cobaltstrike | 382b0fb0ee9aa822af219f53fbac5626359d62213e632b55a7d6aab845c62b35

Analysis

max time kernel
143s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 08:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b4acded8d60e00b6132b14507baf0774
SHA1

dd99588234244aba794379078ad35c9418820f8d
SHA256

382b0fb0ee9aa822af219f53fbac5626359d62213e632b55a7d6aab845c62b35
SHA512

e11b6ff7c3f1db2b1beffd782bc609c830be8425ddb5c2979454d6dd998b481695dcd5086c125818b45f9a61f49119e1eddde8077add1c0ae855d95918c06c7d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUw:T+q56utgpPF8u/7w

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cc9-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cd1-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ce5-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cf2-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d04-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d0e-36.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d2a-41.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016a47-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c4e-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ca2-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d2e-123.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3f-117.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016e74-152.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739a-158.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739c-162.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f9c-155.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-136.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dad-134.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d50-126.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dc8-141.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d1b-99.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d47-122.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d36-114.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015b6e-91.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d24-104.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d13-96.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d0b-87.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cfe-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cd3-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c58-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c3d-55.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000167dc-45.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 53 IoCs

miner

resource	yara_rule
behavioral1/memory/2420-0-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0008000000015cc9-8.dat	xmrig
behavioral1/memory/3036-11-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x0008000000015cd1-16.dat	xmrig
behavioral1/files/0x0007000000015ce5-18.dat	xmrig
behavioral1/files/0x0007000000015cf2-26.dat	xmrig
behavioral1/files/0x0007000000015d04-30.dat	xmrig
behavioral1/files/0x0007000000015d0e-36.dat	xmrig
behavioral1/files/0x0009000000015d2a-41.dat	xmrig
behavioral1/files/0x0006000000016a47-50.dat	xmrig
behavioral1/files/0x0006000000016c4e-60.dat	xmrig
behavioral1/files/0x0006000000016ca2-70.dat	xmrig
behavioral1/files/0x0006000000016d2e-123.dat	xmrig
behavioral1/files/0x0006000000016d3f-117.dat	xmrig
behavioral1/files/0x0006000000016e74-152.dat	xmrig
behavioral1/files/0x000600000001739a-158.dat	xmrig
behavioral1/files/0x000600000001739c-162.dat	xmrig
behavioral1/files/0x0006000000016f9c-155.dat	xmrig
behavioral1/files/0x0006000000016d9f-136.dat	xmrig
behavioral1/files/0x0006000000016dad-134.dat	xmrig
behavioral1/files/0x0006000000016d50-126.dat	xmrig
behavioral1/files/0x0006000000016dc8-141.dat	xmrig
behavioral1/files/0x0006000000016d1b-99.dat	xmrig
behavioral1/files/0x0006000000016d47-122.dat	xmrig
behavioral1/files/0x0006000000016d36-114.dat	xmrig
behavioral1/files/0x0009000000015b6e-91.dat	xmrig
behavioral1/files/0x0006000000016d24-104.dat	xmrig
behavioral1/files/0x0006000000016d13-96.dat	xmrig
behavioral1/files/0x0006000000016d0b-87.dat	xmrig
behavioral1/files/0x0006000000016cfe-80.dat	xmrig
behavioral1/files/0x0006000000016cd3-75.dat	xmrig
behavioral1/files/0x0006000000016c58-65.dat	xmrig
behavioral1/files/0x0006000000016c3d-55.dat	xmrig
behavioral1/files/0x00080000000167dc-45.dat	xmrig
behavioral1/memory/2220-2184-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2100-2190-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2420-2193-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2436-2192-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2808-2194-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2316-2197-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2756-2302-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2832-2324-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2420-2360-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2756-2728-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/3036-2727-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2100-2726-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2436-2725-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2808-2724-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2220-2750-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2832-2741-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2316-2738-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2420-2785-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3036	nCwSwPD.exe
2220	zHOGaxI.exe
2100	jRUNTWk.exe
2436	myVsuxC.exe
2808	MJoeVaz.exe
2316	FtfFAMi.exe
2756	QQoidzK.exe
2832	NgYZmph.exe
2824	AnBUxAa.exe
2976	nVetsfZ.exe
2648	wTrpVPc.exe
2092	SCwWttu.exe
2788	ZJeAHTV.exe
2728	HSHgfyE.exe
2192	cIefAeP.exe
1524	bKhMEFf.exe
1388	wIZRhXp.exe
1844	saynLAC.exe
2524	bQtfbsf.exe
1884	UXcLkel.exe
1820	QOOueaR.exe
2928	HzBGXTC.exe
1944	rXpHFqN.exe
1272	uQynWvU.exe
2920	qjzkMUK.exe
2932	DWSKyBP.exe
2180	HiBfcqT.exe
2128	BKvaMOY.exe
2484	BjvFDnv.exe
2496	UKgAMgT.exe
2492	iKkKNuD.exe
2176	zuaNqKB.exe
904	OVaCbrg.exe
304	AIEQfxQ.exe
1956	dMLAIqw.exe
1540	OBpoXaB.exe
596	buFwWFp.exe
1280	gNgZWVU.exe
1332	UPnakXa.exe
2008	vgSLZiP.exe
1668	fJuXiCn.exe
1560	yfkRvih.exe
888	XwUnxlj.exe
1012	TUOZGTv.exe
2520	BPAUVXB.exe
2072	SVSNQjR.exe
2272	xLdwkDY.exe
2500	twKYFGs.exe
1096	ffjQxah.exe
856	jfyYyLh.exe
2476	UJuuqkz.exe
1496	QZUXTle.exe
1312	suqSSKE.exe
1508	dqfGfxg.exe
1720	GbcwlTr.exe
532	CcuRsMP.exe
3012	AEteyJS.exe
2568	uGdABYD.exe
2152	pLXqMgR.exe
2540	MRdkZiZ.exe
1160	aoxjzJq.exe
2980	KejuoQS.exe
2864	yIQyAoS.exe
2064	KtEPleX.exe

