cobaltstrike | 97eaddc88dacf0a4d012f51319fd288e650a11813e943e3841ce254b92dc620d

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/12/2024, 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a6fdf86d0b5ee47f496459f642af4278
SHA1

f8afe552a4ea840260460a852eb1e8bd2d76d491
SHA256

97eaddc88dacf0a4d012f51319fd288e650a11813e943e3841ce254b92dc620d
SHA512

d96567e3a59b830bd295f49a7d28c4ca94f4a44332df64fdcd1786c3eaf6189810ded79eb7dc010ce0fd229d43d281a7dd75902e55e42941f743c848f1c71dec
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUI:T+q56utgpPF8u/7I

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001225f-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017520-8.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018634-15.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018636-21.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018741-26.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001907c-30.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019080-35.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cd5-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d69-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2b9-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2fc-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e4-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e6-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a454-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a452-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a447-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a445-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a423-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ed-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ea-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e8-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a05a-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a033-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a020-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f71-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f57-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d5c-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c0b-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-46.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-40.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 43 IoCs

miner

resource	yara_rule
behavioral1/memory/1728-0-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x000a00000001225f-6.dat	xmrig
behavioral1/files/0x0008000000017520-8.dat	xmrig
behavioral1/files/0x0006000000018634-15.dat	xmrig
behavioral1/files/0x0006000000018636-21.dat	xmrig
behavioral1/files/0x0006000000018741-26.dat	xmrig
behavioral1/files/0x000900000001907c-30.dat	xmrig
behavioral1/files/0x0008000000019080-35.dat	xmrig
behavioral1/files/0x0005000000019cd5-60.dat	xmrig
behavioral1/files/0x0005000000019cfc-65.dat	xmrig
behavioral1/files/0x0005000000019d69-75.dat	xmrig
behavioral1/files/0x000500000001a2b9-105.dat	xmrig
behavioral1/files/0x000500000001a2fc-110.dat	xmrig
behavioral1/files/0x000500000001a3e4-116.dat	xmrig
behavioral1/files/0x000500000001a3e6-120.dat	xmrig
behavioral1/files/0x000500000001a454-160.dat	xmrig
behavioral1/files/0x000500000001a452-155.dat	xmrig
behavioral1/files/0x000500000001a447-150.dat	xmrig
behavioral1/files/0x000500000001a445-146.dat	xmrig
behavioral1/files/0x000500000001a423-140.dat	xmrig
behavioral1/files/0x000500000001a3ed-135.dat	xmrig
behavioral1/files/0x000500000001a3ea-130.dat	xmrig
behavioral1/files/0x000500000001a3e8-126.dat	xmrig
behavioral1/files/0x000500000001a05a-100.dat	xmrig
behavioral1/files/0x000500000001a033-95.dat	xmrig
behavioral1/files/0x000500000001a020-90.dat	xmrig
behavioral1/files/0x0005000000019f71-85.dat	xmrig
behavioral1/files/0x0005000000019f57-80.dat	xmrig
behavioral1/files/0x0005000000019d5c-70.dat	xmrig
behavioral1/files/0x0005000000019c0b-55.dat	xmrig
behavioral1/files/0x0005000000019bf2-50.dat	xmrig
behavioral1/files/0x0005000000019bf0-46.dat	xmrig
behavioral1/files/0x0005000000019bec-40.dat	xmrig
behavioral1/memory/2376-2348-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2512-2423-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/1728-2424-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/1448-2469-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/1728-3065-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/1728-3139-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/1448-3710-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2512-3711-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2376-4166-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2420-4167-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1448	rKycoSG.exe
2376	YBbBGRK.exe
2512	bYDAmcR.exe
2420	jnXaUwC.exe
2456	arucZrr.exe
2564	dfjXqBh.exe
2704	pkhYoMq.exe
2872	HWWDHHa.exe
2748	GnJEmYy.exe
2612	kXlxJBP.exe
2716	FEcRsyr.exe
2692	VJjSuYC.exe
2736	XmZTQlR.exe
2604	PJfqwBQ.exe
2636	HFeUTxG.exe
2212	iJjgECt.exe
2172	ynrkpnD.exe
1260	MaiJddb.exe
876	vySsfuT.exe
1088	nIbgvan.exe
2884	gdhQNSB.exe
1308	cOTVZMF.exe
1784	CsINZZb.exe
2368	kLIMEGY.exe
2952	CRVWhgs.exe
2004	vsGgloN.exe
2488	QJadENF.exe
2232	dohZouC.exe
2324	jwRzqOm.exe
2024	UDlPTXw.exe
1856	fELnalU.exe
2484	CBECdua.exe
3024	qtSBQxg.exe
2588	vBZGxNp.exe
956	cwSKkjQ.exe
1608	MNwycJN.exe
2472	bsAidsd.exe
2008	XIgsGAR.exe
2448	hvsvemr.exe
1816	LrLROvy.exe
2080	BwUIiKz.exe
856	nDfgktT.exe
1536	YjZSZEr.exe
556	xMrmwkw.exe
2196	rsCnbUB.exe
2440	InCpmoR.exe
3044	SnlbrNM.exe
580	VGouISG.exe
1168	xQOfssl.exe
1152	OQMLpcm.exe
700	QiiFLSH.exe
1916	blMDvff.exe
1508	nhYncWJ.exe
2220	LgkUgKx.exe
1796	axpOJnm.exe
1576	QaVnYGb.exe
1600	aKMydIa.exe
2152	CFovSzx.exe
1968	mmLKvil.exe
2304	SnRdSnt.exe
2828	ipyUTJi.exe
2756	ELtEaZD.exe
2860	zYDENkl.exe
2792	WQWwDGx.exe

