cobaltstrike | c0372c90fd266503109139b5dfcff07d56cea967dc9301aa99a590815e98b35d

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23-09-2024 16:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

c1bb67fda1cd21eaa661d762770125fa
SHA1

782b45109b211e81d9829f7d5ab74591952414fa
SHA256

c0372c90fd266503109139b5dfcff07d56cea967dc9301aa99a590815e98b35d
SHA512

2b16d8c76bb2c8fed4f9d9311f1c6765a321b71808051a7ef30e5085474b2bfb14fa66daad7d4bb932f2a5e6a2a6491ac50065b51d8c51dae3c7530238569e77
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUA:T+q56utgpPF8u/7A

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012283-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d31-33.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f7-43.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942e-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193ee-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936c-133.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d69-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019315-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944e-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018712-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018701-153.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018681-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019439-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924a-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f1-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018bc8-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870f-123.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dcb-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941f-119.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d5-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019361-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019462-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191dc-70.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d5e-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019444-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001934d-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925d-130.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d3a-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d65-37.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d4a-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 50 IoCs

miner

resource	yara_rule
behavioral1/memory/2692-0-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x000a000000012283-3.dat	xmrig
behavioral1/files/0x0007000000016d31-33.dat	xmrig
behavioral1/files/0x00050000000186f7-43.dat	xmrig
behavioral1/memory/2692-118-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001942e-135.dat	xmrig
behavioral1/files/0x00050000000193ee-134.dat	xmrig
behavioral1/files/0x000500000001936c-133.dat	xmrig
behavioral1/files/0x0008000000016d69-148.dat	xmrig
behavioral1/files/0x0005000000019266-92.dat	xmrig
behavioral1/memory/2972-618-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2908-305-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x0005000000019315-175.dat	xmrig
behavioral1/files/0x0005000000019259-170.dat	xmrig
behavioral1/files/0x000500000001944e-167.dat	xmrig
behavioral1/files/0x0005000000018712-157.dat	xmrig
behavioral1/files/0x0005000000018701-153.dat	xmrig
behavioral1/files/0x0008000000018681-152.dat	xmrig
behavioral1/files/0x0005000000019439-150.dat	xmrig
behavioral1/files/0x000500000001924a-126.dat	xmrig
behavioral1/files/0x00050000000191f1-125.dat	xmrig
behavioral1/files/0x0006000000018bc8-124.dat	xmrig
behavioral1/files/0x000500000001870f-123.dat	xmrig
behavioral1/files/0x0008000000016dcb-121.dat	xmrig
behavioral1/files/0x000500000001941f-119.dat	xmrig
behavioral1/files/0x00050000000193d5-112.dat	xmrig
behavioral1/files/0x0005000000019361-105.dat	xmrig
behavioral1/files/0x0005000000019462-178.dat	xmrig
behavioral1/files/0x0005000000019244-77.dat	xmrig
behavioral1/files/0x00050000000191dc-70.dat	xmrig
behavioral1/memory/2752-57-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2912-56-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d5e-54.dat	xmrig
behavioral1/memory/2972-51-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x0005000000019444-160.dat	xmrig
behavioral1/files/0x000500000001934d-132.dat	xmrig
behavioral1/files/0x000500000001926b-131.dat	xmrig
behavioral1/files/0x000500000001925d-130.dat	xmrig
behavioral1/memory/2840-75-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2832-67-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d3a-39.dat	xmrig
behavioral1/files/0x0007000000016d65-37.dat	xmrig
behavioral1/files/0x0007000000016d4a-36.dat	xmrig
behavioral1/memory/2908-11-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2972-3287-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2752-3284-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2912-3297-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2832-3296-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2840-3295-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2908-3300-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2908	SmMlLcw.exe
2972	lIzLTZb.exe
2912	jNcpVhw.exe
2752	KzhNLIG.exe
2832	FAliLYu.exe
2840	haVnJJx.exe
2608	VGHLXdY.exe
2156	ZOxZnHV.exe
1840	XadftfY.exe
2224	qNSepUY.exe
2088	vKxIuQQ.exe
2948	faOwtvR.exe
1476	DmdSuoL.exe
2796	qwCFihB.exe
1588	jldGxcQ.exe
2468	JmXwZsA.exe
1284	tsROnkk.exe
856	qVkceVz.exe
2588	qNbUvfQ.exe
1808	LEDAYcs.exe
3056	aygyczd.exe
976	tamMYtC.exe
564	TUeLito.exe
2068	lWZjKtu.exe
1204	KGgbjAQ.exe
2888	UpljwID.exe
2820	foXJAAY.exe
1080	jKyWtDV.exe
1856	XoacbPR.exe
2936	QxCLFaT.exe
2064	OOwwLlp.exe
1848	MJwZldI.exe
1912	NYxqccv.exe
1936	kwIElpt.exe
936	bRiHkjr.exe
1580	sqaPxgf.exe
1640	FTfNjdh.exe
1628	CaeofhZ.exe
2496	ngtefQH.exe
892	ZpVAJQc.exe
1700	IFJlntL.exe
768	wqKFVPD.exe
1028	VnwErZf.exe
2140	YaqFYbm.exe
2056	brtjlrd.exe
1596	FhlVOmj.exe
2480	fWnTNYl.exe
1620	opPbKFd.exe
1920	ZvEFhdU.exe
1696	xnkDUyu.exe
2680	poDeOuX.exe
1508	zAhlgzz.exe
1536	InUOEiO.exe
1676	ifjHbSb.exe
2904	pHJjGLc.exe
2676	QEuVRTr.exe
2760	wKbwYXk.exe
1656	bnFHlpK.exe
2524	CPqkPsH.exe
2792	YdQsLKE.exe
2076	YmemhPi.exe
2324	OULkQyr.exe
2152	kYnNomV.exe
2436	RNHyHML.exe

