cobaltstrike | ff9ff41c94708b688b98b9d858178d884922b1b84b71e4bedb2a935f9310563c

Analysis

max time kernel
150s
max time network
20s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
16-12-2024 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

002377198124285488158309f7892630
SHA1

647478671f0421a4ec521caf7bfb16951d335c83
SHA256

ff9ff41c94708b688b98b9d858178d884922b1b84b71e4bedb2a935f9310563c
SHA512

c100ae3aab6708527bd6d85c0e757fe33cd733baa4124e09930bd441e2fd042b61652a64138af9ec2ec6fe027b9f658013e3b338c058077b4820f1b5adb290a8
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU5:T+q56utgpPF8u/75

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0009000000016ccc-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d0c-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d1c-13.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-44.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cd8-27.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018b05-53.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-63.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-196.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-195.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-192.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-183.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-158.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-162.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-152.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-103.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-77.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d3f-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d2c-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/108-0-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x0009000000016ccc-3.dat	xmrig
behavioral1/files/0x0008000000016d0c-8.dat	xmrig
behavioral1/files/0x0007000000016d1c-13.dat	xmrig
behavioral1/files/0x0002000000018334-44.dat	xmrig
behavioral1/files/0x0009000000016cd8-27.dat	xmrig
behavioral1/memory/2960-49-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/files/0x0009000000018b05-53.dat	xmrig
behavioral1/files/0x000500000001950f-63.dat	xmrig
behavioral1/memory/2732-65-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2848-70-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x000500000001957c-93.dat	xmrig
behavioral1/memory/2936-99-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/3060-106-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ab-110.dat	xmrig
behavioral1/files/0x00050000000195ad-113.dat	xmrig
behavioral1/files/0x00050000000195b1-125.dat	xmrig
behavioral1/files/0x00050000000195b5-138.dat	xmrig
behavioral1/files/0x0005000000019761-196.dat	xmrig
behavioral1/memory/108-299-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/108-298-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2172-1514-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2952-1535-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2976-1513-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2000-1512-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2936-1573-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2960-1570-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2848-1592-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2700-1679-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/1116-1680-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2284-1683-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/3060-1681-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2812-1678-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2732-1591-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2696-1559-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/files/0x0005000000019643-195.dat	xmrig
behavioral1/files/0x000500000001975a-192.dat	xmrig
behavioral1/files/0x00050000000195c7-178.dat	xmrig
behavioral1/files/0x000500000001960c-183.dat	xmrig
behavioral1/files/0x00050000000195c5-168.dat	xmrig
behavioral1/files/0x00050000000195c6-173.dat	xmrig
behavioral1/files/0x00050000000195c1-158.dat	xmrig
behavioral1/files/0x00050000000195bb-147.dat	xmrig
behavioral1/files/0x00050000000195c3-162.dat	xmrig
behavioral1/files/0x00050000000195bd-152.dat	xmrig
behavioral1/files/0x00050000000195b7-142.dat	xmrig
behavioral1/files/0x00050000000195b3-132.dat	xmrig
behavioral1/memory/2700-124-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/108-123-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/files/0x00050000000195af-120.dat	xmrig
behavioral1/memory/2732-107-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195a9-103.dat	xmrig
behavioral1/memory/2284-97-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/1116-96-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2960-95-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195a7-90.dat	xmrig
behavioral1/memory/108-87-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2700-72-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x0005000000019515-69.dat	xmrig
behavioral1/memory/2696-86-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2812-81-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019547-77.dat	xmrig
behavioral1/memory/2936-56-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/108-48-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2000	iVZCplU.exe
2976	PsMHNQe.exe
2172	bWHcJbM.exe
2848	ubRlTMI.exe
2952	ExhOkkc.exe
2696	JgTccxD.exe
2960	jdLYAdn.exe
2936	XuqKgjF.exe
2732	YhHKWfQ.exe
2700	FGYbyAq.exe
2812	ZrbJSjC.exe
1116	plSsiwm.exe
2284	ttJfFLk.exe
3060	uGZoEZc.exe
2092	MpIhNud.exe
3008	IqybTmX.exe
2604	Evhpjll.exe
2940	rWQRycO.exe
236	LXNhpSp.exe
2984	ZXjLtMS.exe
2500	wzUwoWR.exe
1984	UcXrlas.exe
1632	kFDtaKk.exe
784	ZnUsozu.exe
2452	zSeRtIe.exe
2508	GvBVEfr.exe
840	QnzbbSc.exe
1540	yCepjNn.exe
1056	BEeNfNF.exe
1968	ufvWEDT.exe
1100	OUHZTpl.exe
1168	iZdbszR.exe
1688	oAIzgFv.exe
1820	xMMKkPk.exe
1160	nvvvAhk.exe
2616	qpFpAkr.exe
1700	ZeuwtbL.exe
608	HWFgloQ.exe
928	OLokzud.exe
2624	ZYnrhtb.exe
1512	veUXKJx.exe
984	MIZYxfp.exe
2356	xCprOjG.exe
1716	IRAnPVK.exe
576	aIIodgA.exe
636	OHqGpym.exe
2384	NiVVOUA.exe
2064	UmHyYPy.exe
1676	gsTxJtJ.exe
2656	CpwGqZa.exe
2028	kwIcjuL.exe
2800	HGfotZo.exe
2144	MOMTHTU.exe
2860	VPBwIyU.exe
2288	LCRcjSu.exe
2768	NCtAhrM.exe
1656	FwSjLke.exe
552	VLTlbhG.exe
1732	qWYTyTJ.exe
1072	xrkGaGH.exe
1464	qVThKqO.exe
3040	xmAxPNG.exe
1908	aCHCOUx.exe
544	zuKPmbP.exe

