cobaltstrike | 3e0b91371d7902997c27a6f972d80658485531cf7a0657c807e91a811fdcfd45

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 04:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

44d764be481368af3de27997149cded3
SHA1

ac7fb36db47d018ed72c0decf87beb19a8ed0ceb
SHA256

3e0b91371d7902997c27a6f972d80658485531cf7a0657c807e91a811fdcfd45
SHA512

af21d1170d10643ade7a6b6a708b8ddc53956f56059d40ddcda95fc89eef7372c089b12e9f330013c51ebdd5e98e790e02c3a5c78da149adcbc51e9b12a809d6
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUU:T+q56utgpPF8u/7U

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000700000001211a-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd1-7.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d3e-32.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019423-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019356-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001928c-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-162.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a5-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019256-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-102.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-101.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-91.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-82.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-81.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-78.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-69.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-63.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd1-61.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018792-51.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d96-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d9a-43.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019397-153.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d46-36.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936b-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019353-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-130.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d36-19.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cfc-18.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 60 IoCs

miner

resource	yara_rule
behavioral1/memory/2344-0-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x000700000001211a-3.dat	xmrig
behavioral1/files/0x0007000000016cd1-7.dat	xmrig
behavioral1/files/0x0007000000016d3e-32.dat	xmrig
behavioral1/files/0x0005000000019423-169.dat	xmrig
behavioral1/files/0x000500000001937b-168.dat	xmrig
behavioral1/memory/2732-835-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/3000-834-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2344-457-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x0005000000019356-167.dat	xmrig
behavioral1/files/0x000500000001928c-166.dat	xmrig
behavioral1/files/0x0005000000019266-165.dat	xmrig
behavioral1/files/0x0005000000019259-163.dat	xmrig
behavioral1/files/0x0005000000019244-162.dat	xmrig
behavioral1/files/0x00050000000193a5-160.dat	xmrig
behavioral1/files/0x0005000000019256-112.dat	xmrig
behavioral1/files/0x000500000001922c-102.dat	xmrig
behavioral1/files/0x00050000000191d4-101.dat	xmrig
behavioral1/memory/2616-94-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191ff-91.dat	xmrig
behavioral1/memory/2344-86-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/1980-84-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2992-83-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x00060000000190ce-82.dat	xmrig
behavioral1/files/0x0006000000018f53-81.dat	xmrig
behavioral1/files/0x00060000000190e0-78.dat	xmrig
behavioral1/files/0x000600000001903b-69.dat	xmrig
behavioral1/files/0x0006000000018c1a-63.dat	xmrig
behavioral1/files/0x0008000000016dd1-61.dat	xmrig
behavioral1/files/0x0006000000018c26-60.dat	xmrig
behavioral1/files/0x0006000000018792-51.dat	xmrig
behavioral1/files/0x0007000000016d96-46.dat	xmrig
behavioral1/files/0x0007000000016d9a-43.dat	xmrig
behavioral1/files/0x0005000000019397-153.dat	xmrig
behavioral1/files/0x0007000000016d46-36.dat	xmrig
behavioral1/files/0x000500000001936b-143.dat	xmrig
behavioral1/files/0x0005000000019353-142.dat	xmrig
behavioral1/files/0x0005000000019284-132.dat	xmrig
behavioral1/files/0x0005000000019263-130.dat	xmrig
behavioral1/memory/3064-107-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2732-59-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/3000-50-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2848-35-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2112-28-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2540-26-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2056-25-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/1924-24-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d36-19.dat	xmrig
behavioral1/files/0x0009000000016cfc-18.dat	xmrig
behavioral1/memory/2732-3573-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/1924-3574-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2112-3589-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2056-3610-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/3064-3600-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/1980-3618-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2540-3619-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2616-3599-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/3000-3622-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2848-3639-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2992-3630-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2540	PxSLljD.exe
2112	CQClKxf.exe
1924	cVhocaH.exe
2056	jkkVmYB.exe
2848	SKtIeLT.exe
3000	YsxMncj.exe
2732	csTIyXY.exe
2992	zAqgblz.exe
1980	DvhMRZh.exe
2616	lZrdwlh.exe
3064	nMVxaAM.exe
984	zEGyUcp.exe
272	CdDWcaM.exe
2504	PJNGOGY.exe
1848	ckBGEut.exe
2044	MEySOqY.exe
1860	oJaRaQs.exe
3052	YHtLQxm.exe
900	gVEZFXM.exe
2204	JeYTTIc.exe
2632	nNoOTTP.exe
2720	UdbQTDQ.exe
2668	fkkDdee.exe
2436	aQKlcRp.exe
1788	qNhLyJJ.exe
2932	ZqmBxIz.exe
1248	AbcoPRr.exe
2000	jcXelnn.exe
1120	wVRYkOJ.exe
2188	gIzohtI.exe
2120	HZQVTMp.exe
692	PsEOzYa.exe
1368	DnNBqRN.exe
1072	skUvHkh.exe
1784	DqyDtZN.exe
2948	aDMpQKp.exe
576	MQVhEor.exe
980	cBMpNJp.exe
1668	msBCSgs.exe
1768	tPogExT.exe
308	GjBumQZ.exe
1824	FNvJjVi.exe
1484	SPbQvNS.exe
828	FpStFAi.exe
564	tUmMEiQ.exe
2468	gJKqFAV.exe
2548	OmmQVcB.exe
2212	BIZuiMT.exe
3028	GvxdZlf.exe
776	KXLRxcI.exe
344	sXCoODM.exe
2052	cOUVLXX.exe
1640	SCSfppa.exe
3032	nEYovpc.exe
2080	TxmIxyN.exe
1628	flWzJOn.exe
1840	yBKtYGS.exe
880	mzbOQpo.exe
1812	jaCIwFu.exe
2320	JGjjHMR.exe
1604	SxKrDlu.exe
1600	NKsMQxl.exe
2108	BrFLCyY.exe
2372	fXjwypC.exe

