cobaltstrike | e30a6c68597afd381803f784e1954c52034e0815b9727aee05dbc86864f54e04

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-12-2024 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8868c51ad358a872b2b44c92fc961218
SHA1

5562018fd94f930f74293ffe64fd2d738532a61a
SHA256

e30a6c68597afd381803f784e1954c52034e0815b9727aee05dbc86864f54e04
SHA512

86153f8b052ae9b1674fb8d28247bc03beb2942f0b5838f3fe8c24c7f9ca19b8eff2dda2ee02c6b4fc438e4a519063085bc2b78acd95b2743c70b91f685bd20e
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUE:T+q56utgpPF8u/7E

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001227e-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c4a-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cc8-17.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cec-24.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d06-27.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d0e-32.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000171a8-39.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174cc-59.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e4-71.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-79.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878f-99.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019023-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-112.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019282-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a5-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018784-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001873d-91.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018728-87.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186fd-83.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ea-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018683-67.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018676-63.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017492-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-51.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173a9-47.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173a7-43.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d18-35.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c51-15.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 47 IoCs

miner

resource	yara_rule
behavioral1/memory/2496-0-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x000a00000001227e-6.dat	xmrig
behavioral1/files/0x0008000000016c4a-9.dat	xmrig
behavioral1/files/0x0007000000016cc8-17.dat	xmrig
behavioral1/files/0x0007000000016cec-24.dat	xmrig
behavioral1/files/0x0007000000016d06-27.dat	xmrig
behavioral1/files/0x0009000000016d0e-32.dat	xmrig
behavioral1/files/0x00060000000171a8-39.dat	xmrig
behavioral1/files/0x00060000000174cc-59.dat	xmrig
behavioral1/files/0x00050000000186e4-71.dat	xmrig
behavioral1/files/0x00050000000186ee-79.dat	xmrig
behavioral1/files/0x000500000001878f-99.dat	xmrig
behavioral1/files/0x0006000000019023-105.dat	xmrig
behavioral1/files/0x00050000000193e1-132.dat	xmrig
behavioral1/files/0x00050000000193b4-126.dat	xmrig
behavioral1/files/0x0005000000019334-119.dat	xmrig
behavioral1/files/0x0005000000019261-112.dat	xmrig
behavioral1/files/0x00050000000193c2-137.dat	xmrig
behavioral1/files/0x000500000001941e-135.dat	xmrig
behavioral1/files/0x0005000000019350-125.dat	xmrig
behavioral1/files/0x0005000000019282-117.dat	xmrig
behavioral1/files/0x000500000001925e-110.dat	xmrig
behavioral1/files/0x00050000000187a5-103.dat	xmrig
behavioral1/files/0x0005000000018784-95.dat	xmrig
behavioral1/files/0x000500000001873d-91.dat	xmrig
behavioral1/files/0x0005000000018728-87.dat	xmrig
behavioral1/files/0x00050000000186fd-83.dat	xmrig
behavioral1/files/0x00050000000186ea-75.dat	xmrig
behavioral1/files/0x0005000000018683-67.dat	xmrig
behavioral1/files/0x000d000000018676-63.dat	xmrig
behavioral1/files/0x0006000000017492-55.dat	xmrig
behavioral1/files/0x0006000000017488-51.dat	xmrig
behavioral1/files/0x00060000000173a9-47.dat	xmrig
behavioral1/files/0x00060000000173a7-43.dat	xmrig
behavioral1/files/0x0008000000016d18-35.dat	xmrig
behavioral1/files/0x0008000000016c51-15.dat	xmrig
behavioral1/memory/2524-2219-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2496-2367-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2396-2352-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2192-2477-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2340-2584-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2496-3048-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2340-3990-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2524-3992-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/1564-3993-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2192-3994-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2396-3995-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2340	yJFOstk.exe
2524	VEYysHE.exe
2396	CtZdyVM.exe
2192	tRqjBbx.exe
1564	sBRAiDV.exe
2752	btBRJru.exe
2812	QuVwcZS.exe
2964	vPcnJtg.exe
2736	DUFezxy.exe
2772	RQetiSL.exe
2892	tTcWQKk.exe
2632	hJJwLaZ.exe
2784	mIFODhd.exe
1624	msKuYvq.exe
2624	qnJozrw.exe
2680	DBdhWEW.exe
3032	vCmXdcU.exe
2500	cLSWFxu.exe
1992	VgDnJss.exe
1104	DjgQyuo.exe
1380	DmEqWKx.exe
1184	fiAjZwx.exe
2036	nYamAlr.exe
1704	jknpmXe.exe
1892	iKekzjz.exe
2004	KdTaJmw.exe
2676	YGGYGgk.exe
3064	cEDbYFB.exe
1708	tnhESGC.exe
2648	EfXVdds.exe
1868	elIQCBb.exe
280	SogWtmI.exe
2668	RiqxLMs.exe
2448	TcUbTVs.exe
2124	uXEDGeK.exe
848	FNjQmIv.exe
2196	TpkgBps.exe
1084	Tjqrpds.exe
2308	PcsgxOT.exe
2984	dLeEbIv.exe
2040	cmpkZKn.exe
1272	ZnPSpqX.exe
560	GqMwNrV.exe
1664	aIpemtd.exe
2932	oJmjfEn.exe
976	nuEjtBs.exe
1448	iODmOzR.exe
2284	CafRlcB.exe
2356	oMYSfRP.exe
2948	ixZlnJv.exe
2264	VwhXDuo.exe
1456	oKmNCKo.exe
1512	Yxoxceu.exe
1896	vApsmfp.exe
2476	ethOPGk.exe
2716	VrBNnIX.exe
2352	ZPoTonJ.exe
1632	gbKhduc.exe
2268	rcKFxfP.exe
2464	GSGqyNV.exe
2228	stKPwMK.exe
2768	xTcfWmm.exe
2512	hydGyAL.exe
2880	uasrmDV.exe

Loads dropped DLL 64 IoCs

pid	Process
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 46 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2496-0-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x000a00000001227e-6.dat	upx
behavioral1/files/0x0008000000016c4a-9.dat	upx
behavioral1/files/0x0007000000016cc8-17.dat	upx
behavioral1/files/0x0007000000016cec-24.dat	upx
behavioral1/files/0x0007000000016d06-27.dat	upx
behavioral1/files/0x0009000000016d0e-32.dat	upx
behavioral1/files/0x00060000000171a8-39.dat	upx
behavioral1/files/0x00060000000174cc-59.dat	upx
behavioral1/files/0x00050000000186e4-71.dat	upx
behavioral1/files/0x00050000000186ee-79.dat	upx
behavioral1/files/0x000500000001878f-99.dat	upx
behavioral1/files/0x0006000000019023-105.dat	upx
behavioral1/files/0x00050000000193e1-132.dat	upx
behavioral1/files/0x00050000000193b4-126.dat	upx
behavioral1/files/0x0005000000019334-119.dat	upx
behavioral1/files/0x0005000000019261-112.dat	upx
behavioral1/files/0x00050000000193c2-137.dat	upx
behavioral1/files/0x000500000001941e-135.dat	upx
behavioral1/files/0x0005000000019350-125.dat	upx
behavioral1/files/0x0005000000019282-117.dat	upx
behavioral1/files/0x000500000001925e-110.dat	upx
behavioral1/files/0x00050000000187a5-103.dat	upx
behavioral1/files/0x0005000000018784-95.dat	upx
behavioral1/files/0x000500000001873d-91.dat	upx
behavioral1/files/0x0005000000018728-87.dat	upx
behavioral1/files/0x00050000000186fd-83.dat	upx
behavioral1/files/0x00050000000186ea-75.dat	upx
behavioral1/files/0x0005000000018683-67.dat	upx
behavioral1/files/0x000d000000018676-63.dat	upx
behavioral1/files/0x0006000000017492-55.dat	upx
behavioral1/files/0x0006000000017488-51.dat	upx
behavioral1/files/0x00060000000173a9-47.dat	upx
behavioral1/files/0x00060000000173a7-43.dat	upx
behavioral1/files/0x0008000000016d18-35.dat	upx
behavioral1/files/0x0008000000016c51-15.dat	upx
behavioral1/memory/2524-2219-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2396-2352-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2192-2477-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2340-2584-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2496-3048-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2340-3990-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2524-3992-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/1564-3993-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2192-3994-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2396-3995-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TxzAfxj.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XLCmvEY.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCBvrFm.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WyGPvgm.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iODmOzR.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lVJrtle.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KUcNirL.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sFXYxnH.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FrryCVe.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sgDECAv.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EACiqoV.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WsfXitX.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpwfQfw.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vCmXdcU.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ufhQelt.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UVKASBP.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jQWuBkD.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\svNMbAl.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pLUAigy.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wTfofrB.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mpKpJYy.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XMWnvMX.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\atIIQew.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kgSEeut.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OlQxUTv.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVMHTZg.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JXvrnuH.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DsHEzei.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqGYtRk.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EWUeLNw.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VVKzdrX.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ITbXexI.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OgHoHhY.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eOsMVXf.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GWsseJE.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBpgVmA.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JUFqjpp.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QCNwwdU.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eXstkgT.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSDRSHJ.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdRlgfh.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VYgKaQE.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AVChMCD.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYkVcyA.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OdnukKA.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zNYEkTZ.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vTUfNth.