Loads dropped DLL 64 IoCs

pid	Process
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/108-0-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x0009000000016ccc-3.dat	upx
behavioral1/files/0x0008000000016d0c-8.dat	upx
behavioral1/files/0x0007000000016d1c-13.dat	upx
behavioral1/files/0x0002000000018334-44.dat	upx
behavioral1/files/0x0009000000016cd8-27.dat	upx
behavioral1/memory/2960-49-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/files/0x0009000000018b05-53.dat	upx
behavioral1/files/0x000500000001950f-63.dat	upx
behavioral1/memory/2732-65-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2848-70-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x000500000001957c-93.dat	upx
behavioral1/memory/2936-99-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/3060-106-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x00050000000195ab-110.dat	upx
behavioral1/files/0x00050000000195ad-113.dat	upx
behavioral1/files/0x00050000000195b1-125.dat	upx
behavioral1/files/0x00050000000195b5-138.dat	upx
behavioral1/files/0x0005000000019761-196.dat	upx
behavioral1/memory/2172-1514-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2952-1535-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2976-1513-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2000-1512-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2936-1573-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2960-1570-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2848-1592-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2700-1679-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/1116-1680-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2284-1683-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/3060-1681-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2812-1678-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2732-1591-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2696-1559-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x0005000000019643-195.dat	upx
behavioral1/files/0x000500000001975a-192.dat	upx
behavioral1/files/0x00050000000195c7-178.dat	upx
behavioral1/files/0x000500000001960c-183.dat	upx
behavioral1/files/0x00050000000195c5-168.dat	upx
behavioral1/files/0x00050000000195c6-173.dat	upx
behavioral1/files/0x00050000000195c1-158.dat	upx
behavioral1/files/0x00050000000195bb-147.dat	upx
behavioral1/files/0x00050000000195c3-162.dat	upx
behavioral1/files/0x00050000000195bd-152.dat	upx
behavioral1/files/0x00050000000195b7-142.dat	upx
behavioral1/files/0x00050000000195b3-132.dat	upx
behavioral1/memory/2700-124-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x00050000000195af-120.dat	upx
behavioral1/memory/2732-107-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x00050000000195a9-103.dat	upx
behavioral1/memory/2284-97-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/1116-96-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2960-95-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/files/0x00050000000195a7-90.dat	upx
behavioral1/memory/2700-72-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x0005000000019515-69.dat	upx
behavioral1/memory/2696-86-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2812-81-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x0005000000019547-77.dat	upx
behavioral1/memory/2936-56-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/108-48-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2952-39-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/files/0x0009000000016d3f-36.dat	upx
behavioral1/memory/2848-29-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2696-45-0x000000013F420000-0x000000013F774000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\mshnUqa.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kzOrKfn.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RidFahv.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nwcfrTH.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QkbXiOb.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aTXJwoY.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ygzjfOs.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EXeLbqs.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jXtBEWC.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RRLlMuK.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IIsKaAt.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fumSKPA.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mgTpIOQ.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SDyjqpp.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ajgKTFe.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXZNSYt.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtgdfMA.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qWaLUjR.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MbIrxxn.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\haRluDo.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IwEPtYe.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UKZNVBz.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdZCMCD.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PEBrsoK.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUtEbbw.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TOVdqSR.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mIGwVlO.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezNpTbJ.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SoZLnFs.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPZERDs.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkKbcVy.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uUlkylu.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMiTqfk.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LgHccRx.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DPQJItw.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JIklDJY.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQIpXil.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QIJFAAX.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CoubtKB.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WVzDbnP.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ILLjnjp.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PmpfGed.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MdNrEkT.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jGhUovf.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PUJjqFe.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eiQintE.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TmxKKrZ.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\waWtKdZ.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FZaVxLC.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wBgAMBS.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gsOFHsT.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mDcSdmC.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZOwBFIq.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NlPdgtA.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XDsLiWL.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXZIxIp.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhdNeqH.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UqRiKlV.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MbNufIx.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGJqGEQ.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\igCKpci.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\knSTFUj.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\exxorvS.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jTBOFhK.exe	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 108 wrote to memory of 2000	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 108 wrote to memory of 2000	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 108 wrote to memory of 2000	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 108 wrote to memory of 2976	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 108 wrote to memory of 2976	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 108 wrote to memory of 2976	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 108 wrote to memory of 2172	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 108 wrote to memory of 2172	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 108 wrote to memory of 2172	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 108 wrote to memory of 2848	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 108 wrote to memory of 2848	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 108 wrote to memory of 2848	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 108 wrote to memory of 2952	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 108 wrote to memory of 2952	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 108 wrote to memory of 2952	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 108 wrote to memory of 2960	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 108 wrote to memory of 2960	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 108 wrote to memory of 2960	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 108 wrote to memory of 2696	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 108 wrote to memory of 2696	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 108 wrote to memory of 2696	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 108 wrote to memory of 2936	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 108 wrote to memory of 2936	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 108 wrote to memory of 2936	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 108 wrote to memory of 2732	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 108 wrote to memory of 2732	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 108 wrote to memory of 2732	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 108 wrote to memory of 2700	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 108 wrote to memory of 2700	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 108 wrote to memory of 2700	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 108 wrote to memory of 2812	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 108 wrote to memory of 2812	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 108 wrote to memory of 2812	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 108 wrote to memory of 2284	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 108 wrote to memory of 2284	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 108 wrote to memory of 2284	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 108 wrote to memory of 1116	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 108 wrote to memory of 1116	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 108 wrote to memory of 1116	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 108 wrote to memory of 3060	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 108 wrote to memory of 3060	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 108 wrote to memory of 3060	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 108 wrote to memory of 2092	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 108 wrote to memory of 2092	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 108 wrote to memory of 2092	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 108 wrote to memory of 3008	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 108 wrote to memory of 3008	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 108 wrote to memory of 3008	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 108 wrote to memory of 2604	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 108 wrote to memory of 2604	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 108 wrote to memory of 2604	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 108 wrote to memory of 2940	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 108 wrote to memory of 2940	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 108 wrote to memory of 2940	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 108 wrote to memory of 236	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 108 wrote to memory of 236	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 108 wrote to memory of 236	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 108 wrote to memory of 2984	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 108 wrote to memory of 2984	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 108 wrote to memory of 2984	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 108 wrote to memory of 2500	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 108 wrote to memory of 2500	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 108 wrote to memory of 2500	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 108 wrote to memory of 1984	108	2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-16_002377198124285488158309f7892630_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:108
- C:\Windows\System\iVZCplU.exe
  C:\Windows\System\iVZCplU.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\PsMHNQe.exe
  C:\Windows\System\PsMHNQe.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\bWHcJbM.exe
  C:\Windows\System\bWHcJbM.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\ubRlTMI.exe
  C:\Windows\System\ubRlTMI.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\ExhOkkc.exe
  C:\Windows\System\ExhOkkc.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\jdLYAdn.exe
  C:\Windows\System\jdLYAdn.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\JgTccxD.exe
  C:\Windows\System\JgTccxD.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\XuqKgjF.exe
  C:\Windows\System\XuqKgjF.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\YhHKWfQ.exe
  C:\Windows\System\YhHKWfQ.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\FGYbyAq.exe
  C:\Windows\System\FGYbyAq.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\ZrbJSjC.exe
  C:\Windows\System\ZrbJSjC.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\ttJfFLk.exe
  C:\Windows\System\ttJfFLk.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\plSsiwm.exe
  C:\Windows\System\plSsiwm.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\uGZoEZc.exe
  C:\Windows\System\uGZoEZc.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\MpIhNud.exe
  C:\Windows\System\MpIhNud.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\IqybTmX.exe
  C:\Windows\System\IqybTmX.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\Evhpjll.exe
  C:\Windows\System\Evhpjll.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\rWQRycO.exe
  C:\Windows\System\rWQRycO.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\LXNhpSp.exe
  C:\Windows\System\LXNhpSp.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\ZXjLtMS.exe
  C:\Windows\System\ZXjLtMS.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\wzUwoWR.exe
  C:\Windows\System\wzUwoWR.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\UcXrlas.exe
  C:\Windows\System\UcXrlas.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\kFDtaKk.exe
  C:\Windows\System\kFDtaKk.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\ZnUsozu.exe
  C:\Windows\System\ZnUsozu.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\zSeRtIe.exe
  C:\Windows\System\zSeRtIe.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\GvBVEfr.exe
  C:\Windows\System\GvBVEfr.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\QnzbbSc.exe
  C:\Windows\System\QnzbbSc.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\yCepjNn.exe
  C:\Windows\System\yCepjNn.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\BEeNfNF.exe
  C:\Windows\System\BEeNfNF.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\OUHZTpl.exe
  C:\Windows\System\OUHZTpl.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\ufvWEDT.exe
  C:\Windows\System\ufvWEDT.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\iZdbszR.exe
  C:\Windows\System\iZdbszR.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\oAIzgFv.exe
