cobaltstrike | c2abd43a2d6fbe93a969ef3b238923428f58eafc9bfddc5cb72834ab4a8ecb18

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-12-2024 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

9859994634c533329e7797571e56cefe
SHA1

15e3ca9318e90ddad9382fffbb14093264d5e38e
SHA256

c2abd43a2d6fbe93a969ef3b238923428f58eafc9bfddc5cb72834ab4a8ecb18
SHA512

ced1693e67fe6b73551ef2c1d435017d9d729714b2d9656c57d3b097ca79ffe8e20f24fa0a3a9e765ec72335691e0eacfdb7186a237fe3095e67f9eb5a8ad516
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU+:T+q56utgpPF8u/7+

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120ff-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014b28-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014bda-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014cde-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014f7b-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015016-37.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015512-49.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015048-44.dat	cobalt_reflective_dll
behavioral1/files/0x003400000001487e-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d11-59.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4e-85.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd6-110.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175c6-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001875d-175.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-170.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186d2-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186de-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018669-155.dat	cobalt_reflective_dll
behavioral1/files/0x0031000000018654-150.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175d2-145.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175cc-140.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017546-130.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000170b5-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017051-120.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ee0-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd2-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dc7-100.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016db8-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016db3-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4a-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d46-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d33-70.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 61 IoCs

miner

resource	yara_rule
behavioral1/memory/800-0-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x00080000000120ff-3.dat	xmrig
behavioral1/memory/3056-8-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x0008000000014b28-9.dat	xmrig
behavioral1/files/0x0008000000014bda-11.dat	xmrig
behavioral1/memory/2620-20-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/1732-18-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/files/0x0007000000014cde-22.dat	xmrig
behavioral1/memory/2788-27-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2692-34-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000014f7b-32.dat	xmrig
behavioral1/files/0x0007000000015016-37.dat	xmrig
behavioral1/memory/800-40-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/800-45-0x0000000002290000-0x00000000025E4000-memory.dmp	xmrig
behavioral1/memory/2104-48-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2388-47-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015512-49.dat	xmrig
behavioral1/memory/3056-52-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2664-55-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/files/0x0009000000015048-44.dat	xmrig
behavioral1/files/0x003400000001487e-65.dat	xmrig
behavioral1/memory/2620-66-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d11-59.dat	xmrig
behavioral1/files/0x0006000000016d4e-85.dat	xmrig
behavioral1/files/0x0006000000016dd6-110.dat	xmrig
behavioral1/files/0x00060000000175c6-135.dat	xmrig
behavioral1/files/0x000500000001875d-175.dat	xmrig
behavioral1/memory/2792-513-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2788-613-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2664-1349-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2364-523-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2556-514-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/768-529-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2024-525-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/800-524-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2536-517-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ee-170.dat	xmrig
behavioral1/files/0x00050000000186d2-160.dat	xmrig
behavioral1/files/0x00050000000186de-165.dat	xmrig
behavioral1/files/0x0005000000018669-155.dat	xmrig
behavioral1/files/0x0031000000018654-150.dat	xmrig
behavioral1/files/0x00060000000175d2-145.dat	xmrig
behavioral1/files/0x00060000000175cc-140.dat	xmrig
behavioral1/files/0x0006000000017546-130.dat	xmrig
behavioral1/files/0x00060000000170b5-125.dat	xmrig
behavioral1/files/0x0006000000017051-120.dat	xmrig
behavioral1/files/0x0006000000016ee0-115.dat	xmrig
behavioral1/files/0x0006000000016dd2-105.dat	xmrig
behavioral1/files/0x0006000000016dc7-100.dat	xmrig
behavioral1/files/0x0006000000016db8-95.dat	xmrig
behavioral1/files/0x0006000000016db3-90.dat	xmrig
behavioral1/files/0x0006000000016d4a-80.dat	xmrig
behavioral1/files/0x0006000000016d46-75.dat	xmrig
behavioral1/files/0x0006000000016d33-70.dat	xmrig
behavioral1/memory/2388-3999-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2620-4003-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/3056-4027-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2792-4034-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2364-4039-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2024-4050-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2536-4057-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3056	CYoJzDR.exe
1732	HOWesTy.exe
2620	jsFBPyO.exe
2788	aNtwUcG.exe
2692	jFuDeaH.exe
2388	WdEVPYw.exe
2104	vRiecoS.exe
2664	HpFAxAV.exe
2792	femBzVx.exe
2556	xUtLimB.exe
2536	egKVrZL.exe
2364	lsielWQ.exe
2024	KUDuypi.exe
768	jEIGHPe.exe
392	yuuPvOH.exe
876	fFCZRxZ.exe
2852	yUZNjsJ.exe
2856	KoKyrUD.exe
2888	PYVHZfL.exe
2732	WiEPzCC.exe
2532	VIosqoE.exe
1704	kDTHIQN.exe
1976	ySsqYyY.exe
1972	HYeDGiO.exe
1296	ojlxFUr.exe
828	WMyZpTY.exe
2580	brsOCNY.exe
1928	jMNCRFd.exe
2360	pkiObwz.exe
1664	QKlHDaw.exe
1036	clBwpYi.exe
2588	QCgRaCd.exe
2940	bkCVRii.exe
2380	qfrQYVl.exe
2156	PFSjIXL.exe
2316	GSurivi.exe
2376	hFPsnPD.exe
1224	snLptgG.exe
912	TvhqoCX.exe
1748	xvqeTbg.exe
2384	CKuSwyv.exe
2392	rfHqBXZ.exe
2036	SiiUEXd.exe
1724	nTYTbZM.exe
1324	rahZpbN.exe
1868	uKVVsjN.exe
464	qZJMnBX.exe
1708	jsrSrjF.exe
1148	nStZTDu.exe
928	QNnoBAH.exe
2904	efXOBni.exe
1960	yOUgpyP.exe
1824	VusHtwF.exe
1832	uahQBFP.exe
2296	mneqObq.exe
2272	UqmmFcK.exe
2060	FRKXzOf.exe
1508	xoymsPQ.exe
2012	UtGvXeB.exe
1720	XRoDsNH.exe
1600	tdIWYMj.exe
1604	fNtAfRn.exe
2676	ztYNkjq.exe
2760	hHYASYe.exe