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XJttahR.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yihwSmr.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DPyBCaD.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hDzYOZo.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dpVTHoF.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oUyIIaX.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CtZdyVM.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UKJwjof.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TqChIfN.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftsWuTR.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xGdOpCR.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PoOTlkH.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KFYZAiJ.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhcOZEf.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cKCduaH.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SogWtmI.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MMlHvBu.exe	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2340	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2496 wrote to memory of 2340	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2496 wrote to memory of 2340	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2496 wrote to memory of 2396	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2496 wrote to memory of 2396	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2496 wrote to memory of 2396	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2496 wrote to memory of 2524	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2496 wrote to memory of 2524	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2496 wrote to memory of 2524	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2496 wrote to memory of 2192	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2496 wrote to memory of 2192	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2496 wrote to memory of 2192	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2496 wrote to memory of 1564	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2496 wrote to memory of 1564	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2496 wrote to memory of 1564	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2496 wrote to memory of 2752	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2496 wrote to memory of 2752	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2496 wrote to memory of 2752	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2496 wrote to memory of 2812	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2496 wrote to memory of 2812	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2496 wrote to memory of 2812	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2496 wrote to memory of 2964	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2496 wrote to memory of 2964	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2496 wrote to memory of 2964	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2496 wrote to memory of 2736	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2496 wrote to memory of 2736	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2496 wrote to memory of 2736	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2496 wrote to memory of 2772	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2496 wrote to memory of 2772	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2496 wrote to memory of 2772	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2496 wrote to memory of 2892	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2496 wrote to memory of 2892	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2496 wrote to memory of 2892	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2496 wrote to memory of 2632	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2496 wrote to memory of 2632	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2496 wrote to memory of 2632	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2496 wrote to memory of 2784	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2496 wrote to memory of 2784	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2496 wrote to memory of 2784	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2496 wrote to memory of 1624	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2496 wrote to memory of 1624	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2496 wrote to memory of 1624	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2496 wrote to memory of 2624	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2496 wrote to memory of 2624	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2496 wrote to memory of 2624	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2496 wrote to memory of 2680	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2496 wrote to memory of 2680	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2496 wrote to memory of 2680	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2496 wrote to memory of 3032	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2496 wrote to memory of 3032	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2496 wrote to memory of 3032	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2496 wrote to memory of 2500	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2496 wrote to memory of 2500	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2496 wrote to memory of 2500	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2496 wrote to memory of 1992	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2496 wrote to memory of 1992	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2496 wrote to memory of 1992	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2496 wrote to memory of 1104	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2496 wrote to memory of 1104	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2496 wrote to memory of 1104	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2496 wrote to memory of 1380	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2496 wrote to memory of 1380	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2496 wrote to memory of 1380	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2496 wrote to memory of 1184	2496	2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-19_8868c51ad358a872b2b44c92fc961218_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Windows\System\yJFOstk.exe
  C:\Windows\System\yJFOstk.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\CtZdyVM.exe
  C:\Windows\System\CtZdyVM.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\VEYysHE.exe
  C:\Windows\System\VEYysHE.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\tRqjBbx.exe
  C:\Windows\System\tRqjBbx.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\sBRAiDV.exe
  C:\Windows\System\sBRAiDV.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\btBRJru.exe
  C:\Windows\System\btBRJru.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\QuVwcZS.exe
  C:\Windows\System\QuVwcZS.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\vPcnJtg.exe
  C:\Windows\System\vPcnJtg.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\DUFezxy.exe
  C:\Windows\System\DUFezxy.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\RQetiSL.exe
  C:\Windows\System\RQetiSL.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\tTcWQKk.exe
  C:\Windows\System\tTcWQKk.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\hJJwLaZ.exe
  C:\Windows\System\hJJwLaZ.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\mIFODhd.exe
  C:\Windows\System\mIFODhd.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\msKuYvq.exe
  C:\Windows\System\msKuYvq.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\qnJozrw.exe
  C:\Windows\System\qnJozrw.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\DBdhWEW.exe
  C:\Windows\System\DBdhWEW.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\vCmXdcU.exe
  C:\Windows\System\vCmXdcU.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\cLSWFxu.exe
  C:\Windows\System\cLSWFxu.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\VgDnJss.exe
  C:\Windows\System\VgDnJss.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\DjgQyuo.exe
  C:\Windows\System\DjgQyuo.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\DmEqWKx.exe
  C:\Windows\System\DmEqWKx.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\fiAjZwx.exe
  C:\Windows\System\fiAjZwx.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\nYamAlr.exe
  C:\Windows\System\nYamAlr.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\jknpmXe.exe
  C:\Windows\System\jknpmXe.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\iKekzjz.exe
  C:\Windows\System\iKekzjz.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\elIQCBb.exe
  C:\Windows\System\elIQCBb.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\KdTaJmw.exe
  C:\Windows\System\KdTaJmw.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\SogWtmI.exe
  C:\Windows\System\SogWtmI.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\YGGYGgk.exe
  C:\Windows\System\YGGYGgk.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\RiqxLMs.exe
  C:\Windows\System\RiqxLMs.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\cEDbYFB.exe
  C:\Windows\System\cEDbYFB.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\TcUbTVs.exe
  C:\Windows\System\TcUbTVs.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\tnhESGC.exe
  C:\Windows\System\tnhESGC.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\uXEDGeK.exe
  C:\Windows\System\uXEDGeK.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\EfXVdds.exe
  C:\Windows\System\EfXVdds.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\FNjQmIv.exe
  C:\Windows\System\FNjQmIv.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\TpkgBps.exe
  C:\Windows\System\TpkgBps.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\Tjqrpds.exe
  C:\Windows\System\Tjqrpds.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\PcsgxOT.exe
  C:\Windows\System\PcsgxOT.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\dLeEbIv.exe
  C:\Windows\System\dLeEbIv.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\cmpkZKn.exe
  C:\Windows\System\cmpkZKn.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\ZnPSpqX.exe
  C:\Windows\System\ZnPSpqX.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\GqMwNrV.exe
  C:\Windows\System\GqMwNrV.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\aIpemtd.exe
  C:\Windows\System\aIpemtd.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\oJmjfEn.exe
  C:\Windows\System\oJmjfEn.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\nuEjtBs.exe
  C:\Windows\System\nuEjtBs.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\iODmOzR.exe
  C:\Windows\System\iODmOzR.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\oKmNCKo.exe
  C:\Windows\System\oKmNCKo.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\CafRlcB.exe
  C:\Windows\System\CafRlcB.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\vApsmfp.exe
  C:\Windows\System\vApsmfp.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\oMYSfRP.exe
  C:\Windows\System\oMYSfRP.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\ZPoTonJ.exe
  C:\Windows\System\ZPoTonJ.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\ixZlnJv.exe
