cobaltstrike | 1992a813e35eb6eaed4530f83106c9a2a2223d87fc7beced24b79d5c950cbc2a

Analysis

max time kernel
108s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02-02-2025 02:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

83b5d68c167dfeaaa79938db044892fc
SHA1

9037c0888745566104d0c396022920064e81531c
SHA256

1992a813e35eb6eaed4530f83106c9a2a2223d87fc7beced24b79d5c950cbc2a
SHA512

bcc782b1abbef4110d2137b8ae408174a8233249c41a930331fccee4238a50c6d1951b64447cd28dc35a62ca5cafdaa38073cddf9f391a7f62ae0c2cb70d8e77
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUO:T+q56utgpPF8u/7O

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fd-6.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186ca-8.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186d9-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018710-26.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018766-32.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-197.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-68.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018bf3-67.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001933b-61.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b62-46.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018780-37.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1740-0-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-6.dat	xmrig
behavioral1/files/0x00070000000186ca-8.dat	xmrig
behavioral1/memory/2352-21-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/1376-22-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/files/0x00070000000186d9-10.dat	xmrig
behavioral1/files/0x0007000000018710-26.dat	xmrig
behavioral1/files/0x0006000000018766-32.dat	xmrig
behavioral1/memory/2744-34-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/3020-39-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2904-69-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/1552-78-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/3020-83-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2472-91-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d8e-146.dat	xmrig
behavioral1/memory/2968-989-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/1740-1124-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2472-772-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2432-564-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/1740-563-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/1552-382-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41d-191.dat	xmrig
behavioral1/files/0x000500000001a359-183.dat	xmrig
behavioral1/files/0x000500000001a09e-176.dat	xmrig
behavioral1/files/0x000500000001a41e-197.dat	xmrig
behavioral1/files/0x000500000001a075-166.dat	xmrig
behavioral1/files/0x0005000000019f8a-156.dat	xmrig
behavioral1/files/0x000500000001a41b-189.dat	xmrig
behavioral1/files/0x000500000001a307-180.dat	xmrig
behavioral1/files/0x000500000001a07e-170.dat	xmrig
behavioral1/files/0x0005000000019f94-160.dat	xmrig
behavioral1/files/0x0005000000019dbf-151.dat	xmrig
behavioral1/files/0x0005000000019cba-137.dat	xmrig
behavioral1/files/0x0005000000019cca-141.dat	xmrig
behavioral1/files/0x0005000000019c3e-127.dat	xmrig
behavioral1/files/0x0005000000019c34-124.dat	xmrig
behavioral1/files/0x0005000000019c57-130.dat	xmrig
behavioral1/files/0x0005000000019c3c-120.dat	xmrig
behavioral1/memory/2640-112-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2804-111-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2412-103-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019926-108.dat	xmrig
behavioral1/memory/2968-102-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x00050000000196a1-100.dat	xmrig
behavioral1/memory/2432-85-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/files/0x000500000001961e-81.dat	xmrig
behavioral1/memory/1740-90-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019667-88.dat	xmrig
behavioral1/memory/2744-76-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2640-71-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2804-70-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/files/0x000500000001961c-75.dat	xmrig
behavioral1/files/0x000500000001960c-68.dat	xmrig
behavioral1/files/0x0009000000018bf3-67.dat	xmrig
behavioral1/memory/2412-66-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/1740-64-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/2952-63-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/files/0x000700000001933b-61.dat	xmrig
behavioral1/memory/1740-58-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/1740-50-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2888-49-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b62-46.dat	xmrig
behavioral1/files/0x0006000000018780-37.dat	xmrig
behavioral1/memory/2904-28-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1376	mwsfMgZ.exe
2952	UdFpXph.exe
2352	OXcRrOK.exe
2904	wSqZSIh.exe
2744	aUFAtJt.exe
3020	TIsbFkZ.exe
2888	wwbwXOe.exe
2412	OaltDjy.exe
2804	grRSGEL.exe
2640	iGNEzGc.exe
1552	ioZluVh.exe
2432	UoZfwXx.exe
2472	WRcQKjb.exe
2968	IDRUDlu.exe
1064	qvIzXFr.exe
2880	ZhmFDhE.exe
1664	BuygMTu.exe
2956	oeuTzOO.exe
2104	mfwTiQj.exe
2076	bjXQPoj.exe
2520	KHKqrPg.exe
1972	izjIzQx.exe
1016	OvtaELs.exe
1308	iryfckN.exe
940	IISZaAg.exe
2252	nPhITae.exe
2080	UuXvgjf.exe
1668	pfJoois.exe
904	RBLMTAW.exe
1644	wtPfmQj.exe
1836	cVkNrcu.exe
2992	cnXCTCY.exe
2452	ilbmyFf.exe
544	FSqFIQl.exe
2596	RHUaJHE.exe
2464	mOGUIqv.exe
2588	hckTBqg.exe
1684	QQCriqH.exe
3028	ECINuMC.exe
1008	asBkbyo.exe
1052	ftbOtsL.exe
2068	piPdurU.exe
1584	OWWiHFE.exe
932	gUBVGSa.exe
648	KsCwHSz.exe
2724	uEmGWbu.exe
836	zNSRofb.exe
2572	bcBcILp.exe
1508	IsbKpxY.exe
884	yQdRCdc.exe
3060	beIcyGJ.exe
1592	WUMpfYm.exe
3068	EOJbhvr.exe
2132	gYXyDvO.exe
2836	HinYTIb.exe
3024	kwnDaCx.exe
2908	gxeXRkw.exe
2828	tIoNUMh.exe
2656	FZbOOgk.exe
2580	IyamEtf.exe
1676	lAgrQaS.exe
1356	MpqANbN.exe
1112	BFfhAaJ.exe
2072	yQtOcjW.exe