Loads dropped DLL 64 IoCs

pid	Process
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/800-0-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x00080000000120ff-3.dat	upx
behavioral1/memory/3056-8-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x0008000000014b28-9.dat	upx
behavioral1/files/0x0008000000014bda-11.dat	upx
behavioral1/memory/2620-20-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/1732-18-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/files/0x0007000000014cde-22.dat	upx
behavioral1/memory/2788-27-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2692-34-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x0007000000014f7b-32.dat	upx
behavioral1/files/0x0007000000015016-37.dat	upx
behavioral1/memory/800-40-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2104-48-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2388-47-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/files/0x0008000000015512-49.dat	upx
behavioral1/memory/3056-52-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2664-55-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x0009000000015048-44.dat	upx
behavioral1/files/0x003400000001487e-65.dat	upx
behavioral1/memory/2620-66-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x0006000000016d11-59.dat	upx
behavioral1/files/0x0006000000016d4e-85.dat	upx
behavioral1/files/0x0006000000016dd6-110.dat	upx
behavioral1/files/0x00060000000175c6-135.dat	upx
behavioral1/files/0x000500000001875d-175.dat	upx
behavioral1/memory/2792-513-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2788-613-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2664-1349-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2364-523-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2556-514-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/768-529-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2024-525-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2536-517-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x00050000000186ee-170.dat	upx
behavioral1/files/0x00050000000186d2-160.dat	upx
behavioral1/files/0x00050000000186de-165.dat	upx
behavioral1/files/0x0005000000018669-155.dat	upx
behavioral1/files/0x0031000000018654-150.dat	upx
behavioral1/files/0x00060000000175d2-145.dat	upx
behavioral1/files/0x00060000000175cc-140.dat	upx
behavioral1/files/0x0006000000017546-130.dat	upx
behavioral1/files/0x00060000000170b5-125.dat	upx
behavioral1/files/0x0006000000017051-120.dat	upx
behavioral1/files/0x0006000000016ee0-115.dat	upx
behavioral1/files/0x0006000000016dd2-105.dat	upx
behavioral1/files/0x0006000000016dc7-100.dat	upx
behavioral1/files/0x0006000000016db8-95.dat	upx
behavioral1/files/0x0006000000016db3-90.dat	upx
behavioral1/files/0x0006000000016d4a-80.dat	upx
behavioral1/files/0x0006000000016d46-75.dat	upx
behavioral1/files/0x0006000000016d33-70.dat	upx
behavioral1/memory/2388-3999-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2620-4003-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/3056-4027-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2792-4034-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2364-4039-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2024-4050-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2536-4057-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pAlBnKE.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LzaaGNl.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jZvIUap.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sSgblhj.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oetALJJ.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KiRXDTG.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CxiBsbD.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bGNpLAs.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMiksoJ.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqBXloi.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zevLoRm.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhSPmit.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\esTXDLX.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dQJIkkt.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZoOjnmS.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NfODmnr.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qfrQYVl.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nelCMIr.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GXsKzGG.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rgRtqwI.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JynePlN.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWMAGhd.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wVHUnRG.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PItjuOX.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YtvjzGp.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BPFpkom.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fcYjZDM.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjYYidp.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FRKXzOf.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAnnXdA.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sAgErCW.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zlxUcZw.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwFQEVl.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pDajoSc.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZNDvIVR.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRhyCQI.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dYZQSfv.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zTkmrjr.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sEBKYsu.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHYjibu.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OxKkPoN.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xFinpHN.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VTuhUAc.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\htAddwP.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TEFyUmT.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pHOrRZC.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wEJjZvw.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWzxJww.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dNTJgyx.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hwgDTFi.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJrbskr.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvAtPuL.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXfWmmf.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TCOArJL.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GKJQQlu.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YqWGCEg.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ECtLabt.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oftkSnX.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gsrEBQK.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VvBUvvn.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ClMwxtY.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gcJOxmk.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ywHkggL.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WakbutL.exe	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 800 wrote to memory of 3056	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 800 wrote to memory of 3056	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 800 wrote to memory of 3056	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 800 wrote to memory of 1732	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 800 wrote to memory of 1732	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 800 wrote to memory of 1732	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 800 wrote to memory of 2620	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 800 wrote to memory of 2620	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 800 wrote to memory of 2620	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 800 wrote to memory of 2788	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 800 wrote to memory of 2788	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 800 wrote to memory of 2788	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 800 wrote to memory of 2692	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 800 wrote to memory of 2692	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 800 wrote to memory of 2692	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 800 wrote to memory of 2388	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 800 wrote to memory of 2388	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 800 wrote to memory of 2388	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 800 wrote to memory of 2104	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 800 wrote to memory of 2104	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 800 wrote to memory of 2104	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 800 wrote to memory of 2664	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 800 wrote to memory of 2664	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 800 wrote to memory of 2664	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 800 wrote to memory of 2792	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 800 wrote to memory of 2792	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 800 wrote to memory of 2792	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 800 wrote to memory of 2556	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 800 wrote to memory of 2556	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 800 wrote to memory of 2556	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 800 wrote to memory of 2536	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 800 wrote to memory of 2536	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 800 wrote to memory of 2536	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 800 wrote to memory of 2364	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 800 wrote to memory of 2364	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 800 wrote to memory of 2364	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 800 wrote to memory of 2024	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 800 wrote to memory of 2024	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 800 wrote to memory of 2024	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 800 wrote to memory of 768	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 800 wrote to memory of 768	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 800 wrote to memory of 768	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 800 wrote to memory of 392	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 800 wrote to memory of 392	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 800 wrote to memory of 392	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 800 wrote to memory of 876	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 800 wrote to memory of 876	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 800 wrote to memory of 876	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 800 wrote to memory of 2852	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 800 wrote to memory of 2852	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 800 wrote to memory of 2852	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 800 wrote to memory of 2856	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 800 wrote to memory of 2856	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 800 wrote to memory of 2856	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 800 wrote to memory of 2888	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 800 wrote to memory of 2888	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 800 wrote to memory of 2888	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 800 wrote to memory of 2732	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 800 wrote to memory of 2732	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 800 wrote to memory of 2732	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 800 wrote to memory of 2532	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 800 wrote to memory of 2532	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 800 wrote to memory of 2532	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 800 wrote to memory of 1704	800	2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-19_9859994634c533329e7797571e56cefe_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:800
- C:\Windows\System\CYoJzDR.exe
  C:\Windows\System\CYoJzDR.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\HOWesTy.exe
  C:\Windows\System\HOWesTy.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\jsFBPyO.exe
  C:\Windows\System\jsFBPyO.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\aNtwUcG.exe
  C:\Windows\System\aNtwUcG.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\jFuDeaH.exe
  C:\Windows\System\jFuDeaH.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\WdEVPYw.exe
  C:\Windows\System\WdEVPYw.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\vRiecoS.exe
  C:\Windows\System\vRiecoS.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\HpFAxAV.exe
  C:\Windows\System\HpFAxAV.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\femBzVx.exe
  C:\Windows\System\femBzVx.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\xUtLimB.exe
  C:\Windows\System\xUtLimB.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\egKVrZL.exe
  C:\Windows\System\egKVrZL.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\lsielWQ.exe
  C:\Windows\System\lsielWQ.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\KUDuypi.exe
  C:\Windows\System\KUDuypi.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\jEIGHPe.exe
  C:\Windows\System\jEIGHPe.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\yuuPvOH.exe
  C:\Windows\System\yuuPvOH.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\fFCZRxZ.exe
  C:\Windows\System\fFCZRxZ.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\yUZNjsJ.exe
  C:\Windows\System\yUZNjsJ.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\KoKyrUD.exe
  C:\Windows\System\KoKyrUD.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\PYVHZfL.exe
  C:\Windows\System\PYVHZfL.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\WiEPzCC.exe
  C:\Windows\System\WiEPzCC.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\VIosqoE.exe
  C:\Windows\System\VIosqoE.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\kDTHIQN.exe
  C:\Windows\System\kDTHIQN.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\ySsqYyY.exe
  C:\Windows\System\ySsqYyY.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\HYeDGiO.exe
  C:\Windows\System\HYeDGiO.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\ojlxFUr.exe
  C:\Windows\System\ojlxFUr.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\WMyZpTY.exe
  C:\Windows\System\WMyZpTY.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\brsOCNY.exe
  C:\Windows\System\brsOCNY.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\jMNCRFd.exe
  C:\Windows\System\jMNCRFd.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\pkiObwz.exe
  C:\Windows\System\pkiObwz.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\QKlHDaw.exe
  C:\Windows\System\QKlHDaw.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\clBwpYi.exe
  C:\Windows\System\clBwpYi.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\QCgRaCd.exe
  C:\Windows\System\QCgRaCd.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\bkCVRii.exe
  C:\Windows\System\bkCVRii.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\qfrQYVl.exe
  C:\Windows\System\qfrQYVl.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\PFSjIXL.exe
  C:\Windows\System\PFSjIXL.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\GSurivi.exe