Loads dropped DLL 64 IoCs

pid	Process
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 51 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2420-0-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0008000000015cc9-8.dat	upx
behavioral1/memory/3036-11-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x0008000000015cd1-16.dat	upx
behavioral1/files/0x0007000000015ce5-18.dat	upx
behavioral1/files/0x0007000000015cf2-26.dat	upx
behavioral1/files/0x0007000000015d04-30.dat	upx
behavioral1/files/0x0007000000015d0e-36.dat	upx
behavioral1/files/0x0009000000015d2a-41.dat	upx
behavioral1/files/0x0006000000016a47-50.dat	upx
behavioral1/files/0x0006000000016c4e-60.dat	upx
behavioral1/files/0x0006000000016ca2-70.dat	upx
behavioral1/files/0x0006000000016d2e-123.dat	upx
behavioral1/files/0x0006000000016d3f-117.dat	upx
behavioral1/files/0x0006000000016e74-152.dat	upx
behavioral1/files/0x000600000001739a-158.dat	upx
behavioral1/files/0x000600000001739c-162.dat	upx
behavioral1/files/0x0006000000016f9c-155.dat	upx
behavioral1/files/0x0006000000016d9f-136.dat	upx
behavioral1/files/0x0006000000016dad-134.dat	upx
behavioral1/files/0x0006000000016d50-126.dat	upx
behavioral1/files/0x0006000000016dc8-141.dat	upx
behavioral1/files/0x0006000000016d1b-99.dat	upx
behavioral1/files/0x0006000000016d47-122.dat	upx
behavioral1/files/0x0006000000016d36-114.dat	upx
behavioral1/files/0x0009000000015b6e-91.dat	upx
behavioral1/files/0x0006000000016d24-104.dat	upx
behavioral1/files/0x0006000000016d13-96.dat	upx
behavioral1/files/0x0006000000016d0b-87.dat	upx
behavioral1/files/0x0006000000016cfe-80.dat	upx
behavioral1/files/0x0006000000016cd3-75.dat	upx
behavioral1/files/0x0006000000016c58-65.dat	upx
behavioral1/files/0x0006000000016c3d-55.dat	upx
behavioral1/files/0x00080000000167dc-45.dat	upx
behavioral1/memory/2220-2184-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2100-2190-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2436-2192-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2808-2194-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2316-2197-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2756-2302-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2832-2324-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2756-2728-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/3036-2727-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2100-2726-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2436-2725-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2808-2724-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2220-2750-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2832-2741-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2316-2738-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2420-2785-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\grFOkLw.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VYglHxW.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RuHCcpT.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SscjoOm.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iKkKNuD.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aRRxyIq.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IhhVRtG.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BAzCdTJ.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SVSNQjR.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zijZIjk.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVetsfZ.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UHyMWFR.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNPmozI.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kamXFxl.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iFkFGoD.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqYfhel.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nizvKHt.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sKIgqpG.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JwOvZbz.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\baKfsTy.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjjDKIi.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MFyJWnd.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DNXCeEY.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VYTTrie.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tzbyTVQ.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yYZAhnl.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NVChKGR.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxgrqPT.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmiMEnw.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJXIgye.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FSSXrab.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kCwKquT.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdJjsdz.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHOGaxI.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wEZrezt.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RsvLNzF.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dlOgGbW.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KwSImBI.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QvQQIDA.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YjzNimj.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wTphAzc.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xzyjdDL.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GyJZVTs.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FFQvOeh.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZWgbUaH.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JChvthF.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aplEdsY.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pbIbkpl.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dEYJqUw.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZfHQcSy.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DIczUus.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MsDjqNg.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nYFNsUY.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CthdzvZ.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kHSTwkp.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yIOeQxv.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gocihIa.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PaOGzMX.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DqOPcmK.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ylOpFBx.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NkJrbpW.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CJnBUVY.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yGRDKLD.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TMZwVYd.exe	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 3036	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2420 wrote to memory of 3036	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2420 wrote to memory of 3036	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2420 wrote to memory of 2220	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2420 wrote to memory of 2220	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2420 wrote to memory of 2220	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2420 wrote to memory of 2100	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2420 wrote to memory of 2100	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2420 wrote to memory of 2100	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2420 wrote to memory of 2436	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2420 wrote to memory of 2436	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2420 wrote to memory of 2436	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2420 wrote to memory of 2808	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2420 wrote to memory of 2808	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2420 wrote to memory of 2808	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2420 wrote to memory of 2316	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2420 wrote to memory of 2316	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2420 wrote to memory of 2316	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2420 wrote to memory of 2756	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2420 wrote to memory of 2756	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2420 wrote to memory of 2756	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2420 wrote to memory of 2832	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2420 wrote to memory of 2832	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2420 wrote to memory of 2832	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2420 wrote to memory of 2824	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2420 wrote to memory of 2824	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2420 wrote to memory of 2824	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2420 wrote to memory of 2976	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2420 wrote to memory of 2976	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2420 wrote to memory of 2976	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2420 wrote to memory of 2648	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2420 wrote to memory of 2648	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2420 wrote to memory of 2648	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2420 wrote to memory of 2092	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2420 wrote to memory of 2092	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2420 wrote to memory of 2092	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2420 wrote to memory of 2788	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2420 wrote to memory of 2788	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2420 wrote to memory of 2788	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2420 wrote to memory of 2728	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2420 wrote to memory of 2728	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2420 wrote to memory of 2728	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2420 wrote to memory of 2192	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2420 wrote to memory of 2192	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2420 wrote to memory of 2192	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2420 wrote to memory of 1524	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2420 wrote to memory of 1524	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2420 wrote to memory of 1524	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2420 wrote to memory of 1388	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2420 wrote to memory of 1388	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2420 wrote to memory of 1388	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2420 wrote to memory of 1844	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2420 wrote to memory of 1844	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2420 wrote to memory of 1844	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2420 wrote to memory of 2524	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2420 wrote to memory of 2524	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2420 wrote to memory of 2524	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2420 wrote to memory of 1820	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2420 wrote to memory of 1820	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2420 wrote to memory of 1820	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2420 wrote to memory of 1884	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2420 wrote to memory of 1884	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2420 wrote to memory of 1884	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2420 wrote to memory of 1272	2420	2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_b4acded8d60e00b6132b14507baf0774_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\System\nCwSwPD.exe
  C:\Windows\System\nCwSwPD.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\zHOGaxI.exe
  C:\Windows\System\zHOGaxI.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\jRUNTWk.exe
  C:\Windows\System\jRUNTWk.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\myVsuxC.exe
  C:\Windows\System\myVsuxC.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\MJoeVaz.exe
  C:\Windows\System\MJoeVaz.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\FtfFAMi.exe
  C:\Windows\System\FtfFAMi.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\QQoidzK.exe
  C:\Windows\System\QQoidzK.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\NgYZmph.exe
  C:\Windows\System\NgYZmph.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\AnBUxAa.exe
  C:\Windows\System\AnBUxAa.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\nVetsfZ.exe
  C:\Windows\System\nVetsfZ.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\wTrpVPc.exe
  C:\Windows\System\wTrpVPc.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\SCwWttu.exe
  C:\Windows\System\SCwWttu.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\ZJeAHTV.exe
  C:\Windows\System\ZJeAHTV.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\HSHgfyE.exe
  C:\Windows\System\HSHgfyE.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\cIefAeP.exe
  C:\Windows\System\cIefAeP.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\bKhMEFf.exe
  C:\Windows\System\bKhMEFf.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\wIZRhXp.exe
  C:\Windows\System\wIZRhXp.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\saynLAC.exe
  C:\Windows\System\saynLAC.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\bQtfbsf.exe
  C:\Windows\System\bQtfbsf.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\QOOueaR.exe
  C:\Windows\System\QOOueaR.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\UXcLkel.exe
  C:\Windows\System\UXcLkel.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\uQynWvU.exe
  C:\Windows\System\uQynWvU.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\HzBGXTC.exe
  C:\Windows\System\HzBGXTC.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\qjzkMUK.exe
  C:\Windows\System\qjzkMUK.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\rXpHFqN.exe
  C:\Windows\System\rXpHFqN.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\BKvaMOY.exe
  C:\Windows\System\BKvaMOY.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\DWSKyBP.exe
  C:\Windows\System\DWSKyBP.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\BjvFDnv.exe
  C:\Windows\System\BjvFDnv.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\HiBfcqT.exe
  C:\Windows\System\HiBfcqT.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\UKgAMgT.exe
  C:\Windows\System\UKgAMgT.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\iKkKNuD.exe
  C:\Windows\System\iKkKNuD.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\OVaCbrg.exe
  C:\Windows\System\OVaCbrg.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\zuaNqKB.exe
  C:\Windows\System\zuaNqKB.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\AIEQfxQ.exe
  C:\Windows\System\AIEQfxQ.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\dMLAIqw.exe
  C:\Windows\System\dMLAIqw.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\OBpoXaB.exe
  C:\Windows\System\OBpoXaB.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\buFwWFp.exe
  C:\Windows\System\buFwWFp.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\gNgZWVU.exe
  C:\Windows\System\gNgZWVU.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\UPnakXa.exe
  C:\Windows\System\UPnakXa.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\vgSLZiP.exe
  C:\Windows\System\vgSLZiP.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\fJuXiCn.exe