Loads dropped DLL 64 IoCs

pid	Process
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1740-0-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-6.dat	upx
behavioral1/files/0x00070000000186ca-8.dat	upx
behavioral1/memory/2352-21-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/1376-22-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x00070000000186d9-10.dat	upx
behavioral1/files/0x0007000000018710-26.dat	upx
behavioral1/files/0x0006000000018766-32.dat	upx
behavioral1/memory/2744-34-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/3020-39-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2904-69-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/1552-78-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/3020-83-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2472-91-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x0005000000019d8e-146.dat	upx
behavioral1/memory/2968-989-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2472-772-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2432-564-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/1552-382-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/files/0x000500000001a41d-191.dat	upx
behavioral1/files/0x000500000001a359-183.dat	upx
behavioral1/files/0x000500000001a09e-176.dat	upx
behavioral1/files/0x000500000001a41e-197.dat	upx
behavioral1/files/0x000500000001a075-166.dat	upx
behavioral1/files/0x0005000000019f8a-156.dat	upx
behavioral1/files/0x000500000001a41b-189.dat	upx
behavioral1/files/0x000500000001a307-180.dat	upx
behavioral1/files/0x000500000001a07e-170.dat	upx
behavioral1/files/0x0005000000019f94-160.dat	upx
behavioral1/files/0x0005000000019dbf-151.dat	upx
behavioral1/files/0x0005000000019cba-137.dat	upx
behavioral1/files/0x0005000000019cca-141.dat	upx
behavioral1/files/0x0005000000019c3e-127.dat	upx
behavioral1/files/0x0005000000019c34-124.dat	upx
behavioral1/files/0x0005000000019c57-130.dat	upx
behavioral1/files/0x0005000000019c3c-120.dat	upx
behavioral1/memory/2640-112-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2804-111-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2412-103-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/files/0x0005000000019926-108.dat	upx
behavioral1/memory/2968-102-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x00050000000196a1-100.dat	upx
behavioral1/memory/2432-85-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/files/0x000500000001961e-81.dat	upx
behavioral1/files/0x0005000000019667-88.dat	upx
behavioral1/memory/2744-76-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2640-71-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2804-70-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/files/0x000500000001961c-75.dat	upx
behavioral1/files/0x000500000001960c-68.dat	upx
behavioral1/files/0x0009000000018bf3-67.dat	upx
behavioral1/memory/2412-66-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2952-63-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/files/0x000700000001933b-61.dat	upx
behavioral1/memory/1740-50-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2888-49-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/files/0x0007000000018b62-46.dat	upx
behavioral1/files/0x0006000000018780-37.dat	upx
behavioral1/memory/2904-28-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2952-19-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/1376-3587-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2968-3586-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2472-3588-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2744-3590-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XVdqLNb.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PPmzxPk.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fzpaedS.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gmJiCrm.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iFicMbz.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\paIJbrQ.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jEfkBMO.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TArwglI.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MZabktw.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qULglnG.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ODcYFnR.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vddGumc.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lKKdjEH.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AONkceJ.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Fudmdqq.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ijZnGig.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gXxnTdU.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yzLddWF.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tUlZhWd.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jSnjFns.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wtPfmQj.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VAJwYWN.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dnnoYYR.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iMkAuGk.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SygDYVY.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BEvqUsF.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uzwPRvP.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cVkNrcu.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ilbmyFf.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CsqchWH.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TIqsuRP.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gdkgLyi.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CoZFyBj.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BIyQRNy.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KHhDtSh.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RgQpUzc.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aqhbyNU.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Cbelkht.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPqiENE.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gETHcuW.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\izjIzQx.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TZRTHGH.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dopLZET.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fhydWIM.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oEbjDeY.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rzgeltr.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RnGjZjV.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\degGVRG.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgwjZue.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xMJRnqA.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qQHiMWu.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jAHxsGG.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QeaLEEC.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBuQGFi.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XufeSGs.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TSoCTWt.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjxJjEX.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bwCSStS.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYFZnBo.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZvVUAvZ.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iWsJhGX.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHSccfA.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pMFsfCC.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hpqdGmQ.exe	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 1376	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1740 wrote to memory of 1376	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1740 wrote to memory of 1376	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1740 wrote to memory of 2952	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1740 wrote to memory of 2952	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1740 wrote to memory of 2952	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1740 wrote to memory of 2352	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1740 wrote to memory of 2352	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1740 wrote to memory of 2352	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1740 wrote to memory of 2904	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1740 wrote to memory of 2904	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1740 wrote to memory of 2904	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1740 wrote to memory of 2744	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1740 wrote to memory of 2744	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1740 wrote to memory of 2744	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1740 wrote to memory of 3020	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1740 wrote to memory of 3020	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1740 wrote to memory of 3020	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1740 wrote to memory of 2888	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1740 wrote to memory of 2888	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1740 wrote to memory of 2888	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1740 wrote to memory of 2804	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1740 wrote to memory of 2804	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1740 wrote to memory of 2804	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1740 wrote to memory of 2412	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1740 wrote to memory of 2412	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1740 wrote to memory of 2412	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1740 wrote to memory of 2640	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1740 wrote to memory of 2640	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1740 wrote to memory of 2640	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1740 wrote to memory of 1552	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1740 wrote to memory of 1552	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1740 wrote to memory of 1552	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1740 wrote to memory of 2432	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1740 wrote to memory of 2432	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1740 wrote to memory of 2432	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1740 wrote to memory of 2472	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1740 wrote to memory of 2472	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1740 wrote to memory of 2472	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1740 wrote to memory of 2968	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1740 wrote to memory of 2968	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1740 wrote to memory of 2968	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1740 wrote to memory of 1064	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1740 wrote to memory of 1064	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1740 wrote to memory of 1064	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1740 wrote to memory of 1664	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1740 wrote to memory of 1664	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1740 wrote to memory of 1664	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1740 wrote to memory of 2880	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1740 wrote to memory of 2880	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1740 wrote to memory of 2880	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1740 wrote to memory of 2956	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1740 wrote to memory of 2956	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1740 wrote to memory of 2956	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1740 wrote to memory of 2104	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1740 wrote to memory of 2104	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1740 wrote to memory of 2104	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1740 wrote to memory of 2076	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1740 wrote to memory of 2076	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1740 wrote to memory of 2076	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1740 wrote to memory of 2520	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1740 wrote to memory of 2520	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1740 wrote to memory of 2520	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1740 wrote to memory of 1972	1740	2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-02_83b5d68c167dfeaaa79938db044892fc_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Windows\System\mwsfMgZ.exe
  C:\Windows\System\mwsfMgZ.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\UdFpXph.exe
  C:\Windows\System\UdFpXph.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\OXcRrOK.exe
  C:\Windows\System\OXcRrOK.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\wSqZSIh.exe
  C:\Windows\System\wSqZSIh.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\aUFAtJt.exe
  C:\Windows\System\aUFAtJt.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\TIsbFkZ.exe
  C:\Windows\System\TIsbFkZ.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\wwbwXOe.exe
  C:\Windows\System\wwbwXOe.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\grRSGEL.exe
  C:\Windows\System\grRSGEL.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\OaltDjy.exe
  C:\Windows\System\OaltDjy.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\iGNEzGc.exe
  C:\Windows\System\iGNEzGc.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\ioZluVh.exe
  C:\Windows\System\ioZluVh.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\UoZfwXx.exe
  C:\Windows\System\UoZfwXx.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\WRcQKjb.exe
  C:\Windows\System\WRcQKjb.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\IDRUDlu.exe
  C:\Windows\System\IDRUDlu.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\qvIzXFr.exe
  C:\Windows\System\qvIzXFr.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\BuygMTu.exe
  C:\Windows\System\BuygMTu.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\ZhmFDhE.exe
  C:\Windows\System\ZhmFDhE.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\oeuTzOO.exe
  C:\Windows\System\oeuTzOO.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\mfwTiQj.exe
  C:\Windows\System\mfwTiQj.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\bjXQPoj.exe
  C:\Windows\System\bjXQPoj.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\KHKqrPg.exe
  C:\Windows\System\KHKqrPg.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\izjIzQx.exe
  C:\Windows\System\izjIzQx.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\OvtaELs.exe
  C:\Windows\System\OvtaELs.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\iryfckN.exe
  C:\Windows\System\iryfckN.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\IISZaAg.exe
  C:\Windows\System\IISZaAg.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\nPhITae.exe
  C:\Windows\System\nPhITae.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\UuXvgjf.exe
  C:\Windows\System\UuXvgjf.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\pfJoois.exe
  C:\Windows\System\pfJoois.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\RBLMTAW.exe
  C:\Windows\System\RBLMTAW.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\cnXCTCY.exe
  C:\Windows\System\cnXCTCY.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\wtPfmQj.exe
  C:\Windows\System\wtPfmQj.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\RHUaJHE.exe
  C:\Windows\System\RHUaJHE.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\cVkNrcu.exe