Loads dropped DLL 64 IoCs

pid	Process
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 50 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2692-0-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x000a000000012283-3.dat	upx
behavioral1/files/0x0007000000016d31-33.dat	upx
behavioral1/files/0x00050000000186f7-43.dat	upx
behavioral1/memory/2692-118-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x000500000001942e-135.dat	upx
behavioral1/files/0x00050000000193ee-134.dat	upx
behavioral1/files/0x000500000001936c-133.dat	upx
behavioral1/files/0x0008000000016d69-148.dat	upx
behavioral1/files/0x0005000000019266-92.dat	upx
behavioral1/memory/2972-618-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2908-305-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x0005000000019315-175.dat	upx
behavioral1/files/0x0005000000019259-170.dat	upx
behavioral1/files/0x000500000001944e-167.dat	upx
behavioral1/files/0x0005000000018712-157.dat	upx
behavioral1/files/0x0005000000018701-153.dat	upx
behavioral1/files/0x0008000000018681-152.dat	upx
behavioral1/files/0x0005000000019439-150.dat	upx
behavioral1/files/0x000500000001924a-126.dat	upx
behavioral1/files/0x00050000000191f1-125.dat	upx
behavioral1/files/0x0006000000018bc8-124.dat	upx
behavioral1/files/0x000500000001870f-123.dat	upx
behavioral1/files/0x0008000000016dcb-121.dat	upx
behavioral1/files/0x000500000001941f-119.dat	upx
behavioral1/files/0x00050000000193d5-112.dat	upx
behavioral1/files/0x0005000000019361-105.dat	upx
behavioral1/files/0x0005000000019462-178.dat	upx
behavioral1/files/0x0005000000019244-77.dat	upx
behavioral1/files/0x00050000000191dc-70.dat	upx
behavioral1/memory/2752-57-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2912-56-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x0007000000016d5e-54.dat	upx
behavioral1/memory/2972-51-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x0005000000019444-160.dat	upx
behavioral1/files/0x000500000001934d-132.dat	upx
behavioral1/files/0x000500000001926b-131.dat	upx
behavioral1/files/0x000500000001925d-130.dat	upx
behavioral1/memory/2840-75-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2832-67-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/files/0x0007000000016d3a-39.dat	upx
behavioral1/files/0x0007000000016d65-37.dat	upx
behavioral1/files/0x0007000000016d4a-36.dat	upx
behavioral1/memory/2908-11-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2972-3287-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2752-3284-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2912-3297-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2832-3296-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2840-3295-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2908-3300-0x000000013F240000-0x000000013F594000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dIJAgIk.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqkuiYI.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wDsLtrX.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nndwVSl.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dhsklVd.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HjJDbdX.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WjwXyfA.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FxuGaYH.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iTRMwrf.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CNubiqY.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OpNrRYX.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eaVwqfs.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cDHVOrc.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MZKSmBF.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RKUsljQ.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jofNzic.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzwGsjF.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FAkWYWu.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRPCTek.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cTaITdu.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OARcYWp.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nxibtlc.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZCClwC.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqyCrvL.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eDbMnJc.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zAhlgzz.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMOEnMs.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ooDunYy.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MhQwQal.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\szsAAzR.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UKRMpDt.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QYSxkqZ.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vtDZbaj.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eUwaLWK.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zXOyyRD.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NMUuZDU.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RNtvMhm.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhuVcuP.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lYIyEBk.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DkmrNXj.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tWLPhYw.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Urdmrlp.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uDwXMCh.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FTwrPVZ.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XAIwGhS.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aBmDsrt.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MFAciRY.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mHXOhKQ.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uIGKAWt.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lOBulBb.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HqWdNfG.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VlIhdhZ.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RHnDYLl.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TfiJMSr.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\buHsKaC.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEQbabB.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qfHiIjf.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iDMOgIh.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TtecGXI.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtXdFOu.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGAKFPp.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NigunhU.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GuFOZLr.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BAIhDBx.exe	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 2908	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2692 wrote to memory of 2908	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2692 wrote to memory of 2908	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2692 wrote to memory of 2972	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2692 wrote to memory of 2972	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2692 wrote to memory of 2972	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2692 wrote to memory of 2832	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2692 wrote to memory of 2832	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2692 wrote to memory of 2832	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2692 wrote to memory of 2912	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2692 wrote to memory of 2912	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2692 wrote to memory of 2912	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2692 wrote to memory of 2840	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2692 wrote to memory of 2840	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2692 wrote to memory of 2840	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2692 wrote to memory of 2752	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2692 wrote to memory of 2752	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2692 wrote to memory of 2752	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2692 wrote to memory of 2588	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2692 wrote to memory of 2588	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2692 wrote to memory of 2588	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2692 wrote to memory of 2608	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2692 wrote to memory of 2608	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2692 wrote to memory of 2608	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2692 wrote to memory of 1808	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2692 wrote to memory of 1808	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2692 wrote to memory of 1808	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2692 wrote to memory of 2156	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2692 wrote to memory of 2156	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2692 wrote to memory of 2156	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2692 wrote to memory of 3056	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2692 wrote to memory of 3056	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2692 wrote to memory of 3056	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2692 wrote to memory of 1840	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2692 wrote to memory of 1840	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2692 wrote to memory of 1840	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2692 wrote to memory of 976	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2692 wrote to memory of 976	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2692 wrote to memory of 976	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2692 wrote to memory of 2224	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2692 wrote to memory of 2224	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2692 wrote to memory of 2224	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2692 wrote to memory of 2068	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2692 wrote to memory of 2068	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2692 wrote to memory of 2068	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2692 wrote to memory of 2088	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2692 wrote to memory of 2088	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2692 wrote to memory of 2088	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2692 wrote to memory of 1204	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2692 wrote to memory of 1204	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2692 wrote to memory of 1204	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2692 wrote to memory of 2948	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2692 wrote to memory of 2948	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2692 wrote to memory of 2948	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2692 wrote to memory of 2888	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2692 wrote to memory of 2888	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2692 wrote to memory of 2888	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2692 wrote to memory of 1476	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2692 wrote to memory of 1476	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2692 wrote to memory of 1476	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2692 wrote to memory of 2820	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2692 wrote to memory of 2820	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2692 wrote to memory of 2820	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2692 wrote to memory of 2796	2692	2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-23_c1bb67fda1cd21eaa661d762770125fa_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Windows\System\SmMlLcw.exe
  C:\Windows\System\SmMlLcw.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\lIzLTZb.exe
  C:\Windows\System\lIzLTZb.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\FAliLYu.exe
  C:\Windows\System\FAliLYu.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\jNcpVhw.exe
  C:\Windows\System\jNcpVhw.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\haVnJJx.exe
  C:\Windows\System\haVnJJx.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\KzhNLIG.exe
  C:\Windows\System\KzhNLIG.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\qNbUvfQ.exe
  C:\Windows\System\qNbUvfQ.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\VGHLXdY.exe
  C:\Windows\System\VGHLXdY.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\LEDAYcs.exe
  C:\Windows\System\LEDAYcs.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\ZOxZnHV.exe
  C:\Windows\System\ZOxZnHV.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\aygyczd.exe
  C:\Windows\System\aygyczd.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\XadftfY.exe
  C:\Windows\System\XadftfY.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\tamMYtC.exe
  C:\Windows\System\tamMYtC.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\qNSepUY.exe
  C:\Windows\System\qNSepUY.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\lWZjKtu.exe
  C:\Windows\System\lWZjKtu.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\vKxIuQQ.exe
  C:\Windows\System\vKxIuQQ.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\KGgbjAQ.exe
  C:\Windows\System\KGgbjAQ.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\faOwtvR.exe
  C:\Windows\System\faOwtvR.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\UpljwID.exe
  C:\Windows\System\UpljwID.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\DmdSuoL.exe
  C:\Windows\System\DmdSuoL.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\foXJAAY.exe
  C:\Windows\System\foXJAAY.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\qwCFihB.exe
  C:\Windows\System\qwCFihB.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\jKyWtDV.exe
  C:\Windows\System\jKyWtDV.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\jldGxcQ.exe
  C:\Windows\System\jldGxcQ.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\QxCLFaT.exe
  C:\Windows\System\QxCLFaT.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\JmXwZsA.exe
  C:\Windows\System\JmXwZsA.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\OOwwLlp.exe
  C:\Windows\System\OOwwLlp.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\tsROnkk.exe
  C:\Windows\System\tsROnkk.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\MJwZldI.exe
  C:\Windows\System\MJwZldI.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\qVkceVz.exe
  C:\Windows\System\qVkceVz.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\NYxqccv.exe
  C:\Windows\System\NYxqccv.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\TUeLito.exe
  C:\Windows\System\TUeLito.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\kwIElpt.exe
  C:\Windows\System\kwIElpt.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\XoacbPR.exe
  C:\Windows\System\XoacbPR.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\sqaPxgf.exe
  C:\Windows\System\sqaPxgf.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\bRiHkjr.exe
  C:\Windows\System\bRiHkjr.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\FTfNjdh.exe
  C:\Windows\System\FTfNjdh.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\CaeofhZ.exe
  C:\Windows\System\CaeofhZ.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\ngtefQH.exe
  C:\Windows\System\ngtefQH.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\ZpVAJQc.exe
  C:\Windows\System\ZpVAJQc.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\IFJlntL.exe
