cobaltstrike | 089bd43efba85802cc2a890fb62bdea557271f2809a4ea3a446c3c2bbc35807c

Analysis

max time kernel
129s
max time network
122s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
17-11-2024 15:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

30cc7512124f0615b591a32d267667e3
SHA1

20361035d0fab95f8b492591c42e326c56e09996
SHA256

089bd43efba85802cc2a890fb62bdea557271f2809a4ea3a446c3c2bbc35807c
SHA512

597f27a8be135e22082835e610aee246ed7910fdee4a7cd3a7bb5e7e78b046dabae2d16bcdff9310bf9bcc56d69bcc1c28bf1b4a58cd451852b6ec0a097c2e0c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUz:T+q56utgpPF8u/7z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00070000000120fe-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ca5-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cc9-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0e-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d1f-26.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d27-31.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019481-38.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-42.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-58.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019581-78.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f7-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019659-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001969b-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019601-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019603-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ff-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fe-131.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fb-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fd-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f9-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c0-83.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016af7-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001955c-74.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019551-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e6-66.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e4-63.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-54.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c6-50.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001949d-46.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d3b-34.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d17-23.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 56 IoCs

miner

resource	yara_rule
behavioral1/memory/2460-0-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/files/0x00070000000120fe-3.dat	xmrig
behavioral1/files/0x0008000000016ca5-8.dat	xmrig
behavioral1/files/0x0008000000016cc9-15.dat	xmrig
behavioral1/files/0x0007000000016d0e-16.dat	xmrig
behavioral1/files/0x0007000000016d1f-26.dat	xmrig
behavioral1/files/0x0009000000016d27-31.dat	xmrig
behavioral1/files/0x0005000000019481-38.dat	xmrig
behavioral1/files/0x0005000000019490-42.dat	xmrig
behavioral1/files/0x00050000000194da-58.dat	xmrig
behavioral1/files/0x0005000000019581-78.dat	xmrig
behavioral1/files/0x00050000000195f7-90.dat	xmrig
behavioral1/memory/2460-2103-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2860-2102-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2460-2002-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2068-2001-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2232-1915-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2992-1868-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2248-1809-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2120-1701-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019615-158.dat	xmrig
behavioral1/files/0x0005000000019659-155.dat	xmrig
behavioral1/files/0x0005000000019605-150.dat	xmrig
behavioral1/files/0x000500000001969b-160.dat	xmrig
behavioral1/files/0x0005000000019601-141.dat	xmrig
behavioral1/files/0x0005000000019603-144.dat	xmrig
behavioral1/files/0x00050000000195ff-135.dat	xmrig
behavioral1/files/0x00050000000195fe-131.dat	xmrig
behavioral1/files/0x00050000000195fb-120.dat	xmrig
behavioral1/files/0x00050000000195fd-126.dat	xmrig
behavioral1/files/0x00050000000195f9-116.dat	xmrig
behavioral1/files/0x00050000000195c0-83.dat	xmrig
behavioral1/files/0x0009000000016af7-86.dat	xmrig
behavioral1/files/0x000500000001955c-74.dat	xmrig
behavioral1/files/0x0005000000019551-70.dat	xmrig
behavioral1/files/0x00050000000194e6-66.dat	xmrig
behavioral1/files/0x00050000000194e4-63.dat	xmrig
behavioral1/files/0x00050000000194d0-54.dat	xmrig
behavioral1/files/0x00050000000194c6-50.dat	xmrig
behavioral1/files/0x000500000001949d-46.dat	xmrig
behavioral1/files/0x0008000000016d3b-34.dat	xmrig
behavioral1/files/0x0007000000016d17-23.dat	xmrig
behavioral1/memory/2460-2280-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2944-2278-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2824-2409-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2460-2781-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2944-2990-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2248-3001-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2824-3002-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2860-3004-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2992-3005-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2068-3006-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2232-3003-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2120-3007-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2460-3071-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2460-3401-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2468	EBrSrkh.exe
2120	KetxbwF.exe
2248	zJnKuSk.exe
2992	jHXHQbm.exe
2232	wTQRAPA.exe
2068	buTEzkY.exe
2860	UaQytuO.exe
2944	PqausOP.exe
2824	ZHPSHJC.exe
2800	kIPofWF.exe
1772	YcPSaPA.exe
2704	JmnfIBJ.exe
2280	IVEhYAo.exe
2836	agNckIc.exe
2724	QwKEKCb.exe
2680	uYxUpYp.exe
2740	jRmYPDw.exe
2452	DRAXBoP.exe
1996	qQzEdEv.exe
2848	wSORHaG.exe
1652	qgVWeyO.exe
2852	zsoFRat.exe
1604	nwSMNBm.exe
1124	BuEZXum.exe
1696	eAyRTSv.exe
2256	khhnstu.exe
1508	VWsDUEr.exe
320	yqXvVLT.exe
2064	jiZGHLP.exe
1704	sfwIOCF.exe
2312	CePcIBc.exe
1612	ueuldCX.exe
912	BKRXbav.exe
828	AwEvNNI.exe
2056	RxbGhFQ.exe
1988	KRNcWzn.exe
960	kgJGHZC.exe
2608	QKpUQRC.exe
640	VsXwABo.exe
1484	XGGUALn.exe
1496	PIBrrVd.exe
1336	fDLeuKt.exe
892	aHDMbNh.exe
564	BkAHZsL.exe
836	QofxSGn.exe
1948	RnIqXOA.exe
280	bEqCMcE.exe
2568	ZUMNIIz.exe
2628	QEhAbad.exe
396	yfTBjia.exe
1768	HZDSFeY.exe
876	GZJILGY.exe
2088	FZbjOgx.exe
1740	UyiRzHm.exe
1676	FEnMMQq.exe
2988	xpwkLsu.exe
2340	jqkOtwm.exe
1568	lKlPmdW.exe
1572	YEdLNdl.exe
2404	SNoSDVx.exe
2588	QZTGIGT.exe
2240	EVlrtwQ.exe
2892	gQzwTjp.exe
2996	raJLTfo.exe