  C:\Windows\System\cVkNrcu.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\mOGUIqv.exe
  C:\Windows\System\mOGUIqv.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\ilbmyFf.exe
  C:\Windows\System\ilbmyFf.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\hckTBqg.exe
  C:\Windows\System\hckTBqg.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\FSqFIQl.exe
  C:\Windows\System\FSqFIQl.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\QQCriqH.exe
  C:\Windows\System\QQCriqH.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\ECINuMC.exe
  C:\Windows\System\ECINuMC.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\ftbOtsL.exe
  C:\Windows\System\ftbOtsL.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\asBkbyo.exe
  C:\Windows\System\asBkbyo.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\OWWiHFE.exe
  C:\Windows\System\OWWiHFE.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\piPdurU.exe
  C:\Windows\System\piPdurU.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\gUBVGSa.exe
  C:\Windows\System\gUBVGSa.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\KsCwHSz.exe
  C:\Windows\System\KsCwHSz.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\zNSRofb.exe
  C:\Windows\System\zNSRofb.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\uEmGWbu.exe
  C:\Windows\System\uEmGWbu.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\bcBcILp.exe
  C:\Windows\System\bcBcILp.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\IsbKpxY.exe
  C:\Windows\System\IsbKpxY.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\yQdRCdc.exe
  C:\Windows\System\yQdRCdc.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\beIcyGJ.exe
  C:\Windows\System\beIcyGJ.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\WUMpfYm.exe
  C:\Windows\System\WUMpfYm.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\EOJbhvr.exe
  C:\Windows\System\EOJbhvr.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\gYXyDvO.exe
  C:\Windows\System\gYXyDvO.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\HinYTIb.exe
  C:\Windows\System\HinYTIb.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\kwnDaCx.exe
  C:\Windows\System\kwnDaCx.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\gxeXRkw.exe
  C:\Windows\System\gxeXRkw.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\tIoNUMh.exe
  C:\Windows\System\tIoNUMh.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\FZbOOgk.exe
  C:\Windows\System\FZbOOgk.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\IyamEtf.exe
  C:\Windows\System\IyamEtf.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\lAgrQaS.exe
  C:\Windows\System\lAgrQaS.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\MpqANbN.exe
  C:\Windows\System\MpqANbN.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\BFfhAaJ.exe
  C:\Windows\System\BFfhAaJ.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\yQtOcjW.exe
  C:\Windows\System\yQtOcjW.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\xHoeSyb.exe
  C:\Windows\System\xHoeSyb.exe
  2⤵
  PID:2004
- C:\Windows\System\BVhCYxW.exe
  C:\Windows\System\BVhCYxW.exe
  2⤵
  PID:2436
- C:\Windows\System\jUyeRVa.exe
  C:\Windows\System\jUyeRVa.exe
  2⤵
  PID:2524
- C:\Windows\System\FWeDZWt.exe
  C:\Windows\System\FWeDZWt.exe
  2⤵
  PID:1496
- C:\Windows\System\cNsHVpl.exe
  C:\Windows\System\cNsHVpl.exe
  2⤵
  PID:1992
- C:\Windows\System\joEcnKk.exe
  C:\Windows\System\joEcnKk.exe
  2⤵
  PID:2620
- C:\Windows\System\cxAvkCs.exe
  C:\Windows\System\cxAvkCs.exe
  2⤵
  PID:2228
- C:\Windows\System\YSWLyDm.exe
  C:\Windows\System\YSWLyDm.exe
  2⤵
  PID:2220
- C:\Windows\System\CdKmdYF.exe
  C:\Windows\System\CdKmdYF.exe
  2⤵
  PID:2172
- C:\Windows\System\LsTQXGQ.exe
  C:\Windows\System\LsTQXGQ.exe
  2⤵
  PID:592
- C:\Windows\System\zosKwqj.exe
  C:\Windows\System\zosKwqj.exe
  2⤵
  PID:1708
- C:\Windows\System\VVBEkVu.exe
  C:\Windows\System\VVBEkVu.exe
  2⤵
  PID:2324
- C:\Windows\System\TJHuTsI.exe
  C:\Windows\System\TJHuTsI.exe
  2⤵
  PID:936
- C:\Windows\System\RNByAoh.exe
  C:\Windows\System\RNByAoh.exe
  2⤵
  PID:780
- C:\Windows\System\WmzPTFl.exe
  C:\Windows\System\WmzPTFl.exe
  2⤵
  PID:1932
- C:\Windows\System\rJXghSu.exe
  C:\Windows\System\rJXghSu.exe
  2⤵
  PID:1348
- C:\Windows\System\fWQnSxq.exe
  C:\Windows\System\fWQnSxq.exe
  2⤵
  PID:2720
- C:\Windows\System\PFyEoQp.exe
  C:\Windows\System\PFyEoQp.exe
  2⤵
  PID:888
- C:\Windows\System\KoslTMX.exe
  C:\Windows\System\KoslTMX.exe
  2⤵
  PID:2392
- C:\Windows\System\RfDqnjx.exe
  C:\Windows\System\RfDqnjx.exe
  2⤵
  PID:3056
- C:\Windows\System\hdsUiOZ.exe
  C:\Windows\System\hdsUiOZ.exe
  2⤵
  PID:2304
- C:\Windows\System\CoZFyBj.exe
  C:\Windows\System\CoZFyBj.exe
  2⤵
  PID:1620
- C:\Windows\System\LfAqgCv.exe
  C:\Windows\System\LfAqgCv.exe
  2⤵
  PID:1616
- C:\Windows\System\jAHxsGG.exe
  C:\Windows\System\jAHxsGG.exe
  2⤵
  PID:2052
- C:\Windows\System\ZmRejst.exe
  C:\Windows\System\ZmRejst.exe
  2⤵
  PID:3000
- C:\Windows\System\bZkZImx.exe
  C:\Windows\System\bZkZImx.exe
  2⤵
  PID:852
- C:\Windows\System\PunhEgM.exe
  C:\Windows\System\PunhEgM.exe
  2⤵
  PID:1056
- C:\Windows\System\aXkGOQq.exe
  C:\Windows\System\aXkGOQq.exe
  2⤵
  PID:448
- C:\Windows\System\kLyzpcW.exe
  C:\Windows\System\kLyzpcW.exe
  2⤵
  PID:2060
- C:\Windows\System\dcZAXYs.exe
  C:\Windows\System\dcZAXYs.exe
  2⤵
  PID:1368
- C:\Windows\System\TSoCTWt.exe
  C:\Windows\System\TSoCTWt.exe
  2⤵
  PID:2972
- C:\Windows\System\HxYgJUt.exe
  C:\Windows\System\HxYgJUt.exe
  2⤵
  PID:2192
- C:\Windows\System\jWVMGSW.exe
  C:\Windows\System\jWVMGSW.exe
  2⤵
  PID:400
- C:\Windows\System\YRIjrCW.exe
  C:\Windows\System\YRIjrCW.exe
  2⤵
  PID:3088
- C:\Windows\System\cVDcjAe.exe
  C:\Windows\System\cVDcjAe.exe
  2⤵
  PID:3108
- C:\Windows\System\WixFyoi.exe
  C:\Windows\System\WixFyoi.exe
  2⤵
  PID:3132
- C:\Windows\System\eAgMcTO.exe
  C:\Windows\System\eAgMcTO.exe
  2⤵
  PID:3148
- C:\Windows\System\hyjYYDj.exe
  C:\Windows\System\hyjYYDj.exe
  2⤵
  PID:3168
- C:\Windows\System\LIcTrRU.exe
  C:\Windows\System\LIcTrRU.exe
  2⤵
  PID:3192
- C:\Windows\System\omztTDh.exe
  C:\Windows\System\omztTDh.exe
  2⤵
  PID:3216
- C:\Windows\System\BPMHFEv.exe
  C:\Windows\System\BPMHFEv.exe
  2⤵
  PID:3232
- C:\Windows\System\KtcSIPt.exe
  C:\Windows\System\KtcSIPt.exe
  2⤵
  PID:3260
- C:\Windows\System\xPTREaT.exe
  C:\Windows\System\xPTREaT.exe
  2⤵
  PID:3276
- C:\Windows\System\wuMxuFU.exe
  C:\Windows\System\wuMxuFU.exe
  2⤵
  PID:3292
- C:\Windows\System\BvTwbIn.exe
  C:\Windows\System\BvTwbIn.exe
  2⤵
  PID:3316
- C:\Windows\System\DsNuFbX.exe
  C:\Windows\System\DsNuFbX.exe
  2⤵
  PID:3332
- C:\Windows\System\WCTIneq.exe
  C:\Windows\System\WCTIneq.exe
  2⤵
  PID:3356
- C:\Windows\System\BJOPaEt.exe
  C:\Windows\System\BJOPaEt.exe
  2⤵
  PID:3376
- C:\Windows\System\CriQOpR.exe
  C:\Windows\System\CriQOpR.exe
  2⤵
  PID:3396
- C:\Windows\System\yNgoakG.exe
  C:\Windows\System\yNgoakG.exe
  2⤵
  PID:3420
- C:\Windows\System\dHisVWF.exe
  C:\Windows\System\dHisVWF.exe
  2⤵
  PID:3436
- C:\Windows\System\calUUOi.exe
  C:\Windows\System\calUUOi.exe
  2⤵
  PID:3456
- C:\Windows\System\TabYYke.exe
  C:\Windows\System\TabYYke.exe
  2⤵
  PID:3476
- C:\Windows\System\QcCvsbi.exe
  C:\Windows\System\QcCvsbi.exe
  2⤵
  PID:3496
- C:\Windows\System\WLOzOca.exe
  C:\Windows\System\WLOzOca.exe
  2⤵
  PID:3516
- C:\Windows\System\XYSmlId.exe
  C:\Windows\System\XYSmlId.exe
  2⤵
  PID:3532
- C:\Windows\System\HvgbNtZ.exe
  C:\Windows\System\HvgbNtZ.exe
  2⤵
  PID:3552
- C:\Windows\System\JbXqHyF.exe
  C:\Windows\System\JbXqHyF.exe
  2⤵
  PID:3580
- C:\Windows\System\cuLQeXv.exe
  C:\Windows\System\cuLQeXv.exe
  2⤵
  PID:3600
- C:\Windows\System\kmfOGoG.exe
  C:\Windows\System\kmfOGoG.exe
  2⤵
  PID:3620
- C:\Windows\System\tBJvkLS.exe
  C:\Windows\System\tBJvkLS.exe
  2⤵
  PID:3640
- C:\Windows\System\EgAqQim.exe
  C:\Windows\System\EgAqQim.exe
  2⤵
  PID:3656
- C:\Windows\System\kcdSPIU.exe
  C:\Windows\System\kcdSPIU.exe
  2⤵
  PID:3676
- C:\Windows\System\YadQEuQ.exe
  C:\Windows\System\YadQEuQ.exe
  2⤵
  PID:3696
- C:\Windows\System\UiXCKfF.exe
  C:\Windows\System\UiXCKfF.exe
  2⤵
  PID:3720
- C:\Windows\System\ZHqmpts.exe
  C:\Windows\System\ZHqmpts.exe
  2⤵
  PID:3736
- C:\Windows\System\rzgeltr.exe
  C:\Windows\System\rzgeltr.exe
  2⤵
  PID:3756
- C:\Windows\System\aexWYPa.exe
  C:\Windows\System\aexWYPa.exe
  2⤵
  PID:3776
- C:\Windows\System\lMOGpic.exe
  C:\Windows\System\lMOGpic.exe
  2⤵
  PID:3792
- C:\Windows\System\FUXPLSS.exe
  C:\Windows\System\FUXPLSS.exe
  2⤵
  PID:3820
- C:\Windows\System\qnfNpkS.exe
  C:\Windows\System\qnfNpkS.exe
  2⤵
  PID:3840
- C:\Windows\System\TuYYKPE.exe
  C:\Windows\System\TuYYKPE.exe
  2⤵
  PID:3856
- C:\Windows\System\DodAKfZ.exe
  C:\Windows\System\DodAKfZ.exe
  2⤵
  PID:3880
- C:\Windows\System\DFVvlrt.exe
  C:\Windows\System\DFVvlrt.exe
  2⤵
  PID:3896
- C:\Windows\System\vbvafPH.exe
  C:\Windows\System\vbvafPH.exe
  2⤵
  PID:3920
- C:\Windows\System\cvvTvmM.exe
  C:\Windows\System\cvvTvmM.exe
  2⤵
  PID:3936
- C:\Windows\System\vyeYaKs.exe
  C:\Windows\System\vyeYaKs.exe
  2⤵
  PID:3960
- C:\Windows\System\DQfecVU.exe
  C:\Windows\System\DQfecVU.exe
  2⤵
  PID:3980
- C:\Windows\System\zRlJOvT.exe
  C:\Windows\System\zRlJOvT.exe
  2⤵
  PID:3996
- C:\Windows\System\wYQPHlz.exe
  C:\Windows\System\wYQPHlz.exe
  2⤵
  PID:4020
- C:\Windows\System\iPLuoNk.exe
  C:\Windows\System\iPLuoNk.exe
  2⤵
  PID:4040
- C:\Windows\System\syyZqkS.exe
  C:\Windows\System\syyZqkS.exe
  2⤵
  PID:4056
- C:\Windows\System\qtFoRNR.exe
  C:\Windows\System\qtFoRNR.exe
  2⤵
  PID:4076
- C:\Windows\System\AoRDdhE.exe
  C:\Windows\System\AoRDdhE.exe
  2⤵
  PID:2468
- C:\Windows\System\juuFapB.exe
  C:\Windows\System\juuFapB.exe
  2⤵
  PID:1628
- C:\Windows\System\bvpiMsC.exe
  C:\Windows\System\bvpiMsC.exe
  2⤵
  PID:2156
- C:\Windows\System\sQlsvwi.exe
  C:\Windows\System\sQlsvwi.exe
  2⤵
  PID:2556
- C:\Windows\System\ILddNxm.exe
  C:\Windows\System\ILddNxm.exe
  2⤵
  PID:1492
- C:\Windows\System\OwehTLe.exe
  C:\Windows\System\OwehTLe.exe
  2⤵
  PID:1216
- C:\Windows\System\GNzFrzu.exe
  C:\Windows\System\GNzFrzu.exe
  2⤵
  PID:2840
- C:\Windows\System\SZXGwxA.exe
  C:\Windows\System\SZXGwxA.exe
  2⤵
  PID:2500
- C:\Windows\System\JUYFoQF.exe
  C:\Windows\System\JUYFoQF.exe
  2⤵
  PID:1968
- C:\Windows\System\qzFYQhV.exe
  C:\Windows\System\qzFYQhV.exe
  2⤵
  PID:1568
- C:\Windows\System\QHCMCZZ.exe
  C:\Windows\System\QHCMCZZ.exe
  2⤵
  PID:3052
- C:\Windows\System\IcTsUrD.exe
  C:\Windows\System\IcTsUrD.exe
  2⤵
  PID:2668
- C:\Windows\System\NhUeGBw.exe
  C:\Windows\System\NhUeGBw.exe
  2⤵
  PID:3080
- C:\Windows\System\vMMRYGj.exe
  C:\Windows\System\vMMRYGj.exe
  2⤵
  PID:3116
- C:\Windows\System\WbCpjiA.exe
  C:\Windows\System\WbCpjiA.exe
  2⤵
  PID:3164
- C:\Windows\System\OwfCWUu.exe
  C:\Windows\System\OwfCWUu.exe
  2⤵
  PID:3208
- C:\Windows\System\gkItrYE.exe
  C:\Windows\System\gkItrYE.exe
  2⤵
  PID:3096
- C:\Windows\System\zMvKBul.exe
  C:\Windows\System\zMvKBul.exe
  2⤵
  PID:3184
- C:\Windows\System\vobTmLU.exe
  C:\Windows\System\vobTmLU.exe
  2⤵
  PID:3252
- C:\Windows\System\DCqACIy.exe
  C:\Windows\System\DCqACIy.exe
  2⤵
  PID:3224
- C:\Windows\System\FmKcyTm.exe
  C:\Windows\System\FmKcyTm.exe
  2⤵
  PID:3324
- C:\Windows\System\AfqcdMD.exe
  C:\Windows\System\AfqcdMD.exe
  2⤵
  PID:3228
- C:\Windows\System\CniVmiY.exe
  C:\Windows\System\CniVmiY.exe
  2⤵
  PID:3300
- C:\Windows\System\MYWqMiM.exe
  C:\Windows\System\MYWqMiM.exe
  2⤵
  PID:3340
- C:\Windows\System\ZsKvADJ.exe
  C:\Windows\System\ZsKvADJ.exe
  2⤵
  PID:3388
- C:\Windows\System\bYAExOu.exe
  C:\Windows\System\bYAExOu.exe
  2⤵
  PID:3432
- C:\Windows\System\fPythaW.exe
  C:\Windows\System\fPythaW.exe
  2⤵
  PID:3464
- C:\Windows\System\kAxWzni.exe
  C:\Windows\System\kAxWzni.exe
  2⤵
  PID:3572
- C:\Windows\System\RVSCIWY.exe
  C:\Windows\System\RVSCIWY.exe
  2⤵
  PID:3540
- C:\Windows\System\Gfvxiox.exe
  C:\Windows\System\Gfvxiox.exe
  2⤵
  PID:3588
- C:\Windows\System\pemerQm.exe
  C:\Windows\System\pemerQm.exe
  2⤵
  PID:3596
- C:\Windows\System\iGwYWHi.exe
  C:\Windows\System\iGwYWHi.exe
  2⤵
  PID:3648
- C:\Windows\System\wJHlRvG.exe
  C:\Windows\System\wJHlRvG.exe
  2⤵
  PID:3664
- C:\Windows\System\wkIuUBj.exe
  C:\Windows\System\wkIuUBj.exe
  2⤵
  PID:3708
- C:\Windows\System\CpDGYNv.exe
  C:\Windows\System\CpDGYNv.exe
  2⤵
  PID:3752
- C:\Windows\System\qULglnG.exe
  C:\Windows\System\qULglnG.exe
  2⤵
  PID:3744
- C:\Windows\System\mfyMIbA.exe
  C:\Windows\System\mfyMIbA.exe
  2⤵
  PID:3848
- C:\Windows\System\jSABVNK.exe
  C:\Windows\System\jSABVNK.exe
  2⤵
  PID:3888
- C:\Windows\System\sYmmWBI.exe
  C:\Windows\System\sYmmWBI.exe
  2⤵
  PID:3872
- C:\Windows\System\WunZLnA.exe
  C:\Windows\System\WunZLnA.exe
  2⤵
  PID:3916
- C:\Windows\System\icrsPKc.exe
  C:\Windows\System\icrsPKc.exe
  2⤵
  PID:3952
- C:\Windows\System\tZKPmwP.exe
  C:\Windows\System\tZKPmwP.exe
  2⤵
  PID:4004
- C:\Windows\System\RSzpzFW.exe
  C:\Windows\System\RSzpzFW.exe
  2⤵
  PID:4012
- C:\Windows\System\dEVkpAg.exe
  C:\Windows\System\dEVkpAg.exe
  2⤵
  PID:4036
- C:\Windows\System\eABqSKh.exe
  C:\Windows\System\eABqSKh.exe
  2⤵
  PID:2408
- C:\Windows\System\VbTTCab.exe
  C:\Windows\System\VbTTCab.exe
  2⤵
  PID:2416
- C:\Windows\System\DUyjwid.exe
  C:\Windows\System\DUyjwid.exe
  2⤵
  PID:2348
- C:\Windows\System\dJiSyNr.exe
  C:\Windows\System\dJiSyNr.exe
  2⤵
  PID:1228
- C:\Windows\System\tYNumzS.exe
  C:\Windows\System\tYNumzS.exe
  2⤵
  PID:684
- C:\Windows\System\NixYXjw.exe
  C:\Windows\System\NixYXjw.exe
  2⤵
  PID:2396
- C:\Windows\System\ExDzSxx.exe
  C:\Windows\System\ExDzSxx.exe
  2⤵
  PID:2440
- C:\Windows\System\RhcUgZt.exe
  C:\Windows\System\RhcUgZt.exe
  2⤵
  PID:3240
- C:\Windows\System\xJypMLH.exe
  C:\Windows\System\xJypMLH.exe
  2⤵
  PID:996
- C:\Windows\System\NIJIKIJ.exe
  C:\Windows\System\NIJIKIJ.exe
  2⤵
  PID:3288
- C:\Windows\System\vIfqQYd.exe
  C:\Windows\System\vIfqQYd.exe
  2⤵
  PID:3200
- C:\Windows\System\WBXTXSi.exe
  C:\Windows\System\WBXTXSi.exe
  2⤵
  PID:3384
- C:\Windows\System\XtYPZRx.exe
  C:\Windows\System\XtYPZRx.exe
  2⤵
  PID:3404
- C:\Windows\System\fHVOTsq.exe
  C:\Windows\System\fHVOTsq.exe
  2⤵
  PID:3492
- C:\Windows\System\DIjEHZg.exe
  C:\Windows\System\DIjEHZg.exe
  2⤵
  PID:3372
- C:\Windows\System\BuUMkMd.exe
  C:\Windows\System\BuUMkMd.exe
  2⤵
  PID:3524
- C:\Windows\System\AhVSiBj.exe
  C:\Windows\System\AhVSiBj.exe
  2⤵
  PID:3612
- C:\Windows\System\yKBXWTC.exe
  C:\Windows\System\yKBXWTC.exe
  2⤵
  PID:3688
- C:\Windows\System\xlvZFoK.exe
  C:\Windows\System\xlvZFoK.exe
  2⤵
  PID:3628
- C:\Windows\System\QXpZQCS.exe
  C:\Windows\System\QXpZQCS.exe
  2⤵
  PID:3632
- C:\Windows\System\oplxrNK.exe
  C:\Windows\System\oplxrNK.exe
  2⤵
  PID:3800
- C:\Windows\System\fVnmrEn.exe
  C:\Windows\System\fVnmrEn.exe
  2⤵
  PID:3712
- C:\Windows\System\xuLSeRY.exe
  C:\Windows\System\xuLSeRY.exe
  2⤵
  PID:3876
- C:\Windows\System\zSJPVBZ.exe
  C:\Windows\System\zSJPVBZ.exe
  2⤵
  PID:3968
- C:\Windows\System\gtayzUA.exe
  C:\Windows\System\gtayzUA.exe
  2⤵
  PID:4016
- C:\Windows\System\RHClmcL.exe
  C:\Windows\System\RHClmcL.exe
  2⤵
  PID:4112
- C:\Windows\System\BYHBLUy.exe
  C:\Windows\System\BYHBLUy.exe
  2⤵
  PID:4128
- C:\Windows\System\oeAwJou.exe
  C:\Windows\System\oeAwJou.exe
  2⤵
  PID:4160
- C:\Windows\System\RuTClzY.exe
  C:\Windows\System\RuTClzY.exe
  2⤵
  PID:4180
- C:\Windows\System\zewGlyl.exe
  C:\Windows\System\zewGlyl.exe
  2⤵
  PID:4200
- C:\Windows\System\XGgWoJN.exe
  C:\Windows\System\XGgWoJN.exe
  2⤵
  PID:4216
- C:\Windows\System\ByovMqJ.exe
  C:\Windows\System\ByovMqJ.exe
  2⤵
  PID:4236
- C:\Windows\System\ODcYFnR.exe
  C:\Windows\System\ODcYFnR.exe
  2⤵
  PID:4260
- C:\Windows\System\pyGwRwj.exe
  C:\Windows\System\pyGwRwj.exe
  2⤵
  PID:4280
- C:\Windows\System\eTVjRgc.exe
  C:\Windows\System\eTVjRgc.exe
  2⤵
  PID:4328
- C:\Windows\System\KFUkFAB.exe
  C:\Windows\System\KFUkFAB.exe