Loads dropped DLL 64 IoCs

pid	Process
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2344-0-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x000700000001211a-3.dat	upx
behavioral1/files/0x0007000000016cd1-7.dat	upx
behavioral1/files/0x0007000000016d3e-32.dat	upx
behavioral1/files/0x0005000000019423-169.dat	upx
behavioral1/files/0x000500000001937b-168.dat	upx
behavioral1/memory/2732-835-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/3000-834-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2344-457-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x0005000000019356-167.dat	upx
behavioral1/files/0x000500000001928c-166.dat	upx
behavioral1/files/0x0005000000019266-165.dat	upx
behavioral1/files/0x0005000000019259-163.dat	upx
behavioral1/files/0x0005000000019244-162.dat	upx
behavioral1/files/0x00050000000193a5-160.dat	upx
behavioral1/files/0x0005000000019256-112.dat	upx
behavioral1/files/0x000500000001922c-102.dat	upx
behavioral1/files/0x00050000000191d4-101.dat	upx
behavioral1/memory/2616-94-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x00050000000191ff-91.dat	upx
behavioral1/memory/1980-84-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2992-83-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x00060000000190ce-82.dat	upx
behavioral1/files/0x0006000000018f53-81.dat	upx
behavioral1/files/0x00060000000190e0-78.dat	upx
behavioral1/files/0x000600000001903b-69.dat	upx
behavioral1/files/0x0006000000018c1a-63.dat	upx
behavioral1/files/0x0008000000016dd1-61.dat	upx
behavioral1/files/0x0006000000018c26-60.dat	upx
behavioral1/files/0x0006000000018792-51.dat	upx
behavioral1/files/0x0007000000016d96-46.dat	upx
behavioral1/files/0x0007000000016d9a-43.dat	upx
behavioral1/files/0x0005000000019397-153.dat	upx
behavioral1/files/0x0007000000016d46-36.dat	upx
behavioral1/files/0x000500000001936b-143.dat	upx
behavioral1/files/0x0005000000019353-142.dat	upx
behavioral1/files/0x0005000000019284-132.dat	upx
behavioral1/files/0x0005000000019263-130.dat	upx
behavioral1/memory/3064-107-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2732-59-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/3000-50-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2848-35-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2112-28-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2540-26-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2056-25-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/1924-24-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x0007000000016d36-19.dat	upx
behavioral1/files/0x0009000000016cfc-18.dat	upx
behavioral1/memory/2732-3573-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/1924-3574-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2112-3589-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2056-3610-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/3064-3600-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/1980-3618-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2540-3619-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2616-3599-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/3000-3622-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2848-3639-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2992-3630-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nOtVKMN.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvBfwEd.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sxJNnIn.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lhgAakd.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KhzpiqQ.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FeTvTWO.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Yquacjo.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwXHzFh.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uLAymYO.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bNoBpWK.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MSVcBTk.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YAWBVlb.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pyJHVMG.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XZcUGXd.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yxMaoOW.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Enhkgsj.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CYBEiLU.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BIZuiMT.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LURvYxi.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eZuyPFK.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oihfXkY.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iRCzqhX.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqDiqeO.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GMYbOCC.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SKxNuQj.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HyOhYkI.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPiccNg.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NVBsHFh.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EHrEnjk.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tlKPQEF.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oeXKdLR.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TxVYTWy.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qqjYmkJ.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBuLUPH.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JuGwhQY.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fMMjNNL.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GeNxWcH.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NpHVSDO.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yFbSQPm.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sYtYCjF.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbbxpwE.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YJlUFaZ.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nZHiKcM.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kirAhEB.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\alsXmaC.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gVEZFXM.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\moTLcDx.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hvkkADL.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KgiULAs.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\grpkxtj.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krNXZNy.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DSEtQVj.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qNhLyJJ.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kDpyNqP.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oAwsHyX.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wWBKQDC.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rDqfcXj.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LhfPZhE.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YseRHbP.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ikCaNQM.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uqjSPDh.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbxVorA.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OnXmzFH.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZepOMNp.exe	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2540	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2344 wrote to memory of 2540	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2344 wrote to memory of 2540	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2344 wrote to memory of 2112	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2344 wrote to memory of 2112	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2344 wrote to memory of 2112	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2344 wrote to memory of 1924	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2344 wrote to memory of 1924	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2344 wrote to memory of 1924	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2344 wrote to memory of 2056	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2344 wrote to memory of 2056	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2344 wrote to memory of 2056	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2344 wrote to memory of 2848	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2344 wrote to memory of 2848	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2344 wrote to memory of 2848	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2344 wrote to memory of 3000	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2344 wrote to memory of 3000	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2344 wrote to memory of 3000	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2344 wrote to memory of 2732	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2344 wrote to memory of 2732	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2344 wrote to memory of 2732	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2344 wrote to memory of 2204	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2344 wrote to memory of 2204	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2344 wrote to memory of 2204	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2344 wrote to memory of 2992	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2344 wrote to memory of 2992	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2344 wrote to memory of 2992	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2344 wrote to memory of 2632	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2344 wrote to memory of 2632	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2344 wrote to memory of 2632	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2344 wrote to memory of 1980	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2344 wrote to memory of 1980	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2344 wrote to memory of 1980	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2344 wrote to memory of 2720	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2344 wrote to memory of 2720	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2344 wrote to memory of 2720	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2344 wrote to memory of 2616	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2344 wrote to memory of 2616	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2344 wrote to memory of 2616	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2344 wrote to memory of 2668	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2344 wrote to memory of 2668	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2344 wrote to memory of 2668	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2344 wrote to memory of 3064	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2344 wrote to memory of 3064	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2344 wrote to memory of 3064	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2344 wrote to memory of 2436	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2344 wrote to memory of 2436	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2344 wrote to memory of 2436	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2344 wrote to memory of 984	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2344 wrote to memory of 984	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2344 wrote to memory of 984	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2344 wrote to memory of 1788	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2344 wrote to memory of 1788	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2344 wrote to memory of 1788	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2344 wrote to memory of 272	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2344 wrote to memory of 272	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2344 wrote to memory of 272	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2344 wrote to memory of 2932	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2344 wrote to memory of 2932	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2344 wrote to memory of 2932	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2344 wrote to memory of 2504	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2344 wrote to memory of 2504	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2344 wrote to memory of 2504	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2344 wrote to memory of 1248	2344	2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-23_44d764be481368af3de27997149cded3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Windows\System\PxSLljD.exe
  C:\Windows\System\PxSLljD.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\CQClKxf.exe
  C:\Windows\System\CQClKxf.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\cVhocaH.exe
  C:\Windows\System\cVhocaH.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\jkkVmYB.exe
  C:\Windows\System\jkkVmYB.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\SKtIeLT.exe
  C:\Windows\System\SKtIeLT.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\YsxMncj.exe
  C:\Windows\System\YsxMncj.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\csTIyXY.exe
  C:\Windows\System\csTIyXY.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\JeYTTIc.exe
  C:\Windows\System\JeYTTIc.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\zAqgblz.exe
  C:\Windows\System\zAqgblz.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\nNoOTTP.exe
  C:\Windows\System\nNoOTTP.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\DvhMRZh.exe
  C:\Windows\System\DvhMRZh.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\UdbQTDQ.exe
  C:\Windows\System\UdbQTDQ.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\lZrdwlh.exe
  C:\Windows\System\lZrdwlh.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\fkkDdee.exe
  C:\Windows\System\fkkDdee.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\nMVxaAM.exe
  C:\Windows\System\nMVxaAM.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\aQKlcRp.exe
  C:\Windows\System\aQKlcRp.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\zEGyUcp.exe
  C:\Windows\System\zEGyUcp.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\qNhLyJJ.exe
  C:\Windows\System\qNhLyJJ.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\CdDWcaM.exe
  C:\Windows\System\CdDWcaM.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\ZqmBxIz.exe
  C:\Windows\System\ZqmBxIz.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\PJNGOGY.exe
  C:\Windows\System\PJNGOGY.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\AbcoPRr.exe
  C:\Windows\System\AbcoPRr.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\ckBGEut.exe
  C:\Windows\System\ckBGEut.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\jcXelnn.exe
  C:\Windows\System\jcXelnn.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\MEySOqY.exe
  C:\Windows\System\MEySOqY.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\wVRYkOJ.exe
  C:\Windows\System\wVRYkOJ.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\oJaRaQs.exe
  C:\Windows\System\oJaRaQs.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\gIzohtI.exe
  C:\Windows\System\gIzohtI.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\YHtLQxm.exe
  C:\Windows\System\YHtLQxm.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\HZQVTMp.exe
  C:\Windows\System\HZQVTMp.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\gVEZFXM.exe
  C:\Windows\System\gVEZFXM.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\skUvHkh.exe
  C:\Windows\System\skUvHkh.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\PsEOzYa.exe
  C:\Windows\System\PsEOzYa.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\DqyDtZN.exe
  C:\Windows\System\DqyDtZN.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\DnNBqRN.exe
  C:\Windows\System\DnNBqRN.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\aDMpQKp.exe