Loads dropped DLL 64 IoCs

pid	Process
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 51 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2460-0-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/files/0x00070000000120fe-3.dat	upx
behavioral1/files/0x0008000000016ca5-8.dat	upx
behavioral1/files/0x0008000000016cc9-15.dat	upx
behavioral1/files/0x0007000000016d0e-16.dat	upx
behavioral1/files/0x0007000000016d1f-26.dat	upx
behavioral1/files/0x0009000000016d27-31.dat	upx
behavioral1/files/0x0005000000019481-38.dat	upx
behavioral1/files/0x0005000000019490-42.dat	upx
behavioral1/files/0x00050000000194da-58.dat	upx
behavioral1/files/0x0005000000019581-78.dat	upx
behavioral1/files/0x00050000000195f7-90.dat	upx
behavioral1/memory/2860-2102-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2068-2001-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2232-1915-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2992-1868-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2248-1809-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2120-1701-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x0005000000019615-158.dat	upx
behavioral1/files/0x0005000000019659-155.dat	upx
behavioral1/files/0x0005000000019605-150.dat	upx
behavioral1/files/0x000500000001969b-160.dat	upx
behavioral1/files/0x0005000000019601-141.dat	upx
behavioral1/files/0x0005000000019603-144.dat	upx
behavioral1/files/0x00050000000195ff-135.dat	upx
behavioral1/files/0x00050000000195fe-131.dat	upx
behavioral1/files/0x00050000000195fb-120.dat	upx
behavioral1/files/0x00050000000195fd-126.dat	upx
behavioral1/files/0x00050000000195f9-116.dat	upx
behavioral1/files/0x00050000000195c0-83.dat	upx
behavioral1/files/0x0009000000016af7-86.dat	upx
behavioral1/files/0x000500000001955c-74.dat	upx
behavioral1/files/0x0005000000019551-70.dat	upx
behavioral1/files/0x00050000000194e6-66.dat	upx
behavioral1/files/0x00050000000194e4-63.dat	upx
behavioral1/files/0x00050000000194d0-54.dat	upx
behavioral1/files/0x00050000000194c6-50.dat	upx
behavioral1/files/0x000500000001949d-46.dat	upx
behavioral1/files/0x0008000000016d3b-34.dat	upx
behavioral1/files/0x0007000000016d17-23.dat	upx
behavioral1/memory/2944-2278-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2824-2409-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2460-2781-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2944-2990-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2248-3001-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2824-3002-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2860-3004-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2992-3005-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2068-3006-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2232-3003-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2120-3007-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HkFdYVS.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ivukKOp.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpDcqPR.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ClybjyD.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DLgCDdx.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFYhnkT.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FyZrpLD.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mECnaDm.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\buTEzkY.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\okOlyXK.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkmVxSJ.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BPOyJgP.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gOPdAWG.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DHOFPId.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CxBGBKV.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BpkIOPK.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yREGJlg.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ucxWTTG.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ToCqaKF.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eqORQiy.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iVEaFJn.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XPZuCpi.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AabdtkN.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQCxImt.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bcEhGAg.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PtVDNOm.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MbqFSnT.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzcqJbe.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vBBgBjo.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\msamAoO.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ocJrapG.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vgzugPd.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHCYocg.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OpKvqNZ.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zJnKuSk.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\osloZiy.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pznpNau.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OgpPzdo.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JMdRWoN.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iOCnsIi.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gfvYNuE.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWCMRwt.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lblMHPI.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mlwFynn.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zcwBTvo.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YjzJqWc.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dyxUQCF.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LaAOmnh.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RbZRfMC.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uytBtio.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QofxSGn.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqnjnJq.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vPrdYBu.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\McHDyTk.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XTGalsM.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BsIxdbI.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCenCHk.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lysbvzf.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xehryTO.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BEGjpFm.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aAKQeVf.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eZvvLll.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oAaoLYA.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\STeYKlC.exe	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2468	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2460 wrote to memory of 2468	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2460 wrote to memory of 2468	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2460 wrote to memory of 2120	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2460 wrote to memory of 2120	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2460 wrote to memory of 2120	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2460 wrote to memory of 2248	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2460 wrote to memory of 2248	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2460 wrote to memory of 2248	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2460 wrote to memory of 2992	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2460 wrote to memory of 2992	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2460 wrote to memory of 2992	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2460 wrote to memory of 2232	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2460 wrote to memory of 2232	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2460 wrote to memory of 2232	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2460 wrote to memory of 2068	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2460 wrote to memory of 2068	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2460 wrote to memory of 2068	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2460 wrote to memory of 2860	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2460 wrote to memory of 2860	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2460 wrote to memory of 2860	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2460 wrote to memory of 2944	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2460 wrote to memory of 2944	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2460 wrote to memory of 2944	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2460 wrote to memory of 2824	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2460 wrote to memory of 2824	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2460 wrote to memory of 2824	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2460 wrote to memory of 2800	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2460 wrote to memory of 2800	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2460 wrote to memory of 2800	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2460 wrote to memory of 1772	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2460 wrote to memory of 1772	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2460 wrote to memory of 1772	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2460 wrote to memory of 2704	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2460 wrote to memory of 2704	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2460 wrote to memory of 2704	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2460 wrote to memory of 2280	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2460 wrote to memory of 2280	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2460 wrote to memory of 2280	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2460 wrote to memory of 2836	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2460 wrote to memory of 2836	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2460 wrote to memory of 2836	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2460 wrote to memory of 2724	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2460 wrote to memory of 2724	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2460 wrote to memory of 2724	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2460 wrote to memory of 2680	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2460 wrote to memory of 2680	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2460 wrote to memory of 2680	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2460 wrote to memory of 2740	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2460 wrote to memory of 2740	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2460 wrote to memory of 2740	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2460 wrote to memory of 2452	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2460 wrote to memory of 2452	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2460 wrote to memory of 2452	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2460 wrote to memory of 1996	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2460 wrote to memory of 1996	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2460 wrote to memory of 1996	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2460 wrote to memory of 2848	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2460 wrote to memory of 2848	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2460 wrote to memory of 2848	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2460 wrote to memory of 1652	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2460 wrote to memory of 1652	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2460 wrote to memory of 1652	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2460 wrote to memory of 2852	2460	2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-17_30cc7512124f0615b591a32d267667e3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Windows\System\EBrSrkh.exe
  C:\Windows\System\EBrSrkh.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\KetxbwF.exe
  C:\Windows\System\KetxbwF.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\zJnKuSk.exe
  C:\Windows\System\zJnKuSk.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\jHXHQbm.exe
  C:\Windows\System\jHXHQbm.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\wTQRAPA.exe
  C:\Windows\System\wTQRAPA.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\buTEzkY.exe
  C:\Windows\System\buTEzkY.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\UaQytuO.exe
  C:\Windows\System\UaQytuO.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\PqausOP.exe
  C:\Windows\System\PqausOP.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\ZHPSHJC.exe
  C:\Windows\System\ZHPSHJC.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\kIPofWF.exe
  C:\Windows\System\kIPofWF.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\YcPSaPA.exe
  C:\Windows\System\YcPSaPA.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\JmnfIBJ.exe
  C:\Windows\System\JmnfIBJ.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\IVEhYAo.exe
  C:\Windows\System\IVEhYAo.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\agNckIc.exe
  C:\Windows\System\agNckIc.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\QwKEKCb.exe
  C:\Windows\System\QwKEKCb.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\uYxUpYp.exe
  C:\Windows\System\uYxUpYp.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\jRmYPDw.exe
  C:\Windows\System\jRmYPDw.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\DRAXBoP.exe
  C:\Windows\System\DRAXBoP.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\qQzEdEv.exe
  C:\Windows\System\qQzEdEv.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\wSORHaG.exe
  C:\Windows\System\wSORHaG.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\qgVWeyO.exe
  C:\Windows\System\qgVWeyO.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\zsoFRat.exe
  C:\Windows\System\zsoFRat.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\nwSMNBm.exe
  C:\Windows\System\nwSMNBm.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\BuEZXum.exe
  C:\Windows\System\BuEZXum.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\eAyRTSv.exe
  C:\Windows\System\eAyRTSv.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\khhnstu.exe
  C:\Windows\System\khhnstu.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\VWsDUEr.exe
  C:\Windows\System\VWsDUEr.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\yqXvVLT.exe
  C:\Windows\System\yqXvVLT.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\jiZGHLP.exe
  C:\Windows\System\jiZGHLP.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\sfwIOCF.exe
  C:\Windows\System\sfwIOCF.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\CePcIBc.exe
  C:\Windows\System\CePcIBc.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\BKRXbav.exe
  C:\Windows\System\BKRXbav.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\ueuldCX.exe
  C:\Windows\System\ueuldCX.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\AwEvNNI.exe
  C:\Windows\System\AwEvNNI.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\RxbGhFQ.exe
  C:\Windows\System\RxbGhFQ.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\KRNcWzn.exe
  C:\Windows\System\KRNcWzn.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\kgJGHZC.exe
  C:\Windows\System\kgJGHZC.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\QKpUQRC.exe
  C:\Windows\System\QKpUQRC.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\VsXwABo.exe
  C:\Windows\System\VsXwABo.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\XGGUALn.exe