  2⤵
  PID:4344
- C:\Windows\System\EgqyirD.exe
  C:\Windows\System\EgqyirD.exe
  2⤵
  PID:4360
- C:\Windows\System\DMWgXlb.exe
  C:\Windows\System\DMWgXlb.exe
  2⤵
  PID:4384
- C:\Windows\System\fYUcjRA.exe
  C:\Windows\System\fYUcjRA.exe
  2⤵
  PID:4400
- C:\Windows\System\QZOWpuV.exe
  C:\Windows\System\QZOWpuV.exe
  2⤵
  PID:4420
- C:\Windows\System\EJWHffQ.exe
  C:\Windows\System\EJWHffQ.exe
  2⤵
  PID:4440
- C:\Windows\System\JjmzdTj.exe
  C:\Windows\System\JjmzdTj.exe
  2⤵
  PID:4468
- C:\Windows\System\dvAIWJV.exe
  C:\Windows\System\dvAIWJV.exe
  2⤵
  PID:4484
- C:\Windows\System\PHOhBqr.exe
  C:\Windows\System\PHOhBqr.exe
  2⤵
  PID:4504
- C:\Windows\System\vihmeYz.exe
  C:\Windows\System\vihmeYz.exe
  2⤵
  PID:4528
- C:\Windows\System\ckRfTcr.exe
  C:\Windows\System\ckRfTcr.exe
  2⤵
  PID:4548
- C:\Windows\System\drJxXvx.exe
  C:\Windows\System\drJxXvx.exe
  2⤵
  PID:4564
- C:\Windows\System\DievnUy.exe
  C:\Windows\System\DievnUy.exe
  2⤵
  PID:4584
- C:\Windows\System\lHjBcsl.exe
  C:\Windows\System\lHjBcsl.exe
  2⤵
  PID:4604
- C:\Windows\System\iniiNxF.exe
  C:\Windows\System\iniiNxF.exe
  2⤵
  PID:4624
- C:\Windows\System\vBhgMwx.exe
  C:\Windows\System\vBhgMwx.exe
  2⤵
  PID:4640
- C:\Windows\System\eUCMLNt.exe
  C:\Windows\System\eUCMLNt.exe
  2⤵
  PID:4656
- C:\Windows\System\wJkcUfv.exe
  C:\Windows\System\wJkcUfv.exe
  2⤵
  PID:4672
- C:\Windows\System\pJaHKXS.exe
  C:\Windows\System\pJaHKXS.exe
  2⤵
  PID:4696
- C:\Windows\System\EeaiCGX.exe
  C:\Windows\System\EeaiCGX.exe
  2⤵
  PID:4712
- C:\Windows\System\YiRKWJF.exe
  C:\Windows\System\YiRKWJF.exe
  2⤵
  PID:4728
- C:\Windows\System\jQOKFLd.exe
  C:\Windows\System\jQOKFLd.exe
  2⤵
  PID:4744
- C:\Windows\System\EJzoEfL.exe
  C:\Windows\System\EJzoEfL.exe
  2⤵
  PID:4760
- C:\Windows\System\VkNVjZU.exe
  C:\Windows\System\VkNVjZU.exe
  2⤵
  PID:4788
- C:\Windows\System\XdEeIPu.exe
  C:\Windows\System\XdEeIPu.exe
  2⤵
  PID:4812
- C:\Windows\System\gSRsMmD.exe
  C:\Windows\System\gSRsMmD.exe
  2⤵
  PID:4856
- C:\Windows\System\Pjzylla.exe
  C:\Windows\System\Pjzylla.exe
  2⤵
  PID:4872
- C:\Windows\System\nVpBAOy.exe
  C:\Windows\System\nVpBAOy.exe
  2⤵
  PID:4888
- C:\Windows\System\bhrcbPp.exe
  C:\Windows\System\bhrcbPp.exe
  2⤵
  PID:4908
- C:\Windows\System\ePFERmH.exe
  C:\Windows\System\ePFERmH.exe
  2⤵
  PID:4932
- C:\Windows\System\bPtaNsq.exe
  C:\Windows\System\bPtaNsq.exe
  2⤵
  PID:4956
- C:\Windows\System\pELCcTw.exe
  C:\Windows\System\pELCcTw.exe
  2⤵
  PID:4976
- C:\Windows\System\HWMxzux.exe
  C:\Windows\System\HWMxzux.exe
  2⤵
  PID:4996
- C:\Windows\System\ddTgHRS.exe
  C:\Windows\System\ddTgHRS.exe
  2⤵
  PID:5016
- C:\Windows\System\YmMCGZa.exe
  C:\Windows\System\YmMCGZa.exe
  2⤵
  PID:5036
- C:\Windows\System\cjSIZTH.exe
  C:\Windows\System\cjSIZTH.exe
  2⤵
  PID:5052
- C:\Windows\System\BlYZuwz.exe
  C:\Windows\System\BlYZuwz.exe
  2⤵
  PID:5072
- C:\Windows\System\urztDbI.exe
  C:\Windows\System\urztDbI.exe
  2⤵
  PID:5096
- C:\Windows\System\FUEmSUS.exe
  C:\Windows\System\FUEmSUS.exe
  2⤵
  PID:5112
- C:\Windows\System\NRKVQGX.exe
  C:\Windows\System\NRKVQGX.exe
  2⤵
  PID:1088
- C:\Windows\System\MZSyAEG.exe
  C:\Windows\System\MZSyAEG.exe
  2⤵
  PID:1660
- C:\Windows\System\kEOqaXT.exe
  C:\Windows\System\kEOqaXT.exe
  2⤵
  PID:2308
- C:\Windows\System\VeQrYLW.exe
  C:\Windows\System\VeQrYLW.exe
  2⤵
  PID:2780
- C:\Windows\System\zxdzRgH.exe
  C:\Windows\System\zxdzRgH.exe
  2⤵
  PID:3932
- C:\Windows\System\wWqJRzP.exe
  C:\Windows\System\wWqJRzP.exe
  2⤵
  PID:3444
- C:\Windows\System\komoeqV.exe
  C:\Windows\System\komoeqV.exe
  2⤵
  PID:3908
- C:\Windows\System\zQReqoN.exe
  C:\Windows\System\zQReqoN.exe
  2⤵
  PID:2276
- C:\Windows\System\lUjdRwH.exe
  C:\Windows\System\lUjdRwH.exe
  2⤵
  PID:2384
- C:\Windows\System\aRdbQgY.exe
  C:\Windows\System\aRdbQgY.exe
  2⤵
  PID:3616
- C:\Windows\System\dnnoYYR.exe
  C:\Windows\System\dnnoYYR.exe
  2⤵
  PID:3504
- C:\Windows\System\sApDtQP.exe
  C:\Windows\System\sApDtQP.exe
  2⤵
  PID:3804
- C:\Windows\System\oiXPSSD.exe
  C:\Windows\System\oiXPSSD.exe
  2⤵
  PID:4120
- C:\Windows\System\UQntKUt.exe
  C:\Windows\System\UQntKUt.exe
  2⤵
  PID:3272
- C:\Windows\System\TtUWiss.exe
  C:\Windows\System\TtUWiss.exe
  2⤵
  PID:3416
- C:\Windows\System\MbjgVwA.exe
  C:\Windows\System\MbjgVwA.exe
  2⤵
  PID:4176
- C:\Windows\System\apKAtqz.exe
  C:\Windows\System\apKAtqz.exe
  2⤵
  PID:3472
- C:\Windows\System\cOsAceC.exe
  C:\Windows\System\cOsAceC.exe
  2⤵
  PID:4248
- C:\Windows\System\iQIxVUm.exe
  C:\Windows\System\iQIxVUm.exe
  2⤵
  PID:4296
- C:\Windows\System\PoPLqIf.exe
  C:\Windows\System\PoPLqIf.exe
  2⤵
  PID:4324
- C:\Windows\System\IZJSFTS.exe
  C:\Windows\System\IZJSFTS.exe
  2⤵
  PID:4428
- C:\Windows\System\MpvPqxv.exe
  C:\Windows\System\MpvPqxv.exe
  2⤵
  PID:4156
- C:\Windows\System\uIcRcat.exe
  C:\Windows\System\uIcRcat.exe
  2⤵
  PID:4228
- C:\Windows\System\PltYBKX.exe
  C:\Windows\System\PltYBKX.exe
  2⤵
  PID:4188
- C:\Windows\System\JucBbxe.exe
  C:\Windows\System\JucBbxe.exe
  2⤵
  PID:4272
- C:\Windows\System\NRouNCe.exe
  C:\Windows\System\NRouNCe.exe
  2⤵
  PID:4476
- C:\Windows\System\QENxdRh.exe
  C:\Windows\System\QENxdRh.exe
  2⤵
  PID:4516
- C:\Windows\System\ZCRevOG.exe
  C:\Windows\System\ZCRevOG.exe
  2⤵
  PID:4376
- C:\Windows\System\nUkXUGB.exe
  C:\Windows\System\nUkXUGB.exe
  2⤵
  PID:4412
- C:\Windows\System\yABxfLj.exe
  C:\Windows\System\yABxfLj.exe
  2⤵
  PID:4452
- C:\Windows\System\feCpgIc.exe
  C:\Windows\System\feCpgIc.exe
  2⤵
  PID:4540
- C:\Windows\System\LYQoIAY.exe
  C:\Windows\System\LYQoIAY.exe
  2⤵
  PID:4668
- C:\Windows\System\XiHials.exe
  C:\Windows\System\XiHials.exe
  2⤵
  PID:4768
- C:\Windows\System\MsNJKDZ.exe
  C:\Windows\System\MsNJKDZ.exe
  2⤵
  PID:4580
- C:\Windows\System\iyjPTTx.exe
  C:\Windows\System\iyjPTTx.exe
  2⤵
  PID:4832
- C:\Windows\System\sOuKnDm.exe
  C:\Windows\System\sOuKnDm.exe
  2⤵
  PID:4688
- C:\Windows\System\AMjjxnd.exe
  C:\Windows\System\AMjjxnd.exe
  2⤵
  PID:4756
- C:\Windows\System\SadhxKK.exe
  C:\Windows\System\SadhxKK.exe
  2⤵
  PID:4572
- C:\Windows\System\kksPhLE.exe
  C:\Windows\System\kksPhLE.exe
  2⤵
  PID:4848
- C:\Windows\System\slnaLti.exe
  C:\Windows\System\slnaLti.exe
  2⤵
  PID:4616
- C:\Windows\System\BijinpB.exe
  C:\Windows\System\BijinpB.exe
  2⤵
  PID:4808
- C:\Windows\System\hJlTWgu.exe
  C:\Windows\System\hJlTWgu.exe
  2⤵
  PID:4904
- C:\Windows\System\adrcepA.exe
  C:\Windows\System\adrcepA.exe
  2⤵
  PID:5004
- C:\Windows\System\kZEjlJT.exe
  C:\Windows\System\kZEjlJT.exe
  2⤵
  PID:5048
- C:\Windows\System\opLoMVo.exe
  C:\Windows\System\opLoMVo.exe
  2⤵
  PID:5088
- C:\Windows\System\SEqyblg.exe
  C:\Windows\System\SEqyblg.exe
  2⤵
  PID:4984
- C:\Windows\System\EIGMvHo.exe
  C:\Windows\System\EIGMvHo.exe
  2⤵
  PID:5032
- C:\Windows\System\uZjtdBA.exe
  C:\Windows\System\uZjtdBA.exe
  2⤵
  PID:4088
- C:\Windows\System\SfVRxFL.exe
  C:\Windows\System\SfVRxFL.exe
  2⤵
  PID:1268
- C:\Windows\System\jGZysxz.exe
  C:\Windows\System\jGZysxz.exe
  2⤵
  PID:3948
- C:\Windows\System\UYZlLRC.exe
  C:\Windows\System\UYZlLRC.exe
  2⤵
  PID:4052
- C:\Windows\System\llMNlMY.exe
  C:\Windows\System\llMNlMY.exe
  2⤵
  PID:3976
- C:\Windows\System\epFgJdT.exe
  C:\Windows\System\epFgJdT.exe
  2⤵
  PID:1936
- C:\Windows\System\GDItPch.exe
  C:\Windows\System\GDItPch.exe
  2⤵
  PID:1716
- C:\Windows\System\uCxNybg.exe
  C:\Windows\System\uCxNybg.exe
  2⤵
  PID:3204
- C:\Windows\System\exSvvFM.exe
  C:\Windows\System\exSvvFM.exe
  2⤵
  PID:4208
- C:\Windows\System\WGralii.exe
  C:\Windows\System\WGralii.exe
  2⤵
  PID:3772
- C:\Windows\System\AKHNmLN.exe
  C:\Windows\System\AKHNmLN.exe
  2⤵
  PID:4288
- C:\Windows\System\GgMszSD.exe
  C:\Windows\System\GgMszSD.exe
  2⤵
  PID:3452
- C:\Windows\System\PlLACwX.exe
  C:\Windows\System\PlLACwX.exe
  2⤵
  PID:4396
- C:\Windows\System\dtTfDnm.exe
  C:\Windows\System\dtTfDnm.exe
  2⤵
  PID:4136
- C:\Windows\System\FEZjAOy.exe
  C:\Windows\System\FEZjAOy.exe
  2⤵
  PID:4308
- C:\Windows\System\zYFZnBo.exe
  C:\Windows\System\zYFZnBo.exe
  2⤵
  PID:4268
- C:\Windows\System\RyRxUHC.exe
  C:\Windows\System\RyRxUHC.exe
  2⤵
  PID:4520
- C:\Windows\System\XaIfBUo.exe
  C:\Windows\System\XaIfBUo.exe
  2⤵
  PID:4596
- C:\Windows\System\xwCCfsM.exe
  C:\Windows\System\xwCCfsM.exe
  2⤵
  PID:4500
- C:\Windows\System\yMbRngt.exe
  C:\Windows\System\yMbRngt.exe
  2⤵
  PID:4368
- C:\Windows\System\vgbsyaE.exe
  C:\Windows\System\vgbsyaE.exe
  2⤵
  PID:4828
- C:\Windows\System\gOZjLRT.exe
  C:\Windows\System\gOZjLRT.exe
  2⤵
  PID:4784
- C:\Windows\System\BIyQRNy.exe
  C:\Windows\System\BIyQRNy.exe
  2⤵
  PID:4852
- C:\Windows\System\CePKkTJ.exe
  C:\Windows\System\CePKkTJ.exe
  2⤵
  PID:4800
- C:\Windows\System\lwjymvX.exe
  C:\Windows\System\lwjymvX.exe
  2⤵
  PID:4924
- C:\Windows\System\bhEgOeb.exe
  C:\Windows\System\bhEgOeb.exe
  2⤵
  PID:2212
- C:\Windows\System\LhCMlrY.exe
  C:\Windows\System\LhCMlrY.exe
  2⤵
  PID:4964
- C:\Windows\System\PmHNcSf.exe
  C:\Windows\System\PmHNcSf.exe
  2⤵
  PID:4900
- C:\Windows\System\jsPYoJl.exe
  C:\Windows\System\jsPYoJl.exe
  2⤵
  PID:5024
- C:\Windows\System\weBiOxK.exe
  C:\Windows\System\weBiOxK.exe
  2⤵
  PID:1756
- C:\Windows\System\lDTLiBw.exe
  C:\Windows\System\lDTLiBw.exe
  2⤵
  PID:4072
- C:\Windows\System\xFKuLQK.exe
  C:\Windows\System\xFKuLQK.exe
  2⤵
  PID:5068
- C:\Windows\System\hjHraey.exe
  C:\Windows\System\hjHraey.exe
  2⤵
  PID:1768
- C:\Windows\System\yhdvLNn.exe
  C:\Windows\System\yhdvLNn.exe
  2⤵
  PID:3180
- C:\Windows\System\cxxQoao.exe
  C:\Windows\System\cxxQoao.exe
  2⤵
  PID:3988
- C:\Windows\System\luTtQRl.exe
  C:\Windows\System\luTtQRl.exe
  2⤵
  PID:576
- C:\Windows\System\edCDxjg.exe
  C:\Windows\System\edCDxjg.exe
  2⤵
  PID:4152
- C:\Windows\System\uWQvNAe.exe
  C:\Windows\System\uWQvNAe.exe
  2⤵
  PID:2136
- C:\Windows\System\XdFxcRZ.exe
  C:\Windows\System\XdFxcRZ.exe
  2⤵
  PID:4392
- C:\Windows\System\uUImltH.exe
  C:\Windows\System\uUImltH.exe
  2⤵
  PID:3684
- C:\Windows\System\zVHNNWw.exe
  C:\Windows\System\zVHNNWw.exe
  2⤵
  PID:4708
- C:\Windows\System\QgyujIi.exe
  C:\Windows\System\QgyujIi.exe
  2⤵
  PID:4408
- C:\Windows\System\gApvHDF.exe
  C:\Windows\System\gApvHDF.exe
  2⤵
  PID:4492
- C:\Windows\System\WwHuPhQ.exe
  C:\Windows\System\WwHuPhQ.exe
  2⤵
  PID:4820
- C:\Windows\System\XOwXLrs.exe
  C:\Windows\System\XOwXLrs.exe
  2⤵
  PID:4648
- C:\Windows\System\xEuLjiG.exe
  C:\Windows\System\xEuLjiG.exe
  2⤵
  PID:4968
- C:\Windows\System\qEpWYGu.exe
  C:\Windows\System\qEpWYGu.exe
  2⤵
  PID:4916
- C:\Windows\System\luGGjyH.exe
  C:\Windows\System\luGGjyH.exe
  2⤵
  PID:5060
- C:\Windows\System\ahwmGAc.exe
  C:\Windows\System\ahwmGAc.exe
  2⤵
  PID:5128
- C:\Windows\System\VAJwYWN.exe
  C:\Windows\System\VAJwYWN.exe
  2⤵
  PID:5148
- C:\Windows\System\ZBxgFZg.exe
  C:\Windows\System\ZBxgFZg.exe
  2⤵
  PID:5168
- C:\Windows\System\bCuRWpr.exe
  C:\Windows\System\bCuRWpr.exe
  2⤵
  PID:5188
- C:\Windows\System\ProAwnv.exe
  C:\Windows\System\ProAwnv.exe
  2⤵
  PID:5208
- C:\Windows\System\gVmfiGZ.exe
  C:\Windows\System\gVmfiGZ.exe
  2⤵
  PID:5228
- C:\Windows\System\ntecHcq.exe
  C:\Windows\System\ntecHcq.exe
  2⤵
  PID:5248
- C:\Windows\System\KvqtTud.exe
  C:\Windows\System\KvqtTud.exe
  2⤵
  PID:5268
- C:\Windows\System\zOGbkMC.exe
  C:\Windows\System\zOGbkMC.exe
  2⤵
  PID:5288
- C:\Windows\System\JjavDPI.exe
  C:\Windows\System\JjavDPI.exe
  2⤵
  PID:5308
- C:\Windows\System\bsDCSvq.exe
  C:\Windows\System\bsDCSvq.exe
  2⤵
  PID:5328
- C:\Windows\System\VuFWwaQ.exe
  C:\Windows\System\VuFWwaQ.exe
  2⤵
  PID:5348
- C:\Windows\System\bbqkUUa.exe
  C:\Windows\System\bbqkUUa.exe
  2⤵
  PID:5368
- C:\Windows\System\RnGjZjV.exe
  C:\Windows\System\RnGjZjV.exe
  2⤵
  PID:5388
- C:\Windows\System\OAJobgc.exe
  C:\Windows\System\OAJobgc.exe
  2⤵
  PID:5408
- C:\Windows\System\XDCOaIh.exe
  C:\Windows\System\XDCOaIh.exe
  2⤵
  PID:5428
- C:\Windows\System\ZOavCAN.exe
  C:\Windows\System\ZOavCAN.exe
  2⤵
  PID:5448
- C:\Windows\System\OskkryI.exe
  C:\Windows\System\OskkryI.exe
  2⤵
  PID:5468
- C:\Windows\System\XKRWkyG.exe
  C:\Windows\System\XKRWkyG.exe
  2⤵
  PID:5488
- C:\Windows\System\NLHQWTZ.exe
  C:\Windows\System\NLHQWTZ.exe
  2⤵
  PID:5508
- C:\Windows\System\WYinePs.exe
  C:\Windows\System\WYinePs.exe
  2⤵
  PID:5532
- C:\Windows\System\aWyQtAs.exe
  C:\Windows\System\aWyQtAs.exe
  2⤵
  PID:5552
- C:\Windows\System\CpasWkB.exe
  C:\Windows\System\CpasWkB.exe
  2⤵
  PID:5572
- C:\Windows\System\BbxGXhi.exe
  C:\Windows\System\BbxGXhi.exe
  2⤵
  PID:5592
- C:\Windows\System\yihyMID.exe
  C:\Windows\System\yihyMID.exe
  2⤵
  PID:5612
- C:\Windows\System\nrAxwUd.exe
  C:\Windows\System\nrAxwUd.exe
  2⤵
  PID:5632
- C:\Windows\System\Jodjvez.exe
  C:\Windows\System\Jodjvez.exe
  2⤵
  PID:5652
- C:\Windows\System\webRjaE.exe
  C:\Windows\System\webRjaE.exe
  2⤵
  PID:5672
- C:\Windows\System\kfGxbTC.exe
  C:\Windows\System\kfGxbTC.exe
  2⤵
  PID:5692
- C:\Windows\System\zweksaR.exe
  C:\Windows\System\zweksaR.exe
  2⤵
  PID:5712
- C:\Windows\System\fdlrUvs.exe
  C:\Windows\System\fdlrUvs.exe
  2⤵
  PID:5732
- C:\Windows\System\eXLEAHu.exe
  C:\Windows\System\eXLEAHu.exe
  2⤵
  PID:5752
- C:\Windows\System\PXpGyMq.exe
  C:\Windows\System\PXpGyMq.exe
  2⤵
  PID:5772
- C:\Windows\System\opjhPbK.exe
  C:\Windows\System\opjhPbK.exe
  2⤵
  PID:5792
- C:\Windows\System\lWSJagd.exe
  C:\Windows\System\lWSJagd.exe
  2⤵
  PID:5812
- C:\Windows\System\pshfybn.exe
  C:\Windows\System\pshfybn.exe
  2⤵
  PID:5832
- C:\Windows\System\LgPoOmk.exe
  C:\Windows\System\LgPoOmk.exe
  2⤵
  PID:5852
- C:\Windows\System\XzcuvxK.exe
  C:\Windows\System\XzcuvxK.exe
  2⤵
  PID:5872
- C:\Windows\System\OiMJQyY.exe
  C:\Windows\System\OiMJQyY.exe
  2⤵
  PID:5892
- C:\Windows\System\UfgcKAP.exe
  C:\Windows\System\UfgcKAP.exe
  2⤵
  PID:5912
- C:\Windows\System\RITcVte.exe
  C:\Windows\System\RITcVte.exe
  2⤵
  PID:5932
- C:\Windows\System\RAhbVwx.exe
  C:\Windows\System\RAhbVwx.exe
  2⤵
  PID:5952
- C:\Windows\System\bjWFQSP.exe
  C:\Windows\System\bjWFQSP.exe
  2⤵
  PID:5972
- C:\Windows\System\vdxYreG.exe
  C:\Windows\System\vdxYreG.exe
  2⤵
  PID:5992
- C:\Windows\System\JwNgRDZ.exe
  C:\Windows\System\JwNgRDZ.exe
  2⤵
  PID:6012
- C:\Windows\System\aHeeIOl.exe
  C:\Windows\System\aHeeIOl.exe
  2⤵
  PID:6032
- C:\Windows\System\jCtYaCo.exe
  C:\Windows\System\jCtYaCo.exe
  2⤵
  PID:6052
- C:\Windows\System\SKYtwxq.exe
  C:\Windows\System\SKYtwxq.exe
  2⤵
  PID:6072
- C:\Windows\System\jEFFKDX.exe
  C:\Windows\System\jEFFKDX.exe
  2⤵
  PID:6092
- C:\Windows\System\SUFKeUd.exe
  C:\Windows\System\SUFKeUd.exe
  2⤵
  PID:6116
- C:\Windows\System\jCqAYWQ.exe
  C:\Windows\System\jCqAYWQ.exe
  2⤵
  PID:6136
- C:\Windows\System\kaZneXg.exe
  C:\Windows\System\kaZneXg.exe
  2⤵
  PID:3972
- C:\Windows\System\xYCopCT.exe
  C:\Windows\System\xYCopCT.exe
  2⤵
  PID:4084
- C:\Windows\System\UmVKgYv.exe
  C:\Windows\System\UmVKgYv.exe
  2⤵
  PID:3120
- C:\Windows\System\UFQhxNk.exe
  C:\Windows\System\UFQhxNk.exe
  2⤵
  PID:3348
- C:\Windows\System\QeQjfVC.exe
  C:\Windows\System\QeQjfVC.exe
  2⤵
  PID:3176
- C:\Windows\System\UdfNYgx.exe
  C:\Windows\System\UdfNYgx.exe
  2⤵
  PID:3728
- C:\Windows\System\yMprAHN.exe
  C:\Windows\System\yMprAHN.exe
  2⤵
  PID:4780
- C:\Windows\System\yJdzhqq.exe
  C:\Windows\System\yJdzhqq.exe
  2⤵
  PID:4636
- C:\Windows\System\xSTMnIr.exe
  C:\Windows\System\xSTMnIr.exe
  2⤵
  PID:4752
- C:\Windows\System\hFTEBUk.exe
  C:\Windows\System\hFTEBUk.exe
  2⤵
  PID:2516
- C:\Windows\System\kJGclQb.exe
  C:\Windows\System\kJGclQb.exe
  2⤵
  PID:5108
- C:\Windows\System\eFYtksx.exe
  C:\Windows\System\eFYtksx.exe
  2⤵
  PID:5124
- C:\Windows\System\ecevjso.exe
  C:\Windows\System\ecevjso.exe
  2⤵
  PID:5184
- C:\Windows\System\WDCqobY.exe
  C:\Windows\System\WDCqobY.exe
  2⤵
  PID:5216
- C:\Windows\System\loYuakV.exe
  C:\Windows\System\loYuakV.exe
  2⤵
  PID:988
