvJ.exe
  C:\Windows\System\gnzdlvJ.exe
  2⤵
  PID:3480
- C:\Windows\System\uwKuTBg.exe
  C:\Windows\System\uwKuTBg.exe
  2⤵
  PID:5792
- C:\Windows\System\SMaTcFZ.exe
  C:\Windows\System\SMaTcFZ.exe
  2⤵
  PID:5912
- C:\Windows\System\uBECvdJ.exe
  C:\Windows\System\uBECvdJ.exe
  2⤵
  PID:2960
- C:\Windows\System\LlJjmaa.exe
  C:\Windows\System\LlJjmaa.exe
  2⤵
  PID:5752
- C:\Windows\System\ZljKAZa.exe
  C:\Windows\System\ZljKAZa.exe
  2⤵
  PID:5668
- C:\Windows\System\rpkUSwg.exe
  C:\Windows\System\rpkUSwg.exe
  2⤵
  PID:2740
- C:\Windows\System\KiiWhwo.exe
  C:\Windows\System\KiiWhwo.exe
  2⤵
  PID:5236
- C:\Windows\System\bVKTlAs.exe
  C:\Windows\System\bVKTlAs.exe
  2⤵
  PID:5988
- C:\Windows\System\TfcVgje.exe
  C:\Windows\System\TfcVgje.exe
  2⤵
  PID:5952
- C:\Windows\System\GtffHXX.exe
  C:\Windows\System\GtffHXX.exe
  2⤵
  PID:6188
- C:\Windows\System\bKatRFQ.exe
  C:\Windows\System\bKatRFQ.exe
  2⤵
  PID:6204
- C:\Windows\System\LBfmxBu.exe
  C:\Windows\System\LBfmxBu.exe
  2⤵
  PID:6224
- C:\Windows\System\hwhAeWB.exe
  C:\Windows\System\hwhAeWB.exe
  2⤵
  PID:6256
- C:\Windows\System\fjhmuKe.exe
  C:\Windows\System\fjhmuKe.exe
  2⤵
  PID:6272
- C:\Windows\System\xcyNzxR.exe
  C:\Windows\System\xcyNzxR.exe
  2⤵
  PID:6288
- C:\Windows\System\clNDYVy.exe
  C:\Windows\System\clNDYVy.exe
  2⤵
  PID:6304
- C:\Windows\System\EXYwmQq.exe
  C:\Windows\System\EXYwmQq.exe
  2⤵
  PID:6320
- C:\Windows\System\thYkEet.exe
  C:\Windows\System\thYkEet.exe
  2⤵
  PID:6336
- C:\Windows\System\QtDHCuy.exe
  C:\Windows\System\QtDHCuy.exe
  2⤵
  PID:6352
- C:\Windows\System\eiwMFxN.exe
  C:\Windows\System\eiwMFxN.exe
  2⤵
  PID:6368
- C:\Windows\System\sHlonWP.exe
  C:\Windows\System\sHlonWP.exe
  2⤵
  PID:6384
- C:\Windows\System\rgPnPye.exe
  C:\Windows\System\rgPnPye.exe
  2⤵
  PID:6432
- C:\Windows\System\GtHkgiK.exe
  C:\Windows\System\GtHkgiK.exe
  2⤵
  PID:6452
- C:\Windows\System\WdpZhcr.exe
  C:\Windows\System\WdpZhcr.exe
  2⤵
  PID:6468
- C:\Windows\System\DaLYvHM.exe
  C:\Windows\System\DaLYvHM.exe
  2⤵
  PID:6488
- C:\Windows\System\pqyONZe.exe
  C:\Windows\System\pqyONZe.exe
  2⤵
  PID:6504
- C:\Windows\System\OTyPrKE.exe
  C:\Windows\System\OTyPrKE.exe
  2⤵
  PID:6524
- C:\Windows\System\FfqEXci.exe
  C:\Windows\System\FfqEXci.exe
  2⤵
  PID:6548
- C:\Windows\System\XycmRrt.exe
  C:\Windows\System\XycmRrt.exe
  2⤵
  PID:6564
- C:\Windows\System\auflDSY.exe
  C:\Windows\System\auflDSY.exe
  2⤵
  PID:6580
- C:\Windows\System\aiGvyHW.exe
  C:\Windows\System\aiGvyHW.exe
  2⤵
  PID:6608
- C:\Windows\System\MpQXNKK.exe
  C:\Windows\System\MpQXNKK.exe
  2⤵
  PID:6628
- C:\Windows\System\euoTTCF.exe
  C:\Windows\System\euoTTCF.exe
  2⤵
  PID:6656
- C:\Windows\System\VvThUbe.exe
  C:\Windows\System\VvThUbe.exe
  2⤵
  PID:6672
- C:\Windows\System\ZgwWFOf.exe
  C:\Windows\System\ZgwWFOf.exe
  2⤵
  PID:6692
- C:\Windows\System\rkxiJby.exe
  C:\Windows\System\rkxiJby.exe
  2⤵
  PID:6720
- C:\Windows\System\fJENngU.exe
  C:\Windows\System\fJENngU.exe
  2⤵
  PID:6736
- C:\Windows\System\bTJsrJC.exe
  C:\Windows\System\bTJsrJC.exe
  2⤵
  PID:6760
- C:\Windows\System\LqGnEAK.exe
  C:\Windows\System\LqGnEAK.exe
  2⤵
  PID:6776
- C:\Windows\System\LglojGi.exe
  C:\Windows\System\LglojGi.exe
  2⤵
  PID:6792
- C:\Windows\System\wSivKDL.exe
  C:\Windows\System\wSivKDL.exe
  2⤵
  PID:6816
- C:\Windows\System\cbjyOxw.exe
  C:\Windows\System\cbjyOxw.exe
  2⤵
  PID:6832
- C:\Windows\System\zXZHjyo.exe
  C:\Windows\System\zXZHjyo.exe
  2⤵
  PID:6860
- C:\Windows\System\tcflYQE.exe
  C:\Windows\System\tcflYQE.exe
  2⤵
  PID:6880
- C:\Windows\System\MtkQoRJ.exe
  C:\Windows\System\MtkQoRJ.exe
  2⤵
  PID:6900
- C:\Windows\System\uCaPtgk.exe
  C:\Windows\System\uCaPtgk.exe
  2⤵
  PID:6920
- C:\Windows\System\AofoWab.exe
  C:\Windows\System\AofoWab.exe
  2⤵
  PID:6936
- C:\Windows\System\ZeuggYr.exe
  C:\Windows\System\ZeuggYr.exe
  2⤵
  PID:6952
- C:\Windows\System\KqJRaIe.exe
  C:\Windows\System\KqJRaIe.exe
  2⤵
  PID:6968
- C:\Windows\System\aMXvbZd.exe
  C:\Windows\System\aMXvbZd.exe
  2⤵
  PID:6988
- C:\Windows\System\ZwnDrnH.exe
  C:\Windows\System\ZwnDrnH.exe
  2⤵
  PID:7012
- C:\Windows\System\nbGsjyX.exe
  C:\Windows\System\nbGsjyX.exe
  2⤵
  PID:7032
- C:\Windows\System\OSTKTTS.exe
  C:\Windows\System\OSTKTTS.exe
  2⤵
  PID:7048
- C:\Windows\System\yvaUuBL.exe
  C:\Windows\System\yvaUuBL.exe
  2⤵
  PID:7064
- C:\Windows\System\Ucpezrq.exe
  C:\Windows\System\Ucpezrq.exe
  2⤵
  PID:7084
- C:\Windows\System\icbVuSJ.exe
  C:\Windows\System\icbVuSJ.exe
  2⤵
  PID:7100
- C:\Windows\System\poLitPu.exe
  C:\Windows\System\poLitPu.exe
  2⤵
  PID:7116
- C:\Windows\System\KPpyCDk.exe
  C:\Windows\System\KPpyCDk.exe
  2⤵
  PID:7152
- C:\Windows\System\hcOpWDu.exe
  C:\Windows\System\hcOpWDu.exe
  2⤵
  PID:5804
- C:\Windows\System\crgaFxq.exe
  C:\Windows\System\crgaFxq.exe
  2⤵
  PID:6104
- C:\Windows\System\RJJBEeH.exe
  C:\Windows\System\RJJBEeH.exe
  2⤵
  PID:6156
- C:\Windows\System\pvaHQXw.exe
  C:\Windows\System\pvaHQXw.exe
  2⤵
  PID:6196
- C:\Windows\System\ekWlAWJ.exe
  C:\Windows\System\ekWlAWJ.exe
  2⤵
  PID:6216
- C:\Windows\System\cWWoGVB.exe
  C:\Windows\System\cWWoGVB.exe
  2⤵
  PID:6252
- C:\Windows\System\mfkxwii.exe
  C:\Windows\System\mfkxwii.exe
  2⤵
  PID:6328
- C:\Windows\System\mUkpqZP.exe
  C:\Windows\System\mUkpqZP.exe
  2⤵
  PID:6284
- C:\Windows\System\SDDgJII.exe
  C:\Windows\System\SDDgJII.exe
  2⤵
  PID:6348
- C:\Windows\System\dUpyyFS.exe
  C:\Windows\System\dUpyyFS.exe
  2⤵
  PID:6364
- C:\Windows\System\FxRUVXm.exe
  C:\Windows\System\FxRUVXm.exe
  2⤵
  PID:6424
- C:\Windows\System\xKFwDmc.exe
  C:\Windows\System\xKFwDmc.exe
  2⤵
  PID:6444
- C:\Windows\System\WHhZqNM.exe
  C:\Windows\System\WHhZqNM.exe
  2⤵
  PID:6484
- C:\Windows\System\crLbsWF.exe
  C:\Windows\System\crLbsWF.exe
  2⤵
  PID:6556
- C:\Windows\System\YvtCULD.exe
  C:\Windows\System\YvtCULD.exe
  2⤵
  PID:6596
- C:\Windows\System\vzZSLiA.exe
  C:\Windows\System\vzZSLiA.exe
  2⤵
  PID:6464
- C:\Windows\System\kPeUyLs.exe
  C:\Windows\System\kPeUyLs.exe
  2⤵
  PID:6500
- C:\Windows\System\fZMTyrT.exe
  C:\Windows\System\fZMTyrT.exe
  2⤵
  PID:6640
- C:\Windows\System\ubQqqQa.exe
  C:\Windows\System\ubQqqQa.exe
  2⤵
  PID:6680
- C:\Windows\System\PJZmzXZ.exe
  C:\Windows\System\PJZmzXZ.exe
  2⤵
  PID:6728
- C:\Windows\System\YdHYyjP.exe
  C:\Windows\System\YdHYyjP.exe
  2⤵
  PID:6772
- C:\Windows\System\CwXhXdI.exe
  C:\Windows\System\CwXhXdI.exe
  2⤵