  C:\Windows\System\oAIzgFv.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\qpFpAkr.exe
  C:\Windows\System\qpFpAkr.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\xMMKkPk.exe
  C:\Windows\System\xMMKkPk.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\ZeuwtbL.exe
  C:\Windows\System\ZeuwtbL.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\nvvvAhk.exe
  C:\Windows\System\nvvvAhk.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\HWFgloQ.exe
  C:\Windows\System\HWFgloQ.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\OLokzud.exe
  C:\Windows\System\OLokzud.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\aIIodgA.exe
  C:\Windows\System\aIIodgA.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\ZYnrhtb.exe
  C:\Windows\System\ZYnrhtb.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\NiVVOUA.exe
  C:\Windows\System\NiVVOUA.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\veUXKJx.exe
  C:\Windows\System\veUXKJx.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\UmHyYPy.exe
  C:\Windows\System\UmHyYPy.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\MIZYxfp.exe
  C:\Windows\System\MIZYxfp.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\gsTxJtJ.exe
  C:\Windows\System\gsTxJtJ.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\xCprOjG.exe
  C:\Windows\System\xCprOjG.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\CpwGqZa.exe
  C:\Windows\System\CpwGqZa.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\IRAnPVK.exe
  C:\Windows\System\IRAnPVK.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\kwIcjuL.exe
  C:\Windows\System\kwIcjuL.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\OHqGpym.exe
  C:\Windows\System\OHqGpym.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\HGfotZo.exe
  C:\Windows\System\HGfotZo.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\MOMTHTU.exe
  C:\Windows\System\MOMTHTU.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\VPBwIyU.exe
  C:\Windows\System\VPBwIyU.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\LCRcjSu.exe
  C:\Windows\System\LCRcjSu.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\NCtAhrM.exe
  C:\Windows\System\NCtAhrM.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\FwSjLke.exe
  C:\Windows\System\FwSjLke.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\VLTlbhG.exe
  C:\Windows\System\VLTlbhG.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\qWYTyTJ.exe
  C:\Windows\System\qWYTyTJ.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\qVThKqO.exe
  C:\Windows\System\qVThKqO.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\xrkGaGH.exe
  C:\Windows\System\xrkGaGH.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\aCHCOUx.exe
  C:\Windows\System\aCHCOUx.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\xmAxPNG.exe
  C:\Windows\System\xmAxPNG.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\MDZovfw.exe
  C:\Windows\System\MDZovfw.exe
  2⤵
  PID:1652
- C:\Windows\System\zuKPmbP.exe
  C:\Windows\System\zuKPmbP.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\BQgOiOM.exe
  C:\Windows\System\BQgOiOM.exe
  2⤵
  PID:708
- C:\Windows\System\hpzoZuw.exe
  C:\Windows\System\hpzoZuw.exe
  2⤵
  PID:1768
- C:\Windows\System\NbOymdU.exe
  C:\Windows\System\NbOymdU.exe
  2⤵
  PID:1828
- C:\Windows\System\UipNoPQ.exe
  C:\Windows\System\UipNoPQ.exe
  2⤵
  PID:1948
- C:\Windows\System\DYNHlmr.exe
  C:\Windows\System\DYNHlmr.exe
  2⤵
  PID:2612
- C:\Windows\System\yAPJofE.exe
  C:\Windows\System\yAPJofE.exe
  2⤵
  PID:276
- C:\Windows\System\TPHnWtN.exe
  C:\Windows\System\TPHnWtN.exe
  2⤵
  PID:2220
- C:\Windows\System\sSMvsHA.exe
  C:\Windows\System\sSMvsHA.exe
  2⤵
  PID:1096
- C:\Windows\System\xJMvgXT.exe
  C:\Windows\System\xJMvgXT.exe
  2⤵
  PID:2196
- C:\Windows\System\wKNMKQs.exe
  C:\Windows\System\wKNMKQs.exe
  2⤵
  PID:1912
- C:\Windows\System\jKenqMN.exe
  C:\Windows\System\jKenqMN.exe
  2⤵
  PID:2548
- C:\Windows\System\CclMVMz.exe
  C:\Windows\System\CclMVMz.exe
  2⤵
  PID:2640
- C:\Windows\System\TIpbyDJ.exe
  C:\Windows\System\TIpbyDJ.exe
  2⤵
  PID:1176
- C:\Windows\System\GjeWBlB.exe
  C:\Windows\System\GjeWBlB.exe
  2⤵
  PID:2304
- C:\Windows\System\QIJFAAX.exe
  C:\Windows\System\QIJFAAX.exe
  2⤵
  PID:2716
- C:\Windows\System\LOFhAVP.exe
  C:\Windows\System\LOFhAVP.exe
  2⤵
  PID:2892
- C:\Windows\System\BpWJutu.exe
  C:\Windows\System\BpWJutu.exe
  2⤵
  PID:3032
- C:\Windows\System\XLnsWyI.exe
  C:\Windows\System\XLnsWyI.exe
  2⤵
  PID:1032
- C:\Windows\System\QkbXiOb.exe
  C:\Windows\System\QkbXiOb.exe
  2⤵
  PID:872
- C:\Windows\System\QRSGFfZ.exe
  C:\Windows\System\QRSGFfZ.exe
  2⤵
  PID:1920
- C:\Windows\System\hqVmzfz.exe
  C:\Windows\System\hqVmzfz.exe
  2⤵
  PID:2124
- C:\Windows\System\oZArstR.exe
  C:\Windows\System\oZArstR.exe
  2⤵
  PID:2540
- C:\Windows\System\JXsaBNz.exe
  C:\Windows\System\JXsaBNz.exe
  2⤵
  PID:320
- C:\Windows\System\jbguQpC.exe
  C:\Windows\System\jbguQpC.exe
  2⤵
  PID:828
- C:\Windows\System\zlJviSx.exe
  C:\Windows\System\zlJviSx.exe
  2⤵
  PID:2212
- C:\Windows\System\sRoDjAQ.exe
  C:\Windows\System\sRoDjAQ.exe
  2⤵
  PID:2636
- C:\Windows\System\brMJIWn.exe
  C:\Windows\System\brMJIWn.exe
  2⤵
  PID:1536
- C:\Windows\System\iCsxlED.exe
  C:\Windows\System\iCsxlED.exe
  2⤵
  PID:2556
- C:\Windows\System\SdJlfQJ.exe
  C:\Windows\System\SdJlfQJ.exe
  2⤵
  PID:308
- C:\Windows\System\dARyBxm.exe
  C:\Windows\System\dARyBxm.exe
  2⤵
  PID:3068
- C:\Windows\System\AaikeUN.exe
  C:\Windows\System\AaikeUN.exe
  2⤵
  PID:2900
- C:\Windows\System\fVHZTjR.exe
  C:\Windows\System\fVHZTjR.exe
  2⤵
  PID:2856
- C:\Windows\System\yKkDpjR.exe
  C:\Windows\System\yKkDpjR.exe
  2⤵
  PID:2916
- C:\Windows\System\kDgBbnc.exe
  C:\Windows\System\kDgBbnc.exe
  2⤵
  PID:2764
- C:\Windows\System\ChtbKBL.exe
  C:\Windows\System\ChtbKBL.exe
  2⤵
  PID:2944
- C:\Windows\System\AZgeBju.exe
  C:\Windows\System\AZgeBju.exe
  2⤵
  PID:1784
- C:\Windows\System\osRGVpY.exe
  C:\Windows\System\osRGVpY.exe
  2⤵
  PID:584
- C:\Windows\System\idhFPST.exe
  C:\Windows\System\idhFPST.exe
  2⤵
  PID:2932
- C:\Windows\System\lBFELzA.exe
  C:\Windows\System\lBFELzA.exe
  2⤵
  PID:1180
- C:\Windows\System\FLwrQEM.exe
  C:\Windows\System\FLwrQEM.exe
  2⤵
  PID:1568
- C:\Windows\System\pryaZxu.exe
  C:\Windows\System\pryaZxu.exe
  2⤵
  PID:3080
- C:\Windows\System\KDGnQRh.exe
  C:\Windows\System\KDGnQRh.exe
  2⤵
  PID:3100
- C:\Windows\System\NsbCNCZ.exe
  C:\Windows\System\NsbCNCZ.exe
  2⤵
  PID:3116
- C:\Windows\System\ILTXUcV.exe
  C:\Windows\System\ILTXUcV.exe
  2⤵
  PID:3132
- C:\Windows\System\tjQsEZz.exe
  C:\Windows\System\tjQsEZz.exe
  2⤵
  PID:3148
- C:\Windows\System\xYVxkKJ.exe
  C:\Windows\System\xYVxkKJ.exe
  2⤵
  PID:3176
- C:\Windows\System\qSVtwXs.exe
  C:\Windows\System\qSVtwXs.exe
  2⤵
  PID:3192
- C:\Windows\System\pMHQauz.exe
  C:\Windows\System\pMHQauz.exe
  2⤵
  PID:3216
- C:\Windows\System\kPovKJm.exe
  C:\Windows\System\kPovKJm.exe
  2⤵
  PID:3236
- C:\Windows\System\hTXHWjl.exe
  C:\Windows\System\hTXHWjl.exe
  2⤵
  PID:3252
- C:\Windows\System\sdsOBPR.exe
  C:\Windows\System\sdsOBPR.exe
  2⤵
  PID:3268
- C:\Windows\System\IjCuKLu.exe
  C:\Windows\System\IjCuKLu.exe
  2⤵
  PID:3292
- C:\Windows\System\AkphsPu.exe
  C:\Windows\System\AkphsPu.exe
  2⤵
  PID:3308
- C:\Windows\System\aHPSZTX.exe
  C:\Windows\System\aHPSZTX.exe
  2⤵
  PID:3332
- C:\Windows\System\ROogemu.exe
  C:\Windows\System\ROogemu.exe
  2⤵
  PID:3348
- C:\Windows\System\UWUsryT.exe
  C:\Windows\System\UWUsryT.exe
  2⤵
  PID:3364
- C:\Windows\System\rUYbGUj.exe
  C:\Windows\System\rUYbGUj.exe
  2⤵
  PID:3380
- C:\Windows\System\Wrysjgz.exe
  C:\Windows\System\Wrysjgz.exe
  2⤵
  PID:3396
- C:\Windows\System\NPslYlc.exe
  C:\Windows\System\NPslYlc.exe
  2⤵
  PID:3412
- C:\Windows\System\Bpgysrt.exe
  C:\Windows\System\Bpgysrt.exe
  2⤵
  PID:3428
- C:\Windows\System\SJFpylu.exe
  C:\Windows\System\SJFpylu.exe
  2⤵
  PID:3444
- C:\Windows\System\iboOiIf.exe
  C:\Windows\System\iboOiIf.exe
  2⤵
  PID:3460
- C:\Windows\System\LuknLPG.exe
  C:\Windows\System\LuknLPG.exe
  2⤵
  PID:3476
- C:\Windows\System\USnKzhJ.exe
  C:\Windows\System\USnKzhJ.exe
  2⤵
  PID:3492
- C:\Windows\System\wFVniqS.exe
  C:\Windows\System\wFVniqS.exe
  2⤵
  PID:3508
- C:\Windows\System\DIWuEMw.exe
  C:\Windows\System\DIWuEMw.exe
  2⤵
  PID:3524
- C:\Windows\System\cFrTuOH.exe
  C:\Windows\System\cFrTuOH.exe
  2⤵
  PID:3540
- C:\Windows\System\COfCHhw.exe
  C:\Windows\System\COfCHhw.exe
  2⤵
  PID:3556
- C:\Windows\System\lKIOUve.exe
  C:\Windows\System\lKIOUve.exe
  2⤵
  PID:3572
- C:\Windows\System\iOsqhyL.exe
  C:\Windows\System\iOsqhyL.exe
  2⤵
  PID:3604
- C:\Windows\System\JYCHACF.exe
  C:\Windows\System\JYCHACF.exe
  2⤵
  PID:3636
- C:\Windows\System\oyYDgAn.exe
  C:\Windows\System\oyYDgAn.exe
  2⤵
  PID:3656
- C:\Windows\System\JAnZGcv.exe
  C:\Windows\System\JAnZGcv.exe
  2⤵
  PID:3672
- C:\Windows\System\HJwQOgN.exe
  C:\Windows\System\HJwQOgN.exe
  2⤵
  PID:3688
- C:\Windows\System\DqzCjBM.exe
  C:\Windows\System\DqzCjBM.exe
  2⤵
  PID:3704
- C:\Windows\System\sEXOcys.exe
  C:\Windows\System\sEXOcys.exe
  2⤵
  PID:3720
- C:\Windows\System\MpmhmCf.exe
  C:\Windows\System\MpmhmCf.exe
  2⤵
  PID:3736
- C:\Windows\System\ygZKWQE.exe
  C:\Windows\System\ygZKWQE.exe
  2⤵
  PID:3752
- C:\Windows\System\lrDhMdH.exe
  C:\Windows\System\lrDhMdH.exe
  2⤵
  PID:3768
- C:\Windows\System\CZqVaDr.exe
  C:\Windows\System\CZqVaDr.exe
  2⤵
  PID:3784
- C:\Windows\System\ZVCiWhF.exe
  C:\Windows\System\ZVCiWhF.exe
  2⤵
  PID:3800
- C:\Windows\System\APygNNb.exe
  C:\Windows\System\APygNNb.exe
  2⤵
  PID:3816
- C:\Windows\System\GeOeNUW.exe
  C:\Windows\System\GeOeNUW.exe
  2⤵
  PID:3832
- C:\Windows\System\RUJiqTB.exe
  C:\Windows\System\RUJiqTB.exe
  2⤵
  PID:3852
- C:\Windows\System\aSDlePw.exe
  C:\Windows\System\aSDlePw.exe
  2⤵
  PID:3868
- C:\Windows\System\PvORCcc.exe
  C:\Windows\System\PvORCcc.exe
  2⤵
  PID:3884
- C:\Windows\System\vvCmRKQ.exe
  C:\Windows\System\vvCmRKQ.exe
  2⤵
  PID:3900
- C:\Windows\System\dWKIFpQ.exe
  C:\Windows\System\dWKIFpQ.exe
  2⤵
  PID:3916
- C:\Windows\System\BsLGrHE.exe
  C:\Windows\System\BsLGrHE.exe
  2⤵
  PID:3932
- C:\Windows\System\VwHZucL.exe
  C:\Windows\System\VwHZucL.exe
  2⤵
  PID:3948
- C:\Windows\System\WCJRHDG.exe
  C:\Windows\System\WCJRHDG.exe
  2⤵
  PID:3972
- C:\Windows\System\VhgcHqp.exe
  C:\Windows\System\VhgcHqp.exe
  2⤵
  PID:4004
- C:\Windows\System\dKPEMXI.exe
  C:\Windows\System\dKPEMXI.exe
  2⤵
  PID:4036
- C:\Windows\System\nfLGaoj.exe
  C:\Windows\System\nfLGaoj.exe
  2⤵
  PID:4056
- C:\Windows\System\IzKrMIR.exe
  C:\Windows\System\IzKrMIR.exe
  2⤵
  PID:4072
- C:\Windows\System\aAeuzum.exe
  C:\Windows\System\aAeuzum.exe
  2⤵
  PID:4088
- C:\Windows\System\ULULJon.exe
  C:\Windows\System\ULULJon.exe
  2⤵
  PID:896
- C:\Windows\System\tjOWKGI.exe
  C:\Windows\System\tjOWKGI.exe
  2⤵
  PID:3028
- C:\Windows\System\CmtCdGx.exe
  C:\Windows\System\CmtCdGx.exe
  2⤵
  PID:1604
- C:\Windows\System\fxnAiYU.exe
  C:\Windows\System\fxnAiYU.exe
  2⤵
  PID:2684
- C:\Windows\System\MNpGmPS.exe
  C:\Windows\System\MNpGmPS.exe
  2⤵
  PID:1712
- C:\Windows\System\mBRudcn.exe
  C:\Windows\System\mBRudcn.exe
  2⤵
  PID:2476
- C:\Windows\System\xDrSMeF.exe
  C:\Windows\System\xDrSMeF.exe
  2⤵
  PID:3144
- C:\Windows\System\AAdLMnE.exe
  C:\Windows\System\AAdLMnE.exe
  2⤵
  PID:3224
- C:\Windows\System\yIqtlGB.exe
  C:\Windows\System\yIqtlGB.exe
  2⤵
  PID:3260
- C:\Windows\System\fEDQNsd.exe
  C:\Windows\System\fEDQNsd.exe
  2⤵
  PID:3340
- C:\Windows\System\RZwtHup.exe
  C:\Windows\System\RZwtHup.exe
  2⤵
  PID:3404
- C:\Windows\System\Ufskaon.exe
  C:\Windows\System\Ufskaon.exe
  2⤵
  PID:3468
- C:\Windows\System\MBJOIru.exe
  C:\Windows\System\MBJOIru.exe
  2⤵
  PID:3536
- C:\Windows\System\vkpTUWC.exe
  C:\Windows\System\vkpTUWC.exe
  2⤵
  PID:3620
- C:\Windows\System\QMMRGLD.exe
  C:\Windows\System\QMMRGLD.exe
  2⤵
  PID:3632
- C:\Windows\System\dGeqawq.exe
  C:\Windows\System\dGeqawq.exe
  2⤵
  PID:1372
- C:\Windows\System\GDUPdmG.exe
  C:\Windows\System\GDUPdmG.exe
  2⤵
  PID:3732
- C:\Windows\System\UcleRwM.exe
  C:\Windows\System\UcleRwM.exe
  2⤵
  PID:3796
- C:\Windows\System\MXWnOOX.exe
  C:\Windows\System\MXWnOOX.exe
  2⤵
  PID:2836
- C:\Windows\System\WAPblHZ.exe
  C:\Windows\System\WAPblHZ.exe
  2⤵
  PID:3172
- C:\Windows\System\igCKpci.exe
  C:\Windows\System\igCKpci.exe
  2⤵
  PID:3244
- C:\Windows\System\JeUUodb.exe
  C:\Windows\System\JeUUodb.exe
  2⤵
  PID:3284
- C:\Windows\System\JzlLecX.exe
  C:\Windows\System\JzlLecX.exe
  2⤵
  PID:3328
- C:\Windows\System\CPSFsSu.exe
  C:\Windows\System\CPSFsSu.exe
  2⤵
  PID:3392
- C:\Windows\System\OyrrxNQ.exe
  C:\Windows\System\OyrrxNQ.exe
  2⤵
  PID:3488
- C:\Windows\System\stWuUgN.exe
  C:\Windows\System\stWuUgN.exe
  2⤵
  PID:3548
- C:\Windows\System\okKFHlM.exe
  C:\Windows\System\okKFHlM.exe
  2⤵
  PID:3592
- C:\Windows\System\eQkPJHv.exe
  C:\Windows\System\eQkPJHv.exe
  2⤵
  PID:3652
- C:\Windows\System\EnntMqy.exe
  C:\Windows\System\EnntMqy.exe
  2⤵
  PID:3716
- C:\Windows\System\iJlwpmX.exe
  C:\Windows\System\iJlwpmX.exe
  2⤵
  PID:3808
- C:\Windows\System\IRoPiSI.exe
  C:\Windows\System\IRoPiSI.exe
  2⤵
  PID:3876
- C:\Windows\System\IIsKaAt.exe
  C:\Windows\System\IIsKaAt.exe
  2⤵
  PID:3940
- C:\Windows\System\UqRiKlV.exe
  C:\Windows\System\UqRiKlV.exe
  2⤵
  PID:3988
- C:\Windows\System\DorFqot.exe
  C:\Windows\System\DorFqot.exe
  2⤵
  PID:4044
- C:\Windows\System\NixcHlc.exe
  C:\Windows\System\NixcHlc.exe
  2⤵
  PID:4084
- C:\Windows\System\NsTctlY.exe
  C:\Windows\System\NsTctlY.exe
  2⤵
  PID:2208
- C:\Windows\System\LiKlzSb.exe
  C:\Windows\System\LiKlzSb.exe
  2⤵
  PID:3188
- C:\Windows\System\hYFvPOc.exe
  C:\Windows\System\hYFvPOc.exe
  2⤵
  PID:3440
- C:\Windows\System\bqEIwGS.exe
  C:\Windows\System\bqEIwGS.exe
  2⤵
  PID:3668
- C:\Windows\System\uFtHElv.exe
  C:\Windows\System\uFtHElv.exe
  2⤵
  PID:1564
- C:\Windows\System\zzjVqjw.exe
  C:\Windows\System\zzjVqjw.exe
  2⤵
  PID:2428
- C:\Windows\System\UseWpWf.exe
  C:\Windows\System\UseWpWf.exe
  2⤵
  PID:3208
- C:\Windows\System\DoHduHW.exe
  C:\Windows\System\DoHduHW.exe
  2⤵
  PID:3320
- C:\Windows\System\kEmxqEp.exe
  C:\Windows\System\kEmxqEp.exe
  2⤵
  PID:3424
- C:\Windows\System\DgoMWKk.exe
  C:\Windows\System\DgoMWKk.exe
  2⤵
  PID:3712
- C:\Windows\System\aTXJwoY.exe
  C:\Windows\System\aTXJwoY.exe
  2⤵
  PID:3984
- C:\Windows\System\PDbyjVD.exe
  C:\Windows\System\PDbyjVD.exe
  2⤵
  PID:2156
- C:\Windows\System\jaHcQpd.exe
  C:\Windows\System\jaHcQpd.exe
  2⤵
  PID:3212
- C:\Windows\System\xKAZcIt.exe
  C:\Windows\System\xKAZcIt.exe
  2⤵
  PID:4108
- C:\Windows\System\BAAmYbW.exe
  C:\Windows\System\BAAmYbW.exe
  2⤵
  PID:4132
- C:\Windows\System\cvywsck.exe
  C:\Windows\System\cvywsck.exe
  2⤵
  PID:4148
- C:\Windows\System\rkrwWWt.exe
  C:\Windows\System\rkrwWWt.exe
  2⤵
  PID:4172
- C:\Windows\System\dJNMWlX.exe
  C:\Windows\System\dJNMWlX.exe
  2⤵
  PID:4188
- C:\Windows\System\swLLakt.exe
  C:\Windows\System\swLLakt.exe
  2⤵
  PID:4208
- C:\Windows\System\iEKbshy.exe
  C:\Windows\System\iEKbshy.exe
  2⤵
  PID:4224
- C:\Windows\System\Cdslybk.exe
  C:\Windows\System\Cdslybk.exe
  2⤵
  PID:4248
- C:\Windows\System\ssfHAcy.exe
  C:\Windows\System\ssfHAcy.exe
  2⤵
  PID:4264
- C:\Windows\System\LMQINzL.exe
  C:\Windows\System\LMQINzL.exe
  2⤵
  PID:4292
- C:\Windows\System\VIvxjGj.exe
  C:\Windows\System\VIvxjGj.exe
  2⤵
  PID:4312
- C:\Windows\System\cQqgXHX.exe
  C:\Windows\System\cQqgXHX.exe
  2⤵
  PID:4332
- C:\Windows\System\npxXWfI.exe
  C:\Windows\System\npxXWfI.exe
  2⤵
  PID:4412
- C:\Windows\System\xFBdYfa.exe
  C:\Windows\System\xFBdYfa.exe
  2⤵
  PID:4428
- C:\Windows\System\qdjMdyO.exe
  C:\Windows\System\qdjMdyO.exe
  2⤵
  PID:4452
- C:\Windows\System\TmZMchx.exe
  C:\Windows\System\TmZMchx.exe
  2⤵
  PID:4468
- C:\Windows\System\fgLIQdy.exe
  C:\Windows\System\fgLIQdy.exe
  2⤵
  PID:4484