  C:\Windows\System\IFJlntL.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\wqKFVPD.exe
  C:\Windows\System\wqKFVPD.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\VnwErZf.exe
  C:\Windows\System\VnwErZf.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\YaqFYbm.exe
  C:\Windows\System\YaqFYbm.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\brtjlrd.exe
  C:\Windows\System\brtjlrd.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\FhlVOmj.exe
  C:\Windows\System\FhlVOmj.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\fWnTNYl.exe
  C:\Windows\System\fWnTNYl.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\opPbKFd.exe
  C:\Windows\System\opPbKFd.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\ZvEFhdU.exe
  C:\Windows\System\ZvEFhdU.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\xnkDUyu.exe
  C:\Windows\System\xnkDUyu.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\poDeOuX.exe
  C:\Windows\System\poDeOuX.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\zAhlgzz.exe
  C:\Windows\System\zAhlgzz.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\InUOEiO.exe
  C:\Windows\System\InUOEiO.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\ifjHbSb.exe
  C:\Windows\System\ifjHbSb.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\pHJjGLc.exe
  C:\Windows\System\pHJjGLc.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\QEuVRTr.exe
  C:\Windows\System\QEuVRTr.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\wKbwYXk.exe
  C:\Windows\System\wKbwYXk.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\bnFHlpK.exe
  C:\Windows\System\bnFHlpK.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\CPqkPsH.exe
  C:\Windows\System\CPqkPsH.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\YdQsLKE.exe
  C:\Windows\System\YdQsLKE.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\YmemhPi.exe
  C:\Windows\System\YmemhPi.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\OULkQyr.exe
  C:\Windows\System\OULkQyr.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\kYnNomV.exe
  C:\Windows\System\kYnNomV.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\RNHyHML.exe
  C:\Windows\System\RNHyHML.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\UOpnBba.exe
  C:\Windows\System\UOpnBba.exe
  2⤵
  PID:1592
- C:\Windows\System\PPZeSIp.exe
  C:\Windows\System\PPZeSIp.exe
  2⤵
  PID:1116
- C:\Windows\System\PNLkuWb.exe
  C:\Windows\System\PNLkuWb.exe
  2⤵
  PID:2204
- C:\Windows\System\TPBRbNr.exe
  C:\Windows\System\TPBRbNr.exe
  2⤵
  PID:1100
- C:\Windows\System\UALGOuS.exe
  C:\Windows\System\UALGOuS.exe
  2⤵
  PID:2124
- C:\Windows\System\YGhieMj.exe
  C:\Windows\System\YGhieMj.exe
  2⤵
  PID:624
- C:\Windows\System\dOfNNdF.exe
  C:\Windows\System\dOfNNdF.exe
  2⤵
  PID:1340
- C:\Windows\System\ObBkKmc.exe
  C:\Windows\System\ObBkKmc.exe
  2⤵
  PID:1256
- C:\Windows\System\APhHuED.exe
  C:\Windows\System\APhHuED.exe
  2⤵
  PID:1288
- C:\Windows\System\LNbzXyr.exe
  C:\Windows\System\LNbzXyr.exe
  2⤵
  PID:2412
- C:\Windows\System\LcCVPHl.exe
  C:\Windows\System\LcCVPHl.exe
  2⤵
  PID:1304
- C:\Windows\System\RCPyuET.exe
  C:\Windows\System\RCPyuET.exe
  2⤵
  PID:1616
- C:\Windows\System\qkfTAnq.exe
  C:\Windows\System\qkfTAnq.exe
  2⤵
  PID:2344
- C:\Windows\System\qOmoDTQ.exe
  C:\Windows\System\qOmoDTQ.exe
  2⤵
  PID:840
- C:\Windows\System\oFNgVex.exe
  C:\Windows\System\oFNgVex.exe
  2⤵
  PID:2920
- C:\Windows\System\WfhwcVW.exe
  C:\Windows\System\WfhwcVW.exe
  2⤵
  PID:1868
- C:\Windows\System\KHDiiir.exe
  C:\Windows\System\KHDiiir.exe
  2⤵
  PID:2528
- C:\Windows\System\dvVUbpr.exe
  C:\Windows\System\dvVUbpr.exe
  2⤵
  PID:2364
- C:\Windows\System\YCrMcHI.exe
  C:\Windows\System\YCrMcHI.exe
  2⤵
  PID:3032
- C:\Windows\System\PALCzlR.exe
  C:\Windows\System\PALCzlR.exe
  2⤵
  PID:1900
- C:\Windows\System\loFYTnU.exe
  C:\Windows\System\loFYTnU.exe
  2⤵
  PID:296
- C:\Windows\System\mkMfGLL.exe
  C:\Windows\System\mkMfGLL.exe
  2⤵
  PID:2012
- C:\Windows\System\VGaCoJI.exe
  C:\Windows\System\VGaCoJI.exe
  2⤵
  PID:2136
- C:\Windows\System\VhAFzwM.exe
  C:\Windows\System\VhAFzwM.exe
  2⤵
  PID:1316
- C:\Windows\System\cbkFFlP.exe
  C:\Windows\System\cbkFFlP.exe
  2⤵
  PID:2216
- C:\Windows\System\IEXhWnC.exe
  C:\Windows\System\IEXhWnC.exe
  2⤵
  PID:2656
- C:\Windows\System\FvRVSZc.exe
  C:\Windows\System\FvRVSZc.exe
  2⤵
  PID:1952
- C:\Windows\System\CDWYCxI.exe
  C:\Windows\System\CDWYCxI.exe
  2⤵
  PID:1084
- C:\Windows\System\iGGuwdH.exe
  C:\Windows\System\iGGuwdH.exe
  2⤵
  PID:2308
- C:\Windows\System\BKHcqPp.exe
  C:\Windows\System\BKHcqPp.exe
  2⤵
  PID:848
- C:\Windows\System\vpCowmD.exe
  C:\Windows\System\vpCowmD.exe
  2⤵
  PID:2360
- C:\Windows\System\RzuNKEP.exe
  C:\Windows\System\RzuNKEP.exe
  2⤵
  PID:2776
- C:\Windows\System\NRMzSTT.exe
  C:\Windows\System\NRMzSTT.exe
  2⤵
  PID:1320
- C:\Windows\System\IqQoDeE.exe
  C:\Windows\System\IqQoDeE.exe
  2⤵
  PID:2476
- C:\Windows\System\lhgqAKc.exe
  C:\Windows\System\lhgqAKc.exe
  2⤵
  PID:2668
- C:\Windows\System\tRWwlCC.exe
  C:\Windows\System\tRWwlCC.exe
  2⤵
  PID:1844
- C:\Windows\System\FWTrWvB.exe
  C:\Windows\System\FWTrWvB.exe
  2⤵
  PID:1472
- C:\Windows\System\jWhRZUJ.exe
  C:\Windows\System\jWhRZUJ.exe
  2⤵
  PID:3016
- C:\Windows\System\bxSaFfO.exe
  C:\Windows\System\bxSaFfO.exe
  2⤵
  PID:2396
- C:\Windows\System\BhXfwgh.exe
  C:\Windows\System\BhXfwgh.exe
  2⤵
  PID:2388
- C:\Windows\System\xIgjOZn.exe
  C:\Windows\System\xIgjOZn.exe
  2⤵
  PID:1800
- C:\Windows\System\XeGnIYf.exe
  C:\Windows\System\XeGnIYf.exe
  2⤵
  PID:1564
- C:\Windows\System\sigGEnp.exe
  C:\Windows\System\sigGEnp.exe
  2⤵
  PID:2652
- C:\Windows\System\OJhTuym.exe
  C:\Windows\System\OJhTuym.exe
  2⤵
  PID:3080
- C:\Windows\System\ooCvREB.exe
  C:\Windows\System\ooCvREB.exe
  2⤵
  PID:3100
- C:\Windows\System\tSFxByJ.exe
  C:\Windows\System\tSFxByJ.exe
  2⤵
  PID:3120
- C:\Windows\System\hnpXXfA.exe
  C:\Windows\System\hnpXXfA.exe
  2⤵
  PID:3140
- C:\Windows\System\sTUDtox.exe
  C:\Windows\System\sTUDtox.exe
  2⤵
  PID:3160
- C:\Windows\System\zGitjGn.exe
  C:\Windows\System\zGitjGn.exe
  2⤵
  PID:3180
- C:\Windows\System\jnPMuAg.exe
  C:\Windows\System\jnPMuAg.exe
  2⤵
  PID:3200
- C:\Windows\System\BQsZKhW.exe
  C:\Windows\System\BQsZKhW.exe
  2⤵
  PID:3220
- C:\Windows\System\VjBRzON.exe
  C:\Windows\System\VjBRzON.exe
  2⤵
  PID:3240
- C:\Windows\System\zPfhJTZ.exe
  C:\Windows\System\zPfhJTZ.exe
  2⤵
  PID:3260
- C:\Windows\System\dlcqWrV.exe
  C:\Windows\System\dlcqWrV.exe
  2⤵
  PID:3280
- C:\Windows\System\LfhtqyY.exe
  C:\Windows\System\LfhtqyY.exe
  2⤵
  PID:3300
- C:\Windows\System\ZHFVHLk.exe
  C:\Windows\System\ZHFVHLk.exe
  2⤵
  PID:3320
- C:\Windows\System\UQVMVXi.exe
  C:\Windows\System\UQVMVXi.exe
  2⤵
  PID:3340
- C:\Windows\System\QCDLIWX.exe
  C:\Windows\System\QCDLIWX.exe
  2⤵
  PID:3360
- C:\Windows\System\ONQtsKl.exe
  C:\Windows\System\ONQtsKl.exe
  2⤵
  PID:3380
- C:\Windows\System\eOuIany.exe
  C:\Windows\System\eOuIany.exe
  2⤵
  PID:3400
- C:\Windows\System\xaIIczh.exe
  C:\Windows\System\xaIIczh.exe
  2⤵
  PID:3420
- C:\Windows\System\hbHzBoa.exe
  C:\Windows\System\hbHzBoa.exe
  2⤵
  PID:3440
- C:\Windows\System\HTnTTsB.exe
  C:\Windows\System\HTnTTsB.exe
  2⤵
  PID:3460
- C:\Windows\System\UVNLRYN.exe
  C:\Windows\System\UVNLRYN.exe
  2⤵
  PID:3480
- C:\Windows\System\aBsGSUb.exe
  C:\Windows\System\aBsGSUb.exe
  2⤵
  PID:3500
- C:\Windows\System\YPefiKt.exe
  C:\Windows\System\YPefiKt.exe
  2⤵
  PID:3516
- C:\Windows\System\LblckYw.exe
  C:\Windows\System\LblckYw.exe
  2⤵
  PID:3544
- C:\Windows\System\PoQeTvB.exe
  C:\Windows\System\PoQeTvB.exe
  2⤵
  PID:3564
- C:\Windows\System\VExzamB.exe
  C:\Windows\System\VExzamB.exe
  2⤵
  PID:3584
- C:\Windows\System\ikmIodX.exe
  C:\Windows\System\ikmIodX.exe
  2⤵
  PID:3604
- C:\Windows\System\QnNKUxx.exe
  C:\Windows\System\QnNKUxx.exe
  2⤵
  PID:3624
- C:\Windows\System\WTDUJzG.exe
  C:\Windows\System\WTDUJzG.exe
  2⤵
  PID:3644
- C:\Windows\System\hqwfrlY.exe
  C:\Windows\System\hqwfrlY.exe
  2⤵
  PID:3664
- C:\Windows\System\AapQIoz.exe
  C:\Windows\System\AapQIoz.exe
  2⤵
  PID:3684
- C:\Windows\System\XcUbebd.exe
  C:\Windows\System\XcUbebd.exe
  2⤵
  PID:3704
- C:\Windows\System\zkqKVQl.exe
  C:\Windows\System\zkqKVQl.exe
  2⤵
  PID:3724
- C:\Windows\System\VFEEwwv.exe
  C:\Windows\System\VFEEwwv.exe
  2⤵
  PID:3744
- C:\Windows\System\qfHiIjf.exe
  C:\Windows\System\qfHiIjf.exe
  2⤵
  PID:3764
- C:\Windows\System\ckRlTsT.exe
  C:\Windows\System\ckRlTsT.exe
  2⤵
  PID:3784
- C:\Windows\System\riZbmRQ.exe
  C:\Windows\System\riZbmRQ.exe
  2⤵
  PID:3804
- C:\Windows\System\LMkWHhh.exe
  C:\Windows\System\LMkWHhh.exe
  2⤵
  PID:3824
- C:\Windows\System\imnbefW.exe
  C:\Windows\System\imnbefW.exe
  2⤵
  PID:3844
- C:\Windows\System\ndrJkyr.exe
  C:\Windows\System\ndrJkyr.exe
  2⤵
  PID:3868
- C:\Windows\System\PSOuJLi.exe
  C:\Windows\System\PSOuJLi.exe
  2⤵
  PID:3888
- C:\Windows\System\VFDqhmR.exe
  C:\Windows\System\VFDqhmR.exe
  2⤵
  PID:3908
- C:\Windows\System\uwkKMqQ.exe
  C:\Windows\System\uwkKMqQ.exe
  2⤵
  PID:3928
- C:\Windows\System\bqXZZlW.exe
  C:\Windows\System\bqXZZlW.exe
  2⤵
  PID:3948
- C:\Windows\System\JHXLFnV.exe
  C:\Windows\System\JHXLFnV.exe
  2⤵
  PID:3968
- C:\Windows\System\MdfTvpz.exe
  C:\Windows\System\MdfTvpz.exe
  2⤵
  PID:3988
- C:\Windows\System\aUiNPGK.exe
  C:\Windows\System\aUiNPGK.exe
  2⤵
  PID:4008
- C:\Windows\System\ruQmeZh.exe
  C:\Windows\System\ruQmeZh.exe
  2⤵
  PID:4028
- C:\Windows\System\fAJGHAY.exe
  C:\Windows\System\fAJGHAY.exe
  2⤵
  PID:4048
- C:\Windows\System\uRTZghk.exe
  C:\Windows\System\uRTZghk.exe
  2⤵
  PID:4068
- C:\Windows\System\YZfEUeu.exe
  C:\Windows\System\YZfEUeu.exe
  2⤵
  PID:4088
- C:\Windows\System\NaBeufK.exe
  C:\Windows\System\NaBeufK.exe
  2⤵
  PID:2244
- C:\Windows\System\xvelFWQ.exe
  C:\Windows\System\xvelFWQ.exe
  2⤵
  PID:1776
- C:\Windows\System\ZuFievA.exe
  C:\Windows\System\ZuFievA.exe
  2⤵
  PID:448
- C:\Windows\System\bSFfbQo.exe
  C:\Windows\System\bSFfbQo.exe
  2⤵
  PID:3064
- C:\Windows\System\oeWkbAf.exe
  C:\Windows\System\oeWkbAf.exe
  2⤵
  PID:1324
- C:\Windows\System\zNfRgWQ.exe
  C:\Windows\System\zNfRgWQ.exe
  2⤵
  PID:1780
- C:\Windows\System\Huyfkuz.exe
  C:\Windows\System\Huyfkuz.exe
  2⤵
  PID:872
- C:\Windows\System\nyksqQd.exe
  C:\Windows\System\nyksqQd.exe
  2⤵
  PID:604
- C:\Windows\System\SiUeqIT.exe
  C:\Windows\System\SiUeqIT.exe
  2⤵
  PID:3024
- C:\Windows\System\wHxcjtj.exe
  C:\Windows\System\wHxcjtj.exe
  2⤵
  PID:2116
- C:\Windows\System\TfwlEfK.exe
  C:\Windows\System\TfwlEfK.exe
  2⤵
  PID:2812
- C:\Windows\System\pYBjPYZ.exe
  C:\Windows\System\pYBjPYZ.exe
  2⤵
  PID:3096
- C:\Windows\System\UKXfGNc.exe
  C:\Windows\System\UKXfGNc.exe
  2⤵
  PID:3128
- C:\Windows\System\ZMANfmG.exe
  C:\Windows\System\ZMANfmG.exe
  2⤵
  PID:3172
- C:\Windows\System\iTSCeZr.exe
  C:\Windows\System\iTSCeZr.exe
  2⤵
  PID:3196
- C:\Windows\System\mKDZfXy.exe
  C:\Windows\System\mKDZfXy.exe
  2⤵
  PID:3228
- C:\Windows\System\PIwRgcF.exe
  C:\Windows\System\PIwRgcF.exe
  2⤵
  PID:3252
- C:\Windows\System\iTdaFyr.exe
  C:\Windows\System\iTdaFyr.exe
  2⤵
  PID:3296
- C:\Windows\System\pJCxvoJ.exe
  C:\Windows\System\pJCxvoJ.exe
  2⤵
  PID:3332
- C:\Windows\System\rVpVFVo.exe
  C:\Windows\System\rVpVFVo.exe
  2⤵
  PID:3356
- C:\Windows\System\TNJHGUB.exe
  C:\Windows\System\TNJHGUB.exe
  2⤵
  PID:3408
- C:\Windows\System\vXXigjF.exe
  C:\Windows\System\vXXigjF.exe
  2⤵
  PID:3432
- C:\Windows\System\BxfyJDB.exe
  C:\Windows\System\BxfyJDB.exe
  2⤵
  PID:3476
- C:\Windows\System\zvOBfZJ.exe
  C:\Windows\System\zvOBfZJ.exe
  2⤵
  PID:3508
- C:\Windows\System\prfvMqg.exe
  C:\Windows\System\prfvMqg.exe
  2⤵
  PID:3532
- C:\Windows\System\MYnhlSB.exe
  C:\Windows\System\MYnhlSB.exe
  2⤵
  PID:3580
- C:\Windows\System\wKgpkgC.exe
  C:\Windows\System\wKgpkgC.exe
  2⤵
  PID:3620
- C:\Windows\System\PjoSjSh.exe
  C:\Windows\System\PjoSjSh.exe
  2⤵
  PID:3652
- C:\Windows\System\wdhQazI.exe
  C:\Windows\System\wdhQazI.exe
  2⤵
  PID:3680
- C:\Windows\System\jIxpYHX.exe
  C:\Windows\System\jIxpYHX.exe
  2⤵
  PID:3712
- C:\Windows\System\tfhcMfO.exe
  C:\Windows\System\tfhcMfO.exe
  2⤵
  PID:3736
- C:\Windows\System\ArctYpd.exe
  C:\Windows\System\ArctYpd.exe
  2⤵
  PID:3760
- C:\Windows\System\bNVdojn.exe
  C:\Windows\System\bNVdojn.exe
  2⤵
  PID:3800
- C:\Windows\System\xdBCTQF.exe
  C:\Windows\System\xdBCTQF.exe
  2⤵
  PID:3852
- C:\Windows\System\FwjlRDw.exe
  C:\Windows\System\FwjlRDw.exe
  2⤵
  PID:3884
- C:\Windows\System\KyHTCcS.exe
  C:\Windows\System\KyHTCcS.exe
  2⤵
  PID:3936
- C:\Windows\System\FjiczWb.exe
  C:\Windows\System\FjiczWb.exe
  2⤵
  PID:3940
- C:\Windows\System\baYMNbW.exe
  C:\Windows\System\baYMNbW.exe
  2⤵
  PID:3960
- C:\Windows\System\ohSvPyW.exe
  C:\Windows\System\ohSvPyW.exe
  2⤵
  PID:4024
- C:\Windows\System\NmMPLMD.exe
  C:\Windows\System\NmMPLMD.exe
  2⤵
  PID:4056
- C:\Windows\System\fMAhero.exe
  C:\Windows\System\fMAhero.exe
  2⤵
  PID:2892
- C:\Windows\System\TwofcnN.exe
  C:\Windows\System\TwofcnN.exe
  2⤵
  PID:2648
- C:\Windows\System\CNhYtDk.exe
  C:\Windows\System\CNhYtDk.exe
  2⤵
  PID:700
- C:\Windows\System\yQlcxPz.exe
  C:\Windows\System\yQlcxPz.exe
  2⤵
  PID:1504
- C:\Windows\System\FplXqXH.exe
  C:\Windows\System\FplXqXH.exe
  2⤵
  PID:1220
- C:\Windows\System\GHzXHka.exe
  C:\Windows\System\GHzXHka.exe
  2⤵
  PID:1624
- C:\Windows\System\XKjElFt.exe
  C:\Windows\System\XKjElFt.exe
  2⤵
  PID:2864
- C:\Windows\System\bEFtWBJ.exe
  C:\Windows\System\bEFtWBJ.exe
  2⤵
  PID:3108
- C:\Windows\System\AObqKwt.exe
  C:\Windows\System\AObqKwt.exe
  2⤵
  PID:3152
- C:\Windows\System\yublcJE.exe
  C:\Windows\System\yublcJE.exe
  2⤵
  PID:3176
- C:\Windows\System\vNSWyiW.exe
  C:\Windows\System\vNSWyiW.exe
  2⤵
  PID:3212
- C:\Windows\System\BDMVNEi.exe
  C:\Windows\System\BDMVNEi.exe
  2⤵
  PID:3288
- C:\Windows\System\IVjIYxX.exe
  C:\Windows\System\IVjIYxX.exe
  2⤵
  PID:3388
- C:\Windows\System\XLfDODG.exe
  C:\Windows\System\XLfDODG.exe
  2⤵
  PID:3412
- C:\Windows\System\wPDrMAQ.exe
  C:\Windows\System\wPDrMAQ.exe
  2⤵
  PID:3452
- C:\Windows\System\DEkmUUw.exe
  C:\Windows\System\DEkmUUw.exe
  2⤵
  PID:3540
- C:\Windows\System\uVlGUKm.exe
  C:\Windows\System\uVlGUKm.exe
  2⤵
  PID:3600
- C:\Windows\System\TqMjrvz.exe
  C:\Windows\System\TqMjrvz.exe
  2⤵
  PID:3672
- C:\Windows\System\VrSKwDp.exe
  C:\Windows\System\VrSKwDp.exe
  2⤵
  PID:3740
- C:\Windows\System\mSxzwMy.exe
  C:\Windows\System\mSxzwMy.exe
  2⤵
  PID:3792
- C:\Windows\System\GbWhttv.exe
  C:\Windows\System\GbWhttv.exe
  2⤵
  PID:3820
- C:\Windows\System\ZGgZqIC.exe
  C:\Windows\System\ZGgZqIC.exe
  2⤵
  PID:3832
- C:\Windows\System\kJwGXBt.exe
  C:\Windows\System\kJwGXBt.exe
  2⤵
  PID:3916
- C:\Windows\System\gFlmUfu.exe
  C:\Windows\System\gFlmUfu.exe
  2⤵
  PID:3996
- C:\Windows\System\PqVMihI.exe
  C:\Windows\System\PqVMihI.exe
  2⤵
  PID:4064
- C:\Windows\System\kZALxse.exe
  C:\Windows\System\kZALxse.exe
  2⤵
  PID:2992
- C:\Windows\System\WPnRLRY.exe
  C:\Windows\System\WPnRLRY.exe
  2⤵
  PID:4080
- C:\Windows\System\NTNkveq.exe
  C:\Windows\System\NTNkveq.exe
  2⤵
  PID:2772
- C:\Windows\System\mBTQuSK.exe
  C:\Windows\System\mBTQuSK.exe
  2⤵
  PID:2372
- C:\Windows\System\FwWLVgQ.exe
  C:\Windows\System\FwWLVgQ.exe
  2⤵
  PID:2248
- C:\Windows\System\fItqHgq.exe
  C:\Windows\System\fItqHgq.exe
  2⤵
  PID:3208
- C:\Windows\System\kqVjsdI.exe
  C:\Windows\System\kqVjsdI.exe
  2⤵
  PID:3312
- C:\Windows\System\pSgqILc.exe
  C:\Windows\System\pSgqILc.exe
  2⤵
  PID:3316
- C:\Windows\System\YXtwyJr.exe
  C:\Windows\System\YXtwyJr.exe
  2⤵
  PID:3468
- C:\Windows\System\sddIvyg.exe
  C:\Windows\System\sddIvyg.exe
  2⤵
  PID:3560
- C:\Windows\System\YzLyass.exe