  PID:6756
- C:\Windows\System\nTVRGys.exe
  C:\Windows\System\nTVRGys.exe
  2⤵
  PID:6840
- C:\Windows\System\jWJfjeO.exe
  C:\Windows\System\jWJfjeO.exe
  2⤵
  PID:6856
- C:\Windows\System\FdMcVJX.exe
  C:\Windows\System\FdMcVJX.exe
  2⤵
  PID:6828
- C:\Windows\System\HABfdpi.exe
  C:\Windows\System\HABfdpi.exe
  2⤵
  PID:6876
- C:\Windows\System\MocKrQA.exe
  C:\Windows\System\MocKrQA.exe
  2⤵
  PID:6964
- C:\Windows\System\qkDTGCy.exe
  C:\Windows\System\qkDTGCy.exe
  2⤵
  PID:7044
- C:\Windows\System\mmUIyqo.exe
  C:\Windows\System\mmUIyqo.exe
  2⤵
  PID:7112
- C:\Windows\System\evVJnch.exe
  C:\Windows\System\evVJnch.exe
  2⤵
  PID:7096
- C:\Windows\System\IFoQfoq.exe
  C:\Windows\System\IFoQfoq.exe
  2⤵
  PID:6976
- C:\Windows\System\mTtxWOK.exe
  C:\Windows\System\mTtxWOK.exe
  2⤵
  PID:7028
- C:\Windows\System\bZbnYjR.exe
  C:\Windows\System\bZbnYjR.exe
  2⤵
  PID:7164
- C:\Windows\System\FXhgZUd.exe
  C:\Windows\System\FXhgZUd.exe
  2⤵
  PID:5292
- C:\Windows\System\EqFHaBA.exe
  C:\Windows\System\EqFHaBA.exe
  2⤵
  PID:6152
- C:\Windows\System\DqBPNIF.exe
  C:\Windows\System\DqBPNIF.exe
  2⤵
  PID:6236
- C:\Windows\System\tXhGuDi.exe
  C:\Windows\System\tXhGuDi.exe
  2⤵
  PID:876
- C:\Windows\System\xNLPgha.exe
  C:\Windows\System\xNLPgha.exe
  2⤵
  PID:6412
- C:\Windows\System\wVCsHhp.exe
  C:\Windows\System\wVCsHhp.exe
  2⤵
  PID:6540
- C:\Windows\System\avoajzA.exe
  C:\Windows\System\avoajzA.exe
  2⤵
  PID:6360
- C:\Windows\System\hsFvXjw.exe
  C:\Windows\System\hsFvXjw.exe
  2⤵
  PID:6576
- C:\Windows\System\JKchaDZ.exe
  C:\Windows\System\JKchaDZ.exe
  2⤵
  PID:6652
- C:\Windows\System\JBabiXY.exe
  C:\Windows\System\JBabiXY.exe
  2⤵
  PID:6624
- C:\Windows\System\msCJydS.exe
  C:\Windows\System\msCJydS.exe
  2⤵
  PID:6704
- C:\Windows\System\vSQNqZl.exe
  C:\Windows\System\vSQNqZl.exe
  2⤵
  PID:6808
- C:\Windows\System\rsPmPLq.exe
  C:\Windows\System\rsPmPLq.exe
  2⤵
  PID:6748
- C:\Windows\System\pxuLrbQ.exe
  C:\Windows\System\pxuLrbQ.exe
  2⤵
  PID:6684
- C:\Windows\System\nqKriCz.exe
  C:\Windows\System\nqKriCz.exe
  2⤵
  PID:6892
- C:\Windows\System\lIhfiZt.exe
  C:\Windows\System\lIhfiZt.exe
  2⤵
  PID:5012
- C:\Windows\System\MBVjEsv.exe
  C:\Windows\System\MBVjEsv.exe
  2⤵
  PID:7004
- C:\Windows\System\nhhVXKE.exe
  C:\Windows\System\nhhVXKE.exe
  2⤵
  PID:7108
- C:\Windows\System\NqTmLoG.exe
  C:\Windows\System\NqTmLoG.exe
  2⤵
  PID:6944
- C:\Windows\System\OqhZMLH.exe
  C:\Windows\System\OqhZMLH.exe
  2⤵
  PID:7092
- C:\Windows\System\cVTLVxe.exe
  C:\Windows\System\cVTLVxe.exe
  2⤵
  PID:5568
- C:\Windows\System\bfOfVEu.exe
  C:\Windows\System\bfOfVEu.exe
  2⤵
  PID:6172
- C:\Windows\System\XcPRogp.exe
  C:\Windows\System\XcPRogp.exe
  2⤵
  PID:6244
- C:\Windows\System\xLyWSJT.exe
  C:\Windows\System\xLyWSJT.exe
  2⤵
  PID:6408
- C:\Windows\System\YouxgfD.exe
  C:\Windows\System\YouxgfD.exe
  2⤵
  PID:6592
- C:\Windows\System\SfCBeyQ.exe
  C:\Windows\System\SfCBeyQ.exe
  2⤵
  PID:6620
- C:\Windows\System\GqaZfqf.exe
  C:\Windows\System\GqaZfqf.exe
  2⤵
  PID:6648
- C:\Windows\System\Jchpjrg.exe
  C:\Windows\System\Jchpjrg.exe
  2⤵
  PID:6520
- C:\Windows\System\ZMFjNSF.exe
  C:\Windows\System\ZMFjNSF.exe
  2⤵
  PID:6688
- C:\Windows\System\WqDJGcc.exe
  C:\Windows\System\WqDJGcc.exe
  2⤵
  PID:6752
- C:\Windows\System\qxtDSSl.exe
  C:\Windows\System\qxtDSSl.exe
  2⤵
  PID:7076
- C:\Windows\System\jiLqlGo.exe
  C:\Windows\System\jiLqlGo.exe
  2⤵
  PID:7008
- C:\Windows\System\fIYQebH.exe
  C:\Windows\System\fIYQebH.exe
  2⤵
  PID:5200
- C:\Windows\System\BvcIZzp.exe
  C:\Windows\System\BvcIZzp.exe
  2⤵
  PID:2432
- C:\Windows\System\EKZdiok.exe
  C:\Windows\System\EKZdiok.exe
  2⤵
  PID:6296
- C:\Windows\System\IOtKjlH.exe
  C:\Windows\System\IOtKjlH.exe
  2⤵
  PID:6480
- C:\Windows\System\rWlAXSG.exe
  C:\Windows\System\rWlAXSG.exe
  2⤵
  PID:6572
- C:\Windows\System\fIXDnMr.exe
  C:\Windows\System\fIXDnMr.exe
  2⤵
  PID:6396
- C:\Windows\System\bygOqeJ.exe
  C:\Windows\System\bygOqeJ.exe
  2⤵
  PID:6916
- C:\Windows\System\xJSkHsU.exe
  C:\Windows\System\xJSkHsU.exe
  2⤵
  PID:6344
- C:\Windows\System\XqbttNJ.exe
  C:\Windows\System\XqbttNJ.exe
  2⤵
  PID:6872
- C:\Windows\System\nNjaObm.exe
  C:\Windows\System\nNjaObm.exe
  2⤵
  PID:4188
- C:\Windows\System\pemGsWO.exe
  C:\Windows\System\pemGsWO.exe
  2⤵
  PID:6440
- C:\Windows\System\OaWnJpb.exe
  C:\Windows\System\OaWnJpb.exe
  2⤵
  PID:6516
- C:\Windows\System\YRTIYGr.exe
  C:\Windows\System\YRTIYGr.exe
  2⤵
  PID:7132
- C:\Windows\System\NlLdyDo.exe
  C:\Windows\System\NlLdyDo.exe
  2⤵
  PID:6220
- C:\Windows\System\JOwVWWJ.exe
  C:\Windows\System\JOwVWWJ.exe
  2⤵
  PID:6960
- C:\Windows\System\DrKcDDh.exe
  C:\Windows\System\DrKcDDh.exe
  2⤵
  PID:6768
- C:\Windows\System\MUfSZtD.exe
  C:\Windows\System\MUfSZtD.exe
  2⤵
  PID:7136
- C:\Windows\System\BdTNNUk.exe
  C:\Windows\System\BdTNNUk.exe
  2⤵
  PID:6248
- C:\Windows\System\dHpMhmK.exe
  C:\Windows\System\dHpMhmK.exe
  2⤵
  PID:6460
- C:\Windows\System\QouHUCZ.exe
  C:\Windows\System\QouHUCZ.exe
  2⤵
  PID:7172
- C:\Windows\System\ibotmjd.exe
  C:\Windows\System\ibotmjd.exe
  2⤵
  PID:7188
- C:\Windows\System\aekpYXV.exe
  C:\Windows\System\aekpYXV.exe
  2⤵
  PID:7216
- C:\Windows\System\YpPMdpu.exe
  C:\Windows\System\YpPMdpu.exe
  2⤵
  PID:7232
- C:\Windows\System\FlUKYKZ.exe
  C:\Windows\System\FlUKYKZ.exe
  2⤵
  PID:7256
- C:\Windows\System\hYYUEeu.exe
  C:\Windows\System\hYYUEeu.exe
  2⤵
  PID:7276
- C:\Windows\System\WBeTlUO.exe
  C:\Windows\System\WBeTlUO.exe
  2⤵
  PID:7292
- C:\Windows\System\zjnMqbr.exe
  C:\Windows\System\zjnMqbr.exe
  2⤵
  PID:7316
- C:\Windows\System\cafPMVi.exe
  C:\Windows\System\cafPMVi.exe
  2⤵
  PID:7336
- C:\Windows\System\guNabzz.exe
  C:\Windows\System\guNabzz.exe
  2⤵
  PID:7356
- C:\Windows\System\kGrmlqo.exe
  C:\Windows\System\kGrmlqo.exe
  2⤵
  PID:7372
- C:\Windows\System\gKqHGbd.exe
  C:\Windows\System\gKqHGbd.exe
  2⤵
  PID:7392
- C:\Windows\System\eKEUFzA.exe
  C:\Windows\System\eKEUFzA.exe
  2⤵
  PID:7420
- C:\Windows\System\SFVUVUn.exe
  C:\Windows\System\SFVUVUn.exe
  2⤵
  PID:7436
- C:\Windows\System\knucTyp.exe
  C:\Windows\System\knucTyp.exe
  2⤵
  PID:7456
- C:\Windows\System\JSDvcvI.exe
  C:\Windows\System\JSDvcvI.exe
  2⤵
  PID:7476
- C:\Windows\System\BGWkQAe.exe
  C:\Windows\System\BGWkQAe.exe
  2⤵
  PID:7492
- C:\Windows\System\OZBAXfw.exe
  C:\Windows\System\OZBAXfw.exe
  2⤵
  PID:7512
- C:\Windows\System\HbevqdI.exe