Loads dropped DLL 64 IoCs

pid	Process
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 41 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1728-0-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x000a00000001225f-6.dat	upx
behavioral1/files/0x0008000000017520-8.dat	upx
behavioral1/files/0x0006000000018634-15.dat	upx
behavioral1/files/0x0006000000018636-21.dat	upx
behavioral1/files/0x0006000000018741-26.dat	upx
behavioral1/files/0x000900000001907c-30.dat	upx
behavioral1/files/0x0008000000019080-35.dat	upx
behavioral1/files/0x0005000000019cd5-60.dat	upx
behavioral1/files/0x0005000000019cfc-65.dat	upx
behavioral1/files/0x0005000000019d69-75.dat	upx
behavioral1/files/0x000500000001a2b9-105.dat	upx
behavioral1/files/0x000500000001a2fc-110.dat	upx
behavioral1/files/0x000500000001a3e4-116.dat	upx
behavioral1/files/0x000500000001a3e6-120.dat	upx
behavioral1/files/0x000500000001a454-160.dat	upx
behavioral1/files/0x000500000001a452-155.dat	upx
behavioral1/files/0x000500000001a447-150.dat	upx
behavioral1/files/0x000500000001a445-146.dat	upx
behavioral1/files/0x000500000001a423-140.dat	upx
behavioral1/files/0x000500000001a3ed-135.dat	upx
behavioral1/files/0x000500000001a3ea-130.dat	upx
behavioral1/files/0x000500000001a3e8-126.dat	upx
behavioral1/files/0x000500000001a05a-100.dat	upx
behavioral1/files/0x000500000001a033-95.dat	upx
behavioral1/files/0x000500000001a020-90.dat	upx
behavioral1/files/0x0005000000019f71-85.dat	upx
behavioral1/files/0x0005000000019f57-80.dat	upx
behavioral1/files/0x0005000000019d5c-70.dat	upx
behavioral1/files/0x0005000000019c0b-55.dat	upx
behavioral1/files/0x0005000000019bf2-50.dat	upx
behavioral1/files/0x0005000000019bf0-46.dat	upx
behavioral1/files/0x0005000000019bec-40.dat	upx
behavioral1/memory/2376-2348-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2512-2423-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/1448-2469-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/1728-3065-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/1448-3710-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2512-3711-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2376-4166-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2420-4167-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\fWgsxDl.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\weEgXYf.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ixZcnUe.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LDvGDAe.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HWiLbss.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aziFjdF.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VORZXdq.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmOABpy.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UGKxiFj.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\laapZaE.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\isFljrf.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\blBUimt.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzuvczz.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CFFcoEg.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hAYATyV.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UiWMXzj.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UCfwHRN.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YRwAtkB.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ueFGmma.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dplVlHb.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DCZaNSp.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kZqjQKU.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hsjSUcM.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EyHeKxg.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BwUIiKz.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hupCFdq.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\acgHdHk.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kSSORjV.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dohZouC.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DNoBsyd.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKfgBgC.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GRuqiBx.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DBicYmv.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLzKmBp.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ELZXadk.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhirZnS.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ITypyEd.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tTLMWDZ.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNifjOy.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\clnwUSv.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JoqEKvm.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eaBsoKK.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxicZWi.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xBUAMBz.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qxjThDb.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rwywrBs.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cQzmVkE.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DJQjzVM.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qBZgEkr.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nDfgktT.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MpryAvX.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QLoUIbG.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vlHIrJp.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jfZtFGU.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqrORuO.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uENdbVW.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\acGxdBb.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WjDKeRh.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IsqaXrt.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHgAWFN.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SrRqnXM.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\riLehZw.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vPjjafB.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNlTETM.exe	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 1448	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1728 wrote to memory of 1448	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1728 wrote to memory of 1448	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1728 wrote to memory of 2376	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1728 wrote to memory of 2376	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1728 wrote to memory of 2376	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1728 wrote to memory of 2512	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1728 wrote to memory of 2512	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1728 wrote to memory of 2512	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1728 wrote to memory of 2420	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1728 wrote to memory of 2420	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1728 wrote to memory of 2420	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1728 wrote to memory of 2456	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1728 wrote to memory of 2456	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1728 wrote to memory of 2456	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1728 wrote to memory of 2564	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1728 wrote to memory of 2564	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1728 wrote to memory of 2564	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1728 wrote to memory of 2704	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1728 wrote to memory of 2704	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1728 wrote to memory of 2704	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1728 wrote to memory of 2872	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1728 wrote to memory of 2872	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1728 wrote to memory of 2872	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1728 wrote to memory of 2748	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1728 wrote to memory of 2748	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1728 wrote to memory of 2748	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1728 wrote to memory of 2612	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1728 wrote to memory of 2612	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1728 wrote to memory of 2612	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1728 wrote to memory of 2716	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1728 wrote to memory of 2716	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1728 wrote to memory of 2716	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1728 wrote to memory of 2692	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1728 wrote to memory of 2692	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1728 wrote to memory of 2692	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1728 wrote to memory of 2736	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1728 wrote to memory of 2736	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1728 wrote to memory of 2736	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1728 wrote to memory of 2604	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1728 wrote to memory of 2604	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1728 wrote to memory of 2604	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1728 wrote to memory of 2636	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1728 wrote to memory of 2636	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1728 wrote to memory of 2636	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1728 wrote to memory of 2212	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1728 wrote to memory of 2212	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1728 wrote to memory of 2212	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1728 wrote to memory of 2172	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1728 wrote to memory of 2172	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1728 wrote to memory of 2172	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1728 wrote to memory of 1260	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1728 wrote to memory of 1260	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1728 wrote to memory of 1260	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1728 wrote to memory of 876	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1728 wrote to memory of 876	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1728 wrote to memory of 876	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1728 wrote to memory of 1088	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1728 wrote to memory of 1088	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1728 wrote to memory of 1088	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1728 wrote to memory of 2884	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1728 wrote to memory of 2884	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1728 wrote to memory of 2884	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1728 wrote to memory of 1308	1728	2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-14_a6fdf86d0b5ee47f496459f642af4278_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Windows\System\rKycoSG.exe
  C:\Windows\System\rKycoSG.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\YBbBGRK.exe
  C:\Windows\System\YBbBGRK.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\bYDAmcR.exe
  C:\Windows\System\bYDAmcR.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\jnXaUwC.exe
  C:\Windows\System\jnXaUwC.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\arucZrr.exe
  C:\Windows\System\arucZrr.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\dfjXqBh.exe
  C:\Windows\System\dfjXqBh.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\pkhYoMq.exe
  C:\Windows\System\pkhYoMq.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\HWWDHHa.exe
  C:\Windows\System\HWWDHHa.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\GnJEmYy.exe
  C:\Windows\System\GnJEmYy.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\kXlxJBP.exe
  C:\Windows\System\kXlxJBP.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\FEcRsyr.exe
  C:\Windows\System\FEcRsyr.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\VJjSuYC.exe
  C:\Windows\System\VJjSuYC.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\XmZTQlR.exe
  C:\Windows\System\XmZTQlR.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\PJfqwBQ.exe
  C:\Windows\System\PJfqwBQ.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\HFeUTxG.exe
  C:\Windows\System\HFeUTxG.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\iJjgECt.exe
  C:\Windows\System\iJjgECt.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\ynrkpnD.exe
  C:\Windows\System\ynrkpnD.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\MaiJddb.exe
  C:\Windows\System\MaiJddb.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\vySsfuT.exe
  C:\Windows\System\vySsfuT.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\nIbgvan.exe
  C:\Windows\System\nIbgvan.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\gdhQNSB.exe
  C:\Windows\System\gdhQNSB.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\cOTVZMF.exe
  C:\Windows\System\cOTVZMF.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\CsINZZb.exe
  C:\Windows\System\CsINZZb.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\kLIMEGY.exe
  C:\Windows\System\kLIMEGY.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\CRVWhgs.exe
  C:\Windows\System\CRVWhgs.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\vsGgloN.exe
  C:\Windows\System\vsGgloN.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\QJadENF.exe
  C:\Windows\System\QJadENF.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\dohZouC.exe
  C:\Windows\System\dohZouC.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\jwRzqOm.exe
  C:\Windows\System\jwRzqOm.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\UDlPTXw.exe
  C:\Windows\System\UDlPTXw.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\fELnalU.exe
  C:\Windows\System\fELnalU.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\CBECdua.exe
  C:\Windows\System\CBECdua.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\qtSBQxg.exe
  C:\Windows\System\qtSBQxg.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\vBZGxNp.exe
  C:\Windows\System\vBZGxNp.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\cwSKkjQ.exe
  C:\Windows\System\cwSKkjQ.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\MNwycJN.exe
  C:\Windows\System\MNwycJN.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\bsAidsd.exe
  C:\Windows\System\bsAidsd.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\XIgsGAR.exe
  C:\Windows\System\XIgsGAR.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\hvsvemr.exe
  C:\Windows\System\hvsvemr.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\LrLROvy.exe
  C:\Windows\System\LrLROvy.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\BwUIiKz.exe
  C:\Windows\System\BwUIiKz.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\nDfgktT.exe
  C:\Windows\System\nDfgktT.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\YjZSZEr.exe
  C:\Windows\System\YjZSZEr.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\xMrmwkw.exe
  C:\Windows\System\xMrmwkw.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\rsCnbUB.exe
  C:\Windows\System\rsCnbUB.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\InCpmoR.exe