  C:\Windows\System\aDMpQKp.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\MQVhEor.exe
  C:\Windows\System\MQVhEor.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\cBMpNJp.exe
  C:\Windows\System\cBMpNJp.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\msBCSgs.exe
  C:\Windows\System\msBCSgs.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\tPogExT.exe
  C:\Windows\System\tPogExT.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\GjBumQZ.exe
  C:\Windows\System\GjBumQZ.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\FNvJjVi.exe
  C:\Windows\System\FNvJjVi.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\SPbQvNS.exe
  C:\Windows\System\SPbQvNS.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\FpStFAi.exe
  C:\Windows\System\FpStFAi.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\tUmMEiQ.exe
  C:\Windows\System\tUmMEiQ.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\gJKqFAV.exe
  C:\Windows\System\gJKqFAV.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\OmmQVcB.exe
  C:\Windows\System\OmmQVcB.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\BIZuiMT.exe
  C:\Windows\System\BIZuiMT.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\GvxdZlf.exe
  C:\Windows\System\GvxdZlf.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\KXLRxcI.exe
  C:\Windows\System\KXLRxcI.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\sXCoODM.exe
  C:\Windows\System\sXCoODM.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\cOUVLXX.exe
  C:\Windows\System\cOUVLXX.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\SCSfppa.exe
  C:\Windows\System\SCSfppa.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\nEYovpc.exe
  C:\Windows\System\nEYovpc.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\TxmIxyN.exe
  C:\Windows\System\TxmIxyN.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\flWzJOn.exe
  C:\Windows\System\flWzJOn.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\yBKtYGS.exe
  C:\Windows\System\yBKtYGS.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\mzbOQpo.exe
  C:\Windows\System\mzbOQpo.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\jaCIwFu.exe
  C:\Windows\System\jaCIwFu.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\JGjjHMR.exe
  C:\Windows\System\JGjjHMR.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\SxKrDlu.exe
  C:\Windows\System\SxKrDlu.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\NKsMQxl.exe
  C:\Windows\System\NKsMQxl.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\BrFLCyY.exe
  C:\Windows\System\BrFLCyY.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\fXjwypC.exe
  C:\Windows\System\fXjwypC.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\aMglYVv.exe
  C:\Windows\System\aMglYVv.exe
  2⤵
  PID:2888
- C:\Windows\System\rITmAsJ.exe
  C:\Windows\System\rITmAsJ.exe
  2⤵
  PID:2900
- C:\Windows\System\gwPzyJy.exe
  C:\Windows\System\gwPzyJy.exe
  2⤵
  PID:2648
- C:\Windows\System\XOupswA.exe
  C:\Windows\System\XOupswA.exe
  2⤵
  PID:2652
- C:\Windows\System\UFTypWR.exe
  C:\Windows\System\UFTypWR.exe
  2⤵
  PID:2820
- C:\Windows\System\nOtVKMN.exe
  C:\Windows\System\nOtVKMN.exe
  2⤵
  PID:1232
- C:\Windows\System\GwnLzjw.exe
  C:\Windows\System\GwnLzjw.exe
  2⤵
  PID:2664
- C:\Windows\System\bCxUSRy.exe
  C:\Windows\System\bCxUSRy.exe
  2⤵
  PID:1148
- C:\Windows\System\AEHcBcX.exe
  C:\Windows\System\AEHcBcX.exe
  2⤵
  PID:2716
- C:\Windows\System\zZZnsJj.exe
  C:\Windows\System\zZZnsJj.exe
  2⤵
  PID:1916
- C:\Windows\System\cxdFvCF.exe
  C:\Windows\System\cxdFvCF.exe
  2⤵
  PID:2392
- C:\Windows\System\EcqZRwV.exe
  C:\Windows\System\EcqZRwV.exe
  2⤵
  PID:2768
- C:\Windows\System\LeCBbOu.exe
  C:\Windows\System\LeCBbOu.exe
  2⤵
  PID:2780
- C:\Windows\System\IbCdJhj.exe
  C:\Windows\System\IbCdJhj.exe
  2⤵
  PID:2776
- C:\Windows\System\RCSBLWu.exe
  C:\Windows\System\RCSBLWu.exe
  2⤵
  PID:1492
- C:\Windows\System\jBbqmrF.exe
  C:\Windows\System\jBbqmrF.exe
  2⤵
  PID:2420
- C:\Windows\System\ilrMfvY.exe
  C:\Windows\System\ilrMfvY.exe
  2⤵
  PID:1272
- C:\Windows\System\neJHEeO.exe
  C:\Windows\System\neJHEeO.exe
  2⤵
  PID:2644
- C:\Windows\System\UyKFplR.exe
  C:\Windows\System\UyKFplR.exe
  2⤵
  PID:3024
- C:\Windows\System\HspvpXv.exe
  C:\Windows\System\HspvpXv.exe
  2⤵
  PID:928
- C:\Windows\System\EXlGMfU.exe
  C:\Windows\System\EXlGMfU.exe
  2⤵
  PID:1972
- C:\Windows\System\fXsppZg.exe
  C:\Windows\System\fXsppZg.exe
  2⤵
  PID:1544
- C:\Windows\System\eDFKmnU.exe
  C:\Windows\System\eDFKmnU.exe
  2⤵
  PID:2252
- C:\Windows\System\ZVMtIPt.exe
  C:\Windows\System\ZVMtIPt.exe
  2⤵
  PID:1048
- C:\Windows\System\muCTlZs.exe
  C:\Windows\System\muCTlZs.exe
  2⤵
  PID:2472
- C:\Windows\System\xruQWQG.exe
  C:\Windows\System\xruQWQG.exe
  2⤵
  PID:2036
- C:\Windows\System\KcRqCFA.exe
  C:\Windows\System\KcRqCFA.exe
  2⤵
  PID:376
- C:\Windows\System\hxRuhrp.exe
  C:\Windows\System\hxRuhrp.exe
  2⤵
  PID:652
- C:\Windows\System\hMLKTUe.exe
  C:\Windows\System\hMLKTUe.exe
  2⤵
  PID:2440
- C:\Windows\System\gGVswkW.exe
  C:\Windows\System\gGVswkW.exe
  2⤵
  PID:2300
- C:\Windows\System\BpvIeFC.exe
  C:\Windows\System\BpvIeFC.exe
  2⤵
  PID:2340
- C:\Windows\System\gVLOgzE.exe
  C:\Windows\System\gVLOgzE.exe
  2⤵
  PID:1880
- C:\Windows\System\LURvYxi.exe
  C:\Windows\System\LURvYxi.exe
  2⤵
  PID:2984
- C:\Windows\System\yBzjGgz.exe
  C:\Windows\System\yBzjGgz.exe
  2⤵
  PID:2860
- C:\Windows\System\dJjySXq.exe
  C:\Windows\System\dJjySXq.exe
  2⤵
  PID:2868
- C:\Windows\System\DzKbEWt.exe
  C:\Windows\System\DzKbEWt.exe
  2⤵
  PID:3068
- C:\Windows\System\aQWsgQY.exe
  C:\Windows\System\aQWsgQY.exe
  2⤵
  PID:1900
- C:\Windows\System\opsoabf.exe
  C:\Windows\System\opsoabf.exe
  2⤵
  PID:2008
- C:\Windows\System\XLWqikS.exe
  C:\Windows\System\XLWqikS.exe
  2⤵
  PID:2316
- C:\Windows\System\ieicymu.exe
  C:\Windows\System\ieicymu.exe
  2⤵
  PID:1920
- C:\Windows\System\eSfmsXw.exe
  C:\Windows\System\eSfmsXw.exe
  2⤵
  PID:316
- C:\Windows\System\tlKPQEF.exe
  C:\Windows\System\tlKPQEF.exe
  2⤵
  PID:1908
- C:\Windows\System\DCdvKMR.exe
  C:\Windows\System\DCdvKMR.exe
  2⤵
  PID:2956
- C:\Windows\System\gvmOjVp.exe
  C:\Windows\System\gvmOjVp.exe
  2⤵
  PID:3088
- C:\Windows\System\LsJLZfa.exe
  C:\Windows\System\LsJLZfa.exe
  2⤵
  PID:3104
- C:\Windows\System\DrFQVjM.exe
  C:\Windows\System\DrFQVjM.exe
  2⤵
  PID:3120
- C:\Windows\System\pZCmjwj.exe
  C:\Windows\System\pZCmjwj.exe
  2⤵
  PID:3136
- C:\Windows\System\pfIhBwa.exe
  C:\Windows\System\pfIhBwa.exe
  2⤵
  PID:3152
- C:\Windows\System\RVNpSmq.exe
  C:\Windows\System\RVNpSmq.exe
  2⤵
  PID:3168
- C:\Windows\System\xanQRNy.exe
  C:\Windows\System\xanQRNy.exe
  2⤵
  PID:3184
- C:\Windows\System\xbtWJyf.exe
  C:\Windows\System\xbtWJyf.exe
  2⤵
  PID:3200
- C:\Windows\System\mtyRhYz.exe
  C:\Windows\System\mtyRhYz.exe
  2⤵
  PID:3216
- C:\Windows\System\GlsYogO.exe
  C:\Windows\System\GlsYogO.exe
  2⤵
  PID:3232
- C:\Windows\System\CyPTIYt.exe
  C:\Windows\System\CyPTIYt.exe
  2⤵
  PID:3248
- C:\Windows\System\EiXkOPH.exe
  C:\Windows\System\EiXkOPH.exe
  2⤵
  PID:3264
- C:\Windows\System\XIvFreF.exe
  C:\Windows\System\XIvFreF.exe
  2⤵
  PID:3280
- C:\Windows\System\rLLyzGY.exe
  C:\Windows\System\rLLyzGY.exe
  2⤵
  PID:3296
- C:\Windows\System\aZDXeUI.exe
  C:\Windows\System\aZDXeUI.exe
  2⤵
  PID:3312
- C:\Windows\System\BycaVnZ.exe
  C:\Windows\System\BycaVnZ.exe
  2⤵
  PID:3328
- C:\Windows\System\gTWpSSF.exe
  C:\Windows\System\gTWpSSF.exe
  2⤵
  PID:3344
- C:\Windows\System\lhgUVDT.exe
  C:\Windows\System\lhgUVDT.exe
  2⤵
  PID:3360
- C:\Windows\System\ZvjqxVM.exe
  C:\Windows\System\ZvjqxVM.exe
  2⤵
  PID:3376
- C:\Windows\System\UUoEIyy.exe
  C:\Windows\System\UUoEIyy.exe
  2⤵
  PID:3392
- C:\Windows\System\DJMQIWX.exe
  C:\Windows\System\DJMQIWX.exe
  2⤵
  PID:3408
- C:\Windows\System\HCUMHBP.exe
  C:\Windows\System\HCUMHBP.exe
  2⤵
  PID:3424
- C:\Windows\System\XJcpnGt.exe
  C:\Windows\System\XJcpnGt.exe
  2⤵
  PID:3440
- C:\Windows\System\xEOsaKo.exe
  C:\Windows\System\xEOsaKo.exe
  2⤵
  PID:3456
- C:\Windows\System\BArxiCo.exe
  C:\Windows\System\BArxiCo.exe
  2⤵
  PID:3472
- C:\Windows\System\OVtrmMd.exe
  C:\Windows\System\OVtrmMd.exe
  2⤵
  PID:3488
- C:\Windows\System\DoxGIVz.exe
  C:\Windows\System\DoxGIVz.exe
  2⤵
  PID:3504
- C:\Windows\System\lmebLvA.exe
  C:\Windows\System\lmebLvA.exe
  2⤵
  PID:3520
- C:\Windows\System\BTfHfqG.exe
  C:\Windows\System\BTfHfqG.exe
  2⤵
  PID:3536
- C:\Windows\System\IudAmLL.exe
  C:\Windows\System\IudAmLL.exe
  2⤵
  PID:3552
- C:\Windows\System\veulaeK.exe
  C:\Windows\System\veulaeK.exe
  2⤵
  PID:3568
- C:\Windows\System\kBZRPOu.exe
  C:\Windows\System\kBZRPOu.exe
  2⤵
  PID:3584
- C:\Windows\System\OlySfVW.exe
  C:\Windows\System\OlySfVW.exe
  2⤵
  PID:3600
- C:\Windows\System\vNtjHhZ.exe
  C:\Windows\System\vNtjHhZ.exe
  2⤵
  PID:3616
- C:\Windows\System\KsDHRBs.exe
  C:\Windows\System\KsDHRBs.exe
  2⤵
  PID:3632
- C:\Windows\System\NzxggYN.exe
  C:\Windows\System\NzxggYN.exe
  2⤵
  PID:3648
- C:\Windows\System\rgcpVcH.exe
  C:\Windows\System\rgcpVcH.exe
  2⤵
  PID:3664
- C:\Windows\System\ChynOCj.exe
  C:\Windows\System\ChynOCj.exe
  2⤵
  PID:3680
- C:\Windows\System\oTBwIjq.exe
  C:\Windows\System\oTBwIjq.exe
  2⤵
  PID:3696
- C:\Windows\System\ustvjjV.exe
  C:\Windows\System\ustvjjV.exe
  2⤵
  PID:3712
- C:\Windows\System\SNzNRLU.exe
  C:\Windows\System\SNzNRLU.exe
  2⤵
  PID:3728
- C:\Windows\System\pnaENzL.exe
  C:\Windows\System\pnaENzL.exe
  2⤵
  PID:3744
- C:\Windows\System\uvOWbDS.exe
  C:\Windows\System\uvOWbDS.exe
  2⤵
  PID:3760
- C:\Windows\System\SAkrrFR.exe
  C:\Windows\System\SAkrrFR.exe
  2⤵
  PID:3776
- C:\Windows\System\jWcqCrU.exe
  C:\Windows\System\jWcqCrU.exe
  2⤵
  PID:3792
- C:\Windows\System\yIEIAWd.exe
  C:\Windows\System\yIEIAWd.exe
  2⤵
  PID:3808
- C:\Windows\System\hxgqpcl.exe
  C:\Windows\System\hxgqpcl.exe
  2⤵
  PID:3824
- C:\Windows\System\XVKFwNO.exe
  C:\Windows\System\XVKFwNO.exe
  2⤵
  PID:3840
- C:\Windows\System\fCNYIZH.exe
  C:\Windows\System\fCNYIZH.exe
  2⤵
  PID:3856
- C:\Windows\System\CrROYTF.exe
  C:\Windows\System\CrROYTF.exe
  2⤵
  PID:3872
- C:\Windows\System\afhnVhM.exe
  C:\Windows\System\afhnVhM.exe
  2⤵
  PID:3888
- C:\Windows\System\hcBjOwE.exe
  C:\Windows\System\hcBjOwE.exe
  2⤵
  PID:3904
- C:\Windows\System\DLLfbuR.exe
  C:\Windows\System\DLLfbuR.exe
  2⤵
  PID:3920
- C:\Windows\System\pQFvJbi.exe
  C:\Windows\System\pQFvJbi.exe
  2⤵
  PID:3936
- C:\Windows\System\URQNkxl.exe
  C:\Windows\System\URQNkxl.exe
  2⤵
  PID:3952
- C:\Windows\System\nPObRYh.exe
  C:\Windows\System\nPObRYh.exe
  2⤵
  PID:3968
- C:\Windows\System\SeupniZ.exe
  C:\Windows\System\SeupniZ.exe
  2⤵
  PID:3984
- C:\Windows\System\rMKCmIk.exe
  C:\Windows\System\rMKCmIk.exe
  2⤵
  PID:4000
- C:\Windows\System\pVDzGvB.exe
  C:\Windows\System\pVDzGvB.exe
  2⤵
  PID:4016
- C:\Windows\System\FZXalhk.exe
  C:\Windows\System\FZXalhk.exe
  2⤵
  PID:4032
- C:\Windows\System\lOQKWGX.exe
  C:\Windows\System\lOQKWGX.exe
  2⤵
  PID:4048
- C:\Windows\System\IYrOxXm.exe
  C:\Windows\System\IYrOxXm.exe
  2⤵
  PID:4064
- C:\Windows\System\YTyqbXr.exe
  C:\Windows\System\YTyqbXr.exe
  2⤵
  PID:4080
- C:\Windows\System\fKzDLWq.exe
  C:\Windows\System\fKzDLWq.exe
  2⤵
  PID:2828
- C:\Windows\System\FEkbBPF.exe
  C:\Windows\System\FEkbBPF.exe
  2⤵
  PID:1636
- C:\Windows\System\CNYJUOz.exe
  C:\Windows\System\CNYJUOz.exe
  2⤵
  PID:1276
- C:\Windows\System\YETOVYE.exe
  C:\Windows\System\YETOVYE.exe
  2⤵
  PID:768
- C:\Windows\System\qAwjmSG.exe
  C:\Windows\System\qAwjmSG.exe
  2⤵
  PID:3036
- C:\Windows\System\FyUJlDU.exe
  C:\Windows\System\FyUJlDU.exe
  2⤵
  PID:2328
- C:\Windows\System\XjPyvIZ.exe
  C:\Windows\System\XjPyvIZ.exe
  2⤵
  PID:888
- C:\Windows\System\DSEtQVj.exe
  C:\Windows\System\DSEtQVj.exe
  2⤵
  PID:2104
- C:\Windows\System\RsdTasX.exe
  C:\Windows\System\RsdTasX.exe
  2⤵
  PID:2744
- C:\Windows\System\bkzBOzA.exe
  C:\Windows\System\bkzBOzA.exe
  2⤵
  PID:1808
- C:\Windows\System\LhfPZhE.exe
  C:\Windows\System\LhfPZhE.exe
  2⤵
  PID:1664
- C:\Windows\System\nLhqArz.exe
  C:\Windows\System\nLhqArz.exe
  2⤵
  PID:2824
- C:\Windows\System\bXTVnGS.exe
  C:\Windows\System\bXTVnGS.exe
  2⤵
  PID:3084
- C:\Windows\System\zwcxoVC.exe
  C:\Windows\System\zwcxoVC.exe
  2⤵
  PID:3096
- C:\Windows\System\KEToCMH.exe
  C:\Windows\System\KEToCMH.exe
  2⤵
  PID:3144
- C:\Windows\System\SgTifuj.exe
  C:\Windows\System\SgTifuj.exe
  2⤵
  PID:3176
- C:\Windows\System\OnXmzFH.exe
  C:\Windows\System\OnXmzFH.exe
  2⤵
  PID:3196
- C:\Windows\System\drnnBJZ.exe
  C:\Windows\System\drnnBJZ.exe
  2⤵
  PID:3240
- C:\Windows\System\cyLcoGH.exe
  C:\Windows\System\cyLcoGH.exe
  2⤵
  PID:3256
- C:\Windows\System\qbdBKrA.exe
  C:\Windows\System\qbdBKrA.exe
  2⤵
  PID:3304
- C:\Windows\System\ABlBnYg.exe
  C:\Windows\System\ABlBnYg.exe
  2⤵
  PID:3324
- C:\Windows\System\evOaoTs.exe
  C:\Windows\System\evOaoTs.exe
  2⤵
  PID:3368
- C:\Windows\System\JTIqCxQ.exe
  C:\Windows\System\JTIqCxQ.exe
  2⤵
  PID:3384
- C:\Windows\System\QQqPYCv.exe
  C:\Windows\System\QQqPYCv.exe
  2⤵
  PID:3436
- C:\Windows\System\sNNTvXt.exe
  C:\Windows\System\sNNTvXt.exe
  2⤵
  PID:3468
- C:\Windows\System\VMHVPVA.exe
  C:\Windows\System\VMHVPVA.exe
  2⤵
  PID:3448
- C:\Windows\System\HWNxAhM.exe
  C:\Windows\System\HWNxAhM.exe
  2⤵
  PID:3512
- C:\Windows\System\FiLrazK.exe
  C:\Windows\System\FiLrazK.exe
  2⤵
  PID:3560
- C:\Windows\System\SwAaWVl.exe
  C:\Windows\System\SwAaWVl.exe
  2⤵
  PID:3576
- C:\Windows\System\XKNcONx.exe
  C:\Windows\System\XKNcONx.exe
  2⤵
  PID:3628
- C:\Windows\System\ZALJQIQ.exe
  C:\Windows\System\ZALJQIQ.exe
  2⤵
  PID:3640
- C:\Windows\System\uBtyWyr.exe
  C:\Windows\System\uBtyWyr.exe
  2⤵
  PID:3672
- C:\Windows\System\UhOCtmX.exe
  C:\Windows\System\UhOCtmX.exe
  2⤵
  PID:3720
- C:\Windows\System\KmSrpjJ.exe
  C:\Windows\System\KmSrpjJ.exe
  2⤵
  PID:3740
- C:\Windows\System\ccOThsT.exe
  C:\Windows\System\ccOThsT.exe
  2⤵
  PID:3768
- C:\Windows\System\tFuloeW.exe
  C:\Windows\System\tFuloeW.exe
  2⤵
  PID:3800
- C:\Windows\System\TAXnEsU.exe
  C:\Windows\System\TAXnEsU.exe
  2⤵
  PID:3804
- C:\Windows\System\TEajWgc.exe
  C:\Windows\System\TEajWgc.exe
  2⤵
  PID:3880
- C:\Windows\System\UIkVZHT.exe
  C:\Windows\System\UIkVZHT.exe
  2⤵
  PID:3900
- C:\Windows\System\kOvxJzs.exe
  C:\Windows\System\kOvxJzs.exe
  2⤵
  PID:3944
- C:\Windows\System\oMiCKlr.exe
  C:\Windows\System\oMiCKlr.exe
  2⤵
  PID:3964
- C:\Windows\System\nyPTocJ.exe
  C:\Windows\System\nyPTocJ.exe
  2⤵
  PID:4008
- C:\Windows\System\ZrHkjmI.exe
  C:\Windows\System\ZrHkjmI.exe
  2⤵
  PID:4024
- C:\Windows\System\cWrQZdo.exe
  C:\Windows\System\cWrQZdo.exe
  2⤵
  PID:4072
- C:\Windows\System\LcpnLcy.exe
  C:\Windows\System\LcpnLcy.exe
  2⤵
  PID:4088
- C:\Windows\System\plaChdL.exe
  C:\Windows\System\plaChdL.exe
  2⤵
  PID:484
- C:\Windows\System\nwJRSYq.exe
  C:\Windows\System\nwJRSYq.exe
  2⤵
  PID:2492
- C:\Windows\System\JVHOKUH.exe
  C:\Windows\System\JVHOKUH.exe
  2⤵
  PID:1180
- C:\Windows\System\QHPGPYT.exe
  C:\Windows\System\QHPGPYT.exe
  2⤵
  PID:2772
- C:\Windows\System\rFoOqNu.exe
  C:\Windows\System\rFoOqNu.exe
  2⤵
  PID:2740
- C:\Windows\System\GeNxWcH.exe
  C:\Windows\System\GeNxWcH.exe
  2⤵
  PID:2136
- C:\Windows\System\iisSJze.exe
  C:\Windows\System\iisSJze.exe
  2⤵
  PID:3116
- C:\Windows\System\tieCSMm.exe
  C:\Windows\System\tieCSMm.exe
  2⤵
  PID:3128
- C:\Windows\System\iCfafUM.exe
  C:\Windows\System\iCfafUM.exe
  2⤵
  PID:3288
- C:\Windows\System\cKgsRqT.exe
  C:\Windows\System\cKgsRqT.exe
  2⤵
  PID:3388
- C:\Windows\System\uyjCjKd.exe
  C:\Windows\System\uyjCjKd.exe
  2⤵
  PID:3308
- C:\Windows\System\pzChJEX.exe
  C:\Windows\System\pzChJEX.exe
  2⤵
  PID:3420
- C:\Windows\System\KIaXHch.exe
  C:\Windows\System\KIaXHch.exe
  2⤵
  PID:3544
- C:\Windows\System\gmEORru.exe
  C:\Windows\System\gmEORru.exe
  2⤵
  PID:3528
- C:\Windows\System\EbMapbh.exe