  C:\Windows\System\ixZlnJv.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\gbKhduc.exe
  C:\Windows\System\gbKhduc.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\VwhXDuo.exe
  C:\Windows\System\VwhXDuo.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\rcKFxfP.exe
  C:\Windows\System\rcKFxfP.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\Yxoxceu.exe
  C:\Windows\System\Yxoxceu.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\GSGqyNV.exe
  C:\Windows\System\GSGqyNV.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\ethOPGk.exe
  C:\Windows\System\ethOPGk.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\stKPwMK.exe
  C:\Windows\System\stKPwMK.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\VrBNnIX.exe
  C:\Windows\System\VrBNnIX.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\xTcfWmm.exe
  C:\Windows\System\xTcfWmm.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\hydGyAL.exe
  C:\Windows\System\hydGyAL.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\gMgamjF.exe
  C:\Windows\System\gMgamjF.exe
  2⤵
  PID:2612
- C:\Windows\System\uasrmDV.exe
  C:\Windows\System\uasrmDV.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\NeaSRuB.exe
  C:\Windows\System\NeaSRuB.exe
  2⤵
  PID:2032
- C:\Windows\System\BqRpVOM.exe
  C:\Windows\System\BqRpVOM.exe
  2⤵
  PID:1188
- C:\Windows\System\IwrrPAV.exe
  C:\Windows\System\IwrrPAV.exe
  2⤵
  PID:1784
- C:\Windows\System\pIFAeIW.exe
  C:\Windows\System\pIFAeIW.exe
  2⤵
  PID:2248
- C:\Windows\System\yznXAnq.exe
  C:\Windows\System\yznXAnq.exe
  2⤵
  PID:2444
- C:\Windows\System\AVChMCD.exe
  C:\Windows\System\AVChMCD.exe
  2⤵
  PID:2592
- C:\Windows\System\YtOTHXQ.exe
  C:\Windows\System\YtOTHXQ.exe
  2⤵
  PID:3048
- C:\Windows\System\VLttmYF.exe
  C:\Windows\System\VLttmYF.exe
  2⤵
  PID:1640
- C:\Windows\System\xrsTrqs.exe
  C:\Windows\System\xrsTrqs.exe
  2⤵
  PID:1828
- C:\Windows\System\ILTsJpS.exe
  C:\Windows\System\ILTsJpS.exe
  2⤵
  PID:1580
- C:\Windows\System\QkZZHIE.exe
  C:\Windows\System\QkZZHIE.exe
  2⤵
  PID:612
- C:\Windows\System\QjvsmFM.exe
  C:\Windows\System\QjvsmFM.exe
  2⤵
  PID:920
- C:\Windows\System\rHnIjQj.exe
  C:\Windows\System\rHnIjQj.exe
  2⤵
  PID:1920
- C:\Windows\System\WFhcWAc.exe
  C:\Windows\System\WFhcWAc.exe
  2⤵
  PID:1044
- C:\Windows\System\gPZjqHH.exe
  C:\Windows\System\gPZjqHH.exe
  2⤵
  PID:2920
- C:\Windows\System\KqljHTn.exe
  C:\Windows\System\KqljHTn.exe
  2⤵
  PID:2532
- C:\Windows\System\jEnsgRb.exe
  C:\Windows\System\jEnsgRb.exe
  2⤵
  PID:888
- C:\Windows\System\TxzAfxj.exe
  C:\Windows\System\TxzAfxj.exe
  2⤵
  PID:2368
- C:\Windows\System\DSsVeuX.exe
  C:\Windows\System\DSsVeuX.exe
  2⤵
  PID:2576
- C:\Windows\System\mYkaVTG.exe
  C:\Windows\System\mYkaVTG.exe
  2⤵
  PID:2424
- C:\Windows\System\NfiwJei.exe
  C:\Windows\System\NfiwJei.exe
  2⤵
  PID:1484
- C:\Windows\System\vWReZwS.exe
  C:\Windows\System\vWReZwS.exe
  2⤵
  PID:2852
- C:\Windows\System\nsKuIFI.exe
  C:\Windows\System\nsKuIFI.exe
  2⤵
  PID:316
- C:\Windows\System\kgPKXpQ.exe
  C:\Windows\System\kgPKXpQ.exe
  2⤵
  PID:2420
- C:\Windows\System\begUoWH.exe
  C:\Windows\System\begUoWH.exe
  2⤵
  PID:1416
- C:\Windows\System\ODAzCFp.exe
  C:\Windows\System\ODAzCFp.exe
  2⤵
  PID:2460
- C:\Windows\System\tjteieE.exe
  C:\Windows\System\tjteieE.exe
  2⤵
  PID:2664
- C:\Windows\System\OmpMdcI.exe
  C:\Windows\System\OmpMdcI.exe
  2⤵
  PID:1928
- C:\Windows\System\tcBPzrj.exe
  C:\Windows\System\tcBPzrj.exe
  2⤵
  PID:2720
- C:\Windows\System\gBnqyfG.exe
  C:\Windows\System\gBnqyfG.exe
  2⤵
  PID:2400
- C:\Windows\System\HmjpqDB.exe
  C:\Windows\System\HmjpqDB.exe
  2⤵
  PID:2012
- C:\Windows\System\xXepFgo.exe
  C:\Windows\System\xXepFgo.exe
  2⤵
  PID:2636
- C:\Windows\System\jMwtDsb.exe
  C:\Windows\System\jMwtDsb.exe
  2⤵
  PID:2792
- C:\Windows\System\atIIQew.exe
  C:\Windows\System\atIIQew.exe
  2⤵
  PID:1592
- C:\Windows\System\xffnqUL.exe
  C:\Windows\System\xffnqUL.exe
  2⤵
  PID:1004
- C:\Windows\System\jVWeJOg.exe
  C:\Windows\System\jVWeJOg.exe
  2⤵
  PID:992
- C:\Windows\System\vtnFipM.exe
  C:\Windows\System\vtnFipM.exe
  2⤵
  PID:1260
- C:\Windows\System\WUmSVBK.exe
  C:\Windows\System\WUmSVBK.exe
  2⤵
  PID:1596
- C:\Windows\System\vxJskqA.exe
  C:\Windows\System\vxJskqA.exe
  2⤵
  PID:904
- C:\Windows\System\UKJwjof.exe
  C:\Windows\System\UKJwjof.exe
  2⤵
  PID:1460
- C:\Windows\System\dfziitb.exe
  C:\Windows\System\dfziitb.exe
  2⤵
  PID:2900
- C:\Windows\System\IPlkqcr.exe
  C:\Windows\System\IPlkqcr.exe
  2⤵
  PID:980
- C:\Windows\System\jJiQSex.exe
  C:\Windows\System\jJiQSex.exe
  2⤵
  PID:2528
- C:\Windows\System\jQIugFO.exe
  C:\Windows\System\jQIugFO.exe
  2⤵
  PID:1412
- C:\Windows\System\eqzzQJm.exe
  C:\Windows\System\eqzzQJm.exe
  2⤵
  PID:1516
- C:\Windows\System\Pzueebt.exe
  C:\Windows\System\Pzueebt.exe
  2⤵
  PID:2552
- C:\Windows\System\AaEpWQk.exe
  C:\Windows\System\AaEpWQk.exe
  2⤵
  PID:1480
- C:\Windows\System\WVdpBPv.exe
  C:\Windows\System\WVdpBPv.exe
  2⤵
  PID:300
- C:\Windows\System\gyDrjQj.exe
  C:\Windows\System\gyDrjQj.exe
  2⤵
  PID:448
- C:\Windows\System\XhQgwrq.exe
  C:\Windows\System\XhQgwrq.exe
  2⤵
  PID:1028
- C:\Windows\System\VVKzdrX.exe
  C:\Windows\System\VVKzdrX.exe
  2⤵
  PID:1600
- C:\Windows\System\BlbYmAz.exe
  C:\Windows\System\BlbYmAz.exe
  2⤵
  PID:2336
- C:\Windows\System\yvfilkJ.exe
  C:\Windows\System\yvfilkJ.exe
  2⤵
  PID:2652
- C:\Windows\System\wXJdDeY.exe
  C:\Windows\System\wXJdDeY.exe
  2⤵
  PID:3092
- C:\Windows\System\NXinmxF.exe
  C:\Windows\System\NXinmxF.exe
  2⤵
  PID:3108
- C:\Windows\System\pUBYjet.exe
  C:\Windows\System\pUBYjet.exe
  2⤵
  PID:3128
- C:\Windows\System\yUQRQgU.exe
  C:\Windows\System\yUQRQgU.exe
  2⤵
  PID:3144
- C:\Windows\System\VFYhpAE.exe
  C:\Windows\System\VFYhpAE.exe
  2⤵
  PID:3164
- C:\Windows\System\pYkVcyA.exe
  C:\Windows\System\pYkVcyA.exe
  2⤵
  PID:3188
- C:\Windows\System\cboRgYw.exe
  C:\Windows\System\cboRgYw.exe
  2⤵
  PID:3204
- C:\Windows\System\LWgPSwS.exe
  C:\Windows\System\LWgPSwS.exe
  2⤵
  PID:3224
- C:\Windows\System\OBpgVmA.exe
  C:\Windows\System\OBpgVmA.exe
  2⤵
  PID:3240
- C:\Windows\System\vgZvFAh.exe
  C:\Windows\System\vgZvFAh.exe
  2⤵
  PID:3268
- C:\Windows\System\CioEnlX.exe
  C:\Windows\System\CioEnlX.exe
  2⤵
  PID:3288
- C:\Windows\System\QuewQIq.exe
  C:\Windows\System\QuewQIq.exe
  2⤵
  PID:3308
- C:\Windows\System\tgacOYd.exe
  C:\Windows\System\tgacOYd.exe
  2⤵
  PID:3332
- C:\Windows\System\PsGikRd.exe
  C:\Windows\System\PsGikRd.exe
  2⤵
  PID:3352
- C:\Windows\System\QqpsKtJ.exe
  C:\Windows\System\QqpsKtJ.exe
  2⤵
  PID:3372
- C:\Windows\System\JoSoXMe.exe
  C:\Windows\System\JoSoXMe.exe
  2⤵
  PID:3392
- C:\Windows\System\pzRFHSg.exe
  C:\Windows\System\pzRFHSg.exe
  2⤵
  PID:3408
- C:\Windows\System\LDlYuLW.exe
  C:\Windows\System\LDlYuLW.exe
  2⤵
  PID:3424
- C:\Windows\System\fzWrAgn.exe
  C:\Windows\System\fzWrAgn.exe
  2⤵
  PID:3444
- C:\Windows\System\cBeupAr.exe
  C:\Windows\System\cBeupAr.exe
  2⤵
  PID:3464
- C:\Windows\System\OTebCtO.exe
  C:\Windows\System\OTebCtO.exe
  2⤵
  PID:3480
- C:\Windows\System\PeKguzu.exe
  C:\Windows\System\PeKguzu.exe
  2⤵
  PID:3496
- C:\Windows\System\VOhICPx.exe
  C:\Windows\System\VOhICPx.exe
  2⤵
  PID:3520
- C:\Windows\System\AHrBNyv.exe
  C:\Windows\System\AHrBNyv.exe
  2⤵
  PID:3536
- C:\Windows\System\YBrDnVU.exe
  C:\Windows\System\YBrDnVU.exe
  2⤵
  PID:3556
- C:\Windows\System\fhrSvQe.exe
  C:\Windows\System\fhrSvQe.exe
  2⤵
  PID:3572
- C:\Windows\System\JUFqjpp.exe
  C:\Windows\System\JUFqjpp.exe
  2⤵
  PID:3592
- C:\Windows\System\ZBNYHwe.exe
  C:\Windows\System\ZBNYHwe.exe
  2⤵
  PID:3608
- C:\Windows\System\MCuWqhU.exe
  C:\Windows\System\MCuWqhU.exe
  2⤵
  PID:3624
- C:\Windows\System\goxMkax.exe
  C:\Windows\System\goxMkax.exe
  2⤵
  PID:3644
- C:\Windows\System\IGYDoVR.exe
  C:\Windows\System\IGYDoVR.exe
  2⤵
  PID:3692
- C:\Windows\System\YSyQLfr.exe
  C:\Windows\System\YSyQLfr.exe
  2⤵
  PID:3712
- C:\Windows\System\wLpiUCk.exe
  C:\Windows\System\wLpiUCk.exe
  2⤵
  PID:3732
- C:\Windows\System\trpITsr.exe
  C:\Windows\System\trpITsr.exe
  2⤵
  PID:3760
- C:\Windows\System\bEJMFzR.exe
  C:\Windows\System\bEJMFzR.exe
  2⤵
  PID:3776
- C:\Windows\System\TqLhTAI.exe
  C:\Windows\System\TqLhTAI.exe
  2⤵
  PID:3796
- C:\Windows\System\UMlwlrM.exe
  C:\Windows\System\UMlwlrM.exe
  2⤵
  PID:3812
- C:\Windows\System\cAwayjR.exe
  C:\Windows\System\cAwayjR.exe
  2⤵
  PID:3836
- C:\Windows\System\umQNlZy.exe
  C:\Windows\System\umQNlZy.exe
  2⤵
  PID:3860
- C:\Windows\System\nIuQGvB.exe
  C:\Windows\System\nIuQGvB.exe
  2⤵
  PID:3880
- C:\Windows\System\NbtsDdn.exe
  C:\Windows\System\NbtsDdn.exe
  2⤵
  PID:3900
- C:\Windows\System\kgSEeut.exe
  C:\Windows\System\kgSEeut.exe
  2⤵
  PID:3916
- C:\Windows\System\WOtJoKt.exe
  C:\Windows\System\WOtJoKt.exe
  2⤵
  PID:3936
- C:\Windows\System\zMwzwvS.exe
  C:\Windows\System\zMwzwvS.exe
  2⤵
  PID:3960
- C:\Windows\System\vTQoDxS.exe
  C:\Windows\System\vTQoDxS.exe
  2⤵
  PID:3976
- C:\Windows\System\sblCQFe.exe
  C:\Windows\System\sblCQFe.exe
  2⤵
  PID:4000
- C:\Windows\System\ulTmRlV.exe
  C:\Windows\System\ulTmRlV.exe
  2⤵
  PID:4020
- C:\Windows\System\qxZSaqk.exe
  C:\Windows\System\qxZSaqk.exe
  2⤵
  PID:4040
- C:\Windows\System\ymyILbp.exe
  C:\Windows\System\ymyILbp.exe
  2⤵
  PID:4056
- C:\Windows\System\jcbixTL.exe
  C:\Windows\System\jcbixTL.exe
  2⤵
  PID:4080
- C:\Windows\System\FjLkouQ.exe
  C:\Windows\System\FjLkouQ.exe
  2⤵
  PID:1524
- C:\Windows\System\DwirAKN.exe
  C:\Windows\System\DwirAKN.exe
  2⤵
  PID:1604
- C:\Windows\System\dlauAIN.exe
  C:\Windows\System\dlauAIN.exe
  2⤵
  PID:2832
- C:\Windows\System\pDspMOx.exe
  C:\Windows\System\pDspMOx.exe
  2⤵
  PID:1620
- C:\Windows\System\xnliWwr.exe
  C:\Windows\System\xnliWwr.exe
  2⤵
  PID:1180
- C:\Windows\System\pnzWVdk.exe
  C:\Windows\System\pnzWVdk.exe
  2⤵
  PID:584
- C:\Windows\System\VqmMdUF.exe
  C:\Windows\System\VqmMdUF.exe
  2⤵
  PID:2000
- C:\Windows\System\SCYvYYJ.exe
  C:\Windows\System\SCYvYYJ.exe
  2⤵
  PID:2076
- C:\Windows\System\FSIALiJ.exe
  C:\Windows\System\FSIALiJ.exe
  2⤵
  PID:348
- C:\Windows\System\rbwXQjT.exe
  C:\Windows\System\rbwXQjT.exe
  2⤵
  PID:3012
- C:\Windows\System\muvjFzE.exe
  C:\Windows\System\muvjFzE.exe
  2⤵
  PID:3136
- C:\Windows\System\GyeKdTx.exe
  C:\Windows\System\GyeKdTx.exe
  2⤵
  PID:3180
- C:\Windows\System\nNlfWmp.exe
  C:\Windows\System\nNlfWmp.exe
  2⤵
  PID:3216
- C:\Windows\System\mVutptu.exe
  C:\Windows\System\mVutptu.exe
  2⤵
  PID:3260
- C:\Windows\System\IlymdbJ.exe
  C:\Windows\System\IlymdbJ.exe
  2⤵
  PID:3348
- C:\Windows\System\pnNGHSZ.exe
  C:\Windows\System\pnNGHSZ.exe
  2⤵
  PID:3080
- C:\Windows\System\KhgPMKz.exe
  C:\Windows\System\KhgPMKz.exe
  2⤵
  PID:3116
- C:\Windows\System\NvpAfOQ.exe
  C:\Windows\System\NvpAfOQ.exe
  2⤵
  PID:3388
- C:\Windows\System\HhDpERJ.exe
  C:\Windows\System\HhDpERJ.exe
  2⤵
  PID:3452
- C:\Windows\System\jmURrdq.exe
  C:\Windows\System\jmURrdq.exe
  2⤵
  PID:3532
- C:\Windows\System\Zzibmzy.exe
  C:\Windows\System\Zzibmzy.exe
  2⤵
  PID:3276
- C:\Windows\System\rjWtkee.exe
  C:\Windows\System\rjWtkee.exe
  2⤵
  PID:3564
- C:\Windows\System\vPiujol.exe
  C:\Windows\System\vPiujol.exe
  2⤵
  PID:3436
- C:\Windows\System\sMCQWuD.exe