  C:\Windows\System\InCpmoR.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\SnlbrNM.exe
  C:\Windows\System\SnlbrNM.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\VGouISG.exe
  C:\Windows\System\VGouISG.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\xQOfssl.exe
  C:\Windows\System\xQOfssl.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\OQMLpcm.exe
  C:\Windows\System\OQMLpcm.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\QiiFLSH.exe
  C:\Windows\System\QiiFLSH.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\blMDvff.exe
  C:\Windows\System\blMDvff.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\nhYncWJ.exe
  C:\Windows\System\nhYncWJ.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\LgkUgKx.exe
  C:\Windows\System\LgkUgKx.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\axpOJnm.exe
  C:\Windows\System\axpOJnm.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\QaVnYGb.exe
  C:\Windows\System\QaVnYGb.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\aKMydIa.exe
  C:\Windows\System\aKMydIa.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\CFovSzx.exe
  C:\Windows\System\CFovSzx.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\mmLKvil.exe
  C:\Windows\System\mmLKvil.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\SnRdSnt.exe
  C:\Windows\System\SnRdSnt.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\ipyUTJi.exe
  C:\Windows\System\ipyUTJi.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\ELtEaZD.exe
  C:\Windows\System\ELtEaZD.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\zYDENkl.exe
  C:\Windows\System\zYDENkl.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\WQWwDGx.exe
  C:\Windows\System\WQWwDGx.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\roBLTNT.exe
  C:\Windows\System\roBLTNT.exe
  2⤵
  PID:1808
- C:\Windows\System\MqVPDxU.exe
  C:\Windows\System\MqVPDxU.exe
  2⤵
  PID:2620
- C:\Windows\System\xfljOnQ.exe
  C:\Windows\System\xfljOnQ.exe
  2⤵
  PID:2312
- C:\Windows\System\obdWfpg.exe
  C:\Windows\System\obdWfpg.exe
  2⤵
  PID:660
- C:\Windows\System\HCVPIRz.exe
  C:\Windows\System\HCVPIRz.exe
  2⤵
  PID:2940
- C:\Windows\System\YJiJtNl.exe
  C:\Windows\System\YJiJtNl.exe
  2⤵
  PID:884
- C:\Windows\System\PtKpilH.exe
  C:\Windows\System\PtKpilH.exe
  2⤵
  PID:2880
- C:\Windows\System\hQmcTKE.exe
  C:\Windows\System\hQmcTKE.exe
  2⤵
  PID:2904
- C:\Windows\System\cqQtCYC.exe
  C:\Windows\System\cqQtCYC.exe
  2⤵
  PID:1988
- C:\Windows\System\yersJvR.exe
  C:\Windows\System\yersJvR.exe
  2⤵
  PID:2532
- C:\Windows\System\RAehEic.exe
  C:\Windows\System\RAehEic.exe
  2⤵
  PID:2236
- C:\Windows\System\ulGRUeC.exe
  C:\Windows\System\ulGRUeC.exe
  2⤵
  PID:304
- C:\Windows\System\exItPky.exe
  C:\Windows\System\exItPky.exe
  2⤵
  PID:2584
- C:\Windows\System\sOBtcKz.exe
  C:\Windows\System\sOBtcKz.exe
  2⤵
  PID:628
- C:\Windows\System\mUzwNuM.exe
  C:\Windows\System\mUzwNuM.exe
  2⤵
  PID:992
- C:\Windows\System\oaOQDRp.exe
  C:\Windows\System\oaOQDRp.exe
  2⤵
  PID:1548
- C:\Windows\System\pbjYIap.exe
  C:\Windows\System\pbjYIap.exe
  2⤵
  PID:2100
- C:\Windows\System\lHpyHvH.exe
  C:\Windows\System\lHpyHvH.exe
  2⤵
  PID:888
- C:\Windows\System\rCvKJdq.exe
  C:\Windows\System\rCvKJdq.exe
  2⤵
  PID:1768
- C:\Windows\System\iLoEJRB.exe
  C:\Windows\System\iLoEJRB.exe
  2⤵
  PID:2296
- C:\Windows\System\ZLFhkxq.exe
  C:\Windows\System\ZLFhkxq.exe
  2⤵
  PID:3036
- C:\Windows\System\idDtxkL.exe
  C:\Windows\System\idDtxkL.exe
  2⤵
  PID:3064
- C:\Windows\System\xLashcS.exe
  C:\Windows\System\xLashcS.exe
  2⤵
  PID:2260
- C:\Windows\System\yEtIZDj.exe
  C:\Windows\System\yEtIZDj.exe
  2⤵
  PID:1480
- C:\Windows\System\UGKxiFj.exe
  C:\Windows\System\UGKxiFj.exe
  2⤵
  PID:880
- C:\Windows\System\mDWYfmm.exe
  C:\Windows\System\mDWYfmm.exe
  2⤵
  PID:1492
- C:\Windows\System\hSbzuNY.exe
  C:\Windows\System\hSbzuNY.exe
  2⤵
  PID:1704
- C:\Windows\System\fiGqPId.exe
  C:\Windows\System\fiGqPId.exe
  2⤵
  PID:2360
- C:\Windows\System\mbZlmnB.exe
  C:\Windows\System\mbZlmnB.exe
  2⤵
  PID:584
- C:\Windows\System\RqQRjVZ.exe
  C:\Windows\System\RqQRjVZ.exe
  2⤵
  PID:3012
- C:\Windows\System\iouFLKT.exe
  C:\Windows\System\iouFLKT.exe
  2⤵
  PID:2732
- C:\Windows\System\clnwUSv.exe
  C:\Windows\System\clnwUSv.exe
  2⤵
  PID:2660
- C:\Windows\System\qsdIhNK.exe
  C:\Windows\System\qsdIhNK.exe
  2⤵
  PID:2052
- C:\Windows\System\enwtBGZ.exe
  C:\Windows\System\enwtBGZ.exe
  2⤵
  PID:1520
- C:\Windows\System\owgzbjV.exe
  C:\Windows\System\owgzbjV.exe
  2⤵
  PID:2976
- C:\Windows\System\jZiTWno.exe
  C:\Windows\System\jZiTWno.exe
  2⤵
  PID:1312
- C:\Windows\System\xuOceWt.exe
  C:\Windows\System\xuOceWt.exe
  2⤵
  PID:2240
- C:\Windows\System\rSryIde.exe
  C:\Windows\System\rSryIde.exe
  2⤵
  PID:2112
- C:\Windows\System\rCelRTD.exe
  C:\Windows\System\rCelRTD.exe
  2⤵
  PID:1348
- C:\Windows\System\jmzPBkt.exe
  C:\Windows\System\jmzPBkt.exe
  2⤵
  PID:1344
- C:\Windows\System\iNVfaKf.exe
  C:\Windows\System\iNVfaKf.exe
  2⤵
  PID:2060
- C:\Windows\System\ZMPvqDd.exe
  C:\Windows\System\ZMPvqDd.exe
  2⤵
  PID:1640
- C:\Windows\System\gWWamtk.exe
  C:\Windows\System\gWWamtk.exe
  2⤵
  PID:1036
- C:\Windows\System\dhgbOlX.exe
  C:\Windows\System\dhgbOlX.exe
  2⤵
  PID:1620
- C:\Windows\System\cZCPWtH.exe
  C:\Windows\System\cZCPWtH.exe
  2⤵
  PID:1604
- C:\Windows\System\MKRSiET.exe
  C:\Windows\System\MKRSiET.exe
  2⤵
  PID:892
- C:\Windows\System\LGiQrAH.exe
  C:\Windows\System\LGiQrAH.exe
  2⤵
  PID:1740
- C:\Windows\System\IaNBURK.exe
  C:\Windows\System\IaNBURK.exe
  2⤵
  PID:2384
- C:\Windows\System\VoObBYg.exe
  C:\Windows\System\VoObBYg.exe
  2⤵
  PID:3084
- C:\Windows\System\pGgeusc.exe
  C:\Windows\System\pGgeusc.exe
  2⤵
  PID:3104
- C:\Windows\System\vLEcdWc.exe
  C:\Windows\System\vLEcdWc.exe
  2⤵
  PID:3124
- C:\Windows\System\rstrPPm.exe
  C:\Windows\System\rstrPPm.exe
  2⤵
  PID:3144
- C:\Windows\System\kqHPxia.exe
  C:\Windows\System\kqHPxia.exe
  2⤵
  PID:3164
- C:\Windows\System\rgcUXHX.exe
  C:\Windows\System\rgcUXHX.exe
  2⤵
  PID:3184
- C:\Windows\System\gmFzxQo.exe
  C:\Windows\System\gmFzxQo.exe
  2⤵
  PID:3204
- C:\Windows\System\MVCthZg.exe
  C:\Windows\System\MVCthZg.exe
  2⤵
  PID:3224
- C:\Windows\System\shucmgo.exe
  C:\Windows\System\shucmgo.exe
  2⤵
  PID:3244
- C:\Windows\System\FnzWehK.exe
  C:\Windows\System\FnzWehK.exe
  2⤵
  PID:3264
- C:\Windows\System\ENTbOyd.exe
  C:\Windows\System\ENTbOyd.exe
  2⤵
  PID:3284
- C:\Windows\System\HyIsBZS.exe
  C:\Windows\System\HyIsBZS.exe
  2⤵
  PID:3304
- C:\Windows\System\berEepO.exe
  C:\Windows\System\berEepO.exe
  2⤵
  PID:3324
- C:\Windows\System\sIOovCf.exe
  C:\Windows\System\sIOovCf.exe
  2⤵
  PID:3344
- C:\Windows\System\zsdyguu.exe
  C:\Windows\System\zsdyguu.exe
  2⤵
  PID:3364
- C:\Windows\System\wXkOnby.exe
  C:\Windows\System\wXkOnby.exe
  2⤵
  PID:3384
- C:\Windows\System\BDICzLN.exe
  C:\Windows\System\BDICzLN.exe
  2⤵
  PID:3404
- C:\Windows\System\WSkXvNG.exe
  C:\Windows\System\WSkXvNG.exe
  2⤵
  PID:3424
- C:\Windows\System\fYcmURP.exe
  C:\Windows\System\fYcmURP.exe
  2⤵
  PID:3444
- C:\Windows\System\APXYfwR.exe
  C:\Windows\System\APXYfwR.exe
  2⤵
  PID:3464
- C:\Windows\System\JoqEKvm.exe
  C:\Windows\System\JoqEKvm.exe
  2⤵
  PID:3484
- C:\Windows\System\afZwWor.exe
  C:\Windows\System\afZwWor.exe
  2⤵
  PID:3504
- C:\Windows\System\hupCFdq.exe
  C:\Windows\System\hupCFdq.exe
  2⤵
  PID:3524
- C:\Windows\System\ToTjKVt.exe
  C:\Windows\System\ToTjKVt.exe
  2⤵
  PID:3544
- C:\Windows\System\YVyXefU.exe
  C:\Windows\System\YVyXefU.exe
  2⤵
  PID:3564
- C:\Windows\System\ELaGAaH.exe
  C:\Windows\System\ELaGAaH.exe
  2⤵
  PID:3584
- C:\Windows\System\eKCVTbY.exe
  C:\Windows\System\eKCVTbY.exe
  2⤵
  PID:3604
- C:\Windows\System\mlEIqmP.exe
  C:\Windows\System\mlEIqmP.exe
  2⤵
  PID:3624
- C:\Windows\System\FjRjEsi.exe
  C:\Windows\System\FjRjEsi.exe
  2⤵
  PID:3644
- C:\Windows\System\bDupIRj.exe
  C:\Windows\System\bDupIRj.exe
  2⤵
  PID:3668
- C:\Windows\System\IDgOaqM.exe
  C:\Windows\System\IDgOaqM.exe
  2⤵
  PID:3688
- C:\Windows\System\zBmjdId.exe
  C:\Windows\System\zBmjdId.exe
  2⤵
  PID:3708
- C:\Windows\System\OmzZwaR.exe
  C:\Windows\System\OmzZwaR.exe
  2⤵
  PID:3728
- C:\Windows\System\SmqGDFD.exe
  C:\Windows\System\SmqGDFD.exe
  2⤵
  PID:3748
- C:\Windows\System\AhKqiDJ.exe
  C:\Windows\System\AhKqiDJ.exe
  2⤵
  PID:3768
- C:\Windows\System\UCJxvVt.exe
  C:\Windows\System\UCJxvVt.exe
  2⤵
  PID:3788
- C:\Windows\System\nMOVWcn.exe
  C:\Windows\System\nMOVWcn.exe
  2⤵
  PID:3808
- C:\Windows\System\kwvlJmi.exe
  C:\Windows\System\kwvlJmi.exe
  2⤵
  PID:3828
- C:\Windows\System\Tisbpoo.exe
  C:\Windows\System\Tisbpoo.exe
  2⤵
  PID:3848
- C:\Windows\System\hkMQYEW.exe
  C:\Windows\System\hkMQYEW.exe
  2⤵
  PID:3868
- C:\Windows\System\yCCCIcv.exe
  C:\Windows\System\yCCCIcv.exe
  2⤵
  PID:3888
- C:\Windows\System\WAbLvXy.exe
  C:\Windows\System\WAbLvXy.exe
  2⤵
  PID:3908
- C:\Windows\System\rkFIalz.exe
  C:\Windows\System\rkFIalz.exe
  2⤵
  PID:3928
- C:\Windows\System\rwywrBs.exe
  C:\Windows\System\rwywrBs.exe
  2⤵
  PID:3948
- C:\Windows\System\GJkzAla.exe
  C:\Windows\System\GJkzAla.exe
  2⤵
  PID:3968
- C:\Windows\System\NenTxoM.exe
  C:\Windows\System\NenTxoM.exe
  2⤵
  PID:3988
- C:\Windows\System\LATAJJN.exe
  C:\Windows\System\LATAJJN.exe
  2⤵
  PID:4008
- C:\Windows\System\eHMBdPQ.exe
  C:\Windows\System\eHMBdPQ.exe
  2⤵
  PID:4028
- C:\Windows\System\qeAwvDB.exe
  C:\Windows\System\qeAwvDB.exe
  2⤵
  PID:4048
- C:\Windows\System\pzJMpgB.exe
  C:\Windows\System\pzJMpgB.exe
  2⤵
  PID:4068
- C:\Windows\System\xiYoUIa.exe
  C:\Windows\System\xiYoUIa.exe
  2⤵
  PID:4088
- C:\Windows\System\MtgxoTx.exe
  C:\Windows\System\MtgxoTx.exe
  2⤵
  PID:2988
- C:\Windows\System\wrCFtcY.exe
  C:\Windows\System\wrCFtcY.exe
  2⤵
  PID:2864
- C:\Windows\System\GRuqiBx.exe
  C:\Windows\System\GRuqiBx.exe
  2⤵
  PID:2720
- C:\Windows\System\cFoFAeY.exe
  C:\Windows\System\cFoFAeY.exe
  2⤵
  PID:2132
- C:\Windows\System\czFskQj.exe
  C:\Windows\System\czFskQj.exe
  2⤵
  PID:2892
- C:\Windows\System\GOVkHML.exe
  C:\Windows\System\GOVkHML.exe
  2⤵
  PID:1288
- C:\Windows\System\IsllGOy.exe
  C:\Windows\System\IsllGOy.exe
  2⤵
  PID:1648
- C:\Windows\System\ZgdmqOU.exe
  C:\Windows\System\ZgdmqOU.exe
  2⤵
  PID:1368
- C:\Windows\System\NzQZNEb.exe
  C:\Windows\System\NzQZNEb.exe
  2⤵
  PID:2444
- C:\Windows\System\GQEmbnd.exe
  C:\Windows\System\GQEmbnd.exe
  2⤵
  PID:1860
- C:\Windows\System\KGANGaC.exe
  C:\Windows\System\KGANGaC.exe
  2⤵
  PID:1504
- C:\Windows\System\OyjeTQk.exe
  C:\Windows\System\OyjeTQk.exe
  2⤵
  PID:2960
- C:\Windows\System\TIsYiIG.exe
  C:\Windows\System\TIsYiIG.exe
  2⤵
  PID:3076
- C:\Windows\System\AXKNcGU.exe
  C:\Windows\System\AXKNcGU.exe
  2⤵
  PID:3116
- C:\Windows\System\tqCYywZ.exe
  C:\Windows\System\tqCYywZ.exe
  2⤵
  PID:3172
- C:\Windows\System\GDXWBvB.exe
  C:\Windows\System\GDXWBvB.exe
  2⤵
  PID:3200
- C:\Windows\System\ieONgAb.exe
  C:\Windows\System\ieONgAb.exe
  2⤵
  PID:3232
- C:\Windows\System\tBbDENe.exe
  C:\Windows\System\tBbDENe.exe
  2⤵
  PID:3256
- C:\Windows\System\OTXhVKU.exe
  C:\Windows\System\OTXhVKU.exe
  2⤵
  PID:3296
- C:\Windows\System\mzYhJss.exe
  C:\Windows\System\mzYhJss.exe
  2⤵
  PID:3340
- C:\Windows\System\VmWmDQd.exe
  C:\Windows\System\VmWmDQd.exe
  2⤵
  PID:3372
- C:\Windows\System\VzMDYCT.exe
  C:\Windows\System\VzMDYCT.exe
  2⤵
  PID:3412
- C:\Windows\System\hfjJLWG.exe
  C:\Windows\System\hfjJLWG.exe
  2⤵
  PID:3440
- C:\Windows\System\KTxMjyI.exe
  C:\Windows\System\KTxMjyI.exe
  2⤵
  PID:3472
- C:\Windows\System\jiuNpgw.exe
  C:\Windows\System\jiuNpgw.exe
  2⤵
  PID:3496
- C:\Windows\System\tADjwoG.exe
  C:\Windows\System\tADjwoG.exe
  2⤵
  PID:3516
- C:\Windows\System\sujiJAV.exe
  C:\Windows\System\sujiJAV.exe
  2⤵
  PID:3572
- C:\Windows\System\ugyWIys.exe
  C:\Windows\System\ugyWIys.exe
  2⤵
  PID:3612
- C:\Windows\System\CkbPBnD.exe
  C:\Windows\System\CkbPBnD.exe
  2⤵
  PID:3640
- C:\Windows\System\ZOrDbWJ.exe
  C:\Windows\System\ZOrDbWJ.exe
  2⤵
  PID:3676
- C:\Windows\System\ELZXadk.exe
  C:\Windows\System\ELZXadk.exe
  2⤵
  PID:3700
- C:\Windows\System\GzpMYwW.exe
  C:\Windows\System\GzpMYwW.exe
  2⤵
  PID:3744
- C:\Windows\System\CPZrcRv.exe
  C:\Windows\System\CPZrcRv.exe
  2⤵
  PID:3776
- C:\Windows\System\AoplLRu.exe
  C:\Windows\System\AoplLRu.exe
  2⤵
  PID:3804
- C:\Windows\System\WSvQTgv.exe
  C:\Windows\System\WSvQTgv.exe
  2⤵
  PID:3844
- C:\Windows\System\EnJwBHq.exe
  C:\Windows\System\EnJwBHq.exe
  2⤵
  PID:3876
- C:\Windows\System\ayGSfQF.exe
  C:\Windows\System\ayGSfQF.exe
  2⤵
  PID:3904
- C:\Windows\System\gowGfkE.exe
  C:\Windows\System\gowGfkE.exe
  2⤵
  PID:3924
- C:\Windows\System\PmOzpJM.exe
  C:\Windows\System\PmOzpJM.exe
  2⤵
  PID:3960
- C:\Windows\System\begMcIA.exe
  C:\Windows\System\begMcIA.exe
  2⤵
  PID:3996
- C:\Windows\System\JgOBFge.exe
  C:\Windows\System\JgOBFge.exe
  2⤵
  PID:4036
- C:\Windows\System\lzwMRbp.exe
  C:\Windows\System\lzwMRbp.exe
  2⤵
  PID:4060
- C:\Windows\System\lBeTFCe.exe
  C:\Windows\System\lBeTFCe.exe
  2⤵
  PID:2868
- C:\Windows\System\QqAhRzu.exe
  C:\Windows\System\QqAhRzu.exe
  2⤵
  PID:1692
- C:\Windows\System\TrEcZvh.exe
  C:\Windows\System\TrEcZvh.exe
  2⤵
  PID:2576
- C:\Windows\System\HOCrgBe.exe
  C:\Windows\System\HOCrgBe.exe
  2⤵
  PID:352
- C:\Windows\System\pPtmyjK.exe
  C:\Windows\System\pPtmyjK.exe
  2⤵
  PID:2032
- C:\Windows\System\RWCqBKI.exe
  C:\Windows\System\RWCqBKI.exe
  2⤵
  PID:936
- C:\Windows\System\wJtziAD.exe
  C:\Windows\System\wJtziAD.exe
  2⤵
  PID:2320
- C:\Windows\System\VudxaUb.exe
  C:\Windows\System\VudxaUb.exe
  2⤵
  PID:3100
- C:\Windows\System\EYmijKz.exe
  C:\Windows\System\EYmijKz.exe
  2⤵
  PID:3132
- C:\Windows\System\wdVsODW.exe
  C:\Windows\System\wdVsODW.exe
  2⤵
  PID:3176
- C:\Windows\System\AGEGutU.exe
  C:\Windows\System\AGEGutU.exe
  2⤵
  PID:3236
- C:\Windows\System\tTGzbKl.exe
  C:\Windows\System\tTGzbKl.exe
  2⤵
  PID:3292
- C:\Windows\System\KUyBatS.exe
  C:\Windows\System\KUyBatS.exe
  2⤵
  PID:3356
- C:\Windows\System\WJZoZBG.exe
  C:\Windows\System\WJZoZBG.exe
  2⤵
  PID:3416
- C:\Windows\System\PJHXPAy.exe
  C:\Windows\System\PJHXPAy.exe
  2⤵
  PID:3460
- C:\Windows\System\acgHdHk.exe
  C:\Windows\System\acgHdHk.exe
  2⤵
  PID:3552
- C:\Windows\System\ctyLPGB.exe
  C:\Windows\System\ctyLPGB.exe
  2⤵
  PID:3616
- C:\Windows\System\fFpUXGQ.exe
  C:\Windows\System\fFpUXGQ.exe
  2⤵
  PID:3680
- C:\Windows\System\kSSORjV.exe
  C:\Windows\System\kSSORjV.exe
  2⤵
  PID:3724
- C:\Windows\System\nZeiSMa.exe
  C:\Windows\System\nZeiSMa.exe
  2⤵
  PID:3764
- C:\Windows\System\aKbJqGs.exe
  C:\Windows\System\aKbJqGs.exe
  2⤵
  PID:3820
- C:\Windows\System\juifwxL.exe
  C:\Windows\System\juifwxL.exe
  2⤵
  PID:2932
- C:\Windows\System\QFFFnxE.exe
  C:\Windows\System\QFFFnxE.exe
  2⤵
  PID:3956
- C:\Windows\System\zWXqnvL.exe
  C:\Windows\System\zWXqnvL.exe
  2⤵
  PID:4024
- C:\Windows\System\MXEyWWV.exe
  C:\Windows\System\MXEyWWV.exe
  2⤵
  PID:4044
- C:\Windows\System\vEBisDM.exe
  C:\Windows\System\vEBisDM.exe
  2⤵
  PID:2396
- C:\Windows\System\SGdIIai.exe
  C:\Windows\System\SGdIIai.exe
  2⤵
  PID:3020
- C:\Windows\System\NfcisIm.exe
  C:\Windows\System\NfcisIm.exe
  2⤵
  PID:1744
- C:\Windows\System\PatSFlr.exe
  C:\Windows\System\PatSFlr.exe
  2⤵
  PID:4108
- C:\Windows\System\jLKNsXs.exe
  C:\Windows\System\jLKNsXs.exe
  2⤵
  PID:4128
- C:\Windows\System\DNoBsyd.exe
  C:\Windows\System\DNoBsyd.exe
  2⤵
  PID:4148
- C:\Windows\System\opAACNq.exe
  C:\Windows\System\opAACNq.exe
  2⤵
  PID:4168
- C:\Windows\System\shKKDOT.exe
  C:\Windows\System\shKKDOT.exe
  2⤵
  PID:4188
- C:\Windows\System\fdQlrjX.exe