  C:\Windows\System\GSurivi.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\hFPsnPD.exe
  C:\Windows\System\hFPsnPD.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\snLptgG.exe
  C:\Windows\System\snLptgG.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\TvhqoCX.exe
  C:\Windows\System\TvhqoCX.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\xvqeTbg.exe
  C:\Windows\System\xvqeTbg.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\CKuSwyv.exe
  C:\Windows\System\CKuSwyv.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\rfHqBXZ.exe
  C:\Windows\System\rfHqBXZ.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\SiiUEXd.exe
  C:\Windows\System\SiiUEXd.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\nTYTbZM.exe
  C:\Windows\System\nTYTbZM.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\rahZpbN.exe
  C:\Windows\System\rahZpbN.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\uKVVsjN.exe
  C:\Windows\System\uKVVsjN.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\qZJMnBX.exe
  C:\Windows\System\qZJMnBX.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\jsrSrjF.exe
  C:\Windows\System\jsrSrjF.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\nStZTDu.exe
  C:\Windows\System\nStZTDu.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\QNnoBAH.exe
  C:\Windows\System\QNnoBAH.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\efXOBni.exe
  C:\Windows\System\efXOBni.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\yOUgpyP.exe
  C:\Windows\System\yOUgpyP.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\VusHtwF.exe
  C:\Windows\System\VusHtwF.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\uahQBFP.exe
  C:\Windows\System\uahQBFP.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\mneqObq.exe
  C:\Windows\System\mneqObq.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\UqmmFcK.exe
  C:\Windows\System\UqmmFcK.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\FRKXzOf.exe
  C:\Windows\System\FRKXzOf.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\xoymsPQ.exe
  C:\Windows\System\xoymsPQ.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\UtGvXeB.exe
  C:\Windows\System\UtGvXeB.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\XRoDsNH.exe
  C:\Windows\System\XRoDsNH.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\tdIWYMj.exe
  C:\Windows\System\tdIWYMj.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\fNtAfRn.exe
  C:\Windows\System\fNtAfRn.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\ztYNkjq.exe
  C:\Windows\System\ztYNkjq.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\hHYASYe.exe
  C:\Windows\System\hHYASYe.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\AIqHsiM.exe
  C:\Windows\System\AIqHsiM.exe
  2⤵
  PID:2800
- C:\Windows\System\MthkhkD.exe
  C:\Windows\System\MthkhkD.exe
  2⤵
  PID:2804
- C:\Windows\System\lXvPniD.exe
  C:\Windows\System\lXvPniD.exe
  2⤵
  PID:2860
- C:\Windows\System\poxcibD.exe
  C:\Windows\System\poxcibD.exe
  2⤵
  PID:2488
- C:\Windows\System\MSWSncC.exe
  C:\Windows\System\MSWSncC.exe
  2⤵
  PID:1424
- C:\Windows\System\RFwTGmZ.exe
  C:\Windows\System\RFwTGmZ.exe
  2⤵
  PID:2404
- C:\Windows\System\FglYBNf.exe
  C:\Windows\System\FglYBNf.exe
  2⤵
  PID:264
- C:\Windows\System\kMYgbaE.exe
  C:\Windows\System\kMYgbaE.exe
  2⤵
  PID:1656
- C:\Windows\System\JvdSMiL.exe
  C:\Windows\System\JvdSMiL.exe
  2⤵
  PID:2832
- C:\Windows\System\dxORSzF.exe
  C:\Windows\System\dxORSzF.exe
  2⤵
  PID:2884
- C:\Windows\System\jnKYNeo.exe
  C:\Windows\System\jnKYNeo.exe
  2⤵
  PID:2980
- C:\Windows\System\olbAGEv.exe
  C:\Windows\System\olbAGEv.exe
  2⤵
  PID:844
- C:\Windows\System\eAnvEDb.exe
  C:\Windows\System\eAnvEDb.exe
  2⤵
  PID:2480
- C:\Windows\System\CWZikOZ.exe
  C:\Windows\System\CWZikOZ.exe
  2⤵
  PID:1856
- C:\Windows\System\bidYgvN.exe
  C:\Windows\System\bidYgvN.exe
  2⤵
  PID:632
- C:\Windows\System\lJlaXrZ.exe
  C:\Windows\System\lJlaXrZ.exe
  2⤵
  PID:1924
- C:\Windows\System\pqSpYRd.exe
  C:\Windows\System\pqSpYRd.exe
  2⤵
  PID:2116
- C:\Windows\System\edWTGcA.exe
  C:\Windows\System\edWTGcA.exe
  2⤵
  PID:2668
- C:\Windows\System\aYSmYra.exe
  C:\Windows\System\aYSmYra.exe
  2⤵
  PID:2164
- C:\Windows\System\UpJByZG.exe
  C:\Windows\System\UpJByZG.exe
  2⤵
  PID:1420
- C:\Windows\System\FrsmpLN.exe
  C:\Windows\System\FrsmpLN.exe
  2⤵
  PID:1136
- C:\Windows\System\UMiweII.exe
  C:\Windows\System\UMiweII.exe
  2⤵
  PID:1632
- C:\Windows\System\mPQNoTY.exe
  C:\Windows\System\mPQNoTY.exe
  2⤵
  PID:404
- C:\Windows\System\zxqbqnJ.exe
  C:\Windows\System\zxqbqnJ.exe
  2⤵
  PID:2084
- C:\Windows\System\kakyCAH.exe
  C:\Windows\System\kakyCAH.exe
  2⤵
  PID:1804
- C:\Windows\System\qMiksoJ.exe
  C:\Windows\System\qMiksoJ.exe
  2⤵
  PID:536
- C:\Windows\System\gxOqeCi.exe
  C:\Windows\System\gxOqeCi.exe
  2⤵
  PID:112
- C:\Windows\System\fsmgSLL.exe
  C:\Windows\System\fsmgSLL.exe
  2⤵
  PID:1020
- C:\Windows\System\kKtCgJM.exe
  C:\Windows\System\kKtCgJM.exe
  2⤵
  PID:3052
- C:\Windows\System\FDuvswO.exe
  C:\Windows\System\FDuvswO.exe
  2⤵
  PID:824
- C:\Windows\System\VzIsebO.exe
  C:\Windows\System\VzIsebO.exe
  2⤵
  PID:2032
- C:\Windows\System\UXnwdip.exe
  C:\Windows\System\UXnwdip.exe
  2⤵
  PID:2276
- C:\Windows\System\JOwCezO.exe
  C:\Windows\System\JOwCezO.exe
  2⤵
  PID:1348
- C:\Windows\System\kAnnXdA.exe
  C:\Windows\System\kAnnXdA.exe
  2⤵
  PID:2052
- C:\Windows\System\tnhxiaH.exe
  C:\Windows\System\tnhxiaH.exe
  2⤵
  PID:2260
- C:\Windows\System\dfyDVhw.exe
  C:\Windows\System\dfyDVhw.exe
  2⤵
  PID:2900
- C:\Windows\System\RfFOgye.exe
  C:\Windows\System\RfFOgye.exe
  2⤵
  PID:3068
- C:\Windows\System\OobvsRR.exe
  C:\Windows\System\OobvsRR.exe
  2⤵
  PID:2712
- C:\Windows\System\jhfnLwf.exe
  C:\Windows\System\jhfnLwf.exe
  2⤵
  PID:2628
- C:\Windows\System\rMeHWBB.exe
  C:\Windows\System\rMeHWBB.exe
  2⤵
  PID:976
- C:\Windows\System\tJfZDIA.exe
  C:\Windows\System\tJfZDIA.exe
  2⤵
  PID:2152
- C:\Windows\System\KUfQthd.exe
  C:\Windows\System\KUfQthd.exe
  2⤵
  PID:1496
- C:\Windows\System\CxhyyyB.exe
  C:\Windows\System\CxhyyyB.exe
  2⤵
  PID:1104
- C:\Windows\System\wzwHGgK.exe
  C:\Windows\System\wzwHGgK.exe
  2⤵
  PID:1796
- C:\Windows\System\TQCjxRo.exe
  C:\Windows\System\TQCjxRo.exe
  2⤵
  PID:1964
- C:\Windows\System\qIbTjzr.exe
  C:\Windows\System\qIbTjzr.exe
  2⤵
  PID:2708
- C:\Windows\System\eSFMqwO.exe
  C:\Windows\System\eSFMqwO.exe
  2⤵
  PID:1316
- C:\Windows\System\bBBtxjG.exe
  C:\Windows\System\bBBtxjG.exe
  2⤵
  PID:2136
- C:\Windows\System\VyCZEzH.exe
  C:\Windows\System\VyCZEzH.exe
  2⤵
  PID:2132
- C:\Windows\System\ZhEeOfG.exe
  C:\Windows\System\ZhEeOfG.exe
  2⤵
  PID:1524
- C:\Windows\System\GJVKSnw.exe
  C:\Windows\System\GJVKSnw.exe
  2⤵
  PID:1816
- C:\Windows\System\rXGJMwI.exe
  C:\Windows\System\rXGJMwI.exe
  2⤵
  PID:2752
- C:\Windows\System\wVHUnRG.exe
  C:\Windows\System\wVHUnRG.exe
  2⤵
  PID:1776
- C:\Windows\System\JRcofDj.exe
  C:\Windows\System\JRcofDj.exe
  2⤵
  PID:892
- C:\Windows\System\kgwemIB.exe
  C:\Windows\System\kgwemIB.exe
  2⤵
  PID:944
- C:\Windows\System\cJHbDYj.exe
  C:\Windows\System\cJHbDYj.exe
  2⤵
  PID:1516
- C:\Windows\System\GnjWmai.exe
  C:\Windows\System\GnjWmai.exe
  2⤵
  PID:884
- C:\Windows\System\JUlDPVd.exe
  C:\Windows\System\JUlDPVd.exe
  2⤵
  PID:1504
- C:\Windows\System\AfPVXUn.exe
  C:\Windows\System\AfPVXUn.exe
  2⤵
  PID:2584
- C:\Windows\System\pQvrjEo.exe
  C:\Windows\System\pQvrjEo.exe
  2⤵
  PID:2912
- C:\Windows\System\ACniWpu.exe
  C:\Windows\System\ACniWpu.exe
  2⤵
  PID:2548
- C:\Windows\System\FNznPvI.exe
  C:\Windows\System\FNznPvI.exe
  2⤵
  PID:2828
- C:\Windows\System\oZKlyVT.exe
  C:\Windows\System\oZKlyVT.exe
  2⤵
  PID:2880
- C:\Windows\System\IcfJUhK.exe
  C:\Windows\System\IcfJUhK.exe
  2⤵
  PID:1984
- C:\Windows\System\NUwTHGZ.exe
  C:\Windows\System\NUwTHGZ.exe
  2⤵
  PID:1652
- C:\Windows\System\ChKcegQ.exe
  C:\Windows\System\ChKcegQ.exe
  2⤵
  PID:2324
- C:\Windows\System\QsPulYF.exe
  C:\Windows\System\QsPulYF.exe
  2⤵
  PID:3084
- C:\Windows\System\wnaYZQi.exe
  C:\Windows\System\wnaYZQi.exe
  2⤵
  PID:3104
- C:\Windows\System\fRUXgBo.exe
  C:\Windows\System\fRUXgBo.exe
  2⤵
  PID:3124
- C:\Windows\System\fLUMFVF.exe
  C:\Windows\System\fLUMFVF.exe
  2⤵
  PID:3144
- C:\Windows\System\bpSnKbD.exe
  C:\Windows\System\bpSnKbD.exe
  2⤵
  PID:3164
- C:\Windows\System\qzBexkM.exe
  C:\Windows\System\qzBexkM.exe
  2⤵
  PID:3184
- C:\Windows\System\yugHhTz.exe
  C:\Windows\System\yugHhTz.exe
  2⤵
  PID:3204
- C:\Windows\System\WatRuLa.exe
  C:\Windows\System\WatRuLa.exe
  2⤵
  PID:3224
- C:\Windows\System\Wzgyyut.exe
  C:\Windows\System\Wzgyyut.exe
  2⤵
  PID:3244
- C:\Windows\System\GhJegcA.exe
  C:\Windows\System\GhJegcA.exe
  2⤵
  PID:3264
- C:\Windows\System\eFORKpE.exe
  C:\Windows\System\eFORKpE.exe
  2⤵
  PID:3504
- C:\Windows\System\DLxzaxb.exe
  C:\Windows\System\DLxzaxb.exe
  2⤵
  PID:3568
- C:\Windows\System\LJkxnNN.exe
  C:\Windows\System\LJkxnNN.exe
  2⤵
  PID:3588
- C:\Windows\System\gOKIZcy.exe
  C:\Windows\System\gOKIZcy.exe
  2⤵
  PID:3604
- C:\Windows\System\nzTwpjE.exe
  C:\Windows\System\nzTwpjE.exe
  2⤵
  PID:3636
- C:\Windows\System\QLEGgux.exe
  C:\Windows\System\QLEGgux.exe
  2⤵
  PID:3656
- C:\Windows\System\vBSXfKq.exe
  C:\Windows\System\vBSXfKq.exe
  2⤵
  PID:3680
- C:\Windows\System\xDuuHul.exe
  C:\Windows\System\xDuuHul.exe
  2⤵
  PID:3700
- C:\Windows\System\OKvRiez.exe
  C:\Windows\System\OKvRiez.exe
  2⤵
  PID:3764
- C:\Windows\System\MoicpVp.exe
  C:\Windows\System\MoicpVp.exe
  2⤵
  PID:3784
- C:\Windows\System\yvAHmTf.exe
  C:\Windows\System\yvAHmTf.exe
  2⤵
  PID:3804
- C:\Windows\System\oCZtVzI.exe
  C:\Windows\System\oCZtVzI.exe
  2⤵
  PID:3824
- C:\Windows\System\rUbbkBR.exe
  C:\Windows\System\rUbbkBR.exe
  2⤵
  PID:3844
- C:\Windows\System\AtUQSvX.exe
  C:\Windows\System\AtUQSvX.exe
  2⤵
  PID:3864
- C:\Windows\System\PgKUWBQ.exe
  C:\Windows\System\PgKUWBQ.exe
  2⤵
  PID:3884
- C:\Windows\System\vmbVkeX.exe
  C:\Windows\System\vmbVkeX.exe
  2⤵
  PID:3904
- C:\Windows\System\AtpzPlV.exe
  C:\Windows\System\AtpzPlV.exe
  2⤵
  PID:3924
- C:\Windows\System\wDyIDaC.exe
  C:\Windows\System\wDyIDaC.exe
  2⤵
  PID:3944
- C:\Windows\System\iQyrETQ.exe
  C:\Windows\System\iQyrETQ.exe
  2⤵
  PID:3964
- C:\Windows\System\lFxEXRx.exe
  C:\Windows\System\lFxEXRx.exe
  2⤵
  PID:3984
- C:\Windows\System\FryjVtR.exe
  C:\Windows\System\FryjVtR.exe
  2⤵
  PID:4008
- C:\Windows\System\CqBXloi.exe
  C:\Windows\System\CqBXloi.exe
  2⤵
  PID:4028
- C:\Windows\System\RpxpGXS.exe
  C:\Windows\System\RpxpGXS.exe
  2⤵
  PID:4048
- C:\Windows\System\HXbjEvc.exe
  C:\Windows\System\HXbjEvc.exe
  2⤵
  PID:4064
- C:\Windows\System\OSiSUYF.exe
  C:\Windows\System\OSiSUYF.exe
  2⤵
  PID:4084
- C:\Windows\System\AkXIISu.exe
  C:\Windows\System\AkXIISu.exe
  2⤵
  PID:788
- C:\Windows\System\Kypfnum.exe
  C:\Windows\System\Kypfnum.exe
  2⤵
  PID:984
- C:\Windows\System\xewSJeH.exe
  C:\Windows\System\xewSJeH.exe
  2⤵
  PID:1780
- C:\Windows\System\UcMIPpz.exe
  C:\Windows\System\UcMIPpz.exe
  2⤵
  PID:1772
- C:\Windows\System\CWpyAuq.exe
  C:\Windows\System\CWpyAuq.exe
  2⤵
  PID:740
- C:\Windows\System\DhSaSHW.exe
  C:\Windows\System\DhSaSHW.exe
  2⤵
  PID:1612
- C:\Windows\System\zCjmHkO.exe
  C:\Windows\System\zCjmHkO.exe
  2⤵
  PID:2624
- C:\Windows\System\IzWWsyX.exe
  C:\Windows\System\IzWWsyX.exe
  2⤵
  PID:1152
- C:\Windows\System\tUCqMyE.exe
  C:\Windows\System\tUCqMyE.exe
  2⤵
  PID:2220
- C:\Windows\System\ifUFFsH.exe
  C:\Windows\System\ifUFFsH.exe
  2⤵
  PID:3116
- C:\Windows\System\kqdOCBP.exe
  C:\Windows\System\kqdOCBP.exe
  2⤵
  PID:3200
- C:\Windows\System\GAbAbTn.exe
  C:\Windows\System\GAbAbTn.exe
  2⤵
  PID:3272
- C:\Windows\System\nVnOWEN.exe
  C:\Windows\System\nVnOWEN.exe
  2⤵
  PID:3612
- C:\Windows\System\QcBgiBh.exe
  C:\Windows\System\QcBgiBh.exe
  2⤵
  PID:3140
- C:\Windows\System\MynCpmA.exe
  C:\Windows\System\MynCpmA.exe
  2⤵
  PID:3172
- C:\Windows\System\jFoaTFI.exe
  C:\Windows\System\jFoaTFI.exe
  2⤵
  PID:3176
- C:\Windows\System\MKrYTKO.exe
  C:\Windows\System\MKrYTKO.exe
  2⤵
  PID:2264
- C:\Windows\System\RkfGqte.exe
  C:\Windows\System\RkfGqte.exe
  2⤵
  PID:3092
- C:\Windows\System\mpjhwMV.exe
  C:\Windows\System\mpjhwMV.exe
  2⤵
  PID:3100
- C:\Windows\System\ikkVvgQ.exe
  C:\Windows\System\ikkVvgQ.exe
  2⤵
  PID:3512
- C:\Windows\System\pBiWseb.exe
  C:\Windows\System\pBiWseb.exe
  2⤵
  PID:3760
- C:\Windows\System\FjuGKpp.exe
  C:\Windows\System\FjuGKpp.exe
  2⤵
  PID:3692
- C:\Windows\System\qNnnonn.exe
  C:\Windows\System\qNnnonn.exe
  2⤵
  PID:3836
- C:\Windows\System\FzVNPgV.exe
  C:\Windows\System\FzVNPgV.exe
  2⤵
  PID:3780
- C:\Windows\System\mwSpYif.exe
  C:\Windows\System\mwSpYif.exe
  2⤵
  PID:3916
- C:\Windows\System\gPkERbl.exe
  C:\Windows\System\gPkERbl.exe
  2⤵
  PID:3856
- C:\Windows\System\wfTheZO.exe
  C:\Windows\System\wfTheZO.exe
  2⤵
  PID:3892
- C:\Windows\System\JeqgSCZ.exe
  C:\Windows\System\JeqgSCZ.exe
  2⤵
  PID:4004
- C:\Windows\System\NFshyqg.exe
  C:\Windows\System\NFshyqg.exe
  2⤵
  PID:4040
- C:\Windows\System\xQVXjdr.exe
  C:\Windows\System\xQVXjdr.exe
  2⤵
  PID:3936
- C:\Windows\System\tAeQuQf.exe
  C:\Windows\System\tAeQuQf.exe
  2⤵
  PID:2644
- C:\Windows\System\jXUaQwL.exe
  C:\Windows\System\jXUaQwL.exe
  2⤵
  PID:4016
- C:\Windows\System\hpoNqwj.exe
  C:\Windows\System\hpoNqwj.exe
  2⤵
  PID:4060
- C:\Windows\System\kBmUpBQ.exe
  C:\Windows\System\kBmUpBQ.exe
  2⤵
  PID:2072
- C:\Windows\System\hXBqBUX.exe
  C:\Windows\System\hXBqBUX.exe
  2⤵
  PID:2408
- C:\Windows\System\zsLcsCR.exe
  C:\Windows\System\zsLcsCR.exe
  2⤵
  PID:1228
- C:\Windows\System\pwevghG.exe
  C:\Windows\System\pwevghG.exe
  2⤵
  PID:2996
- C:\Windows\System\RTbcORm.exe
  C:\Windows\System\RTbcORm.exe
  2⤵
  PID:2768
- C:\Windows\System\rDiQDgw.exe
  C:\Windows\System\rDiQDgw.exe
  2⤵
  PID:3160
- C:\Windows\System\AqfBfIZ.exe
  C:\Windows\System\AqfBfIZ.exe
  2⤵
  PID:3624
- C:\Windows\System\cHxTtFK.exe
  C:\Windows\System\cHxTtFK.exe
  2⤵
  PID:2868
- C:\Windows\System\qrkpQfD.exe
  C:\Windows\System\qrkpQfD.exe
  2⤵
  PID:3276
- C:\Windows\System\YDJzBYX.exe
  C:\Windows\System\YDJzBYX.exe
  2⤵
  PID:3220
- C:\Windows\System\gvkMIWd.exe
  C:\Windows\System\gvkMIWd.exe
  2⤵
  PID:3256
- C:\Windows\System\yRJXqDm.exe
  C:\Windows\System\yRJXqDm.exe
  2⤵
  PID:3672
- C:\Windows\System\xmXJoUe.exe
  C:\Windows\System\xmXJoUe.exe
  2⤵
  PID:3752
- C:\Windows\System\xMAfASe.exe
  C:\Windows\System\xMAfASe.exe
  2⤵
  PID:3816
- C:\Windows\System\kiDLTOZ.exe
  C:\Windows\System\kiDLTOZ.exe
  2⤵
  PID:3900
- C:\Windows\System\mLFoled.exe
  C:\Windows\System\mLFoled.exe
  2⤵
  PID:3840
- C:\Windows\System\oysptRD.exe
  C:\Windows\System\oysptRD.exe
  2⤵
  PID:2604
- C:\Windows\System\DoaczCg.exe
  C:\Windows\System\DoaczCg.exe
  2⤵
  PID:3980
- C:\Windows\System\Zcqfrmu.exe
  C:\Windows\System\Zcqfrmu.exe
  2⤵
  PID:1860
- C:\Windows\System\naTeDdd.exe
  C:\Windows\System\naTeDdd.exe
  2⤵
  PID:4036
- C:\Windows\System\zfAjxTu.exe
  C:\Windows\System\zfAjxTu.exe
  2⤵
  PID:3232
- C:\Windows\System\OTZrTBF.exe
  C:\Windows\System\OTZrTBF.exe
  2⤵
  PID:1028
- C:\Windows\System\VsLLavW.exe
  C:\Windows\System\VsLLavW.exe
  2⤵
  PID:336
- C:\Windows\System\uBXQWdc.exe
  C:\Windows\System\uBXQWdc.exe
  2⤵
  PID:2560
- C:\Windows\System\aDpbIjb.exe
  C:\Windows\System\aDpbIjb.exe
  2⤵
  PID:3028
- C:\Windows\System\HQNSZCY.exe
  C:\Windows\System\HQNSZCY.exe
  2⤵
  PID:2356
- C:\Windows\System\pSQXhct.exe
  C:\Windows\System\pSQXhct.exe
  2⤵
  PID:836
- C:\Windows\System\CFEhPxl.exe
  C:\Windows\System\CFEhPxl.exe
  2⤵
  PID:592
- C:\Windows\System\flwvxMy.exe
  C:\Windows\System\flwvxMy.exe
  2⤵
  PID:3716
- C:\Windows\System\gNEDluH.exe
  C:\Windows\System\gNEDluH.exe
  2⤵
  PID:3648
- C:\Windows\System\tdVUXpA.exe
  C:\Windows\System\tdVUXpA.exe
  2⤵
  PID:2520
- C:\Windows\System\ZiDRKTt.exe