  C:\Windows\System\EbMapbh.exe
  2⤵
  PID:3644
- C:\Windows\System\lWCNdDc.exe
  C:\Windows\System\lWCNdDc.exe
  2⤵
  PID:3656
- C:\Windows\System\hbGijFv.exe
  C:\Windows\System\hbGijFv.exe
  2⤵
  PID:3704
- C:\Windows\System\EdNfiQi.exe
  C:\Windows\System\EdNfiQi.exe
  2⤵
  PID:3928
- C:\Windows\System\rCrMkRk.exe
  C:\Windows\System\rCrMkRk.exe
  2⤵
  PID:4108
- C:\Windows\System\fjfKGPm.exe
  C:\Windows\System\fjfKGPm.exe
  2⤵
  PID:4124
- C:\Windows\System\bwUxOud.exe
  C:\Windows\System\bwUxOud.exe
  2⤵
  PID:4140
- C:\Windows\System\IvVARsG.exe
  C:\Windows\System\IvVARsG.exe
  2⤵
  PID:4156
- C:\Windows\System\GQkogFI.exe
  C:\Windows\System\GQkogFI.exe
  2⤵
  PID:4172
- C:\Windows\System\EWFoMYO.exe
  C:\Windows\System\EWFoMYO.exe
  2⤵
  PID:4188
- C:\Windows\System\FmYjvsI.exe
  C:\Windows\System\FmYjvsI.exe
  2⤵
  PID:4204
- C:\Windows\System\ZXpmHYl.exe
  C:\Windows\System\ZXpmHYl.exe
  2⤵
  PID:4220
- C:\Windows\System\lLtAMcP.exe
  C:\Windows\System\lLtAMcP.exe
  2⤵
  PID:4236
- C:\Windows\System\cZaxYlz.exe
  C:\Windows\System\cZaxYlz.exe
  2⤵
  PID:4252
- C:\Windows\System\kGjVHDq.exe
  C:\Windows\System\kGjVHDq.exe
  2⤵
  PID:4268
- C:\Windows\System\vCvYQeJ.exe
  C:\Windows\System\vCvYQeJ.exe
  2⤵
  PID:4284
- C:\Windows\System\VYhafoJ.exe
  C:\Windows\System\VYhafoJ.exe
  2⤵
  PID:4300
- C:\Windows\System\LfeePGG.exe
  C:\Windows\System\LfeePGG.exe
  2⤵
  PID:4316
- C:\Windows\System\CZGwZXK.exe
  C:\Windows\System\CZGwZXK.exe
  2⤵
  PID:4332
- C:\Windows\System\aUllcKG.exe
  C:\Windows\System\aUllcKG.exe
  2⤵
  PID:4348
- C:\Windows\System\ycAHRrw.exe
  C:\Windows\System\ycAHRrw.exe
  2⤵
  PID:4364
- C:\Windows\System\eyWYXOT.exe
  C:\Windows\System\eyWYXOT.exe
  2⤵
  PID:4380
- C:\Windows\System\oakmfBB.exe
  C:\Windows\System\oakmfBB.exe
  2⤵
  PID:4396
- C:\Windows\System\OUzKtjq.exe
  C:\Windows\System\OUzKtjq.exe
  2⤵
  PID:4412
- C:\Windows\System\NelFyad.exe
  C:\Windows\System\NelFyad.exe
  2⤵
  PID:4428
- C:\Windows\System\dwMjZeT.exe
  C:\Windows\System\dwMjZeT.exe
  2⤵
  PID:4444
- C:\Windows\System\kDpyNqP.exe
  C:\Windows\System\kDpyNqP.exe
  2⤵
  PID:4460
- C:\Windows\System\BvShsHp.exe
  C:\Windows\System\BvShsHp.exe
  2⤵
  PID:4476
- C:\Windows\System\EbtDCLN.exe
  C:\Windows\System\EbtDCLN.exe
  2⤵
  PID:4492
- C:\Windows\System\AMdceHs.exe
  C:\Windows\System\AMdceHs.exe
  2⤵
  PID:4508
- C:\Windows\System\ykKhdat.exe
  C:\Windows\System\ykKhdat.exe
  2⤵
  PID:4524
- C:\Windows\System\QwVysll.exe
  C:\Windows\System\QwVysll.exe
  2⤵
  PID:4540
- C:\Windows\System\tiktfrO.exe
  C:\Windows\System\tiktfrO.exe
  2⤵
  PID:4556
- C:\Windows\System\dEsmVIb.exe
  C:\Windows\System\dEsmVIb.exe
  2⤵
  PID:4572
- C:\Windows\System\YJQvyIu.exe
  C:\Windows\System\YJQvyIu.exe
  2⤵
  PID:4588
- C:\Windows\System\HpDJBVi.exe
  C:\Windows\System\HpDJBVi.exe
  2⤵
  PID:4604
- C:\Windows\System\oAwsHyX.exe
  C:\Windows\System\oAwsHyX.exe
  2⤵
  PID:4620
- C:\Windows\System\ofwuwgS.exe
  C:\Windows\System\ofwuwgS.exe
  2⤵
  PID:4636
- C:\Windows\System\fKcwmLH.exe
  C:\Windows\System\fKcwmLH.exe
  2⤵
  PID:4652
- C:\Windows\System\EhuGgKs.exe
  C:\Windows\System\EhuGgKs.exe
  2⤵
  PID:4668
- C:\Windows\System\KhgfIYF.exe
  C:\Windows\System\KhgfIYF.exe
  2⤵
  PID:4684
- C:\Windows\System\CPrHAdg.exe
  C:\Windows\System\CPrHAdg.exe
  2⤵
  PID:4700
- C:\Windows\System\zpJXNbI.exe
  C:\Windows\System\zpJXNbI.exe
  2⤵
  PID:4716
- C:\Windows\System\XipEzhw.exe
  C:\Windows\System\XipEzhw.exe
  2⤵
  PID:4732
- C:\Windows\System\IWwHEtp.exe
  C:\Windows\System\IWwHEtp.exe
  2⤵
  PID:4748
- C:\Windows\System\JovUQZr.exe
  C:\Windows\System\JovUQZr.exe
  2⤵
  PID:4764
- C:\Windows\System\udTJTbf.exe
  C:\Windows\System\udTJTbf.exe
  2⤵
  PID:4780
- C:\Windows\System\sUOTKoJ.exe
  C:\Windows\System\sUOTKoJ.exe
  2⤵
  PID:4796
- C:\Windows\System\XcyVaRX.exe
  C:\Windows\System\XcyVaRX.exe
  2⤵
  PID:4812
- C:\Windows\System\OABIfsA.exe
  C:\Windows\System\OABIfsA.exe
  2⤵
  PID:4832
- C:\Windows\System\yFcAlyk.exe
  C:\Windows\System\yFcAlyk.exe
  2⤵
  PID:4848
- C:\Windows\System\KIBDMCY.exe
  C:\Windows\System\KIBDMCY.exe
  2⤵
  PID:4864
- C:\Windows\System\VuCINHz.exe
  C:\Windows\System\VuCINHz.exe
  2⤵
  PID:4880
- C:\Windows\System\hxxtEir.exe
  C:\Windows\System\hxxtEir.exe
  2⤵
  PID:4896
- C:\Windows\System\lYuFEah.exe
  C:\Windows\System\lYuFEah.exe
  2⤵
  PID:4912
- C:\Windows\System\SbReKFf.exe
  C:\Windows\System\SbReKFf.exe
  2⤵
  PID:4928
- C:\Windows\System\YdClprR.exe
  C:\Windows\System\YdClprR.exe
  2⤵
  PID:4944
- C:\Windows\System\kXRaahp.exe
  C:\Windows\System\kXRaahp.exe
  2⤵
  PID:4960
- C:\Windows\System\ImkPhVm.exe
  C:\Windows\System\ImkPhVm.exe
  2⤵
  PID:4976
- C:\Windows\System\dIBZWvh.exe
  C:\Windows\System\dIBZWvh.exe
  2⤵
  PID:4992
- C:\Windows\System\YAWBVlb.exe
  C:\Windows\System\YAWBVlb.exe
  2⤵
  PID:5008
- C:\Windows\System\eoypjnP.exe
  C:\Windows\System\eoypjnP.exe
  2⤵
  PID:5024
- C:\Windows\System\thPFtbb.exe
  C:\Windows\System\thPFtbb.exe
  2⤵
  PID:5040
- C:\Windows\System\NBugaRn.exe
  C:\Windows\System\NBugaRn.exe
  2⤵
  PID:5056
- C:\Windows\System\ktAeoFh.exe
  C:\Windows\System\ktAeoFh.exe
  2⤵
  PID:5072
- C:\Windows\System\qzPZkng.exe
  C:\Windows\System\qzPZkng.exe
  2⤵
  PID:5088
- C:\Windows\System\wNBoXfK.exe
  C:\Windows\System\wNBoXfK.exe
  2⤵
  PID:5104
- C:\Windows\System\eCvzHSS.exe
  C:\Windows\System\eCvzHSS.exe
  2⤵
  PID:3980
- C:\Windows\System\aqMIyFL.exe
  C:\Windows\System\aqMIyFL.exe
  2⤵
  PID:3832
- C:\Windows\System\SNzGaTI.exe
  C:\Windows\System\SNzGaTI.exe
  2⤵
  PID:1356
- C:\Windows\System\rfwKAWi.exe
  C:\Windows\System\rfwKAWi.exe
  2⤵
  PID:3948
- C:\Windows\System\uKaRrGA.exe
  C:\Windows\System\uKaRrGA.exe
  2⤵
  PID:1008
- C:\Windows\System\uUravAK.exe
  C:\Windows\System\uUravAK.exe
  2⤵
  PID:2728
- C:\Windows\System\wLRSOXq.exe
  C:\Windows\System\wLRSOXq.exe
  2⤵
  PID:896
- C:\Windows\System\sYZAThv.exe
  C:\Windows\System\sYZAThv.exe
  2⤵
  PID:3224
- C:\Windows\System\yTNPPYK.exe
  C:\Windows\System\yTNPPYK.exe
  2⤵
  PID:3372
- C:\Windows\System\zuPRmOp.exe
  C:\Windows\System\zuPRmOp.exe
  2⤵
  PID:3480
- C:\Windows\System\LRLSUxh.exe
  C:\Windows\System\LRLSUxh.exe
  2⤵
  PID:3496
- C:\Windows\System\szWuEwZ.exe
  C:\Windows\System\szWuEwZ.exe
  2⤵
  PID:3612
- C:\Windows\System\aEPMMts.exe
  C:\Windows\System\aEPMMts.exe
  2⤵
  PID:4104
- C:\Windows\System\tvbtynk.exe
  C:\Windows\System\tvbtynk.exe
  2⤵
  PID:3736
- C:\Windows\System\FeTvTWO.exe
  C:\Windows\System\FeTvTWO.exe
  2⤵
  PID:4168
- C:\Windows\System\pwwdtYt.exe
  C:\Windows\System\pwwdtYt.exe
  2⤵
  PID:4152
- C:\Windows\System\QvGDpVT.exe
  C:\Windows\System\QvGDpVT.exe
  2⤵
  PID:4200
- C:\Windows\System\VaZmsoE.exe
  C:\Windows\System\VaZmsoE.exe
  2⤵
  PID:4216
- C:\Windows\System\LpSRRhW.exe
  C:\Windows\System\LpSRRhW.exe
  2⤵
  PID:4292
- C:\Windows\System\FMbANDz.exe
  C:\Windows\System\FMbANDz.exe
  2⤵
  PID:4328
- C:\Windows\System\bozyEjM.exe
  C:\Windows\System\bozyEjM.exe
  2⤵
  PID:4392
- C:\Windows\System\JAjYmub.exe
  C:\Windows\System\JAjYmub.exe
  2⤵
  PID:4308
- C:\Windows\System\ZjvQCGK.exe
  C:\Windows\System\ZjvQCGK.exe
  2⤵
  PID:4452
- C:\Windows\System\eossAdk.exe
  C:\Windows\System\eossAdk.exe
  2⤵
  PID:4516
- C:\Windows\System\faKgqSv.exe
  C:\Windows\System\faKgqSv.exe
  2⤵
  PID:4580
- C:\Windows\System\jcoMCip.exe
  C:\Windows\System\jcoMCip.exe
  2⤵
  PID:4376
- C:\Windows\System\nrlrHut.exe
  C:\Windows\System\nrlrHut.exe
  2⤵
  PID:4440
- C:\Windows\System\ZvjVJLr.exe
  C:\Windows\System\ZvjVJLr.exe
  2⤵
  PID:4500
- C:\Windows\System\cvpxatF.exe
  C:\Windows\System\cvpxatF.exe
  2⤵
  PID:4648
- C:\Windows\System\mlPmcfi.exe
  C:\Windows\System\mlPmcfi.exe
  2⤵
  PID:4712
- C:\Windows\System\JoHWwAF.exe
  C:\Windows\System\JoHWwAF.exe
  2⤵
  PID:4776
- C:\Windows\System\pyvkICr.exe
  C:\Windows\System\pyvkICr.exe
  2⤵
  PID:4596
- C:\Windows\System\rZNmlwB.exe
  C:\Windows\System\rZNmlwB.exe
  2⤵
  PID:4660
- C:\Windows\System\zZXVWcu.exe
  C:\Windows\System\zZXVWcu.exe
  2⤵
  PID:4692
- C:\Windows\System\DmGglGk.exe
  C:\Windows\System\DmGglGk.exe
  2⤵
  PID:4844
- C:\Windows\System\CFZejsv.exe
  C:\Windows\System\CFZejsv.exe
  2⤵
  PID:4888
- C:\Windows\System\rzQetLX.exe
  C:\Windows\System\rzQetLX.exe
  2⤵
  PID:4856
- C:\Windows\System\RgcxuQt.exe
  C:\Windows\System\RgcxuQt.exe
  2⤵
  PID:4788
- C:\Windows\System\yWSionI.exe
  C:\Windows\System\yWSionI.exe
  2⤵
  PID:4920
- C:\Windows\System\aXcohym.exe
  C:\Windows\System\aXcohym.exe
  2⤵
  PID:4968
- C:\Windows\System\UzgTRcB.exe
  C:\Windows\System\UzgTRcB.exe
  2⤵
  PID:4952
- C:\Windows\System\bLzXlLF.exe
  C:\Windows\System\bLzXlLF.exe
  2⤵
  PID:4988
- C:\Windows\System\KOAwjxr.exe
  C:\Windows\System\KOAwjxr.exe
  2⤵
  PID:5064
- C:\Windows\System\GMYbOCC.exe
  C:\Windows\System\GMYbOCC.exe
  2⤵
  PID:5096
- C:\Windows\System\YvQfjFL.exe
  C:\Windows\System\YvQfjFL.exe
  2⤵
  PID:5084
- C:\Windows\System\MdUPfiq.exe
  C:\Windows\System\MdUPfiq.exe
  2⤵
  PID:2240
- C:\Windows\System\fWfdjNe.exe
  C:\Windows\System\fWfdjNe.exe
  2⤵
  PID:4044
- C:\Windows\System\jKizErQ.exe
  C:\Windows\System\jKizErQ.exe
  2⤵
  PID:3148
- C:\Windows\System\fXHpxui.exe
  C:\Windows\System\fXHpxui.exe
  2⤵
  PID:3048
- C:\Windows\System\QghFSxO.exe
  C:\Windows\System\QghFSxO.exe
  2⤵
  PID:3432
- C:\Windows\System\lRLLWzm.exe
  C:\Windows\System\lRLLWzm.exe
  2⤵
  PID:3916
- C:\Windows\System\ciabaAI.exe
  C:\Windows\System\ciabaAI.exe
  2⤵
  PID:4136
- C:\Windows\System\qlZBMNO.exe
  C:\Windows\System\qlZBMNO.exe
  2⤵
  PID:4164
- C:\Windows\System\frmsxHl.exe
  C:\Windows\System\frmsxHl.exe
  2⤵
  PID:4184
- C:\Windows\System\MsyqNvR.exe
  C:\Windows\System\MsyqNvR.exe
  2⤵
  PID:4276
- C:\Windows\System\iDpOJpP.exe
  C:\Windows\System\iDpOJpP.exe
  2⤵
  PID:4340
- C:\Windows\System\YZZCFEX.exe
  C:\Windows\System\YZZCFEX.exe
  2⤵
  PID:4612
- C:\Windows\System\qfhiDYJ.exe
  C:\Windows\System\qfhiDYJ.exe
  2⤵
  PID:4472
- C:\Windows\System\zWmXqOe.exe
  C:\Windows\System\zWmXqOe.exe
  2⤵
  PID:4680
- C:\Windows\System\oJEYECB.exe
  C:\Windows\System\oJEYECB.exe
  2⤵
  PID:4532
- C:\Windows\System\ddVkoCO.exe
  C:\Windows\System\ddVkoCO.exe
  2⤵
  PID:4772
- C:\Windows\System\HmXRXwd.exe
  C:\Windows\System\HmXRXwd.exe
  2⤵
  PID:4724
- C:\Windows\System\pqfFqME.exe
  C:\Windows\System\pqfFqME.exe
  2⤵
  PID:4904
- C:\Windows\System\fYRgrgw.exe
  C:\Windows\System\fYRgrgw.exe
  2⤵
  PID:4908
- C:\Windows\System\pxDEfWy.exe
  C:\Windows\System\pxDEfWy.exe
  2⤵
  PID:4984
- C:\Windows\System\wXSJWld.exe
  C:\Windows\System\wXSJWld.exe
  2⤵
  PID:5000
- C:\Windows\System\KQvtEut.exe
  C:\Windows\System\KQvtEut.exe
  2⤵
  PID:3884
- C:\Windows\System\xeSgMzQ.exe
  C:\Windows\System\xeSgMzQ.exe
  2⤵
  PID:5148
- C:\Windows\System\jWsFDCp.exe
  C:\Windows\System\jWsFDCp.exe
  2⤵
  PID:5164
- C:\Windows\System\EeAYRIn.exe
  C:\Windows\System\EeAYRIn.exe
  2⤵
  PID:5180
- C:\Windows\System\pzzELov.exe
  C:\Windows\System\pzzELov.exe
  2⤵
  PID:5196
- C:\Windows\System\XeabsRs.exe
  C:\Windows\System\XeabsRs.exe
  2⤵
  PID:5216
- C:\Windows\System\cJPcHao.exe
  C:\Windows\System\cJPcHao.exe
  2⤵
  PID:5372
- C:\Windows\System\ASCpJgu.exe
  C:\Windows\System\ASCpJgu.exe
  2⤵
  PID:5388
- C:\Windows\System\mRpdSsV.exe
  C:\Windows\System\mRpdSsV.exe
  2⤵
  PID:5404
- C:\Windows\System\BTDeJKU.exe
  C:\Windows\System\BTDeJKU.exe
  2⤵
  PID:5420
- C:\Windows\System\VjkFOwG.exe
  C:\Windows\System\VjkFOwG.exe
  2⤵
  PID:5436
- C:\Windows\System\jaJFhCM.exe
  C:\Windows\System\jaJFhCM.exe
  2⤵
  PID:5452
- C:\Windows\System\MYTgfMO.exe
  C:\Windows\System\MYTgfMO.exe
  2⤵
  PID:5468
- C:\Windows\System\AjbDuAG.exe
  C:\Windows\System\AjbDuAG.exe
  2⤵
  PID:5484
- C:\Windows\System\zONxjiv.exe
  C:\Windows\System\zONxjiv.exe
  2⤵
  PID:5500
- C:\Windows\System\MsDQmAP.exe
  C:\Windows\System\MsDQmAP.exe
  2⤵
  PID:5516
- C:\Windows\System\rynrwYk.exe
  C:\Windows\System\rynrwYk.exe
  2⤵
  PID:5532
- C:\Windows\System\vdQPDNZ.exe
  C:\Windows\System\vdQPDNZ.exe
  2⤵
  PID:5548
- C:\Windows\System\lUUokaQ.exe
  C:\Windows\System\lUUokaQ.exe
  2⤵
  PID:5564
- C:\Windows\System\zpNzpvV.exe
  C:\Windows\System\zpNzpvV.exe
  2⤵
  PID:5580
- C:\Windows\System\yFbSQPm.exe
  C:\Windows\System\yFbSQPm.exe
  2⤵
  PID:5596
- C:\Windows\System\MWMYdjM.exe
  C:\Windows\System\MWMYdjM.exe
  2⤵
  PID:5612
- C:\Windows\System\DdxfTuG.exe
  C:\Windows\System\DdxfTuG.exe
  2⤵
  PID:5628
- C:\Windows\System\rWwIwsX.exe
  C:\Windows\System\rWwIwsX.exe
  2⤵
  PID:5644
- C:\Windows\System\FnmRxcy.exe
  C:\Windows\System\FnmRxcy.exe
  2⤵
  PID:5660
- C:\Windows\System\WFWJCdp.exe
  C:\Windows\System\WFWJCdp.exe
  2⤵
  PID:5676
- C:\Windows\System\oAyiprM.exe
  C:\Windows\System\oAyiprM.exe
  2⤵
  PID:5692
- C:\Windows\System\VUVUBhe.exe
  C:\Windows\System\VUVUBhe.exe
  2⤵
  PID:5708
- C:\Windows\System\PTECPlE.exe
  C:\Windows\System\PTECPlE.exe
  2⤵
  PID:5724
- C:\Windows\System\moTLcDx.exe
  C:\Windows\System\moTLcDx.exe
  2⤵
  PID:5740
- C:\Windows\System\JIXGSgw.exe
  C:\Windows\System\JIXGSgw.exe
  2⤵
  PID:5756
- C:\Windows\System\JmjorVb.exe
  C:\Windows\System\JmjorVb.exe
  2⤵
  PID:5772
- C:\Windows\System\mtNoUCE.exe
  C:\Windows\System\mtNoUCE.exe
  2⤵
  PID:5788
- C:\Windows\System\uvkoclf.exe
  C:\Windows\System\uvkoclf.exe
  2⤵
  PID:5804
- C:\Windows\System\elWZoLN.exe
  C:\Windows\System\elWZoLN.exe
  2⤵
  PID:5820
- C:\Windows\System\GKXsJAF.exe
  C:\Windows\System\GKXsJAF.exe
  2⤵
  PID:5836
- C:\Windows\System\NbraXCe.exe
  C:\Windows\System\NbraXCe.exe
  2⤵
  PID:5852
- C:\Windows\System\NGQMrjK.exe
  C:\Windows\System\NGQMrjK.exe
  2⤵
  PID:5868
- C:\Windows\System\fjWyStr.exe
  C:\Windows\System\fjWyStr.exe
  2⤵
  PID:5884
- C:\Windows\System\WVWyzIj.exe
  C:\Windows\System\WVWyzIj.exe
  2⤵
  PID:5900
- C:\Windows\System\jBKOfMl.exe
  C:\Windows\System\jBKOfMl.exe
  2⤵
  PID:5916
- C:\Windows\System\wWBKQDC.exe
  C:\Windows\System\wWBKQDC.exe
  2⤵
  PID:5932
- C:\Windows\System\XvsKeSR.exe
  C:\Windows\System\XvsKeSR.exe
  2⤵
  PID:5948
- C:\Windows\System\KGNkgfW.exe
  C:\Windows\System\KGNkgfW.exe
  2⤵
  PID:5964
- C:\Windows\System\xwRmqgy.exe
  C:\Windows\System\xwRmqgy.exe
  2⤵
  PID:5980
- C:\Windows\System\rcFJMPa.exe
  C:\Windows\System\rcFJMPa.exe
  2⤵
  PID:6012
- C:\Windows\System\hUkCust.exe
  C:\Windows\System\hUkCust.exe
  2⤵
  PID:6028
- C:\Windows\System\HDOngvI.exe
  C:\Windows\System\HDOngvI.exe
  2⤵
  PID:6044
- C:\Windows\System\xzOeqsP.exe
  C:\Windows\System\xzOeqsP.exe
  2⤵
  PID:6060
- C:\Windows\System\xadKIzc.exe
  C:\Windows\System\xadKIzc.exe
  2⤵
  PID:6076
- C:\Windows\System\lAeqTsr.exe
  C:\Windows\System\lAeqTsr.exe
  2⤵
  PID:6092
- C:\Windows\System\QYoQkpV.exe
  C:\Windows\System\QYoQkpV.exe
  2⤵
  PID:6108
- C:\Windows\System\ynOOYWZ.exe
  C:\Windows\System\ynOOYWZ.exe
  2⤵
  PID:6124
- C:\Windows\System\kerPDZv.exe
  C:\Windows\System\kerPDZv.exe
  2⤵
  PID:6140
- C:\Windows\System\wpPrpru.exe
  C:\Windows\System\wpPrpru.exe
  2⤵
  PID:4012
- C:\Windows\System\nYdVUOZ.exe
  C:\Windows\System\nYdVUOZ.exe
  2⤵
  PID:1476
- C:\Windows\System\PxwkbsU.exe
  C:\Windows\System\PxwkbsU.exe
  2⤵
  PID:3352
- C:\Windows\System\iFDyafD.exe
  C:\Windows\System\iFDyafD.exe
  2⤵
  PID:4260
- C:\Windows\System\tWVWQyo.exe
  C:\Windows\System\tWVWQyo.exe
  2⤵
  PID:4552
- C:\Windows\System\iukJCIC.exe
  C:\Windows\System\iukJCIC.exe
  2⤵
  PID:4808
- C:\Windows\System\SZuFJBB.exe
  C:\Windows\System\SZuFJBB.exe
  2⤵
  PID:5068
- C:\Windows\System\FFVWKhw.exe
  C:\Windows\System\FFVWKhw.exe
  2⤵
  PID:5176
- C:\Windows\System\NchlrKQ.exe
  C:\Windows\System\NchlrKQ.exe
  2⤵
  PID:3688
- C:\Windows\System\RioBEQp.exe
  C:\Windows\System\RioBEQp.exe
  2⤵
  PID:4324
- C:\Windows\System\ENACHQR.exe
  C:\Windows\System\ENACHQR.exe
  2⤵
  PID:4616
- C:\Windows\System\craNRav.exe
  C:\Windows\System\craNRav.exe
  2⤵
  PID:4756