- C:\Windows\System\zjuQocN.exe
  C:\Windows\System\zjuQocN.exe
  2⤵
  PID:4500
- C:\Windows\System\FaUdFZN.exe
  C:\Windows\System\FaUdFZN.exe
  2⤵
  PID:4520
- C:\Windows\System\KcYTZHD.exe
  C:\Windows\System\KcYTZHD.exe
  2⤵
  PID:4540
- C:\Windows\System\zhWTYCi.exe
  C:\Windows\System\zhWTYCi.exe
  2⤵
  PID:4556
- C:\Windows\System\kHamIOW.exe
  C:\Windows\System\kHamIOW.exe
  2⤵
  PID:4572
- C:\Windows\System\qJUacvh.exe
  C:\Windows\System\qJUacvh.exe
  2⤵
  PID:4596
- C:\Windows\System\CoubtKB.exe
  C:\Windows\System\CoubtKB.exe
  2⤵
  PID:4612
- C:\Windows\System\paTpvos.exe
  C:\Windows\System\paTpvos.exe
  2⤵
  PID:4628
- C:\Windows\System\kKFvBVR.exe
  C:\Windows\System\kKFvBVR.exe
  2⤵
  PID:4672
- C:\Windows\System\pcZcCuI.exe
  C:\Windows\System\pcZcCuI.exe
  2⤵
  PID:4700
- C:\Windows\System\qgSujGc.exe
  C:\Windows\System\qgSujGc.exe
  2⤵
  PID:4716
- C:\Windows\System\buqNlww.exe
  C:\Windows\System\buqNlww.exe
  2⤵
  PID:4736
- C:\Windows\System\oWSAxPZ.exe
  C:\Windows\System\oWSAxPZ.exe
  2⤵
  PID:4768
- C:\Windows\System\mGlcbil.exe
  C:\Windows\System\mGlcbil.exe
  2⤵
  PID:4792
- C:\Windows\System\NmCPgqo.exe
  C:\Windows\System\NmCPgqo.exe
  2⤵
  PID:4808
- C:\Windows\System\hIVpHGZ.exe
  C:\Windows\System\hIVpHGZ.exe
  2⤵
  PID:4824
- C:\Windows\System\sxKvTnn.exe
  C:\Windows\System\sxKvTnn.exe
  2⤵
  PID:4844
- C:\Windows\System\SQfPMSQ.exe
  C:\Windows\System\SQfPMSQ.exe
  2⤵
  PID:4860
- C:\Windows\System\hempOhz.exe
  C:\Windows\System\hempOhz.exe
  2⤵
  PID:4880
- C:\Windows\System\LiKuUuQ.exe
  C:\Windows\System\LiKuUuQ.exe
  2⤵
  PID:4900
- C:\Windows\System\qhmGcbN.exe
  C:\Windows\System\qhmGcbN.exe
  2⤵
  PID:4916
- C:\Windows\System\eYIPFld.exe
  C:\Windows\System\eYIPFld.exe
  2⤵
  PID:4940
- C:\Windows\System\Prkejxv.exe
  C:\Windows\System\Prkejxv.exe
  2⤵
  PID:4956
- C:\Windows\System\JkIBjMg.exe
  C:\Windows\System\JkIBjMg.exe
  2⤵
  PID:4972
- C:\Windows\System\PPAmwqb.exe
  C:\Windows\System\PPAmwqb.exe
  2⤵
  PID:5008
- C:\Windows\System\SboBDhq.exe
  C:\Windows\System\SboBDhq.exe
  2⤵
  PID:5024
- C:\Windows\System\gUBalhV.exe
  C:\Windows\System\gUBalhV.exe
  2⤵
  PID:5044
- C:\Windows\System\SAdIecf.exe
  C:\Windows\System\SAdIecf.exe
  2⤵
  PID:5064
- C:\Windows\System\FvBlyqR.exe
  C:\Windows\System\FvBlyqR.exe
  2⤵
  PID:5084
- C:\Windows\System\SybAVsb.exe
  C:\Windows\System\SybAVsb.exe
  2⤵
  PID:5100
- C:\Windows\System\PRhhZMm.exe
  C:\Windows\System\PRhhZMm.exe
  2⤵
  PID:3580
- C:\Windows\System\dULyorf.exe
  C:\Windows\System\dULyorf.exe
  2⤵
  PID:3612
- C:\Windows\System\nwSuPuJ.exe
  C:\Windows\System\nwSuPuJ.exe
  2⤵
  PID:4184
- C:\Windows\System\qJnIxnH.exe
  C:\Windows\System\qJnIxnH.exe
  2⤵
  PID:4216
- C:\Windows\System\SWWQPjl.exe
  C:\Windows\System\SWWQPjl.exe
  2⤵
  PID:2844
- C:\Windows\System\USgXYMe.exe
  C:\Windows\System\USgXYMe.exe
  2⤵
  PID:3076
- C:\Windows\System\PEhMTHk.exe
  C:\Windows\System\PEhMTHk.exe
  2⤵
  PID:3228
- C:\Windows\System\vNfGQUb.exe
  C:\Windows\System\vNfGQUb.exe
  2⤵
  PID:3504
- C:\Windows\System\waSbhHy.exe
  C:\Windows\System\waSbhHy.exe
  2⤵
  PID:3728
- C:\Windows\System\bYeeqpt.exe
  C:\Windows\System\bYeeqpt.exe
  2⤵
  PID:2884
- C:\Windows\System\OVRiqfp.exe
  C:\Windows\System\OVRiqfp.exe
  2⤵
  PID:3092
- C:\Windows\System\GhoMdeq.exe
  C:\Windows\System\GhoMdeq.exe
  2⤵
  PID:3156
- C:\Windows\System\gtkLDHO.exe
  C:\Windows\System\gtkLDHO.exe
  2⤵
  PID:4300
- C:\Windows\System\pKVtgCL.exe
  C:\Windows\System\pKVtgCL.exe
  2⤵
  PID:2868
- C:\Windows\System\lNFgzxK.exe
  C:\Windows\System\lNFgzxK.exe
  2⤵
  PID:3520
- C:\Windows\System\uICFtDE.exe
  C:\Windows\System\uICFtDE.exe
  2⤵
  PID:3780
- C:\Windows\System\AuFDMMp.exe
  C:\Windows\System\AuFDMMp.exe
  2⤵
  PID:3016
- C:\Windows\System\CbVihlk.exe
  C:\Windows\System\CbVihlk.exe
  2⤵
  PID:3980
- C:\Windows\System\oSbdGfe.exe
  C:\Windows\System\oSbdGfe.exe
  2⤵
  PID:4124
- C:\Windows\System\knSTFUj.exe
  C:\Windows\System\knSTFUj.exe
  2⤵
  PID:4204
- C:\Windows\System\vgDvNzq.exe
  C:\Windows\System\vgDvNzq.exe
  2⤵
  PID:4244
- C:\Windows\System\wLMOLbJ.exe
  C:\Windows\System\wLMOLbJ.exe
  2⤵
  PID:4284
- C:\Windows\System\tIpkmNY.exe
  C:\Windows\System\tIpkmNY.exe
  2⤵
  PID:2396
- C:\Windows\System\mOcubbk.exe
  C:\Windows\System\mOcubbk.exe
  2⤵
  PID:3304
- C:\Windows\System\LJONxBr.exe
  C:\Windows\System\LJONxBr.exe
  2⤵
  PID:3996
- C:\Windows\System\hlFanCB.exe
  C:\Windows\System\hlFanCB.exe
  2⤵
  PID:3848
- C:\Windows\System\bxjZjps.exe
  C:\Windows\System\bxjZjps.exe
  2⤵
  PID:4348
- C:\Windows\System\yMJFkgn.exe
  C:\Windows\System\yMJFkgn.exe
  2⤵
  PID:4364
- C:\Windows\System\pojpLft.exe
  C:\Windows\System\pojpLft.exe
  2⤵
  PID:4380
- C:\Windows\System\kXPiZTX.exe
  C:\Windows\System\kXPiZTX.exe
  2⤵
  PID:4400
- C:\Windows\System\ZGMsAnf.exe
  C:\Windows\System\ZGMsAnf.exe
  2⤵
  PID:4436
- C:\Windows\System\UjvrdnW.exe
  C:\Windows\System\UjvrdnW.exe
  2⤵
  PID:4476
- C:\Windows\System\YioYyBF.exe
  C:\Windows\System\YioYyBF.exe
  2⤵
  PID:4548
- C:\Windows\System\GKAzCEV.exe
  C:\Windows\System\GKAzCEV.exe
  2⤵
  PID:4584
- C:\Windows\System\zcYcIAR.exe
  C:\Windows\System\zcYcIAR.exe
  2⤵
  PID:4564
- C:\Windows\System\MRwbVAv.exe
  C:\Windows\System\MRwbVAv.exe
  2⤵
  PID:4664
- C:\Windows\System\fZwDwNV.exe
  C:\Windows\System\fZwDwNV.exe
  2⤵
  PID:2796
- C:\Windows\System\dgSbkhs.exe
  C:\Windows\System\dgSbkhs.exe
  2⤵
  PID:4692
- C:\Windows\System\WtfDogu.exe
  C:\Windows\System\WtfDogu.exe
  2⤵
  PID:2724
- C:\Windows\System\YIKEsCS.exe
  C:\Windows\System\YIKEsCS.exe
  2⤵
  PID:4756
- C:\Windows\System\gnDPTql.exe
  C:\Windows\System\gnDPTql.exe
  2⤵
  PID:2924
- C:\Windows\System\pdnzwCz.exe
  C:\Windows\System\pdnzwCz.exe
  2⤵
  PID:4776
- C:\Windows\System\rpyDBVB.exe
  C:\Windows\System\rpyDBVB.exe
  2⤵
  PID:4820
- C:\Windows\System\fumSKPA.exe
  C:\Windows\System\fumSKPA.exe
  2⤵
  PID:4936
- C:\Windows\System\CVnmErF.exe
  C:\Windows\System\CVnmErF.exe
  2⤵
  PID:4800
- C:\Windows\System\pJveLzM.exe
  C:\Windows\System\pJveLzM.exe
  2⤵
  PID:4836
- C:\Windows\System\gsOFHsT.exe
  C:\Windows\System\gsOFHsT.exe
  2⤵
  PID:4912
- C:\Windows\System\WNgvnAA.exe
  C:\Windows\System\WNgvnAA.exe
  2⤵
  PID:4840
- C:\Windows\System\DRxkeRT.exe
  C:\Windows\System\DRxkeRT.exe
  2⤵
  PID:1036
- C:\Windows\System\JqYoANZ.exe
  C:\Windows\System\JqYoANZ.exe
  2⤵
  PID:5060
- C:\Windows\System\KnUtJVK.exe
  C:\Windows\System\KnUtJVK.exe
  2⤵
  PID:5096
- C:\Windows\System\pnpDjaz.exe
  C:\Windows\System\pnpDjaz.exe
  2⤵
  PID:5004
- C:\Windows\System\JFytnJO.exe
  C:\Windows\System\JFytnJO.exe
  2⤵
  PID:2752
- C:\Windows\System\rLWmskJ.exe
  C:\Windows\System\rLWmskJ.exe
  2⤵
  PID:2756
- C:\Windows\System\OyozByd.exe
  C:\Windows\System\OyozByd.exe
  2⤵
  PID:960
- C:\Windows\System\BCxFjoP.exe
  C:\Windows\System\BCxFjoP.exe
  2⤵
  PID:4068
- C:\Windows\System\LNGyiii.exe
  C:\Windows\System\LNGyiii.exe
  2⤵
  PID:3376
- C:\Windows\System\WSXVQeZ.exe
  C:\Windows\System\WSXVQeZ.exe
  2⤵
  PID:4256
- C:\Windows\System\DOJksTR.exe
  C:\Windows\System\DOJksTR.exe
  2⤵
  PID:3020
- C:\Windows\System\UBuNNHC.exe
  C:\Windows\System\UBuNNHC.exe
  2⤵
  PID:3628
- C:\Windows\System\wMomIZw.exe
  C:\Windows\System\wMomIZw.exe
  2⤵
  PID:1208
- C:\Windows\System\XvbWejL.exe
  C:\Windows\System\XvbWejL.exe
  2⤵
  PID:1424
- C:\Windows\System\XniKdeZ.exe
  C:\Windows\System\XniKdeZ.exe
  2⤵
  PID:880
- C:\Windows\System\diQzbch.exe
  C:\Windows\System\diQzbch.exe
  2⤵
  PID:3164
- C:\Windows\System\iJTjmAa.exe
  C:\Windows\System\iJTjmAa.exe
  2⤵
  PID:3644
- C:\Windows\System\fHaoyfq.exe
  C:\Windows\System\fHaoyfq.exe
  2⤵
  PID:4156
- C:\Windows\System\JdAZHMp.exe
  C:\Windows\System\JdAZHMp.exe
  2⤵
  PID:4200
- C:\Windows\System\OHIhhrF.exe
  C:\Windows\System\OHIhhrF.exe
  2⤵
  PID:3792
- C:\Windows\System\LhelPRV.exe
  C:\Windows\System\LhelPRV.exe
  2⤵
  PID:1524
- C:\Windows\System\sPbtuUD.exe
  C:\Windows\System\sPbtuUD.exe
  2⤵
  PID:3776
- C:\Windows\System\oyKonnx.exe
  C:\Windows\System\oyKonnx.exe
  2⤵
  PID:2772
- C:\Windows\System\LEdaXFj.exe
  C:\Windows\System\LEdaXFj.exe
  2⤵
  PID:4340
- C:\Windows\System\VCXGcdr.exe
  C:\Windows\System\VCXGcdr.exe
  2⤵
  PID:5116
- C:\Windows\System\TRXJNGq.exe
  C:\Windows\System\TRXJNGq.exe
  2⤵
  PID:4508
- C:\Windows\System\SmrHMqE.exe
  C:\Windows\System\SmrHMqE.exe
  2⤵
  PID:4376
- C:\Windows\System\MFpuWxH.exe
  C:\Windows\System\MFpuWxH.exe
  2⤵
  PID:4608
- C:\Windows\System\qPMFLKY.exe
  C:\Windows\System\qPMFLKY.exe
  2⤵
  PID:4460
- C:\Windows\System\bbmTzTo.exe
  C:\Windows\System\bbmTzTo.exe
  2⤵
  PID:4532
- C:\Windows\System\DmAPrmz.exe
  C:\Windows\System\DmAPrmz.exe
  2⤵
  PID:4644
- C:\Windows\System\GFKizQM.exe
  C:\Windows\System\GFKizQM.exe
  2⤵
  PID:4660
- C:\Windows\System\AMWtdXg.exe
  C:\Windows\System\AMWtdXg.exe
  2⤵
  PID:4748
- C:\Windows\System\BZrUKZI.exe
  C:\Windows\System\BZrUKZI.exe
  2⤵
  PID:4892
- C:\Windows\System\tgNmHbF.exe
  C:\Windows\System\tgNmHbF.exe
  2⤵
  PID:4932
- C:\Windows\System\oiFpugJ.exe
  C:\Windows\System\oiFpugJ.exe
  2⤵
  PID:4804
- C:\Windows\System\LRJwLTe.exe
  C:\Windows\System\LRJwLTe.exe
  2⤵
  PID:4712
- C:\Windows\System\xHeISpg.exe
  C:\Windows\System\xHeISpg.exe
  2⤵
  PID:568
- C:\Windows\System\tazRwSZ.exe
  C:\Windows\System\tazRwSZ.exe
  2⤵
  PID:944
- C:\Windows\System\jIIvRQO.exe
  C:\Windows\System\jIIvRQO.exe
  2⤵
  PID:5052
- C:\Windows\System\zlcJRkz.exe
  C:\Windows\System\zlcJRkz.exe
  2⤵
  PID:5000
- C:\Windows\System\myqqWUg.exe
  C:\Windows\System\myqqWUg.exe
  2⤵
  PID:5032
- C:\Windows\System\HOpcspw.exe
  C:\Windows\System\HOpcspw.exe
  2⤵
  PID:4100
- C:\Windows\System\zsrEGAk.exe
  C:\Windows\System\zsrEGAk.exe
  2⤵
  PID:2300
- C:\Windows\System\XpxQCxo.exe
  C:\Windows\System\XpxQCxo.exe
  2⤵
  PID:2332
- C:\Windows\System\JLmNZkz.exe
  C:\Windows\System\JLmNZkz.exe
  2⤵
  PID:2808
- C:\Windows\System\xJKbpPu.exe
  C:\Windows\System\xJKbpPu.exe
  2⤵
  PID:1740
- C:\Windows\System\XDxjlbL.exe
  C:\Windows\System\XDxjlbL.exe
  2⤵
  PID:2224
- C:\Windows\System\URsdBlo.exe
  C:\Windows\System\URsdBlo.exe
  2⤵
  PID:1824
- C:\Windows\System\zFbIIVz.exe
  C:\Windows\System\zFbIIVz.exe
  2⤵
  PID:2600
- C:\Windows\System\nJhmEil.exe
  C:\Windows\System\nJhmEil.exe
  2⤵
  PID:2392
- C:\Windows\System\dWAxbMY.exe
  C:\Windows\System\dWAxbMY.exe
  2⤵
  PID:4276
- C:\Windows\System\RyNFeWQ.exe
  C:\Windows\System\RyNFeWQ.exe
  2⤵
  PID:4116
- C:\Windows\System\DcrOgVE.exe
  C:\Windows\System\DcrOgVE.exe
  2⤵
  PID:4236
- C:\Windows\System\DUASVYx.exe
  C:\Windows\System\DUASVYx.exe
  2⤵
  PID:4356
- C:\Windows\System\cAPnmAH.exe
  C:\Windows\System\cAPnmAH.exe
  2⤵
  PID:3360
- C:\Windows\System\UYgyKzj.exe
  C:\Windows\System\UYgyKzj.exe
  2⤵
  PID:3516
- C:\Windows\System\dABnlqq.exe
  C:\Windows\System\dABnlqq.exe
  2⤵
  PID:2272
- C:\Windows\System\bURNzkt.exe
  C:\Windows\System\bURNzkt.exe
  2⤵
  PID:4420
- C:\Windows\System\FLjIEoP.exe
  C:\Windows\System\FLjIEoP.exe
  2⤵
  PID:2824
- C:\Windows\System\eTukwLe.exe
  C:\Windows\System\eTukwLe.exe
  2⤵
  PID:3056
- C:\Windows\System\OnFsnuu.exe
  C:\Windows\System\OnFsnuu.exe
  2⤵
  PID:2148
- C:\Windows\System\QAfVKVn.exe
  C:\Windows\System\QAfVKVn.exe
  2⤵
  PID:2972
- C:\Windows\System\ewONyka.exe
  C:\Windows\System\ewONyka.exe
  2⤵
  PID:4752
- C:\Windows\System\ZXkcelM.exe
  C:\Windows\System\ZXkcelM.exe
  2⤵
  PID:5020
- C:\Windows\System\KwquYSd.exe
  C:\Windows\System\KwquYSd.exe
  2⤵
  PID:4876
- C:\Windows\System\oqZRaZy.exe
  C:\Windows\System\oqZRaZy.exe
  2⤵
  PID:2740
- C:\Windows\System\WVzDbnP.exe
  C:\Windows\System\WVzDbnP.exe
  2⤵
  PID:4516
- C:\Windows\System\SoZLnFs.exe
  C:\Windows\System\SoZLnFs.exe
  2⤵
  PID:4064
- C:\Windows\System\OXrmZXX.exe
  C:\Windows\System\OXrmZXX.exe
  2⤵
  PID:1988
- C:\Windows\System\GJSPHRL.exe
  C:\Windows\System\GJSPHRL.exe
  2⤵
  PID:772
- C:\Windows\System\whUgoyN.exe
  C:\Windows\System\whUgoyN.exe
  2⤵
  PID:2560
- C:\Windows\System\mawuvDg.exe
  C:\Windows\System\mawuvDg.exe
  2⤵
  PID:3456
- C:\Windows\System\wWtuRrO.exe
  C:\Windows\System\wWtuRrO.exe
  2⤵
  PID:3168
- C:\Windows\System\IVHkeGb.exe
  C:\Windows\System\IVHkeGb.exe
  2⤵
  PID:4120
- C:\Windows\System\MlEnTog.exe
  C:\Windows\System\MlEnTog.exe
  2⤵
  PID:4512
- C:\Windows\System\QZiQnFW.exe
  C:\Windows\System\QZiQnFW.exe
  2⤵
  PID:4032
- C:\Windows\System\fcWJLuk.exe
  C:\Windows\System\fcWJLuk.exe
  2⤵
  PID:4588
- C:\Windows\System\AlueUzk.exe
  C:\Windows\System\AlueUzk.exe
  2⤵
  PID:4888
- C:\Windows\System\pEmQIzk.exe
  C:\Windows\System\pEmQIzk.exe
  2⤵
  PID:3280
- C:\Windows\System\DPQJItw.exe
  C:\Windows\System\DPQJItw.exe
  2⤵
  PID:4856
- C:\Windows\System\PikgTCl.exe
  C:\Windows\System\PikgTCl.exe
  2⤵
  PID:2292
- C:\Windows\System\UzbuvkW.exe
  C:\Windows\System\UzbuvkW.exe
  2⤵
  PID:4980
- C:\Windows\System\tPukBXQ.exe
  C:\Windows\System\tPukBXQ.exe
  2⤵
  PID:2108
- C:\Windows\System\JgJEWNK.exe
  C:\Windows\System\JgJEWNK.exe
  2⤵
  PID:1472
- C:\Windows\System\vLmbFIy.exe
  C:\Windows\System\vLmbFIy.exe
  2⤵
  PID:2652
- C:\Windows\System\VDPHdRV.exe
  C:\Windows\System\VDPHdRV.exe
  2⤵
  PID:3908
- C:\Windows\System\xABMNhM.exe
  C:\Windows\System\xABMNhM.exe
  2⤵
  PID:1548
- C:\Windows\System\dUwFAYq.exe
  C:\Windows\System\dUwFAYq.exe
  2⤵
  PID:4408
- C:\Windows\System\QumhHWH.exe
  C:\Windows\System\QumhHWH.exe
  2⤵
  PID:676
- C:\Windows\System\yjXZkQy.exe
  C:\Windows\System\yjXZkQy.exe
  2⤵
  PID:844
- C:\Windows\System\FXfMQJj.exe
  C:\Windows\System\FXfMQJj.exe
  2⤵
  PID:4816
- C:\Windows\System\JNOCaPx.exe
  C:\Windows\System\JNOCaPx.exe
  2⤵
  PID:1680
- C:\Windows\System\EybYrML.exe
  C:\Windows\System\EybYrML.exe
  2⤵
  PID:2760
- C:\Windows\System\IZLFtku.exe
  C:\Windows\System\IZLFtku.exe
  2⤵
  PID:2204
- C:\Windows\System\ryQcbgx.exe
  C:\Windows\System\ryQcbgx.exe
  2⤵
  PID:856
- C:\Windows\System\cRPnYbI.exe
  C:\Windows\System\cRPnYbI.exe
  2⤵
  PID:2568
- C:\Windows\System\NrkcJYM.exe
  C:\Windows\System\NrkcJYM.exe
  2⤵
  PID:4388
- C:\Windows\System\OjRhUUR.exe
  C:\Windows\System\OjRhUUR.exe
  2⤵
  PID:1144
- C:\Windows\System\vXdqddN.exe
  C:\Windows\System\vXdqddN.exe
  2⤵
  PID:580
- C:\Windows\System\lyxepWb.exe
  C:\Windows\System\lyxepWb.exe
  2⤵
  PID:1976
- C:\Windows\System\SeZlFxC.exe
  C:\Windows\System\SeZlFxC.exe
  2⤵
  PID:2192
- C:\Windows\System\tHhKLvA.exe
  C:\Windows\System\tHhKLvA.exe
  2⤵
  PID:2512
- C:\Windows\System\xbGZBrY.exe
  C:\Windows\System\xbGZBrY.exe
  2⤵
  PID:4492
- C:\Windows\System\NTaFOTp.exe
  C:\Windows\System\NTaFOTp.exe
  2⤵
  PID:4732
- C:\Windows\System\FHUgcoE.exe
  C:\Windows\System\FHUgcoE.exe
  2⤵
  PID:4620
- C:\Windows\System\pXEUPHY.exe
  C:\Windows\System\pXEUPHY.exe
  2⤵
  PID:4988
- C:\Windows\System\bRpnlMz.exe
  C:\Windows\System\bRpnlMz.exe
  2⤵
  PID:3924
- C:\Windows\System\eGetAJy.exe
  C:\Windows\System\eGetAJy.exe
  2⤵
  PID:4656
- C:\Windows\System\MmADqta.exe
  C:\Windows\System\MmADqta.exe
  2⤵
  PID:3052
- C:\Windows\System\AXtpyxj.exe
  C:\Windows\System\AXtpyxj.exe
  2⤵
  PID:2496
- C:\Windows\System\QflQTpA.exe
  C:\Windows\System\QflQTpA.exe
  2⤵
  PID:5144
- C:\Windows\System\vPXxaeN.exe
  C:\Windows\System\vPXxaeN.exe
  2⤵
  PID:5160
- C:\Windows\System\ZxkCEhi.exe
  C:\Windows\System\ZxkCEhi.exe
  2⤵
  PID:5180
- C:\Windows\System\tfzVLEK.exe
  C:\Windows\System\tfzVLEK.exe
  2⤵
  PID:5196
- C:\Windows\System\WGYKeAi.exe
  C:\Windows\System\WGYKeAi.exe
  2⤵
  PID:5224
- C:\Windows\System\sfRZbpP.exe
  C:\Windows\System\sfRZbpP.exe
  2⤵
  PID:5240
- C:\Windows\System\nwwuGFm.exe
  C:\Windows\System\nwwuGFm.exe
  2⤵
  PID:5260
- C:\Windows\System\DLhWbEW.exe
  C:\Windows\System\DLhWbEW.exe
  2⤵
  PID:5276
- C:\Windows\System\MwargpM.exe
  C:\Windows\System\MwargpM.exe
  2⤵
  PID:5292
- C:\Windows\System\gEFlCVb.exe
  C:\Windows\System\gEFlCVb.exe
  2⤵
  PID:5328
- C:\Windows\System\XMlQkBl.exe