  C:\Windows\System\HbevqdI.exe
  2⤵
  PID:7532
- C:\Windows\System\LkbXEEN.exe
  C:\Windows\System\LkbXEEN.exe
  2⤵
  PID:7552
- C:\Windows\System\DhNBdTH.exe
  C:\Windows\System\DhNBdTH.exe
  2⤵
  PID:7568
- C:\Windows\System\bHdbqjp.exe
  C:\Windows\System\bHdbqjp.exe
  2⤵
  PID:7600
- C:\Windows\System\AxHCVZZ.exe
  C:\Windows\System\AxHCVZZ.exe
  2⤵
  PID:7620
- C:\Windows\System\vdDzeWN.exe
  C:\Windows\System\vdDzeWN.exe
  2⤵
  PID:7636
- C:\Windows\System\TEzPLOo.exe
  C:\Windows\System\TEzPLOo.exe
  2⤵
  PID:7656
- C:\Windows\System\GwpVcWf.exe
  C:\Windows\System\GwpVcWf.exe
  2⤵
  PID:7676
- C:\Windows\System\IbsqTrp.exe
  C:\Windows\System\IbsqTrp.exe
  2⤵
  PID:7704
- C:\Windows\System\vDuPocS.exe
  C:\Windows\System\vDuPocS.exe
  2⤵
  PID:7720
- C:\Windows\System\ehEwhmc.exe
  C:\Windows\System\ehEwhmc.exe
  2⤵
  PID:7744
- C:\Windows\System\PtNQnwd.exe
  C:\Windows\System\PtNQnwd.exe
  2⤵
  PID:7760
- C:\Windows\System\ClaGsxV.exe
  C:\Windows\System\ClaGsxV.exe
  2⤵
  PID:7776
- C:\Windows\System\SDBKtGR.exe
  C:\Windows\System\SDBKtGR.exe
  2⤵
  PID:7804
- C:\Windows\System\oLRBhbK.exe
  C:\Windows\System\oLRBhbK.exe
  2⤵
  PID:7820
- C:\Windows\System\iMtzrEs.exe
  C:\Windows\System\iMtzrEs.exe
  2⤵
  PID:7836
- C:\Windows\System\EXypird.exe
  C:\Windows\System\EXypird.exe
  2⤵
  PID:7860
- C:\Windows\System\mdsbjEp.exe
  C:\Windows\System\mdsbjEp.exe
  2⤵
  PID:7876
- C:\Windows\System\UVIDqFg.exe
  C:\Windows\System\UVIDqFg.exe
  2⤵
  PID:7892
- C:\Windows\System\yzbmAfr.exe
  C:\Windows\System\yzbmAfr.exe
  2⤵
  PID:7908
- C:\Windows\System\uskSFuz.exe
  C:\Windows\System\uskSFuz.exe
  2⤵
  PID:7924
- C:\Windows\System\tCSqhht.exe
  C:\Windows\System\tCSqhht.exe
  2⤵
  PID:7940
- C:\Windows\System\CfLAZia.exe
  C:\Windows\System\CfLAZia.exe
  2⤵
  PID:7960
- C:\Windows\System\KoyXhjD.exe
  C:\Windows\System\KoyXhjD.exe
  2⤵
  PID:7980
- C:\Windows\System\DuxDNtC.exe
  C:\Windows\System\DuxDNtC.exe
  2⤵
  PID:8000
- C:\Windows\System\CCnftti.exe
  C:\Windows\System\CCnftti.exe
  2⤵
  PID:8016
- C:\Windows\System\cnEXQWc.exe
  C:\Windows\System\cnEXQWc.exe
  2⤵
  PID:8064
- C:\Windows\System\WHhRNxP.exe
  C:\Windows\System\WHhRNxP.exe
  2⤵
  PID:8080
- C:\Windows\System\MRaAjOw.exe
  C:\Windows\System\MRaAjOw.exe
  2⤵
  PID:8096
- C:\Windows\System\qINnhHK.exe
  C:\Windows\System\qINnhHK.exe
  2⤵
  PID:8116
- C:\Windows\System\SiCOpkx.exe
  C:\Windows\System\SiCOpkx.exe
  2⤵
  PID:8136
- C:\Windows\System\duDWRYw.exe
  C:\Windows\System\duDWRYw.exe
  2⤵
  PID:8156
- C:\Windows\System\xPEMlJA.exe
  C:\Windows\System\xPEMlJA.exe
  2⤵
  PID:8176
- C:\Windows\System\ljeSVSe.exe
  C:\Windows\System\ljeSVSe.exe
  2⤵
  PID:6784
- C:\Windows\System\znodKjN.exe
  C:\Windows\System\znodKjN.exe
  2⤵
  PID:7248
- C:\Windows\System\itfDvVs.exe
  C:\Windows\System\itfDvVs.exe
  2⤵
  PID:7252
- C:\Windows\System\AJAqXph.exe
  C:\Windows\System\AJAqXph.exe
  2⤵
  PID:7228
- C:\Windows\System\TXrxWYx.exe
  C:\Windows\System\TXrxWYx.exe
  2⤵
  PID:7272
- C:\Windows\System\TbAMcyJ.exe
  C:\Windows\System\TbAMcyJ.exe
  2⤵
  PID:7324
- C:\Windows\System\iLaKdQj.exe
  C:\Windows\System\iLaKdQj.exe
  2⤵
  PID:7364
- C:\Windows\System\IejIfvx.exe
  C:\Windows\System\IejIfvx.exe
  2⤵
  PID:7380
- C:\Windows\System\bwdeINi.exe
  C:\Windows\System\bwdeINi.exe
  2⤵
  PID:7416
- C:\Windows\System\GEpVVFE.exe
  C:\Windows\System\GEpVVFE.exe
  2⤵
  PID:7432
- C:\Windows\System\BwYNcLw.exe
  C:\Windows\System\BwYNcLw.exe
  2⤵
  PID:7524
- C:\Windows\System\XvuVGeM.exe
  C:\Windows\System\XvuVGeM.exe
  2⤵
  PID:7544
- C:\Windows\System\ixwzzIc.exe
  C:\Windows\System\ixwzzIc.exe
  2⤵
  PID:7472
- C:\Windows\System\NinJssP.exe
  C:\Windows\System\NinJssP.exe
  2⤵
  PID:7612
- C:\Windows\System\ROFSCTP.exe
  C:\Windows\System\ROFSCTP.exe
  2⤵
  PID:7540
- C:\Windows\System\yaYskFG.exe
  C:\Windows\System\yaYskFG.exe
  2⤵
  PID:7684
- C:\Windows\System\juLFZoq.exe
  C:\Windows\System\juLFZoq.exe
  2⤵
  PID:7588
- C:\Windows\System\vypRIlN.exe
  C:\Windows\System\vypRIlN.exe
  2⤵
  PID:7692
- C:\Windows\System\baoURLq.exe
  C:\Windows\System\baoURLq.exe
  2⤵
  PID:7736
- C:\Windows\System\zOssXGG.exe
  C:\Windows\System\zOssXGG.exe
  2⤵
  PID:7792
- C:\Windows\System\gzrKybq.exe
  C:\Windows\System\gzrKybq.exe
  2⤵
  PID:7844
- C:\Windows\System\eMIhPlg.exe
  C:\Windows\System\eMIhPlg.exe
  2⤵
  PID:7916
- C:\Windows\System\IgJVPfg.exe
  C:\Windows\System\IgJVPfg.exe
  2⤵
  PID:7948
- C:\Windows\System\OZwgarW.exe
  C:\Windows\System\OZwgarW.exe
  2⤵
  PID:8036
- C:\Windows\System\qkAtksc.exe
  C:\Windows\System\qkAtksc.exe
  2⤵
  PID:8048
- C:\Windows\System\AAQjHEk.exe
  C:\Windows\System\AAQjHEk.exe
  2⤵
  PID:7932
- C:\Windows\System\rlfiAoF.exe
  C:\Windows\System\rlfiAoF.exe
  2⤵
  PID:7904
- C:\Windows\System\GDOvUcL.exe
  C:\Windows\System\GDOvUcL.exe
  2⤵
  PID:8028
- C:\Windows\System\DTckLRJ.exe
  C:\Windows\System\DTckLRJ.exe
  2⤵
  PID:8092
- C:\Windows\System\SgAaRFh.exe
  C:\Windows\System\SgAaRFh.exe
  2⤵
  PID:8164
- C:\Windows\System\IFzWger.exe
  C:\Windows\System\IFzWger.exe
  2⤵
  PID:8148
- C:\Windows\System\zjsenYH.exe
  C:\Windows\System\zjsenYH.exe
  2⤵
  PID:7204
- C:\Windows\System\prbuwwq.exe
  C:\Windows\System\prbuwwq.exe
  2⤵
  PID:1264
- C:\Windows\System\wNRMRRn.exe
  C:\Windows\System\wNRMRRn.exe
  2⤵
  PID:7304
- C:\Windows\System\zhogFHQ.exe
  C:\Windows\System\zhogFHQ.exe
  2⤵
  PID:7344
- C:\Windows\System\fVgHlgx.exe
  C:\Windows\System\fVgHlgx.exe
  2⤵
  PID:7400
- C:\Windows\System\HJvCSld.exe
  C:\Windows\System\HJvCSld.exe
  2⤵
  PID:7412
- C:\Windows\System\cQkQfLr.exe
  C:\Windows\System\cQkQfLr.exe
  2⤵
  PID:7608
- C:\Windows\System\HFqihki.exe
  C:\Windows\System\HFqihki.exe
  2⤵
  PID:7592
- C:\Windows\System\mOroifd.exe
  C:\Windows\System\mOroifd.exe
  2⤵
  PID:7768
- C:\Windows\System\cuzKFhx.exe
  C:\Windows\System\cuzKFhx.exe
  2⤵
  PID:7796
- C:\Windows\System\ihQdOdL.exe
  C:\Windows\System\ihQdOdL.exe
  2⤵
  PID:2252
- C:\Windows\System\SnTRoAT.exe
  C:\Windows\System\SnTRoAT.exe
  2⤵
  PID:7520
- C:\Windows\System\PGmdAuM.exe
  C:\Windows\System\PGmdAuM.exe
  2⤵
  PID:7628
- C:\Windows\System\mfirEXK.exe
  C:\Windows\System\mfirEXK.exe
  2⤵
  PID:7812
- C:\Windows\System\TezZlca.exe
  C:\Windows\System\TezZlca.exe
  2⤵
  PID:7816
- C:\Windows\System\TTKxlVy.exe
  C:\Windows\System\TTKxlVy.exe
  2⤵
  PID:8056
- C:\Windows\System\yUTVKHz.exe
  C:\Windows\System\yUTVKHz.exe
  2⤵
  PID:7968
