cobaltstrike | c4b706685a0930f53539089510ec90af1fcdb11491beb1aa7970491f3fd6a44a

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-12-2024 01:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0e197020fc44f31316a716de1ad9261a
SHA1

2990c7325224e208d315697e1506842257d1370e
SHA256

c4b706685a0930f53539089510ec90af1fcdb11491beb1aa7970491f3fd6a44a
SHA512

506ef49bb874ffe66f61b32a8098c99ab5ebcf59d357171f589ec4b2abcdc7ff16db9732c540b491a47becfa90ea4366ebd3cb2db313686808291e31c32090f2
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUn:eOl56utgpPF8u/7n

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a0000000122ce-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d07-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d19-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d48-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d70-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d68-33.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000015d78-47.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001867d-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019220-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019238-136.dat	cobalt_reflective_dll
behavioral1/files/0x0031000000015ccc-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938b-170.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c8-190.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-185.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b7-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019399-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019280-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925d-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191fd-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-102.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018657-101.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190c6-89.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186c8-87.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190c9-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878d-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-118.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018662-67.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c9b-66.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015da1-51.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 57 IoCs

miner

resource	yara_rule
behavioral1/memory/2112-0-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x000a0000000122ce-6.dat	xmrig
behavioral1/files/0x0008000000015d07-12.dat	xmrig
behavioral1/files/0x0008000000015d19-16.dat	xmrig
behavioral1/files/0x0007000000015d48-21.dat	xmrig
behavioral1/memory/2920-27-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2928-25-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2560-28-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2848-36-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d70-39.dat	xmrig
behavioral1/files/0x0007000000015d68-33.dat	xmrig
behavioral1/files/0x000a000000015d78-47.dat	xmrig
behavioral1/memory/2712-50-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x000500000001867d-72.dat	xmrig
behavioral1/files/0x0005000000019220-127.dat	xmrig
behavioral1/files/0x0005000000019238-136.dat	xmrig
behavioral1/files/0x0031000000015ccc-140.dat	xmrig
behavioral1/files/0x0005000000019278-157.dat	xmrig
behavioral1/files/0x000500000001938b-170.dat	xmrig
behavioral1/files/0x00050000000193c8-190.dat	xmrig
behavioral1/files/0x00050000000193c1-185.dat	xmrig
behavioral1/files/0x00050000000193b7-180.dat	xmrig
behavioral1/files/0x0005000000019399-175.dat	xmrig
behavioral1/files/0x0005000000019280-165.dat	xmrig
behavioral1/files/0x000500000001925d-150.dat	xmrig
behavioral1/files/0x0005000000019263-155.dat	xmrig
behavioral1/files/0x0005000000019240-145.dat	xmrig
behavioral1/memory/536-104-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/files/0x00050000000191fd-126.dat	xmrig
behavioral1/memory/1432-103-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f3-102.dat	xmrig
behavioral1/files/0x0014000000018657-101.dat	xmrig
behavioral1/memory/2760-91-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/files/0x00060000000190c6-89.dat	xmrig
behavioral1/files/0x00050000000186c8-87.dat	xmrig
behavioral1/files/0x00060000000190c9-85.dat	xmrig
behavioral1/memory/1216-80-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x000500000001878d-78.dat	xmrig
behavioral1/files/0x0005000000019217-118.dat	xmrig
behavioral1/memory/2112-95-0x00000000024D0000-0x0000000002824000-memory.dmp	xmrig
behavioral1/memory/3024-71-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2112-68-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x000d000000018662-67.dat	xmrig
behavioral1/files/0x0008000000016c9b-66.dat	xmrig
behavioral1/memory/2112-55-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x0008000000015da1-51.dat	xmrig
behavioral1/memory/2548-43-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2840-20-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/1216-3751-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/536-3750-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2920-3729-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2560-3725-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2848-3777-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2840-3776-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2760-3778-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2712-3779-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/3024-3780-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2928	BtjoXaa.exe
2920	UNNJchh.exe
2840	mcHagde.exe
2560	PvwRtMC.exe
2848	ntFRlDc.exe
2548	lqZWBSK.exe
2712	fngVOpR.exe
3024	jOTtSXw.exe
1216	CexVRPU.exe
2760	DCVKHEw.exe
1432	CIxOZwo.exe
536	PAzQANi.exe
1472	WHvFUge.exe
1000	INRoydd.exe
1784	XdnVyfo.exe
3008	BgmAFuF.exe
1924	ImZXVcy.exe
600	kreKVOW.exe
276	DMFhZWn.exe
2844	nFcifYv.exe
2412	jbmRMIh.exe
2212	UmPiuAG.exe
1604	WKNZapD.exe
1616	mlrLXkm.exe
2628	cpocGXU.exe
2404	dqLQRnJ.exe
688	mWKQTtr.exe
1596	mOWQydc.exe
2592	YdGDANp.exe
864	qTwOBpk.exe
1700	ncbAgsE.exe
1464	iRYknWg.exe
2016	Dvkrqzj.exe
2984	NmAubAX.exe
1664	JitAMsV.exe
2476	DMYmVVS.exe
2072	EaSTdch.exe
2428	jWbAEXP.exe
2424	LfspopV.exe
2908	JbnFPpy.exe
568	TrJcQLa.exe
1848	bordmfm.exe
2956	LIGXwEr.exe
3044	puHpAIw.exe
2292	LGOoPHF.exe
904	PHNhJqZ.exe
2460	aMxnwca.exe
2012	TRyVSyf.exe
1496	PnliPzO.exe
2904	nZbllKU.exe
2692	tIlyoIg.exe
2556	lGwUnXH.exe
2572	gXIdqiv.exe
2656	ewnecuW.exe
640	xRmFIxh.exe
2996	NTZhaJP.exe
2400	kwtGnsO.exe
1448	tvsgzQh.exe
1416	oSrrqDe.exe
2472	NkfMkfI.exe
1860	yyRtuVI.exe
2944	yXEXuKb.exe
1932	YkqwiwR.exe
924	ZzpRvUH.exe