  C:\Windows\System\XGGUALn.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\PIBrrVd.exe
  C:\Windows\System\PIBrrVd.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\fDLeuKt.exe
  C:\Windows\System\fDLeuKt.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\aHDMbNh.exe
  C:\Windows\System\aHDMbNh.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\BkAHZsL.exe
  C:\Windows\System\BkAHZsL.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\QofxSGn.exe
  C:\Windows\System\QofxSGn.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\RnIqXOA.exe
  C:\Windows\System\RnIqXOA.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\bEqCMcE.exe
  C:\Windows\System\bEqCMcE.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\ZUMNIIz.exe
  C:\Windows\System\ZUMNIIz.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\QEhAbad.exe
  C:\Windows\System\QEhAbad.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\yfTBjia.exe
  C:\Windows\System\yfTBjia.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\HZDSFeY.exe
  C:\Windows\System\HZDSFeY.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\GZJILGY.exe
  C:\Windows\System\GZJILGY.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\FZbjOgx.exe
  C:\Windows\System\FZbjOgx.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\UyiRzHm.exe
  C:\Windows\System\UyiRzHm.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\FEnMMQq.exe
  C:\Windows\System\FEnMMQq.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\xpwkLsu.exe
  C:\Windows\System\xpwkLsu.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\jqkOtwm.exe
  C:\Windows\System\jqkOtwm.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\lKlPmdW.exe
  C:\Windows\System\lKlPmdW.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\YEdLNdl.exe
  C:\Windows\System\YEdLNdl.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\SNoSDVx.exe
  C:\Windows\System\SNoSDVx.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\QZTGIGT.exe
  C:\Windows\System\QZTGIGT.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\EVlrtwQ.exe
  C:\Windows\System\EVlrtwQ.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\gQzwTjp.exe
  C:\Windows\System\gQzwTjp.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\raJLTfo.exe
  C:\Windows\System\raJLTfo.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\Xlabjed.exe
  C:\Windows\System\Xlabjed.exe
  2⤵
  PID:2200
- C:\Windows\System\aXTqMxL.exe
  C:\Windows\System\aXTqMxL.exe
  2⤵
  PID:2668
- C:\Windows\System\EzLdQpd.exe
  C:\Windows\System\EzLdQpd.exe
  2⤵
  PID:2732
- C:\Windows\System\bvkEQXY.exe
  C:\Windows\System\bvkEQXY.exe
  2⤵
  PID:2512
- C:\Windows\System\PCqMpEM.exe
  C:\Windows\System\PCqMpEM.exe
  2⤵
  PID:3048
- C:\Windows\System\tobaIws.exe
  C:\Windows\System\tobaIws.exe
  2⤵
  PID:2756
- C:\Windows\System\ILZAtIC.exe
  C:\Windows\System\ILZAtIC.exe
  2⤵
  PID:2144
- C:\Windows\System\Qoquvev.exe
  C:\Windows\System\Qoquvev.exe
  2⤵
  PID:2868
- C:\Windows\System\BIVMDet.exe
  C:\Windows\System\BIVMDet.exe
  2⤵
  PID:1584
- C:\Windows\System\fAlFNLU.exe
  C:\Windows\System\fAlFNLU.exe
  2⤵
  PID:748
- C:\Windows\System\azIFHBv.exe
  C:\Windows\System\azIFHBv.exe
  2⤵
  PID:2376
- C:\Windows\System\THUspnw.exe
  C:\Windows\System\THUspnw.exe
  2⤵
  PID:1148
- C:\Windows\System\jxqLnkQ.exe
  C:\Windows\System\jxqLnkQ.exe
  2⤵
  PID:388
- C:\Windows\System\cOMGHZy.exe
  C:\Windows\System\cOMGHZy.exe
  2⤵
  PID:1304
- C:\Windows\System\jsZeMFs.exe
  C:\Windows\System\jsZeMFs.exe
  2⤵
  PID:980
- C:\Windows\System\VOMLgwQ.exe
  C:\Windows\System\VOMLgwQ.exe
  2⤵
  PID:1932
- C:\Windows\System\yQelZnB.exe
  C:\Windows\System\yQelZnB.exe
  2⤵
  PID:1792
- C:\Windows\System\jgEmrqU.exe
  C:\Windows\System\jgEmrqU.exe
  2⤵
  PID:1588
- C:\Windows\System\SByrmtc.exe
  C:\Windows\System\SByrmtc.exe
  2⤵
  PID:2336
- C:\Windows\System\uUvXyFJ.exe
  C:\Windows\System\uUvXyFJ.exe
  2⤵
  PID:2564
- C:\Windows\System\VEjufbL.exe
  C:\Windows\System\VEjufbL.exe
  2⤵
  PID:1048
- C:\Windows\System\NdCubjT.exe
  C:\Windows\System\NdCubjT.exe
  2⤵
  PID:752
- C:\Windows\System\cNVLYud.exe
  C:\Windows\System\cNVLYud.exe
  2⤵
  PID:1628
- C:\Windows\System\WWRNbqw.exe
  C:\Windows\System\WWRNbqw.exe
  2⤵
  PID:2624
- C:\Windows\System\XuCwpuB.exe
  C:\Windows\System\XuCwpuB.exe
  2⤵
  PID:1984
- C:\Windows\System\cEGTkcD.exe
  C:\Windows\System\cEGTkcD.exe
  2⤵
  PID:1156
- C:\Windows\System\ooYmLgx.exe
  C:\Windows\System\ooYmLgx.exe
  2⤵
  PID:2092
- C:\Windows\System\RkXBXEF.exe
  C:\Windows\System\RkXBXEF.exe
  2⤵
  PID:1956
- C:\Windows\System\ucxWTTG.exe
  C:\Windows\System\ucxWTTG.exe
  2⤵
  PID:884
- C:\Windows\System\ClybjyD.exe
  C:\Windows\System\ClybjyD.exe
  2⤵
  PID:2148
- C:\Windows\System\tNbKWKk.exe
  C:\Windows\System\tNbKWKk.exe
  2⤵
  PID:2432
- C:\Windows\System\nRVbqKc.exe
  C:\Windows\System\nRVbqKc.exe
  2⤵
  PID:2160
- C:\Windows\System\XfmrhvE.exe
  C:\Windows\System\XfmrhvE.exe
  2⤵
  PID:2940
- C:\Windows\System\DLgCDdx.exe
  C:\Windows\System\DLgCDdx.exe
  2⤵
  PID:2816
- C:\Windows\System\WJkoDjY.exe
  C:\Windows\System\WJkoDjY.exe
  2⤵
  PID:2444
- C:\Windows\System\cnjiCQD.exe
  C:\Windows\System\cnjiCQD.exe
  2⤵
  PID:2924
- C:\Windows\System\hbTizbG.exe
  C:\Windows\System\hbTizbG.exe
  2⤵
  PID:2196
- C:\Windows\System\lsuugzL.exe
  C:\Windows\System\lsuugzL.exe
  2⤵
  PID:2904
- C:\Windows\System\VbyqSbg.exe
  C:\Windows\System\VbyqSbg.exe
  2⤵
  PID:3000
- C:\Windows\System\PWEkfJW.exe
  C:\Windows\System\PWEkfJW.exe
  2⤵
  PID:1220
- C:\Windows\System\DESNEOU.exe
  C:\Windows\System\DESNEOU.exe
  2⤵
  PID:1660
- C:\Windows\System\XjJLKgA.exe
  C:\Windows\System\XjJLKgA.exe
  2⤵
  PID:448
- C:\Windows\System\ZfQIuEh.exe
  C:\Windows\System\ZfQIuEh.exe
  2⤵
  PID:1044
- C:\Windows\System\zUJcfOC.exe
  C:\Windows\System\zUJcfOC.exe
  2⤵
  PID:2384
- C:\Windows\System\iKTmtxG.exe
  C:\Windows\System\iKTmtxG.exe
  2⤵
  PID:2008
- C:\Windows\System\jJSnUfb.exe
  C:\Windows\System\jJSnUfb.exe
  2⤵
  PID:1980
- C:\Windows\System\sFRxeND.exe
  C:\Windows\System\sFRxeND.exe
  2⤵
  PID:2300
- C:\Windows\System\FKmcCxI.exe
  C:\Windows\System\FKmcCxI.exe
  2⤵
  PID:1636
- C:\Windows\System\yRieEgQ.exe
  C:\Windows\System\yRieEgQ.exe
  2⤵
  PID:1688
- C:\Windows\System\phJSlrp.exe
  C:\Windows\System\phJSlrp.exe
  2⤵
  PID:2416
- C:\Windows\System\CYQDuSY.exe
  C:\Windows\System\CYQDuSY.exe
  2⤵
  PID:756
- C:\Windows\System\ajuXBQA.exe
  C:\Windows\System\ajuXBQA.exe
  2⤵
  PID:868
- C:\Windows\System\ephUtKP.exe
  C:\Windows\System\ephUtKP.exe
  2⤵
  PID:1288
- C:\Windows\System\osloZiy.exe
  C:\Windows\System\osloZiy.exe
  2⤵
  PID:2192
- C:\Windows\System\HhxyEVt.exe
  C:\Windows\System\HhxyEVt.exe
  2⤵
  PID:1624
- C:\Windows\System\yDkWTjo.exe
  C:\Windows\System\yDkWTjo.exe
  2⤵
  PID:2544
- C:\Windows\System\czIZIlk.exe
  C:\Windows\System\czIZIlk.exe
  2⤵
  PID:2920
- C:\Windows\System\CRWUdhB.exe
  C:\Windows\System\CRWUdhB.exe
  2⤵
  PID:1844
- C:\Windows\System\RzoqOHs.exe
  C:\Windows\System\RzoqOHs.exe
  2⤵
  PID:1300
- C:\Windows\System\pejETqP.exe
  C:\Windows\System\pejETqP.exe
  2⤵
  PID:2380
- C:\Windows\System\bKVONtQ.exe
  C:\Windows\System\bKVONtQ.exe
  2⤵
  PID:2228
- C:\Windows\System\rnFNLwq.exe
  C:\Windows\System\rnFNLwq.exe
  2⤵
  PID:2284
- C:\Windows\System\NFDWNKz.exe
  C:\Windows\System\NFDWNKz.exe
  2⤵
  PID:1316
- C:\Windows\System\npQQxIl.exe
  C:\Windows\System\npQQxIl.exe
  2⤵
  PID:2456
- C:\Windows\System\uDymfIk.exe
  C:\Windows\System\uDymfIk.exe
  2⤵
  PID:2792
- C:\Windows\System\EchztkM.exe
  C:\Windows\System\EchztkM.exe
  2⤵
  PID:2244
- C:\Windows\System\rkVlbCU.exe
  C:\Windows\System\rkVlbCU.exe
  2⤵
  PID:3084
- C:\Windows\System\TdCjbHe.exe
  C:\Windows\System\TdCjbHe.exe
  2⤵
  PID:3104
- C:\Windows\System\tdEgbzZ.exe
  C:\Windows\System\tdEgbzZ.exe
  2⤵
  PID:3124
- C:\Windows\System\MAiCYfT.exe
  C:\Windows\System\MAiCYfT.exe
  2⤵
  PID:3148
- C:\Windows\System\IajppuC.exe
  C:\Windows\System\IajppuC.exe
  2⤵
  PID:3168
- C:\Windows\System\frlZWjN.exe
  C:\Windows\System\frlZWjN.exe
  2⤵
  PID:3188
- C:\Windows\System\REZhSLk.exe
  C:\Windows\System\REZhSLk.exe
  2⤵
  PID:3208
- C:\Windows\System\YUjwMig.exe
  C:\Windows\System\YUjwMig.exe
  2⤵
  PID:3228
- C:\Windows\System\WLcCoGr.exe
  C:\Windows\System\WLcCoGr.exe
  2⤵
  PID:3248
- C:\Windows\System\BGsFklX.exe
  C:\Windows\System\BGsFklX.exe
  2⤵
  PID:3264
- C:\Windows\System\plErLRF.exe
  C:\Windows\System\plErLRF.exe
  2⤵
  PID:3284
- C:\Windows\System\TeBUZWx.exe
  C:\Windows\System\TeBUZWx.exe
  2⤵
  PID:3308
- C:\Windows\System\DSBWdky.exe
  C:\Windows\System\DSBWdky.exe
  2⤵
  PID:3324
- C:\Windows\System\nwWcMfF.exe
  C:\Windows\System\nwWcMfF.exe
  2⤵
  PID:3348
- C:\Windows\System\CWcsVIW.exe
  C:\Windows\System\CWcsVIW.exe
  2⤵
  PID:3368
- C:\Windows\System\ZkcxqtO.exe
  C:\Windows\System\ZkcxqtO.exe
  2⤵
  PID:3388
- C:\Windows\System\sKRPslI.exe
  C:\Windows\System\sKRPslI.exe
  2⤵
  PID:3408
- C:\Windows\System\EDFVzxz.exe
  C:\Windows\System\EDFVzxz.exe
  2⤵
  PID:3428
- C:\Windows\System\TQqwNqB.exe
  C:\Windows\System\TQqwNqB.exe
  2⤵
  PID:3448
- C:\Windows\System\EcaTUEE.exe
  C:\Windows\System\EcaTUEE.exe
  2⤵
  PID:3468
- C:\Windows\System\SASVtDf.exe
  C:\Windows\System\SASVtDf.exe
  2⤵
  PID:3484
- C:\Windows\System\maHVHDA.exe
  C:\Windows\System\maHVHDA.exe
  2⤵
  PID:3504
- C:\Windows\System\gekfZrm.exe
  C:\Windows\System\gekfZrm.exe
  2⤵
  PID:3528
- C:\Windows\System\PTXIdAj.exe
  C:\Windows\System\PTXIdAj.exe
  2⤵
  PID:3548
- C:\Windows\System\irbReCV.exe
  C:\Windows\System\irbReCV.exe
  2⤵
  PID:3568
- C:\Windows\System\FYpfgpL.exe
  C:\Windows\System\FYpfgpL.exe
  2⤵
  PID:3588
- C:\Windows\System\xOYsItW.exe
  C:\Windows\System\xOYsItW.exe
  2⤵
  PID:3608
- C:\Windows\System\SGZJvfo.exe
  C:\Windows\System\SGZJvfo.exe
  2⤵
  PID:3624
- C:\Windows\System\BvwWzoH.exe
  C:\Windows\System\BvwWzoH.exe
  2⤵
  PID:3648
- C:\Windows\System\NFYhnkT.exe
  C:\Windows\System\NFYhnkT.exe
  2⤵
  PID:3668
- C:\Windows\System\gufEAnY.exe
  C:\Windows\System\gufEAnY.exe
  2⤵
  PID:3684
- C:\Windows\System\oPUWYTs.exe
  C:\Windows\System\oPUWYTs.exe
  2⤵
  PID:3708
- C:\Windows\System\RoIzSsB.exe
  C:\Windows\System\RoIzSsB.exe
  2⤵
  PID:3728
- C:\Windows\System\qKOfPOf.exe
  C:\Windows\System\qKOfPOf.exe
  2⤵
  PID:3748
- C:\Windows\System\QKYPrbE.exe
  C:\Windows\System\QKYPrbE.exe
  2⤵
  PID:3768
- C:\Windows\System\CFZtQUV.exe
  C:\Windows\System\CFZtQUV.exe
  2⤵
  PID:3788
- C:\Windows\System\WdoTyGo.exe
  C:\Windows\System\WdoTyGo.exe
  2⤵
  PID:3808
- C:\Windows\System\VudcLWa.exe
  C:\Windows\System\VudcLWa.exe
  2⤵
  PID:3828
- C:\Windows\System\oHtpgjK.exe
  C:\Windows\System\oHtpgjK.exe
  2⤵
  PID:3848
- C:\Windows\System\NPXSfQJ.exe
  C:\Windows\System\NPXSfQJ.exe
  2⤵
  PID:3864
- C:\Windows\System\qiLdNCO.exe
  C:\Windows\System\qiLdNCO.exe
  2⤵
  PID:3884
- C:\Windows\System\aajwTlN.exe
  C:\Windows\System\aajwTlN.exe
  2⤵
  PID:3908
- C:\Windows\System\PlalxiC.exe
  C:\Windows\System\PlalxiC.exe
  2⤵
  PID:3928
- C:\Windows\System\iIVEoUN.exe
  C:\Windows\System\iIVEoUN.exe
  2⤵
  PID:3948
- C:\Windows\System\eQGUViH.exe
  C:\Windows\System\eQGUViH.exe
  2⤵
  PID:3968
- C:\Windows\System\gkcFQRZ.exe
  C:\Windows\System\gkcFQRZ.exe
  2⤵
  PID:3984
- C:\Windows\System\ooYjXPC.exe
  C:\Windows\System\ooYjXPC.exe
  2⤵
  PID:4004
- C:\Windows\System\vyiQEJv.exe
  C:\Windows\System\vyiQEJv.exe
  2⤵
  PID:4028
- C:\Windows\System\ssxCMdq.exe
  C:\Windows\System\ssxCMdq.exe
  2⤵
  PID:4044
- C:\Windows\System\XshiWSU.exe
  C:\Windows\System\XshiWSU.exe
  2⤵
  PID:4068
- C:\Windows\System\QlcSWCy.exe
  C:\Windows\System\QlcSWCy.exe
  2⤵
  PID:4088
- C:\Windows\System\llZuVJl.exe
  C:\Windows\System\llZuVJl.exe
  2⤵
  PID:2552
- C:\Windows\System\ZDkgiHf.exe
  C:\Windows\System\ZDkgiHf.exe
  2⤵
  PID:3040
- C:\Windows\System\FxqFcgi.exe
  C:\Windows\System\FxqFcgi.exe
  2⤵
  PID:1856
- C:\Windows\System\OecathZ.exe
  C:\Windows\System\OecathZ.exe
  2⤵
  PID:872
- C:\Windows\System\eADSwaB.exe
  C:\Windows\System\eADSwaB.exe
  2⤵
  PID:2344
- C:\Windows\System\YZXbnGk.exe
  C:\Windows\System\YZXbnGk.exe
  2⤵
  PID:1488
- C:\Windows\System\xtQxNzB.exe
  C:\Windows\System\xtQxNzB.exe
  2⤵
  PID:2152
- C:\Windows\System\YGymaaL.exe
  C:\Windows\System\YGymaaL.exe
  2⤵
  PID:3076
- C:\Windows\System\DHTDNJa.exe
  C:\Windows\System\DHTDNJa.exe
  2⤵
  PID:3116
- C:\Windows\System\roiAGec.exe
  C:\Windows\System\roiAGec.exe
  2⤵
  PID:3156
- C:\Windows\System\BRDOQXl.exe
  C:\Windows\System\BRDOQXl.exe
  2⤵
  PID:3164
- C:\Windows\System\WLcpxTi.exe
  C:\Windows\System\WLcpxTi.exe
  2⤵
  PID:3204
- C:\Windows\System\BWfKTVN.exe
  C:\Windows\System\BWfKTVN.exe
  2⤵
  PID:3244
- C:\Windows\System\KJoWGpo.exe
  C:\Windows\System\KJoWGpo.exe
  2⤵
  PID:3272
- C:\Windows\System\QBbmQXg.exe
  C:\Windows\System\QBbmQXg.exe
  2⤵
  PID:3336
- C:\Windows\System\JQFxiRc.exe
  C:\Windows\System\JQFxiRc.exe
  2⤵
  PID:3344
- C:\Windows\System\vBGaLen.exe
  C:\Windows\System\vBGaLen.exe
  2⤵
  PID:3380
- C:\Windows\System\yObubFx.exe
  C:\Windows\System\yObubFx.exe
  2⤵
  PID:3424
- C:\Windows\System\NVLAOKM.exe
  C:\Windows\System\NVLAOKM.exe
  2⤵
  PID:3464
- C:\Windows\System\CpiyjlG.exe
  C:\Windows\System\CpiyjlG.exe
  2⤵
  PID:3492
- C:\Windows\System\MohLbfx.exe
  C:\Windows\System\MohLbfx.exe
  2⤵
  PID:3516
- C:\Windows\System\Jmvbqxx.exe
  C:\Windows\System\Jmvbqxx.exe
  2⤵
  PID:3556
- C:\Windows\System\BQFFeMq.exe
  C:\Windows\System\BQFFeMq.exe
  2⤵
  PID:3584
- C:\Windows\System\ZJRMnFV.exe
  C:\Windows\System\ZJRMnFV.exe
  2⤵
  PID:3620
- C:\Windows\System\SNrwejO.exe
  C:\Windows\System\SNrwejO.exe
  2⤵
  PID:3644
- C:\Windows\System\DHiiIfi.exe
  C:\Windows\System\DHiiIfi.exe
  2⤵
  PID:3692
- C:\Windows\System\LvwRFwY.exe
  C:\Windows\System\LvwRFwY.exe
  2⤵
  PID:3716
- C:\Windows\System\SqnjnJq.exe
  C:\Windows\System\SqnjnJq.exe
  2⤵
  PID:3740
- C:\Windows\System\vzcqJbe.exe
  C:\Windows\System\vzcqJbe.exe
  2⤵
  PID:3760
- C:\Windows\System\VUHtSPM.exe
  C:\Windows\System\VUHtSPM.exe
  2⤵
  PID:3824
- C:\Windows\System\HlktjZY.exe
  C:\Windows\System\HlktjZY.exe
  2⤵
  PID:3860
- C:\Windows\System\jgMvsea.exe
  C:\Windows\System\jgMvsea.exe
  2⤵
  PID:3844
- C:\Windows\System\zynCzml.exe
  C:\Windows\System\zynCzml.exe
  2⤵
  PID:3936
- C:\Windows\System\sFoWQJF.exe
  C:\Windows\System\sFoWQJF.exe
  2⤵
  PID:3956
- C:\Windows\System\sKDidrK.exe
  C:\Windows\System\sKDidrK.exe
  2⤵
  PID:4012
- C:\Windows\System\mcAEsPk.exe
  C:\Windows\System\mcAEsPk.exe
  2⤵
  PID:4000
- C:\Windows\System\kSXnTbY.exe
  C:\Windows\System\kSXnTbY.exe
  2⤵
  PID:4060
- C:\Windows\System\TJxeGaW.exe
  C:\Windows\System\TJxeGaW.exe
  2⤵
  PID:4084
- C:\Windows\System\qmwPHup.exe
  C:\Windows\System\qmwPHup.exe
  2⤵
  PID:2672
- C:\Windows\System\JxPrRBA.exe
  C:\Windows\System\JxPrRBA.exe
  2⤵
  PID:1528
- C:\Windows\System\iVqeBXl.exe
  C:\Windows\System\iVqeBXl.exe
  2⤵
  PID:696
- C:\Windows\System\hLPqDJu.exe
  C:\Windows\System\hLPqDJu.exe
  2⤵
  PID:2100
- C:\Windows\System\hUzUwpH.exe
  C:\Windows\System\hUzUwpH.exe
  2⤵
  PID:3092
- C:\Windows\System\XrhRdIJ.exe
  C:\Windows\System\XrhRdIJ.exe
  2⤵
  PID:3140
- C:\Windows\System\kmDrHnc.exe
  C:\Windows\System\kmDrHnc.exe
  2⤵
  PID:3236
- C:\Windows\System\DrgyeWc.exe
  C:\Windows\System\DrgyeWc.exe
  2⤵
  PID:3276
- C:\Windows\System\WsfMscq.exe
  C:\Windows\System\WsfMscq.exe
  2⤵
  PID:3300
- C:\Windows\System\qxloEhc.exe
  C:\Windows\System\qxloEhc.exe
  2⤵
  PID:3376
- C:\Windows\System\ToCqaKF.exe
  C:\Windows\System\ToCqaKF.exe
  2⤵
  PID:3404
- C:\Windows\System\ntniSYH.exe
  C:\Windows\System\ntniSYH.exe
  2⤵
  PID:3460
- C:\Windows\System\aWBeTQR.exe
  C:\Windows\System\aWBeTQR.exe
  2⤵
  PID:3560
- C:\Windows\System\xcpuGps.exe
  C:\Windows\System\xcpuGps.exe
  2⤵
  PID:3616