  C:\Windows\System\sMCQWuD.exe
  2⤵
  PID:3588
- C:\Windows\System\voxczzc.exe
  C:\Windows\System\voxczzc.exe
  2⤵
  PID:3620
- C:\Windows\System\puOrfpC.exe
  C:\Windows\System\puOrfpC.exe
  2⤵
  PID:3544
- C:\Windows\System\HiSsfMH.exe
  C:\Windows\System\HiSsfMH.exe
  2⤵
  PID:3440
- C:\Windows\System\wfPILyQ.exe
  C:\Windows\System\wfPILyQ.exe
  2⤵
  PID:3740
- C:\Windows\System\CwxCbLd.exe
  C:\Windows\System\CwxCbLd.exe
  2⤵
  PID:3668
- C:\Windows\System\GnwxYsJ.exe
  C:\Windows\System\GnwxYsJ.exe
  2⤵
  PID:3728
- C:\Windows\System\TqdsQHI.exe
  C:\Windows\System\TqdsQHI.exe
  2⤵
  PID:3684
- C:\Windows\System\FyCuBRa.exe
  C:\Windows\System\FyCuBRa.exe
  2⤵
  PID:3788
- C:\Windows\System\LWgTokd.exe
  C:\Windows\System\LWgTokd.exe
  2⤵
  PID:3768
- C:\Windows\System\KEjtPkQ.exe
  C:\Windows\System\KEjtPkQ.exe
  2⤵
  PID:3848
- C:\Windows\System\CrhYQss.exe
  C:\Windows\System\CrhYQss.exe
  2⤵
  PID:3852
- C:\Windows\System\PtlrUZg.exe
  C:\Windows\System\PtlrUZg.exe
  2⤵
  PID:3896
- C:\Windows\System\EVuNKgT.exe
  C:\Windows\System\EVuNKgT.exe
  2⤵
  PID:3948
- C:\Windows\System\lmgdhIH.exe
  C:\Windows\System\lmgdhIH.exe
  2⤵
  PID:3988
- C:\Windows\System\GHrdjOD.exe
  C:\Windows\System\GHrdjOD.exe
  2⤵
  PID:4008
- C:\Windows\System\BwmOcbq.exe
  C:\Windows\System\BwmOcbq.exe
  2⤵
  PID:4032
- C:\Windows\System\uInZbYP.exe
  C:\Windows\System\uInZbYP.exe
  2⤵
  PID:4068
- C:\Windows\System\OPCkfoj.exe
  C:\Windows\System\OPCkfoj.exe
  2⤵
  PID:284
- C:\Windows\System\AAhqGKK.exe
  C:\Windows\System\AAhqGKK.exe
  2⤵
  PID:1612
- C:\Windows\System\xbojKtX.exe
  C:\Windows\System\xbojKtX.exe
  2⤵
  PID:1648
- C:\Windows\System\JpnhYGC.exe
  C:\Windows\System\JpnhYGC.exe
  2⤵
  PID:2312
- C:\Windows\System\rkznzNb.exe
  C:\Windows\System\rkznzNb.exe
  2⤵
  PID:2188
- C:\Windows\System\qCjxWJu.exe
  C:\Windows\System\qCjxWJu.exe
  2⤵
  PID:3172
- C:\Windows\System\fXIcyiw.exe
  C:\Windows\System\fXIcyiw.exe
  2⤵
  PID:3264
- C:\Windows\System\ufhQelt.exe
  C:\Windows\System\ufhQelt.exe
  2⤵
  PID:3176
- C:\Windows\System\FbKnmVQ.exe
  C:\Windows\System\FbKnmVQ.exe
  2⤵
  PID:3196
- C:\Windows\System\lCWmceo.exe
  C:\Windows\System\lCWmceo.exe
  2⤵
  PID:3340
- C:\Windows\System\IXAwYbw.exe
  C:\Windows\System\IXAwYbw.exe
  2⤵
  PID:3200
- C:\Windows\System\ZGarxFt.exe
  C:\Windows\System\ZGarxFt.exe
  2⤵
  PID:3420
- C:\Windows\System\QvxsbPK.exe
  C:\Windows\System\QvxsbPK.exe
  2⤵
  PID:3508
- C:\Windows\System\iwNRyHv.exe
  C:\Windows\System\iwNRyHv.exe
  2⤵
  PID:3604
- C:\Windows\System\ZvYszca.exe
  C:\Windows\System\ZvYszca.exe
  2⤵
  PID:3548
- C:\Windows\System\DndsgPK.exe
  C:\Windows\System\DndsgPK.exe
  2⤵
  PID:3636
- C:\Windows\System\BpMfGpG.exe
  C:\Windows\System\BpMfGpG.exe
  2⤵
  PID:3400
- C:\Windows\System\epQpjSB.exe
  C:\Windows\System\epQpjSB.exe
  2⤵
  PID:3660
- C:\Windows\System\hJQTJCt.exe
  C:\Windows\System\hJQTJCt.exe
  2⤵
  PID:3784
- C:\Windows\System\IeJqeSQ.exe
  C:\Windows\System\IeJqeSQ.exe
  2⤵
  PID:3828
- C:\Windows\System\PHlFYzT.exe
  C:\Windows\System\PHlFYzT.exe
  2⤵
  PID:3876
- C:\Windows\System\uWTkHKv.exe
  C:\Windows\System\uWTkHKv.exe
  2⤵
  PID:3984
- C:\Windows\System\OCQleCr.exe
  C:\Windows\System\OCQleCr.exe
  2⤵
  PID:4036
- C:\Windows\System\XLCmvEY.exe
  C:\Windows\System\XLCmvEY.exe
  2⤵
  PID:4092
- C:\Windows\System\UhxdrpN.exe
  C:\Windows\System\UhxdrpN.exe
  2⤵
  PID:4052
- C:\Windows\System\BbfJyGe.exe
  C:\Windows\System\BbfJyGe.exe
  2⤵
  PID:1588
- C:\Windows\System\fwUJZnp.exe
  C:\Windows\System\fwUJZnp.exe
  2⤵
  PID:2644
- C:\Windows\System\VGCXZta.exe
  C:\Windows\System\VGCXZta.exe
  2⤵
  PID:2544
- C:\Windows\System\ZDtMJBG.exe
  C:\Windows\System\ZDtMJBG.exe
  2⤵
  PID:800
- C:\Windows\System\fEEiKFA.exe
  C:\Windows\System\fEEiKFA.exe
  2⤵
  PID:3104
- C:\Windows\System\TeNhVmh.exe
  C:\Windows\System\TeNhVmh.exe
  2⤵
  PID:3160
- C:\Windows\System\WVZqbZD.exe
  C:\Windows\System\WVZqbZD.exe
  2⤵
  PID:3324
- C:\Windows\System\xdFoWFt.exe
  C:\Windows\System\xdFoWFt.exe
  2⤵
  PID:3232
- C:\Windows\System\rnuvvOz.exe
  C:\Windows\System\rnuvvOz.exe
  2⤵
  PID:3708
- C:\Windows\System\kcgozyX.exe
  C:\Windows\System\kcgozyX.exe
  2⤵
  PID:3476
- C:\Windows\System\vOaoaiw.exe
  C:\Windows\System\vOaoaiw.exe
  2⤵
  PID:3724
- C:\Windows\System\ZGKYfXm.exe
  C:\Windows\System\ZGKYfXm.exe
  2⤵
  PID:3868
- C:\Windows\System\kVRfjQN.exe
  C:\Windows\System\kVRfjQN.exe
  2⤵
  PID:3888
- C:\Windows\System\nTbqooz.exe
  C:\Windows\System\nTbqooz.exe
  2⤵
  PID:2572
- C:\Windows\System\EQdiAON.exe
  C:\Windows\System\EQdiAON.exe
  2⤵
  PID:4076
- C:\Windows\System\aqiFruK.exe
  C:\Windows\System\aqiFruK.exe
  2⤵
  PID:2240
- C:\Windows\System\LVmifrk.exe
  C:\Windows\System\LVmifrk.exe
  2⤵
  PID:608
- C:\Windows\System\JjFlgnD.exe
  C:\Windows\System\JjFlgnD.exe
  2⤵
  PID:4116
- C:\Windows\System\lTsZRoW.exe
  C:\Windows\System\lTsZRoW.exe
  2⤵
  PID:4140
- C:\Windows\System\nXhboEh.exe
  C:\Windows\System\nXhboEh.exe
  2⤵
  PID:4160
- C:\Windows\System\onYqQKR.exe
  C:\Windows\System\onYqQKR.exe
  2⤵
  PID:4176
- C:\Windows\System\Tkezvjj.exe
  C:\Windows\System\Tkezvjj.exe
  2⤵
  PID:4200
- C:\Windows\System\VvYmxMs.exe
  C:\Windows\System\VvYmxMs.exe
  2⤵
  PID:4216
- C:\Windows\System\sjCzXgj.exe
  C:\Windows\System\sjCzXgj.exe
  2⤵
  PID:4240
- C:\Windows\System\wlVeNeQ.exe
  C:\Windows\System\wlVeNeQ.exe
  2⤵
  PID:4256
- C:\Windows\System\wdhJKin.exe
  C:\Windows\System\wdhJKin.exe
  2⤵
  PID:4276
- C:\Windows\System\bPoVUzq.exe
  C:\Windows\System\bPoVUzq.exe
  2⤵
  PID:4300
- C:\Windows\System\PsKITpA.exe
  C:\Windows\System\PsKITpA.exe
  2⤵
  PID:4316
- C:\Windows\System\BjfuMoc.exe
  C:\Windows\System\BjfuMoc.exe
  2⤵
  PID:4332
- C:\Windows\System\FVQdchL.exe
  C:\Windows\System\FVQdchL.exe
  2⤵
  PID:4360
- C:\Windows\System\SjczLFr.exe
  C:\Windows\System\SjczLFr.exe
  2⤵
  PID:4380
- C:\Windows\System\GfQmeGn.exe
  C:\Windows\System\GfQmeGn.exe
  2⤵
  PID:4400
- C:\Windows\System\ZrTJSdj.exe
  C:\Windows\System\ZrTJSdj.exe
  2⤵
  PID:4416
- C:\Windows\System\YPRwssB.exe
  C:\Windows\System\YPRwssB.exe
  2⤵
  PID:4440
- C:\Windows\System\xsPHCOy.exe
  C:\Windows\System\xsPHCOy.exe
  2⤵
  PID:4460
- C:\Windows\System\HznRMCq.exe
  C:\Windows\System\HznRMCq.exe
  2⤵
  PID:4480
- C:\Windows\System\xoYvZDf.exe
  C:\Windows\System\xoYvZDf.exe
  2⤵
  PID:4496
- C:\Windows\System\NaUXqkw.exe
  C:\Windows\System\NaUXqkw.exe
  2⤵
  PID:4520
- C:\Windows\System\CevyEjN.exe
  C:\Windows\System\CevyEjN.exe
  2⤵
  PID:4540
- C:\Windows\System\JwOyDOB.exe
  C:\Windows\System\JwOyDOB.exe
  2⤵
  PID:4560
- C:\Windows\System\ypAjyOm.exe
  C:\Windows\System\ypAjyOm.exe
  2⤵
  PID:4576
- C:\Windows\System\XJttahR.exe
  C:\Windows\System\XJttahR.exe
  2⤵
  PID:4600
- C:\Windows\System\kvWgEZI.exe
  C:\Windows\System\kvWgEZI.exe
  2⤵
  PID:4620
- C:\Windows\System\TLiRqfz.exe
  C:\Windows\System\TLiRqfz.exe
  2⤵
  PID:4640
- C:\Windows\System\xTODDwE.exe
  C:\Windows\System\xTODDwE.exe
  2⤵
  PID:4660
- C:\Windows\System\zmyAeli.exe
  C:\Windows\System\zmyAeli.exe
  2⤵
  PID:4680
- C:\Windows\System\mDnUhjh.exe
  C:\Windows\System\mDnUhjh.exe
  2⤵
  PID:4696
- C:\Windows\System\OoBirkk.exe
  C:\Windows\System\OoBirkk.exe
  2⤵
  PID:4720
- C:\Windows\System\UIyKDUO.exe
  C:\Windows\System\UIyKDUO.exe
  2⤵
  PID:4736
- C:\Windows\System\pYWiBwM.exe
  C:\Windows\System\pYWiBwM.exe
  2⤵
  PID:4752
- C:\Windows\System\OncumTG.exe
  C:\Windows\System\OncumTG.exe
  2⤵
  PID:4780
- C:\Windows\System\DjVnnDc.exe
  C:\Windows\System\DjVnnDc.exe
  2⤵
  PID:4796
- C:\Windows\System\sfzNJBz.exe
  C:\Windows\System\sfzNJBz.exe
  2⤵
  PID:4812
- C:\Windows\System\ExuaIXI.exe
  C:\Windows\System\ExuaIXI.exe
  2⤵
  PID:4836
- C:\Windows\System\FSHOgFT.exe
  C:\Windows\System\FSHOgFT.exe
  2⤵
  PID:4860
- C:\Windows\System\uBQUIRk.exe
  C:\Windows\System\uBQUIRk.exe
  2⤵
  PID:4876
- C:\Windows\System\UAnzPxL.exe
  C:\Windows\System\UAnzPxL.exe
  2⤵
  PID:4900
- C:\Windows\System\SJNUFfY.exe
  C:\Windows\System\SJNUFfY.exe
  2⤵
  PID:4920
- C:\Windows\System\AqOAMpA.exe
  C:\Windows\System\AqOAMpA.exe
  2⤵
  PID:4936
- C:\Windows\System\cafshvi.exe
  C:\Windows\System\cafshvi.exe
  2⤵
  PID:4956
- C:\Windows\System\yBOACFw.exe
  C:\Windows\System\yBOACFw.exe
  2⤵
  PID:4980
- C:\Windows\System\wRNQYoF.exe
  C:\Windows\System\wRNQYoF.exe
  2⤵
  PID:4996
- C:\Windows\System\ZdzkeOw.exe
  C:\Windows\System\ZdzkeOw.exe
  2⤵
  PID:5016
- C:\Windows\System\YCUcGHW.exe
  C:\Windows\System\YCUcGHW.exe
  2⤵
  PID:5040
- C:\Windows\System\ThDpJqc.exe
  C:\Windows\System\ThDpJqc.exe
  2⤵
  PID:5056
- C:\Windows\System\SLRwRAE.exe
  C:\Windows\System\SLRwRAE.exe
  2⤵
  PID:5076
- C:\Windows\System\QmvSoxr.exe
  C:\Windows\System\QmvSoxr.exe
  2⤵
  PID:5096
- C:\Windows\System\pdcNbND.exe
  C:\Windows\System\pdcNbND.exe
  2⤵
  PID:5116
- C:\Windows\System\GnUndKn.exe
  C:\Windows\System\GnUndKn.exe
  2⤵
  PID:3460
- C:\Windows\System\XXIBsuO.exe
  C:\Windows\System\XXIBsuO.exe
  2⤵
  PID:3752
- C:\Windows\System\zGfXyMg.exe
  C:\Windows\System\zGfXyMg.exe
  2⤵
  PID:3516
- C:\Windows\System\uaBGhEE.exe
  C:\Windows\System\uaBGhEE.exe
  2⤵
  PID:3844
- C:\Windows\System\rJAZaWL.exe
  C:\Windows\System\rJAZaWL.exe
  2⤵
  PID:3944
- C:\Windows\System\ypLiMeN.exe
  C:\Windows\System\ypLiMeN.exe
  2⤵
  PID:3972
- C:\Windows\System\debiTDh.exe
  C:\Windows\System\debiTDh.exe
  2⤵
  PID:2848
- C:\Windows\System\SkMlDVy.exe
  C:\Windows\System\SkMlDVy.exe
  2⤵
  PID:4104
- C:\Windows\System\dvlWuVR.exe
  C:\Windows\System\dvlWuVR.exe
  2⤵
  PID:4156
- C:\Windows\System\sCBvrFm.exe
  C:\Windows\System\sCBvrFm.exe
  2⤵
  PID:4184
- C:\Windows\System\uqjPvnn.exe
  C:\Windows\System\uqjPvnn.exe
  2⤵
  PID:4224
- C:\Windows\System\fhXKIMG.exe
  C:\Windows\System\fhXKIMG.exe
  2⤵
  PID:4228
- C:\Windows\System\hNUAbgN.exe
  C:\Windows\System\hNUAbgN.exe
  2⤵
  PID:4268
- C:\Windows\System\oZwRFuF.exe
  C:\Windows\System\oZwRFuF.exe
  2⤵
  PID:4296
- C:\Windows\System\UcqlUKo.exe
  C:\Windows\System\UcqlUKo.exe
  2⤵
  PID:4344
- C:\Windows\System\oMaMbaZ.exe
  C:\Windows\System\oMaMbaZ.exe
  2⤵
  PID:4388
- C:\Windows\System\GhkSEsF.exe
  C:\Windows\System\GhkSEsF.exe
  2⤵
  PID:4424
- C:\Windows\System\yRCXsxk.exe
  C:\Windows\System\yRCXsxk.exe
  2⤵
  PID:4412
- C:\Windows\System\DFZEyrF.exe
  C:\Windows\System\DFZEyrF.exe
  2⤵
  PID:4456
- C:\Windows\System\bwpVExx.exe
  C:\Windows\System\bwpVExx.exe
  2⤵
  PID:4508
- C:\Windows\System\HjFMUqG.exe
  C:\Windows\System\HjFMUqG.exe
  2⤵
  PID:4552
- C:\Windows\System\esNdKvd.exe
  C:\Windows\System\esNdKvd.exe
  2⤵
  PID:4588
- C:\Windows\System\GhPqCNa.exe
  C:\Windows\System\GhPqCNa.exe
  2⤵
  PID:4608
- C:\Windows\System\QbPqBen.exe
  C:\Windows\System\QbPqBen.exe
  2⤵
  PID:4616
- C:\Windows\System\IXXTqtE.exe
  C:\Windows\System\IXXTqtE.exe
  2⤵
  PID:4652
- C:\Windows\System\wQZmlHu.exe
  C:\Windows\System\wQZmlHu.exe
  2⤵
  PID:4712
- C:\Windows\System\vqqywpF.exe
  C:\Windows\System\vqqywpF.exe
  2⤵
  PID:4732
- C:\Windows\System\VidkWbz.exe
  C:\Windows\System\VidkWbz.exe
  2⤵
  PID:4820
- C:\Windows\System\qPpfVRA.exe
  C:\Windows\System\qPpfVRA.exe
  2⤵
  PID:4772
- C:\Windows\System\NXMVrXW.exe
  C:\Windows\System\NXMVrXW.exe
  2⤵
  PID:4844
- C:\Windows\System\uXnWQaD.exe