  C:\Windows\System\fJuXiCn.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\XwUnxlj.exe
  C:\Windows\System\XwUnxlj.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\yfkRvih.exe
  C:\Windows\System\yfkRvih.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\TUOZGTv.exe
  C:\Windows\System\TUOZGTv.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\BPAUVXB.exe
  C:\Windows\System\BPAUVXB.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\SVSNQjR.exe
  C:\Windows\System\SVSNQjR.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\xLdwkDY.exe
  C:\Windows\System\xLdwkDY.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\twKYFGs.exe
  C:\Windows\System\twKYFGs.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\ffjQxah.exe
  C:\Windows\System\ffjQxah.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\jfyYyLh.exe
  C:\Windows\System\jfyYyLh.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\UJuuqkz.exe
  C:\Windows\System\UJuuqkz.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\QZUXTle.exe
  C:\Windows\System\QZUXTle.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\suqSSKE.exe
  C:\Windows\System\suqSSKE.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\dqfGfxg.exe
  C:\Windows\System\dqfGfxg.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\GbcwlTr.exe
  C:\Windows\System\GbcwlTr.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\CcuRsMP.exe
  C:\Windows\System\CcuRsMP.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\AEteyJS.exe
  C:\Windows\System\AEteyJS.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\uGdABYD.exe
  C:\Windows\System\uGdABYD.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\pLXqMgR.exe
  C:\Windows\System\pLXqMgR.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\MRdkZiZ.exe
  C:\Windows\System\MRdkZiZ.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\aoxjzJq.exe
  C:\Windows\System\aoxjzJq.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\KejuoQS.exe
  C:\Windows\System\KejuoQS.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\yIQyAoS.exe
  C:\Windows\System\yIQyAoS.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\KtEPleX.exe
  C:\Windows\System\KtEPleX.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\mldkZLk.exe
  C:\Windows\System\mldkZLk.exe
  2⤵
  PID:2636
- C:\Windows\System\bTrJAwO.exe
  C:\Windows\System\bTrJAwO.exe
  2⤵
  PID:1292
- C:\Windows\System\hCVzENi.exe
  C:\Windows\System\hCVzENi.exe
  2⤵
  PID:2160
- C:\Windows\System\iWAxTdc.exe
  C:\Windows\System\iWAxTdc.exe
  2⤵
  PID:2624
- C:\Windows\System\KARZTuH.exe
  C:\Windows\System\KARZTuH.exe
  2⤵
  PID:1800
- C:\Windows\System\PveMOki.exe
  C:\Windows\System\PveMOki.exe
  2⤵
  PID:2444
- C:\Windows\System\FXuYQZg.exe
  C:\Windows\System\FXuYQZg.exe
  2⤵
  PID:820
- C:\Windows\System\gRJDqAH.exe
  C:\Windows\System\gRJDqAH.exe
  2⤵
  PID:2700
- C:\Windows\System\KuKaxjW.exe
  C:\Windows\System\KuKaxjW.exe
  2⤵
  PID:1724
- C:\Windows\System\ZXPngDV.exe
  C:\Windows\System\ZXPngDV.exe
  2⤵
  PID:2236
- C:\Windows\System\hsEAYgH.exe
  C:\Windows\System\hsEAYgH.exe
  2⤵
  PID:2712
- C:\Windows\System\OshbUmD.exe
  C:\Windows\System\OshbUmD.exe
  2⤵
  PID:2468
- C:\Windows\System\UHyMWFR.exe
  C:\Windows\System\UHyMWFR.exe
  2⤵
  PID:1516
- C:\Windows\System\ZLrxLIQ.exe
  C:\Windows\System\ZLrxLIQ.exe
  2⤵
  PID:352
- C:\Windows\System\DisSYdY.exe
  C:\Windows\System\DisSYdY.exe
  2⤵
  PID:1748
- C:\Windows\System\edcAIEs.exe
  C:\Windows\System\edcAIEs.exe
  2⤵
  PID:1776
- C:\Windows\System\zypAdPn.exe
  C:\Windows\System\zypAdPn.exe
  2⤵
  PID:2116
- C:\Windows\System\aVQLXMw.exe
  C:\Windows\System\aVQLXMw.exe
  2⤵
  PID:2024
- C:\Windows\System\ZmVoHCT.exe
  C:\Windows\System\ZmVoHCT.exe
  2⤵
  PID:2204
- C:\Windows\System\KTxqHxq.exe
  C:\Windows\System\KTxqHxq.exe
  2⤵
  PID:1784
- C:\Windows\System\bMtSOFn.exe
  C:\Windows\System\bMtSOFn.exe
  2⤵
  PID:1336
- C:\Windows\System\VYTTrie.exe
  C:\Windows\System\VYTTrie.exe
  2⤵
  PID:1036
- C:\Windows\System\SLWCqSm.exe
  C:\Windows\System\SLWCqSm.exe
  2⤵
  PID:2044
- C:\Windows\System\LXlfgXj.exe
  C:\Windows\System\LXlfgXj.exe
  2⤵
  PID:1340
- C:\Windows\System\vOxqAFf.exe
  C:\Windows\System\vOxqAFf.exe
  2⤵
  PID:2296
- C:\Windows\System\UNaaWEU.exe
  C:\Windows\System\UNaaWEU.exe
  2⤵
  PID:324
- C:\Windows\System\fIOLnMa.exe
  C:\Windows\System\fIOLnMa.exe
  2⤵
  PID:108
- C:\Windows\System\KOIACEb.exe
  C:\Windows\System\KOIACEb.exe
  2⤵
  PID:860
- C:\Windows\System\tDewtwy.exe
  C:\Windows\System\tDewtwy.exe
  2⤵
  PID:1608
- C:\Windows\System\PwPfYSJ.exe
  C:\Windows\System\PwPfYSJ.exe
  2⤵
  PID:3028
- C:\Windows\System\dAdCgpc.exe
  C:\Windows\System\dAdCgpc.exe
  2⤵
  PID:2964
- C:\Windows\System\TrCeXas.exe
  C:\Windows\System\TrCeXas.exe
  2⤵
  PID:2720
- C:\Windows\System\MNafunG.exe
  C:\Windows\System\MNafunG.exe
  2⤵
  PID:2620
- C:\Windows\System\zQlrmqX.exe
  C:\Windows\System\zQlrmqX.exe
  2⤵
  PID:3060
- C:\Windows\System\WLUmpIP.exe
  C:\Windows\System\WLUmpIP.exe
  2⤵
  PID:2628
- C:\Windows\System\lejYvoj.exe
  C:\Windows\System\lejYvoj.exe
  2⤵
  PID:2880
- C:\Windows\System\mzsebBT.exe
  C:\Windows\System\mzsebBT.exe
  2⤵
  PID:1972
- C:\Windows\System\JTxvMJd.exe
  C:\Windows\System\JTxvMJd.exe
  2⤵
  PID:3032
- C:\Windows\System\BtVANRm.exe
  C:\Windows\System\BtVANRm.exe
  2⤵
  PID:2944
- C:\Windows\System\VuDMBQq.exe
  C:\Windows\System\VuDMBQq.exe
  2⤵
  PID:1596
- C:\Windows\System\eycFgoK.exe
  C:\Windows\System\eycFgoK.exe
  2⤵
  PID:292
- C:\Windows\System\veXMwBC.exe
  C:\Windows\System\veXMwBC.exe
  2⤵
  PID:1128
- C:\Windows\System\EvrqVUv.exe
  C:\Windows\System\EvrqVUv.exe
  2⤵
  PID:1692
- C:\Windows\System\UEJkrbv.exe
  C:\Windows\System\UEJkrbv.exe
  2⤵
  PID:1552
- C:\Windows\System\USIjkOG.exe
  C:\Windows\System\USIjkOG.exe
  2⤵
  PID:1756
- C:\Windows\System\AwHOWQU.exe
  C:\Windows\System\AwHOWQU.exe
  2⤵
  PID:1652
- C:\Windows\System\OVXFQjF.exe
  C:\Windows\System\OVXFQjF.exe
  2⤵
  PID:672
- C:\Windows\System\CmndrCQ.exe
  C:\Windows\System\CmndrCQ.exe
  2⤵
  PID:1980
- C:\Windows\System\UhWmVnm.exe
  C:\Windows\System\UhWmVnm.exe
  2⤵
  PID:2580
- C:\Windows\System\JcwculD.exe
  C:\Windows\System\JcwculD.exe
  2⤵
  PID:476
- C:\Windows\System\WVOceMT.exe
  C:\Windows\System\WVOceMT.exe
  2⤵
  PID:2536
- C:\Windows\System\WWqGXpL.exe
  C:\Windows\System\WWqGXpL.exe
  2⤵
  PID:2836
- C:\Windows\System\lGJHLZi.exe
  C:\Windows\System\lGJHLZi.exe
  2⤵
  PID:2784
- C:\Windows\System\ujmsTpO.exe
  C:\Windows\System\ujmsTpO.exe
  2⤵
  PID:3092
- C:\Windows\System\lVWwVpl.exe
  C:\Windows\System\lVWwVpl.exe
  2⤵
  PID:3112
- C:\Windows\System\jFRMhxC.exe
  C:\Windows\System\jFRMhxC.exe
  2⤵
  PID:3132
- C:\Windows\System\UNudLIr.exe
  C:\Windows\System\UNudLIr.exe
  2⤵
  PID:3152
- C:\Windows\System\eVCWvZq.exe
  C:\Windows\System\eVCWvZq.exe
  2⤵
  PID:3172
- C:\Windows\System\nYFNsUY.exe
  C:\Windows\System\nYFNsUY.exe
  2⤵
  PID:3192
- C:\Windows\System\dVKUOCO.exe
  C:\Windows\System\dVKUOCO.exe
  2⤵
  PID:3212
- C:\Windows\System\znpGYFH.exe
  C:\Windows\System\znpGYFH.exe
  2⤵
  PID:3232
- C:\Windows\System\WCAFKFX.exe
  C:\Windows\System\WCAFKFX.exe
  2⤵
  PID:3252
- C:\Windows\System\gBcFmgj.exe
  C:\Windows\System\gBcFmgj.exe
  2⤵
  PID:3272
- C:\Windows\System\xWOJbZS.exe
  C:\Windows\System\xWOJbZS.exe
  2⤵
  PID:3292
- C:\Windows\System\ZEtopyI.exe
  C:\Windows\System\ZEtopyI.exe
  2⤵
  PID:3316
- C:\Windows\System\dhMQUbG.exe
  C:\Windows\System\dhMQUbG.exe
  2⤵
  PID:3336
- C:\Windows\System\JmrVSpP.exe
  C:\Windows\System\JmrVSpP.exe
  2⤵
  PID:3356
- C:\Windows\System\MfJrGtG.exe
  C:\Windows\System\MfJrGtG.exe
  2⤵
  PID:3376
- C:\Windows\System\etWNyHl.exe
  C:\Windows\System\etWNyHl.exe
  2⤵
  PID:3396
- C:\Windows\System\TROJPuQ.exe
  C:\Windows\System\TROJPuQ.exe
  2⤵
  PID:3416
- C:\Windows\System\jDpjmay.exe
  C:\Windows\System\jDpjmay.exe
  2⤵
  PID:3436
- C:\Windows\System\OwTEGMn.exe
  C:\Windows\System\OwTEGMn.exe
  2⤵
  PID:3456
- C:\Windows\System\qKwVssf.exe
  C:\Windows\System\qKwVssf.exe
  2⤵
  PID:3472
- C:\Windows\System\HcMpKPK.exe
  C:\Windows\System\HcMpKPK.exe
  2⤵
  PID:3496
- C:\Windows\System\kYZTcXo.exe
  C:\Windows\System\kYZTcXo.exe
  2⤵
  PID:3516
- C:\Windows\System\XGdmapZ.exe
  C:\Windows\System\XGdmapZ.exe
  2⤵
  PID:3536
- C:\Windows\System\KLSqWzv.exe
  C:\Windows\System\KLSqWzv.exe
  2⤵
  PID:3556
- C:\Windows\System\HhFMnHY.exe
  C:\Windows\System\HhFMnHY.exe
  2⤵
  PID:3576
- C:\Windows\System\vkZiPCc.exe
  C:\Windows\System\vkZiPCc.exe
  2⤵
  PID:3596
- C:\Windows\System\luTwAsT.exe
  C:\Windows\System\luTwAsT.exe
  2⤵
  PID:3616
- C:\Windows\System\jgvNclE.exe
  C:\Windows\System\jgvNclE.exe
  2⤵
  PID:3632
- C:\Windows\System\oHiHvQb.exe
  C:\Windows\System\oHiHvQb.exe
  2⤵
  PID:3656
- C:\Windows\System\PANJoYo.exe
  C:\Windows\System\PANJoYo.exe
  2⤵
  PID:3676
- C:\Windows\System\GVCfnNS.exe
  C:\Windows\System\GVCfnNS.exe
  2⤵
  PID:3692
- C:\Windows\System\hAKFCRU.exe
  C:\Windows\System\hAKFCRU.exe
  2⤵
  PID:3712
- C:\Windows\System\pemcPow.exe
  C:\Windows\System\pemcPow.exe
  2⤵
  PID:3736
- C:\Windows\System\pzBSIYu.exe
  C:\Windows\System\pzBSIYu.exe
  2⤵
  PID:3752
- C:\Windows\System\YOwMqvL.exe
  C:\Windows\System\YOwMqvL.exe
  2⤵
  PID:3772
- C:\Windows\System\AibPTPq.exe
  C:\Windows\System\AibPTPq.exe
  2⤵
  PID:3792
- C:\Windows\System\xqRSSBe.exe
  C:\Windows\System\xqRSSBe.exe
  2⤵
  PID:3816
- C:\Windows\System\yktMCLc.exe
  C:\Windows\System\yktMCLc.exe
  2⤵
  PID:3836
- C:\Windows\System\RAfgEEW.exe
  C:\Windows\System\RAfgEEW.exe
  2⤵
  PID:3856
- C:\Windows\System\KnjbOus.exe
  C:\Windows\System\KnjbOus.exe
  2⤵
  PID:3876
- C:\Windows\System\jFZHLaf.exe
  C:\Windows\System\jFZHLaf.exe
  2⤵
  PID:3896
- C:\Windows\System\FFQvOeh.exe
  C:\Windows\System\FFQvOeh.exe
  2⤵
  PID:3916
- C:\Windows\System\cjJqHNt.exe
  C:\Windows\System\cjJqHNt.exe
  2⤵
  PID:3936
- C:\Windows\System\CERyqjr.exe
  C:\Windows\System\CERyqjr.exe
  2⤵
  PID:3956
- C:\Windows\System\lAqBaMo.exe
  C:\Windows\System\lAqBaMo.exe
  2⤵
  PID:3976
- C:\Windows\System\TYWosWR.exe
  C:\Windows\System\TYWosWR.exe
  2⤵
  PID:4000
- C:\Windows\System\NfbCmUd.exe
  C:\Windows\System\NfbCmUd.exe
  2⤵
  PID:4020
- C:\Windows\System\McESFac.exe
  C:\Windows\System\McESFac.exe
  2⤵
  PID:4040
- C:\Windows\System\YeAKMBS.exe
  C:\Windows\System\YeAKMBS.exe
  2⤵
  PID:4060
- C:\Windows\System\AvqdAtC.exe
  C:\Windows\System\AvqdAtC.exe
  2⤵
  PID:4080
- C:\Windows\System\LHFtmGf.exe
  C:\Windows\System\LHFtmGf.exe
  2⤵
  PID:2884
- C:\Windows\System\ugvtQEt.exe
  C:\Windows\System\ugvtQEt.exe
  2⤵
  PID:1780
- C:\Windows\System\eWuPliC.exe
  C:\Windows\System\eWuPliC.exe
  2⤵
  PID:1136
- C:\Windows\System\BKqenTb.exe
  C:\Windows\System\BKqenTb.exe
  2⤵
  PID:2512
- C:\Windows\System\VhdQyhm.exe
  C:\Windows\System\VhdQyhm.exe
  2⤵
  PID:1892
- C:\Windows\System\dbEiJPh.exe
  C:\Windows\System\dbEiJPh.exe
  2⤵
  PID:2252
- C:\Windows\System\XQKiWDu.exe
  C:\Windows\System\XQKiWDu.exe
  2⤵
  PID:1548
- C:\Windows\System\tInJGCx.exe
  C:\Windows\System\tInJGCx.exe
  2⤵
  PID:2264
- C:\Windows\System\DyoHOHa.exe
  C:\Windows\System\DyoHOHa.exe
  2⤵
  PID:1492
- C:\Windows\System\zfrZzzA.exe
  C:\Windows\System\zfrZzzA.exe
  2⤵
  PID:1584
- C:\Windows\System\WnyHnLs.exe
  C:\Windows\System\WnyHnLs.exe
  2⤵
  PID:2704
- C:\Windows\System\ArbggpK.exe
  C:\Windows\System\ArbggpK.exe
  2⤵
  PID:3084
- C:\Windows\System\YZSCTzw.exe
  C:\Windows\System\YZSCTzw.exe
  2⤵
  PID:3128
- C:\Windows\System\AJdURKx.exe
  C:\Windows\System\AJdURKx.exe
  2⤵
  PID:3140
- C:\Windows\System\tlwMqgs.exe
  C:\Windows\System\tlwMqgs.exe
  2⤵
  PID:3164
- C:\Windows\System\FsuWhGr.exe
  C:\Windows\System\FsuWhGr.exe
  2⤵
  PID:3184
- C:\Windows\System\TqDFXwu.exe
  C:\Windows\System\TqDFXwu.exe
  2⤵
  PID:3244
- C:\Windows\System\CbJHcZg.exe
  C:\Windows\System\CbJHcZg.exe
  2⤵
  PID:3224
- C:\Windows\System\NNnoZvA.exe
  C:\Windows\System\NNnoZvA.exe
  2⤵
  PID:3324
- C:\Windows\System\QAigVbk.exe
  C:\Windows\System\QAigVbk.exe
  2⤵
  PID:3304
- C:\Windows\System\YfLdBuo.exe
  C:\Windows\System\YfLdBuo.exe
  2⤵
  PID:3404
- C:\Windows\System\ksOGSdN.exe
  C:\Windows\System\ksOGSdN.exe
  2⤵
  PID:3392
- C:\Windows\System\CyHmydj.exe
  C:\Windows\System\CyHmydj.exe
  2⤵
  PID:3452
- C:\Windows\System\mvqILSA.exe
  C:\Windows\System\mvqILSA.exe
  2⤵
  PID:3488
- C:\Windows\System\HJPefAi.exe
  C:\Windows\System\HJPefAi.exe
  2⤵
  PID:3528
- C:\Windows\System\WjyikHF.exe
  C:\Windows\System\WjyikHF.exe
  2⤵
  PID:3564
- C:\Windows\System\LyNHQkk.exe
  C:\Windows\System\LyNHQkk.exe
  2⤵
  PID:3608
- C:\Windows\System\uUojSyx.exe
  C:\Windows\System\uUojSyx.exe
  2⤵
  PID:3640
- C:\Windows\System\uBEwAPf.exe
  C:\Windows\System\uBEwAPf.exe
  2⤵
  PID:3628
- C:\Windows\System\uVMDKAl.exe
  C:\Windows\System\uVMDKAl.exe
  2⤵
  PID:3668
- C:\Windows\System\IMgXDjV.exe
  C:\Windows\System\IMgXDjV.exe
  2⤵
  PID:3700
- C:\Windows\System\ikTIPxc.exe
  C:\Windows\System\ikTIPxc.exe
  2⤵
  PID:3764
- C:\Windows\System\PuRoAEd.exe
  C:\Windows\System\PuRoAEd.exe
  2⤵
  PID:3784
- C:\Windows\System\TVhKPwg.exe
  C:\Windows\System\TVhKPwg.exe
  2⤵
  PID:3812
- C:\Windows\System\jHBfZxG.exe
  C:\Windows\System\jHBfZxG.exe
  2⤵
  PID:3828
- C:\Windows\System\LqTFhms.exe
  C:\Windows\System\LqTFhms.exe
  2⤵
  PID:3864
- C:\Windows\System\lqOLDfL.exe
  C:\Windows\System\lqOLDfL.exe
  2⤵
  PID:3908
- C:\Windows\System\TyedQGn.exe
  C:\Windows\System\TyedQGn.exe
  2⤵
  PID:3944
- C:\Windows\System\PbmcRed.exe
  C:\Windows\System\PbmcRed.exe
  2⤵
  PID:4008
- C:\Windows\System\swQxpGk.exe
  C:\Windows\System\swQxpGk.exe
  2⤵
  PID:3996
- C:\Windows\System\HKnfuhA.exe
  C:\Windows\System\HKnfuhA.exe
  2⤵
  PID:4032
- C:\Windows\System\wbzPaGK.exe
  C:\Windows\System\wbzPaGK.exe
  2⤵
  PID:4072
- C:\Windows\System\oDoqNUN.exe
  C:\Windows\System\oDoqNUN.exe
  2⤵
  PID:1824
- C:\Windows\System\IIyWHbs.exe
  C:\Windows\System\IIyWHbs.exe
  2⤵
  PID:2184
- C:\Windows\System\jwuCWVr.exe
  C:\Windows\System\jwuCWVr.exe
  2⤵
  PID:2040
- C:\Windows\System\SuUsKqG.exe
  C:\Windows\System\SuUsKqG.exe
  2⤵
  PID:1168
- C:\Windows\System\aACLypK.exe
  C:\Windows\System\aACLypK.exe
  2⤵
  PID:2076
- C:\Windows\System\RQiVsMi.exe
  C:\Windows\System\RQiVsMi.exe
  2⤵
  PID:2556
- C:\Windows\System\IcfOhUY.exe
  C:\Windows\System\IcfOhUY.exe
  2⤵
  PID:3120
- C:\Windows\System\uOjZNoZ.exe
  C:\Windows\System\uOjZNoZ.exe
  2⤵
  PID:3144
- C:\Windows\System\eygpjoO.exe
  C:\Windows\System\eygpjoO.exe
  2⤵
  PID:3240
- C:\Windows\System\xPwwJQE.exe
  C:\Windows\System\xPwwJQE.exe
  2⤵
  PID:3180
- C:\Windows\System\Qggjpvu.exe
  C:\Windows\System\Qggjpvu.exe
  2⤵
  PID:3284
- C:\Windows\System\WlkXAxk.exe
  C:\Windows\System\WlkXAxk.exe
  2⤵
  PID:3372
- C:\Windows\System\wQFZmBm.exe
  C:\Windows\System\wQFZmBm.exe
  2⤵
  PID:3384
- C:\Windows\System\zouBjSH.exe
  C:\Windows\System\zouBjSH.exe
  2⤵
  PID:3484
- C:\Windows\System\XJURlVF.exe
  C:\Windows\System\XJURlVF.exe
  2⤵
  PID:3568
- C:\Windows\System\qUqiQaM.exe
  C:\Windows\System\qUqiQaM.exe
  2⤵
  PID:3624
- C:\Windows\System\SijQLrP.exe
  C:\Windows\System\SijQLrP.exe
  2⤵
  PID:3552
- C:\Windows\System\OvLGcFc.exe
  C:\Windows\System\OvLGcFc.exe
  2⤵
  PID:3720
- C:\Windows\System\uhlBcnG.exe
  C:\Windows\System\uhlBcnG.exe
  2⤵
  PID:3728
- C:\Windows\System\BrrDXwQ.exe
  C:\Windows\System\BrrDXwQ.exe
  2⤵
  PID:3832
- C:\Windows\System\PRebMTL.exe
  C:\Windows\System\PRebMTL.exe
  2⤵
  PID:3904
- C:\Windows\System\HPVrXUm.exe
  C:\Windows\System\HPVrXUm.exe
  2⤵
  PID:3972
- C:\Windows\System\keOJYUq.exe
  C:\Windows\System\keOJYUq.exe
  2⤵
  PID:3928
- C:\Windows\System\Qytfkbo.exe
  C:\Windows\System\Qytfkbo.exe
  2⤵
  PID:3984
- C:\Windows\System\wEZrezt.exe
  C:\Windows\System\wEZrezt.exe