  C:\Windows\System\ZiDRKTt.exe
  2⤵
  PID:2704
- C:\Windows\System\UlXngkn.exe
  C:\Windows\System\UlXngkn.exe
  2⤵
  PID:2988
- C:\Windows\System\BIQaMRt.exe
  C:\Windows\System\BIQaMRt.exe
  2⤵
  PID:2684
- C:\Windows\System\WlpiQYM.exe
  C:\Windows\System\WlpiQYM.exe
  2⤵
  PID:4044
- C:\Windows\System\PItjuOX.exe
  C:\Windows\System\PItjuOX.exe
  2⤵
  PID:2088
- C:\Windows\System\RVNganI.exe
  C:\Windows\System\RVNganI.exe
  2⤵
  PID:4076
- C:\Windows\System\CrquRgx.exe
  C:\Windows\System\CrquRgx.exe
  2⤵
  PID:3012
- C:\Windows\System\KisqrVu.exe
  C:\Windows\System\KisqrVu.exe
  2⤵
  PID:3260
- C:\Windows\System\rPsouny.exe
  C:\Windows\System\rPsouny.exe
  2⤵
  PID:3652
- C:\Windows\System\ACcBeoK.exe
  C:\Windows\System\ACcBeoK.exe
  2⤵
  PID:3180
- C:\Windows\System\jTbcOWf.exe
  C:\Windows\System\jTbcOWf.exe
  2⤵
  PID:4080
- C:\Windows\System\ndwTyER.exe
  C:\Windows\System\ndwTyER.exe
  2⤵
  PID:1684
- C:\Windows\System\ClMwxtY.exe
  C:\Windows\System\ClMwxtY.exe
  2⤵
  PID:2328
- C:\Windows\System\SfMPRaL.exe
  C:\Windows\System\SfMPRaL.exe
  2⤵
  PID:760
- C:\Windows\System\gElbkeq.exe
  C:\Windows\System\gElbkeq.exe
  2⤵
  PID:4092
- C:\Windows\System\MFMTsvK.exe
  C:\Windows\System\MFMTsvK.exe
  2⤵
  PID:4020
- C:\Windows\System\aOasbua.exe
  C:\Windows\System\aOasbua.exe
  2⤵
  PID:2120
- C:\Windows\System\xilagfh.exe
  C:\Windows\System\xilagfh.exe
  2⤵
  PID:2680
- C:\Windows\System\VBlpwGe.exe
  C:\Windows\System\VBlpwGe.exe
  2⤵
  PID:4112
- C:\Windows\System\ukFDlxf.exe
  C:\Windows\System\ukFDlxf.exe
  2⤵
  PID:4144
- C:\Windows\System\qXFTpNx.exe
  C:\Windows\System\qXFTpNx.exe
  2⤵
  PID:4160
- C:\Windows\System\TmkQldf.exe
  C:\Windows\System\TmkQldf.exe
  2⤵
  PID:4180
- C:\Windows\System\LNSmuak.exe
  C:\Windows\System\LNSmuak.exe
  2⤵
  PID:4196
- C:\Windows\System\SVopYWI.exe
  C:\Windows\System\SVopYWI.exe
  2⤵
  PID:4220
- C:\Windows\System\CaEjqpA.exe
  C:\Windows\System\CaEjqpA.exe
  2⤵
  PID:4248
- C:\Windows\System\rsDrFpa.exe
  C:\Windows\System\rsDrFpa.exe
  2⤵
  PID:4264
- C:\Windows\System\phetHTB.exe
  C:\Windows\System\phetHTB.exe
  2⤵
  PID:4284
- C:\Windows\System\hHgYCrS.exe
  C:\Windows\System\hHgYCrS.exe
  2⤵
  PID:4304
- C:\Windows\System\pmlMRrV.exe
  C:\Windows\System\pmlMRrV.exe
  2⤵
  PID:4320
- C:\Windows\System\faRikQl.exe
  C:\Windows\System\faRikQl.exe
  2⤵
  PID:4336
- C:\Windows\System\KXTUbuD.exe
  C:\Windows\System\KXTUbuD.exe
  2⤵
  PID:4360
- C:\Windows\System\onCbmaq.exe
  C:\Windows\System\onCbmaq.exe
  2⤵
  PID:4388
- C:\Windows\System\NUwugUj.exe
  C:\Windows\System\NUwugUj.exe
  2⤵
  PID:4408
- C:\Windows\System\EkqWxQw.exe
  C:\Windows\System\EkqWxQw.exe
  2⤵
  PID:4424
- C:\Windows\System\FkGXBaT.exe
  C:\Windows\System\FkGXBaT.exe
  2⤵
  PID:4440
- C:\Windows\System\mknsQMx.exe
  C:\Windows\System\mknsQMx.exe
  2⤵
  PID:4460
- C:\Windows\System\UXaCiCL.exe
  C:\Windows\System\UXaCiCL.exe
  2⤵
  PID:4484
- C:\Windows\System\WUpJdqP.exe
  C:\Windows\System\WUpJdqP.exe
  2⤵
  PID:4500
- C:\Windows\System\QfYlXhl.exe
  C:\Windows\System\QfYlXhl.exe
  2⤵
  PID:4524
- C:\Windows\System\LUmGTjC.exe
  C:\Windows\System\LUmGTjC.exe
  2⤵
  PID:4548
- C:\Windows\System\khqfdeI.exe
  C:\Windows\System\khqfdeI.exe
  2⤵
  PID:4580
- C:\Windows\System\kDfFZRc.exe
  C:\Windows\System\kDfFZRc.exe
  2⤵
  PID:4604
- C:\Windows\System\JRvRxaA.exe
  C:\Windows\System\JRvRxaA.exe
  2⤵
  PID:4620
- C:\Windows\System\kulHUVI.exe
  C:\Windows\System\kulHUVI.exe
  2⤵
  PID:4636
- C:\Windows\System\NVfRjij.exe
  C:\Windows\System\NVfRjij.exe
  2⤵
  PID:4652
- C:\Windows\System\QbDhNUW.exe
  C:\Windows\System\QbDhNUW.exe
  2⤵
  PID:4672
- C:\Windows\System\NnaDzwx.exe
  C:\Windows\System\NnaDzwx.exe
  2⤵
  PID:4688
- C:\Windows\System\bjSKCur.exe
  C:\Windows\System\bjSKCur.exe
  2⤵
  PID:4704
- C:\Windows\System\vIofeIu.exe
  C:\Windows\System\vIofeIu.exe
  2⤵
  PID:4728
- C:\Windows\System\GbluxPR.exe
  C:\Windows\System\GbluxPR.exe
  2⤵
  PID:4760
- C:\Windows\System\yvtRFzg.exe
  C:\Windows\System\yvtRFzg.exe
  2⤵
  PID:4780
- C:\Windows\System\ybOXfwg.exe
  C:\Windows\System\ybOXfwg.exe
  2⤵
  PID:4800
- C:\Windows\System\DAlirme.exe
  C:\Windows\System\DAlirme.exe
  2⤵
  PID:4820
- C:\Windows\System\LrdAWkg.exe
  C:\Windows\System\LrdAWkg.exe
  2⤵
  PID:4836
- C:\Windows\System\cOmoUJM.exe
  C:\Windows\System\cOmoUJM.exe
  2⤵
  PID:4860
- C:\Windows\System\jAMEwwn.exe
  C:\Windows\System\jAMEwwn.exe
  2⤵
  PID:4880
- C:\Windows\System\AeHjfpg.exe
  C:\Windows\System\AeHjfpg.exe
  2⤵
  PID:4900
- C:\Windows\System\ANXJUwN.exe
  C:\Windows\System\ANXJUwN.exe
  2⤵
  PID:4924
- C:\Windows\System\PnHWFmk.exe
  C:\Windows\System\PnHWFmk.exe
  2⤵
  PID:4940
- C:\Windows\System\AImnaLY.exe
  C:\Windows\System\AImnaLY.exe
  2⤵
  PID:4968
- C:\Windows\System\boihLWw.exe
  C:\Windows\System\boihLWw.exe
  2⤵
  PID:4984
- C:\Windows\System\NopScPG.exe
  C:\Windows\System\NopScPG.exe
  2⤵
  PID:5008
- C:\Windows\System\guwGHaT.exe
  C:\Windows\System\guwGHaT.exe
  2⤵
  PID:5024
- C:\Windows\System\stGzOcD.exe
  C:\Windows\System\stGzOcD.exe
  2⤵
  PID:5040
- C:\Windows\System\xDkBwBG.exe
  C:\Windows\System\xDkBwBG.exe
  2⤵
  PID:5056
- C:\Windows\System\eTmyLLN.exe
  C:\Windows\System\eTmyLLN.exe
  2⤵
  PID:5072
- C:\Windows\System\SfDkpHa.exe
  C:\Windows\System\SfDkpHa.exe
  2⤵
  PID:5088
- C:\Windows\System\bxLcbzD.exe
  C:\Windows\System\bxLcbzD.exe
  2⤵
  PID:5104
- C:\Windows\System\dMQBDkb.exe
  C:\Windows\System\dMQBDkb.exe
  2⤵
  PID:960
- C:\Windows\System\AGGbkBV.exe
  C:\Windows\System\AGGbkBV.exe
  2⤵
  PID:3992
- C:\Windows\System\IzmZfxJ.exe
  C:\Windows\System\IzmZfxJ.exe
  2⤵
  PID:4168
- C:\Windows\System\eGMFcvy.exe
  C:\Windows\System\eGMFcvy.exe
  2⤵
  PID:4172
- C:\Windows\System\FdHpgQT.exe
  C:\Windows\System\FdHpgQT.exe
  2⤵
  PID:4152
- C:\Windows\System\yfLoARA.exe
  C:\Windows\System\yfLoARA.exe
  2⤵
  PID:4240
- C:\Windows\System\reYsuBU.exe
  C:\Windows\System\reYsuBU.exe
  2⤵
  PID:4256
- C:\Windows\System\qJqiGNt.exe
  C:\Windows\System\qJqiGNt.exe
  2⤵
  PID:2696
- C:\Windows\System\qLYnDXf.exe
  C:\Windows\System\qLYnDXf.exe
  2⤵
  PID:4276
- C:\Windows\System\eHsAkqp.exe
  C:\Windows\System\eHsAkqp.exe
  2⤵
  PID:4300
- C:\Windows\System\vxHHzli.exe
  C:\Windows\System\vxHHzli.exe
  2⤵
  PID:4372
- C:\Windows\System\eiBwbQU.exe
  C:\Windows\System\eiBwbQU.exe
  2⤵
  PID:4348
- C:\Windows\System\LRavJiJ.exe
  C:\Windows\System\LRavJiJ.exe
  2⤵
  PID:4396
- C:\Windows\System\gfPZilf.exe
  C:\Windows\System\gfPZilf.exe
  2⤵
  PID:4452
- C:\Windows\System\VipqCiQ.exe
  C:\Windows\System\VipqCiQ.exe
  2⤵
  PID:4532
- C:\Windows\System\pOzRrcd.exe
  C:\Windows\System\pOzRrcd.exe
  2⤵
  PID:4540
- C:\Windows\System\dFSalve.exe
  C:\Windows\System\dFSalve.exe
  2⤵
  PID:4512
- C:\Windows\System\jbYgCjd.exe
  C:\Windows\System\jbYgCjd.exe
  2⤵
  PID:4516
- C:\Windows\System\qcuFxur.exe
  C:\Windows\System\qcuFxur.exe
  2⤵
  PID:4612
- C:\Windows\System\xTuXDWg.exe
  C:\Windows\System\xTuXDWg.exe
  2⤵
  PID:4632
- C:\Windows\System\lWvpZBj.exe
  C:\Windows\System\lWvpZBj.exe
  2⤵
  PID:4700
- C:\Windows\System\tflNucl.exe
  C:\Windows\System\tflNucl.exe
  2⤵
  PID:4716
- C:\Windows\System\XljEjUm.exe
  C:\Windows\System\XljEjUm.exe
  2⤵
  PID:2636
- C:\Windows\System\zevLoRm.exe
  C:\Windows\System\zevLoRm.exe
  2⤵
  PID:4768
- C:\Windows\System\HvAtPuL.exe
  C:\Windows\System\HvAtPuL.exe
  2⤵
  PID:4812
- C:\Windows\System\ZcPqkmr.exe
  C:\Windows\System\ZcPqkmr.exe
  2⤵
  PID:4868
- C:\Windows\System\mKgvFwE.exe
  C:\Windows\System\mKgvFwE.exe
  2⤵
  PID:4872
- C:\Windows\System\iHidYSV.exe
  C:\Windows\System\iHidYSV.exe
  2⤵
  PID:4856
- C:\Windows\System\ZnpKbEh.exe
  C:\Windows\System\ZnpKbEh.exe
  2⤵
  PID:4896
- C:\Windows\System\XRebebe.exe
  C:\Windows\System\XRebebe.exe
  2⤵
  PID:4956
- C:\Windows\System\aleKXcf.exe
  C:\Windows\System\aleKXcf.exe
  2⤵
  PID:4976
- C:\Windows\System\ozasRMf.exe
  C:\Windows\System\ozasRMf.exe
  2⤵
  PID:5096
- C:\Windows\System\VuHPeRI.exe
  C:\Windows\System\VuHPeRI.exe
  2⤵
  PID:5016
- C:\Windows\System\bxWbLGc.exe
  C:\Windows\System\bxWbLGc.exe
  2⤵
  PID:5048
- C:\Windows\System\PDRdhKl.exe
  C:\Windows\System\PDRdhKl.exe
  2⤵
  PID:5080
- C:\Windows\System\jeLWiYw.exe
  C:\Windows\System\jeLWiYw.exe
  2⤵
  PID:5116
- C:\Windows\System\uGjirzr.exe
  C:\Windows\System\uGjirzr.exe
  2⤵
  PID:4156
- C:\Windows\System\VGvwTxm.exe
  C:\Windows\System\VGvwTxm.exe
  2⤵
  PID:2908
- C:\Windows\System\oUOgkzl.exe
  C:\Windows\System\oUOgkzl.exe
  2⤵
  PID:4312
- C:\Windows\System\nbOpRxx.exe
  C:\Windows\System\nbOpRxx.exe
  2⤵
  PID:4384
- C:\Windows\System\WcHtGsk.exe
  C:\Windows\System\WcHtGsk.exe
  2⤵
  PID:4400
- C:\Windows\System\wSAflvW.exe
  C:\Windows\System\wSAflvW.exe
  2⤵
  PID:4564
- C:\Windows\System\TtsPzKO.exe
  C:\Windows\System\TtsPzKO.exe
  2⤵
  PID:4628
- C:\Windows\System\EcemxYF.exe
  C:\Windows\System\EcemxYF.exe
  2⤵
  PID:4664
- C:\Windows\System\wAcKobG.exe
  C:\Windows\System\wAcKobG.exe
  2⤵
  PID:2648
- C:\Windows\System\bvxPPWu.exe
  C:\Windows\System\bvxPPWu.exe
  2⤵
  PID:4724
- C:\Windows\System\fTKPRrw.exe
  C:\Windows\System\fTKPRrw.exe
  2⤵
  PID:2672
- C:\Windows\System\GBRTZzt.exe
  C:\Windows\System\GBRTZzt.exe
  2⤵
  PID:4752
- C:\Windows\System\geFPfJY.exe
  C:\Windows\System\geFPfJY.exe
  2⤵
  PID:4684
- C:\Windows\System\VoIDvIO.exe
  C:\Windows\System\VoIDvIO.exe
  2⤵
  PID:4852
- C:\Windows\System\xkkwOif.exe
  C:\Windows\System\xkkwOif.exe
  2⤵
  PID:4948
- C:\Windows\System\jVWeZoJ.exe
  C:\Windows\System\jVWeZoJ.exe
  2⤵
  PID:5032
- C:\Windows\System\UeYfwaK.exe
  C:\Windows\System\UeYfwaK.exe
  2⤵
  PID:4120
- C:\Windows\System\uhSPmit.exe
  C:\Windows\System\uhSPmit.exe
  2⤵
  PID:4888
- C:\Windows\System\rjbXZQR.exe
  C:\Windows\System\rjbXZQR.exe
  2⤵
  PID:3880
- C:\Windows\System\CBFScDM.exe
  C:\Windows\System\CBFScDM.exe
  2⤵
  PID:4236
- C:\Windows\System\VoyizYo.exe
  C:\Windows\System\VoyizYo.exe
  2⤵
  PID:4212
- C:\Windows\System\QZpPRci.exe
  C:\Windows\System\QZpPRci.exe
  2⤵
  PID:1872
- C:\Windows\System\nihBequ.exe
  C:\Windows\System\nihBequ.exe
  2⤵
  PID:4316
- C:\Windows\System\ZxFwvKS.exe
  C:\Windows\System\ZxFwvKS.exe
  2⤵
  PID:4596
- C:\Windows\System\RnIBcIt.exe
  C:\Windows\System\RnIBcIt.exe
  2⤵
  PID:4508
- C:\Windows\System\aIYlKLG.exe
  C:\Windows\System\aIYlKLG.exe
  2⤵
  PID:4644
- C:\Windows\System\gvfARUU.exe
  C:\Windows\System\gvfARUU.exe
  2⤵
  PID:4448
- C:\Windows\System\TftuGbk.exe
  C:\Windows\System\TftuGbk.exe
  2⤵
  PID:4600
- C:\Windows\System\kDktvpM.exe
  C:\Windows\System\kDktvpM.exe
  2⤵
  PID:4828
- C:\Windows\System\YQZEiWS.exe
  C:\Windows\System\YQZEiWS.exe
  2⤵
  PID:4136
- C:\Windows\System\duBHvjY.exe
  C:\Windows\System\duBHvjY.exe
  2⤵
  PID:4380
- C:\Windows\System\qrSVhvp.exe
  C:\Windows\System\qrSVhvp.exe
  2⤵
  PID:4260
- C:\Windows\System\ZFeGwtB.exe
  C:\Windows\System\ZFeGwtB.exe
  2⤵
  PID:2496
- C:\Windows\System\esTXDLX.exe
  C:\Windows\System\esTXDLX.exe
  2⤵
  PID:4720
- C:\Windows\System\gJHycza.exe
  C:\Windows\System\gJHycza.exe
  2⤵
  PID:4936
- C:\Windows\System\djXoIDs.exe
  C:\Windows\System\djXoIDs.exe
  2⤵
  PID:4668
- C:\Windows\System\TBaEkNa.exe
  C:\Windows\System\TBaEkNa.exe
  2⤵
  PID:4296
- C:\Windows\System\iDnKdUT.exe
  C:\Windows\System\iDnKdUT.exe
  2⤵
  PID:4808
- C:\Windows\System\dAxrDyE.exe
  C:\Windows\System\dAxrDyE.exe
  2⤵
  PID:5004
- C:\Windows\System\xURstne.exe
  C:\Windows\System\xURstne.exe
  2⤵
  PID:4472
- C:\Windows\System\nClyIPy.exe
  C:\Windows\System\nClyIPy.exe
  2⤵
  PID:4952
- C:\Windows\System\LCOAysK.exe
  C:\Windows\System\LCOAysK.exe
  2⤵
  PID:4108
- C:\Windows\System\TAHCVNK.exe
  C:\Windows\System\TAHCVNK.exe
  2⤵
  PID:4404
- C:\Windows\System\bfRSLyF.exe
  C:\Windows\System\bfRSLyF.exe
  2⤵
  PID:4740
- C:\Windows\System\wQhuYss.exe
  C:\Windows\System\wQhuYss.exe
  2⤵
  PID:4140
- C:\Windows\System\fTlBrfn.exe
  C:\Windows\System\fTlBrfn.exe
  2⤵
  PID:5132
- C:\Windows\System\lxhrVvY.exe
  C:\Windows\System\lxhrVvY.exe
  2⤵
  PID:5148
- C:\Windows\System\NyOOZFT.exe
  C:\Windows\System\NyOOZFT.exe
  2⤵
  PID:5192
- C:\Windows\System\bReShyY.exe
  C:\Windows\System\bReShyY.exe
  2⤵
  PID:5212
- C:\Windows\System\bxkzocW.exe
  C:\Windows\System\bxkzocW.exe
  2⤵
  PID:5228
- C:\Windows\System\WpeEPsO.exe
  C:\Windows\System\WpeEPsO.exe
  2⤵
  PID:5244
- C:\Windows\System\YwhPnLv.exe
  C:\Windows\System\YwhPnLv.exe
  2⤵
  PID:5260
- C:\Windows\System\xxlHIkI.exe
  C:\Windows\System\xxlHIkI.exe
  2⤵
  PID:5276
- C:\Windows\System\NXbHjLV.exe
  C:\Windows\System\NXbHjLV.exe
  2⤵
  PID:5296
- C:\Windows\System\sethRGk.exe
  C:\Windows\System\sethRGk.exe
  2⤵
  PID:5312
- C:\Windows\System\RUcVWZA.exe
  C:\Windows\System\RUcVWZA.exe
  2⤵
  PID:5328
- C:\Windows\System\oQySzpq.exe
  C:\Windows\System\oQySzpq.exe
  2⤵
  PID:5344
- C:\Windows\System\lJPcQnW.exe
  C:\Windows\System\lJPcQnW.exe
  2⤵
  PID:5388
- C:\Windows\System\RLXjVfP.exe
  C:\Windows\System\RLXjVfP.exe
  2⤵
  PID:5404
- C:\Windows\System\qxmXDcr.exe
  C:\Windows\System\qxmXDcr.exe
  2⤵
  PID:5436
- C:\Windows\System\jajayHF.exe
  C:\Windows\System\jajayHF.exe
  2⤵
  PID:5456
- C:\Windows\System\KTIvlAS.exe
  C:\Windows\System\KTIvlAS.exe
  2⤵
  PID:5480
- C:\Windows\System\twfmPEy.exe
  C:\Windows\System\twfmPEy.exe
  2⤵
  PID:5496
- C:\Windows\System\odCqEgF.exe
  C:\Windows\System\odCqEgF.exe
  2⤵
  PID:5512
- C:\Windows\System\IuflBdp.exe
  C:\Windows\System\IuflBdp.exe
  2⤵
  PID:5528
- C:\Windows\System\pAHvrJX.exe
  C:\Windows\System\pAHvrJX.exe
  2⤵
  PID:5560
- C:\Windows\System\rnkgyea.exe
  C:\Windows\System\rnkgyea.exe
  2⤵
  PID:5576
- C:\Windows\System\pmIfHhU.exe
  C:\Windows\System\pmIfHhU.exe
  2⤵
  PID:5600
- C:\Windows\System\MMSmpNl.exe
  C:\Windows\System\MMSmpNl.exe
  2⤵
  PID:5616
- C:\Windows\System\VhIWsIy.exe
  C:\Windows\System\VhIWsIy.exe
  2⤵
  PID:5632
- C:\Windows\System\tGOOExx.exe
  C:\Windows\System\tGOOExx.exe
  2⤵
  PID:5648
- C:\Windows\System\BahYnJv.exe
  C:\Windows\System\BahYnJv.exe
  2⤵
  PID:5664
- C:\Windows\System\LnvlQqQ.exe
  C:\Windows\System\LnvlQqQ.exe
  2⤵
  PID:5680
- C:\Windows\System\LKScNZo.exe
  C:\Windows\System\LKScNZo.exe
  2⤵
  PID:5700
- C:\Windows\System\xzRHFlg.exe
  C:\Windows\System\xzRHFlg.exe
  2⤵
  PID:5728
- C:\Windows\System\GRVbXGs.exe
  C:\Windows\System\GRVbXGs.exe
  2⤵
  PID:5760
- C:\Windows\System\KpkSNnm.exe
  C:\Windows\System\KpkSNnm.exe
  2⤵
  PID:5776
- C:\Windows\System\sBMroul.exe
  C:\Windows\System\sBMroul.exe
  2⤵
  PID:5792
- C:\Windows\System\CxiBsbD.exe
  C:\Windows\System\CxiBsbD.exe
  2⤵
  PID:5808
- C:\Windows\System\rafWdiG.exe
  C:\Windows\System\rafWdiG.exe
  2⤵
  PID:5824
- C:\Windows\System\UItBzfu.exe
  C:\Windows\System\UItBzfu.exe
  2⤵
  PID:5860
- C:\Windows\System\XNxJNAf.exe
  C:\Windows\System\XNxJNAf.exe
  2⤵
  PID:5876
- C:\Windows\System\VbleEhh.exe
  C:\Windows\System\VbleEhh.exe
  2⤵
  PID:5896
- C:\Windows\System\LAjtIEf.exe
  C:\Windows\System\LAjtIEf.exe
  2⤵
  PID:5912
- C:\Windows\System\IURlmWf.exe
  C:\Windows\System\IURlmWf.exe
  2⤵
  PID:5928
- C:\Windows\System\BamCuQS.exe
  C:\Windows\System\BamCuQS.exe
  2⤵
  PID:5944
- C:\Windows\System\aQCHuTK.exe
  C:\Windows\System\aQCHuTK.exe
  2⤵
  PID:5960
- C:\Windows\System\vCSfkep.exe
  C:\Windows\System\vCSfkep.exe
  2⤵
  PID:5980
- C:\Windows\System\fxlpJnC.exe
  C:\Windows\System\fxlpJnC.exe
  2⤵
  PID:5996
- C:\Windows\System\ejnEnEm.exe
  C:\Windows\System\ejnEnEm.exe
  2⤵
  PID:6020
- C:\Windows\System\jHqGoTG.exe
  C:\Windows\System\jHqGoTG.exe
  2⤵
  PID:6044
- C:\Windows\System\KcijLzz.exe
  C:\Windows\System\KcijLzz.exe
  2⤵
  PID:6060
- C:\Windows\System\xrHaXRN.exe
  C:\Windows\System\xrHaXRN.exe
  2⤵
  PID:6076
- C:\Windows\System\aLuTfes.exe
  C:\Windows\System\aLuTfes.exe
  2⤵
  PID:6096
- C:\Windows\System\lvxVchQ.exe
  C:\Windows\System\lvxVchQ.exe
  2⤵
  PID:6112