- C:\Windows\System\QsCeJeQ.exe
  C:\Windows\System\QsCeJeQ.exe
  2⤵
  PID:4892
- C:\Windows\System\DElPYdm.exe
  C:\Windows\System\DElPYdm.exe
  2⤵
  PID:5192
- C:\Windows\System\IOMuAJN.exe
  C:\Windows\System\IOMuAJN.exe
  2⤵
  PID:5236
- C:\Windows\System\WaVwvws.exe
  C:\Windows\System\WaVwvws.exe
  2⤵
  PID:5252
- C:\Windows\System\XTcpiNe.exe
  C:\Windows\System\XTcpiNe.exe
  2⤵
  PID:5268
- C:\Windows\System\VGRWWNN.exe
  C:\Windows\System\VGRWWNN.exe
  2⤵
  PID:5284
- C:\Windows\System\cGYaafR.exe
  C:\Windows\System\cGYaafR.exe
  2⤵
  PID:5300
- C:\Windows\System\UrCulpD.exe
  C:\Windows\System\UrCulpD.exe
  2⤵
  PID:5316
- C:\Windows\System\czOJCKL.exe
  C:\Windows\System\czOJCKL.exe
  2⤵
  PID:5332
- C:\Windows\System\SUglPCk.exe
  C:\Windows\System\SUglPCk.exe
  2⤵
  PID:5348
- C:\Windows\System\didROfI.exe
  C:\Windows\System\didROfI.exe
  2⤵
  PID:2880
- C:\Windows\System\WkqkJbd.exe
  C:\Windows\System\WkqkJbd.exe
  2⤵
  PID:5416
- C:\Windows\System\sLgywkh.exe
  C:\Windows\System\sLgywkh.exe
  2⤵
  PID:5480
- C:\Windows\System\LYGXtik.exe
  C:\Windows\System\LYGXtik.exe
  2⤵
  PID:5544
- C:\Windows\System\aIAUZeN.exe
  C:\Windows\System\aIAUZeN.exe
  2⤵
  PID:5608
- C:\Windows\System\OaJJwZr.exe
  C:\Windows\System\OaJJwZr.exe
  2⤵
  PID:5668
- C:\Windows\System\CyRoKxr.exe
  C:\Windows\System\CyRoKxr.exe
  2⤵
  PID:5700
- C:\Windows\System\DOFDQib.exe
  C:\Windows\System\DOFDQib.exe
  2⤵
  PID:5764
- C:\Windows\System\cibUgRb.exe
  C:\Windows\System\cibUgRb.exe
  2⤵
  PID:5828
- C:\Windows\System\edwjvYX.exe
  C:\Windows\System\edwjvYX.exe
  2⤵
  PID:2124
- C:\Windows\System\oeXKdLR.exe
  C:\Windows\System\oeXKdLR.exe
  2⤵
  PID:5896
- C:\Windows\System\FJFmThk.exe
  C:\Windows\System\FJFmThk.exe
  2⤵
  PID:5460
- C:\Windows\System\IZsEIhN.exe
  C:\Windows\System\IZsEIhN.exe
  2⤵
  PID:5956
- C:\Windows\System\IaxeKtI.exe
  C:\Windows\System\IaxeKtI.exe
  2⤵
  PID:5988
- C:\Windows\System\kCQduJG.exe
  C:\Windows\System\kCQduJG.exe
  2⤵
  PID:5524
- C:\Windows\System\OZqxpjw.exe
  C:\Windows\System\OZqxpjw.exe
  2⤵
  PID:5588
- C:\Windows\System\eBtexEU.exe
  C:\Windows\System\eBtexEU.exe
  2⤵
  PID:5652
- C:\Windows\System\mngZRPv.exe
  C:\Windows\System\mngZRPv.exe
  2⤵
  PID:5716
- C:\Windows\System\pCaXRNL.exe
  C:\Windows\System\pCaXRNL.exe
  2⤵
  PID:6040
- C:\Windows\System\OZsNhSD.exe
  C:\Windows\System\OZsNhSD.exe
  2⤵
  PID:5848
- C:\Windows\System\kiBmsaH.exe
  C:\Windows\System\kiBmsaH.exe
  2⤵
  PID:5912
- C:\Windows\System\oYupIkk.exe
  C:\Windows\System\oYupIkk.exe
  2⤵
  PID:5976
- C:\Windows\System\VJUBlPd.exe
  C:\Windows\System\VJUBlPd.exe
  2⤵
  PID:5812
- C:\Windows\System\MQBufya.exe
  C:\Windows\System\MQBufya.exe
  2⤵
  PID:6024
- C:\Windows\System\MEEaqqE.exe
  C:\Windows\System\MEEaqqE.exe
  2⤵
  PID:6052
- C:\Windows\System\PSESTgG.exe
  C:\Windows\System\PSESTgG.exe
  2⤵
  PID:6120
- C:\Windows\System\HyCJTWh.exe
  C:\Windows\System\HyCJTWh.exe
  2⤵
  PID:6084
- C:\Windows\System\FRxCXpA.exe
  C:\Windows\System\FRxCXpA.exe
  2⤵
  PID:4248
- C:\Windows\System\TlNKpCd.exe
  C:\Windows\System\TlNKpCd.exe
  2⤵
  PID:4280
- C:\Windows\System\YWUseJO.exe
  C:\Windows\System\YWUseJO.exe
  2⤵
  PID:2364
- C:\Windows\System\dAnaqRx.exe
  C:\Windows\System\dAnaqRx.exe
  2⤵
  PID:5208
- C:\Windows\System\yxMaoOW.exe
  C:\Windows\System\yxMaoOW.exe
  2⤵
  PID:4924
- C:\Windows\System\VJEjVfx.exe
  C:\Windows\System\VJEjVfx.exe
  2⤵
  PID:4436
- C:\Windows\System\MnZldNT.exe
  C:\Windows\System\MnZldNT.exe
  2⤵
  PID:5248
- C:\Windows\System\thQQbmt.exe
  C:\Windows\System\thQQbmt.exe
  2⤵
  PID:5280
- C:\Windows\System\lbDUIvp.exe
  C:\Windows\System\lbDUIvp.exe
  2⤵
  PID:5308
- C:\Windows\System\oNugMfu.exe
  C:\Windows\System\oNugMfu.exe
  2⤵
  PID:5296
- C:\Windows\System\zWPFZLR.exe
  C:\Windows\System\zWPFZLR.exe
  2⤵
  PID:5356
- C:\Windows\System\vZYZsyb.exe
  C:\Windows\System\vZYZsyb.exe
  2⤵
  PID:5476
- C:\Windows\System\rweHXUK.exe
  C:\Windows\System\rweHXUK.exe
  2⤵
  PID:5604
- C:\Windows\System\tmZWbvS.exe
  C:\Windows\System\tmZWbvS.exe
  2⤵
  PID:2660
- C:\Windows\System\peeTOrp.exe
  C:\Windows\System\peeTOrp.exe
  2⤵
  PID:2904
- C:\Windows\System\Sccwwem.exe
  C:\Windows\System\Sccwwem.exe
  2⤵
  PID:5928
- C:\Windows\System\LZyaWrz.exe
  C:\Windows\System\LZyaWrz.exe
  2⤵
  PID:5464
- C:\Windows\System\TBKCRsQ.exe
  C:\Windows\System\TBKCRsQ.exe
  2⤵
  PID:5560
- C:\Windows\System\JcwBsCK.exe
  C:\Windows\System\JcwBsCK.exe
  2⤵
  PID:5496
- C:\Windows\System\wwVyeBR.exe
  C:\Windows\System\wwVyeBR.exe
  2⤵
  PID:5688
- C:\Windows\System\wNsRgug.exe
  C:\Windows\System\wNsRgug.exe
  2⤵
  PID:6100
- C:\Windows\System\UOcJXYr.exe
  C:\Windows\System\UOcJXYr.exe
  2⤵
  PID:6960
- C:\Windows\System\LiSPWRW.exe
  C:\Windows\System\LiSPWRW.exe
  2⤵
  PID:7156
- C:\Windows\System\DeearcO.exe
  C:\Windows\System\DeearcO.exe
  2⤵
  PID:5972
- C:\Windows\System\LpLMjWo.exe
  C:\Windows\System\LpLMjWo.exe
  2⤵
  PID:5908
- C:\Windows\System\LiWOcRP.exe
  C:\Windows\System\LiWOcRP.exe
  2⤵
  PID:6136
- C:\Windows\System\BcGXxlq.exe
  C:\Windows\System\BcGXxlq.exe
  2⤵
  PID:5172
- C:\Windows\System\ZepOMNp.exe
  C:\Windows\System\ZepOMNp.exe
  2⤵
  PID:4228
- C:\Windows\System\ANQNJjV.exe
  C:\Windows\System\ANQNJjV.exe
  2⤵
  PID:5052
- C:\Windows\System\tgXEUMz.exe
  C:\Windows\System\tgXEUMz.exe
  2⤵
  PID:4424
- C:\Windows\System\wDznDLn.exe
  C:\Windows\System\wDznDLn.exe
  2⤵
  PID:5344
- C:\Windows\System\QwwaFkV.exe
  C:\Windows\System\QwwaFkV.exe
  2⤵
  PID:5892
- C:\Windows\System\CABGtgY.exe
  C:\Windows\System\CABGtgY.exe
  2⤵
  PID:5492
- C:\Windows\System\uJzxfcb.exe
  C:\Windows\System\uJzxfcb.exe
  2⤵
  PID:5624
- C:\Windows\System\YFtrcac.exe
  C:\Windows\System\YFtrcac.exe
  2⤵
  PID:6168
- C:\Windows\System\CgsTfXu.exe
  C:\Windows\System\CgsTfXu.exe
  2⤵
  PID:6188
- C:\Windows\System\zNPghIh.exe
  C:\Windows\System\zNPghIh.exe
  2⤵
  PID:6204
- C:\Windows\System\cymCkgC.exe
  C:\Windows\System\cymCkgC.exe
  2⤵
  PID:6220
- C:\Windows\System\ghybZGk.exe
  C:\Windows\System\ghybZGk.exe
  2⤵
  PID:6236
- C:\Windows\System\nExYQGj.exe
  C:\Windows\System\nExYQGj.exe
  2⤵
  PID:6252
- C:\Windows\System\dJNxhIH.exe
  C:\Windows\System\dJNxhIH.exe
  2⤵
  PID:6284
- C:\Windows\System\yOiGzHI.exe
  C:\Windows\System\yOiGzHI.exe
  2⤵
  PID:6320
- C:\Windows\System\MFggley.exe
  C:\Windows\System\MFggley.exe
  2⤵
  PID:6344
- C:\Windows\System\qZDeaDg.exe
  C:\Windows\System\qZDeaDg.exe
  2⤵
  PID:6372
- C:\Windows\System\gdbynpq.exe
  C:\Windows\System\gdbynpq.exe
  2⤵
  PID:6388
- C:\Windows\System\AqduVUA.exe
  C:\Windows\System\AqduVUA.exe
  2⤵
  PID:6404
- C:\Windows\System\bdJXTsM.exe
  C:\Windows\System\bdJXTsM.exe
  2⤵
  PID:6440
- C:\Windows\System\ijjNNhZ.exe
  C:\Windows\System\ijjNNhZ.exe
  2⤵
  PID:6484
- C:\Windows\System\opSTMyA.exe
  C:\Windows\System\opSTMyA.exe
  2⤵
  PID:6524
- C:\Windows\System\uguqupW.exe
  C:\Windows\System\uguqupW.exe
  2⤵
  PID:6544
- C:\Windows\System\gKqWVOP.exe
  C:\Windows\System\gKqWVOP.exe
  2⤵
  PID:6572
- C:\Windows\System\zQGXdKS.exe
  C:\Windows\System\zQGXdKS.exe
  2⤵
  PID:6592
- C:\Windows\System\cCBPFje.exe
  C:\Windows\System\cCBPFje.exe
  2⤵
  PID:6716
- C:\Windows\System\HvLOCPg.exe
  C:\Windows\System\HvLOCPg.exe
  2⤵
  PID:6912
- C:\Windows\System\CHdYsuj.exe
  C:\Windows\System\CHdYsuj.exe
  2⤵
  PID:6976
- C:\Windows\System\KvdsdXv.exe
  C:\Windows\System\KvdsdXv.exe
  2⤵
  PID:7084
- C:\Windows\System\rZuwNat.exe
  C:\Windows\System\rZuwNat.exe
  2⤵
  PID:7116
- C:\Windows\System\jNZqqFZ.exe
  C:\Windows\System\jNZqqFZ.exe
  2⤵
  PID:7136
- C:\Windows\System\swKTwYp.exe
  C:\Windows\System\swKTwYp.exe
  2⤵
  PID:3320
- C:\Windows\System\ACfgrlU.exe
  C:\Windows\System\ACfgrlU.exe
  2⤵
  PID:3212
- C:\Windows\System\TsJFssP.exe
  C:\Windows\System\TsJFssP.exe
  2⤵
  PID:5384
- C:\Windows\System\CsmeoPC.exe
  C:\Windows\System\CsmeoPC.exe
  2⤵
  PID:5732
- C:\Windows\System\VwKSEUk.exe
  C:\Windows\System\VwKSEUk.exe
  2⤵
  PID:6164
- C:\Windows\System\KNpNswU.exe
  C:\Windows\System\KNpNswU.exe
  2⤵
  PID:6232
- C:\Windows\System\cJqdUUk.exe
  C:\Windows\System\cJqdUUk.exe
  2⤵
  PID:6280
- C:\Windows\System\HONEdXA.exe
  C:\Windows\System\HONEdXA.exe
  2⤵
  PID:6340
- C:\Windows\System\hGNzUIu.exe
  C:\Windows\System\hGNzUIu.exe
  2⤵
  PID:6380
- C:\Windows\System\nycZQkj.exe
  C:\Windows\System\nycZQkj.exe
  2⤵
  PID:6384
- C:\Windows\System\cYKcoTw.exe
  C:\Windows\System\cYKcoTw.exe
  2⤵
  PID:5264
- C:\Windows\System\etLVcki.exe
  C:\Windows\System\etLVcki.exe
  2⤵
  PID:5512
- C:\Windows\System\rDqfcXj.exe
  C:\Windows\System\rDqfcXj.exe
  2⤵
  PID:6420
- C:\Windows\System\eZuyPFK.exe
  C:\Windows\System\eZuyPFK.exe
  2⤵
  PID:6436
- C:\Windows\System\HwsHFrk.exe
  C:\Windows\System\HwsHFrk.exe
  2⤵
  PID:6512
- C:\Windows\System\HgKkzOB.exe
  C:\Windows\System\HgKkzOB.exe
  2⤵
  PID:6556
- C:\Windows\System\vxjIBRb.exe
  C:\Windows\System\vxjIBRb.exe
  2⤵
  PID:6184
- C:\Windows\System\WqmPyPy.exe
  C:\Windows\System\WqmPyPy.exe
  2⤵
  PID:6244
- C:\Windows\System\LjyjFUw.exe
  C:\Windows\System\LjyjFUw.exe
  2⤵
  PID:6308
- C:\Windows\System\ynTuhIo.exe
  C:\Windows\System\ynTuhIo.exe
  2⤵
  PID:6360
- C:\Windows\System\eeJZORN.exe
  C:\Windows\System\eeJZORN.exe
  2⤵
  PID:6464
- C:\Windows\System\BmohSTi.exe
  C:\Windows\System\BmohSTi.exe
  2⤵
  PID:6396
- C:\Windows\System\TAERuvE.exe
  C:\Windows\System\TAERuvE.exe
  2⤵
  PID:6452
- C:\Windows\System\TGwbmYX.exe
  C:\Windows\System\TGwbmYX.exe
  2⤵
  PID:6584
- C:\Windows\System\pZVnphO.exe
  C:\Windows\System\pZVnphO.exe
  2⤵
  PID:6620
- C:\Windows\System\kjpMCwk.exe
  C:\Windows\System\kjpMCwk.exe
  2⤵
  PID:6652
- C:\Windows\System\nEnxFQe.exe
  C:\Windows\System\nEnxFQe.exe
  2⤵
  PID:6668
- C:\Windows\System\QrsOUkO.exe
  C:\Windows\System\QrsOUkO.exe
  2⤵
  PID:6684
- C:\Windows\System\JhgNXPU.exe
  C:\Windows\System\JhgNXPU.exe
  2⤵
  PID:6700
- C:\Windows\System\jHeHGqM.exe
  C:\Windows\System\jHeHGqM.exe
  2⤵
  PID:2208
- C:\Windows\System\YarwwkW.exe
  C:\Windows\System\YarwwkW.exe
  2⤵
  PID:2996
- C:\Windows\System\MNYDHKM.exe
  C:\Windows\System\MNYDHKM.exe
  2⤵
  PID:6736
- C:\Windows\System\QcfxQGJ.exe
  C:\Windows\System\QcfxQGJ.exe
  2⤵
  PID:2924
- C:\Windows\System\lOYYRTW.exe
  C:\Windows\System\lOYYRTW.exe
  2⤵
  PID:6768
- C:\Windows\System\GBhEveB.exe
  C:\Windows\System\GBhEveB.exe
  2⤵
  PID:6776
- C:\Windows\System\DmpaZQC.exe
  C:\Windows\System\DmpaZQC.exe
  2⤵
  PID:6792
- C:\Windows\System\GhvMhsI.exe
  C:\Windows\System\GhvMhsI.exe
  2⤵
  PID:6816
- C:\Windows\System\HQykbWA.exe
  C:\Windows\System\HQykbWA.exe
  2⤵
  PID:6928
- C:\Windows\System\SXSjJLA.exe
  C:\Windows\System\SXSjJLA.exe
  2⤵
  PID:6828
- C:\Windows\System\wIWfRRT.exe
  C:\Windows\System\wIWfRRT.exe
  2⤵
  PID:6844
- C:\Windows\System\SXlQoXV.exe
  C:\Windows\System\SXlQoXV.exe
  2⤵
  PID:6860
- C:\Windows\System\wXTeSrA.exe
  C:\Windows\System\wXTeSrA.exe
  2⤵
  PID:6904
- C:\Windows\System\xtwkvDy.exe
  C:\Windows\System\xtwkvDy.exe
  2⤵
  PID:6968
- C:\Windows\System\EeWjDpQ.exe
  C:\Windows\System\EeWjDpQ.exe
  2⤵
  PID:6984
- C:\Windows\System\OYzRTLk.exe
  C:\Windows\System\OYzRTLk.exe
  2⤵
  PID:2752
- C:\Windows\System\vHQucWS.exe
  C:\Windows\System\vHQucWS.exe
  2⤵
  PID:2736
- C:\Windows\System\nutBbNS.exe
  C:\Windows\System\nutBbNS.exe
  2⤵
  PID:7028
- C:\Windows\System\gipDboJ.exe
  C:\Windows\System\gipDboJ.exe
  2⤵
  PID:7044
- C:\Windows\System\PwZLGEi.exe
  C:\Windows\System\PwZLGEi.exe
  2⤵
  PID:7092
- C:\Windows\System\uRuTzIE.exe
  C:\Windows\System\uRuTzIE.exe
  2⤵
  PID:7064
- C:\Windows\System\XoxChRe.exe
  C:\Windows\System\XoxChRe.exe
  2⤵
  PID:7144
- C:\Windows\System\exeUtQm.exe
  C:\Windows\System\exeUtQm.exe
  2⤵
  PID:5080
- C:\Windows\System\Yquacjo.exe
  C:\Windows\System\Yquacjo.exe
  2⤵
  PID:6020
- C:\Windows\System\CLPwWId.exe
  C:\Windows\System\CLPwWId.exe
  2⤵
  PID:5340
- C:\Windows\System\OCfdDer.exe
  C:\Windows\System\OCfdDer.exe
  2⤵
  PID:6268
- C:\Windows\System\LUpiFJS.exe
  C:\Windows\System\LUpiFJS.exe
  2⤵
  PID:6328
- C:\Windows\System\VNNbkvb.exe
  C:\Windows\System\VNNbkvb.exe
  2⤵
  PID:5244
- C:\Windows\System\qMVOdyc.exe
  C:\Windows\System\qMVOdyc.exe
  2⤵
  PID:5556
- C:\Windows\System\YqDZlAV.exe
  C:\Windows\System\YqDZlAV.exe
  2⤵
  PID:2892
- C:\Windows\System\uvBfwEd.exe
  C:\Windows\System\uvBfwEd.exe
  2⤵
  PID:6176
- C:\Windows\System\dwLKMoR.exe
  C:\Windows\System\dwLKMoR.exe
  2⤵
  PID:6432
- C:\Windows\System\gceOwag.exe
  C:\Windows\System\gceOwag.exe
  2⤵
  PID:6368
- C:\Windows\System\gLkCbUK.exe
  C:\Windows\System\gLkCbUK.exe
  2⤵
  PID:6536
- C:\Windows\System\sYtYCjF.exe
  C:\Windows\System\sYtYCjF.exe
  2⤵
  PID:6212
- C:\Windows\System\RANxnmP.exe
  C:\Windows\System\RANxnmP.exe
  2⤵
  PID:6616
- C:\Windows\System\CZHhWPi.exe
  C:\Windows\System\CZHhWPi.exe
  2⤵
  PID:6636
- C:\Windows\System\FbYjNkJ.exe
  C:\Windows\System\FbYjNkJ.exe
  2⤵
  PID:6676
- C:\Windows\System\VvISOKF.exe
  C:\Windows\System\VvISOKF.exe
  2⤵
  PID:2936
- C:\Windows\System\XDPgPvt.exe
  C:\Windows\System\XDPgPvt.exe
  2⤵
  PID:2304
- C:\Windows\System\VePYswI.exe
  C:\Windows\System\VePYswI.exe
  2⤵
  PID:856
- C:\Windows\System\yLSibGC.exe
  C:\Windows\System\yLSibGC.exe
  2⤵
  PID:6588
- C:\Windows\System\OQFJrDG.exe
  C:\Windows\System\OQFJrDG.exe
  2⤵
  PID:6660
- C:\Windows\System\cZFytQj.exe
  C:\Windows\System\cZFytQj.exe
  2⤵
  PID:6752
- C:\Windows\System\FNluoiN.exe
  C:\Windows\System\FNluoiN.exe
  2⤵
  PID:6696
- C:\Windows\System\LJKersB.exe
  C:\Windows\System\LJKersB.exe
  2⤵
  PID:6744
- C:\Windows\System\qYoaWiu.exe
  C:\Windows\System\qYoaWiu.exe
  2⤵
  PID:6824
- C:\Windows\System\ThfjRZt.exe
  C:\Windows\System\ThfjRZt.exe
  2⤵
  PID:2980
- C:\Windows\System\hFjBfSL.exe
  C:\Windows\System\hFjBfSL.exe
  2⤵
  PID:6936
- C:\Windows\System\NTjfEJl.exe
  C:\Windows\System\NTjfEJl.exe
  2⤵
  PID:6896
- C:\Windows\System\KFLBgsl.exe
  C:\Windows\System\KFLBgsl.exe
  2⤵
  PID:5136
- C:\Windows\System\dQefKnV.exe
  C:\Windows\System\dQefKnV.exe
  2⤵
  PID:6956
- C:\Windows\System\kRtOKoP.exe
  C:\Windows\System\kRtOKoP.exe
  2⤵
  PID:7000
- C:\Windows\System\UpUXfJm.exe
  C:\Windows\System\UpUXfJm.exe
  2⤵
  PID:7012
- C:\Windows\System\UArODra.exe
  C:\Windows\System\UArODra.exe
  2⤵
  PID:7124
- C:\Windows\System\bgJIJaZ.exe
  C:\Windows\System\bgJIJaZ.exe
  2⤵
  PID:1092
- C:\Windows\System\OcTXYRD.exe
  C:\Windows\System\OcTXYRD.exe
  2⤵
  PID:6540
- C:\Windows\System\rASeTiI.exe
  C:\Windows\System\rASeTiI.exe
  2⤵
  PID:5816
- C:\Windows\System\aALyMbU.exe
  C:\Windows\System\aALyMbU.exe
  2⤵
  PID:1724
- C:\Windows\System\TywOiVX.exe
  C:\Windows\System\TywOiVX.exe
  2⤵
  PID:6624
- C:\Windows\System\ajDFDNu.exe
  C:\Windows\System\ajDFDNu.exe
  2⤵
  PID:7072
- C:\Windows\System\gJItHsJ.exe
  C:\Windows\System\gJItHsJ.exe
  2⤵
  PID:5276
- C:\Windows\System\KvKiNpB.exe
  C:\Windows\System\KvKiNpB.exe
  2⤵
  PID:4804
- C:\Windows\System\KcmyOhP.exe
  C:\Windows\System\KcmyOhP.exe
  2⤵
  PID:6500
- C:\Windows\System\prZghen.exe
  C:\Windows\System\prZghen.exe
  2⤵
  PID:6416
- C:\Windows\System\MwYeWkO.exe
  C:\Windows\System\MwYeWkO.exe
  2⤵
  PID:2600
- C:\Windows\System\CVPyHaI.exe
  C:\Windows\System\CVPyHaI.exe
  2⤵
  PID:6764
- C:\Windows\System\EbofwgZ.exe
  C:\Windows\System\EbofwgZ.exe
  2⤵
  PID:584
- C:\Windows\System\tDkQrgJ.exe
  C:\Windows\System\tDkQrgJ.exe
  2⤵
  PID:6836
- C:\Windows\System\yMyrETt.exe
  C:\Windows\System\yMyrETt.exe
  2⤵
  PID:444
- C:\Windows\System\nTKMsVl.exe
  C:\Windows\System\nTKMsVl.exe
  2⤵
  PID:6940
- C:\Windows\System\fwXXxhk.exe
  C:\Windows\System\fwXXxhk.exe
  2⤵
  PID:6704
- C:\Windows\System\IbbxpwE.exe
  C:\Windows\System\IbbxpwE.exe
  2⤵
  PID:7004
- C:\Windows\System\CrLnXdA.exe
  C:\Windows\System\CrLnXdA.exe
  2⤵
  PID:7024
- C:\Windows\System\VJfGZNu.exe
  C:\Windows\System\VJfGZNu.exe