- C:\Windows\System\HrIitTA.exe
  C:\Windows\System\HrIitTA.exe
  2⤵
  PID:3640
- C:\Windows\System\XmrbGut.exe
  C:\Windows\System\XmrbGut.exe
  2⤵
  PID:3676
- C:\Windows\System\izXwjrn.exe
  C:\Windows\System\izXwjrn.exe
  2⤵
  PID:3724
- C:\Windows\System\yXRctQk.exe
  C:\Windows\System\yXRctQk.exe
  2⤵
  PID:3796
- C:\Windows\System\NdXkOBi.exe
  C:\Windows\System\NdXkOBi.exe
  2⤵
  PID:3880
- C:\Windows\System\JiNJAXx.exe
  C:\Windows\System\JiNJAXx.exe
  2⤵
  PID:3924
- C:\Windows\System\CPWcvnZ.exe
  C:\Windows\System\CPWcvnZ.exe
  2⤵
  PID:3980
- C:\Windows\System\SEZAdmF.exe
  C:\Windows\System\SEZAdmF.exe
  2⤵
  PID:4036
- C:\Windows\System\EPgLIuZ.exe
  C:\Windows\System\EPgLIuZ.exe
  2⤵
  PID:4076
- C:\Windows\System\EbJGWmW.exe
  C:\Windows\System\EbJGWmW.exe
  2⤵
  PID:2412
- C:\Windows\System\lLGdVAv.exe
  C:\Windows\System\lLGdVAv.exe
  2⤵
  PID:1764
- C:\Windows\System\KiRFHvD.exe
  C:\Windows\System\KiRFHvD.exe
  2⤵
  PID:2576
- C:\Windows\System\rjrXzZA.exe
  C:\Windows\System\rjrXzZA.exe
  2⤵
  PID:3144
- C:\Windows\System\HviETol.exe
  C:\Windows\System\HviETol.exe
  2⤵
  PID:3332
- C:\Windows\System\LUFhxDb.exe
  C:\Windows\System\LUFhxDb.exe
  2⤵
  PID:3400
- C:\Windows\System\lcXPlym.exe
  C:\Windows\System\lcXPlym.exe
  2⤵
  PID:3480
- C:\Windows\System\xrHhISb.exe
  C:\Windows\System\xrHhISb.exe
  2⤵
  PID:3536
- C:\Windows\System\CUZkebq.exe
  C:\Windows\System\CUZkebq.exe
  2⤵
  PID:3600
- C:\Windows\System\CuSVmAb.exe
  C:\Windows\System\CuSVmAb.exe
  2⤵
  PID:3780
- C:\Windows\System\gLfsPGc.exe
  C:\Windows\System\gLfsPGc.exe
  2⤵
  PID:4104
- C:\Windows\System\QhrzUlH.exe
  C:\Windows\System\QhrzUlH.exe
  2⤵
  PID:4124
- C:\Windows\System\ulVWRRR.exe
  C:\Windows\System\ulVWRRR.exe
  2⤵
  PID:4144
- C:\Windows\System\jMqCLVi.exe
  C:\Windows\System\jMqCLVi.exe
  2⤵
  PID:4164
- C:\Windows\System\bqLPtaY.exe
  C:\Windows\System\bqLPtaY.exe
  2⤵
  PID:4184
- C:\Windows\System\gvsRapd.exe
  C:\Windows\System\gvsRapd.exe
  2⤵
  PID:4204
- C:\Windows\System\vPOcdTi.exe
  C:\Windows\System\vPOcdTi.exe
  2⤵
  PID:4224
- C:\Windows\System\mABscTB.exe
  C:\Windows\System\mABscTB.exe
  2⤵
  PID:4244
- C:\Windows\System\IbBQJcA.exe
  C:\Windows\System\IbBQJcA.exe
  2⤵
  PID:4264
- C:\Windows\System\TxfoAeR.exe
  C:\Windows\System\TxfoAeR.exe
  2⤵
  PID:4284
- C:\Windows\System\fpFhfzo.exe
  C:\Windows\System\fpFhfzo.exe
  2⤵
  PID:4304
- C:\Windows\System\lHGorAt.exe
  C:\Windows\System\lHGorAt.exe
  2⤵
  PID:4324
- C:\Windows\System\wdZVSOk.exe
  C:\Windows\System\wdZVSOk.exe
  2⤵
  PID:4344
- C:\Windows\System\OwGMrTp.exe
  C:\Windows\System\OwGMrTp.exe
  2⤵
  PID:4360
- C:\Windows\System\TyCSgCJ.exe
  C:\Windows\System\TyCSgCJ.exe
  2⤵
  PID:4384
- C:\Windows\System\ZbwQeSh.exe
  C:\Windows\System\ZbwQeSh.exe
  2⤵
  PID:4404
- C:\Windows\System\ziahwPW.exe
  C:\Windows\System\ziahwPW.exe
  2⤵
  PID:4424
- C:\Windows\System\hRnbyBM.exe
  C:\Windows\System\hRnbyBM.exe
  2⤵
  PID:4444
- C:\Windows\System\bxFhdHL.exe
  C:\Windows\System\bxFhdHL.exe
  2⤵
  PID:4464
- C:\Windows\System\uBeMDjc.exe
  C:\Windows\System\uBeMDjc.exe
  2⤵
  PID:4484
- C:\Windows\System\PUIhcRG.exe
  C:\Windows\System\PUIhcRG.exe
  2⤵
  PID:4504
- C:\Windows\System\vmHMRDk.exe
  C:\Windows\System\vmHMRDk.exe
  2⤵
  PID:4524
- C:\Windows\System\ZdNHpXH.exe
  C:\Windows\System\ZdNHpXH.exe
  2⤵
  PID:4544
- C:\Windows\System\HqFdFpV.exe
  C:\Windows\System\HqFdFpV.exe
  2⤵
  PID:4564
- C:\Windows\System\eRhiDxP.exe
  C:\Windows\System\eRhiDxP.exe
  2⤵
  PID:4584
- C:\Windows\System\rxeNVrG.exe
  C:\Windows\System\rxeNVrG.exe
  2⤵
  PID:4604
- C:\Windows\System\jZBSfuj.exe
  C:\Windows\System\jZBSfuj.exe
  2⤵
  PID:4624
- C:\Windows\System\VWcRKVZ.exe
  C:\Windows\System\VWcRKVZ.exe
  2⤵
  PID:4644
- C:\Windows\System\lJNAlos.exe
  C:\Windows\System\lJNAlos.exe
  2⤵
  PID:4664
- C:\Windows\System\EpLjBQX.exe
  C:\Windows\System\EpLjBQX.exe
  2⤵
  PID:4684
- C:\Windows\System\KULAzpN.exe
  C:\Windows\System\KULAzpN.exe
  2⤵
  PID:4704
- C:\Windows\System\veKfJsC.exe
  C:\Windows\System\veKfJsC.exe
  2⤵
  PID:4724
- C:\Windows\System\AHqvYHT.exe
  C:\Windows\System\AHqvYHT.exe
  2⤵
  PID:4744
- C:\Windows\System\HWkSanZ.exe
  C:\Windows\System\HWkSanZ.exe
  2⤵
  PID:4764
- C:\Windows\System\aVcQieE.exe
  C:\Windows\System\aVcQieE.exe
  2⤵
  PID:4784
- C:\Windows\System\fQlImjp.exe
  C:\Windows\System\fQlImjp.exe
  2⤵
  PID:4808
- C:\Windows\System\ifOwllp.exe
  C:\Windows\System\ifOwllp.exe
  2⤵
  PID:4828
- C:\Windows\System\jZWhqei.exe
  C:\Windows\System\jZWhqei.exe
  2⤵
  PID:4848
- C:\Windows\System\zPcDtLF.exe
  C:\Windows\System\zPcDtLF.exe
  2⤵
  PID:4868
- C:\Windows\System\unGvfTp.exe
  C:\Windows\System\unGvfTp.exe
  2⤵
  PID:4888
- C:\Windows\System\mFRAtRl.exe
  C:\Windows\System\mFRAtRl.exe
  2⤵
  PID:4908
- C:\Windows\System\JxRCWre.exe
  C:\Windows\System\JxRCWre.exe
  2⤵
  PID:4928
- C:\Windows\System\SLrVMbZ.exe
  C:\Windows\System\SLrVMbZ.exe
  2⤵
  PID:4948
- C:\Windows\System\iLVhIpo.exe
  C:\Windows\System\iLVhIpo.exe
  2⤵
  PID:4968
- C:\Windows\System\nHzlLSu.exe
  C:\Windows\System\nHzlLSu.exe
  2⤵
  PID:4988
- C:\Windows\System\GDVLDHA.exe
  C:\Windows\System\GDVLDHA.exe
  2⤵
  PID:5008
- C:\Windows\System\qaOaeEx.exe
  C:\Windows\System\qaOaeEx.exe
  2⤵
  PID:5028
- C:\Windows\System\qFtqENe.exe
  C:\Windows\System\qFtqENe.exe
  2⤵
  PID:5048
- C:\Windows\System\cuUQTRs.exe
  C:\Windows\System\cuUQTRs.exe
  2⤵
  PID:5068
- C:\Windows\System\VVajarL.exe
  C:\Windows\System\VVajarL.exe
  2⤵
  PID:5088
- C:\Windows\System\clJSdNw.exe
  C:\Windows\System\clJSdNw.exe
  2⤵
  PID:5108
- C:\Windows\System\yuInfbu.exe
  C:\Windows\System\yuInfbu.exe
  2⤵
  PID:3900
- C:\Windows\System\FfeLiwH.exe
  C:\Windows\System\FfeLiwH.exe
  2⤵
  PID:3896
- C:\Windows\System\fxdYANq.exe
  C:\Windows\System\fxdYANq.exe
  2⤵
  PID:3992
- C:\Windows\System\PvRjJJH.exe
  C:\Windows\System\PvRjJJH.exe
  2⤵
  PID:1256
- C:\Windows\System\bUcmria.exe
  C:\Windows\System\bUcmria.exe
  2⤵
  PID:3176
- C:\Windows\System\yibGQfW.exe
  C:\Windows\System\yibGQfW.exe
  2⤵
  PID:3340
- C:\Windows\System\ZQzzVVT.exe
  C:\Windows\System\ZQzzVVT.exe
  2⤵
  PID:3292
- C:\Windows\System\LmpgbeL.exe
  C:\Windows\System\LmpgbeL.exe
  2⤵
  PID:2484
- C:\Windows\System\LWLCowF.exe
  C:\Windows\System\LWLCowF.exe
  2⤵
  PID:3580
- C:\Windows\System\ATLXciz.exe
  C:\Windows\System\ATLXciz.exe
  2⤵
  PID:3764
- C:\Windows\System\mObRpYz.exe
  C:\Windows\System\mObRpYz.exe
  2⤵
  PID:4132
- C:\Windows\System\TLfHhvC.exe
  C:\Windows\System\TLfHhvC.exe
  2⤵
  PID:4156
- C:\Windows\System\gpOJpOU.exe
  C:\Windows\System\gpOJpOU.exe
  2⤵
  PID:4200
- C:\Windows\System\rTkSCvu.exe
  C:\Windows\System\rTkSCvu.exe
  2⤵
  PID:4240
- C:\Windows\System\Blwbjpv.exe
  C:\Windows\System\Blwbjpv.exe
  2⤵
  PID:4272
- C:\Windows\System\tADuKwZ.exe
  C:\Windows\System\tADuKwZ.exe
  2⤵
  PID:4300
- C:\Windows\System\DkkOPFo.exe
  C:\Windows\System\DkkOPFo.exe
  2⤵
  PID:4332
- C:\Windows\System\wawskBq.exe
  C:\Windows\System\wawskBq.exe
  2⤵
  PID:4368
- C:\Windows\System\yJhCJaG.exe
  C:\Windows\System\yJhCJaG.exe
  2⤵
  PID:4396
- C:\Windows\System\GYsziKK.exe
  C:\Windows\System\GYsziKK.exe
  2⤵
  PID:4440
- C:\Windows\System\YhApafy.exe
  C:\Windows\System\YhApafy.exe
  2⤵
  PID:4476
- C:\Windows\System\GOaPQxW.exe
  C:\Windows\System\GOaPQxW.exe
  2⤵
  PID:4520
- C:\Windows\System\fjyWcaM.exe
  C:\Windows\System\fjyWcaM.exe
  2⤵
  PID:4540
- C:\Windows\System\iWJvLaL.exe
  C:\Windows\System\iWJvLaL.exe
  2⤵
  PID:4572
- C:\Windows\System\IKQtcDr.exe
  C:\Windows\System\IKQtcDr.exe
  2⤵
  PID:4596
- C:\Windows\System\KruElch.exe
  C:\Windows\System\KruElch.exe
  2⤵
  PID:4640
- C:\Windows\System\LwelQUx.exe
  C:\Windows\System\LwelQUx.exe
  2⤵
  PID:4660
- C:\Windows\System\vCxqglS.exe
  C:\Windows\System\vCxqglS.exe
  2⤵
  PID:4712
- C:\Windows\System\lxFKpEn.exe
  C:\Windows\System\lxFKpEn.exe
  2⤵
  PID:4740
- C:\Windows\System\hXrMFvA.exe
  C:\Windows\System\hXrMFvA.exe
  2⤵
  PID:4772
- C:\Windows\System\iAVmAWJ.exe
  C:\Windows\System\iAVmAWJ.exe
  2⤵
  PID:4796
- C:\Windows\System\NquPyiH.exe
  C:\Windows\System\NquPyiH.exe
  2⤵
  PID:4824
- C:\Windows\System\cYTwJAm.exe
  C:\Windows\System\cYTwJAm.exe
  2⤵
  PID:4884
- C:\Windows\System\xALaUOq.exe
  C:\Windows\System\xALaUOq.exe
  2⤵
  PID:4904
- C:\Windows\System\CCKbRNn.exe
  C:\Windows\System\CCKbRNn.exe
  2⤵
  PID:4936
- C:\Windows\System\bbzzgRL.exe
  C:\Windows\System\bbzzgRL.exe
  2⤵
  PID:4976
- C:\Windows\System\YQMIami.exe
  C:\Windows\System\YQMIami.exe
  2⤵
  PID:5036
- C:\Windows\System\jNeXzSX.exe
  C:\Windows\System\jNeXzSX.exe
  2⤵
  PID:5040
- C:\Windows\System\cfPOeRG.exe
  C:\Windows\System\cfPOeRG.exe
  2⤵
  PID:5060
- C:\Windows\System\DiClTIM.exe
  C:\Windows\System\DiClTIM.exe
  2⤵
  PID:3804
- C:\Windows\System\pznpNau.exe
  C:\Windows\System\pznpNau.exe
  2⤵
  PID:3916
- C:\Windows\System\wHQIVhh.exe
  C:\Windows\System\wHQIVhh.exe
  2⤵
  PID:600
- C:\Windows\System\DIyIQLT.exe
  C:\Windows\System\DIyIQLT.exe
  2⤵
  PID:1576
- C:\Windows\System\IjdDoOp.exe
  C:\Windows\System\IjdDoOp.exe
  2⤵
  PID:3436
- C:\Windows\System\BQZCulH.exe
  C:\Windows\System\BQZCulH.exe
  2⤵
  PID:3836
- C:\Windows\System\WillyMc.exe
  C:\Windows\System\WillyMc.exe
  2⤵
  PID:4120
- C:\Windows\System\lNQNWQN.exe
  C:\Windows\System\lNQNWQN.exe
  2⤵
  PID:4136
- C:\Windows\System\nxGObMO.exe
  C:\Windows\System\nxGObMO.exe
  2⤵
  PID:4252
- C:\Windows\System\VoDVMIA.exe
  C:\Windows\System\VoDVMIA.exe
  2⤵
  PID:4292
- C:\Windows\System\KUcfkao.exe
  C:\Windows\System\KUcfkao.exe
  2⤵
  PID:4380
- C:\Windows\System\wNRMNOm.exe
  C:\Windows\System\wNRMNOm.exe
  2⤵
  PID:4420
- C:\Windows\System\irYNmxo.exe
  C:\Windows\System\irYNmxo.exe
  2⤵
  PID:4456
- C:\Windows\System\SxWSFVY.exe
  C:\Windows\System\SxWSFVY.exe
  2⤵
  PID:4580
- C:\Windows\System\xYCkjgA.exe
  C:\Windows\System\xYCkjgA.exe
  2⤵
  PID:4556
- C:\Windows\System\kEpRetu.exe
  C:\Windows\System\kEpRetu.exe
  2⤵
  PID:4676
- C:\Windows\System\gzhvgto.exe
  C:\Windows\System\gzhvgto.exe
  2⤵
  PID:4716
- C:\Windows\System\oThJmoF.exe
  C:\Windows\System\oThJmoF.exe
  2⤵
  PID:4804
- C:\Windows\System\RcWLbEv.exe
  C:\Windows\System\RcWLbEv.exe
  2⤵
  PID:4864
- C:\Windows\System\BblZyip.exe
  C:\Windows\System\BblZyip.exe
  2⤵
  PID:4896
- C:\Windows\System\rOFaIQj.exe
  C:\Windows\System\rOFaIQj.exe
  2⤵
  PID:4960
- C:\Windows\System\TiYEVUc.exe
  C:\Windows\System\TiYEVUc.exe
  2⤵
  PID:5056
- C:\Windows\System\VQmOQYF.exe
  C:\Windows\System\VQmOQYF.exe
  2⤵
  PID:5100
- C:\Windows\System\inKVeoM.exe
  C:\Windows\System\inKVeoM.exe
  2⤵
  PID:4056
- C:\Windows\System\zLSRIaO.exe
  C:\Windows\System\zLSRIaO.exe
  2⤵
  PID:3220
- C:\Windows\System\BNFnMGp.exe
  C:\Windows\System\BNFnMGp.exe
  2⤵
  PID:4112
- C:\Windows\System\VkqdNHM.exe
  C:\Windows\System\VkqdNHM.exe
  2⤵
  PID:5128
- C:\Windows\System\NKqNlCM.exe
  C:\Windows\System\NKqNlCM.exe
  2⤵
  PID:5148
- C:\Windows\System\JSYiZvu.exe
  C:\Windows\System\JSYiZvu.exe
  2⤵
  PID:5168
- C:\Windows\System\eILiPwF.exe
  C:\Windows\System\eILiPwF.exe
  2⤵
  PID:5188
- C:\Windows\System\FysvylC.exe
  C:\Windows\System\FysvylC.exe
  2⤵
  PID:5208
- C:\Windows\System\AKhKMoh.exe
  C:\Windows\System\AKhKMoh.exe
  2⤵
  PID:5228
- C:\Windows\System\LGVutQo.exe
  C:\Windows\System\LGVutQo.exe
  2⤵
  PID:5248
- C:\Windows\System\eddwizh.exe
  C:\Windows\System\eddwizh.exe
  2⤵
  PID:5272
- C:\Windows\System\XlJWprP.exe
  C:\Windows\System\XlJWprP.exe
  2⤵
  PID:5292
- C:\Windows\System\GOeLiwY.exe
  C:\Windows\System\GOeLiwY.exe
  2⤵
  PID:5312
- C:\Windows\System\eqVOQtP.exe
  C:\Windows\System\eqVOQtP.exe
  2⤵
  PID:5336
- C:\Windows\System\KDEDfzR.exe
  C:\Windows\System\KDEDfzR.exe
  2⤵
  PID:5356
- C:\Windows\System\sMUOdzB.exe
  C:\Windows\System\sMUOdzB.exe
  2⤵
  PID:5376
- C:\Windows\System\nLzukWD.exe
  C:\Windows\System\nLzukWD.exe
  2⤵
  PID:5396
- C:\Windows\System\JZqxHkd.exe
  C:\Windows\System\JZqxHkd.exe
  2⤵
  PID:5416
- C:\Windows\System\xUKEUOw.exe
  C:\Windows\System\xUKEUOw.exe
  2⤵
  PID:5436
- C:\Windows\System\mZPpKoY.exe
  C:\Windows\System\mZPpKoY.exe
  2⤵
  PID:5456
- C:\Windows\System\DGqslSA.exe
  C:\Windows\System\DGqslSA.exe
  2⤵
  PID:5476
- C:\Windows\System\pKZUTkX.exe
  C:\Windows\System\pKZUTkX.exe
  2⤵
  PID:5496
- C:\Windows\System\roZtjIG.exe
  C:\Windows\System\roZtjIG.exe
  2⤵
  PID:5516
- C:\Windows\System\miVsddS.exe
  C:\Windows\System\miVsddS.exe
  2⤵
  PID:5536
- C:\Windows\System\EcPXXia.exe
  C:\Windows\System\EcPXXia.exe
  2⤵
  PID:5556
- C:\Windows\System\dZCtlpx.exe
  C:\Windows\System\dZCtlpx.exe
  2⤵
  PID:5576
- C:\Windows\System\aAKQeVf.exe
  C:\Windows\System\aAKQeVf.exe
  2⤵
  PID:5596
- C:\Windows\System\djQCxWH.exe
  C:\Windows\System\djQCxWH.exe
  2⤵
  PID:5616
- C:\Windows\System\zYWsZEU.exe
  C:\Windows\System\zYWsZEU.exe
  2⤵
  PID:5636
- C:\Windows\System\OWcXHGM.exe
  C:\Windows\System\OWcXHGM.exe
  2⤵
  PID:5656
- C:\Windows\System\zNfMrbc.exe
  C:\Windows\System\zNfMrbc.exe
  2⤵
  PID:5680
- C:\Windows\System\kjzFEFA.exe
  C:\Windows\System\kjzFEFA.exe
  2⤵
  PID:5700
- C:\Windows\System\bNcTwwa.exe
  C:\Windows\System\bNcTwwa.exe
  2⤵
  PID:5720
- C:\Windows\System\XUVgNOb.exe
  C:\Windows\System\XUVgNOb.exe
  2⤵
  PID:5740
- C:\Windows\System\IvElMEq.exe
  C:\Windows\System\IvElMEq.exe
  2⤵
  PID:5760
- C:\Windows\System\POneLTd.exe
  C:\Windows\System\POneLTd.exe
  2⤵
  PID:5780
- C:\Windows\System\buYLWls.exe
  C:\Windows\System\buYLWls.exe
  2⤵
  PID:5800
- C:\Windows\System\IlQEMdh.exe
  C:\Windows\System\IlQEMdh.exe
  2⤵
  PID:5820
- C:\Windows\System\FkNueSm.exe
  C:\Windows\System\FkNueSm.exe
  2⤵
  PID:5840
- C:\Windows\System\zmDFLdE.exe
  C:\Windows\System\zmDFLdE.exe
  2⤵
  PID:5860
- C:\Windows\System\FLZLVTO.exe
  C:\Windows\System\FLZLVTO.exe
  2⤵
  PID:5880
- C:\Windows\System\HSCTHeN.exe
  C:\Windows\System\HSCTHeN.exe
  2⤵
  PID:5900
- C:\Windows\System\LoDJEEl.exe
  C:\Windows\System\LoDJEEl.exe
  2⤵
  PID:5920
- C:\Windows\System\EkVyLhp.exe
  C:\Windows\System\EkVyLhp.exe
  2⤵
  PID:5940
- C:\Windows\System\gsZSrcp.exe
  C:\Windows\System\gsZSrcp.exe
  2⤵
  PID:5960
- C:\Windows\System\cSrXaQI.exe
  C:\Windows\System\cSrXaQI.exe
  2⤵
  PID:5980
- C:\Windows\System\vBBgBjo.exe
  C:\Windows\System\vBBgBjo.exe
  2⤵
  PID:6000
- C:\Windows\System\fFXPtHa.exe
  C:\Windows\System\fFXPtHa.exe
  2⤵
  PID:6020
- C:\Windows\System\LiykwoR.exe
  C:\Windows\System\LiykwoR.exe
  2⤵
  PID:6040
- C:\Windows\System\ljSfaBQ.exe
  C:\Windows\System\ljSfaBQ.exe
  2⤵
  PID:6060
- C:\Windows\System\IsdTDzp.exe
  C:\Windows\System\IsdTDzp.exe
  2⤵
  PID:6080
- C:\Windows\System\WwPdpjc.exe
  C:\Windows\System\WwPdpjc.exe
  2⤵
  PID:6096
- C:\Windows\System\IlvFqBv.exe
  C:\Windows\System\IlvFqBv.exe
  2⤵
  PID:6120
- C:\Windows\System\PWbgfeQ.exe
  C:\Windows\System\PWbgfeQ.exe
  2⤵
  PID:6140
- C:\Windows\System\zJgvJzG.exe
  C:\Windows\System\zJgvJzG.exe
  2⤵
  PID:4140
- C:\Windows\System\zUNVWpV.exe
  C:\Windows\System\zUNVWpV.exe
  2⤵
  PID:4276
- C:\Windows\System\wKegbLO.exe
  C:\Windows\System\wKegbLO.exe
  2⤵
  PID:4340
- C:\Windows\System\UdZIQEO.exe
  C:\Windows\System\UdZIQEO.exe
  2⤵
  PID:4600
- C:\Windows\System\VUNWwIk.exe
  C:\Windows\System\VUNWwIk.exe
  2⤵
  PID:4632
- C:\Windows\System\gfvYNuE.exe
  C:\Windows\System\gfvYNuE.exe
  2⤵
  PID:4692
- C:\Windows\System\mwJJCCh.exe
  C:\Windows\System\mwJJCCh.exe
  2⤵
  PID:4756
- C:\Windows\System\rifwyrO.exe
  C:\Windows\System\rifwyrO.exe
  2⤵
  PID:4920
- C:\Windows\System\gZlBsid.exe
  C:\Windows\System\gZlBsid.exe
  2⤵
  PID:5020
- C:\Windows\System\sfURDis.exe
  C:\Windows\System\sfURDis.exe
  2⤵
  PID:3892
- C:\Windows\System\XuQCwyt.exe
  C:\Windows\System\XuQCwyt.exe
  2⤵
  PID:3416
- C:\Windows\System\XLVEvoL.exe
  C:\Windows\System\XLVEvoL.exe