  C:\Windows\System\XMlQkBl.exe
  2⤵
  PID:5348
- C:\Windows\System\cMicViB.exe
  C:\Windows\System\cMicViB.exe
  2⤵
  PID:5364
- C:\Windows\System\pHMuWDA.exe
  C:\Windows\System\pHMuWDA.exe
  2⤵
  PID:5380
- C:\Windows\System\DNfTKdA.exe
  C:\Windows\System\DNfTKdA.exe
  2⤵
  PID:5408
- C:\Windows\System\zwadriL.exe
  C:\Windows\System\zwadriL.exe
  2⤵
  PID:5428
- C:\Windows\System\aSYmqDU.exe
  C:\Windows\System\aSYmqDU.exe
  2⤵
  PID:5444
- C:\Windows\System\EQFQgfd.exe
  C:\Windows\System\EQFQgfd.exe
  2⤵
  PID:5464
- C:\Windows\System\dDYMfRo.exe
  C:\Windows\System\dDYMfRo.exe
  2⤵
  PID:5488
- C:\Windows\System\VOxgLKV.exe
  C:\Windows\System\VOxgLKV.exe
  2⤵
  PID:5504
- C:\Windows\System\ExgKuEt.exe
  C:\Windows\System\ExgKuEt.exe
  2⤵
  PID:5520
- C:\Windows\System\KBxaEUu.exe
  C:\Windows\System\KBxaEUu.exe
  2⤵
  PID:5536
- C:\Windows\System\MUnmpnH.exe
  C:\Windows\System\MUnmpnH.exe
  2⤵
  PID:5560
- C:\Windows\System\ZVQBXvw.exe
  C:\Windows\System\ZVQBXvw.exe
  2⤵
  PID:5580
- C:\Windows\System\RzAMftE.exe
  C:\Windows\System\RzAMftE.exe
  2⤵
  PID:5596
- C:\Windows\System\RISSJnD.exe
  C:\Windows\System\RISSJnD.exe
  2⤵
  PID:5620
- C:\Windows\System\gNSyQMs.exe
  C:\Windows\System\gNSyQMs.exe
  2⤵
  PID:5648
- C:\Windows\System\QKIRATY.exe
  C:\Windows\System\QKIRATY.exe
  2⤵
  PID:5664
- C:\Windows\System\qtABIEW.exe
  C:\Windows\System\qtABIEW.exe
  2⤵
  PID:5688
- C:\Windows\System\gYbyHjh.exe
  C:\Windows\System\gYbyHjh.exe
  2⤵
  PID:5704
- C:\Windows\System\ePZAALZ.exe
  C:\Windows\System\ePZAALZ.exe
  2⤵
  PID:5720
- C:\Windows\System\KhAHMyk.exe
  C:\Windows\System\KhAHMyk.exe
  2⤵
  PID:5740
- C:\Windows\System\ReHOoww.exe
  C:\Windows\System\ReHOoww.exe
  2⤵
  PID:5768
- C:\Windows\System\imfrMlH.exe
  C:\Windows\System\imfrMlH.exe
  2⤵
  PID:5792
- C:\Windows\System\MgGLDys.exe
  C:\Windows\System\MgGLDys.exe
  2⤵
  PID:5808
- C:\Windows\System\bGQNzsw.exe
  C:\Windows\System\bGQNzsw.exe
  2⤵
  PID:5828
- C:\Windows\System\ARtPqSm.exe
  C:\Windows\System\ARtPqSm.exe
  2⤵
  PID:5844
- C:\Windows\System\bmsDXoy.exe
  C:\Windows\System\bmsDXoy.exe
  2⤵
  PID:5864
- C:\Windows\System\totdxPT.exe
  C:\Windows\System\totdxPT.exe
  2⤵
  PID:5884
- C:\Windows\System\pCwoatT.exe
  C:\Windows\System\pCwoatT.exe
  2⤵
  PID:5900
- C:\Windows\System\wDUKYLH.exe
  C:\Windows\System\wDUKYLH.exe
  2⤵
  PID:5920
- C:\Windows\System\kwnAezx.exe
  C:\Windows\System\kwnAezx.exe
  2⤵
  PID:5936
- C:\Windows\System\wdCYpMj.exe
  C:\Windows\System\wdCYpMj.exe
  2⤵
  PID:5972
- C:\Windows\System\ToLrUYc.exe
  C:\Windows\System\ToLrUYc.exe
  2⤵
  PID:5988
- C:\Windows\System\nlNWHZY.exe
  C:\Windows\System\nlNWHZY.exe
  2⤵
  PID:6004
- C:\Windows\System\trglnBB.exe
  C:\Windows\System\trglnBB.exe
  2⤵
  PID:6024
- C:\Windows\System\lMWAkSX.exe
  C:\Windows\System\lMWAkSX.exe
  2⤵
  PID:6044
- C:\Windows\System\IcRhgGh.exe
  C:\Windows\System\IcRhgGh.exe
  2⤵
  PID:6060
- C:\Windows\System\MPCzoPL.exe
  C:\Windows\System\MPCzoPL.exe
  2⤵
  PID:6076
- C:\Windows\System\SVdIbSO.exe
  C:\Windows\System\SVdIbSO.exe
  2⤵
  PID:6092
- C:\Windows\System\yFJlDYL.exe
  C:\Windows\System\yFJlDYL.exe
  2⤵
  PID:6108
- C:\Windows\System\CKiKIRU.exe
  C:\Windows\System\CKiKIRU.exe
  2⤵
  PID:6124
- C:\Windows\System\ULbFTYQ.exe
  C:\Windows\System\ULbFTYQ.exe
  2⤵
  PID:5124
- C:\Windows\System\wHWXtrD.exe
  C:\Windows\System\wHWXtrD.exe
  2⤵
  PID:5136
- C:\Windows\System\ogbylTU.exe
  C:\Windows\System\ogbylTU.exe
  2⤵
  PID:5128
- C:\Windows\System\OUIqGVu.exe
  C:\Windows\System\OUIqGVu.exe
  2⤵
  PID:5192
- C:\Windows\System\zObSbih.exe
  C:\Windows\System\zObSbih.exe
  2⤵
  PID:5220
- C:\Windows\System\gzLJJJe.exe
  C:\Windows\System\gzLJJJe.exe
  2⤵
  PID:5272
- C:\Windows\System\jAgBoDq.exe
  C:\Windows\System\jAgBoDq.exe
  2⤵
  PID:5252
- C:\Windows\System\lZdMBXT.exe
  C:\Windows\System\lZdMBXT.exe
  2⤵
  PID:5288
- C:\Windows\System\TuuyiVM.exe
  C:\Windows\System\TuuyiVM.exe
  2⤵
  PID:5356
- C:\Windows\System\GKgJppl.exe
  C:\Windows\System\GKgJppl.exe
  2⤵
  PID:5416
- C:\Windows\System\SIQQVBt.exe
  C:\Windows\System\SIQQVBt.exe
  2⤵
  PID:5452
- C:\Windows\System\XMXQBsv.exe
  C:\Windows\System\XMXQBsv.exe
  2⤵
  PID:5484
- C:\Windows\System\ygMvtei.exe
  C:\Windows\System\ygMvtei.exe
  2⤵
  PID:5512
- C:\Windows\System\CvrYBql.exe
  C:\Windows\System\CvrYBql.exe
  2⤵
  PID:5592
- C:\Windows\System\pzrYroh.exe
  C:\Windows\System\pzrYroh.exe
  2⤵
  PID:5628
- C:\Windows\System\ktnicUF.exe
  C:\Windows\System\ktnicUF.exe
  2⤵
  PID:5576
- C:\Windows\System\jOwKKMb.exe
  C:\Windows\System\jOwKKMb.exe
  2⤵
  PID:5608
- C:\Windows\System\RUkvWhn.exe
  C:\Windows\System\RUkvWhn.exe
  2⤵
  PID:5672
- C:\Windows\System\UWyHwDe.exe
  C:\Windows\System\UWyHwDe.exe
  2⤵
  PID:5712
- C:\Windows\System\bGosBWe.exe
  C:\Windows\System\bGosBWe.exe
  2⤵
  PID:5748
- C:\Windows\System\acqhuIB.exe
  C:\Windows\System\acqhuIB.exe
  2⤵
  PID:5764
- C:\Windows\System\StrpwBd.exe
  C:\Windows\System\StrpwBd.exe
  2⤵
  PID:5736
- C:\Windows\System\aumfMbZ.exe
  C:\Windows\System\aumfMbZ.exe
  2⤵
  PID:5788
- C:\Windows\System\ygzjfOs.exe
  C:\Windows\System\ygzjfOs.exe
  2⤵
  PID:5912
- C:\Windows\System\SMVGaSS.exe
  C:\Windows\System\SMVGaSS.exe
  2⤵
  PID:5860
- C:\Windows\System\lNGzulD.exe
  C:\Windows\System\lNGzulD.exe
  2⤵
  PID:5948
- C:\Windows\System\eEfssyi.exe
  C:\Windows\System\eEfssyi.exe
  2⤵
  PID:5968
- C:\Windows\System\uTsVBmB.exe
  C:\Windows\System\uTsVBmB.exe
  2⤵
  PID:6036
- C:\Windows\System\kbgxzqQ.exe
  C:\Windows\System\kbgxzqQ.exe
  2⤵
  PID:6032
- C:\Windows\System\HhHxVNs.exe
  C:\Windows\System\HhHxVNs.exe
  2⤵
  PID:6052
- C:\Windows\System\hKXbwKW.exe
  C:\Windows\System\hKXbwKW.exe
  2⤵
  PID:6104
- C:\Windows\System\sinZRkV.exe
  C:\Windows\System\sinZRkV.exe
  2⤵
  PID:2996
- C:\Windows\System\VBtCVih.exe
  C:\Windows\System\VBtCVih.exe
  2⤵
  PID:5304
- C:\Windows\System\SIrlrKX.exe
  C:\Windows\System\SIrlrKX.exe
  2⤵
  PID:5340
- C:\Windows\System\AYCbLLq.exe
  C:\Windows\System\AYCbLLq.exe
  2⤵
  PID:5188
- C:\Windows\System\iOlIKDn.exe
  C:\Windows\System\iOlIKDn.exe
  2⤵
  PID:5268
- C:\Windows\System\rkCoLuS.exe
  C:\Windows\System\rkCoLuS.exe
  2⤵
  PID:5388
- C:\Windows\System\zoakQyB.exe
  C:\Windows\System\zoakQyB.exe
  2⤵
  PID:5372
- C:\Windows\System\iTdtzPZ.exe
  C:\Windows\System\iTdtzPZ.exe
  2⤵
  PID:5396
- C:\Windows\System\cOWhCNR.exe
  C:\Windows\System\cOWhCNR.exe
  2⤵
  PID:5460
- C:\Windows\System\himHExE.exe
  C:\Windows\System\himHExE.exe
  2⤵
  PID:5516
- C:\Windows\System\WmFwwKX.exe
  C:\Windows\System\WmFwwKX.exe
  2⤵
  PID:5552
- C:\Windows\System\wJrBdzP.exe
  C:\Windows\System\wJrBdzP.exe
  2⤵
  PID:5532
- C:\Windows\System\wozQXGm.exe
  C:\Windows\System\wozQXGm.exe
  2⤵
  PID:5500
- C:\Windows\System\QCYKKuO.exe
  C:\Windows\System\QCYKKuO.exe
  2⤵
  PID:5640
- C:\Windows\System\AtrjXRi.exe
  C:\Windows\System\AtrjXRi.exe
  2⤵
  PID:5728
- C:\Windows\System\bcvFLon.exe
  C:\Windows\System\bcvFLon.exe
  2⤵
  PID:5856
- C:\Windows\System\JifLSAv.exe
  C:\Windows\System\JifLSAv.exe
  2⤵
  PID:5980
- C:\Windows\System\tEcPHUn.exe
  C:\Windows\System\tEcPHUn.exe
  2⤵
  PID:5840
- C:\Windows\System\AsHOdFp.exe
  C:\Windows\System\AsHOdFp.exe
  2⤵
  PID:5876
- C:\Windows\System\FlcLvkU.exe
  C:\Windows\System\FlcLvkU.exe
  2⤵
  PID:5928
- C:\Windows\System\ugDkren.exe
  C:\Windows\System\ugDkren.exe
  2⤵
  PID:5996
- C:\Windows\System\XuZxYyz.exe
  C:\Windows\System\XuZxYyz.exe
  2⤵
  PID:6140
- C:\Windows\System\oZjRSzv.exe
  C:\Windows\System\oZjRSzv.exe
  2⤵
  PID:6068
- C:\Windows\System\WRLqrFG.exe
  C:\Windows\System\WRLqrFG.exe
  2⤵
  PID:5232
- C:\Windows\System\WPyLYsJ.exe
  C:\Windows\System\WPyLYsJ.exe
  2⤵
  PID:6088
- C:\Windows\System\usVkdkv.exe
  C:\Windows\System\usVkdkv.exe
  2⤵
  PID:5248
- C:\Windows\System\NjxrHbV.exe
  C:\Windows\System\NjxrHbV.exe
  2⤵
  PID:5376
- C:\Windows\System\CDQICNw.exe
  C:\Windows\System\CDQICNw.exe
  2⤵
  PID:5548
- C:\Windows\System\SRbBWFg.exe
  C:\Windows\System\SRbBWFg.exe
  2⤵
  PID:3024
- C:\Windows\System\zMYNzKa.exe
  C:\Windows\System\zMYNzKa.exe
  2⤵
  PID:5636
- C:\Windows\System\BUDuCnX.exe
  C:\Windows\System\BUDuCnX.exe
  2⤵
  PID:5804
- C:\Windows\System\zLXHLFg.exe
  C:\Windows\System\zLXHLFg.exe
  2⤵
  PID:5700
- C:\Windows\System\EZDBmpc.exe
  C:\Windows\System\EZDBmpc.exe
  2⤵
  PID:5780
- C:\Windows\System\ADnjunY.exe
  C:\Windows\System\ADnjunY.exe
  2⤵
  PID:5984
- C:\Windows\System\tZiYyaj.exe
  C:\Windows\System\tZiYyaj.exe
  2⤵
  PID:5480
- C:\Windows\System\AvLYljJ.exe
  C:\Windows\System\AvLYljJ.exe
  2⤵
  PID:5944
- C:\Windows\System\ZcbHztA.exe
  C:\Windows\System\ZcbHztA.exe
  2⤵
  PID:6120
- C:\Windows\System\AoNuoZd.exe
  C:\Windows\System\AoNuoZd.exe
  2⤵
  PID:6152
- C:\Windows\System\lLKjMpM.exe
  C:\Windows\System\lLKjMpM.exe
  2⤵
  PID:6364
- C:\Windows\System\AffYcTh.exe
  C:\Windows\System\AffYcTh.exe
  2⤵
  PID:6380
- C:\Windows\System\dcYtRYO.exe
  C:\Windows\System\dcYtRYO.exe
  2⤵
  PID:6396
- C:\Windows\System\LZNBFdJ.exe
  C:\Windows\System\LZNBFdJ.exe
  2⤵
  PID:6412
- C:\Windows\System\sluzzGt.exe
  C:\Windows\System\sluzzGt.exe
  2⤵
  PID:6440
- C:\Windows\System\kPZERDs.exe
  C:\Windows\System\kPZERDs.exe
  2⤵
  PID:6456
- C:\Windows\System\psdeMWy.exe
  C:\Windows\System\psdeMWy.exe
  2⤵
  PID:6472
- C:\Windows\System\XTXoVxE.exe
  C:\Windows\System\XTXoVxE.exe
  2⤵
  PID:6492
- C:\Windows\System\okndlmW.exe
  C:\Windows\System\okndlmW.exe
  2⤵
  PID:6516
- C:\Windows\System\KCPMiLm.exe
  C:\Windows\System\KCPMiLm.exe
  2⤵
  PID:6540
- C:\Windows\System\NuUweWJ.exe
  C:\Windows\System\NuUweWJ.exe
  2⤵
  PID:6560
- C:\Windows\System\rRyAHKM.exe
  C:\Windows\System\rRyAHKM.exe
  2⤵
  PID:6580
- C:\Windows\System\YCkEEft.exe
  C:\Windows\System\YCkEEft.exe
  2⤵
  PID:6596
- C:\Windows\System\NNmqzzd.exe
  C:\Windows\System\NNmqzzd.exe
  2⤵
  PID:6620
- C:\Windows\System\OzFHFsF.exe
  C:\Windows\System\OzFHFsF.exe
  2⤵
  PID:6636
- C:\Windows\System\gUTwDJa.exe
  C:\Windows\System\gUTwDJa.exe
  2⤵
  PID:6652
- C:\Windows\System\EirdoHC.exe
  C:\Windows\System\EirdoHC.exe
  2⤵
  PID:6668
- C:\Windows\System\IbEVOqu.exe
  C:\Windows\System\IbEVOqu.exe
  2⤵
  PID:6684
- C:\Windows\System\CVAgZKU.exe
  C:\Windows\System\CVAgZKU.exe
  2⤵
  PID:6720
- C:\Windows\System\hhaJaAP.exe
  C:\Windows\System\hhaJaAP.exe
  2⤵
  PID:6736
- C:\Windows\System\chTgudI.exe
  C:\Windows\System\chTgudI.exe
  2⤵
  PID:6756
- C:\Windows\System\VUUbdST.exe
  C:\Windows\System\VUUbdST.exe
  2⤵
  PID:6772
- C:\Windows\System\hduRYrt.exe
  C:\Windows\System\hduRYrt.exe
  2⤵
  PID:6788
- C:\Windows\System\hbuNJmu.exe
  C:\Windows\System\hbuNJmu.exe
  2⤵
  PID:6812
- C:\Windows\System\PabrqNb.exe
  C:\Windows\System\PabrqNb.exe
  2⤵
  PID:6828
- C:\Windows\System\IojPPgW.exe
  C:\Windows\System\IojPPgW.exe
  2⤵
  PID:6852
- C:\Windows\System\AhTLHal.exe
  C:\Windows\System\AhTLHal.exe
  2⤵
  PID:6868
- C:\Windows\System\HlJWjiB.exe
  C:\Windows\System\HlJWjiB.exe
  2⤵
  PID:6888
- C:\Windows\System\IiFkCdX.exe
  C:\Windows\System\IiFkCdX.exe
  2⤵
  PID:6904
- C:\Windows\System\UdTNMih.exe
  C:\Windows\System\UdTNMih.exe
  2⤵
  PID:6920
- C:\Windows\System\jamqOsY.exe
  C:\Windows\System\jamqOsY.exe
  2⤵
  PID:6940
- C:\Windows\System\ErwnJXr.exe
  C:\Windows\System\ErwnJXr.exe
  2⤵
  PID:6960
- C:\Windows\System\GljorsX.exe
  C:\Windows\System\GljorsX.exe
  2⤵
  PID:6976
- C:\Windows\System\OQPcbJZ.exe
  C:\Windows\System\OQPcbJZ.exe
  2⤵
  PID:6996
- C:\Windows\System\tkKbcVy.exe
  C:\Windows\System\tkKbcVy.exe
  2⤵
  PID:7028
- C:\Windows\System\qvLMIUP.exe
  C:\Windows\System\qvLMIUP.exe
  2⤵
  PID:7068
- C:\Windows\System\EGAqORU.exe
  C:\Windows\System\EGAqORU.exe
  2⤵
  PID:7084
- C:\Windows\System\AEToxHe.exe
  C:\Windows\System\AEToxHe.exe
  2⤵
  PID:7100
- C:\Windows\System\pxmRwku.exe
  C:\Windows\System\pxmRwku.exe
  2⤵
  PID:7116
- C:\Windows\System\PlRlsxr.exe
  C:\Windows\System\PlRlsxr.exe
  2⤵
  PID:7132
- C:\Windows\System\HwcBVsV.exe
  C:\Windows\System\HwcBVsV.exe
  2⤵
  PID:7152
- C:\Windows\System\iuJyELH.exe
  C:\Windows\System\iuJyELH.exe
  2⤵
  PID:6000
- C:\Windows\System\YXTswum.exe
  C:\Windows\System\YXTswum.exe
  2⤵
  PID:6136
- C:\Windows\System\cMOowjM.exe
  C:\Windows\System\cMOowjM.exe
  2⤵
  PID:5952
- C:\Windows\System\NhhFFLT.exe
  C:\Windows\System\NhhFFLT.exe
  2⤵
  PID:5132
- C:\Windows\System\bedzMwV.exe
  C:\Windows\System\bedzMwV.exe
  2⤵
  PID:5216
- C:\Windows\System\LUWtWYw.exe
  C:\Windows\System\LUWtWYw.exe
  2⤵
  PID:6204
- C:\Windows\System\RvrcJip.exe
  C:\Windows\System\RvrcJip.exe
  2⤵
  PID:6224
- C:\Windows\System\aLVLyfs.exe
  C:\Windows\System\aLVLyfs.exe
  2⤵
  PID:6240
- C:\Windows\System\IXlwCmE.exe
  C:\Windows\System\IXlwCmE.exe
  2⤵
  PID:6256
- C:\Windows\System\PWkJMEb.exe
  C:\Windows\System\PWkJMEb.exe
  2⤵
  PID:6276
- C:\Windows\System\ODnkrCB.exe
  C:\Windows\System\ODnkrCB.exe
  2⤵
  PID:6308
- C:\Windows\System\XtDvsQI.exe
  C:\Windows\System\XtDvsQI.exe
  2⤵
  PID:6332
- C:\Windows\System\sjdxaJO.exe
  C:\Windows\System\sjdxaJO.exe
  2⤵
  PID:6348
- C:\Windows\System\RsdFaIC.exe
  C:\Windows\System\RsdFaIC.exe
  2⤵
  PID:2032
- C:\Windows\System\GfgiAmr.exe
  C:\Windows\System\GfgiAmr.exe
  2⤵
  PID:6164
- C:\Windows\System\CPAJoyE.exe
  C:\Windows\System\CPAJoyE.exe
  2⤵
  PID:6420
- C:\Windows\System\AUtXxDz.exe
  C:\Windows\System\AUtXxDz.exe
  2⤵
  PID:6376
- C:\Windows\System\fCKiDjg.exe
  C:\Windows\System\fCKiDjg.exe
  2⤵
  PID:6408
- C:\Windows\System\UfWvLZA.exe
  C:\Windows\System\UfWvLZA.exe
  2⤵
  PID:6528
- C:\Windows\System\GWaxAhy.exe
  C:\Windows\System\GWaxAhy.exe
  2⤵
  PID:6020
- C:\Windows\System\prunbRS.exe
  C:\Windows\System\prunbRS.exe
  2⤵
  PID:6180
- C:\Windows\System\gneTGKY.exe
  C:\Windows\System\gneTGKY.exe
  2⤵
  PID:6552
- C:\Windows\System\JNLdagz.exe
  C:\Windows\System\JNLdagz.exe
  2⤵
  PID:6664
- C:\Windows\System\OYiOXsW.exe
  C:\Windows\System\OYiOXsW.exe
  2⤵
  PID:6712
- C:\Windows\System\kptuUFa.exe
  C:\Windows\System\kptuUFa.exe
  2⤵
  PID:6572
- C:\Windows\System\PEBrsoK.exe
  C:\Windows\System\PEBrsoK.exe
  2⤵
  PID:6752
- C:\Windows\System\IAPKGra.exe
  C:\Windows\System\IAPKGra.exe
  2⤵
  PID:6728
- C:\Windows\System\pylBVQS.exe
  C:\Windows\System\pylBVQS.exe
  2⤵
  PID:6800
- C:\Windows\System\eGkiYfO.exe
  C:\Windows\System\eGkiYfO.exe
  2⤵
  PID:6732
- C:\Windows\System\ljQnpeD.exe
  C:\Windows\System\ljQnpeD.exe
  2⤵
  PID:6952
- C:\Windows\System\boyhjYv.exe
  C:\Windows\System\boyhjYv.exe
  2⤵
  PID:6880
- C:\Windows\System\YKNLhUv.exe
  C:\Windows\System\YKNLhUv.exe
  2⤵
  PID:6848
- C:\Windows\System\uECjGih.exe
  C:\Windows\System\uECjGih.exe
  2⤵
  PID:6928
- C:\Windows\System\OHojkSA.exe
  C:\Windows\System\OHojkSA.exe
  2⤵
  PID:7004
- C:\Windows\System\QpHInrB.exe
  C:\Windows\System\QpHInrB.exe
  2⤵
  PID:7024
- C:\Windows\System\CFFVupW.exe
  C:\Windows\System\CFFVupW.exe
  2⤵
  PID:7052
- C:\Windows\System\TUQudvQ.exe
  C:\Windows\System\TUQudvQ.exe
  2⤵
  PID:7160
- C:\Windows\System\ofjpqCh.exe
  C:\Windows\System\ofjpqCh.exe
  2⤵
  PID:5824
- C:\Windows\System\GqMuMLB.exe
  C:\Windows\System\GqMuMLB.exe
  2⤵
  PID:5760
- C:\Windows\System\gAIjHIQ.exe
  C:\Windows\System\gAIjHIQ.exe
  2⤵
  PID:5236
- C:\Windows\System\ZLuXCJo.exe
  C:\Windows\System\ZLuXCJo.exe
  2⤵
  PID:6216
- C:\Windows\System\AjaOGFD.exe
  C:\Windows\System\AjaOGFD.exe
  2⤵
  PID:6296
- C:\Windows\System\JTZVlmD.exe
  C:\Windows\System\JTZVlmD.exe
  2⤵
  PID:2948
- C:\Windows\System\atNlYhE.exe
  C:\Windows\System\atNlYhE.exe
  2⤵
  PID:6300
- C:\Windows\System\axTDxcd.exe
  C:\Windows\System\axTDxcd.exe
  2⤵
  PID:6072
- C:\Windows\System\OWoloVE.exe
  C:\Windows\System\OWoloVE.exe
  2⤵
  PID:6452
- C:\Windows\System\NynUBSD.exe
  C:\Windows\System\NynUBSD.exe
  2⤵
  PID:6116
- C:\Windows\System\IwEPtYe.exe
  C:\Windows\System\IwEPtYe.exe
  2⤵
  PID:6484
- C:\Windows\System\esvBcCv.exe
  C:\Windows\System\esvBcCv.exe
  2⤵
  PID:5344