  2⤵
  PID:6180
- C:\Windows\System\SflBreO.exe
  C:\Windows\System\SflBreO.exe
  2⤵
  PID:6196
- C:\Windows\System\afOgiPx.exe
  C:\Windows\System\afOgiPx.exe
  2⤵
  PID:6944
- C:\Windows\System\CAEwQux.exe
  C:\Windows\System\CAEwQux.exe
  2⤵
  PID:7112
- C:\Windows\System\ipwJZHQ.exe
  C:\Windows\System\ipwJZHQ.exe
  2⤵
  PID:6900
- C:\Windows\System\bspsLoc.exe
  C:\Windows\System\bspsLoc.exe
  2⤵
  PID:6924
- C:\Windows\System\xeGxsLV.exe
  C:\Windows\System\xeGxsLV.exe
  2⤵
  PID:6480
- C:\Windows\System\BFdDvyz.exe
  C:\Windows\System\BFdDvyz.exe
  2⤵
  PID:7184
- C:\Windows\System\DsYOFDF.exe
  C:\Windows\System\DsYOFDF.exe
  2⤵
  PID:7220
- C:\Windows\System\TRVmubW.exe
  C:\Windows\System\TRVmubW.exe
  2⤵
  PID:7264
- C:\Windows\System\SKxNuQj.exe
  C:\Windows\System\SKxNuQj.exe
  2⤵
  PID:7284
- C:\Windows\System\fGhaPff.exe
  C:\Windows\System\fGhaPff.exe
  2⤵
  PID:7300
- C:\Windows\System\BQNiNBl.exe
  C:\Windows\System\BQNiNBl.exe
  2⤵
  PID:7320
- C:\Windows\System\MExbjtn.exe
  C:\Windows\System\MExbjtn.exe
  2⤵
  PID:7336
- C:\Windows\System\gGQgCxO.exe
  C:\Windows\System\gGQgCxO.exe
  2⤵
  PID:7352
- C:\Windows\System\slKJjIg.exe
  C:\Windows\System\slKJjIg.exe
  2⤵
  PID:7368
- C:\Windows\System\ktEomzl.exe
  C:\Windows\System\ktEomzl.exe
  2⤵
  PID:7384
- C:\Windows\System\EYjUXSA.exe
  C:\Windows\System\EYjUXSA.exe
  2⤵
  PID:7408
- C:\Windows\System\oNVUHhV.exe
  C:\Windows\System\oNVUHhV.exe
  2⤵
  PID:7424
- C:\Windows\System\qlXrMaA.exe
  C:\Windows\System\qlXrMaA.exe
  2⤵
  PID:7440
- C:\Windows\System\LHtrNVS.exe
  C:\Windows\System\LHtrNVS.exe
  2⤵
  PID:7484
- C:\Windows\System\YuyKWai.exe
  C:\Windows\System\YuyKWai.exe
  2⤵
  PID:7500
- C:\Windows\System\VbebTCO.exe
  C:\Windows\System\VbebTCO.exe
  2⤵
  PID:7516
- C:\Windows\System\sZKNqGG.exe
  C:\Windows\System\sZKNqGG.exe
  2⤵
  PID:7532
- C:\Windows\System\aEXRLZg.exe
  C:\Windows\System\aEXRLZg.exe
  2⤵
  PID:7548
- C:\Windows\System\Iaznqkl.exe
  C:\Windows\System\Iaznqkl.exe
  2⤵
  PID:7568
- C:\Windows\System\rsQIPAy.exe
  C:\Windows\System\rsQIPAy.exe
  2⤵
  PID:7588
- C:\Windows\System\gCKWSxg.exe
  C:\Windows\System\gCKWSxg.exe
  2⤵
  PID:7604
- C:\Windows\System\WpAToyp.exe
  C:\Windows\System\WpAToyp.exe
  2⤵
  PID:7620
- C:\Windows\System\ESKVnRY.exe
  C:\Windows\System\ESKVnRY.exe
  2⤵
  PID:7636
- C:\Windows\System\evXvYxg.exe
  C:\Windows\System\evXvYxg.exe
  2⤵
  PID:7652
- C:\Windows\System\LVsxAES.exe
  C:\Windows\System\LVsxAES.exe
  2⤵
  PID:7676
- C:\Windows\System\RTVnCWD.exe
  C:\Windows\System\RTVnCWD.exe
  2⤵
  PID:7696
- C:\Windows\System\AUMEyxl.exe
  C:\Windows\System\AUMEyxl.exe
  2⤵
  PID:7752
- C:\Windows\System\XZbZBid.exe
  C:\Windows\System\XZbZBid.exe
  2⤵
  PID:7768
- C:\Windows\System\AGNoKKk.exe
  C:\Windows\System\AGNoKKk.exe
  2⤵
  PID:7784
- C:\Windows\System\qvXgAdQ.exe
  C:\Windows\System\qvXgAdQ.exe
  2⤵
  PID:7800
- C:\Windows\System\ObRiAlK.exe
  C:\Windows\System\ObRiAlK.exe
  2⤵
  PID:7816
- C:\Windows\System\WfSTLrw.exe
  C:\Windows\System\WfSTLrw.exe
  2⤵
  PID:7832
- C:\Windows\System\SiJGwne.exe
  C:\Windows\System\SiJGwne.exe
  2⤵
  PID:7852
- C:\Windows\System\svExWNp.exe
  C:\Windows\System\svExWNp.exe
  2⤵
  PID:7872
- C:\Windows\System\xdfSOPX.exe
  C:\Windows\System\xdfSOPX.exe
  2⤵
  PID:7912
- C:\Windows\System\hcVkQff.exe
  C:\Windows\System\hcVkQff.exe
  2⤵
  PID:7928
- C:\Windows\System\YzlbtPJ.exe
  C:\Windows\System\YzlbtPJ.exe
  2⤵
  PID:7944
- C:\Windows\System\tECytbF.exe
  C:\Windows\System\tECytbF.exe
  2⤵
  PID:7960
- C:\Windows\System\bnKGIRr.exe
  C:\Windows\System\bnKGIRr.exe
  2⤵
  PID:7976
- C:\Windows\System\JwgQCYU.exe
  C:\Windows\System\JwgQCYU.exe
  2⤵
  PID:7992
- C:\Windows\System\HVUWGxO.exe
  C:\Windows\System\HVUWGxO.exe
  2⤵
  PID:8008
- C:\Windows\System\FwXHzFh.exe
  C:\Windows\System\FwXHzFh.exe
  2⤵
  PID:8024
- C:\Windows\System\fqFlfvQ.exe
  C:\Windows\System\fqFlfvQ.exe
  2⤵
  PID:8048
- C:\Windows\System\NdJrtmX.exe
  C:\Windows\System\NdJrtmX.exe
  2⤵
  PID:8092
- C:\Windows\System\KmoRggd.exe
  C:\Windows\System\KmoRggd.exe
  2⤵
  PID:8108
- C:\Windows\System\hmQDysV.exe
  C:\Windows\System\hmQDysV.exe
  2⤵
  PID:8124
- C:\Windows\System\ftFBXqu.exe
  C:\Windows\System\ftFBXqu.exe
  2⤵
  PID:8148
- C:\Windows\System\YGWZcLH.exe
  C:\Windows\System\YGWZcLH.exe
  2⤵
  PID:8164
- C:\Windows\System\RWhHmAN.exe
  C:\Windows\System\RWhHmAN.exe
  2⤵
  PID:8180
- C:\Windows\System\zuvstES.exe
  C:\Windows\System\zuvstES.exe
  2⤵
  PID:6648
- C:\Windows\System\KBbKeSK.exe
  C:\Windows\System\KBbKeSK.exe
  2⤵
  PID:6876
- C:\Windows\System\lNZqvJP.exe
  C:\Windows\System\lNZqvJP.exe
  2⤵
  PID:6852
- C:\Windows\System\ouEqwkC.exe
  C:\Windows\System\ouEqwkC.exe
  2⤵
  PID:6276
- C:\Windows\System\ZqSesHp.exe
  C:\Windows\System\ZqSesHp.exe
  2⤵
  PID:2072
- C:\Windows\System\hlYZCgv.exe
  C:\Windows\System\hlYZCgv.exe
  2⤵
  PID:7100
- C:\Windows\System\yeXrffJ.exe
  C:\Windows\System\yeXrffJ.exe
  2⤵
  PID:6712
- C:\Windows\System\NEBpCXq.exe
  C:\Windows\System\NEBpCXq.exe
  2⤵
  PID:752
- C:\Windows\System\SrwkfsQ.exe
  C:\Windows\System\SrwkfsQ.exe
  2⤵
  PID:7052
- C:\Windows\System\PTzBtmU.exe
  C:\Windows\System\PTzBtmU.exe
  2⤵
  PID:2796
- C:\Windows\System\rnPFAZY.exe
  C:\Windows\System\rnPFAZY.exe
  2⤵
  PID:5620
- C:\Windows\System\XnCxNXj.exe
  C:\Windows\System\XnCxNXj.exe
  2⤵
  PID:264
- C:\Windows\System\WipajrM.exe
  C:\Windows\System\WipajrM.exe
  2⤵
  PID:6680
- C:\Windows\System\rOrtIfS.exe
  C:\Windows\System\rOrtIfS.exe
  2⤵
  PID:7180
- C:\Windows\System\BUTDkaF.exe
  C:\Windows\System\BUTDkaF.exe
  2⤵
  PID:7240
- C:\Windows\System\SZHLohe.exe
  C:\Windows\System\SZHLohe.exe
  2⤵
  PID:7280
- C:\Windows\System\dmobIuc.exe
  C:\Windows\System\dmobIuc.exe
  2⤵
  PID:7256
- C:\Windows\System\pGkCKPQ.exe
  C:\Windows\System\pGkCKPQ.exe
  2⤵
  PID:7316
- C:\Windows\System\qIZOjjk.exe
  C:\Windows\System\qIZOjjk.exe
  2⤵
  PID:7416
- C:\Windows\System\uHjONSs.exe
  C:\Windows\System\uHjONSs.exe
  2⤵
  PID:1700
- C:\Windows\System\GdDRYQA.exe
  C:\Windows\System\GdDRYQA.exe
  2⤵
  PID:7360
- C:\Windows\System\IwICAzM.exe
  C:\Windows\System\IwICAzM.exe
  2⤵
  PID:1816
- C:\Windows\System\QIkgJiM.exe
  C:\Windows\System\QIkgJiM.exe
  2⤵
  PID:7392
- C:\Windows\System\RQBsBOL.exe
  C:\Windows\System\RQBsBOL.exe
  2⤵
  PID:7432
- C:\Windows\System\pLkEQRn.exe
  C:\Windows\System\pLkEQRn.exe
  2⤵
  PID:2128
- C:\Windows\System\tVEROmh.exe
  C:\Windows\System\tVEROmh.exe
  2⤵
  PID:7476
- C:\Windows\System\zHdEyHt.exe
  C:\Windows\System\zHdEyHt.exe
  2⤵
  PID:7540
- C:\Windows\System\prCKWRE.exe
  C:\Windows\System\prCKWRE.exe
  2⤵
  PID:1108
- C:\Windows\System\UxXwJwo.exe
  C:\Windows\System\UxXwJwo.exe
  2⤵
  PID:7596
- C:\Windows\System\XudQaqy.exe
  C:\Windows\System\XudQaqy.exe
  2⤵
  PID:7664
- C:\Windows\System\basMdEM.exe
  C:\Windows\System\basMdEM.exe
  2⤵
  PID:7716
- C:\Windows\System\sMCnqrc.exe
  C:\Windows\System\sMCnqrc.exe
  2⤵
  PID:7744
- C:\Windows\System\bexfpFl.exe
  C:\Windows\System\bexfpFl.exe
  2⤵
  PID:7780
- C:\Windows\System\Zsgqhvw.exe
  C:\Windows\System\Zsgqhvw.exe
  2⤵
  PID:7840
- C:\Windows\System\BJpySXJ.exe
  C:\Windows\System\BJpySXJ.exe
  2⤵
  PID:7892
- C:\Windows\System\YseRHbP.exe
  C:\Windows\System\YseRHbP.exe
  2⤵
  PID:7612
- C:\Windows\System\cSXzluN.exe
  C:\Windows\System\cSXzluN.exe
  2⤵
  PID:7684
- C:\Windows\System\hvRPVWm.exe
  C:\Windows\System\hvRPVWm.exe
  2⤵
  PID:7796
- C:\Windows\System\JHqXzbh.exe
  C:\Windows\System\JHqXzbh.exe
  2⤵
  PID:7864
- C:\Windows\System\wpCauti.exe
  C:\Windows\System\wpCauti.exe
  2⤵
  PID:7940
- C:\Windows\System\YkbIqxe.exe
  C:\Windows\System\YkbIqxe.exe
  2⤵
  PID:7972
- C:\Windows\System\WZmQWUM.exe
  C:\Windows\System\WZmQWUM.exe
  2⤵
  PID:8004
- C:\Windows\System\oqNnMyD.exe
  C:\Windows\System\oqNnMyD.exe
  2⤵
  PID:7952
- C:\Windows\System\fuHyxCP.exe
  C:\Windows\System\fuHyxCP.exe
  2⤵
  PID:8056
- C:\Windows\System\pwKNJxW.exe
  C:\Windows\System\pwKNJxW.exe
  2⤵
  PID:8076
- C:\Windows\System\AvPKgol.exe
  C:\Windows\System\AvPKgol.exe
  2⤵
  PID:8088
- C:\Windows\System\kBoReyr.exe
  C:\Windows\System\kBoReyr.exe
  2⤵
  PID:8172
- C:\Windows\System\PTxLPsh.exe
  C:\Windows\System\PTxLPsh.exe
  2⤵
  PID:8116
- C:\Windows\System\iprQaxj.exe
  C:\Windows\System\iprQaxj.exe
  2⤵
  PID:6748
- C:\Windows\System\qyjZVvv.exe
  C:\Windows\System\qyjZVvv.exe
  2⤵
  PID:8188
- C:\Windows\System\TxVYTWy.exe
  C:\Windows\System\TxVYTWy.exe
  2⤵
  PID:6800
- C:\Windows\System\BvdTinc.exe
  C:\Windows\System\BvdTinc.exe
  2⤵
  PID:6868
- C:\Windows\System\uDDDyYZ.exe
  C:\Windows\System\uDDDyYZ.exe
  2⤵
  PID:7196
- C:\Windows\System\zHTmiEn.exe
  C:\Windows\System\zHTmiEn.exe
  2⤵
  PID:6520
- C:\Windows\System\horCwgO.exe
  C:\Windows\System\horCwgO.exe
  2⤵
  PID:7176
- C:\Windows\System\CrsfnSj.exe
  C:\Windows\System\CrsfnSj.exe
  2⤵
  PID:6788
- C:\Windows\System\ExcGUzf.exe
  C:\Windows\System\ExcGUzf.exe
  2⤵
  PID:6920
- C:\Windows\System\NVBsHFh.exe
  C:\Windows\System\NVBsHFh.exe
  2⤵
  PID:2808
- C:\Windows\System\vATghpq.exe
  C:\Windows\System\vATghpq.exe
  2⤵
  PID:7236
- C:\Windows\System\aRuhAqh.exe
  C:\Windows\System\aRuhAqh.exe
  2⤵
  PID:2760
- C:\Windows\System\mQkbObZ.exe
  C:\Windows\System\mQkbObZ.exe
  2⤵
  PID:864
- C:\Windows\System\LbtSWev.exe
  C:\Windows\System\LbtSWev.exe
  2⤵
  PID:2200
- C:\Windows\System\RYtnahk.exe
  C:\Windows\System\RYtnahk.exe
  2⤵
  PID:2724
- C:\Windows\System\UySpAaP.exe
  C:\Windows\System\UySpAaP.exe
  2⤵
  PID:7452
- C:\Windows\System\EcPHoar.exe
  C:\Windows\System\EcPHoar.exe
  2⤵
  PID:7460
- C:\Windows\System\FvdUdik.exe
  C:\Windows\System\FvdUdik.exe
  2⤵
  PID:7544
- C:\Windows\System\AkDylEL.exe
  C:\Windows\System\AkDylEL.exe
  2⤵
  PID:7704
- C:\Windows\System\wXiBpfj.exe
  C:\Windows\System\wXiBpfj.exe
  2⤵
  PID:7760
- C:\Windows\System\wZAlDzq.exe
  C:\Windows\System\wZAlDzq.exe
  2⤵
  PID:8044
- C:\Windows\System\dqtUtXk.exe
  C:\Windows\System\dqtUtXk.exe
  2⤵
  PID:8080
- C:\Windows\System\lHhZtre.exe
  C:\Windows\System\lHhZtre.exe
  2⤵
  PID:8156
- C:\Windows\System\MrjSnXS.exe
  C:\Windows\System\MrjSnXS.exe
  2⤵
  PID:8160
- C:\Windows\System\TqtnrmI.exe
  C:\Windows\System\TqtnrmI.exe
  2⤵
  PID:6132
- C:\Windows\System\OSUXALP.exe
  C:\Windows\System\OSUXALP.exe
  2⤵
  PID:6952
- C:\Windows\System\ANnXkDm.exe
  C:\Windows\System\ANnXkDm.exe
  2⤵
  PID:6708
- C:\Windows\System\zoEJZhn.exe
  C:\Windows\System\zoEJZhn.exe
  2⤵
  PID:7312
- C:\Windows\System\rXBEggo.exe
  C:\Windows\System\rXBEggo.exe
  2⤵
  PID:7880
- C:\Windows\System\IExtbir.exe
  C:\Windows\System\IExtbir.exe
  2⤵
  PID:7860
- C:\Windows\System\KlCiDlF.exe
  C:\Windows\System\KlCiDlF.exe
  2⤵
  PID:7984
- C:\Windows\System\jXspLbd.exe
  C:\Windows\System\jXspLbd.exe
  2⤵
  PID:8100
- C:\Windows\System\LxgadPG.exe
  C:\Windows\System\LxgadPG.exe
  2⤵
  PID:8144
- C:\Windows\System\NadJdgV.exe
  C:\Windows\System\NadJdgV.exe
  2⤵
  PID:7200
- C:\Windows\System\FDONRBc.exe
  C:\Windows\System\FDONRBc.exe
  2⤵
  PID:7740
- C:\Windows\System\tHwKCip.exe
  C:\Windows\System\tHwKCip.exe
  2⤵
  PID:7792
- C:\Windows\System\RScnXbo.exe
  C:\Windows\System\RScnXbo.exe
  2⤵
  PID:7228
- C:\Windows\System\UhzXafk.exe
  C:\Windows\System\UhzXafk.exe
  2⤵
  PID:8120
- C:\Windows\System\lVHHxRv.exe
  C:\Windows\System\lVHHxRv.exe
  2⤵
  PID:6228
- C:\Windows\System\yNUBxbq.exe
  C:\Windows\System\yNUBxbq.exe
  2⤵
  PID:7376
- C:\Windows\System\SOligSz.exe
  C:\Windows\System\SOligSz.exe
  2⤵
  PID:7728
- C:\Windows\System\DugmYPb.exe
  C:\Windows\System\DugmYPb.exe
  2⤵
  PID:7252
- C:\Windows\System\gSKJTZc.exe
  C:\Windows\System\gSKJTZc.exe
  2⤵
  PID:7924
- C:\Windows\System\BIwgxyo.exe
  C:\Windows\System\BIwgxyo.exe
  2⤵
  PID:7564
- C:\Windows\System\kTFFVwT.exe
  C:\Windows\System\kTFFVwT.exe
  2⤵
  PID:7492
- C:\Windows\System\NSRErWZ.exe
  C:\Windows\System\NSRErWZ.exe
  2⤵
  PID:1792
- C:\Windows\System\uoJGnCu.exe
  C:\Windows\System\uoJGnCu.exe
  2⤵
  PID:2912
- C:\Windows\System\sFaiRcd.exe
  C:\Windows\System\sFaiRcd.exe
  2⤵
  PID:8132
- C:\Windows\System\HgHAucu.exe
  C:\Windows\System\HgHAucu.exe
  2⤵
  PID:2708
- C:\Windows\System\bdrQHgU.exe
  C:\Windows\System\bdrQHgU.exe
  2⤵
  PID:8040
- C:\Windows\System\qabxHCj.exe
  C:\Windows\System\qabxHCj.exe
  2⤵
  PID:6812
- C:\Windows\System\WNxEzjj.exe
  C:\Windows\System\WNxEzjj.exe
  2⤵
  PID:2604
- C:\Windows\System\ULkkWMu.exe
  C:\Windows\System\ULkkWMu.exe
  2⤵
  PID:7076
- C:\Windows\System\ltMchCe.exe
  C:\Windows\System\ltMchCe.exe
  2⤵
  PID:1308
- C:\Windows\System\KKwrrer.exe
  C:\Windows\System\KKwrrer.exe
  2⤵
  PID:2784
- C:\Windows\System\xyBdCZw.exe
  C:\Windows\System\xyBdCZw.exe
  2⤵
  PID:8020
- C:\Windows\System\CtIyJCs.exe
  C:\Windows\System\CtIyJCs.exe
  2⤵
  PID:7908
- C:\Windows\System\uRqDGnv.exe
  C:\Windows\System\uRqDGnv.exe
  2⤵
  PID:3016
- C:\Windows\System\ctEOIWo.exe
  C:\Windows\System\ctEOIWo.exe
  2⤵
  PID:7936
- C:\Windows\System\rxcFHWv.exe
  C:\Windows\System\rxcFHWv.exe
  2⤵
  PID:8212
- C:\Windows\System\tFTjWid.exe
  C:\Windows\System\tFTjWid.exe
  2⤵
  PID:8232
- C:\Windows\System\qUCdlff.exe
  C:\Windows\System\qUCdlff.exe
  2⤵
  PID:8248
- C:\Windows\System\YJlUFaZ.exe
  C:\Windows\System\YJlUFaZ.exe
  2⤵
  PID:8264
- C:\Windows\System\MNhHjkO.exe
  C:\Windows\System\MNhHjkO.exe
  2⤵
  PID:8284
- C:\Windows\System\bpxAAwk.exe
  C:\Windows\System\bpxAAwk.exe
  2⤵
  PID:8344
- C:\Windows\System\YNKRlFH.exe
  C:\Windows\System\YNKRlFH.exe
  2⤵
  PID:8360
- C:\Windows\System\knKRMYL.exe
  C:\Windows\System\knKRMYL.exe
  2⤵
  PID:8380
- C:\Windows\System\bnQzQbo.exe
  C:\Windows\System\bnQzQbo.exe
  2⤵
  PID:8404
- C:\Windows\System\KRnHHKd.exe
  C:\Windows\System\KRnHHKd.exe
  2⤵
  PID:8424
- C:\Windows\System\eMVUpnn.exe
  C:\Windows\System\eMVUpnn.exe
  2⤵
  PID:8440
- C:\Windows\System\jvxApRR.exe
  C:\Windows\System\jvxApRR.exe
  2⤵
  PID:8456
- C:\Windows\System\ZGrvRbH.exe
  C:\Windows\System\ZGrvRbH.exe
  2⤵
  PID:8476
- C:\Windows\System\ObNAHrp.exe
  C:\Windows\System\ObNAHrp.exe
  2⤵
  PID:8492
- C:\Windows\System\QYwTDNI.exe
  C:\Windows\System\QYwTDNI.exe
  2⤵
  PID:8512
- C:\Windows\System\MHWPTUY.exe
  C:\Windows\System\MHWPTUY.exe
  2⤵
  PID:8528
- C:\Windows\System\DgDioRG.exe
  C:\Windows\System\DgDioRG.exe
  2⤵
  PID:8544
- C:\Windows\System\wSmcyje.exe
  C:\Windows\System\wSmcyje.exe
  2⤵
  PID:8560
- C:\Windows\System\IaBFqFT.exe
  C:\Windows\System\IaBFqFT.exe
  2⤵
  PID:8576
- C:\Windows\System\TZMYYEJ.exe
  C:\Windows\System\TZMYYEJ.exe
  2⤵
  PID:8596
- C:\Windows\System\EbcGXkH.exe
  C:\Windows\System\EbcGXkH.exe
  2⤵
  PID:8616
- C:\Windows\System\EDApuLe.exe
  C:\Windows\System\EDApuLe.exe
  2⤵
  PID:8632
- C:\Windows\System\OLdaXka.exe
  C:\Windows\System\OLdaXka.exe
  2⤵
  PID:8648
- C:\Windows\System\jkJRsbG.exe
  C:\Windows\System\jkJRsbG.exe
  2⤵
  PID:8664
- C:\Windows\System\ZkSMVTO.exe
  C:\Windows\System\ZkSMVTO.exe
  2⤵
  PID:8680
- C:\Windows\System\hfAjiPj.exe
  C:\Windows\System\hfAjiPj.exe
  2⤵
  PID:8700
- C:\Windows\System\OczqOJk.exe
  C:\Windows\System\OczqOJk.exe
  2⤵
  PID:8724
- C:\Windows\System\rwuOmto.exe
  C:\Windows\System\rwuOmto.exe
  2⤵
  PID:8740
- C:\Windows\System\Hezgyye.exe
  C:\Windows\System\Hezgyye.exe
  2⤵
  PID:8756
- C:\Windows\System\HSwVkLj.exe
  C:\Windows\System\HSwVkLj.exe
  2⤵
  PID:8772
- C:\Windows\System\uITIxBz.exe
  C:\Windows\System\uITIxBz.exe
  2⤵
  PID:8788
- C:\Windows\System\kABPRbO.exe
  C:\Windows\System\kABPRbO.exe
  2⤵
  PID:8808
- C:\Windows\System\EFHRycz.exe
  C:\Windows\System\EFHRycz.exe
  2⤵
  PID:8824
- C:\Windows\System\urjilVB.exe
  C:\Windows\System\urjilVB.exe
  2⤵
  PID:8840
- C:\Windows\System\kXNPLgC.exe
  C:\Windows\System\kXNPLgC.exe
  2⤵
  PID:8856
- C:\Windows\System\UFwsZlH.exe
  C:\Windows\System\UFwsZlH.exe
  2⤵
  PID:8876
- C:\Windows\System\rNbVMhN.exe