Loads dropped DLL 64 IoCs

pid	Process
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 54 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2112-0-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x000a0000000122ce-6.dat	upx
behavioral1/files/0x0008000000015d07-12.dat	upx
behavioral1/files/0x0008000000015d19-16.dat	upx
behavioral1/files/0x0007000000015d48-21.dat	upx
behavioral1/memory/2920-27-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2928-25-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2560-28-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2848-36-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x0007000000015d70-39.dat	upx
behavioral1/files/0x0007000000015d68-33.dat	upx
behavioral1/files/0x000a000000015d78-47.dat	upx
behavioral1/memory/2712-50-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x000500000001867d-72.dat	upx
behavioral1/files/0x0005000000019220-127.dat	upx
behavioral1/files/0x0005000000019238-136.dat	upx
behavioral1/files/0x0031000000015ccc-140.dat	upx
behavioral1/files/0x0005000000019278-157.dat	upx
behavioral1/files/0x000500000001938b-170.dat	upx
behavioral1/files/0x00050000000193c8-190.dat	upx
behavioral1/files/0x00050000000193c1-185.dat	upx
behavioral1/files/0x00050000000193b7-180.dat	upx
behavioral1/files/0x0005000000019399-175.dat	upx
behavioral1/files/0x0005000000019280-165.dat	upx
behavioral1/files/0x000500000001925d-150.dat	upx
behavioral1/files/0x0005000000019263-155.dat	upx
behavioral1/files/0x0005000000019240-145.dat	upx
behavioral1/memory/536-104-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/files/0x00050000000191fd-126.dat	upx
behavioral1/memory/1432-103-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/files/0x00050000000191f3-102.dat	upx
behavioral1/files/0x0014000000018657-101.dat	upx
behavioral1/memory/2760-91-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/files/0x00060000000190c6-89.dat	upx
behavioral1/files/0x00050000000186c8-87.dat	upx
behavioral1/files/0x00060000000190c9-85.dat	upx
behavioral1/memory/1216-80-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x000500000001878d-78.dat	upx
behavioral1/files/0x0005000000019217-118.dat	upx
behavioral1/memory/3024-71-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x000d000000018662-67.dat	upx
behavioral1/files/0x0008000000016c9b-66.dat	upx
behavioral1/memory/2112-55-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x0008000000015da1-51.dat	upx
behavioral1/memory/2548-43-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2840-20-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/1216-3751-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/536-3750-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2560-3725-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2848-3777-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2840-3776-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2760-3778-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2712-3779-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/3024-3780-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MQEbbZO.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AqFggDa.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKwBSle.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMXctdK.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pbLDYmw.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YZRsdjh.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ahqRifn.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aJHslxi.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cvfIalV.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LpqreIP.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PvwRtMC.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oZbahfn.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zwSQmcK.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dLoXYvX.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHpFEsV.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJYkhvm.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKDWmMe.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mcHagde.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AzxKkYa.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vYUqwJm.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DfjAlNH.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VRnfUbB.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\URDHKzn.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGHTOgx.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WRBgRFN.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DIDVoVh.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gPBNOFO.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aDlbqGs.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtJaLoG.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVilHRf.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yiWzsIM.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fuTdKWk.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ARKoHqi.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xHaWRcD.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMlzXOS.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LfspopV.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFxaivL.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YNNTWMG.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sAmdkmp.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZgabJXg.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzcipMQ.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nIhBspv.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UvdjDBb.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TRBLHlF.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCyucTU.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HlHAvFa.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YJIQoJt.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eXYCcjm.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtSGRZA.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zjLghqg.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JwrjjNA.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\drLfMaV.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NNAWBMo.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ghsiQlN.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PNABvbH.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SLMytvC.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZGyedA.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fWlAYLG.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpqQuwo.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\obJJoaT.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jTyiaQB.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxaEkMG.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QHaDadh.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KpaPuDX.exe	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2928	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2112 wrote to memory of 2928	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2112 wrote to memory of 2928	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2112 wrote to memory of 2920	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2112 wrote to memory of 2920	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2112 wrote to memory of 2920	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2112 wrote to memory of 2840	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2112 wrote to memory of 2840	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2112 wrote to memory of 2840	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2112 wrote to memory of 2560	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2112 wrote to memory of 2560	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2112 wrote to memory of 2560	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2112 wrote to memory of 2848	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2112 wrote to memory of 2848	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2112 wrote to memory of 2848	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2112 wrote to memory of 2548	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2112 wrote to memory of 2548	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2112 wrote to memory of 2548	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2112 wrote to memory of 2712	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2112 wrote to memory of 2712	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2112 wrote to memory of 2712	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2112 wrote to memory of 3024	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2112 wrote to memory of 3024	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2112 wrote to memory of 3024	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2112 wrote to memory of 1216	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2112 wrote to memory of 1216	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2112 wrote to memory of 1216	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2112 wrote to memory of 1472	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2112 wrote to memory of 1472	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2112 wrote to memory of 1472	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2112 wrote to memory of 2760	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2112 wrote to memory of 2760	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2112 wrote to memory of 2760	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2112 wrote to memory of 3008	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2112 wrote to memory of 3008	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2112 wrote to memory of 3008	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2112 wrote to memory of 1432	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2112 wrote to memory of 1432	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2112 wrote to memory of 1432	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2112 wrote to memory of 1924	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2112 wrote to memory of 1924	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2112 wrote to memory of 1924	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2112 wrote to memory of 536	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2112 wrote to memory of 536	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2112 wrote to memory of 536	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2112 wrote to memory of 600	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2112 wrote to memory of 600	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2112 wrote to memory of 600	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2112 wrote to memory of 1000	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2112 wrote to memory of 1000	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2112 wrote to memory of 1000	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2112 wrote to memory of 276	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2112 wrote to memory of 276	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2112 wrote to memory of 276	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2112 wrote to memory of 1784	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2112 wrote to memory of 1784	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2112 wrote to memory of 1784	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2112 wrote to memory of 2844	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2112 wrote to memory of 2844	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2112 wrote to memory of 2844	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2112 wrote to memory of 2412	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2112 wrote to memory of 2412	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2112 wrote to memory of 2412	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2112 wrote to memory of 2212	2112	2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-18_0e197020fc44f31316a716de1ad9261a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\System\BtjoXaa.exe
  C:\Windows\System\BtjoXaa.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\UNNJchh.exe
  C:\Windows\System\UNNJchh.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\mcHagde.exe
  C:\Windows\System\mcHagde.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\PvwRtMC.exe
  C:\Windows\System\PvwRtMC.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\ntFRlDc.exe
  C:\Windows\System\ntFRlDc.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\lqZWBSK.exe
  C:\Windows\System\lqZWBSK.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\fngVOpR.exe
  C:\Windows\System\fngVOpR.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\jOTtSXw.exe
  C:\Windows\System\jOTtSXw.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\CexVRPU.exe
  C:\Windows\System\CexVRPU.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\WHvFUge.exe
  C:\Windows\System\WHvFUge.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\DCVKHEw.exe
  C:\Windows\System\DCVKHEw.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\BgmAFuF.exe
  C:\Windows\System\BgmAFuF.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\CIxOZwo.exe
  C:\Windows\System\CIxOZwo.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\ImZXVcy.exe
  C:\Windows\System\ImZXVcy.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\PAzQANi.exe
  C:\Windows\System\PAzQANi.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\kreKVOW.exe
  C:\Windows\System\kreKVOW.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\INRoydd.exe
  C:\Windows\System\INRoydd.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\DMFhZWn.exe
  C:\Windows\System\DMFhZWn.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\XdnVyfo.exe
  C:\Windows\System\XdnVyfo.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\nFcifYv.exe
  C:\Windows\System\nFcifYv.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\jbmRMIh.exe
  C:\Windows\System\jbmRMIh.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\UmPiuAG.exe
  C:\Windows\System\UmPiuAG.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\WKNZapD.exe
  C:\Windows\System\WKNZapD.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\mlrLXkm.exe
  C:\Windows\System\mlrLXkm.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\cpocGXU.exe
  C:\Windows\System\cpocGXU.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\dqLQRnJ.exe
  C:\Windows\System\dqLQRnJ.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\mWKQTtr.exe
  C:\Windows\System\mWKQTtr.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\mOWQydc.exe
  C:\Windows\System\mOWQydc.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\YdGDANp.exe
  C:\Windows\System\YdGDANp.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\qTwOBpk.exe
  C:\Windows\System\qTwOBpk.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\ncbAgsE.exe
  C:\Windows\System\ncbAgsE.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\iRYknWg.exe
  C:\Windows\System\iRYknWg.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\Dvkrqzj.exe
  C:\Windows\System\Dvkrqzj.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\NmAubAX.exe
  C:\Windows\System\NmAubAX.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\JitAMsV.exe
  C:\Windows\System\JitAMsV.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\DMYmVVS.exe
  C:\Windows\System\DMYmVVS.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\EaSTdch.exe
  C:\Windows\System\EaSTdch.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\jWbAEXP.exe
  C:\Windows\System\jWbAEXP.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\LfspopV.exe