- C:\Windows\System\mmlOfJR.exe
  C:\Windows\System\mmlOfJR.exe
  2⤵
  PID:6232
- C:\Windows\System\KOSZkdp.exe
  C:\Windows\System\KOSZkdp.exe
  2⤵
  PID:6592
- C:\Windows\System\eiQintE.exe
  C:\Windows\System\eiQintE.exe
  2⤵
  PID:6748
- C:\Windows\System\OPnpBgI.exe
  C:\Windows\System\OPnpBgI.exe
  2⤵
  PID:6436
- C:\Windows\System\bMzknxH.exe
  C:\Windows\System\bMzknxH.exe
  2⤵
  PID:6524
- C:\Windows\System\gVfCcdh.exe
  C:\Windows\System\gVfCcdh.exe
  2⤵
  PID:6612
- C:\Windows\System\SuPqkAh.exe
  C:\Windows\System\SuPqkAh.exe
  2⤵
  PID:6676
- C:\Windows\System\qrefkpj.exe
  C:\Windows\System\qrefkpj.exe
  2⤵
  PID:6916
- C:\Windows\System\oVAWppg.exe
  C:\Windows\System\oVAWppg.exe
  2⤵
  PID:7016
- C:\Windows\System\bRCdbqm.exe
  C:\Windows\System\bRCdbqm.exe
  2⤵
  PID:6804
- C:\Windows\System\RlqAVFH.exe
  C:\Windows\System\RlqAVFH.exe
  2⤵
  PID:6836
- C:\Windows\System\tsJNgUN.exe
  C:\Windows\System\tsJNgUN.exe
  2⤵
  PID:7096
- C:\Windows\System\eJlKZtg.exe
  C:\Windows\System\eJlKZtg.exe
  2⤵
  PID:5572
- C:\Windows\System\FqGQkEW.exe
  C:\Windows\System\FqGQkEW.exe
  2⤵
  PID:5400
- C:\Windows\System\goTwqZM.exe
  C:\Windows\System\goTwqZM.exe
  2⤵
  PID:7076
- C:\Windows\System\crfCbSJ.exe
  C:\Windows\System\crfCbSJ.exe
  2⤵
  PID:6184
- C:\Windows\System\IZGiKUy.exe
  C:\Windows\System\IZGiKUy.exe
  2⤵
  PID:6200
- C:\Windows\System\XoCHMOF.exe
  C:\Windows\System\XoCHMOF.exe
  2⤵
  PID:5696
- C:\Windows\System\cMPjuJX.exe
  C:\Windows\System\cMPjuJX.exe
  2⤵
  PID:6264
- C:\Windows\System\iwokAPW.exe
  C:\Windows\System\iwokAPW.exe
  2⤵
  PID:6320
- C:\Windows\System\mfmlZXQ.exe
  C:\Windows\System\mfmlZXQ.exe
  2⤵
  PID:6660
- C:\Windows\System\meYSLyR.exe
  C:\Windows\System\meYSLyR.exe
  2⤵
  PID:6360
- C:\Windows\System\kZWYIVN.exe
  C:\Windows\System\kZWYIVN.exe
  2⤵
  PID:6568
- C:\Windows\System\AQSZuXn.exe
  C:\Windows\System\AQSZuXn.exe
  2⤵
  PID:6704
- C:\Windows\System\xKLAueh.exe
  C:\Windows\System\xKLAueh.exe
  2⤵
  PID:7020
- C:\Windows\System\zDElzPw.exe
  C:\Windows\System\zDElzPw.exe
  2⤵
  PID:6992
- C:\Windows\System\RFlwPnQ.exe
  C:\Windows\System\RFlwPnQ.exe
  2⤵
  PID:6608
- C:\Windows\System\XAHgaNI.exe
  C:\Windows\System\XAHgaNI.exe
  2⤵
  PID:7012
- C:\Windows\System\GufliUV.exe
  C:\Windows\System\GufliUV.exe
  2⤵
  PID:7040
- C:\Windows\System\DovLmqq.exe
  C:\Windows\System\DovLmqq.exe
  2⤵
  PID:7144
- C:\Windows\System\gnvChsx.exe
  C:\Windows\System\gnvChsx.exe
  2⤵
  PID:6252
- C:\Windows\System\EojAwxs.exe
  C:\Windows\System\EojAwxs.exe
  2⤵
  PID:6196
- C:\Windows\System\DOrYjUZ.exe
  C:\Windows\System\DOrYjUZ.exe
  2⤵
  PID:6512
- C:\Windows\System\qNKkotU.exe
  C:\Windows\System\qNKkotU.exe
  2⤵
  PID:6176
- C:\Windows\System\ZKHVPMq.exe
  C:\Windows\System\ZKHVPMq.exe
  2⤵
  PID:6324
- C:\Windows\System\HfiAtef.exe
  C:\Windows\System\HfiAtef.exe
  2⤵
  PID:7080
- C:\Windows\System\BsBnCoC.exe
  C:\Windows\System\BsBnCoC.exe
  2⤵
  PID:7060
- C:\Windows\System\lciImli.exe
  C:\Windows\System\lciImli.exe
  2⤵
  PID:6284
- C:\Windows\System\JCxeUWZ.exe
  C:\Windows\System\JCxeUWZ.exe
  2⤵
  PID:6304
- C:\Windows\System\EichuWt.exe
  C:\Windows\System\EichuWt.exe
  2⤵
  PID:7192
- C:\Windows\System\LQIoqPR.exe
  C:\Windows\System\LQIoqPR.exe
  2⤵
  PID:7208
- C:\Windows\System\GUrVaxn.exe
  C:\Windows\System\GUrVaxn.exe
  2⤵
  PID:7224
- C:\Windows\System\mDcSdmC.exe
  C:\Windows\System\mDcSdmC.exe
  2⤵
  PID:7240
- C:\Windows\System\SKVNvSN.exe
  C:\Windows\System\SKVNvSN.exe
  2⤵
  PID:7256
- C:\Windows\System\tcrvXie.exe
  C:\Windows\System\tcrvXie.exe
  2⤵
  PID:7272
- C:\Windows\System\XBeGBbZ.exe
  C:\Windows\System\XBeGBbZ.exe
  2⤵
  PID:7288
- C:\Windows\System\xsSbAkE.exe
  C:\Windows\System\xsSbAkE.exe
  2⤵
  PID:7336
- C:\Windows\System\moGFbpv.exe
  C:\Windows\System\moGFbpv.exe
  2⤵
  PID:7360
- C:\Windows\System\sZJclpT.exe
  C:\Windows\System\sZJclpT.exe
  2⤵
  PID:7380
- C:\Windows\System\ShemjLu.exe
  C:\Windows\System\ShemjLu.exe
  2⤵
  PID:7404
- C:\Windows\System\vItRegF.exe
  C:\Windows\System\vItRegF.exe
  2⤵
  PID:7420
- C:\Windows\System\vYwNPYv.exe
  C:\Windows\System\vYwNPYv.exe
  2⤵
  PID:7440
- C:\Windows\System\dxEvsRI.exe
  C:\Windows\System\dxEvsRI.exe
  2⤵
  PID:7464
- C:\Windows\System\GjuQXdW.exe
  C:\Windows\System\GjuQXdW.exe
  2⤵
  PID:7480
- C:\Windows\System\tjDaFzF.exe
  C:\Windows\System\tjDaFzF.exe
  2⤵
  PID:7496
- C:\Windows\System\NZbEvBJ.exe
  C:\Windows\System\NZbEvBJ.exe
  2⤵
  PID:7516
- C:\Windows\System\aRnOSOz.exe
  C:\Windows\System\aRnOSOz.exe
  2⤵
  PID:7532
- C:\Windows\System\mtDfbdg.exe
  C:\Windows\System\mtDfbdg.exe
  2⤵
  PID:7552
- C:\Windows\System\HfTBLaB.exe
  C:\Windows\System\HfTBLaB.exe
  2⤵
  PID:7572
- C:\Windows\System\sJhokNT.exe
  C:\Windows\System\sJhokNT.exe
  2⤵
  PID:7588
- C:\Windows\System\vVSZBrx.exe
  C:\Windows\System\vVSZBrx.exe
  2⤵
  PID:7608
- C:\Windows\System\MboadPh.exe
  C:\Windows\System\MboadPh.exe
  2⤵
  PID:7624
- C:\Windows\System\XOkpEdV.exe
  C:\Windows\System\XOkpEdV.exe
  2⤵
  PID:7640
- C:\Windows\System\EjrcZdc.exe
  C:\Windows\System\EjrcZdc.exe
  2⤵
  PID:7684
- C:\Windows\System\VDlQzEa.exe
  C:\Windows\System\VDlQzEa.exe
  2⤵
  PID:7700
- C:\Windows\System\nMypUiB.exe
  C:\Windows\System\nMypUiB.exe
  2⤵
  PID:7716
- C:\Windows\System\vZCUNxr.exe
  C:\Windows\System\vZCUNxr.exe
  2⤵
  PID:7732
- C:\Windows\System\MhIfgIA.exe
  C:\Windows\System\MhIfgIA.exe
  2⤵
  PID:7752
- C:\Windows\System\iowuarF.exe
  C:\Windows\System\iowuarF.exe
  2⤵
  PID:7768
- C:\Windows\System\zaNJwIC.exe
  C:\Windows\System\zaNJwIC.exe
  2⤵
  PID:7788
- C:\Windows\System\nglydXo.exe
  C:\Windows\System\nglydXo.exe
  2⤵
  PID:7824
- C:\Windows\System\tBBlGdj.exe
  C:\Windows\System\tBBlGdj.exe
  2⤵
  PID:7840
- C:\Windows\System\cYQoRPy.exe
  C:\Windows\System\cYQoRPy.exe
  2⤵
  PID:7864
- C:\Windows\System\efzllnM.exe
  C:\Windows\System\efzllnM.exe
  2⤵
  PID:7880
- C:\Windows\System\xvNdVWc.exe
  C:\Windows\System\xvNdVWc.exe
  2⤵
  PID:7900
- C:\Windows\System\rYpfaFc.exe
  C:\Windows\System\rYpfaFc.exe
  2⤵
  PID:7916
- C:\Windows\System\BAECzko.exe
  C:\Windows\System\BAECzko.exe
  2⤵
  PID:7936
- C:\Windows\System\aqMDtwm.exe
  C:\Windows\System\aqMDtwm.exe
  2⤵
  PID:7956
- C:\Windows\System\dhhhHRj.exe
  C:\Windows\System\dhhhHRj.exe
  2⤵
  PID:7976
- C:\Windows\System\lrhrGCO.exe
  C:\Windows\System\lrhrGCO.exe
  2⤵
  PID:7992
- C:\Windows\System\NPOaiUd.exe
  C:\Windows\System\NPOaiUd.exe
  2⤵
  PID:8028
- C:\Windows\System\gVgIjXW.exe
  C:\Windows\System\gVgIjXW.exe
  2⤵
  PID:8044
- C:\Windows\System\bNWVIcV.exe
  C:\Windows\System\bNWVIcV.exe
  2⤵
  PID:8060
- C:\Windows\System\qiFDTkX.exe
  C:\Windows\System\qiFDTkX.exe
  2⤵
  PID:8080
- C:\Windows\System\xAtYWCS.exe
  C:\Windows\System\xAtYWCS.exe
  2⤵
  PID:8108
- C:\Windows\System\iJWUiKw.exe
  C:\Windows\System\iJWUiKw.exe
  2⤵
  PID:8124
- C:\Windows\System\sosqKOD.exe
  C:\Windows\System\sosqKOD.exe
  2⤵
  PID:8148
- C:\Windows\System\ooUmsep.exe
  C:\Windows\System\ooUmsep.exe
  2⤵
  PID:8168
- C:\Windows\System\gnloEae.exe
  C:\Windows\System\gnloEae.exe
  2⤵
  PID:8184
- C:\Windows\System\AkGsLSr.exe
  C:\Windows\System\AkGsLSr.exe
  2⤵
  PID:6588
- C:\Windows\System\yknISef.exe
  C:\Windows\System\yknISef.exe
  2⤵
  PID:7128
- C:\Windows\System\UlkMtfO.exe
  C:\Windows\System\UlkMtfO.exe
  2⤵
  PID:6168
- C:\Windows\System\GHtIoRL.exe
  C:\Windows\System\GHtIoRL.exe
  2⤵
  PID:6984
- C:\Windows\System\QhabVnP.exe
  C:\Windows\System\QhabVnP.exe
  2⤵
  PID:7188
- C:\Windows\System\ewwcKZz.exe
  C:\Windows\System\ewwcKZz.exe
  2⤵
  PID:6696
- C:\Windows\System\eOtIrIj.exe
  C:\Windows\System\eOtIrIj.exe
  2⤵
  PID:7280
- C:\Windows\System\gcKEbQp.exe
  C:\Windows\System\gcKEbQp.exe
  2⤵
  PID:7284
- C:\Windows\System\ZbFvYYg.exe
  C:\Windows\System\ZbFvYYg.exe
  2⤵
  PID:7264
- C:\Windows\System\LgHccRx.exe
  C:\Windows\System\LgHccRx.exe
  2⤵
  PID:7312
- C:\Windows\System\WHViCSF.exe
  C:\Windows\System\WHViCSF.exe
  2⤵
  PID:7296
- C:\Windows\System\NwYyvem.exe
  C:\Windows\System\NwYyvem.exe
  2⤵
  PID:7344
- C:\Windows\System\oyJHWyo.exe
  C:\Windows\System\oyJHWyo.exe
  2⤵
  PID:7372
- C:\Windows\System\BwalkOL.exe
  C:\Windows\System\BwalkOL.exe
  2⤵
  PID:7400
- C:\Windows\System\WFDLUFi.exe
  C:\Windows\System\WFDLUFi.exe
  2⤵
  PID:7432
- C:\Windows\System\PBFqcgd.exe
  C:\Windows\System\PBFqcgd.exe
  2⤵
  PID:7448
- C:\Windows\System\eVlZWEL.exe
  C:\Windows\System\eVlZWEL.exe
  2⤵
  PID:7508
- C:\Windows\System\dZXvWNU.exe
  C:\Windows\System\dZXvWNU.exe
  2⤵
  PID:7548
- C:\Windows\System\yCYOIMt.exe
  C:\Windows\System\yCYOIMt.exe
  2⤵
  PID:7648
- C:\Windows\System\RNGPeHz.exe
  C:\Windows\System\RNGPeHz.exe
  2⤵
  PID:7452
- C:\Windows\System\JUxygPd.exe
  C:\Windows\System\JUxygPd.exe
  2⤵
  PID:7668
- C:\Windows\System\srYlKIV.exe
  C:\Windows\System\srYlKIV.exe
  2⤵
  PID:7524
- C:\Windows\System\IbPftKP.exe
  C:\Windows\System\IbPftKP.exe
  2⤵
  PID:7744
- C:\Windows\System\EgVTtmT.exe
  C:\Windows\System\EgVTtmT.exe
  2⤵
  PID:7560
- C:\Windows\System\tXDdamP.exe
  C:\Windows\System\tXDdamP.exe
  2⤵
  PID:7600
- C:\Windows\System\PlaQivG.exe
  C:\Windows\System\PlaQivG.exe
  2⤵
  PID:7776
- C:\Windows\System\PlGBspG.exe
  C:\Windows\System\PlGBspG.exe
  2⤵
  PID:7696
- C:\Windows\System\SptMPxF.exe
  C:\Windows\System\SptMPxF.exe
  2⤵
  PID:7764
- C:\Windows\System\qnIpHBS.exe
  C:\Windows\System\qnIpHBS.exe
  2⤵
  PID:7836
- C:\Windows\System\zqFLiNf.exe
  C:\Windows\System\zqFLiNf.exe
  2⤵
  PID:7812
- C:\Windows\System\UKZNVBz.exe
  C:\Windows\System\UKZNVBz.exe
  2⤵
  PID:7876
- C:\Windows\System\aQFzNKj.exe
  C:\Windows\System\aQFzNKj.exe
  2⤵
  PID:7908
- C:\Windows\System\tEKfQAp.exe
  C:\Windows\System\tEKfQAp.exe
  2⤵
  PID:7952
- C:\Windows\System\sHxVjzp.exe
  C:\Windows\System\sHxVjzp.exe
  2⤵
  PID:7856
- C:\Windows\System\LbdIzEl.exe
  C:\Windows\System\LbdIzEl.exe
  2⤵
  PID:8004
- C:\Windows\System\LPkczOc.exe
  C:\Windows\System\LPkczOc.exe
  2⤵
  PID:7932
- C:\Windows\System\PiVhbER.exe
  C:\Windows\System\PiVhbER.exe
  2⤵
  PID:8040
- C:\Windows\System\eRCMSJt.exe
  C:\Windows\System\eRCMSJt.exe
  2⤵
  PID:8020
- C:\Windows\System\gELyTcW.exe
  C:\Windows\System\gELyTcW.exe
  2⤵
  PID:8052
- C:\Windows\System\RxnPeZy.exe
  C:\Windows\System\RxnPeZy.exe
  2⤵
  PID:8104
- C:\Windows\System\QifPcGN.exe
  C:\Windows\System\QifPcGN.exe
  2⤵
  PID:8116
- C:\Windows\System\fLduMVh.exe
  C:\Windows\System\fLduMVh.exe
  2⤵
  PID:8120
- C:\Windows\System\sIQWvwT.exe
  C:\Windows\System\sIQWvwT.exe
  2⤵
  PID:6896
- C:\Windows\System\AsqvpCk.exe
  C:\Windows\System\AsqvpCk.exe
  2⤵
  PID:6288
- C:\Windows\System\SNosBvx.exe
  C:\Windows\System\SNosBvx.exe
  2⤵
  PID:6900
- C:\Windows\System\hOJvxdb.exe
  C:\Windows\System\hOJvxdb.exe
  2⤵
  PID:7180
- C:\Windows\System\PFXOpWJ.exe
  C:\Windows\System\PFXOpWJ.exe
  2⤵
  PID:7176
- C:\Windows\System\Ureqcbs.exe
  C:\Windows\System\Ureqcbs.exe
  2⤵
  PID:7220
- C:\Windows\System\GeGGaOA.exe
  C:\Windows\System\GeGGaOA.exe
  2⤵
  PID:7200
- C:\Windows\System\sbopKwz.exe
  C:\Windows\System\sbopKwz.exe
  2⤵
  PID:7428
- C:\Windows\System\rdHXvwT.exe
  C:\Windows\System\rdHXvwT.exe
  2⤵
  PID:7660
- C:\Windows\System\cmLWnLf.exe
  C:\Windows\System\cmLWnLf.exe
  2⤵
  PID:7316
- C:\Windows\System\OwxVLRd.exe
  C:\Windows\System\OwxVLRd.exe
  2⤵
  PID:7388
- C:\Windows\System\EGQcWMO.exe
  C:\Windows\System\EGQcWMO.exe
  2⤵
  PID:7460
- C:\Windows\System\xpjXfHF.exe
  C:\Windows\System\xpjXfHF.exe
  2⤵
  PID:7620
- C:\Windows\System\PmpfGed.exe
  C:\Windows\System\PmpfGed.exe
  2⤵
  PID:7680
- C:\Windows\System\lyguObw.exe
  C:\Windows\System\lyguObw.exe
  2⤵
  PID:7692
- C:\Windows\System\ZhFKYQd.exe
  C:\Windows\System\ZhFKYQd.exe
  2⤵
  PID:7740
- C:\Windows\System\LFEUdLZ.exe
  C:\Windows\System\LFEUdLZ.exe
  2⤵
  PID:7636
- C:\Windows\System\DUYnwSK.exe
  C:\Windows\System\DUYnwSK.exe
  2⤵
  PID:7860
- C:\Windows\System\lqDlCMM.exe
  C:\Windows\System\lqDlCMM.exe
  2⤵
  PID:7972
- C:\Windows\System\QERRaFV.exe
  C:\Windows\System\QERRaFV.exe
  2⤵
  PID:7964
- C:\Windows\System\DaSzaRV.exe
  C:\Windows\System\DaSzaRV.exe
  2⤵
  PID:8072
- C:\Windows\System\Ugwahuw.exe
  C:\Windows\System\Ugwahuw.exe
  2⤵
  PID:8100
- C:\Windows\System\wRPUSIC.exe
  C:\Windows\System\wRPUSIC.exe
  2⤵
  PID:8164
- C:\Windows\System\dqNXHBD.exe
  C:\Windows\System\dqNXHBD.exe
  2⤵
  PID:6648
- C:\Windows\System\pTDrLYk.exe
  C:\Windows\System\pTDrLYk.exe
  2⤵
  PID:5496
- C:\Windows\System\auzzfmf.exe
  C:\Windows\System\auzzfmf.exe
  2⤵
  PID:6272
- C:\Windows\System\wMaXmRT.exe
  C:\Windows\System\wMaXmRT.exe
  2⤵
  PID:7504
- C:\Windows\System\mKPwtZY.exe
  C:\Windows\System\mKPwtZY.exe
  2⤵
  PID:7300
- C:\Windows\System\YabswMc.exe
  C:\Windows\System\YabswMc.exe
  2⤵
  PID:7488
- C:\Windows\System\TyrWlaC.exe
  C:\Windows\System\TyrWlaC.exe
  2⤵
  PID:7948
- C:\Windows\System\VRlAnBp.exe
  C:\Windows\System\VRlAnBp.exe
  2⤵
  PID:7928
- C:\Windows\System\dlUAtSh.exe
  C:\Windows\System\dlUAtSh.exe
  2⤵
  PID:7820
- C:\Windows\System\TQqrOha.exe
  C:\Windows\System\TQqrOha.exe
  2⤵
  PID:7988
- C:\Windows\System\hHUpBdx.exe
  C:\Windows\System\hHUpBdx.exe
  2⤵
  PID:7396
- C:\Windows\System\KvXFcbs.exe
  C:\Windows\System\KvXFcbs.exe
  2⤵
  PID:8156
- C:\Windows\System\ZTilsdi.exe
  C:\Windows\System\ZTilsdi.exe
  2⤵
  PID:7784
- C:\Windows\System\wHKcQEJ.exe
  C:\Windows\System\wHKcQEJ.exe
  2⤵
  PID:7528
- C:\Windows\System\QykeAcJ.exe
  C:\Windows\System\QykeAcJ.exe
  2⤵
  PID:5604
- C:\Windows\System\STVLdbN.exe
  C:\Windows\System\STVLdbN.exe
  2⤵
  PID:8136
- C:\Windows\System\EfWksBE.exe
  C:\Windows\System\EfWksBE.exe
  2⤵
  PID:7204
- C:\Windows\System\gPKdlcA.exe
  C:\Windows\System\gPKdlcA.exe
  2⤵
  PID:7728
- C:\Windows\System\XPybWkP.exe
  C:\Windows\System\XPybWkP.exe
  2⤵
  PID:7392
- C:\Windows\System\fuQqhQv.exe
  C:\Windows\System\fuQqhQv.exe
  2⤵
  PID:8204
- C:\Windows\System\rDZZPmT.exe
  C:\Windows\System\rDZZPmT.exe
  2⤵
  PID:8220
- C:\Windows\System\mgTpIOQ.exe
  C:\Windows\System\mgTpIOQ.exe
  2⤵
  PID:8244
- C:\Windows\System\pDrXwaK.exe
  C:\Windows\System\pDrXwaK.exe
  2⤵
  PID:8280
- C:\Windows\System\tsieXHQ.exe
  C:\Windows\System\tsieXHQ.exe
  2⤵
  PID:8300
- C:\Windows\System\fETnMbt.exe
  C:\Windows\System\fETnMbt.exe
  2⤵
  PID:8316
- C:\Windows\System\dSzazIu.exe
  C:\Windows\System\dSzazIu.exe
  2⤵
  PID:8332
- C:\Windows\System\NlPdgtA.exe
  C:\Windows\System\NlPdgtA.exe
  2⤵
  PID:8356
- C:\Windows\System\MdNrEkT.exe
  C:\Windows\System\MdNrEkT.exe
  2⤵
  PID:8372
- C:\Windows\System\eGJNGpV.exe
  C:\Windows\System\eGJNGpV.exe
  2⤵
  PID:8388
- C:\Windows\System\TZzxoTo.exe
  C:\Windows\System\TZzxoTo.exe
  2⤵
  PID:8408
- C:\Windows\System\eMOKXdj.exe
  C:\Windows\System\eMOKXdj.exe
  2⤵
  PID:8432
- C:\Windows\System\wQkkVxe.exe
  C:\Windows\System\wQkkVxe.exe
  2⤵
  PID:8448
- C:\Windows\System\bOXUING.exe
  C:\Windows\System\bOXUING.exe
  2⤵
  PID:8468
- C:\Windows\System\HBKFQaY.exe
  C:\Windows\System\HBKFQaY.exe
  2⤵
  PID:8488
- C:\Windows\System\SDyjqpp.exe
  C:\Windows\System\SDyjqpp.exe
  2⤵
  PID:8504
- C:\Windows\System\kpjDeCE.exe
  C:\Windows\System\kpjDeCE.exe
  2⤵
  PID:8544
- C:\Windows\System\jNjRjgQ.exe
  C:\Windows\System\jNjRjgQ.exe
  2⤵
  PID:8560
- C:\Windows\System\DUgjnsK.exe
  C:\Windows\System\DUgjnsK.exe
  2⤵
  PID:8576
- C:\Windows\System\ibbzccP.exe
  C:\Windows\System\ibbzccP.exe
  2⤵
  PID:8592
- C:\Windows\System\rxnyGpi.exe
  C:\Windows\System\rxnyGpi.exe
  2⤵
  PID:8624
- C:\Windows\System\qDITUeZ.exe
  C:\Windows\System\qDITUeZ.exe
  2⤵
  PID:8640
- C:\Windows\System\dYCDYNe.exe
  C:\Windows\System\dYCDYNe.exe
  2⤵
  PID:8656
- C:\Windows\System\hersGtJ.exe
  C:\Windows\System\hersGtJ.exe
  2⤵
  PID:8672
- C:\Windows\System\rPrWbPi.exe
  C:\Windows\System\rPrWbPi.exe
  2⤵
  PID:8688
- C:\Windows\System\xxDeIxt.exe
  C:\Windows\System\xxDeIxt.exe
  2⤵
  PID:8724
- C:\Windows\System\UMDgaXa.exe