  C:\Windows\System\rNbVMhN.exe
  2⤵
  PID:8892
- C:\Windows\System\QCZwowy.exe
  C:\Windows\System\QCZwowy.exe
  2⤵
  PID:8976
- C:\Windows\System\zOdsEnT.exe
  C:\Windows\System\zOdsEnT.exe
  2⤵
  PID:8996
- C:\Windows\System\nUPuwCr.exe
  C:\Windows\System\nUPuwCr.exe
  2⤵
  PID:9012
- C:\Windows\System\TOQqbDA.exe
  C:\Windows\System\TOQqbDA.exe
  2⤵
  PID:9028
- C:\Windows\System\NpzSyUg.exe
  C:\Windows\System\NpzSyUg.exe
  2⤵
  PID:9048
- C:\Windows\System\HWDqSHj.exe
  C:\Windows\System\HWDqSHj.exe
  2⤵
  PID:9064
- C:\Windows\System\bZxvQRa.exe
  C:\Windows\System\bZxvQRa.exe
  2⤵
  PID:9080
- C:\Windows\System\PzZDCoL.exe
  C:\Windows\System\PzZDCoL.exe
  2⤵
  PID:9096
- C:\Windows\System\KGnuteh.exe
  C:\Windows\System\KGnuteh.exe
  2⤵
  PID:9112
- C:\Windows\System\bKmoWmK.exe
  C:\Windows\System\bKmoWmK.exe
  2⤵
  PID:9128
- C:\Windows\System\WTclSVN.exe
  C:\Windows\System\WTclSVN.exe
  2⤵
  PID:9148
- C:\Windows\System\IdonnPi.exe
  C:\Windows\System\IdonnPi.exe
  2⤵
  PID:9164
- C:\Windows\System\NUIKZxu.exe
  C:\Windows\System\NUIKZxu.exe
  2⤵
  PID:9180
- C:\Windows\System\jAZmWZG.exe
  C:\Windows\System\jAZmWZG.exe
  2⤵
  PID:9196
- C:\Windows\System\XhFXlaW.exe
  C:\Windows\System\XhFXlaW.exe
  2⤵
  PID:9212
- C:\Windows\System\rCKwBzg.exe
  C:\Windows\System\rCKwBzg.exe
  2⤵
  PID:8208
- C:\Windows\System\kQyLwTY.exe
  C:\Windows\System\kQyLwTY.exe
  2⤵
  PID:7308
- C:\Windows\System\bBYHhud.exe
  C:\Windows\System\bBYHhud.exe
  2⤵
  PID:7724
- C:\Windows\System\Olxuhdv.exe
  C:\Windows\System\Olxuhdv.exe
  2⤵
  PID:7556
- C:\Windows\System\uRSQfnr.exe
  C:\Windows\System\uRSQfnr.exe
  2⤵
  PID:7848
- C:\Windows\System\eigQSDc.exe
  C:\Windows\System\eigQSDc.exe
  2⤵
  PID:8256
- C:\Windows\System\OIRfWiB.exe
  C:\Windows\System\OIRfWiB.exe
  2⤵
  PID:8304
- C:\Windows\System\UcwnBSZ.exe
  C:\Windows\System\UcwnBSZ.exe
  2⤵
  PID:8320
- C:\Windows\System\ukUqbYA.exe
  C:\Windows\System\ukUqbYA.exe
  2⤵
  PID:8340
- C:\Windows\System\wgbXcfQ.exe
  C:\Windows\System\wgbXcfQ.exe
  2⤵
  PID:8388
- C:\Windows\System\TRRqeov.exe
  C:\Windows\System\TRRqeov.exe
  2⤵
  PID:8568
- C:\Windows\System\dQELuMg.exe
  C:\Windows\System\dQELuMg.exe
  2⤵
  PID:8608
- C:\Windows\System\NrvXdEn.exe
  C:\Windows\System\NrvXdEn.exe
  2⤵
  PID:8672
- C:\Windows\System\KUuJbtE.exe
  C:\Windows\System\KUuJbtE.exe
  2⤵
  PID:8716
- C:\Windows\System\EqROZYk.exe
  C:\Windows\System\EqROZYk.exe
  2⤵
  PID:8780
- C:\Windows\System\yxYKIbR.exe
  C:\Windows\System\yxYKIbR.exe
  2⤵
  PID:8484
- C:\Windows\System\cgasUbe.exe
  C:\Windows\System\cgasUbe.exe
  2⤵
  PID:8488
- C:\Windows\System\teZyrXP.exe
  C:\Windows\System\teZyrXP.exe
  2⤵
  PID:8584
- C:\Windows\System\pMbwnkj.exe
  C:\Windows\System\pMbwnkj.exe
  2⤵
  PID:8692
- C:\Windows\System\Yqoxesv.exe
  C:\Windows\System\Yqoxesv.exe
  2⤵
  PID:8764
- C:\Windows\System\gGxPclB.exe
  C:\Windows\System\gGxPclB.exe
  2⤵
  PID:8796
- C:\Windows\System\HftgPdy.exe
  C:\Windows\System\HftgPdy.exe
  2⤵
  PID:8868
- C:\Windows\System\hDLRKEA.exe
  C:\Windows\System\hDLRKEA.exe
  2⤵
  PID:8884
- C:\Windows\System\ikCaNQM.exe
  C:\Windows\System\ikCaNQM.exe
  2⤵
  PID:8912
- C:\Windows\System\LaslByl.exe
  C:\Windows\System\LaslByl.exe
  2⤵
  PID:8928
- C:\Windows\System\YRbXXuB.exe
  C:\Windows\System\YRbXXuB.exe
  2⤵
  PID:8944
- C:\Windows\System\QRxvbCK.exe
  C:\Windows\System\QRxvbCK.exe
  2⤵
  PID:8960
- C:\Windows\System\tkSkryo.exe
  C:\Windows\System\tkSkryo.exe
  2⤵
  PID:8984
- C:\Windows\System\fyfeEFD.exe
  C:\Windows\System\fyfeEFD.exe
  2⤵
  PID:9020
- C:\Windows\System\sWTpahg.exe
  C:\Windows\System\sWTpahg.exe
  2⤵
  PID:9188
- C:\Windows\System\zDpfjIx.exe
  C:\Windows\System\zDpfjIx.exe
  2⤵
  PID:9040
- C:\Windows\System\bClalYG.exe
  C:\Windows\System\bClalYG.exe
  2⤵
  PID:9104
- C:\Windows\System\viDxMVW.exe
  C:\Windows\System\viDxMVW.exe
  2⤵
  PID:9204
- C:\Windows\System\lvmdwbQ.exe
  C:\Windows\System\lvmdwbQ.exe
  2⤵
  PID:8016
- C:\Windows\System\NKsxNmR.exe
  C:\Windows\System\NKsxNmR.exe
  2⤵
  PID:7776
- C:\Windows\System\dZHtVEL.exe
  C:\Windows\System\dZHtVEL.exe
  2⤵
  PID:7904
- C:\Windows\System\LrhTwvo.exe
  C:\Windows\System\LrhTwvo.exe
  2⤵
  PID:7632
- C:\Windows\System\zQTGwQh.exe
  C:\Windows\System\zQTGwQh.exe
  2⤵
  PID:8292
- C:\Windows\System\tYqaEyn.exe
  C:\Windows\System\tYqaEyn.exe
  2⤵
  PID:8400
- C:\Windows\System\CfeUCYa.exe
  C:\Windows\System\CfeUCYa.exe
  2⤵
  PID:8472
- C:\Windows\System\tXagyNM.exe
  C:\Windows\System\tXagyNM.exe
  2⤵
  PID:8500
- C:\Windows\System\HDLlDzF.exe
  C:\Windows\System\HDLlDzF.exe
  2⤵
  PID:8540
- C:\Windows\System\sxJNnIn.exe
  C:\Windows\System\sxJNnIn.exe
  2⤵
  PID:8640
- C:\Windows\System\FRvigLt.exe
  C:\Windows\System\FRvigLt.exe
  2⤵
  PID:8748
- C:\Windows\System\aARidBP.exe
  C:\Windows\System\aARidBP.exe
  2⤵
  PID:8832
- C:\Windows\System\ejwUhwj.exe
  C:\Windows\System\ejwUhwj.exe
  2⤵
  PID:8412
- C:\Windows\System\soYWRyA.exe
  C:\Windows\System\soYWRyA.exe
  2⤵
  PID:8732
- C:\Windows\System\pUpnYLo.exe
  C:\Windows\System\pUpnYLo.exe
  2⤵
  PID:8804
- C:\Windows\System\fpOAeap.exe
  C:\Windows\System\fpOAeap.exe
  2⤵
  PID:8656
- C:\Windows\System\hLHDAgl.exe
  C:\Windows\System\hLHDAgl.exe
  2⤵
  PID:8900
- C:\Windows\System\yAcUDeG.exe
  C:\Windows\System\yAcUDeG.exe
  2⤵
  PID:8924
- C:\Windows\System\ypNtWTA.exe
  C:\Windows\System\ypNtWTA.exe
  2⤵
  PID:9004
- C:\Windows\System\SRSKnND.exe
  C:\Windows\System\SRSKnND.exe
  2⤵
  PID:9156
- C:\Windows\System\LAZVgKd.exe
  C:\Windows\System\LAZVgKd.exe
  2⤵
  PID:8972
- C:\Windows\System\ihwjACc.exe
  C:\Windows\System\ihwjACc.exe
  2⤵
  PID:9092
- C:\Windows\System\klFjqSd.exe
  C:\Windows\System\klFjqSd.exe
  2⤵
  PID:9072
- C:\Windows\System\LadMkbG.exe
  C:\Windows\System\LadMkbG.exe
  2⤵
  PID:9172
- C:\Windows\System\twlxsxz.exe
  C:\Windows\System\twlxsxz.exe
  2⤵
  PID:8204
- C:\Windows\System\ghjRLVZ.exe
  C:\Windows\System\ghjRLVZ.exe
  2⤵
  PID:8312
- C:\Windows\System\bASDGJN.exe
  C:\Windows\System\bASDGJN.exe
  2⤵
  PID:8224
- C:\Windows\System\oYTdRmj.exe
  C:\Windows\System\oYTdRmj.exe
  2⤵
  PID:7496
- C:\Windows\System\swjnxTm.exe
  C:\Windows\System\swjnxTm.exe
  2⤵
  PID:8468
- C:\Windows\System\pHOaWLt.exe
  C:\Windows\System\pHOaWLt.exe
  2⤵
  PID:8660
- C:\Windows\System\uNjhenO.exe
  C:\Windows\System\uNjhenO.exe
  2⤵
  PID:9140
- C:\Windows\System\mBXobpj.exe
  C:\Windows\System\mBXobpj.exe
  2⤵
  PID:8956
- C:\Windows\System\LNusrJS.exe
  C:\Windows\System\LNusrJS.exe
  2⤵
  PID:9060
- C:\Windows\System\YQJBroq.exe
  C:\Windows\System\YQJBroq.exe
  2⤵
  PID:8432
- C:\Windows\System\PVwWBKK.exe
  C:\Windows\System\PVwWBKK.exe
  2⤵
  PID:8952
- C:\Windows\System\QgiXKoE.exe
  C:\Windows\System\QgiXKoE.exe
  2⤵
  PID:8644
- C:\Windows\System\NpHVSDO.exe
  C:\Windows\System\NpHVSDO.exe
  2⤵
  PID:8852
- C:\Windows\System\pgmLhwf.exe
  C:\Windows\System\pgmLhwf.exe
  2⤵
  PID:8872
- C:\Windows\System\chPzons.exe
  C:\Windows\System\chPzons.exe
  2⤵
  PID:8244
- C:\Windows\System\qjwWCWo.exe
  C:\Windows\System\qjwWCWo.exe
  2⤵
  PID:8464
- C:\Windows\System\CYmyqHj.exe
  C:\Windows\System\CYmyqHj.exe
  2⤵
  PID:8316
- C:\Windows\System\WsWVNdj.exe
  C:\Windows\System\WsWVNdj.exe
  2⤵
  PID:8328
- C:\Windows\System\sRknixS.exe
  C:\Windows\System\sRknixS.exe
  2⤵
  PID:9144
- C:\Windows\System\UpgmrjQ.exe
  C:\Windows\System\UpgmrjQ.exe
  2⤵
  PID:8688
- C:\Windows\System\hrsnvQJ.exe
  C:\Windows\System\hrsnvQJ.exe
  2⤵
  PID:8552
- C:\Windows\System\ipidCRD.exe
  C:\Windows\System\ipidCRD.exe
  2⤵
  PID:7828
- C:\Windows\System\FseVuxd.exe
  C:\Windows\System\FseVuxd.exe
  2⤵
  PID:8816
- C:\Windows\System\UAvkjhp.exe
  C:\Windows\System\UAvkjhp.exe
  2⤵
  PID:996
- C:\Windows\System\xghnsoh.exe
  C:\Windows\System\xghnsoh.exe
  2⤵
  PID:9220
- C:\Windows\System\qqjYmkJ.exe
  C:\Windows\System\qqjYmkJ.exe
  2⤵
  PID:9244
- C:\Windows\System\AKCvnky.exe
  C:\Windows\System\AKCvnky.exe
  2⤵
  PID:9260
- C:\Windows\System\dwtEUwC.exe
  C:\Windows\System\dwtEUwC.exe
  2⤵
  PID:9280
- C:\Windows\System\yrztvCf.exe
  C:\Windows\System\yrztvCf.exe
  2⤵
  PID:9296
- C:\Windows\System\QCyXIoR.exe
  C:\Windows\System\QCyXIoR.exe
  2⤵
  PID:9312
- C:\Windows\System\clqwavM.exe
  C:\Windows\System\clqwavM.exe
  2⤵
  PID:9328
- C:\Windows\System\tgllfxu.exe
  C:\Windows\System\tgllfxu.exe
  2⤵
  PID:9344
- C:\Windows\System\RixoBxf.exe
  C:\Windows\System\RixoBxf.exe
  2⤵
  PID:9364
- C:\Windows\System\LNxqKky.exe
  C:\Windows\System\LNxqKky.exe
  2⤵
  PID:9384
- C:\Windows\System\SarToYj.exe
  C:\Windows\System\SarToYj.exe
  2⤵
  PID:9408
- C:\Windows\System\fvVLMql.exe
  C:\Windows\System\fvVLMql.exe
  2⤵
  PID:9424
- C:\Windows\System\ySPiRQW.exe
  C:\Windows\System\ySPiRQW.exe
  2⤵
  PID:9440
- C:\Windows\System\fkrGfdO.exe
  C:\Windows\System\fkrGfdO.exe
  2⤵
  PID:9456
- C:\Windows\System\lWsgGep.exe
  C:\Windows\System\lWsgGep.exe
  2⤵
  PID:9488
- C:\Windows\System\KVruOdv.exe
  C:\Windows\System\KVruOdv.exe
  2⤵
  PID:9508
- C:\Windows\System\kdAPJjd.exe
  C:\Windows\System\kdAPJjd.exe
  2⤵
  PID:9528
- C:\Windows\System\FNCsKRY.exe
  C:\Windows\System\FNCsKRY.exe
  2⤵
  PID:9544
- C:\Windows\System\bUTsoxH.exe
  C:\Windows\System\bUTsoxH.exe
  2⤵
  PID:9568
- C:\Windows\System\wWuzzak.exe
  C:\Windows\System\wWuzzak.exe
  2⤵
  PID:9592
- C:\Windows\System\MgpJuDP.exe
  C:\Windows\System\MgpJuDP.exe
  2⤵
  PID:9608
- C:\Windows\System\BtNwoew.exe
  C:\Windows\System\BtNwoew.exe
  2⤵
  PID:9624
- C:\Windows\System\ieMeejJ.exe
  C:\Windows\System\ieMeejJ.exe
  2⤵
  PID:9644
- C:\Windows\System\XtvjAeE.exe
  C:\Windows\System\XtvjAeE.exe
  2⤵
  PID:9664
- C:\Windows\System\epCbzHR.exe
  C:\Windows\System\epCbzHR.exe
  2⤵
  PID:9680
- C:\Windows\System\cJuvoIE.exe
  C:\Windows\System\cJuvoIE.exe
  2⤵
  PID:9696
- C:\Windows\System\Iqxrgaz.exe
  C:\Windows\System\Iqxrgaz.exe
  2⤵
  PID:9712
- C:\Windows\System\ePaPxKl.exe
  C:\Windows\System\ePaPxKl.exe
  2⤵
  PID:9728
- C:\Windows\System\wdTqxkR.exe
  C:\Windows\System\wdTqxkR.exe
  2⤵
  PID:9744
- C:\Windows\System\DlZQNCt.exe
  C:\Windows\System\DlZQNCt.exe
  2⤵
  PID:9760
- C:\Windows\System\fzQayST.exe
  C:\Windows\System\fzQayST.exe
  2⤵
  PID:9776
- C:\Windows\System\TVNUGJL.exe
  C:\Windows\System\TVNUGJL.exe
  2⤵
  PID:9804
- C:\Windows\System\KytdefC.exe
  C:\Windows\System\KytdefC.exe
  2⤵
  PID:9820
- C:\Windows\System\SZRQBDu.exe
  C:\Windows\System\SZRQBDu.exe
  2⤵
  PID:9836
- C:\Windows\System\QYnmRaQ.exe
  C:\Windows\System\QYnmRaQ.exe
  2⤵
  PID:9852
- C:\Windows\System\earbzkS.exe
  C:\Windows\System\earbzkS.exe
  2⤵
  PID:9868
- C:\Windows\System\bSCouNn.exe
  C:\Windows\System\bSCouNn.exe
  2⤵
  PID:9884
- C:\Windows\System\gBZjbDn.exe
  C:\Windows\System\gBZjbDn.exe
  2⤵
  PID:9900
- C:\Windows\System\GjkfEgx.exe
  C:\Windows\System\GjkfEgx.exe
  2⤵
  PID:9916
- C:\Windows\System\HCjjddU.exe
  C:\Windows\System\HCjjddU.exe
  2⤵
  PID:9932
- C:\Windows\System\NqvpRvf.exe
  C:\Windows\System\NqvpRvf.exe
  2⤵
  PID:9948
- C:\Windows\System\sjqekWl.exe
  C:\Windows\System\sjqekWl.exe
  2⤵
  PID:9968
- C:\Windows\System\TDpMgbz.exe
  C:\Windows\System\TDpMgbz.exe
  2⤵
  PID:9984
- C:\Windows\System\JjNQqqy.exe
  C:\Windows\System\JjNQqqy.exe
  2⤵
  PID:10000
- C:\Windows\System\hvkkADL.exe
  C:\Windows\System\hvkkADL.exe
  2⤵
  PID:10016
- C:\Windows\System\OrsZZEg.exe
  C:\Windows\System\OrsZZEg.exe
  2⤵
  PID:10036
- C:\Windows\System\fgMrfJK.exe
  C:\Windows\System\fgMrfJK.exe
  2⤵
  PID:10052
- C:\Windows\System\dpNmurz.exe
  C:\Windows\System\dpNmurz.exe
  2⤵
  PID:10068
- C:\Windows\System\DHLLpFS.exe
  C:\Windows\System\DHLLpFS.exe
  2⤵
  PID:10084
- C:\Windows\System\MijcgwL.exe
  C:\Windows\System\MijcgwL.exe
  2⤵
  PID:10100
- C:\Windows\System\yWkAmyf.exe
  C:\Windows\System\yWkAmyf.exe
  2⤵
  PID:10116
- C:\Windows\System\vahvBLK.exe
  C:\Windows\System\vahvBLK.exe
  2⤵
  PID:10132
- C:\Windows\System\eHMOWUp.exe
  C:\Windows\System\eHMOWUp.exe
  2⤵
  PID:10148
- C:\Windows\System\BufuCKE.exe
  C:\Windows\System\BufuCKE.exe
  2⤵
  PID:10164
- C:\Windows\System\RGwfClX.exe
  C:\Windows\System\RGwfClX.exe
  2⤵
  PID:10180
- C:\Windows\System\KzNrTbd.exe
  C:\Windows\System\KzNrTbd.exe
  2⤵
  PID:10212
- C:\Windows\System\LsqTNGE.exe
  C:\Windows\System\LsqTNGE.exe
  2⤵
  PID:10228
- C:\Windows\System\HyOhYkI.exe
  C:\Windows\System\HyOhYkI.exe
  2⤵
  PID:9192
- C:\Windows\System\QfFJPar.exe
  C:\Windows\System\QfFJPar.exe
  2⤵
  PID:7988
- C:\Windows\System\ppIZcbp.exe
  C:\Windows\System\ppIZcbp.exe
  2⤵
  PID:9252
- C:\Windows\System\CBdhDpt.exe
  C:\Windows\System\CBdhDpt.exe
  2⤵
  PID:7512
- C:\Windows\System\bdSZQBt.exe
  C:\Windows\System\bdSZQBt.exe
  2⤵
  PID:9288
- C:\Windows\System\KWXUAUK.exe
  C:\Windows\System\KWXUAUK.exe
  2⤵
  PID:9400
- C:\Windows\System\jRpFcWr.exe
  C:\Windows\System\jRpFcWr.exe
  2⤵
  PID:9432
- C:\Windows\System\KUxtbVu.exe
  C:\Windows\System\KUxtbVu.exe
  2⤵
  PID:9476
- C:\Windows\System\KHGksFe.exe
  C:\Windows\System\KHGksFe.exe
  2⤵
  PID:9552
- C:\Windows\System\Enhkgsj.exe
  C:\Windows\System\Enhkgsj.exe
  2⤵
  PID:2024
- C:\Windows\System\ddDAIAc.exe
  C:\Windows\System\ddDAIAc.exe
  2⤵
  PID:9636
- C:\Windows\System\uqjSPDh.exe
  C:\Windows\System\uqjSPDh.exe
  2⤵
  PID:9792
- C:\Windows\System\ifarMgI.exe
  C:\Windows\System\ifarMgI.exe
  2⤵
  PID:9740
- C:\Windows\System\eaMWSch.exe
  C:\Windows\System\eaMWSch.exe
  2⤵
  PID:9860
- C:\Windows\System\vennKvO.exe
  C:\Windows\System\vennKvO.exe
  2⤵
  PID:10188
- C:\Windows\System\LnAIRzV.exe
  C:\Windows\System\LnAIRzV.exe
  2⤵
  PID:10224
- C:\Windows\System\XZkeBPC.exe
  C:\Windows\System\XZkeBPC.exe
  2⤵
  PID:8992
- C:\Windows\System\DpQAvsh.exe
  C:\Windows\System\DpQAvsh.exe
  2⤵
  PID:9276
- C:\Windows\System\KgiULAs.exe
  C:\Windows\System\KgiULAs.exe
  2⤵
  PID:9340
- C:\Windows\System\NQqXwYF.exe
  C:\Windows\System\NQqXwYF.exe
  2⤵
  PID:9356
- C:\Windows\System\SLFrUqq.exe
  C:\Windows\System\SLFrUqq.exe
  2⤵
  PID:9472
- C:\Windows\System\wgyanAX.exe
  C:\Windows\System\wgyanAX.exe
  2⤵
  PID:9516
- C:\Windows\System\IFvVWwD.exe
  C:\Windows\System\IFvVWwD.exe
  2⤵
  PID:9504
- C:\Windows\System\QLLbDdI.exe
  C:\Windows\System\QLLbDdI.exe
  2⤵
  PID:9604
- C:\Windows\System\rPCWLac.exe
  C:\Windows\System\rPCWLac.exe
  2⤵
  PID:9536
- C:\Windows\System\tPXpwVC.exe
  C:\Windows\System\tPXpwVC.exe
  2⤵
  PID:9616
- C:\Windows\System\ZIWeeRU.exe
  C:\Windows\System\ZIWeeRU.exe
  2⤵
  PID:9704
- C:\Windows\System\VIWwbrn.exe
  C:\Windows\System\VIWwbrn.exe
  2⤵
  PID:9756
- C:\Windows\System\grpkxtj.exe
  C:\Windows\System\grpkxtj.exe
  2⤵
  PID:9828
- C:\Windows\System\MMtByQZ.exe
  C:\Windows\System\MMtByQZ.exe
  2⤵
  PID:9236
- C:\Windows\System\RroTEzn.exe
  C:\Windows\System\RroTEzn.exe
  2⤵
  PID:9848
- C:\Windows\System\pFGrZpQ.exe
  C:\Windows\System\pFGrZpQ.exe
  2⤵
  PID:9976
- C:\Windows\System\elBQpCR.exe
  C:\Windows\System\elBQpCR.exe
  2⤵
  PID:10172
- C:\Windows\System\AYppjUz.exe
  C:\Windows\System\AYppjUz.exe
  2⤵
  PID:9944
- C:\Windows\System\gBWMcNj.exe
  C:\Windows\System\gBWMcNj.exe
  2⤵
  PID:9964
- C:\Windows\System\gHtsdBU.exe
  C:\Windows\System\gHtsdBU.exe
  2⤵
  PID:10048
- C:\Windows\System\KcaMHRc.exe
  C:\Windows\System\KcaMHRc.exe
  2⤵
  PID:10160
- C:\Windows\System\vculrZO.exe
  C:\Windows\System\vculrZO.exe
  2⤵
  PID:10108
- C:\Windows\System\unizAIQ.exe
  C:\Windows\System\unizAIQ.exe
  2⤵
  PID:10176
- C:\Windows\System\WOQQdhO.exe
  C:\Windows\System\WOQQdhO.exe
  2⤵
  PID:9992
- C:\Windows\System\NKtwTxi.exe
  C:\Windows\System\NKtwTxi.exe
  2⤵
  PID:9268
- C:\Windows\System\dwGlhpy.exe
  C:\Windows\System\dwGlhpy.exe
  2⤵
  PID:8628
- C:\Windows\System\pLPQftn.exe
  C:\Windows\System\pLPQftn.exe
  2⤵
  PID:9352
- C:\Windows\System\ATtjLRB.exe
  C:\Windows\System\ATtjLRB.exe
  2⤵
  PID:9448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AbcoPRr.exe