  2⤵
  PID:3704
- C:\Windows\System\vPxhBad.exe
  C:\Windows\System\vPxhBad.exe
  2⤵
  PID:5160
- C:\Windows\System\WUrfjDd.exe
  C:\Windows\System\WUrfjDd.exe
  2⤵
  PID:5180
- C:\Windows\System\KQWoSaU.exe
  C:\Windows\System\KQWoSaU.exe
  2⤵
  PID:5224
- C:\Windows\System\puflJGD.exe
  C:\Windows\System\puflJGD.exe
  2⤵
  PID:5264
- C:\Windows\System\tpJquDb.exe
  C:\Windows\System\tpJquDb.exe
  2⤵
  PID:5308
- C:\Windows\System\OTkiBmc.exe
  C:\Windows\System\OTkiBmc.exe
  2⤵
  PID:5344
- C:\Windows\System\wrAFTEK.exe
  C:\Windows\System\wrAFTEK.exe
  2⤵
  PID:5368
- C:\Windows\System\vxkEeGh.exe
  C:\Windows\System\vxkEeGh.exe
  2⤵
  PID:5392
- C:\Windows\System\AjeAmQq.exe
  C:\Windows\System\AjeAmQq.exe
  2⤵
  PID:5428
- C:\Windows\System\AoQsFIP.exe
  C:\Windows\System\AoQsFIP.exe
  2⤵
  PID:5464
- C:\Windows\System\VJBlIHG.exe
  C:\Windows\System\VJBlIHG.exe
  2⤵
  PID:5512
- C:\Windows\System\UZGrlJm.exe
  C:\Windows\System\UZGrlJm.exe
  2⤵
  PID:5544
- C:\Windows\System\ECXFUNB.exe
  C:\Windows\System\ECXFUNB.exe
  2⤵
  PID:5568
- C:\Windows\System\gNIbswj.exe
  C:\Windows\System\gNIbswj.exe
  2⤵
  PID:5612
- C:\Windows\System\ZbAgjXq.exe
  C:\Windows\System\ZbAgjXq.exe
  2⤵
  PID:5628
- C:\Windows\System\hsLYWsM.exe
  C:\Windows\System\hsLYWsM.exe
  2⤵
  PID:5676
- C:\Windows\System\SAwrNWy.exe
  C:\Windows\System\SAwrNWy.exe
  2⤵
  PID:5708
- C:\Windows\System\heIMfTt.exe
  C:\Windows\System\heIMfTt.exe
  2⤵
  PID:5748
- C:\Windows\System\ScWPeog.exe
  C:\Windows\System\ScWPeog.exe
  2⤵
  PID:5772
- C:\Windows\System\msamAoO.exe
  C:\Windows\System\msamAoO.exe
  2⤵
  PID:5792
- C:\Windows\System\PMccPEW.exe
  C:\Windows\System\PMccPEW.exe
  2⤵
  PID:5832
- C:\Windows\System\FeJyKTv.exe
  C:\Windows\System\FeJyKTv.exe
  2⤵
  PID:5872
- C:\Windows\System\aCyjMdT.exe
  C:\Windows\System\aCyjMdT.exe
  2⤵
  PID:5928
- C:\Windows\System\lzYFdMa.exe
  C:\Windows\System\lzYFdMa.exe
  2⤵
  PID:5948
- C:\Windows\System\iXPsQlx.exe
  C:\Windows\System\iXPsQlx.exe
  2⤵
  PID:5972
- C:\Windows\System\sWQDREH.exe
  C:\Windows\System\sWQDREH.exe
  2⤵
  PID:6016
- C:\Windows\System\RdiAniw.exe
  C:\Windows\System\RdiAniw.exe
  2⤵
  PID:6048
- C:\Windows\System\nmKRsCV.exe
  C:\Windows\System\nmKRsCV.exe
  2⤵
  PID:6092
- C:\Windows\System\IfScTKi.exe
  C:\Windows\System\IfScTKi.exe
  2⤵
  PID:6128
- C:\Windows\System\XMqaqVK.exe
  C:\Windows\System\XMqaqVK.exe
  2⤵
  PID:2436
- C:\Windows\System\sAFQPGO.exe
  C:\Windows\System\sAFQPGO.exe
  2⤵
  PID:4236
- C:\Windows\System\dZBQOFe.exe
  C:\Windows\System\dZBQOFe.exe
  2⤵
  PID:4376
- C:\Windows\System\PCQPLJv.exe
  C:\Windows\System\PCQPLJv.exe
  2⤵
  PID:4560
- C:\Windows\System\KuJBExQ.exe
  C:\Windows\System\KuJBExQ.exe
  2⤵
  PID:4876
- C:\Windows\System\nNqMMzH.exe
  C:\Windows\System\nNqMMzH.exe
  2⤵
  PID:4980
- C:\Windows\System\bjNCZMY.exe
  C:\Windows\System\bjNCZMY.exe
  2⤵
  PID:5004
- C:\Windows\System\uijHYTO.exe
  C:\Windows\System\uijHYTO.exe
  2⤵
  PID:4080
- C:\Windows\System\uecEYvz.exe
  C:\Windows\System\uecEYvz.exe
  2⤵
  PID:5144
- C:\Windows\System\HwBXDZy.exe
  C:\Windows\System\HwBXDZy.exe
  2⤵
  PID:5244
- C:\Windows\System\IAzRNAK.exe
  C:\Windows\System\IAzRNAK.exe
  2⤵
  PID:5300
- C:\Windows\System\QwenQAB.exe
  C:\Windows\System\QwenQAB.exe
  2⤵
  PID:5384
- C:\Windows\System\JbzwFug.exe
  C:\Windows\System\JbzwFug.exe
  2⤵
  PID:5448
- C:\Windows\System\ULAdDYI.exe
  C:\Windows\System\ULAdDYI.exe
  2⤵
  PID:5484
- C:\Windows\System\ElwtIhv.exe
  C:\Windows\System\ElwtIhv.exe
  2⤵
  PID:5508
- C:\Windows\System\GjbJTps.exe
  C:\Windows\System\GjbJTps.exe
  2⤵
  PID:5588
- C:\Windows\System\eEgHdjv.exe
  C:\Windows\System\eEgHdjv.exe
  2⤵
  PID:5644
- C:\Windows\System\NSpZxls.exe
  C:\Windows\System\NSpZxls.exe
  2⤵
  PID:5736
- C:\Windows\System\UjbTFHl.exe
  C:\Windows\System\UjbTFHl.exe
  2⤵
  PID:5768
- C:\Windows\System\fsCuuYA.exe
  C:\Windows\System\fsCuuYA.exe
  2⤵
  PID:5788
- C:\Windows\System\LGUCAQy.exe
  C:\Windows\System\LGUCAQy.exe
  2⤵
  PID:5888
- C:\Windows\System\fJluvCe.exe
  C:\Windows\System\fJluvCe.exe
  2⤵
  PID:5892
- C:\Windows\System\YOyERxq.exe
  C:\Windows\System\YOyERxq.exe
  2⤵
  PID:6008
- C:\Windows\System\lzossqI.exe
  C:\Windows\System\lzossqI.exe
  2⤵
  PID:6032
- C:\Windows\System\XMJXtbv.exe
  C:\Windows\System\XMJXtbv.exe
  2⤵
  PID:6076
- C:\Windows\System\oZKOYRh.exe
  C:\Windows\System\oZKOYRh.exe
  2⤵
  PID:6136
- C:\Windows\System\QWHUhbX.exe
  C:\Windows\System\QWHUhbX.exe
  2⤵
  PID:4336
- C:\Windows\System\FNMAjfl.exe
  C:\Windows\System\FNMAjfl.exe
  2⤵
  PID:4760
- C:\Windows\System\kwCVqAx.exe
  C:\Windows\System\kwCVqAx.exe
  2⤵
  PID:5024
- C:\Windows\System\dURRexi.exe
  C:\Windows\System\dURRexi.exe
  2⤵
  PID:2168
- C:\Windows\System\GedClvw.exe
  C:\Windows\System\GedClvw.exe
  2⤵
  PID:5140
- C:\Windows\System\vKfxFJy.exe
  C:\Windows\System\vKfxFJy.exe
  2⤵
  PID:5304
- C:\Windows\System\KmasWxp.exe
  C:\Windows\System\KmasWxp.exe
  2⤵
  PID:5412
- C:\Windows\System\JcYmgYF.exe
  C:\Windows\System\JcYmgYF.exe
  2⤵
  PID:5504
- C:\Windows\System\YgKiMys.exe
  C:\Windows\System\YgKiMys.exe
  2⤵
  PID:5604
- C:\Windows\System\jjmveBD.exe
  C:\Windows\System\jjmveBD.exe
  2⤵
  PID:5688
- C:\Windows\System\PldULWO.exe
  C:\Windows\System\PldULWO.exe
  2⤵
  PID:5712
- C:\Windows\System\lSeskzh.exe
  C:\Windows\System\lSeskzh.exe
  2⤵
  PID:5836
- C:\Windows\System\cGiljnN.exe
  C:\Windows\System\cGiljnN.exe
  2⤵
  PID:6164
- C:\Windows\System\lNgQkJR.exe
  C:\Windows\System\lNgQkJR.exe
  2⤵
  PID:6184
- C:\Windows\System\WgpdEMk.exe
  C:\Windows\System\WgpdEMk.exe
  2⤵
  PID:6204
- C:\Windows\System\MmIGMog.exe
  C:\Windows\System\MmIGMog.exe
  2⤵
  PID:6224
- C:\Windows\System\smzRVcZ.exe
  C:\Windows\System\smzRVcZ.exe
  2⤵
  PID:6244
- C:\Windows\System\sGfsWUh.exe
  C:\Windows\System\sGfsWUh.exe
  2⤵
  PID:6268
- C:\Windows\System\Aumujda.exe
  C:\Windows\System\Aumujda.exe
  2⤵
  PID:6288
- C:\Windows\System\mlwFynn.exe
  C:\Windows\System\mlwFynn.exe
  2⤵
  PID:6308
- C:\Windows\System\gUTVtnr.exe
  C:\Windows\System\gUTVtnr.exe
  2⤵
  PID:6328
- C:\Windows\System\oUsivrp.exe
  C:\Windows\System\oUsivrp.exe
  2⤵
  PID:6348
- C:\Windows\System\iufZBkS.exe
  C:\Windows\System\iufZBkS.exe
  2⤵
  PID:6368
- C:\Windows\System\YWOdFgF.exe
  C:\Windows\System\YWOdFgF.exe
  2⤵
  PID:6388
- C:\Windows\System\iBZtHPD.exe
  C:\Windows\System\iBZtHPD.exe
  2⤵
  PID:6408
- C:\Windows\System\iUFHbQZ.exe
  C:\Windows\System\iUFHbQZ.exe
  2⤵
  PID:6428
- C:\Windows\System\YgCqOKN.exe
  C:\Windows\System\YgCqOKN.exe
  2⤵
  PID:6448
- C:\Windows\System\QySjDzC.exe
  C:\Windows\System\QySjDzC.exe
  2⤵
  PID:6468
- C:\Windows\System\VqnUeeP.exe
  C:\Windows\System\VqnUeeP.exe
  2⤵
  PID:6488
- C:\Windows\System\nXordNu.exe
  C:\Windows\System\nXordNu.exe
  2⤵
  PID:6508
- C:\Windows\System\bpQdXLW.exe
  C:\Windows\System\bpQdXLW.exe
  2⤵
  PID:6528
- C:\Windows\System\syKnMah.exe
  C:\Windows\System\syKnMah.exe
  2⤵
  PID:6548
- C:\Windows\System\dyYlUfI.exe
  C:\Windows\System\dyYlUfI.exe
  2⤵
  PID:6568
- C:\Windows\System\RiwQkjw.exe
  C:\Windows\System\RiwQkjw.exe
  2⤵
  PID:6588
- C:\Windows\System\UqxLTeg.exe
  C:\Windows\System\UqxLTeg.exe
  2⤵
  PID:6608
- C:\Windows\System\uSaNiqC.exe
  C:\Windows\System\uSaNiqC.exe
  2⤵
  PID:6628
- C:\Windows\System\jSsgFzH.exe
  C:\Windows\System\jSsgFzH.exe
  2⤵
  PID:6648
- C:\Windows\System\zvQAGBD.exe
  C:\Windows\System\zvQAGBD.exe
  2⤵
  PID:6668
- C:\Windows\System\YNywusJ.exe
  C:\Windows\System\YNywusJ.exe
  2⤵
  PID:6688
- C:\Windows\System\ytMIdYO.exe
  C:\Windows\System\ytMIdYO.exe
  2⤵
  PID:6708
- C:\Windows\System\AUyAzBN.exe
  C:\Windows\System\AUyAzBN.exe
  2⤵
  PID:6728
- C:\Windows\System\kVZaLJu.exe
  C:\Windows\System\kVZaLJu.exe
  2⤵
  PID:6748
- C:\Windows\System\VQwHkKr.exe
  C:\Windows\System\VQwHkKr.exe
  2⤵
  PID:6768
- C:\Windows\System\phcTaoT.exe
  C:\Windows\System\phcTaoT.exe
  2⤵
  PID:6788
- C:\Windows\System\qpRBucl.exe
  C:\Windows\System\qpRBucl.exe
  2⤵
  PID:6808
- C:\Windows\System\hLfzpTO.exe
  C:\Windows\System\hLfzpTO.exe
  2⤵
  PID:6828
- C:\Windows\System\HToNGqv.exe
  C:\Windows\System\HToNGqv.exe
  2⤵
  PID:6848
- C:\Windows\System\KASSvPd.exe
  C:\Windows\System\KASSvPd.exe
  2⤵
  PID:6868
- C:\Windows\System\xolRCiS.exe
  C:\Windows\System\xolRCiS.exe
  2⤵
  PID:6888
- C:\Windows\System\nVxSEbn.exe
  C:\Windows\System\nVxSEbn.exe
  2⤵
  PID:6908
- C:\Windows\System\iTDtMbc.exe
  C:\Windows\System\iTDtMbc.exe
  2⤵
  PID:6928
- C:\Windows\System\vPrdYBu.exe
  C:\Windows\System\vPrdYBu.exe
  2⤵
  PID:6948
- C:\Windows\System\VVknoAJ.exe
  C:\Windows\System\VVknoAJ.exe
  2⤵
  PID:6968
- C:\Windows\System\SMjqXvk.exe
  C:\Windows\System\SMjqXvk.exe
  2⤵
  PID:6988
- C:\Windows\System\snCHyeY.exe
  C:\Windows\System\snCHyeY.exe
  2⤵
  PID:7008
- C:\Windows\System\dziaBeb.exe
  C:\Windows\System\dziaBeb.exe
  2⤵
  PID:7032
- C:\Windows\System\vmryxpC.exe
  C:\Windows\System\vmryxpC.exe
  2⤵
  PID:7052
- C:\Windows\System\McHDyTk.exe
  C:\Windows\System\McHDyTk.exe
  2⤵
  PID:7072
- C:\Windows\System\UinOPNd.exe
  C:\Windows\System\UinOPNd.exe
  2⤵
  PID:7092
- C:\Windows\System\INDJcdn.exe
  C:\Windows\System\INDJcdn.exe
  2⤵
  PID:7108
- C:\Windows\System\CGYSMuV.exe
  C:\Windows\System\CGYSMuV.exe
  2⤵
  PID:7128
- C:\Windows\System\gPRUuQh.exe
  C:\Windows\System\gPRUuQh.exe
  2⤵
  PID:7144
- C:\Windows\System\aHALRkW.exe
  C:\Windows\System\aHALRkW.exe
  2⤵
  PID:7160
- C:\Windows\System\oeWyrvg.exe
  C:\Windows\System\oeWyrvg.exe
  2⤵
  PID:5916
- C:\Windows\System\RcecOqg.exe
  C:\Windows\System\RcecOqg.exe
  2⤵
  PID:6028
- C:\Windows\System\fivsudP.exe
  C:\Windows\System\fivsudP.exe
  2⤵
  PID:6104
- C:\Windows\System\NfKhJuN.exe
  C:\Windows\System\NfKhJuN.exe
  2⤵
  PID:4432
- C:\Windows\System\YdYvLOE.exe
  C:\Windows\System\YdYvLOE.exe
  2⤵
  PID:4924
- C:\Windows\System\zOPSkmC.exe
  C:\Windows\System\zOPSkmC.exe
  2⤵
  PID:2768
- C:\Windows\System\NZTcBMX.exe
  C:\Windows\System\NZTcBMX.exe
  2⤵
  PID:5328
- C:\Windows\System\ilbBaqD.exe
  C:\Windows\System\ilbBaqD.exe
  2⤵
  PID:5492
- C:\Windows\System\QMFObxx.exe
  C:\Windows\System\QMFObxx.exe
  2⤵
  PID:5592
- C:\Windows\System\yIRvTcF.exe
  C:\Windows\System\yIRvTcF.exe
  2⤵
  PID:5852
- C:\Windows\System\yqtjxRf.exe
  C:\Windows\System\yqtjxRf.exe
  2⤵
  PID:6172
- C:\Windows\System\ocJrapG.exe
  C:\Windows\System\ocJrapG.exe
  2⤵
  PID:6212
- C:\Windows\System\zIRdbSY.exe
  C:\Windows\System\zIRdbSY.exe
  2⤵
  PID:6252
- C:\Windows\System\ZqIXgTB.exe
  C:\Windows\System\ZqIXgTB.exe
  2⤵
  PID:6280
- C:\Windows\System\uKISMkO.exe
  C:\Windows\System\uKISMkO.exe
  2⤵
  PID:6300
- C:\Windows\System\AhxqAUl.exe
  C:\Windows\System\AhxqAUl.exe
  2⤵
  PID:6340
- C:\Windows\System\trTLcNx.exe
  C:\Windows\System\trTLcNx.exe
  2⤵
  PID:6396
- C:\Windows\System\iFZdDiV.exe
  C:\Windows\System\iFZdDiV.exe
  2⤵
  PID:6436
- C:\Windows\System\fJUmeiW.exe
  C:\Windows\System\fJUmeiW.exe
  2⤵
  PID:6456
- C:\Windows\System\uGAqoWZ.exe
  C:\Windows\System\uGAqoWZ.exe
  2⤵
  PID:6480
- C:\Windows\System\qByOJqR.exe
  C:\Windows\System\qByOJqR.exe
  2⤵
  PID:6504
- C:\Windows\System\PvMofzV.exe
  C:\Windows\System\PvMofzV.exe
  2⤵
  PID:6556
- C:\Windows\System\IHfGJxF.exe
  C:\Windows\System\IHfGJxF.exe
  2⤵
  PID:6584
- C:\Windows\System\TXHpRCK.exe
  C:\Windows\System\TXHpRCK.exe
  2⤵
  PID:6624
- C:\Windows\System\keaBSUs.exe
  C:\Windows\System\keaBSUs.exe
  2⤵
  PID:6640
- C:\Windows\System\wRlyzTO.exe
  C:\Windows\System\wRlyzTO.exe
  2⤵
  PID:6660
- C:\Windows\System\poWUJEH.exe
  C:\Windows\System\poWUJEH.exe
  2⤵
  PID:6724
- C:\Windows\System\UBNEMmC.exe
  C:\Windows\System\UBNEMmC.exe
  2⤵
  PID:6796
- C:\Windows\System\gwBIZVa.exe
  C:\Windows\System\gwBIZVa.exe
  2⤵
  PID:6844
- C:\Windows\System\rwjAVGJ.exe
  C:\Windows\System\rwjAVGJ.exe
  2⤵
  PID:6916
- C:\Windows\System\oVKASVJ.exe
  C:\Windows\System\oVKASVJ.exe
  2⤵
  PID:6736
- C:\Windows\System\rxHRxpr.exe
  C:\Windows\System\rxHRxpr.exe
  2⤵
  PID:7040
- C:\Windows\System\jxntSmt.exe
  C:\Windows\System\jxntSmt.exe
  2⤵
  PID:7080
- C:\Windows\System\uEiwSSN.exe
  C:\Windows\System\uEiwSSN.exe
  2⤵
  PID:6856
- C:\Windows\System\KZcSjjx.exe
  C:\Windows\System\KZcSjjx.exe
  2⤵
  PID:7124
- C:\Windows\System\FssyUYY.exe
  C:\Windows\System\FssyUYY.exe
  2⤵
  PID:6900
- C:\Windows\System\qmhfNsV.exe
  C:\Windows\System\qmhfNsV.exe
  2⤵
  PID:5976
- C:\Windows\System\KblQaLG.exe
  C:\Windows\System\KblQaLG.exe
  2⤵
  PID:7016
- C:\Windows\System\eZXuDMH.exe
  C:\Windows\System\eZXuDMH.exe
  2⤵
  PID:7060
- C:\Windows\System\wGBMuwS.exe
  C:\Windows\System\wGBMuwS.exe
  2⤵
  PID:7100
- C:\Windows\System\JccrGhd.exe
  C:\Windows\System\JccrGhd.exe
  2⤵
  PID:5348
- C:\Windows\System\ohSWtxY.exe
  C:\Windows\System\ohSWtxY.exe
  2⤵
  PID:6088
- C:\Windows\System\UkMeHCC.exe
  C:\Windows\System\UkMeHCC.exe
  2⤵
  PID:5548
- C:\Windows\System\lhRguHh.exe
  C:\Windows\System\lhRguHh.exe
  2⤵
  PID:5444
- C:\Windows\System\CxBGBKV.exe
  C:\Windows\System\CxBGBKV.exe
  2⤵
  PID:6068
- C:\Windows\System\qvmdALH.exe
  C:\Windows\System\qvmdALH.exe
  2⤵
  PID:6196
- C:\Windows\System\MuAqBwV.exe
  C:\Windows\System\MuAqBwV.exe
  2⤵
  PID:6260
- C:\Windows\System\vgzugPd.exe
  C:\Windows\System\vgzugPd.exe
  2⤵
  PID:6160
- C:\Windows\System\lDZEaVP.exe
  C:\Windows\System\lDZEaVP.exe
  2⤵
  PID:6356
- C:\Windows\System\fCiRdAC.exe
  C:\Windows\System\fCiRdAC.exe
  2⤵
  PID:6404
- C:\Windows\System\yCTvFYm.exe
  C:\Windows\System\yCTvFYm.exe
  2⤵
  PID:6460
- C:\Windows\System\QqtVbhP.exe
  C:\Windows\System\QqtVbhP.exe
  2⤵
  PID:6544
- C:\Windows\System\YTRPJRM.exe
  C:\Windows\System\YTRPJRM.exe
  2⤵
  PID:6440
- C:\Windows\System\OgpPzdo.exe
  C:\Windows\System\OgpPzdo.exe
  2⤵
  PID:6576
- C:\Windows\System\eKMRzhP.exe
  C:\Windows\System\eKMRzhP.exe
  2⤵
  PID:6764
- C:\Windows\System\cOKRDbw.exe
  C:\Windows\System\cOKRDbw.exe
  2⤵
  PID:6884
- C:\Windows\System\NDdSvbJ.exe
  C:\Windows\System\NDdSvbJ.exe
  2⤵
  PID:6716
- C:\Windows\System\rrTNVLb.exe
  C:\Windows\System\rrTNVLb.exe
  2⤵
  PID:6800
- C:\Windows\System\MMQcnsi.exe
  C:\Windows\System\MMQcnsi.exe
  2⤵
  PID:6740
- C:\Windows\System\eIkBkXr.exe
  C:\Windows\System\eIkBkXr.exe
  2⤵
  PID:6820
- C:\Windows\System\ElsVKOZ.exe
  C:\Windows\System\ElsVKOZ.exe
  2⤵
  PID:2176
- C:\Windows\System\AuOwzlS.exe
  C:\Windows\System\AuOwzlS.exe
  2⤵
  PID:6980
- C:\Windows\System\TRsXCXu.exe
  C:\Windows\System\TRsXCXu.exe
  2⤵
  PID:4316
- C:\Windows\System\bTiAtro.exe
  C:\Windows\System\bTiAtro.exe
  2⤵
  PID:3540
- C:\Windows\System\BiZuhBz.exe
  C:\Windows\System\BiZuhBz.exe
  2⤵
  PID:2260
- C:\Windows\System\yBGGdqF.exe
  C:\Windows\System\yBGGdqF.exe
  2⤵
  PID:5664
- C:\Windows\System\oXtMygL.exe
  C:\Windows\System\oXtMygL.exe
  2⤵
  PID:6284
- C:\Windows\System\yNwnbwJ.exe
  C:\Windows\System\yNwnbwJ.exe
  2⤵
  PID:5532
- C:\Windows\System\UCHVEVh.exe
  C:\Windows\System\UCHVEVh.exe
  2⤵
  PID:6236
- C:\Windows\System\XncDYKr.exe
  C:\Windows\System\XncDYKr.exe
  2⤵
  PID:6384
- C:\Windows\System\ZipqEfL.exe
  C:\Windows\System\ZipqEfL.exe
  2⤵
  PID:6484
- C:\Windows\System\Jxkvmmr.exe
  C:\Windows\System\Jxkvmmr.exe
  2⤵
  PID:6516
- C:\Windows\System\vGcclsE.exe
  C:\Windows\System\vGcclsE.exe
  2⤵
  PID:6620
- C:\Windows\System\YLZbZKe.exe
  C:\Windows\System\YLZbZKe.exe
  2⤵
  PID:6836
- C:\Windows\System\PJRAfYw.exe
  C:\Windows\System\PJRAfYw.exe
  2⤵
  PID:6700
- C:\Windows\System\zqjKEpu.exe
  C:\Windows\System\zqjKEpu.exe
  2⤵
  PID:6964
- C:\Windows\System\zecTOEF.exe
  C:\Windows\System\zecTOEF.exe
  2⤵
  PID:6816
- C:\Windows\System\dumuOxS.exe
  C:\Windows\System\dumuOxS.exe
  2⤵
  PID:6904
- C:\Windows\System\XOrnrHb.exe
  C:\Windows\System\XOrnrHb.exe
  2⤵
  PID:7068
- C:\Windows\System\ueYARLA.exe