  C:\Windows\System\UMDgaXa.exe
  2⤵
  PID:8740
- C:\Windows\System\yvvzmyC.exe
  C:\Windows\System\yvvzmyC.exe
  2⤵
  PID:8756
- C:\Windows\System\raPBagn.exe
  C:\Windows\System\raPBagn.exe
  2⤵
  PID:8772
- C:\Windows\System\iuDetGQ.exe
  C:\Windows\System\iuDetGQ.exe
  2⤵
  PID:8788
- C:\Windows\System\rmQsnGi.exe
  C:\Windows\System\rmQsnGi.exe
  2⤵
  PID:8804
- C:\Windows\System\aGmSbzj.exe
  C:\Windows\System\aGmSbzj.exe
  2⤵
  PID:8820
- C:\Windows\System\pJHzSuK.exe
  C:\Windows\System\pJHzSuK.exe
  2⤵
  PID:8836
- C:\Windows\System\QMWgtBW.exe
  C:\Windows\System\QMWgtBW.exe
  2⤵
  PID:8852
- C:\Windows\System\QxlGpwu.exe
  C:\Windows\System\QxlGpwu.exe
  2⤵
  PID:8868
- C:\Windows\System\uSCqtwU.exe
  C:\Windows\System\uSCqtwU.exe
  2⤵
  PID:8884
- C:\Windows\System\UAWhTRt.exe
  C:\Windows\System\UAWhTRt.exe
  2⤵
  PID:8900
- C:\Windows\System\ewPTAhz.exe
  C:\Windows\System\ewPTAhz.exe
  2⤵
  PID:8916
- C:\Windows\System\JpiWfmu.exe
  C:\Windows\System\JpiWfmu.exe
  2⤵
  PID:8932
- C:\Windows\System\ILESHWM.exe
  C:\Windows\System\ILESHWM.exe
  2⤵
  PID:8948
- C:\Windows\System\rdZCMCD.exe
  C:\Windows\System\rdZCMCD.exe
  2⤵
  PID:8968
- C:\Windows\System\GYsvCrW.exe
  C:\Windows\System\GYsvCrW.exe
  2⤵
  PID:8984
- C:\Windows\System\ZPIbmon.exe
  C:\Windows\System\ZPIbmon.exe
  2⤵
  PID:9000
- C:\Windows\System\xaGyFzy.exe
  C:\Windows\System\xaGyFzy.exe
  2⤵
  PID:9016
- C:\Windows\System\QbWGgAN.exe
  C:\Windows\System\QbWGgAN.exe
  2⤵
  PID:9032
- C:\Windows\System\ULffcKO.exe
  C:\Windows\System\ULffcKO.exe
  2⤵
  PID:9048
- C:\Windows\System\wOUKcvH.exe
  C:\Windows\System\wOUKcvH.exe
  2⤵
  PID:9064
- C:\Windows\System\MbNufIx.exe
  C:\Windows\System\MbNufIx.exe
  2⤵
  PID:9080
- C:\Windows\System\XFhzrTg.exe
  C:\Windows\System\XFhzrTg.exe
  2⤵
  PID:9096
- C:\Windows\System\EglWLau.exe
  C:\Windows\System\EglWLau.exe
  2⤵
  PID:9112
- C:\Windows\System\ZKpMmJo.exe
  C:\Windows\System\ZKpMmJo.exe
  2⤵
  PID:9128
- C:\Windows\System\uVvxzTr.exe
  C:\Windows\System\uVvxzTr.exe
  2⤵
  PID:9144
- C:\Windows\System\WxASRhp.exe
  C:\Windows\System\WxASRhp.exe
  2⤵
  PID:9160
- C:\Windows\System\BxhnkLg.exe
  C:\Windows\System\BxhnkLg.exe
  2⤵
  PID:9176
- C:\Windows\System\syMkthk.exe
  C:\Windows\System\syMkthk.exe
  2⤵
  PID:9192
- C:\Windows\System\QwPoANO.exe
  C:\Windows\System\QwPoANO.exe
  2⤵
  PID:9208
- C:\Windows\System\nimLrZq.exe
  C:\Windows\System\nimLrZq.exe
  2⤵
  PID:7676
- C:\Windows\System\vyLWWTZ.exe
  C:\Windows\System\vyLWWTZ.exe
  2⤵
  PID:7568
- C:\Windows\System\Ufxhtkv.exe
  C:\Windows\System\Ufxhtkv.exe
  2⤵
  PID:7252
- C:\Windows\System\voGnISp.exe
  C:\Windows\System\voGnISp.exe
  2⤵
  PID:8012
- C:\Windows\System\jlkXyQm.exe
  C:\Windows\System\jlkXyQm.exe
  2⤵
  PID:8264
- C:\Windows\System\ebVojSX.exe
  C:\Windows\System\ebVojSX.exe
  2⤵
  PID:8288
- C:\Windows\System\rxNNFQP.exe
  C:\Windows\System\rxNNFQP.exe
  2⤵
  PID:8328
- C:\Windows\System\EZxTHKc.exe
  C:\Windows\System\EZxTHKc.exe
  2⤵
  PID:8308
- C:\Windows\System\QqsyrGT.exe
  C:\Windows\System\QqsyrGT.exe
  2⤵
  PID:8352
- C:\Windows\System\DfcGkbU.exe
  C:\Windows\System\DfcGkbU.exe
  2⤵
  PID:8368
- C:\Windows\System\fczyMUI.exe
  C:\Windows\System\fczyMUI.exe
  2⤵
  PID:8480
- C:\Windows\System\rTqIfUm.exe
  C:\Windows\System\rTqIfUm.exe
  2⤵
  PID:8516
- C:\Windows\System\DXwQwaC.exe
  C:\Windows\System\DXwQwaC.exe
  2⤵
  PID:8536
- C:\Windows\System\tuDmrwX.exe
  C:\Windows\System\tuDmrwX.exe
  2⤵
  PID:8380
- C:\Windows\System\IcVhydq.exe
  C:\Windows\System\IcVhydq.exe
  2⤵
  PID:8428
- C:\Windows\System\nHoKpCF.exe
  C:\Windows\System\nHoKpCF.exe
  2⤵
  PID:8464
- C:\Windows\System\SejTCUD.exe
  C:\Windows\System\SejTCUD.exe
  2⤵
  PID:8556
- C:\Windows\System\Tjidati.exe
  C:\Windows\System\Tjidati.exe
  2⤵
  PID:8612
- C:\Windows\System\YHJBMZH.exe
  C:\Windows\System\YHJBMZH.exe
  2⤵
  PID:8652
- C:\Windows\System\YktrNiX.exe
  C:\Windows\System\YktrNiX.exe
  2⤵
  PID:8684
- C:\Windows\System\NAIXolP.exe
  C:\Windows\System\NAIXolP.exe
  2⤵
  PID:8636
- C:\Windows\System\OghnTDa.exe
  C:\Windows\System\OghnTDa.exe
  2⤵
  PID:8732
- C:\Windows\System\cISzdvi.exe
  C:\Windows\System\cISzdvi.exe
  2⤵
  PID:8700
- C:\Windows\System\gSIhLWk.exe
  C:\Windows\System\gSIhLWk.exe
  2⤵
  PID:8800
- C:\Windows\System\EuxgCdJ.exe
  C:\Windows\System\EuxgCdJ.exe
  2⤵
  PID:8784
- C:\Windows\System\BmxXzVA.exe
  C:\Windows\System\BmxXzVA.exe
  2⤵
  PID:8812
- C:\Windows\System\eDIpzhV.exe
  C:\Windows\System\eDIpzhV.exe
  2⤵
  PID:8848
- C:\Windows\System\oiKpFWY.exe
  C:\Windows\System\oiKpFWY.exe
  2⤵
  PID:8892
- C:\Windows\System\mshnUqa.exe
  C:\Windows\System\mshnUqa.exe
  2⤵
  PID:8912
- C:\Windows\System\sefwlkP.exe
  C:\Windows\System\sefwlkP.exe
  2⤵
  PID:8980
- C:\Windows\System\fkWKJVe.exe
  C:\Windows\System\fkWKJVe.exe
  2⤵
  PID:8992
- C:\Windows\System\VKRhUVB.exe
  C:\Windows\System\VKRhUVB.exe
  2⤵
  PID:9024
- C:\Windows\System\UYKIfzd.exe
  C:\Windows\System\UYKIfzd.exe
  2⤵
  PID:9088
- C:\Windows\System\hpQmmoU.exe
  C:\Windows\System\hpQmmoU.exe
  2⤵
  PID:9040
- C:\Windows\System\AWStvJA.exe
  C:\Windows\System\AWStvJA.exe
  2⤵
  PID:9104
- C:\Windows\System\tTRxvEA.exe
  C:\Windows\System\tTRxvEA.exe
  2⤵
  PID:9152
- C:\Windows\System\JnTVFkO.exe
  C:\Windows\System\JnTVFkO.exe
  2⤵
  PID:2004
- C:\Windows\System\rPOiBsQ.exe
  C:\Windows\System\rPOiBsQ.exe
  2⤵
  PID:2596
- C:\Windows\System\ZcKLCqC.exe
  C:\Windows\System\ZcKLCqC.exe
  2⤵
  PID:9168
- C:\Windows\System\LYqRVvC.exe
  C:\Windows\System\LYqRVvC.exe
  2⤵
  PID:8232
- C:\Windows\System\nRsEuIC.exe
  C:\Windows\System\nRsEuIC.exe
  2⤵
  PID:8200
- C:\Windows\System\tTGKjRi.exe
  C:\Windows\System\tTGKjRi.exe
  2⤵
  PID:8256
- C:\Windows\System\XBIhjSR.exe
  C:\Windows\System\XBIhjSR.exe
  2⤵
  PID:8344
- C:\Windows\System\batmeYY.exe
  C:\Windows\System\batmeYY.exe
  2⤵
  PID:8292
- C:\Windows\System\ovnjgmW.exe
  C:\Windows\System\ovnjgmW.exe
  2⤵
  PID:8384
- C:\Windows\System\GiaYuOA.exe
  C:\Windows\System\GiaYuOA.exe
  2⤵
  PID:8608
- C:\Windows\System\ZhBOLvc.exe
  C:\Windows\System\ZhBOLvc.exe
  2⤵
  PID:8400
- C:\Windows\System\wwEVjDM.exe
  C:\Windows\System\wwEVjDM.exe
  2⤵
  PID:8476
- C:\Windows\System\lPjXiAH.exe
  C:\Windows\System\lPjXiAH.exe
  2⤵
  PID:8364
- C:\Windows\System\ptNRpHg.exe
  C:\Windows\System\ptNRpHg.exe
  2⤵
  PID:8568
- C:\Windows\System\SuKPzYv.exe
  C:\Windows\System\SuKPzYv.exe
  2⤵
  PID:8600
- C:\Windows\System\HxSIwks.exe
  C:\Windows\System\HxSIwks.exe
  2⤵
  PID:8796
- C:\Windows\System\paTCZjd.exe
  C:\Windows\System\paTCZjd.exe
  2⤵
  PID:8860
- C:\Windows\System\LOdJDCr.exe
  C:\Windows\System\LOdJDCr.exe
  2⤵
  PID:7540
- C:\Windows\System\glTIQNh.exe
  C:\Windows\System\glTIQNh.exe
  2⤵
  PID:9008
- C:\Windows\System\GMwsICB.exe
  C:\Windows\System\GMwsICB.exe
  2⤵
  PID:8960
- C:\Windows\System\lCxGKaw.exe
  C:\Windows\System\lCxGKaw.exe
  2⤵
  PID:9120
- C:\Windows\System\uCUBVzT.exe
  C:\Windows\System\uCUBVzT.exe
  2⤵
  PID:2072
- C:\Windows\System\VsIzRGN.exe
  C:\Windows\System\VsIzRGN.exe
  2⤵
  PID:2444
- C:\Windows\System\TskWTjD.exe
  C:\Windows\System\TskWTjD.exe
  2⤵
  PID:9200
- C:\Windows\System\YEBNzMK.exe
  C:\Windows\System\YEBNzMK.exe
  2⤵
  PID:8240
- C:\Windows\System\VDORsKB.exe
  C:\Windows\System\VDORsKB.exe
  2⤵
  PID:8348
- C:\Windows\System\ndWsvRu.exe
  C:\Windows\System\ndWsvRu.exe
  2⤵
  PID:8604
- C:\Windows\System\KQXaNds.exe
  C:\Windows\System\KQXaNds.exe
  2⤵
  PID:8540
- C:\Windows\System\TYhwbkj.exe
  C:\Windows\System\TYhwbkj.exe
  2⤵
  PID:8768
- C:\Windows\System\jmauInU.exe
  C:\Windows\System\jmauInU.exe
  2⤵
  PID:8832
- C:\Windows\System\syEazky.exe
  C:\Windows\System\syEazky.exe
  2⤵
  PID:9060
- C:\Windows\System\CDpivcJ.exe
  C:\Windows\System\CDpivcJ.exe
  2⤵
  PID:9072
- C:\Windows\System\KvogzMf.exe
  C:\Windows\System\KvogzMf.exe
  2⤵
  PID:8976
- C:\Windows\System\bCwUffr.exe
  C:\Windows\System\bCwUffr.exe
  2⤵
  PID:8260
- C:\Windows\System\fTrzgNj.exe
  C:\Windows\System\fTrzgNj.exe
  2⤵
  PID:8216
- C:\Windows\System\dBoOBBc.exe
  C:\Windows\System\dBoOBBc.exe
  2⤵
  PID:8524
- C:\Windows\System\TdstxwK.exe
  C:\Windows\System\TdstxwK.exe
  2⤵
  PID:9140
- C:\Windows\System\NQRMzGq.exe
  C:\Windows\System\NQRMzGq.exe
  2⤵
  PID:9220
- C:\Windows\System\XDsLiWL.exe
  C:\Windows\System\XDsLiWL.exe
  2⤵
  PID:9236
- C:\Windows\System\qvNkUGO.exe
  C:\Windows\System\qvNkUGO.exe
  2⤵
  PID:9256
- C:\Windows\System\BmbMMhz.exe
  C:\Windows\System\BmbMMhz.exe
  2⤵
  PID:9332
- C:\Windows\System\LvkdDJu.exe
  C:\Windows\System\LvkdDJu.exe
  2⤵
  PID:9352
- C:\Windows\System\YzaixyJ.exe
  C:\Windows\System\YzaixyJ.exe
  2⤵
  PID:9372
- C:\Windows\System\pfCegfk.exe
  C:\Windows\System\pfCegfk.exe
  2⤵
  PID:9388
- C:\Windows\System\zJNEtZg.exe
  C:\Windows\System\zJNEtZg.exe
  2⤵
  PID:9404
- C:\Windows\System\wgSDwCc.exe
  C:\Windows\System\wgSDwCc.exe
  2⤵
  PID:9424
- C:\Windows\System\REAVtPo.exe
  C:\Windows\System\REAVtPo.exe
  2⤵
  PID:9440
- C:\Windows\System\LRCZBCX.exe
  C:\Windows\System\LRCZBCX.exe
  2⤵
  PID:9460
- C:\Windows\System\rZqsTvt.exe
  C:\Windows\System\rZqsTvt.exe
  2⤵
  PID:9476
- C:\Windows\System\HsjSqTs.exe
  C:\Windows\System\HsjSqTs.exe
  2⤵
  PID:9504
- C:\Windows\System\agoMxSV.exe
  C:\Windows\System\agoMxSV.exe
  2⤵
  PID:9520
- C:\Windows\System\xkTDgCx.exe
  C:\Windows\System\xkTDgCx.exe
  2⤵
  PID:9540
- C:\Windows\System\UJytjgz.exe
  C:\Windows\System\UJytjgz.exe
  2⤵
  PID:9556
- C:\Windows\System\bTFDiZI.exe
  C:\Windows\System\bTFDiZI.exe
  2⤵
  PID:9572
- C:\Windows\System\UAEWJSZ.exe
  C:\Windows\System\UAEWJSZ.exe
  2⤵
  PID:9588
- C:\Windows\System\PKSJBzh.exe
  C:\Windows\System\PKSJBzh.exe
  2⤵
  PID:9612
- C:\Windows\System\nRZZVmP.exe
  C:\Windows\System\nRZZVmP.exe
  2⤵
  PID:9632
- C:\Windows\System\dwKcPPn.exe
  C:\Windows\System\dwKcPPn.exe
  2⤵
  PID:9648
- C:\Windows\System\HVQiRAq.exe
  C:\Windows\System\HVQiRAq.exe
  2⤵
  PID:9664
- C:\Windows\System\BCrRzyD.exe
  C:\Windows\System\BCrRzyD.exe
  2⤵
  PID:9680
- C:\Windows\System\ELRFrIm.exe
  C:\Windows\System\ELRFrIm.exe
  2⤵
  PID:9696
- C:\Windows\System\ThiYcVn.exe
  C:\Windows\System\ThiYcVn.exe
  2⤵
  PID:9716
- C:\Windows\System\AXZNSYt.exe
  C:\Windows\System\AXZNSYt.exe
  2⤵
  PID:9732
- C:\Windows\System\JgmxHBG.exe
  C:\Windows\System\JgmxHBG.exe
  2⤵
  PID:9748
- C:\Windows\System\wcgTcXN.exe
  C:\Windows\System\wcgTcXN.exe
  2⤵
  PID:9764
- C:\Windows\System\czipVAp.exe
  C:\Windows\System\czipVAp.exe
  2⤵
  PID:9784
- C:\Windows\System\XDfUNBF.exe
  C:\Windows\System\XDfUNBF.exe
  2⤵
  PID:9800
- C:\Windows\System\rexwEUD.exe
  C:\Windows\System\rexwEUD.exe
  2⤵
  PID:9816
- C:\Windows\System\RTCBUOP.exe
  C:\Windows\System\RTCBUOP.exe
  2⤵
  PID:9836
- C:\Windows\System\vOoBcYu.exe
  C:\Windows\System\vOoBcYu.exe
  2⤵
  PID:9852
- C:\Windows\System\EziQrIK.exe
  C:\Windows\System\EziQrIK.exe
  2⤵
  PID:9872
- C:\Windows\System\kXOVTGk.exe
  C:\Windows\System\kXOVTGk.exe
  2⤵
  PID:9888
- C:\Windows\System\dDVqHWc.exe
  C:\Windows\System\dDVqHWc.exe
  2⤵
  PID:9904
- C:\Windows\System\pGlcIza.exe
  C:\Windows\System\pGlcIza.exe
  2⤵
  PID:9920
- C:\Windows\System\FGrQPSi.exe
  C:\Windows\System\FGrQPSi.exe
  2⤵
  PID:9936
- C:\Windows\System\jsvbYRK.exe
  C:\Windows\System\jsvbYRK.exe
  2⤵
  PID:9952
- C:\Windows\System\mEZzyIK.exe
  C:\Windows\System\mEZzyIK.exe
  2⤵
  PID:9976
- C:\Windows\System\tHkGzWq.exe
  C:\Windows\System\tHkGzWq.exe
  2⤵
  PID:9992
- C:\Windows\System\yMFDxll.exe
  C:\Windows\System\yMFDxll.exe
  2⤵
  PID:10008
- C:\Windows\System\fYgjOTT.exe
  C:\Windows\System\fYgjOTT.exe
  2⤵
  PID:10024
- C:\Windows\System\fheoqJc.exe
  C:\Windows\System\fheoqJc.exe
  2⤵
  PID:10040
- C:\Windows\System\oMTEfwG.exe
  C:\Windows\System\oMTEfwG.exe
  2⤵
  PID:10064
- C:\Windows\System\gFkHvCI.exe
  C:\Windows\System\gFkHvCI.exe
  2⤵
  PID:10080
- C:\Windows\System\vvuyyZQ.exe
  C:\Windows\System\vvuyyZQ.exe
  2⤵
  PID:10100
- C:\Windows\System\eVxVdeq.exe
  C:\Windows\System\eVxVdeq.exe
  2⤵
  PID:10116
- C:\Windows\System\tSlKiaN.exe
  C:\Windows\System\tSlKiaN.exe
  2⤵
  PID:10140
- C:\Windows\System\BYeuyzB.exe
  C:\Windows\System\BYeuyzB.exe
  2⤵
  PID:10156
- C:\Windows\System\JIklDJY.exe
  C:\Windows\System\JIklDJY.exe
  2⤵
  PID:10172
- C:\Windows\System\ztYzXNy.exe
  C:\Windows\System\ztYzXNy.exe
  2⤵
  PID:10188
- C:\Windows\System\gYfblww.exe
  C:\Windows\System\gYfblww.exe
  2⤵
  PID:10208
- C:\Windows\System\TcdVNzv.exe
  C:\Windows\System\TcdVNzv.exe
  2⤵
  PID:10232
- C:\Windows\System\bfrwymF.exe
  C:\Windows\System\bfrwymF.exe
  2⤵
  PID:9228
- C:\Windows\System\OQIFoDV.exe
  C:\Windows\System\OQIFoDV.exe
  2⤵
  PID:8500
- C:\Windows\System\DLEjpmn.exe
  C:\Windows\System\DLEjpmn.exe
  2⤵
  PID:8816
- C:\Windows\System\rAQvuRk.exe
  C:\Windows\System\rAQvuRk.exe
  2⤵
  PID:8272
- C:\Windows\System\jyjqpDC.exe
  C:\Windows\System\jyjqpDC.exe
  2⤵
  PID:9264
- C:\Windows\System\erLzHSl.exe
  C:\Windows\System\erLzHSl.exe
  2⤵
  PID:9292
- C:\Windows\System\TTvLIcO.exe
  C:\Windows\System\TTvLIcO.exe
  2⤵
  PID:9300
- C:\Windows\System\IaOaSKW.exe
  C:\Windows\System\IaOaSKW.exe
  2⤵
  PID:9324
- C:\Windows\System\QLkkdIO.exe
  C:\Windows\System\QLkkdIO.exe
  2⤵
  PID:9368
- C:\Windows\System\mWUklWO.exe
  C:\Windows\System\mWUklWO.exe
  2⤵
  PID:9344
- C:\Windows\System\TlkZekY.exe
  C:\Windows\System\TlkZekY.exe
  2⤵
  PID:9384
- C:\Windows\System\qMEoExX.exe
  C:\Windows\System\qMEoExX.exe
  2⤵
  PID:9472
- C:\Windows\System\CodNxZy.exe
  C:\Windows\System\CodNxZy.exe
  2⤵
  PID:9452
- C:\Windows\System\FxhuEGJ.exe
  C:\Windows\System\FxhuEGJ.exe
  2⤵
  PID:9492
- C:\Windows\System\bjOnILs.exe
  C:\Windows\System\bjOnILs.exe
  2⤵
  PID:9552
- C:\Windows\System\pmsUOwh.exe
  C:\Windows\System\pmsUOwh.exe
  2⤵
  PID:9776
- C:\Windows\System\WOgKQBq.exe
  C:\Windows\System\WOgKQBq.exe
  2⤵
  PID:9796
- C:\Windows\System\rbjoyfc.exe
  C:\Windows\System\rbjoyfc.exe
  2⤵
  PID:9860
- C:\Windows\System\jqAWqbv.exe
  C:\Windows\System\jqAWqbv.exe
  2⤵
  PID:9900
- C:\Windows\System\xjWcYmk.exe
  C:\Windows\System\xjWcYmk.exe
  2⤵
  PID:9844
- C:\Windows\System\fOJxNUf.exe
  C:\Windows\System\fOJxNUf.exe
  2⤵
  PID:9960
- C:\Windows\System\CmaWxkS.exe
  C:\Windows\System\CmaWxkS.exe
  2⤵
  PID:9968
- C:\Windows\System\gbZsLis.exe
  C:\Windows\System\gbZsLis.exe
  2⤵
  PID:10000
- C:\Windows\System\SYFOHAf.exe
  C:\Windows\System\SYFOHAf.exe
  2⤵
  PID:10048
- C:\Windows\System\WsBErEI.exe
  C:\Windows\System\WsBErEI.exe
  2⤵
  PID:8276
- C:\Windows\System\rkoyNQw.exe
  C:\Windows\System\rkoyNQw.exe
  2⤵
  PID:10052
- C:\Windows\System\LocJYzA.exe
  C:\Windows\System\LocJYzA.exe
  2⤵
  PID:2164
- C:\Windows\System\ZYlWMos.exe
  C:\Windows\System\ZYlWMos.exe
  2⤵
  PID:2252
- C:\Windows\System\UqpSRDW.exe
  C:\Windows\System\UqpSRDW.exe
  2⤵
  PID:2180
- C:\Windows\System\xxHaBVU.exe
  C:\Windows\System\xxHaBVU.exe
  2⤵
  PID:10164
- C:\Windows\System\qUdoruR.exe
  C:\Windows\System\qUdoruR.exe
  2⤵
  PID:8440
- C:\Windows\System\LiogQue.exe
  C:\Windows\System\LiogQue.exe
  2⤵
  PID:9272
- C:\Windows\System\vscdfHL.exe
  C:\Windows\System\vscdfHL.exe
  2⤵
  PID:9340
- C:\Windows\System\fxwSBKS.exe
  C:\Windows\System\fxwSBKS.exe
  2⤵
  PID:9548
- C:\Windows\System\yeLowxT.exe
  C:\Windows\System\yeLowxT.exe
  2⤵
  PID:9308
- C:\Windows\System\uCkehvQ.exe
  C:\Windows\System\uCkehvQ.exe
  2⤵
  PID:9532
- C:\Windows\System\zKEiTEw.exe
  C:\Windows\System\zKEiTEw.exe
  2⤵
  PID:9624
- C:\Windows\System\QxsfGpN.exe
  C:\Windows\System\QxsfGpN.exe
  2⤵
  PID:9640
- C:\Windows\System\LCRlTIN.exe
  C:\Windows\System\LCRlTIN.exe
  2⤵
  PID:9688
- C:\Windows\System\TmxKKrZ.exe
  C:\Windows\System\TmxKKrZ.exe
  2⤵
  PID:9676
- C:\Windows\System\GqFjEtK.exe
  C:\Windows\System\GqFjEtK.exe
  2⤵
  PID:9692
- C:\Windows\System\hEUyChO.exe
  C:\Windows\System\hEUyChO.exe
  2⤵
  PID:9756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BEeNfNF.exe