- C:\Windows\System\AgbmRmU.exe
  C:\Windows\System\AgbmRmU.exe
  2⤵
  PID:4832
- C:\Windows\System\BgErNPO.exe
  C:\Windows\System\BgErNPO.exe
  2⤵
  PID:4480
- C:\Windows\System\iLXiXJB.exe
  C:\Windows\System\iLXiXJB.exe
  2⤵
  PID:5156
- C:\Windows\System\OYfxasv.exe
  C:\Windows\System\OYfxasv.exe
  2⤵
  PID:5176
- C:\Windows\System\TUUmeew.exe
  C:\Windows\System\TUUmeew.exe
  2⤵
  PID:3712
- C:\Windows\System\hPBOJZR.exe
  C:\Windows\System\hPBOJZR.exe
  2⤵
  PID:5184
- C:\Windows\System\sdMaCAe.exe
  C:\Windows\System\sdMaCAe.exe
  2⤵
  PID:5236
- C:\Windows\System\umzCtTA.exe
  C:\Windows\System\umzCtTA.exe
  2⤵
  PID:5284
- C:\Windows\System\RejtHdY.exe
  C:\Windows\System\RejtHdY.exe
  2⤵
  PID:5352
- C:\Windows\System\qSJsghg.exe
  C:\Windows\System\qSJsghg.exe
  2⤵
  PID:5368
- C:\Windows\System\EQETbwY.exe
  C:\Windows\System\EQETbwY.exe
  2⤵
  PID:5240
- C:\Windows\System\pvbKqvQ.exe
  C:\Windows\System\pvbKqvQ.exe
  2⤵
  PID:5372
- C:\Windows\System\wrCsEuu.exe
  C:\Windows\System\wrCsEuu.exe
  2⤵
  PID:5420
- C:\Windows\System\dbuAWnX.exe
  C:\Windows\System\dbuAWnX.exe
  2⤵
  PID:5416
- C:\Windows\System\ZBJIKTK.exe
  C:\Windows\System\ZBJIKTK.exe
  2⤵
  PID:5464
- C:\Windows\System\XhhtLkr.exe
  C:\Windows\System\XhhtLkr.exe
  2⤵
  PID:5504
- C:\Windows\System\qRXjnPn.exe
  C:\Windows\System\qRXjnPn.exe
  2⤵
  PID:5544
- C:\Windows\System\wLVOTXo.exe
  C:\Windows\System\wLVOTXo.exe
  2⤵
  PID:2128
- C:\Windows\System\IJDtHhd.exe
  C:\Windows\System\IJDtHhd.exe
  2⤵
  PID:1808
- C:\Windows\System\GGgqFPW.exe
  C:\Windows\System\GGgqFPW.exe
  2⤵
  PID:5656
- C:\Windows\System\hRodTOb.exe
  C:\Windows\System\hRodTOb.exe
  2⤵
  PID:5640
- C:\Windows\System\RgtWgRd.exe
  C:\Windows\System\RgtWgRd.exe
  2⤵
  PID:5612
- C:\Windows\System\uSRzaHH.exe
  C:\Windows\System\uSRzaHH.exe
  2⤵
  PID:5720
- C:\Windows\System\GSCvWty.exe
  C:\Windows\System\GSCvWty.exe
  2⤵
  PID:5676
- C:\Windows\System\ORAuqfI.exe
  C:\Windows\System\ORAuqfI.exe
  2⤵
  PID:5748
- C:\Windows\System\KfOxYbY.exe
  C:\Windows\System\KfOxYbY.exe
  2⤵
  PID:5816
- C:\Windows\System\OwAAjQg.exe
  C:\Windows\System\OwAAjQg.exe
  2⤵
  PID:5844
- C:\Windows\System\VOrhGyf.exe
  C:\Windows\System\VOrhGyf.exe
  2⤵
  PID:5868
- C:\Windows\System\DdOialN.exe
  C:\Windows\System\DdOialN.exe
  2⤵
  PID:5936
- C:\Windows\System\qTVmJES.exe
  C:\Windows\System\qTVmJES.exe
  2⤵
  PID:5976
- C:\Windows\System\Wygkdpz.exe
  C:\Windows\System\Wygkdpz.exe
  2⤵
  PID:5884
- C:\Windows\System\jptmryC.exe
  C:\Windows\System\jptmryC.exe
  2⤵
  PID:6132
- C:\Windows\System\ilYtiCP.exe
  C:\Windows\System\ilYtiCP.exe
  2⤵
  PID:5112
- C:\Windows\System\qAcEBoF.exe
  C:\Windows\System\qAcEBoF.exe
  2⤵
  PID:5956
- C:\Windows\System\RgjibRi.exe
  C:\Windows\System\RgjibRi.exe
  2⤵
  PID:5124
- C:\Windows\System\UjwmncI.exe
  C:\Windows\System\UjwmncI.exe
  2⤵
  PID:5068
- C:\Windows\System\ONJRCey.exe
  C:\Windows\System\ONJRCey.exe
  2⤵
  PID:6028
- C:\Windows\System\bZversP.exe
  C:\Windows\System\bZversP.exe
  2⤵
  PID:6108
- C:\Windows\System\nsWWesu.exe
  C:\Windows\System\nsWWesu.exe
  2⤵
  PID:5204
- C:\Windows\System\yRUpScq.exe
  C:\Windows\System\yRUpScq.exe
  2⤵
  PID:5376
- C:\Windows\System\kYCYMAJ.exe
  C:\Windows\System\kYCYMAJ.exe
  2⤵
  PID:5272
- C:\Windows\System\ugbHgGc.exe
  C:\Windows\System\ugbHgGc.exe
  2⤵
  PID:5172
- C:\Windows\System\iLKQxBx.exe
  C:\Windows\System\iLKQxBx.exe
  2⤵
  PID:5252
- C:\Windows\System\DAekkXA.exe
  C:\Windows\System\DAekkXA.exe
  2⤵
  PID:5360
- C:\Windows\System\YwpOjit.exe
  C:\Windows\System\YwpOjit.exe
  2⤵
  PID:2304
- C:\Windows\System\NlwfrXd.exe
  C:\Windows\System\NlwfrXd.exe
  2⤵
  PID:5520
- C:\Windows\System\lnvUfmv.exe
  C:\Windows\System\lnvUfmv.exe
  2⤵
  PID:5572
- C:\Windows\System\tAUocIJ.exe
  C:\Windows\System\tAUocIJ.exe
  2⤵
  PID:5596
- C:\Windows\System\VIKcwvw.exe
  C:\Windows\System\VIKcwvw.exe
  2⤵
  PID:5696
- C:\Windows\System\DtSQvMV.exe
  C:\Windows\System\DtSQvMV.exe
  2⤵
  PID:5716
- C:\Windows\System\siEzgbo.exe
  C:\Windows\System\siEzgbo.exe
  2⤵
  PID:5840
- C:\Windows\System\UQSvWNJ.exe
  C:\Windows\System\UQSvWNJ.exe
  2⤵
  PID:5756
- C:\Windows\System\ryKcMBs.exe
  C:\Windows\System\ryKcMBs.exe
  2⤵
  PID:5672
- C:\Windows\System\Ydtmbey.exe
  C:\Windows\System\Ydtmbey.exe
  2⤵
  PID:6012
- C:\Windows\System\yAhWmLH.exe
  C:\Windows\System\yAhWmLH.exe
  2⤵
  PID:6052
- C:\Windows\System\PZbNYBZ.exe
  C:\Windows\System\PZbNYBZ.exe
  2⤵
  PID:6084
- C:\Windows\System\awKbMpA.exe
  C:\Windows\System\awKbMpA.exe
  2⤵
  PID:1056
- C:\Windows\System\hCygKTq.exe
  C:\Windows\System\hCygKTq.exe
  2⤵
  PID:6036
- C:\Windows\System\ZtKKZdj.exe
  C:\Windows\System\ZtKKZdj.exe
  2⤵
  PID:4356
- C:\Windows\System\DMzAHNc.exe
  C:\Windows\System\DMzAHNc.exe
  2⤵
  PID:5200
- C:\Windows\System\MDsglQB.exe
  C:\Windows\System\MDsglQB.exe
  2⤵
  PID:6104
- C:\Windows\System\usYZxfb.exe
  C:\Windows\System\usYZxfb.exe
  2⤵
  PID:5268
- C:\Windows\System\UaaLHwh.exe
  C:\Windows\System\UaaLHwh.exe
  2⤵
  PID:2784
- C:\Windows\System\cDFrHgn.exe
  C:\Windows\System\cDFrHgn.exe
  2⤵
  PID:5428
- C:\Windows\System\jfRlggg.exe
  C:\Windows\System\jfRlggg.exe
  2⤵
  PID:5164
- C:\Windows\System\Hezzsax.exe
  C:\Windows\System\Hezzsax.exe
  2⤵
  PID:1244
- C:\Windows\System\BUHBQgV.exe
  C:\Windows\System\BUHBQgV.exe
  2⤵
  PID:5548
- C:\Windows\System\xQyCODQ.exe
  C:\Windows\System\xQyCODQ.exe
  2⤵
  PID:5820
- C:\Windows\System\QoaEGBe.exe
  C:\Windows\System\QoaEGBe.exe
  2⤵
  PID:5788
- C:\Windows\System\dLvaJMt.exe
  C:\Windows\System\dLvaJMt.exe
  2⤵
  PID:6056
- C:\Windows\System\fTLvlkg.exe
  C:\Windows\System\fTLvlkg.exe
  2⤵
  PID:6004
- C:\Windows\System\bKBRzRy.exe
  C:\Windows\System\bKBRzRy.exe
  2⤵
  PID:5712
- C:\Windows\System\aZnbXyD.exe
  C:\Windows\System\aZnbXyD.exe
  2⤵
  PID:6032
- C:\Windows\System\khFOJHF.exe
  C:\Windows\System\khFOJHF.exe
  2⤵
  PID:5476
- C:\Windows\System\lEfBFUw.exe
  C:\Windows\System\lEfBFUw.exe
  2⤵
  PID:6068
- C:\Windows\System\sGSVCgG.exe
  C:\Windows\System\sGSVCgG.exe
  2⤵
  PID:5524
- C:\Windows\System\ctUkSKe.exe
  C:\Windows\System\ctUkSKe.exe
  2⤵
  PID:5660
- C:\Windows\System\ffxvDFh.exe
  C:\Windows\System\ffxvDFh.exe
  2⤵
  PID:5924
- C:\Windows\System\kjzcNpB.exe
  C:\Windows\System\kjzcNpB.exe
  2⤵
  PID:3632
- C:\Windows\System\wEJjZvw.exe
  C:\Windows\System\wEJjZvw.exe
  2⤵
  PID:5644
- C:\Windows\System\klHSoTK.exe
  C:\Windows\System\klHSoTK.exe
  2⤵
  PID:6160
- C:\Windows\System\tzMblxl.exe
  C:\Windows\System\tzMblxl.exe
  2⤵
  PID:6188
- C:\Windows\System\PMmTsOz.exe
  C:\Windows\System\PMmTsOz.exe
  2⤵
  PID:6204
- C:\Windows\System\DPvJvEG.exe
  C:\Windows\System\DPvJvEG.exe
  2⤵
  PID:6220
- C:\Windows\System\NkWkUFx.exe
  C:\Windows\System\NkWkUFx.exe
  2⤵
  PID:6240
- C:\Windows\System\tcKMfkL.exe
  C:\Windows\System\tcKMfkL.exe
  2⤵
  PID:6256
- C:\Windows\System\gGuMnBR.exe
  C:\Windows\System\gGuMnBR.exe
  2⤵
  PID:6272
- C:\Windows\System\ogbNoRV.exe
  C:\Windows\System\ogbNoRV.exe
  2⤵
  PID:6288
- C:\Windows\System\zLvlVHr.exe
  C:\Windows\System\zLvlVHr.exe
  2⤵
  PID:6308
- C:\Windows\System\jhzQTtZ.exe
  C:\Windows\System\jhzQTtZ.exe
  2⤵
  PID:6332
- C:\Windows\System\HtlQMil.exe
  C:\Windows\System\HtlQMil.exe
  2⤵
  PID:6356
- C:\Windows\System\JBpRSDz.exe
  C:\Windows\System\JBpRSDz.exe
  2⤵
  PID:6380
- C:\Windows\System\fgCdjCG.exe
  C:\Windows\System\fgCdjCG.exe
  2⤵
  PID:6400
- C:\Windows\System\OcxkbgT.exe
  C:\Windows\System\OcxkbgT.exe
  2⤵
  PID:6420
- C:\Windows\System\bJDbRFd.exe
  C:\Windows\System\bJDbRFd.exe
  2⤵
  PID:6436
- C:\Windows\System\QwrhoeA.exe
  C:\Windows\System\QwrhoeA.exe
  2⤵
  PID:6460
- C:\Windows\System\WxHVqvY.exe
  C:\Windows\System\WxHVqvY.exe
  2⤵
  PID:6476
- C:\Windows\System\WRJOOrD.exe
  C:\Windows\System\WRJOOrD.exe
  2⤵
  PID:6492
- C:\Windows\System\nrrwFKe.exe
  C:\Windows\System\nrrwFKe.exe
  2⤵
  PID:6516
- C:\Windows\System\dYmKQBd.exe
  C:\Windows\System\dYmKQBd.exe
  2⤵
  PID:6544
- C:\Windows\System\LezHmAx.exe
  C:\Windows\System\LezHmAx.exe
  2⤵
  PID:6572
- C:\Windows\System\jHyCRiM.exe
  C:\Windows\System\jHyCRiM.exe
  2⤵
  PID:6588
- C:\Windows\System\nYeBLvb.exe
  C:\Windows\System\nYeBLvb.exe
  2⤵
  PID:6608
- C:\Windows\System\KrGYNkF.exe
  C:\Windows\System\KrGYNkF.exe
  2⤵
  PID:6636
- C:\Windows\System\YYROECc.exe
  C:\Windows\System\YYROECc.exe
  2⤵
  PID:6652
- C:\Windows\System\IgLBKXq.exe
  C:\Windows\System\IgLBKXq.exe
  2⤵
  PID:6668
- C:\Windows\System\svvAZxk.exe
  C:\Windows\System\svvAZxk.exe
  2⤵
  PID:6688
- C:\Windows\System\kJqIKmA.exe
  C:\Windows\System\kJqIKmA.exe
  2⤵
  PID:6704
- C:\Windows\System\CuNMrns.exe
  C:\Windows\System\CuNMrns.exe
  2⤵
  PID:6720
- C:\Windows\System\JNeVUWv.exe
  C:\Windows\System\JNeVUWv.exe
  2⤵
  PID:6736
- C:\Windows\System\uFUwVuK.exe
  C:\Windows\System\uFUwVuK.exe
  2⤵
  PID:6752
- C:\Windows\System\cqKctXV.exe
  C:\Windows\System\cqKctXV.exe
  2⤵
  PID:6768
- C:\Windows\System\rWTbibm.exe
  C:\Windows\System\rWTbibm.exe
  2⤵
  PID:6796
- C:\Windows\System\hsXGkbF.exe
  C:\Windows\System\hsXGkbF.exe
  2⤵
  PID:6812
- C:\Windows\System\zXPktKC.exe
  C:\Windows\System\zXPktKC.exe
  2⤵
  PID:6864
- C:\Windows\System\oyUZzvq.exe
  C:\Windows\System\oyUZzvq.exe
  2⤵
  PID:6880
- C:\Windows\System\eXpeurD.exe
  C:\Windows\System\eXpeurD.exe
  2⤵
  PID:6896
- C:\Windows\System\tXTUAou.exe
  C:\Windows\System\tXTUAou.exe
  2⤵
  PID:6912
- C:\Windows\System\ZqHoJED.exe
  C:\Windows\System\ZqHoJED.exe
  2⤵
  PID:6932
- C:\Windows\System\QsprKDG.exe
  C:\Windows\System\QsprKDG.exe
  2⤵
  PID:6952
- C:\Windows\System\yWXBjHY.exe
  C:\Windows\System\yWXBjHY.exe
  2⤵
  PID:6976
- C:\Windows\System\tOWrdIk.exe
  C:\Windows\System\tOWrdIk.exe
  2⤵
  PID:6992
- C:\Windows\System\DtZkInG.exe
  C:\Windows\System\DtZkInG.exe
  2⤵
  PID:7012
- C:\Windows\System\QtqBhNr.exe
  C:\Windows\System\QtqBhNr.exe
  2⤵
  PID:7028
- C:\Windows\System\uauxcmY.exe
  C:\Windows\System\uauxcmY.exe
  2⤵
  PID:7044
- C:\Windows\System\VyTyTDg.exe
  C:\Windows\System\VyTyTDg.exe
  2⤵
  PID:7060
- C:\Windows\System\kxfMyxr.exe
  C:\Windows\System\kxfMyxr.exe
  2⤵
  PID:7076
- C:\Windows\System\aZVcybI.exe
  C:\Windows\System\aZVcybI.exe
  2⤵
  PID:7120
- C:\Windows\System\HZOWuQA.exe
  C:\Windows\System\HZOWuQA.exe
  2⤵
  PID:7152
- C:\Windows\System\pSzMDmz.exe
  C:\Windows\System\pSzMDmz.exe
  2⤵
  PID:5324
- C:\Windows\System\bMrzWcj.exe
  C:\Windows\System\bMrzWcj.exe
  2⤵
  PID:6156
- C:\Windows\System\VhrVaxe.exe
  C:\Windows\System\VhrVaxe.exe
  2⤵
  PID:6196
- C:\Windows\System\QCIVPpn.exe
  C:\Windows\System\QCIVPpn.exe
  2⤵
  PID:6228
- C:\Windows\System\pWfjfVI.exe
  C:\Windows\System\pWfjfVI.exe
  2⤵
  PID:6304
- C:\Windows\System\vhgvoum.exe
  C:\Windows\System\vhgvoum.exe
  2⤵
  PID:6352
- C:\Windows\System\OFvDLzH.exe
  C:\Windows\System\OFvDLzH.exe
  2⤵
  PID:4244
- C:\Windows\System\IIxMLtd.exe
  C:\Windows\System\IIxMLtd.exe
  2⤵
  PID:6428
- C:\Windows\System\mSNMXCx.exe
  C:\Windows\System\mSNMXCx.exe
  2⤵
  PID:5904
- C:\Windows\System\cUCfpJa.exe
  C:\Windows\System\cUCfpJa.exe
  2⤵
  PID:5492
- C:\Windows\System\pFCBifN.exe
  C:\Windows\System\pFCBifN.exe
  2⤵
  PID:5836
- C:\Windows\System\LqOVpnk.exe
  C:\Windows\System\LqOVpnk.exe
  2⤵
  PID:6472
- C:\Windows\System\GkrgkNn.exe
  C:\Windows\System\GkrgkNn.exe
  2⤵
  PID:6212
- C:\Windows\System\YOvjvtj.exe
  C:\Windows\System\YOvjvtj.exe
  2⤵
  PID:6600
- C:\Windows\System\UJhUllk.exe
  C:\Windows\System\UJhUllk.exe
  2⤵
  PID:5188
- C:\Windows\System\fSVOMqm.exe
  C:\Windows\System\fSVOMqm.exe
  2⤵
  PID:6252
- C:\Windows\System\IKrHFkZ.exe
  C:\Windows\System\IKrHFkZ.exe
  2⤵
  PID:6580
- C:\Windows\System\GWVztPC.exe
  C:\Windows\System\GWVztPC.exe
  2⤵
  PID:6616
- C:\Windows\System\CBxmrTj.exe
  C:\Windows\System\CBxmrTj.exe
  2⤵
  PID:6676
- C:\Windows\System\cGFCCyx.exe
  C:\Windows\System\cGFCCyx.exe
  2⤵
  PID:6780
- C:\Windows\System\XsZnWuI.exe
  C:\Windows\System\XsZnWuI.exe
  2⤵
  PID:6820
- C:\Windows\System\UfouopQ.exe
  C:\Windows\System\UfouopQ.exe
  2⤵
  PID:6448
- C:\Windows\System\AJYnfyr.exe
  C:\Windows\System\AJYnfyr.exe
  2⤵
  PID:6840
- C:\Windows\System\OyTKQeH.exe
  C:\Windows\System\OyTKQeH.exe
  2⤵
  PID:6804
- C:\Windows\System\LqcfCcD.exe
  C:\Windows\System\LqcfCcD.exe
  2⤵
  PID:6852
- C:\Windows\System\OtGkFwz.exe
  C:\Windows\System\OtGkFwz.exe
  2⤵
  PID:6824
- C:\Windows\System\DRFGKvz.exe
  C:\Windows\System\DRFGKvz.exe
  2⤵
  PID:6760
- C:\Windows\System\qVmLMQk.exe
  C:\Windows\System\qVmLMQk.exe
  2⤵
  PID:6872
- C:\Windows\System\fObPsud.exe
  C:\Windows\System\fObPsud.exe
  2⤵
  PID:6960
- C:\Windows\System\lJPHQDr.exe
  C:\Windows\System\lJPHQDr.exe
  2⤵
  PID:6972
- C:\Windows\System\UiNgStM.exe
  C:\Windows\System\UiNgStM.exe
  2⤵
  PID:6948
- C:\Windows\System\meBWOWS.exe
  C:\Windows\System\meBWOWS.exe
  2⤵
  PID:6940
- C:\Windows\System\FoDYMvb.exe
  C:\Windows\System\FoDYMvb.exe
  2⤵
  PID:7096
- C:\Windows\System\BcXCIYR.exe
  C:\Windows\System\BcXCIYR.exe
  2⤵
  PID:7104
- C:\Windows\System\EpuXvsL.exe
  C:\Windows\System\EpuXvsL.exe
  2⤵
  PID:7056
- C:\Windows\System\XBFcomr.exe
  C:\Windows\System\XBFcomr.exe
  2⤵
  PID:7132
- C:\Windows\System\QBHhBrC.exe
  C:\Windows\System\QBHhBrC.exe
  2⤵
  PID:7164
- C:\Windows\System\XhARAsX.exe
  C:\Windows\System\XhARAsX.exe
  2⤵
  PID:6340
- C:\Windows\System\RLoztVT.exe
  C:\Windows\System\RLoztVT.exe
  2⤵
  PID:6552
- C:\Windows\System\ZHulonX.exe
  C:\Windows\System\ZHulonX.exe
  2⤵
  PID:6300
- C:\Windows\System\tjrDNUq.exe
  C:\Windows\System\tjrDNUq.exe
  2⤵
  PID:5888
- C:\Windows\System\tycknSd.exe
  C:\Windows\System\tycknSd.exe
  2⤵
  PID:6556
- C:\Windows\System\NjjMnJw.exe
  C:\Windows\System\NjjMnJw.exe
  2⤵
  PID:5432
- C:\Windows\System\beFWxAx.exe
  C:\Windows\System\beFWxAx.exe
  2⤵
  PID:6508
- C:\Windows\System\LanNAMl.exe
  C:\Windows\System\LanNAMl.exe
  2⤵
  PID:6532
- C:\Windows\System\QdUJfzZ.exe
  C:\Windows\System\QdUJfzZ.exe
  2⤵
  PID:6284
- C:\Windows\System\NGkjwqs.exe
  C:\Windows\System\NGkjwqs.exe
  2⤵
  PID:6488
- C:\Windows\System\DFmoMtj.exe
  C:\Windows\System\DFmoMtj.exe
  2⤵
  PID:6776
- C:\Windows\System\qKgQWGY.exe
  C:\Windows\System\qKgQWGY.exe
  2⤵
  PID:6788
- C:\Windows\System\FuKJQqa.exe
  C:\Windows\System\FuKJQqa.exe
  2⤵
  PID:6832
- C:\Windows\System\xUJAHou.exe
  C:\Windows\System\xUJAHou.exe
  2⤵
  PID:6728
- C:\Windows\System\hmrQslw.exe
  C:\Windows\System\hmrQslw.exe
  2⤵
  PID:6856
- C:\Windows\System\kZEYQui.exe
  C:\Windows\System\kZEYQui.exe
  2⤵
  PID:6924
- C:\Windows\System\phHfTMA.exe
  C:\Windows\System\phHfTMA.exe
  2⤵
  PID:6696
- C:\Windows\System\cyeUaOx.exe
  C:\Windows\System\cyeUaOx.exe
  2⤵
  PID:6908
- C:\Windows\System\TFHUpfv.exe
  C:\Windows\System\TFHUpfv.exe
  2⤵
  PID:7040
- C:\Windows\System\NkrVFJX.exe
  C:\Windows\System\NkrVFJX.exe
  2⤵
  PID:7084
- C:\Windows\System\ghAdIpQ.exe
  C:\Windows\System\ghAdIpQ.exe
  2⤵
  PID:6392
- C:\Windows\System\jnzviIx.exe
  C:\Windows\System\jnzviIx.exe
  2⤵
  PID:7116
- C:\Windows\System\CusFgMG.exe
  C:\Windows\System\CusFgMG.exe
  2⤵
  PID:4912
- C:\Windows\System\JIIIPDp.exe
  C:\Windows\System\JIIIPDp.exe
  2⤵
  PID:6172
- C:\Windows\System\YxHQRpZ.exe
  C:\Windows\System\YxHQRpZ.exe
  2⤵
  PID:6504
- C:\Windows\System\EytlSgj.exe
  C:\Windows\System\EytlSgj.exe
  2⤵
  PID:6316
- C:\Windows\System\wAQFzHM.exe
  C:\Windows\System\wAQFzHM.exe
  2⤵
  PID:6604
- C:\Windows\System\KNOPnuq.exe
  C:\Windows\System\KNOPnuq.exe
  2⤵
  PID:6712
- C:\Windows\System\RHzseYH.exe
  C:\Windows\System\RHzseYH.exe
  2⤵
  PID:6416
- C:\Windows\System\iDillCE.exe
  C:\Windows\System\iDillCE.exe
  2⤵
  PID:6968
- C:\Windows\System\XHCKJuu.exe
  C:\Windows\System\XHCKJuu.exe
  2⤵
  PID:7008
- C:\Windows\System\LrljxFg.exe
  C:\Windows\System\LrljxFg.exe
  2⤵
  PID:6320
- C:\Windows\System\AcHQGWp.exe
  C:\Windows\System\AcHQGWp.exe