  C:\Windows\System\YzLyass.exe
  2⤵
  PID:3596
- C:\Windows\System\LUdLPCs.exe
  C:\Windows\System\LUdLPCs.exe
  2⤵
  PID:3732
- C:\Windows\System\zOlAuDI.exe
  C:\Windows\System\zOlAuDI.exe
  2⤵
  PID:3860
- C:\Windows\System\LDFneWt.exe
  C:\Windows\System\LDFneWt.exe
  2⤵
  PID:4112
- C:\Windows\System\CHZHyBC.exe
  C:\Windows\System\CHZHyBC.exe
  2⤵
  PID:4136
- C:\Windows\System\ZcNLOnO.exe
  C:\Windows\System\ZcNLOnO.exe
  2⤵
  PID:4156
- C:\Windows\System\SgpXVrJ.exe
  C:\Windows\System\SgpXVrJ.exe
  2⤵
  PID:4176
- C:\Windows\System\YAeWGwF.exe
  C:\Windows\System\YAeWGwF.exe
  2⤵
  PID:4196
- C:\Windows\System\RIhUQGR.exe
  C:\Windows\System\RIhUQGR.exe
  2⤵
  PID:4216
- C:\Windows\System\nEIPKXG.exe
  C:\Windows\System\nEIPKXG.exe
  2⤵
  PID:4236
- C:\Windows\System\JiWPMCN.exe
  C:\Windows\System\JiWPMCN.exe
  2⤵
  PID:4256
- C:\Windows\System\oUxeeLK.exe
  C:\Windows\System\oUxeeLK.exe
  2⤵
  PID:4276
- C:\Windows\System\KoqRnZV.exe
  C:\Windows\System\KoqRnZV.exe
  2⤵
  PID:4296
- C:\Windows\System\cuBWkYq.exe
  C:\Windows\System\cuBWkYq.exe
  2⤵
  PID:4316
- C:\Windows\System\BaBCXpU.exe
  C:\Windows\System\BaBCXpU.exe
  2⤵
  PID:4336
- C:\Windows\System\VnlqBDO.exe
  C:\Windows\System\VnlqBDO.exe
  2⤵
  PID:4356
- C:\Windows\System\cJsnmzI.exe
  C:\Windows\System\cJsnmzI.exe
  2⤵
  PID:4376
- C:\Windows\System\MzRjMFd.exe
  C:\Windows\System\MzRjMFd.exe
  2⤵
  PID:4396
- C:\Windows\System\EpJuBMH.exe
  C:\Windows\System\EpJuBMH.exe
  2⤵
  PID:4416
- C:\Windows\System\uiBjLjI.exe
  C:\Windows\System\uiBjLjI.exe
  2⤵
  PID:4436
- C:\Windows\System\cWOdZPG.exe
  C:\Windows\System\cWOdZPG.exe
  2⤵
  PID:4456
- C:\Windows\System\orDMEUk.exe
  C:\Windows\System\orDMEUk.exe
  2⤵
  PID:4476
- C:\Windows\System\RwNoNYF.exe
  C:\Windows\System\RwNoNYF.exe
  2⤵
  PID:4496
- C:\Windows\System\nvgNBPH.exe
  C:\Windows\System\nvgNBPH.exe
  2⤵
  PID:4516
- C:\Windows\System\byDauKU.exe
  C:\Windows\System\byDauKU.exe
  2⤵
  PID:4536
- C:\Windows\System\yYDNCYL.exe
  C:\Windows\System\yYDNCYL.exe
  2⤵
  PID:4556
- C:\Windows\System\weBvNki.exe
  C:\Windows\System\weBvNki.exe
  2⤵
  PID:4576
- C:\Windows\System\FMGZAOX.exe
  C:\Windows\System\FMGZAOX.exe
  2⤵
  PID:4596
- C:\Windows\System\cLYGRgF.exe
  C:\Windows\System\cLYGRgF.exe
  2⤵
  PID:4616
- C:\Windows\System\DwAAJHy.exe
  C:\Windows\System\DwAAJHy.exe
  2⤵
  PID:4640
- C:\Windows\System\jewozjF.exe
  C:\Windows\System\jewozjF.exe
  2⤵
  PID:4660
- C:\Windows\System\cDHVOrc.exe
  C:\Windows\System\cDHVOrc.exe
  2⤵
  PID:4684
- C:\Windows\System\LkFOqNs.exe
  C:\Windows\System\LkFOqNs.exe
  2⤵
  PID:4704
- C:\Windows\System\UghKqai.exe
  C:\Windows\System\UghKqai.exe
  2⤵
  PID:4724
- C:\Windows\System\YRoszXC.exe
  C:\Windows\System\YRoszXC.exe
  2⤵
  PID:4744
- C:\Windows\System\bturBpQ.exe
  C:\Windows\System\bturBpQ.exe
  2⤵
  PID:4764
- C:\Windows\System\fkENbkD.exe
  C:\Windows\System\fkENbkD.exe
  2⤵
  PID:4784
- C:\Windows\System\JwutgBt.exe
  C:\Windows\System\JwutgBt.exe
  2⤵
  PID:4804
- C:\Windows\System\rQhGmBl.exe
  C:\Windows\System\rQhGmBl.exe
  2⤵
  PID:4824
- C:\Windows\System\ICdvPJu.exe
  C:\Windows\System\ICdvPJu.exe
  2⤵
  PID:4844
- C:\Windows\System\WlJpoxf.exe
  C:\Windows\System\WlJpoxf.exe
  2⤵
  PID:4864
- C:\Windows\System\vPSVssp.exe
  C:\Windows\System\vPSVssp.exe
  2⤵
  PID:4884
- C:\Windows\System\bnspgoh.exe
  C:\Windows\System\bnspgoh.exe
  2⤵
  PID:4904
- C:\Windows\System\pTPyjdn.exe
  C:\Windows\System\pTPyjdn.exe
  2⤵
  PID:4924
- C:\Windows\System\EPiGiGj.exe
  C:\Windows\System\EPiGiGj.exe
  2⤵
  PID:4944
- C:\Windows\System\kkwjdtq.exe
  C:\Windows\System\kkwjdtq.exe
  2⤵
  PID:4964
- C:\Windows\System\jDlmFhT.exe
  C:\Windows\System\jDlmFhT.exe
  2⤵
  PID:4996
- C:\Windows\System\dEPRyvq.exe
  C:\Windows\System\dEPRyvq.exe
  2⤵
  PID:5016
- C:\Windows\System\kxuMhuo.exe
  C:\Windows\System\kxuMhuo.exe
  2⤵
  PID:5036
- C:\Windows\System\PtsmVkq.exe
  C:\Windows\System\PtsmVkq.exe
  2⤵
  PID:5056
- C:\Windows\System\aadEXOk.exe
  C:\Windows\System\aadEXOk.exe
  2⤵
  PID:5076
- C:\Windows\System\lqvbrpT.exe
  C:\Windows\System\lqvbrpT.exe
  2⤵
  PID:5096
- C:\Windows\System\zMbDWqd.exe
  C:\Windows\System\zMbDWqd.exe
  2⤵
  PID:5116
- C:\Windows\System\dWmkZxN.exe
  C:\Windows\System\dWmkZxN.exe
  2⤵
  PID:3964
- C:\Windows\System\JQJQBtG.exe
  C:\Windows\System\JQJQBtG.exe
  2⤵
  PID:3984
- C:\Windows\System\yvbCvgP.exe
  C:\Windows\System\yvbCvgP.exe
  2⤵
  PID:4084
- C:\Windows\System\wycwzAw.exe
  C:\Windows\System\wycwzAw.exe
  2⤵
  PID:1660
- C:\Windows\System\dpivpju.exe
  C:\Windows\System\dpivpju.exe
  2⤵
  PID:3036
- C:\Windows\System\jGOSdoo.exe
  C:\Windows\System\jGOSdoo.exe
  2⤵
  PID:3308
- C:\Windows\System\qoyEuJJ.exe
  C:\Windows\System\qoyEuJJ.exe
  2⤵
  PID:3396
- C:\Windows\System\VxDOlBG.exe
  C:\Windows\System\VxDOlBG.exe
  2⤵
  PID:3492
- C:\Windows\System\RKUsljQ.exe
  C:\Windows\System\RKUsljQ.exe
  2⤵
  PID:3592
- C:\Windows\System\nkZrhgn.exe
  C:\Windows\System\nkZrhgn.exe
  2⤵
  PID:4108
- C:\Windows\System\hLzopDR.exe
  C:\Windows\System\hLzopDR.exe
  2⤵
  PID:4144
- C:\Windows\System\azkLxgM.exe
  C:\Windows\System\azkLxgM.exe
  2⤵
  PID:4192
- C:\Windows\System\YQLVhfh.exe
  C:\Windows\System\YQLVhfh.exe
  2⤵
  PID:4204
- C:\Windows\System\OsrHqnu.exe
  C:\Windows\System\OsrHqnu.exe
  2⤵
  PID:4228
- C:\Windows\System\qNvnLKR.exe
  C:\Windows\System\qNvnLKR.exe
  2⤵
  PID:4272
- C:\Windows\System\DvhIkll.exe
  C:\Windows\System\DvhIkll.exe
  2⤵
  PID:4284
- C:\Windows\System\TridHTu.exe
  C:\Windows\System\TridHTu.exe
  2⤵
  PID:4344
- C:\Windows\System\oPpDFtI.exe
  C:\Windows\System\oPpDFtI.exe
  2⤵
  PID:4364
- C:\Windows\System\veAjGmJ.exe
  C:\Windows\System\veAjGmJ.exe
  2⤵
  PID:4404
- C:\Windows\System\hNBBznq.exe
  C:\Windows\System\hNBBznq.exe
  2⤵
  PID:4428
- C:\Windows\System\BJHOaZU.exe
  C:\Windows\System\BJHOaZU.exe
  2⤵
  PID:4448
- C:\Windows\System\oUhZuCb.exe
  C:\Windows\System\oUhZuCb.exe
  2⤵
  PID:4484
- C:\Windows\System\KxCojuU.exe
  C:\Windows\System\KxCojuU.exe
  2⤵
  PID:4528
- C:\Windows\System\ZJKKAzL.exe
  C:\Windows\System\ZJKKAzL.exe
  2⤵
  PID:4572
- C:\Windows\System\uRppfAo.exe
  C:\Windows\System\uRppfAo.exe
  2⤵
  PID:4604
- C:\Windows\System\ZeZTdIs.exe
  C:\Windows\System\ZeZTdIs.exe
  2⤵
  PID:4632
- C:\Windows\System\VQuYtvN.exe
  C:\Windows\System\VQuYtvN.exe
  2⤵
  PID:4652
- C:\Windows\System\rZjjhuE.exe
  C:\Windows\System\rZjjhuE.exe
  2⤵
  PID:4712
- C:\Windows\System\XKoUiiL.exe
  C:\Windows\System\XKoUiiL.exe
  2⤵
  PID:4736
- C:\Windows\System\CCfczri.exe
  C:\Windows\System\CCfczri.exe
  2⤵
  PID:4772
- C:\Windows\System\tmolDeL.exe
  C:\Windows\System\tmolDeL.exe
  2⤵
  PID:4812
- C:\Windows\System\PBpFRmX.exe
  C:\Windows\System\PBpFRmX.exe
  2⤵
  PID:4836
- C:\Windows\System\IJnsBPV.exe
  C:\Windows\System\IJnsBPV.exe
  2⤵
  PID:4856
- C:\Windows\System\PcQgjzP.exe
  C:\Windows\System\PcQgjzP.exe
  2⤵
  PID:4892
- C:\Windows\System\upSmgpi.exe
  C:\Windows\System\upSmgpi.exe
  2⤵
  PID:4940
- C:\Windows\System\lfhDCEL.exe
  C:\Windows\System\lfhDCEL.exe
  2⤵
  PID:4980
- C:\Windows\System\YXqCxpQ.exe
  C:\Windows\System\YXqCxpQ.exe
  2⤵
  PID:5024
- C:\Windows\System\UnDubqi.exe
  C:\Windows\System\UnDubqi.exe
  2⤵
  PID:5048
- C:\Windows\System\JktDJhF.exe
  C:\Windows\System\JktDJhF.exe
  2⤵
  PID:5092
- C:\Windows\System\vkISRSi.exe
  C:\Windows\System\vkISRSi.exe
  2⤵
  PID:5112
- C:\Windows\System\OEFbTYE.exe
  C:\Windows\System\OEFbTYE.exe
  2⤵
  PID:4036
- C:\Windows\System\BuLJLqW.exe
  C:\Windows\System\BuLJLqW.exe
  2⤵
  PID:2160
- C:\Windows\System\dhqPZFf.exe
  C:\Windows\System\dhqPZFf.exe
  2⤵
  PID:852
- C:\Windows\System\ZxkPwTj.exe
  C:\Windows\System\ZxkPwTj.exe
  2⤵
  PID:3232
- C:\Windows\System\eMQwOdK.exe
  C:\Windows\System\eMQwOdK.exe
  2⤵
  PID:3496
- C:\Windows\System\XqvSQfJ.exe
  C:\Windows\System\XqvSQfJ.exe
  2⤵
  PID:3776
- C:\Windows\System\dGEYKZo.exe
  C:\Windows\System\dGEYKZo.exe
  2⤵
  PID:4128
- C:\Windows\System\cfFdeFz.exe
  C:\Windows\System\cfFdeFz.exe
  2⤵
  PID:4232
- C:\Windows\System\peqkMUk.exe
  C:\Windows\System\peqkMUk.exe
  2⤵
  PID:4308
- C:\Windows\System\ecmVUkH.exe
  C:\Windows\System\ecmVUkH.exe
  2⤵
  PID:4324
- C:\Windows\System\JCmdahO.exe
  C:\Windows\System\JCmdahO.exe
  2⤵
  PID:4328
- C:\Windows\System\xZcQHFO.exe
  C:\Windows\System\xZcQHFO.exe
  2⤵
  PID:4472
- C:\Windows\System\kWcRcyr.exe
  C:\Windows\System\kWcRcyr.exe
  2⤵
  PID:4532
- C:\Windows\System\DkmrNXj.exe
  C:\Windows\System\DkmrNXj.exe
  2⤵
  PID:4568
- C:\Windows\System\EpagKXk.exe
  C:\Windows\System\EpagKXk.exe
  2⤵
  PID:4608
- C:\Windows\System\BuhkTrx.exe
  C:\Windows\System\BuhkTrx.exe
  2⤵
  PID:4676
- C:\Windows\System\fboRBNN.exe
  C:\Windows\System\fboRBNN.exe
  2⤵
  PID:4732
- C:\Windows\System\hONUXgb.exe
  C:\Windows\System\hONUXgb.exe
  2⤵
  PID:4792
- C:\Windows\System\WBmlGcH.exe
  C:\Windows\System\WBmlGcH.exe
  2⤵
  PID:4840
- C:\Windows\System\smznSwC.exe
  C:\Windows\System\smznSwC.exe
  2⤵
  PID:4912
- C:\Windows\System\PFdSFGa.exe
  C:\Windows\System\PFdSFGa.exe
  2⤵
  PID:4952
- C:\Windows\System\YvfgLWB.exe
  C:\Windows\System\YvfgLWB.exe
  2⤵
  PID:5008
- C:\Windows\System\jeeWHEr.exe
  C:\Windows\System\jeeWHEr.exe
  2⤵
  PID:5052
- C:\Windows\System\rafSSjA.exe
  C:\Windows\System\rafSSjA.exe
  2⤵
  PID:3944
- C:\Windows\System\AlAMReN.exe
  C:\Windows\System\AlAMReN.exe
  2⤵
  PID:1728
- C:\Windows\System\kJCEdKK.exe
  C:\Windows\System\kJCEdKK.exe
  2⤵
  PID:3696
- C:\Windows\System\rbDeBQt.exe
  C:\Windows\System\rbDeBQt.exe
  2⤵
  PID:3716
- C:\Windows\System\uOOyTxA.exe
  C:\Windows\System\uOOyTxA.exe
  2⤵
  PID:4104
- C:\Windows\System\XPVJUsg.exe
  C:\Windows\System\XPVJUsg.exe
  2⤵
  PID:4252
- C:\Windows\System\GQuSWGT.exe
  C:\Windows\System\GQuSWGT.exe
  2⤵
  PID:4348
- C:\Windows\System\ilXFVaW.exe
  C:\Windows\System\ilXFVaW.exe
  2⤵
  PID:4408
- C:\Windows\System\mwuWIhX.exe
  C:\Windows\System\mwuWIhX.exe
  2⤵
  PID:4564
- C:\Windows\System\oSyasta.exe
  C:\Windows\System\oSyasta.exe
  2⤵
  PID:4548
- C:\Windows\System\ojgNUQp.exe
  C:\Windows\System\ojgNUQp.exe
  2⤵
  PID:4668
- C:\Windows\System\LhbgJCx.exe
  C:\Windows\System\LhbgJCx.exe
  2⤵
  PID:4816
- C:\Windows\System\RedvhsV.exe
  C:\Windows\System\RedvhsV.exe
  2⤵
  PID:5136
- C:\Windows\System\DhzmPAc.exe
  C:\Windows\System\DhzmPAc.exe
  2⤵
  PID:5156
- C:\Windows\System\wBikVgP.exe
  C:\Windows\System\wBikVgP.exe
  2⤵
  PID:5176
- C:\Windows\System\PJgaYGy.exe
  C:\Windows\System\PJgaYGy.exe
  2⤵
  PID:5196
- C:\Windows\System\DWCjMTv.exe
  C:\Windows\System\DWCjMTv.exe
  2⤵
  PID:5216
- C:\Windows\System\GHIYiVh.exe
  C:\Windows\System\GHIYiVh.exe
  2⤵
  PID:5236
- C:\Windows\System\xrbVVyJ.exe
  C:\Windows\System\xrbVVyJ.exe
  2⤵
  PID:5256
- C:\Windows\System\KYjdsZc.exe
  C:\Windows\System\KYjdsZc.exe
  2⤵
  PID:5276
- C:\Windows\System\XsRBSvR.exe
  C:\Windows\System\XsRBSvR.exe
  2⤵
  PID:5296
- C:\Windows\System\trATyzX.exe
  C:\Windows\System\trATyzX.exe
  2⤵
  PID:5316
- C:\Windows\System\KSqPOQJ.exe
  C:\Windows\System\KSqPOQJ.exe
  2⤵
  PID:5336
- C:\Windows\System\qMvZgSX.exe
  C:\Windows\System\qMvZgSX.exe
  2⤵
  PID:5356
- C:\Windows\System\ImzHraF.exe
  C:\Windows\System\ImzHraF.exe
  2⤵
  PID:5376
- C:\Windows\System\ZTqhHhU.exe
  C:\Windows\System\ZTqhHhU.exe
  2⤵
  PID:5396
- C:\Windows\System\CPliAKx.exe
  C:\Windows\System\CPliAKx.exe
  2⤵
  PID:5416
- C:\Windows\System\KVdmmBD.exe
  C:\Windows\System\KVdmmBD.exe
  2⤵
  PID:5436
- C:\Windows\System\cXSCgKW.exe
  C:\Windows\System\cXSCgKW.exe
  2⤵
  PID:5456
- C:\Windows\System\baOvcKF.exe
  C:\Windows\System\baOvcKF.exe
  2⤵
  PID:5476
- C:\Windows\System\AmlaHfZ.exe
  C:\Windows\System\AmlaHfZ.exe
  2⤵
  PID:5496
- C:\Windows\System\DVWRzRn.exe
  C:\Windows\System\DVWRzRn.exe
  2⤵
  PID:5516
- C:\Windows\System\TPtCWPf.exe
  C:\Windows\System\TPtCWPf.exe
  2⤵
  PID:5536
- C:\Windows\System\EqXwYTt.exe
  C:\Windows\System\EqXwYTt.exe
  2⤵
  PID:5556
- C:\Windows\System\jaqjZau.exe
  C:\Windows\System\jaqjZau.exe
  2⤵
  PID:5576
- C:\Windows\System\hztXJhw.exe
  C:\Windows\System\hztXJhw.exe
  2⤵
  PID:5596
- C:\Windows\System\CWvTStn.exe
  C:\Windows\System\CWvTStn.exe
  2⤵
  PID:5616
- C:\Windows\System\dEsJFma.exe
  C:\Windows\System\dEsJFma.exe
  2⤵
  PID:5636
- C:\Windows\System\YLaVAXd.exe
  C:\Windows\System\YLaVAXd.exe
  2⤵
  PID:5656
- C:\Windows\System\mCzGuUB.exe
  C:\Windows\System\mCzGuUB.exe
  2⤵
  PID:5676
- C:\Windows\System\ytePbiP.exe
  C:\Windows\System\ytePbiP.exe
  2⤵
  PID:5696
- C:\Windows\System\aETDHeE.exe
  C:\Windows\System\aETDHeE.exe
  2⤵
  PID:5716
- C:\Windows\System\hcijmNM.exe
  C:\Windows\System\hcijmNM.exe
  2⤵
  PID:5736
- C:\Windows\System\HvCOWhR.exe
  C:\Windows\System\HvCOWhR.exe
  2⤵
  PID:5756
- C:\Windows\System\iZCClwC.exe
  C:\Windows\System\iZCClwC.exe
  2⤵
  PID:5776
- C:\Windows\System\zGyIGLf.exe
  C:\Windows\System\zGyIGLf.exe
  2⤵
  PID:5796
- C:\Windows\System\iMuQgFv.exe
  C:\Windows\System\iMuQgFv.exe
  2⤵
  PID:5816
- C:\Windows\System\dlVMnZO.exe
  C:\Windows\System\dlVMnZO.exe
  2⤵
  PID:5836
- C:\Windows\System\RLKKzUn.exe
  C:\Windows\System\RLKKzUn.exe
  2⤵
  PID:5856
- C:\Windows\System\RjzXqxf.exe
  C:\Windows\System\RjzXqxf.exe
  2⤵
  PID:5876
- C:\Windows\System\gBJbqKK.exe
  C:\Windows\System\gBJbqKK.exe
  2⤵
  PID:5896
- C:\Windows\System\qlbLgfE.exe
  C:\Windows\System\qlbLgfE.exe
  2⤵
  PID:5916
- C:\Windows\System\zvPtahZ.exe
  C:\Windows\System\zvPtahZ.exe
  2⤵
  PID:5936
- C:\Windows\System\rLCQIvG.exe
  C:\Windows\System\rLCQIvG.exe
  2⤵
  PID:5956
- C:\Windows\System\cgiKkkl.exe
  C:\Windows\System\cgiKkkl.exe
  2⤵
  PID:5976
- C:\Windows\System\tRMsBDe.exe
  C:\Windows\System\tRMsBDe.exe
  2⤵
  PID:5996
- C:\Windows\System\qBZlRVP.exe
  C:\Windows\System\qBZlRVP.exe
  2⤵
  PID:6016
- C:\Windows\System\dCqrWQU.exe
  C:\Windows\System\dCqrWQU.exe
  2⤵
  PID:6036
- C:\Windows\System\iWsYaml.exe
  C:\Windows\System\iWsYaml.exe
  2⤵
  PID:6056
- C:\Windows\System\CJFmdHq.exe
  C:\Windows\System\CJFmdHq.exe
  2⤵
  PID:6076
- C:\Windows\System\jlDpANi.exe
  C:\Windows\System\jlDpANi.exe
  2⤵
  PID:6096
- C:\Windows\System\sOpxtpc.exe
  C:\Windows\System\sOpxtpc.exe
  2⤵
  PID:6116
- C:\Windows\System\ujSdYLJ.exe
  C:\Windows\System\ujSdYLJ.exe
  2⤵
  PID:6136
- C:\Windows\System\ovfznmo.exe
  C:\Windows\System\ovfznmo.exe
  2⤵
  PID:4872
- C:\Windows\System\XkEtVJt.exe
  C:\Windows\System\XkEtVJt.exe
  2⤵
  PID:5032
- C:\Windows\System\uokJDpM.exe
  C:\Windows\System\uokJDpM.exe
  2⤵
  PID:4044
- C:\Windows\System\VnWyuzT.exe
  C:\Windows\System\VnWyuzT.exe
  2⤵
  PID:3920
- C:\Windows\System\oHVwBTe.exe
  C:\Windows\System\oHVwBTe.exe
  2⤵
  PID:3132
- C:\Windows\System\awkcfed.exe
  C:\Windows\System\awkcfed.exe
  2⤵
  PID:4184
- C:\Windows\System\GKnCzZb.exe
  C:\Windows\System\GKnCzZb.exe
  2⤵
  PID:4292
- C:\Windows\System\MKcehli.exe
  C:\Windows\System\MKcehli.exe
  2⤵
  PID:4592
- C:\Windows\System\pYDMkfw.exe
  C:\Windows\System\pYDMkfw.exe
  2⤵
  PID:4696
- C:\Windows\System\LWzPRQD.exe
  C:\Windows\System\LWzPRQD.exe
  2⤵
  PID:4716
- C:\Windows\System\cFQElsQ.exe
  C:\Windows\System\cFQElsQ.exe
  2⤵
  PID:5132
- C:\Windows\System\HYBlgvQ.exe
  C:\Windows\System\HYBlgvQ.exe
  2⤵
  PID:5168
- C:\Windows\System\ZWPFDiF.exe
  C:\Windows\System\ZWPFDiF.exe
  2⤵
  PID:5204
- C:\Windows\System\feEaQbr.exe
  C:\Windows\System\feEaQbr.exe
  2⤵
  PID:5272
- C:\Windows\System\wsDJBUL.exe
  C:\Windows\System\wsDJBUL.exe
  2⤵
  PID:5284
- C:\Windows\System\HeqEeCC.exe
  C:\Windows\System\HeqEeCC.exe
  2⤵
  PID:5288
- C:\Windows\System\CaBHBpg.exe
  C:\Windows\System\CaBHBpg.exe
  2⤵
  PID:5328
- C:\Windows\System\ERAquTU.exe
  C:\Windows\System\ERAquTU.exe
  2⤵
  PID:2868
- C:\Windows\System\QmYwrAj.exe
  C:\Windows\System\QmYwrAj.exe
  2⤵
  PID:5404