  C:\Windows\System\LfspopV.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\TrJcQLa.exe
  C:\Windows\System\TrJcQLa.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\JbnFPpy.exe
  C:\Windows\System\JbnFPpy.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\LIGXwEr.exe
  C:\Windows\System\LIGXwEr.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\bordmfm.exe
  C:\Windows\System\bordmfm.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\LGOoPHF.exe
  C:\Windows\System\LGOoPHF.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\puHpAIw.exe
  C:\Windows\System\puHpAIw.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\PHNhJqZ.exe
  C:\Windows\System\PHNhJqZ.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\aMxnwca.exe
  C:\Windows\System\aMxnwca.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\TRyVSyf.exe
  C:\Windows\System\TRyVSyf.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\PnliPzO.exe
  C:\Windows\System\PnliPzO.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\nZbllKU.exe
  C:\Windows\System\nZbllKU.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\tIlyoIg.exe
  C:\Windows\System\tIlyoIg.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\lGwUnXH.exe
  C:\Windows\System\lGwUnXH.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\gXIdqiv.exe
  C:\Windows\System\gXIdqiv.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\ewnecuW.exe
  C:\Windows\System\ewnecuW.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\xRmFIxh.exe
  C:\Windows\System\xRmFIxh.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\NTZhaJP.exe
  C:\Windows\System\NTZhaJP.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\kwtGnsO.exe
  C:\Windows\System\kwtGnsO.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\oSrrqDe.exe
  C:\Windows\System\oSrrqDe.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\tvsgzQh.exe
  C:\Windows\System\tvsgzQh.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\yyRtuVI.exe
  C:\Windows\System\yyRtuVI.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\NkfMkfI.exe
  C:\Windows\System\NkfMkfI.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\YkqwiwR.exe
  C:\Windows\System\YkqwiwR.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\yXEXuKb.exe
  C:\Windows\System\yXEXuKb.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\ZzpRvUH.exe
  C:\Windows\System\ZzpRvUH.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\klHBkWb.exe
  C:\Windows\System\klHBkWb.exe
  2⤵
  PID:1832
- C:\Windows\System\EkutlWt.exe
  C:\Windows\System\EkutlWt.exe
  2⤵
  PID:2276
- C:\Windows\System\NGhfzfA.exe
  C:\Windows\System\NGhfzfA.exe
  2⤵
  PID:1208
- C:\Windows\System\hAqvkEh.exe
  C:\Windows\System\hAqvkEh.exe
  2⤵
  PID:2448
- C:\Windows\System\VWFuHVI.exe
  C:\Windows\System\VWFuHVI.exe
  2⤵
  PID:1124
- C:\Windows\System\OcvwCqD.exe
  C:\Windows\System\OcvwCqD.exe
  2⤵
  PID:2064
- C:\Windows\System\EdNrzNo.exe
  C:\Windows\System\EdNrzNo.exe
  2⤵
  PID:2380
- C:\Windows\System\AAGsfwl.exe
  C:\Windows\System\AAGsfwl.exe
  2⤵
  PID:2672
- C:\Windows\System\iQMuBCR.exe
  C:\Windows\System\iQMuBCR.exe
  2⤵
  PID:1740
- C:\Windows\System\nwHAsNx.exe
  C:\Windows\System\nwHAsNx.exe
  2⤵
  PID:2176
- C:\Windows\System\TOYpTBK.exe
  C:\Windows\System\TOYpTBK.exe
  2⤵
  PID:2020
- C:\Windows\System\yOQKGYw.exe
  C:\Windows\System\yOQKGYw.exe
  2⤵
  PID:2912
- C:\Windows\System\iKkVmEk.exe
  C:\Windows\System\iKkVmEk.exe
  2⤵
  PID:1568
- C:\Windows\System\BhgHJKF.exe
  C:\Windows\System\BhgHJKF.exe
  2⤵
  PID:1424
- C:\Windows\System\oisMXiv.exe
  C:\Windows\System\oisMXiv.exe
  2⤵
  PID:1132
- C:\Windows\System\UejOQIB.exe
  C:\Windows\System\UejOQIB.exe
  2⤵
  PID:2744
- C:\Windows\System\JWJJZor.exe
  C:\Windows\System\JWJJZor.exe
  2⤵
  PID:1436
- C:\Windows\System\SqiwFsj.exe
  C:\Windows\System\SqiwFsj.exe
  2⤵
  PID:2824
- C:\Windows\System\fzoDPXl.exe
  C:\Windows\System\fzoDPXl.exe
  2⤵
  PID:2896
- C:\Windows\System\ClgzPFY.exe
  C:\Windows\System\ClgzPFY.exe
  2⤵
  PID:1120
- C:\Windows\System\gqtAMqV.exe
  C:\Windows\System\gqtAMqV.exe
  2⤵
  PID:1572
- C:\Windows\System\PUwsOLc.exe
  C:\Windows\System\PUwsOLc.exe
  2⤵
  PID:1940
- C:\Windows\System\fBuFCgL.exe
  C:\Windows\System\fBuFCgL.exe
  2⤵
  PID:1364
- C:\Windows\System\OWWpcto.exe
  C:\Windows\System\OWWpcto.exe
  2⤵
  PID:1780
- C:\Windows\System\oxTeaSW.exe
  C:\Windows\System\oxTeaSW.exe
  2⤵
  PID:2972
- C:\Windows\System\ZbxTdqC.exe
  C:\Windows\System\ZbxTdqC.exe
  2⤵
  PID:1720
- C:\Windows\System\jiDnHcM.exe
  C:\Windows\System\jiDnHcM.exe
  2⤵
  PID:2516
- C:\Windows\System\TWRzKXc.exe
  C:\Windows\System\TWRzKXc.exe
  2⤵
  PID:2328
- C:\Windows\System\HmSdQfB.exe
  C:\Windows\System\HmSdQfB.exe
  2⤵
  PID:1732
- C:\Windows\System\fgtYVzt.exe
  C:\Windows\System\fgtYVzt.exe
  2⤵
  PID:1108
- C:\Windows\System\HpIJuHR.exe
  C:\Windows\System\HpIJuHR.exe
  2⤵
  PID:2268
- C:\Windows\System\lipKFQM.exe
  C:\Windows\System\lipKFQM.exe
  2⤵
  PID:3080
- C:\Windows\System\NeJeHXj.exe
  C:\Windows\System\NeJeHXj.exe
  2⤵
  PID:3104
- C:\Windows\System\VsnSlRC.exe
  C:\Windows\System\VsnSlRC.exe
  2⤵
  PID:3120
- C:\Windows\System\vXOgdSf.exe
  C:\Windows\System\vXOgdSf.exe
  2⤵
  PID:3136
- C:\Windows\System\ELrboUD.exe
  C:\Windows\System\ELrboUD.exe
  2⤵
  PID:3152
- C:\Windows\System\wMCmHoP.exe
  C:\Windows\System\wMCmHoP.exe
  2⤵
  PID:3168
- C:\Windows\System\eWTcCOT.exe
  C:\Windows\System\eWTcCOT.exe
  2⤵
  PID:3184
- C:\Windows\System\NhAfeBO.exe
  C:\Windows\System\NhAfeBO.exe
  2⤵
  PID:3200
- C:\Windows\System\gpjnrHC.exe
  C:\Windows\System\gpjnrHC.exe
  2⤵
  PID:3216
- C:\Windows\System\rCNmOev.exe
  C:\Windows\System\rCNmOev.exe
  2⤵
  PID:3240
- C:\Windows\System\mLbUjnX.exe
  C:\Windows\System\mLbUjnX.exe
  2⤵
  PID:3256
- C:\Windows\System\NFHaNOG.exe
  C:\Windows\System\NFHaNOG.exe
  2⤵
  PID:3272
- C:\Windows\System\mREGial.exe
  C:\Windows\System\mREGial.exe
  2⤵
  PID:3288
- C:\Windows\System\xvhMfZM.exe
  C:\Windows\System\xvhMfZM.exe
  2⤵
  PID:3304
- C:\Windows\System\ifkqIBu.exe
  C:\Windows\System\ifkqIBu.exe
  2⤵
  PID:3320
- C:\Windows\System\qUoCinV.exe
  C:\Windows\System\qUoCinV.exe
  2⤵
  PID:3360
- C:\Windows\System\lZEyROB.exe
  C:\Windows\System\lZEyROB.exe
  2⤵
  PID:3376
- C:\Windows\System\ziCdPJS.exe
  C:\Windows\System\ziCdPJS.exe
  2⤵
  PID:3392
- C:\Windows\System\yyXPnkA.exe
  C:\Windows\System\yyXPnkA.exe
  2⤵
  PID:3408
- C:\Windows\System\ZNpfvFl.exe
  C:\Windows\System\ZNpfvFl.exe
  2⤵
  PID:3424
- C:\Windows\System\vUlzHaz.exe
  C:\Windows\System\vUlzHaz.exe
  2⤵
  PID:3444
- C:\Windows\System\vTQumTZ.exe
  C:\Windows\System\vTQumTZ.exe
  2⤵
  PID:3460
- C:\Windows\System\oZbahfn.exe
  C:\Windows\System\oZbahfn.exe
  2⤵
  PID:3476
- C:\Windows\System\TgrJTan.exe
  C:\Windows\System\TgrJTan.exe
  2⤵
  PID:3492
- C:\Windows\System\FCTuEuw.exe
  C:\Windows\System\FCTuEuw.exe
  2⤵
  PID:3508
- C:\Windows\System\RnAMCgk.exe
  C:\Windows\System\RnAMCgk.exe
  2⤵
  PID:3524
- C:\Windows\System\zxpbFEM.exe
  C:\Windows\System\zxpbFEM.exe
  2⤵
  PID:3540
- C:\Windows\System\oXRVXBX.exe
  C:\Windows\System\oXRVXBX.exe
  2⤵
  PID:3556
- C:\Windows\System\oGEkdkJ.exe
  C:\Windows\System\oGEkdkJ.exe
  2⤵
  PID:3580
- C:\Windows\System\MgiNaxN.exe
  C:\Windows\System\MgiNaxN.exe
  2⤵
  PID:3628
- C:\Windows\System\aZCaJTD.exe
  C:\Windows\System\aZCaJTD.exe
  2⤵
  PID:3760
- C:\Windows\System\BLPicRf.exe
  C:\Windows\System\BLPicRf.exe
  2⤵
  PID:3776
- C:\Windows\System\yVDfkEc.exe
  C:\Windows\System\yVDfkEc.exe
  2⤵
  PID:3792
- C:\Windows\System\RiiLsVS.exe
  C:\Windows\System\RiiLsVS.exe
  2⤵
  PID:3812
- C:\Windows\System\JdNMEDc.exe
  C:\Windows\System\JdNMEDc.exe
  2⤵
  PID:3828
- C:\Windows\System\YdmTWcN.exe
  C:\Windows\System\YdmTWcN.exe
  2⤵
  PID:3844
- C:\Windows\System\mVjTrGt.exe
  C:\Windows\System\mVjTrGt.exe
  2⤵
  PID:3868
- C:\Windows\System\BVqjQrs.exe
  C:\Windows\System\BVqjQrs.exe
  2⤵
  PID:3884
- C:\Windows\System\AzxKkYa.exe
  C:\Windows\System\AzxKkYa.exe
  2⤵
  PID:3900
- C:\Windows\System\bHaqDeu.exe
  C:\Windows\System\bHaqDeu.exe
  2⤵
  PID:3916
- C:\Windows\System\lNGyDEd.exe
  C:\Windows\System\lNGyDEd.exe
  2⤵
  PID:3932
- C:\Windows\System\SrSYKQW.exe
  C:\Windows\System\SrSYKQW.exe
  2⤵
  PID:3948
- C:\Windows\System\UAEaOiH.exe
  C:\Windows\System\UAEaOiH.exe
  2⤵
  PID:3964
- C:\Windows\System\gEAkNqt.exe
  C:\Windows\System\gEAkNqt.exe
  2⤵
  PID:3980
- C:\Windows\System\TtudzQE.exe
  C:\Windows\System\TtudzQE.exe
  2⤵
  PID:3996
- C:\Windows\System\afBwSmg.exe
  C:\Windows\System\afBwSmg.exe
  2⤵
  PID:4012
- C:\Windows\System\ZUMMSey.exe
  C:\Windows\System\ZUMMSey.exe
  2⤵
  PID:4032
- C:\Windows\System\YXxtidd.exe
  C:\Windows\System\YXxtidd.exe
  2⤵
  PID:4052
- C:\Windows\System\BSWgmKx.exe
  C:\Windows\System\BSWgmKx.exe
  2⤵
  PID:4068
- C:\Windows\System\JnAXhZS.exe
  C:\Windows\System\JnAXhZS.exe
  2⤵
  PID:4088
- C:\Windows\System\CRCepGn.exe
  C:\Windows\System\CRCepGn.exe
  2⤵
  PID:2288
- C:\Windows\System\XLrcHIm.exe
  C:\Windows\System\XLrcHIm.exe
  2⤵
  PID:2568
- C:\Windows\System\bozhznf.exe
  C:\Windows\System\bozhznf.exe
  2⤵
  PID:2452
- C:\Windows\System\ByevsMB.exe
  C:\Windows\System\ByevsMB.exe
  2⤵
  PID:1180
- C:\Windows\System\NbOOnDr.exe
  C:\Windows\System\NbOOnDr.exe
  2⤵
  PID:3316
- C:\Windows\System\OkAZLNy.exe
  C:\Windows\System\OkAZLNy.exe
  2⤵
  PID:3404
- C:\Windows\System\ClLqHHN.exe
  C:\Windows\System\ClLqHHN.exe
  2⤵
  PID:3468
- C:\Windows\System\XQyhvTB.exe
  C:\Windows\System\XQyhvTB.exe
  2⤵
  PID:3532
- C:\Windows\System\fbEJcVq.exe
  C:\Windows\System\fbEJcVq.exe
  2⤵
  PID:3564
- C:\Windows\System\sbVqykY.exe
  C:\Windows\System\sbVqykY.exe
  2⤵
  PID:2284
- C:\Windows\System\fSfjLjG.exe
  C:\Windows\System\fSfjLjG.exe
  2⤵
  PID:888
- C:\Windows\System\mtTisVy.exe
  C:\Windows\System\mtTisVy.exe
  2⤵
  PID:1632
- C:\Windows\System\GotfrPs.exe
  C:\Windows\System\GotfrPs.exe
  2⤵
  PID:1576
- C:\Windows\System\FHJKEog.exe
  C:\Windows\System\FHJKEog.exe
  2⤵
  PID:660
- C:\Windows\System\oUXihij.exe
  C:\Windows\System\oUXihij.exe
  2⤵
  PID:3576
- C:\Windows\System\CxHnMMN.exe
  C:\Windows\System\CxHnMMN.exe
  2⤵
  PID:3236
- C:\Windows\System\qwNFuNR.exe
  C:\Windows\System\qwNFuNR.exe
  2⤵
  PID:3328
- C:\Windows\System\XppMRDY.exe
  C:\Windows\System\XppMRDY.exe
  2⤵
  PID:3344
- C:\Windows\System\xDapQxK.exe
  C:\Windows\System\xDapQxK.exe
  2⤵
  PID:3416
- C:\Windows\System\eUEEbhA.exe
  C:\Windows\System\eUEEbhA.exe
  2⤵
  PID:3488
- C:\Windows\System\MfuhsMx.exe
  C:\Windows\System\MfuhsMx.exe
  2⤵
  PID:3224
- C:\Windows\System\SDlDWQM.exe
  C:\Windows\System\SDlDWQM.exe
  2⤵
  PID:3132
- C:\Windows\System\hsaQobq.exe
  C:\Windows\System\hsaQobq.exe
  2⤵
  PID:2652
- C:\Windows\System\zMfVBlO.exe
  C:\Windows\System\zMfVBlO.exe
  2⤵
  PID:1980
- C:\Windows\System\xsqwRCH.exe
  C:\Windows\System\xsqwRCH.exe
  2⤵
  PID:3644
- C:\Windows\System\MQEbbZO.exe
  C:\Windows\System\MQEbbZO.exe
  2⤵
  PID:3664
- C:\Windows\System\IrxWBPK.exe
  C:\Windows\System\IrxWBPK.exe
  2⤵
  PID:3680
- C:\Windows\System\prUlMqb.exe
  C:\Windows\System\prUlMqb.exe
  2⤵
  PID:3704
- C:\Windows\System\DqrEbWT.exe
  C:\Windows\System\DqrEbWT.exe
  2⤵
  PID:3720
- C:\Windows\System\hgPKSha.exe
  C:\Windows\System\hgPKSha.exe
  2⤵
  PID:2544
- C:\Windows\System\Eboymjh.exe
  C:\Windows\System\Eboymjh.exe
  2⤵
  PID:2372
- C:\Windows\System\KRrunFw.exe
  C:\Windows\System\KRrunFw.exe
  2⤵
  PID:2608
- C:\Windows\System\zcBNDGg.exe
  C:\Windows\System\zcBNDGg.exe
  2⤵
  PID:1852
- C:\Windows\System\BEOEsVJ.exe
  C:\Windows\System\BEOEsVJ.exe
  2⤵
  PID:1252
- C:\Windows\System\TZGHDnA.exe
  C:\Windows\System\TZGHDnA.exe
  2⤵
  PID:1636
- C:\Windows\System\rwZaZDW.exe
  C:\Windows\System\rwZaZDW.exe
  2⤵
  PID:3752
- C:\Windows\System\JiuMmrB.exe
  C:\Windows\System\JiuMmrB.exe
  2⤵
  PID:3784
- C:\Windows\System\ErIqaIy.exe
  C:\Windows\System\ErIqaIy.exe
  2⤵
  PID:3840
- C:\Windows\System\mYLDVLl.exe
  C:\Windows\System\mYLDVLl.exe
  2⤵
  PID:3912
- C:\Windows\System\pjvsqCU.exe
  C:\Windows\System\pjvsqCU.exe
  2⤵
  PID:3976
- C:\Windows\System\nxJXAaS.exe
  C:\Windows\System\nxJXAaS.exe
  2⤵
  PID:4048
- C:\Windows\System\TyQthfW.exe
  C:\Windows\System\TyQthfW.exe
  2⤵
  PID:3852
- C:\Windows\System\FJSRRZX.exe
  C:\Windows\System\FJSRRZX.exe
  2⤵
  PID:4004
- C:\Windows\System\ouCqTfx.exe
  C:\Windows\System\ouCqTfx.exe
  2⤵
  PID:3956
- C:\Windows\System\Pdeulzu.exe
  C:\Windows\System\Pdeulzu.exe
  2⤵
  PID:4020
- C:\Windows\System\fTuizJo.exe
  C:\Windows\System\fTuizJo.exe
  2⤵
  PID:4064
- C:\Windows\System\jAWhYcU.exe
  C:\Windows\System\jAWhYcU.exe
  2⤵
  PID:1788
- C:\Windows\System\EEmWRVX.exe
  C:\Windows\System\EEmWRVX.exe
  2⤵
  PID:3116
- C:\Windows\System\uEBfuYb.exe
  C:\Windows\System\uEBfuYb.exe
  2⤵
  PID:3176
- C:\Windows\System\bnHiLmH.exe
  C:\Windows\System\bnHiLmH.exe
  2⤵
  PID:408
- C:\Windows\System\hTUfzyu.exe
  C:\Windows\System\hTUfzyu.exe
  2⤵
  PID:3500
- C:\Windows\System\UvdjDBb.exe
  C:\Windows\System\UvdjDBb.exe
  2⤵
  PID:2576
- C:\Windows\System\SmWaeof.exe
  C:\Windows\System\SmWaeof.exe
  2⤵
  PID:3284
- C:\Windows\System\GpGvlOo.exe
  C:\Windows\System\GpGvlOo.exe
  2⤵
  PID:3092
- C:\Windows\System\incvplJ.exe
  C:\Windows\System\incvplJ.exe
  2⤵
  PID:940
- C:\Windows\System\QyUbPAa.exe
  C:\Windows\System\QyUbPAa.exe
  2⤵
  PID:1092
- C:\Windows\System\mOUATrR.exe
  C:\Windows\System\mOUATrR.exe
  2⤵
  PID:3196
- C:\Windows\System\iweWCwn.exe
  C:\Windows\System\iweWCwn.exe
  2⤵
  PID:3300
- C:\Windows\System\SgfdYbv.exe
  C:\Windows\System\SgfdYbv.exe
  2⤵
  PID:3356
- C:\Windows\System\KJnJNDb.exe
  C:\Windows\System\KJnJNDb.exe
  2⤵
  PID:3552
- C:\Windows\System\sMDvcJZ.exe
  C:\Windows\System\sMDvcJZ.exe
  2⤵
  PID:3088
- C:\Windows\System\ulynmFR.exe
  C:\Windows\System\ulynmFR.exe
  2⤵
  PID:3688
- C:\Windows\System\ztrOWQj.exe
  C:\Windows\System\ztrOWQj.exe
  2⤵
  PID:2868
- C:\Windows\System\nADfZFP.exe
  C:\Windows\System\nADfZFP.exe
  2⤵
  PID:3456
- C:\Windows\System\HTSXeAj.exe
  C:\Windows\System\HTSXeAj.exe
  2⤵
  PID:3692
- C:\Windows\System\UZXsmdu.exe
  C:\Windows\System\UZXsmdu.exe
  2⤵
  PID:3652
- C:\Windows\System\vICssbb.exe
  C:\Windows\System\vICssbb.exe
  2⤵
  PID:3000
- C:\Windows\System\ndwAWHM.exe
  C:\Windows\System\ndwAWHM.exe
  2⤵
  PID:484
- C:\Windows\System\xmfipWw.exe
  C:\Windows\System\xmfipWw.exe
  2⤵
  PID:1884
- C:\Windows\System\YjNHpJK.exe
  C:\Windows\System\YjNHpJK.exe
  2⤵
  PID:3732
- C:\Windows\System\zaKSFMO.exe
  C:\Windows\System\zaKSFMO.exe
  2⤵
  PID:3756
- C:\Windows\System\wsNdtKh.exe
  C:\Windows\System\wsNdtKh.exe
  2⤵
  PID:3012
- C:\Windows\System\RgBGdBi.exe
  C:\Windows\System\RgBGdBi.exe
  2⤵
  PID:2880
- C:\Windows\System\hHcIMTk.exe
  C:\Windows\System\hHcIMTk.exe
  2⤵
  PID:3924
- C:\Windows\System\WRBgRFN.exe
  C:\Windows\System\WRBgRFN.exe
  2⤵
  PID:3076
- C:\Windows\System\OHaeOXy.exe
  C:\Windows\System\OHaeOXy.exe
  2⤵
  PID:2900
- C:\Windows\System\xFhDhQk.exe
  C:\Windows\System\xFhDhQk.exe
  2⤵
  PID:3908
- C:\Windows\System\ideEnYo.exe
  C:\Windows\System\ideEnYo.exe
  2⤵
  PID:3864
- C:\Windows\System\DIDVoVh.exe
  C:\Windows\System\DIDVoVh.exe
  2⤵
  PID:2832
- C:\Windows\System\FdoUZgU.exe
  C:\Windows\System\FdoUZgU.exe
  2⤵
  PID:4076
- C:\Windows\System\kasHJaM.exe
  C:\Windows\System\kasHJaM.exe
  2⤵
  PID:3112
- C:\Windows\System\nClrDlp.exe
  C:\Windows\System\nClrDlp.exe
  2⤵
  PID:2636
- C:\Windows\System\vWpAAUG.exe
  C:\Windows\System\vWpAAUG.exe
  2⤵
  PID:2932
- C:\Windows\System\IKMqNBN.exe
  C:\Windows\System\IKMqNBN.exe
  2⤵
  PID:3280
- C:\Windows\System\RoZTqHV.exe
  C:\Windows\System\RoZTqHV.exe
  2⤵
  PID:2252
- C:\Windows\System\iBRYNdv.exe
  C:\Windows\System\iBRYNdv.exe
  2⤵
  PID:2260
- C:\Windows\System\zeTdzIq.exe