  2⤵
  PID:6264
- C:\Windows\System\RzqWQKK.exe
  C:\Windows\System\RzqWQKK.exe
  2⤵
  PID:6468
- C:\Windows\System\woZFyfk.exe
  C:\Windows\System\woZFyfk.exe
  2⤵
  PID:6564
- C:\Windows\System\qmxGrpa.exe
  C:\Windows\System\qmxGrpa.exe
  2⤵
  PID:7128
- C:\Windows\System\bdBEhOa.exe
  C:\Windows\System\bdBEhOa.exe
  2⤵
  PID:6408
- C:\Windows\System\nelCMIr.exe
  C:\Windows\System\nelCMIr.exe
  2⤵
  PID:6744
- C:\Windows\System\RREpKMl.exe
  C:\Windows\System\RREpKMl.exe
  2⤵
  PID:6152
- C:\Windows\System\ChinbUe.exe
  C:\Windows\System\ChinbUe.exe
  2⤵
  PID:1992
- C:\Windows\System\pBVmIAW.exe
  C:\Windows\System\pBVmIAW.exe
  2⤵
  PID:7160
- C:\Windows\System\nJJFCUy.exe
  C:\Windows\System\nJJFCUy.exe
  2⤵
  PID:7024
- C:\Windows\System\zMawnYa.exe
  C:\Windows\System\zMawnYa.exe
  2⤵
  PID:7184
- C:\Windows\System\TPyWhzH.exe
  C:\Windows\System\TPyWhzH.exe
  2⤵
  PID:7200
- C:\Windows\System\obhwAus.exe
  C:\Windows\System\obhwAus.exe
  2⤵
  PID:7216
- C:\Windows\System\dkksTSA.exe
  C:\Windows\System\dkksTSA.exe
  2⤵
  PID:7232
- C:\Windows\System\GrokxKo.exe
  C:\Windows\System\GrokxKo.exe
  2⤵
  PID:7256
- C:\Windows\System\OsHrwjG.exe
  C:\Windows\System\OsHrwjG.exe
  2⤵
  PID:7276
- C:\Windows\System\QYNfMly.exe
  C:\Windows\System\QYNfMly.exe
  2⤵
  PID:7300
- C:\Windows\System\foOUrbg.exe
  C:\Windows\System\foOUrbg.exe
  2⤵
  PID:7320
- C:\Windows\System\CdywZIu.exe
  C:\Windows\System\CdywZIu.exe
  2⤵
  PID:7336
- C:\Windows\System\bGNpLAs.exe
  C:\Windows\System\bGNpLAs.exe
  2⤵
  PID:7368
- C:\Windows\System\REHToWw.exe
  C:\Windows\System\REHToWw.exe
  2⤵
  PID:7408
- C:\Windows\System\aNbJwBo.exe
  C:\Windows\System\aNbJwBo.exe
  2⤵
  PID:7424
- C:\Windows\System\QZGZvXx.exe
  C:\Windows\System\QZGZvXx.exe
  2⤵
  PID:7440
- C:\Windows\System\CIbokSG.exe
  C:\Windows\System\CIbokSG.exe
  2⤵
  PID:7500
- C:\Windows\System\ZiCmZAh.exe
  C:\Windows\System\ZiCmZAh.exe
  2⤵
  PID:7516
- C:\Windows\System\TuTLpaS.exe
  C:\Windows\System\TuTLpaS.exe
  2⤵
  PID:7532
- C:\Windows\System\kQhWZVA.exe
  C:\Windows\System\kQhWZVA.exe
  2⤵
  PID:7548
- C:\Windows\System\USEBznW.exe
  C:\Windows\System\USEBznW.exe
  2⤵
  PID:7568
- C:\Windows\System\qAoHonu.exe
  C:\Windows\System\qAoHonu.exe
  2⤵
  PID:7584
- C:\Windows\System\wvsaJWc.exe
  C:\Windows\System\wvsaJWc.exe
  2⤵
  PID:7604
- C:\Windows\System\pLrQKFH.exe
  C:\Windows\System\pLrQKFH.exe
  2⤵
  PID:7620
- C:\Windows\System\mASdwuA.exe
  C:\Windows\System\mASdwuA.exe
  2⤵
  PID:7636
- C:\Windows\System\VaFHPYQ.exe
  C:\Windows\System\VaFHPYQ.exe
  2⤵
  PID:7676
- C:\Windows\System\nWPdTOj.exe
  C:\Windows\System\nWPdTOj.exe
  2⤵
  PID:7692
- C:\Windows\System\rQxyiyJ.exe
  C:\Windows\System\rQxyiyJ.exe
  2⤵
  PID:7708
- C:\Windows\System\BQrwJpQ.exe
  C:\Windows\System\BQrwJpQ.exe
  2⤵
  PID:7724
- C:\Windows\System\irNnaAQ.exe
  C:\Windows\System\irNnaAQ.exe
  2⤵
  PID:7740
- C:\Windows\System\fuvvPOF.exe
  C:\Windows\System\fuvvPOF.exe
  2⤵
  PID:7756
- C:\Windows\System\zlxUcZw.exe
  C:\Windows\System\zlxUcZw.exe
  2⤵
  PID:7788
- C:\Windows\System\iUOajco.exe
  C:\Windows\System\iUOajco.exe
  2⤵
  PID:7808
- C:\Windows\System\soJzEYc.exe
  C:\Windows\System\soJzEYc.exe
  2⤵
  PID:7824
- C:\Windows\System\ipWWndF.exe
  C:\Windows\System\ipWWndF.exe
  2⤵
  PID:7840
- C:\Windows\System\MBIrcex.exe
  C:\Windows\System\MBIrcex.exe
  2⤵
  PID:7872
- C:\Windows\System\XnSNChZ.exe
  C:\Windows\System\XnSNChZ.exe
  2⤵
  PID:7896
- C:\Windows\System\ncpNbTp.exe
  C:\Windows\System\ncpNbTp.exe
  2⤵
  PID:7912
- C:\Windows\System\nPbKuUz.exe
  C:\Windows\System\nPbKuUz.exe
  2⤵
  PID:7932
- C:\Windows\System\qgSWMkc.exe
  C:\Windows\System\qgSWMkc.exe
  2⤵
  PID:7948
- C:\Windows\System\DkTRsmB.exe
  C:\Windows\System\DkTRsmB.exe
  2⤵
  PID:7968
- C:\Windows\System\qAswljE.exe
  C:\Windows\System\qAswljE.exe
  2⤵
  PID:7996
- C:\Windows\System\HzoBWVC.exe
  C:\Windows\System\HzoBWVC.exe
  2⤵
  PID:8016
- C:\Windows\System\VlxWqWT.exe
  C:\Windows\System\VlxWqWT.exe
  2⤵
  PID:8032
- C:\Windows\System\sEpbrHV.exe
  C:\Windows\System\sEpbrHV.exe
  2⤵
  PID:8048
- C:\Windows\System\EqTyBwz.exe
  C:\Windows\System\EqTyBwz.exe
  2⤵
  PID:8064
- C:\Windows\System\iiSvGyg.exe
  C:\Windows\System\iiSvGyg.exe
  2⤵
  PID:8080
- C:\Windows\System\aanhNza.exe
  C:\Windows\System\aanhNza.exe
  2⤵
  PID:8096
- C:\Windows\System\iPfwvdv.exe
  C:\Windows\System\iPfwvdv.exe
  2⤵
  PID:8112
- C:\Windows\System\CWJVyXf.exe
  C:\Windows\System\CWJVyXf.exe
  2⤵
  PID:8128
- C:\Windows\System\leemQcF.exe
  C:\Windows\System\leemQcF.exe
  2⤵
  PID:8148
- C:\Windows\System\KkpdjQk.exe
  C:\Windows\System\KkpdjQk.exe
  2⤵
  PID:6892
- C:\Windows\System\CiJyNKH.exe
  C:\Windows\System\CiJyNKH.exe
  2⤵
  PID:7208
- C:\Windows\System\JMYGyNp.exe
  C:\Windows\System\JMYGyNp.exe
  2⤵
  PID:7240
- C:\Windows\System\RVDvbxB.exe
  C:\Windows\System\RVDvbxB.exe
  2⤵
  PID:7288
- C:\Windows\System\RLEyQfu.exe
  C:\Windows\System\RLEyQfu.exe
  2⤵
  PID:6528
- C:\Windows\System\OwZTmvM.exe
  C:\Windows\System\OwZTmvM.exe
  2⤵
  PID:7356
- C:\Windows\System\aEQejao.exe
  C:\Windows\System\aEQejao.exe
  2⤵
  PID:7264
- C:\Windows\System\qPUTeCq.exe
  C:\Windows\System\qPUTeCq.exe
  2⤵
  PID:7228
- C:\Windows\System\RtfZocT.exe
  C:\Windows\System\RtfZocT.exe
  2⤵
  PID:7312
- C:\Windows\System\awlXzRV.exe
  C:\Windows\System\awlXzRV.exe
  2⤵
  PID:6396
- C:\Windows\System\JSchiYY.exe
  C:\Windows\System\JSchiYY.exe
  2⤵
  PID:6660
- C:\Windows\System\iviiuZS.exe
  C:\Windows\System\iviiuZS.exe
  2⤵
  PID:7380
- C:\Windows\System\PPrpHyj.exe
  C:\Windows\System\PPrpHyj.exe
  2⤵
  PID:6632
- C:\Windows\System\LHcXamY.exe
  C:\Windows\System\LHcXamY.exe
  2⤵
  PID:7400
- C:\Windows\System\btKEdCJ.exe
  C:\Windows\System\btKEdCJ.exe
  2⤵
  PID:7436
- C:\Windows\System\ifKWgoJ.exe
  C:\Windows\System\ifKWgoJ.exe
  2⤵
  PID:7448
- C:\Windows\System\VKYDJAS.exe
  C:\Windows\System\VKYDJAS.exe
  2⤵
  PID:7464
- C:\Windows\System\hrSRbDf.exe
  C:\Windows\System\hrSRbDf.exe
  2⤵
  PID:5688
- C:\Windows\System\CCQksVT.exe
  C:\Windows\System\CCQksVT.exe
  2⤵
  PID:7660
- C:\Windows\System\OLKBSux.exe
  C:\Windows\System\OLKBSux.exe
  2⤵
  PID:7528
- C:\Windows\System\vqnVBAk.exe
  C:\Windows\System\vqnVBAk.exe
  2⤵
  PID:7600
- C:\Windows\System\ydruAqw.exe
  C:\Windows\System\ydruAqw.exe
  2⤵
  PID:7704
- C:\Windows\System\iGsJLbd.exe
  C:\Windows\System\iGsJLbd.exe
  2⤵
  PID:7564
- C:\Windows\System\iiDJkVK.exe
  C:\Windows\System\iiDJkVK.exe
  2⤵
  PID:7772
- C:\Windows\System\mVbkSwC.exe
  C:\Windows\System\mVbkSwC.exe
  2⤵
  PID:7716
- C:\Windows\System\BICvRgj.exe
  C:\Windows\System\BICvRgj.exe
  2⤵
  PID:7848
- C:\Windows\System\DlEWHun.exe
  C:\Windows\System\DlEWHun.exe
  2⤵
  PID:7868
- C:\Windows\System\eOTiiCA.exe
  C:\Windows\System\eOTiiCA.exe
  2⤵
  PID:7884
- C:\Windows\System\JwevTiI.exe
  C:\Windows\System\JwevTiI.exe
  2⤵
  PID:7924
- C:\Windows\System\tHpvUmw.exe
  C:\Windows\System\tHpvUmw.exe
  2⤵
  PID:7940
- C:\Windows\System\FnDKOvj.exe
  C:\Windows\System\FnDKOvj.exe
  2⤵
  PID:7984
- C:\Windows\System\VthSBLm.exe
  C:\Windows\System\VthSBLm.exe
  2⤵
  PID:8028
- C:\Windows\System\rmeeTVO.exe
  C:\Windows\System\rmeeTVO.exe
  2⤵
  PID:8156
- C:\Windows\System\xTOaDMS.exe
  C:\Windows\System\xTOaDMS.exe
  2⤵
  PID:8108
- C:\Windows\System\qzUchei.exe
  C:\Windows\System\qzUchei.exe
  2⤵
  PID:8076
- C:\Windows\System\hVMPPLu.exe
  C:\Windows\System\hVMPPLu.exe
  2⤵
  PID:8176
- C:\Windows\System\zwNwWMZ.exe
  C:\Windows\System\zwNwWMZ.exe
  2⤵
  PID:6684
- C:\Windows\System\RfjynkR.exe
  C:\Windows\System\RfjynkR.exe
  2⤵
  PID:7068
- C:\Windows\System\QEPeWjp.exe
  C:\Windows\System\QEPeWjp.exe
  2⤵
  PID:7252
- C:\Windows\System\wIRaJwU.exe
  C:\Windows\System\wIRaJwU.exe
  2⤵
  PID:7224
- C:\Windows\System\KVnYvEE.exe
  C:\Windows\System\KVnYvEE.exe
  2⤵
  PID:7308
- C:\Windows\System\MIbliQp.exe
  C:\Windows\System\MIbliQp.exe
  2⤵
  PID:7392
- C:\Windows\System\mLeGarV.exe
  C:\Windows\System\mLeGarV.exe
  2⤵
  PID:7492
- C:\Windows\System\udtjaRh.exe
  C:\Windows\System\udtjaRh.exe
  2⤵
  PID:7512
- C:\Windows\System\yOpuIoR.exe
  C:\Windows\System\yOpuIoR.exe
  2⤵
  PID:6412
- C:\Windows\System\RSySpDf.exe
  C:\Windows\System\RSySpDf.exe
  2⤵
  PID:7344
- C:\Windows\System\BhEsrzL.exe
  C:\Windows\System\BhEsrzL.exe
  2⤵
  PID:5452
- C:\Windows\System\aTQofyD.exe
  C:\Windows\System\aTQofyD.exe
  2⤵
  PID:7652
- C:\Windows\System\OefjopD.exe
  C:\Windows\System\OefjopD.exe
  2⤵
  PID:7480
- C:\Windows\System\qfrqKpc.exe
  C:\Windows\System\qfrqKpc.exe
  2⤵
  PID:7672
- C:\Windows\System\wUhZnge.exe
  C:\Windows\System\wUhZnge.exe
  2⤵
  PID:7684
- C:\Windows\System\OTghRaQ.exe
  C:\Windows\System\OTghRaQ.exe
  2⤵
  PID:1280
- C:\Windows\System\jAOHRgN.exe
  C:\Windows\System\jAOHRgN.exe
  2⤵
  PID:7796
- C:\Windows\System\wUDgSIx.exe
  C:\Windows\System\wUDgSIx.exe
  2⤵
  PID:7836
- C:\Windows\System\cZszpUZ.exe
  C:\Windows\System\cZszpUZ.exe
  2⤵
  PID:7856
- C:\Windows\System\hahugBO.exe
  C:\Windows\System\hahugBO.exe
  2⤵
  PID:7892
- C:\Windows\System\lFVIaDP.exe
  C:\Windows\System\lFVIaDP.exe
  2⤵
  PID:7976
- C:\Windows\System\SkGtBGN.exe
  C:\Windows\System\SkGtBGN.exe
  2⤵
  PID:8024
- C:\Windows\System\ULWLvHZ.exe
  C:\Windows\System\ULWLvHZ.exe
  2⤵
  PID:1848
- C:\Windows\System\DeHNVCa.exe
  C:\Windows\System\DeHNVCa.exe
  2⤵
  PID:8104
- C:\Windows\System\BApwEPw.exe
  C:\Windows\System\BApwEPw.exe
  2⤵
  PID:8008
- C:\Windows\System\AugZGlp.exe
  C:\Windows\System\AugZGlp.exe
  2⤵
  PID:8172
- C:\Windows\System\NANMvEB.exe
  C:\Windows\System\NANMvEB.exe
  2⤵
  PID:6944
- C:\Windows\System\UdKuriM.exe
  C:\Windows\System\UdKuriM.exe
  2⤵
  PID:6248
- C:\Windows\System\CBUqjEg.exe
  C:\Windows\System\CBUqjEg.exe
  2⤵
  PID:6268
- C:\Windows\System\BWldAAT.exe
  C:\Windows\System\BWldAAT.exe
  2⤵
  PID:7388
- C:\Windows\System\BIgfYyl.exe
  C:\Windows\System\BIgfYyl.exe
  2⤵
  PID:1936
- C:\Windows\System\EobmlHz.exe
  C:\Windows\System\EobmlHz.exe
  2⤵
  PID:7732
- C:\Windows\System\fFqagth.exe
  C:\Windows\System\fFqagth.exe
  2⤵
  PID:7768
- C:\Windows\System\OWIKSRs.exe
  C:\Windows\System\OWIKSRs.exe
  2⤵
  PID:7416
- C:\Windows\System\eMgiXoP.exe
  C:\Windows\System\eMgiXoP.exe
  2⤵
  PID:7944
- C:\Windows\System\ParJZyV.exe
  C:\Windows\System\ParJZyV.exe
  2⤵
  PID:8060
- C:\Windows\System\ibcOJfG.exe
  C:\Windows\System\ibcOJfG.exe
  2⤵
  PID:1764
- C:\Windows\System\JJJXpqb.exe
  C:\Windows\System\JJJXpqb.exe
  2⤵
  PID:7752
- C:\Windows\System\CpsOlPQ.exe
  C:\Windows\System\CpsOlPQ.exe
  2⤵
  PID:6176
- C:\Windows\System\SMZPLoo.exe
  C:\Windows\System\SMZPLoo.exe
  2⤵
  PID:7456
- C:\Windows\System\PstIyVv.exe
  C:\Windows\System\PstIyVv.exe
  2⤵
  PID:7332
- C:\Windows\System\RuMtoyz.exe
  C:\Windows\System\RuMtoyz.exe
  2⤵
  PID:7476
- C:\Windows\System\uegfsLo.exe
  C:\Windows\System\uegfsLo.exe
  2⤵
  PID:580
- C:\Windows\System\rYSaOJv.exe
  C:\Windows\System\rYSaOJv.exe
  2⤵
  PID:8004
- C:\Windows\System\IINEiDy.exe
  C:\Windows\System\IINEiDy.exe
  2⤵
  PID:7820
- C:\Windows\System\myJAagl.exe
  C:\Windows\System\myJAagl.exe
  2⤵
  PID:7888
- C:\Windows\System\OnQAxsB.exe
  C:\Windows\System\OnQAxsB.exe
  2⤵
  PID:2468
- C:\Windows\System\MPGjEyN.exe
  C:\Windows\System\MPGjEyN.exe
  2⤵
  PID:1480
- C:\Windows\System\bMOefiq.exe
  C:\Windows\System\bMOefiq.exe
  2⤵
  PID:7992
- C:\Windows\System\jPdWQwm.exe
  C:\Windows\System\jPdWQwm.exe
  2⤵
  PID:7576
- C:\Windows\System\YwFEBzo.exe
  C:\Windows\System\YwFEBzo.exe
  2⤵
  PID:8040
- C:\Windows\System\vjpBjzy.exe
  C:\Windows\System\vjpBjzy.exe
  2⤵
  PID:7764
- C:\Windows\System\QNeKWLq.exe
  C:\Windows\System\QNeKWLq.exe
  2⤵
  PID:756
- C:\Windows\System\jxApkVw.exe
  C:\Windows\System\jxApkVw.exe
  2⤵
  PID:5972
- C:\Windows\System\AwhpQlb.exe
  C:\Windows\System\AwhpQlb.exe
  2⤵
  PID:7616
- C:\Windows\System\QMOQKOF.exe
  C:\Windows\System\QMOQKOF.exe
  2⤵
  PID:7180
- C:\Windows\System\ttnMAix.exe
  C:\Windows\System\ttnMAix.exe
  2⤵
  PID:1996
- C:\Windows\System\ybhvSQO.exe
  C:\Windows\System\ybhvSQO.exe
  2⤵
  PID:7964
- C:\Windows\System\rJiLPZN.exe
  C:\Windows\System\rJiLPZN.exe
  2⤵
  PID:8200
- C:\Windows\System\aHQYGNd.exe
  C:\Windows\System\aHQYGNd.exe
  2⤵
  PID:8216
- C:\Windows\System\fhGBMlF.exe
  C:\Windows\System\fhGBMlF.exe
  2⤵
  PID:8232
- C:\Windows\System\qSHfAOR.exe
  C:\Windows\System\qSHfAOR.exe
  2⤵
  PID:8252
- C:\Windows\System\JkZVfOj.exe
  C:\Windows\System\JkZVfOj.exe
  2⤵
  PID:8268
- C:\Windows\System\vADlkCU.exe
  C:\Windows\System\vADlkCU.exe
  2⤵
  PID:8292
- C:\Windows\System\kUrwTVF.exe
  C:\Windows\System\kUrwTVF.exe
  2⤵
  PID:8316
- C:\Windows\System\uDrGEpH.exe
  C:\Windows\System\uDrGEpH.exe
  2⤵
  PID:8336
- C:\Windows\System\gDfPwMV.exe
  C:\Windows\System\gDfPwMV.exe
  2⤵
  PID:8356
- C:\Windows\System\wwcApXA.exe
  C:\Windows\System\wwcApXA.exe
  2⤵
  PID:8376
- C:\Windows\System\aqSYwdH.exe
  C:\Windows\System\aqSYwdH.exe
  2⤵
  PID:8400
- C:\Windows\System\PmnFIHn.exe
  C:\Windows\System\PmnFIHn.exe
  2⤵
  PID:8420
- C:\Windows\System\EFwkHGd.exe
  C:\Windows\System\EFwkHGd.exe
  2⤵
  PID:8444
- C:\Windows\System\TtVNIkm.exe
  C:\Windows\System\TtVNIkm.exe
  2⤵
  PID:8460
- C:\Windows\System\cmyLJbp.exe
  C:\Windows\System\cmyLJbp.exe
  2⤵
  PID:8524
- C:\Windows\System\SBBiOBB.exe
  C:\Windows\System\SBBiOBB.exe
  2⤵
  PID:8540
- C:\Windows\System\PquFeFK.exe
  C:\Windows\System\PquFeFK.exe
  2⤵
  PID:8556
- C:\Windows\System\dzXeVCg.exe
  C:\Windows\System\dzXeVCg.exe
  2⤵
  PID:8580
- C:\Windows\System\lTFpbvu.exe
  C:\Windows\System\lTFpbvu.exe
  2⤵
  PID:8596
- C:\Windows\System\AFJLYCN.exe
  C:\Windows\System\AFJLYCN.exe
  2⤵
  PID:8616
- C:\Windows\System\ojZNVyN.exe
  C:\Windows\System\ojZNVyN.exe
  2⤵
  PID:8640
- C:\Windows\System\DLHyWXF.exe
  C:\Windows\System\DLHyWXF.exe
  2⤵
  PID:8660
- C:\Windows\System\nPdwnMA.exe
  C:\Windows\System\nPdwnMA.exe
  2⤵
  PID:8688
- C:\Windows\System\RMaVHNF.exe
  C:\Windows\System\RMaVHNF.exe
  2⤵
  PID:8704
- C:\Windows\System\rNGnhoy.exe
  C:\Windows\System\rNGnhoy.exe
  2⤵
  PID:8720
- C:\Windows\System\CQnyryL.exe
  C:\Windows\System\CQnyryL.exe
  2⤵
  PID:8744
- C:\Windows\System\pOLZGcb.exe
  C:\Windows\System\pOLZGcb.exe
  2⤵
  PID:8760
- C:\Windows\System\XabWgZv.exe
  C:\Windows\System\XabWgZv.exe
  2⤵
  PID:8780
- C:\Windows\System\CKtjzEJ.exe
  C:\Windows\System\CKtjzEJ.exe
  2⤵
  PID:8808
- C:\Windows\System\FKDErZB.exe
  C:\Windows\System\FKDErZB.exe
  2⤵
  PID:8824
- C:\Windows\System\bkTPbLo.exe
  C:\Windows\System\bkTPbLo.exe
  2⤵
  PID:8840
- C:\Windows\System\naoNINv.exe
  C:\Windows\System\naoNINv.exe
  2⤵
  PID:8860
- C:\Windows\System\BWbwSbL.exe
  C:\Windows\System\BWbwSbL.exe
  2⤵
  PID:8876
- C:\Windows\System\PtLivEt.exe
  C:\Windows\System\PtLivEt.exe
  2⤵
  PID:8896
- C:\Windows\System\WGNadXU.exe
  C:\Windows\System\WGNadXU.exe
  2⤵
  PID:8916
- C:\Windows\System\ohwcwSE.exe
  C:\Windows\System\ohwcwSE.exe
  2⤵
  PID:8936
- C:\Windows\System\bvFPDQc.exe
  C:\Windows\System\bvFPDQc.exe
  2⤵
  PID:8956
- C:\Windows\System\VnAftQB.exe
  C:\Windows\System\VnAftQB.exe
  2⤵
  PID:8984
- C:\Windows\System\rVAWBXu.exe
  C:\Windows\System\rVAWBXu.exe
  2⤵
  PID:9000
- C:\Windows\System\fccmFwM.exe
  C:\Windows\System\fccmFwM.exe
  2⤵
  PID:9036
- C:\Windows\System\WtaIrEN.exe
  C:\Windows\System\WtaIrEN.exe
  2⤵
  PID:9052
- C:\Windows\System\fcKOJrq.exe
  C:\Windows\System\fcKOJrq.exe
  2⤵
  PID:9072
- C:\Windows\System\JsKdhNt.exe
  C:\Windows\System\JsKdhNt.exe
  2⤵
  PID:9088
- C:\Windows\System\zBycjzS.exe
  C:\Windows\System\zBycjzS.exe
  2⤵
  PID:9104
- C:\Windows\System\Pnridbj.exe
  C:\Windows\System\Pnridbj.exe
  2⤵
  PID:9120
- C:\Windows\System\fmaBzhH.exe
  C:\Windows\System\fmaBzhH.exe
  2⤵
  PID:9144
- C:\Windows\System\fnUfOoS.exe
  C:\Windows\System\fnUfOoS.exe
  2⤵
  PID:9164
- C:\Windows\System\JVetlJG.exe