- C:\Windows\System\FRXzQHZ.exe
  C:\Windows\System\FRXzQHZ.exe
  2⤵
  PID:8104
- C:\Windows\System\OvSRKYD.exe
  C:\Windows\System\OvSRKYD.exe
  2⤵
  PID:8184
- C:\Windows\System\kcuCuwv.exe
  C:\Windows\System\kcuCuwv.exe
  2⤵
  PID:7224
- C:\Windows\System\ImqEBxE.exe
  C:\Windows\System\ImqEBxE.exe
  2⤵
  PID:7212
- C:\Windows\System\LCpRIeB.exe
  C:\Windows\System\LCpRIeB.exe
  2⤵
  PID:7448
- C:\Windows\System\VIeFWCr.exe
  C:\Windows\System\VIeFWCr.exe
  2⤵
  PID:7264
- C:\Windows\System\yVMMBHu.exe
  C:\Windows\System\yVMMBHu.exe
  2⤵
  PID:7484
- C:\Windows\System\hYAczTb.exe
  C:\Windows\System\hYAczTb.exe
  2⤵
  PID:2152
- C:\Windows\System\eUStzUW.exe
  C:\Windows\System\eUStzUW.exe
  2⤵
  PID:8024
- C:\Windows\System\LJkPJZB.exe
  C:\Windows\System\LJkPJZB.exe
  2⤵
  PID:7784
- C:\Windows\System\VEcJUHz.exe
  C:\Windows\System\VEcJUHz.exe
  2⤵
  PID:7888
- C:\Windows\System\awdVtER.exe
  C:\Windows\System\awdVtER.exe
  2⤵
  PID:8012
- C:\Windows\System\PiAPRYO.exe
  C:\Windows\System\PiAPRYO.exe
  2⤵
  PID:7900
- C:\Windows\System\NwVhBeC.exe
  C:\Windows\System\NwVhBeC.exe
  2⤵
  PID:8112
- C:\Windows\System\ROBlYxp.exe
  C:\Windows\System\ROBlYxp.exe
  2⤵
  PID:7444
- C:\Windows\System\fEKwunc.exe
  C:\Windows\System\fEKwunc.exe
  2⤵
  PID:7352
- C:\Windows\System\DldlinH.exe
  C:\Windows\System\DldlinH.exe
  2⤵
  PID:7648
- C:\Windows\System\HKiPhEJ.exe
  C:\Windows\System\HKiPhEJ.exe
  2⤵
  PID:7856
- C:\Windows\System\tXEDPRP.exe
  C:\Windows\System\tXEDPRP.exe
  2⤵
  PID:7580
- C:\Windows\System\cNVLaaN.exe
  C:\Windows\System\cNVLaaN.exe
  2⤵
  PID:8188
- C:\Windows\System\dETxhpO.exe
  C:\Windows\System\dETxhpO.exe
  2⤵
  PID:7828
- C:\Windows\System\gWDREDg.exe
  C:\Windows\System\gWDREDg.exe
  2⤵
  PID:7268
- C:\Windows\System\eKZxrEx.exe
  C:\Windows\System\eKZxrEx.exe
  2⤵
  PID:7664
- C:\Windows\System\PUhOvkZ.exe
  C:\Windows\System\PUhOvkZ.exe
  2⤵
  PID:8108
- C:\Windows\System\akQXAoX.exe
  C:\Windows\System\akQXAoX.exe
  2⤵
  PID:7700
- C:\Windows\System\DFIsfNt.exe
  C:\Windows\System\DFIsfNt.exe
  2⤵
  PID:7752
- C:\Windows\System\LzqLAtv.exe
  C:\Windows\System\LzqLAtv.exe
  2⤵
  PID:8060
- C:\Windows\System\beUvjeR.exe
  C:\Windows\System\beUvjeR.exe
  2⤵
  PID:7180
- C:\Windows\System\NQjrurs.exe
  C:\Windows\System\NQjrurs.exe
  2⤵
  PID:7652
- C:\Windows\System\CypZnXA.exe
  C:\Windows\System\CypZnXA.exe
  2⤵
  PID:8040
- C:\Windows\System\jhWonNy.exe
  C:\Windows\System\jhWonNy.exe
  2⤵
  PID:7712
- C:\Windows\System\aZCaHum.exe
  C:\Windows\System\aZCaHum.exe
  2⤵
  PID:8196
- C:\Windows\System\ONkxIoi.exe
  C:\Windows\System\ONkxIoi.exe
  2⤵
  PID:8216
- C:\Windows\System\UWgZNKf.exe
  C:\Windows\System\UWgZNKf.exe
  2⤵
  PID:8236
- C:\Windows\System\lmBUhMS.exe
  C:\Windows\System\lmBUhMS.exe
  2⤵
  PID:8252
- C:\Windows\System\WDqKFWo.exe
  C:\Windows\System\WDqKFWo.exe
  2⤵
  PID:8272
- C:\Windows\System\GHmRXdO.exe
  C:\Windows\System\GHmRXdO.exe
  2⤵
  PID:8296
- C:\Windows\System\MfiuWdZ.exe
  C:\Windows\System\MfiuWdZ.exe
  2⤵
  PID:8320
- C:\Windows\System\MyIsLCy.exe
  C:\Windows\System\MyIsLCy.exe
  2⤵
  PID:8344
- C:\Windows\System\gaqsFkT.exe
  C:\Windows\System\gaqsFkT.exe
  2⤵
  PID:8372
- C:\Windows\System\pfclFey.exe
  C:\Windows\System\pfclFey.exe
  2⤵
  PID:8388
- C:\Windows\System\wakbRkC.exe
  C:\Windows\System\wakbRkC.exe
  2⤵
  PID:8404
- C:\Windows\System\BgLopsP.exe
  C:\Windows\System\BgLopsP.exe
  2⤵
  PID:8428
- C:\Windows\System\DUGufxj.exe
  C:\Windows\System\DUGufxj.exe
  2⤵
  PID:8456
- C:\Windows\System\LPdCPWf.exe
  C:\Windows\System\LPdCPWf.exe
  2⤵
  PID:8472
- C:\Windows\System\PfPexhk.exe
  C:\Windows\System\PfPexhk.exe
  2⤵
  PID:8488
- C:\Windows\System\KyFRpIw.exe
  C:\Windows\System\KyFRpIw.exe
  2⤵
  PID:8512
- C:\Windows\System\olPgHot.exe
  C:\Windows\System\olPgHot.exe
  2⤵
  PID:8528
- C:\Windows\System\bNtpntz.exe
  C:\Windows\System\bNtpntz.exe
  2⤵
  PID:8556
- C:\Windows\System\QutNwsR.exe
  C:\Windows\System\QutNwsR.exe
  2⤵
  PID:8576
- C:\Windows\System\CGEsjrm.exe
  C:\Windows\System\CGEsjrm.exe
  2⤵
  PID:8596
- C:\Windows\System\EJZAyeK.exe
  C:\Windows\System\EJZAyeK.exe
  2⤵
  PID:8612
- C:\Windows\System\BWTTHLD.exe
  C:\Windows\System\BWTTHLD.exe
  2⤵
  PID:8628
- C:\Windows\System\SyqDFEV.exe
  C:\Windows\System\SyqDFEV.exe
  2⤵
  PID:8648
- C:\Windows\System\vNfvfDn.exe
  C:\Windows\System\vNfvfDn.exe
  2⤵
  PID:8668
- C:\Windows\System\ekHqXcd.exe
  C:\Windows\System\ekHqXcd.exe
  2⤵
  PID:8684
- C:\Windows\System\RHrVpiD.exe
  C:\Windows\System\RHrVpiD.exe
  2⤵
  PID:8704
- C:\Windows\System\MWDoiiJ.exe
  C:\Windows\System\MWDoiiJ.exe
  2⤵
  PID:8720
- C:\Windows\System\vyakEQR.exe
  C:\Windows\System\vyakEQR.exe
  2⤵
  PID:8740
- C:\Windows\System\nyWBKhE.exe
  C:\Windows\System\nyWBKhE.exe
  2⤵
  PID:8756
- C:\Windows\System\hQPhfhp.exe
  C:\Windows\System\hQPhfhp.exe
  2⤵
  PID:8772
- C:\Windows\System\aHOnrVI.exe
  C:\Windows\System\aHOnrVI.exe
  2⤵
  PID:8788
- C:\Windows\System\ufrHcIj.exe
  C:\Windows\System\ufrHcIj.exe
  2⤵
  PID:8812
- C:\Windows\System\tUJpVzW.exe
  C:\Windows\System\tUJpVzW.exe
  2⤵
  PID:8836
- C:\Windows\System\wDvmlrZ.exe
  C:\Windows\System\wDvmlrZ.exe
  2⤵
  PID:8868
- C:\Windows\System\yyAbYks.exe
  C:\Windows\System\yyAbYks.exe
  2⤵
  PID:8884
- C:\Windows\System\LEmFkBG.exe
  C:\Windows\System\LEmFkBG.exe
  2⤵
  PID:8900
- C:\Windows\System\prYbWKK.exe
  C:\Windows\System\prYbWKK.exe
  2⤵
  PID:8916
- C:\Windows\System\bmEtzZO.exe
  C:\Windows\System\bmEtzZO.exe
  2⤵
  PID:8936
- C:\Windows\System\oPLeyXw.exe
  C:\Windows\System\oPLeyXw.exe
  2⤵
  PID:8980
- C:\Windows\System\ZlxRStD.exe
  C:\Windows\System\ZlxRStD.exe
  2⤵
  PID:8996
- C:\Windows\System\HkNhwoI.exe
  C:\Windows\System\HkNhwoI.exe
  2⤵
  PID:9012
- C:\Windows\System\ctvkjQa.exe
  C:\Windows\System\ctvkjQa.exe
  2⤵
  PID:9028
- C:\Windows\System\hjsvtKw.exe
  C:\Windows\System\hjsvtKw.exe
  2⤵
  PID:9056
- C:\Windows\System\GMwkYhe.exe
  C:\Windows\System\GMwkYhe.exe
  2⤵
  PID:9076
- C:\Windows\System\qWKTzHc.exe
  C:\Windows\System\qWKTzHc.exe
  2⤵
  PID:9092
- C:\Windows\System\CRKLabb.exe
  C:\Windows\System\CRKLabb.exe
  2⤵
  PID:9116
- C:\Windows\System\xcSjUlb.exe
  C:\Windows\System\xcSjUlb.exe
  2⤵
  PID:9136
- C:\Windows\System\IXXsDcf.exe
  C:\Windows\System\IXXsDcf.exe
  2⤵
  PID:9152
- C:\Windows\System\CPOohtt.exe
  C:\Windows\System\CPOohtt.exe
  2⤵
  PID:9176
- C:\Windows\System\VulLOjr.exe
  C:\Windows\System\VulLOjr.exe