  2⤵
  PID:4076
- C:\Windows\System\hEyfrrG.exe
  C:\Windows\System\hEyfrrG.exe
  2⤵
  PID:1080
- C:\Windows\System\EPUxlWS.exe
  C:\Windows\System\EPUxlWS.exe
  2⤵
  PID:2376
- C:\Windows\System\aHgEDMr.exe
  C:\Windows\System\aHgEDMr.exe
  2⤵
  PID:900
- C:\Windows\System\jFMvyMd.exe
  C:\Windows\System\jFMvyMd.exe
  2⤵
  PID:1612
- C:\Windows\System\wfdWkHq.exe
  C:\Windows\System\wfdWkHq.exe
  2⤵
  PID:2876
- C:\Windows\System\iaiYekW.exe
  C:\Windows\System\iaiYekW.exe
  2⤵
  PID:3268
- C:\Windows\System\rLqKcxq.exe
  C:\Windows\System\rLqKcxq.exe
  2⤵
  PID:3308
- C:\Windows\System\OlcKhuj.exe
  C:\Windows\System\OlcKhuj.exe
  2⤵
  PID:3424
- C:\Windows\System\YJnNkWn.exe
  C:\Windows\System\YJnNkWn.exe
  2⤵
  PID:3588
- C:\Windows\System\EwtruId.exe
  C:\Windows\System\EwtruId.exe
  2⤵
  PID:4116
- C:\Windows\System\nfQtcPj.exe
  C:\Windows\System\nfQtcPj.exe
  2⤵
  PID:4132
- C:\Windows\System\hkImhmn.exe
  C:\Windows\System\hkImhmn.exe
  2⤵
  PID:4156
- C:\Windows\System\iHVtfVu.exe
  C:\Windows\System\iHVtfVu.exe
  2⤵
  PID:4176
- C:\Windows\System\ThGvLfh.exe
  C:\Windows\System\ThGvLfh.exe
  2⤵
  PID:4196
- C:\Windows\System\gpqyHRB.exe
  C:\Windows\System\gpqyHRB.exe
  2⤵
  PID:4216
- C:\Windows\System\LhFBRiD.exe
  C:\Windows\System\LhFBRiD.exe
  2⤵
  PID:4236
- C:\Windows\System\ACTqjsL.exe
  C:\Windows\System\ACTqjsL.exe
  2⤵
  PID:4256
- C:\Windows\System\ooFsEIl.exe
  C:\Windows\System\ooFsEIl.exe
  2⤵
  PID:4276
- C:\Windows\System\nAnNdiG.exe
  C:\Windows\System\nAnNdiG.exe
  2⤵
  PID:4296
- C:\Windows\System\cjYRirA.exe
  C:\Windows\System\cjYRirA.exe
  2⤵
  PID:4316
- C:\Windows\System\CeOSAbe.exe
  C:\Windows\System\CeOSAbe.exe
  2⤵
  PID:4336
- C:\Windows\System\AnFzXwp.exe
  C:\Windows\System\AnFzXwp.exe
  2⤵
  PID:4352
- C:\Windows\System\EAOSCTC.exe
  C:\Windows\System\EAOSCTC.exe
  2⤵
  PID:4376
- C:\Windows\System\PlmhttB.exe
  C:\Windows\System\PlmhttB.exe
  2⤵
  PID:4400
- C:\Windows\System\RBeUubJ.exe
  C:\Windows\System\RBeUubJ.exe
  2⤵
  PID:4416
- C:\Windows\System\qLxyODx.exe
  C:\Windows\System\qLxyODx.exe
  2⤵
  PID:4436
- C:\Windows\System\YfBGsSP.exe
  C:\Windows\System\YfBGsSP.exe
  2⤵
  PID:4460
- C:\Windows\System\aYFPLGi.exe
  C:\Windows\System\aYFPLGi.exe
  2⤵
  PID:4480
- C:\Windows\System\fSPnPkj.exe
  C:\Windows\System\fSPnPkj.exe
  2⤵
  PID:4500
- C:\Windows\System\kLKdHyR.exe
  C:\Windows\System\kLKdHyR.exe
  2⤵
  PID:4520
- C:\Windows\System\diDQQOB.exe
  C:\Windows\System\diDQQOB.exe
  2⤵
  PID:4540
- C:\Windows\System\LdfUJyU.exe
  C:\Windows\System\LdfUJyU.exe
  2⤵
  PID:4560
- C:\Windows\System\pbIbkpl.exe
  C:\Windows\System\pbIbkpl.exe
  2⤵
  PID:4580
- C:\Windows\System\oRaBMIc.exe
  C:\Windows\System\oRaBMIc.exe
  2⤵
  PID:4600
- C:\Windows\System\jzKLWpZ.exe
  C:\Windows\System\jzKLWpZ.exe
  2⤵
  PID:4620
- C:\Windows\System\kuAynHh.exe
  C:\Windows\System\kuAynHh.exe
  2⤵
  PID:4640
- C:\Windows\System\WzFwXNB.exe
  C:\Windows\System\WzFwXNB.exe
  2⤵
  PID:4660
- C:\Windows\System\AtqWcbf.exe
  C:\Windows\System\AtqWcbf.exe
  2⤵
  PID:4680
- C:\Windows\System\LiJfvhU.exe
  C:\Windows\System\LiJfvhU.exe
  2⤵
  PID:4700
- C:\Windows\System\DCaxQpp.exe
  C:\Windows\System\DCaxQpp.exe
  2⤵
  PID:4720
- C:\Windows\System\gyvCLWm.exe
  C:\Windows\System\gyvCLWm.exe
  2⤵
  PID:4740
- C:\Windows\System\ZTkWlXc.exe
  C:\Windows\System\ZTkWlXc.exe
  2⤵
  PID:4760
- C:\Windows\System\LHdeUHj.exe
  C:\Windows\System\LHdeUHj.exe
  2⤵
  PID:4780
- C:\Windows\System\AfJnQYl.exe
  C:\Windows\System\AfJnQYl.exe
  2⤵
  PID:4800
- C:\Windows\System\POuZkiW.exe
  C:\Windows\System\POuZkiW.exe
  2⤵
  PID:4820
- C:\Windows\System\PIxvltQ.exe
  C:\Windows\System\PIxvltQ.exe
  2⤵
  PID:4840
- C:\Windows\System\BOplCrZ.exe
  C:\Windows\System\BOplCrZ.exe
  2⤵
  PID:4860
- C:\Windows\System\BRgUyPl.exe
  C:\Windows\System\BRgUyPl.exe
  2⤵
  PID:4880
- C:\Windows\System\ytkgqYq.exe
  C:\Windows\System\ytkgqYq.exe
  2⤵
  PID:4900
- C:\Windows\System\gocihIa.exe
  C:\Windows\System\gocihIa.exe
  2⤵
  PID:4920
- C:\Windows\System\JrlGktJ.exe
  C:\Windows\System\JrlGktJ.exe
  2⤵
  PID:4940
- C:\Windows\System\mHHATnI.exe
  C:\Windows\System\mHHATnI.exe
  2⤵
  PID:4960
- C:\Windows\System\BrNZXMR.exe
  C:\Windows\System\BrNZXMR.exe
  2⤵
  PID:4980
- C:\Windows\System\OrskYae.exe
  C:\Windows\System\OrskYae.exe
  2⤵
  PID:5000
- C:\Windows\System\mhsVSLI.exe
  C:\Windows\System\mhsVSLI.exe
  2⤵
  PID:5020
- C:\Windows\System\CfxhdSR.exe
  C:\Windows\System\CfxhdSR.exe
  2⤵
  PID:5044
- C:\Windows\System\ZShPBFx.exe
  C:\Windows\System\ZShPBFx.exe
  2⤵
  PID:5064
- C:\Windows\System\pLmeGRo.exe
  C:\Windows\System\pLmeGRo.exe
  2⤵
  PID:5084
- C:\Windows\System\ldKfjnh.exe
  C:\Windows\System\ldKfjnh.exe
  2⤵
  PID:5104
- C:\Windows\System\zJhKLYJ.exe
  C:\Windows\System\zJhKLYJ.exe
  2⤵
  PID:3548
- C:\Windows\System\UmaSgdi.exe
  C:\Windows\System\UmaSgdi.exe
  2⤵
  PID:3744
- C:\Windows\System\fswCIUI.exe
  C:\Windows\System\fswCIUI.exe
  2⤵
  PID:3780
- C:\Windows\System\WZpKThz.exe
  C:\Windows\System\WZpKThz.exe
  2⤵
  PID:3808
- C:\Windows\System\xeRmEyG.exe
  C:\Windows\System\xeRmEyG.exe
  2⤵
  PID:3948
- C:\Windows\System\BstacjG.exe
  C:\Windows\System\BstacjG.exe
  2⤵
  PID:4092
- C:\Windows\System\HRpovCy.exe
  C:\Windows\System\HRpovCy.exe
  2⤵
  PID:2488
- C:\Windows\System\WWYCWWa.exe
  C:\Windows\System\WWYCWWa.exe
  2⤵
  PID:1860
- C:\Windows\System\FWzixxz.exe
  C:\Windows\System\FWzixxz.exe
  2⤵
  PID:3188
- C:\Windows\System\tshsdfi.exe
  C:\Windows\System\tshsdfi.exe
  2⤵
  PID:3080
- C:\Windows\System\dwftUGY.exe
  C:\Windows\System\dwftUGY.exe
  2⤵
  PID:3352
- C:\Windows\System\keUJhuM.exe
  C:\Windows\System\keUJhuM.exe
  2⤵
  PID:4112
- C:\Windows\System\xBOVZeU.exe
  C:\Windows\System\xBOVZeU.exe
  2⤵
  PID:4152
- C:\Windows\System\YNwFMca.exe
  C:\Windows\System\YNwFMca.exe
  2⤵
  PID:4192
- C:\Windows\System\cvOSYfK.exe
  C:\Windows\System\cvOSYfK.exe
  2⤵
  PID:4224
- C:\Windows\System\BPThpQj.exe
  C:\Windows\System\BPThpQj.exe
  2⤵
  PID:4228
- C:\Windows\System\NziRDKt.exe
  C:\Windows\System\NziRDKt.exe
  2⤵
  PID:4272
- C:\Windows\System\grFOkLw.exe
  C:\Windows\System\grFOkLw.exe
  2⤵
  PID:4288
- C:\Windows\System\qGlzMiK.exe
  C:\Windows\System\qGlzMiK.exe
  2⤵
  PID:4328
- C:\Windows\System\UhJqOrH.exe
  C:\Windows\System\UhJqOrH.exe
  2⤵
  PID:4392
- C:\Windows\System\IzeOSFg.exe
  C:\Windows\System\IzeOSFg.exe
  2⤵
  PID:4360
- C:\Windows\System\DTRHGlM.exe
  C:\Windows\System\DTRHGlM.exe
  2⤵
  PID:4412
- C:\Windows\System\BvppBwr.exe
  C:\Windows\System\BvppBwr.exe
  2⤵
  PID:4476
- C:\Windows\System\maJIpsl.exe
  C:\Windows\System\maJIpsl.exe
  2⤵
  PID:4508
- C:\Windows\System\yMvdpYc.exe
  C:\Windows\System\yMvdpYc.exe
  2⤵
  PID:4536
- C:\Windows\System\rxVpvXP.exe
  C:\Windows\System\rxVpvXP.exe
  2⤵
  PID:4576
- C:\Windows\System\FgCUBli.exe
  C:\Windows\System\FgCUBli.exe
  2⤵
  PID:4628
- C:\Windows\System\MZEDMBX.exe
  C:\Windows\System\MZEDMBX.exe
  2⤵
  PID:4612
- C:\Windows\System\bPTqcbj.exe
  C:\Windows\System\bPTqcbj.exe
  2⤵
  PID:4676
- C:\Windows\System\jJQFENA.exe
  C:\Windows\System\jJQFENA.exe
  2⤵
  PID:4708
- C:\Windows\System\rKYFvWs.exe
  C:\Windows\System\rKYFvWs.exe
  2⤵
  PID:4732
- C:\Windows\System\asbEGVo.exe
  C:\Windows\System\asbEGVo.exe
  2⤵
  PID:4768
- C:\Windows\System\tELhJgc.exe
  C:\Windows\System\tELhJgc.exe
  2⤵
  PID:4836
- C:\Windows\System\sMJAGwd.exe
  C:\Windows\System\sMJAGwd.exe
  2⤵
  PID:4848
- C:\Windows\System\bOAUbDj.exe
  C:\Windows\System\bOAUbDj.exe
  2⤵
  PID:4872
- C:\Windows\System\wnYYcvH.exe
  C:\Windows\System\wnYYcvH.exe
  2⤵
  PID:4892
- C:\Windows\System\SGshiVk.exe
  C:\Windows\System\SGshiVk.exe
  2⤵
  PID:4932
- C:\Windows\System\Onqtnid.exe
  C:\Windows\System\Onqtnid.exe
  2⤵
  PID:4996
- C:\Windows\System\RGcyrvW.exe
  C:\Windows\System\RGcyrvW.exe
  2⤵
  PID:5032
- C:\Windows\System\HfuJaJd.exe
  C:\Windows\System\HfuJaJd.exe
  2⤵
  PID:5052
- C:\Windows\System\OahWTOK.exe
  C:\Windows\System\OahWTOK.exe
  2⤵
  PID:5076
- C:\Windows\System\ZkICXKW.exe
  C:\Windows\System\ZkICXKW.exe
  2⤵
  PID:3612
- C:\Windows\System\kKepwRk.exe
  C:\Windows\System\kKepwRk.exe
  2⤵
  PID:3508
- C:\Windows\System\WCKsTXm.exe
  C:\Windows\System\WCKsTXm.exe
  2⤵
  PID:3884
- C:\Windows\System\WIsTYLX.exe
  C:\Windows\System\WIsTYLX.exe
  2⤵
  PID:1840
- C:\Windows\System\jEoKnOK.exe
  C:\Windows\System\jEoKnOK.exe
  2⤵
  PID:832
- C:\Windows\System\ITgIzwR.exe
  C:\Windows\System\ITgIzwR.exe
  2⤵
  PID:2300
- C:\Windows\System\ijvYrhe.exe
  C:\Windows\System\ijvYrhe.exe
  2⤵
  PID:3524
- C:\Windows\System\MfDFFRj.exe
  C:\Windows\System\MfDFFRj.exe
  2⤵
  PID:3492
- C:\Windows\System\eUzfjAr.exe
  C:\Windows\System\eUzfjAr.exe
  2⤵
  PID:4184
- C:\Windows\System\KzskmDW.exe
  C:\Windows\System\KzskmDW.exe
  2⤵
  PID:2172
- C:\Windows\System\CYCiHpc.exe
  C:\Windows\System\CYCiHpc.exe
  2⤵
  PID:4208
- C:\Windows\System\EqYfhel.exe
  C:\Windows\System\EqYfhel.exe
  2⤵
  PID:4304
- C:\Windows\System\ftjkDCe.exe
  C:\Windows\System\ftjkDCe.exe
  2⤵
  PID:4388
- C:\Windows\System\uFNowwK.exe
  C:\Windows\System\uFNowwK.exe
  2⤵
  PID:4432
- C:\Windows\System\HyigdFd.exe
  C:\Windows\System\HyigdFd.exe
  2⤵
  PID:4452
- C:\Windows\System\NzHNjPf.exe
  C:\Windows\System\NzHNjPf.exe
  2⤵
  PID:4528
- C:\Windows\System\tCXbqte.exe
  C:\Windows\System\tCXbqte.exe
  2⤵
  PID:4568
- C:\Windows\System\cfsWQfO.exe
  C:\Windows\System\cfsWQfO.exe
  2⤵
  PID:4668
- C:\Windows\System\wetMTXW.exe
  C:\Windows\System\wetMTXW.exe
  2⤵
  PID:4712
- C:\Windows\System\mOizoyg.exe
  C:\Windows\System\mOizoyg.exe
  2⤵
  PID:4796
- C:\Windows\System\rSbIHtt.exe
  C:\Windows\System\rSbIHtt.exe
  2⤵
  PID:4772
- C:\Windows\System\gyMcmmj.exe
  C:\Windows\System\gyMcmmj.exe
  2⤵
  PID:4832
- C:\Windows\System\AhGDxGs.exe
  C:\Windows\System\AhGDxGs.exe
  2⤵
  PID:4896
- C:\Windows\System\ByPDtXm.exe
  C:\Windows\System\ByPDtXm.exe
  2⤵
  PID:4976
- C:\Windows\System\KjZzhVD.exe
  C:\Windows\System\KjZzhVD.exe
  2⤵
  PID:5072
- C:\Windows\System\CFCdYAz.exe
  C:\Windows\System\CFCdYAz.exe
  2⤵
  PID:5112
- C:\Windows\System\ehKPFdL.exe
  C:\Windows\System\ehKPFdL.exe
  2⤵
  PID:3724
- C:\Windows\System\uaxsQot.exe
  C:\Windows\System\uaxsQot.exe
  2⤵
  PID:3868
- C:\Windows\System\nzxqKHx.exe
  C:\Windows\System\nzxqKHx.exe
  2⤵
  PID:1796
- C:\Windows\System\MEcJcNK.exe
  C:\Windows\System\MEcJcNK.exe
  2⤵
  PID:4104
- C:\Windows\System\xXADaUn.exe
  C:\Windows\System\xXADaUn.exe
  2⤵
  PID:4144
- C:\Windows\System\XkxqwHa.exe
  C:\Windows\System\XkxqwHa.exe
  2⤵
  PID:4264
- C:\Windows\System\jszgJyv.exe
  C:\Windows\System\jszgJyv.exe
  2⤵
  PID:4284
- C:\Windows\System\KAdFiIA.exe
  C:\Windows\System\KAdFiIA.exe
  2⤵
  PID:4252
- C:\Windows\System\CvXpwBq.exe
  C:\Windows\System\CvXpwBq.exe
  2⤵
  PID:4468
- C:\Windows\System\DAVjFeP.exe
  C:\Windows\System\DAVjFeP.exe
  2⤵
  PID:4556
- C:\Windows\System\OfxFhKL.exe
  C:\Windows\System\OfxFhKL.exe
  2⤵
  PID:4692
- C:\Windows\System\iLxjdNj.exe
  C:\Windows\System\iLxjdNj.exe
  2⤵
  PID:5128
- C:\Windows\System\qmTEmuR.exe
  C:\Windows\System\qmTEmuR.exe
  2⤵
  PID:5148
- C:\Windows\System\rSKCUlU.exe
  C:\Windows\System\rSKCUlU.exe
  2⤵
  PID:5168
- C:\Windows\System\IwExpsO.exe
  C:\Windows\System\IwExpsO.exe
  2⤵
  PID:5188
- C:\Windows\System\vCcwdSB.exe
  C:\Windows\System\vCcwdSB.exe
  2⤵
  PID:5208
- C:\Windows\System\tkDAIoE.exe
  C:\Windows\System\tkDAIoE.exe
  2⤵
  PID:5228
- C:\Windows\System\YTUTzBg.exe
  C:\Windows\System\YTUTzBg.exe
  2⤵
  PID:5248
- C:\Windows\System\anbxODk.exe
  C:\Windows\System\anbxODk.exe
  2⤵
  PID:5268
- C:\Windows\System\nizvKHt.exe
  C:\Windows\System\nizvKHt.exe
  2⤵
  PID:5288
- C:\Windows\System\gDeurHq.exe
  C:\Windows\System\gDeurHq.exe
  2⤵
  PID:5308
- C:\Windows\System\ebgbTQt.exe
  C:\Windows\System\ebgbTQt.exe
  2⤵
  PID:5328
- C:\Windows\System\dhOJGZh.exe
  C:\Windows\System\dhOJGZh.exe
  2⤵
  PID:5348
- C:\Windows\System\QPMATvI.exe
  C:\Windows\System\QPMATvI.exe
  2⤵
  PID:5368
- C:\Windows\System\MSQBojc.exe
  C:\Windows\System\MSQBojc.exe
  2⤵
  PID:5388
- C:\Windows\System\ioRbYFg.exe
  C:\Windows\System\ioRbYFg.exe
  2⤵
  PID:5408
- C:\Windows\System\IbueSgJ.exe
  C:\Windows\System\IbueSgJ.exe
  2⤵
  PID:5428
- C:\Windows\System\pVeCzMm.exe
  C:\Windows\System\pVeCzMm.exe
  2⤵
  PID:5448
- C:\Windows\System\DoktqEy.exe
  C:\Windows\System\DoktqEy.exe
  2⤵
  PID:5464
- C:\Windows\System\BRwUTNJ.exe
  C:\Windows\System\BRwUTNJ.exe
  2⤵
  PID:5488
- C:\Windows\System\nDJeBMP.exe
  C:\Windows\System\nDJeBMP.exe
  2⤵
  PID:5508
- C:\Windows\System\SkeYkuU.exe
  C:\Windows\System\SkeYkuU.exe
  2⤵
  PID:5528
- C:\Windows\System\sNPmozI.exe
  C:\Windows\System\sNPmozI.exe
  2⤵
  PID:5548
- C:\Windows\System\wxqNUUK.exe
  C:\Windows\System\wxqNUUK.exe
  2⤵
  PID:5568
- C:\Windows\System\CxrqcHi.exe
  C:\Windows\System\CxrqcHi.exe
  2⤵
  PID:5592
- C:\Windows\System\mjoHeRk.exe
  C:\Windows\System\mjoHeRk.exe
  2⤵
  PID:5612
- C:\Windows\System\pKuGmKI.exe
  C:\Windows\System\pKuGmKI.exe
  2⤵
  PID:5632
- C:\Windows\System\dmkrfML.exe
  C:\Windows\System\dmkrfML.exe
  2⤵
  PID:5652
- C:\Windows\System\CFRBvOC.exe
  C:\Windows\System\CFRBvOC.exe
  2⤵
  PID:5672
- C:\Windows\System\DSSrZvc.exe
  C:\Windows\System\DSSrZvc.exe
  2⤵
  PID:5692
- C:\Windows\System\DXAPaQE.exe
  C:\Windows\System\DXAPaQE.exe
  2⤵
  PID:5712
- C:\Windows\System\QhrSZij.exe
  C:\Windows\System\QhrSZij.exe
  2⤵
  PID:5732
- C:\Windows\System\RDBNNHR.exe
  C:\Windows\System\RDBNNHR.exe
  2⤵
  PID:5752
- C:\Windows\System\tsuInbD.exe
  C:\Windows\System\tsuInbD.exe
  2⤵
  PID:5772
- C:\Windows\System\FJoGjsT.exe
  C:\Windows\System\FJoGjsT.exe
  2⤵
  PID:5792
- C:\Windows\System\kryRmea.exe
  C:\Windows\System\kryRmea.exe
  2⤵
  PID:5812
- C:\Windows\System\OfPuiEP.exe
  C:\Windows\System\OfPuiEP.exe
  2⤵
  PID:5832
- C:\Windows\System\jkjQtdK.exe
  C:\Windows\System\jkjQtdK.exe
  2⤵
  PID:5852
- C:\Windows\System\LuIxWdv.exe
  C:\Windows\System\LuIxWdv.exe
  2⤵
  PID:5872
- C:\Windows\System\Wuzhtjg.exe
  C:\Windows\System\Wuzhtjg.exe
  2⤵
  PID:5892
- C:\Windows\System\LUvXSct.exe
  C:\Windows\System\LUvXSct.exe
  2⤵
  PID:5908
- C:\Windows\System\lCEPHOG.exe
  C:\Windows\System\lCEPHOG.exe
  2⤵
  PID:5932
- C:\Windows\System\oZYSfCD.exe
  C:\Windows\System\oZYSfCD.exe
  2⤵
  PID:5952
- C:\Windows\System\OXKYHSO.exe
  C:\Windows\System\OXKYHSO.exe
  2⤵
  PID:5972
- C:\Windows\System\OHSmswA.exe
  C:\Windows\System\OHSmswA.exe
  2⤵
  PID:5988
- C:\Windows\System\dlLdGBM.exe
  C:\Windows\System\dlLdGBM.exe
  2⤵
  PID:6012
- C:\Windows\System\HQYyjpz.exe
  C:\Windows\System\HQYyjpz.exe
  2⤵
  PID:6028
- C:\Windows\System\QsLIgPO.exe
  C:\Windows\System\QsLIgPO.exe
  2⤵
  PID:6052
- C:\Windows\System\kmZoOCf.exe
  C:\Windows\System\kmZoOCf.exe
  2⤵
  PID:6072
- C:\Windows\System\dCNQttl.exe
  C:\Windows\System\dCNQttl.exe
  2⤵
  PID:6092
- C:\Windows\System\bkSWzVi.exe
  C:\Windows\System\bkSWzVi.exe
  2⤵
  PID:6112
- C:\Windows\System\QLXNalc.exe
  C:\Windows\System\QLXNalc.exe
  2⤵
  PID:6132
- C:\Windows\System\pUGGJQT.exe
  C:\Windows\System\pUGGJQT.exe
  2⤵
  PID:4856
- C:\Windows\System\JcYNKVJ.exe
  C:\Windows\System\JcYNKVJ.exe
  2⤵
  PID:4752
- C:\Windows\System\LpulSYC.exe
  C:\Windows\System\LpulSYC.exe
  2⤵
  PID:4928
- C:\Windows\System\RcATdMD.exe
  C:\Windows\System\RcATdMD.exe
  2⤵
  PID:4972
- C:\Windows\System\lZdBRsO.exe
  C:\Windows\System\lZdBRsO.exe
  2⤵
  PID:5100
- C:\Windows\System\iIZoIiO.exe
  C:\Windows\System\iIZoIiO.exe
  2⤵
  PID:4148
- C:\Windows\System\PLpIfDz.exe
  C:\Windows\System\PLpIfDz.exe
  2⤵
  PID:872
- C:\Windows\System\DDxRNZh.exe
  C:\Windows\System\DDxRNZh.exe
  2⤵
  PID:3288
- C:\Windows\System\yerOsjY.exe
  C:\Windows\System\yerOsjY.exe
  2⤵
  PID:4348
- C:\Windows\System\HAfFCHn.exe