  C:\Windows\System\JVetlJG.exe
  2⤵
  PID:9196
- C:\Windows\System\CftHSCU.exe
  C:\Windows\System\CftHSCU.exe
  2⤵
  PID:7544
- C:\Windows\System\wUnmvmn.exe
  C:\Windows\System\wUnmvmn.exe
  2⤵
  PID:7364
- C:\Windows\System\XgfLegC.exe
  C:\Windows\System\XgfLegC.exe
  2⤵
  PID:8144
- C:\Windows\System\evpDatt.exe
  C:\Windows\System\evpDatt.exe
  2⤵
  PID:8308
- C:\Windows\System\lLPEzYB.exe
  C:\Windows\System\lLPEzYB.exe
  2⤵
  PID:8348
- C:\Windows\System\nfIepEj.exe
  C:\Windows\System\nfIepEj.exe
  2⤵
  PID:8248
- C:\Windows\System\OkxfOYH.exe
  C:\Windows\System\OkxfOYH.exe
  2⤵
  PID:8288
- C:\Windows\System\iehLbQQ.exe
  C:\Windows\System\iehLbQQ.exe
  2⤵
  PID:8276
- C:\Windows\System\wIQliCP.exe
  C:\Windows\System\wIQliCP.exe
  2⤵
  PID:8468
- C:\Windows\System\AiPViOp.exe
  C:\Windows\System\AiPViOp.exe
  2⤵
  PID:8368
- C:\Windows\System\oXbxplO.exe
  C:\Windows\System\oXbxplO.exe
  2⤵
  PID:8284
- C:\Windows\System\TEFyUmT.exe
  C:\Windows\System\TEFyUmT.exe
  2⤵
  PID:8484
- C:\Windows\System\kjnLqCO.exe
  C:\Windows\System\kjnLqCO.exe
  2⤵
  PID:8504
- C:\Windows\System\eaiEiEm.exe
  C:\Windows\System\eaiEiEm.exe
  2⤵
  PID:2124
- C:\Windows\System\RZbFCeA.exe
  C:\Windows\System\RZbFCeA.exe
  2⤵
  PID:8548
- C:\Windows\System\bDkxcgX.exe
  C:\Windows\System\bDkxcgX.exe
  2⤵
  PID:8568
- C:\Windows\System\dfLWqmH.exe
  C:\Windows\System\dfLWqmH.exe
  2⤵
  PID:8624
- C:\Windows\System\zraWsXB.exe
  C:\Windows\System\zraWsXB.exe
  2⤵
  PID:8612
- C:\Windows\System\kcBNQLj.exe
  C:\Windows\System\kcBNQLj.exe
  2⤵
  PID:2368
- C:\Windows\System\uohUzUN.exe
  C:\Windows\System\uohUzUN.exe
  2⤵
  PID:3952
- C:\Windows\System\jQNVrKH.exe
  C:\Windows\System\jQNVrKH.exe
  2⤵
  PID:1572
- C:\Windows\System\qMfZwQS.exe
  C:\Windows\System\qMfZwQS.exe
  2⤵
  PID:8728
- C:\Windows\System\QeRUohP.exe
  C:\Windows\System\QeRUohP.exe
  2⤵
  PID:8768
- C:\Windows\System\cwwjFUe.exe
  C:\Windows\System\cwwjFUe.exe
  2⤵
  PID:8868
- C:\Windows\System\ZWGxJoL.exe
  C:\Windows\System\ZWGxJoL.exe
  2⤵
  PID:8856
- C:\Windows\System\EnnEKiC.exe
  C:\Windows\System\EnnEKiC.exe
  2⤵
  PID:8912
- C:\Windows\System\XxUJMca.exe
  C:\Windows\System\XxUJMca.exe
  2⤵
  PID:8944
- C:\Windows\System\MbItzuQ.exe
  C:\Windows\System\MbItzuQ.exe
  2⤵
  PID:8972
- C:\Windows\System\CuNGFpi.exe
  C:\Windows\System\CuNGFpi.exe
  2⤵
  PID:9012
- C:\Windows\System\RZPoyUL.exe
  C:\Windows\System\RZPoyUL.exe
  2⤵
  PID:9020
- C:\Windows\System\xBGwzur.exe
  C:\Windows\System\xBGwzur.exe
  2⤵
  PID:9080
- C:\Windows\System\ItKhXpM.exe
  C:\Windows\System\ItKhXpM.exe
  2⤵
  PID:9060
- C:\Windows\System\GHxVElh.exe
  C:\Windows\System\GHxVElh.exe
  2⤵
  PID:9136
- C:\Windows\System\zWNEgkj.exe
  C:\Windows\System\zWNEgkj.exe
  2⤵
  PID:9160
- C:\Windows\System\acYxpkw.exe
  C:\Windows\System\acYxpkw.exe
  2⤵
  PID:9184
- C:\Windows\System\GJabOYo.exe
  C:\Windows\System\GJabOYo.exe
  2⤵
  PID:9192
- C:\Windows\System\DFgMQAW.exe
  C:\Windows\System\DFgMQAW.exe
  2⤵
  PID:6088
- C:\Windows\System\sAgErCW.exe
  C:\Windows\System\sAgErCW.exe
  2⤵
  PID:7556
- C:\Windows\System\WZkgqBu.exe
  C:\Windows\System\WZkgqBu.exe
  2⤵
  PID:8300
- C:\Windows\System\QFPrglK.exe
  C:\Windows\System\QFPrglK.exe
  2⤵
  PID:8312
- C:\Windows\System\PfHBniv.exe
  C:\Windows\System\PfHBniv.exe
  2⤵
  PID:8240
- C:\Windows\System\mYdSrDf.exe
  C:\Windows\System\mYdSrDf.exe
  2⤵
  PID:2340
- C:\Windows\System\zbXDwSD.exe
  C:\Windows\System\zbXDwSD.exe
  2⤵
  PID:8332
- C:\Windows\System\nvZXlss.exe
  C:\Windows\System\nvZXlss.exe
  2⤵
  PID:8408
- C:\Windows\System\ETJbPUH.exe
  C:\Windows\System\ETJbPUH.exe
  2⤵
  PID:8532
- C:\Windows\System\UWAcoGk.exe
  C:\Windows\System\UWAcoGk.exe
  2⤵
  PID:6452
- C:\Windows\System\IgeCoIC.exe
  C:\Windows\System\IgeCoIC.exe
  2⤵
  PID:8412
- C:\Windows\System\rjeFlys.exe
  C:\Windows\System\rjeFlys.exe
  2⤵
  PID:8732
- C:\Windows\System\rJHeNRN.exe
  C:\Windows\System\rJHeNRN.exe
  2⤵
  PID:8804
- C:\Windows\System\VdXOMmV.exe
  C:\Windows\System\VdXOMmV.exe
  2⤵
  PID:8696
- C:\Windows\System\QUwLnEp.exe
  C:\Windows\System\QUwLnEp.exe
  2⤵
  PID:8796
- C:\Windows\System\tqYKVUA.exe
  C:\Windows\System\tqYKVUA.exe
  2⤵
  PID:8908
- C:\Windows\System\FECLTDM.exe
  C:\Windows\System\FECLTDM.exe
  2⤵
  PID:8396
- C:\Windows\System\jTsCoLv.exe
  C:\Windows\System\jTsCoLv.exe
  2⤵
  PID:440
- C:\Windows\System\TFCWgDS.exe
  C:\Windows\System\TFCWgDS.exe
  2⤵
  PID:8996
- C:\Windows\System\ZjHMILI.exe
  C:\Windows\System\ZjHMILI.exe
  2⤵
  PID:9044
- C:\Windows\System\AjJrlzp.exe
  C:\Windows\System\AjJrlzp.exe
  2⤵
  PID:9152
- C:\Windows\System\GograAp.exe
  C:\Windows\System\GograAp.exe
  2⤵
  PID:9172
- C:\Windows\System\tvLlABU.exe
  C:\Windows\System\tvLlABU.exe
  2⤵
  PID:7596
- C:\Windows\System\UjOfXlc.exe
  C:\Windows\System\UjOfXlc.exe
  2⤵
  PID:8436
- C:\Windows\System\KjbixTD.exe
  C:\Windows\System\KjbixTD.exe
  2⤵
  PID:8500
- C:\Windows\System\phBNSFW.exe
  C:\Windows\System\phBNSFW.exe
  2⤵
  PID:7832
- C:\Windows\System\yxyZuQr.exe
  C:\Windows\System\yxyZuQr.exe
  2⤵
  PID:8512
- C:\Windows\System\txOeduJ.exe
  C:\Windows\System\txOeduJ.exe
  2⤵
  PID:8632
- C:\Windows\System\AlUiofP.exe
  C:\Windows\System\AlUiofP.exe
  2⤵
  PID:7864
- C:\Windows\System\UqDtIsp.exe
  C:\Windows\System\UqDtIsp.exe
  2⤵
  PID:9212
- C:\Windows\System\QMQnGUP.exe
  C:\Windows\System\QMQnGUP.exe
  2⤵
  PID:8968
- C:\Windows\System\VjRRwSr.exe
  C:\Windows\System\VjRRwSr.exe
  2⤵
  PID:8752
- C:\Windows\System\cmLXixb.exe
  C:\Windows\System\cmLXixb.exe
  2⤵
  PID:9116
- C:\Windows\System\voIHxxQ.exe
  C:\Windows\System\voIHxxQ.exe
  2⤵
  PID:8904
- C:\Windows\System\ZHtvJAe.exe
  C:\Windows\System\ZHtvJAe.exe
  2⤵
  PID:8932
- C:\Windows\System\hFHqBXm.exe
  C:\Windows\System\hFHqBXm.exe
  2⤵
  PID:6560
- C:\Windows\System\tHFMuAm.exe
  C:\Windows\System\tHFMuAm.exe
  2⤵
  PID:9140
- C:\Windows\System\cUJBzmB.exe
  C:\Windows\System\cUJBzmB.exe
  2⤵
  PID:2872
- C:\Windows\System\kQeGzJK.exe
  C:\Windows\System\kQeGzJK.exe
  2⤵
  PID:3004
- C:\Windows\System\jyvHxYB.exe
  C:\Windows\System\jyvHxYB.exe
  2⤵
  PID:9132
- C:\Windows\System\PwAZpzj.exe
  C:\Windows\System\PwAZpzj.exe
  2⤵
  PID:1932
- C:\Windows\System\OdVZdVH.exe
  C:\Windows\System\OdVZdVH.exe
  2⤵
  PID:8716
- C:\Windows\System\kUMdlDF.exe
  C:\Windows\System\kUMdlDF.exe
  2⤵
  PID:8576
- C:\Windows\System\uotFBTl.exe
  C:\Windows\System\uotFBTl.exe
  2⤵
  PID:9180
- C:\Windows\System\ROPbwJV.exe
  C:\Windows\System\ROPbwJV.exe
  2⤵
  PID:8364
- C:\Windows\System\SyBHkiI.exe
  C:\Windows\System\SyBHkiI.exe
  2⤵
  PID:2740
- C:\Windows\System\GklfHcx.exe
  C:\Windows\System\GklfHcx.exe
  2⤵
  PID:9100
- C:\Windows\System\htDEenM.exe
  C:\Windows\System\htDEenM.exe
  2⤵
  PID:8892
- C:\Windows\System\NDaVvTk.exe
  C:\Windows\System\NDaVvTk.exe
  2⤵
  PID:8820
- C:\Windows\System\DcuOfgZ.exe
  C:\Windows\System\DcuOfgZ.exe
  2⤵
  PID:9128
- C:\Windows\System\EKgnnjz.exe
  C:\Windows\System\EKgnnjz.exe
  2⤵
  PID:8212
- C:\Windows\System\GVQdZBQ.exe
  C:\Windows\System\GVQdZBQ.exe
  2⤵
  PID:8992
- C:\Windows\System\XmvBZuo.exe
  C:\Windows\System\XmvBZuo.exe
  2⤵
  PID:8648
- C:\Windows\System\HcOlbOj.exe
  C:\Windows\System\HcOlbOj.exe
  2⤵
  PID:8608
- C:\Windows\System\SwwJLNl.exe
  C:\Windows\System\SwwJLNl.exe
  2⤵
  PID:8832
- C:\Windows\System\xfBNMbv.exe
  C:\Windows\System\xfBNMbv.exe
  2⤵
  PID:9024
- C:\Windows\System\DenQVmS.exe
  C:\Windows\System\DenQVmS.exe
  2⤵
  PID:9240
- C:\Windows\System\jSDtDMw.exe
  C:\Windows\System\jSDtDMw.exe
  2⤵
  PID:9256
- C:\Windows\System\pSXwbjm.exe
  C:\Windows\System\pSXwbjm.exe
  2⤵
  PID:9280
- C:\Windows\System\vJllqYj.exe
  C:\Windows\System\vJllqYj.exe
  2⤵
  PID:9296
- C:\Windows\System\uujypER.exe
  C:\Windows\System\uujypER.exe
  2⤵
  PID:9312
- C:\Windows\System\dYsdHCx.exe
  C:\Windows\System\dYsdHCx.exe
  2⤵
  PID:9336
- C:\Windows\System\ziyKKQv.exe
  C:\Windows\System\ziyKKQv.exe
  2⤵
  PID:9352
- C:\Windows\System\bEUHGSi.exe
  C:\Windows\System\bEUHGSi.exe
  2⤵
  PID:9372
- C:\Windows\System\Blgbnzx.exe
  C:\Windows\System\Blgbnzx.exe
  2⤵
  PID:9388
- C:\Windows\System\DFfkLED.exe
  C:\Windows\System\DFfkLED.exe
  2⤵
  PID:9408
- C:\Windows\System\EOUYzbS.exe
  C:\Windows\System\EOUYzbS.exe
  2⤵
  PID:9428
- C:\Windows\System\MibzcnS.exe
  C:\Windows\System\MibzcnS.exe
  2⤵
  PID:9456
- C:\Windows\System\VdphFfs.exe
  C:\Windows\System\VdphFfs.exe
  2⤵
  PID:9472
- C:\Windows\System\WAzREFk.exe
  C:\Windows\System\WAzREFk.exe
  2⤵
  PID:9496
- C:\Windows\System\ahRKuIv.exe
  C:\Windows\System\ahRKuIv.exe
  2⤵
  PID:9512
- C:\Windows\System\nmWorpu.exe
  C:\Windows\System\nmWorpu.exe
  2⤵
  PID:9532
- C:\Windows\System\YAgHpCb.exe
  C:\Windows\System\YAgHpCb.exe
  2⤵
  PID:9564
- C:\Windows\System\AXUPVrv.exe
  C:\Windows\System\AXUPVrv.exe
  2⤵
  PID:9584
- C:\Windows\System\kypExZy.exe
  C:\Windows\System\kypExZy.exe
  2⤵
  PID:9600
- C:\Windows\System\dYZQSfv.exe
  C:\Windows\System\dYZQSfv.exe
  2⤵
  PID:9616
- C:\Windows\System\pAlBnKE.exe
  C:\Windows\System\pAlBnKE.exe
  2⤵
  PID:9636
- C:\Windows\System\WLEZKmX.exe
  C:\Windows\System\WLEZKmX.exe
  2⤵
  PID:9652
- C:\Windows\System\SmGZkMB.exe
  C:\Windows\System\SmGZkMB.exe
  2⤵
  PID:9668
- C:\Windows\System\dCYUHva.exe
  C:\Windows\System\dCYUHva.exe
  2⤵
  PID:9688
- C:\Windows\System\KErDsmL.exe
  C:\Windows\System\KErDsmL.exe
  2⤵
  PID:9704
- C:\Windows\System\uHuCHQu.exe
  C:\Windows\System\uHuCHQu.exe
  2⤵
  PID:9728
- C:\Windows\System\SLFVrSf.exe
  C:\Windows\System\SLFVrSf.exe
  2⤵
  PID:9748
- C:\Windows\System\oDUPVIJ.exe
  C:\Windows\System\oDUPVIJ.exe
  2⤵
  PID:9768
- C:\Windows\System\OBnsHlk.exe
  C:\Windows\System\OBnsHlk.exe
  2⤵
  PID:9804
- C:\Windows\System\dvwLpqu.exe
  C:\Windows\System\dvwLpqu.exe
  2⤵
  PID:9820
- C:\Windows\System\qeavHIn.exe
  C:\Windows\System\qeavHIn.exe
  2⤵
  PID:9844
- C:\Windows\System\AUbfIfE.exe
  C:\Windows\System\AUbfIfE.exe
  2⤵
  PID:9876
- C:\Windows\System\tOOxHHm.exe
  C:\Windows\System\tOOxHHm.exe
  2⤵
  PID:9896
- C:\Windows\System\cVCbMkR.exe
  C:\Windows\System\cVCbMkR.exe
  2⤵
  PID:9916
- C:\Windows\System\YyhQQtO.exe
  C:\Windows\System\YyhQQtO.exe
  2⤵
  PID:9940
- C:\Windows\System\ztgVYCw.exe
  C:\Windows\System\ztgVYCw.exe
  2⤵
  PID:9956
- C:\Windows\System\zMoqtsW.exe
  C:\Windows\System\zMoqtsW.exe
  2⤵
  PID:9976
- C:\Windows\System\KzwomOK.exe
  C:\Windows\System\KzwomOK.exe
  2⤵
  PID:10000
- C:\Windows\System\iMztIzv.exe
  C:\Windows\System\iMztIzv.exe
  2⤵
  PID:10016
- C:\Windows\System\DJJOmdw.exe
  C:\Windows\System\DJJOmdw.exe
  2⤵
  PID:10040
- C:\Windows\System\dcTJnTL.exe
  C:\Windows\System\dcTJnTL.exe
  2⤵
  PID:10056
- C:\Windows\System\cOSCgIB.exe
  C:\Windows\System\cOSCgIB.exe
  2⤵
  PID:10076
- C:\Windows\System\fxsjiHj.exe
  C:\Windows\System\fxsjiHj.exe
  2⤵
  PID:10100
- C:\Windows\System\qtzrXZF.exe
  C:\Windows\System\qtzrXZF.exe
  2⤵
  PID:10116
- C:\Windows\System\vkVIZYu.exe
  C:\Windows\System\vkVIZYu.exe
  2⤵
  PID:10140
- C:\Windows\System\rIPMUyM.exe
  C:\Windows\System\rIPMUyM.exe
  2⤵
  PID:10156
- C:\Windows\System\FHIQYTb.exe
  C:\Windows\System\FHIQYTb.exe
  2⤵
  PID:10172
- C:\Windows\System\WDIjvTM.exe
  C:\Windows\System\WDIjvTM.exe
  2⤵
  PID:10196
- C:\Windows\System\FHOKWhj.exe
  C:\Windows\System\FHOKWhj.exe
  2⤵
  PID:10220
- C:\Windows\System\GNqVTcc.exe
  C:\Windows\System\GNqVTcc.exe
  2⤵
  PID:10236
- C:\Windows\System\dhpBFlZ.exe
  C:\Windows\System\dhpBFlZ.exe
  2⤵
  PID:9232
- C:\Windows\System\SOTaxVQ.exe
  C:\Windows\System\SOTaxVQ.exe
  2⤵
  PID:9268
- C:\Windows\System\iucpubI.exe
  C:\Windows\System\iucpubI.exe
  2⤵
  PID:9344
- C:\Windows\System\pYsEdKd.exe
  C:\Windows\System\pYsEdKd.exe
  2⤵
  PID:9324
- C:\Windows\System\NdrSiLA.exe
  C:\Windows\System\NdrSiLA.exe
  2⤵
  PID:9364
- C:\Windows\System\noxfnCp.exe
  C:\Windows\System\noxfnCp.exe
  2⤵
  PID:9420
- C:\Windows\System\NoLFxsY.exe
  C:\Windows\System\NoLFxsY.exe
  2⤵
  PID:8564
- C:\Windows\System\UxvWxHf.exe
  C:\Windows\System\UxvWxHf.exe
  2⤵
  PID:9508
- C:\Windows\System\KuWmohJ.exe
  C:\Windows\System\KuWmohJ.exe
  2⤵
  PID:9480
- C:\Windows\System\eXmhIiG.exe
  C:\Windows\System\eXmhIiG.exe
  2⤵
  PID:9492
- C:\Windows\System\OTavsDl.exe
  C:\Windows\System\OTavsDl.exe
  2⤵
  PID:9572
- C:\Windows\System\UoZdaep.exe
  C:\Windows\System\UoZdaep.exe
  2⤵
  PID:9624
- C:\Windows\System\ufWdNix.exe
  C:\Windows\System\ufWdNix.exe
  2⤵
  PID:9696
- C:\Windows\System\FFRAxPM.exe
  C:\Windows\System\FFRAxPM.exe
  2⤵
  PID:9780
- C:\Windows\System\LMRdZbX.exe
  C:\Windows\System\LMRdZbX.exe
  2⤵
  PID:9608
- C:\Windows\System\XwZPqad.exe
  C:\Windows\System\XwZPqad.exe
  2⤵
  PID:9680
- C:\Windows\System\ROQczno.exe
  C:\Windows\System\ROQczno.exe
  2⤵
  PID:9760
- C:\Windows\System\cNruRFG.exe
  C:\Windows\System\cNruRFG.exe
  2⤵
  PID:9556
- C:\Windows\System\TULhGOQ.exe
  C:\Windows\System\TULhGOQ.exe
  2⤵
  PID:996
- C:\Windows\System\FYbuQdI.exe
  C:\Windows\System\FYbuQdI.exe
  2⤵
  PID:9860
- C:\Windows\System\iRWxyOl.exe
  C:\Windows\System\iRWxyOl.exe
  2⤵
  PID:9908
- C:\Windows\System\DOCzLgh.exe
  C:\Windows\System\DOCzLgh.exe
  2⤵
  PID:9936
- C:\Windows\System\uEUKMTS.exe
  C:\Windows\System\uEUKMTS.exe
  2⤵
  PID:9964
- C:\Windows\System\HXZZKBF.exe
  C:\Windows\System\HXZZKBF.exe
  2⤵
  PID:10008
- C:\Windows\System\xcDEENg.exe
  C:\Windows\System\xcDEENg.exe
  2⤵
  PID:10032
- C:\Windows\System\mYMBagK.exe
  C:\Windows\System\mYMBagK.exe
  2⤵
  PID:10068
- C:\Windows\System\sMtCqra.exe
  C:\Windows\System\sMtCqra.exe
  2⤵
  PID:10112
- C:\Windows\System\IVBEvAw.exe
  C:\Windows\System\IVBEvAw.exe
  2⤵
  PID:10132
- C:\Windows\System\iAOjzwg.exe
  C:\Windows\System\iAOjzwg.exe
  2⤵
  PID:10184
- C:\Windows\System\hgogqez.exe
  C:\Windows\System\hgogqez.exe
  2⤵
  PID:10216
- C:\Windows\System\ILgKAEB.exe
  C:\Windows\System\ILgKAEB.exe
  2⤵
  PID:2840
- C:\Windows\System\FFyLoZe.exe
  C:\Windows\System\FFyLoZe.exe
  2⤵
  PID:9248
- C:\Windows\System\HigKwbN.exe
  C:\Windows\System\HigKwbN.exe
  2⤵
  PID:9308
- C:\Windows\System\POzgxad.exe
  C:\Windows\System\POzgxad.exe
  2⤵
  PID:9368
- C:\Windows\System\kwSCMZa.exe
  C:\Windows\System\kwSCMZa.exe
  2⤵
  PID:9464
- C:\Windows\System\KgZYZuD.exe
  C:\Windows\System\KgZYZuD.exe
  2⤵
  PID:9448
- C:\Windows\System\KJJlYDm.exe
  C:\Windows\System\KJJlYDm.exe
  2⤵
  PID:9524
- C:\Windows\System\NcANGnK.exe
  C:\Windows\System\NcANGnK.exe
  2⤵
  PID:9592
- C:\Windows\System\GTMTCiD.exe
  C:\Windows\System\GTMTCiD.exe
  2⤵
  PID:9736
- C:\Windows\System\WVFMJRc.exe
  C:\Windows\System\WVFMJRc.exe
  2⤵
  PID:9784
- C:\Windows\System\EPUzYbu.exe
  C:\Windows\System\EPUzYbu.exe
  2⤵
  PID:9764
- C:\Windows\System\YPCkqDp.exe
  C:\Windows\System\YPCkqDp.exe
  2⤵
  PID:9816
- C:\Windows\System\yYvroxr.exe
  C:\Windows\System\yYvroxr.exe
  2⤵
  PID:9872
- C:\Windows\System\ywnvslu.exe
  C:\Windows\System\ywnvslu.exe
  2⤵
  PID:9952
- C:\Windows\System\sSbHdGO.exe
  C:\Windows\System\sSbHdGO.exe
  2⤵
  PID:9988
- C:\Windows\System\DEseKLq.exe
  C:\Windows\System\DEseKLq.exe
  2⤵
  PID:10088
- C:\Windows\System\KjugbMH.exe
  C:\Windows\System\KjugbMH.exe
  2⤵
  PID:10096
- C:\Windows\System\FJVGRKU.exe
  C:\Windows\System\FJVGRKU.exe
  2⤵
  PID:10188
- C:\Windows\System\lhARMWD.exe
  C:\Windows\System\lhARMWD.exe
  2⤵
  PID:9228
- C:\Windows\System\eONRGlX.exe
  C:\Windows\System\eONRGlX.exe
  2⤵
  PID:9328
- C:\Windows\System\WPHLFzm.exe
  C:\Windows\System\WPHLFzm.exe
  2⤵
  PID:9468
- C:\Windows\System\sWlXuJI.exe
  C:\Windows\System\sWlXuJI.exe
  2⤵
  PID:9544
- C:\Windows\System\ZFwJusQ.exe
  C:\Windows\System\ZFwJusQ.exe
  2⤵
  PID:9596
- C:\Windows\System\VHpgyQi.exe
  C:\Windows\System\VHpgyQi.exe
  2⤵
  PID:9648
- C:\Windows\System\uoHUkFK.exe
  C:\Windows\System\uoHUkFK.exe
  2⤵
  PID:9852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\HYeDGiO.exe