- C:\Windows\System\FzJHVPS.exe
  C:\Windows\System\FzJHVPS.exe
  2⤵
  PID:5240
- C:\Windows\System\pyUhFmR.exe
  C:\Windows\System\pyUhFmR.exe
  2⤵
  PID:5280
- C:\Windows\System\ZrZTiQS.exe
  C:\Windows\System\ZrZTiQS.exe
  2⤵
  PID:5324
- C:\Windows\System\Ncfwers.exe
  C:\Windows\System\Ncfwers.exe
  2⤵
  PID:5364
- C:\Windows\System\tOddsAv.exe
  C:\Windows\System\tOddsAv.exe
  2⤵
  PID:5396
- C:\Windows\System\vtHWWSY.exe
  C:\Windows\System\vtHWWSY.exe
  2⤵
  PID:5420
- C:\Windows\System\nZfakRr.exe
  C:\Windows\System\nZfakRr.exe
  2⤵
  PID:5460
- C:\Windows\System\tqVAERF.exe
  C:\Windows\System\tqVAERF.exe
  2⤵
  PID:5480
- C:\Windows\System\tiOsTqc.exe
  C:\Windows\System\tiOsTqc.exe
  2⤵
  PID:5540
- C:\Windows\System\Vzoywqd.exe
  C:\Windows\System\Vzoywqd.exe
  2⤵
  PID:5560
- C:\Windows\System\dopLZET.exe
  C:\Windows\System\dopLZET.exe
  2⤵
  PID:5564
- C:\Windows\System\HDcJaUG.exe
  C:\Windows\System\HDcJaUG.exe
  2⤵
  PID:5628
- C:\Windows\System\HPKjOKw.exe
  C:\Windows\System\HPKjOKw.exe
  2⤵
  PID:5668
- C:\Windows\System\msmHWps.exe
  C:\Windows\System\msmHWps.exe
  2⤵
  PID:5684
- C:\Windows\System\WDPDqPf.exe
  C:\Windows\System\WDPDqPf.exe
  2⤵
  PID:5728
- C:\Windows\System\WsISvkD.exe
  C:\Windows\System\WsISvkD.exe
  2⤵
  PID:5768
- C:\Windows\System\WsSKlVA.exe
  C:\Windows\System\WsSKlVA.exe
  2⤵
  PID:5800
- C:\Windows\System\bzMBATQ.exe
  C:\Windows\System\bzMBATQ.exe
  2⤵
  PID:5824
- C:\Windows\System\yzLddWF.exe
  C:\Windows\System\yzLddWF.exe
  2⤵
  PID:5868
- C:\Windows\System\kXuJgwZ.exe
  C:\Windows\System\kXuJgwZ.exe
  2⤵
  PID:5888
- C:\Windows\System\YbXtJzS.exe
  C:\Windows\System\YbXtJzS.exe
  2⤵
  PID:5948
- C:\Windows\System\DrGCdTD.exe
  C:\Windows\System\DrGCdTD.exe
  2⤵
  PID:5960
- C:\Windows\System\URxusGV.exe
  C:\Windows\System\URxusGV.exe
  2⤵
  PID:5984
- C:\Windows\System\WjRczoO.exe
  C:\Windows\System\WjRczoO.exe
  2⤵
  PID:6004
- C:\Windows\System\kIoqsoz.exe
  C:\Windows\System\kIoqsoz.exe
  2⤵
  PID:6048
- C:\Windows\System\MyzNRcp.exe
  C:\Windows\System\MyzNRcp.exe
  2⤵
  PID:2680
- C:\Windows\System\ZMBqpPe.exe
  C:\Windows\System\ZMBqpPe.exe
  2⤵
  PID:6104
- C:\Windows\System\bkbLUYo.exe
  C:\Windows\System\bkbLUYo.exe
  2⤵
  PID:6128
- C:\Windows\System\LpCpMOP.exe
  C:\Windows\System\LpCpMOP.exe
  2⤵
  PID:3284
- C:\Windows\System\BtNfnBN.exe
  C:\Windows\System\BtNfnBN.exe
  2⤵
  PID:4224
- C:\Windows\System\NGCFjIX.exe
  C:\Windows\System\NGCFjIX.exe
  2⤵
  PID:4196
- C:\Windows\System\gmJiCrm.exe
  C:\Windows\System\gmJiCrm.exe
  2⤵
  PID:4304
- C:\Windows\System\VSOvrUU.exe
  C:\Windows\System\VSOvrUU.exe
  2⤵
  PID:4880
- C:\Windows\System\FFiiZhF.exe
  C:\Windows\System\FFiiZhF.exe
  2⤵
  PID:760
- C:\Windows\System\XjqESnK.exe
  C:\Windows\System\XjqESnK.exe
  2⤵
  PID:5176
- C:\Windows\System\jmsaXAa.exe
  C:\Windows\System\jmsaXAa.exe
  2⤵
  PID:5160
- C:\Windows\System\hxUXCBq.exe
  C:\Windows\System\hxUXCBq.exe
  2⤵
  PID:5200
- C:\Windows\System\omOtOjg.exe
  C:\Windows\System\omOtOjg.exe
  2⤵
  PID:5284
- C:\Windows\System\iJaontx.exe
  C:\Windows\System\iJaontx.exe
  2⤵
  PID:5316
- C:\Windows\System\PmuJFmJ.exe
  C:\Windows\System\PmuJFmJ.exe
  2⤵
  PID:5400
- C:\Windows\System\KhPZDmI.exe
  C:\Windows\System\KhPZDmI.exe
  2⤵
  PID:2824
- C:\Windows\System\kMRtxBR.exe
  C:\Windows\System\kMRtxBR.exe
  2⤵
  PID:5528
- C:\Windows\System\busjaFU.exe
  C:\Windows\System\busjaFU.exe
  2⤵
  PID:5524
- C:\Windows\System\BlEgiqY.exe
  C:\Windows\System\BlEgiqY.exe
  2⤵
  PID:5584
- C:\Windows\System\XzNOkwQ.exe
  C:\Windows\System\XzNOkwQ.exe
  2⤵
  PID:5664
- C:\Windows\System\jzeonjI.exe
  C:\Windows\System\jzeonjI.exe
  2⤵
  PID:5720
- C:\Windows\System\qOkkabJ.exe
  C:\Windows\System\qOkkabJ.exe
  2⤵
  PID:5784
- C:\Windows\System\pdpkTwx.exe
  C:\Windows\System\pdpkTwx.exe
  2⤵
  PID:5860
- C:\Windows\System\WiHcCXe.exe
  C:\Windows\System\WiHcCXe.exe
  2⤵
  PID:5848
- C:\Windows\System\AWsOLhw.exe
  C:\Windows\System\AWsOLhw.exe
  2⤵
  PID:5944
- C:\Windows\System\uNhLaSE.exe
  C:\Windows\System\uNhLaSE.exe
  2⤵
  PID:6008
- C:\Windows\System\EYkyvaw.exe
  C:\Windows\System\EYkyvaw.exe
  2⤵
  PID:6064
- C:\Windows\System\iaaHtTa.exe
  C:\Windows\System\iaaHtTa.exe
  2⤵
  PID:6112
- C:\Windows\System\ijZnGig.exe
  C:\Windows\System\ijZnGig.exe
  2⤵
  PID:5044
- C:\Windows\System\mudSJex.exe
  C:\Windows\System\mudSJex.exe
  2⤵
  PID:3448
- C:\Windows\System\jrAHGDp.exe
  C:\Windows\System\jrAHGDp.exe
  2⤵
  PID:4148
- C:\Windows\System\LFCrZlB.exe
  C:\Windows\System\LFCrZlB.exe
  2⤵
  PID:2892
- C:\Windows\System\pMFsfCC.exe
  C:\Windows\System\pMFsfCC.exe
  2⤵
  PID:2504
- C:\Windows\System\BfSRjay.exe
  C:\Windows\System\BfSRjay.exe
  2⤵
  PID:5156
- C:\Windows\System\QToYzlc.exe
  C:\Windows\System\QToYzlc.exe
  2⤵
  PID:5264
- C:\Windows\System\cKkFoNr.exe
  C:\Windows\System\cKkFoNr.exe
  2⤵
  PID:5336
- C:\Windows\System\iFicMbz.exe
  C:\Windows\System\iFicMbz.exe
  2⤵
  PID:6160
- C:\Windows\System\UKfnsYF.exe
  C:\Windows\System\UKfnsYF.exe
  2⤵
  PID:6180
- C:\Windows\System\trnLWSi.exe
  C:\Windows\System\trnLWSi.exe
  2⤵
  PID:6200
- C:\Windows\System\MBNhTOC.exe
  C:\Windows\System\MBNhTOC.exe
  2⤵
  PID:6220
- C:\Windows\System\XAIvAZv.exe
  C:\Windows\System\XAIvAZv.exe
  2⤵
  PID:6240
- C:\Windows\System\qprQJNw.exe
  C:\Windows\System\qprQJNw.exe
  2⤵
  PID:6260
- C:\Windows\System\UybvJbk.exe
  C:\Windows\System\UybvJbk.exe
  2⤵
  PID:6280
- C:\Windows\System\gvGAEWj.exe
  C:\Windows\System\gvGAEWj.exe
  2⤵
  PID:6300
- C:\Windows\System\QuZvena.exe
  C:\Windows\System\QuZvena.exe
  2⤵
  PID:6320
- C:\Windows\System\QorWoZY.exe
  C:\Windows\System\QorWoZY.exe
  2⤵
  PID:6340
- C:\Windows\System\LTQsGAM.exe
  C:\Windows\System\LTQsGAM.exe
  2⤵
  PID:6364
- C:\Windows\System\GbNjFmv.exe
  C:\Windows\System\GbNjFmv.exe
  2⤵
  PID:6384
- C:\Windows\System\GJdzgoK.exe
  C:\Windows\System\GJdzgoK.exe
  2⤵
  PID:6404
- C:\Windows\System\afDbfQf.exe
  C:\Windows\System\afDbfQf.exe
  2⤵
  PID:6424
- C:\Windows\System\mfHzZgT.exe
  C:\Windows\System\mfHzZgT.exe
  2⤵
  PID:6444
- C:\Windows\System\JIJMMqw.exe
  C:\Windows\System\JIJMMqw.exe
  2⤵
  PID:6464
- C:\Windows\System\QMOcrzq.exe
  C:\Windows\System\QMOcrzq.exe
  2⤵
  PID:6484
- C:\Windows\System\fhydWIM.exe
  C:\Windows\System\fhydWIM.exe
  2⤵
  PID:6508
- C:\Windows\System\AjEUVmU.exe
  C:\Windows\System\AjEUVmU.exe
  2⤵
  PID:6528
- C:\Windows\System\jlLVYwT.exe
  C:\Windows\System\jlLVYwT.exe
  2⤵
  PID:6548
- C:\Windows\System\aHeXpaL.exe
  C:\Windows\System\aHeXpaL.exe
  2⤵
  PID:6568
- C:\Windows\System\RoBDIOp.exe
  C:\Windows\System\RoBDIOp.exe
  2⤵
  PID:6588
- C:\Windows\System\WZcceMG.exe
  C:\Windows\System\WZcceMG.exe
  2⤵
  PID:6608
- C:\Windows\System\ynmfXAK.exe
  C:\Windows\System\ynmfXAK.exe
  2⤵
  PID:6628
- C:\Windows\System\kJaeluq.exe
  C:\Windows\System\kJaeluq.exe
  2⤵
  PID:6648
- C:\Windows\System\CoIArrk.exe
  C:\Windows\System\CoIArrk.exe
  2⤵
  PID:6668
- C:\Windows\System\kNmSscO.exe
  C:\Windows\System\kNmSscO.exe
  2⤵
  PID:6688
- C:\Windows\System\SjvUKsd.exe
  C:\Windows\System\SjvUKsd.exe
  2⤵
  PID:6708
- C:\Windows\System\oiCxLBa.exe
  C:\Windows\System\oiCxLBa.exe
  2⤵
  PID:6728
- C:\Windows\System\Bjtycrp.exe
  C:\Windows\System\Bjtycrp.exe
  2⤵
  PID:6748
- C:\Windows\System\fcOnTsI.exe
  C:\Windows\System\fcOnTsI.exe
  2⤵
  PID:6768
- C:\Windows\System\jnSUfEq.exe
  C:\Windows\System\jnSUfEq.exe
  2⤵
  PID:6788
- C:\Windows\System\SJIuaYD.exe
  C:\Windows\System\SJIuaYD.exe
  2⤵
  PID:6808
- C:\Windows\System\dRpFrrf.exe
  C:\Windows\System\dRpFrrf.exe
  2⤵
  PID:6828
- C:\Windows\System\fTgDvnt.exe
  C:\Windows\System\fTgDvnt.exe
  2⤵
  PID:6848
- C:\Windows\System\fxeuZtJ.exe
  C:\Windows\System\fxeuZtJ.exe
  2⤵
  PID:6868
- C:\Windows\System\XetGClD.exe
  C:\Windows\System\XetGClD.exe
  2⤵
  PID:6888
- C:\Windows\System\GFCsQYb.exe
  C:\Windows\System\GFCsQYb.exe
  2⤵
  PID:6908
- C:\Windows\System\AtHnehq.exe
  C:\Windows\System\AtHnehq.exe
  2⤵
  PID:6928
- C:\Windows\System\QYeyofl.exe
  C:\Windows\System\QYeyofl.exe
  2⤵
  PID:6948
- C:\Windows\System\MAvCHWG.exe
  C:\Windows\System\MAvCHWG.exe
  2⤵
  PID:6968
- C:\Windows\System\beSRUhA.exe
  C:\Windows\System\beSRUhA.exe
  2⤵
  PID:6988
- C:\Windows\System\DTHAlxf.exe
  C:\Windows\System\DTHAlxf.exe
  2⤵
  PID:7008
- C:\Windows\System\MgodkTD.exe
  C:\Windows\System\MgodkTD.exe
  2⤵
  PID:7028
- C:\Windows\System\dNgHayI.exe
  C:\Windows\System\dNgHayI.exe
  2⤵
  PID:7048
- C:\Windows\System\PPmzxPk.exe
  C:\Windows\System\PPmzxPk.exe
  2⤵
  PID:7068
- C:\Windows\System\gXxnTdU.exe
  C:\Windows\System\gXxnTdU.exe
  2⤵
  PID:7088
- C:\Windows\System\fHHdeSc.exe
  C:\Windows\System\fHHdeSc.exe
  2⤵
  PID:7108
- C:\Windows\System\mepvSFl.exe
  C:\Windows\System\mepvSFl.exe
  2⤵
  PID:7128
- C:\Windows\System\KYawNNu.exe
  C:\Windows\System\KYawNNu.exe
  2⤵
  PID:7148
- C:\Windows\System\HxVeZNH.exe
  C:\Windows\System\HxVeZNH.exe
  2⤵
  PID:5424
- C:\Windows\System\fMwnlIW.exe
  C:\Windows\System\fMwnlIW.exe
  2⤵
  PID:5476
- C:\Windows\System\uXZrEJr.exe
  C:\Windows\System\uXZrEJr.exe
  2⤵
  PID:5568
- C:\Windows\System\LyVPQDb.exe
  C:\Windows\System\LyVPQDb.exe
  2⤵
  PID:5700
- C:\Windows\System\SqpckTR.exe
  C:\Windows\System\SqpckTR.exe
  2⤵
  PID:5760
- C:\Windows\System\tYGuxvJ.exe
  C:\Windows\System\tYGuxvJ.exe
  2⤵
  PID:5828
- C:\Windows\System\yXxPGvY.exe
  C:\Windows\System\yXxPGvY.exe
  2⤵
  PID:5908
- C:\Windows\System\dsVkOti.exe
  C:\Windows\System\dsVkOti.exe
  2⤵
  PID:6020
- C:\Windows\System\TwnUtTU.exe
  C:\Windows\System\TwnUtTU.exe
  2⤵
  PID:6060
- C:\Windows\System\brzbKRn.exe
  C:\Windows\System\brzbKRn.exe
  2⤵
  PID:6132
- C:\Windows\System\CSNhPmt.exe
  C:\Windows\System\CSNhPmt.exe
  2⤵
  PID:2340
- C:\Windows\System\sjlFzZS.exe
  C:\Windows\System\sjlFzZS.exe
  2⤵
  PID:4212
- C:\Windows\System\VyghUMC.exe
  C:\Windows\System\VyghUMC.exe
  2⤵
  PID:2380
- C:\Windows\System\bYzbuMG.exe
  C:\Windows\System\bYzbuMG.exe
  2⤵
  PID:5180
- C:\Windows\System\hpqdGmQ.exe
  C:\Windows\System\hpqdGmQ.exe
  2⤵
  PID:2288
- C:\Windows\System\ORtWcYi.exe
  C:\Windows\System\ORtWcYi.exe
  2⤵
  PID:6152
- C:\Windows\System\DdGcToe.exe
  C:\Windows\System\DdGcToe.exe
  2⤵
  PID:6196
- C:\Windows\System\eJFAxCc.exe
  C:\Windows\System\eJFAxCc.exe
  2⤵
  PID:6208
- C:\Windows\System\rpOTdGN.exe
  C:\Windows\System\rpOTdGN.exe
  2⤵
  PID:6248
- C:\Windows\System\XqsiGKX.exe
  C:\Windows\System\XqsiGKX.exe
  2⤵
  PID:6272
- C:\Windows\System\XNhfMCw.exe
  C:\Windows\System\XNhfMCw.exe
  2⤵
  PID:6316
- C:\Windows\System\VhFZfQI.exe
  C:\Windows\System\VhFZfQI.exe
  2⤵
  PID:6332
- C:\Windows\System\fFygMYh.exe
  C:\Windows\System\fFygMYh.exe
  2⤵
  PID:6376
- C:\Windows\System\LvQAvoB.exe
  C:\Windows\System\LvQAvoB.exe
  2⤵
  PID:6420
- C:\Windows\System\JbngCvp.exe
  C:\Windows\System\JbngCvp.exe
  2⤵
  PID:6472
- C:\Windows\System\xqEwIDh.exe
  C:\Windows\System\xqEwIDh.exe
  2⤵
  PID:6456
- C:\Windows\System\twJKDpv.exe
  C:\Windows\System\twJKDpv.exe
  2⤵
  PID:6500
- C:\Windows\System\aVNObdY.exe
  C:\Windows\System\aVNObdY.exe
  2⤵
  PID:6564
- C:\Windows\System\fDJEYat.exe
  C:\Windows\System\fDJEYat.exe
  2⤵
  PID:6596
- C:\Windows\System\UJralRc.exe
  C:\Windows\System\UJralRc.exe
  2⤵
  PID:6624
- C:\Windows\System\ZGKoFmt.exe
  C:\Windows\System\ZGKoFmt.exe
  2⤵
  PID:6676
- C:\Windows\System\OXLJsLS.exe
  C:\Windows\System\OXLJsLS.exe
  2⤵
  PID:6660
- C:\Windows\System\BUManVn.exe
  C:\Windows\System\BUManVn.exe
  2⤵
  PID:6700
- C:\Windows\System\kNdAbUA.exe
  C:\Windows\System\kNdAbUA.exe
  2⤵
  PID:6740
- C:\Windows\System\KUrnxLz.exe
  C:\Windows\System\KUrnxLz.exe
  2⤵
  PID:6804
- C:\Windows\System\gfuwJzn.exe
  C:\Windows\System\gfuwJzn.exe
  2⤵
  PID:6816
- C:\Windows\System\aDJJvaP.exe
  C:\Windows\System\aDJJvaP.exe
  2⤵
  PID:1076
- C:\Windows\System\aabnoIn.exe
  C:\Windows\System\aabnoIn.exe
  2⤵
  PID:6876
- C:\Windows\System\cerVBFb.exe
  C:\Windows\System\cerVBFb.exe
  2⤵
  PID:6904
- C:\Windows\System\CgBHiOn.exe
  C:\Windows\System\CgBHiOn.exe
  2⤵
  PID:6920
- C:\Windows\System\KWnwVso.exe
  C:\Windows\System\KWnwVso.exe
  2⤵
  PID:6964
- C:\Windows\System\IJyaGou.exe
  C:\Windows\System\IJyaGou.exe
  2⤵
  PID:6984
- C:\Windows\System\ivHTHQX.exe
  C:\Windows\System\ivHTHQX.exe
  2⤵
  PID:7020
- C:\Windows\System\MEMGtMi.exe
  C:\Windows\System\MEMGtMi.exe
  2⤵
  PID:7084
- C:\Windows\System\tBPFpSv.exe
  C:\Windows\System\tBPFpSv.exe
  2⤵
  PID:7060
- C:\Windows\System\ohYBdYh.exe
  C:\Windows\System\ohYBdYh.exe
  2⤵
  PID:7120
- C:\Windows\System\vwigvEw.exe
  C:\Windows\System\vwigvEw.exe
  2⤵
  PID:7164
- C:\Windows\System\CEbnuYo.exe
  C:\Windows\System\CEbnuYo.exe
  2⤵
  PID:5444
- C:\Windows\System\tBbskEK.exe
  C:\Windows\System\tBbskEK.exe
  2⤵
  PID:5516
- C:\Windows\System\xGuHYvA.exe
  C:\Windows\System\xGuHYvA.exe
  2⤵
  PID:5660
- C:\Windows\System\lFaszce.exe
  C:\Windows\System\lFaszce.exe
  2⤵
  PID:5744
- C:\Windows\System\YlufraV.exe
  C:\Windows\System\YlufraV.exe
  2⤵
  PID:5988
- C:\Windows\System\ysQuMpv.exe
  C:\Windows\System\ysQuMpv.exe
  2⤵
  PID:4340
- C:\Windows\System\twTsRwE.exe
  C:\Windows\System\twTsRwE.exe
  2⤵
  PID:4352
- C:\Windows\System\TNhCZGb.exe
  C:\Windows\System\TNhCZGb.exe
  2⤵
  PID:4560
- C:\Windows\System\iYtQEWX.exe
  C:\Windows\System\iYtQEWX.exe
  2⤵
  PID:5256
- C:\Windows\System\OzkuXhD.exe
  C:\Windows\System\OzkuXhD.exe
  2⤵
  PID:5300
- C:\Windows\System\tbBNGgs.exe
  C:\Windows\System\tbBNGgs.exe
  2⤵
  PID:6192
- C:\Windows\System\kSgizLX.exe
  C:\Windows\System\kSgizLX.exe
  2⤵
  PID:6292
- C:\Windows\System\buhGJvv.exe
  C:\Windows\System\buhGJvv.exe
  2⤵
  PID:6252
- C:\Windows\System\ZWEcbqv.exe
  C:\Windows\System\ZWEcbqv.exe
  2⤵
  PID:6352
- C:\Windows\System\FhAeTyA.exe
  C:\Windows\System\FhAeTyA.exe
  2⤵
  PID:6440
- C:\Windows\System\ZkPdbwD.exe
  C:\Windows\System\ZkPdbwD.exe
  2⤵
  PID:6524
- C:\Windows\System\jzaKPCY.exe
  C:\Windows\System\jzaKPCY.exe
  2⤵
  PID:6584
- C:\Windows\System\IwlEvuH.exe
  C:\Windows\System\IwlEvuH.exe
  2⤵
  PID:6636
- C:\Windows\System\PNxGxSB.exe
  C:\Windows\System\PNxGxSB.exe
  2⤵
  PID:6600
- C:\Windows\System\FIxSHci.exe
  C:\Windows\System\FIxSHci.exe
  2⤵
  PID:6664
- C:\Windows\System\HUlybsQ.exe
  C:\Windows\System\HUlybsQ.exe
  2⤵
  PID:6744
- C:\Windows\System\YxUcJaS.exe
  C:\Windows\System\YxUcJaS.exe
  2⤵
  PID:6820
- C:\Windows\System\NuISnWo.exe
  C:\Windows\System\NuISnWo.exe
  2⤵
  PID:6880
- C:\Windows\System\WdCqTJm.exe
  C:\Windows\System\WdCqTJm.exe
  2⤵
  PID:6856
- C:\Windows\System\puHcOoT.exe
  C:\Windows\System\puHcOoT.exe
  2⤵
  PID:6924
- C:\Windows\System\ahijZUx.exe
  C:\Windows\System\ahijZUx.exe
  2⤵
  PID:7024
- C:\Windows\System\uJEvUhm.exe
  C:\Windows\System\uJEvUhm.exe
  2⤵
  PID:7044
- C:\Windows\System\gNrUNtc.exe
  C:\Windows\System\gNrUNtc.exe
  2⤵
  PID:7156
- C:\Windows\System\zSZtIps.exe
  C:\Windows\System\zSZtIps.exe
  2⤵
  PID:7104
- C:\Windows\System\fRinzCb.exe
  C:\Windows\System\fRinzCb.exe
  2⤵
  PID:5484
- C:\Windows\System\LngzYaV.exe
  C:\Windows\System\LngzYaV.exe
  2⤵
  PID:5804
- C:\Windows\System\IvzFRiz.exe
  C:\Windows\System\IvzFRiz.exe
  2⤵
  PID:5964
- C:\Windows\System\JlivyLq.exe
  C:\Windows\System\JlivyLq.exe
  2⤵
  PID:6080
- C:\Windows\System\FpFMBLA.exe
  C:\Windows\System\FpFMBLA.exe
  2⤵
  PID:6088
- C:\Windows\System\DUhxQas.exe
  C:\Windows\System\DUhxQas.exe
  2⤵
  PID:6168
- C:\Windows\System\wcWYxnc.exe
  C:\Windows\System\wcWYxnc.exe
  2⤵
  PID:6176
- C:\Windows\System\vSSTrYh.exe
  C:\Windows\System\vSSTrYh.exe
  2⤵
  PID:6328
- C:\Windows\System\rJgxFbR.exe
  C:\Windows\System\rJgxFbR.exe
  2⤵
  PID:6460
- C:\Windows\System\mTnXBHJ.exe
  C:\Windows\System\mTnXBHJ.exe
  2⤵
  PID:6536
- C:\Windows\System\NnEEyOP.exe
  C:\Windows\System\NnEEyOP.exe
  2⤵
  PID:6724
- C:\Windows\System\GIUsYVq.exe
  C:\Windows\System\GIUsYVq.exe
  2⤵
  PID:6644
- C:\Windows\System\ieGcmzx.exe