  C:\Windows\System\HAfFCHn.exe
  2⤵
  PID:4572
- C:\Windows\System\ZMlzjUk.exe
  C:\Windows\System\ZMlzjUk.exe
  2⤵
  PID:4728
- C:\Windows\System\QiHNvHQ.exe
  C:\Windows\System\QiHNvHQ.exe
  2⤵
  PID:5164
- C:\Windows\System\QEKEQJH.exe
  C:\Windows\System\QEKEQJH.exe
  2⤵
  PID:5184
- C:\Windows\System\VMaeZuo.exe
  C:\Windows\System\VMaeZuo.exe
  2⤵
  PID:5236
- C:\Windows\System\fgbwtZl.exe
  C:\Windows\System\fgbwtZl.exe
  2⤵
  PID:5264
- C:\Windows\System\uvhlwTG.exe
  C:\Windows\System\uvhlwTG.exe
  2⤵
  PID:5296
- C:\Windows\System\cpFdBrx.exe
  C:\Windows\System\cpFdBrx.exe
  2⤵
  PID:5320
- C:\Windows\System\cljAoze.exe
  C:\Windows\System\cljAoze.exe
  2⤵
  PID:5364
- C:\Windows\System\XRqMlwi.exe
  C:\Windows\System\XRqMlwi.exe
  2⤵
  PID:5380
- C:\Windows\System\QGiLqaO.exe
  C:\Windows\System\QGiLqaO.exe
  2⤵
  PID:5420
- C:\Windows\System\XpwCTZV.exe
  C:\Windows\System\XpwCTZV.exe
  2⤵
  PID:5476
- C:\Windows\System\blsjeJT.exe
  C:\Windows\System\blsjeJT.exe
  2⤵
  PID:5496
- C:\Windows\System\RfwARmV.exe
  C:\Windows\System\RfwARmV.exe
  2⤵
  PID:5504
- C:\Windows\System\TNIfceC.exe
  C:\Windows\System\TNIfceC.exe
  2⤵
  PID:5544
- C:\Windows\System\ZWgbUaH.exe
  C:\Windows\System\ZWgbUaH.exe
  2⤵
  PID:5608
- C:\Windows\System\bBWwzlV.exe
  C:\Windows\System\bBWwzlV.exe
  2⤵
  PID:5620
- C:\Windows\System\lkyOEOR.exe
  C:\Windows\System\lkyOEOR.exe
  2⤵
  PID:5660
- C:\Windows\System\QjKoVoL.exe
  C:\Windows\System\QjKoVoL.exe
  2⤵
  PID:5720
- C:\Windows\System\BgsCevQ.exe
  C:\Windows\System\BgsCevQ.exe
  2⤵
  PID:5704
- C:\Windows\System\chFduoQ.exe
  C:\Windows\System\chFduoQ.exe
  2⤵
  PID:5748
- C:\Windows\System\PaOGzMX.exe
  C:\Windows\System\PaOGzMX.exe
  2⤵
  PID:5780
- C:\Windows\System\KHjZAMH.exe
  C:\Windows\System\KHjZAMH.exe
  2⤵
  PID:5820
- C:\Windows\System\WuAlyBu.exe
  C:\Windows\System\WuAlyBu.exe
  2⤵
  PID:5868
- C:\Windows\System\vgobSVe.exe
  C:\Windows\System\vgobSVe.exe
  2⤵
  PID:5916
- C:\Windows\System\VYglHxW.exe
  C:\Windows\System\VYglHxW.exe
  2⤵
  PID:5924
- C:\Windows\System\ZDQNroa.exe
  C:\Windows\System\ZDQNroa.exe
  2⤵
  PID:5944
- C:\Windows\System\dGpflwq.exe
  C:\Windows\System\dGpflwq.exe
  2⤵
  PID:5984
- C:\Windows\System\VBSyHpq.exe
  C:\Windows\System\VBSyHpq.exe
  2⤵
  PID:6040
- C:\Windows\System\DrnDsnU.exe
  C:\Windows\System\DrnDsnU.exe
  2⤵
  PID:6068
- C:\Windows\System\VbhyWZE.exe
  C:\Windows\System\VbhyWZE.exe
  2⤵
  PID:6120
- C:\Windows\System\zjchpFH.exe
  C:\Windows\System\zjchpFH.exe
  2⤵
  PID:4916
- C:\Windows\System\CthdzvZ.exe
  C:\Windows\System\CthdzvZ.exe
  2⤵
  PID:4952
- C:\Windows\System\FgtcYAa.exe
  C:\Windows\System\FgtcYAa.exe
  2⤵
  PID:4908
- C:\Windows\System\NkJrbpW.exe
  C:\Windows\System\NkJrbpW.exe
  2⤵
  PID:4140
- C:\Windows\System\jWGVMpR.exe
  C:\Windows\System\jWGVMpR.exe
  2⤵
  PID:3168
- C:\Windows\System\CBSVPtM.exe
  C:\Windows\System\CBSVPtM.exe
  2⤵
  PID:4616
- C:\Windows\System\baKfsTy.exe
  C:\Windows\System\baKfsTy.exe
  2⤵
  PID:5124
- C:\Windows\System\GvfCldR.exe
  C:\Windows\System\GvfCldR.exe
  2⤵
  PID:4656
- C:\Windows\System\nPtMLqM.exe
  C:\Windows\System\nPtMLqM.exe
  2⤵
  PID:5196
- C:\Windows\System\nVSEYkQ.exe
  C:\Windows\System\nVSEYkQ.exe
  2⤵
  PID:5256
- C:\Windows\System\mgRKkMv.exe
  C:\Windows\System\mgRKkMv.exe
  2⤵
  PID:5304
- C:\Windows\System\HJHrvUB.exe
  C:\Windows\System\HJHrvUB.exe
  2⤵
  PID:5400
- C:\Windows\System\GubyGjl.exe
  C:\Windows\System\GubyGjl.exe
  2⤵
  PID:5480
- C:\Windows\System\VcqIEvS.exe
  C:\Windows\System\VcqIEvS.exe
  2⤵
  PID:5460
- C:\Windows\System\hCBkufv.exe
  C:\Windows\System\hCBkufv.exe
  2⤵
  PID:5500
- C:\Windows\System\bgOsCbx.exe
  C:\Windows\System\bgOsCbx.exe
  2⤵
  PID:5640
- C:\Windows\System\HTYomDC.exe
  C:\Windows\System\HTYomDC.exe
  2⤵
  PID:5680
- C:\Windows\System\NGjagXE.exe
  C:\Windows\System\NGjagXE.exe
  2⤵
  PID:5708
- C:\Windows\System\PbBVWSQ.exe
  C:\Windows\System\PbBVWSQ.exe
  2⤵
  PID:5800
- C:\Windows\System\aRRxyIq.exe
  C:\Windows\System\aRRxyIq.exe
  2⤵
  PID:5808
- C:\Windows\System\Mgrsunb.exe
  C:\Windows\System\Mgrsunb.exe
  2⤵
  PID:5880
- C:\Windows\System\zizSkHD.exe
  C:\Windows\System\zizSkHD.exe
  2⤵
  PID:5904
- C:\Windows\System\pNRliGl.exe
  C:\Windows\System\pNRliGl.exe
  2⤵
  PID:6048
- C:\Windows\System\UZFRvpC.exe
  C:\Windows\System\UZFRvpC.exe
  2⤵
  PID:6128
- C:\Windows\System\uWuzMNQ.exe
  C:\Windows\System\uWuzMNQ.exe
  2⤵
  PID:4756
- C:\Windows\System\SxmjUyw.exe
  C:\Windows\System\SxmjUyw.exe
  2⤵
  PID:6140
- C:\Windows\System\RKddeeK.exe
  C:\Windows\System\RKddeeK.exe
  2⤵
  PID:3704
- C:\Windows\System\YukxiEi.exe
  C:\Windows\System\YukxiEi.exe
  2⤵
  PID:4496
- C:\Windows\System\WZdYZWo.exe
  C:\Windows\System\WZdYZWo.exe
  2⤵
  PID:4248
- C:\Windows\System\lwMsPiS.exe
  C:\Windows\System\lwMsPiS.exe
  2⤵
  PID:5280
- C:\Windows\System\ZOtRFnE.exe
  C:\Windows\System\ZOtRFnE.exe
  2⤵
  PID:5316
- C:\Windows\System\AODoNpY.exe
  C:\Windows\System\AODoNpY.exe
  2⤵
  PID:5336
- C:\Windows\System\SkNiarR.exe
  C:\Windows\System\SkNiarR.exe
  2⤵
  PID:5416
- C:\Windows\System\jNhlefg.exe
  C:\Windows\System\jNhlefg.exe
  2⤵
  PID:5564
- C:\Windows\System\JZYvFMP.exe
  C:\Windows\System\JZYvFMP.exe
  2⤵
  PID:5588
- C:\Windows\System\NGifhUU.exe
  C:\Windows\System\NGifhUU.exe
  2⤵
  PID:6152
- C:\Windows\System\horLLVw.exe
  C:\Windows\System\horLLVw.exe
  2⤵
  PID:6172
- C:\Windows\System\xaRmdJK.exe
  C:\Windows\System\xaRmdJK.exe
  2⤵
  PID:6192
- C:\Windows\System\KIzXshL.exe
  C:\Windows\System\KIzXshL.exe
  2⤵
  PID:6212
- C:\Windows\System\XoZBXbB.exe
  C:\Windows\System\XoZBXbB.exe
  2⤵
  PID:6232
- C:\Windows\System\NHHHIZI.exe
  C:\Windows\System\NHHHIZI.exe
  2⤵
  PID:6252
- C:\Windows\System\QjacglJ.exe
  C:\Windows\System\QjacglJ.exe
  2⤵
  PID:6272
- C:\Windows\System\KGomtyr.exe
  C:\Windows\System\KGomtyr.exe
  2⤵
  PID:6292
- C:\Windows\System\ikYLCHm.exe
  C:\Windows\System\ikYLCHm.exe
  2⤵
  PID:6312
- C:\Windows\System\AyKDmgU.exe
  C:\Windows\System\AyKDmgU.exe
  2⤵
  PID:6332
- C:\Windows\System\TWDERSa.exe
  C:\Windows\System\TWDERSa.exe
  2⤵
  PID:6352
- C:\Windows\System\llhSpOS.exe
  C:\Windows\System\llhSpOS.exe
  2⤵
  PID:6372
- C:\Windows\System\JJdkEzD.exe
  C:\Windows\System\JJdkEzD.exe
  2⤵
  PID:6392
- C:\Windows\System\hXZThml.exe
  C:\Windows\System\hXZThml.exe
  2⤵
  PID:6412
- C:\Windows\System\AxcsEYt.exe
  C:\Windows\System\AxcsEYt.exe
  2⤵
  PID:6432
- C:\Windows\System\YbqQSBD.exe
  C:\Windows\System\YbqQSBD.exe
  2⤵
  PID:6452
- C:\Windows\System\thwhXbA.exe
  C:\Windows\System\thwhXbA.exe
  2⤵
  PID:6472
- C:\Windows\System\FrKiPXZ.exe
  C:\Windows\System\FrKiPXZ.exe
  2⤵
  PID:6492
- C:\Windows\System\opTysbn.exe
  C:\Windows\System\opTysbn.exe
  2⤵
  PID:6512
- C:\Windows\System\jXoLpdK.exe
  C:\Windows\System\jXoLpdK.exe
  2⤵
  PID:6532
- C:\Windows\System\pdQkECJ.exe
  C:\Windows\System\pdQkECJ.exe
  2⤵
  PID:6552
- C:\Windows\System\jOMrrut.exe
  C:\Windows\System\jOMrrut.exe
  2⤵
  PID:6572
- C:\Windows\System\oXXalkv.exe
  C:\Windows\System\oXXalkv.exe
  2⤵
  PID:6592
- C:\Windows\System\sPXOFCr.exe
  C:\Windows\System\sPXOFCr.exe
  2⤵
  PID:6616
- C:\Windows\System\iQqlDMN.exe
  C:\Windows\System\iQqlDMN.exe
  2⤵
  PID:6636
- C:\Windows\System\rGrgEmE.exe
  C:\Windows\System\rGrgEmE.exe
  2⤵
  PID:6656
- C:\Windows\System\kHSTwkp.exe
  C:\Windows\System\kHSTwkp.exe
  2⤵
  PID:6676
- C:\Windows\System\kbkXflX.exe
  C:\Windows\System\kbkXflX.exe
  2⤵
  PID:6696
- C:\Windows\System\GwQHIFN.exe
  C:\Windows\System\GwQHIFN.exe
  2⤵
  PID:6716
- C:\Windows\System\yhWTraw.exe
  C:\Windows\System\yhWTraw.exe
  2⤵
  PID:6736
- C:\Windows\System\HKhCenp.exe
  C:\Windows\System\HKhCenp.exe
  2⤵
  PID:6756
- C:\Windows\System\HyvXeSl.exe
  C:\Windows\System\HyvXeSl.exe
  2⤵
  PID:6776
- C:\Windows\System\JNIpyIu.exe
  C:\Windows\System\JNIpyIu.exe
  2⤵
  PID:6796
- C:\Windows\System\XXPTozE.exe
  C:\Windows\System\XXPTozE.exe
  2⤵
  PID:6816
- C:\Windows\System\VvowaOu.exe
  C:\Windows\System\VvowaOu.exe
  2⤵
  PID:6836
- C:\Windows\System\IGkHSzv.exe
  C:\Windows\System\IGkHSzv.exe
  2⤵
  PID:6856
- C:\Windows\System\hlLBwWk.exe
  C:\Windows\System\hlLBwWk.exe
  2⤵
  PID:6876
- C:\Windows\System\tnhGrvd.exe
  C:\Windows\System\tnhGrvd.exe
  2⤵
  PID:6896
- C:\Windows\System\zDWglAk.exe
  C:\Windows\System\zDWglAk.exe
  2⤵
  PID:6916
- C:\Windows\System\dkIECiD.exe
  C:\Windows\System\dkIECiD.exe
  2⤵
  PID:6936
- C:\Windows\System\rqjNhVc.exe
  C:\Windows\System\rqjNhVc.exe
  2⤵
  PID:6956
- C:\Windows\System\IqPwrOT.exe
  C:\Windows\System\IqPwrOT.exe
  2⤵
  PID:6976
- C:\Windows\System\yPOOpHW.exe
  C:\Windows\System\yPOOpHW.exe
  2⤵
  PID:6996
- C:\Windows\System\BtzqOVu.exe
  C:\Windows\System\BtzqOVu.exe
  2⤵
  PID:7016
- C:\Windows\System\OiVSHog.exe
  C:\Windows\System\OiVSHog.exe
  2⤵
  PID:7036
- C:\Windows\System\KZYaWfE.exe
  C:\Windows\System\KZYaWfE.exe
  2⤵
  PID:7056
- C:\Windows\System\gqLEbGf.exe
  C:\Windows\System\gqLEbGf.exe
  2⤵
  PID:7076
- C:\Windows\System\IKtiMqh.exe
  C:\Windows\System\IKtiMqh.exe
  2⤵
  PID:7096
- C:\Windows\System\zsPlsmM.exe
  C:\Windows\System\zsPlsmM.exe
  2⤵
  PID:7116
- C:\Windows\System\XZxIsSt.exe
  C:\Windows\System\XZxIsSt.exe
  2⤵
  PID:7136
- C:\Windows\System\eLYpKLS.exe
  C:\Windows\System\eLYpKLS.exe
  2⤵
  PID:7156
- C:\Windows\System\petUXqf.exe
  C:\Windows\System\petUXqf.exe
  2⤵
  PID:5724
- C:\Windows\System\xzhGGpY.exe
  C:\Windows\System\xzhGGpY.exe
  2⤵
  PID:5948
- C:\Windows\System\XgHpyJV.exe
  C:\Windows\System\XgHpyJV.exe
  2⤵
  PID:6008
- C:\Windows\System\GilOsoa.exe
  C:\Windows\System\GilOsoa.exe
  2⤵
  PID:6044
- C:\Windows\System\ErhXGqG.exe
  C:\Windows\System\ErhXGqG.exe
  2⤵
  PID:6104
- C:\Windows\System\aJomdFj.exe
  C:\Windows\System\aJomdFj.exe
  2⤵
  PID:3932
- C:\Windows\System\akVKihx.exe
  C:\Windows\System\akVKihx.exe
  2⤵
  PID:5136
- C:\Windows\System\mgJpawS.exe
  C:\Windows\System\mgJpawS.exe
  2⤵
  PID:5220
- C:\Windows\System\lraZBzI.exe
  C:\Windows\System\lraZBzI.exe
  2⤵
  PID:5440
- C:\Windows\System\pSnhdUP.exe
  C:\Windows\System\pSnhdUP.exe
  2⤵
  PID:5604
- C:\Windows\System\DqOPcmK.exe
  C:\Windows\System\DqOPcmK.exe
  2⤵
  PID:5684
- C:\Windows\System\CyHYEXq.exe
  C:\Windows\System\CyHYEXq.exe
  2⤵
  PID:6168
- C:\Windows\System\PLeMeEt.exe
  C:\Windows\System\PLeMeEt.exe
  2⤵
  PID:6204
- C:\Windows\System\gNFMhWt.exe
  C:\Windows\System\gNFMhWt.exe
  2⤵
  PID:6248
- C:\Windows\System\FulSUZg.exe
  C:\Windows\System\FulSUZg.exe
  2⤵
  PID:6280
- C:\Windows\System\ekWbfrb.exe
  C:\Windows\System\ekWbfrb.exe
  2⤵
  PID:6304
- C:\Windows\System\FjTNtNv.exe
  C:\Windows\System\FjTNtNv.exe
  2⤵
  PID:6328
- C:\Windows\System\oKkjBqc.exe
  C:\Windows\System\oKkjBqc.exe
  2⤵
  PID:6388
- C:\Windows\System\kCwKquT.exe
  C:\Windows\System\kCwKquT.exe
  2⤵
  PID:6420
- C:\Windows\System\DrFIpfG.exe
  C:\Windows\System\DrFIpfG.exe
  2⤵
  PID:6460
- C:\Windows\System\DrIhMXF.exe
  C:\Windows\System\DrIhMXF.exe
  2⤵
  PID:6480
- C:\Windows\System\wNuGIdk.exe
  C:\Windows\System\wNuGIdk.exe
  2⤵
  PID:6504
- C:\Windows\System\fuELKEG.exe
  C:\Windows\System\fuELKEG.exe
  2⤵
  PID:6524
- C:\Windows\System\UTfkPZY.exe
  C:\Windows\System\UTfkPZY.exe
  2⤵
  PID:6564
- C:\Windows\System\cGbLNuy.exe
  C:\Windows\System\cGbLNuy.exe
  2⤵
  PID:6604
- C:\Windows\System\YtJCDeo.exe
  C:\Windows\System\YtJCDeo.exe
  2⤵
  PID:6652
- C:\Windows\System\vZkVNAr.exe
  C:\Windows\System\vZkVNAr.exe
  2⤵
  PID:6684
- C:\Windows\System\JxKnirG.exe
  C:\Windows\System\JxKnirG.exe
  2⤵
  PID:6708
- C:\Windows\System\MiUTkqc.exe
  C:\Windows\System\MiUTkqc.exe
  2⤵
  PID:6752
- C:\Windows\System\WuuFWjH.exe
  C:\Windows\System\WuuFWjH.exe
  2⤵
  PID:6784
- C:\Windows\System\ENMihTc.exe
  C:\Windows\System\ENMihTc.exe
  2⤵
  PID:6808
- C:\Windows\System\unvwpNV.exe
  C:\Windows\System\unvwpNV.exe
  2⤵
  PID:6852
- C:\Windows\System\Riesgie.exe
  C:\Windows\System\Riesgie.exe
  2⤵
  PID:6884
- C:\Windows\System\oEngvuf.exe
  C:\Windows\System\oEngvuf.exe
  2⤵
  PID:6908
- C:\Windows\System\tzbyTVQ.exe
  C:\Windows\System\tzbyTVQ.exe
  2⤵
  PID:6948
- C:\Windows\System\MFpwSUS.exe
  C:\Windows\System\MFpwSUS.exe
  2⤵
  PID:6968
- C:\Windows\System\EatoqiV.exe
  C:\Windows\System\EatoqiV.exe
  2⤵
  PID:7024
- C:\Windows\System\VToAtRh.exe
  C:\Windows\System\VToAtRh.exe
  2⤵
  PID:7064
- C:\Windows\System\VwVoYFA.exe
  C:\Windows\System\VwVoYFA.exe
  2⤵
  PID:7092
- C:\Windows\System\dHgagmn.exe
  C:\Windows\System\dHgagmn.exe
  2⤵
  PID:7124
- C:\Windows\System\EGYLTQA.exe
  C:\Windows\System\EGYLTQA.exe
  2⤵
  PID:7128
- C:\Windows\System\BXpxNDm.exe
  C:\Windows\System\BXpxNDm.exe
  2⤵
  PID:5888
- C:\Windows\System\SIhzwyW.exe
  C:\Windows\System\SIhzwyW.exe
  2⤵
  PID:5860
- C:\Windows\System\YaeDDzb.exe
  C:\Windows\System\YaeDDzb.exe
  2⤵
  PID:6108
- C:\Windows\System\DRoKimP.exe
  C:\Windows\System\DRoKimP.exe
  2⤵
  PID:5176
- C:\Windows\System\cNzmmBp.exe
  C:\Windows\System\cNzmmBp.exe
  2⤵
  PID:5284
- C:\Windows\System\bXoKiRs.exe
  C:\Windows\System\bXoKiRs.exe
  2⤵
  PID:6188
- C:\Windows\System\NZkggFn.exe
  C:\Windows\System\NZkggFn.exe
  2⤵
  PID:6184
- C:\Windows\System\sYagyvz.exe
  C:\Windows\System\sYagyvz.exe
  2⤵
  PID:6284
- C:\Windows\System\kbECiyr.exe
  C:\Windows\System\kbECiyr.exe
  2⤵
  PID:6264
- C:\Windows\System\wcfXnre.exe
  C:\Windows\System\wcfXnre.exe
  2⤵
  PID:6348
- C:\Windows\System\SdZziNu.exe
  C:\Windows\System\SdZziNu.exe
  2⤵
  PID:6408
- C:\Windows\System\uMQsviK.exe
  C:\Windows\System\uMQsviK.exe
  2⤵
  PID:6400
- C:\Windows\System\SGzmNHt.exe
  C:\Windows\System\SGzmNHt.exe
  2⤵
  PID:6464
- C:\Windows\System\dRPeleE.exe
  C:\Windows\System\dRPeleE.exe
  2⤵
  PID:6580
- C:\Windows\System\cqwaMGP.exe
  C:\Windows\System\cqwaMGP.exe
  2⤵
  PID:6632
- C:\Windows\System\zPpHjsC.exe
  C:\Windows\System\zPpHjsC.exe
  2⤵
  PID:6644
- C:\Windows\System\JgJBAic.exe
  C:\Windows\System\JgJBAic.exe
  2⤵
  PID:6664
- C:\Windows\System\WfmOmva.exe
  C:\Windows\System\WfmOmva.exe
  2⤵
  PID:6732
- C:\Windows\System\XJURQaD.exe
  C:\Windows\System\XJURQaD.exe
  2⤵
  PID:6844
- C:\Windows\System\KRugisf.exe
  C:\Windows\System\KRugisf.exe
  2⤵
  PID:6864
- C:\Windows\System\CGVFUAc.exe
  C:\Windows\System\CGVFUAc.exe
  2⤵
  PID:7084
- C:\Windows\System\mgULioR.exe
  C:\Windows\System\mgULioR.exe
  2⤵
  PID:7148
- C:\Windows\System\lNXmbWF.exe
  C:\Windows\System\lNXmbWF.exe
  2⤵
  PID:6912
- C:\Windows\System\pUFKsgH.exe
  C:\Windows\System\pUFKsgH.exe
  2⤵
  PID:6992
- C:\Windows\System\rOzBVSu.exe
  C:\Windows\System\rOzBVSu.exe
  2⤵
  PID:7108
- C:\Windows\System\qLzpQnG.exe
  C:\Windows\System\qLzpQnG.exe
  2⤵
  PID:6952
- C:\Windows\System\mBfkhGG.exe
  C:\Windows\System\mBfkhGG.exe
  2⤵
  PID:5928
- C:\Windows\System\YtTSEtB.exe
  C:\Windows\System\YtTSEtB.exe
  2⤵
  PID:5340
- C:\Windows\System\LIszluP.exe
  C:\Windows\System\LIszluP.exe
  2⤵
  PID:6180
- C:\Windows\System\FFlMBoV.exe
  C:\Windows\System\FFlMBoV.exe
  2⤵
  PID:6384
- C:\Windows\System\TOolHhP.exe
  C:\Windows\System\TOolHhP.exe
  2⤵
  PID:2544
- C:\Windows\System\lDXVVAy.exe
  C:\Windows\System\lDXVVAy.exe
  2⤵
  PID:6688
- C:\Windows\System\AmBMoxr.exe
  C:\Windows\System\AmBMoxr.exe
  2⤵
  PID:6788
- C:\Windows\System\aaMdYPr.exe
  C:\Windows\System\aaMdYPr.exe
  2⤵
  PID:1580
- C:\Windows\System\MFtzfAX.exe
  C:\Windows\System\MFtzfAX.exe
  2⤵
  PID:7004
- C:\Windows\System\pWKDmyc.exe
  C:\Windows\System\pWKDmyc.exe
  2⤵
  PID:7176
- C:\Windows\System\HCDBWxp.exe
  C:\Windows\System\HCDBWxp.exe
  2⤵
  PID:7196
- C:\Windows\System\krWQuCR.exe
  C:\Windows\System\krWQuCR.exe
  2⤵
  PID:7216
- C:\Windows\System\sXKnhIt.exe
  C:\Windows\System\sXKnhIt.exe
  2⤵
  PID:7236
- C:\Windows\System\aQHPHhm.exe
  C:\Windows\System\aQHPHhm.exe
  2⤵