  2⤵
  PID:9196
- C:\Windows\System\KVnCqCN.exe
  C:\Windows\System\KVnCqCN.exe
  2⤵
  PID:9212
- C:\Windows\System\qzrnOtN.exe
  C:\Windows\System\qzrnOtN.exe
  2⤵
  PID:8208
- C:\Windows\System\WRdupYT.exe
  C:\Windows\System\WRdupYT.exe
  2⤵
  PID:8248
- C:\Windows\System\BlnuAgM.exe
  C:\Windows\System\BlnuAgM.exe
  2⤵
  PID:8304
- C:\Windows\System\ysFcURG.exe
  C:\Windows\System\ysFcURG.exe
  2⤵
  PID:8336
- C:\Windows\System\eMoZJbs.exe
  C:\Windows\System\eMoZJbs.exe
  2⤵
  PID:8352
- C:\Windows\System\CptjpAt.exe
  C:\Windows\System\CptjpAt.exe
  2⤵
  PID:8368
- C:\Windows\System\lKgXDQD.exe
  C:\Windows\System\lKgXDQD.exe
  2⤵
  PID:8416
- C:\Windows\System\GiDnSQz.exe
  C:\Windows\System\GiDnSQz.exe
  2⤵
  PID:8440
- C:\Windows\System\hYCYson.exe
  C:\Windows\System\hYCYson.exe
  2⤵
  PID:8468
- C:\Windows\System\aAptpUZ.exe
  C:\Windows\System\aAptpUZ.exe
  2⤵
  PID:8540
- C:\Windows\System\XblQapy.exe
  C:\Windows\System\XblQapy.exe
  2⤵
  PID:8572
- C:\Windows\System\MkZBRSY.exe
  C:\Windows\System\MkZBRSY.exe
  2⤵
  PID:8592
- C:\Windows\System\TcLfJak.exe
  C:\Windows\System\TcLfJak.exe
  2⤵
  PID:592
- C:\Windows\System\HdxDVwO.exe
  C:\Windows\System\HdxDVwO.exe
  2⤵
  PID:8680
- C:\Windows\System\SOzsCER.exe
  C:\Windows\System\SOzsCER.exe
  2⤵
  PID:8780
- C:\Windows\System\wHonGVO.exe
  C:\Windows\System\wHonGVO.exe
  2⤵
  PID:8692
- C:\Windows\System\xBBrHNh.exe
  C:\Windows\System\xBBrHNh.exe
  2⤵
  PID:8696
- C:\Windows\System\AlXSgsL.exe
  C:\Windows\System\AlXSgsL.exe
  2⤵
  PID:8804
- C:\Windows\System\QXgmcaA.exe
  C:\Windows\System\QXgmcaA.exe
  2⤵
  PID:8664
- C:\Windows\System\bFeWXuq.exe
  C:\Windows\System\bFeWXuq.exe
  2⤵
  PID:8852
- C:\Windows\System\SpigQfi.exe
  C:\Windows\System\SpigQfi.exe
  2⤵
  PID:8892
- C:\Windows\System\HBecPqo.exe
  C:\Windows\System\HBecPqo.exe
  2⤵
  PID:8928
- C:\Windows\System\pdiZdvE.exe
  C:\Windows\System\pdiZdvE.exe
  2⤵
  PID:8960
- C:\Windows\System\MQzDlSe.exe
  C:\Windows\System\MQzDlSe.exe
  2⤵
  PID:9004
- C:\Windows\System\cgYlRdN.exe
  C:\Windows\System\cgYlRdN.exe
  2⤵
  PID:9020
- C:\Windows\System\ToanGjA.exe
  C:\Windows\System\ToanGjA.exe
  2⤵
  PID:9040
- C:\Windows\System\hohWgQT.exe
  C:\Windows\System\hohWgQT.exe
  2⤵
  PID:9072
- C:\Windows\System\JkQaPqq.exe
  C:\Windows\System\JkQaPqq.exe
  2⤵
  PID:9108
- C:\Windows\System\iCLWmUT.exe
  C:\Windows\System\iCLWmUT.exe
  2⤵
  PID:9144
- C:\Windows\System\NlMxJoz.exe
  C:\Windows\System\NlMxJoz.exe
  2⤵
  PID:9168
- C:\Windows\System\yUhTcyD.exe
  C:\Windows\System\yUhTcyD.exe
  2⤵
  PID:9208
- C:\Windows\System\ybsbJqJ.exe
  C:\Windows\System\ybsbJqJ.exe
  2⤵
  PID:9192
- C:\Windows\System\DVtcrnY.exe
  C:\Windows\System\DVtcrnY.exe
  2⤵
  PID:8292
- C:\Windows\System\EaBvrJU.exe
  C:\Windows\System\EaBvrJU.exe
  2⤵
  PID:8412
- C:\Windows\System\DXrpJXe.exe
  C:\Windows\System\DXrpJXe.exe
  2⤵
  PID:8328
- C:\Windows\System\AnrmZNv.exe
  C:\Windows\System\AnrmZNv.exe
  2⤵
  PID:8400
- C:\Windows\System\WCkuNgF.exe
  C:\Windows\System\WCkuNgF.exe
  2⤵
  PID:8212
- C:\Windows\System\FvSSOcN.exe
  C:\Windows\System\FvSSOcN.exe
  2⤵
  PID:8604
- C:\Windows\System\jeAafQp.exe
  C:\Windows\System\jeAafQp.exe
  2⤵
  PID:8820
- C:\Windows\System\lvtsMWg.exe
  C:\Windows\System\lvtsMWg.exe
  2⤵
  PID:8844
- C:\Windows\System\roqjDJa.exe
  C:\Windows\System\roqjDJa.exe
  2⤵
  PID:8716
- C:\Windows\System\pvBCIeC.exe
  C:\Windows\System\pvBCIeC.exe
  2⤵
  PID:8800
- C:\Windows\System\GYHNbGx.exe
  C:\Windows\System\GYHNbGx.exe
  2⤵
  PID:8860
- C:\Windows\System\TRWhkun.exe
  C:\Windows\System\TRWhkun.exe
  2⤵
  PID:8924
- C:\Windows\System\sKTfwmN.exe
  C:\Windows\System\sKTfwmN.exe
  2⤵
  PID:8972
- C:\Windows\System\UOWcerU.exe
  C:\Windows\System\UOWcerU.exe
  2⤵
  PID:8260
- C:\Windows\System\sbNFEDk.exe
  C:\Windows\System\sbNFEDk.exe
  2⤵
  PID:8992
- C:\Windows\System\lhRnJGm.exe
  C:\Windows\System\lhRnJGm.exe
  2⤵
  PID:9112
- C:\Windows\System\npwgvjN.exe
  C:\Windows\System\npwgvjN.exe
  2⤵
  PID:9188
- C:\Windows\System\okpTESe.exe
  C:\Windows\System\okpTESe.exe
  2⤵
  PID:8464
- C:\Windows\System\aSThXSQ.exe
  C:\Windows\System\aSThXSQ.exe
  2⤵
  PID:8384
- C:\Windows\System\HAylJvN.exe
  C:\Windows\System\HAylJvN.exe
  2⤵
  PID:8436
- C:\Windows\System\yqhkThi.exe
  C:\Windows\System\yqhkThi.exe
  2⤵
  PID:8588
- C:\Windows\System\jqkYHyV.exe
  C:\Windows\System\jqkYHyV.exe
  2⤵
  PID:8644
- C:\Windows\System\WTZxuHa.exe
  C:\Windows\System\WTZxuHa.exe
  2⤵
  PID:8876
- C:\Windows\System\VVHkPBB.exe
  C:\Windows\System\VVHkPBB.exe
  2⤵
  PID:8944
- C:\Windows\System\jVaKEom.exe
  C:\Windows\System\jVaKEom.exe
  2⤵
  PID:9048
- C:\Windows\System\lNoryds.exe
  C:\Windows\System\lNoryds.exe
  2⤵
  PID:9104
- C:\Windows\System\oMNtLAh.exe
  C:\Windows\System\oMNtLAh.exe
  2⤵
  PID:8912
- C:\Windows\System\VXoYCAf.exe
  C:\Windows\System\VXoYCAf.exe
  2⤵
  PID:8264
- C:\Windows\System\dLgNvNe.exe
  C:\Windows\System\dLgNvNe.exe
  2⤵
  PID:9132
- C:\Windows\System\RgYynyQ.exe
  C:\Windows\System\RgYynyQ.exe
  2⤵
  PID:8500
- C:\Windows\System\VIwYAkz.exe
  C:\Windows\System\VIwYAkz.exe
  2⤵
  PID:8204
- C:\Windows\System\gPsWuHs.exe
  C:\Windows\System\gPsWuHs.exe
  2⤵
  PID:8864
- C:\Windows\System\mJTKjpf.exe
  C:\Windows\System\mJTKjpf.exe
  2⤵
  PID:8676
- C:\Windows\System\ECVRclq.exe
  C:\Windows\System\ECVRclq.exe
  2⤵
  PID:8732
- C:\Windows\System\HWiEwYE.exe
  C:\Windows\System\HWiEwYE.exe
  2⤵
  PID:8952
- C:\Windows\System\NzkGeeb.exe
  C:\Windows\System\NzkGeeb.exe
  2⤵
  PID:8832
- C:\Windows\System\jTraLbp.exe
  C:\Windows\System\jTraLbp.exe
  2⤵
  PID:8524
- C:\Windows\System\fIWDWlk.exe
  C:\Windows\System\fIWDWlk.exe
  2⤵
  PID:8332
- C:\Windows\System\lOGuZLD.exe
  C:\Windows\System\lOGuZLD.exe
  2⤵
  PID:8312
- C:\Windows\System\orJUmUL.exe
  C:\Windows\System\orJUmUL.exe
  2⤵
  PID:9172
- C:\Windows\System\RDDsWOS.exe
  C:\Windows\System\RDDsWOS.exe
  2⤵
  PID:8728
- C:\Windows\System\PHbdfAl.exe
  C:\Windows\System\PHbdfAl.exe
  2⤵
  PID:8988
- C:\Windows\System\XJbCiZt.exe
  C:\Windows\System\XJbCiZt.exe
  2⤵
  PID:9220
- C:\Windows\System\bgSdlth.exe
  C:\Windows\System\bgSdlth.exe
  2⤵
  PID:9236
- C:\Windows\System\qsbLXUb.exe
  C:\Windows\System\qsbLXUb.exe
  2⤵
  PID:9252
- C:\Windows\System\EkCPiGK.exe
  C:\Windows\System\EkCPiGK.exe
  2⤵
  PID:9276
- C:\Windows\System\exkaacY.exe
  C:\Windows\System\exkaacY.exe
  2⤵
  PID:9292
- C:\Windows\System\GETRYTD.exe