  C:\Windows\System\ieGcmzx.exe
  2⤵
  PID:6760
- C:\Windows\System\YsHSpJB.exe
  C:\Windows\System\YsHSpJB.exe
  2⤵
  PID:2240
- C:\Windows\System\EPyTpsk.exe
  C:\Windows\System\EPyTpsk.exe
  2⤵
  PID:7000
- C:\Windows\System\paIJbrQ.exe
  C:\Windows\System\paIJbrQ.exe
  2⤵
  PID:6956
- C:\Windows\System\swFmBOi.exe
  C:\Windows\System\swFmBOi.exe
  2⤵
  PID:2552
- C:\Windows\System\hvKOGqs.exe
  C:\Windows\System\hvKOGqs.exe
  2⤵
  PID:7100
- C:\Windows\System\ZzXQVtf.exe
  C:\Windows\System\ZzXQVtf.exe
  2⤵
  PID:2920
- C:\Windows\System\SniCxVI.exe
  C:\Windows\System\SniCxVI.exe
  2⤵
  PID:5928
- C:\Windows\System\KwkfqQE.exe
  C:\Windows\System\KwkfqQE.exe
  2⤵
  PID:6148
- C:\Windows\System\QEiPEII.exe
  C:\Windows\System\QEiPEII.exe
  2⤵
  PID:7176
- C:\Windows\System\fmZIsXO.exe
  C:\Windows\System\fmZIsXO.exe
  2⤵
  PID:7196
- C:\Windows\System\hxohyxk.exe
  C:\Windows\System\hxohyxk.exe
  2⤵
  PID:7216
- C:\Windows\System\PiLbbnw.exe
  C:\Windows\System\PiLbbnw.exe
  2⤵
  PID:7236
- C:\Windows\System\GHSUIeU.exe
  C:\Windows\System\GHSUIeU.exe
  2⤵
  PID:7256
- C:\Windows\System\HdIBnxC.exe
  C:\Windows\System\HdIBnxC.exe
  2⤵
  PID:7280
- C:\Windows\System\WYwUvoK.exe
  C:\Windows\System\WYwUvoK.exe
  2⤵
  PID:7296
- C:\Windows\System\vZFCctH.exe
  C:\Windows\System\vZFCctH.exe
  2⤵
  PID:7320
- C:\Windows\System\gSdPyEI.exe
  C:\Windows\System\gSdPyEI.exe
  2⤵
  PID:7340
- C:\Windows\System\oEbjDeY.exe
  C:\Windows\System\oEbjDeY.exe
  2⤵
  PID:7360
- C:\Windows\System\ShoWWWu.exe
  C:\Windows\System\ShoWWWu.exe
  2⤵
  PID:7380
- C:\Windows\System\jueszYK.exe
  C:\Windows\System\jueszYK.exe
  2⤵
  PID:7400
- C:\Windows\System\fwALyjM.exe
  C:\Windows\System\fwALyjM.exe
  2⤵
  PID:7420
- C:\Windows\System\XaNqABy.exe
  C:\Windows\System\XaNqABy.exe
  2⤵
  PID:7440
- C:\Windows\System\sNXCkYB.exe
  C:\Windows\System\sNXCkYB.exe
  2⤵
  PID:7460
- C:\Windows\System\HHWwjqM.exe
  C:\Windows\System\HHWwjqM.exe
  2⤵
  PID:7480
- C:\Windows\System\yymtQCN.exe
  C:\Windows\System\yymtQCN.exe
  2⤵
  PID:7500
- C:\Windows\System\lrCEPaQ.exe
  C:\Windows\System\lrCEPaQ.exe
  2⤵
  PID:7520
- C:\Windows\System\mQyuzdS.exe
  C:\Windows\System\mQyuzdS.exe
  2⤵
  PID:7540
- C:\Windows\System\JgrbpPL.exe
  C:\Windows\System\JgrbpPL.exe
  2⤵
  PID:7560
- C:\Windows\System\rRhmkrD.exe
  C:\Windows\System\rRhmkrD.exe
  2⤵
  PID:7580
- C:\Windows\System\BErKcOS.exe
  C:\Windows\System\BErKcOS.exe
  2⤵
  PID:7600
- C:\Windows\System\WLlIIfu.exe
  C:\Windows\System\WLlIIfu.exe
  2⤵
  PID:7616
- C:\Windows\System\dZivGxd.exe
  C:\Windows\System\dZivGxd.exe
  2⤵
  PID:7640
- C:\Windows\System\CsqchWH.exe
  C:\Windows\System\CsqchWH.exe
  2⤵
  PID:7660
- C:\Windows\System\Unrwaxr.exe
  C:\Windows\System\Unrwaxr.exe
  2⤵
  PID:7684
- C:\Windows\System\ikTgpTH.exe
  C:\Windows\System\ikTgpTH.exe
  2⤵
  PID:7704
- C:\Windows\System\LiZbqyu.exe
  C:\Windows\System\LiZbqyu.exe
  2⤵
  PID:7720
- C:\Windows\System\AnaFqFg.exe
  C:\Windows\System\AnaFqFg.exe
  2⤵
  PID:7744
- C:\Windows\System\eMSjxcE.exe
  C:\Windows\System\eMSjxcE.exe
  2⤵
  PID:7764
- C:\Windows\System\NqFGANK.exe
  C:\Windows\System\NqFGANK.exe
  2⤵
  PID:7784
- C:\Windows\System\INxRLvF.exe
  C:\Windows\System\INxRLvF.exe
  2⤵
  PID:7804
- C:\Windows\System\zJrIfhZ.exe
  C:\Windows\System\zJrIfhZ.exe
  2⤵
  PID:7820
- C:\Windows\System\lGnqqxK.exe
  C:\Windows\System\lGnqqxK.exe
  2⤵
  PID:7840
- C:\Windows\System\WSpVnyD.exe
  C:\Windows\System\WSpVnyD.exe
  2⤵
  PID:7864
- C:\Windows\System\XgeVVsY.exe
  C:\Windows\System\XgeVVsY.exe
  2⤵
  PID:7884
- C:\Windows\System\CJkldkz.exe
  C:\Windows\System\CJkldkz.exe
  2⤵
  PID:7904
- C:\Windows\System\pWDVOjX.exe
  C:\Windows\System\pWDVOjX.exe
  2⤵
  PID:7924
- C:\Windows\System\aEHydpR.exe
  C:\Windows\System\aEHydpR.exe
  2⤵
  PID:7944
- C:\Windows\System\QriPeFY.exe
  C:\Windows\System\QriPeFY.exe
  2⤵
  PID:7964
- C:\Windows\System\UstOLKM.exe
  C:\Windows\System\UstOLKM.exe
  2⤵
  PID:7984
- C:\Windows\System\HhPxqyr.exe
  C:\Windows\System\HhPxqyr.exe
  2⤵
  PID:8004
- C:\Windows\System\QItQLhA.exe
  C:\Windows\System\QItQLhA.exe
  2⤵
  PID:8024
- C:\Windows\System\WYfDiTJ.exe
  C:\Windows\System\WYfDiTJ.exe
  2⤵
  PID:8044
- C:\Windows\System\MGPkIiB.exe
  C:\Windows\System\MGPkIiB.exe
  2⤵
  PID:8064
- C:\Windows\System\VQXZpzM.exe
  C:\Windows\System\VQXZpzM.exe
  2⤵
  PID:8088
- C:\Windows\System\CmhxYMb.exe
  C:\Windows\System\CmhxYMb.exe
  2⤵
  PID:8104
- C:\Windows\System\WYkoQDc.exe
  C:\Windows\System\WYkoQDc.exe
  2⤵
  PID:8120
- C:\Windows\System\AdOCdrW.exe
  C:\Windows\System\AdOCdrW.exe
  2⤵
  PID:8144
- C:\Windows\System\WbUSZCH.exe
  C:\Windows\System\WbUSZCH.exe
  2⤵
  PID:8168
- C:\Windows\System\BEwzSPt.exe
  C:\Windows\System\BEwzSPt.exe
  2⤵
  PID:8188
- C:\Windows\System\pmmtCid.exe
  C:\Windows\System\pmmtCid.exe
  2⤵
  PID:6560
- C:\Windows\System\pGaLmWS.exe
  C:\Windows\System\pGaLmWS.exe
  2⤵
  PID:6432
- C:\Windows\System\TIqsuRP.exe
  C:\Windows\System\TIqsuRP.exe
  2⤵
  PID:6824
- C:\Windows\System\WJWFBFn.exe
  C:\Windows\System\WJWFBFn.exe
  2⤵
  PID:6896
- C:\Windows\System\SLeHski.exe
  C:\Windows\System\SLeHski.exe
  2⤵
  PID:7040
- C:\Windows\System\ykeDKzk.exe
  C:\Windows\System\ykeDKzk.exe
  2⤵
  PID:5384
- C:\Windows\System\ErixCOy.exe
  C:\Windows\System\ErixCOy.exe
  2⤵
  PID:5940
- C:\Windows\System\UlLrURG.exe
  C:\Windows\System\UlLrURG.exe
  2⤵
  PID:6068
- C:\Windows\System\fWnVaSM.exe
  C:\Windows\System\fWnVaSM.exe
  2⤵
  PID:2960
- C:\Windows\System\aNQYZGQ.exe
  C:\Windows\System\aNQYZGQ.exe
  2⤵
  PID:5196
- C:\Windows\System\ZLDUhBv.exe
  C:\Windows\System\ZLDUhBv.exe
  2⤵
  PID:7232
- C:\Windows\System\nCrcyGa.exe
  C:\Windows\System\nCrcyGa.exe
  2⤵
  PID:7276
- C:\Windows\System\uSAMHgD.exe
  C:\Windows\System\uSAMHgD.exe
  2⤵
  PID:7308
- C:\Windows\System\wZnliFa.exe
  C:\Windows\System\wZnliFa.exe
  2⤵
  PID:6944
- C:\Windows\System\VEunaGO.exe
  C:\Windows\System\VEunaGO.exe
  2⤵
  PID:7352
- C:\Windows\System\aKCStvG.exe
  C:\Windows\System\aKCStvG.exe
  2⤵
  PID:7376
- C:\Windows\System\JicfaWR.exe
  C:\Windows\System\JicfaWR.exe
  2⤵
  PID:7428
- C:\Windows\System\scHnvEB.exe
  C:\Windows\System\scHnvEB.exe
  2⤵
  PID:7468
- C:\Windows\System\iMkAuGk.exe
  C:\Windows\System\iMkAuGk.exe
  2⤵
  PID:7452
- C:\Windows\System\QeaLEEC.exe
  C:\Windows\System\QeaLEEC.exe
  2⤵
  PID:7492
- C:\Windows\System\DPuTYfd.exe
  C:\Windows\System\DPuTYfd.exe
  2⤵
  PID:7528
- C:\Windows\System\MtoAcaZ.exe
  C:\Windows\System\MtoAcaZ.exe
  2⤵
  PID:7592
- C:\Windows\System\gSIVSzh.exe
  C:\Windows\System\gSIVSzh.exe
  2⤵
  PID:7576
- C:\Windows\System\bEMJBNz.exe
  C:\Windows\System\bEMJBNz.exe
  2⤵
  PID:7608
- C:\Windows\System\PsERzIG.exe
  C:\Windows\System\PsERzIG.exe
  2⤵
  PID:7652
- C:\Windows\System\rsGbadX.exe
  C:\Windows\System\rsGbadX.exe
  2⤵
  PID:7700
- C:\Windows\System\qSbMPKS.exe
  C:\Windows\System\qSbMPKS.exe
  2⤵
  PID:7760
- C:\Windows\System\jmALWrq.exe
  C:\Windows\System\jmALWrq.exe
  2⤵
  PID:7772
- C:\Windows\System\HLRAWMF.exe
  C:\Windows\System\HLRAWMF.exe
  2⤵
  PID:7828
- C:\Windows\System\mxbOphQ.exe
  C:\Windows\System\mxbOphQ.exe
  2⤵
  PID:7880
- C:\Windows\System\RbbeGmv.exe
  C:\Windows\System\RbbeGmv.exe
  2⤵
  PID:7860
- C:\Windows\System\ihCsAkx.exe
  C:\Windows\System\ihCsAkx.exe
  2⤵
  PID:7920
- C:\Windows\System\FhUWxMH.exe
  C:\Windows\System\FhUWxMH.exe
  2⤵
  PID:7940
- C:\Windows\System\qSefTxS.exe
  C:\Windows\System\qSefTxS.exe
  2⤵
  PID:8000
- C:\Windows\System\jydOkrG.exe
  C:\Windows\System\jydOkrG.exe
  2⤵
  PID:7976
- C:\Windows\System\TikuKKt.exe
  C:\Windows\System\TikuKKt.exe
  2⤵
  PID:2728
- C:\Windows\System\WFDUzqe.exe
  C:\Windows\System\WFDUzqe.exe
  2⤵
  PID:8056
- C:\Windows\System\lYLLhIs.exe
  C:\Windows\System\lYLLhIs.exe
  2⤵
  PID:8152
- C:\Windows\System\ptYudXG.exe
  C:\Windows\System\ptYudXG.exe
  2⤵
  PID:8100
- C:\Windows\System\MVKuLzW.exe
  C:\Windows\System\MVKuLzW.exe
  2⤵
  PID:8176
- C:\Windows\System\uuswoZO.exe
  C:\Windows\System\uuswoZO.exe
  2⤵
  PID:8180
- C:\Windows\System\QNnKxyU.exe
  C:\Windows\System\QNnKxyU.exe
  2⤵
  PID:6736
- C:\Windows\System\bbkIwkL.exe
  C:\Windows\System\bbkIwkL.exe
  2⤵
  PID:6916
- C:\Windows\System\pmxIwIg.exe
  C:\Windows\System\pmxIwIg.exe
  2⤵
  PID:7056
- C:\Windows\System\HkxeoWq.exe
  C:\Windows\System\HkxeoWq.exe
  2⤵
  PID:5220
- C:\Windows\System\qHoudIg.exe
  C:\Windows\System\qHoudIg.exe
  2⤵
  PID:7192
- C:\Windows\System\aIroohO.exe
  C:\Windows\System\aIroohO.exe
  2⤵
  PID:7172
- C:\Windows\System\sylTAkE.exe
  C:\Windows\System\sylTAkE.exe
  2⤵
  PID:7304
- C:\Windows\System\MsFIoVp.exe
  C:\Windows\System\MsFIoVp.exe
  2⤵
  PID:7292
- C:\Windows\System\EwaVlxq.exe
  C:\Windows\System\EwaVlxq.exe
  2⤵
  PID:7368
- C:\Windows\System\DqIMVKd.exe
  C:\Windows\System\DqIMVKd.exe
  2⤵
  PID:7456
- C:\Windows\System\gsxFsxq.exe
  C:\Windows\System\gsxFsxq.exe
  2⤵
  PID:7412
- C:\Windows\System\SZFKJjx.exe
  C:\Windows\System\SZFKJjx.exe
  2⤵
  PID:7496
- C:\Windows\System\JbiZUcg.exe
  C:\Windows\System\JbiZUcg.exe
  2⤵
  PID:7596
- C:\Windows\System\TZRTHGH.exe
  C:\Windows\System\TZRTHGH.exe
  2⤵
  PID:7648
- C:\Windows\System\dsdrKpS.exe
  C:\Windows\System\dsdrKpS.exe
  2⤵
  PID:7752
- C:\Windows\System\WZBxUCO.exe
  C:\Windows\System\WZBxUCO.exe
  2⤵
  PID:7692
- C:\Windows\System\SygDYVY.exe
  C:\Windows\System\SygDYVY.exe
  2⤵
  PID:7776
- C:\Windows\System\uEsYugH.exe
  C:\Windows\System\uEsYugH.exe
  2⤵
  PID:7812
- C:\Windows\System\YLellsR.exe
  C:\Windows\System\YLellsR.exe
  2⤵
  PID:7892
- C:\Windows\System\WNvUVMi.exe
  C:\Windows\System\WNvUVMi.exe
  2⤵
  PID:7960
- C:\Windows\System\TRGvHoS.exe
  C:\Windows\System\TRGvHoS.exe
  2⤵
  PID:7972
- C:\Windows\System\CjdPzrB.exe
  C:\Windows\System\CjdPzrB.exe
  2⤵
  PID:8060
- C:\Windows\System\nNSItnb.exe
  C:\Windows\System\nNSItnb.exe
  2⤵
  PID:8112
- C:\Windows\System\IDOqJZJ.exe
  C:\Windows\System\IDOqJZJ.exe
  2⤵
  PID:8184
- C:\Windows\System\AaMoHDX.exe
  C:\Windows\System\AaMoHDX.exe
  2⤵
  PID:6504
- C:\Windows\System\ofQoHIB.exe
  C:\Windows\System\ofQoHIB.exe
  2⤵
  PID:6616
- C:\Windows\System\ciVQpzc.exe
  C:\Windows\System\ciVQpzc.exe
  2⤵
  PID:6040
- C:\Windows\System\xXdKTZt.exe
  C:\Windows\System\xXdKTZt.exe
  2⤵
  PID:7208
- C:\Windows\System\XjVPdes.exe
  C:\Windows\System\XjVPdes.exe
  2⤵
  PID:7252
- C:\Windows\System\mvIRDbj.exe
  C:\Windows\System\mvIRDbj.exe
  2⤵
  PID:7408
- C:\Windows\System\RPttzsK.exe
  C:\Windows\System\RPttzsK.exe
  2⤵
  PID:7432
- C:\Windows\System\utLeWoN.exe
  C:\Windows\System\utLeWoN.exe
  2⤵
  PID:2272
- C:\Windows\System\xIQzstE.exe
  C:\Windows\System\xIQzstE.exe
  2⤵
  PID:7656
- C:\Windows\System\btADzit.exe
  C:\Windows\System\btADzit.exe
  2⤵
  PID:2648
- C:\Windows\System\FLLZVCQ.exe
  C:\Windows\System\FLLZVCQ.exe
  2⤵
  PID:7756
- C:\Windows\System\EPslAJV.exe
  C:\Windows\System\EPslAJV.exe
  2⤵
  PID:4464
- C:\Windows\System\yYVPJOl.exe
  C:\Windows\System\yYVPJOl.exe
  2⤵
  PID:7912
- C:\Windows\System\ZvVUAvZ.exe
  C:\Windows\System\ZvVUAvZ.exe
  2⤵
  PID:7992
- C:\Windows\System\degGVRG.exe
  C:\Windows\System\degGVRG.exe
  2⤵
  PID:2664
- C:\Windows\System\AaitVED.exe
  C:\Windows\System\AaitVED.exe
  2⤵
  PID:8136
- C:\Windows\System\TmCMhvq.exe
  C:\Windows\System\TmCMhvq.exe
  2⤵
  PID:1796
- C:\Windows\System\PtNOCPH.exe
  C:\Windows\System\PtNOCPH.exe
  2⤵
  PID:7004
- C:\Windows\System\fXNnQXl.exe
  C:\Windows\System\fXNnQXl.exe
  2⤵
  PID:7356
- C:\Windows\System\dsgMxKt.exe
  C:\Windows\System\dsgMxKt.exe
  2⤵
  PID:8200
- C:\Windows\System\XXzYzMc.exe
  C:\Windows\System\XXzYzMc.exe
  2⤵
  PID:8220
- C:\Windows\System\xtPoMXj.exe
  C:\Windows\System\xtPoMXj.exe
  2⤵
  PID:8240
- C:\Windows\System\HRnQtci.exe
  C:\Windows\System\HRnQtci.exe
  2⤵
  PID:8260
- C:\Windows\System\UTbsneW.exe
  C:\Windows\System\UTbsneW.exe
  2⤵
  PID:8280
- C:\Windows\System\PcatiKj.exe
  C:\Windows\System\PcatiKj.exe
  2⤵
  PID:8300
- C:\Windows\System\wJixrjM.exe
  C:\Windows\System\wJixrjM.exe
  2⤵
  PID:8320
- C:\Windows\System\EXACCAD.exe
  C:\Windows\System\EXACCAD.exe
  2⤵
  PID:8340
- C:\Windows\System\LKtszTE.exe
  C:\Windows\System\LKtszTE.exe
  2⤵
  PID:8360
- C:\Windows\System\lycLDxR.exe
  C:\Windows\System\lycLDxR.exe
  2⤵
  PID:8380
- C:\Windows\System\THqRYFC.exe
  C:\Windows\System\THqRYFC.exe
  2⤵
  PID:8400
- C:\Windows\System\ZWWGakS.exe
  C:\Windows\System\ZWWGakS.exe
  2⤵
  PID:8420
- C:\Windows\System\qbDSsIg.exe
  C:\Windows\System\qbDSsIg.exe
  2⤵
  PID:8440
- C:\Windows\System\GkthpxJ.exe
  C:\Windows\System\GkthpxJ.exe
  2⤵
  PID:8460
- C:\Windows\System\refSloF.exe
  C:\Windows\System\refSloF.exe
  2⤵
  PID:8480
- C:\Windows\System\liRmUIl.exe
  C:\Windows\System\liRmUIl.exe
  2⤵
  PID:8500
- C:\Windows\System\HRhlQUt.exe
  C:\Windows\System\HRhlQUt.exe
  2⤵
  PID:8520
- C:\Windows\System\YuYxafD.exe
  C:\Windows\System\YuYxafD.exe
  2⤵
  PID:8540
- C:\Windows\System\Dkzrzbp.exe
  C:\Windows\System\Dkzrzbp.exe
  2⤵
  PID:8560
- C:\Windows\System\lghoWkv.exe
  C:\Windows\System\lghoWkv.exe
  2⤵
  PID:8580
- C:\Windows\System\KjxyCWi.exe
  C:\Windows\System\KjxyCWi.exe
  2⤵
  PID:8600
- C:\Windows\System\tBCIQmB.exe
  C:\Windows\System\tBCIQmB.exe
  2⤵
  PID:8620
- C:\Windows\System\jcHttFI.exe
  C:\Windows\System\jcHttFI.exe
  2⤵
  PID:8640
- C:\Windows\System\xrsbfsC.exe
  C:\Windows\System\xrsbfsC.exe
  2⤵
  PID:8660
- C:\Windows\System\BvdaXhA.exe
  C:\Windows\System\BvdaXhA.exe
  2⤵
  PID:8680
- C:\Windows\System\sYicpcp.exe
  C:\Windows\System\sYicpcp.exe
  2⤵
  PID:8700
- C:\Windows\System\wIBrVQp.exe
  C:\Windows\System\wIBrVQp.exe
  2⤵
  PID:8720
- C:\Windows\System\tNVFDLs.exe
  C:\Windows\System\tNVFDLs.exe
  2⤵
  PID:8740
- C:\Windows\System\BNzEyUX.exe
  C:\Windows\System\BNzEyUX.exe
  2⤵
  PID:8760
- C:\Windows\System\sUWGNot.exe
  C:\Windows\System\sUWGNot.exe
  2⤵
  PID:8780
- C:\Windows\System\cUtOCuF.exe
  C:\Windows\System\cUtOCuF.exe
  2⤵
  PID:8804
- C:\Windows\System\okqatbn.exe
  C:\Windows\System\okqatbn.exe
  2⤵
  PID:8824
- C:\Windows\System\eRlIoqk.exe
  C:\Windows\System\eRlIoqk.exe
  2⤵
  PID:8844
- C:\Windows\System\WgwjZue.exe
  C:\Windows\System\WgwjZue.exe
  2⤵
  PID:8864
- C:\Windows\System\heOnCpW.exe
  C:\Windows\System\heOnCpW.exe
  2⤵
  PID:8884
- C:\Windows\System\RnweOfP.exe
  C:\Windows\System\RnweOfP.exe
  2⤵
  PID:8904
- C:\Windows\System\oaepaQE.exe
  C:\Windows\System\oaepaQE.exe
  2⤵
  PID:8924
- C:\Windows\System\iCEAjnj.exe
  C:\Windows\System\iCEAjnj.exe
  2⤵
  PID:8944
- C:\Windows\System\iGJPdCh.exe
  C:\Windows\System\iGJPdCh.exe
  2⤵
  PID:8964
- C:\Windows\System\DJJOtSi.exe
  C:\Windows\System\DJJOtSi.exe
  2⤵
  PID:8984
- C:\Windows\System\JxaDype.exe
  C:\Windows\System\JxaDype.exe
  2⤵
  PID:9004
- C:\Windows\System\OYLwuKd.exe
  C:\Windows\System\OYLwuKd.exe
  2⤵
  PID:9024
- C:\Windows\System\eLbtRgA.exe
  C:\Windows\System\eLbtRgA.exe
  2⤵
  PID:9044
- C:\Windows\System\EIogGzH.exe
  C:\Windows\System\EIogGzH.exe
  2⤵
  PID:9064
- C:\Windows\System\MlxdkSa.exe
  C:\Windows\System\MlxdkSa.exe
  2⤵
  PID:9084
- C:\Windows\System\JCgPSbs.exe
  C:\Windows\System\JCgPSbs.exe
  2⤵
  PID:9104
- C:\Windows\System\UZWPxcd.exe
  C:\Windows\System\UZWPxcd.exe
  2⤵
  PID:9124
- C:\Windows\System\jEfkBMO.exe
  C:\Windows\System\jEfkBMO.exe
  2⤵
  PID:9144
- C:\Windows\System\DGtVCjT.exe
  C:\Windows\System\DGtVCjT.exe
  2⤵
  PID:9164
- C:\Windows\System\sdVMclm.exe
  C:\Windows\System\sdVMclm.exe
  2⤵
  PID:9180
- C:\Windows\System\JsAeeqp.exe
  C:\Windows\System\JsAeeqp.exe
  2⤵
  PID:9196
- C:\Windows\System\SjgbCUE.exe
  C:\Windows\System\SjgbCUE.exe
  2⤵
  PID:9212
- C:\Windows\System\fgVNtwH.exe
  C:\Windows\System\fgVNtwH.exe
  2⤵
  PID:7552
- C:\Windows\System\ATNYReF.exe
  C:\Windows\System\ATNYReF.exe
  2⤵
  PID:7628
- C:\Windows\System\QeBSufd.exe
  C:\Windows\System\QeBSufd.exe
  2⤵
  PID:7836
- C:\Windows\System\AUAOsQO.exe
  C:\Windows\System\AUAOsQO.exe