  C:\Windows\System\uXnWQaD.exe
  2⤵
  PID:4852
- C:\Windows\System\OKzPSsp.exe
  C:\Windows\System\OKzPSsp.exe
  2⤵
  PID:4952
- C:\Windows\System\IeaLmox.exe
  C:\Windows\System\IeaLmox.exe
  2⤵
  PID:4948
- C:\Windows\System\cxqJtng.exe
  C:\Windows\System\cxqJtng.exe
  2⤵
  PID:5032
- C:\Windows\System\YesnhSC.exe
  C:\Windows\System\YesnhSC.exe
  2⤵
  PID:4968
- C:\Windows\System\TqChIfN.exe
  C:\Windows\System\TqChIfN.exe
  2⤵
  PID:5012
- C:\Windows\System\zWiVzXD.exe
  C:\Windows\System\zWiVzXD.exe
  2⤵
  PID:5068
- C:\Windows\System\GJrKcia.exe
  C:\Windows\System\GJrKcia.exe
  2⤵
  PID:2788
- C:\Windows\System\KWBtaGw.exe
  C:\Windows\System\KWBtaGw.exe
  2⤵
  PID:5088
- C:\Windows\System\shneExP.exe
  C:\Windows\System\shneExP.exe
  2⤵
  PID:3472
- C:\Windows\System\IuMwaXO.exe
  C:\Windows\System\IuMwaXO.exe
  2⤵
  PID:3932
- C:\Windows\System\RioSeHz.exe
  C:\Windows\System\RioSeHz.exe
  2⤵
  PID:4028
- C:\Windows\System\XZyLTts.exe
  C:\Windows\System\XZyLTts.exe
  2⤵
  PID:3676
- C:\Windows\System\NFoqTln.exe
  C:\Windows\System\NFoqTln.exe
  2⤵
  PID:4132
- C:\Windows\System\WzafMUp.exe
  C:\Windows\System\WzafMUp.exe
  2⤵
  PID:4212
- C:\Windows\System\PguOYNv.exe
  C:\Windows\System\PguOYNv.exe
  2⤵
  PID:4252
- C:\Windows\System\CXRuvXd.exe
  C:\Windows\System\CXRuvXd.exe
  2⤵
  PID:4340
- C:\Windows\System\KyapNrA.exe
  C:\Windows\System\KyapNrA.exe
  2⤵
  PID:4368
- C:\Windows\System\KhOgdjb.exe
  C:\Windows\System\KhOgdjb.exe
  2⤵
  PID:4408
- C:\Windows\System\xIQIKxg.exe
  C:\Windows\System\xIQIKxg.exe
  2⤵
  PID:4504
- C:\Windows\System\Dengqwj.exe
  C:\Windows\System\Dengqwj.exe
  2⤵
  PID:4556
- C:\Windows\System\imHOzPb.exe
  C:\Windows\System\imHOzPb.exe
  2⤵
  PID:4636
- C:\Windows\System\hymCYKi.exe
  C:\Windows\System\hymCYKi.exe
  2⤵
  PID:4704
- C:\Windows\System\UMgsnMG.exe
  C:\Windows\System\UMgsnMG.exe
  2⤵
  PID:4688
- C:\Windows\System\CHunGzD.exe
  C:\Windows\System\CHunGzD.exe
  2⤵
  PID:4744
- C:\Windows\System\epqKswE.exe
  C:\Windows\System\epqKswE.exe
  2⤵
  PID:4764
- C:\Windows\System\wGKjMsa.exe
  C:\Windows\System\wGKjMsa.exe
  2⤵
  PID:4944
- C:\Windows\System\gIGVbXN.exe
  C:\Windows\System\gIGVbXN.exe
  2⤵
  PID:4988
- C:\Windows\System\oVqsaBD.exe
  C:\Windows\System\oVqsaBD.exe
  2⤵
  PID:5028
- C:\Windows\System\SredWax.exe
  C:\Windows\System\SredWax.exe
  2⤵
  PID:4964
- C:\Windows\System\zgfaoYA.exe
  C:\Windows\System\zgfaoYA.exe
  2⤵
  PID:5048
- C:\Windows\System\uzgvnhz.exe
  C:\Windows\System\uzgvnhz.exe
  2⤵
  PID:3084
- C:\Windows\System\OtjpjWJ.exe
  C:\Windows\System\OtjpjWJ.exe
  2⤵
  PID:3720
- C:\Windows\System\iRiZBZw.exe
  C:\Windows\System\iRiZBZw.exe
  2⤵
  PID:1864
- C:\Windows\System\WFivEIa.exe
  C:\Windows\System\WFivEIa.exe
  2⤵
  PID:4136
- C:\Windows\System\JEsGrco.exe
  C:\Windows\System\JEsGrco.exe
  2⤵
  PID:4188
- C:\Windows\System\BOjPkrd.exe
  C:\Windows\System\BOjPkrd.exe
  2⤵
  PID:4308
- C:\Windows\System\BYFSsqt.exe
  C:\Windows\System\BYFSsqt.exe
  2⤵
  PID:5132
- C:\Windows\System\hSWjJNe.exe
  C:\Windows\System\hSWjJNe.exe
  2⤵
  PID:5152
- C:\Windows\System\xksWYju.exe
  C:\Windows\System\xksWYju.exe
  2⤵
  PID:5172
- C:\Windows\System\ffIlYHz.exe
  C:\Windows\System\ffIlYHz.exe
  2⤵
  PID:5192
- C:\Windows\System\ftsWuTR.exe
  C:\Windows\System\ftsWuTR.exe
  2⤵
  PID:5212
- C:\Windows\System\mbfhRaY.exe
  C:\Windows\System\mbfhRaY.exe
  2⤵
  PID:5232
- C:\Windows\System\IOXthQT.exe
  C:\Windows\System\IOXthQT.exe
  2⤵
  PID:5252
- C:\Windows\System\FdDPIXM.exe
  C:\Windows\System\FdDPIXM.exe
  2⤵
  PID:5272
- C:\Windows\System\lwvhxgn.exe
  C:\Windows\System\lwvhxgn.exe
  2⤵
  PID:5292
- C:\Windows\System\fJJrITD.exe
  C:\Windows\System\fJJrITD.exe
  2⤵
  PID:5312
- C:\Windows\System\ElQfMlx.exe
  C:\Windows\System\ElQfMlx.exe
  2⤵
  PID:5332
- C:\Windows\System\BAPmwTw.exe
  C:\Windows\System\BAPmwTw.exe
  2⤵
  PID:5352
- C:\Windows\System\lAxEpIX.exe
  C:\Windows\System\lAxEpIX.exe
  2⤵
  PID:5372
- C:\Windows\System\ddSJSPd.exe
  C:\Windows\System\ddSJSPd.exe
  2⤵
  PID:5392
- C:\Windows\System\nmJYOuT.exe
  C:\Windows\System\nmJYOuT.exe
  2⤵
  PID:5412
- C:\Windows\System\WFkptZJ.exe
  C:\Windows\System\WFkptZJ.exe
  2⤵
  PID:5432
- C:\Windows\System\DZAwect.exe
  C:\Windows\System\DZAwect.exe
  2⤵
  PID:5452
- C:\Windows\System\tFogbcO.exe
  C:\Windows\System\tFogbcO.exe
  2⤵
  PID:5472
- C:\Windows\System\UVKASBP.exe
  C:\Windows\System\UVKASBP.exe
  2⤵
  PID:5492
- C:\Windows\System\AgpfhSn.exe
  C:\Windows\System\AgpfhSn.exe
  2⤵
  PID:5516
- C:\Windows\System\mgpweHy.exe
  C:\Windows\System\mgpweHy.exe
  2⤵
  PID:5536
- C:\Windows\System\whoMLmP.exe
  C:\Windows\System\whoMLmP.exe
  2⤵
  PID:5556
- C:\Windows\System\hKKrWrG.exe
  C:\Windows\System\hKKrWrG.exe
  2⤵
  PID:5576
- C:\Windows\System\wHGxAlW.exe
  C:\Windows\System\wHGxAlW.exe
  2⤵
  PID:5596
- C:\Windows\System\qhNLWCI.exe
  C:\Windows\System\qhNLWCI.exe
  2⤵
  PID:5616
- C:\Windows\System\mDPDtez.exe
  C:\Windows\System\mDPDtez.exe
  2⤵
  PID:5636
- C:\Windows\System\HJfNYOr.exe
  C:\Windows\System\HJfNYOr.exe
  2⤵
  PID:5656
- C:\Windows\System\FrryCVe.exe
  C:\Windows\System\FrryCVe.exe
  2⤵
  PID:5676
- C:\Windows\System\yTphDDL.exe
  C:\Windows\System\yTphDDL.exe
  2⤵
  PID:5696
- C:\Windows\System\ITbXexI.exe
  C:\Windows\System\ITbXexI.exe
  2⤵
  PID:5716
- C:\Windows\System\mYHstJt.exe
  C:\Windows\System\mYHstJt.exe
  2⤵
  PID:5736
- C:\Windows\System\iRnzcCX.exe
  C:\Windows\System\iRnzcCX.exe
  2⤵
  PID:5756
- C:\Windows\System\souBalX.exe
  C:\Windows\System\souBalX.exe
  2⤵
  PID:5776
- C:\Windows\System\vUEYRHa.exe
  C:\Windows\System\vUEYRHa.exe
  2⤵
  PID:5796
- C:\Windows\System\NvziNKf.exe
  C:\Windows\System\NvziNKf.exe
  2⤵
  PID:5816
- C:\Windows\System\bpHODBl.exe
  C:\Windows\System\bpHODBl.exe
  2⤵
  PID:5832
- C:\Windows\System\xACipzS.exe
  C:\Windows\System\xACipzS.exe
  2⤵
  PID:5856
- C:\Windows\System\czigEGr.exe
  C:\Windows\System\czigEGr.exe
  2⤵
  PID:5876
- C:\Windows\System\aSmFUTk.exe
  C:\Windows\System\aSmFUTk.exe
  2⤵
  PID:5896
- C:\Windows\System\kartYsT.exe
  C:\Windows\System\kartYsT.exe
  2⤵
  PID:5916
- C:\Windows\System\XqeDJIn.exe
  C:\Windows\System\XqeDJIn.exe
  2⤵
  PID:5936
- C:\Windows\System\zFupVZK.exe
  C:\Windows\System\zFupVZK.exe
  2⤵
  PID:5956
- C:\Windows\System\JBnWvqB.exe
  C:\Windows\System\JBnWvqB.exe
  2⤵
  PID:5976
- C:\Windows\System\xviQCZB.exe
  C:\Windows\System\xviQCZB.exe
  2⤵
  PID:5996
- C:\Windows\System\lOKnGwx.exe
  C:\Windows\System\lOKnGwx.exe
  2⤵
  PID:6016
- C:\Windows\System\WIabJeC.exe
  C:\Windows\System\WIabJeC.exe
  2⤵
  PID:6036
- C:\Windows\System\inBMlBm.exe
  C:\Windows\System\inBMlBm.exe
  2⤵
  PID:6056
- C:\Windows\System\iaYIfGq.exe
  C:\Windows\System\iaYIfGq.exe
  2⤵
  PID:6076
- C:\Windows\System\cPKVjXA.exe
  C:\Windows\System\cPKVjXA.exe
  2⤵
  PID:6096
- C:\Windows\System\sZVqSBe.exe
  C:\Windows\System\sZVqSBe.exe
  2⤵
  PID:6116
- C:\Windows\System\mosTgJA.exe
  C:\Windows\System\mosTgJA.exe
  2⤵
  PID:6136
- C:\Windows\System\fEfuJau.exe
  C:\Windows\System\fEfuJau.exe
  2⤵
  PID:4488
- C:\Windows\System\IhvTLev.exe
  C:\Windows\System\IhvTLev.exe
  2⤵
  PID:4512
- C:\Windows\System\hsJhNrb.exe
  C:\Windows\System\hsJhNrb.exe
  2⤵
  PID:4572
- C:\Windows\System\DnLrKsy.exe
  C:\Windows\System\DnLrKsy.exe
  2⤵
  PID:4832
- C:\Windows\System\zDOUqfa.exe
  C:\Windows\System\zDOUqfa.exe
  2⤵
  PID:4804
- C:\Windows\System\jMgOfQd.exe
  C:\Windows\System\jMgOfQd.exe
  2⤵
  PID:4872
- C:\Windows\System\XOyAoFV.exe
  C:\Windows\System\XOyAoFV.exe
  2⤵
  PID:4928
- C:\Windows\System\COFMoKu.exe
  C:\Windows\System\COFMoKu.exe
  2⤵
  PID:5108
- C:\Windows\System\OdnukKA.exe
  C:\Windows\System\OdnukKA.exe
  2⤵
  PID:4148
- C:\Windows\System\osgUMlQ.exe
  C:\Windows\System\osgUMlQ.exe
  2⤵
  PID:3252
- C:\Windows\System\ettyhNw.exe
  C:\Windows\System\ettyhNw.exe
  2⤵
  PID:4348
- C:\Windows\System\OgHoHhY.exe
  C:\Windows\System\OgHoHhY.exe
  2⤵
  PID:5124
- C:\Windows\System\vEVOQum.exe
  C:\Windows\System\vEVOQum.exe
  2⤵
  PID:5168
- C:\Windows\System\HSpictj.exe
  C:\Windows\System\HSpictj.exe
  2⤵
  PID:5200
- C:\Windows\System\uIMXVee.exe
  C:\Windows\System\uIMXVee.exe
  2⤵
  PID:5240
- C:\Windows\System\xtTezzO.exe
  C:\Windows\System\xtTezzO.exe
  2⤵
  PID:5280
- C:\Windows\System\iIoJzBA.exe
  C:\Windows\System\iIoJzBA.exe
  2⤵
  PID:5300
- C:\Windows\System\YMdicFo.exe
  C:\Windows\System\YMdicFo.exe
  2⤵
  PID:5324
- C:\Windows\System\EeqfSjX.exe
  C:\Windows\System\EeqfSjX.exe
  2⤵
  PID:5364
- C:\Windows\System\PyUptFa.exe
  C:\Windows\System\PyUptFa.exe
  2⤵
  PID:5408
- C:\Windows\System\pjBPwAl.exe
  C:\Windows\System\pjBPwAl.exe
  2⤵
  PID:5428
- C:\Windows\System\HHnpDee.exe
  C:\Windows\System\HHnpDee.exe
  2⤵
  PID:5484
- C:\Windows\System\vSvMRof.exe
  C:\Windows\System\vSvMRof.exe
  2⤵
  PID:5524
- C:\Windows\System\QQysFEe.exe
  C:\Windows\System\QQysFEe.exe
  2⤵
  PID:5564
- C:\Windows\System\VhckcDF.exe
  C:\Windows\System\VhckcDF.exe
  2⤵
  PID:5568
- C:\Windows\System\vKtrReZ.exe
  C:\Windows\System\vKtrReZ.exe
  2⤵
  PID:5588
- C:\Windows\System\QUWzedE.exe
  C:\Windows\System\QUWzedE.exe
  2⤵
  PID:5648
- C:\Windows\System\qnsmlRc.exe
  C:\Windows\System\qnsmlRc.exe
  2⤵
  PID:5672
- C:\Windows\System\pfsxnLU.exe
  C:\Windows\System\pfsxnLU.exe
  2⤵
  PID:5724
- C:\Windows\System\LiXYARL.exe
  C:\Windows\System\LiXYARL.exe
  2⤵
  PID:5732
- C:\Windows\System\mkCdcBj.exe
  C:\Windows\System\mkCdcBj.exe
  2⤵
  PID:5752
- C:\Windows\System\aVRvIGA.exe
  C:\Windows\System\aVRvIGA.exe
  2⤵
  PID:5812
- C:\Windows\System\JbnxAAt.exe
  C:\Windows\System\JbnxAAt.exe
  2⤵
  PID:5848
- C:\Windows\System\lLIpOYk.exe
  C:\Windows\System\lLIpOYk.exe
  2⤵
  PID:5864
- C:\Windows\System\ctPLLfu.exe
  C:\Windows\System\ctPLLfu.exe
  2⤵
  PID:5888
- C:\Windows\System\NmSWkOs.exe
  C:\Windows\System\NmSWkOs.exe
  2⤵
  PID:5928
- C:\Windows\System\SOzCjCH.exe
  C:\Windows\System\SOzCjCH.exe
  2⤵
  PID:5944
- C:\Windows\System\yMBHLis.exe
  C:\Windows\System\yMBHLis.exe
  2⤵
  PID:6012
- C:\Windows\System\hsAURdb.exe
  C:\Windows\System\hsAURdb.exe
  2⤵
  PID:6032
- C:\Windows\System\qhNIoNH.exe
  C:\Windows\System\qhNIoNH.exe
  2⤵
  PID:6072
- C:\Windows\System\SiTLklv.exe
  C:\Windows\System\SiTLklv.exe
  2⤵
  PID:6104
- C:\Windows\System\KfoGSxG.exe
  C:\Windows\System\KfoGSxG.exe
  2⤵
  PID:6128
- C:\Windows\System\ceVKEDC.exe
  C:\Windows\System\ceVKEDC.exe
  2⤵
  PID:4468
- C:\Windows\System\qOAxlkA.exe
  C:\Windows\System\qOAxlkA.exe
  2⤵
  PID:4668
- C:\Windows\System\ImsiaRf.exe
  C:\Windows\System\ImsiaRf.exe
  2⤵
  PID:4776
- C:\Windows\System\fWmGMWW.exe
  C:\Windows\System\fWmGMWW.exe
  2⤵
  PID:5072
- C:\Windows\System\VeaAHJz.exe
  C:\Windows\System\VeaAHJz.exe
  2⤵
  PID:3756
- C:\Windows\System\JTcZRyr.exe
  C:\Windows\System\JTcZRyr.exe
  2⤵
  PID:4196
- C:\Windows\System\mXdleKk.exe
  C:\Windows\System\mXdleKk.exe
  2⤵
  PID:5160
- C:\Windows\System\Hqyuspp.exe
  C:\Windows\System\Hqyuspp.exe
  2⤵
  PID:5224
- C:\Windows\System\wPnsklw.exe
  C:\Windows\System\wPnsklw.exe
  2⤵
  PID:5244
- C:\Windows\System\muXlVJs.exe
  C:\Windows\System\muXlVJs.exe
  2⤵
  PID:5304
- C:\Windows\System\ioeiDnS.exe
  C:\Windows\System\ioeiDnS.exe
  2⤵
  PID:5344
- C:\Windows\System\MvbajhZ.exe
  C:\Windows\System\MvbajhZ.exe