  PID:7256
- C:\Windows\System\aIFCanT.exe
  C:\Windows\System\aIFCanT.exe
  2⤵
  PID:7276
- C:\Windows\System\wBwPjtm.exe
  C:\Windows\System\wBwPjtm.exe
  2⤵
  PID:7296
- C:\Windows\System\WhNTgNV.exe
  C:\Windows\System\WhNTgNV.exe
  2⤵
  PID:7316
- C:\Windows\System\wtyyeqH.exe
  C:\Windows\System\wtyyeqH.exe
  2⤵
  PID:7340
- C:\Windows\System\dEYJqUw.exe
  C:\Windows\System\dEYJqUw.exe
  2⤵
  PID:7360
- C:\Windows\System\OUjrGYS.exe
  C:\Windows\System\OUjrGYS.exe
  2⤵
  PID:7380
- C:\Windows\System\rQewYSm.exe
  C:\Windows\System\rQewYSm.exe
  2⤵
  PID:7404
- C:\Windows\System\SCJwLrn.exe
  C:\Windows\System\SCJwLrn.exe
  2⤵
  PID:7424
- C:\Windows\System\RliPuoW.exe
  C:\Windows\System\RliPuoW.exe
  2⤵
  PID:7440
- C:\Windows\System\VLlsExJ.exe
  C:\Windows\System\VLlsExJ.exe
  2⤵
  PID:7464
- C:\Windows\System\ZKsphTp.exe
  C:\Windows\System\ZKsphTp.exe
  2⤵
  PID:7480
- C:\Windows\System\YmhYBVe.exe
  C:\Windows\System\YmhYBVe.exe
  2⤵
  PID:7500
- C:\Windows\System\VtoNmoE.exe
  C:\Windows\System\VtoNmoE.exe
  2⤵
  PID:7516
- C:\Windows\System\BGfJElJ.exe
  C:\Windows\System\BGfJElJ.exe
  2⤵
  PID:7540
- C:\Windows\System\MJJTihQ.exe
  C:\Windows\System\MJJTihQ.exe
  2⤵
  PID:7564
- C:\Windows\System\eIEAAkB.exe
  C:\Windows\System\eIEAAkB.exe
  2⤵
  PID:7580
- C:\Windows\System\Zvoexxx.exe
  C:\Windows\System\Zvoexxx.exe
  2⤵
  PID:7600
- C:\Windows\System\MMLSabT.exe
  C:\Windows\System\MMLSabT.exe
  2⤵
  PID:7620
- C:\Windows\System\bdUSzZD.exe
  C:\Windows\System\bdUSzZD.exe
  2⤵
  PID:7640
- C:\Windows\System\IjUleQf.exe
  C:\Windows\System\IjUleQf.exe
  2⤵
  PID:7664
- C:\Windows\System\YxmvjXU.exe
  C:\Windows\System\YxmvjXU.exe
  2⤵
  PID:7684
- C:\Windows\System\BFQQtVX.exe
  C:\Windows\System\BFQQtVX.exe
  2⤵
  PID:7768
- C:\Windows\System\vuxmPKF.exe
  C:\Windows\System\vuxmPKF.exe
  2⤵
  PID:7788
- C:\Windows\System\bbJXgfD.exe
  C:\Windows\System\bbJXgfD.exe
  2⤵
  PID:7808
- C:\Windows\System\QFklFzM.exe
  C:\Windows\System\QFklFzM.exe
  2⤵
  PID:7828
- C:\Windows\System\zAXhksH.exe
  C:\Windows\System\zAXhksH.exe
  2⤵
  PID:7848
- C:\Windows\System\DYWQokX.exe
  C:\Windows\System\DYWQokX.exe
  2⤵
  PID:7864
- C:\Windows\System\AkfoCii.exe
  C:\Windows\System\AkfoCii.exe
  2⤵
  PID:7888
- C:\Windows\System\CQaWsCx.exe
  C:\Windows\System\CQaWsCx.exe
  2⤵
  PID:7908
- C:\Windows\System\FNWYMRH.exe
  C:\Windows\System\FNWYMRH.exe
  2⤵
  PID:7928
- C:\Windows\System\NEviNXB.exe
  C:\Windows\System\NEviNXB.exe
  2⤵
  PID:7944
- C:\Windows\System\TxAIKcE.exe
  C:\Windows\System\TxAIKcE.exe
  2⤵
  PID:7964
- C:\Windows\System\FtMErBK.exe
  C:\Windows\System\FtMErBK.exe
  2⤵
  PID:7980
- C:\Windows\System\cpfcayr.exe
  C:\Windows\System\cpfcayr.exe
  2⤵
  PID:8000
- C:\Windows\System\nxheJCj.exe
  C:\Windows\System\nxheJCj.exe
  2⤵
  PID:8016
- C:\Windows\System\UcPivdW.exe
  C:\Windows\System\UcPivdW.exe
  2⤵
  PID:8036
- C:\Windows\System\MMvLGOk.exe
  C:\Windows\System\MMvLGOk.exe
  2⤵
  PID:8056
- C:\Windows\System\ymvQtHH.exe
  C:\Windows\System\ymvQtHH.exe
  2⤵
  PID:8072
- C:\Windows\System\HWYbHvP.exe
  C:\Windows\System\HWYbHvP.exe
  2⤵
  PID:8088
- C:\Windows\System\lYvXiHI.exe
  C:\Windows\System\lYvXiHI.exe
  2⤵
  PID:8108
- C:\Windows\System\WLUaIIf.exe
  C:\Windows\System\WLUaIIf.exe
  2⤵
  PID:8128
- C:\Windows\System\AyecNJZ.exe
  C:\Windows\System\AyecNJZ.exe
  2⤵
  PID:8144
- C:\Windows\System\kGkFSXF.exe
  C:\Windows\System\kGkFSXF.exe
  2⤵
  PID:8160
- C:\Windows\System\umFIypV.exe
  C:\Windows\System\umFIypV.exe
  2⤵
  PID:8180
- C:\Windows\System\BrnIVrS.exe
  C:\Windows\System\BrnIVrS.exe
  2⤵
  PID:6508
- C:\Windows\System\jmiaiMD.exe
  C:\Windows\System\jmiaiMD.exe
  2⤵
  PID:7052
- C:\Windows\System\jnwETvL.exe
  C:\Windows\System\jnwETvL.exe
  2⤵
  PID:7188
- C:\Windows\System\oWSUTeN.exe
  C:\Windows\System\oWSUTeN.exe
  2⤵
  PID:7264
- C:\Windows\System\iyPOmro.exe
  C:\Windows\System\iyPOmro.exe
  2⤵
  PID:7308
- C:\Windows\System\dDcuQgP.exe
  C:\Windows\System\dDcuQgP.exe
  2⤵
  PID:7388
- C:\Windows\System\kryivmc.exe
  C:\Windows\System\kryivmc.exe
  2⤵
  PID:7436
- C:\Windows\System\BoEbSfN.exe
  C:\Windows\System\BoEbSfN.exe
  2⤵
  PID:7512
- C:\Windows\System\nRhsPgV.exe
  C:\Windows\System\nRhsPgV.exe
  2⤵
  PID:7560
- C:\Windows\System\XWVioIK.exe
  C:\Windows\System\XWVioIK.exe
  2⤵
  PID:4324
- C:\Windows\System\yIOeQxv.exe
  C:\Windows\System\yIOeQxv.exe
  2⤵
  PID:2268
- C:\Windows\System\LiwhHNO.exe
  C:\Windows\System\LiwhHNO.exe
  2⤵
  PID:7592
- C:\Windows\System\xPxtOhy.exe
  C:\Windows\System\xPxtOhy.exe
  2⤵
  PID:7632
- C:\Windows\System\ZCNCYal.exe
  C:\Windows\System\ZCNCYal.exe
  2⤵
  PID:7676
- C:\Windows\System\JnIdHFG.exe
  C:\Windows\System\JnIdHFG.exe
  2⤵
  PID:3024
- C:\Windows\System\lGcbqOy.exe
  C:\Windows\System\lGcbqOy.exe
  2⤵
  PID:7896
- C:\Windows\System\hvaCoAO.exe
  C:\Windows\System\hvaCoAO.exe
  2⤵
  PID:7940
- C:\Windows\System\KbEaRUJ.exe
  C:\Windows\System\KbEaRUJ.exe
  2⤵
  PID:8044
- C:\Windows\System\oKXTanr.exe
  C:\Windows\System\oKXTanr.exe
  2⤵
  PID:8084
- C:\Windows\System\vRXhqje.exe
  C:\Windows\System\vRXhqje.exe
  2⤵
  PID:8152
- C:\Windows\System\mHbjXje.exe
  C:\Windows\System\mHbjXje.exe
  2⤵
  PID:1816
- C:\Windows\System\xsdGPjZ.exe
  C:\Windows\System\xsdGPjZ.exe
  2⤵
  PID:1984
- C:\Windows\System\frsVflL.exe
  C:\Windows\System\frsVflL.exe
  2⤵
  PID:1444
- C:\Windows\System\nwOgMNN.exe
  C:\Windows\System\nwOgMNN.exe
  2⤵
  PID:7272
- C:\Windows\System\dKCsWvS.exe
  C:\Windows\System\dKCsWvS.exe
  2⤵
  PID:7392
- C:\Windows\System\MwxyshH.exe
  C:\Windows\System\MwxyshH.exe
  2⤵
  PID:7572
- C:\Windows\System\PqzzNvx.exe
  C:\Windows\System\PqzzNvx.exe
  2⤵
  PID:6300
- C:\Windows\System\owftetX.exe
  C:\Windows\System\owftetX.exe
  2⤵
  PID:7652
- C:\Windows\System\yCORbJH.exe
  C:\Windows\System\yCORbJH.exe
  2⤵
  PID:6528
- C:\Windows\System\ZPJEHUI.exe
  C:\Windows\System\ZPJEHUI.exe
  2⤵
  PID:7172
- C:\Windows\System\ALPoBUD.exe
  C:\Windows\System\ALPoBUD.exe
  2⤵
  PID:7636
- C:\Windows\System\ajfXVjk.exe
  C:\Windows\System\ajfXVjk.exe
  2⤵
  PID:7784
- C:\Windows\System\cTmoHqX.exe
  C:\Windows\System\cTmoHqX.exe
  2⤵
  PID:1536
- C:\Windows\System\PRSscOA.exe
  C:\Windows\System\PRSscOA.exe
  2⤵
  PID:7924
- C:\Windows\System\ETNpJwb.exe
  C:\Windows\System\ETNpJwb.exe
  2⤵
  PID:6544
- C:\Windows\System\zhazCSu.exe
  C:\Windows\System\zhazCSu.exe
  2⤵
  PID:2452
- C:\Windows\System\bDEBWHP.exe
  C:\Windows\System\bDEBWHP.exe
  2⤵
  PID:6812
- C:\Windows\System\pSeggcu.exe
  C:\Windows\System\pSeggcu.exe
  2⤵
  PID:1836
- C:\Windows\System\xcWMKTm.exe
  C:\Windows\System\xcWMKTm.exe
  2⤵
  PID:7068
- C:\Windows\System\eYqCNRN.exe
  C:\Windows\System\eYqCNRN.exe
  2⤵
  PID:7252
- C:\Windows\System\OVEGDFZ.exe
  C:\Windows\System\OVEGDFZ.exe
  2⤵
  PID:7324
- C:\Windows\System\dYmjvlj.exe
  C:\Windows\System\dYmjvlj.exe
  2⤵
  PID:1620
- C:\Windows\System\qrPYBlI.exe
  C:\Windows\System\qrPYBlI.exe
  2⤵
  PID:7416
- C:\Windows\System\VTmreXI.exe
  C:\Windows\System\VTmreXI.exe
  2⤵
  PID:7456
- C:\Windows\System\NxBexDJ.exe
  C:\Windows\System\NxBexDJ.exe
  2⤵
  PID:7532
- C:\Windows\System\lsXoLpQ.exe
  C:\Windows\System\lsXoLpQ.exe
  2⤵
  PID:7960
- C:\Windows\System\WtGYjKZ.exe
  C:\Windows\System\WtGYjKZ.exe
  2⤵
  PID:7952
- C:\Windows\System\jUkzFbN.exe
  C:\Windows\System\jUkzFbN.exe
  2⤵
  PID:8024
- C:\Windows\System\vKBHPPA.exe
  C:\Windows\System\vKBHPPA.exe
  2⤵
  PID:8140
- C:\Windows\System\rKLtMMs.exe
  C:\Windows\System\rKLtMMs.exe
  2⤵
  PID:6744
- C:\Windows\System\HwfCaIz.exe
  C:\Windows\System\HwfCaIz.exe
  2⤵
  PID:7356
- C:\Windows\System\egPDsCA.exe
  C:\Windows\System\egPDsCA.exe
  2⤵
  PID:2780
- C:\Windows\System\LwuoTah.exe
  C:\Windows\System\LwuoTah.exe
  2⤵
  PID:5560
- C:\Windows\System\qPFALvc.exe
  C:\Windows\System\qPFALvc.exe
  2⤵
  PID:2308
- C:\Windows\System\EbgxtvF.exe
  C:\Windows\System\EbgxtvF.exe
  2⤵
  PID:2748
- C:\Windows\System\vdZpaGW.exe
  C:\Windows\System\vdZpaGW.exe
  2⤵
  PID:2140
- C:\Windows\System\yBYUQtm.exe
  C:\Windows\System\yBYUQtm.exe
  2⤵
  PID:6380
- C:\Windows\System\RKsmdAs.exe
  C:\Windows\System\RKsmdAs.exe
  2⤵
  PID:7012
- C:\Windows\System\fWSyBWw.exe
  C:\Windows\System\fWSyBWw.exe
  2⤵
  PID:6240
- C:\Windows\System\yYZAhnl.exe
  C:\Windows\System\yYZAhnl.exe
  2⤵
  PID:6672
- C:\Windows\System\YTlVfEi.exe
  C:\Windows\System\YTlVfEi.exe
  2⤵
  PID:6424
- C:\Windows\System\iVBQjWH.exe
  C:\Windows\System\iVBQjWH.exe
  2⤵
  PID:7112
- C:\Windows\System\txUxoHC.exe
  C:\Windows\System\txUxoHC.exe
  2⤵
  PID:7780
- C:\Windows\System\affimVv.exe
  C:\Windows\System\affimVv.exe
  2⤵
  PID:6568
- C:\Windows\System\YadMXfu.exe
  C:\Windows\System\YadMXfu.exe
  2⤵
  PID:1308
- C:\Windows\System\QHVNHMk.exe
  C:\Windows\System\QHVNHMk.exe
  2⤵
  PID:7628
- C:\Windows\System\pZTtWwq.exe
  C:\Windows\System\pZTtWwq.exe
  2⤵
  PID:2464
- C:\Windows\System\quuiDBR.exe
  C:\Windows\System\quuiDBR.exe
  2⤵
  PID:2212
- C:\Windows\System\TXFcXCS.exe
  C:\Windows\System\TXFcXCS.exe
  2⤵
  PID:2848
- C:\Windows\System\qnstcgg.exe
  C:\Windows\System\qnstcgg.exe
  2⤵
  PID:2336
- C:\Windows\System\absnfRs.exe
  C:\Windows\System\absnfRs.exe
  2⤵
  PID:2088
- C:\Windows\System\nnymvPl.exe
  C:\Windows\System\nnymvPl.exe
  2⤵
  PID:7248
- C:\Windows\System\rVhwReV.exe
  C:\Windows\System\rVhwReV.exe
  2⤵
  PID:8100
- C:\Windows\System\YsuHVEl.exe
  C:\Windows\System\YsuHVEl.exe
  2⤵
  PID:7224
- C:\Windows\System\BmiMEnw.exe
  C:\Windows\System\BmiMEnw.exe
  2⤵
  PID:2892
- C:\Windows\System\xjdkqPk.exe
  C:\Windows\System\xjdkqPk.exe
  2⤵
  PID:7336
- C:\Windows\System\uZIjeka.exe
  C:\Windows\System\uZIjeka.exe
  2⤵
  PID:7752
- C:\Windows\System\SqggqJS.exe
  C:\Windows\System\SqggqJS.exe
  2⤵
  PID:7840
- C:\Windows\System\mjWYorv.exe
  C:\Windows\System\mjWYorv.exe
  2⤵
  PID:7008
- C:\Windows\System\uKghMdN.exe
  C:\Windows\System\uKghMdN.exe
  2⤵
  PID:1804
- C:\Windows\System\lZyOzsq.exe
  C:\Windows\System\lZyOzsq.exe
  2⤵
  PID:7764
- C:\Windows\System\wtBDdqv.exe
  C:\Windows\System\wtBDdqv.exe
  2⤵
  PID:2968
- C:\Windows\System\suzytVJ.exe
  C:\Windows\System\suzytVJ.exe
  2⤵
  PID:6468
- C:\Windows\System\TzXHyVx.exe
  C:\Windows\System\TzXHyVx.exe
  2⤵
  PID:2608
- C:\Windows\System\qOoqOai.exe
  C:\Windows\System\qOoqOai.exe
  2⤵
  PID:7476
- C:\Windows\System\vxMeirU.exe
  C:\Windows\System\vxMeirU.exe
  2⤵
  PID:7376
- C:\Windows\System\EekYohD.exe
  C:\Windows\System\EekYohD.exe
  2⤵
  PID:8080
- C:\Windows\System\yAgcgpj.exe
  C:\Windows\System\yAgcgpj.exe
  2⤵
  PID:2828
- C:\Windows\System\IWwuWOD.exe
  C:\Windows\System\IWwuWOD.exe
  2⤵
  PID:980
- C:\Windows\System\FcfqbLv.exe
  C:\Windows\System\FcfqbLv.exe
  2⤵
  PID:7528
- C:\Windows\System\sdnbIhE.exe
  C:\Windows\System\sdnbIhE.exe
  2⤵
  PID:7992
- C:\Windows\System\IpNFSPs.exe
  C:\Windows\System\IpNFSPs.exe
  2⤵
  PID:7836
- C:\Windows\System\pwIoIIx.exe
  C:\Windows\System\pwIoIIx.exe
  2⤵
  PID:7876
- C:\Windows\System\CCOLsaC.exe
  C:\Windows\System\CCOLsaC.exe
  2⤵
  PID:8032
- C:\Windows\System\mqRCHlL.exe
  C:\Windows\System\mqRCHlL.exe
  2⤵
  PID:8176
- C:\Windows\System\hcgcQIa.exe
  C:\Windows\System\hcgcQIa.exe
  2⤵
  PID:7048
- C:\Windows\System\BzEHiIg.exe
  C:\Windows\System\BzEHiIg.exe
  2⤵
  PID:852
- C:\Windows\System\TzsaGxS.exe
  C:\Windows\System\TzsaGxS.exe
  2⤵
  PID:8124
- C:\Windows\System\ZyHAAWu.exe
  C:\Windows\System\ZyHAAWu.exe
  2⤵
  PID:7492
- C:\Windows\System\rIxfUmW.exe
  C:\Windows\System\rIxfUmW.exe
  2⤵
  PID:7524
- C:\Windows\System\yQByeYp.exe
  C:\Windows\System\yQByeYp.exe
  2⤵
  PID:6868
- C:\Windows\System\qlnkFLx.exe
  C:\Windows\System\qlnkFLx.exe
  2⤵
  PID:2732
- C:\Windows\System\XGJtehb.exe
  C:\Windows\System\XGJtehb.exe
  2⤵
  PID:7996
- C:\Windows\System\FJiabIr.exe
  C:\Windows\System\FJiabIr.exe
  2⤵
  PID:7660
- C:\Windows\System\WQbggUU.exe
  C:\Windows\System\WQbggUU.exe
  2⤵
  PID:8188
- C:\Windows\System\sOUGuVR.exe
  C:\Windows\System\sOUGuVR.exe
  2⤵
  PID:7132
- C:\Windows\System\mnsjvTz.exe
  C:\Windows\System\mnsjvTz.exe
  2⤵
  PID:7204
- C:\Windows\System\fBoClTj.exe
  C:\Windows\System\fBoClTj.exe
  2⤵
  PID:5012
- C:\Windows\System\btBdXdv.exe
  C:\Windows\System\btBdXdv.exe
  2⤵
  PID:6764
- C:\Windows\System\IhhVRtG.exe
  C:\Windows\System\IhhVRtG.exe
  2⤵
  PID:2708
- C:\Windows\System\EtLcqZN.exe
  C:\Windows\System\EtLcqZN.exe
  2⤵
  PID:7988
- C:\Windows\System\uQocrIQ.exe
  C:\Windows\System\uQocrIQ.exe
  2⤵
  PID:7452
- C:\Windows\System\YCsPill.exe
  C:\Windows\System\YCsPill.exe
  2⤵
  PID:7552
- C:\Windows\System\sppvodL.exe
  C:\Windows\System\sppvodL.exe
  2⤵
  PID:1896
- C:\Windows\System\ewOjpTh.exe
  C:\Windows\System\ewOjpTh.exe
  2⤵
  PID:6360
- C:\Windows\System\vidXGMS.exe
  C:\Windows\System\vidXGMS.exe
  2⤵
  PID:7576
- C:\Windows\System\fwiNyzU.exe
  C:\Windows\System\fwiNyzU.exe
  2⤵
  PID:8204
- C:\Windows\System\oSeloft.exe
  C:\Windows\System\oSeloft.exe
  2⤵
  PID:8220
- C:\Windows\System\FIETeFq.exe
  C:\Windows\System\FIETeFq.exe
  2⤵
  PID:8240
- C:\Windows\System\sjICIOP.exe
  C:\Windows\System\sjICIOP.exe
  2⤵
  PID:8256
- C:\Windows\System\jREsrRl.exe
  C:\Windows\System\jREsrRl.exe
  2⤵
  PID:8272
- C:\Windows\System\EVcSTWj.exe
  C:\Windows\System\EVcSTWj.exe
  2⤵
  PID:8340
- C:\Windows\System\ZDizOcl.exe
  C:\Windows\System\ZDizOcl.exe
  2⤵
  PID:8356
- C:\Windows\System\euzIKcY.exe
  C:\Windows\System\euzIKcY.exe
  2⤵
  PID:8372
- C:\Windows\System\vXEaiSe.exe
  C:\Windows\System\vXEaiSe.exe
  2⤵
  PID:8392
- C:\Windows\System\StVtUle.exe
  C:\Windows\System\StVtUle.exe
  2⤵
  PID:8408
- C:\Windows\System\IElZsVl.exe
  C:\Windows\System\IElZsVl.exe
  2⤵
  PID:8424
- C:\Windows\System\UIvBhfJ.exe
  C:\Windows\System\UIvBhfJ.exe
  2⤵
  PID:8460
- C:\Windows\System\FjbbGHN.exe
  C:\Windows\System\FjbbGHN.exe
  2⤵
  PID:8476
- C:\Windows\System\HSwnhoy.exe
  C:\Windows\System\HSwnhoy.exe
  2⤵
  PID:8492
- C:\Windows\System\IFQeUSR.exe
  C:\Windows\System\IFQeUSR.exe
  2⤵
  PID:8508
- C:\Windows\System\gdejMYf.exe
  C:\Windows\System\gdejMYf.exe
  2⤵
  PID:8524
- C:\Windows\System\IHagjAJ.exe
  C:\Windows\System\IHagjAJ.exe
  2⤵
  PID:8540
- C:\Windows\System\wAqainm.exe
  C:\Windows\System\wAqainm.exe
  2⤵
  PID:8604
- C:\Windows\System\riTYbeq.exe
  C:\Windows\System\riTYbeq.exe
  2⤵
  PID:8620
- C:\Windows\System\vDnGfeW.exe
  C:\Windows\System\vDnGfeW.exe
  2⤵
  PID:8636
- C:\Windows\System\BPtUQNb.exe
  C:\Windows\System\BPtUQNb.exe
  2⤵
  PID:8652
- C:\Windows\System\QOyQDdz.exe
  C:\Windows\System\QOyQDdz.exe
  2⤵
  PID:8672
- C:\Windows\System\WOHgaIp.exe
  C:\Windows\System\WOHgaIp.exe
  2⤵
  PID:8688
- C:\Windows\System\anqDOal.exe
  C:\Windows\System\anqDOal.exe
  2⤵
  PID:8704
- C:\Windows\System\ETojnNF.exe
  C:\Windows\System\ETojnNF.exe
  2⤵
  PID:8720
- C:\Windows\System\krlbYyA.exe
  C:\Windows\System\krlbYyA.exe
  2⤵
  PID:8736
- C:\Windows\System\ZWttKiH.exe
  C:\Windows\System\ZWttKiH.exe
  2⤵
  PID:8752
- C:\Windows\System\sfaZyHw.exe
  C:\Windows\System\sfaZyHw.exe
  2⤵
  PID:8768
- C:\Windows\System\mLxZwUg.exe
  C:\Windows\System\mLxZwUg.exe
  2⤵
  PID:8784
- C:\Windows\System\sargyhD.exe
  C:\Windows\System\sargyhD.exe
  2⤵
  PID:8800
- C:\Windows\System\iShGQhL.exe
  C:\Windows\System\iShGQhL.exe
  2⤵
  PID:8816
- C:\Windows\System\mhAoQHm.exe
  C:\Windows\System\mhAoQHm.exe
  2⤵
  PID:8832
- C:\Windows\System\ouHShUl.exe
  C:\Windows\System\ouHShUl.exe
  2⤵
  PID:8848
- C:\Windows\System\OeKMVyY.exe
  C:\Windows\System\OeKMVyY.exe
  2⤵
  PID:8864
- C:\Windows\System\vNEiRRw.exe
  C:\Windows\System\vNEiRRw.exe
  2⤵
  PID:8884
- C:\Windows\System\LkEOEtt.exe
  C:\Windows\System\LkEOEtt.exe
  2⤵
  PID:8900
- C:\Windows\System\Whnosjl.exe
  C:\Windows\System\Whnosjl.exe
  2⤵
  PID:8916
- C:\Windows\System\JmGMTty.exe