Filesize
6.0MB

MD5
9fc827b0078345219362115c83c67299

SHA1
aac61ec1ec6bfc668f079a4208940ec3c64dd092

SHA256
ca3cdb788c087d30e857c5646408f8634d94d93e161cf530179cf39d99a1176d

SHA512
8e9f2dbea11323ee1dec60ab44198af7dc18d7d78a10a5d3e3d5abe8703255235dcf0cf6f00e207b8b2f4439951a11a8a282f279bf0b09014fabc05c7491c93c

Download Submit
C:\Windows\system\KUDuypi.exe

Filesize
6.0MB

MD5
acc95427e59d286700d49d0627e7fee3

SHA1
575ca6b5698015beb125668d68d37ed355e59f03

SHA256
61dbcdac88f7deb5eb8545b94017124ada22cf51acbed30ca86dde547a22575c

SHA512
afda2fbdcf6f070ef3d482b3cc7a08c6e061078649e60580de8c85c15cc5a7bfff49cbc3086fe24797ea483704ef50960a842b4f06d5c5a8f18ce03f1d2bb87c

Download Submit
C:\Windows\system\KoKyrUD.exe

Filesize
6.0MB

MD5
ef58ce6358dee016efa09a508a688080

SHA1
fcf77f2c0e35d841f1271d2a8fdcdf680a428fce

SHA256
a5d817facdd062e2e9669b203ee23cc49a93289eb8bbeb55bf3fab9e9d8f9651

SHA512
f5578a583baed0f5b5ee4665adda9c3ddbc4763d95876dd37e808e058f9eaaf8b1955eda1d8432f0ab0cd6a85e10d12208fa81f90540836f06e35d73610ded4a

Download Submit
C:\Windows\system\PYVHZfL.exe

Filesize
6.0MB

MD5
a1d0e1c3e038f112f7dd1f6f8c5f0024

SHA1
9d5caff27fdcf7ddd6aa44aaa94428f3346b759d

SHA256
76025b5ef64a16ebe3c2f06edc1be22fcf24b3689bf3f03e8c9cb9149bd7fcad

SHA512
ce110d7964d4a1a74cdff56da196e3e813aa2df63ad3f24ce46f06427bf1958eaad02403169cfa3b494d4c8f570a69fea38b16d54f9ed511d87caf129a5e77bd

Download Submit
C:\Windows\system\QCgRaCd.exe

Filesize
6.0MB

MD5
ad2e8c2d763078d12a4a3dd4b710adb1

SHA1
973cf4653c357286af4b0cc4632d647558f652d2

SHA256
21a436a0a9daf41f537ece79183f37fedec3f89b40fe3324f4286b6909117f85

SHA512
d14123a1d525c36c3d03fd909e61bd085dfd77f0b1912278fac084eda1068b0832ea0cfeee48ac64507dd52aba9acfe35a60a7892296fcb7004b12cb8634f48f

Download Submit
C:\Windows\system\QKlHDaw.exe

Filesize
6.0MB

MD5
8a59eee554da36e486a79fedd83e573d

SHA1
6855a28d9ddb77ad799e351bb8d5a561a4d64420

SHA256
9cd8e45aa493a84e063d348cd359b2adb783139f7a0755a71a67532d9338e2ba

SHA512
709314123de68b7ecbbc729c4a7accd6ab6964f59df1a87c0edb75f42db1879d42e0d998123099ad05f9a2876f82d9513f16fccfd52faa0d82d8c24dbe4dde1e

Download Submit
C:\Windows\system\SnenOEX.exe

Filesize
8B

MD5
2e44aa507959b1bce97f8f21d37609c5

SHA1
873c017c84db9d139743c00ad0377a752577ee1f

SHA256
e9d77b03259d4a224bd233da4004dc6f1c60d59542c36f1a26a6a33348c54a78

SHA512
fb25f4b7fd4b162d83cbab07ce22debea6df8776184290940e7b5722719fbf28a520034531bfc7ffe4699052391dffd3300477e9c2eae5eebbd2c09f9fcebd90

Download Submit
C:\Windows\system\VIosqoE.exe

Filesize
6.0MB

MD5
907a36db40f005d8270ddf70f3615584

SHA1
b599991aa00b64c8f04a6277e2fac7b5abcd2f2a

SHA256
769e409c3e47fa501db46a544a93b9d8ac262c3ddc81169026ee49cb66cfb99a

SHA512
9485b8d13adeb3b56e758534008d58db09146abafa4a16172ddf2c834a98a250a1013ce32e13c71264e6348895f9b3bdbfd591c0335a22fedf4a26848ada446f

Download Submit
C:\Windows\system\WMyZpTY.exe

Filesize
6.0MB

MD5
a0fc153193cdd7663f3d28d52500280b

SHA1
880a64f8715ad5876bbbdca724a0d577e5ba084e

SHA256
23376b392944a7a74a5d4e22623b382d367ee15d62bfaa9f33043a38d24885a2

SHA512
9783f25d1c1d2d1336aba412d8ebd7fb888cdeed6a60829f69c7ffad5d0e4eea6ff8101c00985d4a002ee4239df2adf7ca96fc661c903250396877fa535c7d5d

Download Submit
C:\Windows\system\WdEVPYw.exe

Filesize
6.0MB

MD5
f9a9ffba92860f90595451eb2c590d3c

SHA1
4a42dfaeae6a6208bb5a707f423eb467046bde9d

SHA256
cf663f7a6e942650387a6d13a633db27065baef1edf9c676f6bfa66ebf129504

SHA512
85a59453a10e7e9f3c6cdef06366933e9b58b08a54f22884d796507cf539b93ea7224405df06d0670e2addebae443b9c0cc338366f7da26509db65615f0532ff

Download Submit
C:\Windows\system\WiEPzCC.exe

Filesize
6.0MB

MD5
48270268adf724b740dad09617af972a

SHA1
d4883750b4a6da616a6c2be0e0d9ab2d41749430

SHA256
176c1c8d4fa839343dc80c5ba7876bf7b8bafdd5b3cf799b9bdd5357bc4a8d23

SHA512
c975f8a9f04dfb9a3392fa5504c832b7eab5c9d7990311ec26ca6980203ab77e2827b7fa1fd32a2a96becf86c5e4d7496b149b3aebf6c57b46f62cf7c555774d

Download Submit
C:\Windows\system\brsOCNY.exe

Filesize
6.0MB

MD5
6bed9023b54466296c35c7c678ed177e

SHA1
70487c980836f7636f1d1fcb8615e738a5f4d7c5

SHA256
cdf42c15031a42fcf1e2a1e6c00950f3af8eb2cf670f1abc9ac849c579e27671

SHA512
4b634724ec49c187e9e393c3b77da497e10004523169872d6aa980dd8296f8e973ce2e86215df136786c13262ce93c52b65dc7debede5fd00ab38b50a4c93159

Download Submit
C:\Windows\system\clBwpYi.exe

Filesize
6.0MB

MD5
c021ada640cd6757ef6d980d7cb1ee80

SHA1
f9a8d5e34b040fba5b216650c7c51e1f56641a82

SHA256
06c8f280932e71b05f0dfde40b24add7a37f44e94a88eb4b2d6d98a5985ee4b7

SHA512
cb2abaa7d52d7ae0873b76efce3cf905bbbc921303775bcdbed3fdf343569eec18d41ebb1ec50f7eb180ef08de17342ba6baf664f4601e63797460f5084530ef

Download Submit
C:\Windows\system\egKVrZL.exe

Filesize
6.0MB

MD5
6d480742cc5e20bf8c3d5806833bb28c

SHA1
29ee0259bd41afce3c83b098e55e1613e0c113c7

SHA256
7753686fdfd697cd3b446395e28ecef867cec49c30b6e17a461363067cc1d543

SHA512
912ca932affb2ae2c91809e35c981a3ba1d646ad15d0fbc96388239616c18cebe2f3556636af917950a3c97157bb0ce82d03744a55fe180b6b2eb2e07bb78cd8

Download Submit
C:\Windows\system\fFCZRxZ.exe

Filesize
6.0MB

MD5
5c48f35b8e54f973841365d7ce11a775

SHA1
3993822a9349ffb20a24ff5dd45925f0d46d8dec

SHA256
9c944a9acfab270e5b40d2de26ace2826fd87bbd8a52053d069ceafa78f4cd68

SHA512
b3ce5148e766ca1730797131b04558c8e9ede4280bc133bde584e781a535e663ce78a47f8be5961df83dcbff17dd4827984f4331b75ad3c9003894f616425c25

Download Submit
C:\Windows\system\femBzVx.exe

Filesize
6.0MB

MD5
0576668d9aeb8e41bd8ba1a9f48e2a9b

SHA1
9260a919f096f2650f1c9bbacc9f34d3332267e8

SHA256
89a48f464650f5e78687a8b30b19ec100888e69e3c60a39a3795507219b9e608

SHA512
a65b49a13e6ce29a6321c087422ef98c7fb72f9877e2bbbc0f5bd4093226d1bf6908d4e72fb58d552d73dc13f12787fcfc9afe49056ae7816d78d8ab11b6c879

Download Submit
C:\Windows\system\jEIGHPe.exe

Filesize
6.0MB

MD5
d3c79da6053401e682bc9eeaff401644

SHA1
c4299308d196ea65e5be0f596cb2b0d5f3eea180

SHA256
f520d89cabd326875cc3d712c3ac07149e3cf7cb1036998acc5ce9dd19832dad

SHA512
f36a0d15f31bb60064b83592ce7e1712cc4a7d449b2f9ad56adf94323faa8bcab71b418ed307453627233aae689c1486b2ce65a1389156152bf4d466bed0b428

Download Submit
C:\Windows\system\jFuDeaH.exe

Filesize
6.0MB

MD5
010cc525cc7d76d6a5813d1c1bbc1026

SHA1
9dbf313c09acaac849f6cdb94c5534194119dc59

SHA256
86fff64fc29da76c054d4fd5604d4daa869ef863aeef2fac8e280f274170e7ba

SHA512
7bfb82fe484b0689d6143825509f3e6ae00d9387cbeb9ecf66356d2c06b2b98f481cec9b253a3c0f01917dcc9be229f37a514f4a520a2ddebe8c7c41c227cc3b

Download Submit
C:\Windows\system\jMNCRFd.exe

Filesize
6.0MB

MD5
5345a16852bc0ab96a9bde445ed2fe9e

SHA1
3bf8175cf4bd456d6cde147115c106029d952822

SHA256
9eb4826657762cc461174d039c5ef560fb1d1cbcb2a9d854629773209d5cb934

SHA512
46795f4b0bcdb441ee4bcaf434e1cbd4288eb9926ee7eb6ad66d820944b9a52dd1c4e70c2271e5099d5b1ee4891b48aea75f89eb9ba6e1e7d7044463ea2db6d6

Download Submit
C:\Windows\system\jsFBPyO.exe

Filesize
6.0MB

MD5
92c96f5ef396676c0fdc03cc13e49796

SHA1
fef658aa45f1725fb49f6f7839925f46f9a8c97b

SHA256
f9f44752290809a7a0a9cbf4cc3670b0791ed546c9bcee100b6cdae1d527a362

SHA512
16cbb007bfcd295b58b29159a56a93f9610380ec7a2c3b0225272e8920d82d6ded0a4c66ba46d6690a23f0435bcd046babf744a41e6a915c36528e13cd630c62

Download Submit
C:\Windows\system\kDTHIQN.exe

Filesize
6.0MB

MD5
20008912020419b9203b2986b1616c95

SHA1
0ba4d2a28a98f8a7ac800865af13b56841b40af4

SHA256
fcc2edb713d3eec9b3d0fd182b7503f2628cf1970f6b355b98b783de1374bb40

SHA512
e576f616ef4eb402ebf868a3881c1e7b8328732780ce7eefc60a9e2865dc1ffa0100ccd8afb8f8e684171e3aa15f8065a82b52a6daa84fe91f75bd2f7793314f

Download Submit
C:\Windows\system\lsielWQ.exe

Filesize
6.0MB

MD5
47bf1453affef53a84c4febaa9ee3e4d

SHA1
ec4663a1cb8254e9ebc9f3c8f9b7a65783980812

SHA256
f9ece3798a24ad87e75c86b7f27ca5a723500e6ef9ff802a13a2d701ec6da50b

SHA512
8c31a8cbfce98f2c87ef45caefc4c679566684b7fa12fcd96f22ebf66f8c6fff3e96188e1b5f78268f5f56322409a11e5060d9b7060a7de11764404b38e2c0f0

Download Submit
C:\Windows\system\ojlxFUr.exe

Filesize
6.0MB

MD5
a3ad478e6407a7c57915308c74b5b481

SHA1
44e3b5a5f7912da776c0b78a8186a1c4782506ae

SHA256
c87a9ce4b158447903a82f267aac651facea395d0155cc0614ec2f07274c77f6

SHA512
29baba933b6b14a7deeda5604a209b639a94cf1746da626b1a419e7b5b806fbd52eadb4ad0b74a9e610503dcc55745ff16039c45c5620c7caed428f6d549721d

Download Submit
C:\Windows\system\pkiObwz.exe

Filesize
6.0MB

MD5
5435ef182596e21f6469ab008c97bec0

SHA1
fb3dc7dfc3dc2babadefd7b5df60ad89dec13c1b

SHA256
e1f62f828ed4252db23870857aff105aa4e1cbdd521b0b06364439e6bd9c4e85

SHA512
d00f13fd490a90f4d63b70ebc62a97c28cd7b9c50a9cd65d5bc168dd010833d3052ba73e0f22ac53d44e341e822af5a35517ed570cfe03a497480e68db43add9

Download Submit
C:\Windows\system\vRiecoS.exe

Filesize
6.0MB

MD5
33db95a62a80e37f4146951508152fe0

SHA1
1670d9d156b1a783b8dec3f7c2c3eacd14e7ce3f

SHA256
2cfc96c208cd8c15450c5c08fe1c6cef7ac049dc535e6ef0a13bcbcf56e55962

SHA512
e0033927b8031d9806d816340593dffe3ae842cc1a292ef3ca67e58c7b98ab7966c5069c864919ee93c218e2391cc61a51e075405beb9175d80b50661fc8a050

Download Submit
C:\Windows\system\xUtLimB.exe

Filesize
6.0MB

MD5
9a32a113a95d103123c90452d52f59ab

SHA1
fc97bd5649023112dc82c12c3ea8c3d48ae68687

SHA256
5686ac855e6dd4c0a058120e68862f303c28d26a2be0958b4cde4d9df1d34229

SHA512
0501eb0bfe2261f8a351ddde1474684fa656398ba9e682ed15ce8da92ad14358e23fb9c2f600d5677d06465ca616ea660ec3c26747d30165fc420547a1e644b8

Download Submit
C:\Windows\system\ySsqYyY.exe

Filesize
6.0MB

MD5
6a9e7093ed6cffa47576b95bb9a80818

SHA1
edca7edab9624f3365e8eff6303523fada2f2775

SHA256
2bc32d518064cc905eca8eb4795603416dbf4e989ad14e9ced7496629bbd087d

SHA512
28fbb7fc26f8d1782d8eba5005d2a600e18c309c32dc855ba3c9b353a0d7a6562a83fa7ef79849d41a9150180af89d4c5a1de8664738758337ecd8a92bf6b1cc

Download Submit
C:\Windows\system\yUZNjsJ.exe

Filesize
6.0MB

MD5
f686ec201838a91270f1638f0c30e2c1

SHA1
47e5fd1a679556dc79236bb16148bae786b34b64

SHA256
8611678110953d4a59a02bb518d2dd1998df5840e5fe34247623e4841b35b111

SHA512
a79d2aa363d6bc116765e82f22860b5f52b2625807f06173a0c4da8b2983313c1ad883dedd4cae64c26426940bf22bb56b8b96b19792cd583076ed1f76c27ac8

Download Submit
C:\Windows\system\yuuPvOH.exe

Filesize
6.0MB

MD5
58682b570d748366f6aefc014d77dcf7

SHA1
534c18b77f814fce04540abc1a6935c2eff56cc5

SHA256
51ea70012c4f05048f02b81bbe52873be9a8bc3410631b3c363c97457e26276f

SHA512
aa469a3dc9cccfbc21ac36f840d07c41833bfc1211314dee593acee0e4fc762c52ade7b65ce2254a6f9fd459a56cd9b7d16121a1412a63695c0790daf576a52c

Download Submit
\Windows\system\CYoJzDR.exe

Filesize
6.0MB

MD5
9d43e85c907e2b4998dbe6305e70ba8d

SHA1
3c569283e36da171058313a3d48af324beccf380

SHA256
c447603345b004e114726331adf6b224466b324a6b6751a680af4d12175e2e4d

SHA512
2631e3b0e541a703bcf71dc8e2624839c5a7dbea20974a8acbbe1faa972b4e924b8b8478c978c39ded68afb51b564c284b03d6f04b6e153b474de1aa29563bbd

Download Submit
\Windows\system\HOWesTy.exe

Filesize
6.0MB

MD5
41c29a113e6bfb23d90d663b996269de

SHA1
59b7db26f7681296eb27caf6a66ecde4a68445a1

SHA256
4c47b0da192784dd799911d23a3dd4185341ffe46ef9a81ec8c70567a7a0f40a

SHA512
f109dc1ecbde04951cd950d84ebba25bb0e7b5b04633120f1a638cc22ae04c557be4e28a3ca916f860fcfded5e0c197c3f824ba262f577594e5a35385a8a7fb9

Download Submit
\Windows\system\HpFAxAV.exe

Filesize
6.0MB

MD5
7803b6761dc6187860201c54d71316cd

SHA1
035e04af95bd1c02f0519ceb362b088b6fa1d5e1

SHA256
7962f8a9bed5c9223acb6baa79e365dd65f2c5089c0201694a8163ec40228586

SHA512
55575405309d2a221e5e2e7d50733524006a99e2b22fdb8cf963def811b4eae13dfe3bf8f71320da6ef086f905cea5f6bbd648fa44238b8785ece7bd0d7cfbf3

Download Submit
\Windows\system\aNtwUcG.exe

Filesize
6.0MB

MD5
1573002feb504f0edf8dde0bf59c40f4

SHA1
4c0d93311f4c8304bbedb49eff919e1fe18d7da5

SHA256
4ddfe165ac936e41cb22ce0b310400a41da1b7ec0f3b4f93f2a0395185b86788

SHA512
e02e161d347a94002d1d11b73d30f4feabc738dced19db4acea4459aa436da59c83cdfc2aff8a151ffc4509e98492da1bdae7253f9bb3e2583451797fa93c70c

Download Submit
memory/768-529-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/800-1805-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/800-61-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/800-2010-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/800-2007-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/800-0-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/800-1804-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/800-1800-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/800-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/800-738-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/800-23-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/800-15-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/800-532-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/800-531-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/800-530-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/800-1062-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/800-40-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/800-524-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/800-520-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/800-45-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/800-1787-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/800-527-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1732-18-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-4050-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2024-525-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2104-48-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2364-523-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2364-4039-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2388-3999-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-47-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-517-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-4057-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-514-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2620-66-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-20-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-4003-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-1349-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2664-55-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2692-34-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-613-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2788-27-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2792-4034-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-513-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/3056-8-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/3056-4027-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/3056-52-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download