  C:\Windows\System\fdQlrjX.exe
  2⤵
  PID:4208
- C:\Windows\System\nIJFYQO.exe
  C:\Windows\System\nIJFYQO.exe
  2⤵
  PID:4228
- C:\Windows\System\GrFbuGT.exe
  C:\Windows\System\GrFbuGT.exe
  2⤵
  PID:4248
- C:\Windows\System\FUShskO.exe
  C:\Windows\System\FUShskO.exe
  2⤵
  PID:4268
- C:\Windows\System\tlkLLot.exe
  C:\Windows\System\tlkLLot.exe
  2⤵
  PID:4288
- C:\Windows\System\bKKMBEl.exe
  C:\Windows\System\bKKMBEl.exe
  2⤵
  PID:4308
- C:\Windows\System\wXRCmVS.exe
  C:\Windows\System\wXRCmVS.exe
  2⤵
  PID:4332
- C:\Windows\System\fCfHNXS.exe
  C:\Windows\System\fCfHNXS.exe
  2⤵
  PID:4352
- C:\Windows\System\FovYGNK.exe
  C:\Windows\System\FovYGNK.exe
  2⤵
  PID:4372
- C:\Windows\System\iofedXR.exe
  C:\Windows\System\iofedXR.exe
  2⤵
  PID:4392
- C:\Windows\System\gKGfLXE.exe
  C:\Windows\System\gKGfLXE.exe
  2⤵
  PID:4412
- C:\Windows\System\BmdDsoC.exe
  C:\Windows\System\BmdDsoC.exe
  2⤵
  PID:4432
- C:\Windows\System\Bbwnkia.exe
  C:\Windows\System\Bbwnkia.exe
  2⤵
  PID:4452
- C:\Windows\System\iyYiquw.exe
  C:\Windows\System\iyYiquw.exe
  2⤵
  PID:4472
- C:\Windows\System\wRrBoAp.exe
  C:\Windows\System\wRrBoAp.exe
  2⤵
  PID:4492
- C:\Windows\System\NoMUDVk.exe
  C:\Windows\System\NoMUDVk.exe
  2⤵
  PID:4512
- C:\Windows\System\vJMapMV.exe
  C:\Windows\System\vJMapMV.exe
  2⤵
  PID:4532
- C:\Windows\System\NGwXqnr.exe
  C:\Windows\System\NGwXqnr.exe
  2⤵
  PID:4552
- C:\Windows\System\YUttUQD.exe
  C:\Windows\System\YUttUQD.exe
  2⤵
  PID:4572
- C:\Windows\System\XvwObph.exe
  C:\Windows\System\XvwObph.exe
  2⤵
  PID:4592
- C:\Windows\System\qELNMWg.exe
  C:\Windows\System\qELNMWg.exe
  2⤵
  PID:4612
- C:\Windows\System\sHentYK.exe
  C:\Windows\System\sHentYK.exe
  2⤵
  PID:4632
- C:\Windows\System\wqRgCYh.exe
  C:\Windows\System\wqRgCYh.exe
  2⤵
  PID:4652
- C:\Windows\System\ZENpsfM.exe
  C:\Windows\System\ZENpsfM.exe
  2⤵
  PID:4672
- C:\Windows\System\LQMYNMA.exe
  C:\Windows\System\LQMYNMA.exe
  2⤵
  PID:4692
- C:\Windows\System\qaCYXPh.exe
  C:\Windows\System\qaCYXPh.exe
  2⤵
  PID:4712
- C:\Windows\System\FfJuFLd.exe
  C:\Windows\System\FfJuFLd.exe
  2⤵
  PID:4732
- C:\Windows\System\DzpwevV.exe
  C:\Windows\System\DzpwevV.exe
  2⤵
  PID:4752
- C:\Windows\System\lFEHgBz.exe
  C:\Windows\System\lFEHgBz.exe
  2⤵
  PID:4772
- C:\Windows\System\eIMTRtL.exe
  C:\Windows\System\eIMTRtL.exe
  2⤵
  PID:4792
- C:\Windows\System\SFcngzc.exe
  C:\Windows\System\SFcngzc.exe
  2⤵
  PID:4812
- C:\Windows\System\WjDKeRh.exe
  C:\Windows\System\WjDKeRh.exe
  2⤵
  PID:4832
- C:\Windows\System\vWlkHXy.exe
  C:\Windows\System\vWlkHXy.exe
  2⤵
  PID:4852
- C:\Windows\System\DGgVIip.exe
  C:\Windows\System\DGgVIip.exe
  2⤵
  PID:4876
- C:\Windows\System\GudyWnm.exe
  C:\Windows\System\GudyWnm.exe
  2⤵
  PID:4896
- C:\Windows\System\nqREohl.exe
  C:\Windows\System\nqREohl.exe
  2⤵
  PID:4916
- C:\Windows\System\XxEBjBi.exe
  C:\Windows\System\XxEBjBi.exe
  2⤵
  PID:4936
- C:\Windows\System\LYtqdpS.exe
  C:\Windows\System\LYtqdpS.exe
  2⤵
  PID:4956
- C:\Windows\System\jTifxrX.exe
  C:\Windows\System\jTifxrX.exe
  2⤵
  PID:4976
- C:\Windows\System\vvdJIku.exe
  C:\Windows\System\vvdJIku.exe
  2⤵
  PID:4996
- C:\Windows\System\fIeGnTX.exe
  C:\Windows\System\fIeGnTX.exe
  2⤵
  PID:5016
- C:\Windows\System\gdmQHmm.exe
  C:\Windows\System\gdmQHmm.exe
  2⤵
  PID:5036
- C:\Windows\System\wUpplah.exe
  C:\Windows\System\wUpplah.exe
  2⤵
  PID:5056
- C:\Windows\System\aJfOojO.exe
  C:\Windows\System\aJfOojO.exe
  2⤵
  PID:5076
- C:\Windows\System\NkHvvxp.exe
  C:\Windows\System\NkHvvxp.exe
  2⤵
  PID:5096
- C:\Windows\System\pfSTgcZ.exe
  C:\Windows\System\pfSTgcZ.exe
  2⤵
  PID:5116
- C:\Windows\System\PGNvNdl.exe
  C:\Windows\System\PGNvNdl.exe
  2⤵
  PID:2016
- C:\Windows\System\ZpAgpCD.exe
  C:\Windows\System\ZpAgpCD.exe
  2⤵
  PID:3152
- C:\Windows\System\SlmxuRp.exe
  C:\Windows\System\SlmxuRp.exe
  2⤵
  PID:3352
- C:\Windows\System\IsqaXrt.exe
  C:\Windows\System\IsqaXrt.exe
  2⤵
  PID:3376
- C:\Windows\System\YQMYZOx.exe
  C:\Windows\System\YQMYZOx.exe
  2⤵
  PID:3540
- C:\Windows\System\DWStDFH.exe
  C:\Windows\System\DWStDFH.exe
  2⤵
  PID:3560
- C:\Windows\System\xBJqntv.exe
  C:\Windows\System\xBJqntv.exe
  2⤵
  PID:3720
- C:\Windows\System\eFitzqt.exe
  C:\Windows\System\eFitzqt.exe
  2⤵
  PID:3796
- C:\Windows\System\TPaJoVe.exe
  C:\Windows\System\TPaJoVe.exe
  2⤵
  PID:3864
- C:\Windows\System\ACuUaaM.exe
  C:\Windows\System\ACuUaaM.exe
  2⤵
  PID:4020
- C:\Windows\System\tLawISs.exe
  C:\Windows\System\tLawISs.exe
  2⤵
  PID:2632
- C:\Windows\System\sLaggXo.exe
  C:\Windows\System\sLaggXo.exe
  2⤵
  PID:2592
- C:\Windows\System\KYrcuKa.exe
  C:\Windows\System\KYrcuKa.exe
  2⤵
  PID:4116
- C:\Windows\System\fOqCfsA.exe
  C:\Windows\System\fOqCfsA.exe
  2⤵
  PID:4136
- C:\Windows\System\hUMGeYX.exe
  C:\Windows\System\hUMGeYX.exe
  2⤵
  PID:4160
- C:\Windows\System\rjgZUNQ.exe
  C:\Windows\System\rjgZUNQ.exe
  2⤵
  PID:4204
- C:\Windows\System\PgxqwnD.exe
  C:\Windows\System\PgxqwnD.exe
  2⤵
  PID:4220
- C:\Windows\System\bBwXJIR.exe
  C:\Windows\System\bBwXJIR.exe
  2⤵
  PID:4284
- C:\Windows\System\kYgmNID.exe
  C:\Windows\System\kYgmNID.exe
  2⤵
  PID:4304
- C:\Windows\System\DnjNEfp.exe
  C:\Windows\System\DnjNEfp.exe
  2⤵
  PID:4340
- C:\Windows\System\OzYrWAb.exe
  C:\Windows\System\OzYrWAb.exe
  2⤵
  PID:4364
- C:\Windows\System\HYHFxND.exe
  C:\Windows\System\HYHFxND.exe
  2⤵
  PID:4408
- C:\Windows\System\xZHgwIZ.exe
  C:\Windows\System\xZHgwIZ.exe
  2⤵
  PID:4424
- C:\Windows\System\HdOUbCJ.exe
  C:\Windows\System\HdOUbCJ.exe
  2⤵
  PID:4480
- C:\Windows\System\rCUcmca.exe
  C:\Windows\System\rCUcmca.exe
  2⤵
  PID:4520
- C:\Windows\System\DCZaNSp.exe
  C:\Windows\System\DCZaNSp.exe
  2⤵
  PID:4540
- C:\Windows\System\sludYtB.exe
  C:\Windows\System\sludYtB.exe
  2⤵
  PID:4564
- C:\Windows\System\FtydxCV.exe
  C:\Windows\System\FtydxCV.exe
  2⤵
  PID:4584
- C:\Windows\System\WhPMSGC.exe
  C:\Windows\System\WhPMSGC.exe
  2⤵
  PID:4628
- C:\Windows\System\GCMDHCB.exe
  C:\Windows\System\GCMDHCB.exe
  2⤵
  PID:4680
- C:\Windows\System\BtMiSaV.exe
  C:\Windows\System\BtMiSaV.exe
  2⤵
  PID:4708
- C:\Windows\System\bOKZTCC.exe
  C:\Windows\System\bOKZTCC.exe
  2⤵
  PID:4740
- C:\Windows\System\DPOOvYo.exe
  C:\Windows\System\DPOOvYo.exe
  2⤵
  PID:4764
- C:\Windows\System\aenIyEJ.exe
  C:\Windows\System\aenIyEJ.exe
  2⤵
  PID:4808
- C:\Windows\System\nZxweUG.exe
  C:\Windows\System\nZxweUG.exe
  2⤵
  PID:4824
- C:\Windows\System\MDDGWgL.exe
  C:\Windows\System\MDDGWgL.exe
  2⤵
  PID:4868
- C:\Windows\System\qTrIeon.exe
  C:\Windows\System\qTrIeon.exe
  2⤵
  PID:4912
- C:\Windows\System\eYhXiJx.exe
  C:\Windows\System\eYhXiJx.exe
  2⤵
  PID:4944
- C:\Windows\System\ignhZVC.exe
  C:\Windows\System\ignhZVC.exe
  2⤵
  PID:4968
- C:\Windows\System\HvLITuE.exe
  C:\Windows\System\HvLITuE.exe
  2⤵
  PID:5012
- C:\Windows\System\ganXEnb.exe
  C:\Windows\System\ganXEnb.exe
  2⤵
  PID:5028
- C:\Windows\System\zTroKMn.exe
  C:\Windows\System\zTroKMn.exe
  2⤵
  PID:5084
- C:\Windows\System\gZSENqw.exe
  C:\Windows\System\gZSENqw.exe
  2⤵
  PID:5112
- C:\Windows\System\SNdlKmJ.exe
  C:\Windows\System\SNdlKmJ.exe
  2⤵
  PID:3160
- C:\Windows\System\GyyoMVs.exe
  C:\Windows\System\GyyoMVs.exe
  2⤵
  PID:3280
- C:\Windows\System\zONLQnB.exe
  C:\Windows\System\zONLQnB.exe
  2⤵
  PID:3532
- C:\Windows\System\kVxgGKT.exe
  C:\Windows\System\kVxgGKT.exe
  2⤵
  PID:3632
- C:\Windows\System\ywOKBHl.exe
  C:\Windows\System\ywOKBHl.exe
  2⤵
  PID:3756
- C:\Windows\System\gqeeJfn.exe
  C:\Windows\System\gqeeJfn.exe
  2⤵
  PID:4016
- C:\Windows\System\dNThEfn.exe
  C:\Windows\System\dNThEfn.exe
  2⤵
  PID:1712
- C:\Windows\System\VJwpjFv.exe
  C:\Windows\System\VJwpjFv.exe
  2⤵
  PID:844
- C:\Windows\System\vzdhNSw.exe
  C:\Windows\System\vzdhNSw.exe
  2⤵
  PID:4124
- C:\Windows\System\rOwSfmy.exe
  C:\Windows\System\rOwSfmy.exe
  2⤵
  PID:4180
- C:\Windows\System\XLDKwXc.exe
  C:\Windows\System\XLDKwXc.exe
  2⤵
  PID:4276
- C:\Windows\System\FasHHDM.exe
  C:\Windows\System\FasHHDM.exe
  2⤵
  PID:4320
- C:\Windows\System\IrNDqkO.exe
  C:\Windows\System\IrNDqkO.exe
  2⤵
  PID:4420
- C:\Windows\System\KaMVfrW.exe
  C:\Windows\System\KaMVfrW.exe
  2⤵
  PID:4440
- C:\Windows\System\AXMljVu.exe
  C:\Windows\System\AXMljVu.exe
  2⤵
  PID:4460
- C:\Windows\System\kPfxVaJ.exe
  C:\Windows\System\kPfxVaJ.exe
  2⤵
  PID:4560
- C:\Windows\System\VXaQrDM.exe
  C:\Windows\System\VXaQrDM.exe
  2⤵
  PID:4600
- C:\Windows\System\tScJNLO.exe
  C:\Windows\System\tScJNLO.exe
  2⤵
  PID:4668
- C:\Windows\System\AdpmVVh.exe
  C:\Windows\System\AdpmVVh.exe
  2⤵
  PID:4748
- C:\Windows\System\lFPdHhX.exe
  C:\Windows\System\lFPdHhX.exe
  2⤵
  PID:4744
- C:\Windows\System\ppiIqfJ.exe
  C:\Windows\System\ppiIqfJ.exe
  2⤵
  PID:4828
- C:\Windows\System\VdxSXzZ.exe
  C:\Windows\System\VdxSXzZ.exe
  2⤵
  PID:4904
- C:\Windows\System\ZhqGQrD.exe
  C:\Windows\System\ZhqGQrD.exe
  2⤵
  PID:4932
- C:\Windows\System\nyPvWKU.exe
  C:\Windows\System\nyPvWKU.exe
  2⤵
  PID:4988
- C:\Windows\System\TEUYwYB.exe
  C:\Windows\System\TEUYwYB.exe
  2⤵
  PID:5072
- C:\Windows\System\bPqcRDB.exe
  C:\Windows\System\bPqcRDB.exe
  2⤵
  PID:3080
- C:\Windows\System\EhIVijJ.exe
  C:\Windows\System\EhIVijJ.exe
  2⤵
  PID:3216
- C:\Windows\System\DBicYmv.exe
  C:\Windows\System\DBicYmv.exe
  2⤵
  PID:3636
- C:\Windows\System\TVbLbkj.exe
  C:\Windows\System\TVbLbkj.exe
  2⤵
  PID:3944
- C:\Windows\System\bvjjrIQ.exe
  C:\Windows\System\bvjjrIQ.exe
  2⤵
  PID:1956
- C:\Windows\System\LEYXuEL.exe
  C:\Windows\System\LEYXuEL.exe
  2⤵
  PID:4164
- C:\Windows\System\FGSXJLL.exe
  C:\Windows\System\FGSXJLL.exe
  2⤵
  PID:4224
- C:\Windows\System\SblaecB.exe
  C:\Windows\System\SblaecB.exe
  2⤵
  PID:4260
- C:\Windows\System\mZCAZuz.exe
  C:\Windows\System\mZCAZuz.exe
  2⤵
  PID:4344
- C:\Windows\System\fVFdXrM.exe
  C:\Windows\System\fVFdXrM.exe
  2⤵
  PID:5140
- C:\Windows\System\swcLZVS.exe
  C:\Windows\System\swcLZVS.exe
  2⤵
  PID:5160
- C:\Windows\System\epHjRHN.exe
  C:\Windows\System\epHjRHN.exe
  2⤵
  PID:5180
- C:\Windows\System\riLehZw.exe
  C:\Windows\System\riLehZw.exe
  2⤵
  PID:5200
- C:\Windows\System\uBCRDJq.exe
  C:\Windows\System\uBCRDJq.exe
  2⤵
  PID:5220
- C:\Windows\System\PgPnrrN.exe
  C:\Windows\System\PgPnrrN.exe
  2⤵
  PID:5240
- C:\Windows\System\ozXdfvs.exe
  C:\Windows\System\ozXdfvs.exe
  2⤵
  PID:5260
- C:\Windows\System\hDGwmEw.exe
  C:\Windows\System\hDGwmEw.exe
  2⤵
  PID:5280
- C:\Windows\System\EiyUxNc.exe
  C:\Windows\System\EiyUxNc.exe
  2⤵
  PID:5300
- C:\Windows\System\iTbrQtt.exe
  C:\Windows\System\iTbrQtt.exe
  2⤵
  PID:5320
- C:\Windows\System\yoSBBum.exe
  C:\Windows\System\yoSBBum.exe
  2⤵
  PID:5340
- C:\Windows\System\qsddZcl.exe
  C:\Windows\System\qsddZcl.exe
  2⤵
  PID:5360
- C:\Windows\System\OGASqwS.exe
  C:\Windows\System\OGASqwS.exe
  2⤵
  PID:5380
- C:\Windows\System\xzUCGLe.exe
  C:\Windows\System\xzUCGLe.exe
  2⤵
  PID:5400
- C:\Windows\System\gACPoZM.exe
  C:\Windows\System\gACPoZM.exe
  2⤵
  PID:5420
- C:\Windows\System\mFUmGmi.exe
  C:\Windows\System\mFUmGmi.exe
  2⤵
  PID:5440
- C:\Windows\System\PxGvJUM.exe
  C:\Windows\System\PxGvJUM.exe
  2⤵
  PID:5460
- C:\Windows\System\ZJfrgOL.exe
  C:\Windows\System\ZJfrgOL.exe
  2⤵
  PID:5480
- C:\Windows\System\fmfxNoS.exe
  C:\Windows\System\fmfxNoS.exe
  2⤵
  PID:5500
- C:\Windows\System\XsmyRcG.exe
  C:\Windows\System\XsmyRcG.exe
  2⤵
  PID:5520
- C:\Windows\System\RIPcJpE.exe
  C:\Windows\System\RIPcJpE.exe
  2⤵
  PID:5540
- C:\Windows\System\KWBbBzR.exe
  C:\Windows\System\KWBbBzR.exe
  2⤵
  PID:5560
- C:\Windows\System\VycRkED.exe
  C:\Windows\System\VycRkED.exe
  2⤵
  PID:5580
- C:\Windows\System\TCJwwtw.exe
  C:\Windows\System\TCJwwtw.exe
  2⤵
  PID:5600
- C:\Windows\System\GgXhJWu.exe
  C:\Windows\System\GgXhJWu.exe
  2⤵
  PID:5620
- C:\Windows\System\jNtNSMY.exe
  C:\Windows\System\jNtNSMY.exe
  2⤵
  PID:5640
- C:\Windows\System\KnvOWtG.exe
  C:\Windows\System\KnvOWtG.exe
  2⤵
  PID:5660
- C:\Windows\System\YBjBxJd.exe
  C:\Windows\System\YBjBxJd.exe
  2⤵
  PID:5680
- C:\Windows\System\raoXVng.exe
  C:\Windows\System\raoXVng.exe
  2⤵
  PID:5700
- C:\Windows\System\MOZenWN.exe
  C:\Windows\System\MOZenWN.exe
  2⤵
  PID:5720
- C:\Windows\System\jZgdXBB.exe
  C:\Windows\System\jZgdXBB.exe
  2⤵
  PID:5740
- C:\Windows\System\VdvWfUQ.exe
  C:\Windows\System\VdvWfUQ.exe
  2⤵
  PID:5760
- C:\Windows\System\jLyGuON.exe
  C:\Windows\System\jLyGuON.exe
  2⤵
  PID:5780
- C:\Windows\System\zMbYXvF.exe
  C:\Windows\System\zMbYXvF.exe
  2⤵
  PID:5800
- C:\Windows\System\YIbqugl.exe
  C:\Windows\System\YIbqugl.exe
  2⤵
  PID:5820
- C:\Windows\System\uAdZFXZ.exe
  C:\Windows\System\uAdZFXZ.exe
  2⤵
  PID:5840
- C:\Windows\System\HvyObee.exe
  C:\Windows\System\HvyObee.exe
  2⤵
  PID:5860
- C:\Windows\System\RhwLbVJ.exe
  C:\Windows\System\RhwLbVJ.exe
  2⤵
  PID:5880
- C:\Windows\System\lTzldeu.exe
  C:\Windows\System\lTzldeu.exe
  2⤵
  PID:5900
- C:\Windows\System\buXgGTd.exe
  C:\Windows\System\buXgGTd.exe
  2⤵
  PID:5920
- C:\Windows\System\XWPPvmS.exe
  C:\Windows\System\XWPPvmS.exe
  2⤵
  PID:5940
- C:\Windows\System\olhEzCR.exe
  C:\Windows\System\olhEzCR.exe
  2⤵
  PID:5960
- C:\Windows\System\AHgAWFN.exe
  C:\Windows\System\AHgAWFN.exe
  2⤵
  PID:5980
- C:\Windows\System\GOwNTfV.exe
  C:\Windows\System\GOwNTfV.exe
  2⤵
  PID:6000
- C:\Windows\System\QXOaGrM.exe
  C:\Windows\System\QXOaGrM.exe
  2⤵
  PID:6020
- C:\Windows\System\hHTFnfc.exe
  C:\Windows\System\hHTFnfc.exe
  2⤵
  PID:6040
- C:\Windows\System\isPUNBZ.exe
  C:\Windows\System\isPUNBZ.exe
  2⤵
  PID:6060
- C:\Windows\System\NvbGdbp.exe
  C:\Windows\System\NvbGdbp.exe
  2⤵
  PID:6080
- C:\Windows\System\FXVuYLs.exe
  C:\Windows\System\FXVuYLs.exe
  2⤵
  PID:6100
- C:\Windows\System\JUEeFZs.exe
  C:\Windows\System\JUEeFZs.exe
  2⤵
  PID:6120
- C:\Windows\System\EANjcYX.exe
  C:\Windows\System\EANjcYX.exe
  2⤵
  PID:6140
- C:\Windows\System\jXeIMxW.exe
  C:\Windows\System\jXeIMxW.exe
  2⤵
  PID:4464
- C:\Windows\System\bNzeoDw.exe
  C:\Windows\System\bNzeoDw.exe
  2⤵
  PID:4608
- C:\Windows\System\vOnnmig.exe
  C:\Windows\System\vOnnmig.exe
  2⤵
  PID:4724
- C:\Windows\System\MarWzVZ.exe
  C:\Windows\System\MarWzVZ.exe
  2⤵
  PID:4784
- C:\Windows\System\ZWjUKiP.exe
  C:\Windows\System\ZWjUKiP.exe
  2⤵
  PID:4888
- C:\Windows\System\iizLLxb.exe
  C:\Windows\System\iizLLxb.exe
  2⤵
  PID:4964
- C:\Windows\System\nwotMXm.exe
  C:\Windows\System\nwotMXm.exe
  2⤵
  PID:5088
- C:\Windows\System\zqjugZq.exe
  C:\Windows\System\zqjugZq.exe
  2⤵
  PID:3520
- C:\Windows\System\QcCNNTS.exe
  C:\Windows\System\QcCNNTS.exe
  2⤵
  PID:3884
- C:\Windows\System\NHFbzER.exe
  C:\Windows\System\NHFbzER.exe
  2⤵
  PID:4120
- C:\Windows\System\UiWMXzj.exe
  C:\Windows\System\UiWMXzj.exe
  2⤵
  PID:4296
- C:\Windows\System\mwGYHtD.exe
  C:\Windows\System\mwGYHtD.exe
  2⤵
  PID:4368
- C:\Windows\System\YmhxgtT.exe
  C:\Windows\System\YmhxgtT.exe
  2⤵
  PID:5156
- C:\Windows\System\sBZnSWc.exe
  C:\Windows\System\sBZnSWc.exe
  2⤵
  PID:5172
- C:\Windows\System\omSLAqF.exe
  C:\Windows\System\omSLAqF.exe
  2⤵
  PID:5236
- C:\Windows\System\orKpCSo.exe
  C:\Windows\System\orKpCSo.exe
  2⤵
  PID:5256
- C:\Windows\System\floudbA.exe
  C:\Windows\System\floudbA.exe
  2⤵
  PID:5288
- C:\Windows\System\HhLhOrY.exe
  C:\Windows\System\HhLhOrY.exe
  2⤵
  PID:5312
- C:\Windows\System\cQzmVkE.exe
  C:\Windows\System\cQzmVkE.exe
  2⤵
  PID:5356
- C:\Windows\System\eaBsoKK.exe
  C:\Windows\System\eaBsoKK.exe
  2⤵
  PID:5376
- C:\Windows\System\SrRqnXM.exe
  C:\Windows\System\SrRqnXM.exe
  2⤵
  PID:5416
- C:\Windows\System\XTOWDVk.exe
  C:\Windows\System\XTOWDVk.exe
  2⤵
  PID:5456
- C:\Windows\System\YHlizyE.exe
  C:\Windows\System\YHlizyE.exe