- C:\Windows\System\DZFmSSj.exe
  C:\Windows\System\DZFmSSj.exe
  2⤵
  PID:5432
- C:\Windows\System\FezwdGi.exe
  C:\Windows\System\FezwdGi.exe
  2⤵
  PID:5464
- C:\Windows\System\IJPwZfB.exe
  C:\Windows\System\IJPwZfB.exe
  2⤵
  PID:5492
- C:\Windows\System\fHdfWIX.exe
  C:\Windows\System\fHdfWIX.exe
  2⤵
  PID:5524
- C:\Windows\System\lcJmsPu.exe
  C:\Windows\System\lcJmsPu.exe
  2⤵
  PID:5548
- C:\Windows\System\UAuZmMX.exe
  C:\Windows\System\UAuZmMX.exe
  2⤵
  PID:5592
- C:\Windows\System\PGKJZDi.exe
  C:\Windows\System\PGKJZDi.exe
  2⤵
  PID:5632
- C:\Windows\System\sqkuiYI.exe
  C:\Windows\System\sqkuiYI.exe
  2⤵
  PID:5672
- C:\Windows\System\BmfDqHz.exe
  C:\Windows\System\BmfDqHz.exe
  2⤵
  PID:5692
- C:\Windows\System\TxpNyRg.exe
  C:\Windows\System\TxpNyRg.exe
  2⤵
  PID:2404
- C:\Windows\System\sSHogBk.exe
  C:\Windows\System\sSHogBk.exe
  2⤵
  PID:2336
- C:\Windows\System\iZANOKR.exe
  C:\Windows\System\iZANOKR.exe
  2⤵
  PID:5724
- C:\Windows\System\uawRKhu.exe
  C:\Windows\System\uawRKhu.exe
  2⤵
  PID:5772
- C:\Windows\System\qYXITTc.exe
  C:\Windows\System\qYXITTc.exe
  2⤵
  PID:5812
- C:\Windows\System\nNXPqye.exe
  C:\Windows\System\nNXPqye.exe
  2⤵
  PID:5844
- C:\Windows\System\hjxhyZE.exe
  C:\Windows\System\hjxhyZE.exe
  2⤵
  PID:5868
- C:\Windows\System\pRkhLcm.exe
  C:\Windows\System\pRkhLcm.exe
  2⤵
  PID:5892
- C:\Windows\System\wEKJMmF.exe
  C:\Windows\System\wEKJMmF.exe
  2⤵
  PID:5932
- C:\Windows\System\VnoJWSA.exe
  C:\Windows\System\VnoJWSA.exe
  2⤵
  PID:5984
- C:\Windows\System\AmmrsKV.exe
  C:\Windows\System\AmmrsKV.exe
  2⤵
  PID:6024
- C:\Windows\System\pzHuatG.exe
  C:\Windows\System\pzHuatG.exe
  2⤵
  PID:6044
- C:\Windows\System\GuxpMXJ.exe
  C:\Windows\System\GuxpMXJ.exe
  2⤵
  PID:6068
- C:\Windows\System\tNFgnrr.exe
  C:\Windows\System\tNFgnrr.exe
  2⤵
  PID:6112
- C:\Windows\System\GjWkVHg.exe
  C:\Windows\System\GjWkVHg.exe
  2⤵
  PID:2736
- C:\Windows\System\DznYqII.exe
  C:\Windows\System\DznYqII.exe
  2⤵
  PID:4932
- C:\Windows\System\dAnFVyC.exe
  C:\Windows\System\dAnFVyC.exe
  2⤵
  PID:5104
- C:\Windows\System\dlbszhr.exe
  C:\Windows\System\dlbszhr.exe
  2⤵
  PID:4188
- C:\Windows\System\lCbCqul.exe
  C:\Windows\System\lCbCqul.exe
  2⤵
  PID:4312
- C:\Windows\System\JtPAOEF.exe
  C:\Windows\System\JtPAOEF.exe
  2⤵
  PID:4524
- C:\Windows\System\PlxuUsQ.exe
  C:\Windows\System\PlxuUsQ.exe
  2⤵
  PID:5152
- C:\Windows\System\pKhfaom.exe
  C:\Windows\System\pKhfaom.exe
  2⤵
  PID:5172
- C:\Windows\System\qItrmfp.exe
  C:\Windows\System\qItrmfp.exe
  2⤵
  PID:5228
- C:\Windows\System\nQgLgBi.exe
  C:\Windows\System\nQgLgBi.exe
  2⤵
  PID:5312
- C:\Windows\System\zhmSzrW.exe
  C:\Windows\System\zhmSzrW.exe
  2⤵
  PID:5344
- C:\Windows\System\amthJBu.exe
  C:\Windows\System\amthJBu.exe
  2⤵
  PID:5384
- C:\Windows\System\oOWNIdX.exe
  C:\Windows\System\oOWNIdX.exe
  2⤵
  PID:2940
- C:\Windows\System\ArzlhSB.exe
  C:\Windows\System\ArzlhSB.exe
  2⤵
  PID:5484
- C:\Windows\System\MCNrFUh.exe
  C:\Windows\System\MCNrFUh.exe
  2⤵
  PID:5572
- C:\Windows\System\PbSEahb.exe
  C:\Windows\System\PbSEahb.exe
  2⤵
  PID:5584
- C:\Windows\System\sUQmuvV.exe
  C:\Windows\System\sUQmuvV.exe
  2⤵
  PID:5612
- C:\Windows\System\ozeDZTf.exe
  C:\Windows\System\ozeDZTf.exe
  2⤵
  PID:5648
- C:\Windows\System\PtVLdch.exe
  C:\Windows\System\PtVLdch.exe
  2⤵
  PID:5684
- C:\Windows\System\DpuGFGr.exe
  C:\Windows\System\DpuGFGr.exe
  2⤵
  PID:844
- C:\Windows\System\UyIjFbq.exe
  C:\Windows\System\UyIjFbq.exe
  2⤵
  PID:5788
- C:\Windows\System\TPGaEhY.exe
  C:\Windows\System\TPGaEhY.exe
  2⤵
  PID:2808
- C:\Windows\System\WBwDnUh.exe
  C:\Windows\System\WBwDnUh.exe
  2⤵
  PID:5872
- C:\Windows\System\jOysRYm.exe
  C:\Windows\System\jOysRYm.exe
  2⤵
  PID:5952
- C:\Windows\System\xbUaoCf.exe
  C:\Windows\System\xbUaoCf.exe
  2⤵
  PID:6004
- C:\Windows\System\QgMsezO.exe
  C:\Windows\System\QgMsezO.exe
  2⤵
  PID:6012
- C:\Windows\System\ROMiHvb.exe
  C:\Windows\System\ROMiHvb.exe
  2⤵
  PID:6048
- C:\Windows\System\swczDzi.exe
  C:\Windows\System\swczDzi.exe
  2⤵
  PID:6128
- C:\Windows\System\kXVdjxX.exe
  C:\Windows\System\kXVdjxX.exe
  2⤵
  PID:5068
- C:\Windows\System\PkrWXmj.exe
  C:\Windows\System\PkrWXmj.exe
  2⤵
  PID:4124
- C:\Windows\System\ZYqNwIc.exe
  C:\Windows\System\ZYqNwIc.exe
  2⤵
  PID:4504
- C:\Windows\System\wsIhYcu.exe
  C:\Windows\System\wsIhYcu.exe
  2⤵
  PID:5148
- C:\Windows\System\MIQzQhS.exe
  C:\Windows\System\MIQzQhS.exe
  2⤵
  PID:5232
- C:\Windows\System\sOezkVI.exe
  C:\Windows\System\sOezkVI.exe
  2⤵
  PID:5308
- C:\Windows\System\fnZSfkn.exe
  C:\Windows\System\fnZSfkn.exe
  2⤵
  PID:2616
- C:\Windows\System\bXXPMOm.exe
  C:\Windows\System\bXXPMOm.exe
  2⤵
  PID:5512
- C:\Windows\System\opqXwkE.exe
  C:\Windows\System\opqXwkE.exe
  2⤵
  PID:5568
- C:\Windows\System\SDwyBqB.exe
  C:\Windows\System\SDwyBqB.exe
  2⤵
  PID:5644
- C:\Windows\System\zdYLWZn.exe
  C:\Windows\System\zdYLWZn.exe
  2⤵
  PID:6160
- C:\Windows\System\tEcCCUt.exe
  C:\Windows\System\tEcCCUt.exe
  2⤵
  PID:6180
- C:\Windows\System\vMJlClg.exe
  C:\Windows\System\vMJlClg.exe
  2⤵
  PID:6200
- C:\Windows\System\IZZCyee.exe
  C:\Windows\System\IZZCyee.exe
  2⤵
  PID:6220
- C:\Windows\System\kLsjAUj.exe
  C:\Windows\System\kLsjAUj.exe
  2⤵
  PID:6240
- C:\Windows\System\mvUxNuf.exe
  C:\Windows\System\mvUxNuf.exe
  2⤵
  PID:6260
- C:\Windows\System\zMpGnJw.exe
  C:\Windows\System\zMpGnJw.exe
  2⤵
  PID:6280
- C:\Windows\System\bWwGQMu.exe
  C:\Windows\System\bWwGQMu.exe
  2⤵
  PID:6300
- C:\Windows\System\sqBnrXV.exe
  C:\Windows\System\sqBnrXV.exe
  2⤵
  PID:6320
- C:\Windows\System\iSFMkKG.exe
  C:\Windows\System\iSFMkKG.exe
  2⤵
  PID:6340
- C:\Windows\System\DjzradX.exe
  C:\Windows\System\DjzradX.exe
  2⤵
  PID:6360
- C:\Windows\System\XmNgpVK.exe
  C:\Windows\System\XmNgpVK.exe
  2⤵
  PID:6380
- C:\Windows\System\ANqofPd.exe
  C:\Windows\System\ANqofPd.exe
  2⤵
  PID:6404
- C:\Windows\System\dvvffXI.exe
  C:\Windows\System\dvvffXI.exe
  2⤵
  PID:6424
- C:\Windows\System\PNIuUWa.exe
  C:\Windows\System\PNIuUWa.exe
  2⤵
  PID:6444
- C:\Windows\System\baptOAv.exe
  C:\Windows\System\baptOAv.exe
  2⤵
  PID:6464
- C:\Windows\System\kOnpHRX.exe
  C:\Windows\System\kOnpHRX.exe
  2⤵
  PID:6484
- C:\Windows\System\zHJNzvM.exe
  C:\Windows\System\zHJNzvM.exe
  2⤵
  PID:6504
- C:\Windows\System\GAIvOZi.exe
  C:\Windows\System\GAIvOZi.exe
  2⤵
  PID:6524
- C:\Windows\System\pCcaGrf.exe
  C:\Windows\System\pCcaGrf.exe
  2⤵
  PID:6544
- C:\Windows\System\vdbzlhR.exe
  C:\Windows\System\vdbzlhR.exe
  2⤵
  PID:6564
- C:\Windows\System\iiAqKub.exe
  C:\Windows\System\iiAqKub.exe
  2⤵
  PID:6584
- C:\Windows\System\AmPjcCq.exe
  C:\Windows\System\AmPjcCq.exe
  2⤵
  PID:6604
- C:\Windows\System\mCAzrET.exe
  C:\Windows\System\mCAzrET.exe
  2⤵
  PID:6624
- C:\Windows\System\vPpaFlv.exe
  C:\Windows\System\vPpaFlv.exe
  2⤵
  PID:6644
- C:\Windows\System\YFkSxqd.exe
  C:\Windows\System\YFkSxqd.exe
  2⤵
  PID:6664
- C:\Windows\System\OxyWxNO.exe
  C:\Windows\System\OxyWxNO.exe
  2⤵
  PID:6684
- C:\Windows\System\DcjMyak.exe
  C:\Windows\System\DcjMyak.exe
  2⤵
  PID:6704
- C:\Windows\System\ToBtKZu.exe
  C:\Windows\System\ToBtKZu.exe
  2⤵
  PID:6724
- C:\Windows\System\agoBMRd.exe
  C:\Windows\System\agoBMRd.exe
  2⤵
  PID:6744
- C:\Windows\System\VIzsmzI.exe
  C:\Windows\System\VIzsmzI.exe
  2⤵
  PID:6764
- C:\Windows\System\PVRjPhF.exe
  C:\Windows\System\PVRjPhF.exe
  2⤵
  PID:6784
- C:\Windows\System\nLcnpzo.exe
  C:\Windows\System\nLcnpzo.exe
  2⤵
  PID:6804
- C:\Windows\System\WEpuXyY.exe
  C:\Windows\System\WEpuXyY.exe
  2⤵
  PID:6824
- C:\Windows\System\HQoIEHx.exe
  C:\Windows\System\HQoIEHx.exe
  2⤵
  PID:6844
- C:\Windows\System\NoXKPDo.exe
  C:\Windows\System\NoXKPDo.exe
  2⤵
  PID:6864
- C:\Windows\System\MkleJoL.exe
  C:\Windows\System\MkleJoL.exe
  2⤵
  PID:6884
- C:\Windows\System\cDWMUgE.exe
  C:\Windows\System\cDWMUgE.exe
  2⤵
  PID:6904
- C:\Windows\System\IGGFxSF.exe
  C:\Windows\System\IGGFxSF.exe
  2⤵
  PID:6924
- C:\Windows\System\pvolQiF.exe
  C:\Windows\System\pvolQiF.exe
  2⤵
  PID:6944
- C:\Windows\System\pZpVYgJ.exe
  C:\Windows\System\pZpVYgJ.exe
  2⤵
  PID:6964
- C:\Windows\System\sNkShqP.exe
  C:\Windows\System\sNkShqP.exe
  2⤵
  PID:6984
- C:\Windows\System\TNYirJd.exe
  C:\Windows\System\TNYirJd.exe
  2⤵
  PID:7004
- C:\Windows\System\NnHZrUH.exe
  C:\Windows\System\NnHZrUH.exe
  2⤵
  PID:7024
- C:\Windows\System\gVTBIqD.exe
  C:\Windows\System\gVTBIqD.exe
  2⤵
  PID:7044
- C:\Windows\System\ezEZjOK.exe
  C:\Windows\System\ezEZjOK.exe
  2⤵
  PID:7064
- C:\Windows\System\muiTqoi.exe
  C:\Windows\System\muiTqoi.exe
  2⤵
  PID:7084
- C:\Windows\System\KWbcpyD.exe
  C:\Windows\System\KWbcpyD.exe
  2⤵
  PID:7104
- C:\Windows\System\rZMWTGc.exe
  C:\Windows\System\rZMWTGc.exe
  2⤵
  PID:7124
- C:\Windows\System\fAJJAVC.exe
  C:\Windows\System\fAJJAVC.exe
  2⤵
  PID:7144
- C:\Windows\System\vRhcnUJ.exe
  C:\Windows\System\vRhcnUJ.exe
  2⤵
  PID:5704
- C:\Windows\System\dCuvzry.exe
  C:\Windows\System\dCuvzry.exe
  2⤵
  PID:1384
- C:\Windows\System\qdvRbxm.exe
  C:\Windows\System\qdvRbxm.exe
  2⤵
  PID:5784
- C:\Windows\System\EdQeEzB.exe
  C:\Windows\System\EdQeEzB.exe
  2⤵
  PID:5832
- C:\Windows\System\kediidY.exe
  C:\Windows\System\kediidY.exe
  2⤵
  PID:5884
- C:\Windows\System\yVbvrkz.exe
  C:\Windows\System\yVbvrkz.exe
  2⤵
  PID:2784
- C:\Windows\System\wHIKvYY.exe
  C:\Windows\System\wHIKvYY.exe
  2⤵
  PID:4920
- C:\Windows\System\lWePhuZ.exe
  C:\Windows\System\lWePhuZ.exe
  2⤵
  PID:4264
- C:\Windows\System\ATtjBAq.exe
  C:\Windows\System\ATtjBAq.exe
  2⤵
  PID:4760
- C:\Windows\System\LGmcrzd.exe
  C:\Windows\System\LGmcrzd.exe
  2⤵
  PID:5188
- C:\Windows\System\ZkoMKIN.exe
  C:\Windows\System\ZkoMKIN.exe
  2⤵
  PID:5368
- C:\Windows\System\RDlfowb.exe
  C:\Windows\System\RDlfowb.exe
  2⤵
  PID:5444
- C:\Windows\System\VfIwKnm.exe
  C:\Windows\System\VfIwKnm.exe
  2⤵
  PID:5624
- C:\Windows\System\NzGcKMn.exe
  C:\Windows\System\NzGcKMn.exe
  2⤵
  PID:6176
- C:\Windows\System\iqXZTjv.exe
  C:\Windows\System\iqXZTjv.exe
  2⤵
  PID:6208
- C:\Windows\System\KGkSpiI.exe
  C:\Windows\System\KGkSpiI.exe
  2⤵
  PID:6232
- C:\Windows\System\VPuaDUN.exe
  C:\Windows\System\VPuaDUN.exe
  2⤵
  PID:6276
- C:\Windows\System\Wahszqu.exe
  C:\Windows\System\Wahszqu.exe
  2⤵
  PID:6388
- C:\Windows\System\zwaPUIY.exe
  C:\Windows\System\zwaPUIY.exe
  2⤵
  PID:6412
- C:\Windows\System\jGtpwBF.exe
  C:\Windows\System\jGtpwBF.exe
  2⤵
  PID:6436
- C:\Windows\System\yoEvLyq.exe
  C:\Windows\System\yoEvLyq.exe
  2⤵
  PID:6480
- C:\Windows\System\enQnyLO.exe
  C:\Windows\System\enQnyLO.exe
  2⤵
  PID:6512
- C:\Windows\System\HKvcoln.exe
  C:\Windows\System\HKvcoln.exe
  2⤵
  PID:6560
- C:\Windows\System\VOSfqWB.exe
  C:\Windows\System\VOSfqWB.exe
  2⤵
  PID:6580
- C:\Windows\System\WhLVxTp.exe
  C:\Windows\System\WhLVxTp.exe
  2⤵
  PID:6596
- C:\Windows\System\fJODcyD.exe
  C:\Windows\System\fJODcyD.exe
  2⤵
  PID:6636
- C:\Windows\System\NAMtzmY.exe
  C:\Windows\System\NAMtzmY.exe
  2⤵
  PID:6656
- C:\Windows\System\ZGnSPSo.exe
  C:\Windows\System\ZGnSPSo.exe
  2⤵
  PID:6712
- C:\Windows\System\iuUhmSh.exe
  C:\Windows\System\iuUhmSh.exe
  2⤵
  PID:6732
- C:\Windows\System\uVbVxOj.exe
  C:\Windows\System\uVbVxOj.exe
  2⤵
  PID:6772
- C:\Windows\System\YVrpTPK.exe
  C:\Windows\System\YVrpTPK.exe
  2⤵
  PID:6776
- C:\Windows\System\jQpTXxK.exe
  C:\Windows\System\jQpTXxK.exe
  2⤵
  PID:6820
- C:\Windows\System\CcQtLCz.exe
  C:\Windows\System\CcQtLCz.exe
  2⤵
  PID:6880
- C:\Windows\System\TxAskQR.exe
  C:\Windows\System\TxAskQR.exe
  2⤵
  PID:6912
- C:\Windows\System\TaleBBg.exe
  C:\Windows\System\TaleBBg.exe
  2⤵
  PID:6932
- C:\Windows\System\hOYenqC.exe
  C:\Windows\System\hOYenqC.exe
  2⤵
  PID:6936
- C:\Windows\System\HsruXuL.exe
  C:\Windows\System\HsruXuL.exe
  2⤵
  PID:6992
- C:\Windows\System\WZPsSRf.exe
  C:\Windows\System\WZPsSRf.exe
  2⤵
  PID:7032
- C:\Windows\System\zSthPvm.exe
  C:\Windows\System\zSthPvm.exe
  2⤵
  PID:7040
- C:\Windows\System\TwmktnH.exe
  C:\Windows\System\TwmktnH.exe
  2⤵
  PID:7056
- C:\Windows\System\qUckgUY.exe
  C:\Windows\System\qUckgUY.exe
  2⤵
  PID:7112
- C:\Windows\System\lXTnFwK.exe
  C:\Windows\System\lXTnFwK.exe
  2⤵
  PID:2728
- C:\Windows\System\tRgpaxJ.exe
  C:\Windows\System\tRgpaxJ.exe
  2⤵
  PID:7160
- C:\Windows\System\FIfcmOk.exe
  C:\Windows\System\FIfcmOk.exe
  2⤵
  PID:2272
- C:\Windows\System\ILvEfpd.exe
  C:\Windows\System\ILvEfpd.exe
  2⤵
  PID:5824
- C:\Windows\System\rZUUBAh.exe
  C:\Windows\System\rZUUBAh.exe
  2⤵
  PID:5964
- C:\Windows\System\FKOLTWU.exe
  C:\Windows\System\FKOLTWU.exe
  2⤵
  PID:6124
- C:\Windows\System\kOqYLBF.exe
  C:\Windows\System\kOqYLBF.exe
  2⤵
  PID:4972
- C:\Windows\System\DYoZgJN.exe
  C:\Windows\System\DYoZgJN.exe
  2⤵
  PID:5192
- C:\Windows\System\pOwsxVG.exe
  C:\Windows\System\pOwsxVG.exe
  2⤵
  PID:5248
- C:\Windows\System\JKeqxHj.exe
  C:\Windows\System\JKeqxHj.exe
  2⤵
  PID:5488
- C:\Windows\System\rJupMPm.exe
  C:\Windows\System\rJupMPm.exe
  2⤵
  PID:6168
- C:\Windows\System\REQgCyf.exe
  C:\Windows\System\REQgCyf.exe
  2⤵
  PID:6212
- C:\Windows\System\quPyVMw.exe
  C:\Windows\System\quPyVMw.exe
  2⤵
  PID:6252
- C:\Windows\System\YhRZoQe.exe
  C:\Windows\System\YhRZoQe.exe
  2⤵
  PID:6308
- C:\Windows\System\VuXiNdC.exe
  C:\Windows\System\VuXiNdC.exe
  2⤵
  PID:4120
- C:\Windows\System\ySZyrkt.exe
  C:\Windows\System\ySZyrkt.exe
  2⤵
  PID:2636
- C:\Windows\System\AYQVSxs.exe
  C:\Windows\System\AYQVSxs.exe
  2⤵
  PID:2664
- C:\Windows\System\lAFwpWs.exe
  C:\Windows\System\lAFwpWs.exe
  2⤵
  PID:1364
- C:\Windows\System\umRTdqt.exe
  C:\Windows\System\umRTdqt.exe
  2⤵
  PID:1688
- C:\Windows\System\ChTRyGf.exe
  C:\Windows\System\ChTRyGf.exe
  2⤵
  PID:2704
- C:\Windows\System\oilDhoo.exe
  C:\Windows\System\oilDhoo.exe
  2⤵
  PID:2828
- C:\Windows\System\yrzbMAo.exe
  C:\Windows\System\yrzbMAo.exe
  2⤵
  PID:2712
- C:\Windows\System\zthlFkV.exe
  C:\Windows\System\zthlFkV.exe
  2⤵
  PID:1464
- C:\Windows\System\ebcqAQF.exe
  C:\Windows\System\ebcqAQF.exe
  2⤵
  PID:2416
- C:\Windows\System\sRzpLve.exe
  C:\Windows\System\sRzpLve.exe
  2⤵
  PID:2592
- C:\Windows\System\YQBYGMJ.exe
  C:\Windows\System\YQBYGMJ.exe
  2⤵
  PID:264
- C:\Windows\System\KcbjoTi.exe
  C:\Windows\System\KcbjoTi.exe
  2⤵
  PID:1520
- C:\Windows\System\qDMHaVu.exe
  C:\Windows\System\qDMHaVu.exe
  2⤵
  PID:2952
- C:\Windows\System\AuEZtkT.exe
  C:\Windows\System\AuEZtkT.exe
  2⤵
  PID:1532
- C:\Windows\System\dqpVbPd.exe
  C:\Windows\System\dqpVbPd.exe
  2⤵
  PID:6460
- C:\Windows\System\eTelBta.exe
  C:\Windows\System\eTelBta.exe
  2⤵
  PID:6432
- C:\Windows\System\MVvLJxp.exe
  C:\Windows\System\MVvLJxp.exe
  2⤵
  PID:6440
- C:\Windows\System\xPKoHdT.exe
  C:\Windows\System\xPKoHdT.exe
  2⤵
  PID:6552
- C:\Windows\System\rIQbONW.exe
  C:\Windows\System\rIQbONW.exe
  2⤵
  PID:6660
- C:\Windows\System\BjqOfyI.exe
  C:\Windows\System\BjqOfyI.exe
  2⤵
  PID:6840
- C:\Windows\System\BbFHkDt.exe
  C:\Windows\System\BbFHkDt.exe
  2⤵
  PID:6940
- C:\Windows\System\QjeTysh.exe
  C:\Windows\System\QjeTysh.exe
  2⤵
  PID:7072
- C:\Windows\System\sIJGEOU.exe
  C:\Windows\System\sIJGEOU.exe
  2⤵
  PID:7116
- C:\Windows\System\DwWLNef.exe
  C:\Windows\System\DwWLNef.exe
  2⤵
  PID:5828
- C:\Windows\System\UAtDDkE.exe
  C:\Windows\System\UAtDDkE.exe
  2⤵
  PID:4896
- C:\Windows\System\HtwxPaT.exe
  C:\Windows\System\HtwxPaT.exe
  2⤵
  PID:5532
- C:\Windows\System\KwlXvyr.exe
  C:\Windows\System\KwlXvyr.exe
  2⤵
  PID:3328
- C:\Windows\System\tUoMkoA.exe
  C:\Windows\System\tUoMkoA.exe
  2⤵
  PID:4680
- C:\Windows\System\CcCTYiN.exe
  C:\Windows\System\CcCTYiN.exe
  2⤵
  PID:1804
- C:\Windows\System\NnWkukM.exe
  C:\Windows\System\NnWkukM.exe
  2⤵
  PID:2488
- C:\Windows\System\jPcoWiT.exe
  C:\Windows\System\jPcoWiT.exe