  C:\Windows\System\JmGMTty.exe
  2⤵
  PID:8948
- C:\Windows\System\yccQvPD.exe
  C:\Windows\System\yccQvPD.exe
  2⤵
  PID:8964
- C:\Windows\System\cAHRPSE.exe
  C:\Windows\System\cAHRPSE.exe
  2⤵
  PID:8980
- C:\Windows\System\ojYpEuv.exe
  C:\Windows\System\ojYpEuv.exe
  2⤵
  PID:9016
- C:\Windows\System\YzOXRzt.exe
  C:\Windows\System\YzOXRzt.exe
  2⤵
  PID:9040
- C:\Windows\System\oTYkxvU.exe
  C:\Windows\System\oTYkxvU.exe
  2⤵
  PID:9056
- C:\Windows\System\CuDCTIc.exe
  C:\Windows\System\CuDCTIc.exe
  2⤵
  PID:9072
- C:\Windows\System\aumuySA.exe
  C:\Windows\System\aumuySA.exe
  2⤵
  PID:9088
- C:\Windows\System\iUrooUl.exe
  C:\Windows\System\iUrooUl.exe
  2⤵
  PID:9124
- C:\Windows\System\buvMmeJ.exe
  C:\Windows\System\buvMmeJ.exe
  2⤵
  PID:9144
- C:\Windows\System\RuHCcpT.exe
  C:\Windows\System\RuHCcpT.exe
  2⤵
  PID:9160
- C:\Windows\System\KhFlGjY.exe
  C:\Windows\System\KhFlGjY.exe
  2⤵
  PID:9176
- C:\Windows\System\wQuJNct.exe
  C:\Windows\System\wQuJNct.exe
  2⤵
  PID:2900
- C:\Windows\System\rWkSLgy.exe
  C:\Windows\System\rWkSLgy.exe
  2⤵
  PID:8236
- C:\Windows\System\JIbTNel.exe
  C:\Windows\System\JIbTNel.exe
  2⤵
  PID:8216
- C:\Windows\System\KuZqyTd.exe
  C:\Windows\System\KuZqyTd.exe
  2⤵
  PID:8300
- C:\Windows\System\iDPpbPK.exe
  C:\Windows\System\iDPpbPK.exe
  2⤵
  PID:8316
- C:\Windows\System\gtPEjTW.exe
  C:\Windows\System\gtPEjTW.exe
  2⤵
  PID:8336
- C:\Windows\System\zClkiIZ.exe
  C:\Windows\System\zClkiIZ.exe
  2⤵
  PID:8364
- C:\Windows\System\ylOpFBx.exe
  C:\Windows\System\ylOpFBx.exe
  2⤵
  PID:8448
- C:\Windows\System\xuNjvDT.exe
  C:\Windows\System\xuNjvDT.exe
  2⤵
  PID:8416
- C:\Windows\System\lHnYbYU.exe
  C:\Windows\System\lHnYbYU.exe
  2⤵
  PID:8484
- C:\Windows\System\DlNvoDz.exe
  C:\Windows\System\DlNvoDz.exe
  2⤵
  PID:8532
- C:\Windows\System\rgLOXcA.exe
  C:\Windows\System\rgLOXcA.exe
  2⤵
  PID:8468
- C:\Windows\System\kwDoKGE.exe
  C:\Windows\System\kwDoKGE.exe
  2⤵
  PID:8576
- C:\Windows\System\zpzKYlz.exe
  C:\Windows\System\zpzKYlz.exe
  2⤵
  PID:8548
- C:\Windows\System\oDnSSbl.exe
  C:\Windows\System\oDnSSbl.exe
  2⤵
  PID:8588
- C:\Windows\System\TlUcItw.exe
  C:\Windows\System\TlUcItw.exe
  2⤵
  PID:8612
- C:\Windows\System\gVcEwRr.exe
  C:\Windows\System\gVcEwRr.exe
  2⤵
  PID:8664
- C:\Windows\System\gEYQood.exe
  C:\Windows\System\gEYQood.exe
  2⤵
  PID:8648
- C:\Windows\System\lNNQllL.exe
  C:\Windows\System\lNNQllL.exe
  2⤵
  PID:8684
- C:\Windows\System\ezlskeX.exe
  C:\Windows\System\ezlskeX.exe
  2⤵
  PID:8748
- C:\Windows\System\yaZjJIA.exe
  C:\Windows\System\yaZjJIA.exe
  2⤵
  PID:8728
- C:\Windows\System\fVkOWxS.exe
  C:\Windows\System\fVkOWxS.exe
  2⤵
  PID:8700
- C:\Windows\System\SnFnPdV.exe
  C:\Windows\System\SnFnPdV.exe
  2⤵
  PID:8796
- C:\Windows\System\AMNELrG.exe
  C:\Windows\System\AMNELrG.exe
  2⤵
  PID:8896
- C:\Windows\System\WSUMcfM.exe
  C:\Windows\System\WSUMcfM.exe
  2⤵
  PID:8880
- C:\Windows\System\TdtJevW.exe
  C:\Windows\System\TdtJevW.exe
  2⤵
  PID:8928
- C:\Windows\System\bOpWToD.exe
  C:\Windows\System\bOpWToD.exe
  2⤵
  PID:8988
- C:\Windows\System\FoZlukW.exe
  C:\Windows\System\FoZlukW.exe
  2⤵
  PID:8976
- C:\Windows\System\iEPxgOP.exe
  C:\Windows\System\iEPxgOP.exe
  2⤵
  PID:9004
- C:\Windows\System\VhECpwt.exe
  C:\Windows\System\VhECpwt.exe
  2⤵
  PID:9032
- C:\Windows\System\oeXMqss.exe
  C:\Windows\System\oeXMqss.exe
  2⤵
  PID:9100
- C:\Windows\System\XRhtqET.exe
  C:\Windows\System\XRhtqET.exe
  2⤵
  PID:9116
- C:\Windows\System\DNCMIkf.exe
  C:\Windows\System\DNCMIkf.exe
  2⤵
  PID:9184
- C:\Windows\System\rPmJgPv.exe
  C:\Windows\System\rPmJgPv.exe
  2⤵
  PID:9188
- C:\Windows\System\ILawyjO.exe
  C:\Windows\System\ILawyjO.exe
  2⤵
  PID:9208
- C:\Windows\System\ycykdRn.exe
  C:\Windows\System\ycykdRn.exe
  2⤵
  PID:8008
- C:\Windows\System\sdrtqXr.exe
  C:\Windows\System\sdrtqXr.exe
  2⤵
  PID:7496
- C:\Windows\System\cyPKMsu.exe
  C:\Windows\System\cyPKMsu.exe
  2⤵
  PID:8268
- C:\Windows\System\GVPujZf.exe
  C:\Windows\System\GVPujZf.exe
  2⤵
  PID:8292
- C:\Windows\System\YWDkCFB.exe
  C:\Windows\System\YWDkCFB.exe
  2⤵
  PID:8320
- C:\Windows\System\fJokZJx.exe
  C:\Windows\System\fJokZJx.exe
  2⤵
  PID:8432
- C:\Windows\System\IkfjSNc.exe
  C:\Windows\System\IkfjSNc.exe
  2⤵
  PID:8400
- C:\Windows\System\zkDSGYX.exe
  C:\Windows\System\zkDSGYX.exe
  2⤵
  PID:8420
- C:\Windows\System\BPgVRlp.exe
  C:\Windows\System\BPgVRlp.exe
  2⤵
  PID:8456
- C:\Windows\System\EKZJAkh.exe
  C:\Windows\System\EKZJAkh.exe
  2⤵
  PID:8808
- C:\Windows\System\lABITBl.exe
  C:\Windows\System\lABITBl.exe
  2⤵
  PID:8780
- C:\Windows\System\whEIWCF.exe
  C:\Windows\System\whEIWCF.exe
  2⤵
  PID:8696
- C:\Windows\System\nTZcfMt.exe
  C:\Windows\System\nTZcfMt.exe
  2⤵
  PID:8840
- C:\Windows\System\GHNsGgL.exe
  C:\Windows\System\GHNsGgL.exe
  2⤵
  PID:8660
- C:\Windows\System\OionIOU.exe
  C:\Windows\System\OionIOU.exe
  2⤵
  PID:8992
- C:\Windows\System\xgvRfzY.exe
  C:\Windows\System\xgvRfzY.exe
  2⤵
  PID:8252
- C:\Windows\System\LTmyvMa.exe
  C:\Windows\System\LTmyvMa.exe
  2⤵
  PID:9104
- C:\Windows\System\diNrIoG.exe
  C:\Windows\System\diNrIoG.exe
  2⤵
  PID:9108
- C:\Windows\System\FUrclrO.exe
  C:\Windows\System\FUrclrO.exe
  2⤵
  PID:8380
- C:\Windows\System\PCOsOOi.exe
  C:\Windows\System\PCOsOOi.exe
  2⤵
  PID:9152
- C:\Windows\System\dCPIjvg.exe
  C:\Windows\System\dCPIjvg.exe
  2⤵
  PID:8568
- C:\Windows\System\zQXchqk.exe
  C:\Windows\System\zQXchqk.exe
  2⤵
  PID:8892
- C:\Windows\System\gkithWQ.exe
  C:\Windows\System\gkithWQ.exe
  2⤵
  PID:8956
- C:\Windows\System\bBwpQGq.exe
  C:\Windows\System\bBwpQGq.exe
  2⤵
  PID:9048
- C:\Windows\System\qcxYqqe.exe
  C:\Windows\System\qcxYqqe.exe
  2⤵
  PID:8600
- C:\Windows\System\YfmKEzL.exe
  C:\Windows\System\YfmKEzL.exe
  2⤵
  PID:8312
- C:\Windows\System\yqVrjAo.exe
  C:\Windows\System\yqVrjAo.exe
  2⤵
  PID:9084
- C:\Windows\System\jjKssWy.exe
  C:\Windows\System\jjKssWy.exe
  2⤵
  PID:408
- C:\Windows\System\vbeNQQT.exe
  C:\Windows\System\vbeNQQT.exe
  2⤵
  PID:8516
- C:\Windows\System\MEncUJY.exe
  C:\Windows\System\MEncUJY.exe
  2⤵
  PID:8732
- C:\Windows\System\DJnmNjo.exe
  C:\Windows\System\DJnmNjo.exe
  2⤵
  PID:9028
- C:\Windows\System\GWTFpzE.exe
  C:\Windows\System\GWTFpzE.exe
  2⤵
  PID:8792
- C:\Windows\System\pKYrhPE.exe
  C:\Windows\System\pKYrhPE.exe
  2⤵
  PID:7804
- C:\Windows\System\HuefAVx.exe
  C:\Windows\System\HuefAVx.exe
  2⤵
  PID:9172
- C:\Windows\System\mnwDPOd.exe
  C:\Windows\System\mnwDPOd.exe
  2⤵
  PID:9096
- C:\Windows\System\fmKXkWQ.exe
  C:\Windows\System\fmKXkWQ.exe
  2⤵
  PID:8876
- C:\Windows\System\azysCpC.exe
  C:\Windows\System\azysCpC.exe
  2⤵
  PID:2244
- C:\Windows\System\ewDPTYJ.exe
  C:\Windows\System\ewDPTYJ.exe
  2⤵
  PID:9196
- C:\Windows\System\losHJnQ.exe
  C:\Windows\System\losHJnQ.exe
  2⤵
  PID:9012
- C:\Windows\System\AHMbQhC.exe
  C:\Windows\System\AHMbQhC.exe
  2⤵
  PID:8960
- C:\Windows\System\GyLxZUl.exe
  C:\Windows\System\GyLxZUl.exe
  2⤵
  PID:8556
- C:\Windows\System\HFNolEH.exe
  C:\Windows\System\HFNolEH.exe
  2⤵
  PID:7612
- C:\Windows\System\kamXFxl.exe
  C:\Windows\System\kamXFxl.exe
  2⤵
  PID:9240
- C:\Windows\System\geaYnCP.exe
  C:\Windows\System\geaYnCP.exe
  2⤵
  PID:9256
- C:\Windows\System\sSYZVWE.exe
  C:\Windows\System\sSYZVWE.exe
  2⤵
  PID:9272
- C:\Windows\System\BJFJvuY.exe
  C:\Windows\System\BJFJvuY.exe
  2⤵
  PID:9288
- C:\Windows\System\inMmkEq.exe
  C:\Windows\System\inMmkEq.exe
  2⤵
  PID:9304
- C:\Windows\System\wgFYSOr.exe
  C:\Windows\System\wgFYSOr.exe
  2⤵
  PID:9328
- C:\Windows\System\pcdzhjy.exe
  C:\Windows\System\pcdzhjy.exe
  2⤵
  PID:9348
- C:\Windows\System\yuWfZHD.exe
  C:\Windows\System\yuWfZHD.exe
  2⤵
  PID:9364
- C:\Windows\System\LHVemFT.exe
  C:\Windows\System\LHVemFT.exe
  2⤵
  PID:9380
- C:\Windows\System\oWsWSfA.exe
  C:\Windows\System\oWsWSfA.exe
  2⤵
  PID:9396
- C:\Windows\System\NpEPUzO.exe
  C:\Windows\System\NpEPUzO.exe
  2⤵
  PID:9416
- C:\Windows\System\oPwwfzH.exe
  C:\Windows\System\oPwwfzH.exe
  2⤵
  PID:9436
- C:\Windows\System\VkqMkSt.exe
  C:\Windows\System\VkqMkSt.exe
  2⤵
  PID:9452
- C:\Windows\System\nFhMInJ.exe
  C:\Windows\System\nFhMInJ.exe
  2⤵
  PID:9480
- C:\Windows\System\JrEnHiU.exe
  C:\Windows\System\JrEnHiU.exe
  2⤵
  PID:9504
- C:\Windows\System\QsuqcEK.exe
  C:\Windows\System\QsuqcEK.exe
  2⤵
  PID:9524
- C:\Windows\System\eyJbmoU.exe
  C:\Windows\System\eyJbmoU.exe
  2⤵
  PID:9548
- C:\Windows\System\sKIgqpG.exe
  C:\Windows\System\sKIgqpG.exe
  2⤵
  PID:9568
- C:\Windows\System\SHSowHi.exe
  C:\Windows\System\SHSowHi.exe
  2⤵
  PID:9592
- C:\Windows\System\DDMkZPx.exe
  C:\Windows\System\DDMkZPx.exe
  2⤵
  PID:9632
- C:\Windows\System\mndxPcl.exe
  C:\Windows\System\mndxPcl.exe
  2⤵
  PID:9656
- C:\Windows\System\llvLczr.exe
  C:\Windows\System\llvLczr.exe
  2⤵
  PID:9672
- C:\Windows\System\DvbTHqV.exe
  C:\Windows\System\DvbTHqV.exe
  2⤵
  PID:9688
- C:\Windows\System\jAwNedA.exe
  C:\Windows\System\jAwNedA.exe
  2⤵
  PID:9704
- C:\Windows\System\viJqKab.exe
  C:\Windows\System\viJqKab.exe
  2⤵
  PID:9720
- C:\Windows\System\NKZUdxc.exe
  C:\Windows\System\NKZUdxc.exe
  2⤵
  PID:9736
- C:\Windows\System\seofMEl.exe
  C:\Windows\System\seofMEl.exe
  2⤵
  PID:9752
- C:\Windows\System\XcFvNbv.exe
  C:\Windows\System\XcFvNbv.exe
  2⤵
  PID:9768
- C:\Windows\System\KwSImBI.exe
  C:\Windows\System\KwSImBI.exe
  2⤵
  PID:9784
- C:\Windows\System\HSlVaPT.exe
  C:\Windows\System\HSlVaPT.exe
  2⤵
  PID:9800
- C:\Windows\System\jFYYAXz.exe
  C:\Windows\System\jFYYAXz.exe
  2⤵
  PID:9816
- C:\Windows\System\vUnJkIq.exe
  C:\Windows\System\vUnJkIq.exe
  2⤵
  PID:9832
- C:\Windows\System\MFbnwiT.exe
  C:\Windows\System\MFbnwiT.exe
  2⤵
  PID:9848
- C:\Windows\System\qfVpKCS.exe
  C:\Windows\System\qfVpKCS.exe
  2⤵
  PID:9864
- C:\Windows\System\DIczUus.exe
  C:\Windows\System\DIczUus.exe
  2⤵
  PID:9880
- C:\Windows\System\cifZTMf.exe
  C:\Windows\System\cifZTMf.exe
  2⤵
  PID:9896
- C:\Windows\System\wKwsIsq.exe
  C:\Windows\System\wKwsIsq.exe
  2⤵
  PID:9912
- C:\Windows\System\ICjKJIm.exe
  C:\Windows\System\ICjKJIm.exe
  2⤵
  PID:9928
- C:\Windows\System\EPEfbhc.exe
  C:\Windows\System\EPEfbhc.exe
  2⤵
  PID:9944
- C:\Windows\System\PlMZvXQ.exe
  C:\Windows\System\PlMZvXQ.exe
  2⤵
  PID:9960
- C:\Windows\System\ltJsaCJ.exe
  C:\Windows\System\ltJsaCJ.exe
  2⤵
  PID:9976
- C:\Windows\System\NLYzlKi.exe
  C:\Windows\System\NLYzlKi.exe
  2⤵
  PID:9992
- C:\Windows\System\flTlBmy.exe
  C:\Windows\System\flTlBmy.exe
  2⤵
  PID:10008
- C:\Windows\System\wBbPXUP.exe
  C:\Windows\System\wBbPXUP.exe
  2⤵
  PID:10024
- C:\Windows\System\DWpmedy.exe
  C:\Windows\System\DWpmedy.exe
  2⤵
  PID:10040
- C:\Windows\System\NEHLJPc.exe
  C:\Windows\System\NEHLJPc.exe
  2⤵
  PID:10056
- C:\Windows\System\JELGctp.exe
  C:\Windows\System\JELGctp.exe
  2⤵
  PID:10076
- C:\Windows\System\aplDoPj.exe
  C:\Windows\System\aplDoPj.exe
  2⤵
  PID:10092
- C:\Windows\System\mPOmHyQ.exe
  C:\Windows\System\mPOmHyQ.exe
  2⤵
  PID:10108
- C:\Windows\System\xelvijs.exe
  C:\Windows\System\xelvijs.exe
  2⤵
  PID:10124
- C:\Windows\System\NieHSAp.exe
  C:\Windows\System\NieHSAp.exe
  2⤵
  PID:10140
- C:\Windows\System\xkOVPwA.exe
  C:\Windows\System\xkOVPwA.exe
  2⤵
  PID:10156
- C:\Windows\System\ZeOmwfH.exe
  C:\Windows\System\ZeOmwfH.exe
  2⤵
  PID:10176
- C:\Windows\System\NOZOBuG.exe
  C:\Windows\System\NOZOBuG.exe
  2⤵
  PID:10196
- C:\Windows\System\UJbglgp.exe
  C:\Windows\System\UJbglgp.exe
  2⤵
  PID:10212
- C:\Windows\System\HABdbTG.exe
  C:\Windows\System\HABdbTG.exe
  2⤵
  PID:10228
- C:\Windows\System\OSjnRbo.exe
  C:\Windows\System\OSjnRbo.exe
  2⤵
  PID:8284
- C:\Windows\System\BwUJWUm.exe
  C:\Windows\System\BwUJWUm.exe
  2⤵
  PID:9036
- C:\Windows\System\fQgkZSk.exe
  C:\Windows\System\fQgkZSk.exe
  2⤵
  PID:7976
- C:\Windows\System\RHLFTvz.exe
  C:\Windows\System\RHLFTvz.exe
  2⤵
  PID:9228
- C:\Windows\System\pvNigUL.exe
  C:\Windows\System\pvNigUL.exe
  2⤵
  PID:8944
- C:\Windows\System\rduwsJh.exe
  C:\Windows\System\rduwsJh.exe
  2⤵
  PID:9312
- C:\Windows\System\EKaUksV.exe
  C:\Windows\System\EKaUksV.exe
  2⤵
  PID:9360
- C:\Windows\System\KsvIxGJ.exe
  C:\Windows\System\KsvIxGJ.exe
  2⤵
  PID:9392
- C:\Windows\System\ydPpuQs.exe
  C:\Windows\System\ydPpuQs.exe
  2⤵
  PID:9336
- C:\Windows\System\bkdqJyk.exe
  C:\Windows\System\bkdqJyk.exe
  2⤵
  PID:9428
- C:\Windows\System\jTrvKyT.exe
  C:\Windows\System\jTrvKyT.exe
  2⤵
  PID:9408
- C:\Windows\System\nWcXyGW.exe
  C:\Windows\System\nWcXyGW.exe
  2⤵
  PID:9500
- C:\Windows\System\EAcjwwB.exe
  C:\Windows\System\EAcjwwB.exe
  2⤵
  PID:9448
- C:\Windows\System\joWuJyc.exe
  C:\Windows\System\joWuJyc.exe
  2⤵
  PID:9472
- C:\Windows\System\XUKSINA.exe
  C:\Windows\System\XUKSINA.exe
  2⤵
  PID:9516
- C:\Windows\System\aNmXGPt.exe
  C:\Windows\System\aNmXGPt.exe
  2⤵
  PID:9576
- C:\Windows\System\kWfTEfY.exe
  C:\Windows\System\kWfTEfY.exe
  2⤵
  PID:8264
- C:\Windows\System\JcCZSiV.exe
  C:\Windows\System\JcCZSiV.exe
  2⤵
  PID:9600
- C:\Windows\System\jfyZbKC.exe
  C:\Windows\System\jfyZbKC.exe
  2⤵
  PID:9620
- C:\Windows\System\jNfGaXq.exe
  C:\Windows\System\jNfGaXq.exe
  2⤵
  PID:9648
- C:\Windows\System\WKPnLKu.exe
  C:\Windows\System\WKPnLKu.exe
  2⤵
  PID:9696
- C:\Windows\System\ENncUVL.exe
  C:\Windows\System\ENncUVL.exe
  2⤵
  PID:9728
- C:\Windows\System\TwuJxEh.exe
  C:\Windows\System\TwuJxEh.exe
  2⤵
  PID:9748
- C:\Windows\System\ZUVPxuj.exe
  C:\Windows\System\ZUVPxuj.exe
  2⤵
  PID:9812
- C:\Windows\System\RvZddDz.exe
  C:\Windows\System\RvZddDz.exe
  2⤵
  PID:9872
- C:\Windows\System\OIVEiqD.exe
  C:\Windows\System\OIVEiqD.exe
  2⤵
  PID:9764
- C:\Windows\System\DakVeVV.exe
  C:\Windows\System\DakVeVV.exe
  2⤵
  PID:9828
- C:\Windows\System\kmhJdya.exe
  C:\Windows\System\kmhJdya.exe
  2⤵
  PID:9892
- C:\Windows\System\kuhxHzm.exe
  C:\Windows\System\kuhxHzm.exe
  2⤵
  PID:9968
- C:\Windows\System\kaWAtSj.exe
  C:\Windows\System\kaWAtSj.exe
  2⤵
  PID:9956
- C:\Windows\System\TaoCybF.exe
  C:\Windows\System\TaoCybF.exe
  2⤵
  PID:10036
- C:\Windows\System\EhJcboY.exe
  C:\Windows\System\EhJcboY.exe
  2⤵
  PID:9984
- C:\Windows\System\nTRTqew.exe
  C:\Windows\System\nTRTqew.exe
  2⤵
  PID:10104
- C:\Windows\System\jebZMWq.exe
  C:\Windows\System\jebZMWq.exe
  2⤵
  PID:10148
- C:\Windows\System\GqLwepZ.exe
  C:\Windows\System\GqLwepZ.exe
  2⤵
  PID:10168
- C:\Windows\System\ordwxAN.exe
  C:\Windows\System\ordwxAN.exe
  2⤵
  PID:10088
- C:\Windows\System\iPNYsWd.exe
  C:\Windows\System\iPNYsWd.exe
  2⤵
  PID:10152
- C:\Windows\System\MVadFBG.exe
  C:\Windows\System\MVadFBG.exe
  2⤵
  PID:10220
- C:\Windows\System\AfbuPJb.exe
  C:\Windows\System\AfbuPJb.exe
  2⤵
  PID:9068
- C:\Windows\System\RlFZllA.exe
  C:\Windows\System\RlFZllA.exe
  2⤵
  PID:9264
- C:\Windows\System\KQfkkDy.exe
  C:\Windows\System\KQfkkDy.exe
  2⤵
  PID:9356
- C:\Windows\System\ykaJuDx.exe
  C:\Windows\System\ykaJuDx.exe
  2⤵
  PID:9372
- C:\Windows\System\wTphAzc.exe
  C:\Windows\System\wTphAzc.exe
  2⤵
  PID:9404
- C:\Windows\System\SJzETDm.exe
  C:\Windows\System\SJzETDm.exe
  2⤵
  PID:9476
- C:\Windows\System\tQcRBrm.exe
  C:\Windows\System\tQcRBrm.exe
  2⤵
  PID:9512
- C:\Windows\System\QYiIqrJ.exe
  C:\Windows\System\QYiIqrJ.exe
  2⤵
  PID:8384
- C:\Windows\System\DijAkvh.exe
  C:\Windows\System\DijAkvh.exe
  2⤵
  PID:9668
- C:\Windows\System\NXOWynZ.exe
  C:\Windows\System\NXOWynZ.exe
  2⤵
  PID:9624
- C:\Windows\System\zCALabQ.exe
  C:\Windows\System\zCALabQ.exe
  2⤵
  PID:9744
- C:\Windows\System\KmPiCqI.exe
  C:\Windows\System\KmPiCqI.exe
  2⤵
  PID:9936
- C:\Windows\System\GiNnqgY.exe
  C:\Windows\System\GiNnqgY.exe
  2⤵
  PID:10100
- C:\Windows\System\dLlYpUq.exe
  C:\Windows\System\dLlYpUq.exe
  2⤵
  PID:10236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AnBUxAa.exe