Filesize
6.0MB

MD5
20d48e227d35f3125d9234503ce12a36

SHA1
139d0cb8903d8b6022d86c66e7f065d9d14c4c88

SHA256
a1322fed99ef4447fe54bbb558220cefd4d5e72a7a0dbfcf98aab83b361f94c7

SHA512
a7e0ddf0020c2532c80817a51a89080593b884528e42ddf0ed182bd66c9874a3579bed9485502bf9fff36533b21c80b5771cb35a5b4886b3a351afdca00ca528

Download Submit
C:\Windows\system\CdDWcaM.exe

Filesize
6.0MB

MD5
865d06b1b7206c1acf32fd204ab6c3e9

SHA1
89e7488078f1a7afe7a56dedc6f24c59cd60429a

SHA256
b41b74931ee586dc0048cfc8ad872a1b9424e2fc0945c5f173991f3e5c02bd9b

SHA512
0766fbd4c55ad3d9452c3551210b1fcec0adf54566d4f231a908ac8eddf12a60a7fb587261e6e2f9634e12abccb5d4802054ac60d63a26931cce36b4b743e959

Download Submit
C:\Windows\system\DvhMRZh.exe

Filesize
6.0MB

MD5
2d3988b1bac6a9d47a40eb2a055091ba

SHA1
a25624869632d050ae4292e7864d8504b86fd2b7

SHA256
604d31cb7d4b89de6e084339e76a95dcbfe53fee705b00dae9ebe5287e6e4abe

SHA512
959c9edb3f5cf007f38105a5c9249b5a08241b2d46c5832108ae2040ba501467f8c7c7ddfc7cd7b23cdc2f53a1cb583760abd020bd2203e1298ddb740b6214d4

Download Submit
C:\Windows\system\HZQVTMp.exe

Filesize
6.0MB

MD5
8d8b9613995e7268ed9ee4344055b221

SHA1
3477362bd9a0df4fe01b435f05a7c68cc1e12ca3

SHA256
0607bbe2a704b6c4697d5c952d32a3e0088b9d18131f7c8cddf557bc88936e33

SHA512
b7eefc7e8158ef238606c9f28f01c52456a45b30f0349a0fb4624e47ce20e3ac1bdce2258bf6e7a14cc473f9ccd771575ca738c68dacf162d469a97da15a934c

Download Submit
C:\Windows\system\MEySOqY.exe

Filesize
6.0MB

MD5
623ee9fd554360d458d46f9ed60fc6c2

SHA1
b01a078204d7fd9dd9176734e0ca066c42a2c4d9

SHA256
2360ed6b2ced03c9d2275bea66cf7a825fb2936cd6935f24f4247e6f3e9e6643

SHA512
59c6590402d01bdfeff6e9c2ac0efd58a9e1f30b270aff558a5a22aae8175897144f574086e839178946dbbb752a6cde11a6aa16d12e390e231b8d4eed3b9e57

Download Submit
C:\Windows\system\PJNGOGY.exe

Filesize
6.0MB

MD5
54495a5b9639361fc3e6b7236051473a

SHA1
c483f022ae530a60d03e28ade7f2a42915eae08a

SHA256
696c379cb0bd0837c5be64bedc4ba35763da184933964edae2d43486c9bfaee8

SHA512
d9ceae4658db2c44288a446b9c2b0521f95d69cd9d00c5b1184c40c6ff8c7388b4f72189f19bf5d5f830652e06962dbdb51ae771a9150a7d51e339df96ab1fbf

Download Submit
C:\Windows\system\SKtIeLT.exe

Filesize
6.0MB

MD5
9f1312b60380ee73d1e5cf694853a7cb

SHA1
9412daf81ad6ff3cb08dfc40bb7c84ade40eac28

SHA256
4eb526683604ec725569a435de8ea85bb02685a62b1e208fb8b0b3f3c22dae72

SHA512
788e61e296fedf090ca880e1c0c9ba3ecd8f800ae8a3e3a8b7924db609f66212080057c908da5d0ce2cc1065b0f657a3b6c9c307629efe492f3c9cca9e3c2801

Download Submit
C:\Windows\system\YHtLQxm.exe

Filesize
6.0MB

MD5
2e203fc562bce9a6ce265f50a0edefab

SHA1
37cfa3c48a90a848ea33bb67559fecbb064e7563

SHA256
16a69a85ddfc63454e88b51aedfa15429b4027da3210f79b211b409b4cb698ed

SHA512
22ce917277fa57aad5d603fed94d57f891e3c5b80384475b0c5dad3710dcab5cb5d8149423acb29a6e6c95f1a54e1a402fd5bc404982e2fc1ed294378e8cf42e

Download Submit
C:\Windows\system\ZqmBxIz.exe

Filesize
6.0MB

MD5
397a47210ea7c0e918b69765860a3d19

SHA1
0a860015c25a14591b88b4c0fa20f6439c956de1

SHA256
87fefffd1a41888975825595fe763ffc2825837e2c2f1de4bce2e68be0f5adc9

SHA512
5184c1245aef98c709ffe5ba19322619c5d2b711b37b93099c7d7b521ee152acdccef6e6ac151f0b8a41e8982a5ddfc1bfb912968663cbb165b413b3a720bc24

Download Submit
C:\Windows\system\cVhocaH.exe

Filesize
6.0MB

MD5
d1bd36f92cff87082ab64e235c66390f

SHA1
5294c6733eabeafec3ce40f481d1bfd9dfdf7385

SHA256
57bc439356950c166abcd48fcf004302c0357f7a1edcef598d85155c44585ba4

SHA512
71e2e902f1045c2375b5f8f2aa0b68431a790738c993b731ffd565868c8a5cdf3ea3c8192f6333a9c1ba1c0e26c19dbd9421e988e5855fb80b9bc1626a0292de

Download Submit
C:\Windows\system\ckBGEut.exe

Filesize
6.0MB

MD5
94277d30c089ab132c42c59f13128151

SHA1
683909dcfec9bc1433e78e6ae98ef3cb6133395c

SHA256
197f0739f0e43105f0e9ca78fa8709f6d2cbfe42f133923c1c27b6785671aaa0

SHA512
2b1a31384845847d0945154261921017061f93dc7d198a07739da81d8fd8e1aaad680ec6c29ea3e438a22eb7f8ed07a2035a965ead72b7020ba7dc785565671a

Download Submit
C:\Windows\system\csTIyXY.exe

Filesize
6.0MB

MD5
662dd1a5dc4e4d800612c4c6af80cad0

SHA1
abffb2c1af10b18dcf3a925a774e9705cf97fc8f

SHA256
588e9ef836471b0e65b3399caf1380a575d1892426ae5aa8d13c2a7cc8acfbd0

SHA512
400f7d3090253f001b2cf283d4896c38aba677fc25e8d803d225107d4d8b63027d311f0de99c2f5773d513fbe4eed92d4ca766f9ec6ad73c19c9f079f098b248

Download Submit
C:\Windows\system\gIzohtI.exe

Filesize
6.0MB

MD5
58c087365c3293c6b386fa79d884f201

SHA1
f463c67d26783dd406851472ff17e7f83419b112

SHA256
000f6be7360bc2817502452009f5ca9f42e0cd18218fa00ac4d84865a78a7b9e

SHA512
c4a890b1f6e6c6facebb422cbc2b194834917761db41553909039a189bd1aa7a77204c8cb4da4e9511b355373a06a5dbc77364210a006318913d23ae877e526d

Download Submit
C:\Windows\system\gVEZFXM.exe

Filesize
6.0MB

MD5
646508f52f46716d8ec527490ab4a536

SHA1
b13f7777de3ada70347a924366f90f9c313d717b

SHA256
754fb6ac43005f9b4ba40db0707086286d6a2cd0394f3d29438f46eff976ad36

SHA512
a385b29ba5b9e6465c775abe8a1eae0f77889b1ab7ea44156378c69bd196ba6d32b746e9b6de32a67a8bdd1ac60aa6f87ae55a51675eea72ac0f7b7c3fa666f9

Download Submit
C:\Windows\system\jcXelnn.exe

Filesize
6.0MB

MD5
39b2b94697a1c572134275d4c780894c

SHA1
64a7f6ded07f99880588c470166b37f01237cb28

SHA256
de954b624f9186985e86b52f9641288cdf3776f3fa11aa54c53365ac15913210

SHA512
1bdf974486c191def149d051d6f98bd4a715d6f4a39f11ed7bdcbb06b79cb7fb6718c1ef8392e44615502a816917a8cfc0b4a3accf4dc2690119eeabe6e54468

Download Submit
C:\Windows\system\jkkVmYB.exe

Filesize
6.0MB

MD5
ca6ba1cf8c7eb430179b4ea115bf0b8b

SHA1
658578d213e02521b15b0698f40f6ce9d3d8929c

SHA256
f38781fbc1763a54d2e9d945f70af784cc7f5fafe7fb8a33475735471e0b8bba

SHA512
e7f867d55e368880803254f479d248ec91fc0c5a01d4511e28924239ba69113964fd80e360fd176ef2f32401e0a58ea6bba35303c6109a46cccddc492a97dc3f

Download Submit
C:\Windows\system\lZrdwlh.exe

Filesize
6.0MB

MD5
65a6ce58aadfdf2f0b2f88f477f106d2

SHA1
a48c1dd41f63ff7bca4c1e39e6e297d615c7b633

SHA256
649c24c85b89ab11321c742277b5c307bc4573cd35791c5add264690c18f5301

SHA512
7ab04a701af627cda47ac54b3bc854eefc423f044e00ae2809346e9b522d486e36cff1b287751895d6a31b65ed9c5f0b04b58e3f54c6dc5c495b295776126bb7

Download Submit
C:\Windows\system\nMVxaAM.exe

Filesize
6.0MB

MD5
f29bd8dbbfc8143e58967838f73c152f

SHA1
fad2c536daa9e611bd381b63b47502c155fb88c1

SHA256
863109edb01aca7638ce752ff0286d4dfdac115dcda43faf86ca23f01bb9265e

SHA512
9a7d1dd3f2b6fdba67645b2f0ecab8012b0ad3dca4c87d2a3f81f199ee54ce4f900c3a1ddfe98588e57102522a58d1de61dee31976f2040a44bb559aad1bd875

Download Submit
C:\Windows\system\oJaRaQs.exe

Filesize
6.0MB

MD5
b45018b3744b7f6f5fb9ca28a096aad9

SHA1
e66e15c05388bf323e20287f122100ccbb66ad1c

SHA256
7d9bdc98aa6a6453fc62891a3b77257980bbe9690f068c93f6c8ab5330e9b05c

SHA512
cdcac8c9484c265b3c98579809c531c73dbb661a3a4daff8eb2a5d3e74df2338fcf4f444ce5e8b1148e5ae49e2d2035584b27f192a624913be9c20c0e50a9120

Download Submit
C:\Windows\system\wVRYkOJ.exe

Filesize
6.0MB

MD5
5e63bb77216731a6020622425cf7b78b

SHA1
7791f0c81d7abbe8133e513d4d2db653a2647bc4

SHA256
37e8f024dd35dde4c9836bb76fa0b4e1b7cefc9b8b45463eca595d54cb72f358

SHA512
a1b5000a7d893d7862c5554be7aa65ec8b8a7eafa5bef02a6d476811a7ce865d245db5eb1ed89feb05c8a2c5ce490bed0fc6c920c7b358f2e2cdaea56d1f1f89

Download Submit
C:\Windows\system\zAqgblz.exe

Filesize
6.0MB

MD5
d6fbcffca8ea906943fc220a9e657ce3

SHA1
0c796b13a028f68f2874b4161e47c762b61e6ede

SHA256
9fef6b4d0db970bee2048a9709852482c9d8ec0e06e295ba6d1d31ff8ef65238

SHA512
45aaf0854b27ec3c052cfc7aef91044a83bc3bb588e690fe2b8e7439883e059175a706765fb4a7c047dd9d1ac708191fab26cfea57ca43b838433761ff6f0dea

Download Submit
C:\Windows\system\zEGyUcp.exe

Filesize
6.0MB

MD5
3ec25f10247b4ba238087e542ea38d9a

SHA1
19ed9fe91c5a153aea260397d2a05c83add4e802

SHA256
3a4c298b172495302fdc48443a1ccccafab1273c7e019bfac1d8e36d46a46e12

SHA512
9c73d73987fc9c048963d8e47f1d654fc6caed015284cb9f06df5af94f9e7ce17de351b5b7993ad3db99e8064562c2e504cf572ad48a846b3d48a651230fe361

Download Submit
\Windows\system\CQClKxf.exe

Filesize
6.0MB

MD5
99a78f169ba4e47ef6f73825e61ad25f

SHA1
836418338bbe5cb7ecf729e987c14a687a06078f

SHA256
348b7c2fe69619e40a6516a8e21e16977cba9bd45de27e5b5d47a6e692437d94

SHA512
5ba534b37e9eb0794b5d5abc9e0e219f9a0c3fd0f5ec737ffddab139120da092ea3073b2cd5252118c526e35b3e8493f50ecac348ce6c9f67b335bac295b0bf3

Download Submit
\Windows\system\JeYTTIc.exe

Filesize
6.0MB

MD5
e4880cfe1d5dfce11cbc078ae68fec54

SHA1
b4ccfc9ae4770e5e96f92b8e7bfe44226fe306db

SHA256
5e8f7e91549a7b8a77eb56f77d7a022aa4816391e2ff52e4e45078432d603567

SHA512
23431608cff2ecc99ee62b0a4e160b0660ef0a11b3181ac0f036f13abb22dafe834644b6fe70adadc61d4a0d71c9b5f4ea9eafcea1deba3cc04e2fe662e89f3d

Download Submit
\Windows\system\PsEOzYa.exe

Filesize
6.0MB

MD5
816b912bf425ca80bb6ed442f7b640b8

SHA1
9f2c591b5cc045a2bcb65ac4363437e8977a9f5a

SHA256
e323d814e7672ba240d1aa79df9916b7203e7f1649de0f6311bb8fa9a509c068

SHA512
8618d5c3929bab65b210b000bfcad8e8bd705c7f1a54721550e0fa075caf6bcc93ad531332859e58c196f42a8dfd11a37e1e8e0df007294a3659cc3cdd87e755

Download Submit
\Windows\system\PxSLljD.exe

Filesize
6.0MB

MD5
162ec4cb1512ec48e70ca764debc5344

SHA1
8375de972b4a3355f8eade12f83d3dbcbce7e6a4

SHA256
c70bc646ba7107698524e7d7016bd0c7f71b57178d2d5beb507a3595ddca3518

SHA512
3ad8f332d452655ea87a009738e559c02532d57b1c77308a1e51c9cf3fec2a65a1cbd358e3451c444cc681b839934deda61a7ff509203cffa06b4ba3564eda33

Download Submit
\Windows\system\UdbQTDQ.exe

Filesize
6.0MB

MD5
dd3f497104bbcfce3c2c34bb3b0be480

SHA1
9e239148acd42116beab2e9700e170c6a55c2081

SHA256
c88ca6225511804120c433adc564dc9c4136d44eaac96d562deafa6022f0f57f

SHA512
dad2e07b5a97def22d8e770af4cd862a537d1353a212fc2e8ffc7a1b3966e3348ae3e6f62b4f526fa8ecd27d4e3f77096a00a2d9cf3d64c9ad45d9f5cfb3d311

Download Submit
\Windows\system\YsxMncj.exe

Filesize
6.0MB

MD5
1acfcea0e0d22df7325bbd4e2465caf1

SHA1
f6f770a07b86838d7587a07ce3e7174b29fbab8c

SHA256
06ab4413af5cc98fe7cc1e52f4a5e6efaa7fedb210ce19b14ea5aa113e2ab580

SHA512
106cad8ef83bb513a333e8e48b8f87aaf3d2aa0d83f805466dabdf9d824298929773f882ba0c3f29fdeacbfa3a0c136beb6fb8fd9d3f353146294c7be09894bb

Download Submit
\Windows\system\aQKlcRp.exe

Filesize
6.0MB

MD5
46789db60c2ad594424b8cc1088c91de

SHA1
3e75cbcb11eda2c83ebbac0dac90bf7219c4ac74

SHA256
741e4622d458a02eb5089ad6ba64d38e8f8ae50597e166d8dc6018ee5ead9dbf

SHA512
9991258975121d249d15ef702c00e5cf1bf3dd15090758fd703e9aee924f5d006695e462366c4d795f1c4597b9b509d8b7679bb8f9b2c37a841124a0b9368b2b

Download Submit
\Windows\system\fkkDdee.exe

Filesize
6.0MB

MD5
9e368fcf678cfa5751cc2bd90c621d64

SHA1
d68a7e8b53b819a0e950f29e7f0d4acbb8fb2b94

SHA256
56092571698e088899794db9db429824f882e1921dea3106a590014295822fe3

SHA512
9be1d3877a5f83ef514d7ab11ffb4f6a95540d70f894252b3555dc7662a3edef8f69f9ff82ba38113f4da9d107a6377bd0fed7602db2d98bc5e1d40dacc4cbae

Download Submit
\Windows\system\nNoOTTP.exe

Filesize
6.0MB

MD5
b6442aafcd1d71e3912e6192c62666be

SHA1
dab8bb98605ff570e70229d0423460b394be91a9

SHA256
56e3ce5c68087e8985fbfbc70c8eb337bdca797e8d631e48b139035c14ea6c29

SHA512
09cfeeac88061d2c3721f93d1301ca5f78f6fa49cdeef96da1126c41c0ade5de4f021dea0fc041bcc161cac975570350e58b2df6236e2e5dc116742e6ad334d9

Download Submit
\Windows\system\qNhLyJJ.exe

Filesize
6.0MB

MD5
82911892339f379d55f5c44406376ed9

SHA1
6fdcda504e4c05b9cebf704e108ea069ac27b700

SHA256
d6bec251ff6f59e82bb9bf160c0d8549db42c96dcb53be7cca759dd63d0a24c5

SHA512
7c52c23a0f902600e6286332f63497cc0edff41e6bc748ca805a5845dd5992d80eb9e3d344a330a1c08b4e8cf77aac4946a832334a879fa4e4ac849c14b8881e

Download Submit
\Windows\system\skUvHkh.exe

Filesize
6.0MB

MD5
dceb5ddadf5da099efe8a9d80ad5d62f

SHA1
4a7555c76d0bf296ce0e8d093f8eb1161fa4904b

SHA256
fc517d9fd1e91ac7fea57bfd5683716b29f9d81e0e2f95c59c6ea9afb9af260f

SHA512
ec9250eb883b17264c5f0bd79dc45e14125ffd7cca70fa834d322d059c40665a6a63f2067b3b4fee5431c521fd4a239594c1efa164baef4b5dae7c670589b7c0

Download Submit
memory/1924-3574-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1924-24-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1980-3618-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/1980-84-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2056-3610-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2056-25-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2112-28-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-3589-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-144-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2344-833-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-137-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-145-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-0-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2344-120-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2344-149-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-141-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-15-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-65-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-457-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2344-90-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-77-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2344-86-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2344-748-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-34-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-1783-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-27-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-26-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2540-3619-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3599-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-94-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-59-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3573-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-835-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-35-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3639-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-83-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2992-3630-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/3000-50-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-834-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-3622-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-107-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/3064-3600-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download