  C:\Windows\System\GETRYTD.exe
  2⤵
  PID:9328
- C:\Windows\System\lNVAoik.exe
  C:\Windows\System\lNVAoik.exe
  2⤵
  PID:9344
- C:\Windows\System\haEuowT.exe
  C:\Windows\System\haEuowT.exe
  2⤵
  PID:9368
- C:\Windows\System\oDrvygD.exe
  C:\Windows\System\oDrvygD.exe
  2⤵
  PID:9384
- C:\Windows\System\XVPZbiC.exe
  C:\Windows\System\XVPZbiC.exe
  2⤵
  PID:9400
- C:\Windows\System\yEZyqmn.exe
  C:\Windows\System\yEZyqmn.exe
  2⤵
  PID:9420
- C:\Windows\System\yrQvwog.exe
  C:\Windows\System\yrQvwog.exe
  2⤵
  PID:9436
- C:\Windows\System\xEFLjxe.exe
  C:\Windows\System\xEFLjxe.exe
  2⤵
  PID:9460
- C:\Windows\System\NWHpEWc.exe
  C:\Windows\System\NWHpEWc.exe
  2⤵
  PID:9480
- C:\Windows\System\vDzZYlG.exe
  C:\Windows\System\vDzZYlG.exe
  2⤵
  PID:9500
- C:\Windows\System\VhxVhMA.exe
  C:\Windows\System\VhxVhMA.exe
  2⤵
  PID:9516
- C:\Windows\System\uBdGCgh.exe
  C:\Windows\System\uBdGCgh.exe
  2⤵
  PID:9532
- C:\Windows\System\oYvRkfZ.exe
  C:\Windows\System\oYvRkfZ.exe
  2⤵
  PID:9548
- C:\Windows\System\lKwPwif.exe
  C:\Windows\System\lKwPwif.exe
  2⤵
  PID:9564
- C:\Windows\System\XYyhDYR.exe
  C:\Windows\System\XYyhDYR.exe
  2⤵
  PID:9608
- C:\Windows\System\pGWHkrD.exe
  C:\Windows\System\pGWHkrD.exe
  2⤵
  PID:9624
- C:\Windows\System\nPXNCCm.exe
  C:\Windows\System\nPXNCCm.exe
  2⤵
  PID:9640
- C:\Windows\System\IetyiHq.exe
  C:\Windows\System\IetyiHq.exe
  2⤵
  PID:9660
- C:\Windows\System\WCZzFvo.exe
  C:\Windows\System\WCZzFvo.exe
  2⤵
  PID:9692
- C:\Windows\System\ykenHNX.exe
  C:\Windows\System\ykenHNX.exe
  2⤵
  PID:9708
- C:\Windows\System\bVcoRbw.exe
  C:\Windows\System\bVcoRbw.exe
  2⤵
  PID:9728
- C:\Windows\System\nToessN.exe
  C:\Windows\System\nToessN.exe
  2⤵
  PID:9744
- C:\Windows\System\CZemoFU.exe
  C:\Windows\System\CZemoFU.exe
  2⤵
  PID:9772
- C:\Windows\System\xHzzwyH.exe
  C:\Windows\System\xHzzwyH.exe
  2⤵
  PID:9792
- C:\Windows\System\gkHmCTF.exe
  C:\Windows\System\gkHmCTF.exe
  2⤵
  PID:9812
- C:\Windows\System\dgsxMpj.exe
  C:\Windows\System\dgsxMpj.exe
  2⤵
  PID:9832
- C:\Windows\System\CAJlzxS.exe
  C:\Windows\System\CAJlzxS.exe
  2⤵
  PID:9852
- C:\Windows\System\etvWPlf.exe
  C:\Windows\System\etvWPlf.exe
  2⤵
  PID:9868
- C:\Windows\System\PXgdXbJ.exe
  C:\Windows\System\PXgdXbJ.exe
  2⤵
  PID:9888
- C:\Windows\System\EivEMJJ.exe
  C:\Windows\System\EivEMJJ.exe
  2⤵
  PID:9908
- C:\Windows\System\MVgWGPF.exe
  C:\Windows\System\MVgWGPF.exe
  2⤵
  PID:9924
- C:\Windows\System\FmRiFPe.exe
  C:\Windows\System\FmRiFPe.exe
  2⤵
  PID:9940
- C:\Windows\System\jceIUDG.exe
  C:\Windows\System\jceIUDG.exe
  2⤵
  PID:9972
- C:\Windows\System\XlYxmkw.exe
  C:\Windows\System\XlYxmkw.exe
  2⤵
  PID:9988
- C:\Windows\System\OCuseDb.exe
  C:\Windows\System\OCuseDb.exe
  2⤵
  PID:10004
- C:\Windows\System\rWtXLaF.exe
  C:\Windows\System\rWtXLaF.exe
  2⤵
  PID:10028
- C:\Windows\System\zLCkODt.exe
  C:\Windows\System\zLCkODt.exe
  2⤵
  PID:10048
- C:\Windows\System\mHhhpXm.exe
  C:\Windows\System\mHhhpXm.exe
  2⤵
  PID:10064
- C:\Windows\System\ueAaFQF.exe
  C:\Windows\System\ueAaFQF.exe
  2⤵
  PID:10080
- C:\Windows\System\sUtBYLm.exe
  C:\Windows\System\sUtBYLm.exe
  2⤵
  PID:10100
- C:\Windows\System\krGrRGn.exe
  C:\Windows\System\krGrRGn.exe
  2⤵
  PID:10120
- C:\Windows\System\MdqcquE.exe
  C:\Windows\System\MdqcquE.exe
  2⤵
  PID:10140
- C:\Windows\System\XohDmtq.exe
  C:\Windows\System\XohDmtq.exe
  2⤵
  PID:10156
- C:\Windows\System\JfqMxnG.exe
  C:\Windows\System\JfqMxnG.exe
  2⤵
  PID:10192
- C:\Windows\System\SPzVmYH.exe
  C:\Windows\System\SPzVmYH.exe
  2⤵
  PID:10212
- C:\Windows\System\JYJnjEP.exe
  C:\Windows\System\JYJnjEP.exe
  2⤵
  PID:10232
- C:\Windows\System\FYDEgYA.exe
  C:\Windows\System\FYDEgYA.exe
  2⤵
  PID:8544
- C:\Windows\System\kFsFWhX.exe
  C:\Windows\System\kFsFWhX.exe
  2⤵
  PID:9244
- C:\Windows\System\EyhQkbU.exe
  C:\Windows\System\EyhQkbU.exe
  2⤵
  PID:9272
- C:\Windows\System\AJqwbhV.exe
  C:\Windows\System\AJqwbhV.exe
  2⤵
  PID:9308
- C:\Windows\System\bypZBsn.exe
  C:\Windows\System\bypZBsn.exe
  2⤵
  PID:9360
- C:\Windows\System\gLBvxbi.exe
  C:\Windows\System\gLBvxbi.exe
  2⤵
  PID:9392
- C:\Windows\System\QtMQzvN.exe
  C:\Windows\System\QtMQzvN.exe
  2⤵
  PID:9432
- C:\Windows\System\Aytxjeg.exe
  C:\Windows\System\Aytxjeg.exe
  2⤵
  PID:9508
- C:\Windows\System\rdxzueo.exe
  C:\Windows\System\rdxzueo.exe
  2⤵
  PID:9572
- C:\Windows\System\aJyIZfi.exe
  C:\Windows\System\aJyIZfi.exe
  2⤵
  PID:9488
- C:\Windows\System\lUTiaPJ.exe
  C:\Windows\System\lUTiaPJ.exe
  2⤵
  PID:9448
- C:\Windows\System\kUKgmRt.exe
  C:\Windows\System\kUKgmRt.exe
  2⤵
  PID:9584
- C:\Windows\System\AurmqKE.exe
  C:\Windows\System\AurmqKE.exe
  2⤵
  PID:9600
- C:\Windows\System\TwJJnzp.exe
  C:\Windows\System\TwJJnzp.exe
  2⤵
  PID:9620
- C:\Windows\System\uGpbEMU.exe
  C:\Windows\System\uGpbEMU.exe
  2⤵
  PID:9668
- C:\Windows\System\YHXgpFP.exe
  C:\Windows\System\YHXgpFP.exe
  2⤵
  PID:9680
- C:\Windows\System\TBBXRAZ.exe
  C:\Windows\System\TBBXRAZ.exe
  2⤵
  PID:9716
- C:\Windows\System\vOfntUb.exe
  C:\Windows\System\vOfntUb.exe
  2⤵
  PID:9736
- C:\Windows\System\zFlBXjS.exe
  C:\Windows\System\zFlBXjS.exe
  2⤵
  PID:9780
- C:\Windows\System\RsYVEoO.exe
  C:\Windows\System\RsYVEoO.exe
  2⤵
  PID:9804
- C:\Windows\System\scFcAiy.exe
  C:\Windows\System\scFcAiy.exe
  2⤵
  PID:9840
- C:\Windows\System\rvJmlUh.exe
  C:\Windows\System\rvJmlUh.exe
  2⤵
  PID:9876
- C:\Windows\System\YsmPpCj.exe
  C:\Windows\System\YsmPpCj.exe
  2⤵
  PID:9900
- C:\Windows\System\dDroRfa.exe
  C:\Windows\System\dDroRfa.exe
  2⤵
  PID:9952
- C:\Windows\System\SaXpfWo.exe
  C:\Windows\System\SaXpfWo.exe
  2⤵
  PID:9996
- C:\Windows\System\KOqpkjr.exe
  C:\Windows\System\KOqpkjr.exe
  2⤵
  PID:10016
- C:\Windows\System\iQZsxgD.exe
  C:\Windows\System\iQZsxgD.exe
  2⤵
  PID:10044
- C:\Windows\System\TPDEpOe.exe
  C:\Windows\System\TPDEpOe.exe
  2⤵
  PID:10056
- C:\Windows\System\eiMACjg.exe
  C:\Windows\System\eiMACjg.exe
  2⤵
  PID:10096
- C:\Windows\System\ietbEWY.exe
  C:\Windows\System\ietbEWY.exe
  2⤵
  PID:10176
- C:\Windows\System\PKAHLlb.exe
  C:\Windows\System\PKAHLlb.exe
  2⤵
  PID:10208
- C:\Windows\System\CPAavCV.exe
  C:\Windows\System\CPAavCV.exe
  2⤵
  PID:10224
- C:\Windows\System\poisSMK.exe
  C:\Windows\System\poisSMK.exe
  2⤵
  PID:9264
- C:\Windows\System\OKBPKYq.exe
  C:\Windows\System\OKBPKYq.exe
  2⤵
  PID:9304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ACYSdNl.exe