  2⤵
  PID:4460
- C:\Windows\System\yLddnyV.exe
  C:\Windows\System\yLddnyV.exe
  2⤵
  PID:7848
- C:\Windows\System\XTHZpxP.exe
  C:\Windows\System\XTHZpxP.exe
  2⤵
  PID:8164
- C:\Windows\System\KuKusrx.exe
  C:\Windows\System\KuKusrx.exe
  2⤵
  PID:2312
- C:\Windows\System\YMXSeZV.exe
  C:\Windows\System\YMXSeZV.exe
  2⤵
  PID:956
- C:\Windows\System\MzvQKBA.exe
  C:\Windows\System\MzvQKBA.exe
  2⤵
  PID:7268
- C:\Windows\System\HQDfeuP.exe
  C:\Windows\System\HQDfeuP.exe
  2⤵
  PID:8236
- C:\Windows\System\UIvcTxN.exe
  C:\Windows\System\UIvcTxN.exe
  2⤵
  PID:8248
- C:\Windows\System\fGLFvNh.exe
  C:\Windows\System\fGLFvNh.exe
  2⤵
  PID:8252
- C:\Windows\System\YbRArJz.exe
  C:\Windows\System\YbRArJz.exe
  2⤵
  PID:8288
- C:\Windows\System\pPvgzyR.exe
  C:\Windows\System\pPvgzyR.exe
  2⤵
  PID:8392
- C:\Windows\System\LcppZsR.exe
  C:\Windows\System\LcppZsR.exe
  2⤵
  PID:8432
- C:\Windows\System\DxrueDA.exe
  C:\Windows\System\DxrueDA.exe
  2⤵
  PID:2964
- C:\Windows\System\eipcxHO.exe
  C:\Windows\System\eipcxHO.exe
  2⤵
  PID:8548
- C:\Windows\System\ZMNYQVS.exe
  C:\Windows\System\ZMNYQVS.exe
  2⤵
  PID:2708
- C:\Windows\System\KTFCYKJ.exe
  C:\Windows\System\KTFCYKJ.exe
  2⤵
  PID:1172
- C:\Windows\System\thmSGXg.exe
  C:\Windows\System\thmSGXg.exe
  2⤵
  PID:8592
- C:\Windows\System\tHorluK.exe
  C:\Windows\System\tHorluK.exe
  2⤵
  PID:8616
- C:\Windows\System\naEfyRx.exe
  C:\Windows\System\naEfyRx.exe
  2⤵
  PID:1784
- C:\Windows\System\GzAmCLt.exe
  C:\Windows\System\GzAmCLt.exe
  2⤵
  PID:640
- C:\Windows\System\ksmgBUB.exe
  C:\Windows\System\ksmgBUB.exe
  2⤵
  PID:2144
- C:\Windows\System\lNQnqaE.exe
  C:\Windows\System\lNQnqaE.exe
  2⤵
  PID:8712
- C:\Windows\System\InepaYs.exe
  C:\Windows\System\InepaYs.exe
  2⤵
  PID:8756
- C:\Windows\System\qutFAyq.exe
  C:\Windows\System\qutFAyq.exe
  2⤵
  PID:8800
- C:\Windows\System\lyEPkQQ.exe
  C:\Windows\System\lyEPkQQ.exe
  2⤵
  PID:8820
- C:\Windows\System\zvKlWGp.exe
  C:\Windows\System\zvKlWGp.exe
  2⤵
  PID:8880
- C:\Windows\System\CTmDUbR.exe
  C:\Windows\System\CTmDUbR.exe
  2⤵
  PID:8876
- C:\Windows\System\vkQRoZN.exe
  C:\Windows\System\vkQRoZN.exe
  2⤵
  PID:8892
- C:\Windows\System\JqoljeG.exe
  C:\Windows\System\JqoljeG.exe
  2⤵
  PID:8932
- C:\Windows\System\cwMBCqC.exe
  C:\Windows\System\cwMBCqC.exe
  2⤵
  PID:8960
- C:\Windows\System\HEToZRV.exe
  C:\Windows\System\HEToZRV.exe
  2⤵
  PID:8972
- C:\Windows\System\aFWaCXn.exe
  C:\Windows\System\aFWaCXn.exe
  2⤵
  PID:9032
- C:\Windows\System\HgoXFUc.exe
  C:\Windows\System\HgoXFUc.exe
  2⤵
  PID:9016
- C:\Windows\System\PYOuKQV.exe
  C:\Windows\System\PYOuKQV.exe
  2⤵
  PID:9080
- C:\Windows\System\tAPNFgU.exe
  C:\Windows\System\tAPNFgU.exe
  2⤵
  PID:9056
- C:\Windows\System\njxgFNR.exe
  C:\Windows\System\njxgFNR.exe
  2⤵
  PID:9096
- C:\Windows\System\OGpzOfZ.exe
  C:\Windows\System\OGpzOfZ.exe
  2⤵
  PID:9176
- C:\Windows\System\EKfKHKI.exe
  C:\Windows\System\EKfKHKI.exe
  2⤵
  PID:2016
- C:\Windows\System\ottBQOR.exe
  C:\Windows\System\ottBQOR.exe
  2⤵
  PID:9208
- C:\Windows\System\EtSQPyY.exe
  C:\Windows\System\EtSQPyY.exe
  2⤵
  PID:7716
- C:\Windows\System\kowNKQB.exe
  C:\Windows\System\kowNKQB.exe
  2⤵
  PID:8036
- C:\Windows\System\KHhDtSh.exe
  C:\Windows\System\KHhDtSh.exe
  2⤵
  PID:8156
- C:\Windows\System\BYdNspW.exe
  C:\Windows\System\BYdNspW.exe
  2⤵
  PID:7212
- C:\Windows\System\bshpdqy.exe
  C:\Windows\System\bshpdqy.exe
  2⤵
  PID:8196
- C:\Windows\System\AUxAMdJ.exe
  C:\Windows\System\AUxAMdJ.exe
  2⤵
  PID:8208
- C:\Windows\System\fzpaedS.exe
  C:\Windows\System\fzpaedS.exe
  2⤵
  PID:8276
- C:\Windows\System\inRulDz.exe
  C:\Windows\System\inRulDz.exe
  2⤵
  PID:8388
- C:\Windows\System\kHuaspR.exe
  C:\Windows\System\kHuaspR.exe
  2⤵
  PID:8396
- C:\Windows\System\XMedQjD.exe
  C:\Windows\System\XMedQjD.exe
  2⤵
  PID:8468
- C:\Windows\System\zoeuNjs.exe
  C:\Windows\System\zoeuNjs.exe
  2⤵
  PID:2168
- C:\Windows\System\AVAMRVt.exe
  C:\Windows\System\AVAMRVt.exe
  2⤵
  PID:8516
- C:\Windows\System\YccMSyL.exe
  C:\Windows\System\YccMSyL.exe
  2⤵
  PID:2592
- C:\Windows\System\gyrHAkh.exe
  C:\Windows\System\gyrHAkh.exe
  2⤵
  PID:2448
- C:\Windows\System\ZzFVKxr.exe
  C:\Windows\System\ZzFVKxr.exe
  2⤵
  PID:8596
- C:\Windows\System\TLyXdVy.exe
  C:\Windows\System\TLyXdVy.exe
  2⤵
  PID:8648
- C:\Windows\System\LNsuIwP.exe
  C:\Windows\System\LNsuIwP.exe
  2⤵
  PID:2400
- C:\Windows\System\vLkOnwH.exe
  C:\Windows\System\vLkOnwH.exe
  2⤵
  PID:2760
- C:\Windows\System\tflLzej.exe
  C:\Windows\System\tflLzej.exe
  2⤵
  PID:8728
- C:\Windows\System\vZgnVRL.exe
  C:\Windows\System\vZgnVRL.exe
  2⤵
  PID:8768
- C:\Windows\System\NGyJlUP.exe
  C:\Windows\System\NGyJlUP.exe
  2⤵
  PID:8832
- C:\Windows\System\CuQIrQo.exe
  C:\Windows\System\CuQIrQo.exe
  2⤵
  PID:8896
- C:\Windows\System\dUCerfZ.exe
  C:\Windows\System\dUCerfZ.exe
  2⤵
  PID:8836
- C:\Windows\System\dsZLGuN.exe
  C:\Windows\System\dsZLGuN.exe
  2⤵
  PID:8916
- C:\Windows\System\hteNJpX.exe
  C:\Windows\System\hteNJpX.exe
  2⤵
  PID:8980
- C:\Windows\System\wRUaCMJ.exe
  C:\Windows\System\wRUaCMJ.exe
  2⤵
  PID:9112
- C:\Windows\System\XltpfsS.exe
  C:\Windows\System\XltpfsS.exe
  2⤵
  PID:9136
- C:\Windows\System\osUiSHz.exe
  C:\Windows\System\osUiSHz.exe
  2⤵
  PID:9060
- C:\Windows\System\LWJCYJt.exe
  C:\Windows\System\LWJCYJt.exe
  2⤵
  PID:2816
- C:\Windows\System\eANdQdl.exe
  C:\Windows\System\eANdQdl.exe
  2⤵
  PID:912
- C:\Windows\System\RVehDQq.exe
  C:\Windows\System\RVehDQq.exe
  2⤵
  PID:7516
- C:\Windows\System\MHznHTd.exe
  C:\Windows\System\MHznHTd.exe
  2⤵
  PID:7672
- C:\Windows\System\kKUSKUk.exe
  C:\Windows\System\kKUSKUk.exe
  2⤵
  PID:7956
- C:\Windows\System\MlWAlZE.exe
  C:\Windows\System\MlWAlZE.exe
  2⤵
  PID:2756
- C:\Windows\System\FJPsyNs.exe
  C:\Windows\System\FJPsyNs.exe
  2⤵
  PID:1156
- C:\Windows\System\uyasYhI.exe
  C:\Windows\System\uyasYhI.exe
  2⤵
  PID:8456
- C:\Windows\System\WQVPCxG.exe
  C:\Windows\System\WQVPCxG.exe
  2⤵
  PID:8536
- C:\Windows\System\RgQpUzc.exe
  C:\Windows\System\RgQpUzc.exe
  2⤵
  PID:1648
- C:\Windows\System\JCNOXzu.exe
  C:\Windows\System\JCNOXzu.exe
  2⤵
  PID:8572
- C:\Windows\System\AaZVWqa.exe
  C:\Windows\System\AaZVWqa.exe
  2⤵
  PID:8668
- C:\Windows\System\CjkaONQ.exe
  C:\Windows\System\CjkaONQ.exe
  2⤵
  PID:6516
- C:\Windows\System\QIzAgOe.exe
  C:\Windows\System\QIzAgOe.exe
  2⤵
  PID:2268
- C:\Windows\System\TPImNqJ.exe
  C:\Windows\System\TPImNqJ.exe
  2⤵
  PID:8708
- C:\Windows\System\EBprPmm.exe
  C:\Windows\System\EBprPmm.exe
  2⤵
  PID:8772
- C:\Windows\System\CBgUizo.exe
  C:\Windows\System\CBgUizo.exe
  2⤵
  PID:9192
- C:\Windows\System\KeGNeCq.exe
  C:\Windows\System\KeGNeCq.exe
  2⤵
  PID:6348
- C:\Windows\System\YYPzEzV.exe
  C:\Windows\System\YYPzEzV.exe
  2⤵
  PID:8716
- C:\Windows\System\yCBqvCM.exe
  C:\Windows\System\yCBqvCM.exe
  2⤵
  PID:7328
- C:\Windows\System\lXHLzRK.exe
  C:\Windows\System\lXHLzRK.exe
  2⤵
  PID:8316
- C:\Windows\System\NbZeQbA.exe
  C:\Windows\System\NbZeQbA.exe
  2⤵
  PID:8272
- C:\Windows\System\qXURWto.exe
  C:\Windows\System\qXURWto.exe
  2⤵
  PID:8356
- C:\Windows\System\vXzNIjw.exe
  C:\Windows\System\vXzNIjw.exe
  2⤵
  PID:8416
- C:\Windows\System\HQPlgqh.exe
  C:\Windows\System\HQPlgqh.exe
  2⤵
  PID:9000
- C:\Windows\System\wizSwZw.exe
  C:\Windows\System\wizSwZw.exe
  2⤵
  PID:8996
- C:\Windows\System\amOuulS.exe
  C:\Windows\System\amOuulS.exe
  2⤵
  PID:1328
- C:\Windows\System\ClqZFuC.exe
  C:\Windows\System\ClqZFuC.exe
  2⤵
  PID:8636
- C:\Windows\System\FnJaURA.exe
  C:\Windows\System\FnJaURA.exe
  2⤵
  PID:8736
- C:\Windows\System\eqDyjiP.exe
  C:\Windows\System\eqDyjiP.exe
  2⤵
  PID:8328
- C:\Windows\System\wjyWGMk.exe
  C:\Windows\System\wjyWGMk.exe
  2⤵
  PID:7448
- C:\Windows\System\tmBqneN.exe
  C:\Windows\System\tmBqneN.exe
  2⤵
  PID:8692
- C:\Windows\System\HcrbwpR.exe
  C:\Windows\System\HcrbwpR.exe
  2⤵
  PID:8920
- C:\Windows\System\BuasPfB.exe
  C:\Windows\System\BuasPfB.exe
  2⤵
  PID:2116
- C:\Windows\System\UQVCfny.exe
  C:\Windows\System\UQVCfny.exe
  2⤵
  PID:7856
- C:\Windows\System\yWdqamI.exe
  C:\Windows\System\yWdqamI.exe
  2⤵
  PID:9100
- C:\Windows\System\zAzOOTZ.exe
  C:\Windows\System\zAzOOTZ.exe
  2⤵
  PID:8552
- C:\Windows\System\uuNZVUb.exe
  C:\Windows\System\uuNZVUb.exe
  2⤵
  PID:2120
- C:\Windows\System\xMJRnqA.exe
  C:\Windows\System\xMJRnqA.exe
  2⤵
  PID:7348
- C:\Windows\System\wSzKzQg.exe
  C:\Windows\System\wSzKzQg.exe
  2⤵
  PID:8352
- C:\Windows\System\DKdsbym.exe
  C:\Windows\System\DKdsbym.exe
  2⤵
  PID:9220
- C:\Windows\System\ulpeefO.exe
  C:\Windows\System\ulpeefO.exe
  2⤵
  PID:9236
- C:\Windows\System\ypWItcM.exe
  C:\Windows\System\ypWItcM.exe
  2⤵
  PID:9252
- C:\Windows\System\MdRKyiD.exe
  C:\Windows\System\MdRKyiD.exe
  2⤵
  PID:9304
- C:\Windows\System\ySrwNEO.exe
  C:\Windows\System\ySrwNEO.exe
  2⤵
  PID:9324
- C:\Windows\System\wXJmmLk.exe
  C:\Windows\System\wXJmmLk.exe
  2⤵
  PID:9340
- C:\Windows\System\VZaldZI.exe
  C:\Windows\System\VZaldZI.exe
  2⤵
  PID:9368
- C:\Windows\System\lRlozcQ.exe
  C:\Windows\System\lRlozcQ.exe
  2⤵
  PID:9392
- C:\Windows\System\ChnFmIO.exe
  C:\Windows\System\ChnFmIO.exe
  2⤵
  PID:9412
- C:\Windows\System\wnROLhF.exe
  C:\Windows\System\wnROLhF.exe
  2⤵
  PID:9432
- C:\Windows\System\zyTrDUb.exe
  C:\Windows\System\zyTrDUb.exe
  2⤵
  PID:9448
- C:\Windows\System\WEmOjmD.exe
  C:\Windows\System\WEmOjmD.exe
  2⤵
  PID:9472
- C:\Windows\System\dMOoctP.exe
  C:\Windows\System\dMOoctP.exe
  2⤵
  PID:9492
- C:\Windows\System\QGemEGx.exe
  C:\Windows\System\QGemEGx.exe
  2⤵
  PID:9512
- C:\Windows\System\lfhttJh.exe
  C:\Windows\System\lfhttJh.exe
  2⤵
  PID:9528
- C:\Windows\System\iYQvfue.exe
  C:\Windows\System\iYQvfue.exe
  2⤵
  PID:9552
- C:\Windows\System\aZPqCFo.exe
  C:\Windows\System\aZPqCFo.exe
  2⤵
  PID:9568
- C:\Windows\System\NILpxUq.exe
  C:\Windows\System\NILpxUq.exe
  2⤵
  PID:9592
- C:\Windows\System\MMYUglz.exe
  C:\Windows\System\MMYUglz.exe
  2⤵
  PID:9612
- C:\Windows\System\PcAjeBe.exe
  C:\Windows\System\PcAjeBe.exe
  2⤵
  PID:9632
- C:\Windows\System\JHPTSjX.exe
  C:\Windows\System\JHPTSjX.exe
  2⤵
  PID:9652
- C:\Windows\System\RzNDToL.exe
  C:\Windows\System\RzNDToL.exe
  2⤵
  PID:9672
- C:\Windows\System\QyWZQia.exe
  C:\Windows\System\QyWZQia.exe
  2⤵
  PID:9688
- C:\Windows\System\jviOgzu.exe
  C:\Windows\System\jviOgzu.exe
  2⤵
  PID:9712
- C:\Windows\System\qjbIfWF.exe
  C:\Windows\System\qjbIfWF.exe
  2⤵
  PID:9728
- C:\Windows\System\TArwglI.exe
  C:\Windows\System\TArwglI.exe
  2⤵
  PID:9752
- C:\Windows\System\cTvsXGA.exe
  C:\Windows\System\cTvsXGA.exe
  2⤵
  PID:9772
- C:\Windows\System\WjMQyPu.exe
  C:\Windows\System\WjMQyPu.exe
  2⤵
  PID:9792
- C:\Windows\System\LfBzJHm.exe
  C:\Windows\System\LfBzJHm.exe
  2⤵
  PID:9808
- C:\Windows\System\rAMRuQg.exe
  C:\Windows\System\rAMRuQg.exe
  2⤵
  PID:9832
- C:\Windows\System\VBBkrFq.exe
  C:\Windows\System\VBBkrFq.exe
  2⤵
  PID:9848
- C:\Windows\System\LTOEeZp.exe
  C:\Windows\System\LTOEeZp.exe
  2⤵
  PID:9864
- C:\Windows\System\DdbbhUU.exe
  C:\Windows\System\DdbbhUU.exe
  2⤵
  PID:9888
- C:\Windows\System\jiYqHAJ.exe
  C:\Windows\System\jiYqHAJ.exe
  2⤵
  PID:9912
- C:\Windows\System\OebJkKC.exe
  C:\Windows\System\OebJkKC.exe
  2⤵
  PID:9928
- C:\Windows\System\xMEQbqa.exe
  C:\Windows\System\xMEQbqa.exe
  2⤵
  PID:9956
- C:\Windows\System\uynKqot.exe
  C:\Windows\System\uynKqot.exe
  2⤵
  PID:9976
- C:\Windows\System\frNYqzX.exe
  C:\Windows\System\frNYqzX.exe
  2⤵
  PID:9996
- C:\Windows\System\sGjYtrG.exe
  C:\Windows\System\sGjYtrG.exe
  2⤵
  PID:10012
- C:\Windows\System\JqCjZLy.exe
  C:\Windows\System\JqCjZLy.exe
  2⤵
  PID:10036
- C:\Windows\System\fGWguiD.exe
  C:\Windows\System\fGWguiD.exe
  2⤵
  PID:10052
- C:\Windows\System\yWnCLTt.exe
  C:\Windows\System\yWnCLTt.exe
  2⤵
  PID:10072
- C:\Windows\System\NzxQVfS.exe
  C:\Windows\System\NzxQVfS.exe
  2⤵
  PID:10096
- C:\Windows\System\OaCRqiT.exe
  C:\Windows\System\OaCRqiT.exe
  2⤵
  PID:10116
- C:\Windows\System\jACCoAH.exe
  C:\Windows\System\jACCoAH.exe
  2⤵
  PID:10132
- C:\Windows\System\XVdqLNb.exe
  C:\Windows\System\XVdqLNb.exe
  2⤵
  PID:10156
- C:\Windows\System\kWqVmxp.exe
  C:\Windows\System\kWqVmxp.exe
  2⤵
  PID:10172
- C:\Windows\System\Xttiscu.exe
  C:\Windows\System\Xttiscu.exe
  2⤵
  PID:10188
- C:\Windows\System\hhJKTmJ.exe
  C:\Windows\System\hhJKTmJ.exe
  2⤵
  PID:10208
- C:\Windows\System\nxunzwz.exe
  C:\Windows\System\nxunzwz.exe
  2⤵
  PID:10224
- C:\Windows\System\OlNRxii.exe
  C:\Windows\System\OlNRxii.exe
  2⤵
  PID:8496
- C:\Windows\System\bargVuf.exe
  C:\Windows\System\bargVuf.exe
  2⤵
  PID:9160
- C:\Windows\System\WVsiwvI.exe
  C:\Windows\System\WVsiwvI.exe
  2⤵
  PID:9264
- C:\Windows\System\ydMuLeB.exe
  C:\Windows\System\ydMuLeB.exe
  2⤵
  PID:9284
- C:\Windows\System\HufdcBl.exe
  C:\Windows\System\HufdcBl.exe
  2⤵
  PID:9320
- C:\Windows\System\ULfDaLk.exe
  C:\Windows\System\ULfDaLk.exe
  2⤵
  PID:9352
- C:\Windows\System\VxPgzzR.exe
  C:\Windows\System\VxPgzzR.exe
  2⤵
  PID:9288
- C:\Windows\System\oVOBREX.exe
  C:\Windows\System\oVOBREX.exe
  2⤵
  PID:9408
- C:\Windows\System\FqlfHWc.exe
  C:\Windows\System\FqlfHWc.exe
  2⤵
  PID:9440
- C:\Windows\System\ZwkJnFI.exe
  C:\Windows\System\ZwkJnFI.exe
  2⤵
  PID:9464
- C:\Windows\System\aqhbyNU.exe
  C:\Windows\System\aqhbyNU.exe
  2⤵
  PID:9540
- C:\Windows\System\hYsLgyg.exe
  C:\Windows\System\hYsLgyg.exe
  2⤵
  PID:9564
- C:\Windows\System\mEViymK.exe
  C:\Windows\System\mEViymK.exe
  2⤵
  PID:9584
- C:\Windows\System\qPlgIUU.exe
  C:\Windows\System\qPlgIUU.exe
  2⤵
  PID:9620
- C:\Windows\System\UhABgYi.exe
  C:\Windows\System\UhABgYi.exe
  2⤵
  PID:9648
- C:\Windows\System\THVkqDZ.exe
  C:\Windows\System\THVkqDZ.exe
  2⤵
  PID:9684
- C:\Windows\System\rUNVwpG.exe
  C:\Windows\System\rUNVwpG.exe
  2⤵
  PID:9720
- C:\Windows\System\jbazHIH.exe
  C:\Windows\System\jbazHIH.exe
  2⤵
  PID:9744
- C:\Windows\System\IlAmrcq.exe
  C:\Windows\System\IlAmrcq.exe
  2⤵
  PID:9800
- C:\Windows\System\qmGYkRq.exe
  C:\Windows\System\qmGYkRq.exe
  2⤵
  PID:9824
- C:\Windows\System\pBxPdkr.exe
  C:\Windows\System\pBxPdkr.exe
  2⤵
  PID:9856
- C:\Windows\System\ZbezxQB.exe
  C:\Windows\System\ZbezxQB.exe
  2⤵
  PID:9880
- C:\Windows\System\WsMwtcl.exe
  C:\Windows\System\WsMwtcl.exe
  2⤵
  PID:9908
- C:\Windows\System\WOgtLXX.exe
  C:\Windows\System\WOgtLXX.exe
  2⤵
  PID:9952
- C:\Windows\System\yiYrUQM.exe
  C:\Windows\System\yiYrUQM.exe
  2⤵
  PID:9968
- C:\Windows\System\COAGoGJ.exe
  C:\Windows\System\COAGoGJ.exe
  2⤵
  PID:10008
- C:\Windows\System\GyVbhXR.exe
  C:\Windows\System\GyVbhXR.exe
  2⤵
  PID:10044
- C:\Windows\System\iLqPhTD.exe
  C:\Windows\System\iLqPhTD.exe
  2⤵
  PID:10084
- C:\Windows\System\lRhiFRN.exe
  C:\Windows\System\lRhiFRN.exe
  2⤵
  PID:10104
- C:\Windows\System\HyQGqrG.exe
  C:\Windows\System\HyQGqrG.exe
  2⤵
  PID:10144
- C:\Windows\System\gYNkTEi.exe
  C:\Windows\System\gYNkTEi.exe
  2⤵
  PID:10180
- C:\Windows\System\HVKVgqu.exe
  C:\Windows\System\HVKVgqu.exe
  2⤵
  PID:10164
- C:\Windows\System\UlhjkuK.exe
  C:\Windows\System\UlhjkuK.exe
  2⤵
  PID:10232
- C:\Windows\System\iWsJhGX.exe
  C:\Windows\System\iWsJhGX.exe
  2⤵
  PID:9336
- C:\Windows\System\UsgZpGC.exe
  C:\Windows\System\UsgZpGC.exe
  2⤵
  PID:9456
- C:\Windows\System\EmZWfGu.exe
  C:\Windows\System\EmZWfGu.exe
  2⤵
  PID:9228
- C:\Windows\System\LWvgKhE.exe
  C:\Windows\System\LWvgKhE.exe
  2⤵
  PID:9428
- C:\Windows\System\KFkXETa.exe
  C:\Windows\System\KFkXETa.exe
  2⤵
  PID:9504
- C:\Windows\System\CxiDZyW.exe
  C:\Windows\System\CxiDZyW.exe
  2⤵
  PID:9488
- C:\Windows\System\nianMqh.exe
  C:\Windows\System\nianMqh.exe
  2⤵
  PID:9604
- C:\Windows\System\LmiYmTi.exe
  C:\Windows\System\LmiYmTi.exe
  2⤵
  PID:9680
- C:\Windows\System\eHsEVlA.exe
  C:\Windows\System\eHsEVlA.exe
  2⤵
  PID:9580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BuygMTu.exe