  C:\Windows\System\zeTdzIq.exe
  2⤵
  PID:1052
- C:\Windows\System\bblMNlO.exe
  C:\Windows\System\bblMNlO.exe
  2⤵
  PID:3096
- C:\Windows\System\iDaTlWP.exe
  C:\Windows\System\iDaTlWP.exe
  2⤵
  PID:3384
- C:\Windows\System\EFjenBm.exe
  C:\Windows\System\EFjenBm.exe
  2⤵
  PID:2992
- C:\Windows\System\EGKSNbZ.exe
  C:\Windows\System\EGKSNbZ.exe
  2⤵
  PID:3040
- C:\Windows\System\ithWgjy.exe
  C:\Windows\System\ithWgjy.exe
  2⤵
  PID:3836
- C:\Windows\System\jGSjTVf.exe
  C:\Windows\System\jGSjTVf.exe
  2⤵
  PID:3824
- C:\Windows\System\aAmCmBN.exe
  C:\Windows\System\aAmCmBN.exe
  2⤵
  PID:2244
- C:\Windows\System\gHKpejy.exe
  C:\Windows\System\gHKpejy.exe
  2⤵
  PID:3676
- C:\Windows\System\YREwwcI.exe
  C:\Windows\System\YREwwcI.exe
  2⤵
  PID:3336
- C:\Windows\System\oVhyqYc.exe
  C:\Windows\System\oVhyqYc.exe
  2⤵
  PID:3440
- C:\Windows\System\CZdTMul.exe
  C:\Windows\System\CZdTMul.exe
  2⤵
  PID:1624
- C:\Windows\System\DnnxtjP.exe
  C:\Windows\System\DnnxtjP.exe
  2⤵
  PID:3028
- C:\Windows\System\jsMFGTD.exe
  C:\Windows\System\jsMFGTD.exe
  2⤵
  PID:3452
- C:\Windows\System\EidOIFN.exe
  C:\Windows\System\EidOIFN.exe
  2⤵
  PID:3484
- C:\Windows\System\HmJASYD.exe
  C:\Windows\System\HmJASYD.exe
  2⤵
  PID:4112
- C:\Windows\System\vYUqwJm.exe
  C:\Windows\System\vYUqwJm.exe
  2⤵
  PID:4128
- C:\Windows\System\sPpZimO.exe
  C:\Windows\System\sPpZimO.exe
  2⤵
  PID:4144
- C:\Windows\System\voGeoDo.exe
  C:\Windows\System\voGeoDo.exe
  2⤵
  PID:4160
- C:\Windows\System\bvdRGkv.exe
  C:\Windows\System\bvdRGkv.exe
  2⤵
  PID:4176
- C:\Windows\System\FBQLVMM.exe
  C:\Windows\System\FBQLVMM.exe
  2⤵
  PID:4192
- C:\Windows\System\UHzuWRU.exe
  C:\Windows\System\UHzuWRU.exe
  2⤵
  PID:4208
- C:\Windows\System\XuuSxuf.exe
  C:\Windows\System\XuuSxuf.exe
  2⤵
  PID:4224
- C:\Windows\System\HjtnOAz.exe
  C:\Windows\System\HjtnOAz.exe
  2⤵
  PID:4240
- C:\Windows\System\pOjGmgJ.exe
  C:\Windows\System\pOjGmgJ.exe
  2⤵
  PID:4260
- C:\Windows\System\fxsWzUR.exe
  C:\Windows\System\fxsWzUR.exe
  2⤵
  PID:4276
- C:\Windows\System\EpPgvNR.exe
  C:\Windows\System\EpPgvNR.exe
  2⤵
  PID:4296
- C:\Windows\System\QqXtqMc.exe
  C:\Windows\System\QqXtqMc.exe
  2⤵
  PID:4312
- C:\Windows\System\fRBNXYy.exe
  C:\Windows\System\fRBNXYy.exe
  2⤵
  PID:4332
- C:\Windows\System\RqmpxsW.exe
  C:\Windows\System\RqmpxsW.exe
  2⤵
  PID:4348
- C:\Windows\System\yFnTFfy.exe
  C:\Windows\System\yFnTFfy.exe
  2⤵
  PID:4364
- C:\Windows\System\aLBoTAp.exe
  C:\Windows\System\aLBoTAp.exe
  2⤵
  PID:4384
- C:\Windows\System\xsAHGNV.exe
  C:\Windows\System\xsAHGNV.exe
  2⤵
  PID:4404
- C:\Windows\System\UBiHqGL.exe
  C:\Windows\System\UBiHqGL.exe
  2⤵
  PID:4424
- C:\Windows\System\gPBNOFO.exe
  C:\Windows\System\gPBNOFO.exe
  2⤵
  PID:4440
- C:\Windows\System\QHaDadh.exe
  C:\Windows\System\QHaDadh.exe
  2⤵
  PID:4460
- C:\Windows\System\bbYazDC.exe
  C:\Windows\System\bbYazDC.exe
  2⤵
  PID:4476
- C:\Windows\System\wyjGmYt.exe
  C:\Windows\System\wyjGmYt.exe
  2⤵
  PID:4492
- C:\Windows\System\Jglzqxx.exe
  C:\Windows\System\Jglzqxx.exe
  2⤵
  PID:4512
- C:\Windows\System\DzyvOkC.exe
  C:\Windows\System\DzyvOkC.exe
  2⤵
  PID:4528
- C:\Windows\System\ByRHpXq.exe
  C:\Windows\System\ByRHpXq.exe
  2⤵
  PID:4548
- C:\Windows\System\UuyLOWy.exe
  C:\Windows\System\UuyLOWy.exe
  2⤵
  PID:4564
- C:\Windows\System\YTlgfea.exe
  C:\Windows\System\YTlgfea.exe
  2⤵
  PID:4584
- C:\Windows\System\xZdrXSK.exe
  C:\Windows\System\xZdrXSK.exe
  2⤵
  PID:4604
- C:\Windows\System\aDlbqGs.exe
  C:\Windows\System\aDlbqGs.exe
  2⤵
  PID:4620
- C:\Windows\System\WOgVeBf.exe
  C:\Windows\System\WOgVeBf.exe
  2⤵
  PID:4640
- C:\Windows\System\IAoPTLX.exe
  C:\Windows\System\IAoPTLX.exe
  2⤵
  PID:4656
- C:\Windows\System\gyZyrKc.exe
  C:\Windows\System\gyZyrKc.exe
  2⤵
  PID:4676
- C:\Windows\System\lFOkaui.exe
  C:\Windows\System\lFOkaui.exe
  2⤵
  PID:4696
- C:\Windows\System\ZMkjDnI.exe
  C:\Windows\System\ZMkjDnI.exe
  2⤵
  PID:4716
- C:\Windows\System\PgTbNAh.exe
  C:\Windows\System\PgTbNAh.exe
  2⤵
  PID:4852
- C:\Windows\System\UJVMYXA.exe
  C:\Windows\System\UJVMYXA.exe
  2⤵
  PID:4876
- C:\Windows\System\rZvKcRz.exe
  C:\Windows\System\rZvKcRz.exe
  2⤵
  PID:4892
- C:\Windows\System\yCShrSB.exe
  C:\Windows\System\yCShrSB.exe
  2⤵
  PID:4912
- C:\Windows\System\SplojYq.exe
  C:\Windows\System\SplojYq.exe
  2⤵
  PID:4928
- C:\Windows\System\dPSYLpK.exe
  C:\Windows\System\dPSYLpK.exe
  2⤵
  PID:4944
- C:\Windows\System\EPdUCPz.exe
  C:\Windows\System\EPdUCPz.exe
  2⤵
  PID:4960
- C:\Windows\System\HIcHouZ.exe
  C:\Windows\System\HIcHouZ.exe
  2⤵
  PID:4976
- C:\Windows\System\fWlAYLG.exe
  C:\Windows\System\fWlAYLG.exe
  2⤵
  PID:4992
- C:\Windows\System\jRABsXO.exe
  C:\Windows\System\jRABsXO.exe
  2⤵
  PID:5008
- C:\Windows\System\YOjxJhE.exe
  C:\Windows\System\YOjxJhE.exe
  2⤵
  PID:5024
- C:\Windows\System\TOlCfOK.exe
  C:\Windows\System\TOlCfOK.exe
  2⤵
  PID:5040
- C:\Windows\System\JVkemkm.exe
  C:\Windows\System\JVkemkm.exe
  2⤵
  PID:5056
- C:\Windows\System\wEsCSUJ.exe
  C:\Windows\System\wEsCSUJ.exe
  2⤵
  PID:5104
- C:\Windows\System\WRqFeZK.exe
  C:\Windows\System\WRqFeZK.exe
  2⤵
  PID:3032
- C:\Windows\System\EeOdiwM.exe
  C:\Windows\System\EeOdiwM.exe
  2⤵
  PID:2348
- C:\Windows\System\OYYhrBD.exe
  C:\Windows\System\OYYhrBD.exe
  2⤵
  PID:4200
- C:\Windows\System\tscceVi.exe
  C:\Windows\System\tscceVi.exe
  2⤵
  PID:4236
- C:\Windows\System\HlTAGZK.exe
  C:\Windows\System\HlTAGZK.exe
  2⤵
  PID:4372
- C:\Windows\System\ThEOiBJ.exe
  C:\Windows\System\ThEOiBJ.exe
  2⤵
  PID:4272
- C:\Windows\System\GFZrkPI.exe
  C:\Windows\System\GFZrkPI.exe
  2⤵
  PID:4456
- C:\Windows\System\DcggjrV.exe
  C:\Windows\System\DcggjrV.exe
  2⤵
  PID:4416
- C:\Windows\System\dZNfcHK.exe
  C:\Windows\System\dZNfcHK.exe
  2⤵
  PID:4596
- C:\Windows\System\gotjRkl.exe
  C:\Windows\System\gotjRkl.exe
  2⤵
  PID:4704
- C:\Windows\System\JAuJAur.exe
  C:\Windows\System\JAuJAur.exe
  2⤵
  PID:4672
- C:\Windows\System\oAquvvp.exe
  C:\Windows\System\oAquvvp.exe
  2⤵
  PID:2852
- C:\Windows\System\ZtzPnZH.exe
  C:\Windows\System\ZtzPnZH.exe
  2⤵
  PID:1420
- C:\Windows\System\ASFHOYs.exe
  C:\Windows\System\ASFHOYs.exe
  2⤵
  PID:4028
- C:\Windows\System\fHUOiRz.exe
  C:\Windows\System\fHUOiRz.exe
  2⤵
  PID:3992
- C:\Windows\System\cupXDfa.exe
  C:\Windows\System\cupXDfa.exe
  2⤵
  PID:3892
- C:\Windows\System\xHfpqnG.exe
  C:\Windows\System\xHfpqnG.exe
  2⤵
  PID:3372
- C:\Windows\System\Srsnihx.exe
  C:\Windows\System\Srsnihx.exe
  2⤵
  PID:3520
- C:\Windows\System\kpeQosF.exe
  C:\Windows\System\kpeQosF.exe
  2⤵
  PID:2456
- C:\Windows\System\wtXHOCd.exe
  C:\Windows\System\wtXHOCd.exe
  2⤵
  PID:2368
- C:\Windows\System\EVOaSJq.exe
  C:\Windows\System\EVOaSJq.exe
  2⤵
  PID:3164
- C:\Windows\System\QVCEkoo.exe
  C:\Windows\System\QVCEkoo.exe
  2⤵
  PID:4256
- C:\Windows\System\NDVESTW.exe
  C:\Windows\System\NDVESTW.exe
  2⤵
  PID:2680
- C:\Windows\System\mzvtGMU.exe
  C:\Windows\System\mzvtGMU.exe
  2⤵
  PID:2820
- C:\Windows\System\TRBLHlF.exe
  C:\Windows\System\TRBLHlF.exe
  2⤵
  PID:4184
- C:\Windows\System\wKPjqBw.exe
  C:\Windows\System\wKPjqBw.exe
  2⤵
  PID:4288
- C:\Windows\System\jIWFLGj.exe
  C:\Windows\System\jIWFLGj.exe
  2⤵
  PID:4356
- C:\Windows\System\pMMOUGw.exe
  C:\Windows\System\pMMOUGw.exe
  2⤵
  PID:4432
- C:\Windows\System\IKJodob.exe
  C:\Windows\System\IKJodob.exe
  2⤵
  PID:4500
- C:\Windows\System\WLcfmbN.exe
  C:\Windows\System\WLcfmbN.exe
  2⤵
  PID:4540
- C:\Windows\System\xYQhVzu.exe
  C:\Windows\System\xYQhVzu.exe
  2⤵
  PID:4580
- C:\Windows\System\uqtfmRD.exe
  C:\Windows\System\uqtfmRD.exe
  2⤵
  PID:4684
- C:\Windows\System\AyNKuak.exe
  C:\Windows\System\AyNKuak.exe
  2⤵
  PID:4736
- C:\Windows\System\vcjExmx.exe
  C:\Windows\System\vcjExmx.exe
  2⤵
  PID:4756
- C:\Windows\System\PlXMkKc.exe
  C:\Windows\System\PlXMkKc.exe
  2⤵
  PID:4772
- C:\Windows\System\WnAvcPC.exe
  C:\Windows\System\WnAvcPC.exe
  2⤵
  PID:4792
- C:\Windows\System\HisMKCE.exe
  C:\Windows\System\HisMKCE.exe
  2⤵
  PID:4808
- C:\Windows\System\JhNFRlY.exe
  C:\Windows\System\JhNFRlY.exe
  2⤵
  PID:4828
- C:\Windows\System\hLkMprz.exe
  C:\Windows\System\hLkMprz.exe
  2⤵
  PID:4728
- C:\Windows\System\KKaXwGx.exe
  C:\Windows\System\KKaXwGx.exe
  2⤵
  PID:4864
- C:\Windows\System\QilXDBX.exe
  C:\Windows\System\QilXDBX.exe
  2⤵
  PID:4900
- C:\Windows\System\YPkBkVW.exe
  C:\Windows\System\YPkBkVW.exe
  2⤵
  PID:2464
- C:\Windows\System\mExLWMp.exe
  C:\Windows\System\mExLWMp.exe
  2⤵
  PID:5048
- C:\Windows\System\TbAFbHW.exe
  C:\Windows\System\TbAFbHW.exe
  2⤵
  PID:4972
- C:\Windows\System\LTfxgHo.exe
  C:\Windows\System\LTfxgHo.exe
  2⤵
  PID:5032
- C:\Windows\System\RJiNqQq.exe
  C:\Windows\System\RJiNqQq.exe
  2⤵
  PID:5076
- C:\Windows\System\FnoaqCs.exe
  C:\Windows\System\FnoaqCs.exe
  2⤵
  PID:5100
- C:\Windows\System\PVNJqOf.exe
  C:\Windows\System\PVNJqOf.exe
  2⤵
  PID:5064
- C:\Windows\System\DyEzVMO.exe
  C:\Windows\System\DyEzVMO.exe
  2⤵
  PID:4984
- C:\Windows\System\nFGpqXY.exe
  C:\Windows\System\nFGpqXY.exe
  2⤵
  PID:2696
- C:\Windows\System\yObioPg.exe
  C:\Windows\System\yObioPg.exe
  2⤵
  PID:4252
- C:\Windows\System\zpAkDDv.exe
  C:\Windows\System\zpAkDDv.exe
  2⤵
  PID:4216
- C:\Windows\System\nNESDLB.exe
  C:\Windows\System\nNESDLB.exe
  2⤵
  PID:2116
- C:\Windows\System\vXkDqkw.exe
  C:\Windows\System\vXkDqkw.exe
  2⤵
  PID:3972
- C:\Windows\System\leoWKqx.exe
  C:\Windows\System\leoWKqx.exe
  2⤵
  PID:4420
- C:\Windows\System\kWuNrxd.exe
  C:\Windows\System\kWuNrxd.exe
  2⤵
  PID:4664
- C:\Windows\System\goQOWyd.exe
  C:\Windows\System\goQOWyd.exe
  2⤵
  PID:2808
- C:\Windows\System\XrIXaGz.exe
  C:\Windows\System\XrIXaGz.exe
  2⤵
  PID:3672
- C:\Windows\System\mADIktY.exe
  C:\Windows\System\mADIktY.exe
  2⤵
  PID:4340
- C:\Windows\System\MNPGDlT.exe
  C:\Windows\System\MNPGDlT.exe
  2⤵
  PID:3148
- C:\Windows\System\MGOmOkM.exe
  C:\Windows\System\MGOmOkM.exe
  2⤵
  PID:3860
- C:\Windows\System\WlUCGqn.exe
  C:\Windows\System\WlUCGqn.exe
  2⤵
  PID:4084
- C:\Windows\System\zGmPGkZ.exe
  C:\Windows\System\zGmPGkZ.exe
  2⤵
  PID:4220
- C:\Windows\System\syjBjxH.exe
  C:\Windows\System\syjBjxH.exe
  2⤵
  PID:4400
- C:\Windows\System\VjynONd.exe
  C:\Windows\System\VjynONd.exe
  2⤵
  PID:4652
- C:\Windows\System\RajvbBX.exe
  C:\Windows\System\RajvbBX.exe
  2⤵
  PID:4784
- C:\Windows\System\IIvyFEq.exe
  C:\Windows\System\IIvyFEq.exe
  2⤵
  PID:2160
- C:\Windows\System\uuSaoIF.exe
  C:\Windows\System\uuSaoIF.exe
  2⤵
  PID:4868
- C:\Windows\System\kEbObcQ.exe
  C:\Windows\System\kEbObcQ.exe
  2⤵
  PID:4468
- C:\Windows\System\CvdGruD.exe
  C:\Windows\System\CvdGruD.exe
  2⤵
  PID:4724
- C:\Windows\System\fJvMpCb.exe
  C:\Windows\System\fJvMpCb.exe
  2⤵
  PID:4800
- C:\Windows\System\hEujQkP.exe
  C:\Windows\System\hEujQkP.exe
  2⤵
  PID:4888
- C:\Windows\System\iFlZFgG.exe
  C:\Windows\System\iFlZFgG.exe
  2⤵
  PID:4968
- C:\Windows\System\HnFXzLc.exe
  C:\Windows\System\HnFXzLc.exe
  2⤵
  PID:4136
- C:\Windows\System\vVBwIAG.exe
  C:\Windows\System\vVBwIAG.exe
  2⤵
  PID:4344
- C:\Windows\System\eOMwYAY.exe
  C:\Windows\System\eOMwYAY.exe
  2⤵
  PID:4488
- C:\Windows\System\pGDzpAG.exe
  C:\Windows\System\pGDzpAG.exe
  2⤵
  PID:3636
- C:\Windows\System\dijJpxk.exe
  C:\Windows\System\dijJpxk.exe
  2⤵
  PID:4452
- C:\Windows\System\bdajdbe.exe
  C:\Windows\System\bdajdbe.exe
  2⤵
  PID:3016
- C:\Windows\System\VRRwwcK.exe
  C:\Windows\System\VRRwwcK.exe
  2⤵
  PID:2280
- C:\Windows\System\TrIiOFu.exe
  C:\Windows\System\TrIiOFu.exe
  2⤵
  PID:3772
- C:\Windows\System\OYtuoBy.exe
  C:\Windows\System\OYtuoBy.exe
  2⤵
  PID:1840
- C:\Windows\System\SXKpyeW.exe
  C:\Windows\System\SXKpyeW.exe
  2⤵
  PID:3880
- C:\Windows\System\NWOMQEW.exe
  C:\Windows\System\NWOMQEW.exe
  2⤵
  PID:2432
- C:\Windows\System\ptXKPYl.exe
  C:\Windows\System\ptXKPYl.exe
  2⤵
  PID:5088
- C:\Windows\System\uCjGNSb.exe
  C:\Windows\System\uCjGNSb.exe
  2⤵
  PID:604
- C:\Windows\System\CvwygGG.exe
  C:\Windows\System\CvwygGG.exe
  2⤵
  PID:2356
- C:\Windows\System\rzswPfm.exe
  C:\Windows\System\rzswPfm.exe
  2⤵
  PID:1428
- C:\Windows\System\LbtWzhV.exe
  C:\Windows\System\LbtWzhV.exe
  2⤵
  PID:2124
- C:\Windows\System\YshyVoe.exe
  C:\Windows\System\YshyVoe.exe
  2⤵
  PID:4124
- C:\Windows\System\KaEpVXh.exe
  C:\Windows\System\KaEpVXh.exe
  2⤵
  PID:268
- C:\Windows\System\aomLFMF.exe
  C:\Windows\System\aomLFMF.exe
  2⤵
  PID:4840
- C:\Windows\System\HIdXSWt.exe
  C:\Windows\System\HIdXSWt.exe
  2⤵
  PID:5020
- C:\Windows\System\DfjAlNH.exe
  C:\Windows\System\DfjAlNH.exe
  2⤵
  PID:1928
- C:\Windows\System\rvYglWP.exe
  C:\Windows\System\rvYglWP.exe
  2⤵
  PID:5000
- C:\Windows\System\YkwyFje.exe
  C:\Windows\System\YkwyFje.exe
  2⤵
  PID:4956
- C:\Windows\System\zXUFYfz.exe
  C:\Windows\System\zXUFYfz.exe
  2⤵
  PID:920
- C:\Windows\System\RzjeocK.exe
  C:\Windows\System\RzjeocK.exe
  2⤵
  PID:4820
- C:\Windows\System\ztLbJUA.exe
  C:\Windows\System\ztLbJUA.exe
  2⤵
  PID:4616
- C:\Windows\System\WJDqxpf.exe
  C:\Windows\System\WJDqxpf.exe
  2⤵
  PID:4764
- C:\Windows\System\WdcDFHP.exe
  C:\Windows\System\WdcDFHP.exe
  2⤵
  PID:4108
- C:\Windows\System\guIQADS.exe
  C:\Windows\System\guIQADS.exe
  2⤵
  PID:2352
- C:\Windows\System\zXFmdYv.exe
  C:\Windows\System\zXFmdYv.exe
  2⤵
  PID:1952
- C:\Windows\System\sYiJppm.exe
  C:\Windows\System\sYiJppm.exe
  2⤵
  PID:2504
- C:\Windows\System\LPSyrcF.exe
  C:\Windows\System\LPSyrcF.exe
  2⤵
  PID:4380
- C:\Windows\System\KpaPuDX.exe
  C:\Windows\System\KpaPuDX.exe
  2⤵
  PID:2856
- C:\Windows\System\hgqGIiQ.exe
  C:\Windows\System\hgqGIiQ.exe
  2⤵
  PID:5084
- C:\Windows\System\CoNGJkV.exe
  C:\Windows\System\CoNGJkV.exe
  2⤵
  PID:2364
- C:\Windows\System\rjEjHOZ.exe
  C:\Windows\System\rjEjHOZ.exe
  2⤵
  PID:5016
- C:\Windows\System\BaZHgTs.exe
  C:\Windows\System\BaZHgTs.exe
  2⤵
  PID:4156
- C:\Windows\System\dfAJZfu.exe
  C:\Windows\System\dfAJZfu.exe
  2⤵
  PID:5116
- C:\Windows\System\xZFSyAB.exe
  C:\Windows\System\xZFSyAB.exe
  2⤵
  PID:4692
- C:\Windows\System\VFPIbGW.exe
  C:\Windows\System\VFPIbGW.exe
  2⤵
  PID:4044
- C:\Windows\System\FNLpOAK.exe
  C:\Windows\System\FNLpOAK.exe
  2⤵
  PID:1660
- C:\Windows\System\SqoZFvj.exe
  C:\Windows\System\SqoZFvj.exe
  2⤵
  PID:2892
- C:\Windows\System\CPNnFaa.exe
  C:\Windows\System\CPNnFaa.exe
  2⤵
  PID:4748
- C:\Windows\System\FOJOrMC.exe
  C:\Windows\System\FOJOrMC.exe
  2⤵
  PID:4904
- C:\Windows\System\xnwBUrH.exe
  C:\Windows\System\xnwBUrH.exe
  2⤵
  PID:4328
- C:\Windows\System\LXvRCrm.exe
  C:\Windows\System\LXvRCrm.exe
  2⤵
  PID:5124
- C:\Windows\System\ooCjofO.exe
  C:\Windows\System\ooCjofO.exe
  2⤵
  PID:5140
- C:\Windows\System\OnBzNsH.exe
  C:\Windows\System\OnBzNsH.exe
  2⤵
  PID:5156
- C:\Windows\System\SLkwKYv.exe
  C:\Windows\System\SLkwKYv.exe
  2⤵
  PID:5172
- C:\Windows\System\BBnvYSh.exe
  C:\Windows\System\BBnvYSh.exe
  2⤵
  PID:5188
- C:\Windows\System\qElqaXn.exe
  C:\Windows\System\qElqaXn.exe
  2⤵
  PID:5204
- C:\Windows\System\XOHAsKO.exe
  C:\Windows\System\XOHAsKO.exe
  2⤵
  PID:5220
- C:\Windows\System\axFwtzH.exe
  C:\Windows\System\axFwtzH.exe
  2⤵
  PID:5236
- C:\Windows\System\oPAEmNl.exe
  C:\Windows\System\oPAEmNl.exe
  2⤵
  PID:5252
- C:\Windows\System\MtSGRZA.exe
  C:\Windows\System\MtSGRZA.exe
  2⤵
  PID:5268
- C:\Windows\System\RjAZiij.exe
  C:\Windows\System\RjAZiij.exe
  2⤵
  PID:5284
- C:\Windows\System\sxAOQAI.exe
  C:\Windows\System\sxAOQAI.exe
  2⤵
  PID:5300
- C:\Windows\System\WZsLRAc.exe
  C:\Windows\System\WZsLRAc.exe
  2⤵
  PID:5316
- C:\Windows\System\vpevMQo.exe
  C:\Windows\System\vpevMQo.exe
  2⤵
  PID:5332
- C:\Windows\System\QHzGVCw.exe
  C:\Windows\System\QHzGVCw.exe
  2⤵
  PID:5348
- C:\Windows\System\EzrkjMI.exe
  C:\Windows\System\EzrkjMI.exe
  2⤵
  PID:5364
- C:\Windows\System\fFsLjwj.exe
  C:\Windows\System\fFsLjwj.exe