  C:\Windows\System\ueYARLA.exe
  2⤵
  PID:5732
- C:\Windows\System\qeTeWdd.exe
  C:\Windows\System\qeTeWdd.exe
  2⤵
  PID:5116
- C:\Windows\System\NKktIgh.exe
  C:\Windows\System\NKktIgh.exe
  2⤵
  PID:6240
- C:\Windows\System\EQQxYlM.exe
  C:\Windows\System\EQQxYlM.exe
  2⤵
  PID:6320
- C:\Windows\System\wgJiUbc.exe
  C:\Windows\System\wgJiUbc.exe
  2⤵
  PID:7180
- C:\Windows\System\plYcBuY.exe
  C:\Windows\System\plYcBuY.exe
  2⤵
  PID:7200
- C:\Windows\System\hzkghBp.exe
  C:\Windows\System\hzkghBp.exe
  2⤵
  PID:7216
- C:\Windows\System\ghTJlfI.exe
  C:\Windows\System\ghTJlfI.exe
  2⤵
  PID:7244
- C:\Windows\System\TwFxrGl.exe
  C:\Windows\System\TwFxrGl.exe
  2⤵
  PID:7268
- C:\Windows\System\EljoGiq.exe
  C:\Windows\System\EljoGiq.exe
  2⤵
  PID:7288
- C:\Windows\System\KPqauXU.exe
  C:\Windows\System\KPqauXU.exe
  2⤵
  PID:7308
- C:\Windows\System\ucemYDV.exe
  C:\Windows\System\ucemYDV.exe
  2⤵
  PID:7328
- C:\Windows\System\QgzJgJR.exe
  C:\Windows\System\QgzJgJR.exe
  2⤵
  PID:7348
- C:\Windows\System\XCQybCf.exe
  C:\Windows\System\XCQybCf.exe
  2⤵
  PID:7364
- C:\Windows\System\AabdtkN.exe
  C:\Windows\System\AabdtkN.exe
  2⤵
  PID:7384
- C:\Windows\System\tsKFaWc.exe
  C:\Windows\System\tsKFaWc.exe
  2⤵
  PID:7420
- C:\Windows\System\GZFCIpJ.exe
  C:\Windows\System\GZFCIpJ.exe
  2⤵
  PID:7440
- C:\Windows\System\ravyDGm.exe
  C:\Windows\System\ravyDGm.exe
  2⤵
  PID:7456
- C:\Windows\System\AXmmLJl.exe
  C:\Windows\System\AXmmLJl.exe
  2⤵
  PID:7476
- C:\Windows\System\vYoZAGI.exe
  C:\Windows\System\vYoZAGI.exe
  2⤵
  PID:7496
- C:\Windows\System\uJtpbqL.exe
  C:\Windows\System\uJtpbqL.exe
  2⤵
  PID:7520
- C:\Windows\System\cbAuFUS.exe
  C:\Windows\System\cbAuFUS.exe
  2⤵
  PID:7536
- C:\Windows\System\XTGalsM.exe
  C:\Windows\System\XTGalsM.exe
  2⤵
  PID:7560
- C:\Windows\System\OxzozPz.exe
  C:\Windows\System\OxzozPz.exe
  2⤵
  PID:7580
- C:\Windows\System\SsLIyDN.exe
  C:\Windows\System\SsLIyDN.exe
  2⤵
  PID:7600
- C:\Windows\System\QdSVdwp.exe
  C:\Windows\System\QdSVdwp.exe
  2⤵
  PID:7620
- C:\Windows\System\pYDkfRq.exe
  C:\Windows\System\pYDkfRq.exe
  2⤵
  PID:7640
- C:\Windows\System\LAYkBaQ.exe
  C:\Windows\System\LAYkBaQ.exe
  2⤵
  PID:7656
- C:\Windows\System\SXQpPlH.exe
  C:\Windows\System\SXQpPlH.exe
  2⤵
  PID:7676
- C:\Windows\System\yWmfNfl.exe
  C:\Windows\System\yWmfNfl.exe
  2⤵
  PID:7692
- C:\Windows\System\mZRevUY.exe
  C:\Windows\System\mZRevUY.exe
  2⤵
  PID:7712
- C:\Windows\System\vjDNjRQ.exe
  C:\Windows\System\vjDNjRQ.exe
  2⤵
  PID:7728
- C:\Windows\System\dJvVzjZ.exe
  C:\Windows\System\dJvVzjZ.exe
  2⤵
  PID:7748
- C:\Windows\System\ELyFoMG.exe
  C:\Windows\System\ELyFoMG.exe
  2⤵
  PID:7764
- C:\Windows\System\iegksCW.exe
  C:\Windows\System\iegksCW.exe
  2⤵
  PID:7784
- C:\Windows\System\SXGEGur.exe
  C:\Windows\System\SXGEGur.exe
  2⤵
  PID:7800
- C:\Windows\System\SQIMwCR.exe
  C:\Windows\System\SQIMwCR.exe
  2⤵
  PID:7824
- C:\Windows\System\YvKVLSJ.exe
  C:\Windows\System\YvKVLSJ.exe
  2⤵
  PID:7848
- C:\Windows\System\Jolskdx.exe
  C:\Windows\System\Jolskdx.exe
  2⤵
  PID:7868
- C:\Windows\System\PLbswrm.exe
  C:\Windows\System\PLbswrm.exe
  2⤵
  PID:7892
- C:\Windows\System\fyrgVmp.exe
  C:\Windows\System\fyrgVmp.exe
  2⤵
  PID:7916
- C:\Windows\System\tlBpHwr.exe
  C:\Windows\System\tlBpHwr.exe
  2⤵
  PID:7932
- C:\Windows\System\IRCibdT.exe
  C:\Windows\System\IRCibdT.exe
  2⤵
  PID:7956
- C:\Windows\System\mNoPMMN.exe
  C:\Windows\System\mNoPMMN.exe
  2⤵
  PID:7976
- C:\Windows\System\lsCLYMt.exe
  C:\Windows\System\lsCLYMt.exe
  2⤵
  PID:7996
- C:\Windows\System\GFVddJZ.exe
  C:\Windows\System\GFVddJZ.exe
  2⤵
  PID:8016
- C:\Windows\System\UzwgXLZ.exe
  C:\Windows\System\UzwgXLZ.exe
  2⤵
  PID:8040
- C:\Windows\System\bVMFlaf.exe
  C:\Windows\System\bVMFlaf.exe
  2⤵
  PID:8060
- C:\Windows\System\ffIdepX.exe
  C:\Windows\System\ffIdepX.exe
  2⤵
  PID:8092
- C:\Windows\System\noBZBIR.exe
  C:\Windows\System\noBZBIR.exe
  2⤵
  PID:8112
- C:\Windows\System\cohQbll.exe
  C:\Windows\System\cohQbll.exe
  2⤵
  PID:8132
- C:\Windows\System\PQDqPFc.exe
  C:\Windows\System\PQDqPFc.exe
  2⤵
  PID:8148
- C:\Windows\System\PxjFgGU.exe
  C:\Windows\System\PxjFgGU.exe
  2⤵
  PID:8168
- C:\Windows\System\sLaVKDS.exe
  C:\Windows\System\sLaVKDS.exe
  2⤵
  PID:8184
- C:\Windows\System\irJxcVt.exe
  C:\Windows\System\irJxcVt.exe
  2⤵
  PID:6336
- C:\Windows\System\VGBYuGn.exe
  C:\Windows\System\VGBYuGn.exe
  2⤵
  PID:2948
- C:\Windows\System\nEwyzHB.exe
  C:\Windows\System\nEwyzHB.exe
  2⤵
  PID:6616
- C:\Windows\System\qbpGuKT.exe
  C:\Windows\System\qbpGuKT.exe
  2⤵
  PID:6676
- C:\Windows\System\PjjyaAK.exe
  C:\Windows\System\PjjyaAK.exe
  2⤵
  PID:7156
- C:\Windows\System\TxQaTpj.exe
  C:\Windows\System\TxQaTpj.exe
  2⤵
  PID:4532
- C:\Windows\System\OCrMIoe.exe
  C:\Windows\System\OCrMIoe.exe
  2⤵
  PID:2728
- C:\Windows\System\XMrGWgT.exe
  C:\Windows\System\XMrGWgT.exe
  2⤵
  PID:7176
- C:\Windows\System\cvwmBoZ.exe
  C:\Windows\System\cvwmBoZ.exe
  2⤵
  PID:5848
- C:\Windows\System\xIGjheY.exe
  C:\Windows\System\xIGjheY.exe
  2⤵
  PID:2572
- C:\Windows\System\VDPHSss.exe
  C:\Windows\System\VDPHSss.exe
  2⤵
  PID:7252
- C:\Windows\System\skEhHBN.exe
  C:\Windows\System\skEhHBN.exe
  2⤵
  PID:7296
- C:\Windows\System\EdBvEzM.exe
  C:\Windows\System\EdBvEzM.exe
  2⤵
  PID:7228
- C:\Windows\System\cbEkZns.exe
  C:\Windows\System\cbEkZns.exe
  2⤵
  PID:7300
- C:\Windows\System\PAmMqxi.exe
  C:\Windows\System\PAmMqxi.exe
  2⤵
  PID:7280
- C:\Windows\System\KVFflZe.exe
  C:\Windows\System\KVFflZe.exe
  2⤵
  PID:7380
- C:\Windows\System\JWstYlS.exe
  C:\Windows\System\JWstYlS.exe
  2⤵
  PID:1920
- C:\Windows\System\lxpnIBn.exe
  C:\Windows\System\lxpnIBn.exe
  2⤵
  PID:7428
- C:\Windows\System\hacydcx.exe
  C:\Windows\System\hacydcx.exe
  2⤵
  PID:7468
- C:\Windows\System\ReKXgPY.exe
  C:\Windows\System\ReKXgPY.exe
  2⤵
  PID:7508
- C:\Windows\System\JGlJkfa.exe
  C:\Windows\System\JGlJkfa.exe
  2⤵
  PID:7548
- C:\Windows\System\hFCNsbl.exe
  C:\Windows\System\hFCNsbl.exe
  2⤵
  PID:7636
- C:\Windows\System\JSlxDVt.exe
  C:\Windows\System\JSlxDVt.exe
  2⤵
  PID:7700
- C:\Windows\System\hQbmbAV.exe
  C:\Windows\System\hQbmbAV.exe
  2⤵
  PID:7416
- C:\Windows\System\XAWXxdK.exe
  C:\Windows\System\XAWXxdK.exe
  2⤵
  PID:7484
- C:\Windows\System\DhThofH.exe
  C:\Windows\System\DhThofH.exe
  2⤵
  PID:704
- C:\Windows\System\zmrxInJ.exe
  C:\Windows\System\zmrxInJ.exe
  2⤵
  PID:7812
- C:\Windows\System\TlEDzny.exe
  C:\Windows\System\TlEDzny.exe
  2⤵
  PID:468
- C:\Windows\System\iJzzalp.exe
  C:\Windows\System\iJzzalp.exe
  2⤵
  PID:7616
- C:\Windows\System\dXAtVSk.exe
  C:\Windows\System\dXAtVSk.exe
  2⤵
  PID:7856
- C:\Windows\System\IQvGttX.exe
  C:\Windows\System\IQvGttX.exe
  2⤵
  PID:2132
- C:\Windows\System\VMOCpCF.exe
  C:\Windows\System\VMOCpCF.exe
  2⤵
  PID:2900
- C:\Windows\System\HEHYPEj.exe
  C:\Windows\System\HEHYPEj.exe
  2⤵
  PID:7648
- C:\Windows\System\qItZimX.exe
  C:\Windows\System\qItZimX.exe
  2⤵
  PID:7756
- C:\Windows\System\ThyGAgt.exe
  C:\Windows\System\ThyGAgt.exe
  2⤵
  PID:7836
- C:\Windows\System\dMZerWb.exe
  C:\Windows\System\dMZerWb.exe
  2⤵
  PID:7844
- C:\Windows\System\CKBRbBw.exe
  C:\Windows\System\CKBRbBw.exe
  2⤵
  PID:7884
- C:\Windows\System\wbfOLEo.exe
  C:\Windows\System\wbfOLEo.exe
  2⤵
  PID:7992
- C:\Windows\System\zcwBTvo.exe
  C:\Windows\System\zcwBTvo.exe
  2⤵
  PID:2716
- C:\Windows\System\hmnlhuy.exe
  C:\Windows\System\hmnlhuy.exe
  2⤵
  PID:7964
- C:\Windows\System\MPBVqjG.exe
  C:\Windows\System\MPBVqjG.exe
  2⤵
  PID:8024
- C:\Windows\System\TaUKIqO.exe
  C:\Windows\System\TaUKIqO.exe
  2⤵
  PID:8068
- C:\Windows\System\CGKEfpy.exe
  C:\Windows\System\CGKEfpy.exe
  2⤵
  PID:8088
- C:\Windows\System\RtpKUyM.exe
  C:\Windows\System\RtpKUyM.exe
  2⤵
  PID:8124
- C:\Windows\System\mkzyoRJ.exe
  C:\Windows\System\mkzyoRJ.exe
  2⤵
  PID:8160
- C:\Windows\System\yRzKZLS.exe
  C:\Windows\System\yRzKZLS.exe
  2⤵
  PID:6156
- C:\Windows\System\aDpLojL.exe
  C:\Windows\System\aDpLojL.exe
  2⤵
  PID:8104
- C:\Windows\System\vPURuqr.exe
  C:\Windows\System\vPURuqr.exe
  2⤵
  PID:8144
- C:\Windows\System\aroJFaT.exe
  C:\Windows\System\aroJFaT.exe
  2⤵
  PID:2956
- C:\Windows\System\UqEdFpZ.exe
  C:\Windows\System\UqEdFpZ.exe
  2⤵
  PID:6400
- C:\Windows\System\FhvcDgw.exe
  C:\Windows\System\FhvcDgw.exe
  2⤵
  PID:2936
- C:\Windows\System\eZvvLll.exe
  C:\Windows\System\eZvvLll.exe
  2⤵
  PID:6756
- C:\Windows\System\FuirgTj.exe
  C:\Windows\System\FuirgTj.exe
  2⤵
  PID:6316
- C:\Windows\System\rtEjqZS.exe
  C:\Windows\System\rtEjqZS.exe
  2⤵
  PID:7208
- C:\Windows\System\BKdhmWG.exe
  C:\Windows\System\BKdhmWG.exe
  2⤵
  PID:7196
- C:\Windows\System\vxSLomb.exe
  C:\Windows\System\vxSLomb.exe
  2⤵
  PID:7276
- C:\Windows\System\jTBUHWV.exe
  C:\Windows\System\jTBUHWV.exe
  2⤵
  PID:7320
- C:\Windows\System\joyzWVk.exe
  C:\Windows\System\joyzWVk.exe
  2⤵
  PID:7672
- C:\Windows\System\ewSMgwA.exe
  C:\Windows\System\ewSMgwA.exe
  2⤵
  PID:7356
- C:\Windows\System\WsvskOH.exe
  C:\Windows\System\WsvskOH.exe
  2⤵
  PID:7192
- C:\Windows\System\WgFFjYh.exe
  C:\Windows\System\WgFFjYh.exe
  2⤵
  PID:2864
- C:\Windows\System\pxscgJb.exe
  C:\Windows\System\pxscgJb.exe
  2⤵
  PID:1332
- C:\Windows\System\tiBOLVz.exe
  C:\Windows\System\tiBOLVz.exe
  2⤵
  PID:7736
- C:\Windows\System\qogalay.exe
  C:\Windows\System\qogalay.exe
  2⤵
  PID:7772
- C:\Windows\System\PIZIied.exe
  C:\Windows\System\PIZIied.exe
  2⤵
  PID:6536
- C:\Windows\System\CzOQaev.exe
  C:\Windows\System\CzOQaev.exe
  2⤵
  PID:5896
- C:\Windows\System\DjMjgTs.exe
  C:\Windows\System\DjMjgTs.exe
  2⤵
  PID:7780
- C:\Windows\System\HZHjZsC.exe
  C:\Windows\System\HZHjZsC.exe
  2⤵
  PID:7760
- C:\Windows\System\qNeAOeO.exe
  C:\Windows\System\qNeAOeO.exe
  2⤵
  PID:8032
- C:\Windows\System\aULdLIc.exe
  C:\Windows\System\aULdLIc.exe
  2⤵
  PID:8056
- C:\Windows\System\ZrMWnwF.exe
  C:\Windows\System\ZrMWnwF.exe
  2⤵
  PID:8176
- C:\Windows\System\QvmDPKL.exe
  C:\Windows\System\QvmDPKL.exe
  2⤵
  PID:6704
- C:\Windows\System\JrJDpSW.exe
  C:\Windows\System\JrJDpSW.exe
  2⤵
  PID:2688
- C:\Windows\System\DIciddI.exe
  C:\Windows\System\DIciddI.exe
  2⤵
  PID:7464
- C:\Windows\System\wcSrcGO.exe
  C:\Windows\System\wcSrcGO.exe
  2⤵
  PID:908
- C:\Windows\System\bTPjzKF.exe
  C:\Windows\System\bTPjzKF.exe
  2⤵
  PID:7652
- C:\Windows\System\EHzNGxz.exe
  C:\Windows\System\EHzNGxz.exe
  2⤵
  PID:2712
- C:\Windows\System\nzbBkvF.exe
  C:\Windows\System\nzbBkvF.exe
  2⤵
  PID:7000
- C:\Windows\System\mXKWbyM.exe
  C:\Windows\System\mXKWbyM.exe
  2⤵
  PID:2984
- C:\Windows\System\mRKbCGN.exe
  C:\Windows\System\mRKbCGN.exe
  2⤵
  PID:2532
- C:\Windows\System\QWTQjsW.exe
  C:\Windows\System\QWTQjsW.exe
  2⤵
  PID:6112
- C:\Windows\System\XnYEyLR.exe
  C:\Windows\System\XnYEyLR.exe
  2⤵
  PID:6376
- C:\Windows\System\ezmFQZy.exe
  C:\Windows\System\ezmFQZy.exe
  2⤵
  PID:7452
- C:\Windows\System\uJvslwm.exe
  C:\Windows\System\uJvslwm.exe
  2⤵
  PID:7360
- C:\Windows\System\QICjkIU.exe
  C:\Windows\System\QICjkIU.exe
  2⤵
  PID:6200
- C:\Windows\System\IZONQSv.exe
  C:\Windows\System\IZONQSv.exe
  2⤵
  PID:7608
- C:\Windows\System\TtOwohA.exe
  C:\Windows\System\TtOwohA.exe
  2⤵
  PID:7340
- C:\Windows\System\lztWyEW.exe
  C:\Windows\System\lztWyEW.exe
  2⤵
  PID:7704
- C:\Windows\System\BTZnBnt.exe
  C:\Windows\System\BTZnBnt.exe
  2⤵
  PID:7492
- C:\Windows\System\GVugpYh.exe
  C:\Windows\System\GVugpYh.exe
  2⤵
  PID:7404
- C:\Windows\System\XOloQvj.exe
  C:\Windows\System\XOloQvj.exe
  2⤵
  PID:7944
- C:\Windows\System\QCKzFLe.exe
  C:\Windows\System\QCKzFLe.exe
  2⤵
  PID:7876
- C:\Windows\System\lJyQzkN.exe
  C:\Windows\System\lJyQzkN.exe
  2⤵
  PID:272
- C:\Windows\System\nrovKRC.exe
  C:\Windows\System\nrovKRC.exe
  2⤵
  PID:7120
- C:\Windows\System\vBnPSLl.exe
  C:\Windows\System\vBnPSLl.exe
  2⤵
  PID:6776
- C:\Windows\System\UuwMeSp.exe
  C:\Windows\System\UuwMeSp.exe
  2⤵
  PID:7908
- C:\Windows\System\OUDEviP.exe
  C:\Windows\System\OUDEviP.exe
  2⤵
  PID:8120
- C:\Windows\System\HkFdYVS.exe
  C:\Windows\System\HkFdYVS.exe
  2⤵
  PID:7392
- C:\Windows\System\PDEVdqb.exe
  C:\Windows\System\PDEVdqb.exe
  2⤵
  PID:2140
- C:\Windows\System\duOTvYO.exe
  C:\Windows\System\duOTvYO.exe
  2⤵
  PID:8108
- C:\Windows\System\PRlRyGW.exe
  C:\Windows\System\PRlRyGW.exe
  2⤵
  PID:8164
- C:\Windows\System\kbdapIF.exe
  C:\Windows\System\kbdapIF.exe
  2⤵
  PID:7240
- C:\Windows\System\pDSzRAl.exe
  C:\Windows\System\pDSzRAl.exe
  2⤵
  PID:6960
- C:\Windows\System\imvASPQ.exe
  C:\Windows\System\imvASPQ.exe
  2⤵
  PID:7684
- C:\Windows\System\sOkUqsp.exe
  C:\Windows\System\sOkUqsp.exe
  2⤵
  PID:7820
- C:\Windows\System\gLmPXrA.exe
  C:\Windows\System\gLmPXrA.exe
  2⤵
  PID:2236
- C:\Windows\System\qkItDZR.exe
  C:\Windows\System\qkItDZR.exe
  2⤵
  PID:7568
- C:\Windows\System\iihVrpV.exe
  C:\Windows\System\iihVrpV.exe
  2⤵
  PID:7664
- C:\Windows\System\SxAPDPX.exe
  C:\Windows\System\SxAPDPX.exe
  2⤵
  PID:7516
- C:\Windows\System\AqRGjau.exe
  C:\Windows\System\AqRGjau.exe
  2⤵
  PID:7948
- C:\Windows\System\VUXQqNB.exe
  C:\Windows\System\VUXQqNB.exe
  2⤵
  PID:2696
- C:\Windows\System\IftytIz.exe
  C:\Windows\System\IftytIz.exe
  2⤵
  PID:7116
- C:\Windows\System\aHTouyb.exe
  C:\Windows\System\aHTouyb.exe
  2⤵
  PID:928
- C:\Windows\System\GPyWMwT.exe
  C:\Windows\System\GPyWMwT.exe
  2⤵
  PID:7188
- C:\Windows\System\tRDlCTE.exe
  C:\Windows\System\tRDlCTE.exe
  2⤵
  PID:1900
- C:\Windows\System\QHWcJDS.exe
  C:\Windows\System\QHWcJDS.exe
  2⤵
  PID:8196
- C:\Windows\System\jhnbntK.exe
  C:\Windows\System\jhnbntK.exe
  2⤵
  PID:8212
- C:\Windows\System\PyEIFhF.exe
  C:\Windows\System\PyEIFhF.exe
  2⤵
  PID:8228
- C:\Windows\System\tODlbUP.exe
  C:\Windows\System\tODlbUP.exe
  2⤵
  PID:8244
- C:\Windows\System\bWarMeO.exe
  C:\Windows\System\bWarMeO.exe
  2⤵
  PID:8260
- C:\Windows\System\gEOqoor.exe
  C:\Windows\System\gEOqoor.exe
  2⤵
  PID:8280
- C:\Windows\System\YcujSIo.exe
  C:\Windows\System\YcujSIo.exe
  2⤵
  PID:8296
- C:\Windows\System\YkcgSJe.exe
  C:\Windows\System\YkcgSJe.exe
  2⤵
  PID:8316
- C:\Windows\System\VKatiZd.exe
  C:\Windows\System\VKatiZd.exe
  2⤵
  PID:8332
- C:\Windows\System\pzSMewd.exe
  C:\Windows\System\pzSMewd.exe
  2⤵
  PID:8352
- C:\Windows\System\eXOMiqI.exe
  C:\Windows\System\eXOMiqI.exe
  2⤵
  PID:8372
- C:\Windows\System\gSfPloO.exe
  C:\Windows\System\gSfPloO.exe
  2⤵
  PID:8396
- C:\Windows\System\XlakIvv.exe
  C:\Windows\System\XlakIvv.exe
  2⤵
  PID:8412
- C:\Windows\System\DRRMztK.exe
  C:\Windows\System\DRRMztK.exe
  2⤵
  PID:8432
- C:\Windows\System\TTgogZu.exe
  C:\Windows\System\TTgogZu.exe
  2⤵
  PID:8452
- C:\Windows\System\uzgAHdk.exe
  C:\Windows\System\uzgAHdk.exe
  2⤵
  PID:8468
- C:\Windows\System\kqfTKag.exe
  C:\Windows\System\kqfTKag.exe
  2⤵
  PID:8484
- C:\Windows\System\SivmMgV.exe
  C:\Windows\System\SivmMgV.exe
  2⤵
  PID:8500
- C:\Windows\System\rUBJkpC.exe
  C:\Windows\System\rUBJkpC.exe
  2⤵
  PID:8516
- C:\Windows\System\FXfaQQU.exe
  C:\Windows\System\FXfaQQU.exe
  2⤵
  PID:8532
- C:\Windows\System\thsoICp.exe
  C:\Windows\System\thsoICp.exe
  2⤵
  PID:8548
- C:\Windows\System\xAeBZCw.exe
  C:\Windows\System\xAeBZCw.exe
  2⤵
  PID:8564
- C:\Windows\System\OiTMbsw.exe
  C:\Windows\System\OiTMbsw.exe
  2⤵
  PID:8580
- C:\Windows\System\VtIZrnS.exe
  C:\Windows\System\VtIZrnS.exe
  2⤵
  PID:8596
- C:\Windows\System\OpQklXt.exe
  C:\Windows\System\OpQklXt.exe
  2⤵
  PID:8684
- C:\Windows\System\ECjZisq.exe
  C:\Windows\System\ECjZisq.exe
  2⤵
  PID:8732
- C:\Windows\System\sSzsXJs.exe
  C:\Windows\System\sSzsXJs.exe
  2⤵
  PID:8752
- C:\Windows\System\SLrvXkC.exe
  C:\Windows\System\SLrvXkC.exe
  2⤵
  PID:8768
- C:\Windows\System\wJrYvJd.exe
  C:\Windows\System\wJrYvJd.exe
  2⤵
  PID:8784
- C:\Windows\System\GWKffYC.exe