Filesize
6.0MB

MD5
f24c4568ec65d959f98babdcf529aa5a

SHA1
f88c2925a1ae99f2e1c2fb0e3cdc67fdc30651c8

SHA256
c32222752a03d9512d02f057e9b572a6d35d21c8d1db4ee63994d3c134951b90

SHA512
3ad62b03c6f5b54923737d58de5412344214b00334a45f9ffbf80fd9b7f5a0220a4bfd2cd5e18f65493f29fc97df7e8f827eb1e505a644cac299dda4adf07780

Download Submit
C:\Windows\system\AgSiMIJ.exe

Filesize
6.0MB

MD5
6b8eb5838c96946c53787dbf9cc64d48

SHA1
fe0223e312d530f28e5420bcdc896578f34058f5

SHA256
e2d8ed651e4880921eff85945835bd6f443866c3a7a4343066c0a4322e9721d1

SHA512
91627a4d22b77e9ab14ec8373acadd3ef67b12dd325c0774421d6d4181e03ba92a5f1de849aa426c25fb627d07ac7544448d142fe96c60b2f1e362d39abd751d

Download Submit
C:\Windows\system\DuFvtys.exe

Filesize
6.0MB

MD5
ba073d0c37fb23ce847e58158277a964

SHA1
94d1d71856a7c9d27a6ac6ebfd569c09d0c58779

SHA256
7f0691746e07b1e8d69fa0ce94e769fe4576a55504767ec8232e7af63ee3b9b0

SHA512
41abe617d2d1bc1da71bc4746a3cace968dbd11c9338fe7eb3dd46b4ff93f7de4e6a9eed74c32abdb78d20b4d962602a61c04ab79c5a67b3e7df1be83a8b0003

Download Submit
C:\Windows\system\HLZTqeJ.exe

Filesize
6.0MB

MD5
8abe8f201c1003cfb9d6166d1be7770f

SHA1
697e37547682925eda02d65c4694d58371539496

SHA256
fe3178aed6e69651edc9662d8703c9e805aa9db5f44d021e4de9895881b66066

SHA512
eb967efd7753d40991bd4d3dc31832cee84c007c6a376b525e31e3336fb9823260ccd37375db60ef89d8177374d4091f814468cdccc4de9f7ea760e11cd7dd51

Download Submit
C:\Windows\system\JIHmgLQ.exe

Filesize
6.0MB

MD5
eb3dfe5073d8dac5f4e4e7dbf96ac723

SHA1
0b532914fbfcfc73ead994031c6be9d746846fa0

SHA256
b55eacec1acd31d4a20a9a660cbc4c9ed055fc5edc074ac3441a4c2baf3f3e1b

SHA512
1a85b40234336c92cd2a1f12b3698d1e5ecf8b69d1f4c453fefb2bb684bd71cd0b2d1352583a24262b9ead0f335ca0e50948298a48e620875e2c62a392a291e5

Download Submit
C:\Windows\system\JhGkgQp.exe

Filesize
6.0MB

MD5
8e18ed6e7d8411bb4c0b11c488beb34f

SHA1
21f895155236a371efeeef793e7b2425f28a18e0

SHA256
6b051f713659e0ef67ec745e308491c2bdec52b9b1dfa29d7411c3e88cd325f8

SHA512
23ab20963590171fc795dd51b8a9449e4e7af2a87aec8ac83e70e606dc793f3457a08237f1290376bc9c4103f8914055f98dd879d1c59aef3be0bf34b0c98aac

Download Submit
C:\Windows\system\LPtqiWp.exe

Filesize
6.0MB

MD5
8ac740567a1537856655847b79297b02

SHA1
433c4ae1ca572bd8785d4d9f912a727494373f72

SHA256
95ef390fcc49f763947c31fbbf0b0fca42dd4f5fca141253d8152210b3d1f871

SHA512
df1c348d9ea0ffabb07293f4105953b2d89cd009870c738eb6237eeb76ff4be51d432be31dfb1aed9b438f22ba56a79a0c284d368b6c63797117e5ef1dd8916a

Download Submit
C:\Windows\system\MUgCSfL.exe

Filesize
6.0MB

MD5
3d47a03e86ce002921bc0fe56e950109

SHA1
7b99c932e5db8e145e14133df822a1813499165e

SHA256
3d10881487746f649ca2beae870770214fdd2a731de38ba2fa9774c58b3de056

SHA512
e6230cfa9cac43cbcbe4f3d95a6610f7c31c0086f801fe7f5487fb5da6bc2e929be2028a14295ce6b477f6f0f8538d0b32709819b01849fffa117332da19c1d2

Download Submit
C:\Windows\system\OqulbtD.exe

Filesize
6.0MB

MD5
af96c6e9f0ee68170b9d2268b2174e5a

SHA1
fda505cd16eb2af0a7dd81371158d4609951051c

SHA256
f0b239fa688b1615827b70f921463f0a8f9e2de0be9760438c4a0d1b9d32cb75

SHA512
aab87cc804ac7186f301ebd688ecf7bf48be44bae60b5b50ff0ded958ea71608b06256f69087e6a8640e9e26dab4b476f15f207da359433e3d03ae20b0132dcc

Download Submit
C:\Windows\system\Pddumvr.exe

Filesize
6.0MB

MD5
3d4b42ddf5e257ef13134bd493c4cf2f

SHA1
06b52634b5fd13b2129fe95a77c3f69678ae9f72

SHA256
541fee8a08bcb3e8b6862a09e0e70f36c802afe93a1dde84cf42eb74b125ccd5

SHA512
345b2966332dd654665a67d78f78db95725314e3b7934147edbe3853b1b7caa06861a46a203ff7600f3b16f419c27161075d7af90c4156f7775756fc4b5ce5d1

Download Submit
C:\Windows\system\PhaHndg.exe

Filesize
6.0MB

MD5
2b575e2f42a8cf78905995b7ebdaf910

SHA1
1eb15037640db5133f5a36aa01086a6ba71a711b

SHA256
25ef956810657b1a328db02c4ea7b86b104b9bc1601f1e1340d3bf514983305b

SHA512
d90c2e19bafb0f5c911dbf0ae7f2de9a161321db432314c9cdb3da118d28b62359697787e12286c67eb28804ed352dc80e7d5978229b35c0aafdc7929c51e1ac

Download Submit
C:\Windows\system\TOGtMIL.exe

Filesize
6.0MB

MD5
7149a6452a80b275dc7304922efe2734

SHA1
6df9e1d2a80b8da1a5055f90ab9e25be977bef4a

SHA256
b6006992db160dfc56e225ca9dee6cc18a26861921157fd746d1eb55b066a60e

SHA512
0aaa4e0f04fd326f83663feeef53931c4e022bc6e4df694c31b675701c10b8ee51e748b22fe409f8476933e23a89ce258f8b641759d697bc3f70495b1a3358c2

Download Submit
C:\Windows\system\dgxUvJA.exe

Filesize
6.0MB

MD5
bac3350be2f1413523eda9f0ade5b363

SHA1
7cb9b20f875a0c1b3faaa01930ff1b72c1c95aa9

SHA256
83fa5c8029b1685f8d75c6750beab0e0b50fddbfd92f8486ef05666630c56c57

SHA512
c4236c1e7e84752a12bba3645755aa1841f97a942eef0ac6b6452f1e53ecf41c540d68a1fbd97a605b417b27fc7bb347c7b26b64844e99822dee3bb8d29bf2b5

Download Submit
C:\Windows\system\feJCKRa.exe

Filesize
6.0MB

MD5
92794b30469f16e0cec956e448b9d009

SHA1
e477cd884ba84acd0bc4b5501cb36f192e6bf889

SHA256
04fcda860460bdb66777dfa0f0cea73bcadebcb2a39a3bca561d0bb8ce6c36b9

SHA512
38c3b6b456a952f00ec43847e6bf9a7dfd6dbb7f26c1e244af5aae5303d85f96da57c0ca0bf32135732eaead71950a5f1f91881ff5c80f2c99a910234d84a183

Download Submit
C:\Windows\system\kkilgeD.exe

Filesize
6.0MB

MD5
8232cfe9ede006b0ef8e83851b1dfd26

SHA1
186d091478d3dced43dc5deb7209ef47c3f1c5ae

SHA256
ae5d1d1d3db4b0eb530ca73c0eead701b833a745b967b2609c60ae9f456f9c1a

SHA512
679065b65b251d61ae26e52c6320d63f903bb1d1a08db21ca949795acbcf53a7318e55a63a733bf453305538e88425f8423566599699ef9ebce5f6e348f2ce10