  2⤵
  PID:5380
- C:\Windows\System\vVnjSeS.exe
  C:\Windows\System\vVnjSeS.exe
  2⤵
  PID:5396
- C:\Windows\System\LcsWlhl.exe
  C:\Windows\System\LcsWlhl.exe
  2⤵
  PID:5412
- C:\Windows\System\RXZxCHE.exe
  C:\Windows\System\RXZxCHE.exe
  2⤵
  PID:5428
- C:\Windows\System\ikJfInA.exe
  C:\Windows\System\ikJfInA.exe
  2⤵
  PID:5444
- C:\Windows\System\dlshgBD.exe
  C:\Windows\System\dlshgBD.exe
  2⤵
  PID:5460
- C:\Windows\System\AoHMkad.exe
  C:\Windows\System\AoHMkad.exe
  2⤵
  PID:5476
- C:\Windows\System\rIHJuGA.exe
  C:\Windows\System\rIHJuGA.exe
  2⤵
  PID:5492
- C:\Windows\System\zqQlZLf.exe
  C:\Windows\System\zqQlZLf.exe
  2⤵
  PID:5508
- C:\Windows\System\UtVByTI.exe
  C:\Windows\System\UtVByTI.exe
  2⤵
  PID:5524
- C:\Windows\System\ypanGna.exe
  C:\Windows\System\ypanGna.exe
  2⤵
  PID:5540
- C:\Windows\System\wozSGsc.exe
  C:\Windows\System\wozSGsc.exe
  2⤵
  PID:5556
- C:\Windows\System\UFxaivL.exe
  C:\Windows\System\UFxaivL.exe
  2⤵
  PID:5572
- C:\Windows\System\npYxRWj.exe
  C:\Windows\System\npYxRWj.exe
  2⤵
  PID:5588
- C:\Windows\System\hmYzVmT.exe
  C:\Windows\System\hmYzVmT.exe
  2⤵
  PID:5604
- C:\Windows\System\MoSXkNm.exe
  C:\Windows\System\MoSXkNm.exe
  2⤵
  PID:5620
- C:\Windows\System\akPeuLY.exe
  C:\Windows\System\akPeuLY.exe
  2⤵
  PID:5636
- C:\Windows\System\TYyZQQK.exe
  C:\Windows\System\TYyZQQK.exe
  2⤵
  PID:5652
- C:\Windows\System\zjLghqg.exe
  C:\Windows\System\zjLghqg.exe
  2⤵
  PID:5668
- C:\Windows\System\uRWVVBx.exe
  C:\Windows\System\uRWVVBx.exe
  2⤵
  PID:5684
- C:\Windows\System\OdnMVdu.exe
  C:\Windows\System\OdnMVdu.exe
  2⤵
  PID:5700
- C:\Windows\System\IyPmxeB.exe
  C:\Windows\System\IyPmxeB.exe
  2⤵
  PID:5716
- C:\Windows\System\JGkZFXN.exe
  C:\Windows\System\JGkZFXN.exe
  2⤵
  PID:5732
- C:\Windows\System\qdhNfgN.exe
  C:\Windows\System\qdhNfgN.exe
  2⤵
  PID:5748
- C:\Windows\System\LmQEKnL.exe
  C:\Windows\System\LmQEKnL.exe
  2⤵
  PID:5764
- C:\Windows\System\MLibtTU.exe
  C:\Windows\System\MLibtTU.exe
  2⤵
  PID:5780
- C:\Windows\System\zWVKJAK.exe
  C:\Windows\System\zWVKJAK.exe
  2⤵
  PID:5796
- C:\Windows\System\dXsGYID.exe
  C:\Windows\System\dXsGYID.exe
  2⤵
  PID:5812
- C:\Windows\System\DEptMBF.exe
  C:\Windows\System\DEptMBF.exe
  2⤵
  PID:5828
- C:\Windows\System\iqosRTc.exe
  C:\Windows\System\iqosRTc.exe
  2⤵
  PID:5844
- C:\Windows\System\DIUcRyj.exe
  C:\Windows\System\DIUcRyj.exe
  2⤵
  PID:5860
- C:\Windows\System\bphyZNT.exe
  C:\Windows\System\bphyZNT.exe
  2⤵
  PID:5876
- C:\Windows\System\Fvfdxzk.exe
  C:\Windows\System\Fvfdxzk.exe
  2⤵
  PID:5892
- C:\Windows\System\FiJHkyQ.exe
  C:\Windows\System\FiJHkyQ.exe
  2⤵
  PID:5908
- C:\Windows\System\bfREqfa.exe
  C:\Windows\System\bfREqfa.exe
  2⤵
  PID:5924
- C:\Windows\System\faIfJjD.exe
  C:\Windows\System\faIfJjD.exe
  2⤵
  PID:5940
- C:\Windows\System\kSmTERW.exe
  C:\Windows\System\kSmTERW.exe
  2⤵
  PID:5956
- C:\Windows\System\tXkfKFo.exe
  C:\Windows\System\tXkfKFo.exe
  2⤵
  PID:5972
- C:\Windows\System\Breaurn.exe
  C:\Windows\System\Breaurn.exe
  2⤵
  PID:5988
- C:\Windows\System\dZmxwOZ.exe
  C:\Windows\System\dZmxwOZ.exe
  2⤵
  PID:6004
- C:\Windows\System\gyYelXV.exe
  C:\Windows\System\gyYelXV.exe
  2⤵
  PID:6020
- C:\Windows\System\phNYOMD.exe
  C:\Windows\System\phNYOMD.exe
  2⤵
  PID:6036
- C:\Windows\System\VrQQTUC.exe
  C:\Windows\System\VrQQTUC.exe
  2⤵
  PID:6052
- C:\Windows\System\xlYRakJ.exe
  C:\Windows\System\xlYRakJ.exe
  2⤵
  PID:6068
- C:\Windows\System\noEvNrR.exe
  C:\Windows\System\noEvNrR.exe
  2⤵
  PID:6084
- C:\Windows\System\mXbpheI.exe
  C:\Windows\System\mXbpheI.exe
  2⤵
  PID:6100
- C:\Windows\System\HayYTmk.exe
  C:\Windows\System\HayYTmk.exe
  2⤵
  PID:6116
- C:\Windows\System\vhtOZBu.exe
  C:\Windows\System\vhtOZBu.exe
  2⤵
  PID:6132
- C:\Windows\System\gIRhqRx.exe
  C:\Windows\System\gIRhqRx.exe
  2⤵
  PID:4140
- C:\Windows\System\ECRWqbN.exe
  C:\Windows\System\ECRWqbN.exe
  2⤵
  PID:5164
- C:\Windows\System\YUzvPHY.exe
  C:\Windows\System\YUzvPHY.exe
  2⤵
  PID:5228
- C:\Windows\System\EDweKcp.exe
  C:\Windows\System\EDweKcp.exe
  2⤵
  PID:5264
- C:\Windows\System\eTliOwq.exe
  C:\Windows\System\eTliOwq.exe
  2⤵
  PID:4536
- C:\Windows\System\FKwBSle.exe
  C:\Windows\System\FKwBSle.exe
  2⤵
  PID:4780
- C:\Windows\System\gGQozpV.exe
  C:\Windows\System\gGQozpV.exe
  2⤵
  PID:3808
- C:\Windows\System\fgHSuou.exe
  C:\Windows\System\fgHSuou.exe
  2⤵
  PID:5184
- C:\Windows\System\nsOnAFz.exe
  C:\Windows\System\nsOnAFz.exe
  2⤵
  PID:5248
- C:\Windows\System\ePEXjmW.exe
  C:\Windows\System\ePEXjmW.exe
  2⤵
  PID:5312
- C:\Windows\System\WNAjErG.exe
  C:\Windows\System\WNAjErG.exe
  2⤵
  PID:5420
- C:\Windows\System\tcwSzyz.exe
  C:\Windows\System\tcwSzyz.exe
  2⤵
  PID:5360
- C:\Windows\System\MBDDvIL.exe
  C:\Windows\System\MBDDvIL.exe
  2⤵
  PID:5452
- C:\Windows\System\FLofPIm.exe
  C:\Windows\System\FLofPIm.exe
  2⤵
  PID:5516
- C:\Windows\System\HLXXnCp.exe
  C:\Windows\System\HLXXnCp.exe
  2⤵
  PID:5408
- C:\Windows\System\UhSlNhS.exe
  C:\Windows\System\UhSlNhS.exe
  2⤵
  PID:5612
- C:\Windows\System\RJeDicy.exe
  C:\Windows\System\RJeDicy.exe
  2⤵
  PID:5676
- C:\Windows\System\nxARpen.exe
  C:\Windows\System\nxARpen.exe
  2⤵
  PID:5740
- C:\Windows\System\iIgBndA.exe
  C:\Windows\System\iIgBndA.exe
  2⤵
  PID:5472
- C:\Windows\System\lXkzNiu.exe
  C:\Windows\System\lXkzNiu.exe
  2⤵
  PID:5536
- C:\Windows\System\ilXEZha.exe
  C:\Windows\System\ilXEZha.exe
  2⤵
  PID:5568
- C:\Windows\System\hXVNSXi.exe
  C:\Windows\System\hXVNSXi.exe
  2⤵
  PID:5632
- C:\Windows\System\uiSKoqb.exe
  C:\Windows\System\uiSKoqb.exe
  2⤵
  PID:5724
- C:\Windows\System\agldCrQ.exe
  C:\Windows\System\agldCrQ.exe
  2⤵
  PID:5776
- C:\Windows\System\ZHJoFRN.exe
  C:\Windows\System\ZHJoFRN.exe
  2⤵
  PID:5868
- C:\Windows\System\VRIAZcH.exe
  C:\Windows\System\VRIAZcH.exe
  2⤵
  PID:5932
- C:\Windows\System\SyeXXlB.exe
  C:\Windows\System\SyeXXlB.exe
  2⤵
  PID:5996
- C:\Windows\System\yEYDUpQ.exe
  C:\Windows\System\yEYDUpQ.exe
  2⤵
  PID:5840
- C:\Windows\System\XQBZdJj.exe
  C:\Windows\System\XQBZdJj.exe
  2⤵
  PID:6096
- C:\Windows\System\xPzwUsb.exe
  C:\Windows\System\xPzwUsb.exe
  2⤵
  PID:5760
- C:\Windows\System\HSgBgNK.exe
  C:\Windows\System\HSgBgNK.exe
  2⤵
  PID:5824
- C:\Windows\System\GpqQuwo.exe
  C:\Windows\System\GpqQuwo.exe
  2⤵
  PID:5888
- C:\Windows\System\MCpHUzE.exe
  C:\Windows\System\MCpHUzE.exe
  2⤵
  PID:5132
- C:\Windows\System\KcfKqPv.exe
  C:\Windows\System\KcfKqPv.exe
  2⤵
  PID:5980
- C:\Windows\System\TpiKCPL.exe
  C:\Windows\System\TpiKCPL.exe
  2⤵
  PID:6044
- C:\Windows\System\TTMSJNN.exe
  C:\Windows\System\TTMSJNN.exe
  2⤵
  PID:6108
- C:\Windows\System\PvfqVuv.exe
  C:\Windows\System\PvfqVuv.exe
  2⤵
  PID:5196
- C:\Windows\System\HKphnZQ.exe
  C:\Windows\System\HKphnZQ.exe
  2⤵
  PID:1328
- C:\Windows\System\toDHYBX.exe
  C:\Windows\System\toDHYBX.exe
  2⤵
  PID:560
- C:\Windows\System\xssgHTa.exe
  C:\Windows\System\xssgHTa.exe
  2⤵
  PID:5308
- C:\Windows\System\ZZfFfRw.exe
  C:\Windows\System\ZZfFfRw.exe
  2⤵
  PID:5244
- C:\Windows\System\IGUxSaP.exe
  C:\Windows\System\IGUxSaP.exe
  2⤵
  PID:5392
- C:\Windows\System\onzTItI.exe
  C:\Windows\System\onzTItI.exe
  2⤵
  PID:5708
- C:\Windows\System\ACIWBGH.exe
  C:\Windows\System\ACIWBGH.exe
  2⤵
  PID:5584
- C:\Windows\System\YNVfWzx.exe
  C:\Windows\System\YNVfWzx.exe
  2⤵
  PID:5404
- C:\Windows\System\iFqiHhI.exe
  C:\Windows\System\iFqiHhI.exe
  2⤵
  PID:5440
- C:\Windows\System\cjvZaLq.exe
  C:\Windows\System\cjvZaLq.exe
  2⤵
  PID:5744
- C:\Windows\System\PLrTImM.exe
  C:\Windows\System\PLrTImM.exe
  2⤵
  PID:5904
- C:\Windows\System\sXsVCYj.exe
  C:\Windows\System\sXsVCYj.exe
  2⤵
  PID:5692
- C:\Windows\System\QlIvPmE.exe
  C:\Windows\System\QlIvPmE.exe
  2⤵
  PID:5948
- C:\Windows\System\cgGxURn.exe
  C:\Windows\System\cgGxURn.exe
  2⤵
  PID:1292
- C:\Windows\System\rIpEZxg.exe
  C:\Windows\System\rIpEZxg.exe
  2⤵
  PID:5836
- C:\Windows\System\QPforjY.exe
  C:\Windows\System\QPforjY.exe
  2⤵
  PID:6092
- C:\Windows\System\hXgWSmu.exe
  C:\Windows\System\hXgWSmu.exe
  2⤵
  PID:5180
- C:\Windows\System\iHTLSKo.exe
  C:\Windows\System\iHTLSKo.exe
  2⤵
  PID:5504
- C:\Windows\System\OCozvFL.exe
  C:\Windows\System\OCozvFL.exe
  2⤵
  PID:6128
- C:\Windows\System\dFLbmsv.exe
  C:\Windows\System\dFLbmsv.exe
  2⤵
  PID:5356
- C:\Windows\System\AVwsbKE.exe
  C:\Windows\System\AVwsbKE.exe
  2⤵
  PID:5296
- C:\Windows\System\tyPsmWJ.exe
  C:\Windows\System\tyPsmWJ.exe
  2⤵
  PID:5468
- C:\Windows\System\DKRHnya.exe
  C:\Windows\System\DKRHnya.exe
  2⤵
  PID:5884
- C:\Windows\System\IQUwMbL.exe
  C:\Windows\System\IQUwMbL.exe
  2⤵
  PID:3248
- C:\Windows\System\bRnqgbK.exe
  C:\Windows\System\bRnqgbK.exe
  2⤵
  PID:5628
- C:\Windows\System\iuyjcvM.exe
  C:\Windows\System\iuyjcvM.exe
  2⤵
  PID:6080
- C:\Windows\System\ORUhsQs.exe
  C:\Windows\System\ORUhsQs.exe
  2⤵
  PID:4940
- C:\Windows\System\EBHPLVJ.exe
  C:\Windows\System\EBHPLVJ.exe
  2⤵
  PID:5580
- C:\Windows\System\CBkaMBt.exe
  C:\Windows\System\CBkaMBt.exe
  2⤵
  PID:4872
- C:\Windows\System\bLjqXWF.exe
  C:\Windows\System\bLjqXWF.exe
  2⤵
  PID:5820
- C:\Windows\System\sirBfLV.exe
  C:\Windows\System\sirBfLV.exe
  2⤵
  PID:5532
- C:\Windows\System\GgYQqND.exe
  C:\Windows\System\GgYQqND.exe
  2⤵
  PID:4936
- C:\Windows\System\YNNTWMG.exe
  C:\Windows\System\YNNTWMG.exe
  2⤵
  PID:5916
- C:\Windows\System\oGBJiHF.exe
  C:\Windows\System\oGBJiHF.exe
  2⤵
  PID:6076
- C:\Windows\System\wJXPqZC.exe
  C:\Windows\System\wJXPqZC.exe
  2⤵
  PID:2024
- C:\Windows\System\hOfbJrT.exe
  C:\Windows\System\hOfbJrT.exe
  2⤵
  PID:1016
- C:\Windows\System\uSGZiuO.exe
  C:\Windows\System\uSGZiuO.exe
  2⤵
  PID:5696
- C:\Windows\System\jZBvJFc.exe
  C:\Windows\System\jZBvJFc.exe
  2⤵
  PID:2008
- C:\Windows\System\yAAjKtD.exe
  C:\Windows\System\yAAjKtD.exe
  2⤵
  PID:1164
- C:\Windows\System\gDLNFsY.exe
  C:\Windows\System\gDLNFsY.exe
  2⤵
  PID:6160
- C:\Windows\System\wTLichc.exe
  C:\Windows\System\wTLichc.exe
  2⤵
  PID:6176
- C:\Windows\System\JCytWUw.exe
  C:\Windows\System\JCytWUw.exe
  2⤵
  PID:6192
- C:\Windows\System\QmcqKnX.exe
  C:\Windows\System\QmcqKnX.exe
  2⤵
  PID:6208
- C:\Windows\System\yNqrxuZ.exe
  C:\Windows\System\yNqrxuZ.exe
  2⤵
  PID:6224
- C:\Windows\System\ZWVrsZa.exe
  C:\Windows\System\ZWVrsZa.exe
  2⤵
  PID:6240
- C:\Windows\System\tTBIIaH.exe
  C:\Windows\System\tTBIIaH.exe
  2⤵
  PID:6284
- C:\Windows\System\UnTHVjS.exe
  C:\Windows\System\UnTHVjS.exe
  2⤵
  PID:6308
- C:\Windows\System\WQjUdUb.exe
  C:\Windows\System\WQjUdUb.exe
  2⤵
  PID:6328
- C:\Windows\System\dzwkTkM.exe
  C:\Windows\System\dzwkTkM.exe
  2⤵
  PID:6352
- C:\Windows\System\aBZhJUG.exe
  C:\Windows\System\aBZhJUG.exe
  2⤵
  PID:6376
- C:\Windows\System\SzozcMf.exe
  C:\Windows\System\SzozcMf.exe
  2⤵
  PID:6400
- C:\Windows\System\ilycCKZ.exe
  C:\Windows\System\ilycCKZ.exe
  2⤵
  PID:6452
- C:\Windows\System\lonUsLA.exe
  C:\Windows\System\lonUsLA.exe
  2⤵
  PID:6480
- C:\Windows\System\CUgusLs.exe
  C:\Windows\System\CUgusLs.exe
  2⤵
  PID:6496
- C:\Windows\System\WtJaLoG.exe
  C:\Windows\System\WtJaLoG.exe
  2⤵
  PID:6516
- C:\Windows\System\mZLcbPj.exe
  C:\Windows\System\mZLcbPj.exe
  2⤵
  PID:6536
- C:\Windows\System\EunPXuj.exe
  C:\Windows\System\EunPXuj.exe
  2⤵
  PID:6556
- C:\Windows\System\ACAdrTu.exe
  C:\Windows\System\ACAdrTu.exe
  2⤵
  PID:6580
- C:\Windows\System\ZcQzTSS.exe
  C:\Windows\System\ZcQzTSS.exe
  2⤵
  PID:6608
- C:\Windows\System\QvXxIkN.exe
  C:\Windows\System\QvXxIkN.exe
  2⤵
  PID:6628
- C:\Windows\System\TpPdsEu.exe
  C:\Windows\System\TpPdsEu.exe
  2⤵
  PID:6648
- C:\Windows\System\AlbqiYZ.exe
  C:\Windows\System\AlbqiYZ.exe
  2⤵
  PID:6664
- C:\Windows\System\adhwWSr.exe
  C:\Windows\System\adhwWSr.exe
  2⤵
  PID:6680
- C:\Windows\System\cnlrzET.exe
  C:\Windows\System\cnlrzET.exe
  2⤵
  PID:6696
- C:\Windows\System\qZUDTrj.exe
  C:\Windows\System\qZUDTrj.exe
  2⤵
  PID:6712
- C:\Windows\System\QDaWPKn.exe
  C:\Windows\System\QDaWPKn.exe
  2⤵
  PID:6728
- C:\Windows\System\YaFaqeA.exe
  C:\Windows\System\YaFaqeA.exe
  2⤵
  PID:6744
- C:\Windows\System\zVWoyqW.exe
  C:\Windows\System\zVWoyqW.exe
  2⤵
  PID:6760
- C:\Windows\System\BZOYfyj.exe
  C:\Windows\System\BZOYfyj.exe
  2⤵
  PID:6776
- C:\Windows\System\SWfjqKV.exe
  C:\Windows\System\SWfjqKV.exe
  2⤵
  PID:6792
- C:\Windows\System\KejsuDs.exe
  C:\Windows\System\KejsuDs.exe
  2⤵
  PID:6808
- C:\Windows\System\yvCLjlF.exe
  C:\Windows\System\yvCLjlF.exe
  2⤵
  PID:6824
- C:\Windows\System\cCyucTU.exe
  C:\Windows\System\cCyucTU.exe
  2⤵
  PID:6840
- C:\Windows\System\OfCgASG.exe
  C:\Windows\System\OfCgASG.exe
  2⤵
  PID:6856
- C:\Windows\System\zuEHWYd.exe
  C:\Windows\System\zuEHWYd.exe
  2⤵
  PID:6872
- C:\Windows\System\bYJeUbk.exe
  C:\Windows\System\bYJeUbk.exe
  2⤵
  PID:6888
- C:\Windows\System\ODDICcF.exe
  C:\Windows\System\ODDICcF.exe
  2⤵
  PID:6904
- C:\Windows\System\pwcqIwj.exe
  C:\Windows\System\pwcqIwj.exe
  2⤵
  PID:6920
- C:\Windows\System\heqqJJK.exe
  C:\Windows\System\heqqJJK.exe
  2⤵
  PID:6936
- C:\Windows\System\kVRstah.exe
  C:\Windows\System\kVRstah.exe
  2⤵
  PID:6952
- C:\Windows\System\NiONcoE.exe
  C:\Windows\System\NiONcoE.exe
  2⤵
  PID:6968
- C:\Windows\System\mzPwHbB.exe
  C:\Windows\System\mzPwHbB.exe
  2⤵
  PID:6984
- C:\Windows\System\kqtvVoc.exe
  C:\Windows\System\kqtvVoc.exe
  2⤵
  PID:7000
- C:\Windows\System\JFqmLra.exe
  C:\Windows\System\JFqmLra.exe
  2⤵
  PID:7016
- C:\Windows\System\acLUkiC.exe
  C:\Windows\System\acLUkiC.exe
  2⤵
  PID:7032
- C:\Windows\System\JcriwEL.exe
  C:\Windows\System\JcriwEL.exe
  2⤵
  PID:7048
- C:\Windows\System\BaCWlew.exe
  C:\Windows\System\BaCWlew.exe
  2⤵
  PID:7064
- C:\Windows\System\OurwVvl.exe
  C:\Windows\System\OurwVvl.exe
  2⤵
  PID:7080
- C:\Windows\System\chArFrQ.exe
  C:\Windows\System\chArFrQ.exe
  2⤵
  PID:7096
- C:\Windows\System\trWjpGF.exe
  C:\Windows\System\trWjpGF.exe
  2⤵
  PID:7112
- C:\Windows\System\hvEoaHu.exe
  C:\Windows\System\hvEoaHu.exe
  2⤵
  PID:7128
- C:\Windows\System\KeVRlcn.exe
  C:\Windows\System\KeVRlcn.exe
  2⤵
  PID:7144
- C:\Windows\System\uIibbxD.exe
  C:\Windows\System\uIibbxD.exe
  2⤵
  PID:7160
- C:\Windows\System\aMtgedd.exe
  C:\Windows\System\aMtgedd.exe
  2⤵
  PID:6232
- C:\Windows\System\LyZyULm.exe
  C:\Windows\System\LyZyULm.exe
  2⤵
  PID:4844
- C:\Windows\System\gXpAKTD.exe
  C:\Windows\System\gXpAKTD.exe
  2⤵
  PID:6152
- C:\Windows\System\zmDdIyJ.exe
  C:\Windows\System\zmDdIyJ.exe
  2⤵
  PID:6220
- C:\Windows\System\KKCDCXL.exe
  C:\Windows\System\KKCDCXL.exe
  2⤵
  PID:6248
- C:\Windows\System\GwpLwiA.exe
  C:\Windows\System\GwpLwiA.exe
  2⤵
  PID:6268
- C:\Windows\System\STowsLw.exe
  C:\Windows\System\STowsLw.exe
  2⤵
  PID:6300
- C:\Windows\System\lJctiIv.exe
  C:\Windows\System\lJctiIv.exe
  2⤵
  PID:6344
- C:\Windows\System\FPfWwOF.exe
  C:\Windows\System\FPfWwOF.exe
  2⤵
  PID:6392
- C:\Windows\System\hYXpKjh.exe
  C:\Windows\System\hYXpKjh.exe
  2⤵
  PID:6276
- C:\Windows\System\LDFPEUG.exe
  C:\Windows\System\LDFPEUG.exe
  2⤵
  PID:6360
- C:\Windows\System\MFrkBxi.exe
  C:\Windows\System\MFrkBxi.exe
  2⤵
  PID:6408
- C:\Windows\System\RqJtmRd.exe
  C:\Windows\System\RqJtmRd.exe
  2⤵
  PID:6424
- C:\Windows\System\QknKJJD.exe
  C:\Windows\System\QknKJJD.exe
  2⤵
  PID:6440
- C:\Windows\System\eOrpBKr.exe
  C:\Windows\System\eOrpBKr.exe
  2⤵
  PID:6464
- C:\Windows\System\nCtbcOW.exe
  C:\Windows\System\nCtbcOW.exe
  2⤵
  PID:6504
- C:\Windows\System\ILcOTbB.exe
  C:\Windows\System\ILcOTbB.exe
  2⤵
  PID:6548
- C:\Windows\System\KqiLBuo.exe
  C:\Windows\System\KqiLBuo.exe
  2⤵
  PID:6528
- C:\Windows\System\upwUgrh.exe
  C:\Windows\System\upwUgrh.exe
  2⤵
  PID:6568
- C:\Windows\System\WBlGbKO.exe
  C:\Windows\System\WBlGbKO.exe
  2⤵
  PID:6592
- C:\Windows\System\GbPBqNe.exe
  C:\Windows\System\GbPBqNe.exe