  2⤵
  PID:5440
- C:\Windows\System\erVcShN.exe
  C:\Windows\System\erVcShN.exe
  2⤵
  PID:5468
- C:\Windows\System\vpaNnrD.exe
  C:\Windows\System\vpaNnrD.exe
  2⤵
  PID:5552
- C:\Windows\System\SkDykRz.exe
  C:\Windows\System\SkDykRz.exe
  2⤵
  PID:5684
- C:\Windows\System\ldbAyUt.exe
  C:\Windows\System\ldbAyUt.exe
  2⤵
  PID:5712
- C:\Windows\System\NtRkfEh.exe
  C:\Windows\System\NtRkfEh.exe
  2⤵
  PID:5768
- C:\Windows\System\ExicsjR.exe
  C:\Windows\System\ExicsjR.exe
  2⤵
  PID:5784
- C:\Windows\System\aPvwyQm.exe
  C:\Windows\System\aPvwyQm.exe
  2⤵
  PID:5788
- C:\Windows\System\JEsiQBX.exe
  C:\Windows\System\JEsiQBX.exe
  2⤵
  PID:5884
- C:\Windows\System\eYHnArI.exe
  C:\Windows\System\eYHnArI.exe
  2⤵
  PID:5952
- C:\Windows\System\VLqVznh.exe
  C:\Windows\System\VLqVznh.exe
  2⤵
  PID:6044
- C:\Windows\System\DtCvJsk.exe
  C:\Windows\System\DtCvJsk.exe
  2⤵
  PID:6084
- C:\Windows\System\zrdgLng.exe
  C:\Windows\System\zrdgLng.exe
  2⤵
  PID:6124
- C:\Windows\System\UZcyUXY.exe
  C:\Windows\System\UZcyUXY.exe
  2⤵
  PID:4748
- C:\Windows\System\IKnSKYd.exe
  C:\Windows\System\IKnSKYd.exe
  2⤵
  PID:4912
- C:\Windows\System\YvUfIWE.exe
  C:\Windows\System\YvUfIWE.exe
  2⤵
  PID:3256
- C:\Windows\System\KNqlAgz.exe
  C:\Windows\System\KNqlAgz.exe
  2⤵
  PID:4292
- C:\Windows\System\pgdrRbQ.exe
  C:\Windows\System\pgdrRbQ.exe
  2⤵
  PID:5184
- C:\Windows\System\HzHZrrc.exe
  C:\Windows\System\HzHZrrc.exe
  2⤵
  PID:5380
- C:\Windows\System\dwXYwEa.exe
  C:\Windows\System\dwXYwEa.exe
  2⤵
  PID:5384
- C:\Windows\System\KExufqQ.exe
  C:\Windows\System\KExufqQ.exe
  2⤵
  PID:5532
- C:\Windows\System\XnKFpvu.exe
  C:\Windows\System\XnKFpvu.exe
  2⤵
  PID:5652
- C:\Windows\System\FxenXfq.exe
  C:\Windows\System\FxenXfq.exe
  2⤵
  PID:2376
- C:\Windows\System\iHsZvKe.exe
  C:\Windows\System\iHsZvKe.exe
  2⤵
  PID:6164
- C:\Windows\System\HIActvD.exe
  C:\Windows\System\HIActvD.exe
  2⤵
  PID:6184
- C:\Windows\System\RVFjuFj.exe
  C:\Windows\System\RVFjuFj.exe
  2⤵
  PID:6204
- C:\Windows\System\tIzlUjD.exe
  C:\Windows\System\tIzlUjD.exe
  2⤵
  PID:6224
- C:\Windows\System\lQbaFmp.exe
  C:\Windows\System\lQbaFmp.exe
  2⤵
  PID:6244
- C:\Windows\System\iEEFMzD.exe
  C:\Windows\System\iEEFMzD.exe
  2⤵
  PID:6264
- C:\Windows\System\PysAmcd.exe
  C:\Windows\System\PysAmcd.exe
  2⤵
  PID:6284
- C:\Windows\System\wWRZhsS.exe
  C:\Windows\System\wWRZhsS.exe
  2⤵
  PID:6304
- C:\Windows\System\BHUBDEV.exe
  C:\Windows\System\BHUBDEV.exe
  2⤵
  PID:6324
- C:\Windows\System\DmyOBSH.exe
  C:\Windows\System\DmyOBSH.exe
  2⤵
  PID:6344
- C:\Windows\System\OicFDPw.exe
  C:\Windows\System\OicFDPw.exe
  2⤵
  PID:6364
- C:\Windows\System\BgWdhXG.exe
  C:\Windows\System\BgWdhXG.exe
  2⤵
  PID:6380
- C:\Windows\System\chUHBIk.exe
  C:\Windows\System\chUHBIk.exe
  2⤵
  PID:6404
- C:\Windows\System\taTBsBL.exe
  C:\Windows\System\taTBsBL.exe
  2⤵
  PID:6424
- C:\Windows\System\sgDECAv.exe
  C:\Windows\System\sgDECAv.exe
  2⤵
  PID:6444
- C:\Windows\System\wbfeZWa.exe
  C:\Windows\System\wbfeZWa.exe
  2⤵
  PID:6464
- C:\Windows\System\ZEWZUqP.exe
  C:\Windows\System\ZEWZUqP.exe
  2⤵
  PID:6484
- C:\Windows\System\hLFQPsr.exe
  C:\Windows\System\hLFQPsr.exe
  2⤵
  PID:6504
- C:\Windows\System\RfovofC.exe
  C:\Windows\System\RfovofC.exe
  2⤵
  PID:6524
- C:\Windows\System\OmaoRje.exe
  C:\Windows\System\OmaoRje.exe
  2⤵
  PID:6544
- C:\Windows\System\siVhkla.exe
  C:\Windows\System\siVhkla.exe
  2⤵
  PID:6564
- C:\Windows\System\QpBsUNR.exe
  C:\Windows\System\QpBsUNR.exe
  2⤵
  PID:6584
- C:\Windows\System\tekCaNc.exe
  C:\Windows\System\tekCaNc.exe
  2⤵
  PID:6604
- C:\Windows\System\oxCRCGI.exe
  C:\Windows\System\oxCRCGI.exe
  2⤵
  PID:6624
- C:\Windows\System\UDuGwTv.exe
  C:\Windows\System\UDuGwTv.exe
  2⤵
  PID:6644
- C:\Windows\System\pfcVVBJ.exe
  C:\Windows\System\pfcVVBJ.exe
  2⤵
  PID:6664
- C:\Windows\System\eMtKubh.exe
  C:\Windows\System\eMtKubh.exe
  2⤵
  PID:6684
- C:\Windows\System\ZLIHrMz.exe
  C:\Windows\System\ZLIHrMz.exe
  2⤵
  PID:6704
- C:\Windows\System\bOTlsUd.exe
  C:\Windows\System\bOTlsUd.exe
  2⤵
  PID:6724
- C:\Windows\System\KQFqHoz.exe
  C:\Windows\System\KQFqHoz.exe
  2⤵
  PID:6744
- C:\Windows\System\tvwzNVH.exe
  C:\Windows\System\tvwzNVH.exe
  2⤵
  PID:6764
- C:\Windows\System\VJJStih.exe
  C:\Windows\System\VJJStih.exe
  2⤵
  PID:6784
- C:\Windows\System\HQuwqoL.exe
  C:\Windows\System\HQuwqoL.exe
  2⤵
  PID:6804
- C:\Windows\System\BcNAHpX.exe
  C:\Windows\System\BcNAHpX.exe
  2⤵
  PID:6824
- C:\Windows\System\CTDFGVR.exe
  C:\Windows\System\CTDFGVR.exe
  2⤵
  PID:6844
- C:\Windows\System\FhfMfPY.exe
  C:\Windows\System\FhfMfPY.exe
  2⤵
  PID:6864
- C:\Windows\System\geTptZI.exe
  C:\Windows\System\geTptZI.exe
  2⤵
  PID:6884
- C:\Windows\System\qmzkOAT.exe
  C:\Windows\System\qmzkOAT.exe
  2⤵
  PID:6904
- C:\Windows\System\pwRuTdg.exe
  C:\Windows\System\pwRuTdg.exe
  2⤵
  PID:6924
- C:\Windows\System\YHkmMJl.exe
  C:\Windows\System\YHkmMJl.exe
  2⤵
  PID:6944
- C:\Windows\System\xxaaJJc.exe
  C:\Windows\System\xxaaJJc.exe
  2⤵
  PID:6964
- C:\Windows\System\TRJdaZE.exe
  C:\Windows\System\TRJdaZE.exe
  2⤵
  PID:6984
- C:\Windows\System\MOAQATh.exe
  C:\Windows\System\MOAQATh.exe
  2⤵
  PID:7004
- C:\Windows\System\HCHDfIl.exe
  C:\Windows\System\HCHDfIl.exe
  2⤵
  PID:7024
- C:\Windows\System\SBTiwjD.exe
  C:\Windows\System\SBTiwjD.exe
  2⤵
  PID:7044
- C:\Windows\System\COFDcBp.exe
  C:\Windows\System\COFDcBp.exe
  2⤵
  PID:7064
- C:\Windows\System\OBpljPk.exe
  C:\Windows\System\OBpljPk.exe
  2⤵
  PID:7084
- C:\Windows\System\mkXusvu.exe
  C:\Windows\System\mkXusvu.exe
  2⤵
  PID:7104
- C:\Windows\System\DyMnEfl.exe
  C:\Windows\System\DyMnEfl.exe
  2⤵
  PID:7124
- C:\Windows\System\IxWDZmD.exe
  C:\Windows\System\IxWDZmD.exe
  2⤵
  PID:7144
- C:\Windows\System\jOhSPyg.exe
  C:\Windows\System\jOhSPyg.exe
  2⤵
  PID:7164
- C:\Windows\System\JrdGFsq.exe
  C:\Windows\System\JrdGFsq.exe
  2⤵
  PID:5824
- C:\Windows\System\SmeBhIj.exe
  C:\Windows\System\SmeBhIj.exe
  2⤵
  PID:5968
- C:\Windows\System\jcBvboK.exe
  C:\Windows\System\jcBvboK.exe
  2⤵
  PID:6004
- C:\Windows\System\fMuSlGw.exe
  C:\Windows\System\fMuSlGw.exe
  2⤵
  PID:1840
- C:\Windows\System\UVXTnuR.exe
  C:\Windows\System\UVXTnuR.exe
  2⤵
  PID:4676
- C:\Windows\System\oGTZcpi.exe
  C:\Windows\System\oGTZcpi.exe
  2⤵
  PID:5084
- C:\Windows\System\cTDRKeH.exe
  C:\Windows\System\cTDRKeH.exe
  2⤵
  PID:5128
- C:\Windows\System\NPsnycB.exe
  C:\Windows\System\NPsnycB.exe
  2⤵
  PID:5328
- C:\Windows\System\ErbhJEF.exe
  C:\Windows\System\ErbhJEF.exe
  2⤵
  PID:5644
- C:\Windows\System\nsufynd.exe
  C:\Windows\System\nsufynd.exe
  2⤵
  PID:5692
- C:\Windows\System\JHfMUrc.exe
  C:\Windows\System\JHfMUrc.exe
  2⤵
  PID:6156
- C:\Windows\System\wXQmrkn.exe
  C:\Windows\System\wXQmrkn.exe
  2⤵
  PID:6196
- C:\Windows\System\YSIXsYl.exe
  C:\Windows\System\YSIXsYl.exe
  2⤵
  PID:6232
- C:\Windows\System\lVJrtle.exe
  C:\Windows\System\lVJrtle.exe
  2⤵
  PID:6272
- C:\Windows\System\SevrWHR.exe
  C:\Windows\System\SevrWHR.exe
  2⤵
  PID:6292
- C:\Windows\System\QnaVnyG.exe
  C:\Windows\System\QnaVnyG.exe
  2⤵
  PID:6332
- C:\Windows\System\ytRzvMf.exe
  C:\Windows\System\ytRzvMf.exe
  2⤵
  PID:6356
- C:\Windows\System\mRfZhwt.exe
  C:\Windows\System\mRfZhwt.exe
  2⤵
  PID:6376
- C:\Windows\System\FsYffWp.exe
  C:\Windows\System\FsYffWp.exe
  2⤵
  PID:6416
- C:\Windows\System\upKQkqX.exe
  C:\Windows\System\upKQkqX.exe
  2⤵
  PID:6452
- C:\Windows\System\YzSniVo.exe
  C:\Windows\System\YzSniVo.exe
  2⤵
  PID:6492
- C:\Windows\System\iANrItV.exe
  C:\Windows\System\iANrItV.exe
  2⤵
  PID:6516
- C:\Windows\System\WaGcwxl.exe
  C:\Windows\System\WaGcwxl.exe
  2⤵
  PID:6552
- C:\Windows\System\LLUYCcD.exe
  C:\Windows\System\LLUYCcD.exe
  2⤵
  PID:6592
- C:\Windows\System\vPHkcSF.exe
  C:\Windows\System\vPHkcSF.exe
  2⤵
  PID:6632
- C:\Windows\System\FWUnnPs.exe
  C:\Windows\System\FWUnnPs.exe
  2⤵
  PID:6636
- C:\Windows\System\EACiqoV.exe
  C:\Windows\System\EACiqoV.exe
  2⤵
  PID:6680
- C:\Windows\System\xvqMkyF.exe
  C:\Windows\System\xvqMkyF.exe
  2⤵
  PID:6720
- C:\Windows\System\FFtKBCW.exe
  C:\Windows\System\FFtKBCW.exe
  2⤵
  PID:6736
- C:\Windows\System\WuFPXwG.exe
  C:\Windows\System\WuFPXwG.exe
  2⤵
  PID:6772
- C:\Windows\System\KMnauqA.exe
  C:\Windows\System\KMnauqA.exe
  2⤵
  PID:6820
- C:\Windows\System\zeGOhIq.exe
  C:\Windows\System\zeGOhIq.exe
  2⤵
  PID:6840
- C:\Windows\System\WqYtAFi.exe
  C:\Windows\System\WqYtAFi.exe
  2⤵
  PID:6880
- C:\Windows\System\hZGhsgr.exe
  C:\Windows\System\hZGhsgr.exe
  2⤵
  PID:6920
- C:\Windows\System\kIkDsfr.exe
  C:\Windows\System\kIkDsfr.exe
  2⤵
  PID:6940
- C:\Windows\System\iDCMjyi.exe
  C:\Windows\System\iDCMjyi.exe
  2⤵
  PID:6936
- C:\Windows\System\FoFyFht.exe
  C:\Windows\System\FoFyFht.exe
  2⤵
  PID:6976
- C:\Windows\System\vOyagMz.exe
  C:\Windows\System\vOyagMz.exe
  2⤵
  PID:7040
- C:\Windows\System\fTPnPKD.exe
  C:\Windows\System\fTPnPKD.exe
  2⤵
  PID:7080
- C:\Windows\System\qluVQGx.exe
  C:\Windows\System\qluVQGx.exe
  2⤵
  PID:7120
- C:\Windows\System\JDtcVzD.exe
  C:\Windows\System\JDtcVzD.exe
  2⤵
  PID:7152
- C:\Windows\System\GKmhktl.exe
  C:\Windows\System\GKmhktl.exe
  2⤵
  PID:5912
- C:\Windows\System\AkwxIWt.exe
  C:\Windows\System\AkwxIWt.exe
  2⤵
  PID:5764
- C:\Windows\System\POtctaB.exe
  C:\Windows\System\POtctaB.exe
  2⤵
  PID:6008
- C:\Windows\System\GMJVSaz.exe
  C:\Windows\System\GMJVSaz.exe
  2⤵
  PID:5480
- C:\Windows\System\vBmRxsv.exe
  C:\Windows\System\vBmRxsv.exe
  2⤵
  PID:5464
- C:\Windows\System\FKgPCKK.exe
  C:\Windows\System\FKgPCKK.exe
  2⤵
  PID:6236
- C:\Windows\System\SRzrdXR.exe
  C:\Windows\System\SRzrdXR.exe
  2⤵
  PID:6296
- C:\Windows\System\OlQxUTv.exe
  C:\Windows\System\OlQxUTv.exe
  2⤵
  PID:5260
- C:\Windows\System\IaECRnn.exe
  C:\Windows\System\IaECRnn.exe
  2⤵
  PID:2896
- C:\Windows\System\NQWiiGW.exe
  C:\Windows\System\NQWiiGW.exe
  2⤵
  PID:6500
- C:\Windows\System\jAUotsg.exe
  C:\Windows\System\jAUotsg.exe
  2⤵
  PID:2824
- C:\Windows\System\mjkYLjL.exe
  C:\Windows\System\mjkYLjL.exe
  2⤵
  PID:6640
- C:\Windows\System\IMnltQW.exe
  C:\Windows\System\IMnltQW.exe
  2⤵
  PID:6280
- C:\Windows\System\xGdOpCR.exe
  C:\Windows\System\xGdOpCR.exe
  2⤵
  PID:6760
- C:\Windows\System\RZypHcj.exe
  C:\Windows\System\RZypHcj.exe
  2⤵
  PID:6420
- C:\Windows\System\umlAFuT.exe
  C:\Windows\System\umlAFuT.exe
  2⤵
  PID:6476
- C:\Windows\System\xWfvUEY.exe
  C:\Windows\System\xWfvUEY.exe
  2⤵
  PID:6912
- C:\Windows\System\YNlyBGM.exe
  C:\Windows\System\YNlyBGM.exe
  2⤵
  PID:6596
- C:\Windows\System\LmiVviy.exe
  C:\Windows\System\LmiVviy.exe
  2⤵
  PID:6660
- C:\Windows\System\GofFQWt.exe
  C:\Windows\System\GofFQWt.exe
  2⤵
  PID:6776
- C:\Windows\System\UXqZtpf.exe
  C:\Windows\System\UXqZtpf.exe
  2⤵
  PID:7092
- C:\Windows\System\WTIyyUd.exe
  C:\Windows\System\WTIyyUd.exe
  2⤵
  PID:6856
- C:\Windows\System\ahryXYp.exe
  C:\Windows\System\ahryXYp.exe
  2⤵
  PID:7140
- C:\Windows\System\xmCyKaz.exe
  C:\Windows\System\xmCyKaz.exe
  2⤵
  PID:7000
- C:\Windows\System\nDhlOuD.exe
  C:\Windows\System\nDhlOuD.exe
  2⤵
  PID:7052
- C:\Windows\System\nOjNRKj.exe
  C:\Windows\System\nOjNRKj.exe
  2⤵
  PID:4532
- C:\Windows\System\jFdqWdM.exe
  C:\Windows\System\jFdqWdM.exe
  2⤵