  2⤵
  PID:940
- C:\Windows\System\xVAnKzM.exe
  C:\Windows\System\xVAnKzM.exe
  2⤵
  PID:2236
- C:\Windows\System\xeUYezK.exe
  C:\Windows\System\xeUYezK.exe
  2⤵
  PID:2180
- C:\Windows\System\BAWIjHg.exe
  C:\Windows\System\BAWIjHg.exe
  2⤵
  PID:1608
- C:\Windows\System\KPzCtmz.exe
  C:\Windows\System\KPzCtmz.exe
  2⤵
  PID:1792
- C:\Windows\System\bKyPXYe.exe
  C:\Windows\System\bKyPXYe.exe
  2⤵
  PID:2320
- C:\Windows\System\zerbxVw.exe
  C:\Windows\System\zerbxVw.exe
  2⤵
  PID:4208
- C:\Windows\System\gISeaxC.exe
  C:\Windows\System\gISeaxC.exe
  2⤵
  PID:2640
- C:\Windows\System\SxVEsoT.exe
  C:\Windows\System\SxVEsoT.exe
  2⤵
  PID:7092
- C:\Windows\System\XBmvZoC.exe
  C:\Windows\System\XBmvZoC.exe
  2⤵
  PID:6196
- C:\Windows\System\rDVIbkz.exe
  C:\Windows\System\rDVIbkz.exe
  2⤵
  PID:6052
- C:\Windows\System\cpKuDqV.exe
  C:\Windows\System\cpKuDqV.exe
  2⤵
  PID:7016
- C:\Windows\System\GGtaeci.exe
  C:\Windows\System\GGtaeci.exe
  2⤵
  PID:6896
- C:\Windows\System\iTSYfaL.exe
  C:\Windows\System\iTSYfaL.exe
  2⤵
  PID:6792
- C:\Windows\System\cTaITdu.exe
  C:\Windows\System\cTaITdu.exe
  2⤵
  PID:6616
- C:\Windows\System\XovzjMi.exe
  C:\Windows\System\XovzjMi.exe
  2⤵
  PID:6456
- C:\Windows\System\pvwgkBy.exe
  C:\Windows\System\pvwgkBy.exe
  2⤵
  PID:1492
- C:\Windows\System\DbgrMNZ.exe
  C:\Windows\System\DbgrMNZ.exe
  2⤵
  PID:6720
- C:\Windows\System\qmWCYld.exe
  C:\Windows\System\qmWCYld.exe
  2⤵
  PID:6600
- C:\Windows\System\GDiQZCB.exe
  C:\Windows\System\GDiQZCB.exe
  2⤵
  PID:7012
- C:\Windows\System\PFZuLLf.exe
  C:\Windows\System\PFZuLLf.exe
  2⤵
  PID:5332
- C:\Windows\System\OVWeoVM.exe
  C:\Windows\System\OVWeoVM.exe
  2⤵
  PID:2572
- C:\Windows\System\YvJPLOO.exe
  C:\Windows\System\YvJPLOO.exe
  2⤵
  PID:2492
- C:\Windows\System\udctBID.exe
  C:\Windows\System\udctBID.exe
  2⤵
  PID:6192
- C:\Windows\System\KbrKYQS.exe
  C:\Windows\System\KbrKYQS.exe
  2⤵
  PID:6572
- C:\Windows\System\FssQsSF.exe
  C:\Windows\System\FssQsSF.exe
  2⤵
  PID:5748
- C:\Windows\System\QwGznQA.exe
  C:\Windows\System\QwGznQA.exe
  2⤵
  PID:1196
- C:\Windows\System\XGIYwmy.exe
  C:\Windows\System\XGIYwmy.exe
  2⤵
  PID:6812
- C:\Windows\System\LBonPsW.exe
  C:\Windows\System\LBonPsW.exe
  2⤵
  PID:5508
- C:\Windows\System\RRJRcFy.exe
  C:\Windows\System\RRJRcFy.exe
  2⤵
  PID:6852
- C:\Windows\System\BMStGen.exe
  C:\Windows\System\BMStGen.exe
  2⤵
  PID:6716
- C:\Windows\System\vEfjdDa.exe
  C:\Windows\System\vEfjdDa.exe
  2⤵
  PID:7180
- C:\Windows\System\mjvknXk.exe
  C:\Windows\System\mjvknXk.exe
  2⤵
  PID:7196
- C:\Windows\System\rHkWwJz.exe
  C:\Windows\System\rHkWwJz.exe
  2⤵
  PID:7212
- C:\Windows\System\JTWHFEQ.exe
  C:\Windows\System\JTWHFEQ.exe
  2⤵
  PID:7228
- C:\Windows\System\xrvMhKS.exe
  C:\Windows\System\xrvMhKS.exe
  2⤵
  PID:7244
- C:\Windows\System\CfRjcTY.exe
  C:\Windows\System\CfRjcTY.exe
  2⤵
  PID:7260
- C:\Windows\System\JDtTjKN.exe
  C:\Windows\System\JDtTjKN.exe
  2⤵
  PID:7276
- C:\Windows\System\wZUHDjk.exe
  C:\Windows\System\wZUHDjk.exe
  2⤵
  PID:7292
- C:\Windows\System\uMdmLMh.exe
  C:\Windows\System\uMdmLMh.exe
  2⤵
  PID:7328
- C:\Windows\System\zbdDMtN.exe
  C:\Windows\System\zbdDMtN.exe
  2⤵
  PID:7348
- C:\Windows\System\jCmLEJD.exe
  C:\Windows\System\jCmLEJD.exe
  2⤵
  PID:7368
- C:\Windows\System\RJUaXOB.exe
  C:\Windows\System\RJUaXOB.exe
  2⤵
  PID:7384
- C:\Windows\System\umoagCE.exe
  C:\Windows\System\umoagCE.exe
  2⤵
  PID:7400
- C:\Windows\System\dCvEmFf.exe
  C:\Windows\System\dCvEmFf.exe
  2⤵
  PID:7416
- C:\Windows\System\iAFSFGP.exe
  C:\Windows\System\iAFSFGP.exe
  2⤵
  PID:7432
- C:\Windows\System\SdftCod.exe
  C:\Windows\System\SdftCod.exe
  2⤵
  PID:7452
- C:\Windows\System\AizocCC.exe
  C:\Windows\System\AizocCC.exe
  2⤵
  PID:7468
- C:\Windows\System\McBaHng.exe
  C:\Windows\System\McBaHng.exe
  2⤵
  PID:7484
- C:\Windows\System\QgDhGeP.exe
  C:\Windows\System\QgDhGeP.exe
  2⤵
  PID:7500
- C:\Windows\System\sqiYmXI.exe
  C:\Windows\System\sqiYmXI.exe
  2⤵
  PID:7516
- C:\Windows\System\sywvbCC.exe
  C:\Windows\System\sywvbCC.exe
  2⤵
  PID:7532
- C:\Windows\System\FIZGpwW.exe
  C:\Windows\System\FIZGpwW.exe
  2⤵
  PID:7548
- C:\Windows\System\wmWXDwr.exe
  C:\Windows\System\wmWXDwr.exe
  2⤵
  PID:7564
- C:\Windows\System\KsZRfNJ.exe
  C:\Windows\System\KsZRfNJ.exe
  2⤵
  PID:7580
- C:\Windows\System\oPXGPNJ.exe
  C:\Windows\System\oPXGPNJ.exe
  2⤵
  PID:7596
- C:\Windows\System\fAiqyUf.exe
  C:\Windows\System\fAiqyUf.exe
  2⤵
  PID:7612
- C:\Windows\System\USMJsMh.exe
  C:\Windows\System\USMJsMh.exe
  2⤵
  PID:7628
- C:\Windows\System\HWRycub.exe
  C:\Windows\System\HWRycub.exe
  2⤵
  PID:7644
- C:\Windows\System\ilGFIFt.exe
  C:\Windows\System\ilGFIFt.exe
  2⤵
  PID:7660
- C:\Windows\System\CcWUodq.exe
  C:\Windows\System\CcWUodq.exe
  2⤵
  PID:7676
- C:\Windows\System\OHfhoat.exe
  C:\Windows\System\OHfhoat.exe
  2⤵
  PID:7692
- C:\Windows\System\xLsaluG.exe
  C:\Windows\System\xLsaluG.exe
  2⤵
  PID:7708
- C:\Windows\System\skIJNCl.exe
  C:\Windows\System\skIJNCl.exe
  2⤵
  PID:7724
- C:\Windows\System\ymceQTU.exe
  C:\Windows\System\ymceQTU.exe
  2⤵
  PID:7740
- C:\Windows\System\AQfjoPB.exe
  C:\Windows\System\AQfjoPB.exe
  2⤵
  PID:7756
- C:\Windows\System\UjHfxky.exe
  C:\Windows\System\UjHfxky.exe
  2⤵
  PID:7772
- C:\Windows\System\lCJgqbf.exe
  C:\Windows\System\lCJgqbf.exe
  2⤵
  PID:7788
- C:\Windows\System\bmkPxwN.exe
  C:\Windows\System\bmkPxwN.exe
  2⤵
  PID:7804
- C:\Windows\System\uYkDbZZ.exe
  C:\Windows\System\uYkDbZZ.exe
  2⤵
  PID:7820
- C:\Windows\System\qClEnfI.exe
  C:\Windows\System\qClEnfI.exe
  2⤵
  PID:7836
- C:\Windows\System\KCCHlps.exe
  C:\Windows\System\KCCHlps.exe
  2⤵
  PID:7852
- C:\Windows\System\yITVQhc.exe
  C:\Windows\System\yITVQhc.exe
  2⤵
  PID:7868
- C:\Windows\System\jiPORyS.exe
  C:\Windows\System\jiPORyS.exe
  2⤵
  PID:7884
- C:\Windows\System\oLQnxlj.exe
  C:\Windows\System\oLQnxlj.exe
  2⤵
  PID:7900
- C:\Windows\System\iboeOnJ.exe
  C:\Windows\System\iboeOnJ.exe
  2⤵
  PID:7916
- C:\Windows\System\ZeaKqHP.exe
  C:\Windows\System\ZeaKqHP.exe
  2⤵
  PID:7932
- C:\Windows\System\irYhwxN.exe
  C:\Windows\System\irYhwxN.exe
  2⤵
  PID:7952
- C:\Windows\System\cEAITcO.exe
  C:\Windows\System\cEAITcO.exe
  2⤵
  PID:7968
- C:\Windows\System\RmAVCwl.exe
  C:\Windows\System\RmAVCwl.exe
  2⤵
  PID:7984
- C:\Windows\System\JxytqCr.exe
  C:\Windows\System\JxytqCr.exe
  2⤵
  PID:8000
- C:\Windows\System\KGnjUQx.exe
  C:\Windows\System\KGnjUQx.exe
  2⤵
  PID:8016
- C:\Windows\System\mXGGXMV.exe
  C:\Windows\System\mXGGXMV.exe
  2⤵
  PID:8032
- C:\Windows\System\sxYotTQ.exe
  C:\Windows\System\sxYotTQ.exe
  2⤵
  PID:8052
- C:\Windows\System\pgLIfjR.exe
  C:\Windows\System\pgLIfjR.exe
  2⤵
  PID:8068
- C:\Windows\System\eFzyitl.exe
  C:\Windows\System\eFzyitl.exe
  2⤵
  PID:8084
- C:\Windows\System\DtHcoid.exe
  C:\Windows\System\DtHcoid.exe
  2⤵
  PID:8100
- C:\Windows\System\NQlSUiZ.exe
  C:\Windows\System\NQlSUiZ.exe
  2⤵
  PID:8116
- C:\Windows\System\AyczCGF.exe
  C:\Windows\System\AyczCGF.exe
  2⤵
  PID:8132
- C:\Windows\System\eCrMktF.exe
  C:\Windows\System\eCrMktF.exe
  2⤵
  PID:8148
- C:\Windows\System\VrgWHkX.exe
  C:\Windows\System\VrgWHkX.exe
  2⤵
  PID:8164
- C:\Windows\System\PDAbLnX.exe
  C:\Windows\System\PDAbLnX.exe
  2⤵
  PID:8180
- C:\Windows\System\gKTMTaM.exe
  C:\Windows\System\gKTMTaM.exe
  2⤵
  PID:1328
- C:\Windows\System\VbHsPDM.exe
  C:\Windows\System\VbHsPDM.exe
  2⤵
  PID:6836
- C:\Windows\System\udDBbeR.exe
  C:\Windows\System\udDBbeR.exe
  2⤵
  PID:2848
- C:\Windows\System\AKIFOkr.exe
  C:\Windows\System\AKIFOkr.exe
  2⤵
  PID:6960
- C:\Windows\System\CLtmDaP.exe
  C:\Windows\System\CLtmDaP.exe
  2⤵
  PID:7268
- C:\Windows\System\oUNnyjc.exe
  C:\Windows\System\oUNnyjc.exe
  2⤵
  PID:7176
- C:\Windows\System\xclEFyS.exe
  C:\Windows\System\xclEFyS.exe
  2⤵
  PID:7272
- C:\Windows\System\kjOVsSt.exe
  C:\Windows\System\kjOVsSt.exe
  2⤵
  PID:772
- C:\Windows\System\sBWaBew.exe
  C:\Windows\System\sBWaBew.exe
  2⤵
  PID:7220
- C:\Windows\System\uGJrxJH.exe
  C:\Windows\System\uGJrxJH.exe
  2⤵
  PID:5408
- C:\Windows\System\JyjfPzP.exe
  C:\Windows\System\JyjfPzP.exe
  2⤵
  PID:6652
- C:\Windows\System\AbBuDlI.exe
  C:\Windows\System\AbBuDlI.exe
  2⤵
  PID:2576
- C:\Windows\System\WAPGBeA.exe
  C:\Windows\System\WAPGBeA.exe
  2⤵
  PID:6972
- C:\Windows\System\DqZNVLw.exe
  C:\Windows\System\DqZNVLw.exe
  2⤵
  PID:7360
- C:\Windows\System\cmJpkds.exe
  C:\Windows\System\cmJpkds.exe
  2⤵
  PID:7428
- C:\Windows\System\JBbGBFX.exe
  C:\Windows\System\JBbGBFX.exe
  2⤵
  PID:7496
- C:\Windows\System\vrqhRjg.exe
  C:\Windows\System\vrqhRjg.exe
  2⤵
  PID:7560
- C:\Windows\System\lSSUGVN.exe
  C:\Windows\System\lSSUGVN.exe
  2⤵
  PID:7440
- C:\Windows\System\pMkDmWl.exe
  C:\Windows\System\pMkDmWl.exe
  2⤵
  PID:7604
- C:\Windows\System\bCarbNf.exe
  C:\Windows\System\bCarbNf.exe
  2⤵
  PID:7412
- C:\Windows\System\xPNzWSA.exe
  C:\Windows\System\xPNzWSA.exe
  2⤵
  PID:7544
- C:\Windows\System\SVNBmMP.exe
  C:\Windows\System\SVNBmMP.exe
  2⤵
  PID:7572
- C:\Windows\System\BQqSOaB.exe
  C:\Windows\System\BQqSOaB.exe
  2⤵
  PID:7720
- C:\Windows\System\iTRMwrf.exe
  C:\Windows\System\iTRMwrf.exe
  2⤵
  PID:7476
- C:\Windows\System\HLrOdsp.exe
  C:\Windows\System\HLrOdsp.exe
  2⤵
  PID:7540
- C:\Windows\System\YaFjnpP.exe
  C:\Windows\System\YaFjnpP.exe
  2⤵
  PID:7732
- C:\Windows\System\CjEmasO.exe
  C:\Windows\System\CjEmasO.exe
  2⤵
  PID:7780
- C:\Windows\System\DKUOnvI.exe
  C:\Windows\System\DKUOnvI.exe
  2⤵
  PID:7832
- C:\Windows\System\ltOYEpa.exe
  C:\Windows\System\ltOYEpa.exe
  2⤵
  PID:7896
- C:\Windows\System\OjITwkJ.exe
  C:\Windows\System\OjITwkJ.exe
  2⤵
  PID:7764
- C:\Windows\System\rzfRYSk.exe
  C:\Windows\System\rzfRYSk.exe
  2⤵
  PID:8024
- C:\Windows\System\vInbZAA.exe
  C:\Windows\System\vInbZAA.exe
  2⤵
  PID:7876
- C:\Windows\System\OgLWsqv.exe
  C:\Windows\System\OgLWsqv.exe
  2⤵
  PID:7940
- C:\Windows\System\VDlhDUD.exe
  C:\Windows\System\VDlhDUD.exe
  2⤵
  PID:8008
- C:\Windows\System\yXAjKKP.exe
  C:\Windows\System\yXAjKKP.exe
  2⤵
  PID:7816
- C:\Windows\System\XAIwGhS.exe
  C:\Windows\System\XAIwGhS.exe
  2⤵
  PID:8044
- C:\Windows\System\eyPbyka.exe
  C:\Windows\System\eyPbyka.exe
  2⤵
  PID:8096
- C:\Windows\System\wazlAUC.exe
  C:\Windows\System\wazlAUC.exe
  2⤵
  PID:6228
- C:\Windows\System\jjCjWzm.exe
  C:\Windows\System\jjCjWzm.exe
  2⤵
  PID:748
- C:\Windows\System\TZHjxTC.exe
  C:\Windows\System\TZHjxTC.exe
  2⤵
  PID:8140
- C:\Windows\System\sApVIQl.exe
  C:\Windows\System\sApVIQl.exe
  2⤵
  PID:6256
- C:\Windows\System\YctqvmF.exe
  C:\Windows\System\YctqvmF.exe
  2⤵
  PID:7172
- C:\Windows\System\YtyzymS.exe
  C:\Windows\System\YtyzymS.exe
  2⤵
  PID:7284
- C:\Windows\System\Bxbhurx.exe
  C:\Windows\System\Bxbhurx.exe
  2⤵
  PID:7364
- C:\Windows\System\UzYRVKr.exe
  C:\Windows\System\UzYRVKr.exe
  2⤵
  PID:7620
- C:\Windows\System\YynHEBQ.exe
  C:\Windows\System\YynHEBQ.exe
  2⤵
  PID:7424
- C:\Windows\System\lWXIpfJ.exe
  C:\Windows\System\lWXIpfJ.exe
  2⤵
  PID:7188
- C:\Windows\System\XjdtFjH.exe
  C:\Windows\System\XjdtFjH.exe
  2⤵
  PID:8160
- C:\Windows\System\JWkHkdE.exe
  C:\Windows\System\JWkHkdE.exe
  2⤵
  PID:7100
- C:\Windows\System\jMgFtMM.exe
  C:\Windows\System\jMgFtMM.exe
  2⤵
  PID:7684
- C:\Windows\System\tixHPLD.exe
  C:\Windows\System\tixHPLD.exe
  2⤵
  PID:7380
- C:\Windows\System\WouNnqW.exe
  C:\Windows\System\WouNnqW.exe
  2⤵
  PID:7448
- C:\Windows\System\rpWEwmR.exe
  C:\Windows\System\rpWEwmR.exe
  2⤵
  PID:7864
- C:\Windows\System\mQLvzGc.exe
  C:\Windows\System\mQLvzGc.exe
  2⤵
  PID:7748
- C:\Windows\System\fAbGbpg.exe
  C:\Windows\System\fAbGbpg.exe
  2⤵
  PID:7960
- C:\Windows\System\VcJKKgJ.exe
  C:\Windows\System\VcJKKgJ.exe
  2⤵
  PID:7976
- C:\Windows\System\IIxCUMe.exe
  C:\Windows\System\IIxCUMe.exe
  2⤵
  PID:2192
- C:\Windows\System\rqQVAAD.exe
  C:\Windows\System\rqQVAAD.exe
  2⤵
  PID:8176
- C:\Windows\System\MhQwQal.exe
  C:\Windows\System\MhQwQal.exe
  2⤵
  PID:8080
- C:\Windows\System\ZksFhdO.exe
  C:\Windows\System\ZksFhdO.exe
  2⤵
  PID:4988
- C:\Windows\System\NGvOXnJ.exe
  C:\Windows\System\NGvOXnJ.exe
  2⤵
  PID:8092
- C:\Windows\System\YnjsNhX.exe
  C:\Windows\System\YnjsNhX.exe
  2⤵
  PID:8064
- C:\Windows\System\rCQxyrQ.exe
  C:\Windows\System\rCQxyrQ.exe
  2⤵
  PID:8128
- C:\Windows\System\NCbwaLp.exe
  C:\Windows\System\NCbwaLp.exe
  2⤵
  PID:7556
- C:\Windows\System\qErOlqd.exe
  C:\Windows\System\qErOlqd.exe
  2⤵
  PID:7716
- C:\Windows\System\fbJRzhS.exe
  C:\Windows\System\fbJRzhS.exe
  2⤵
  PID:7928
- C:\Windows\System\mQjkAqb.exe
  C:\Windows\System\mQjkAqb.exe
  2⤵
  PID:7344
- C:\Windows\System\ZQDUueX.exe
  C:\Windows\System\ZQDUueX.exe
  2⤵
  PID:7800
- C:\Windows\System\jYqqHNc.exe
  C:\Windows\System\jYqqHNc.exe
  2⤵
  PID:7980
- C:\Windows\System\KAAoZLl.exe
  C:\Windows\System\KAAoZLl.exe
  2⤵
  PID:7240
- C:\Windows\System\Ucqyrau.exe
  C:\Windows\System\Ucqyrau.exe
  2⤵
  PID:6516
- C:\Windows\System\lJgpQau.exe
  C:\Windows\System\lJgpQau.exe
  2⤵
  PID:8156
- C:\Windows\System\FzwHIzi.exe
  C:\Windows\System\FzwHIzi.exe
  2⤵
  PID:7704
- C:\Windows\System\xWTkfEZ.exe
  C:\Windows\System\xWTkfEZ.exe
  2⤵
  PID:8200
- C:\Windows\System\HOiFwvL.exe
  C:\Windows\System\HOiFwvL.exe
  2⤵
  PID:8216
- C:\Windows\System\fsHyaID.exe
  C:\Windows\System\fsHyaID.exe
  2⤵
  PID:8232
- C:\Windows\System\HKbXJmn.exe
  C:\Windows\System\HKbXJmn.exe
  2⤵
  PID:8248
- C:\Windows\System\gCkUQLI.exe
  C:\Windows\System\gCkUQLI.exe
  2⤵
  PID:8264
- C:\Windows\System\kjrmniq.exe
  C:\Windows\System\kjrmniq.exe
  2⤵
  PID:8280
- C:\Windows\System\XRJkObY.exe
  C:\Windows\System\XRJkObY.exe
  2⤵
  PID:8296
- C:\Windows\System\gliuOnk.exe
  C:\Windows\System\gliuOnk.exe
  2⤵
  PID:8312
- C:\Windows\System\NWGdToV.exe
  C:\Windows\System\NWGdToV.exe
  2⤵
  PID:8328
- C:\Windows\System\BBtPSVr.exe
  C:\Windows\System\BBtPSVr.exe
  2⤵
  PID:8344
- C:\Windows\System\qCzLPmA.exe
  C:\Windows\System\qCzLPmA.exe
  2⤵
  PID:8360
- C:\Windows\System\UrXBqoY.exe
  C:\Windows\System\UrXBqoY.exe
  2⤵
  PID:8376
- C:\Windows\System\LJkVYxV.exe
  C:\Windows\System\LJkVYxV.exe
  2⤵
  PID:8392
- C:\Windows\System\FpcsUHm.exe
  C:\Windows\System\FpcsUHm.exe
  2⤵
  PID:8408
- C:\Windows\System\BtWgwEI.exe
  C:\Windows\System\BtWgwEI.exe
  2⤵
  PID:8424
- C:\Windows\System\yOCzknT.exe
  C:\Windows\System\yOCzknT.exe
  2⤵
  PID:8440
- C:\Windows\System\fogxYGH.exe
  C:\Windows\System\fogxYGH.exe
  2⤵
  PID:8460
- C:\Windows\System\wkTFIuR.exe
  C:\Windows\System\wkTFIuR.exe
  2⤵
  PID:8476
- C:\Windows\System\GBXPRUH.exe
  C:\Windows\System\GBXPRUH.exe
  2⤵
  PID:8492
- C:\Windows\System\hxVNJXD.exe
  C:\Windows\System\hxVNJXD.exe
  2⤵
  PID:8508
- C:\Windows\System\ToZSjlq.exe
  C:\Windows\System\ToZSjlq.exe
  2⤵
  PID:8524
- C:\Windows\System\qMZcGPF.exe
  C:\Windows\System\qMZcGPF.exe
  2⤵
  PID:8540
- C:\Windows\System\jTzYCmB.exe
  C:\Windows\System\jTzYCmB.exe
  2⤵
  PID:8556
- C:\Windows\System\VDmttdc.exe
  C:\Windows\System\VDmttdc.exe
  2⤵
  PID:8572
- C:\Windows\System\WRaQXiJ.exe
  C:\Windows\System\WRaQXiJ.exe
  2⤵
  PID:8588
- C:\Windows\System\VUYPDZO.exe
  C:\Windows\System\VUYPDZO.exe
  2⤵
  PID:8604
- C:\Windows\System\TTJDQqC.exe
  C:\Windows\System\TTJDQqC.exe
  2⤵
  PID:8620
- C:\Windows\System\lkFLgRd.exe
  C:\Windows\System\lkFLgRd.exe
  2⤵
  PID:8636
- C:\Windows\System\EEAafKZ.exe
  C:\Windows\System\EEAafKZ.exe
  2⤵
  PID:8652
- C:\Windows\System\bfTrRIk.exe
  C:\Windows\System\bfTrRIk.exe
  2⤵
  PID:8668
- C:\Windows\System\TeREUCj.exe
  C:\Windows\System\TeREUCj.exe
  2⤵
  PID:8684
- C:\Windows\System\KKosAyd.exe
  C:\Windows\System\KKosAyd.exe
  2⤵
  PID:8700
- C:\Windows\System\FVVrzvz.exe
  C:\Windows\System\FVVrzvz.exe
  2⤵
  PID:8716
- C:\Windows\System\TxmpVAs.exe