  2⤵
  PID:6636
- C:\Windows\System\yHllhJi.exe
  C:\Windows\System\yHllhJi.exe
  2⤵
  PID:6676
- C:\Windows\System\JuXZkgT.exe
  C:\Windows\System\JuXZkgT.exe
  2⤵
  PID:6616
- C:\Windows\System\EISBMgn.exe
  C:\Windows\System\EISBMgn.exe
  2⤵
  PID:6656
- C:\Windows\System\HlHAvFa.exe
  C:\Windows\System\HlHAvFa.exe
  2⤵
  PID:6720
- C:\Windows\System\AqRxTBR.exe
  C:\Windows\System\AqRxTBR.exe
  2⤵
  PID:6772
- C:\Windows\System\CIWxMtG.exe
  C:\Windows\System\CIWxMtG.exe
  2⤵
  PID:6836
- C:\Windows\System\MbpRDNu.exe
  C:\Windows\System\MbpRDNu.exe
  2⤵
  PID:6784
- C:\Windows\System\snsNXvk.exe
  C:\Windows\System\snsNXvk.exe
  2⤵
  PID:6848
- C:\Windows\System\BBblWdX.exe
  C:\Windows\System\BBblWdX.exe
  2⤵
  PID:6884
- C:\Windows\System\MsEAEIf.exe
  C:\Windows\System\MsEAEIf.exe
  2⤵
  PID:6960
- C:\Windows\System\PNABvbH.exe
  C:\Windows\System\PNABvbH.exe
  2⤵
  PID:7024
- C:\Windows\System\CsKWsNL.exe
  C:\Windows\System\CsKWsNL.exe
  2⤵
  PID:7060
- C:\Windows\System\FzhzAij.exe
  C:\Windows\System\FzhzAij.exe
  2⤵
  PID:6916
- C:\Windows\System\GVNPPan.exe
  C:\Windows\System\GVNPPan.exe
  2⤵
  PID:7156
- C:\Windows\System\OVBULme.exe
  C:\Windows\System\OVBULme.exe
  2⤵
  PID:664
- C:\Windows\System\CRlKDdk.exe
  C:\Windows\System\CRlKDdk.exe
  2⤵
  PID:7108
- C:\Windows\System\YyvoYCM.exe
  C:\Windows\System\YyvoYCM.exe
  2⤵
  PID:7012
- C:\Windows\System\vgVDcCu.exe
  C:\Windows\System\vgVDcCu.exe
  2⤵
  PID:7076
- C:\Windows\System\aAIURFF.exe
  C:\Windows\System\aAIURFF.exe
  2⤵
  PID:6204
- C:\Windows\System\EItqXsX.exe
  C:\Windows\System\EItqXsX.exe
  2⤵
  PID:6188
- C:\Windows\System\WuCzABT.exe
  C:\Windows\System\WuCzABT.exe
  2⤵
  PID:6184
- C:\Windows\System\YgwiSjU.exe
  C:\Windows\System\YgwiSjU.exe
  2⤵
  PID:6372
- C:\Windows\System\RknGzFb.exe
  C:\Windows\System\RknGzFb.exe
  2⤵
  PID:6476
- C:\Windows\System\vXhQCgn.exe
  C:\Windows\System\vXhQCgn.exe
  2⤵
  PID:6576
- C:\Windows\System\wUxWnWi.exe
  C:\Windows\System\wUxWnWi.exe
  2⤵
  PID:6512
- C:\Windows\System\kkNVuge.exe
  C:\Windows\System\kkNVuge.exe
  2⤵
  PID:6544
- C:\Windows\System\TmpCavA.exe
  C:\Windows\System\TmpCavA.exe
  2⤵
  PID:5344
- C:\Windows\System\LWUZyUI.exe
  C:\Windows\System\LWUZyUI.exe
  2⤵
  PID:6600
- C:\Windows\System\qsyiavq.exe
  C:\Windows\System\qsyiavq.exe
  2⤵
  PID:6624
- C:\Windows\System\xZdHJJy.exe
  C:\Windows\System\xZdHJJy.exe
  2⤵
  PID:6868
- C:\Windows\System\bvpnFJe.exe
  C:\Windows\System\bvpnFJe.exe
  2⤵
  PID:6740
- C:\Windows\System\BsoHJeZ.exe
  C:\Windows\System\BsoHJeZ.exe
  2⤵
  PID:6896
- C:\Windows\System\KjGCZDI.exe
  C:\Windows\System\KjGCZDI.exe
  2⤵
  PID:6932
- C:\Windows\System\owRiVxm.exe
  C:\Windows\System\owRiVxm.exe
  2⤵
  PID:2616
- C:\Windows\System\GsJCWYF.exe
  C:\Windows\System\GsJCWYF.exe
  2⤵
  PID:6156
- C:\Windows\System\WEtAQeK.exe
  C:\Windows\System\WEtAQeK.exe
  2⤵
  PID:7136
- C:\Windows\System\RnimLsR.exe
  C:\Windows\System\RnimLsR.exe
  2⤵
  PID:7044
- C:\Windows\System\EzvrhDO.exe
  C:\Windows\System\EzvrhDO.exe
  2⤵
  PID:6472
- C:\Windows\System\iMnmVbR.exe
  C:\Windows\System\iMnmVbR.exe
  2⤵
  PID:6768
- C:\Windows\System\JvpooSY.exe
  C:\Windows\System\JvpooSY.exe
  2⤵
  PID:6688
- C:\Windows\System\dXfKquH.exe
  C:\Windows\System\dXfKquH.exe
  2⤵
  PID:6444
- C:\Windows\System\qEmZjky.exe
  C:\Windows\System\qEmZjky.exe
  2⤵
  PID:6864
- C:\Windows\System\pqIxSLe.exe
  C:\Windows\System\pqIxSLe.exe
  2⤵
  PID:6820
- C:\Windows\System\ajwxvcl.exe
  C:\Windows\System\ajwxvcl.exe
  2⤵
  PID:6816
- C:\Windows\System\gakbeqY.exe
  C:\Windows\System\gakbeqY.exe
  2⤵
  PID:7124
- C:\Windows\System\iIEQolD.exe
  C:\Windows\System\iIEQolD.exe
  2⤵
  PID:6736
- C:\Windows\System\EyrZINH.exe
  C:\Windows\System\EyrZINH.exe
  2⤵
  PID:6336
- C:\Windows\System\bTKOfAr.exe
  C:\Windows\System\bTKOfAr.exe
  2⤵
  PID:7120
- C:\Windows\System\sBAyaQP.exe
  C:\Windows\System\sBAyaQP.exe
  2⤵
  PID:6752
- C:\Windows\System\VFcyjhX.exe
  C:\Windows\System\VFcyjhX.exe
  2⤵
  PID:6388
- C:\Windows\System\vYFGOfu.exe
  C:\Windows\System\vYFGOfu.exe
  2⤵
  PID:6420
- C:\Windows\System\fIoduLy.exe
  C:\Windows\System\fIoduLy.exe
  2⤵
  PID:7056
- C:\Windows\System\aHyhWCx.exe
  C:\Windows\System\aHyhWCx.exe
  2⤵
  PID:6672
- C:\Windows\System\whocrkj.exe
  C:\Windows\System\whocrkj.exe
  2⤵
  PID:7184
- C:\Windows\System\QVilHRf.exe
  C:\Windows\System\QVilHRf.exe
  2⤵
  PID:7200
- C:\Windows\System\jpvtWLo.exe
  C:\Windows\System\jpvtWLo.exe
  2⤵
  PID:7220
- C:\Windows\System\OVzQYLI.exe
  C:\Windows\System\OVzQYLI.exe
  2⤵
  PID:7240
- C:\Windows\System\saLYhUp.exe
  C:\Windows\System\saLYhUp.exe
  2⤵
  PID:7256
- C:\Windows\System\rHljhRk.exe
  C:\Windows\System\rHljhRk.exe
  2⤵
  PID:7276
- C:\Windows\System\MqxDxdv.exe
  C:\Windows\System\MqxDxdv.exe
  2⤵
  PID:7292
- C:\Windows\System\OLMZqLH.exe
  C:\Windows\System\OLMZqLH.exe
  2⤵
  PID:7308
- C:\Windows\System\YNfqCtW.exe
  C:\Windows\System\YNfqCtW.exe
  2⤵
  PID:7324
- C:\Windows\System\blXvJHg.exe
  C:\Windows\System\blXvJHg.exe
  2⤵
  PID:7340
- C:\Windows\System\bqhaobF.exe
  C:\Windows\System\bqhaobF.exe
  2⤵
  PID:7356
- C:\Windows\System\KeAGFSw.exe
  C:\Windows\System\KeAGFSw.exe
  2⤵
  PID:7372
- C:\Windows\System\DoAwaVr.exe
  C:\Windows\System\DoAwaVr.exe
  2⤵
  PID:7388
- C:\Windows\System\eRgLsbj.exe
  C:\Windows\System\eRgLsbj.exe
  2⤵
  PID:7404
- C:\Windows\System\EkXxwQJ.exe
  C:\Windows\System\EkXxwQJ.exe
  2⤵
  PID:7420
- C:\Windows\System\OLdmEIe.exe
  C:\Windows\System\OLdmEIe.exe
  2⤵
  PID:7436
- C:\Windows\System\zSHyDnl.exe
  C:\Windows\System\zSHyDnl.exe
  2⤵
  PID:7452
- C:\Windows\System\IPlCDDt.exe
  C:\Windows\System\IPlCDDt.exe
  2⤵
  PID:7468
- C:\Windows\System\OQHbgJU.exe
  C:\Windows\System\OQHbgJU.exe
  2⤵
  PID:7484
- C:\Windows\System\OMYTLVk.exe
  C:\Windows\System\OMYTLVk.exe
  2⤵
  PID:7500
- C:\Windows\System\uSdUsGI.exe
  C:\Windows\System\uSdUsGI.exe
  2⤵
  PID:7516
- C:\Windows\System\mOnaDxZ.exe
  C:\Windows\System\mOnaDxZ.exe
  2⤵
  PID:7532
- C:\Windows\System\sAmdkmp.exe
  C:\Windows\System\sAmdkmp.exe
  2⤵
  PID:7548
- C:\Windows\System\ZxRrSvt.exe
  C:\Windows\System\ZxRrSvt.exe
  2⤵
  PID:7564
- C:\Windows\System\QBGfakz.exe
  C:\Windows\System\QBGfakz.exe
  2⤵
  PID:7580
- C:\Windows\System\vgEcpsc.exe
  C:\Windows\System\vgEcpsc.exe
  2⤵
  PID:7596
- C:\Windows\System\uwHAcyC.exe
  C:\Windows\System\uwHAcyC.exe
  2⤵
  PID:7616
- C:\Windows\System\dVjhtZF.exe
  C:\Windows\System\dVjhtZF.exe
  2⤵
  PID:7632
- C:\Windows\System\VIPQEjA.exe
  C:\Windows\System\VIPQEjA.exe
  2⤵
  PID:7652
- C:\Windows\System\FLBugGN.exe
  C:\Windows\System\FLBugGN.exe
  2⤵
  PID:7676
- C:\Windows\System\mXIUahs.exe
  C:\Windows\System\mXIUahs.exe
  2⤵
  PID:7704
- C:\Windows\System\ttFrnKb.exe
  C:\Windows\System\ttFrnKb.exe
  2⤵
  PID:7804
- C:\Windows\System\fLxNMpD.exe
  C:\Windows\System\fLxNMpD.exe
  2⤵
  PID:7820
- C:\Windows\System\sSjhRcK.exe
  C:\Windows\System\sSjhRcK.exe
  2⤵
  PID:7864
- C:\Windows\System\HCbFwHG.exe
  C:\Windows\System\HCbFwHG.exe
  2⤵
  PID:7884
- C:\Windows\System\qPlkzUm.exe
  C:\Windows\System\qPlkzUm.exe
  2⤵
  PID:7900
- C:\Windows\System\fJpowjC.exe
  C:\Windows\System\fJpowjC.exe
  2⤵
  PID:7916
- C:\Windows\System\mZjSzFl.exe
  C:\Windows\System\mZjSzFl.exe
  2⤵
  PID:7932
- C:\Windows\System\VCuEUjX.exe
  C:\Windows\System\VCuEUjX.exe
  2⤵
  PID:8000
- C:\Windows\System\lGmyfzA.exe
  C:\Windows\System\lGmyfzA.exe
  2⤵
  PID:7352
- C:\Windows\System\PQLFEUj.exe
  C:\Windows\System\PQLFEUj.exe
  2⤵
  PID:7460
- C:\Windows\System\saHIpvj.exe
  C:\Windows\System\saHIpvj.exe
  2⤵
  PID:7464
- C:\Windows\System\WoEHjkG.exe
  C:\Windows\System\WoEHjkG.exe
  2⤵
  PID:7588
- C:\Windows\System\FHmRYmp.exe
  C:\Windows\System\FHmRYmp.exe
  2⤵
  PID:7572
- C:\Windows\System\pgzDsxo.exe
  C:\Windows\System\pgzDsxo.exe
  2⤵
  PID:7576
- C:\Windows\System\odfQFBy.exe
  C:\Windows\System\odfQFBy.exe
  2⤵
  PID:7608
- C:\Windows\System\QOJRrBT.exe
  C:\Windows\System\QOJRrBT.exe
  2⤵
  PID:7660
- C:\Windows\System\zwSQmcK.exe
  C:\Windows\System\zwSQmcK.exe
  2⤵
  PID:7684
- C:\Windows\System\HxNiPrz.exe
  C:\Windows\System\HxNiPrz.exe
  2⤵
  PID:7696
- C:\Windows\System\BUEJQoi.exe
  C:\Windows\System\BUEJQoi.exe
  2⤵
  PID:7720
- C:\Windows\System\dcEWSVM.exe
  C:\Windows\System\dcEWSVM.exe
  2⤵
  PID:7736
- C:\Windows\System\GBOTVlU.exe
  C:\Windows\System\GBOTVlU.exe
  2⤵
  PID:7752
- C:\Windows\System\OxveWHH.exe
  C:\Windows\System\OxveWHH.exe
  2⤵
  PID:7768
- C:\Windows\System\rNGJSIM.exe
  C:\Windows\System\rNGJSIM.exe
  2⤵
  PID:7788
- C:\Windows\System\jVVmTUI.exe
  C:\Windows\System\jVVmTUI.exe
  2⤵
  PID:7828
- C:\Windows\System\EveeoWc.exe
  C:\Windows\System\EveeoWc.exe
  2⤵
  PID:7836
- C:\Windows\System\dLoXYvX.exe
  C:\Windows\System\dLoXYvX.exe
  2⤵
  PID:7852
- C:\Windows\System\ZHpFEsV.exe
  C:\Windows\System\ZHpFEsV.exe
  2⤵
  PID:7896
- C:\Windows\System\jbKacEl.exe
  C:\Windows\System\jbKacEl.exe
  2⤵
  PID:7912
- C:\Windows\System\jYokNxF.exe
  C:\Windows\System\jYokNxF.exe
  2⤵
  PID:7948
- C:\Windows\System\XvUxvSs.exe
  C:\Windows\System\XvUxvSs.exe
  2⤵
  PID:7964
- C:\Windows\System\kPuYXNf.exe
  C:\Windows\System\kPuYXNf.exe
  2⤵
  PID:7980
- C:\Windows\System\qiqKjhT.exe
  C:\Windows\System\qiqKjhT.exe
  2⤵
  PID:7944
- C:\Windows\System\KTdtTgq.exe
  C:\Windows\System\KTdtTgq.exe
  2⤵
  PID:7040
- C:\Windows\System\VJtMUsg.exe
  C:\Windows\System\VJtMUsg.exe
  2⤵
  PID:8032
- C:\Windows\System\BXmGhGk.exe
  C:\Windows\System\BXmGhGk.exe
  2⤵
  PID:8052
- C:\Windows\System\oBNLnrb.exe
  C:\Windows\System\oBNLnrb.exe
  2⤵
  PID:8064
- C:\Windows\System\sAWygKD.exe
  C:\Windows\System\sAWygKD.exe
  2⤵
  PID:8080
- C:\Windows\System\lrfsyYO.exe
  C:\Windows\System\lrfsyYO.exe
  2⤵
  PID:8092
- C:\Windows\System\BcVxyes.exe
  C:\Windows\System\BcVxyes.exe
  2⤵
  PID:8108
- C:\Windows\System\BDfcGiA.exe
  C:\Windows\System\BDfcGiA.exe
  2⤵
  PID:8128
- C:\Windows\System\NLmIECb.exe
  C:\Windows\System\NLmIECb.exe
  2⤵
  PID:8124
- C:\Windows\System\ufYAeIG.exe
  C:\Windows\System\ufYAeIG.exe
  2⤵
  PID:8156
- C:\Windows\System\SjXseVl.exe
  C:\Windows\System\SjXseVl.exe
  2⤵
  PID:8176
- C:\Windows\System\wUvNewF.exe
  C:\Windows\System\wUvNewF.exe
  2⤵
  PID:8164
- C:\Windows\System\zDwGvQi.exe
  C:\Windows\System\zDwGvQi.exe
  2⤵
  PID:6552
- C:\Windows\System\rikvVIg.exe
  C:\Windows\System\rikvVIg.exe
  2⤵
  PID:7180
- C:\Windows\System\apeudpR.exe
  C:\Windows\System\apeudpR.exe
  2⤵
  PID:7208
- C:\Windows\System\mpmSpCG.exe
  C:\Windows\System\mpmSpCG.exe
  2⤵
  PID:7268
- C:\Windows\System\hgsAtdB.exe
  C:\Windows\System\hgsAtdB.exe
  2⤵
  PID:7216
- C:\Windows\System\ISNidaM.exe
  C:\Windows\System\ISNidaM.exe
  2⤵
  PID:7364
- C:\Windows\System\xlTSlqE.exe
  C:\Windows\System\xlTSlqE.exe
  2⤵
  PID:7432
- C:\Windows\System\DhWmRdx.exe
  C:\Windows\System\DhWmRdx.exe
  2⤵
  PID:7284
- C:\Windows\System\zBekYUB.exe
  C:\Windows\System\zBekYUB.exe
  2⤵
  PID:7444
- C:\Windows\System\OjWCVVC.exe
  C:\Windows\System\OjWCVVC.exe
  2⤵
  PID:7524
- C:\Windows\System\DTbcHgZ.exe
  C:\Windows\System\DTbcHgZ.exe
  2⤵
  PID:7604
- C:\Windows\System\TPYjskn.exe
  C:\Windows\System\TPYjskn.exe
  2⤵
  PID:7712
- C:\Windows\System\NjpkFzA.exe
  C:\Windows\System\NjpkFzA.exe
  2⤵
  PID:7776
- C:\Windows\System\obJJoaT.exe
  C:\Windows\System\obJJoaT.exe
  2⤵
  PID:7832
- C:\Windows\System\QJYkhvm.exe
  C:\Windows\System\QJYkhvm.exe
  2⤵
  PID:7648
- C:\Windows\System\JKEjytH.exe
  C:\Windows\System\JKEjytH.exe
  2⤵
  PID:7560
- C:\Windows\System\uhkpoUB.exe
  C:\Windows\System\uhkpoUB.exe
  2⤵
  PID:7692
- C:\Windows\System\WEViISX.exe
  C:\Windows\System\WEViISX.exe
  2⤵
  PID:7760
- C:\Windows\System\PmVAzNK.exe
  C:\Windows\System\PmVAzNK.exe
  2⤵
  PID:7848
- C:\Windows\System\iJtpUPc.exe
  C:\Windows\System\iJtpUPc.exe
  2⤵
  PID:7972
- C:\Windows\System\fpMkihp.exe
  C:\Windows\System\fpMkihp.exe
  2⤵
  PID:8056
- C:\Windows\System\qRjrUoq.exe
  C:\Windows\System\qRjrUoq.exe
  2⤵
  PID:8028
- C:\Windows\System\HRMfurN.exe
  C:\Windows\System\HRMfurN.exe
  2⤵
  PID:8048
- C:\Windows\System\SiRvsBP.exe
  C:\Windows\System\SiRvsBP.exe
  2⤵
  PID:8100
- C:\Windows\System\cduiRLZ.exe
  C:\Windows\System\cduiRLZ.exe
  2⤵
  PID:8168
- C:\Windows\System\WVZhAwf.exe
  C:\Windows\System\WVZhAwf.exe
  2⤵
  PID:7212
- C:\Windows\System\gMAidVk.exe
  C:\Windows\System\gMAidVk.exe
  2⤵
  PID:7400
- C:\Windows\System\gsVGASL.exe
  C:\Windows\System\gsVGASL.exe
  2⤵
  PID:7320
- C:\Windows\System\TAajpZk.exe
  C:\Windows\System\TAajpZk.exe
  2⤵
  PID:7196
- C:\Windows\System\RNOnVHP.exe
  C:\Windows\System\RNOnVHP.exe
  2⤵
  PID:7672
- C:\Windows\System\nLxEndA.exe
  C:\Windows\System\nLxEndA.exe
  2⤵
  PID:8188
- C:\Windows\System\JhbwhXp.exe
  C:\Windows\System\JhbwhXp.exe
  2⤵
  PID:7368
- C:\Windows\System\NpPCSOt.exe
  C:\Windows\System\NpPCSOt.exe
  2⤵
  PID:7496
- C:\Windows\System\xwlBHjI.exe
  C:\Windows\System\xwlBHjI.exe
  2⤵
  PID:7928
- C:\Windows\System\KJEEQDZ.exe
  C:\Windows\System\KJEEQDZ.exe
  2⤵
  PID:7800
- C:\Windows\System\jimBpoF.exe
  C:\Windows\System\jimBpoF.exe
  2⤵
  PID:7860
- C:\Windows\System\YxpCBTK.exe
  C:\Windows\System\YxpCBTK.exe
  2⤵
  PID:8040
- C:\Windows\System\qKMvovA.exe
  C:\Windows\System\qKMvovA.exe
  2⤵
  PID:7556
- C:\Windows\System\IfGrNYz.exe
  C:\Windows\System\IfGrNYz.exe
  2⤵
  PID:7924
- C:\Windows\System\DtTZyzb.exe
  C:\Windows\System\DtTZyzb.exe
  2⤵
  PID:8152
- C:\Windows\System\fNkkfIc.exe
  C:\Windows\System\fNkkfIc.exe
  2⤵
  PID:7664
- C:\Windows\System\EDbwugG.exe
  C:\Windows\System\EDbwugG.exe
  2⤵
  PID:8200
- C:\Windows\System\koXevmm.exe
  C:\Windows\System\koXevmm.exe
  2⤵
  PID:8216
- C:\Windows\System\UZYxqns.exe
  C:\Windows\System\UZYxqns.exe
  2⤵
  PID:8232
- C:\Windows\System\rzTqEZG.exe
  C:\Windows\System\rzTqEZG.exe
  2⤵
  PID:8256
- C:\Windows\System\okqVTRq.exe
  C:\Windows\System\okqVTRq.exe
  2⤵
  PID:8272
- C:\Windows\System\WTgwBrv.exe
  C:\Windows\System\WTgwBrv.exe
  2⤵
  PID:8288
- C:\Windows\System\RUpPGbk.exe
  C:\Windows\System\RUpPGbk.exe
  2⤵
  PID:8304
- C:\Windows\System\LGXicHz.exe
  C:\Windows\System\LGXicHz.exe
  2⤵
  PID:8320
- C:\Windows\System\cxoiLge.exe
  C:\Windows\System\cxoiLge.exe
  2⤵
  PID:8336
- C:\Windows\System\vPTLQxN.exe
  C:\Windows\System\vPTLQxN.exe
  2⤵
  PID:8352
- C:\Windows\System\dXRTeDL.exe
  C:\Windows\System\dXRTeDL.exe
  2⤵
  PID:8368
- C:\Windows\System\RDHHgox.exe
  C:\Windows\System\RDHHgox.exe
  2⤵
  PID:8384
- C:\Windows\System\vTYkkkI.exe
  C:\Windows\System\vTYkkkI.exe
  2⤵
  PID:8404
- C:\Windows\System\uzwRoGI.exe
  C:\Windows\System\uzwRoGI.exe
  2⤵
  PID:8420
- C:\Windows\System\YhHBNmN.exe
  C:\Windows\System\YhHBNmN.exe
  2⤵
  PID:8436
- C:\Windows\System\isxfkEL.exe
  C:\Windows\System\isxfkEL.exe
  2⤵
  PID:8452
- C:\Windows\System\dQeeoHg.exe
  C:\Windows\System\dQeeoHg.exe
  2⤵
  PID:8468
- C:\Windows\System\KpMcIlN.exe
  C:\Windows\System\KpMcIlN.exe
  2⤵
  PID:8484
- C:\Windows\System\zvwDBPS.exe
  C:\Windows\System\zvwDBPS.exe
  2⤵
  PID:8500
- C:\Windows\System\KLnYHAu.exe
  C:\Windows\System\KLnYHAu.exe
  2⤵
  PID:8516
- C:\Windows\System\EauhZwK.exe
  C:\Windows\System\EauhZwK.exe
  2⤵
  PID:8532
- C:\Windows\System\YjxUNHF.exe
  C:\Windows\System\YjxUNHF.exe
  2⤵
  PID:8548
- C:\Windows\System\mDcUVOa.exe
  C:\Windows\System\mDcUVOa.exe
  2⤵
  PID:8564
- C:\Windows\System\FeOxolc.exe
  C:\Windows\System\FeOxolc.exe
  2⤵
  PID:8580
- C:\Windows\System\aMXctdK.exe
  C:\Windows\System\aMXctdK.exe
  2⤵
  PID:8596
- C:\Windows\System\FRfiPxV.exe
  C:\Windows\System\FRfiPxV.exe
  2⤵
  PID:8612
- C:\Windows\System\JQmtElI.exe
  C:\Windows\System\JQmtElI.exe
  2⤵
  PID:8628
- C:\Windows\System\gJYnmVt.exe
  C:\Windows\System\gJYnmVt.exe
  2⤵
  PID:8644
- C:\Windows\System\CfhJFUK.exe
  C:\Windows\System\CfhJFUK.exe
  2⤵