  C:\Windows\System\GWKffYC.exe
  2⤵
  PID:8800
- C:\Windows\System\OzxESqP.exe
  C:\Windows\System\OzxESqP.exe
  2⤵
  PID:8820
- C:\Windows\System\qNHZnDh.exe
  C:\Windows\System\qNHZnDh.exe
  2⤵
  PID:8836
- C:\Windows\System\YKtVAeX.exe
  C:\Windows\System\YKtVAeX.exe
  2⤵
  PID:8852
- C:\Windows\System\JMdRWoN.exe
  C:\Windows\System\JMdRWoN.exe
  2⤵
  PID:8868
- C:\Windows\System\VihTdaX.exe
  C:\Windows\System\VihTdaX.exe
  2⤵
  PID:8884
- C:\Windows\System\tqYiBcD.exe
  C:\Windows\System\tqYiBcD.exe
  2⤵
  PID:8900
- C:\Windows\System\cNjonDM.exe
  C:\Windows\System\cNjonDM.exe
  2⤵
  PID:8916
- C:\Windows\System\ONkPjsa.exe
  C:\Windows\System\ONkPjsa.exe
  2⤵
  PID:8936
- C:\Windows\System\ZbOWERX.exe
  C:\Windows\System\ZbOWERX.exe
  2⤵
  PID:8956
- C:\Windows\System\eqORQiy.exe
  C:\Windows\System\eqORQiy.exe
  2⤵
  PID:8972
- C:\Windows\System\NZfSCcJ.exe
  C:\Windows\System\NZfSCcJ.exe
  2⤵
  PID:8988
- C:\Windows\System\gXiXvst.exe
  C:\Windows\System\gXiXvst.exe
  2⤵
  PID:9004
- C:\Windows\System\LiDlNNO.exe
  C:\Windows\System\LiDlNNO.exe
  2⤵
  PID:9072
- C:\Windows\System\OUVWpGE.exe
  C:\Windows\System\OUVWpGE.exe
  2⤵
  PID:9088
- C:\Windows\System\SXaXEtb.exe
  C:\Windows\System\SXaXEtb.exe
  2⤵
  PID:9116
- C:\Windows\System\TFbljaJ.exe
  C:\Windows\System\TFbljaJ.exe
  2⤵
  PID:9132
- C:\Windows\System\FHLcEVR.exe
  C:\Windows\System\FHLcEVR.exe
  2⤵
  PID:9148
- C:\Windows\System\pIBNQnz.exe
  C:\Windows\System\pIBNQnz.exe
  2⤵
  PID:9164
- C:\Windows\System\TlVCurY.exe
  C:\Windows\System\TlVCurY.exe
  2⤵
  PID:9180
- C:\Windows\System\yXnAzKX.exe
  C:\Windows\System\yXnAzKX.exe
  2⤵
  PID:9196
- C:\Windows\System\bvHboWA.exe
  C:\Windows\System\bvHboWA.exe
  2⤵
  PID:9212
- C:\Windows\System\vgqdmuK.exe
  C:\Windows\System\vgqdmuK.exe
  2⤵
  PID:776
- C:\Windows\System\hvXskSJ.exe
  C:\Windows\System\hvXskSJ.exe
  2⤵
  PID:1444
- C:\Windows\System\IpCFyza.exe
  C:\Windows\System\IpCFyza.exe
  2⤵
  PID:8256
- C:\Windows\System\GmiPtAW.exe
  C:\Windows\System\GmiPtAW.exe
  2⤵
  PID:8408
- C:\Windows\System\MFevkXp.exe
  C:\Windows\System\MFevkXp.exe
  2⤵
  PID:8560
- C:\Windows\System\DAmQhjH.exe
  C:\Windows\System\DAmQhjH.exe
  2⤵
  PID:7172
- C:\Windows\System\qLvHROi.exe
  C:\Windows\System\qLvHROi.exe
  2⤵
  PID:8240
- C:\Windows\System\dodzzks.exe
  C:\Windows\System\dodzzks.exe
  2⤵
  PID:8312
- C:\Windows\System\WMnwPDD.exe
  C:\Windows\System\WMnwPDD.exe
  2⤵
  PID:8420
- C:\Windows\System\fjxHBIY.exe
  C:\Windows\System\fjxHBIY.exe
  2⤵
  PID:8460
- C:\Windows\System\FHiAJLM.exe
  C:\Windows\System\FHiAJLM.exe
  2⤵
  PID:8464
- C:\Windows\System\Buaaeix.exe
  C:\Windows\System\Buaaeix.exe
  2⤵
  PID:8576
- C:\Windows\System\QUujCFu.exe
  C:\Windows\System\QUujCFu.exe
  2⤵
  PID:8604
- C:\Windows\System\DrzcSYH.exe
  C:\Windows\System\DrzcSYH.exe
  2⤵
  PID:8632
- C:\Windows\System\hGuVZMB.exe
  C:\Windows\System\hGuVZMB.exe
  2⤵
  PID:8664
- C:\Windows\System\Fjnywax.exe
  C:\Windows\System\Fjnywax.exe
  2⤵
  PID:8660
- C:\Windows\System\dNSNOGo.exe
  C:\Windows\System\dNSNOGo.exe
  2⤵
  PID:8672
- C:\Windows\System\FyZrpLD.exe
  C:\Windows\System\FyZrpLD.exe
  2⤵
  PID:8728
- C:\Windows\System\skypdvS.exe
  C:\Windows\System\skypdvS.exe
  2⤵
  PID:8748
- C:\Windows\System\hbDrxMb.exe
  C:\Windows\System\hbDrxMb.exe
  2⤵
  PID:8812
- C:\Windows\System\sAhOBNq.exe
  C:\Windows\System\sAhOBNq.exe
  2⤵
  PID:8876
- C:\Windows\System\tCbVOUu.exe
  C:\Windows\System\tCbVOUu.exe
  2⤵
  PID:8860
- C:\Windows\System\toFzQgI.exe
  C:\Windows\System\toFzQgI.exe
  2⤵
  PID:8912
- C:\Windows\System\JYPFxue.exe
  C:\Windows\System\JYPFxue.exe
  2⤵
  PID:8944
- C:\Windows\System\EswOGyo.exe
  C:\Windows\System\EswOGyo.exe
  2⤵
  PID:8928
- C:\Windows\System\WTDTcLe.exe
  C:\Windows\System\WTDTcLe.exe
  2⤵
  PID:8964
- C:\Windows\System\iutOqeR.exe
  C:\Windows\System\iutOqeR.exe
  2⤵
  PID:9000
- C:\Windows\System\ZNMKqRR.exe
  C:\Windows\System\ZNMKqRR.exe
  2⤵
  PID:9012
- C:\Windows\System\cDbfZln.exe
  C:\Windows\System\cDbfZln.exe
  2⤵
  PID:9056
- C:\Windows\System\pYkyLFa.exe
  C:\Windows\System\pYkyLFa.exe
  2⤵
  PID:9032
- C:\Windows\System\jgKjUbo.exe
  C:\Windows\System\jgKjUbo.exe
  2⤵
  PID:9096
- C:\Windows\System\fwLXtER.exe
  C:\Windows\System\fwLXtER.exe
  2⤵
  PID:9156
- C:\Windows\System\ORHpJEX.exe
  C:\Windows\System\ORHpJEX.exe
  2⤵
  PID:9112
- C:\Windows\System\wAVPBAU.exe
  C:\Windows\System\wAVPBAU.exe
  2⤵
  PID:9176
- C:\Windows\System\YsGYSxA.exe
  C:\Windows\System\YsGYSxA.exe
  2⤵
  PID:9204
- C:\Windows\System\CiAOVjH.exe
  C:\Windows\System\CiAOVjH.exe
  2⤵
  PID:8080
- C:\Windows\System\MTmjWfj.exe
  C:\Windows\System\MTmjWfj.exe
  2⤵
  PID:8324
- C:\Windows\System\iEfoSvI.exe
  C:\Windows\System\iEfoSvI.exe
  2⤵
  PID:8236
- C:\Windows\System\BsIxdbI.exe
  C:\Windows\System\BsIxdbI.exe
  2⤵
  PID:8348
- C:\Windows\System\waZrTmF.exe
  C:\Windows\System\waZrTmF.exe
  2⤵
  PID:7832
- C:\Windows\System\ruCLFGD.exe
  C:\Windows\System\ruCLFGD.exe
  2⤵
  PID:1392
- C:\Windows\System\txHXxiz.exe
  C:\Windows\System\txHXxiz.exe
  2⤵
  PID:8276
- C:\Windows\System\iutIMrF.exe
  C:\Windows\System\iutIMrF.exe
  2⤵
  PID:8392
- C:\Windows\System\xJQclYd.exe
  C:\Windows\System\xJQclYd.exe
  2⤵
  PID:8448
- C:\Windows\System\YzAlXQi.exe
  C:\Windows\System\YzAlXQi.exe
  2⤵
  PID:8444
- C:\Windows\System\TVhVCPU.exe
  C:\Windows\System\TVhVCPU.exe
  2⤵
  PID:8360
- C:\Windows\System\BelVMle.exe
  C:\Windows\System\BelVMle.exe
  2⤵
  PID:8616
- C:\Windows\System\MbMOvlE.exe
  C:\Windows\System\MbMOvlE.exe
  2⤵
  PID:8680
- C:\Windows\System\cmIjXpt.exe
  C:\Windows\System\cmIjXpt.exe
  2⤵
  PID:8724
- C:\Windows\System\KkBbMPz.exe
  C:\Windows\System\KkBbMPz.exe
  2⤵
  PID:8740
- C:\Windows\System\dEqxNyE.exe
  C:\Windows\System\dEqxNyE.exe
  2⤵
  PID:8848
- C:\Windows\System\deJnuXk.exe
  C:\Windows\System\deJnuXk.exe
  2⤵
  PID:8952
- C:\Windows\System\QjTDSua.exe
  C:\Windows\System\QjTDSua.exe
  2⤵
  PID:8776
- C:\Windows\System\fykoSxY.exe
  C:\Windows\System\fykoSxY.exe
  2⤵
  PID:9128
- C:\Windows\System\EbYpeEE.exe
  C:\Windows\System\EbYpeEE.exe
  2⤵
  PID:8892
- C:\Windows\System\ViJFQwn.exe
  C:\Windows\System\ViJFQwn.exe
  2⤵
  PID:5268
- C:\Windows\System\ClEVvlC.exe
  C:\Windows\System\ClEVvlC.exe
  2⤵
  PID:9208
- C:\Windows\System\HkPmumz.exe
  C:\Windows\System\HkPmumz.exe
  2⤵
  PID:9104
- C:\Windows\System\HubroRl.exe
  C:\Windows\System\HubroRl.exe
  2⤵
  PID:988
- C:\Windows\System\LoOaKls.exe
  C:\Windows\System\LoOaKls.exe
  2⤵
  PID:8368
- C:\Windows\System\iSOqfTQ.exe
  C:\Windows\System\iSOqfTQ.exe
  2⤵
  PID:8608
- C:\Windows\System\ITlVgNG.exe
  C:\Windows\System\ITlVgNG.exe
  2⤵
  PID:8588
- C:\Windows\System\pinqfHQ.exe
  C:\Windows\System\pinqfHQ.exe
  2⤵
  PID:8620
- C:\Windows\System\QXRJsrx.exe
  C:\Windows\System\QXRJsrx.exe
  2⤵
  PID:8716
- C:\Windows\System\GLTiNsq.exe
  C:\Windows\System\GLTiNsq.exe
  2⤵
  PID:8864
- C:\Windows\System\vsutSvj.exe
  C:\Windows\System\vsutSvj.exe
  2⤵
  PID:9020
- C:\Windows\System\izVTvwh.exe
  C:\Windows\System\izVTvwh.exe
  2⤵
  PID:8696
- C:\Windows\System\oXcSSSk.exe
  C:\Windows\System\oXcSSSk.exe
  2⤵
  PID:9080
- C:\Windows\System\VXkqtLX.exe
  C:\Windows\System\VXkqtLX.exe
  2⤵
  PID:9036
- C:\Windows\System\KRZuxeI.exe
  C:\Windows\System\KRZuxeI.exe
  2⤵
  PID:8340
- C:\Windows\System\UsfWOhg.exe
  C:\Windows\System\UsfWOhg.exe
  2⤵
  PID:8572
- C:\Windows\System\YlisTjf.exe
  C:\Windows\System\YlisTjf.exe
  2⤵
  PID:8708
- C:\Windows\System\XlsgmgA.exe
  C:\Windows\System\XlsgmgA.exe
  2⤵
  PID:8512
- C:\Windows\System\iAZWlun.exe
  C:\Windows\System\iAZWlun.exe
  2⤵
  PID:9172
- C:\Windows\System\jnVqInr.exe
  C:\Windows\System\jnVqInr.exe
  2⤵
  PID:8208
- C:\Windows\System\FobdipT.exe
  C:\Windows\System\FobdipT.exe
  2⤵
  PID:8656
- C:\Windows\System\SkxfOkd.exe
  C:\Windows\System\SkxfOkd.exe
  2⤵
  PID:7528
- C:\Windows\System\mNyEhmQ.exe
  C:\Windows\System\mNyEhmQ.exe
  2⤵
  PID:8496
- C:\Windows\System\kFnvmOo.exe
  C:\Windows\System\kFnvmOo.exe
  2⤵
  PID:9044
- C:\Windows\System\icCVIij.exe
  C:\Windows\System\icCVIij.exe
  2⤵
  PID:9064
- C:\Windows\System\HCaMMAI.exe
  C:\Windows\System\HCaMMAI.exe
  2⤵
  PID:8388
- C:\Windows\System\GblYqvN.exe
  C:\Windows\System\GblYqvN.exe
  2⤵
  PID:8832
- C:\Windows\System\SBLRERb.exe
  C:\Windows\System\SBLRERb.exe
  2⤵
  PID:9108
- C:\Windows\System\okOlyXK.exe
  C:\Windows\System\okOlyXK.exe
  2⤵
  PID:9228
- C:\Windows\System\ShmEpmX.exe
  C:\Windows\System\ShmEpmX.exe
  2⤵
  PID:9244
- C:\Windows\System\lYCRNzH.exe
  C:\Windows\System\lYCRNzH.exe
  2⤵
  PID:9260
- C:\Windows\System\aAedcQz.exe
  C:\Windows\System\aAedcQz.exe
  2⤵
  PID:9276
- C:\Windows\System\bqbvMcO.exe
  C:\Windows\System\bqbvMcO.exe
  2⤵
  PID:9292
- C:\Windows\System\wgqEVlu.exe
  C:\Windows\System\wgqEVlu.exe
  2⤵
  PID:9308
- C:\Windows\System\ggBgNxW.exe
  C:\Windows\System\ggBgNxW.exe
  2⤵
  PID:9324
- C:\Windows\System\XDQUZCp.exe
  C:\Windows\System\XDQUZCp.exe
  2⤵
  PID:9340
- C:\Windows\System\HNasagD.exe
  C:\Windows\System\HNasagD.exe
  2⤵
  PID:9356
- C:\Windows\System\cHeGNjz.exe
  C:\Windows\System\cHeGNjz.exe
  2⤵
  PID:9372
- C:\Windows\System\QBPMuon.exe
  C:\Windows\System\QBPMuon.exe
  2⤵
  PID:9388
- C:\Windows\System\wZqaElb.exe
  C:\Windows\System\wZqaElb.exe
  2⤵
  PID:9404
- C:\Windows\System\lsVRvOn.exe
  C:\Windows\System\lsVRvOn.exe
  2⤵
  PID:9420
- C:\Windows\System\MWZojsh.exe
  C:\Windows\System\MWZojsh.exe
  2⤵
  PID:9436
- C:\Windows\System\lGmqoEl.exe
  C:\Windows\System\lGmqoEl.exe
  2⤵
  PID:9452
- C:\Windows\System\BZCYrBF.exe
  C:\Windows\System\BZCYrBF.exe
  2⤵
  PID:9468
- C:\Windows\System\WVaitbL.exe
  C:\Windows\System\WVaitbL.exe
  2⤵
  PID:9484
- C:\Windows\System\LkMjKAG.exe
  C:\Windows\System\LkMjKAG.exe
  2⤵
  PID:9500
- C:\Windows\System\rSfkagW.exe
  C:\Windows\System\rSfkagW.exe
  2⤵
  PID:9516
- C:\Windows\System\ewkAntq.exe
  C:\Windows\System\ewkAntq.exe
  2⤵
  PID:9532
- C:\Windows\System\LysffEn.exe
  C:\Windows\System\LysffEn.exe
  2⤵
  PID:9548
- C:\Windows\System\sCenCHk.exe
  C:\Windows\System\sCenCHk.exe
  2⤵
  PID:9564
- C:\Windows\System\xyLagtP.exe
  C:\Windows\System\xyLagtP.exe
  2⤵
  PID:9580
- C:\Windows\System\BSbeBYp.exe
  C:\Windows\System\BSbeBYp.exe
  2⤵
  PID:9596
- C:\Windows\System\lysbvzf.exe
  C:\Windows\System\lysbvzf.exe
  2⤵
  PID:9612
- C:\Windows\System\FdlzACg.exe
  C:\Windows\System\FdlzACg.exe
  2⤵
  PID:9628
- C:\Windows\System\zGOYWlM.exe
  C:\Windows\System\zGOYWlM.exe
  2⤵
  PID:9644
- C:\Windows\System\rjiIIFH.exe
  C:\Windows\System\rjiIIFH.exe
  2⤵
  PID:9660
- C:\Windows\System\ukDthin.exe
  C:\Windows\System\ukDthin.exe
  2⤵
  PID:9676
- C:\Windows\System\IwFDVBr.exe
  C:\Windows\System\IwFDVBr.exe
  2⤵
  PID:9692
- C:\Windows\System\SPejxig.exe
  C:\Windows\System\SPejxig.exe
  2⤵
  PID:9708
- C:\Windows\System\PHcPzfc.exe
  C:\Windows\System\PHcPzfc.exe
  2⤵
  PID:9724
- C:\Windows\System\BkIjjgl.exe
  C:\Windows\System\BkIjjgl.exe
  2⤵
  PID:9740
- C:\Windows\System\PjYtIlt.exe
  C:\Windows\System\PjYtIlt.exe
  2⤵
  PID:9756
- C:\Windows\System\GFshgun.exe
  C:\Windows\System\GFshgun.exe
  2⤵
  PID:9772
- C:\Windows\System\NKwnMIj.exe
  C:\Windows\System\NKwnMIj.exe
  2⤵
  PID:9788
- C:\Windows\System\vdwJzFJ.exe
  C:\Windows\System\vdwJzFJ.exe
  2⤵
  PID:9804
- C:\Windows\System\qMVTAMM.exe
  C:\Windows\System\qMVTAMM.exe
  2⤵
  PID:9820
- C:\Windows\System\WOUfhMM.exe
  C:\Windows\System\WOUfhMM.exe
  2⤵
  PID:9836
- C:\Windows\System\hXiWRhq.exe
  C:\Windows\System\hXiWRhq.exe
  2⤵
  PID:9852
- C:\Windows\System\yrWsnEe.exe
  C:\Windows\System\yrWsnEe.exe
  2⤵
  PID:9872
- C:\Windows\System\SMnAbcv.exe
  C:\Windows\System\SMnAbcv.exe
  2⤵
  PID:9892
- C:\Windows\System\jHnbkob.exe
  C:\Windows\System\jHnbkob.exe
  2⤵
  PID:9908
- C:\Windows\System\AIArmPI.exe
  C:\Windows\System\AIArmPI.exe
  2⤵
  PID:9924
- C:\Windows\System\cnbgElb.exe
  C:\Windows\System\cnbgElb.exe
  2⤵
  PID:9940
- C:\Windows\System\qIKqTPu.exe
  C:\Windows\System\qIKqTPu.exe
  2⤵
  PID:9956
- C:\Windows\System\ooBTgem.exe
  C:\Windows\System\ooBTgem.exe
  2⤵
  PID:9972
- C:\Windows\System\emWSNbR.exe
  C:\Windows\System\emWSNbR.exe
  2⤵
  PID:9988
- C:\Windows\System\arrohnp.exe
  C:\Windows\System\arrohnp.exe
  2⤵
  PID:10004
- C:\Windows\System\pIeWbJr.exe
  C:\Windows\System\pIeWbJr.exe
  2⤵
  PID:10020
- C:\Windows\System\tcWOAFE.exe
  C:\Windows\System\tcWOAFE.exe
  2⤵
  PID:10036
- C:\Windows\System\JbRNJIl.exe
  C:\Windows\System\JbRNJIl.exe
  2⤵
  PID:10052
- C:\Windows\System\OTqDAwl.exe
  C:\Windows\System\OTqDAwl.exe
  2⤵
  PID:10068
- C:\Windows\System\UZQftOM.exe
  C:\Windows\System\UZQftOM.exe
  2⤵
  PID:10084
- C:\Windows\System\TkhfqDT.exe
  C:\Windows\System\TkhfqDT.exe
  2⤵
  PID:10100
- C:\Windows\System\rbnYvZc.exe
  C:\Windows\System\rbnYvZc.exe
  2⤵
  PID:10116
- C:\Windows\System\pjyEhfE.exe
  C:\Windows\System\pjyEhfE.exe
  2⤵
  PID:10132
- C:\Windows\System\yoYrvqj.exe
  C:\Windows\System\yoYrvqj.exe
  2⤵
  PID:10148
- C:\Windows\System\lZOCLYo.exe
  C:\Windows\System\lZOCLYo.exe
  2⤵
  PID:10164
- C:\Windows\System\gDOYRVC.exe
  C:\Windows\System\gDOYRVC.exe
  2⤵
  PID:10180
- C:\Windows\System\ldkmNwr.exe
  C:\Windows\System\ldkmNwr.exe
  2⤵
  PID:10196
- C:\Windows\System\hQBGZCI.exe
  C:\Windows\System\hQBGZCI.exe
  2⤵
  PID:10224
- C:\Windows\System\uIorspJ.exe
  C:\Windows\System\uIorspJ.exe
  2⤵
  PID:8700
- C:\Windows\System\oeOXDZS.exe
  C:\Windows\System\oeOXDZS.exe
  2⤵
  PID:8924
- C:\Windows\System\ibDriHV.exe
  C:\Windows\System\ibDriHV.exe
  2⤵
  PID:9256
- C:\Windows\System\jiSHRmu.exe
  C:\Windows\System\jiSHRmu.exe
  2⤵
  PID:9288
- C:\Windows\System\ypeDqqH.exe
  C:\Windows\System\ypeDqqH.exe
  2⤵
  PID:9352
- C:\Windows\System\fRZrvQW.exe
  C:\Windows\System\fRZrvQW.exe
  2⤵
  PID:9508
- C:\Windows\System\wknfcIQ.exe
  C:\Windows\System\wknfcIQ.exe
  2⤵
  PID:9236
- C:\Windows\System\RTxmvQE.exe
  C:\Windows\System\RTxmvQE.exe
  2⤵
  PID:9604
- C:\Windows\System\lOpNqRk.exe
  C:\Windows\System\lOpNqRk.exe
  2⤵
  PID:9668
- C:\Windows\System\rArIhXA.exe
  C:\Windows\System\rArIhXA.exe
  2⤵
  PID:9732
- C:\Windows\System\uDixIMp.exe
  C:\Windows\System\uDixIMp.exe
  2⤵
  PID:9432
- C:\Windows\System\HzJvtYI.exe
  C:\Windows\System\HzJvtYI.exe
  2⤵
  PID:9428
- C:\Windows\System\aMwVTKY.exe
  C:\Windows\System\aMwVTKY.exe
  2⤵
  PID:9528
- C:\Windows\System\ugsdRMp.exe
  C:\Windows\System\ugsdRMp.exe
  2⤵
  PID:9684
- C:\Windows\System\LcaZSNa.exe
  C:\Windows\System\LcaZSNa.exe
  2⤵
  PID:9780
- C:\Windows\System\KAZeNgn.exe
  C:\Windows\System\KAZeNgn.exe
  2⤵
  PID:9844
- C:\Windows\System\ZJnHbCL.exe
  C:\Windows\System\ZJnHbCL.exe
  2⤵
  PID:9948
- C:\Windows\System\hOCSdXo.exe
  C:\Windows\System\hOCSdXo.exe
  2⤵
  PID:9984
- C:\Windows\System\rluGEeV.exe
  C:\Windows\System\rluGEeV.exe
  2⤵
  PID:10016
- C:\Windows\System\ICNYiLT.exe
  C:\Windows\System\ICNYiLT.exe
  2⤵
  PID:10124
- C:\Windows\System\sSQyspJ.exe
  C:\Windows\System\sSQyspJ.exe
  2⤵
  PID:9304
- C:\Windows\System\NOBmUsD.exe
  C:\Windows\System\NOBmUsD.exe
  2⤵
  PID:10236
- C:\Windows\System\cNelcov.exe
  C:\Windows\System\cNelcov.exe
  2⤵
  PID:10176
- C:\Windows\System\mhwBWZs.exe
  C:\Windows\System\mhwBWZs.exe
  2⤵
  PID:10208
- C:\Windows\System\LzfPbfY.exe
  C:\Windows\System\LzfPbfY.exe
  2⤵
  PID:10192
- C:\Windows\System\qKtkrja.exe
  C:\Windows\System\qKtkrja.exe
  2⤵
  PID:9412
- C:\Windows\System\FseIveE.exe
  C:\Windows\System\FseIveE.exe
  2⤵
  PID:9700
- C:\Windows\System\hbGfdHI.exe
  C:\Windows\System\hbGfdHI.exe
  2⤵
  PID:9764
- C:\Windows\System\zCtSWrQ.exe
  C:\Windows\System\zCtSWrQ.exe
  2⤵
  PID:9624
- C:\Windows\System\lZurayT.exe
  C:\Windows\System\lZurayT.exe
  2⤵
  PID:9652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BuEZXum.exe