  C:\Windows\System\TxmpVAs.exe
  2⤵
  PID:8732
- C:\Windows\System\betohnW.exe
  C:\Windows\System\betohnW.exe
  2⤵
  PID:8748
- C:\Windows\System\ERUEWub.exe
  C:\Windows\System\ERUEWub.exe
  2⤵
  PID:8764
- C:\Windows\System\EmPosJy.exe
  C:\Windows\System\EmPosJy.exe
  2⤵
  PID:8780
- C:\Windows\System\nQwkger.exe
  C:\Windows\System\nQwkger.exe
  2⤵
  PID:8796
- C:\Windows\System\GMBvYIK.exe
  C:\Windows\System\GMBvYIK.exe
  2⤵
  PID:8812
- C:\Windows\System\RdLVXUT.exe
  C:\Windows\System\RdLVXUT.exe
  2⤵
  PID:8828
- C:\Windows\System\HGcLCKo.exe
  C:\Windows\System\HGcLCKo.exe
  2⤵
  PID:8844
- C:\Windows\System\pmhYjlp.exe
  C:\Windows\System\pmhYjlp.exe
  2⤵
  PID:8860
- C:\Windows\System\PRlJmiT.exe
  C:\Windows\System\PRlJmiT.exe
  2⤵
  PID:8876
- C:\Windows\System\oaTiiLV.exe
  C:\Windows\System\oaTiiLV.exe
  2⤵
  PID:8892
- C:\Windows\System\GKtIAhz.exe
  C:\Windows\System\GKtIAhz.exe
  2⤵
  PID:8908
- C:\Windows\System\XdtSyLb.exe
  C:\Windows\System\XdtSyLb.exe
  2⤵
  PID:8924
- C:\Windows\System\kulnugg.exe
  C:\Windows\System\kulnugg.exe
  2⤵
  PID:8940
- C:\Windows\System\KXZhcDR.exe
  C:\Windows\System\KXZhcDR.exe
  2⤵
  PID:8956
- C:\Windows\System\LEofKfP.exe
  C:\Windows\System\LEofKfP.exe
  2⤵
  PID:8972
- C:\Windows\System\XTgSpme.exe
  C:\Windows\System\XTgSpme.exe
  2⤵
  PID:8988
- C:\Windows\System\AObwTKT.exe
  C:\Windows\System\AObwTKT.exe
  2⤵
  PID:9004
- C:\Windows\System\YMWAZID.exe
  C:\Windows\System\YMWAZID.exe
  2⤵
  PID:9020
- C:\Windows\System\VnpJpXd.exe
  C:\Windows\System\VnpJpXd.exe
  2⤵
  PID:9036
- C:\Windows\System\kUZtTjg.exe
  C:\Windows\System\kUZtTjg.exe
  2⤵
  PID:9052
- C:\Windows\System\VfUppPc.exe
  C:\Windows\System\VfUppPc.exe
  2⤵
  PID:9068
- C:\Windows\System\YhgZarB.exe
  C:\Windows\System\YhgZarB.exe
  2⤵
  PID:9084
- C:\Windows\System\DzBZLTV.exe
  C:\Windows\System\DzBZLTV.exe
  2⤵
  PID:9100
- C:\Windows\System\sAiRRZm.exe
  C:\Windows\System\sAiRRZm.exe
  2⤵
  PID:9116
- C:\Windows\System\ztebwCu.exe
  C:\Windows\System\ztebwCu.exe
  2⤵
  PID:9132
- C:\Windows\System\zbedzfm.exe
  C:\Windows\System\zbedzfm.exe
  2⤵
  PID:9148
- C:\Windows\System\UEcGupY.exe
  C:\Windows\System\UEcGupY.exe
  2⤵
  PID:9164
- C:\Windows\System\MQjlUIL.exe
  C:\Windows\System\MQjlUIL.exe
  2⤵
  PID:9180
- C:\Windows\System\pwVwHRX.exe
  C:\Windows\System\pwVwHRX.exe
  2⤵
  PID:9196
- C:\Windows\System\LVLUGNk.exe
  C:\Windows\System\LVLUGNk.exe
  2⤵
  PID:9212
- C:\Windows\System\eIdZRTB.exe
  C:\Windows\System\eIdZRTB.exe
  2⤵
  PID:1692
- C:\Windows\System\UPTTRTd.exe
  C:\Windows\System\UPTTRTd.exe
  2⤵
  PID:7656
- C:\Windows\System\ZuWnuUB.exe
  C:\Windows\System\ZuWnuUB.exe
  2⤵
  PID:8288
- C:\Windows\System\jbGfCyw.exe
  C:\Windows\System\jbGfCyw.exe
  2⤵
  PID:8352
- C:\Windows\System\hdJvCkn.exe
  C:\Windows\System\hdJvCkn.exe
  2⤵
  PID:8388
- C:\Windows\System\fHGLsUf.exe
  C:\Windows\System\fHGLsUf.exe
  2⤵
  PID:8452
- C:\Windows\System\nLvFLFh.exe
  C:\Windows\System\nLvFLFh.exe
  2⤵
  PID:8520
- C:\Windows\System\SiUMBFf.exe
  C:\Windows\System\SiUMBFf.exe
  2⤵
  PID:8336
- C:\Windows\System\QYSxkqZ.exe
  C:\Windows\System\QYSxkqZ.exe
  2⤵
  PID:8400
- C:\Windows\System\gMFCyHB.exe
  C:\Windows\System\gMFCyHB.exe
  2⤵
  PID:5208
- C:\Windows\System\BBMXhoc.exe
  C:\Windows\System\BBMXhoc.exe
  2⤵
  PID:8468
- C:\Windows\System\WOlvaSW.exe
  C:\Windows\System\WOlvaSW.exe
  2⤵
  PID:8240
- C:\Windows\System\JtcrsWL.exe
  C:\Windows\System\JtcrsWL.exe
  2⤵
  PID:8472
- C:\Windows\System\KiGPLCS.exe
  C:\Windows\System\KiGPLCS.exe
  2⤵
  PID:8308
- C:\Windows\System\TtOyQoP.exe
  C:\Windows\System\TtOyQoP.exe
  2⤵
  PID:8616
- C:\Windows\System\MZLEtac.exe
  C:\Windows\System\MZLEtac.exe
  2⤵
  PID:8648
- C:\Windows\System\sjFikeO.exe
  C:\Windows\System\sjFikeO.exe
  2⤵
  PID:8740
- C:\Windows\System\Uisjrsc.exe
  C:\Windows\System\Uisjrsc.exe
  2⤵
  PID:8500
- C:\Windows\System\qvQUxml.exe
  C:\Windows\System\qvQUxml.exe
  2⤵
  PID:8836
- C:\Windows\System\HRPIbsN.exe
  C:\Windows\System\HRPIbsN.exe
  2⤵
  PID:8756
- C:\Windows\System\VRjqwMJ.exe
  C:\Windows\System\VRjqwMJ.exe
  2⤵
  PID:8532
- C:\Windows\System\lAwoCyZ.exe
  C:\Windows\System\lAwoCyZ.exe
  2⤵
  PID:8660
- C:\Windows\System\ApuTfAa.exe
  C:\Windows\System\ApuTfAa.exe
  2⤵
  PID:8760
- C:\Windows\System\FiOYcdE.exe
  C:\Windows\System\FiOYcdE.exe
  2⤵
  PID:8824
- C:\Windows\System\SBOFnXx.exe
  C:\Windows\System\SBOFnXx.exe
  2⤵
  PID:8868
- C:\Windows\System\SQSdIkm.exe
  C:\Windows\System\SQSdIkm.exe
  2⤵
  PID:8900
- C:\Windows\System\KujmZNF.exe
  C:\Windows\System\KujmZNF.exe
  2⤵
  PID:8964
- C:\Windows\System\SATFadx.exe
  C:\Windows\System\SATFadx.exe
  2⤵
  PID:8984
- C:\Windows\System\kOfNPrg.exe
  C:\Windows\System\kOfNPrg.exe
  2⤵
  PID:8980
- C:\Windows\System\PuhozaO.exe
  C:\Windows\System\PuhozaO.exe
  2⤵
  PID:9028
- C:\Windows\System\OARcYWp.exe
  C:\Windows\System\OARcYWp.exe
  2⤵
  PID:9092
- C:\Windows\System\kEvryhY.exe
  C:\Windows\System\kEvryhY.exe
  2⤵
  PID:9128
- C:\Windows\System\bcQyoHh.exe
  C:\Windows\System\bcQyoHh.exe
  2⤵
  PID:7784
- C:\Windows\System\Jbeuoto.exe
  C:\Windows\System\Jbeuoto.exe
  2⤵
  PID:7236
- C:\Windows\System\qoUbrIF.exe
  C:\Windows\System\qoUbrIF.exe
  2⤵
  PID:9176
- C:\Windows\System\jofNzic.exe
  C:\Windows\System\jofNzic.exe
  2⤵
  PID:9112
- C:\Windows\System\VBgyCrv.exe
  C:\Windows\System\VBgyCrv.exe
  2⤵
  PID:7996
- C:\Windows\System\gvhmYYk.exe
  C:\Windows\System\gvhmYYk.exe
  2⤵
  PID:8324
- C:\Windows\System\LDcrHzp.exe
  C:\Windows\System\LDcrHzp.exe
  2⤵
  PID:8432
- C:\Windows\System\RgHLFou.exe
  C:\Windows\System\RgHLFou.exe
  2⤵
  PID:8436
- C:\Windows\System\ByjArgV.exe
  C:\Windows\System\ByjArgV.exe
  2⤵
  PID:8212
- C:\Windows\System\ikhkHPo.exe
  C:\Windows\System\ikhkHPo.exe
  2⤵
  PID:2084
- C:\Windows\System\leRSAfC.exe
  C:\Windows\System\leRSAfC.exe
  2⤵
  PID:8712
- C:\Windows\System\aBmDsrt.exe
  C:\Windows\System\aBmDsrt.exe
  2⤵
  PID:8676
- C:\Windows\System\KEAFrdA.exe
  C:\Windows\System\KEAFrdA.exe
  2⤵
  PID:8600
- C:\Windows\System\MGsnjCQ.exe
  C:\Windows\System\MGsnjCQ.exe
  2⤵
  PID:8696
- C:\Windows\System\lQInfsT.exe
  C:\Windows\System\lQInfsT.exe
  2⤵
  PID:8856
- C:\Windows\System\lJyIaUA.exe
  C:\Windows\System\lJyIaUA.exe
  2⤵
  PID:8948
- C:\Windows\System\BMXvZBv.exe
  C:\Windows\System\BMXvZBv.exe
  2⤵
  PID:9188
- C:\Windows\System\gOjweuU.exe
  C:\Windows\System\gOjweuU.exe
  2⤵
  PID:8884
- C:\Windows\System\UocHINa.exe
  C:\Windows\System\UocHINa.exe
  2⤵
  PID:9012
- C:\Windows\System\BAIhDBx.exe
  C:\Windows\System\BAIhDBx.exe
  2⤵
  PID:9144
- C:\Windows\System\jAHTnvV.exe
  C:\Windows\System\jAHTnvV.exe
  2⤵
  PID:9140
- C:\Windows\System\VnDumVE.exe
  C:\Windows\System\VnDumVE.exe
  2⤵
  PID:8516
- C:\Windows\System\MVNDgbg.exe
  C:\Windows\System\MVNDgbg.exe
  2⤵
  PID:7736
- C:\Windows\System\qyDwESp.exe
  C:\Windows\System\qyDwESp.exe
  2⤵
  PID:8580
- C:\Windows\System\OutrUAS.exe
  C:\Windows\System\OutrUAS.exe
  2⤵
  PID:8320
- C:\Windows\System\peIwLPW.exe
  C:\Windows\System\peIwLPW.exe
  2⤵
  PID:8840
- C:\Windows\System\AmTPcgB.exe
  C:\Windows\System\AmTPcgB.exe
  2⤵
  PID:9224
- C:\Windows\System\xbFqENc.exe
  C:\Windows\System\xbFqENc.exe
  2⤵
  PID:9240
- C:\Windows\System\mrJhqMe.exe
  C:\Windows\System\mrJhqMe.exe
  2⤵
  PID:9256
- C:\Windows\System\UDFAavG.exe
  C:\Windows\System\UDFAavG.exe
  2⤵
  PID:9272
- C:\Windows\System\KBlFSsW.exe
  C:\Windows\System\KBlFSsW.exe
  2⤵
  PID:9288
- C:\Windows\System\kfcuZFs.exe
  C:\Windows\System\kfcuZFs.exe
  2⤵
  PID:9308
- C:\Windows\System\aUasXta.exe
  C:\Windows\System\aUasXta.exe
  2⤵
  PID:9324
- C:\Windows\System\utsWySn.exe
  C:\Windows\System\utsWySn.exe
  2⤵
  PID:9340
- C:\Windows\System\YvepMOy.exe
  C:\Windows\System\YvepMOy.exe
  2⤵
  PID:9356
- C:\Windows\System\chByDaN.exe
  C:\Windows\System\chByDaN.exe
  2⤵
  PID:9372
- C:\Windows\System\RFrLVfS.exe
  C:\Windows\System\RFrLVfS.exe
  2⤵
  PID:9388
- C:\Windows\System\ifexooc.exe
  C:\Windows\System\ifexooc.exe
  2⤵
  PID:9404
- C:\Windows\System\ZXYsUDf.exe
  C:\Windows\System\ZXYsUDf.exe
  2⤵
  PID:9420
- C:\Windows\System\oWvuOVJ.exe
  C:\Windows\System\oWvuOVJ.exe
  2⤵
  PID:9440
- C:\Windows\System\lPojdQP.exe
  C:\Windows\System\lPojdQP.exe
  2⤵
  PID:9476
- C:\Windows\System\EpoHGIN.exe
  C:\Windows\System\EpoHGIN.exe
  2⤵
  PID:9496
- C:\Windows\System\dgXIqMA.exe
  C:\Windows\System\dgXIqMA.exe
  2⤵
  PID:9512
- C:\Windows\System\Viuffkt.exe
  C:\Windows\System\Viuffkt.exe
  2⤵
  PID:9528
- C:\Windows\System\rwpIGiF.exe
  C:\Windows\System\rwpIGiF.exe
  2⤵
  PID:9544
- C:\Windows\System\mqiTBfF.exe
  C:\Windows\System\mqiTBfF.exe
  2⤵
  PID:9560
- C:\Windows\System\vblvVcH.exe
  C:\Windows\System\vblvVcH.exe
  2⤵
  PID:9576
- C:\Windows\System\jTcKcAl.exe
  C:\Windows\System\jTcKcAl.exe
  2⤵
  PID:9592
- C:\Windows\System\uIGKAWt.exe
  C:\Windows\System\uIGKAWt.exe
  2⤵
  PID:9608
- C:\Windows\System\mWhEShB.exe
  C:\Windows\System\mWhEShB.exe
  2⤵
  PID:9624
- C:\Windows\System\KdJifVy.exe
  C:\Windows\System\KdJifVy.exe
  2⤵
  PID:9640
- C:\Windows\System\bIRHdck.exe
  C:\Windows\System\bIRHdck.exe
  2⤵
  PID:9656
- C:\Windows\System\rByyfcP.exe
  C:\Windows\System\rByyfcP.exe
  2⤵
  PID:9672
- C:\Windows\System\tIlxIyo.exe
  C:\Windows\System\tIlxIyo.exe
  2⤵
  PID:9692
- C:\Windows\System\UkpFpFd.exe
  C:\Windows\System\UkpFpFd.exe
  2⤵
  PID:9708
- C:\Windows\System\lMzPirv.exe
  C:\Windows\System\lMzPirv.exe
  2⤵
  PID:9724
- C:\Windows\System\nXthYce.exe
  C:\Windows\System\nXthYce.exe
  2⤵
  PID:9740
- C:\Windows\System\JZMmVfn.exe
  C:\Windows\System\JZMmVfn.exe
  2⤵
  PID:9756
- C:\Windows\System\GJGCQSH.exe
  C:\Windows\System\GJGCQSH.exe
  2⤵
  PID:9772
- C:\Windows\System\pJLmsJj.exe
  C:\Windows\System\pJLmsJj.exe
  2⤵
  PID:9788
- C:\Windows\System\wziImcG.exe
  C:\Windows\System\wziImcG.exe
  2⤵
  PID:9804
- C:\Windows\System\eGsaWuH.exe
  C:\Windows\System\eGsaWuH.exe
  2⤵
  PID:9828
- C:\Windows\System\OElnjYM.exe
  C:\Windows\System\OElnjYM.exe
  2⤵
  PID:9844
- C:\Windows\System\lZUDPSf.exe
  C:\Windows\System\lZUDPSf.exe
  2⤵
  PID:9868
- C:\Windows\System\LgjNkbU.exe
  C:\Windows\System\LgjNkbU.exe
  2⤵
  PID:9908
- C:\Windows\System\MKMhTmF.exe
  C:\Windows\System\MKMhTmF.exe
  2⤵
  PID:9924
- C:\Windows\System\BJlTCTM.exe
  C:\Windows\System\BJlTCTM.exe
  2⤵
  PID:9944
- C:\Windows\System\PNRlEBL.exe
  C:\Windows\System\PNRlEBL.exe
  2⤵
  PID:9960
- C:\Windows\System\aQCEvDX.exe
  C:\Windows\System\aQCEvDX.exe
  2⤵
  PID:9976
- C:\Windows\System\KRYgjGs.exe
  C:\Windows\System\KRYgjGs.exe
  2⤵
  PID:9992
- C:\Windows\System\ivWVXje.exe
  C:\Windows\System\ivWVXje.exe
  2⤵
  PID:10008
- C:\Windows\System\BGMWFec.exe
  C:\Windows\System\BGMWFec.exe
  2⤵
  PID:10024
- C:\Windows\System\RARrZCT.exe
  C:\Windows\System\RARrZCT.exe
  2⤵
  PID:10040
- C:\Windows\System\SrrfHwQ.exe
  C:\Windows\System\SrrfHwQ.exe
  2⤵
  PID:10056
- C:\Windows\System\CvfvPKB.exe
  C:\Windows\System\CvfvPKB.exe
  2⤵
  PID:10072
- C:\Windows\System\XCMOyWT.exe
  C:\Windows\System\XCMOyWT.exe
  2⤵
  PID:10092
- C:\Windows\System\ClDEMwd.exe
  C:\Windows\System\ClDEMwd.exe
  2⤵
  PID:10116
- C:\Windows\System\hyYRiAc.exe
  C:\Windows\System\hyYRiAc.exe
  2⤵
  PID:10132
- C:\Windows\System\oprxvMz.exe
  C:\Windows\System\oprxvMz.exe
  2⤵
  PID:10152
- C:\Windows\System\MnMQCWq.exe
  C:\Windows\System\MnMQCWq.exe
  2⤵
  PID:10168
- C:\Windows\System\ZaRmzvB.exe
  C:\Windows\System\ZaRmzvB.exe
  2⤵
  PID:10188
- C:\Windows\System\HjJDbdX.exe
  C:\Windows\System\HjJDbdX.exe
  2⤵
  PID:10208
- C:\Windows\System\oOKTHiY.exe
  C:\Windows\System\oOKTHiY.exe
  2⤵
  PID:10228
- C:\Windows\System\YVVthRB.exe
  C:\Windows\System\YVVthRB.exe
  2⤵
  PID:8952
- C:\Windows\System\lwnGjgR.exe
  C:\Windows\System\lwnGjgR.exe
  2⤵
  PID:8932
- C:\Windows\System\voOXjkz.exe
  C:\Windows\System\voOXjkz.exe
  2⤵
  PID:9064
- C:\Windows\System\ghhJcHt.exe
  C:\Windows\System\ghhJcHt.exe
  2⤵
  PID:9572
- C:\Windows\System\cqekZLQ.exe
  C:\Windows\System\cqekZLQ.exe
  2⤵
  PID:9552
- C:\Windows\System\GOEwAor.exe
  C:\Windows\System\GOEwAor.exe
  2⤵
  PID:9732
- C:\Windows\System\fWGjICQ.exe
  C:\Windows\System\fWGjICQ.exe
  2⤵
  PID:9720
- C:\Windows\System\mPsgaDu.exe
  C:\Windows\System\mPsgaDu.exe
  2⤵
  PID:9716
- C:\Windows\System\VRnyMvQ.exe
  C:\Windows\System\VRnyMvQ.exe
  2⤵
  PID:10128
- C:\Windows\System\YKXETws.exe
  C:\Windows\System\YKXETws.exe
  2⤵
  PID:10196
- C:\Windows\System\zmRoLwY.exe
  C:\Windows\System\zmRoLwY.exe
  2⤵
  PID:8456
- C:\Windows\System\yccZyTB.exe
  C:\Windows\System\yccZyTB.exe
  2⤵
  PID:9264
- C:\Windows\System\iwpEXzA.exe
  C:\Windows\System\iwpEXzA.exe
  2⤵
  PID:9332
- C:\Windows\System\jNKhWTU.exe
  C:\Windows\System\jNKhWTU.exe
  2⤵
  PID:9616
- C:\Windows\System\PxglzRq.exe
  C:\Windows\System\PxglzRq.exe
  2⤵
  PID:9652
- C:\Windows\System\vIzfpee.exe
  C:\Windows\System\vIzfpee.exe
  2⤵
  PID:9764
- C:\Windows\System\scvHEtA.exe
  C:\Windows\System\scvHEtA.exe
  2⤵
  PID:9856
- C:\Windows\System\iAmIfAc.exe
  C:\Windows\System\iAmIfAc.exe
  2⤵
  PID:9892
- C:\Windows\System\SvwjRqn.exe
  C:\Windows\System\SvwjRqn.exe
  2⤵
  PID:10164
- C:\Windows\System\dYkuSwX.exe
  C:\Windows\System\dYkuSwX.exe
  2⤵
  PID:9504
- C:\Windows\System\aryBtKv.exe
  C:\Windows\System\aryBtKv.exe
  2⤵
  PID:9688
- C:\Windows\System\ETycOeS.exe
  C:\Windows\System\ETycOeS.exe
  2⤵
  PID:9932
- C:\Windows\System\XTavbFe.exe
  C:\Windows\System\XTavbFe.exe
  2⤵
  PID:9920
- C:\Windows\System\NzPiESi.exe
  C:\Windows\System\NzPiESi.exe
  2⤵
  PID:9916
- C:\Windows\System\vzuyPmK.exe
  C:\Windows\System\vzuyPmK.exe
  2⤵
  PID:10032
- C:\Windows\System\trbPWLJ.exe
  C:\Windows\System\trbPWLJ.exe
  2⤵
  PID:10052
- C:\Windows\System\HSDTCZT.exe
  C:\Windows\System\HSDTCZT.exe
  2⤵
  PID:10104
- C:\Windows\System\tWLPhYw.exe
  C:\Windows\System\tWLPhYw.exe
  2⤵
  PID:10176
- C:\Windows\System\aBHENLE.exe
  C:\Windows\System\aBHENLE.exe
  2⤵
  PID:10124
- C:\Windows\System\nndwVSl.exe
  C:\Windows\System\nndwVSl.exe
  2⤵
  PID:10180
- C:\Windows\System\XQRvmOD.exe
  C:\Windows\System\XQRvmOD.exe
  2⤵
  PID:8488
- C:\Windows\System\qXvEvGS.exe
  C:\Windows\System\qXvEvGS.exe
  2⤵
  PID:9060
- C:\Windows\System\FYxnLsE.exe
  C:\Windows\System\FYxnLsE.exe
  2⤵
  PID:10236
- C:\Windows\System\FcWbYew.exe
  C:\Windows\System\FcWbYew.exe
  2⤵
  PID:8776
- C:\Windows\System\YETDEVr.exe
  C:\Windows\System\YETDEVr.exe
  2⤵
  PID:9124
- C:\Windows\System\VMeeurR.exe
  C:\Windows\System\VMeeurR.exe
  2⤵
  PID:9268
- C:\Windows\System\dCRweSG.exe
  C:\Windows\System\dCRweSG.exe
  2⤵
  PID:988
- C:\Windows\System\uSULIoI.exe
  C:\Windows\System\uSULIoI.exe
  2⤵
  PID:9840
- C:\Windows\System\OrRuXxF.exe
  C:\Windows\System\OrRuXxF.exe
  2⤵
  PID:9836
- C:\Windows\System\dLqvNcY.exe
  C:\Windows\System\dLqvNcY.exe
  2⤵
  PID:9636
- C:\Windows\System\ecfRfMJ.exe
  C:\Windows\System\ecfRfMJ.exe
  2⤵
  PID:9904
- C:\Windows\System\gQPLeYP.exe
  C:\Windows\System\gQPLeYP.exe
  2⤵
  PID:9300
- C:\Windows\System\WkQMQYm.exe
  C:\Windows\System\WkQMQYm.exe
  2⤵
  PID:10036
- C:\Windows\System\ZOnILrB.exe
  C:\Windows\System\ZOnILrB.exe
  2⤵
  PID:9416
- C:\Windows\System\fyCUGgg.exe
  C:\Windows\System\fyCUGgg.exe
  2⤵
  PID:10184
- C:\Windows\System\eGUaFDV.exe
  C:\Windows\System\eGUaFDV.exe
  2⤵
  PID:9156
- C:\Windows\System\OvSqqnb.exe
  C:\Windows\System\OvSqqnb.exe
  2⤵
  PID:10020
- C:\Windows\System\EtHUcEm.exe
  C:\Windows\System\EtHUcEm.exe
  2⤵
  PID:10160
- C:\Windows\System\OrDjtkG.exe
  C:\Windows\System\OrDjtkG.exe
  2⤵
  PID:9232
- C:\Windows\System\zLuvmhz.exe
  C:\Windows\System\zLuvmhz.exe
  2⤵
  PID:9348
- C:\Windows\System\rmMSvjH.exe
  C:\Windows\System\rmMSvjH.exe
  2⤵
  PID:9568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DmdSuoL.exe