  PID:8660
- C:\Windows\System\TYuChUD.exe
  C:\Windows\System\TYuChUD.exe
  2⤵
  PID:8676
- C:\Windows\System\CWoqKTg.exe
  C:\Windows\System\CWoqKTg.exe
  2⤵
  PID:8692
- C:\Windows\System\ANbjnTS.exe
  C:\Windows\System\ANbjnTS.exe
  2⤵
  PID:8708
- C:\Windows\System\KVKYHfN.exe
  C:\Windows\System\KVKYHfN.exe
  2⤵
  PID:8724
- C:\Windows\System\WwujwGj.exe
  C:\Windows\System\WwujwGj.exe
  2⤵
  PID:8740
- C:\Windows\System\nDLQqdE.exe
  C:\Windows\System\nDLQqdE.exe
  2⤵
  PID:8756
- C:\Windows\System\TuAfRhM.exe
  C:\Windows\System\TuAfRhM.exe
  2⤵
  PID:8772
- C:\Windows\System\fzmLpcy.exe
  C:\Windows\System\fzmLpcy.exe
  2⤵
  PID:8792
- C:\Windows\System\WfWSASM.exe
  C:\Windows\System\WfWSASM.exe
  2⤵
  PID:8812
- C:\Windows\System\TRFmsqZ.exe
  C:\Windows\System\TRFmsqZ.exe
  2⤵
  PID:8828
- C:\Windows\System\sbYABUY.exe
  C:\Windows\System\sbYABUY.exe
  2⤵
  PID:8920
- C:\Windows\System\iIKRtEx.exe
  C:\Windows\System\iIKRtEx.exe
  2⤵
  PID:8936
- C:\Windows\System\PmKkDaK.exe
  C:\Windows\System\PmKkDaK.exe
  2⤵
  PID:8952
- C:\Windows\System\SMjhlRN.exe
  C:\Windows\System\SMjhlRN.exe
  2⤵
  PID:8968
- C:\Windows\System\bWCWmSp.exe
  C:\Windows\System\bWCWmSp.exe
  2⤵
  PID:8984
- C:\Windows\System\msyPfyM.exe
  C:\Windows\System\msyPfyM.exe
  2⤵
  PID:9000
- C:\Windows\System\riOcJFP.exe
  C:\Windows\System\riOcJFP.exe
  2⤵
  PID:9016
- C:\Windows\System\byiycEF.exe
  C:\Windows\System\byiycEF.exe
  2⤵
  PID:9032
- C:\Windows\System\nxImdBR.exe
  C:\Windows\System\nxImdBR.exe
  2⤵
  PID:9052
- C:\Windows\System\LKkzQUi.exe
  C:\Windows\System\LKkzQUi.exe
  2⤵
  PID:9068
- C:\Windows\System\ArFbbsk.exe
  C:\Windows\System\ArFbbsk.exe
  2⤵
  PID:9092
- C:\Windows\System\UgaTzOZ.exe
  C:\Windows\System\UgaTzOZ.exe
  2⤵
  PID:9108
- C:\Windows\System\YTRCkWJ.exe
  C:\Windows\System\YTRCkWJ.exe
  2⤵
  PID:9128
- C:\Windows\System\AIrXBCn.exe
  C:\Windows\System\AIrXBCn.exe
  2⤵
  PID:9144
- C:\Windows\System\SHCTIrl.exe
  C:\Windows\System\SHCTIrl.exe
  2⤵
  PID:9160
- C:\Windows\System\HaKaFdV.exe
  C:\Windows\System\HaKaFdV.exe
  2⤵
  PID:9180
- C:\Windows\System\BhtzSGQ.exe
  C:\Windows\System\BhtzSGQ.exe
  2⤵
  PID:9196
- C:\Windows\System\AQOMzjW.exe
  C:\Windows\System\AQOMzjW.exe
  2⤵
  PID:8208
- C:\Windows\System\atWpIwK.exe
  C:\Windows\System\atWpIwK.exe
  2⤵
  PID:8076
- C:\Windows\System\OQVwtme.exe
  C:\Windows\System\OQVwtme.exe
  2⤵
  PID:7744
- C:\Windows\System\cKwCBLX.exe
  C:\Windows\System\cKwCBLX.exe
  2⤵
  PID:8116
- C:\Windows\System\jlZkIoM.exe
  C:\Windows\System\jlZkIoM.exe
  2⤵
  PID:8196
- C:\Windows\System\EEqEVdL.exe
  C:\Windows\System\EEqEVdL.exe
  2⤵
  PID:8244
- C:\Windows\System\kyeWeyG.exe
  C:\Windows\System\kyeWeyG.exe
  2⤵
  PID:8432
- C:\Windows\System\tEjPnoJ.exe
  C:\Windows\System\tEjPnoJ.exe
  2⤵
  PID:8460
- C:\Windows\System\URDHKzn.exe
  C:\Windows\System\URDHKzn.exe
  2⤵
  PID:8444
- C:\Windows\System\PEoHQDP.exe
  C:\Windows\System\PEoHQDP.exe
  2⤵
  PID:8540
- C:\Windows\System\mGMUnLj.exe
  C:\Windows\System\mGMUnLj.exe
  2⤵
  PID:8448
- C:\Windows\System\ovIfbqu.exe
  C:\Windows\System\ovIfbqu.exe
  2⤵
  PID:8576
- C:\Windows\System\YkhDNTl.exe
  C:\Windows\System\YkhDNTl.exe
  2⤵
  PID:8560
- C:\Windows\System\URdaCeJ.exe
  C:\Windows\System\URdaCeJ.exe
  2⤵
  PID:8684
- C:\Windows\System\KVABsTJ.exe
  C:\Windows\System\KVABsTJ.exe
  2⤵
  PID:8656
- C:\Windows\System\fxfGkUY.exe
  C:\Windows\System\fxfGkUY.exe
  2⤵
  PID:8700
- C:\Windows\System\PzrPcZO.exe
  C:\Windows\System\PzrPcZO.exe
  2⤵
  PID:8720
- C:\Windows\System\IGHTOgx.exe
  C:\Windows\System\IGHTOgx.exe
  2⤵
  PID:8768
- C:\Windows\System\yiWzsIM.exe
  C:\Windows\System\yiWzsIM.exe
  2⤵
  PID:8804
- C:\Windows\System\nEBaWyV.exe
  C:\Windows\System\nEBaWyV.exe
  2⤵
  PID:8820
- C:\Windows\System\pDleKpQ.exe
  C:\Windows\System\pDleKpQ.exe
  2⤵
  PID:8852
- C:\Windows\System\gWbszPB.exe
  C:\Windows\System\gWbszPB.exe
  2⤵
  PID:8868
- C:\Windows\System\nJMRfDA.exe
  C:\Windows\System\nJMRfDA.exe
  2⤵
  PID:8884
- C:\Windows\System\tHTjuCe.exe
  C:\Windows\System\tHTjuCe.exe
  2⤵
  PID:8904
- C:\Windows\System\HkhEmzE.exe
  C:\Windows\System\HkhEmzE.exe
  2⤵
  PID:8916
- C:\Windows\System\qLTsmmg.exe
  C:\Windows\System\qLTsmmg.exe
  2⤵
  PID:8248
- C:\Windows\System\poJijFK.exe
  C:\Windows\System\poJijFK.exe
  2⤵
  PID:9012
- C:\Windows\System\CMkZCPt.exe
  C:\Windows\System\CMkZCPt.exe
  2⤵
  PID:9076
- C:\Windows\System\skCxKre.exe
  C:\Windows\System\skCxKre.exe
  2⤵
  PID:9116
- C:\Windows\System\wOMuPFy.exe
  C:\Windows\System\wOMuPFy.exe
  2⤵
  PID:9156
- C:\Windows\System\wulhMrF.exe
  C:\Windows\System\wulhMrF.exe
  2⤵
  PID:9064
- C:\Windows\System\UnNMgrd.exe
  C:\Windows\System\UnNMgrd.exe
  2⤵
  PID:8932
- C:\Windows\System\seuqZkK.exe
  C:\Windows\System\seuqZkK.exe
  2⤵
  PID:9024
- C:\Windows\System\CycUluW.exe
  C:\Windows\System\CycUluW.exe
  2⤵
  PID:9104
- C:\Windows\System\JurQVwo.exe
  C:\Windows\System\JurQVwo.exe
  2⤵
  PID:9208
- C:\Windows\System\NGGzleD.exe
  C:\Windows\System\NGGzleD.exe
  2⤵
  PID:8212
- C:\Windows\System\pbLDYmw.exe
  C:\Windows\System\pbLDYmw.exe
  2⤵
  PID:7992
- C:\Windows\System\lmqoAvx.exe
  C:\Windows\System\lmqoAvx.exe
  2⤵
  PID:7248
- C:\Windows\System\wPbjRjJ.exe
  C:\Windows\System\wPbjRjJ.exe
  2⤵
  PID:7624
- C:\Windows\System\vWRqFfa.exe
  C:\Windows\System\vWRqFfa.exe
  2⤵
  PID:8268
- C:\Windows\System\YPOUaPi.exe
  C:\Windows\System\YPOUaPi.exe
  2⤵
  PID:8300
- C:\Windows\System\NGhDOKe.exe
  C:\Windows\System\NGhDOKe.exe
  2⤵
  PID:8344
- C:\Windows\System\zmgpyHw.exe
  C:\Windows\System\zmgpyHw.exe
  2⤵
  PID:8412
- C:\Windows\System\PgbulVj.exe
  C:\Windows\System\PgbulVj.exe
  2⤵
  PID:8640
- C:\Windows\System\AqoMUOY.exe
  C:\Windows\System\AqoMUOY.exe
  2⤵
  PID:8636
- C:\Windows\System\JwWgipB.exe
  C:\Windows\System\JwWgipB.exe
  2⤵
  PID:8780
- C:\Windows\System\bcqPvFY.exe
  C:\Windows\System\bcqPvFY.exe
  2⤵
  PID:8604
- C:\Windows\System\Locqlob.exe
  C:\Windows\System\Locqlob.exe
  2⤵
  PID:8836
- C:\Windows\System\twzVSbr.exe
  C:\Windows\System\twzVSbr.exe
  2⤵
  PID:8892
- C:\Windows\System\WtuQTmy.exe
  C:\Windows\System\WtuQTmy.exe
  2⤵
  PID:9044
- C:\Windows\System\eKLJwyY.exe
  C:\Windows\System\eKLJwyY.exe
  2⤵
  PID:8608
- C:\Windows\System\RqcBeFC.exe
  C:\Windows\System\RqcBeFC.exe
  2⤵
  PID:8800
- C:\Windows\System\TdHPRtS.exe
  C:\Windows\System\TdHPRtS.exe
  2⤵
  PID:8880
- C:\Windows\System\TiKwDgt.exe
  C:\Windows\System\TiKwDgt.exe
  2⤵
  PID:9084
- C:\Windows\System\PuLKwWW.exe
  C:\Windows\System\PuLKwWW.exe
  2⤵
  PID:8964
- C:\Windows\System\yvtSlkj.exe
  C:\Windows\System\yvtSlkj.exe
  2⤵
  PID:8996
- C:\Windows\System\yrrSsen.exe
  C:\Windows\System\yrrSsen.exe
  2⤵
  PID:7764
- C:\Windows\System\jTyiaQB.exe
  C:\Windows\System\jTyiaQB.exe
  2⤵
  PID:7192
- C:\Windows\System\BiZLsxs.exe
  C:\Windows\System\BiZLsxs.exe
  2⤵
  PID:7264
- C:\Windows\System\nZcGbUQ.exe
  C:\Windows\System\nZcGbUQ.exe
  2⤵
  PID:8012
- C:\Windows\System\vAWHomf.exe
  C:\Windows\System\vAWHomf.exe
  2⤵
  PID:8396
- C:\Windows\System\GowNPVV.exe
  C:\Windows\System\GowNPVV.exe
  2⤵
  PID:8296
- C:\Windows\System\IDBlQZX.exe
  C:\Windows\System\IDBlQZX.exe
  2⤵
  PID:8284
- C:\Windows\System\mPtHpVv.exe
  C:\Windows\System\mPtHpVv.exe
  2⤵
  PID:8544
- C:\Windows\System\BYXUbBF.exe
  C:\Windows\System\BYXUbBF.exe
  2⤵
  PID:8764
- C:\Windows\System\ViunFro.exe
  C:\Windows\System\ViunFro.exe
  2⤵
  PID:8736
- C:\Windows\System\OpZOIlL.exe
  C:\Windows\System\OpZOIlL.exe
  2⤵
  PID:8948
- C:\Windows\System\PYTKeKR.exe
  C:\Windows\System\PYTKeKR.exe
  2⤵
  PID:8652
- C:\Windows\System\oiEPiIT.exe
  C:\Windows\System\oiEPiIT.exe
  2⤵
  PID:9008
- C:\Windows\System\BDrUEWL.exe
  C:\Windows\System\BDrUEWL.exe
  2⤵
  PID:8024
- C:\Windows\System\HzTELnY.exe
  C:\Windows\System\HzTELnY.exe
  2⤵
  PID:8392
- C:\Windows\System\AokFivE.exe
  C:\Windows\System\AokFivE.exe
  2⤵
  PID:8620
- C:\Windows\System\XbjPPoJ.exe
  C:\Windows\System\XbjPPoJ.exe
  2⤵
  PID:8316
- C:\Windows\System\BblKimZ.exe
  C:\Windows\System\BblKimZ.exe
  2⤵
  PID:8732
- C:\Windows\System\BequPOJ.exe
  C:\Windows\System\BequPOJ.exe
  2⤵
  PID:7816
- C:\Windows\System\gExZAhv.exe
  C:\Windows\System\gExZAhv.exe
  2⤵
  PID:8624
- C:\Windows\System\pBCnttX.exe
  C:\Windows\System\pBCnttX.exe
  2⤵
  PID:9172
- C:\Windows\System\zRPPdNa.exe
  C:\Windows\System\zRPPdNa.exe
  2⤵
  PID:8876
- C:\Windows\System\NOjFDJv.exe
  C:\Windows\System\NOjFDJv.exe
  2⤵
  PID:6928
- C:\Windows\System\ETIKsiJ.exe
  C:\Windows\System\ETIKsiJ.exe
  2⤵
  PID:9088
- C:\Windows\System\gFCGOzU.exe
  C:\Windows\System\gFCGOzU.exe
  2⤵
  PID:8980
- C:\Windows\System\BuastUe.exe
  C:\Windows\System\BuastUe.exe
  2⤵
  PID:9220
- C:\Windows\System\vWZmVCb.exe
  C:\Windows\System\vWZmVCb.exe
  2⤵
  PID:9236
- C:\Windows\System\rQmuhWT.exe
  C:\Windows\System\rQmuhWT.exe
  2⤵
  PID:9252
- C:\Windows\System\YebQbmY.exe
  C:\Windows\System\YebQbmY.exe
  2⤵
  PID:9268
- C:\Windows\System\vyUeMcA.exe
  C:\Windows\System\vyUeMcA.exe
  2⤵
  PID:9284
- C:\Windows\System\UhxGGSx.exe
  C:\Windows\System\UhxGGSx.exe
  2⤵
  PID:9300
- C:\Windows\System\txKTypp.exe
  C:\Windows\System\txKTypp.exe
  2⤵
  PID:9316
- C:\Windows\System\clwoZaB.exe
  C:\Windows\System\clwoZaB.exe
  2⤵
  PID:9332
- C:\Windows\System\wwpBtNI.exe
  C:\Windows\System\wwpBtNI.exe
  2⤵
  PID:9348
- C:\Windows\System\rPULQbT.exe
  C:\Windows\System\rPULQbT.exe
  2⤵
  PID:9364
- C:\Windows\System\pIpHtND.exe
  C:\Windows\System\pIpHtND.exe
  2⤵
  PID:9380
- C:\Windows\System\XYXMamd.exe
  C:\Windows\System\XYXMamd.exe
  2⤵
  PID:9396
- C:\Windows\System\AqFggDa.exe
  C:\Windows\System\AqFggDa.exe
  2⤵
  PID:9412
- C:\Windows\System\sBqyBmK.exe
  C:\Windows\System\sBqyBmK.exe
  2⤵
  PID:9428
- C:\Windows\System\vWWJWlm.exe
  C:\Windows\System\vWWJWlm.exe
  2⤵
  PID:9444
- C:\Windows\System\BIhkGZw.exe
  C:\Windows\System\BIhkGZw.exe
  2⤵
  PID:9504
- C:\Windows\System\GSZeYqx.exe
  C:\Windows\System\GSZeYqx.exe
  2⤵
  PID:9520
- C:\Windows\System\dRPmZnF.exe
  C:\Windows\System\dRPmZnF.exe
  2⤵
  PID:9536
- C:\Windows\System\pHtUsOm.exe
  C:\Windows\System\pHtUsOm.exe
  2⤵
  PID:9568
- C:\Windows\System\sZjUKhi.exe
  C:\Windows\System\sZjUKhi.exe
  2⤵
  PID:9588
- C:\Windows\System\oOZyqKq.exe
  C:\Windows\System\oOZyqKq.exe
  2⤵
  PID:9604
- C:\Windows\System\lYIdoSn.exe
  C:\Windows\System\lYIdoSn.exe
  2⤵
  PID:9620
- C:\Windows\System\eGsYReR.exe
  C:\Windows\System\eGsYReR.exe
  2⤵
  PID:9636
- C:\Windows\System\chmNtix.exe
  C:\Windows\System\chmNtix.exe
  2⤵
  PID:9652
- C:\Windows\System\aDLAoIP.exe
  C:\Windows\System\aDLAoIP.exe
  2⤵
  PID:9668
- C:\Windows\System\cvfIalV.exe
  C:\Windows\System\cvfIalV.exe
  2⤵
  PID:9684
- C:\Windows\System\rXOzxXD.exe
  C:\Windows\System\rXOzxXD.exe
  2⤵
  PID:9700
- C:\Windows\System\xqQkNxq.exe
  C:\Windows\System\xqQkNxq.exe
  2⤵
  PID:9716
- C:\Windows\System\sXrozQC.exe
  C:\Windows\System\sXrozQC.exe
  2⤵
  PID:9732
- C:\Windows\System\CTrtWzN.exe
  C:\Windows\System\CTrtWzN.exe
  2⤵
  PID:9748
- C:\Windows\System\yLDrYce.exe
  C:\Windows\System\yLDrYce.exe
  2⤵
  PID:9764
- C:\Windows\System\mwoekZT.exe
  C:\Windows\System\mwoekZT.exe
  2⤵
  PID:9820
- C:\Windows\System\YpdCMzo.exe
  C:\Windows\System\YpdCMzo.exe
  2⤵
  PID:9852
- C:\Windows\System\jGhbWoU.exe
  C:\Windows\System\jGhbWoU.exe
  2⤵
  PID:9888
- C:\Windows\System\DWNCjWZ.exe
  C:\Windows\System\DWNCjWZ.exe
  2⤵
  PID:9920
- C:\Windows\System\ARmbJnH.exe
  C:\Windows\System\ARmbJnH.exe
  2⤵
  PID:9936
- C:\Windows\System\MvkMLPH.exe
  C:\Windows\System\MvkMLPH.exe
  2⤵
  PID:9952
- C:\Windows\System\VzokVWH.exe
  C:\Windows\System\VzokVWH.exe
  2⤵
  PID:9972
- C:\Windows\System\eLfRHKK.exe
  C:\Windows\System\eLfRHKK.exe
  2⤵
  PID:10084
- C:\Windows\System\YsNSCdp.exe
  C:\Windows\System\YsNSCdp.exe
  2⤵
  PID:10128
- C:\Windows\System\hmmCZms.exe
  C:\Windows\System\hmmCZms.exe
  2⤵
  PID:10212
- C:\Windows\System\KfxGcZG.exe
  C:\Windows\System\KfxGcZG.exe
  2⤵
  PID:8328
- C:\Windows\System\JwrjjNA.exe
  C:\Windows\System\JwrjjNA.exe
  2⤵
  PID:9204
- C:\Windows\System\kQiiJVG.exe
  C:\Windows\System\kQiiJVG.exe
  2⤵
  PID:9328
- C:\Windows\System\mIEbuPg.exe
  C:\Windows\System\mIEbuPg.exe
  2⤵
  PID:9372
- C:\Windows\System\AwrNVfX.exe
  C:\Windows\System\AwrNVfX.exe
  2⤵
  PID:9404
- C:\Windows\System\jXHyjha.exe
  C:\Windows\System\jXHyjha.exe
  2⤵
  PID:9420
- C:\Windows\System\ghsiQlN.exe
  C:\Windows\System\ghsiQlN.exe
  2⤵
  PID:9456
- C:\Windows\System\KnzCusP.exe
  C:\Windows\System\KnzCusP.exe
  2⤵
  PID:8044
- C:\Windows\System\aznnygj.exe
  C:\Windows\System\aznnygj.exe
  2⤵
  PID:9488
- C:\Windows\System\MxZATvq.exe
  C:\Windows\System\MxZATvq.exe
  2⤵
  PID:9496
- C:\Windows\System\RhIOTJT.exe
  C:\Windows\System\RhIOTJT.exe
  2⤵
  PID:9516
- C:\Windows\System\acHvVnX.exe
  C:\Windows\System\acHvVnX.exe
  2⤵
  PID:9560
- C:\Windows\System\mlZGQjP.exe
  C:\Windows\System\mlZGQjP.exe
  2⤵
  PID:9616
- C:\Windows\System\fzKzgrQ.exe
  C:\Windows\System\fzKzgrQ.exe
  2⤵
  PID:9680
- C:\Windows\System\Nhjpkog.exe
  C:\Windows\System\Nhjpkog.exe
  2⤵
  PID:9708
- C:\Windows\System\hOlKwfY.exe
  C:\Windows\System\hOlKwfY.exe
  2⤵
  PID:9728
- C:\Windows\System\wgyvWKb.exe
  C:\Windows\System\wgyvWKb.exe
  2⤵
  PID:9632
- C:\Windows\System\LZOsRji.exe
  C:\Windows\System\LZOsRji.exe
  2⤵
  PID:9776
- C:\Windows\System\mdtacIx.exe
  C:\Windows\System\mdtacIx.exe
  2⤵
  PID:9796
- C:\Windows\System\HbXXHkW.exe
  C:\Windows\System\HbXXHkW.exe
  2⤵
  PID:9812
- C:\Windows\System\QHdlDuv.exe
  C:\Windows\System\QHdlDuv.exe
  2⤵
  PID:9836
- C:\Windows\System\eLclyQO.exe
  C:\Windows\System\eLclyQO.exe
  2⤵
  PID:9832
- C:\Windows\System\lzNyAoL.exe
  C:\Windows\System\lzNyAoL.exe
  2⤵
  PID:9876
- C:\Windows\System\wSGnsOF.exe
  C:\Windows\System\wSGnsOF.exe
  2⤵
  PID:9916
- C:\Windows\System\wxaEkMG.exe
  C:\Windows\System\wxaEkMG.exe
  2⤵
  PID:9928
- C:\Windows\System\BIjvxIb.exe
  C:\Windows\System\BIjvxIb.exe
  2⤵
  PID:9980
- C:\Windows\System\AqmIGyP.exe
  C:\Windows\System\AqmIGyP.exe
  2⤵
  PID:9992
- C:\Windows\System\qZiuwNI.exe
  C:\Windows\System\qZiuwNI.exe
  2⤵
  PID:10092
- C:\Windows\System\PWJEWfo.exe
  C:\Windows\System\PWJEWfo.exe
  2⤵
  PID:9984
- C:\Windows\System\VwHxGQX.exe
  C:\Windows\System\VwHxGQX.exe
  2⤵
  PID:10044
- C:\Windows\System\LmmAdLk.exe
  C:\Windows\System\LmmAdLk.exe
  2⤵
  PID:10072
- C:\Windows\System\BJbDFnG.exe
  C:\Windows\System\BJbDFnG.exe
  2⤵
  PID:10012
- C:\Windows\System\PFZgTtf.exe
  C:\Windows\System\PFZgTtf.exe
  2⤵
  PID:10104
- C:\Windows\System\OBRDRpK.exe
  C:\Windows\System\OBRDRpK.exe
  2⤵
  PID:10144
- C:\Windows\System\cmrTJOE.exe
  C:\Windows\System\cmrTJOE.exe
  2⤵
  PID:10164
- C:\Windows\System\cZclIWl.exe
  C:\Windows\System\cZclIWl.exe
  2⤵
  PID:10184
- C:\Windows\System\DcepZft.exe
  C:\Windows\System\DcepZft.exe
  2⤵
  PID:10168
- C:\Windows\System\nvxiDnr.exe
  C:\Windows\System\nvxiDnr.exe
  2⤵
  PID:10228
- C:\Windows\System\gqYcjZk.exe
  C:\Windows\System\gqYcjZk.exe
  2⤵
  PID:9376
- C:\Windows\System\QXpeDEK.exe
  C:\Windows\System\QXpeDEK.exe
  2⤵
  PID:9344
- C:\Windows\System\drLfMaV.exe
  C:\Windows\System\drLfMaV.exe
  2⤵
  PID:7336
- C:\Windows\System\vZLaDMX.exe
  C:\Windows\System\vZLaDMX.exe
  2⤵
  PID:9280
- C:\Windows\System\vBYhmYb.exe
  C:\Windows\System\vBYhmYb.exe
  2⤵
  PID:9436
- C:\Windows\System\jtpKLNs.exe
  C:\Windows\System\jtpKLNs.exe
  2⤵
  PID:9532
- C:\Windows\System\RVyEcGn.exe
  C:\Windows\System\RVyEcGn.exe
  2⤵
  PID:9760
- C:\Windows\System\RkhOUeQ.exe
  C:\Windows\System\RkhOUeQ.exe
  2⤵
  PID:9804
- C:\Windows\System\HzFjVCq.exe
  C:\Windows\System\HzFjVCq.exe
  2⤵
  PID:9896
- C:\Windows\System\ylxnzcJ.exe
  C:\Windows\System\ylxnzcJ.exe
  2⤵
  PID:9948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BtjoXaa.exe