Filesize
6.0MB

MD5
501fe636500fe125d01f1a7a3c419d51

SHA1
62ba19f989561eb41e1a217aae33ad18f6e0a24b

SHA256
9ef44b8ae5184129435b18e5a236c8277db77e3090dca4da2213f1c8e99267ec

SHA512
f3b6ef365cb363e9fb2a8ed85ef055e496f5027fd0167e7fa2b657b30d3c4fee65134a9326837094e150a7951a2b407854116ac62babba3cc6e0be67b1f3a721

Download Submit
C:\Windows\system\Evhpjll.exe

Filesize
6.0MB

MD5
f94a9f4bbe10112c5d789a297602dc6c

SHA1
7f9122d84fd3f56bafef0778536a42ba2733fd25

SHA256
de055c57a21ef140e846f4790e3f43303d53e07109d5262d6690b59af86fe4e1

SHA512
2ab4cba3e02c37ae8ab4d19d7e0d2f0e65a18d0a45c7b3267c74f6f7b455afe8c79a079afd14c98133dac83deacafb66dfebaa9709346b24dadac60eda5d37b9

Download Submit
C:\Windows\system\ExhOkkc.exe

Filesize
6.0MB

MD5
66cb658410f05159fadb8cb54792a7e7

SHA1
263c9f1bc7f4f92060b80db46991a60fcffab8ce

SHA256
1aee9649197eb7242ae8a1e96b828e4cc46954f6a87ee540035657d8586406b3

SHA512
4f8a15f72f3539bc71ffeee76861b5c855428ef07d40efed435d83b637945c2c721eb6c82f213699193c20705a9c274fc67b36d24c6f60984e54cac5e51bded3

Download Submit
C:\Windows\system\FGYbyAq.exe

Filesize
6.0MB

MD5
cc396bf7f07176e3a2c23c0baaa49d2a

SHA1
3353c6924033d8a12d6a094a9be4fc9103a22613

SHA256
80bcc63fff4fe2d52f513b336963d864e562a6614e723a18fac518d44dd4656d

SHA512
4179d2407f8e3a1607da7c42a8aa00d87926516c8cdd1ddf1960cce58f3ba964fe7420b3a9c92d1e038bf6e22261b36fcf5cc99b52a283b3c13ae710f71f603a

Download Submit
C:\Windows\system\GvBVEfr.exe

Filesize
6.0MB

MD5
c4b89ec2daf084817e680c4824d4e2fa

SHA1
716bf33088003a44d35edabfa150d5a582f757b4

SHA256
d0fa368ae725c140b2522b662613c9e7c89d1f975ccd5d48e6a4cef0656b9240

SHA512
db72ea6cfee0fed21cb6eac52a8f81947c8324375c7902d25cf0aac470fb9743d09c566536b8b9974ed372de73cc04d1cf262206668aa13eb74420346ed8b4d3

Download Submit
C:\Windows\system\JgTccxD.exe

Filesize
6.0MB

MD5
420d7e86d4e696c39d0b920de7d709dd

SHA1
6ab54b97ca51884197a1ee43726c972bccd5a436

SHA256
9eeff09c4bf71f71461d82e2aa0675cd2dd1daaf1967ce418944d9e8744c792a

SHA512
30e7a1e00ac92dbaaa370ec01260d64212cfb6f25f783682bd14dd694a5cbfee55cf8416d818a257e70cd10bd5d1e2d0647adfbba5fbc3d32ceb586e7298108f

Download Submit
C:\Windows\system\LXNhpSp.exe

Filesize
6.0MB

MD5
96d8c870b4f34122bd3dd6b3e53f7645

SHA1
5f515dcc28f482dde2109070dc7043577c320667

SHA256
43af9ca9b5f55548d9c065e2d85b9723654effd18e56fd81ae577146a1bd036d

SHA512
d951bf65ba2dc0d28010037c980682ffbc38293c6c14c6042ddeea42281e0cb06cf5ae95b8c25c39204255e491a327ed637f23fb75b62a60f7f970a1d9038814

Download Submit
C:\Windows\system\MpIhNud.exe

Filesize
6.0MB

MD5
c400be0fd9b3388b157a021a42f4ef6c

SHA1
a5b84167e1cd7a8d2b5a5de8e4850c99c2c2f70f

SHA256
58818484487479235def023a442f8ae5914efff5e5b78c4a0a63e17ba0629f51

SHA512
57bab3ec53ce2432b13e80b3713e4b3d69fc35b6246c586708a74530029eb9f156afe497ad50f00e6d9e406c4d2d61b083dcf248cebf8225ad96e709b844807a

Download Submit
C:\Windows\system\OUHZTpl.exe

Filesize
6.0MB

MD5
ccbb219ce71e310001c375c0342a4101

SHA1
6e4fc30180f68515b52f8f6d120f9a0f5d6ea9ad

SHA256
e486446eb9bbe71de959b834eb1aeb24be1e9050c66582c34f152188227ae00c

SHA512
84f005f32002406d7955bb0feb1cf0ee1ef7c949b2ec0de6d85197d7c86f534c697ee69c3d6942eb0d5a91fc3b4c913add652c84c58ebc6709911d510dcf1bc7

Download Submit
C:\Windows\system\QnzbbSc.exe

Filesize
6.0MB

MD5
7664ac7a93f215bfe50504ac2f8cf279

SHA1
519d87a1fc885ee3a700921f9c9a3ba474d68c62

SHA256
fb9a2d305fc4e35435da299d83acf45e5ba38283a7856f6a21c524b2ae75ed34

SHA512
e0c6e3ea96ee8cc3c83a7c6f36d1217fd867ee6695e2806e099b0b334df3c5f27f5ca51efa74b3074ca04d7cae1e7790ee88c97ee897af76d6584e185ecd5650

Download Submit
C:\Windows\system\UcXrlas.exe

Filesize
6.0MB

MD5
5e6dfabe6c290d9d2456e439565646cb

SHA1
064fcf45e4ceae67a9e2bf9e32085f5c6c52fc96

SHA256
9eeecda754e26f9b77e97c5e302e7b2d2884d5469d36a910700536fcbd5eebf6

SHA512
ee5ebb80f9d02b9a442101fd07ae8ee78c0110ef3170251f1fdabd1d2f9b1a7ca17757510870c21b988d5adf2a32995f5f52ae0e48ca0ebc3c43300c3c163975

Download Submit
C:\Windows\system\XuqKgjF.exe

Filesize
6.0MB

MD5
ec0e96ed7ddd52c5fced3dbb1a72c786

SHA1
f9d069f8f3a28a18fb57f86a3a7a8a9832a787ab

SHA256
9c0588bc3375d2c0bdc65efd0c56eb16b97fc8fd1216e36586b9ea85fe78cb00

SHA512
a6c56d0016c14c8808e3f8905f2be885716947051c6686faaf854847f1437466ca94472a8d07e32a69a3e12bf825c062ee9eaa9920968e2d2d09cb93d9bc0e1f

Download Submit
C:\Windows\system\YhHKWfQ.exe

Filesize
6.0MB

MD5
5616efa7fa66f32f02569d50470b338a

SHA1
7f7562edd9824c1970669e39c0a2a9b5480253f9

SHA256
caa70416ad4d164844e3c2240d56c9ba7d4535415975f4ef096d2750302b0067

SHA512
580ab3d2274a7e373754a37b93b1df79f54f5ca04b687ed0dab46c69aa5e180b480ac79be198555806e8ede02a627d3eb4cb6047826fa1465b604bdebd5df738

Download Submit
C:\Windows\system\ZXjLtMS.exe

Filesize
6.0MB

MD5
f406a726af8b99cf42e8db9d0d2a86a8

SHA1
6d5f1e8b85badf955dbb8be62d41ac9611b887d8

SHA256
b54759ba38a83873506ce23aa3264bcae069aa18f2500f0ce0d97aebd882720a

SHA512
8900b277f7b438462139713c1d2d0f9b6590aa49027e0c1d3abd82c52231b1ebee1c9c947e41e541cba3fcf25c9e05b0793efc2d20a625908cc6f051363d768b

Download Submit
C:\Windows\system\ZnUsozu.exe

Filesize
6.0MB

MD5
48255bdb10ba9a6a85671ff2f2ac8d08

SHA1
f130f305f9ee983ff69726373f47db4d8c5e49b9

SHA256
0abd60517cdb4b73c1ea8cb99ffcf7f1655916b80ae85e5196fe4262f8b05d88

SHA512
3d54dd2e40fedab17426c0d453de19a83aa5f7b250c4078a98d9615269892722b4e9e7466b948238b35f79f4735ff547750c51cfb4c6fc250c2e7543bc098e28

Download Submit
C:\Windows\system\ZrbJSjC.exe

Filesize
6.0MB

MD5
1ced4752312e0b0f0aa19c7a6d8d65a4

SHA1
7a31ab29489d2abe4ce570a076d9ef8f8ec08bc2

SHA256
daf20384d4278566b0b45b85994aad061a46434c21b47aeb231ea206b61f883a

SHA512
050877bc94cd06a8266a485795965a6fcd72ddcd368e73196c78f885782aa13583bc27fafe6744a96d25690363b447c686684124b7a52748edcc1d4ba1810f62

Download Submit
C:\Windows\system\iZdbszR.exe

Filesize
6.0MB

MD5
a02893b907a78069dae3888599b24816

SHA1
dc805ee58e43c13cda3f159fcc0b8d42ad062671

SHA256
7070db8e66332d948b2a73f621ff4550cfc4a54b49af2026a302a00712ed6854

SHA512
2a173f1632a795bd06d07888a821d538a42df33a71d4de4bbd800a183bee2871687101da6079730a3962398529beaae7382b87c69f381ea91533ffd271d89ba5

Download Submit
C:\Windows\system\kFDtaKk.exe

Filesize
6.0MB

MD5
dbf219169e758fae51adcb596b31806b

SHA1
132c49a16fc36de936dcb0e7fec6340ea145b557

SHA256
91b03099aa76e0a966d299d067f471a068ca2cf0ac113899129cc1df73b7452c

SHA512
90bffb3a5783dd06b8da5b025aa7da3585037a3f00521b60f73ead36a830dcecb0829a2c9f834850e83b32cdb53b36e2bd43e32f3cc6ca4c04f31ed19d5efd24

Download Submit
C:\Windows\system\plSsiwm.exe

Filesize
6.0MB

MD5
378a54afe9cd85fe43b6b3031e32aa95

SHA1
bf9477d840f7b36c7567a6f0fe002301db1e8b5c

SHA256
88bc52f9d950b9a2e18d468021118ab7a3d1a9c8eec5be972f420f1ca02ea130

SHA512
aeced516b951cbd3c0ab4402999fede960fa6b75cb079e032878a7a00ca78c99f4ea585563aed887396fa6e0320aff168326f448f785670f0df2c412dac5c76a

Download Submit
C:\Windows\system\ttJfFLk.exe

Filesize
6.0MB

MD5
c9e663237559fd24ff922bd52e580711

SHA1
c30ddef46f9efb01b9639dde476f09410a966cd5

SHA256
95dc3017372c4475ea7683b0d81bb3502eb67560c8dc1021ce89c29b3c63241c

SHA512
b83a819296c7396705f9dc9be975d407753e499f6dafb3539b849993748bd77616f207e8f2f748ae3c74fae99505b5b400f2137175e0d49d0d2222ec9de64b53

Download Submit
C:\Windows\system\uGZoEZc.exe

Filesize
6.0MB

MD5
1889c2f16a830bdfe7df09525c83a1f0

SHA1
8aef566329a6f6f9ad0bba0da8eb2688276fcddb

SHA256
fdca37486c6f7e227d1b07c976e0c4bd087a06c6e998338b16b468cf90123292

SHA512
d5d944df7aea7dad4f68b1b217b029362bfc5d8595e1fc26e15ce5063ce466c227eb89e2c3c65f9f63ce786cef84879d3fcfbd18704d6c919130d8b554acd0c4

Download Submit
C:\Windows\system\ubRlTMI.exe

Filesize
6.0MB

MD5
944d98fc4de4c773a3af29b63840e9b7

SHA1
979f0a3313fba8891bbc061f0422883c2e8fc000

SHA256
e7b5192dea42b5219d56fe8a5492a1d4146d1b19f9368f1e7da46cb05e6b2876

SHA512
8863332f5fefee533027687766ed9606830a29a2ee2144402b3f6c4efb301cf5a9c6a1019ff3cdf7c895056c83c6590dba0087b8832ed8aaf02242fbfa6ea421

Download Submit
C:\Windows\system\ufvWEDT.exe

Filesize
6.0MB

MD5
0f280ba464300926dd9f2d6b02f51806

SHA1
f710e99641c33deebaa51a7b5d828ac6490ac3ce

SHA256
3fbdf17d66803a92cbca78263b7d72564586fe332d5da40f7e962d863d5ef16d

SHA512
e38ccc008995a3c8c4cf82b3ee743ba700116df8186d73862a92c49e8c84103750b99a654b5864ed3a2687df99e675e53617f54edb29d62551683e65c921b457

Download Submit
C:\Windows\system\wzUwoWR.exe

Filesize
6.0MB

MD5
e2c6478134be233d2fe0fc1eb2cbde47

SHA1
fa4619175d474f27e1264b20a641b214217df6b0

SHA256
ad4ce8c1a4dfd2e20c25c4a3159d89d3670f03259821c2d56cb379f3104a1c73

SHA512
f063329b7e40aec43bd0e2398e6eb1d96b6326e451f8b64767d0bdce1d620a178d9aa1d8b9b4fa420d61634df4ba0c05c6b13e23a235eae5b0a83f0654836134

Download Submit
C:\Windows\system\yCepjNn.exe

Filesize
6.0MB

MD5
4a983982eafd6b529568686d1a5ee38a

SHA1
2f9e75d05e8d5acf865610370f3b4a932eaf5087

SHA256
961240729ece7a2490a075ea66976de0a9bbd3ff88df853c5bbedc57a16b9b75

SHA512
60acd73cf43e1f24a09c7052369a602b26355da9c02741fb14e6249711e7cf27f2054828dd12725b8b6231807152ac74e9a371f801ecd135369cfa6b5e4d1afd

Download Submit
C:\Windows\system\zSeRtIe.exe

Filesize
6.0MB

MD5
fcad01387e6050e7dd55792dfb2208ae

SHA1
c7c4cb51b307e88b5442a35456b9fa2db1fcfc1f

SHA256
f68f8702895f1f35b7a4003d68760703183aa49acabc39ccea131d163f157a92

SHA512
f3325679e7ca9fa36e8f1008c2eff83243e5f5ced768dfa825f1683ff40e1fa6b8cafc73f3e39292e6d4be93501050665c8abb689b61717c00152180b757aa8c

Download Submit
\Windows\system\IqybTmX.exe

Filesize
6.0MB

MD5
b82a97b3721541a0597d72369240ad17

SHA1
36a3e0cc21c6db023b5d673a70c86660e9f3a184

SHA256
513c623e7f59d0ab13e9b0de3adb0b5c2d03aedaed3a3b8b35eae521f7446bc7

SHA512
ff61854f5bea26a93fef23f65668d98a7db9fad4804a340977e1f49bd125011e449147a610b37a6bf285bbf600c4355ac9bc8ff0eaf5988fa8c9ea41a4722e2c

Download Submit
\Windows\system\PsMHNQe.exe

Filesize
6.0MB

MD5
afdba2edec08d18aa13ced64195993bd

SHA1
58a742643bd6b81569022609737d9068a766f090

SHA256
0d946d63f0c9afde1415b08012367ead4620c481bfe34bb74d7d74d5b4949129

SHA512
8dd67fd46b49a94bddf4c6a2af1df136dee1490a993d40aa5b7188ee2ebb21286a02561b351f93fc6ad36bbb1046cb3b5861fd3e8c0b058709ba339d62c56c33

Download Submit
\Windows\system\bWHcJbM.exe

Filesize
6.0MB

MD5
7037084909e97fe7defec44dc6ccc3ae

SHA1
6aad68b474f7ad4f7f9f7f0f7b7392364e81df02

SHA256
9b11eb2213df0fc57c9e95161ae023cf71eff212d0188aafd836d895b8ede3c8

SHA512
b1b0423a7a333f8fc8725ee1ca071cc7f995db7583dc4cb771c2446aa471d2746db6983b39bfbceb0d648e213d9d07e4c82bc9b34f49556fe53a2c95a184b88b

Download Submit
\Windows\system\iVZCplU.exe

Filesize
6.0MB

MD5
1e417b469a0185052ae63844b0e0a371

SHA1
fa99949ae835e465427536a5dbb4e87c36cf09b6

SHA256
491b247994cdbffd395b4713df33e2f98b4c254ad4c9ee99b6e814eecfae8ca2

SHA512
4f512600588b432a758d8bf65bb1188feaa673d65e7ed24fc0975defd2bd80cde44c5aec0f50da81c401fa7249897c956713be1cf79413bc42f89b4a69087f68

Download Submit
\Windows\system\jdLYAdn.exe

Filesize
6.0MB

MD5
ed92deab869f9328748735211627cf1a

SHA1
475dc0d19c824bec6dec4a2f9d97732934cfccc0

SHA256
ba58ca05c57630951e63e10da19a737cc021b473ede99ad6607d92afaed494c0

SHA512
2a189149d5279a4014e0e86c4f16fc461ef7ca2dd748ffdb59d58029f639305d25d589193a91a328231ad2c146f33934f3f2e5b4a9940f2019ac906c0b37ff5b

Download Submit
\Windows\system\rWQRycO.exe

Filesize
6.0MB

MD5
620a9004c11d7f58d892ca92da308e11

SHA1
7742b3d3b19a56af132b4bb48189cbeaca712723

SHA256
f4b1babbe591e771748e277f5df19d7b41df2a8ade9de376efd4025615d0a35d

SHA512
4a239c25afe35fce795f102e77340dd2890d90abd7dca4d03cde0beffc07d767ed241120b6bb30dbc133a8f2ab26def602ec085bab6f5fe6aa5c01be41da3813

Download Submit
memory/108-600-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/108-28-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/108-17-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/108-20-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/108-87-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/108-23-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/108-98-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/108-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/108-185-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/108-35-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/108-43-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/108-46-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/108-71-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/108-88-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/108-48-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/108-54-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/108-0-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/108-298-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/108-55-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/108-123-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/108-299-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/108-80-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/108-105-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-1680-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1116-96-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2000-1512-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2000-22-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2172-1514-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2172-21-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2284-1683-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2284-97-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2696-86-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2696-45-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1559-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2700-72-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2700-124-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2700-1679-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2732-107-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-65-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-1591-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-81-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1678-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-1592-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2848-70-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2848-29-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2936-99-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-1573-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-56-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-39-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-1535-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1570-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-49-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-95-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1513-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2976-19-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/3060-1681-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-106-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download