Filesize
6.0MB

MD5
ebd820268c6e5b5fff8fdd5196aeccb6

SHA1
289e12d53069d7fef934c15e3e4979a09961bc7e

SHA256
c584f805be57ac60bd0945549c19445f9117ce70e2f42a51f5589e061ee612da

SHA512
90a02b42e8176daa840d21aedb30ee935cab5ca4e8a8f32a0a97d7708a86968f71feb98f855c6fad2c30a3644775b3564c7adb259dbc44ccb623ef2626fcb1cd

Download Submit
C:\Windows\system\FAliLYu.exe

Filesize
6.0MB

MD5
0d3410edc3a252ac1094ea0f3f4a3a9e

SHA1
ea2c0f4313a61d49c27482b2e7331cd0fe0614f2

SHA256
760160292996fae011d9971ff919f4986a740f3bd6171209f0f76340349fcfc5

SHA512
367127f00b1c75b7de73001b73f4b6274306e7e3d4830eae609c71dfe0b3f28b3dd4dd21eaa55d513acbcd450046fc836538820941d5b953928c6e22ceacb7d7

Download Submit
C:\Windows\system\JmXwZsA.exe

Filesize
6.0MB

MD5
0942d083df1360a4124dabc170ba4a16

SHA1
93a15db0a367fa7b79083575c96d5b29bdcba049

SHA256
0747f3ce34f15588c8a1895664abdb80ad7ab5fa4dd584da6d1fe0795002cde4

SHA512
16158c2148ed360af119d6e45c6488de41a50dd14ba0498486a91e2916a71e4f416d676ee4f39a026e0f5f1862e3b3db9e3980a04575f85e7209420f4e335e05

Download Submit
C:\Windows\system\KzhNLIG.exe

Filesize
6.0MB

MD5
cdaad0079a6fc62db03b8e5ca71c4aae

SHA1
09b9c8362e5023452c6eec9aeb1af2814634929f

SHA256
c19ec9d40c05e5c752e1ca5ba37ac2ae4d70a978ccb80c08c7a2aff7431e34b1

SHA512
224def08ad02c0c575f30ab24cea5313f723282fac38dccd7e30cb2accbbe1f9ecf940ad70967413c9a1ff870bb7404617ff48ca3fd0cd3b37da4cb3c1463c9b

Download Submit
C:\Windows\system\LEDAYcs.exe

Filesize
6.0MB

MD5
3523ad5e12618ae404e800a9d49e0606

SHA1
98a67b344974b43038b78f518cad7ed9470c7b76

SHA256
16287299ab7cb52b7f63b2286a8e63b91b217b86ca219f3d4c6912590e6c5a34

SHA512
527b50936d36261c3021b97f114b4f8634fb674ccf648a3b33f1b9eb79718b97317e5daf7468136ea3c70789f19ddb303f6cd04304a6dc74957af50ecd861642

Download Submit
C:\Windows\system\TUeLito.exe

Filesize
6.0MB

MD5
d448ac2059ecca57e55290d4082de1da

SHA1
a9ccb9a0ab6a91c9fa1907ac4086f42f85b59d36

SHA256
4ddd18119782146782c3f9fa53e40739b8a736edd87e4d1393ce9cd24ad6050d

SHA512
f8147c7b0eae50f997c8c317eb28806cd50bb8c2e020965d83206fd0f7a6354c40aaae0a8a289956507e4f60cbf75d225bc5b5846187e1a93dd26ea2d87802ff

Download Submit
C:\Windows\system\UpljwID.exe

Filesize
6.0MB

MD5
3b3b85fa7b9817c56adc6cfb8f5e638e

SHA1
8aae2790861ecb1bebcddeba95dc4b0547c00b26

SHA256
2d6a6a1c1a7dd11c8572bdc439c7115d429b05dff6fc7fcbe6306e5b1ed32f84

SHA512
479aacddba09bbe017ff8a978c0f52ab0bd59b4c57eb024d261ca11895061c984d6f7ef966dbf5f31b75c6eac47da310f299a759adeab114b32741c47bc6a564

Download Submit
C:\Windows\system\VGHLXdY.exe

Filesize
6.0MB

MD5
03c498cce1768061861d543bcf092e25

SHA1
0be35fa731a40dc1f7839ce6744cacd91e5cf441

SHA256
5859d4715deaab97a16066ef6caabf47eee5f59a8705836edc47c6317287199a

SHA512
bf307cb357b1c91101ecaeb07485d6ce80aca28720f649b0d184a19f0c2106ce213ac95f6e9ab524b21475eb4033e682fdff6b218dee0d0709aea59938665f43

Download Submit
C:\Windows\system\XadftfY.exe

Filesize
6.0MB

MD5
cce8d959811ed96406f03d3bf39c112b

SHA1
dc8161ffd24d98d3822ec6c308d266e1ce893a8b

SHA256
b910aca39b42b7a27cb224e2d6a48877116194e4a4c468790fe3839a2b0d3193

SHA512
3d570096113d494d53f60f13df6ec3bb29f9fcaf06c722f5024195b2987ad6a2a459db32fc706cf1e03183ff5f921641da1bd13f781a40951f6986af2042985f

Download Submit
C:\Windows\system\XoacbPR.exe

Filesize
6.0MB

MD5
38690bf95becf36b8cda840267f2bef3

SHA1
74b9b8d614341515cf9bcba200530d0806f3e538

SHA256
72ec4b6c3ebe46b44ca10c7c9537534d63cc51b7607af408119792c52bd38928

SHA512
d4b3fd39a47c0dc2c04727c137f56c0e6019dfb271aa7d023be2265c8dc6eb81cfa6e897b12befbc05daeb3c3123387319244f08fd772d3571630a5dca486376

Download Submit
C:\Windows\system\aygyczd.exe

Filesize
6.0MB

MD5
ebf36025ca5c37ee4af934a51678a574

SHA1
2cddcb6ecec65084ae75ac0baf55bc431fd07aad

SHA256
953c7bf9d92f6bf8e4412d5a0dce7874ba43d4717a22c85cdff9b79c8e24846c

SHA512
93c3e4e14c94233464de227f78b9d08670fbe669737859941cc899700fdc931c58213bc2da48257f2276e20fc91bc0ee533be1fc301c1975ff569207d041e8b8

Download Submit
C:\Windows\system\faOwtvR.exe

Filesize
6.0MB

MD5
fa7bb313eaf32f42ecb5e7b29b28f35b

SHA1
9b07c94567a98f41c150a84b332597c32eebc675

SHA256
fdbb059744fcbd9529b9ab4273d2b9e2742781544cec41f2d5fbd23275b192c2

SHA512
218aed8163902df0c0a373da28726907354c66c464cb61a840c5e196375c895609ad60837f82b820dda2679be3b1a05b3fc33eef9e02e5cb1a1ba4f9f57103d6

Download Submit
C:\Windows\system\haVnJJx.exe

Filesize
6.0MB

MD5
6566a94925f73451e7f5ea3b2591c386

SHA1
c9bd5af66e1ec74e607b5ba8a93ffd842bb2f731

SHA256
a3ddd96b14e12145f7f58afd9010ae694d517f7eac570970c9caa15a8075f932

SHA512
cf91965bcae4dcabc208595e25ef9b9e45c1b029f2a4018f2508adccb2600a97b9938835585e44bad5a443952df3099b6334684361d04e3e324540d677383515

Download Submit
C:\Windows\system\hwhzSLF.exe

Filesize
8B

MD5
86759260c187214846af3168480cc24b

SHA1
7ae986399e7d30b3594d1a563b3ebbfd8af8c499

SHA256
81524154b699d6be8d3686a54b463ccabfefbc1163187249bb7da1aaae75beba

SHA512
c65ec7e64a88611f4eff88967f3f917f17b0f0f2794cb4331db9073d64723856162ddc819887d5bc1c160dda99dd30de9e7995f5fec73904d9dc4bcc49b8f371

Download Submit
C:\Windows\system\jKyWtDV.exe

Filesize
6.0MB

MD5
28801aba8e88b10742fc90e9fc22f0be

SHA1
41fa24df2bf0f783b536afdf7ab3252bfddb60a7

SHA256
65c84c3c62a918bf092491fee4aecffd08c0fc7b941f5b18175407b236f1eb2c

SHA512
f49467263d557cda20ef3df1f947f0cf2943c340b423bbafe18d7f42ec50e908e8a4353f664657a0a2c84fa250d36c3a53960885fe0f5a33f6272db89d8dc197

Download Submit
C:\Windows\system\jNcpVhw.exe

Filesize
6.0MB

MD5
4e82ca8f8eab1efad014cb4a5dcdd15e

SHA1
c98757022ea7f91ee653934d9bc8acf7100e85c9

SHA256
515b30398a0b9c8a6fcf4e6e82a8b39c45af2c9ab5782ed8c3d943873cc6246a

SHA512
6cacfc7ee4649bc158df2ae63b370c8fc1d2c1d253ec10dd431e61e8383357a80771b34ac3dd77f55fcfb5e499f6e4c2043a937ec4dadc734022fd38c6e10a16

Download Submit
C:\Windows\system\jldGxcQ.exe

Filesize
6.0MB

MD5
f77ea18a056cb8da63d7cc052f3880d0

SHA1
61f2bf6c379bb58253f651a5ebc133a9bbcbb6be

SHA256
4f4d42eecf2b456906fc1634836531dfe4d85d9881a151d4922a779863d09471

SHA512
0d5a0c67b49ff6981b69a40f8b1e673d2207568dafd065b73a8cf0c0ded7dbd4b0a32b8b8ddd3adca6d1e42dc2e310955785bdfa445d78f360a3ad1c1954d49f

Download Submit
C:\Windows\system\lIzLTZb.exe

Filesize
6.0MB

MD5
48316ce136d1ef5f8b528466b754971a

SHA1
d06c460c8aad823809ecf75855f61a9efedff7e3

SHA256
b436eccdfe2ce4890572576ceab2fd37185a116307919669b1c61cfa264b4f1e

SHA512
0871c19d01a91a5d4ec241ffb5a735a54db39fb17667dd7e1f128ec5e5543598003e88a792bd99206413ed04520a8651c0a65a2e8fff3e4874e56d4a8e1cad05

Download Submit
C:\Windows\system\qNSepUY.exe

Filesize
6.0MB

MD5
d3c2e1e2313fef48ea5ec0cce35e4ab1

SHA1
351ec76cae44ed9928076e59c625229dfce86bb7

SHA256
50569be61278a382a6983398a0e9c9533733cb2de1d98f743a6ef8b2de672c7c

SHA512
c294292964103a9b7fc62dd0e03ede0f6040bcd67bb6624cb4a22ffa5da02cb86742b09d90a22e9443e0b37785e8ef236f3086cf8930856b104bf7bc83e82cc6

Download Submit
C:\Windows\system\qNbUvfQ.exe

Filesize
6.0MB

MD5
43776190941ac5781780b63a25563f51

SHA1
fc3bd6b60d6773cafa6e3e0dfaf2005d2bd17a95

SHA256
cd6b9de9e226fb7c8ceceb15b8ce7683c2882ee8c09b488f42cfcb21c6e840fc

SHA512
180f06c3c9521d3c9d75b42163430d805ea124bc08bfe3a5e0b6adaed21e3cc04b10208d843874077bd61d0f4d2d484f8bc1d3ad7fbd86ca1d01da5647e72344

Download Submit
C:\Windows\system\qVkceVz.exe

Filesize
6.0MB

MD5
07dbda548315b7b595e17884a00b87fe

SHA1
ccafce3c1a3706088220d6530c61831af06380e6

SHA256
0573aaa55bc595e0b3dcf85238eaacc67ea733eb9263763003fec72fc812a465

SHA512
151dc7d195abacb8fda1e73903ab2d58af4aa65a364ef4e7062dfefa2b03d481b644b6dda8e08dfab674f093f0687f42da668d5f30e24a13052a52689b3a4f7a

Download Submit
C:\Windows\system\qwCFihB.exe

Filesize
6.0MB

MD5
d20427e59a32fc6a83f928ae350d22b8

SHA1
135c70c932178c6f73b425f37f698252f9d91b8a

SHA256
7892c213e47125e916fce150e2e8f47a13141a74c719689b68d2fcd7380d5b00

SHA512
36dd34d71f05b1b135b5876375128ce6c8d8e676ca9e7d1d2b9b5290df4dcc1fad223ceb8d71e0d0c2955f6ed89f9f5529502c99b36f0f97d63061627a16ad8f

Download Submit
C:\Windows\system\tamMYtC.exe

Filesize
6.0MB

MD5
bf6486c1f0da4d10a97a5789923846ce

SHA1
29c74662ddf5f64629d6110d0988027f968da69d

SHA256
632661ed040f3de5e9d22ce3576668e9cc9453858d7d789d4ccfe79c273aa649

SHA512
8bafafb0af040641c3c4741c288bf8c5d5cfb66429c43a3a0ab64f6e48fd48879a26b83f3f82c67d45972c6dd6294797de8dd971390886e29bedff2cc5afadf1

Download Submit
C:\Windows\system\tsROnkk.exe

Filesize
6.0MB

MD5
f65ecc3ad7377948719ee3fa43bf1fd8

SHA1
ac419c8935a8a9f96bb6a28e7606f6e574ed3157

SHA256
e2f9a39f4cb964cb30e349e0df5068a8deb7173c93a2d42aefbfdff4868eb95b

SHA512
88068f92be0a05338b928fc97ee79bcf966c97b9f574f098b7d16d7b0054d9f64a575100da97991a1ca75031a2cf46425cf2700a904a057ae7292088ab87f169

Download Submit
C:\Windows\system\vKxIuQQ.exe

Filesize
6.0MB

MD5
26fd6fce6257e5684a3136eaa10066b1

SHA1
2ba4420d000d041fdf5ee39ea598765cf8b8cefa

SHA256
1b7e161547d241b2063439fc498e07ac3670d5ab8ee711093c96b34e782932ab

SHA512
3ca7e560588e987058077f249931d97df7567f11b49b65f75aecc1fc99d646f67def0e8134dbe9838144718286d86518961dac222cff574ffc16d4d73c68cda2

Download Submit
\Windows\system\KGgbjAQ.exe

Filesize
6.0MB

MD5
caf903620e5c38cf8cda5644d92bd33a

SHA1
87ddc50282dc963126460509929c9cb8c947b7e7

SHA256
b4c4540b81c775005745fc9b82751bd4e10c7eae1c09b70e938f5d63428cc0c5

SHA512
c495b2ed0e909f6deb54c824ab1ef6d231598506efddb7ef6a730a0a143156cf8ea9c2ff1b772ccac2177a9546ed978341401baf03a5003630b1ab84185c25ed

Download Submit
\Windows\system\MJwZldI.exe

Filesize
6.0MB

MD5
bc2dd79b7d176a6b47c93366dd9624bc

SHA1
5578b148734f3e6a2cf7565c7e56a07f25e8c60b

SHA256
46af3106d60cc4dc4e8f1412b2f8f33ce9a419e8fddb4ed130a19e76c91246e2

SHA512
7a005896333ad4b48a2c6fd69028f1b373d446dcf140798d19279f64566fc8ae5c2c4bb7571ec9ec4cd4b37837b0afb286c9fb61553a1c86cce52cee323d9cb5

Download Submit
\Windows\system\NYxqccv.exe

Filesize
6.0MB

MD5
7a463ba2627ecec675df70a17f5f5e84

SHA1
fdd0d11f34acebdd4ccbf284984e1abf152712a6

SHA256
3e9a2b8874884caf72d0563b1f0d784d08211c759caec51f3de1594dcb6e8889

SHA512
b8192e8c633877f086f8d84680403a0556becf7c520a9dbf812801bd3a6e3216909638fa3077cbd04e2f88e20c49df8bde729a63adc62cff40e2714463f40db8

Download Submit
\Windows\system\OOwwLlp.exe

Filesize
6.0MB

MD5
8e0665364b539aeae4dd4f95c8a22500

SHA1
30a80e520e13bafc0baf6adb8d08f54f2c232ae7

SHA256
79f28da2f145bdb7036b851f647120368efe3deae5d6b0e8c954fc20227c5db9

SHA512
38a3e60dbe27452d4037239e8c3a9d9bf4b4099057f3af249a2e42a90134008b7e433b1e07952a7c20ae8d295b36e0d19a20e768bc5443bd75620bfa60fdfb0f

Download Submit
\Windows\system\QxCLFaT.exe

Filesize
6.0MB

MD5
d343ff556ee18b413222e599126e02d8

SHA1
8014909b8795813d25b8544ead680d95ea46f4af

SHA256
7fce0fd8f305fa334ac31a8d84b9bad3e043ec4af4be563727a6d69843429192

SHA512
14de2e9ce220a6686e3c00fae5f9576a7fca73e3354d0c94493a7d9bbc0a669eacc79e883dd10c19cff4b2072ea420a95216abdef906ca635f9e169840573c44

Download Submit
\Windows\system\SmMlLcw.exe

Filesize
6.0MB

MD5
19233775fbeec6d1fde9905303e62cc7

SHA1
5437b6fcb93c5b190cc242d3535385a2590358b9

SHA256
8d437ea8ef1ba43cc9ae8224bce84dd93b67a26e50bdb115e4053eac68ca4e33

SHA512
58ffde759f7313bcc1940d61278b7a3d5657252bbb5801fca6b9c69fe44c62624af510c8f1886662401873ae4d27cd8f4fc855cb737578d725675495fefdedc5

Download Submit
\Windows\system\ZOxZnHV.exe

Filesize
6.0MB

MD5
93055011a840d86a97d3fd5c729b91ee

SHA1
d15c603755c9d2ead341f9934dacfaeec927dc9a

SHA256
72297093e9773a26c1d40dc1a748d9dc0e2dd502fa62b3d938ab663b19700886

SHA512
63875a6965e7c413b8c9158b0f0bcb3e269e05140ac29778a79936c3bcfd10b3be8bee53aeb5307e3fff9d22e3751a02673851448941b3e99af053b9e5c8e4e5

Download Submit
\Windows\system\foXJAAY.exe

Filesize
6.0MB

MD5
a2ede9a5053b64e35d9bef87cca44aee

SHA1
73c001acba889f8547159057344b97124a4d08c4

SHA256
93dc869c18504533e382828ec175b3710cdde9a4d2cf6e982b9db5c43de0888b

SHA512
523b8cdb9bc499b8f260a858aadf049c55efba19bc9eef3b28f43ce3391db532b2908fda4afbbd2753b2c310a198f45ac0462e8f3c78bbe9a12450f068f95140

Download Submit
\Windows\system\kwIElpt.exe

Filesize
6.0MB

MD5
3c2bf942d1f3770cf4fa28cf85f082ff

SHA1
d40df7102a3115540000cec123c21439ad48085a

SHA256
8b24fef25581af2d7b404aa6ae584856b0587d33cca75a576ee2d0b1a1f7ea75

SHA512
a3d3bf742a6d1098d99c4b51254c29b07a33158c6310325b92d0d7a15e5e6aab437e198cb2b65aad01c8d23d72ea86617660605b1e9751acd4a365852ad059a8

Download Submit
\Windows\system\lWZjKtu.exe

Filesize
6.0MB

MD5
f4edfdfd6242b1cd348fec38d8264a5a

SHA1
1c20146fa9cc11f2296aa35bbfa1bd8bebfcb121

SHA256
16f59c0e2a727a326d59af8042a49d1bee7d6eb42656d5ce2b1519d7b9788e1a

SHA512
f42a2ea3862aa2a1b23426ab0ec80514377ef450716c1526edeb5c4b232a594c80c96146e506419657340484823578ddf68ac64f92b26e610320eec117ab67fe

Download Submit
memory/2692-526-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2692-108-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2692-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2692-86-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-80-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2692-473-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2692-0-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-20-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2692-28-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2692-617-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2692-118-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-31-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-24-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-799-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2692-930-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2692-931-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2692-932-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2692-103-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2692-91-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2692-18-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2692-69-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2692-6-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2692-59-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2692-884-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3284-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-57-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-67-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3296-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2840-75-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3295-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2908-11-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2908-3300-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2908-305-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2912-3297-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-56-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-618-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2972-3287-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2972-51-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download