Filesize
6.0MB

MD5
c0b07e0bd362218e95136e8c36c176cd

SHA1
3c8abdb5c2b4307769a5ec46d1eab35aceffdf18

SHA256
8781f4ac01cea611117ce0e80f08e16589cbd59c9fb6a5db2e7f2259ec725f2c

SHA512
51bbd7be8a0f5b7237a92d4efd3dd7e07386399732e56c083bd81866c95378d33701d9529d88ab3df145d2d264ed6de4080bf2ee3b46b02d20067d4b4a66cf87

Download Submit
C:\Windows\system\IDRUDlu.exe

Filesize
6.0MB

MD5
a1f10432e1cb718ce64c5c3c259f74cf

SHA1
7682a749c01d48814be146f17a00d0be80759ae0

SHA256
c583d965bd138f181bba08096c4e4b3be30fbc3f84815b593d8e23dbe63e61c6

SHA512
e7696e71d1572e9f301869d2cbb8fdb8d6fe8070ebf90b063a15bec806d8b062ea3cff354a6e15f3fb1a6a6a30d3b4796e1e758656a8f26d38e9b132f97d352f

Download Submit
C:\Windows\system\IISZaAg.exe

Filesize
6.0MB

MD5
1bc7d4b7c0683272f5cc4ede57708d3c

SHA1
06c8fd98b4770c9d54cc3188b80b77c43ec191d2

SHA256
642cb76bb52a7f7b4cdc5965a008f9fbffedbf4c1e7f0c8b08a01a7220704ee4

SHA512
0faaf48a1f98b2298df868fc0355057a1d20d2ca3746bdfff3126bc31cf86d478a1081864d03991c783e659848d623f93fee1e1da61c94ebef446c480ebb6196

Download Submit
C:\Windows\system\KHKqrPg.exe

Filesize
6.0MB

MD5
080bede8693e36ad01e7f2c9d8e44c98

SHA1
27eb2ac6f6c937c118244270d4947fd978a9efa2

SHA256
51d7af8af9d658d48299e178fb35d0547bbf521879dd7f69c40bdbf62bbfded2

SHA512
d3b9a9b032d37b4dc9b02566532913aec87d6a5e339120c30755d8ec380db720bb001075cf5c28c3ee004f6ae738d514253a005e86e13c2d11f0f35165c19788

Download Submit
C:\Windows\system\OXcRrOK.exe

Filesize
6.0MB

MD5
469eff49d752c3cd9e9f82fc09d811e9

SHA1
e6fc152b27ac2e961c8de55372cf2e697e21d336

SHA256
144c332255bebfba552d82fddfe57387d8a40d66ab323b6d02a3b62cd8677504

SHA512
7e287779272a720dc06550bc8ee4cbc27ce6789d95b3426dca0a95489e5afb2c89456b25adbd37f72fe6293b9adac365e33c451a43d4fd7d5f84e14e5e236ef3

Download Submit
C:\Windows\system\OaltDjy.exe

Filesize
6.0MB

MD5
64971565fc26235008e6392f9fd98250

SHA1
ea0f658bc0ea4401a2bf1d87934cafce242ec9c5

SHA256
a97261069f17e8fc060f7ddf111c484c404634eefe3d9f6dee482d15c3f532cf

SHA512
23e61def668f569f234bb2f820accfd811b356315b8fe76e9ff3dc1fddbda1d09a0a067c6bf80b706f287129420f244cb1ea321b4ed26cec2035131d012707c9

Download Submit
C:\Windows\system\OvtaELs.exe

Filesize
6.0MB

MD5
c108b43ed1cf56afbf4b5ed0a7b991da

SHA1
a284683fa9ef6b466b35924418f74eb2eb7cfd47

SHA256
f502305d3d320119ac2b063182f8c819afac3ad0a8527d412e7552f1988b2015

SHA512
a88ad0c3e1d1bd1932ebb39eb626122d53032c06155d273dca49968824d1c9b6264fc4d2a14a2005221c813849ab43cefad90d0dc69aa2ad27b1e2e6f5792bd1

Download Submit
C:\Windows\system\RBLMTAW.exe

Filesize
6.0MB

MD5
b1347f001bdb2af0b8c2b3d008ae9131

SHA1
1c2beacc3e5ca39080845ab3dce5b892f2379a3f

SHA256
2713956edb43fedb0fdad55ef843c0a740057fad1963643dfcb01810cc75f31f

SHA512
05cee4ccd8e82a3c1ec30f7461a13b3c6338d7638703a7e29356ace733c7f140c05be7a80d15fd54b444bfb57e39768005bba581e2bbcc0f99415e629f8afb31

Download Submit
C:\Windows\system\TIsbFkZ.exe

Filesize
6.0MB

MD5
8215becadc038b6d8652cc67f9901b35

SHA1
91c104af0ab3a2cc70cd5c4e87d191b9ada15e80

SHA256
8372f7d65c269a668ebf061147bf7219be0434ed965cb3e1691ea1ecf3381be8

SHA512
7d748a75e42fbb71e06008938a7ba13a3031e3d915e78d750bb9264f457d4b7818946200ca40b8aee149db692ff5d347d66abbc5bdcb4d9fad4588f92ef51b5b

Download Submit
C:\Windows\system\UoZfwXx.exe

Filesize
6.0MB

MD5
1d9b73ee44905ff5d82cbdb83ec523f4

SHA1
2e8c746e59d955ea81d90a24796c337193d4ae53

SHA256
9d52494fed876c3c1374d4ddd42b2702f93b962cf7724e01a31290cadf572f64

SHA512
8d0fac77bec804450338b1b80bed64b6e28ed97b2a3934871534b974d7f1b6ad9fd80c8d84a9e20616717ac0279a2d1b791f007f0e1ffcc75ae46509d4c0dd95

Download Submit
C:\Windows\system\UuXvgjf.exe

Filesize
6.0MB

MD5
7c4401911ccd49845bd9c19eb0198473

SHA1
527ce570968e328766322e0653a8b5f8eda8e576

SHA256
61793edc2d735bd1f205c375ec72dac99253f1d204598d70ddbfe3cb523c29da

SHA512
5b82803bebdc0c2bf4d51477ba89409c845b1d473c91b063af3249013b789250879f08d1524af70451db9c5a05f4cbd390c1727d5055c87f963b99e670757e0f

Download Submit
C:\Windows\system\WRcQKjb.exe

Filesize
6.0MB

MD5
cda2dfc025f7077524a8c70c6980590c

SHA1
b5b40e05b6323a95ebe1bb4ae021b4bca42963b8

SHA256
8b7e258aa106c83145b93403d172d18ed82b5b120126506ee4dc964a3c32873f

SHA512
5bd636b7793d2ae01c4ba424564505028cfb81d8d2cabbfb879653082c1343b7ff4a5590cbe6830ecc63794e5731b7ea7043167701ad0bbb9921f4285c82fae3

Download Submit
C:\Windows\system\ZhmFDhE.exe

Filesize
6.0MB

MD5
7c56bbf3e472f5acdbcc792919ddadd1

SHA1
f22cee759e4863491d4a0d610916ef8890931df5

SHA256
57a4decf37495979c752ca5c029da88b0bb904757015dd708513641d1d2a819b

SHA512
98a0c439da1ec33dc3e05d62bccb526fa3317a87bef6b9bdbcfd401f404fa900ccb1e888795a5dc03750f9eb9465af9f24442cf3a536b10643f99128605789c8

Download Submit
C:\Windows\system\aUFAtJt.exe

Filesize
6.0MB

MD5
47e50774fcfe9b574d8859237a629e0c

SHA1
96aeaa20c6285c9e0894e013f20cea7ca6dd63de

SHA256
0fcd545ed8d1ddbcd7957543ff60af93c3b6b6f529dd7d5e833b0d022d58421e

SHA512
54d53837798b7df3fbadec7828644824d9c5120cf9edb0713d679d2cc9b1b3ce043aa7e9c060bd01ce873d4b1a7ed9c2003e6cd0d59924f35f6e2e12020504a5

Download Submit
C:\Windows\system\bjXQPoj.exe

Filesize
6.0MB

MD5
ec2b9512bb375ebb2168bdcc0d25333f

SHA1
cd9db10604d7ed4e657544cd062e11a89de33e2f

SHA256
26ae39be980cf07f3d21e57178caaa078ff9a357177f96670bae70be1e3e1d5c

SHA512
a0359aad45bbd24196dbf4c9af2336766227a5c369693fbabeacd9cc9d2c467d21330d784b4377ab84ee4593229982803836432247821cfa526f964c5d4df2c7

Download Submit
C:\Windows\system\cVkNrcu.exe

Filesize
6.0MB

MD5
a5543ce428214a456aac45e708b535c6

SHA1
291365ceab39e6c4cd3079fb3830ad7d1e33d274

SHA256
3e11cdbefec185b1c90ad781f3e3d68e745f9f169c256ac9785541348acd3fad

SHA512
9699229a80781a6868879537995ac62252d515ec536f79208011800452957cb3be07e7656bf06d7b0ecc0fc895ed2aa456164dcc043a8598076e577d6c02dac1

Download Submit
C:\Windows\system\grRSGEL.exe

Filesize
6.0MB

MD5
b950599cec8d505a9b5dfd13aae47b30

SHA1
32ed1f7bf2b62072d198e20e44740347875a115a

SHA256
226887683654abc085c93ec2a4b85192c8e84a80ebc31c89e1523401218a5869

SHA512
00997355db34efa62d6fcb8bec108006a2545a0f25f53ab49914d0158a94ddc7b6afa8ae8e45490c8f7d923e23bb1df18c9305020b8519e12a9c8ce940fb9d7f

Download Submit
C:\Windows\system\iGNEzGc.exe

Filesize
6.0MB

MD5
65791220b1fcd253988aadb2add5085d

SHA1
729684508e05fe19db1797ecacff99e6eac67bc4

SHA256
094fef591467f301af5fce59d741c185b1ad2397257d0498dff7552d879e4718

SHA512
97b1e0cf87b24c90527b2acec12d75d93a556c843868594736b691497c081c304786449c37f63b4f433bf8589695cff7903d83a3b34264113717969a21493e65

Download Submit
C:\Windows\system\ioZluVh.exe

Filesize
6.0MB

MD5
8a8f7aaee31755b71c36b0685cca61c1

SHA1
1e0693136058c4856340240739a3784baed1d90e

SHA256
d0497b3b7e6aa7864bf142332368cdeef33fde3517abc177a098dd63eaca1355

SHA512
bc131ca004d5a3f8dce2078d98af2ffd83694453244f1b7ee5cb9050d2696eb07a412eb6e8d73163954202f1a70230cb4efd71bac7ccf1fcb0eac26bb5965d86

Download Submit
C:\Windows\system\iryfckN.exe

Filesize
6.0MB

MD5
55a1e19b65132a2d4b08d933763c56b1

SHA1
5e9b2aa0e94ee604566a1c2e545bb09002364de0

SHA256
f889ff830a0f517d725b4736eceb55770849ef3ea5d5ec920d52fb47f4214323

SHA512
a70cbb10c5beb13b16adf856ff731c358ff02b921710fbcd763909929c1b20eca42d445fda6ecade6f745804999231f99aff6ceae7c10cc3e4bdafb30ff7028b

Download Submit
C:\Windows\system\izjIzQx.exe

Filesize
6.0MB

MD5
eefaf099dd4272ab6f1903630d9b28d1

SHA1
41b6d46e8fb6d083fa6b97967366306b4efc5774

SHA256
6fd319c9a5e8e6c63d6dc47a510d9b80982ff9b4e4be547629c769e33fea3a6f

SHA512
6b5197da0ad38d3fc2ef186f9d977457200d707eab35d3970a83ade96a5916201534dbf5d5e4a8680ef471149d0d556cf6ef95ca66f261f03cb6a6d14b57015d

Download Submit
C:\Windows\system\mfwTiQj.exe

Filesize
6.0MB

MD5
38b9657c8691da6c9581162d5ba7ab4a

SHA1
7233fdf34123ee4436a2e43b4db02db2c40b9db8

SHA256
666342a8681558480e630e64441f75f5ffa8fa2c67c4f96ad3561731823ace41

SHA512
aff84d1f2a02973ca3795f1992127ca5baf1a9e461884ff1ec441d9ffd0071d11033943a9c4b17406a8429b471e7ec9637889b203ae521e194fcc33b41e615f2

Download Submit
C:\Windows\system\mwsfMgZ.exe

Filesize
6.0MB

MD5
00ae4dcb9f3431923c7f9d5cce6a35f2

SHA1
0dc2b68e414fcb45ab2c7d71958ea1bd549f920b

SHA256
7361a6e8fd5651b875ee1c578aab4dc0942de9a16d11ed359939f776e5800912

SHA512
ba8d5c13d0c37458a9cca3dde109f50ffd4f081ab316a2026ef737d3bcb648413665263d2bc125eeca9d79ce795b58103f9d4392de64e5c6ad49eeee6755f260

Download Submit
C:\Windows\system\nPhITae.exe

Filesize
6.0MB

MD5
f95058f93438364c1d3514247028a780

SHA1
9c149ab1787b117a95a0b24011b5bde619e681b6

SHA256
90e9cbd4faf8da7a60e6090a68e2c1c2bf49c9f95beed0f335af25c61741311f

SHA512
5fa2898c5aa69da7dbc248774ae200d5b89f962b9a65fef179845fdcc5ff12430af00cedcf5a5716de967166cb80cef1de6b9ae9e2f853a87072e5cd7fdad939

Download Submit
C:\Windows\system\oeuTzOO.exe

Filesize
6.0MB

MD5
4dcc752b71aa698a46e63af492c60b7b

SHA1
89113cad057096aaf51ea15ba0bfbb1f01d5e227

SHA256
5b978cc5f45bce393f91cd7c5b05084652308c2be9f60601fee5272aa34f02dc

SHA512
e6361d92dcbbe34ad57d9f3cf7faaa9c9a1af67704d703cd6a75e60ea5c7706c51d683b438890b2dac1e93d5bef1d05aecc7fdf46e6055e07c1e498d897f48fb

Download Submit
C:\Windows\system\pfJoois.exe

Filesize
6.0MB

MD5
0b854b5806c47c3a2b01bad0244bffc7

SHA1
ae9c236727841a9b99c493472fbbacaf777826d2

SHA256
9106c844cd99791ef53f2d1484fe15419a56ac592ea70c308bc441adc14a31a2

SHA512
33320fa3650a06d6a06776d77001346fc6dc55522225dd01983f6a574ab71b1bfbd6bd947418624eafb92ad433090e5a199a4f63f0aa4916e116c03658caa00a

Download Submit
C:\Windows\system\qvIzXFr.exe

Filesize
6.0MB

MD5
f10d861a253ea9608209ffc58834f1e4

SHA1
00d0b4de5bdd215bf3878d7eafcf563139b2a58a

SHA256
1b219a529c07cb4aa58ee78003003d13330d2bed3aafc4389f3715ada92a308b

SHA512
3bf54249473729d8a03afb63323e2f695149d0a127f3d9a2655636da271dd47686e52ee6f013848f974140a299f82d6e16528c5082d28559939613faf76a10ba

Download Submit
C:\Windows\system\wSqZSIh.exe

Filesize
6.0MB

MD5
5acf7b76c3e479387a2ec57c8f773035

SHA1
699a74b46077da4b20c6409d2792489e3b1f7a41

SHA256
039df4567519abf444df137724e2153304a39e37faa72036f1babf6ec107e371

SHA512
23fbd2dff6dd2a66bac41e226bc172cd6b86a6226008e0a2c786de16adbef7f4419c908078604bbf5a9f88d7cec60ce0dc710f84803c2df7bd7dd56906b2bc38

Download Submit
C:\Windows\system\wtPfmQj.exe

Filesize
6.0MB

MD5
d52121a7bc7d0be808b7faf66fe5576c

SHA1
9849d0787ffff2dcb7f50ccfa81dff86077372fa

SHA256
7bb7181efe03e5856fa90b666c1af451d79371940e5dfcb186641f9ced6d75b8

SHA512
dbe5b1d1f4c0c85c6ca5ea99e3a41bbcfab33a0b83463a09f1a82a37f6463a065cc0c27a8aa4d8d251b4879070b25e4d70ddea25f0e162a25ef666c5337d474a

Download Submit
C:\Windows\system\wwbwXOe.exe

Filesize
6.0MB

MD5
21a52fe8446dbd0c53e61c1a367d9f5c

SHA1
81a898f93e4ee3f2e36afb5e32325a5be7c99e8e

SHA256
991656ef77b9a979cc4093439ea1dccf5a368d1f084eb9cd52021eab7b5bcf26

SHA512
38b24ac9cbb88a0b4469f0fd1139dd1d9c4137961b095ac310cd20d86b427e0c4d165aba07834206e25c1be74ccfd1e90474a0f5e9d50aaa8e3baf05581d2dfb

Download Submit
\Windows\system\RHUaJHE.exe

Filesize
6.0MB

MD5
a0854caa689f3b28743bddd7d4e144d4

SHA1
625478de069382e7347747b51626c4ea76b3e6e5

SHA256
4466863bcf20f252776878012e881552850bc6d107329dbfd0bf01602707dc32

SHA512
dfc1e346cbbcd321f9738392fb6fae3bc4f9b281065f33586067e1dec074e31d882588bdcb210ca1ddd6e81b8be225ebf998c19eea0ff019bbc9d84a8501c1d5

Download Submit
\Windows\system\UdFpXph.exe

Filesize
6.0MB

MD5
75623d82eee6bb166f5060279bbcbe22

SHA1
1e53e0b4ac6ebff3a9d5d6c94885925a8f9aa991

SHA256
4a25cbfe4de9825d8a8311e579a78b01198a6dcdff57777b3edf8ad3bbf2e4e2

SHA512
e1430bfe02878a9251b1fdb1b16b8bbd029f1c28de82ebd6a2fc275f884578f2a1e17bc6da887630980d317ab426e4782a51cf7d47990f53e60fccb35a976c8e

Download Submit
\Windows\system\cnXCTCY.exe

Filesize
6.0MB

MD5
43a423dc82d17586c42770926482d0c7

SHA1
1a96f8716ac31c8a0dbedb0d0cdac144086abf69

SHA256
0cf35b9dc0697623580d13d8ea5433b59895bb052f0d61faffe5596f2f1a35bc

SHA512
df8bff8a5ee8b907c97257e728bbb3c1f6e3877b3755c4ddd0e3fef5b002ac99eea95532d207d4c4ea14e07f4efb0d659f0e02477d4afb2eeb4a030fc8d91c0e

Download Submit
memory/1376-22-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1376-3587-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1552-382-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1552-3591-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1552-78-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1740-48-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-64-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-563-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/1740-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1740-116-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1740-381-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1740-17-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/1740-20-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-27-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-1124-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1740-33-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1740-988-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/1740-38-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-84-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/1740-0-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1740-90-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-101-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-77-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1740-50-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1740-58-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-62-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2352-21-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-3595-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-103-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-66-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-3589-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-564-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2432-3598-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2432-85-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2472-3588-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2472-91-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2472-772-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2640-71-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2640-112-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3599-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2744-76-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2744-34-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3590-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2804-111-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3600-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2804-70-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2888-3593-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-49-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-3601-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2904-28-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2904-69-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2952-63-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2952-3592-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2952-19-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2968-989-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2968-102-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2968-3586-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/3020-39-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/3020-3597-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/3020-83-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download