Download Submit
C:\Windows\system\nrKpiiz.exe

Filesize
6.0MB

MD5
5ba3799bfe9d2de92721622209adbd60

SHA1
8ef044077effd0893ce412ce22061009ac38f982

SHA256
664401e15db2ab5e5191268e36becf0a59e542452971575e8f03116ad6eca4fe

SHA512
8b147d93171817e645d4f62378cad85cdeae53d450829b8c5c04191bf8e590d6dfee16add6c996e6ba6d3010bbe089bfd533520ebc02132066fd0e0c30d2cfa7

Download Submit
C:\Windows\system\oVjVfTy.exe

Filesize
6.0MB

MD5
2361da4420f59ae887c6f9a27ba760b5

SHA1
97699a19629d2c14a4c13067934c391b31e6069d

SHA256
705b83a19f5795df3cf7ec28520ea46d209d3a0b9ee122c5537f16848e40070a

SHA512
db4ae7afc560464bafc80017687a7dcf7e5a083bc05eb3e7a64612aa4298c7097e5d4bb5d6807dba13db12be933a8ca664d18c2ffef09c44b3fe632afefc0221

Download Submit
C:\Windows\system\pxDKQVM.exe

Filesize
6.0MB

MD5
de43f62883fec8a9394f563faa298e1f

SHA1
d1c59a3eba748421a47d336afe78efb0c39c3dd5

SHA256
3c66922b6354403da07d97ee0d09a92ecd7939953bd1ae6eadb63c9a02d16f6a

SHA512
790d31874b5be8de2fd724b09c28420cb770310ad9a5586a083d796f39eee8e75085359e34e89d0040c37720244509cd1a9ec7cd91c205e4575a395e2930efcd

Download Submit
C:\Windows\system\qgMPgLB.exe

Filesize
6.0MB

MD5
5f74a0e238b159c21cc82a6d55e04af2

SHA1
d5b5f7a7f63277e14fc1ec007878aedd7bc58a58

SHA256
c5c3113def63e0c3c5af1139695bf1d19ae348e652723a94299e5ba597b740b0

SHA512
597e9213df4da42777c06b10245de21bdf79520f890a9e62acf3ae3d39b0f6baa589b578518d99b1bd4f5c1a00145226b5cb132a9ace59685e4a5be37809ee55

Download Submit
C:\Windows\system\sIBmZZb.exe

Filesize
6.0MB

MD5
e7ce245c80dfcfb8d5a0f86f0d733ddb

SHA1
dabfd8c037a15d027d4ef3bbc7b7736960fd6cf3

SHA256
7e4158b34610c5059071bd15edce271bb187bb30b91c75c6c469a805fbc92263

SHA512
0fdb673eac9c164d2a10f802943fa6b6d6ee6ea1209bb5c4955da0132cb69eeb4803fab64b7b2d64d48c66b9cd27ddf2e75ee72d73a6f8282dd27ebadc74ccab

Download Submit
C:\Windows\system\tJCoXcP.exe

Filesize
6.0MB

MD5
028fb063bb20897abbf02b058d5a8b16

SHA1
6dc8df7ef4b4b25aabb642025e7f9daeb595ff9f

SHA256
3ec883d5b930ea85004a157f9e51f09855a75bc954fcc4826c2c06f1f4cc1134

SHA512
d171078102f3ad79b1a2a08134d6897cba649b9c6d633ff335bd095d7e80e2771d6e061757ef4d55a3496ac9b83e231dfc56124d9d688ecbee83e22c73a1d6a4

Download Submit
C:\Windows\system\vjvnOER.exe

Filesize
6.0MB

MD5
cd67687ff889d80023e4f61bfe1a70fc

SHA1
255bbe722f2daf99e9fa9e46f9ea7fe9738fefdf

SHA256
161808238e1afce7b1c96ba210e43e3c174292ca5e6ec92fc04904036ca7769c

SHA512
677e30c1f71f9b95cc5d0a51f541e6b2b57b5713fac11da6288f5073fa11ffc968f9d89ebdc9e8c6e815de5674175dcebd8b711664f33cdf830e8b713800c5e3

Download Submit
\Windows\system\BRNjfyG.exe

Filesize
6.0MB

MD5
69e4cf5a6b2921f990843ea2a4638ac2

SHA1
7931cd01e700c065c116c89eccbdf450b5a1e919

SHA256
5f6fb7c0a7cf4a91809ec976407addd3de352d83583fc7013e4a97cfaad98190

SHA512
98796f5915a471ecfc3a9ba061a0d9fbd7fcf1e8553ab1e80189da3710d81354481184470df655e32d9fb3c5d7291bac6cee43baa6f0a85102d2d80b14cd0ce4

Download Submit
\Windows\system\JmVfHLG.exe

Filesize
6.0MB

MD5
988220b3d33dbe22ff1f1061979f652e

SHA1
2060f21bd3a3dd060ab78aa672788e7d3fc54fe9

SHA256
e16b71b89210832e64bda76ded8b7be9a647d2e6d0ec7c8dd17c2648085a2dd3

SHA512
b79da623bb5fa3d1827a05733fae2f2a073c125093b58a91eb58d37512db39b62c249994136050ec6b651acd4de4ec220e73094a439bb4a8702e49f9861e021d

Download Submit
\Windows\system\QZPGJAX.exe

Filesize
6.0MB

MD5
2abac5cd285ca008e16a8a2b716a2f27

SHA1
8d6dcdfd6623fb562f7fc42ddb1094f74f559c32

SHA256
4d43b0a47a456d3bb6328997fd88c0407cfaf0309fb742cb7b9141716d84373f

SHA512
4161212cc1a46c86db7eebd84e894e945b1d6864d915835e5451e0017fb9e3b3e24fb04bd5e07fe05e3570252c8b4597a08ba08fa3e164b084e3728cb3b450a0

Download Submit
\Windows\system\XQcFvCW.exe

Filesize
6.0MB

MD5
d5231c7fd732334ca6160e6b9cbe7ba8

SHA1
4e257da3f2efe0f2101bb84993b65b65d894ffe1

SHA256
18fa6875a6740366cd9021c3736dd4219ab4bae2ab143fa788527dc75aab4725

SHA512
7fad6a45dafd6b47c494fac138898b4ae8669e4b06b6aa69ff7bacee0e4e64c7ec911cc5ee7e20049bf9521c8195e84bcb99a9ceb6ce138ffac3cffae113d68b

Download Submit
\Windows\system\YipnMeS.exe

Filesize
6.0MB

MD5
8cda38ea8269ec99290f74b661a55656

SHA1
5711277b2f6a46622ea5df7c1ef03635f4d5a32d

SHA256
3175dc4f078226b7d47d6256eff66d5927f6efaa19573a952dd1a73d34d7d514

SHA512
dfe0dde226ac55ff49a36edd09a4c159b202acfdc30e1d0af6b061404c2754c02bc86ca7f605ada079ba897e0637c8827a5b45ad8bc6395795091f4ab7ce7c4c

Download Submit
\Windows\system\YwuVYuu.exe

Filesize
6.0MB

MD5
3d574c1385ceced7cb00824de2e543ac

SHA1
b0ed0f0bbd36bab8a6490d7ec62b19fd2205874d

SHA256
b2559a107c6eed314f4336d2566fce47d06a7dad74657f7fb32d11a5f3613aca

SHA512
5c2c0a0ae5c6ea10b3cf4ca16da88eee19bc59287bb03a5337c4bdefbfecbcf550528ecabe0a193dbdc3a2ebad4f0efec9689c4be82da9e3c87907a588aee1d3

Download Submit
\Windows\system\cOkOOHL.exe

Filesize
6.0MB

MD5
6d2c740fdfdc66cd5d94fcf6f9df2a86

SHA1
a36364963a615aa226ff58f237b84d3da3069647

SHA256
e8770bb21a213643b8a88aab3697ccf5bd5a8bcfa0330b92fbad26e97bd13e52

SHA512
4693643933bf0739ac46df0d0e1fa487a93433ab2f6e58afabc63526650698e98ea1526158ae7760ce4b9a3b8386d7500ed63c6203e96637099fc6c0b26deca1

Download Submit
\Windows\system\kWrlZGR.exe

Filesize
6.0MB

MD5
0a7df4d08c4459353df74508f1dab8e1

SHA1
03d0e1037cb6c12b688887f76279e236ef742feb

SHA256
9dbce922be1c8702057c7a6b5b94a9efad889992fe024c68448c5416ab5a4093

SHA512
20bdf2818e177468cefb751d789fcbefac740a586b92e028ee285c6aa2bc921cd8ea22a011db78160c0f5323330b79b2194814d9704d055e5e795440bf79df37

Download Submit
\Windows\system\lFpfWcJ.exe

Filesize
6.0MB

MD5
4fede9cefec9116e37689c1f668dcde2

SHA1
0045c445922ea987dc88a26f9c79c32f564b66e3

SHA256
b7197be0302d33f0d38187e273652fa71c3d32f993eeced442af6ad1d88550d3

SHA512
5ce12954a370c3e577bcef82df5032a1e75dd3ed8e1e88c8a13b2a171abe98ae7e7276595d1ca90db001b90c2cd2a3093b553130829ee5101aecdded4a2e18f2

Download Submit
\Windows\system\vjzJjFn.exe

Filesize
6.0MB

MD5
c019dbdddb9146bd540de18b9761b573

SHA1
b1b1343ee468661eeb68fa1a28b35e50e3704ee6

SHA256
924cc619cd1c7a33c858c7414e0ea2eef3fb9b3b0cc2a14a36d76825568d0288

SHA512
e7d5251f4ffad6cbb1ec6e297c0f17c74fdaf02141fb91854ea7b57f45df182c390f30fd4561c2405b98aae77bc87f601d858d23f28c65103ca078645d9b3446

Download Submit
memory/1952-4005-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/1952-370-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/1952-31-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2368-4001-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2368-14-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2396-17-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-4002-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-78-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-11-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2484-37-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-540-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-146-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-39-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-42-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2484-0-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2484-57-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2484-121-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-1037-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-100-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2484-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2484-1040-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-1035-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-66-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-1028-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2484-123-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2484-118-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-1029-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-110-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-50-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2592-4008-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2592-142-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2656-117-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4011-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2752-906-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2752-47-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2752-4007-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2804-40-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2804-662-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2804-4006-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2820-116-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-4012-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-135-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-4009-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-29-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2948-109-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2948-4004-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2964-36-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-4003-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-4010-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2972-911-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2972-61-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download