  2⤵
  PID:5488
- C:\Windows\System\HQhfRcB.exe
  C:\Windows\System\HQhfRcB.exe
  2⤵
  PID:5512
- C:\Windows\System\isgOmUY.exe
  C:\Windows\System\isgOmUY.exe
  2⤵
  PID:5556
- C:\Windows\System\PViLLLJ.exe
  C:\Windows\System\PViLLLJ.exe
  2⤵
  PID:5576
- C:\Windows\System\IgOgpLg.exe
  C:\Windows\System\IgOgpLg.exe
  2⤵
  PID:5628
- C:\Windows\System\vRIYppD.exe
  C:\Windows\System\vRIYppD.exe
  2⤵
  PID:5668
- C:\Windows\System\Nwwlbhs.exe
  C:\Windows\System\Nwwlbhs.exe
  2⤵
  PID:5688
- C:\Windows\System\GeoSJHf.exe
  C:\Windows\System\GeoSJHf.exe
  2⤵
  PID:5712
- C:\Windows\System\ubOgcKc.exe
  C:\Windows\System\ubOgcKc.exe
  2⤵
  PID:5756
- C:\Windows\System\NWoijkP.exe
  C:\Windows\System\NWoijkP.exe
  2⤵
  PID:5776
- C:\Windows\System\oXUGdwM.exe
  C:\Windows\System\oXUGdwM.exe
  2⤵
  PID:5828
- C:\Windows\System\XKKiFkY.exe
  C:\Windows\System\XKKiFkY.exe
  2⤵
  PID:5856
- C:\Windows\System\vLxXHHa.exe
  C:\Windows\System\vLxXHHa.exe
  2⤵
  PID:5888
- C:\Windows\System\JQWylFm.exe
  C:\Windows\System\JQWylFm.exe
  2⤵
  PID:5912
- C:\Windows\System\etCJTVa.exe
  C:\Windows\System\etCJTVa.exe
  2⤵
  PID:5956
- C:\Windows\System\ymzNeiG.exe
  C:\Windows\System\ymzNeiG.exe
  2⤵
  PID:5972
- C:\Windows\System\thQjRTV.exe
  C:\Windows\System\thQjRTV.exe
  2⤵
  PID:6028
- C:\Windows\System\rovmVzb.exe
  C:\Windows\System\rovmVzb.exe
  2⤵
  PID:6068
- C:\Windows\System\ypYyoYv.exe
  C:\Windows\System\ypYyoYv.exe
  2⤵
  PID:6088
- C:\Windows\System\SgNkhoG.exe
  C:\Windows\System\SgNkhoG.exe
  2⤵
  PID:6112
- C:\Windows\System\SkqZttc.exe
  C:\Windows\System\SkqZttc.exe
  2⤵
  PID:4500
- C:\Windows\System\ZMGcfFE.exe
  C:\Windows\System\ZMGcfFE.exe
  2⤵
  PID:4644
- C:\Windows\System\LJXeOde.exe
  C:\Windows\System\LJXeOde.exe
  2⤵
  PID:4768
- C:\Windows\System\ZemUydR.exe
  C:\Windows\System\ZemUydR.exe
  2⤵
  PID:5048
- C:\Windows\System\rtEAPRk.exe
  C:\Windows\System\rtEAPRk.exe
  2⤵
  PID:3092
- C:\Windows\System\dBUEUai.exe
  C:\Windows\System\dBUEUai.exe
  2⤵
  PID:1864
- C:\Windows\System\cAqekfb.exe
  C:\Windows\System\cAqekfb.exe
  2⤵
  PID:4196
- C:\Windows\System\nZpMCYz.exe
  C:\Windows\System\nZpMCYz.exe
  2⤵
  PID:5148
- C:\Windows\System\IlfDwbO.exe
  C:\Windows\System\IlfDwbO.exe
  2⤵
  PID:5192
- C:\Windows\System\DJQjzVM.exe
  C:\Windows\System\DJQjzVM.exe
  2⤵
  PID:5272
- C:\Windows\System\myFCtfR.exe
  C:\Windows\System\myFCtfR.exe
  2⤵
  PID:5292
- C:\Windows\System\wscjtcw.exe
  C:\Windows\System\wscjtcw.exe
  2⤵
  PID:5388
- C:\Windows\System\gKksMOi.exe
  C:\Windows\System\gKksMOi.exe
  2⤵
  PID:5408
- C:\Windows\System\nOjzUYs.exe
  C:\Windows\System\nOjzUYs.exe
  2⤵
  PID:5432
- C:\Windows\System\jdRRmfo.exe
  C:\Windows\System\jdRRmfo.exe
  2⤵
  PID:5548
- C:\Windows\System\aiUwJwQ.exe
  C:\Windows\System\aiUwJwQ.exe
  2⤵
  PID:5592
- C:\Windows\System\AOjGiaa.exe
  C:\Windows\System\AOjGiaa.exe
  2⤵
  PID:5648
- C:\Windows\System\LSarpiK.exe
  C:\Windows\System\LSarpiK.exe
  2⤵
  PID:5708
- C:\Windows\System\nINIuJu.exe
  C:\Windows\System\nINIuJu.exe
  2⤵
  PID:5736
- C:\Windows\System\AfDECuK.exe
  C:\Windows\System\AfDECuK.exe
  2⤵
  PID:5816
- C:\Windows\System\mmWufdK.exe
  C:\Windows\System\mmWufdK.exe
  2⤵
  PID:5832
- C:\Windows\System\CGDeOEj.exe
  C:\Windows\System\CGDeOEj.exe
  2⤵
  PID:5916
- C:\Windows\System\qnEpfrC.exe
  C:\Windows\System\qnEpfrC.exe
  2⤵
  PID:5988
- C:\Windows\System\UlYqtqv.exe
  C:\Windows\System\UlYqtqv.exe
  2⤵
  PID:6012
- C:\Windows\System\GbvnXzd.exe
  C:\Windows\System\GbvnXzd.exe
  2⤵
  PID:6076
- C:\Windows\System\FeMAmRI.exe
  C:\Windows\System\FeMAmRI.exe
  2⤵
  PID:6132
- C:\Windows\System\lFoCzfC.exe
  C:\Windows\System\lFoCzfC.exe
  2⤵
  PID:4640
- C:\Windows\System\FZrJwsh.exe
  C:\Windows\System\FZrJwsh.exe
  2⤵
  PID:4820
- C:\Windows\System\yBBVaMN.exe
  C:\Windows\System\yBBVaMN.exe
  2⤵
  PID:3620
- C:\Windows\System\ZaPqOvQ.exe
  C:\Windows\System\ZaPqOvQ.exe
  2⤵
  PID:4384
- C:\Windows\System\GkhRtac.exe
  C:\Windows\System\GkhRtac.exe
  2⤵
  PID:5176
- C:\Windows\System\laapZaE.exe
  C:\Windows\System\laapZaE.exe
  2⤵
  PID:5316
- C:\Windows\System\OZmlJAp.exe
  C:\Windows\System\OZmlJAp.exe
  2⤵
  PID:5368
- C:\Windows\System\ucMoWjn.exe
  C:\Windows\System\ucMoWjn.exe
  2⤵
  PID:5496
- C:\Windows\System\xMfAQxs.exe
  C:\Windows\System\xMfAQxs.exe
  2⤵
  PID:5596
- C:\Windows\System\WzbQHuT.exe
  C:\Windows\System\WzbQHuT.exe
  2⤵
  PID:5656
- C:\Windows\System\UZBvhrj.exe
  C:\Windows\System\UZBvhrj.exe
  2⤵
  PID:6160
- C:\Windows\System\AJspoYo.exe
  C:\Windows\System\AJspoYo.exe
  2⤵
  PID:6180
- C:\Windows\System\UKxBDhc.exe
  C:\Windows\System\UKxBDhc.exe
  2⤵
  PID:6200
- C:\Windows\System\PVAdOwj.exe
  C:\Windows\System\PVAdOwj.exe
  2⤵
  PID:6220
- C:\Windows\System\wMBWoXF.exe
  C:\Windows\System\wMBWoXF.exe
  2⤵
  PID:6240
- C:\Windows\System\kTEewuw.exe
  C:\Windows\System\kTEewuw.exe
  2⤵
  PID:6260
- C:\Windows\System\KHapsDU.exe
  C:\Windows\System\KHapsDU.exe
  2⤵
  PID:6280
- C:\Windows\System\KFAckKn.exe
  C:\Windows\System\KFAckKn.exe
  2⤵
  PID:6300
- C:\Windows\System\qBZgEkr.exe
  C:\Windows\System\qBZgEkr.exe
  2⤵
  PID:6320
- C:\Windows\System\DDoOoQa.exe
  C:\Windows\System\DDoOoQa.exe
  2⤵
  PID:6344
- C:\Windows\System\beQBSoK.exe
  C:\Windows\System\beQBSoK.exe
  2⤵
  PID:6364
- C:\Windows\System\fZHalBW.exe
  C:\Windows\System\fZHalBW.exe
  2⤵
  PID:6384
- C:\Windows\System\becwwZU.exe
  C:\Windows\System\becwwZU.exe
  2⤵
  PID:6404
- C:\Windows\System\jlotRJe.exe
  C:\Windows\System\jlotRJe.exe
  2⤵
  PID:6424
- C:\Windows\System\rQQqsCn.exe
  C:\Windows\System\rQQqsCn.exe
  2⤵
  PID:6444
- C:\Windows\System\gFJAUBG.exe
  C:\Windows\System\gFJAUBG.exe
  2⤵
  PID:6464
- C:\Windows\System\LnssCjp.exe
  C:\Windows\System\LnssCjp.exe
  2⤵
  PID:6484
- C:\Windows\System\evIkKLd.exe
  C:\Windows\System\evIkKLd.exe
  2⤵
  PID:6504
- C:\Windows\System\VsbwjAy.exe
  C:\Windows\System\VsbwjAy.exe
  2⤵
  PID:6524
- C:\Windows\System\HQRVmhe.exe
  C:\Windows\System\HQRVmhe.exe
  2⤵
  PID:6544
- C:\Windows\System\TYJYyCp.exe
  C:\Windows\System\TYJYyCp.exe
  2⤵
  PID:6564
- C:\Windows\System\XLxDxOd.exe
  C:\Windows\System\XLxDxOd.exe
  2⤵
  PID:6584
- C:\Windows\System\cdyXSXq.exe
  C:\Windows\System\cdyXSXq.exe
  2⤵
  PID:6604
- C:\Windows\System\fWgsxDl.exe
  C:\Windows\System\fWgsxDl.exe
  2⤵
  PID:6624
- C:\Windows\System\vLNVjza.exe
  C:\Windows\System\vLNVjza.exe
  2⤵
  PID:6644
- C:\Windows\System\CZbGRvF.exe
  C:\Windows\System\CZbGRvF.exe
  2⤵
  PID:6664
- C:\Windows\System\EsTyifg.exe
  C:\Windows\System\EsTyifg.exe
  2⤵
  PID:6684
- C:\Windows\System\PzGqVPe.exe
  C:\Windows\System\PzGqVPe.exe
  2⤵
  PID:6704
- C:\Windows\System\nisBHNB.exe
  C:\Windows\System\nisBHNB.exe
  2⤵
  PID:6724
- C:\Windows\System\TBhymsW.exe
  C:\Windows\System\TBhymsW.exe
  2⤵
  PID:6744
- C:\Windows\System\DAjvTpy.exe
  C:\Windows\System\DAjvTpy.exe
  2⤵
  PID:6764
- C:\Windows\System\bwqJxkU.exe
  C:\Windows\System\bwqJxkU.exe
  2⤵
  PID:6784
- C:\Windows\System\AwlflOq.exe
  C:\Windows\System\AwlflOq.exe
  2⤵
  PID:6804
- C:\Windows\System\ZlgaGHN.exe
  C:\Windows\System\ZlgaGHN.exe
  2⤵
  PID:6824
- C:\Windows\System\wnZShsN.exe
  C:\Windows\System\wnZShsN.exe
  2⤵
  PID:6844
- C:\Windows\System\GTQAOfR.exe
  C:\Windows\System\GTQAOfR.exe
  2⤵
  PID:6864
- C:\Windows\System\ytubBbI.exe
  C:\Windows\System\ytubBbI.exe
  2⤵
  PID:6884
- C:\Windows\System\hsqcxJW.exe
  C:\Windows\System\hsqcxJW.exe
  2⤵
  PID:6904
- C:\Windows\System\QyOaUgO.exe
  C:\Windows\System\QyOaUgO.exe
  2⤵
  PID:6924
- C:\Windows\System\lHnaxfh.exe
  C:\Windows\System\lHnaxfh.exe
  2⤵
  PID:6944
- C:\Windows\System\EhIIRJT.exe
  C:\Windows\System\EhIIRJT.exe
  2⤵
  PID:6964
- C:\Windows\System\UayHaRq.exe
  C:\Windows\System\UayHaRq.exe
  2⤵
  PID:6984
- C:\Windows\System\wvVETDL.exe
  C:\Windows\System\wvVETDL.exe
  2⤵
  PID:7004
- C:\Windows\System\MWhrSHJ.exe
  C:\Windows\System\MWhrSHJ.exe
  2⤵
  PID:7024
- C:\Windows\System\tSeUKPx.exe
  C:\Windows\System\tSeUKPx.exe
  2⤵
  PID:7044
- C:\Windows\System\CCrVNsf.exe
  C:\Windows\System\CCrVNsf.exe
  2⤵
  PID:7064
- C:\Windows\System\MqbjglY.exe
  C:\Windows\System\MqbjglY.exe
  2⤵
  PID:7084
- C:\Windows\System\HleeSAF.exe
  C:\Windows\System\HleeSAF.exe
  2⤵
  PID:7104
- C:\Windows\System\gtLyTuv.exe
  C:\Windows\System\gtLyTuv.exe
  2⤵
  PID:7124
- C:\Windows\System\CEqDqFJ.exe
  C:\Windows\System\CEqDqFJ.exe
  2⤵
  PID:7144
- C:\Windows\System\VlIpFBJ.exe
  C:\Windows\System\VlIpFBJ.exe
  2⤵
  PID:5652
- C:\Windows\System\MSVPCSw.exe
  C:\Windows\System\MSVPCSw.exe
  2⤵
  PID:5792
- C:\Windows\System\zoDtxfZ.exe
  C:\Windows\System\zoDtxfZ.exe
  2⤵
  PID:5852
- C:\Windows\System\XJOUHyX.exe
  C:\Windows\System\XJOUHyX.exe
  2⤵
  PID:5932
- C:\Windows\System\NIxJhyX.exe
  C:\Windows\System\NIxJhyX.exe
  2⤵
  PID:6072
- C:\Windows\System\ROaqDLu.exe
  C:\Windows\System\ROaqDLu.exe
  2⤵
  PID:6108
- C:\Windows\System\fceAHqk.exe
  C:\Windows\System\fceAHqk.exe
  2⤵
  PID:3136
- C:\Windows\System\qrOfQcT.exe
  C:\Windows\System\qrOfQcT.exe
  2⤵
  PID:4216
- C:\Windows\System\cJbdphd.exe
  C:\Windows\System\cJbdphd.exe
  2⤵
  PID:5268
- C:\Windows\System\kZqjQKU.exe
  C:\Windows\System\kZqjQKU.exe
  2⤵
  PID:5332
- C:\Windows\System\CFFcoEg.exe
  C:\Windows\System\CFFcoEg.exe
  2⤵
  PID:5532
- C:\Windows\System\OqYwQdM.exe
  C:\Windows\System\OqYwQdM.exe
  2⤵
  PID:5608
- C:\Windows\System\tttfJIa.exe
  C:\Windows\System\tttfJIa.exe
  2⤵
  PID:6172
- C:\Windows\System\cwbBDdG.exe
  C:\Windows\System\cwbBDdG.exe
  2⤵
  PID:6216
- C:\Windows\System\tvKVQZJ.exe
  C:\Windows\System\tvKVQZJ.exe
  2⤵
  PID:6248
- C:\Windows\System\bYPGTEu.exe
  C:\Windows\System\bYPGTEu.exe
  2⤵
  PID:6272
- C:\Windows\System\iyJTIvD.exe
  C:\Windows\System\iyJTIvD.exe
  2⤵
  PID:6316
- C:\Windows\System\lGFrWfI.exe
  C:\Windows\System\lGFrWfI.exe
  2⤵
  PID:6332
- C:\Windows\System\PYEjoIM.exe
  C:\Windows\System\PYEjoIM.exe
  2⤵
  PID:6392
- C:\Windows\System\PupfWae.exe
  C:\Windows\System\PupfWae.exe
  2⤵
  PID:6420
- C:\Windows\System\NfsBeub.exe
  C:\Windows\System\NfsBeub.exe
  2⤵
  PID:6452
- C:\Windows\System\RmgMoLf.exe
  C:\Windows\System\RmgMoLf.exe
  2⤵
  PID:6476
- C:\Windows\System\keKNglu.exe
  C:\Windows\System\keKNglu.exe
  2⤵
  PID:6520
- C:\Windows\System\yLeKFjk.exe
  C:\Windows\System\yLeKFjk.exe
  2⤵
  PID:6560
- C:\Windows\System\xeuABUt.exe
  C:\Windows\System\xeuABUt.exe
  2⤵
  PID:6576
- C:\Windows\System\xFdKPJU.exe
  C:\Windows\System\xFdKPJU.exe
  2⤵
  PID:6620
- C:\Windows\System\gAtBElS.exe
  C:\Windows\System\gAtBElS.exe
  2⤵
  PID:6672
- C:\Windows\System\UaZBgIZ.exe
  C:\Windows\System\UaZBgIZ.exe
  2⤵
  PID:6676
- C:\Windows\System\nfsfmOM.exe
  C:\Windows\System\nfsfmOM.exe
  2⤵
  PID:6696
- C:\Windows\System\EyfGmIM.exe
  C:\Windows\System\EyfGmIM.exe
  2⤵
  PID:6752
- C:\Windows\System\hWnfgry.exe
  C:\Windows\System\hWnfgry.exe
  2⤵
  PID:6776
- C:\Windows\System\WLgjiXW.exe
  C:\Windows\System\WLgjiXW.exe
  2⤵
  PID:6820
- C:\Windows\System\rboGdBP.exe
  C:\Windows\System\rboGdBP.exe
  2⤵
  PID:6852
- C:\Windows\System\aqEpAcC.exe
  C:\Windows\System\aqEpAcC.exe
  2⤵
  PID:6876
- C:\Windows\System\ytBieDZ.exe
  C:\Windows\System\ytBieDZ.exe
  2⤵
  PID:6920
- C:\Windows\System\dsGDDvA.exe
  C:\Windows\System\dsGDDvA.exe
  2⤵
  PID:6960
- C:\Windows\System\QcfXeIU.exe
  C:\Windows\System\QcfXeIU.exe
  2⤵
  PID:6980
- C:\Windows\System\hsjSUcM.exe
  C:\Windows\System\hsjSUcM.exe
  2⤵
  PID:7020
- C:\Windows\System\aDQyHOW.exe
  C:\Windows\System\aDQyHOW.exe
  2⤵
  PID:7060
- C:\Windows\System\JxeEiAh.exe
  C:\Windows\System\JxeEiAh.exe
  2⤵
  PID:7092
- C:\Windows\System\CgTSqzS.exe
  C:\Windows\System\CgTSqzS.exe
  2⤵
  PID:7116
- C:\Windows\System\TbCVtcj.exe
  C:\Windows\System\TbCVtcj.exe
  2⤵
  PID:7160
- C:\Windows\System\enZKfYv.exe
  C:\Windows\System\enZKfYv.exe
  2⤵
  PID:5716
- C:\Windows\System\SkWDPUR.exe
  C:\Windows\System\SkWDPUR.exe
  2⤵
  PID:6008
- C:\Windows\System\isrgsjc.exe
  C:\Windows\System\isrgsjc.exe
  2⤵
  PID:4568
- C:\Windows\System\pEtBacL.exe
  C:\Windows\System\pEtBacL.exe
  2⤵
  PID:4428
- C:\Windows\System\BRdRqMn.exe
  C:\Windows\System\BRdRqMn.exe
  2⤵
  PID:4140
- C:\Windows\System\PFEGBWO.exe
  C:\Windows\System\PFEGBWO.exe
  2⤵
  PID:5212
- C:\Windows\System\AUZqBwa.exe
  C:\Windows\System\AUZqBwa.exe
  2⤵
  PID:6168
- C:\Windows\System\ktyAuxB.exe
  C:\Windows\System\ktyAuxB.exe
  2⤵
  PID:6196
- C:\Windows\System\mxcBMJH.exe
  C:\Windows\System\mxcBMJH.exe
  2⤵
  PID:6308
- C:\Windows\System\cCiVoRE.exe
  C:\Windows\System\cCiVoRE.exe
  2⤵
  PID:6352
- C:\Windows\System\krXPlwK.exe
  C:\Windows\System\krXPlwK.exe
  2⤵
  PID:6372
- C:\Windows\System\HZHIYeH.exe
  C:\Windows\System\HZHIYeH.exe
  2⤵
  PID:6396
- C:\Windows\System\JXGCAkT.exe
  C:\Windows\System\JXGCAkT.exe
  2⤵
  PID:6472
- C:\Windows\System\cewgZlh.exe
  C:\Windows\System\cewgZlh.exe
  2⤵
  PID:6556
- C:\Windows\System\mipLUHI.exe
  C:\Windows\System\mipLUHI.exe
  2⤵
  PID:6612
- C:\Windows\System\zPmTGso.exe
  C:\Windows\System\zPmTGso.exe
  2⤵
  PID:6660
- C:\Windows\System\GCdDKPZ.exe
  C:\Windows\System\GCdDKPZ.exe
  2⤵
  PID:6656
- C:\Windows\System\dVFPuqH.exe
  C:\Windows\System\dVFPuqH.exe
  2⤵
  PID:6740
- C:\Windows\System\YQYTeEk.exe
  C:\Windows\System\YQYTeEk.exe
  2⤵
  PID:6796
- C:\Windows\System\bZXbJHa.exe
  C:\Windows\System\bZXbJHa.exe
  2⤵
  PID:6872
- C:\Windows\System\mCJoBPz.exe
  C:\Windows\System\mCJoBPz.exe
  2⤵
  PID:6940
- C:\Windows\System\FLIZCYw.exe
  C:\Windows\System\FLIZCYw.exe
  2⤵
  PID:7000
- C:\Windows\System\puaoiwQ.exe
  C:\Windows\System\puaoiwQ.exe
  2⤵
  PID:7016
- C:\Windows\System\iOVOrcu.exe
  C:\Windows\System\iOVOrcu.exe
  2⤵
  PID:7120
- C:\Windows\System\bxSQjle.exe
  C:\Windows\System\bxSQjle.exe
  2⤵
  PID:7140
- C:\Windows\System\NVqnebJ.exe
  C:\Windows\System\NVqnebJ.exe
  2⤵
  PID:6016
- C:\Windows\System\iUtBbAu.exe
  C:\Windows\System\iUtBbAu.exe
  2⤵
  PID:4704
- C:\Windows\System\ZxFeQuH.exe
  C:\Windows\System\ZxFeQuH.exe
  2⤵
  PID:5536
- C:\Windows\System\sdqCXPm.exe
  C:\Windows\System\sdqCXPm.exe
  2⤵
  PID:6152
- C:\Windows\System\isFljrf.exe
  C:\Windows\System\isFljrf.exe
  2⤵
  PID:6268
- C:\Windows\System\fJaEOEu.exe
  C:\Windows\System\fJaEOEu.exe
  2⤵
  PID:6252
- C:\Windows\System\pQmzzFL.exe
  C:\Windows\System\pQmzzFL.exe
  2⤵
  PID:6436
- C:\Windows\System\Fhwvzqd.exe
  C:\Windows\System\Fhwvzqd.exe
  2⤵
  PID:6580
- C:\Windows\System\fiGnkWQ.exe
  C:\Windows\System\fiGnkWQ.exe
  2⤵
  PID:6700
- C:\Windows\System\DjCLyBK.exe
  C:\Windows\System\DjCLyBK.exe
  2⤵
  PID:6800
- C:\Windows\System\PnsBiRN.exe
  C:\Windows\System\PnsBiRN.exe
  2⤵
  PID:6780
- C:\Windows\System\DHUmXzO.exe
  C:\Windows\System\DHUmXzO.exe
  2⤵
  PID:6896
- C:\Windows\System\BuYcGeR.exe
  C:\Windows\System\BuYcGeR.exe
  2⤵
  PID:7184
- C:\Windows\System\gwWgrqm.exe
  C:\Windows\System\gwWgrqm.exe
  2⤵
  PID:7204
- C:\Windows\System\GClOfcH.exe
  C:\Windows\System\GClOfcH.exe
  2⤵
  PID:7224
- C:\Windows\System\FQutszl.exe
  C:\Windows\System\FQutszl.exe
  2⤵
  PID:7244
- C:\Windows\System\SbnDDmr.exe
  C:\Windows\System\SbnDDmr.exe
  2⤵
  PID:7264
- C:\Windows\System\LEliMnb.exe
  C:\Windows\System\LEliMnb.exe
  2⤵
  PID:7284
- C:\Windows\System\CttgScF.exe
  C:\Windows\System\CttgScF.exe
  2⤵
  PID:7304
- C:\Windows\System\QQZReSo.exe
  C:\Windows\System\QQZReSo.exe
  2⤵
  PID:7324
- C:\Windows\System\TjYMWPc.exe
  C:\Windows\System\TjYMWPc.exe
  2⤵
  PID:7344
- C:\Windows\System\bVKNTwq.exe
  C:\Windows\System\bVKNTwq.exe
  2⤵
  PID:7364
- C:\Windows\System\SmGufDf.exe
  C:\Windows\System\SmGufDf.exe
  2⤵
  PID:7384
- C:\Windows\System\jFyrVsN.exe
  C:\Windows\System\jFyrVsN.exe
  2⤵
  PID:7404