Filesize
6.0MB

MD5
ba202a0b2b24b83c307bb0f019520bec

SHA1
65be986283358d9dc3b6a728cdc4ff3bdbb1cd0f

SHA256
8a7b802e50718eb01afa2f8cf5aacb11d26aa1ad0977b2d2a0ac12d9183a9b54

SHA512
98f35d6b4d3a63b1958b942e05ac5c47fdb7ae6d7493ae764c9f2c008357acc4d4e4dc906b307d10bd7719b79fcb1ee529ee5a45ffad184ca77e69a90b4f1688

Download Submit
C:\Windows\system\CIxOZwo.exe

Filesize
6.0MB

MD5
4c066edc88c0e81262e46ae081820ff2

SHA1
839ad2ab7af05837dd7ec35fab1ef860bca870d7

SHA256
44047d4c6649bdde017f5be0fbdac1ae692fb3717137801e2c003ff58901a361

SHA512
de97b7311f8a2314f70646ca06ea94c8d0f22d2d5f20f134ff2787e0a914756152dcf5cdea2fc30c0ae296c853ee42fd45e1fa1a1e1f13befdccf92159cbc368

Download Submit
C:\Windows\system\CexVRPU.exe

Filesize
6.0MB

MD5
772a5e911f335250402da25e058f153e

SHA1
7d7fdff18cfbc4c668b92ff7d5ad656b7dc00f14

SHA256
4f8b5bdc99ea65f841b74183297fc0d75d92721d94ad4c35d4fe11ec10b0afa8

SHA512
64e1731dc58dff91e1670c8d866564238fe505a3706f24d79848dbf018d724606e24ca59216d7a86543ad082aaeac89c133c060aca3f6ae9439dcb82d4b064d0

Download Submit
C:\Windows\system\DCVKHEw.exe

Filesize
6.0MB

MD5
191f1f77d1ddcf588538585231af4cc6

SHA1
a3286750d9b262ceb553405ec58e0fc5f495ddf7

SHA256
1c58133c8b7847e28970cdf25df50f9b9ebb795e9c65e76c9e3a082d998c2376

SHA512
8c1d6f206ee021d967c74bcc04f359b9f95e53a7562695d06996bb66442965477dcb8aaf7294dcc2db67c08f17e638280fdb3be90ee1daa80ab90a44e003aaa2

Download Submit
C:\Windows\system\DMFhZWn.exe

Filesize
6.0MB

MD5
03604aa1b2f95a5319524f6b3cc720c7

SHA1
cdc343720fa969cb92e28ff371742a9f7b1736c5

SHA256
0490a64ea638bbe35ee62e93df19a2c32d598117aa461815e58b209310548cba

SHA512
685089a1c17d7ea11a12840c9b55705c3f5146a0ea92a596c05c50674959158b52d4033b1f1373b8923bf81b7497d828b299fd5aeafd433824d2f23597926d14

Download Submit
C:\Windows\system\INRoydd.exe

Filesize
6.0MB

MD5
e8f5cfdfabaf335ab1d588694b80959e

SHA1
1f894fd9a88f8ae87b86815f0fe451c06e76ebd1

SHA256
ad6e5cadbd36cef004417cb92249297884680e3261b177f2389aebc39964b217

SHA512
c8792a90ff9aa0b1e85b5ba9c7194a662b9f77f8ac08ac9cf78b2790d360d8c5932c936884c14690a37b04fdee78b4b5e879add5a4d89658421750a8bb380b89

Download Submit
C:\Windows\system\PAzQANi.exe

Filesize
6.0MB

MD5
e799c051184a9e56cb44a8ade28a9100

SHA1
987a922ce02ccaf352d46780b6927bd53d2b31a8

SHA256
2cdb59201141360db55c0121d08dfe5ee90796c7cc6dff3e42d976057a9676e9

SHA512
a3c0f9a0bbafd9369492533e9efee843038771d8c14aab5ea07869358227bb7a622ad039fcf05876f5f3add049ef9ece1763ccc559ea523c5f4bb0418fe390db

Download Submit
C:\Windows\system\UNNJchh.exe

Filesize
6.0MB

MD5
7ce4376f6fdcf627e7555d5f9a262fbe

SHA1
c263fac72c1598a2b0391ec4bf37504db2d352ab

SHA256
8b907faede5302c2f31ffcc3c559c65544a8cbc7dfd5e1501d99715247872be8

SHA512
07081931508f27fb8e3d2052afb70ec49f8b220effd96650b8cbe9f8f66357d992db8048e15e5067f20767cb92368d169d50c4f0fcc3c11974bcc729c42ed4e2

Download Submit
C:\Windows\system\UmPiuAG.exe

Filesize
6.0MB

MD5
89827bcd7553c834bbc8e4eda2131a92

SHA1
aad8250801b73f29e2d01305c31d1f86ef14d8ea

SHA256
ebb88d30577e8eb55930fd07d9e841378da4b1d2679eb4d8fe25e10f2045adba

SHA512
47a2c12debcf854723a59d012b0d9245dd052f63d5a8553032db3746653e90d0764d6f94dc502d6d2708732b7a63c7bb38fe5b9049c9ad7e975a532c2211bed6

Download Submit
C:\Windows\system\WHvFUge.exe

Filesize
6.0MB

MD5
2c3043d8c261c33b377d4068255d810f

SHA1
e8100a37ecd14569e68a266adc03414ef57eba6a

SHA256
afec3bbfc16ed930682c04e11630bd6c833c8906cc692263477bc481b360ca18

SHA512
40ab07490674928268ffb415ebdaf0526d670f91778314e2aab0e7634ec0313070868e3bb44ec80e6fcf4c92d6174e1dc85b0a87186c13cb18ffe3547b62dd37

Download Submit
C:\Windows\system\WKNZapD.exe

Filesize
6.0MB

MD5
6061cbcf13b1c7a2cc72e108213d0026

SHA1
dfcedce1397a9e8391c08eeaf6233156bc98b224

SHA256
dc5bb198cda02b88bd91154d2d070a83d6f19549b932f3410c5e628d2602a89f

SHA512
ecd2b420be5ab3b136ea116b9194d691d460f897c265303827841d5481660d416079917ef1c72860faac3469d8bb736f53b983da6b51af89b30fbf845936ca55

Download Submit
C:\Windows\system\XdnVyfo.exe

Filesize
6.0MB

MD5
85fb78594bf84bae9f5a6854355bac89

SHA1
57ad927c55799ca8a0de8609e2e5bf174ea758da

SHA256
79e2214ff4df1981fb9438011149a1839cbf2a5c1bf7f1982f3842f6780110a0

SHA512
810a755b887682440d4538fbacc2d617e03e7cdb50e31a45120ab8eb08bb6735cfcf84aadbe7937496877d66801ca743486a8855c6293d918c075bca4eefb52d

Download Submit
C:\Windows\system\YdGDANp.exe

Filesize
6.0MB

MD5
d989b409d71b35d3076fb28d47a25558

SHA1
4937f8e529a351e179a0d37c8c57c58e4b1debd6

SHA256
131fd852b6c9079993df9c6d1c7a050a70754caff5bf40c1d43a6aea098077c4

SHA512
dc8a024670d915fbaa8f24b67e268885a38343cdd5c0b06861bfd1622f92ec4d56e79ef185d81f266be784c68e86ee23ebc81c998fb8c08d0e5f7508b6acb6df

Download Submit
C:\Windows\system\cpocGXU.exe

Filesize
6.0MB

MD5
ccc86265327b924567e72cb3a7a5d5fb

SHA1
3d801e97d2f312f6f13ae71d8a00affdb8765ca6

SHA256
58fc3e206687a5a1d5ac41a4a439a60e5d76c72b5d95dbd0448c73379cee42eb

SHA512
15b2c095aa635f1b1e5fa316631983e9d69b072000c377362e469385d732cd01bcc0e675fba4dc369bf29990438fc48815784264c0ebae7d2e753bb9aae4da60

Download Submit
C:\Windows\system\fngVOpR.exe

Filesize
6.0MB

MD5
ecfdfa6df9dcbd28347a008c18d36f72

SHA1
43dd46475d33ebcb753dc65247cf2fc4926c5026

SHA256
e0a29600e07f5cefcb4f3513b7a1109eeb146a682cea3e59aec95c5f9af84193

SHA512
3990815e188e02f0a218e8fd217bc515ca57e199fcd27277bbdb1c7956046922cb19ca5c7fdeee66d56b0906c979ce9e0e768fbafb3743ed306590ea93857b29

Download Submit
C:\Windows\system\iRYknWg.exe

Filesize
6.0MB

MD5
26458a41b3ab89b4d48f84ac048f68e9

SHA1
58d40a984ecf7f545b93fabc86af374e2a9994a1

SHA256
dd87d9101b5f186f4c04ba052b8a1800f12982e82e3373407b31b638a5c799fb

SHA512
4d22bc7277edb3b229db054d5d4d7ba943670cf7e0cab718ca1ae0bc348ac71e688102e99212722a85e12d66ae5002f5e4be1b4beb6d6e31cc40e97527fcb021

Download Submit
C:\Windows\system\jbmRMIh.exe

Filesize
6.0MB

MD5
30c2b994baa1d2614869fad41a0febd6

SHA1
8a8ac2ae366658bb5be68e5de724eecd6435559d

SHA256
795517cc90d9a478225ff97976733a2d7f182e822e3729fec6273918fecf9c6f

SHA512
08e158ec170d07ccd57bfb703cbf18d77ef2a3a489e33b17be2eb0d71f0092a034e582c15d78148ffdfa654397500d91d5f1c5c9a981add6e12300d50a5ad597

Download Submit
C:\Windows\system\lqZWBSK.exe

Filesize
6.0MB

MD5
70322c35034fac6b3c7ab9ee53ab5127

SHA1
c1a5eb67d06c491ca082c918078c49205109e9d6

SHA256
aa704d255b3155994d174c75c60052da5b2597267955bd7f9bec4556743f777a

SHA512
1c3212ab9890d65d6b3d72ad9d3204538fcea9151c2d7ac6db6b7b19aa7e3b7bc812b93c723613e9560bff844be7e04914ba0dc198a125152fa6082621e05c86

Download Submit
C:\Windows\system\mOWQydc.exe

Filesize
6.0MB

MD5
8a9edc4866ae9663660bcfca10322908

SHA1
2bad5adf37ad64c95104cb771b9d27c751859f65

SHA256
d3dd6beab74b6d9200302f71a427944de58e9a44f2c79582ce96ad5257f29904

SHA512
452151a2951c0e611ccce9d1196ec70eafa09f4ed1f54d5003d81876a9892e63854836c7eded27a2763136e6ea244f659698055e7dd34de88d5910fb60fe7ad5

Download Submit
C:\Windows\system\mWKQTtr.exe

Filesize
6.0MB

MD5
0b0e1534b73331c852b241ee197fae69

SHA1
e0a182e6f0987569f10493289cec4ae393e542ad

SHA256
ab2aec892c7d1218c722fa61ed7777766d02a3f3df6ed96533fcb4fb52708a8b

SHA512
b1055f1dbb6743cc70d497f006520b8f7bfbf045656fe6566b6a3480fb3b4a46de0a5fa8ecf0a2ca08f1d815284178f65adedeb9e54e902555f5be72311296d1

Download Submit
C:\Windows\system\mcHagde.exe

Filesize
6.0MB

MD5
428454b7cfd03fcc8ce351c48160138f

SHA1
a6f631beddf6f8c9fa408bb5df4d6ea7688c3fd4

SHA256
8f246ccf65c76bf9f5472d8f6cad3efac4a269faf4bc18e109a4ea319d50b05c

SHA512
b79db31939c16e4fd1f2fd3d1039dc8ed894638329458d34919943e8cf2b9e2c2628a0832ae0238fd93193bb10204e6d62b1cfc0823cee30e8945a3acc1241ae

Download Submit
C:\Windows\system\mlrLXkm.exe

Filesize
6.0MB

MD5
d90ae13572994f5f1ef093976b0fdd97

SHA1
aa82a2a81d8830634d17ee0c3138c4e550dd8696

SHA256
f64232bf7dce7c31d2d9b7be20c7ba3938f46210c661a74a9dc66b842cae9803

SHA512
4a0c7a48370593efa95032235d5538f254fdd7604e4e62e2c60a08a5e0b35881f9800de1ab74f2e1164827648e89f1033fca884dbf25c0fa2e9f1e6f4979ebab

Download Submit
C:\Windows\system\ncbAgsE.exe

Filesize
6.0MB

MD5
63895277bad599c588f9c04a9835e2ae

SHA1
7a8bf58c75114a44631e1ba814aa8b87048acee7

SHA256
af9e2f4c81d2448999cb32bde0ddec164965a47431d7196bc75bfe533b541a56

SHA512
38c89d2f1b31d1482439bacf356df76729e853beb05fb9d420018047e5d58b323fccd834276bfda6bb49094c158049eae9da8d11bd48827c9f21a3047cd73fde

Download Submit
C:\Windows\system\ntFRlDc.exe

Filesize
6.0MB

MD5
e5a3163df7efef83c55710f2c1038ddb

SHA1
1a4edfb5705c06bbba353e31e34da04106260b88

SHA256
b7c45f5b67dbbc7d836b2bf88937f91fe0aa7ccce1112dbf4412196837b70b32

SHA512
dfd04288b52c6f16d6ab465e554b40db71efbf3f7982deada20518055f05f6bd4ca5d8120db0da4d18d814d36fad231a50dfdaa74c49dded591871182a684a97

Download Submit
C:\Windows\system\qTwOBpk.exe

Filesize
6.0MB

MD5
f67c8c782cd51f704ef6c81258f7faf2

SHA1
ec166e653f882dc9ca2101a83d899011c39056dc

SHA256
ecef1285c0c6e5ff3d7e108d6264b3cee4fd6320e30b9d4d6b943f4f008c5599

SHA512
087c01bde84166f96f16e77ae80073ecd7a75fbc7fb18c916296ed6da2dec5e8f298bb72b59e13ed3fd55ee4b6e3fb168b8839f86bd4f43803f4315df9d288f6

Download Submit
\Windows\system\BgmAFuF.exe

Filesize
6.0MB

MD5
363ea9b26ae6f3104ff06543676f0f85

SHA1
bf8b91cd25c59cff3caf1cb404ce3cad92e82941

SHA256
026df6d327ee96411d736d5ca670bddbf8c04169855c0bbad4d83cae52251642

SHA512
1ba282800734d1cd506478e653d3772ca2698f516d7af32e18cfbbcac8e70b4bfbea353208d5a639094eb56501d37977e83ed722022b3d7bb12eeda94d129623

Download Submit
\Windows\system\ImZXVcy.exe

Filesize
6.0MB

MD5
c08c34c04f2b53a60cf924bf0546a651

SHA1
b63dda15033c479ccce0302be9a40ac642da892b

SHA256
348fe7e50e39c660d728ef6283c0f3cdbfbf955df3ca558da8192be4b9eb6b44

SHA512
79c887b36f396ac2a153d6d966b3b2d60fa1ca9fbbdfea87aed4bdcdae8f621bb81c9a1b8589a58a2fca8d7d272d35befb97a176e12170f787c2639d38f9d798

Download Submit
\Windows\system\PvwRtMC.exe

Filesize
6.0MB

MD5
7a23da30f1c32c08d693eb9c0bf4c485

SHA1
273106c6ae3fc2291b5c89dc3f76c704bf20dce3

SHA256
d9742bdeb6ed911deb704cff8ec67bf71b6eb5e962b6224e6aa780cea5f6ae0b

SHA512
38151dbbbddbd4ee2e451f81af9a0dbdd6a246e42fa90a7560d11396f121dd1e79fa8f811567ea2ab1a0cbf55c11bc5cc715661752b13916c604d8ef4de1f63f

Download Submit
\Windows\system\dqLQRnJ.exe

Filesize
6.0MB

MD5
0b53d3029568b59d6abb0fc9d6ddb86d

SHA1
4bfff773555f799aa410ae1e924c98c47e5d0f24

SHA256
0bf4b5a903a0bd6766fa87fa92f3ad10074a0dcda692978a1fdc120d2eaa3375

SHA512
8d40c7b945e3558539806b3cc61e5b6e0bf94291e1106532b538544086dcd63941b100c4d4379dfc01c76220ed660beafb554539f744cbde7db1765584916bc6

Download Submit
\Windows\system\jOTtSXw.exe

Filesize
6.0MB

MD5
ad87a05b4c9f437bd3d18520e9b3b689

SHA1
ff28f04653ab3e9ee0765a10fd7c7e6c946a586c

SHA256
1b5f4f262ad175e38112d7a15bf7fa8f00ce4d836e59fcc0ee180c004c115641

SHA512
38e43d7f4f0b5d42fd325560e97b0f249a380d72302e74ccd2d18ced736a5ee4f9aed4ef35e5db458f17fbb4ba3c883d57fc058ea6cc64950fbc852b0d829721

Download Submit
\Windows\system\kreKVOW.exe

Filesize
6.0MB

MD5
41aa57ff9a199f0cdfb70570fdefa42a

SHA1
b3b77370768b178c7d3254c373e4e6dda8ed7fcb

SHA256
2a4e2cc526bdaadfc2c8ccb90dfc965e9a42efc1138eaad0183511933e69d27f

SHA512
e4b899d3ff23b52799855c6203cf222868b871d3f1d522dc907914bcc6482a034e8c20ece9d70880ecc26e708baef8c7e8e5ef69c73a8b789b8117c0a0a704f4

Download Submit
\Windows\system\nFcifYv.exe

Filesize
6.0MB

MD5
ec2d16bad0a6661ebb68f7d14d6dd0a7

SHA1
1c0b8547f12ba4a26dbc113b673e1b715689a1a1

SHA256
86257d782d785c17f88068fffe3e70ea234e3f26d6adf6fd2982434d84c24177

SHA512
a3c6b61d99dcab5e18fe11410d95bbf1dd2e87067b154ae4f51d46160df73decf97bfbf14867105720280bbd33d1a99b09d2542f16698f821ab0e851a1d87e3e

Download Submit
memory/536-104-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/536-3750-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1216-80-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1216-3751-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1432-103-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-112-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-95-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2112-111-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2112-110-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2112-107-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-106-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2112-105-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2112-113-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2112-714-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2112-942-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2112-943-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2112-944-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2112-100-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2112-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2112-947-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-467-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2112-9-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2112-19-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-35-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2112-41-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2112-117-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2112-0-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2112-49-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2112-68-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-29-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2112-55-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2548-43-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3725-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2560-28-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2712-50-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3779-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2760-91-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3778-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2840-20-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3776-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-36-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3777-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2920-3729-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-27-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-25-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/3024-71-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-3780-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download