Filesize
6.0MB

MD5
4d77292dff5c86e0915b75c150f34cc9

SHA1
3b2d6f7a02af391acc2173f658d15eb3b2bf7db9

SHA256
3bf26b0e11d3423044cfcdb7c9f627ba1c009d29f9c978031a8ce772d2063936

SHA512
03055673dba082b7f6d792359d9a9e239fac6b4e8eae3f9cb57c76fd32d3c95c1b5061bc61f0778ade1459228a5899e753c8e506381e429d22acbc7632aa1124

Download Submit
C:\Windows\system\DWSKyBP.exe

Filesize
6.0MB

MD5
1022595db5945fbcf591f4813cd8e450

SHA1
7d19cc808518c2702c3051591ef1fec6c460b2b9

SHA256
9d5c2c9e7ad1c923dfb3be7939a04338a9e2b3a40b1c0b7e6682250df9147928

SHA512
a2c9cb15ae69b6b208c61b48b6b691e38e778a58ec9991c49894302cc981d31534a51361e635d3d42d83b03218f9af8ec83cf5093e9d8e3f0cb8110a7c6bf440

Download Submit
C:\Windows\system\FtfFAMi.exe

Filesize
6.0MB

MD5
aa1f2ea979d8a9e4449090f0d5b62d16

SHA1
d7c15d7120596eda67489eb98f67980c3620743b

SHA256
513cd98b6be09584d3fc82e3bcec62db78e075dd37824276d4c63b9b6a3a823c

SHA512
6a3d7111c9694a897df0f593499a413346b21cd4b3aaaa31ab4cc0014575380578b8128a239d9f22f98385b9bb6bc168cfe683fa60ce8494fec60bc436eeed24

Download Submit
C:\Windows\system\HSHgfyE.exe

Filesize
6.0MB

MD5
ae0076800be30e4bcd711627d6cf6f49

SHA1
9a547512c144be18b471a9a9c28a0e7dcb17acea

SHA256
682b2210b6412b0e388745204f20fc4dc8f38b9f3016fc7682c81872a48a8751

SHA512
4b0ab6f036eea7760701661f9cc667dd78911bd212b22a3231d8d95fca00ceff60dcf7eb78d67ed451b2df055429e876f1dc344f04c5d15efed77798a328267a

Download Submit
C:\Windows\system\HiBfcqT.exe

Filesize
6.0MB

MD5
685f7b65b2690bf48a9a45867e5b4dee

SHA1
48f748f0743655faadf13ea29380bdc48bdce160

SHA256
e2ffb891b3be9c3d13118de553d2ec1757234a9dc7ef6d7a6498e41933384239

SHA512
ed8b1ebd3b4f10cf1de5bf73f329204ffa40206b9e12b6be53caa85be15c813a700b0da12e8ec4d78f25976ff6b33ced50da9c3b8c2718eb1c1d8d0947756a05

Download Submit
C:\Windows\system\HzBGXTC.exe

Filesize
6.0MB

MD5
3732a7c2b684b28f6da092392f803a82

SHA1
89101be778aa16b8feb3c22e8b891876e6b9504b

SHA256
e326ea660013327078309ca5897b86c1fb44922c529f92d49cc9e4ac4fbf9f53

SHA512
0257a5f052efe7607e1b146c6c6ed25a82ac5055026aa0e1c0d26cff82400ed4116002248894f36beac9fe47b8f595c8b70da22c9cbf94eb8e8c8b5284192731

Download Submit
C:\Windows\system\MJoeVaz.exe

Filesize
6.0MB

MD5
a01ca464696cd16be2b2544c7b7df5cd

SHA1
2f2bba5cfa17296ac166978de3523de065878931

SHA256
129a2ccfead15afea766cf85e0f3e7513238a504d6e31efca889f814d8ba00cf

SHA512
cfd514f3aa23be7d90d1639346537d94f2f4d7b07eba08f3ab0981005192aefbc2707f66783a4947c15b94325b505cf94bd8e10e654a11d5ae6b7d596bbb8573

Download Submit
C:\Windows\system\NgYZmph.exe

Filesize
6.0MB

MD5
09b4f3e1ca9d49b203ae850218c5abef

SHA1
a2034013805b3b697b0ace4d3d8009085706b8e1

SHA256
1867ca6532e6bfe59cf4cafdb8298ec1b3d34a0eb6b67cc0690c3a569f4c8d43

SHA512
baea155b668041b2c8a119018bb9731d732859f943363cc8c56fa651c2f29b99c84c336ca4920e70dad1327af0b10cde5bd2880f6bd0cd8e968e071b66540587

Download Submit
C:\Windows\system\QQoidzK.exe

Filesize
6.0MB

MD5
fbe0fc6c63028497f96855166d96c9bd

SHA1
074ff27c35dc09991e1c92928a685d7efc999190

SHA256
7262cac362b037f0a5065821b9d7f58eff3eeedda68e21baf9866d4bb913a2c2

SHA512
dfee70a7ee9b27555226a728e39a44da4b70c02f042202088dd3f4b485733f297e1ab214da2ad30b5a1e4ffe22da9cdcf86b320d8356c9995cedf620c4adb2af

Download Submit
C:\Windows\system\SCwWttu.exe

Filesize
6.0MB

MD5
1a8bc1488fcc77a317c72dfc0cc50efe

SHA1
6dbc6478c52baaefe93000f87ee1525eb3d9a31c

SHA256
fdee195bc84a97603bc0b7668433cc35bdf0e2d9f14ca7cfba5d74dd86bda107

SHA512
e747e0e999c7b1b3fd97a1a3a130657f469f4bd308553a38e9587258ebadaa854f3db0861497add251f9f911edfadf6059f52e806fc7a08cf5523c94b939fcde

Download Submit
C:\Windows\system\UKgAMgT.exe

Filesize
6.0MB

MD5
672cdf649b489a493232ee80d99c8459

SHA1
840446613fd574b979c1bb298c128bf41d68bda3

SHA256
cca8c324fdf2cdd6acecefc4c5810c1b60788fed552785547117dae2329e5d6d

SHA512
a3ae6ddf5a7bf924b2a3b6aed2bc0a463ef434e1e28d0d4b59834ae2ea9818994cff85e954e3fd0055234507381d449a286fb5782a417b0d001a15313f45808b

Download Submit
C:\Windows\system\UXcLkel.exe

Filesize
6.0MB

MD5
454e4aad4591babcf2e4423a9f8c3fea

SHA1
3853b381ca4dd64081059ddadf58742baa487795

SHA256
8088faeea31cfde0ad0e9620bef7bb6a604fcfc5e7e48ec19a1f4f5ca2520c46

SHA512
907260781c6ca62ed18b41185a1462d5ab96ec1e175d63fdee91206914b4c902f8f023b1db628bbf228b92e6841d664fca833e55440a2e1003f46a07bd7a95fd

Download Submit
C:\Windows\system\ZJeAHTV.exe

Filesize
6.0MB

MD5
9dde275b65447cec8bc3529f1abf9e0e

SHA1
44ed60b1f24dbe2fe69216bb06de12d00a9158fd

SHA256
9bbc26ebd75ca69d580f8ceac6cc80ad77a3cd936156cd41be6d0860a748a3ae

SHA512
e3d7077da36483fce25bab73bfd2b96ffa98465b99d8f7a7ca937956d23eea8cdd3a955ba416dbd28f574a2a49234d945e2b1b051b43e7923c03a5fe8f8c7679

Download Submit
C:\Windows\system\bKhMEFf.exe

Filesize
6.0MB

MD5
aba06709a24100e48365a4d13bf667fa

SHA1
879cd8b6d1ac239f032b8dbc4538d725eebf3705

SHA256
a78e8dee5bf77b3d5bd6fe9058bec9c382e467de4ad1652632eb2f5844709144

SHA512
09a9455267ee617a259bfeaf492a4b3816b01b893d6bc5427563936c777d30c5737a3049514ebc47e6df3c26458b82116d56d45690dd32f3d3b5501e6006d1f9

Download Submit
C:\Windows\system\bQtfbsf.exe

Filesize
6.0MB

MD5
0e5caee94b3444905426268a492a6b56

SHA1
b627638732d7e2b707a4e7a32907085399b77544

SHA256
7d6a0953c6cdf47226b6df4a75b7ba1d85bdc9489fc02db92a8901d08ca3fee8

SHA512
f5930fdd8b81116bfafb801a06504814ae962f3184bfacb5f5b0b7a2e67ef3a5f7827356c79dbd1706cd3fbbd74cbe6643dcced725ca0c0195161571ddcf8521

Download Submit
C:\Windows\system\cIefAeP.exe

Filesize
6.0MB

MD5
4c8bface1baa8652af7d9d0d150000cc

SHA1
630b7ada280f88250c00bf507b909730cb3fff2d

SHA256
8932936ee91276368921e1c08444f083d1c1f613f07684eafe44d42006cfa269

SHA512
a32245ee446a1accf65efbb48f6873388c398d325bd2cf7a2dc14d28429a4ce2a114034794e5b6f099b3f1326c83cf6ac76d8e0f53b091714c5e885c7ae070b6

Download Submit
C:\Windows\system\iKkKNuD.exe

Filesize
6.0MB

MD5
b9cceba444e07580f6d104d595bbcdec

SHA1
cdc3bf2672955669ae9a8fbc6e61eaaba94ab02f

SHA256
4d446c027b2d367da988799bd21f3fc322cb581b2207a9a312c3d06cad91efec

SHA512
4973b8c5b408ea7f5d8dd5ac5a7ee8886022e678454a12d38d1c0a225f6b99ed3869f4507ef8c42414d207c5ad369b7c151c403260439145331fcf0bd8c901be

Download Submit
C:\Windows\system\jRUNTWk.exe

Filesize
6.0MB

MD5
261a0089d012eaf35f7ef4a97d7b5fc6

SHA1
4206c6444a0234025288afcb0ee97af3c5b7fab2

SHA256
3558cde32422cb4c4cd6d979b6bb5507e9b3b51b47d1d6d261858e929833dbb9

SHA512
b3ef142b63c7f781c5bc3c97693f6a8502c28779802bdb877a66ab4805ba4a339f8648cffbafde71f243afbb7cdf53198fa19d82de83793a99c9a804a5058454

Download Submit
C:\Windows\system\nCwSwPD.exe

Filesize
6.0MB

MD5
2ddaf64ccbe0a1a4dd4424589096339c

SHA1
d63fdcb992d38539d2adae7a28153f47604b593e

SHA256
ccb6d3def802cee4aa7a441fd762416b4f1d06cb513ee18e550b71bf0b4911e7

SHA512
3209445f28b0855e8b84d3a6aedd0a3af8f69c8559be60c2dcc2f1db4143a97176b105f4c70523424d38d692ff9d556f66e6b385e6f249db90974c191c4a97f8

Download Submit
C:\Windows\system\nVetsfZ.exe

Filesize
6.0MB

MD5
b4b6b7da420558858b5eda813251335e

SHA1
68024b77b56bc04c88be1bc8bba5e18388539bff

SHA256
fc844217a1d7a7dfb0bde585fd5326b524180c2f971107709e8c5fecd9f6cc68

SHA512
88a0878733569f4fcdbe658e93a6b45b18506641d395835c8bd40592a07c0b4126c8a9043a1b5a8884de2b5a9a609b6e681eb68634d1a4886bb6c5ba3270de2b

Download Submit
C:\Windows\system\rXpHFqN.exe

Filesize
6.0MB

MD5
6b8dd23e08be2106099c485d73f6f18f

SHA1
28b0af15e4c80076987def32e70f74949c7655d8

SHA256
5fe422f0d834fd0a8e03cab2c2ebfee1c356f5919851926fa76fb1909d4c3b8d

SHA512
646977eb4fa2d6dd3e42afa5727e339c5a431fa433b0d2b52a27dbaae2bb89d2b0d0715b56be41e4076f50723904d0ed3c4b8d137db3612d536033b1f4d5ee88

Download Submit
C:\Windows\system\saynLAC.exe

Filesize
6.0MB

MD5
c705493a443014fca49f67d1bf323f6f

SHA1
4da7c516417da3c115366e1a9af6ee94f9a48e2f

SHA256
c22d6452e865293b9f5c246c4348fa183251ad46689d2fb6035c663386f6e834

SHA512
226f82f4551bc479746e4a38846ec08f981da43df5f6526fd7e09f87ee3dbff056320bb2d389e10929e4e86a7f8e26626a3530f92c6c725c72dc0b8070ebf613

Download Submit
C:\Windows\system\uQynWvU.exe

Filesize
6.0MB

MD5
6fb64a3d489e6b8fdc72269cc3dfd0ce

SHA1
b849d3febae6a235be61d92915a6056a0e44b24c

SHA256
19305bd592805d479940125584950fe3043cf7ca8ef0a310635b7a6e0d7a7133

SHA512
287aea4b5ae54a7b4103c6eef86117f917247e872afc02d2b16083f56d22295cc57d74cb6f090678699fdb521474e1044e449ae7c9ec549d1a18585b16fd9965

Download Submit
C:\Windows\system\wIZRhXp.exe

Filesize
6.0MB

MD5
7cc92866c66b920fdb1a7adbd7c8dfa5

SHA1
295255e4ffadbb93f365228ad2969fdbfadd2e64

SHA256
8c3958ea53f1abf1a4b2511f8da6d53eddaaa37ca10d26a2c4ee3447f0b8e195

SHA512
734013d44716371f0d88f2128979d9b03150fd6999277f6555903b991e4e566d4f05974a16eb16f1536de4def5b57126fb3f73a36b9a54ee81185b4d7502e24c

Download Submit
C:\Windows\system\wTrpVPc.exe

Filesize
6.0MB

MD5
d8a8cf949f589dca0db85d453c5858bf

SHA1
8514f00dbb7861ab6027d04331ca5264ae89e954

SHA256
aa5e71e623d0d8c529a55e74a6d0d50e2283cda36a076deed6f03bb760fc2b2a

SHA512
c5d0ccd1bc9dfbbce34048118d61edd71fb62da8df17e281bc7a6e7559cfa7dd87a3b2be0f978923eb1b74619bb714da3c62395b1cb070e5da73c5518002abd9

Download Submit
\Windows\system\BKvaMOY.exe

Filesize
6.0MB

MD5
0fe4af6cc50fae1842d1eb321ac3cb32

SHA1
285f8e23794bcfbe2fd69a447100061e01b1e49e

SHA256
1bee99686f98766bfb7b17783f87fb3d98b2575abb27cdc875fefc78d4149352

SHA512
10a33dc32b663a4f6fe677f85982f5e1ca0fff59055cc31e77370a47029317f41ad9c307acf7c90a258f386561ca9c4ca4aee817f04aa411a96d5514f9ef1f5c

Download Submit
\Windows\system\BjvFDnv.exe

Filesize
6.0MB

MD5
90434055206ede1096477d1b98c1f102

SHA1
1fad8e4c672b6721b9a53565e8e3d14f75db7a06

SHA256
49f389a4627a9bda9775205282ec7e280ad998b5dff109568df63fb8d8de2aeb

SHA512
d9ede7dd7e733ae53d4c9f8d200519d6482779e1025d2ff7633b2338fcb5e25f0687f7298fbf7bd7b3b4630ef0271baceaaa29df047e5a6d0c49cc7ae6b3cecb

Download Submit
\Windows\system\OVaCbrg.exe

Filesize
6.0MB

MD5
82cd081f38b82870188464b02d2e09d6

SHA1
048e0c44f2711e8193cf91f82c4d13841e059ae2

SHA256
6e9feb9e4c72c231f3d4a7ab7f39dff60f4dd7bc883bbe63d9c39750403550b9

SHA512
cfb0b29aa75de881fcfad7e0b77e950ec181517039889a3ac23fa1771014e33e844f68f8b9b20966956f79dc310e1380020f2754be03be1611822ae9dc6d0ec6

Download Submit
\Windows\system\QOOueaR.exe

Filesize
6.0MB

MD5
fbe778ab10db75f89ec4882a30a23ed3

SHA1
6938a6fa63496f8a0984d392ddd34012054871ae

SHA256
11aaee8ed633d55ad4b465612587d795c1715cdbccd9ebbe20c74ece624f8f27

SHA512
6842184309da8f898e721d626670f8ca8f516d7c36d3eea26dc32fb22f295600455533b51e6ae2806cf5c24f151c83171cc86dda9698ea043868b690c037d4f9

Download Submit
\Windows\system\myVsuxC.exe

Filesize
6.0MB

MD5
ffff8a3ea37b05e6bdd368d55b3a3978

SHA1
48e21c794ad044fc6af772d6f80080e472cea2b0

SHA256
9e22dc460cb7cd1d8ba8a29c0a039d7025fe5b311977f2dc9720c3eeb7bb47c8

SHA512
e6dad9a0153526cbca6cb366e14c54f8b48bfe12040163dbc241e3463b08c0964c29c7e43063f9abf6e7cf9f3b70b5083b486f80b8941e26e415134ad5edeba7

Download Submit
\Windows\system\qjzkMUK.exe

Filesize
6.0MB

MD5
8ace209cefbb9fde5f79a994afc8ab45

SHA1
a2ea471e8fbf26ff394ffd2cc3e9a3087d69311f

SHA256
68567560b81cbe4f4a72d9aba9db5d1c715a29d4da2de6517eb780aea17d4d14

SHA512
e9e1af770780f06476db9681cda1b7ed370c29fb1ffe3180f6e33f588a92859648e3ea4dce24f1c219c7bfe66a897ab5c4158d255fe48f0fc8e86f428f524e27

Download Submit
\Windows\system\zHOGaxI.exe

Filesize
6.0MB

MD5
4eb2a706e603be9f26c4235388435a72

SHA1
1c802cbbe456d3f7e5d77bad3ad784a69d494c3e

SHA256
ced3e63d7dc67fa5ab8c0b86a3d37123233dd99fe95cb6e4c5452564c4203a7b

SHA512
67129c7059a365b1e56a44fec41b0fd8c1c75a1cf83342258966f8856b440b9bf98925c9b7be7bce19f15ca6b50bff221966b9fef949a61d216504ab1b6e0bbe

Download Submit
\Windows\system\zuaNqKB.exe

Filesize
6.0MB

MD5
f3194f19f83f9e527a81c400e2f127db

SHA1
dad6f459061046103743d01949d69b78b7c892fc

SHA256
b699a5125d61a69f910a721ce0acd5492335c6b9e7a961bd8790b13209014d22

SHA512
72e3b2a01e1536b3575183bb11c1e78bf92560139de27e1dbe73e5b30b9761bc64eaedf416444fe51f5e88318a2111c204c63a7ef6e0300e6cf3023e1fb8b778

Download Submit
memory/2100-2726-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2100-2190-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2220-2750-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2220-2184-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2316-2738-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-2197-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2193-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2360-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2195-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2785-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2198-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2191-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2420-0-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2307-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2420-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2436-2192-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2436-2725-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2756-2728-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-2302-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-2724-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2808-2194-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2832-2324-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-2741-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-2727-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/3036-11-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download