- C:\Windows\System\ZmkLtAv.exe
  C:\Windows\System\ZmkLtAv.exe
  2⤵
  PID:7424
- C:\Windows\System\qbbOwLu.exe
  C:\Windows\System\qbbOwLu.exe
  2⤵
  PID:7444
- C:\Windows\System\UdzCyuh.exe
  C:\Windows\System\UdzCyuh.exe
  2⤵
  PID:7464
- C:\Windows\System\AHwRsAG.exe
  C:\Windows\System\AHwRsAG.exe
  2⤵
  PID:7484
- C:\Windows\System\EowESZX.exe
  C:\Windows\System\EowESZX.exe
  2⤵
  PID:7504
- C:\Windows\System\thKnJBI.exe
  C:\Windows\System\thKnJBI.exe
  2⤵
  PID:7524
- C:\Windows\System\ANiiCmv.exe
  C:\Windows\System\ANiiCmv.exe
  2⤵
  PID:7544
- C:\Windows\System\rqgVbaP.exe
  C:\Windows\System\rqgVbaP.exe
  2⤵
  PID:7564
- C:\Windows\System\HwxpYYG.exe
  C:\Windows\System\HwxpYYG.exe
  2⤵
  PID:7584
- C:\Windows\System\PoLTfWY.exe
  C:\Windows\System\PoLTfWY.exe
  2⤵
  PID:7604
- C:\Windows\System\UMcExJP.exe
  C:\Windows\System\UMcExJP.exe
  2⤵
  PID:7624
- C:\Windows\System\BtQVqJD.exe
  C:\Windows\System\BtQVqJD.exe
  2⤵
  PID:7644
- C:\Windows\System\FeRDrJe.exe
  C:\Windows\System\FeRDrJe.exe
  2⤵
  PID:7664
- C:\Windows\System\ibpQFOu.exe
  C:\Windows\System\ibpQFOu.exe
  2⤵
  PID:7684
- C:\Windows\System\KKuVHYm.exe
  C:\Windows\System\KKuVHYm.exe
  2⤵
  PID:7704
- C:\Windows\System\RdKYGVO.exe
  C:\Windows\System\RdKYGVO.exe
  2⤵
  PID:7724
- C:\Windows\System\GxcAzIu.exe
  C:\Windows\System\GxcAzIu.exe
  2⤵
  PID:7744
- C:\Windows\System\YguHdSb.exe
  C:\Windows\System\YguHdSb.exe
  2⤵
  PID:7768
- C:\Windows\System\ZllsuEp.exe
  C:\Windows\System\ZllsuEp.exe
  2⤵
  PID:7788
- C:\Windows\System\TgeiyWp.exe
  C:\Windows\System\TgeiyWp.exe
  2⤵
  PID:7808
- C:\Windows\System\AGgOZDY.exe
  C:\Windows\System\AGgOZDY.exe
  2⤵
  PID:7828
- C:\Windows\System\ATvEYZP.exe
  C:\Windows\System\ATvEYZP.exe
  2⤵
  PID:7848
- C:\Windows\System\ssEhkpO.exe
  C:\Windows\System\ssEhkpO.exe
  2⤵
  PID:7868
- C:\Windows\System\ktSrSSw.exe
  C:\Windows\System\ktSrSSw.exe
  2⤵
  PID:7888
- C:\Windows\System\UCfwHRN.exe
  C:\Windows\System\UCfwHRN.exe
  2⤵
  PID:7908
- C:\Windows\System\SjoMxmb.exe
  C:\Windows\System\SjoMxmb.exe
  2⤵
  PID:7928
- C:\Windows\System\lhZFGpX.exe
  C:\Windows\System\lhZFGpX.exe
  2⤵
  PID:7948
- C:\Windows\System\DeOsSUH.exe
  C:\Windows\System\DeOsSUH.exe
  2⤵
  PID:7968
- C:\Windows\System\zemygyq.exe
  C:\Windows\System\zemygyq.exe
  2⤵
  PID:7988
- C:\Windows\System\wbMQSfG.exe
  C:\Windows\System\wbMQSfG.exe
  2⤵
  PID:8008
- C:\Windows\System\GHXIsPB.exe
  C:\Windows\System\GHXIsPB.exe
  2⤵
  PID:8028
- C:\Windows\System\weEgXYf.exe
  C:\Windows\System\weEgXYf.exe
  2⤵
  PID:8048
- C:\Windows\System\otoLXYH.exe
  C:\Windows\System\otoLXYH.exe
  2⤵
  PID:8068
- C:\Windows\System\KRpQoQN.exe
  C:\Windows\System\KRpQoQN.exe
  2⤵
  PID:8088
- C:\Windows\System\rLCnWqk.exe
  C:\Windows\System\rLCnWqk.exe
  2⤵
  PID:8108
- C:\Windows\System\BasGTTn.exe
  C:\Windows\System\BasGTTn.exe
  2⤵
  PID:8128
- C:\Windows\System\blBUimt.exe
  C:\Windows\System\blBUimt.exe
  2⤵
  PID:8148
- C:\Windows\System\aQdadOL.exe
  C:\Windows\System\aQdadOL.exe
  2⤵
  PID:8168
- C:\Windows\System\DehaWJe.exe
  C:\Windows\System\DehaWJe.exe
  2⤵
  PID:8188
- C:\Windows\System\ReFXmZY.exe
  C:\Windows\System\ReFXmZY.exe
  2⤵
  PID:6996
- C:\Windows\System\wIICQUT.exe
  C:\Windows\System\wIICQUT.exe
  2⤵
  PID:7080
- C:\Windows\System\ffQOqHq.exe
  C:\Windows\System\ffQOqHq.exe
  2⤵
  PID:5968
- C:\Windows\System\CWzZAJY.exe
  C:\Windows\System\CWzZAJY.exe
  2⤵
  PID:6176
- C:\Windows\System\WonHxtI.exe
  C:\Windows\System\WonHxtI.exe
  2⤵
  PID:6328
- C:\Windows\System\ItgZqAR.exe
  C:\Windows\System\ItgZqAR.exe
  2⤵
  PID:6296
- C:\Windows\System\abLSbPy.exe
  C:\Windows\System\abLSbPy.exe
  2⤵
  PID:6512
- C:\Windows\System\hvinGZX.exe
  C:\Windows\System\hvinGZX.exe
  2⤵
  PID:6572
- C:\Windows\System\epnUMmb.exe
  C:\Windows\System\epnUMmb.exe
  2⤵
  PID:6880
- C:\Windows\System\FMplMEA.exe
  C:\Windows\System\FMplMEA.exe
  2⤵
  PID:7172
- C:\Windows\System\IFHtEkY.exe
  C:\Windows\System\IFHtEkY.exe
  2⤵
  PID:7196
- C:\Windows\System\esbzPYz.exe
  C:\Windows\System\esbzPYz.exe
  2⤵
  PID:7220
- C:\Windows\System\xhEbwxn.exe
  C:\Windows\System\xhEbwxn.exe
  2⤵
  PID:7256
- C:\Windows\System\JxicZWi.exe
  C:\Windows\System\JxicZWi.exe
  2⤵
  PID:7300
- C:\Windows\System\TYJAJwd.exe
  C:\Windows\System\TYJAJwd.exe
  2⤵
  PID:7336
- C:\Windows\System\WnxSAbr.exe
  C:\Windows\System\WnxSAbr.exe
  2⤵
  PID:7400
- C:\Windows\System\lgEYVhH.exe
  C:\Windows\System\lgEYVhH.exe
  2⤵
  PID:7412
- C:\Windows\System\GuoKHas.exe
  C:\Windows\System\GuoKHas.exe
  2⤵
  PID:7416
- C:\Windows\System\mleNIGV.exe
  C:\Windows\System\mleNIGV.exe
  2⤵
  PID:7456
- C:\Windows\System\qywzLdA.exe
  C:\Windows\System\qywzLdA.exe
  2⤵
  PID:7500
- C:\Windows\System\YtlkjMG.exe
  C:\Windows\System\YtlkjMG.exe
  2⤵
  PID:7540
- C:\Windows\System\XzKSTqa.exe
  C:\Windows\System\XzKSTqa.exe
  2⤵
  PID:7572
- C:\Windows\System\dNDibhE.exe
  C:\Windows\System\dNDibhE.exe
  2⤵
  PID:7596
- C:\Windows\System\mmCMeXN.exe
  C:\Windows\System\mmCMeXN.exe
  2⤵
  PID:7616
- C:\Windows\System\ZzuKGge.exe
  C:\Windows\System\ZzuKGge.exe
  2⤵
  PID:7656
- C:\Windows\System\LfxdFoo.exe
  C:\Windows\System\LfxdFoo.exe
  2⤵
  PID:7700
- C:\Windows\System\gPWyHeT.exe
  C:\Windows\System\gPWyHeT.exe
  2⤵
  PID:7740
- C:\Windows\System\ZrQGBNi.exe
  C:\Windows\System\ZrQGBNi.exe
  2⤵
  PID:7776
- C:\Windows\System\HJivShW.exe
  C:\Windows\System\HJivShW.exe
  2⤵
  PID:7780
- C:\Windows\System\lIzZDib.exe
  C:\Windows\System\lIzZDib.exe
  2⤵
  PID:7844
- C:\Windows\System\oYLLHOB.exe
  C:\Windows\System\oYLLHOB.exe
  2⤵
  PID:7880
- C:\Windows\System\UTQhQJh.exe
  C:\Windows\System\UTQhQJh.exe
  2⤵
  PID:7924
- C:\Windows\System\KvOWcrS.exe
  C:\Windows\System\KvOWcrS.exe
  2⤵
  PID:7956
- C:\Windows\System\TeuffNI.exe
  C:\Windows\System\TeuffNI.exe
  2⤵
  PID:7976
- C:\Windows\System\hjSpUGJ.exe
  C:\Windows\System\hjSpUGJ.exe
  2⤵
  PID:8000
- C:\Windows\System\zjCtMiO.exe
  C:\Windows\System\zjCtMiO.exe
  2⤵
  PID:8020
- C:\Windows\System\KJeEYVC.exe
  C:\Windows\System\KJeEYVC.exe
  2⤵
  PID:8080
- C:\Windows\System\xrTTNrZ.exe
  C:\Windows\System\xrTTNrZ.exe
  2⤵
  PID:8096
- C:\Windows\System\tkFKLty.exe
  C:\Windows\System\tkFKLty.exe
  2⤵
  PID:8144
- C:\Windows\System\XVJKJlH.exe
  C:\Windows\System\XVJKJlH.exe
  2⤵
  PID:8140
- C:\Windows\System\ZXOXvMM.exe
  C:\Windows\System\ZXOXvMM.exe
  2⤵
  PID:7052
- C:\Windows\System\WAccCwI.exe
  C:\Windows\System\WAccCwI.exe
  2⤵
  PID:7152
- C:\Windows\System\wXdjPIn.exe
  C:\Windows\System\wXdjPIn.exe
  2⤵
  PID:5948
- C:\Windows\System\MpryAvX.exe
  C:\Windows\System\MpryAvX.exe
  2⤵
  PID:6412
- C:\Windows\System\pZNyovS.exe
  C:\Windows\System\pZNyovS.exe
  2⤵
  PID:2528
- C:\Windows\System\YPrUJGM.exe
  C:\Windows\System\YPrUJGM.exe
  2⤵
  PID:6736
- C:\Windows\System\VkPmhFE.exe
  C:\Windows\System\VkPmhFE.exe
  2⤵
  PID:6952
- C:\Windows\System\vjiYBjR.exe
  C:\Windows\System\vjiYBjR.exe
  2⤵
  PID:7240
- C:\Windows\System\WNoHKcb.exe
  C:\Windows\System\WNoHKcb.exe
  2⤵
  PID:7292
- C:\Windows\System\BZuvsSK.exe
  C:\Windows\System\BZuvsSK.exe
  2⤵
  PID:7360
- C:\Windows\System\TIhLvCx.exe
  C:\Windows\System\TIhLvCx.exe
  2⤵
  PID:7432
- C:\Windows\System\RLBamAo.exe
  C:\Windows\System\RLBamAo.exe
  2⤵
  PID:7436
- C:\Windows\System\VkjVGfP.exe
  C:\Windows\System\VkjVGfP.exe
  2⤵
  PID:7492
- C:\Windows\System\EqnRkyg.exe
  C:\Windows\System\EqnRkyg.exe
  2⤵
  PID:7556
- C:\Windows\System\HfsoAor.exe
  C:\Windows\System\HfsoAor.exe
  2⤵
  PID:7620
- C:\Windows\System\jPzzeoj.exe
  C:\Windows\System\jPzzeoj.exe
  2⤵
  PID:7732
- C:\Windows\System\KWmxRwn.exe
  C:\Windows\System\KWmxRwn.exe
  2⤵
  PID:7756
- C:\Windows\System\hMquqKK.exe
  C:\Windows\System\hMquqKK.exe
  2⤵
  PID:7800
- C:\Windows\System\bDWnAmM.exe
  C:\Windows\System\bDWnAmM.exe
  2⤵
  PID:7820
- C:\Windows\System\EUqSfAR.exe
  C:\Windows\System\EUqSfAR.exe
  2⤵
  PID:2424
- C:\Windows\System\FMuvTEf.exe
  C:\Windows\System\FMuvTEf.exe
  2⤵
  PID:7980
- C:\Windows\System\vIWIUKD.exe
  C:\Windows\System\vIWIUKD.exe
  2⤵
  PID:1012
- C:\Windows\System\fNqYjRp.exe
  C:\Windows\System\fNqYjRp.exe
  2⤵
  PID:8076
- C:\Windows\System\LDNzJzQ.exe
  C:\Windows\System\LDNzJzQ.exe
  2⤵
  PID:8156
- C:\Windows\System\yUHgVnN.exe
  C:\Windows\System\yUHgVnN.exe
  2⤵
  PID:6972
- C:\Windows\System\MNLTJiR.exe
  C:\Windows\System\MNLTJiR.exe
  2⤵
  PID:8180
- C:\Windows\System\NPgAawc.exe
  C:\Windows\System\NPgAawc.exe
  2⤵
  PID:5848
- C:\Windows\System\HWiLbss.exe
  C:\Windows\System\HWiLbss.exe
  2⤵
  PID:6500
- C:\Windows\System\cBVoiWh.exe
  C:\Windows\System\cBVoiWh.exe
  2⤵
  PID:7200
- C:\Windows\System\hiKJWch.exe
  C:\Windows\System\hiKJWch.exe
  2⤵
  PID:7252
- C:\Windows\System\LnFDWnv.exe
  C:\Windows\System\LnFDWnv.exe
  2⤵
  PID:7380
- C:\Windows\System\UPVdHUk.exe
  C:\Windows\System\UPVdHUk.exe
  2⤵
  PID:7356
- C:\Windows\System\eRxyogY.exe
  C:\Windows\System\eRxyogY.exe
  2⤵
  PID:7476
- C:\Windows\System\TQGLdyn.exe
  C:\Windows\System\TQGLdyn.exe
  2⤵
  PID:7652
- C:\Windows\System\vzUjLNT.exe
  C:\Windows\System\vzUjLNT.exe
  2⤵
  PID:7660
- C:\Windows\System\DnglnoR.exe
  C:\Windows\System\DnglnoR.exe
  2⤵
  PID:7712
- C:\Windows\System\DiKSbCI.exe
  C:\Windows\System\DiKSbCI.exe
  2⤵
  PID:7884
- C:\Windows\System\QkHUWkB.exe
  C:\Windows\System\QkHUWkB.exe
  2⤵
  PID:8004
- C:\Windows\System\TqBThvX.exe
  C:\Windows\System\TqBThvX.exe
  2⤵
  PID:8084
- C:\Windows\System\IHAbbsJ.exe
  C:\Windows\System\IHAbbsJ.exe
  2⤵
  PID:8120
- C:\Windows\System\ggFwvIW.exe
  C:\Windows\System\ggFwvIW.exe
  2⤵
  PID:8184
- C:\Windows\System\LHRIaDV.exe
  C:\Windows\System\LHRIaDV.exe
  2⤵
  PID:8212
- C:\Windows\System\BtmgLjc.exe
  C:\Windows\System\BtmgLjc.exe
  2⤵
  PID:8232
- C:\Windows\System\UFEBPGu.exe
  C:\Windows\System\UFEBPGu.exe
  2⤵
  PID:8252
- C:\Windows\System\AcnuuqP.exe
  C:\Windows\System\AcnuuqP.exe
  2⤵
  PID:8272
- C:\Windows\System\hDvGmfN.exe
  C:\Windows\System\hDvGmfN.exe
  2⤵
  PID:8292
- C:\Windows\System\pcyORBZ.exe
  C:\Windows\System\pcyORBZ.exe
  2⤵
  PID:8340
- C:\Windows\System\YSGPvRj.exe
  C:\Windows\System\YSGPvRj.exe
  2⤵
  PID:8356
- C:\Windows\System\yiaqMfh.exe
  C:\Windows\System\yiaqMfh.exe
  2⤵
  PID:8372
- C:\Windows\System\ibDSPUl.exe
  C:\Windows\System\ibDSPUl.exe
  2⤵
  PID:8392
- C:\Windows\System\AfZzvQQ.exe
  C:\Windows\System\AfZzvQQ.exe
  2⤵
  PID:8408
- C:\Windows\System\GuDILUr.exe
  C:\Windows\System\GuDILUr.exe
  2⤵
  PID:8424
- C:\Windows\System\XqebPyi.exe
  C:\Windows\System\XqebPyi.exe
  2⤵
  PID:8452
- C:\Windows\System\VpaMdls.exe
  C:\Windows\System\VpaMdls.exe
  2⤵
  PID:8468
- C:\Windows\System\QCgGNbV.exe
  C:\Windows\System\QCgGNbV.exe
  2⤵
  PID:8484
- C:\Windows\System\jqNQbzC.exe
  C:\Windows\System\jqNQbzC.exe
  2⤵
  PID:8504
- C:\Windows\System\xIdrKGL.exe
  C:\Windows\System\xIdrKGL.exe
  2⤵
  PID:8520
- C:\Windows\System\fJAthGh.exe
  C:\Windows\System\fJAthGh.exe
  2⤵
  PID:8536
- C:\Windows\System\hLxwWJU.exe
  C:\Windows\System\hLxwWJU.exe
  2⤵
  PID:8552
- C:\Windows\System\ezWoKjY.exe
  C:\Windows\System\ezWoKjY.exe
  2⤵
  PID:8572
- C:\Windows\System\uQZyspG.exe
  C:\Windows\System\uQZyspG.exe
  2⤵
  PID:8624
- C:\Windows\System\TMeIzzm.exe
  C:\Windows\System\TMeIzzm.exe
  2⤵
  PID:8644
- C:\Windows\System\OrKnvBu.exe
  C:\Windows\System\OrKnvBu.exe
  2⤵
  PID:8664
- C:\Windows\System\PNQQnJl.exe
  C:\Windows\System\PNQQnJl.exe
  2⤵
  PID:8680
- C:\Windows\System\BCKMUhb.exe
  C:\Windows\System\BCKMUhb.exe
  2⤵
  PID:8696
- C:\Windows\System\ONuinIl.exe
  C:\Windows\System\ONuinIl.exe
  2⤵
  PID:8720
- C:\Windows\System\zfnRaZx.exe
  C:\Windows\System\zfnRaZx.exe
  2⤵
  PID:8736
- C:\Windows\System\xneoOjJ.exe
  C:\Windows\System\xneoOjJ.exe
  2⤵
  PID:8756
- C:\Windows\System\MEdZBNK.exe
  C:\Windows\System\MEdZBNK.exe
  2⤵
  PID:8772
- C:\Windows\System\OUurVAy.exe
  C:\Windows\System\OUurVAy.exe
  2⤵
  PID:8788
- C:\Windows\System\TTgDpGE.exe
  C:\Windows\System\TTgDpGE.exe
  2⤵
  PID:8804
- C:\Windows\System\pFrIMcG.exe
  C:\Windows\System\pFrIMcG.exe
  2⤵
  PID:8820
- C:\Windows\System\qqVslVg.exe
  C:\Windows\System\qqVslVg.exe
  2⤵
  PID:8836
- C:\Windows\System\qRmBIam.exe
  C:\Windows\System\qRmBIam.exe
  2⤵
  PID:8852
- C:\Windows\System\PNhohol.exe
  C:\Windows\System\PNhohol.exe
  2⤵
  PID:8868
- C:\Windows\System\YfmtBrH.exe
  C:\Windows\System\YfmtBrH.exe
  2⤵
  PID:8884
- C:\Windows\System\wceopra.exe
  C:\Windows\System\wceopra.exe
  2⤵
  PID:8900
- C:\Windows\System\UKoNoYY.exe
  C:\Windows\System\UKoNoYY.exe
  2⤵
  PID:8916
- C:\Windows\System\rEWgsok.exe
  C:\Windows\System\rEWgsok.exe
  2⤵
  PID:8932
- C:\Windows\System\GgHShPL.exe
  C:\Windows\System\GgHShPL.exe
  2⤵
  PID:8948
- C:\Windows\System\SekAfNU.exe
  C:\Windows\System\SekAfNU.exe
  2⤵
  PID:8968
- C:\Windows\System\mZFpIol.exe
  C:\Windows\System\mZFpIol.exe
  2⤵
  PID:8992
- C:\Windows\System\GtieIvE.exe
  C:\Windows\System\GtieIvE.exe
  2⤵
  PID:9044
- C:\Windows\System\yCsoGTR.exe
  C:\Windows\System\yCsoGTR.exe
  2⤵
  PID:9060
- C:\Windows\System\dUgrRhr.exe
  C:\Windows\System\dUgrRhr.exe
  2⤵
  PID:9096
- C:\Windows\System\anDBSUD.exe
  C:\Windows\System\anDBSUD.exe
  2⤵
  PID:9160
- C:\Windows\System\VnRdoso.exe
  C:\Windows\System\VnRdoso.exe
  2⤵
  PID:9184
- C:\Windows\System\JcUVocz.exe
  C:\Windows\System\JcUVocz.exe
  2⤵
  PID:9200
- C:\Windows\System\uhirZnS.exe
  C:\Windows\System\uhirZnS.exe
  2⤵
  PID:8136
- C:\Windows\System\QLoUIbG.exe
  C:\Windows\System\QLoUIbG.exe
  2⤵
  PID:5876
- C:\Windows\System\DzXQSUY.exe
  C:\Windows\System\DzXQSUY.exe
  2⤵
  PID:2040
- C:\Windows\System\hnnMlzw.exe
  C:\Windows\System\hnnMlzw.exe
  2⤵
  PID:7376
- C:\Windows\System\XxeAGMr.exe
  C:\Windows\System\XxeAGMr.exe
  2⤵
  PID:7600
- C:\Windows\System\kDYrnJf.exe
  C:\Windows\System\kDYrnJf.exe
  2⤵
  PID:7560
- C:\Windows\System\jlmsnfC.exe
  C:\Windows\System\jlmsnfC.exe
  2⤵
  PID:7764
- C:\Windows\System\xOEUHln.exe
  C:\Windows\System\xOEUHln.exe
  2⤵
  PID:7824
- C:\Windows\System\xdvhmMF.exe
  C:\Windows\System\xdvhmMF.exe
  2⤵
  PID:7960
- C:\Windows\System\PngTGVK.exe
  C:\Windows\System\PngTGVK.exe
  2⤵
  PID:7940
- C:\Windows\System\dZUzSUF.exe
  C:\Windows\System\dZUzSUF.exe
  2⤵
  PID:8200
- C:\Windows\System\XYGqNIb.exe
  C:\Windows\System\XYGqNIb.exe
  2⤵
  PID:8228
- C:\Windows\System\HEtxBBM.exe
  C:\Windows\System\HEtxBBM.exe
  2⤵
  PID:8248
- C:\Windows\System\KPENHdW.exe
  C:\Windows\System\KPENHdW.exe
  2⤵
  PID:8280
- C:\Windows\System\zmLRVmZ.exe
  C:\Windows\System\zmLRVmZ.exe
  2⤵
  PID:8304
- C:\Windows\System\xkzBBLN.exe
  C:\Windows\System\xkzBBLN.exe
  2⤵
  PID:3000
- C:\Windows\System\lxWSNKL.exe
  C:\Windows\System\lxWSNKL.exe
  2⤵
  PID:2668
- C:\Windows\System\YOtCnXN.exe
  C:\Windows\System\YOtCnXN.exe
  2⤵
  PID:2848
- C:\Windows\System\qmeZcul.exe
  C:\Windows\System\qmeZcul.exe
  2⤵
  PID:1320
- C:\Windows\System\GqaGBbI.exe
  C:\Windows\System\GqaGBbI.exe
  2⤵
  PID:1092
- C:\Windows\System\pVzkZnQ.exe
  C:\Windows\System\pVzkZnQ.exe
  2⤵
  PID:768
- C:\Windows\System\mPALcGu.exe
  C:\Windows\System\mPALcGu.exe
  2⤵
  PID:1720
- C:\Windows\System\NIiZfCZ.exe
  C:\Windows\System\NIiZfCZ.exe
  2⤵
  PID:1852
- C:\Windows\System\RnWfEVo.exe
  C:\Windows\System\RnWfEVo.exe
  2⤵
  PID:2352
- C:\Windows\System\WoeXrYd.exe
  C:\Windows\System\WoeXrYd.exe
  2⤵
  PID:8336
- C:\Windows\System\xtjSEwW.exe
  C:\Windows\System\xtjSEwW.exe
  2⤵
  PID:8364
- C:\Windows\System\jDbJTEs.exe
  C:\Windows\System\jDbJTEs.exe
  2⤵
  PID:8400
- C:\Windows\System\wgwOHnQ.exe
  C:\Windows\System\wgwOHnQ.exe
  2⤵
  PID:8348
- C:\Windows\System\vVsrrTZ.exe
  C:\Windows\System\vVsrrTZ.exe
  2⤵
  PID:2876
- C:\Windows\System\bqlQbSL.exe
  C:\Windows\System\bqlQbSL.exe