  PID:5840
- C:\Windows\System\ftigQdL.exe
  C:\Windows\System\ftigQdL.exe
  2⤵
  PID:6260
- C:\Windows\System\uutuzgc.exe
  C:\Windows\System\uutuzgc.exe
  2⤵
  PID:5348
- C:\Windows\System\JIUeUCM.exe
  C:\Windows\System\JIUeUCM.exe
  2⤵
  PID:6180
- C:\Windows\System\FKShUDn.exe
  C:\Windows\System\FKShUDn.exe
  2⤵
  PID:5180
- C:\Windows\System\qUVEuFP.exe
  C:\Windows\System\qUVEuFP.exe
  2⤵
  PID:6440
- C:\Windows\System\HABrcxd.exe
  C:\Windows\System\HABrcxd.exe
  2⤵
  PID:6212
- C:\Windows\System\JnCxrLf.exe
  C:\Windows\System\JnCxrLf.exe
  2⤵
  PID:2912
- C:\Windows\System\udErIqM.exe
  C:\Windows\System\udErIqM.exe
  2⤵
  PID:6756
- C:\Windows\System\Qbjgxrm.exe
  C:\Windows\System\Qbjgxrm.exe
  2⤵
  PID:6816
- C:\Windows\System\VBUDlNW.exe
  C:\Windows\System\VBUDlNW.exe
  2⤵
  PID:6892
- C:\Windows\System\kFWvENs.exe
  C:\Windows\System\kFWvENs.exe
  2⤵
  PID:6960
- C:\Windows\System\VxPkkxL.exe
  C:\Windows\System\VxPkkxL.exe
  2⤵
  PID:1924
- C:\Windows\System\fNEkqQG.exe
  C:\Windows\System\fNEkqQG.exe
  2⤵
  PID:3028
- C:\Windows\System\eXeUdRG.exe
  C:\Windows\System\eXeUdRG.exe
  2⤵
  PID:6860
- C:\Windows\System\ZdOQlsP.exe
  C:\Windows\System\ZdOQlsP.exe
  2⤵
  PID:7136
- C:\Windows\System\mlDrdkd.exe
  C:\Windows\System\mlDrdkd.exe
  2⤵
  PID:7016
- C:\Windows\System\anyNbsX.exe
  C:\Windows\System\anyNbsX.exe
  2⤵
  PID:2208
- C:\Windows\System\bAUIQml.exe
  C:\Windows\System\bAUIQml.exe
  2⤵
  PID:444
- C:\Windows\System\PqIHQZk.exe
  C:\Windows\System\PqIHQZk.exe
  2⤵
  PID:4476
- C:\Windows\System\XURkFXE.exe
  C:\Windows\System\XURkFXE.exe
  2⤵
  PID:6200
- C:\Windows\System\FkGfZGR.exe
  C:\Windows\System\FkGfZGR.exe
  2⤵
  PID:2096
- C:\Windows\System\BLIpNFm.exe
  C:\Windows\System\BLIpNFm.exe
  2⤵
  PID:2580
- C:\Windows\System\QAbneiq.exe
  C:\Windows\System\QAbneiq.exe
  2⤵
  PID:6712
- C:\Windows\System\mTaTglX.exe
  C:\Windows\System\mTaTglX.exe
  2⤵
  PID:6456
- C:\Windows\System\lGPwWjb.exe
  C:\Windows\System\lGPwWjb.exe
  2⤵
  PID:2640
- C:\Windows\System\riGJpDI.exe
  C:\Windows\System\riGJpDI.exe
  2⤵
  PID:6956
- C:\Windows\System\NFoyeZf.exe
  C:\Windows\System\NFoyeZf.exe
  2⤵
  PID:1904
- C:\Windows\System\PNQGbjU.exe
  C:\Windows\System\PNQGbjU.exe
  2⤵
  PID:308
- C:\Windows\System\KUcNirL.exe
  C:\Windows\System\KUcNirL.exe
  2⤵
  PID:972
- C:\Windows\System\WsfXitX.exe
  C:\Windows\System\WsfXitX.exe
  2⤵
  PID:7132
- C:\Windows\System\puZxcoL.exe
  C:\Windows\System\puZxcoL.exe
  2⤵
  PID:7116
- C:\Windows\System\pRuNOQY.exe
  C:\Windows\System\pRuNOQY.exe
  2⤵
  PID:1584
- C:\Windows\System\msdAYKA.exe
  C:\Windows\System\msdAYKA.exe
  2⤵
  PID:6388
- C:\Windows\System\LYQkaNj.exe
  C:\Windows\System\LYQkaNj.exe
  2⤵
  PID:2808
- C:\Windows\System\iHiLuVj.exe
  C:\Windows\System\iHiLuVj.exe
  2⤵
  PID:6700
- C:\Windows\System\FaaVCkO.exe
  C:\Windows\System\FaaVCkO.exe
  2⤵
  PID:6732
- C:\Windows\System\JVHFRLm.exe
  C:\Windows\System\JVHFRLm.exe
  2⤵
  PID:6852
- C:\Windows\System\vGEKcoq.exe
  C:\Windows\System\vGEKcoq.exe
  2⤵
  PID:6740
- C:\Windows\System\apdbqxG.exe
  C:\Windows\System\apdbqxG.exe
  2⤵
  PID:2316
- C:\Windows\System\CPAsfAK.exe
  C:\Windows\System\CPAsfAK.exe
  2⤵
  PID:6108
- C:\Windows\System\iEdlcEf.exe
  C:\Windows\System\iEdlcEf.exe
  2⤵
  PID:6300
- C:\Windows\System\cMDtroG.exe
  C:\Windows\System\cMDtroG.exe
  2⤵
  PID:6696
- C:\Windows\System\EFSIHJW.exe
  C:\Windows\System\EFSIHJW.exe
  2⤵
  PID:6160
- C:\Windows\System\kXQvtob.exe
  C:\Windows\System\kXQvtob.exe
  2⤵
  PID:7156
- C:\Windows\System\kUSuIEv.exe
  C:\Windows\System\kUSuIEv.exe
  2⤵
  PID:2260
- C:\Windows\System\PRVotaj.exe
  C:\Windows\System\PRVotaj.exe
  2⤵
  PID:2740
- C:\Windows\System\VBXrddj.exe
  C:\Windows\System\VBXrddj.exe
  2⤵
  PID:2732
- C:\Windows\System\RdiVBkz.exe
  C:\Windows\System\RdiVBkz.exe
  2⤵
  PID:7112
- C:\Windows\System\lbIzrIQ.exe
  C:\Windows\System\lbIzrIQ.exe
  2⤵
  PID:668
- C:\Windows\System\sFXYxnH.exe
  C:\Windows\System\sFXYxnH.exe
  2⤵
  PID:4888
- C:\Windows\System\Ccyktmv.exe
  C:\Windows\System\Ccyktmv.exe
  2⤵
  PID:1636
- C:\Windows\System\MYMTKOu.exe
  C:\Windows\System\MYMTKOu.exe
  2⤵
  PID:2360
- C:\Windows\System\fcIwVrg.exe
  C:\Windows\System\fcIwVrg.exe
  2⤵
  PID:3068
- C:\Windows\System\yrSBkCn.exe
  C:\Windows\System\yrSBkCn.exe
  2⤵
  PID:6480
- C:\Windows\System\afrIJun.exe
  C:\Windows\System\afrIJun.exe
  2⤵
  PID:1552
- C:\Windows\System\QCNwwdU.exe
  C:\Windows\System\QCNwwdU.exe
  2⤵
  PID:1520
- C:\Windows\System\RvHyluZ.exe
  C:\Windows\System\RvHyluZ.exe
  2⤵
  PID:3040
- C:\Windows\System\BXWiwQi.exe
  C:\Windows\System\BXWiwQi.exe
  2⤵
  PID:2272
- C:\Windows\System\zgJSVRQ.exe
  C:\Windows\System\zgJSVRQ.exe
  2⤵
  PID:7188
- C:\Windows\System\QkMibEo.exe
  C:\Windows\System\QkMibEo.exe
  2⤵
  PID:7208
- C:\Windows\System\qDxyFYT.exe
  C:\Windows\System\qDxyFYT.exe
  2⤵
  PID:7224
- C:\Windows\System\HoQtTCe.exe
  C:\Windows\System\HoQtTCe.exe
  2⤵
  PID:7248
- C:\Windows\System\cHmXNLs.exe
  C:\Windows\System\cHmXNLs.exe
  2⤵
  PID:7264
- C:\Windows\System\fhhgNRb.exe
  C:\Windows\System\fhhgNRb.exe
  2⤵
  PID:7284
- C:\Windows\System\tIBTujf.exe
  C:\Windows\System\tIBTujf.exe
  2⤵
  PID:7304
- C:\Windows\System\INHidvS.exe
  C:\Windows\System\INHidvS.exe
  2⤵
  PID:7324
- C:\Windows\System\MekIron.exe
  C:\Windows\System\MekIron.exe
  2⤵
  PID:7344
- C:\Windows\System\vVwQXXb.exe
  C:\Windows\System\vVwQXXb.exe
  2⤵
  PID:7360
- C:\Windows\System\BDYSZrs.exe
  C:\Windows\System\BDYSZrs.exe
  2⤵
  PID:7380
- C:\Windows\System\GwvwjBE.exe
  C:\Windows\System\GwvwjBE.exe
  2⤵
  PID:7400
- C:\Windows\System\tqAIxsy.exe
  C:\Windows\System\tqAIxsy.exe
  2⤵
  PID:7420
- C:\Windows\System\pNumnEl.exe
  C:\Windows\System\pNumnEl.exe
  2⤵
  PID:7460
- C:\Windows\System\EJsTwcF.exe
  C:\Windows\System\EJsTwcF.exe
  2⤵
  PID:7480
- C:\Windows\System\qDMrghl.exe
  C:\Windows\System\qDMrghl.exe
  2⤵
  PID:7496
- C:\Windows\System\ZfMcyFp.exe
  C:\Windows\System\ZfMcyFp.exe
  2⤵
  PID:7512
- C:\Windows\System\wTfofrB.exe
  C:\Windows\System\wTfofrB.exe
  2⤵
  PID:7532
- C:\Windows\System\pmpsDlF.exe
  C:\Windows\System\pmpsDlF.exe
  2⤵
  PID:7552
- C:\Windows\System\IcclVfp.exe
  C:\Windows\System\IcclVfp.exe
  2⤵
  PID:7568
- C:\Windows\System\NcWBVPB.exe
  C:\Windows\System\NcWBVPB.exe
  2⤵
  PID:7588
- C:\Windows\System\fYxhdpv.exe
  C:\Windows\System\fYxhdpv.exe
  2⤵
  PID:7608
- C:\Windows\System\nwuxlWl.exe
  C:\Windows\System\nwuxlWl.exe
  2⤵
  PID:7624
- C:\Windows\System\VDYIfrk.exe
  C:\Windows\System\VDYIfrk.exe
  2⤵
  PID:7644
- C:\Windows\System\XRTAMoG.exe
  C:\Windows\System\XRTAMoG.exe
  2⤵
  PID:7660
- C:\Windows\System\RIgtgUi.exe
  C:\Windows\System\RIgtgUi.exe
  2⤵
  PID:7676
- C:\Windows\System\UrnxpFM.exe
  C:\Windows\System\UrnxpFM.exe
  2⤵
  PID:7696
- C:\Windows\System\XMXvkAG.exe
  C:\Windows\System\XMXvkAG.exe
  2⤵
  PID:7712
- C:\Windows\System\BiOuhxf.exe
  C:\Windows\System\BiOuhxf.exe
  2⤵
  PID:7728
- C:\Windows\System\IekmrUt.exe
  C:\Windows\System\IekmrUt.exe
  2⤵
  PID:7748
- C:\Windows\System\bXhznCm.exe
  C:\Windows\System\bXhznCm.exe
  2⤵
  PID:7764
- C:\Windows\System\NJhdWeX.exe
  C:\Windows\System\NJhdWeX.exe
  2⤵
  PID:7780
- C:\Windows\System\TrFOyTf.exe
  C:\Windows\System\TrFOyTf.exe
  2⤵
  PID:7800
- C:\Windows\System\fAZraEM.exe
  C:\Windows\System\fAZraEM.exe
  2⤵
  PID:7820
- C:\Windows\System\zsVIaEj.exe
  C:\Windows\System\zsVIaEj.exe
  2⤵
  PID:7840
- C:\Windows\System\lnzmPgA.exe
  C:\Windows\System\lnzmPgA.exe
  2⤵
  PID:7860
- C:\Windows\System\WOLTSaA.exe
  C:\Windows\System\WOLTSaA.exe
  2⤵
  PID:7880
- C:\Windows\System\blPVhSJ.exe
  C:\Windows\System\blPVhSJ.exe
  2⤵
  PID:7900
- C:\Windows\System\YXjLVJI.exe
  C:\Windows\System\YXjLVJI.exe
  2⤵
  PID:7928
- C:\Windows\System\fwzeMiy.exe
  C:\Windows\System\fwzeMiy.exe
  2⤵
  PID:7948
- C:\Windows\System\ZWwjZap.exe
  C:\Windows\System\ZWwjZap.exe
  2⤵
  PID:7964
- C:\Windows\System\azeWtcE.exe
  C:\Windows\System\azeWtcE.exe
  2⤵
  PID:7980
- C:\Windows\System\OyHIHCh.exe
  C:\Windows\System\OyHIHCh.exe
  2⤵
  PID:8000
- C:\Windows\System\vmyTdlZ.exe
  C:\Windows\System\vmyTdlZ.exe
  2⤵
  PID:8016
- C:\Windows\System\cVrcssH.exe
  C:\Windows\System\cVrcssH.exe
  2⤵
  PID:8040
- C:\Windows\System\NrhcESu.exe
  C:\Windows\System\NrhcESu.exe
  2⤵
  PID:8060
- C:\Windows\System\NfYOnkJ.exe
  C:\Windows\System\NfYOnkJ.exe
  2⤵
  PID:8076
- C:\Windows\System\xViprUV.exe
  C:\Windows\System\xViprUV.exe
  2⤵
  PID:8096
- C:\Windows\System\SvohbKb.exe
  C:\Windows\System\SvohbKb.exe
  2⤵
  PID:8116
- C:\Windows\System\BCwzmua.exe
  C:\Windows\System\BCwzmua.exe
  2⤵
  PID:8132
- C:\Windows\System\CQiyGZi.exe
  C:\Windows\System\CQiyGZi.exe
  2⤵
  PID:8152
- C:\Windows\System\FopbaYQ.exe
  C:\Windows\System\FopbaYQ.exe
  2⤵
  PID:1224
- C:\Windows\System\drKDfvJ.exe
  C:\Windows\System\drKDfvJ.exe
  2⤵
  PID:1764
- C:\Windows\System\cZgAYUH.exe
  C:\Windows\System\cZgAYUH.exe
  2⤵
  PID:7200
- C:\Windows\System\DcwHLWq.exe
  C:\Windows\System\DcwHLWq.exe
  2⤵
  PID:7236
- C:\Windows\System\UQABuKY.exe
  C:\Windows\System\UQABuKY.exe
  2⤵
  PID:7280
- C:\Windows\System\FuyndEI.exe
  C:\Windows\System\FuyndEI.exe
  2⤵
  PID:7320
- C:\Windows\System\aCaLqSP.exe
  C:\Windows\System\aCaLqSP.exe
  2⤵
  PID:7412
- C:\Windows\System\wMSslhI.exe
  C:\Windows\System\wMSslhI.exe
  2⤵
  PID:2160
- C:\Windows\System\KYmEKHn.exe
  C:\Windows\System\KYmEKHn.exe
  2⤵
  PID:7508
- C:\Windows\System\puDNbXm.exe
  C:\Windows\System\puDNbXm.exe
  2⤵
  PID:7580
- C:\Windows\System\CAauhUl.exe
  C:\Windows\System\CAauhUl.exe
  2⤵
  PID:7616
- C:\Windows\System\yuCrPsH.exe
  C:\Windows\System\yuCrPsH.exe
  2⤵
  PID:1900
- C:\Windows\System\kVLGyjH.exe
  C:\Windows\System\kVLGyjH.exe
  2⤵
  PID:7724
- C:\Windows\System\WyGPvgm.exe
  C:\Windows\System\WyGPvgm.exe
  2⤵
  PID:7796
- C:\Windows\System\IwhYoGx.exe
  C:\Windows\System\IwhYoGx.exe
  2⤵
  PID:7876
- C:\Windows\System\vehErNT.exe
  C:\Windows\System\vehErNT.exe
  2⤵
  PID:7908
- C:\Windows\System\NhqjFgK.exe
  C:\Windows\System\NhqjFgK.exe
  2⤵
  PID:7960
- C:\Windows\System\OWzMVJQ.exe
  C:\Windows\System\OWzMVJQ.exe
  2⤵
  PID:8072
- C:\Windows\System\YuMWClG.exe
  C:\Windows\System\YuMWClG.exe
  2⤵
  PID:8108
- C:\Windows\System\owAukTs.exe
  C:\Windows\System\owAukTs.exe
  2⤵
  PID:7524
- C:\Windows\System\OxgRCWP.exe
  C:\Windows\System\OxgRCWP.exe
  2⤵
  PID:7560
- C:\Windows\System\uQUsXUE.exe
  C:\Windows\System\uQUsXUE.exe
  2⤵
  PID:7596
- C:\Windows\System\nwqTSON.exe
  C:\Windows\System\nwqTSON.exe
  2⤵
  PID:7636
- C:\Windows\System\cZRjPEM.exe
  C:\Windows\System\cZRjPEM.exe
  2⤵
  PID:7704
- C:\Windows\System\XQxHCUD.exe
  C:\Windows\System\XQxHCUD.exe
  2⤵
  PID:7772
- C:\Windows\System\GreDiFE.exe
  C:\Windows\System\GreDiFE.exe
  2⤵
  PID:7848
- C:\Windows\System\QENJtON.exe
  C:\Windows\System\QENJtON.exe
  2⤵
  PID:7892
- C:\Windows\System\aqyGqnF.exe
  C:\Windows\System\aqyGqnF.exe
  2⤵
  PID:7972
- C:\Windows\System\YTieKRE.exe
  C:\Windows\System\YTieKRE.exe
  2⤵
  PID:8048
- C:\Windows\System\ruGexIw.exe
  C:\Windows\System\ruGexIw.exe
  2⤵
  PID:8088
- C:\Windows\System\uOzZqOV.exe
  C:\Windows\System\uOzZqOV.exe
  2⤵
  PID:8160
- C:\Windows\System\sOMPqaU.exe
  C:\Windows\System\sOMPqaU.exe
  2⤵
  PID:6576