Filesize
6.0MB

MD5
8a00023369f7c5e216a50c7d9e2a859e

SHA1
34a3581fd54bcbb349d48ae0e913f4c36b37e744

SHA256
7b169611a96f218adb9a08d1fc181b547eb6a6bffeabb146c333dbd3b75a1e58

SHA512
d4effd1276c8e4d448643ff4f8b146b654e1f1b5150abcd4609fe84a3aba38fd9568216b72ddcc6944971a2e27e0fb96eef8e084fecba47cf1da735c923eb8fd

Download Submit
C:\Windows\system\CePcIBc.exe

Filesize
6.0MB

MD5
dc59a5110d046767d989db4f1dd8f209

SHA1
f3313d032792dcf069da4502b6af59de26479905

SHA256
d594a720ec608c0b0f053345cb58364d8f6e98f8ec4280bd811afc302c3ed3e7

SHA512
383705f2e4c1de86bc1d462c9a3a008d576b57f324045201fa1797cc55b6a527ec25514567dfaaf12777311208aededd39ff0853112b7ef484ef711d4fe9ad1d

Download Submit
C:\Windows\system\DRAXBoP.exe

Filesize
6.0MB

MD5
d7c28107c765a3b97ac26ae62e1484fa

SHA1
b95c6696036394e65a3711e7e368f08b6feb4f65

SHA256
172b647b943d441faf2d55504bbb461971efb85003c363904b381640730402f0

SHA512
8282be43da89ec52482a7b2fe496daa4c4133b8f9f165e792c86137a22d8c6e334a7451ca869b8a2057240c98e3ae5be58852058d90dfeb33a671f63d19b5c1a

Download Submit
C:\Windows\system\IVEhYAo.exe

Filesize
6.0MB

MD5
8f83ba9803048a35132fec321b50adcf

SHA1
94a6d812150c8559a0cda8b4ee0b249522d26d1a

SHA256
2631ee46e1904c81351ef7976f2a1e89aeef32fa8a8c0a95b026cead2a7a57b4

SHA512
faa248f8c5c815fefac813708c69a870a5a29c6390a8395f611e4a1a6c6b1908cfbce4fc400e2d274b636e71786c423092de44c76c77c844c4ca2f9e50f03640

Download Submit
C:\Windows\system\JmnfIBJ.exe

Filesize
6.0MB

MD5
71074e46c9e7d850dc0e302e7262510a

SHA1
00175e822b599eb47bef3120bed770a09002485e

SHA256
2140d46b07ac66247572c3ae4f80e13cc37dca4c10b814e3d2b8abc120f33c81

SHA512
e1d5f6cd7871d267c9781dd339f69266bc94dc07295bbea5b2c29630ddf8cd80c11dbb6f481ea9bbbc751e4ba03a4668279bdd08abc3dcf7aad948f59c7805a2

Download Submit
C:\Windows\system\PqausOP.exe

Filesize
6.0MB

MD5
c9d3f892df2c90c6ac21dc30d3778ee1

SHA1
9780cde2cefac9e15d58961b92b33f04d000ca14

SHA256
c179c90eb740c157eec79a236b09694eea9221283152e8734cfc621401c0af52

SHA512
05328e013d1b11d6cd7b3634b26c2a61405cd1c6687d3a38ef1a0a74493e08f5a2e607640238056d1a5dd634d368ade2562c9128c73f4c79ddfa2ed90370588c

Download Submit
C:\Windows\system\QwKEKCb.exe

Filesize
6.0MB

MD5
0373076b295fb2e3359c00eb9f657234

SHA1
48aab824e72fc5fb0e023e2169e7edadd0038cdd

SHA256
013351972ebff7a3e0ee9ad0407fbea4ae38d714700d9e84fa28b7f7dbd03310

SHA512
173e785c28a128b2bbdc8d2eabe110bde2329b1f565535f77ac09790f1cea4bc3d0a233141c51903ce2e2002371ffbb7411990075d6b9ddace069a5faa820e23

Download Submit
C:\Windows\system\UaQytuO.exe

Filesize
6.0MB

MD5
685edb0c6b740135fdbd319a86111251

SHA1
4bb37c4485f7995e5db0508fc2de159de4b1fe9a

SHA256
9fef50f0be69f6c63369139497f897c931e79037b31a3a350d6a1af87d1c3384

SHA512
3d41a34e94f10816b4fef403d78ffd9b47c0373a960964fbe9f858b8a27a0f03ceba1f59cea47896d2bcfd1480def84052e29993b07ce701c167bebd8847e188

Download Submit
C:\Windows\system\VWsDUEr.exe

Filesize
6.0MB

MD5
6ba31424f24e4dbe4d6f13d9dfbd18b5

SHA1
2a3a4a6645d47adc06c3c7c3bb4ad7a98adfcf6c

SHA256
a32eac9a6c5376e9c28f2205bfa7c0befbf7a5eb5aa0c35948a16628046088a8

SHA512
a48271175b470d8afecf79602d1ff790dcb6d8f9a298307e629d2342724840be02aa4707c57e8593aa5948b8c30f25c2567d6def102c6a06346e1dfae5cf8043

Download Submit
C:\Windows\system\YcPSaPA.exe

Filesize
6.0MB

MD5
e24ba6f4019f37199c15cd5de03622e5

SHA1
e8f6ab137c2de4293c6f020294f5871d1c201123

SHA256
29778fda9f81329723bed4a6eaf6b0231d2cc8b1cf094713a91f2ed36787dd69

SHA512
d6b8c4ffabab688c45c8559826cb4bdc9f0fcb7d90bbbff4e5d4d6209e8f2362ee8c9428c432eca783e3d00aed027b989ed5e1dd7100bcb4ce5586ab954506f6

Download Submit
C:\Windows\system\ZHPSHJC.exe

Filesize
6.0MB

MD5
146081c19dc8a647ceab742b5124a957

SHA1
de171d145a2bee37f457d1456e1bc870d7b47dd3

SHA256
26b0bb736a81d9f4a358b6915d3bc04cac68c8b16041b22d1e842201f5f133eb

SHA512
fccce7725a7af6b3cd38475e422df5104a9d5f08b1e2dee8b035f26c0d88f1beb420dfcedde4bf6c41aebe752064f4086bdc9e227e82772168c1fb9d1a6758c3

Download Submit
C:\Windows\system\agNckIc.exe

Filesize
6.0MB

MD5
d1be17f6ca5b65cd7110fce908c48c33

SHA1
6809a917bc816857d83d27bfb91c96a97a37917f

SHA256
848a1dc33bcfc4cb332bb56073143b07b717f110f6bbd56e12c5bb523d041d74

SHA512
bc769c4de9cdcf6480d1b86012e6217ee5a509b613769ef2b5d1d3af12fa094e89fbd80da30b97f9089daf321fd30b7d08e7f70c9e1b6e72453b5f6b1262d3e5

Download Submit
C:\Windows\system\buTEzkY.exe

Filesize
6.0MB

MD5
92a84031bb6b555b715306a366a0252e

SHA1
2dcb0fb1776642c3b81620c40b9da75129285412

SHA256
6edac9ed136b78e7462468baacf7246b1ce96933c5c1e9388151d26ce6c5ed04

SHA512
fddf2559a7698acf357f88d1883b2b0b33064a1755b2566042117a0cd2cac0b31a5154fa45740273c5e77ee96d6f08915fc3e9e12b55af2cf5d6a1943d958b72

Download Submit
C:\Windows\system\eAyRTSv.exe

Filesize
6.0MB

MD5
1fc6e8ebd50e711aec64b971a3b0ef26

SHA1
fc88ecf7abf8296f437fa703fb0a6371814faf12

SHA256
24e51fc2ce37bafeaae3daac270be4f94f5e6d65917217b350f1df9ad8c0bb0c

SHA512
3d90558bbb3de953d41c68b8b4bb408d26a71e14d1be4a9afc8aac27c6fb1378e3cc60f82594b464cd97f6e170ac3ce2be222b4f5e5c3e2e69b717013adfde90

Download Submit
C:\Windows\system\jRmYPDw.exe

Filesize
6.0MB

MD5
630ebdb4c63590f818aa18f936447db3

SHA1
30527d02c5bba072e465ba22acefa7e71cc3e15b

SHA256
6776b75dc6862e06f2a8191d5482e1e389e39934a0003b695ed812b54dd3c42e

SHA512
85d64b5d89fb041c29da81ac56aa1b424741637d8194da175d1cfd7913b6936ba64505c8cd971ce989e1648f6daa9c7881c51d5ba9553a98e49ba4dc5e0428ef

Download Submit
C:\Windows\system\jiZGHLP.exe

Filesize
6.0MB

MD5
88de52ecdbae610d47d1e580ed6b3409

SHA1
224d55482d40a60b0c7471808816ea8ff709df72

SHA256
82c141e36d72f07570a5f114ef3bf7d82a4c48a079affee39b5c4fb06de6e9c6

SHA512
1faa4af7caf2611d1f7702f7b2dfd92bc6c3a6d51f6eff49d7dd5986cbd7ccde9855e3c951bde1ff35f98d80bc6467b7ed7a6d125cdbe829fc2c176ad0dcf659

Download Submit
C:\Windows\system\kIPofWF.exe

Filesize
6.0MB

MD5
3c7ec415d10ba456d3ed92b6c58fae33

SHA1
58a4ce00457f8241489ea3b3d7e08950adeaceb8

SHA256
d256970793ff311835621e646c0b649fbed78dd5e35fb3d79627083b0066ad08

SHA512
445c793efb8c1b0d323f5c3d490c84f58136f1211e60e8ea38d9b43894234ddb5ae2d246e8931606c02ca832c7ecc9cc985a078e0ff54e5087853388ed63e226

Download Submit
C:\Windows\system\khhnstu.exe

Filesize
6.0MB

MD5
da895679b45a56fbafd02119cf284173

SHA1
7ef5fd1006bb65cbe005e5c84bb095e4d2137980

SHA256
ae77a2e59992218606265b826f1446f0e8af4a6d6749e4c0b589da1108d43dc1

SHA512
f7c50e4ac8c94f9fdf0c5ddd48b48d431709efc4db208a645d2474798aa37007399c020fdc8cb8b224ff2939f38d40f8a1fea0c8a1d89e8cd45e968e7aaf6850

Download Submit
C:\Windows\system\nwSMNBm.exe

Filesize
6.0MB

MD5
e42b38ec51f565e358adb9a16744ec7f

SHA1
d1e4b6c3f9be0c9d40dd5a44bfc70de27c31d588

SHA256
31d41409a53a8aa04d6b9fd3b8cfcfae5442ed2913db573b7eefc73236943454

SHA512
3e58cffa0d5811de6e13cac525fd5283cc950ba81189e01246c7e311d02f6c203e09e46983774c1f861da29e957710870491da41517341dc9cfafa1eca36814c

Download Submit
C:\Windows\system\qQzEdEv.exe

Filesize
6.0MB

MD5
b4784a7c833695259dd259a30bf3ebd1

SHA1
a5bf8f1f0a96d1a0d0eb162dba648873fd60032e

SHA256
f085467caebbf9e1f22b8937c07c04e5269f51733d1c75ec4bc45712b508a849

SHA512
b1b7446c35b24e901d9e58a5a108135469aa5acb71808dd12b2fbc63a946ad9e6c88f14c0821844280a55dfa3be4a0949d102fa4984cfa0774933b503b380de1

Download Submit
C:\Windows\system\qgVWeyO.exe

Filesize
6.0MB

MD5
c093990f03f0d463fd3abda4a19aca31

SHA1
07deadc8b8b5f558e427ffeab87931bef4d4e4fd

SHA256
13bb3a22bdec5c39cf94b9babcca5db25730fcdac6cdd56482605874fb3df48b

SHA512
a0c66496c927ccb500b0c903b649bb2196fff0ae808b89b6033333e39388dd40e14c5a6c9c99806ddb5ab5923ff1835e91854e57055026f1e544d9d37847f1c3

Download Submit
C:\Windows\system\sfwIOCF.exe

Filesize
6.0MB

MD5
5a79af18b550a4daf729721934af601c

SHA1
3309aab0a0b4c5e18ba7d9bd0cb2bf2a24e13b21

SHA256
7ed9ddb0f8504d188f0973af0882cfcfa78cbc5e1e357f6efc73974e1a08250b

SHA512
7fbfa2622055465efe68653616d013e7fab7273978f4556cd1c1359411693186e7a1712a96cef95e9d8b0fa9f4ab9d903d135e375378e6810cc548a8a99b54e8

Download Submit
C:\Windows\system\uYxUpYp.exe

Filesize
6.0MB

MD5
96df0455a698d2d9388a20469aefa326

SHA1
00ce649338b8bc04cd32b49e47bdafd8db193760

SHA256
cc53a348e5f43e3ad47d6c4296e3980520ab5ee1a38f0abc984caf45d3c9b01f

SHA512
6401dd28d55e2cdfbff8713d1cec427ef4134a5966bc1f142a0eb46534fa242b47abb86f074ca5f0f987b7b20be0e2b7b41f0a16900e204aa43c8e0bae8b9084

Download Submit
C:\Windows\system\wSORHaG.exe

Filesize
6.0MB

MD5
c1b851364258ce66e6e2d4f438797bf1

SHA1
da7134e738b3370909552aa784f84e3dbe916b92

SHA256
24337d300feb9b93bc2234bebc22f63a06a7846ad2e7eeb635ddb093d826352f

SHA512
22ffbf43b36b861203b455dadd34ce5a365ac5d229bdd98a2902e303c5492daa8662c9045d3fec79dd9718912fdbc86bc486183914b61ed86ad93ae305be8286

Download Submit
C:\Windows\system\wTQRAPA.exe

Filesize
6.0MB

MD5
49d64757d5fbb3c86aed83e81adc9c15

SHA1
92958c28684085e39577e1d2c810dbabeadeb8b5

SHA256
c36ce8be644b01daf2f98a707529650ccfa06e25d4640516b72f3f8df71c9c5c

SHA512
ed5cd92b6b7fb14749a5f00b91b68b06b7a19fe5a0e3f96c7437ae4d1bad425811e0a5dc91891bdd3732c35067415667f3283e1ea89c6e6439ca33da7f3925cc

Download Submit
C:\Windows\system\yqXvVLT.exe

Filesize
6.0MB

MD5
c1cb53c9a7735afb9e9c50d9a16178e0

SHA1
a3a21caa158e634e3f222f35f51d6724592abfd1

SHA256
d98c820bbb18e310b63c6e9b01045d853501acc104abe3cb47392ee54f231944

SHA512
7329f261092fc9180e7749ca9b6b34e8d6063df6323cf9640dfbefd5dba4fdde35bd83194553e633ca4803a4a6ccda716c37a0715a87045212b3ed7e855e794b

Download Submit
C:\Windows\system\zJnKuSk.exe

Filesize
6.0MB

MD5
7c0360a198c13f5e497d7bd428b617bc

SHA1
2421b5b672af1cc9bd77613541e4dfd089a630df

SHA256
05edc8e5a06c96963382558c1e2f4664e23b0d07ece03d5478b8cd6cfae58918

SHA512
8f4f96a498f656e02423e39074c91f1cda56d37aac33a4e9448e1848f3ae679c122f5dc8afc39a2b0343b3ca949feb53e2bf2e874625d79111cbdb7d54f333b2

Download Submit
C:\Windows\system\zsoFRat.exe

Filesize
6.0MB

MD5
e324828be40c543e031b04c4b658fb11

SHA1
a476fbb134e4598e1214b183d376ed0f6a22d552

SHA256
8f506cc8e89b81a8b4e1d2d5d3b46176e149e51719220519c1c298399cad834e

SHA512
42892b277ab0caa3370cb5bbc8e092691878d8a46b3da1f464ce3cca85a599de4fdd3de3033c8f3f4065c1380e9c8edfb67e3d98a6d5ce28961fcdd9fab70afc

Download Submit
\Windows\system\BKRXbav.exe

Filesize
6.0MB

MD5
1c358ea54bbc5fee32abd58c02119e33

SHA1
062f3c6761f2f3a0070458d54af1bb93a20c122f

SHA256
831b8c795a60d388d50e488a00f68a5f5bdbc14352bd8090a79ab63bec05e3d5

SHA512
832424db982098a10a3a6f86782364e5dc152b1b8724271d5a36b9869736d695607f422e335cad6ac37c459ab47d5fe0374ae0a6e72a503e608a2a5b4fc505ac

Download Submit
\Windows\system\EBrSrkh.exe

Filesize
6.0MB

MD5
5dcfa13c0fed78bde9a09e2bac9eb28e

SHA1
7ffdd72c5a1b1d60073d582555e451b3b70f9e12

SHA256
66db61ec16b15b3d302d6e9e0efe62977615ba806244208474c26d8d055e74b4

SHA512
97ae8ca328a612fba920ffb23647f67a4d8cd8318023fff6329cf0c86299bf860985aa6822fb6de0c885ca31dde6db0d6c2d7708dfbff9fd125b846308093ca6

Download Submit
\Windows\system\KetxbwF.exe

Filesize
6.0MB

MD5
68ed38661212734adc2a7c3b62cd5ff0

SHA1
04e9cbc80a1b0870f067c97c9832cf3e9f15068a

SHA256
3c7b3f7e45c15a62ff09874b6837dd43b064d6aaa757fea0ead2ff23b0161819

SHA512
a052ca84a430be15481e9736fa3cad41102151c5886e2680d39569fbe65bc3e172c8d9637cfee83ad753e5ed9bae5329329872973d7fc556cc74befaf7b91c63

Download Submit
\Windows\system\jHXHQbm.exe

Filesize
6.0MB

MD5
6e41f1a8d284688cf06575785df02675

SHA1
7cc48327ef6f4e59c123cdc001f6a1c6044c912d

SHA256
33903246b6085755eb667e3589f1d000a3431c364753b88386616c1dd03faff4

SHA512
281fac61a9e5da4c6d5b8507a82980261c429dd1303159bdd308dab1aac773e35d07964f7828669ebc4f8dfb3ee0247ee18138967574ffefd9e3831809418290

Download Submit
\Windows\system\ueuldCX.exe

Filesize
6.0MB

MD5
81257e98161f10b7e0641e78f8412c00

SHA1
26b3fd8f5666d6aa68f306f6369871fcb1628bbd

SHA256
97164415966546a229444130429e0b0dc246bec01c7f5943b10574b63c858c80

SHA512
7b3b9993dd4408f094ed74b9f98b3125100c24ef6a28d84ae10aeaaf58c7dea485b89603221b09ad09997b15389a5ba4bdbb9df664073a08777229772f921670

Download Submit
memory/2068-3006-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-2001-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1701-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-3007-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-1915-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-3003-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-3001-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1809-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2460-2002-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-2103-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2460-3399-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2460-1869-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-1916-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-2280-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2460-3401-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2460-3199-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-2739-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2460-2781-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-3186-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-0-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-3081-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-3071-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2460-1810-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3002-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2824-2409-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2860-2102-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3004-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-2990-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2944-2278-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2992-3005-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-1868-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download