  2⤵
  PID:8416
- C:\Windows\System\YRwAtkB.exe
  C:\Windows\System\YRwAtkB.exe
  2⤵
  PID:8460
- C:\Windows\System\hxGwPfE.exe
  C:\Windows\System\hxGwPfE.exe
  2⤵
  PID:8492
- C:\Windows\System\GyfWoXW.exe
  C:\Windows\System\GyfWoXW.exe
  2⤵
  PID:8544
- C:\Windows\System\ffMliUm.exe
  C:\Windows\System\ffMliUm.exe
  2⤵
  PID:2192
- C:\Windows\System\ETYchyY.exe
  C:\Windows\System\ETYchyY.exe
  2⤵
  PID:8564
- C:\Windows\System\TCUPPcF.exe
  C:\Windows\System\TCUPPcF.exe
  2⤵
  PID:2028
- C:\Windows\System\cAjAXFR.exe
  C:\Windows\System\cAjAXFR.exe
  2⤵
  PID:8676
- C:\Windows\System\EyHeKxg.exe
  C:\Windows\System\EyHeKxg.exe
  2⤵
  PID:8744
- C:\Windows\System\XJpGioG.exe
  C:\Windows\System\XJpGioG.exe
  2⤵
  PID:8816
- C:\Windows\System\GsbEvXB.exe
  C:\Windows\System\GsbEvXB.exe
  2⤵
  PID:8880
- C:\Windows\System\rAOROBv.exe
  C:\Windows\System\rAOROBv.exe
  2⤵
  PID:8796
- C:\Windows\System\kpdAPIa.exe
  C:\Windows\System\kpdAPIa.exe
  2⤵
  PID:8908
- C:\Windows\System\QgxrmvJ.exe
  C:\Windows\System\QgxrmvJ.exe
  2⤵
  PID:8580
- C:\Windows\System\yIfgdfy.exe
  C:\Windows\System\yIfgdfy.exe
  2⤵
  PID:8596
- C:\Windows\System\AmjjYoa.exe
  C:\Windows\System\AmjjYoa.exe
  2⤵
  PID:8612
- C:\Windows\System\LpobbHF.exe
  C:\Windows\System\LpobbHF.exe
  2⤵
  PID:8656
- C:\Windows\System\NcLPcjL.exe
  C:\Windows\System\NcLPcjL.exe
  2⤵
  PID:8732
- C:\Windows\System\hAYATyV.exe
  C:\Windows\System\hAYATyV.exe
  2⤵
  PID:8864
- C:\Windows\System\VuOCWMe.exe
  C:\Windows\System\VuOCWMe.exe
  2⤵
  PID:8956
- C:\Windows\System\LfQWijC.exe
  C:\Windows\System\LfQWijC.exe
  2⤵
  PID:9040
- C:\Windows\System\yWNdMoH.exe
  C:\Windows\System\yWNdMoH.exe
  2⤵
  PID:9068
- C:\Windows\System\dRBsiyf.exe
  C:\Windows\System\dRBsiyf.exe
  2⤵
  PID:9088
- C:\Windows\System\QKmPyDl.exe
  C:\Windows\System\QKmPyDl.exe
  2⤵
  PID:9112
- C:\Windows\System\CuxHOQy.exe
  C:\Windows\System\CuxHOQy.exe
  2⤵
  PID:9128
- C:\Windows\System\jwtKSpV.exe
  C:\Windows\System\jwtKSpV.exe
  2⤵
  PID:9140
- C:\Windows\System\FArrgwM.exe
  C:\Windows\System\FArrgwM.exe
  2⤵
  PID:9156
- C:\Windows\System\FPFYaRj.exe
  C:\Windows\System\FPFYaRj.exe
  2⤵
  PID:9176
- C:\Windows\System\LoRPYGM.exe
  C:\Windows\System\LoRPYGM.exe
  2⤵
  PID:9212
- C:\Windows\System\soCnYij.exe
  C:\Windows\System\soCnYij.exe
  2⤵
  PID:7136
- C:\Windows\System\APzCnSO.exe
  C:\Windows\System\APzCnSO.exe
  2⤵
  PID:7176
- C:\Windows\System\ueFGmma.exe
  C:\Windows\System\ueFGmma.exe
  2⤵
  PID:7320
- C:\Windows\System\jurLQYc.exe
  C:\Windows\System\jurLQYc.exe
  2⤵
  PID:8124
- C:\Windows\System\YYhgfXh.exe
  C:\Windows\System\YYhgfXh.exe
  2⤵
  PID:8268
- C:\Windows\System\OVnUhTY.exe
  C:\Windows\System\OVnUhTY.exe
  2⤵
  PID:2920
- C:\Windows\System\YrzGqiW.exe
  C:\Windows\System\YrzGqiW.exe
  2⤵
  PID:2820
- C:\Windows\System\lgboKpz.exe
  C:\Windows\System\lgboKpz.exe
  2⤵
  PID:2092
- C:\Windows\System\zreUPWR.exe
  C:\Windows\System\zreUPWR.exe
  2⤵
  PID:8848
- C:\Windows\System\jfZtFGU.exe
  C:\Windows\System\jfZtFGU.exe
  2⤵
  PID:8588
- C:\Windows\System\LGEmkiv.exe
  C:\Windows\System\LGEmkiv.exe
  2⤵
  PID:8652
- C:\Windows\System\WcWdEEC.exe
  C:\Windows\System\WcWdEEC.exe
  2⤵
  PID:8608
- C:\Windows\System\ZhPncqG.exe
  C:\Windows\System\ZhPncqG.exe
  2⤵
  PID:9000
- C:\Windows\System\taucdMw.exe
  C:\Windows\System\taucdMw.exe
  2⤵
  PID:9052
- C:\Windows\System\eukRcPx.exe
  C:\Windows\System\eukRcPx.exe
  2⤵
  PID:9084
- C:\Windows\System\CzkeJjd.exe
  C:\Windows\System\CzkeJjd.exe
  2⤵
  PID:9132
- C:\Windows\System\iHQQpJH.exe
  C:\Windows\System\iHQQpJH.exe
  2⤵
  PID:9180
- C:\Windows\System\VfaqesM.exe
  C:\Windows\System\VfaqesM.exe
  2⤵
  PID:9120
- C:\Windows\System\bxKbuHM.exe
  C:\Windows\System\bxKbuHM.exe
  2⤵
  PID:9196
- C:\Windows\System\mSkYhnE.exe
  C:\Windows\System\mSkYhnE.exe
  2⤵
  PID:8984
- C:\Windows\System\XIzPTtv.exe
  C:\Windows\System\XIzPTtv.exe
  2⤵
  PID:7672
- C:\Windows\System\RFiNptq.exe
  C:\Windows\System\RFiNptq.exe
  2⤵
  PID:7896
- C:\Windows\System\BNLooeG.exe
  C:\Windows\System\BNLooeG.exe
  2⤵
  PID:7720
- C:\Windows\System\WYaiaYp.exe
  C:\Windows\System\WYaiaYp.exe
  2⤵
  PID:8220
- C:\Windows\System\CTtLhjM.exe
  C:\Windows\System\CTtLhjM.exe
  2⤵
  PID:2768
- C:\Windows\System\dxKXtEN.exe
  C:\Windows\System\dxKXtEN.exe
  2⤵
  PID:2064
- C:\Windows\System\DAMMGZV.exe
  C:\Windows\System\DAMMGZV.exe
  2⤵
  PID:2228
- C:\Windows\System\GzUBkHI.exe
  C:\Windows\System\GzUBkHI.exe
  2⤵
  PID:8480
- C:\Windows\System\xLVDfmK.exe
  C:\Windows\System\xLVDfmK.exe
  2⤵
  PID:7984
- C:\Windows\System\dwWBWQm.exe
  C:\Windows\System\dwWBWQm.exe
  2⤵
  PID:8568
- C:\Windows\System\wWaeWSr.exe
  C:\Windows\System\wWaeWSr.exe
  2⤵
  PID:3052
- C:\Windows\System\hVMmUBX.exe
  C:\Windows\System\hVMmUBX.exe
  2⤵
  PID:2852
- C:\Windows\System\gTwUIRV.exe
  C:\Windows\System\gTwUIRV.exe
  2⤵
  PID:8464
- C:\Windows\System\LgaLGeA.exe
  C:\Windows\System\LgaLGeA.exe
  2⤵
  PID:6632
- C:\Windows\System\YinhGkU.exe
  C:\Windows\System\YinhGkU.exe
  2⤵
  PID:8560
- C:\Windows\System\YXTBaRn.exe
  C:\Windows\System\YXTBaRn.exe
  2⤵
  PID:8860
- C:\Windows\System\ZDNBTNs.exe
  C:\Windows\System\ZDNBTNs.exe
  2⤵
  PID:8728
- C:\Windows\System\pAzCkBb.exe
  C:\Windows\System\pAzCkBb.exe
  2⤵
  PID:8604
- C:\Windows\System\VEEqjri.exe
  C:\Windows\System\VEEqjri.exe
  2⤵
  PID:7272
- C:\Windows\System\kLdcdlv.exe
  C:\Windows\System\kLdcdlv.exe
  2⤵
  PID:8436
- C:\Windows\System\tnPtwFe.exe
  C:\Windows\System\tnPtwFe.exe
  2⤵
  PID:2108
- C:\Windows\System\sfjNyBL.exe
  C:\Windows\System\sfjNyBL.exe
  2⤵
  PID:6156
- C:\Windows\System\untwdhb.exe
  C:\Windows\System\untwdhb.exe
  2⤵
  PID:9148
- C:\Windows\System\jDBZCGs.exe
  C:\Windows\System\jDBZCGs.exe
  2⤵
  PID:7516
- C:\Windows\System\tUNxsMd.exe
  C:\Windows\System\tUNxsMd.exe
  2⤵
  PID:2616
- C:\Windows\System\vgJwujX.exe
  C:\Windows\System\vgJwujX.exe
  2⤵
  PID:1032
- C:\Windows\System\MuJYIiu.exe
  C:\Windows\System\MuJYIiu.exe
  2⤵
  PID:2608
- C:\Windows\System\OyqNlFu.exe
  C:\Windows\System\OyqNlFu.exe
  2⤵
  PID:8876
- C:\Windows\System\QcrHajn.exe
  C:\Windows\System\QcrHajn.exe
  2⤵
  PID:2656
- C:\Windows\System\AaqscTT.exe
  C:\Windows\System\AaqscTT.exe
  2⤵
  PID:9228
- C:\Windows\System\URPVmeu.exe
  C:\Windows\System\URPVmeu.exe
  2⤵
  PID:9244
- C:\Windows\System\iyGsVFa.exe
  C:\Windows\System\iyGsVFa.exe
  2⤵
  PID:9260
- C:\Windows\System\lnjGtwL.exe
  C:\Windows\System\lnjGtwL.exe
  2⤵
  PID:9276
- C:\Windows\System\MnVqvjF.exe
  C:\Windows\System\MnVqvjF.exe
  2⤵
  PID:9292
- C:\Windows\System\aziFjdF.exe
  C:\Windows\System\aziFjdF.exe
  2⤵
  PID:9308
- C:\Windows\System\WQYirjW.exe
  C:\Windows\System\WQYirjW.exe
  2⤵
  PID:9324
- C:\Windows\System\TLkrjrT.exe
  C:\Windows\System\TLkrjrT.exe
  2⤵
  PID:9340
- C:\Windows\System\ylWumyu.exe
  C:\Windows\System\ylWumyu.exe
  2⤵
  PID:9360
- C:\Windows\System\EKcGGbY.exe
  C:\Windows\System\EKcGGbY.exe
  2⤵
  PID:9376
- C:\Windows\System\LipZrGd.exe
  C:\Windows\System\LipZrGd.exe
  2⤵
  PID:9400
- C:\Windows\System\guWUciF.exe
  C:\Windows\System\guWUciF.exe
  2⤵
  PID:9416
- C:\Windows\System\WxiVkAL.exe
  C:\Windows\System\WxiVkAL.exe
  2⤵
  PID:9432
- C:\Windows\System\uHzRSbY.exe
  C:\Windows\System\uHzRSbY.exe
  2⤵
  PID:9448
- C:\Windows\System\RNUrjse.exe
  C:\Windows\System\RNUrjse.exe
  2⤵
  PID:9464
- C:\Windows\System\RiyIhvv.exe
  C:\Windows\System\RiyIhvv.exe
  2⤵
  PID:9480
- C:\Windows\System\fGYSbae.exe
  C:\Windows\System\fGYSbae.exe
  2⤵
  PID:9496
- C:\Windows\System\bujkOEo.exe
  C:\Windows\System\bujkOEo.exe
  2⤵
  PID:9512
- C:\Windows\System\IJDjLaI.exe
  C:\Windows\System\IJDjLaI.exe
  2⤵
  PID:9528
- C:\Windows\System\zXHPdmC.exe
  C:\Windows\System\zXHPdmC.exe
  2⤵
  PID:9544
- C:\Windows\System\eeBUFwS.exe
  C:\Windows\System\eeBUFwS.exe
  2⤵
  PID:9560
- C:\Windows\System\tJBOAev.exe
  C:\Windows\System\tJBOAev.exe
  2⤵
  PID:9580
- C:\Windows\System\CAHHnSX.exe
  C:\Windows\System\CAHHnSX.exe
  2⤵
  PID:9596
- C:\Windows\System\STgudKg.exe
  C:\Windows\System\STgudKg.exe
  2⤵
  PID:9612
- C:\Windows\System\zlthvyr.exe
  C:\Windows\System\zlthvyr.exe
  2⤵
  PID:9628
- C:\Windows\System\nqTQxsE.exe
  C:\Windows\System\nqTQxsE.exe
  2⤵
  PID:9648
- C:\Windows\System\jqXNmuq.exe
  C:\Windows\System\jqXNmuq.exe
  2⤵
  PID:9676
- C:\Windows\System\jMHGyWd.exe
  C:\Windows\System\jMHGyWd.exe
  2⤵
  PID:9692
- C:\Windows\System\gWMZTZa.exe
  C:\Windows\System\gWMZTZa.exe
  2⤵
  PID:9708
- C:\Windows\System\uiNqjjm.exe
  C:\Windows\System\uiNqjjm.exe
  2⤵
  PID:9756
- C:\Windows\System\PCSdnxL.exe
  C:\Windows\System\PCSdnxL.exe
  2⤵
  PID:9772
- C:\Windows\System\CGbaSBf.exe
  C:\Windows\System\CGbaSBf.exe
  2⤵
  PID:9788
- C:\Windows\System\LonqitF.exe
  C:\Windows\System\LonqitF.exe
  2⤵
  PID:9880
- C:\Windows\System\XDsUlJI.exe
  C:\Windows\System\XDsUlJI.exe
  2⤵
  PID:9924
- C:\Windows\System\ZBoAfIP.exe
  C:\Windows\System\ZBoAfIP.exe
  2⤵
  PID:9964
- C:\Windows\System\FtYAXIk.exe
  C:\Windows\System\FtYAXIk.exe
  2⤵
  PID:9996
- C:\Windows\System\XOgJlEZ.exe
  C:\Windows\System\XOgJlEZ.exe
  2⤵
  PID:10068
- C:\Windows\System\fyXMUMP.exe
  C:\Windows\System\fyXMUMP.exe
  2⤵
  PID:10096
- C:\Windows\System\dUsqYIk.exe
  C:\Windows\System\dUsqYIk.exe
  2⤵
  PID:10144
- C:\Windows\System\FoFKjjg.exe
  C:\Windows\System\FoFKjjg.exe
  2⤵
  PID:10164
- C:\Windows\System\EqrORuO.exe
  C:\Windows\System\EqrORuO.exe
  2⤵
  PID:10180
- C:\Windows\System\SlPMBIV.exe
  C:\Windows\System\SlPMBIV.exe
  2⤵
  PID:10200
- C:\Windows\System\RUEwIGp.exe
  C:\Windows\System\RUEwIGp.exe
  2⤵
  PID:10220
- C:\Windows\System\uQUVBDi.exe
  C:\Windows\System\uQUVBDi.exe
  2⤵
  PID:444
- C:\Windows\System\fxtjAYy.exe
  C:\Windows\System\fxtjAYy.exe
  2⤵
  PID:8384
- C:\Windows\System\IpBNqny.exe
  C:\Windows\System\IpBNqny.exe
  2⤵
  PID:9224
- C:\Windows\System\xbzEeND.exe
  C:\Windows\System\xbzEeND.exe
  2⤵
  PID:9316
- C:\Windows\System\QkaQBRs.exe
  C:\Windows\System\QkaQBRs.exe
  2⤵
  PID:9388
- C:\Windows\System\eqKjXxD.exe
  C:\Windows\System\eqKjXxD.exe
  2⤵
  PID:8640
- C:\Windows\System\qtIbzFu.exe
  C:\Windows\System\qtIbzFu.exe
  2⤵
  PID:2120
- C:\Windows\System\TkZLpCl.exe
  C:\Windows\System\TkZLpCl.exe
  2⤵
  PID:7760
- C:\Windows\System\ODseEiD.exe
  C:\Windows\System\ODseEiD.exe
  2⤵
  PID:9104
- C:\Windows\System\wXXZRZN.exe
  C:\Windows\System\wXXZRZN.exe
  2⤵
  PID:8832
- C:\Windows\System\QhVTDwI.exe
  C:\Windows\System\QhVTDwI.exe
  2⤵
  PID:9272
- C:\Windows\System\OVkvTrv.exe
  C:\Windows\System\OVkvTrv.exe
  2⤵
  PID:9336
- C:\Windows\System\dDhbsxC.exe
  C:\Windows\System\dDhbsxC.exe
  2⤵
  PID:2116
- C:\Windows\System\BGkncvs.exe
  C:\Windows\System\BGkncvs.exe
  2⤵
  PID:9392
- C:\Windows\System\ITWPphR.exe
  C:\Windows\System\ITWPphR.exe
  2⤵
  PID:9472
- C:\Windows\System\hUCeypx.exe
  C:\Windows\System\hUCeypx.exe
  2⤵
  PID:9460
- C:\Windows\System\DlDwsQg.exe
  C:\Windows\System\DlDwsQg.exe
  2⤵
  PID:9536
- C:\Windows\System\voLaPdC.exe
  C:\Windows\System\voLaPdC.exe
  2⤵
  PID:9604
- C:\Windows\System\XJMwXWt.exe
  C:\Windows\System\XJMwXWt.exe
  2⤵
  PID:9620
- C:\Windows\System\gWUmiFm.exe
  C:\Windows\System\gWUmiFm.exe
  2⤵
  PID:9552
- C:\Windows\System\PwQraiK.exe
  C:\Windows\System\PwQraiK.exe
  2⤵
  PID:9504
- C:\Windows\System\WaSzxsc.exe
  C:\Windows\System\WaSzxsc.exe
  2⤵
  PID:9660
- C:\Windows\System\tPclHgC.exe
  C:\Windows\System\tPclHgC.exe
  2⤵
  PID:9668
- C:\Windows\System\srUfXAU.exe
  C:\Windows\System\srUfXAU.exe
  2⤵
  PID:9704
- C:\Windows\System\slxotBC.exe
  C:\Windows\System\slxotBC.exe
  2⤵
  PID:9728
- C:\Windows\System\VORZXdq.exe
  C:\Windows\System\VORZXdq.exe
  2⤵
  PID:9748
- C:\Windows\System\qMetFAP.exe
  C:\Windows\System\qMetFAP.exe
  2⤵
  PID:9796
- C:\Windows\System\xHOmfMF.exe
  C:\Windows\System\xHOmfMF.exe
  2⤵
  PID:9804
- C:\Windows\System\HEDzzfQ.exe
  C:\Windows\System\HEDzzfQ.exe
  2⤵
  PID:9824
- C:\Windows\System\wwATpFd.exe
  C:\Windows\System\wwATpFd.exe
  2⤵
  PID:9844
- C:\Windows\System\hcIPVHu.exe
  C:\Windows\System\hcIPVHu.exe
  2⤵
  PID:9836
- C:\Windows\System\zLNdqGi.exe
  C:\Windows\System\zLNdqGi.exe
  2⤵
  PID:9864
- C:\Windows\System\FCoNnbE.exe
  C:\Windows\System\FCoNnbE.exe
  2⤵
  PID:9896
- C:\Windows\System\JWxsRpI.exe
  C:\Windows\System\JWxsRpI.exe
  2⤵
  PID:9908
- C:\Windows\System\yQHfCfu.exe
  C:\Windows\System\yQHfCfu.exe
  2⤵
  PID:9920
- C:\Windows\System\koTbVfM.exe
  C:\Windows\System\koTbVfM.exe
  2⤵
  PID:9948
- C:\Windows\System\BcdPjik.exe
  C:\Windows\System\BcdPjik.exe
  2⤵
  PID:9972
- C:\Windows\System\zLzKmBp.exe
  C:\Windows\System\zLzKmBp.exe
  2⤵
  PID:9976
- C:\Windows\System\ZULWoNX.exe
  C:\Windows\System\ZULWoNX.exe
  2⤵
  PID:10020
- C:\Windows\System\KJfPPSB.exe
  C:\Windows\System\KJfPPSB.exe
  2⤵
  PID:10076
- C:\Windows\System\PAPNJRP.exe
  C:\Windows\System\PAPNJRP.exe
  2⤵
  PID:10016
- C:\Windows\System\wvDhHLi.exe
  C:\Windows\System\wvDhHLi.exe
  2⤵
  PID:10056
- C:\Windows\System\BmOABpy.exe
  C:\Windows\System\BmOABpy.exe
  2⤵
  PID:10092
- C:\Windows\System\wVplSsU.exe
  C:\Windows\System\wVplSsU.exe
  2⤵
  PID:10116
- C:\Windows\System\fPOlzYc.exe
  C:\Windows\System\fPOlzYc.exe
  2⤵
  PID:10132
- C:\Windows\System\LtHXdhR.exe
  C:\Windows\System\LtHXdhR.exe
  2⤵
  PID:10156
- C:\Windows\System\IUINoqk.exe
  C:\Windows\System\IUINoqk.exe
  2⤵
  PID:10192
- C:\Windows\System\qXIeRWd.exe
  C:\Windows\System\qXIeRWd.exe
  2⤵
  PID:10212
- C:\Windows\System\OUEHsOb.exe
  C:\Windows\System\OUEHsOb.exe
  2⤵
  PID:7452
- C:\Windows\System\BmuPSAq.exe
  C:\Windows\System\BmuPSAq.exe
  2⤵
  PID:672
- C:\Windows\System\pDShOKx.exe
  C:\Windows\System\pDShOKx.exe
  2⤵
  PID:9220
- C:\Windows\System\PXJbTUR.exe
  C:\Windows\System\PXJbTUR.exe
  2⤵
  PID:9384
- C:\Windows\System\AQqFTiF.exe
  C:\Windows\System\AQqFTiF.exe
  2⤵
  PID:6912
- C:\Windows\System\CMCMwBx.exe
  C:\Windows\System\CMCMwBx.exe
  2⤵
  PID:9332
- C:\Windows\System\JwgcAnT.exe
  C:\Windows\System\JwgcAnT.exe
  2⤵
  PID:9568
- C:\Windows\System\GgzVqaU.exe
  C:\Windows\System\GgzVqaU.exe
  2⤵
  PID:9640
- C:\Windows\System\vPjjafB.exe
  C:\Windows\System\vPjjafB.exe
  2⤵
  PID:9700
- C:\Windows\System\czijJeB.exe
  C:\Windows\System\czijJeB.exe
  2⤵
  PID:9520
- C:\Windows\System\JrPVgwJ.exe
  C:\Windows\System\JrPVgwJ.exe
  2⤵
  PID:9240
- C:\Windows\System\IlUBltz.exe
  C:\Windows\System\IlUBltz.exe
  2⤵
  PID:9408
- C:\Windows\System\adfipYi.exe
  C:\Windows\System\adfipYi.exe
  2⤵
  PID:9672
- C:\Windows\System\gmecbIT.exe
  C:\Windows\System\gmecbIT.exe
  2⤵
  PID:9736
- C:\Windows\System\BsAffCV.exe
  C:\Windows\System\BsAffCV.exe
  2⤵
  PID:9744
- C:\Windows\System\BwwIFry.exe
  C:\Windows\System\BwwIFry.exe
  2⤵
  PID:9852
- C:\Windows\System\ITypyEd.exe
  C:\Windows\System\ITypyEd.exe
  2⤵
  PID:9876
- C:\Windows\System\cNDbPPb.exe
  C:\Windows\System\cNDbPPb.exe
  2⤵
  PID:9828
- C:\Windows\System\wrDKanQ.exe
  C:\Windows\System\wrDKanQ.exe
  2⤵
  PID:10004
- C:\Windows\System\KjYxvGf.exe
  C:\Windows\System\KjYxvGf.exe
  2⤵
  PID:9956
- C:\Windows\System\zUbaLbc.exe
  C:\Windows\System\zUbaLbc.exe
  2⤵
  PID:9992
- C:\Windows\System\SWzCHtP.exe
  C:\Windows\System\SWzCHtP.exe
  2⤵
  PID:10028
- C:\Windows\System\tTLMWDZ.exe
  C:\Windows\System\tTLMWDZ.exe
  2⤵
  PID:10124
- C:\Windows\System\VSOutFB.exe
  C:\Windows\System\VSOutFB.exe
  2⤵
  PID:10208
- C:\Windows\System\AloZsju.exe
  C:\Windows\System\AloZsju.exe
  2⤵
  PID:10128
- C:\Windows\System\NyHlzfM.exe
  C:\Windows\System\NyHlzfM.exe
  2⤵
  PID:10196
- C:\Windows\System\ZLGxrcI.exe
  C:\Windows\System\ZLGxrcI.exe
  2⤵
  PID:9288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CBECdua.exe

Filesize
6.0MB

MD5
e958db32ddc55ca9c27b4f77603ae183

SHA1
a9eb3fb167e11986c010421fd289b44df4ba8862

SHA256
c10e9648ad9a502a065e653d853a16e5206e9fe96d6b38ee48725f227a1bc8f8

SHA512
375dc09d7b7eb3fc696005b53c65e830a4a84ceafc645fc7199207960a0c3a5049936a3082d8051d94044d61f6b7cfc6597717d3d4f06f7a7cbb1c323bdcbf72

Download Submit
C:\Windows\system\CRVWhgs.exe

Filesize
6.0MB

MD5
31341e0d9feb49adc78597ffeb121bfd

SHA1
4d4acf838b3785e6d902282f9bbdc06e6b0d64ae

SHA256
bc9b5c10240b77a0f5c9ba22a5e32d1a214d83361ee8af6c98a2c4cbba5e54d4

SHA512
fa3eef4ca702c9c975095c968c524ae2a4c19b333818b2b8f79a091b1623123535fbef9a8ded4f4b3525d95a4289c52f6bb0b0613ac8f25ad714fb1ccdd8fc53

Download Submit
C:\Windows\system\CsINZZb.exe

Filesize
6.0MB

MD5
075d529b261a449131575e3e3664ea06

SHA1
7ec96a908e8f8bc1cc7979101b66e51bb5de6113

SHA256
bfd64c9e0ef5a3587135f036cc3648e2bf266dbf6a084745579c09f8afe15b26

SHA512
76d09d2e0169292015ca09540869bf1a27d044f6b504a33860f92985558fb633cb6a4d6a82f1962dadbb981c09c42c195c7dadb0ca59598a228a2cb66fee0d1f

Download Submit
C:\Windows\system\FEcRsyr.exe

Filesize
6.0MB

MD5
de9b2906bf4d92b3f185d8145335f7c3

SHA1
a8a343f0acdd1b86fd30662ad70e078478e91573

SHA256
4eddb00fa06f73b867307694592c928d16d6a2ece9306cc6a8c7a7e775c8836b

SHA512
d94d8824b97680f0683e344a11839e6bb112aaf84a974c3e62819929d37533db2744a85baeb84e047a755e9e5e9173713a9aba4452aef66bda043741cc6f9a9f

Download Submit
C:\Windows\system\GnJEmYy.exe

Filesize
6.0MB

MD5
4062c653156cb41562b1108b76f654cb

SHA1
7b981b832939e374dc518b6487a142df939b1d0b

SHA256
8f75bbf0532571088a0e6103732254025cf88d814bec6a264793c210d35907f8

SHA512
b9ea63b6993be414dc62e9c7e8750ea70674b89ac31f7307dabcbe9dfa2fc95915efada7b14be8e2afb74f25f9f0fe8ca887abbc4d1d4344006deea538eef778

Download Submit
C:\Windows\system\HFeUTxG.exe

Filesize
6.0MB

MD5
fa01ce0aea6a6ce5ae7e551ab5d97fab

SHA1
aecf6ebb3c1b147ca1fe3d7b23c4942fc87769e6

SHA256
8aec452d659376125dfccfe14a91da9814f26ee102d373619826920dc9b3f46d

SHA512
a2035be1f3e700f8bb6f0c548e2af65d07ff0014b362d0a058d3c40df6259f6ca62d66302bf925ce52e085fdc9a7fecaeaf17a02fe6239ab0ae62c0c400751c1

Download Submit
C:\Windows\system\HWWDHHa.exe

Filesize
6.0MB

MD5
e4c956a4f981fe170ad4731665b0ddc0

SHA1
1635ce38f80c5a8f58d60ac04b4f092e73a5038d

SHA256
58e11510625c7ae5d2987297dd04c790a148d4fe44c80e483f55d81728c87978

SHA512
2140e42a5445bbea30334aa8d94ae004e778e55a73b1558dce9df5edb30acec1abed169d51417ae6aa841816efebd203b91b4ac40735b9b6409ee018fef7261a

Download Submit
C:\Windows\system\MaiJddb.exe

Filesize
6.0MB

MD5
c1991526661ad5b4d1dcb7c8e5ecd940

SHA1
7c599c06e12d024f23bd728eed5b4a35fbf453b5

SHA256
7870f34d6739aa54b5d58d68f93d7c380da80f0253e45427d6538d9145e77cd5

SHA512
d5c4983bac62fb2347eea8c39a3fb9e0f6f11e172ba3942de658f8d51694bcf9938e559c623247a54abc100e583c23c804b82cffa686983494576eb8b8776b58

Download Submit
C:\Windows\system\PJfqwBQ.exe

Filesize
6.0MB

MD5
e59ce8db5982792431c877eecdc6b083

SHA1
d495e7d4db032e6aa16abc5dfe3084d9f4cf32ab

SHA256
3e581aa080680b89d27dbb96fa332d98dd70f5222af388c9bc838728da86aca0

SHA512
610550d2bf6cf319c4caff7e037737fba7107b506f238b7d57d0c35487510fdcad08dc6eaae480c2435f1723813f86a07cd0b4184dc1836f518ff592fda1ec70

Download Submit
C:\Windows\system\QJadENF.exe

Filesize
6.0MB

MD5
6a87a9111d483d36ac51df781556b584

SHA1
c1b5b4a000724b64363e2e5c0acff64e6ba453eb

SHA256
44a3aca7be181dc1e3cd3afa62046ea0df2edeeadb9be240e0bc60260ddc8f11

SHA512
110d10399c4136325472023f30071dcfc433cce1512ee2003740917861b37dbf51928e4d6cf550b5e8aaa87d9417e595fbd5a9965322d62e7b53c15e34144942

Download Submit
C:\Windows\system\UDlPTXw.exe

Filesize
6.0MB

MD5
92d56dc4c05a1690c94c236eabd75c83

SHA1
dfd8077e72c30195fbad93f9f835a7dacd23169e

SHA256
365df81a093e73a6b89f2b6ba313defea0dedcf9d784957652d12ea28c9f77d0

SHA512
5caeb4b0b4ab20bd332c254c1eae9532448a5ecda0f156debfcc4c4d33c57da676c1ad045e7530ac0bb373e77d655ed32b867f28026e53ad45db97c7e5283cbd

Download Submit
C:\Windows\system\VJjSuYC.exe

Filesize
6.0MB

MD5
6ae37444699ba62454f392fa566149a0

SHA1
b361f627eded4fab636069f00d06d982feb1f091

SHA256
4c1cb9842e0d95e619e108da90dc7aedaca3ae811c89a3875b52c4407e0b2960

SHA512
8ac89ef83918ced1160ae5de41d96cf2de7c67b61a999ec7d2550402118b6b6801e384ac9d55ab77c2911cdcaa594c9451dcc273af0ce42c61354a4fb67f3556

Download Submit
C:\Windows\system\XmZTQlR.exe

Filesize
6.0MB

MD5
630ab76c2717ab5f24b2288ee60fd0f6

SHA1
4869fe6e92b84c9d4df95c099bdbe3ad825dacbd

SHA256
85bab562f6aa3b243cdfd983575535cc2b4427f13582095da1396cbddfd267aa

SHA512
5fa416f56595bb3c19f22deace67f84bd8b29b87fb065057da99ff8d3d558ce27683ccbbf49171338a6e5fee50a462eb72de6a0ff1274a9db650042baaae9275

Download Submit
C:\Windows\system\arucZrr.exe

Filesize
6.0MB

MD5
f4279b31f42bbcf8fcb22666e209aef8

SHA1
9474fb3f43dd123f069c87c47eb401973b47a84c

SHA256
d5c1b7ac5809607e9c4bfc684d8be93c151d6cf65e106db1151a0f951e61a91b

SHA512
60944d82cb57340ea25961ecb925b1864f9f33ad4d1579b71b0ec77940a590f76bee727263f668c5c992f0485d193a23e0eae7dd914a2d8fc7e28568b6261ae6

Download Submit
C:\Windows\system\bYDAmcR.exe

Filesize
6.0MB

MD5
74666bbf5c01ecfb293effec006599ed

SHA1
7034f353b9f0367611d6ef16e3f218ad1066e8b9

SHA256
39cc834e4fd8707033b78ee56c326fd04cf830775e5653e27a77ac6ff6e11966

SHA512
2f32b86c1f4fb2413bbc791ca31216de8453a9f2cb355d397c6bc26ba605d24fd851afa2ad96d1331939f8d26a55a8253792488c35307cfc38108b09747e64f3

Download Submit
C:\Windows\system\cOTVZMF.exe

Filesize
6.0MB

MD5
87d30979fdc3b03ba436019f858910d7

SHA1
5b3fe0911c54e3f415d4ea92087de2d322099e7a

SHA256
638950cbd4b2c36ead2238313ad8a81d741d2fd6c7802efef694e13a0180b33b

SHA512
08611a926f0aad9cf8cf52b4b178efcbae48dfc34f5f7c3f45933c5086676c5eef7db183c47c9962e50aa407096795e0876f31eeee0c318e6ee9a31e042d1f99

Download Submit
C:\Windows\system\dfjXqBh.exe

Filesize
6.0MB

MD5
925d30130944758fbcfd8bb2b7ade84f

SHA1
465b34c2e3fbbe25c09ab53f16584cf51f3c818e

SHA256
c22cdf9fa1fdbfe1d6760b95561a09c92e3223beafd39c4b16841920f34964b7

SHA512
c4813e08b8a2ad70d2afd747da2668f6051c31e1288cc984704663cf9dcdcbb329312651e857fd8b8b643b5525ea82c3f9460d39f838bd0dc7d78e8e33eaff99

Download Submit
C:\Windows\system\dohZouC.exe

Filesize
6.0MB

MD5
cb9d4ec2d118621a7669f5de9817b1fa

SHA1
17adc05ce8c41a93d298683b7904c027dd275c9f

SHA256
b23e12e24d9f5fbcabf32fae3c1f195659fe9e031fa1ec619501ab19a2615ca6

SHA512
98c7868064f70b9493d32bd6a5e641491ac47ad58922e759365fe7aa8ecc3e6a12fb2c4466b61a6a2ed10dfe4338bf37082ef02e58822a62ab1abec805b319c6

Download Submit
C:\Windows\system\fELnalU.exe

Filesize
6.0MB

MD5
378eacfdf717a33e907372d169b1a051

SHA1
ced555aaa06d903980b7b67e973ccfd5ac9d07ed

SHA256
bf8b15186b87eb7c7d44197a040e0de8daef4b935ca64a733e3d8de1851c593c

SHA512
621aa2c1f34d992b83d419c30ead9e4ef31fb1141d7b5b27de66458169cbfddf1c4a7bdfb7c27bdd78afc84ec9b24c4c0cc3b7f65516a7d17a7ce95b986ad2d3

Download Submit
C:\Windows\system\gdhQNSB.exe

Filesize
6.0MB

MD5
181989d393d031324ce1cf342fc79d11

SHA1
80e885444bc1a281ce559b948a37a1e10d9715c2

SHA256
e494e3eac7d34261268f699ef2343e30dc40491a50e309e38d68d476291d0149

SHA512
cb429e04f2ad017478d19cb559ed38fa59e077e170d1a1ba4442e6c4469136805ba6bac25921817316f3fce38834713d5a93455187b83063d3d3cd53bbc8c35e

Download Submit
C:\Windows\system\iJjgECt.exe

Filesize
6.0MB

MD5
c185c608ea5947413691d391f2508dbf

SHA1
aad3831082a554df919fad8408eab021db80ee85

SHA256
fb520a661f0e95f303215bfb04cbd59a1f67326f0944909afbe686574b09f7e7

SHA512
0fa6c276a5a0ac7b669c11f9118c19d71c3021a994750c0415289fef6a15d3cf0c45cba5553639ce74afab7ecd2f1f3f33e974045daa2b74efe07185641912a3

Download Submit
C:\Windows\system\jnXaUwC.exe

Filesize
6.0MB

MD5
289ee9d9f70fe8c91629308ff5d93c2e

SHA1
66d67d606e36ce5a3841ce7972e57740f813c3ed

SHA256
15b748b18b825734971506e2f59d457145419bdf5e7a30dadc602b59a99638b6

SHA512
16f737c557ff3b2ce5469b6e3174c8669b3458695d9d199fc4b7ca7f9a7fc910c1be85678eb1e8abb799ecc8409577eafea2fc5bf0ae228bda8c3deda7c52547

Download Submit
C:\Windows\system\jwRzqOm.exe

Filesize
6.0MB

MD5
88bfce6b57970eb656ea400305689746

SHA1
e0b0909c9d72a510a6327e003c478178e8cf3dfd

SHA256
2828d4bd9c8181aa299b6dc460458ac7eb814cf7ce5f498ef5d52bc08054ba36

SHA512
f929a3955ce05eefaa8276df87ca885a4b9bfd46b843b895ee0c1913098157d17f6ef1a4ce75a1bf0016094f17ceb722029a8172969b0db9140362194f1104fb

Download Submit
C:\Windows\system\kLIMEGY.exe

Filesize
6.0MB

MD5
116f53be2e8f97a377861d8418ba473f

SHA1
71b9d0f868e4e72ff1f888bacc8a410afef3dae5

SHA256
ba721e671534864731b7701762423daddc362506a8eb2d8562db7f07ed6f3ba6

SHA512
0c9a4bd0ddc98ddb2b2aa32b797bc3e317714e9dd7903a633cf95877ac422d4281d3d59840ce90250bdcb31169fc2fe0b100643936cd7f9341006c4b38d53a0e

Download Submit
C:\Windows\system\kXlxJBP.exe

Filesize
6.0MB

MD5
5b515a466f564665f6aff521f12e2733

SHA1
4dde06370e57fa508a2f3bc12271b8bde51a66f1

SHA256
11f069dfac3370dd289995cec37156a8b1201e3d1ab5e4d0a3f8a8c1a3a963ca

SHA512
aafd02fe83876a0dbd5d269470d2bdc8cd456da7c09d3a29e56fed002f4566d8034c59b2c3914027a3a90f666b0739bf59778e167ac4b11264c956df1c609f43

Download Submit
C:\Windows\system\nIbgvan.exe

Filesize
6.0MB

MD5
e1286908dbbf05709a3f4bf4c0bd832b

SHA1
2d4caecb06d41fd6e100c5d47516ef13ccc1ede2

SHA256
6561dae77d04d586e6c476e72e02f91ba547fe42198e3b702194a1bf7acc19e3

SHA512
4406bf040330ed4fec6f6a8b0513c7541d30872ec5de3549406cd2cebdc7fcee01496d478200a2272bf87b6b9b7e2486dd068c74e46b4750982efb629f899cca

Download Submit
C:\Windows\system\pkhYoMq.exe

Filesize
6.0MB

MD5
b258748c0513b3e033c6f3cbbd6b939a

SHA1
0d117cc891441e24f4d25828ebcfc4f4b060c45c

SHA256
c977f6a754c7c917d5cdacdaf771590d80b582bebf712d24d6ffdc740fdb9f66

SHA512
c16ee7530f79c13215a8249df4ef904e6380295678d5be1aa15f08e62ea6662f54751b6bd1b5a94117d29faa62f2e2f55b969626baeb3f1be2fd6c714715ac0f

Download Submit
C:\Windows\system\rKycoSG.exe

Filesize
6.0MB

MD5
8654c3939bde9d20c3559d8ccaa71e5b

SHA1
ccc2684e17d0d8cc8477e04194f558284bc72e86

SHA256
200b351970afff726d1f17e53a9117ce7be6795f24963284274de2da57da7fa4

SHA512
55d92e294bb4827e992ea2ed2b459e57f390c94bf683da3613d6dba1953ee59c7c027e35f1e041983525e4cf13d822df5a9979af11efe2b8e5d2c592b3f81833

Download Submit
C:\Windows\system\vsGgloN.exe

Filesize
6.0MB

MD5
a3e49ac91fff14127ef21ac5e07dc54f

SHA1
590ec4e9ebf6316b10db7d7b5949f1fe9e88e61e

SHA256
353bff9563bc29ee00ddfcdc817ec04e04f82a2a67a921d6be9c1d799e896156

SHA512
21b40ca3deb9e6918992047b79b158524be86f26de0ad9352d074938e76e20a1564b23febf0b06b61f272f08fbbfd9487e2d6a04b7fa82ae3906f98fa2d81ecb

Download Submit
C:\Windows\system\vySsfuT.exe

Filesize
6.0MB

MD5
c5b812c691508f0744903bbcbb7dc9ca

SHA1
7f9b1fafa70eec36398bb9b57c75692b94b4d6c0

SHA256
75a3b0c7f1f94e768f0a1965ce38a0b8af7ebd8eaeacfa0c0c90b62cffed7ad1

SHA512
2609a93bfc0c42f474b091527d48b44bb02bbea92dccddca251e3917478c87c73f9eda32f5a54873989bd4c251b37cdbc9f3ea56a4eae1eebb48eeb7644d525a

Download Submit
C:\Windows\system\ynrkpnD.exe

Filesize
6.0MB

MD5
b1849e4ee3ce0601868085f24e8d972b

SHA1
fd0cde661d000605af46394e336391b4f4e29ccf

SHA256
1027c974c5ccab8cdb2f3b5605380fc7ee8035d60c7dca7812655f0631452fdc

SHA512
e2fa039641850a61aee0c4a33d3e421430c4194f0497e6d97f911d6bbd1523ffaddde3d83755d9558616d8b5b38ffad7cd8762759841ee8f90692e2a13a0ca93

Download Submit
\Windows\system\YBbBGRK.exe

Filesize
6.0MB

MD5
cd392991b6d7e146ea58fa6af73698a2

SHA1
c945d1658ba569aef9d2c505d0810f54156fe517

SHA256
6295b38b9df4a464d63bae3592e314634d818d111ae9bfbbe576c904acd7a2c0

SHA512
84c4a8da1d280e69c667ae6cb2af7ee2514ef071fb085fb765f81b5745f388e88eb9c2ceb1489d0ee67d77ad2024438c00d1fd7e38e1b9d6c1a29a7129564d26

Download Submit
memory/1448-2469-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/1448-3710-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/1728-3069-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/1728-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1728-0-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1728-3139-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/1728-2424-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1728-2334-0x0000000002530000-0x0000000002884000-memory.dmp

Filesize
3.3MB

Download
memory/1728-3065-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1728-2350-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/1728-3137-0x0000000002530000-0x0000000002884000-memory.dmp

Filesize
3.3MB

Download
memory/1728-3144-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-2348-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2376-4166-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2420-4167-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2423-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-3711-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download