- C:\Windows\System\xdDXHIV.exe
  C:\Windows\System\xdDXHIV.exe
  2⤵
  PID:7256
- C:\Windows\System\FJrowqG.exe
  C:\Windows\System\FJrowqG.exe
  2⤵
  PID:8188
- C:\Windows\System\IpVHTPo.exe
  C:\Windows\System\IpVHTPo.exe
  2⤵
  PID:7340
- C:\Windows\System\vIWmoRX.exe
  C:\Windows\System\vIWmoRX.exe
  2⤵
  PID:7356
- C:\Windows\System\wTuHcUP.exe
  C:\Windows\System\wTuHcUP.exe
  2⤵
  PID:7300
- C:\Windows\System\RFNVhlB.exe
  C:\Windows\System\RFNVhlB.exe
  2⤵
  PID:7396
- C:\Windows\System\ytcrJUe.exe
  C:\Windows\System\ytcrJUe.exe
  2⤵
  PID:7272
- C:\Windows\System\jEheMZK.exe
  C:\Windows\System\jEheMZK.exe
  2⤵
  PID:7428
- C:\Windows\System\VVSvUSD.exe
  C:\Windows\System\VVSvUSD.exe
  2⤵
  PID:7916
- C:\Windows\System\yueBuML.exe
  C:\Windows\System\yueBuML.exe
  2⤵
  PID:8024
- C:\Windows\System\fPgHpHG.exe
  C:\Windows\System\fPgHpHG.exe
  2⤵
  PID:7688
- C:\Windows\System\jQWuBkD.exe
  C:\Windows\System\jQWuBkD.exe
  2⤵
  PID:7812
- C:\Windows\System\smpxFps.exe
  C:\Windows\System\smpxFps.exe
  2⤵
  PID:7564
- C:\Windows\System\YciPMTV.exe
  C:\Windows\System\YciPMTV.exe
  2⤵
  PID:7940
- C:\Windows\System\cbdiZzO.exe
  C:\Windows\System\cbdiZzO.exe
  2⤵
  PID:8184
- C:\Windows\System\xatKaCf.exe
  C:\Windows\System\xatKaCf.exe
  2⤵
  PID:7692
- C:\Windows\System\HDoqeuz.exe
  C:\Windows\System\HDoqeuz.exe
  2⤵
  PID:7604
- C:\Windows\System\EYDHisM.exe
  C:\Windows\System\EYDHisM.exe
  2⤵
  PID:7432
- C:\Windows\System\foKgxDm.exe
  C:\Windows\System\foKgxDm.exe
  2⤵
  PID:7544
- C:\Windows\System\dLWYFSy.exe
  C:\Windows\System\dLWYFSy.exe
  2⤵
  PID:7924
- C:\Windows\System\ItJjHvF.exe
  C:\Windows\System\ItJjHvF.exe
  2⤵
  PID:7408
- C:\Windows\System\uqCNFaE.exe
  C:\Windows\System\uqCNFaE.exe
  2⤵
  PID:7740
- C:\Windows\System\iAdMxeh.exe
  C:\Windows\System\iAdMxeh.exe
  2⤵
  PID:8124
- C:\Windows\System\ThdrJKf.exe
  C:\Windows\System\ThdrJKf.exe
  2⤵
  PID:7372
- C:\Windows\System\qWwGrdy.exe
  C:\Windows\System\qWwGrdy.exe
  2⤵
  PID:7184
- C:\Windows\System\fjWpcDH.exe
  C:\Windows\System\fjWpcDH.exe
  2⤵
  PID:7540
- C:\Windows\System\sETKrEK.exe
  C:\Windows\System\sETKrEK.exe
  2⤵
  PID:7520
- C:\Windows\System\CGUkWKA.exe
  C:\Windows\System\CGUkWKA.exe
  2⤵
  PID:7736
- C:\Windows\System\zpbnSEs.exe
  C:\Windows\System\zpbnSEs.exe
  2⤵
  PID:8196
- C:\Windows\System\OOispmz.exe
  C:\Windows\System\OOispmz.exe
  2⤵
  PID:8212
- C:\Windows\System\kALBrLj.exe
  C:\Windows\System\kALBrLj.exe
  2⤵
  PID:8228
- C:\Windows\System\FrkFjeg.exe
  C:\Windows\System\FrkFjeg.exe
  2⤵
  PID:8244
- C:\Windows\System\dklHDsT.exe
  C:\Windows\System\dklHDsT.exe
  2⤵
  PID:8260
- C:\Windows\System\SzayHCC.exe
  C:\Windows\System\SzayHCC.exe
  2⤵
  PID:8276
- C:\Windows\System\vPBHVfq.exe
  C:\Windows\System\vPBHVfq.exe
  2⤵
  PID:8292
- C:\Windows\System\wtXJYrV.exe
  C:\Windows\System\wtXJYrV.exe
  2⤵
  PID:8308
- C:\Windows\System\xKmWnyR.exe
  C:\Windows\System\xKmWnyR.exe
  2⤵
  PID:8328
- C:\Windows\System\nAqPDkl.exe
  C:\Windows\System\nAqPDkl.exe
  2⤵
  PID:8348
- C:\Windows\System\DejYPVO.exe
  C:\Windows\System\DejYPVO.exe
  2⤵
  PID:8364
- C:\Windows\System\KKpWDyl.exe
  C:\Windows\System\KKpWDyl.exe
  2⤵
  PID:8380
- C:\Windows\System\MxgcUWh.exe
  C:\Windows\System\MxgcUWh.exe
  2⤵
  PID:8396
- C:\Windows\System\cHUZAEU.exe
  C:\Windows\System\cHUZAEU.exe
  2⤵
  PID:8412
- C:\Windows\System\RMNLcXm.exe
  C:\Windows\System\RMNLcXm.exe
  2⤵
  PID:8428
- C:\Windows\System\mCpBxlj.exe
  C:\Windows\System\mCpBxlj.exe
  2⤵
  PID:8444
- C:\Windows\System\aBmyiqx.exe
  C:\Windows\System\aBmyiqx.exe
  2⤵
  PID:8460
- C:\Windows\System\wvONHBk.exe
  C:\Windows\System\wvONHBk.exe
  2⤵
  PID:8476
- C:\Windows\System\HDWTFyD.exe
  C:\Windows\System\HDWTFyD.exe
  2⤵
  PID:8492
- C:\Windows\System\xzvCzjO.exe
  C:\Windows\System\xzvCzjO.exe
  2⤵
  PID:8508
- C:\Windows\System\eXstkgT.exe
  C:\Windows\System\eXstkgT.exe
  2⤵
  PID:8528
- C:\Windows\System\EjaAvvI.exe
  C:\Windows\System\EjaAvvI.exe
  2⤵
  PID:8544
- C:\Windows\System\GKcneBt.exe
  C:\Windows\System\GKcneBt.exe
  2⤵
  PID:8560
- C:\Windows\System\vgaPjiH.exe
  C:\Windows\System\vgaPjiH.exe
  2⤵
  PID:8580
- C:\Windows\System\VkCYFtX.exe
  C:\Windows\System\VkCYFtX.exe
  2⤵
  PID:8600
- C:\Windows\System\WCEEIfK.exe
  C:\Windows\System\WCEEIfK.exe
  2⤵
  PID:8616
- C:\Windows\System\GXrAakw.exe
  C:\Windows\System\GXrAakw.exe
  2⤵
  PID:8632
- C:\Windows\System\clPXgqB.exe
  C:\Windows\System\clPXgqB.exe
  2⤵
  PID:8648
- C:\Windows\System\XUHCfMl.exe
  C:\Windows\System\XUHCfMl.exe
  2⤵
  PID:8664
- C:\Windows\System\IebVqOH.exe
  C:\Windows\System\IebVqOH.exe
  2⤵
  PID:8688
- C:\Windows\System\gwezCcx.exe
  C:\Windows\System\gwezCcx.exe
  2⤵
  PID:8704
- C:\Windows\System\DAirmQL.exe
  C:\Windows\System\DAirmQL.exe
  2⤵
  PID:8720
- C:\Windows\System\CeJoKdC.exe
  C:\Windows\System\CeJoKdC.exe
  2⤵
  PID:8736
- C:\Windows\System\NgXdlAU.exe
  C:\Windows\System\NgXdlAU.exe
  2⤵
  PID:8752
- C:\Windows\System\PoOTlkH.exe
  C:\Windows\System\PoOTlkH.exe
  2⤵
  PID:8768
- C:\Windows\System\TzFCczL.exe
  C:\Windows\System\TzFCczL.exe
  2⤵
  PID:8788
- C:\Windows\System\hHxKsbP.exe
  C:\Windows\System\hHxKsbP.exe
  2⤵
  PID:8804
- C:\Windows\System\DteziBf.exe
  C:\Windows\System\DteziBf.exe
  2⤵
  PID:8828
- C:\Windows\System\KkqzMNs.exe
  C:\Windows\System\KkqzMNs.exe
  2⤵
  PID:8844
- C:\Windows\System\dhBUfTo.exe
  C:\Windows\System\dhBUfTo.exe
  2⤵
  PID:8860
- C:\Windows\System\PlNpXGy.exe
  C:\Windows\System\PlNpXGy.exe
  2⤵
  PID:8876
- C:\Windows\System\fVuMXsF.exe
  C:\Windows\System\fVuMXsF.exe
  2⤵
  PID:8892
- C:\Windows\System\WzDOqOU.exe
  C:\Windows\System\WzDOqOU.exe
  2⤵
  PID:8908
- C:\Windows\System\LHFKdBY.exe
  C:\Windows\System\LHFKdBY.exe
  2⤵
  PID:8924
- C:\Windows\System\gTFQMGy.exe
  C:\Windows\System\gTFQMGy.exe
  2⤵
  PID:8972
- C:\Windows\System\zZojbLr.exe
  C:\Windows\System\zZojbLr.exe
  2⤵
  PID:8988
- C:\Windows\System\yihwSmr.exe
  C:\Windows\System\yihwSmr.exe
  2⤵
  PID:9004
- C:\Windows\System\neLvvsJ.exe
  C:\Windows\System\neLvvsJ.exe
  2⤵
  PID:9188
- C:\Windows\System\vNbwfoJ.exe
  C:\Windows\System\vNbwfoJ.exe
  2⤵
  PID:7836
- C:\Windows\System\DmCGhtI.exe
  C:\Windows\System\DmCGhtI.exe
  2⤵
  PID:5388
- C:\Windows\System\hzmldwh.exe
  C:\Windows\System\hzmldwh.exe
  2⤵
  PID:7220
- C:\Windows\System\EmhPfYC.exe
  C:\Windows\System\EmhPfYC.exe
  2⤵
  PID:8236
- C:\Windows\System\jOzLhJr.exe
  C:\Windows\System\jOzLhJr.exe
  2⤵
  PID:8372
- C:\Windows\System\WskCFWU.exe
  C:\Windows\System\WskCFWU.exe
  2⤵
  PID:8220
- C:\Windows\System\PcjOVZT.exe
  C:\Windows\System\PcjOVZT.exe
  2⤵
  PID:7920
- C:\Windows\System\ZXkRvpi.exe
  C:\Windows\System\ZXkRvpi.exe
  2⤵
  PID:8012
- C:\Windows\System\GpDbyEj.exe
  C:\Windows\System\GpDbyEj.exe
  2⤵
  PID:8144
- C:\Windows\System\KGzwWrJ.exe
  C:\Windows\System\KGzwWrJ.exe
  2⤵
  PID:8056
- C:\Windows\System\AtkclCT.exe
  C:\Windows\System\AtkclCT.exe
  2⤵
  PID:7468
- C:\Windows\System\KFYZAiJ.exe
  C:\Windows\System\KFYZAiJ.exe
  2⤵
  PID:8256
- C:\Windows\System\bXOOxuo.exe
  C:\Windows\System\bXOOxuo.exe
  2⤵
  PID:8356
- C:\Windows\System\TzMszCb.exe
  C:\Windows\System\TzMszCb.exe
  2⤵
  PID:8408
- C:\Windows\System\dcSTKPS.exe
  C:\Windows\System\dcSTKPS.exe
  2⤵
  PID:8440
- C:\Windows\System\SyKTiWk.exe
  C:\Windows\System\SyKTiWk.exe
  2⤵
  PID:8500
- C:\Windows\System\RSRtrUC.exe
  C:\Windows\System\RSRtrUC.exe
  2⤵
  PID:8536
- C:\Windows\System\phPYvbI.exe
  C:\Windows\System\phPYvbI.exe
  2⤵
  PID:8644
- C:\Windows\System\iWGANdR.exe
  C:\Windows\System\iWGANdR.exe
  2⤵
  PID:8516
- C:\Windows\System\pgHDSjr.exe
  C:\Windows\System\pgHDSjr.exe
  2⤵
  PID:8628
- C:\Windows\System\wnFBKuQ.exe
  C:\Windows\System\wnFBKuQ.exe
  2⤵
  PID:8588
- C:\Windows\System\gWEkKJW.exe
  C:\Windows\System\gWEkKJW.exe
  2⤵
  PID:8760
- C:\Windows\System\UDDaKPE.exe
  C:\Windows\System\UDDaKPE.exe
  2⤵
  PID:8732
- C:\Windows\System\cKiYSKW.exe
  C:\Windows\System\cKiYSKW.exe
  2⤵
  PID:8744
- C:\Windows\System\jZnqidW.exe
  C:\Windows\System\jZnqidW.exe
  2⤵
  PID:8780
- C:\Windows\System\YaxkBup.exe
  C:\Windows\System\YaxkBup.exe
  2⤵
  PID:8812
- C:\Windows\System\GNIJoGj.exe
  C:\Windows\System\GNIJoGj.exe
  2⤵
  PID:8856
- C:\Windows\System\svNMbAl.exe
  C:\Windows\System\svNMbAl.exe
  2⤵
  PID:8888
- C:\Windows\System\ZSDRSHJ.exe
  C:\Windows\System\ZSDRSHJ.exe
  2⤵
  PID:8684
- C:\Windows\System\EPHdrKq.exe
  C:\Windows\System\EPHdrKq.exe
  2⤵
  PID:8952
- C:\Windows\System\ReNHiWv.exe
  C:\Windows\System\ReNHiWv.exe
  2⤵
  PID:8980
- C:\Windows\System\BpYpskM.exe
  C:\Windows\System\BpYpskM.exe
  2⤵
  PID:9016
- C:\Windows\System\GevkCFW.exe
  C:\Windows\System\GevkCFW.exe
  2⤵
  PID:9052
- C:\Windows\System\ZBqcDEh.exe
  C:\Windows\System\ZBqcDEh.exe
  2⤵
  PID:9116
- C:\Windows\System\RamPPIj.exe
  C:\Windows\System\RamPPIj.exe
  2⤵
  PID:9104
- C:\Windows\System\cDnjKxi.exe
  C:\Windows\System\cDnjKxi.exe
  2⤵
  PID:9032
- C:\Windows\System\GxmJDfm.exe
  C:\Windows\System\GxmJDfm.exe
  2⤵
  PID:9056
- C:\Windows\System\vGCPbhU.exe
  C:\Windows\System\vGCPbhU.exe
  2⤵
  PID:9024
- C:\Windows\System\QTBjVZn.exe
  C:\Windows\System\QTBjVZn.exe
  2⤵
  PID:9088
- C:\Windows\System\oEoVTSw.exe
  C:\Windows\System\oEoVTSw.exe
  2⤵
  PID:8984
- C:\Windows\System\tFddOAI.exe
  C:\Windows\System\tFddOAI.exe
  2⤵
  PID:9148
- C:\Windows\System\lwPdlnS.exe
  C:\Windows\System\lwPdlnS.exe
  2⤵
  PID:9164
- C:\Windows\System\YWwCyzJ.exe
  C:\Windows\System\YWwCyzJ.exe
  2⤵
  PID:9200
- C:\Windows\System\puLXDcM.exe
  C:\Windows\System\puLXDcM.exe
  2⤵
  PID:8376
- C:\Windows\System\aVgvfiw.exe
  C:\Windows\System\aVgvfiw.exe
  2⤵
  PID:7576
- C:\Windows\System\yvRWAcM.exe
  C:\Windows\System\yvRWAcM.exe
  2⤵
  PID:8268
- C:\Windows\System\FHwgant.exe
  C:\Windows\System\FHwgant.exe
  2⤵
  PID:7316
- C:\Windows\System\yxrZSvD.exe
  C:\Windows\System\yxrZSvD.exe
  2⤵
  PID:8304
- C:\Windows\System\kKSetxs.exe
  C:\Windows\System\kKSetxs.exe
  2⤵
  PID:7856
- C:\Windows\System\VjsFFni.exe
  C:\Windows\System\VjsFFni.exe
  2⤵
  PID:7672
- C:\Windows\System\GLtbmMC.exe
  C:\Windows\System\GLtbmMC.exe
  2⤵
  PID:8392
- C:\Windows\System\fjLfZcJ.exe
  C:\Windows\System\fjLfZcJ.exe
  2⤵
  PID:8324
- C:\Windows\System\PtKKHYe.exe
  C:\Windows\System\PtKKHYe.exe
  2⤵
  PID:8036
- C:\Windows\System\huPRiEg.exe
  C:\Windows\System\huPRiEg.exe
  2⤵
  PID:9208
- C:\Windows\System\EBdLjXR.exe
  C:\Windows\System\EBdLjXR.exe
  2⤵
  PID:8608
- C:\Windows\System\mugzrfu.exe
  C:\Windows\System\mugzrfu.exe
  2⤵
  PID:8800
- C:\Windows\System\DSmPinE.exe
  C:\Windows\System\DSmPinE.exe
  2⤵
  PID:8840
- C:\Windows\System\iJsUNdI.exe
  C:\Windows\System\iJsUNdI.exe
  2⤵
  PID:8940
- C:\Windows\System\xcWOvpT.exe
  C:\Windows\System\xcWOvpT.exe
  2⤵
  PID:9076
- C:\Windows\System\AxaJRlS.exe
  C:\Windows\System\AxaJRlS.exe
  2⤵
  PID:8488
- C:\Windows\System\fArdtgi.exe
  C:\Windows\System\fArdtgi.exe
  2⤵
  PID:8920
- C:\Windows\System\eOsMVXf.exe
  C:\Windows\System\eOsMVXf.exe
  2⤵
  PID:9040
- C:\Windows\System\abIMxqH.exe
  C:\Windows\System\abIMxqH.exe
  2⤵
  PID:9060
- C:\Windows\System\ZIQWLml.exe
  C:\Windows\System\ZIQWLml.exe
  2⤵
  PID:8932
- C:\Windows\System\DWmSPjO.exe
  C:\Windows\System\DWmSPjO.exe
  2⤵
  PID:8996
- C:\Windows\System\xgKiMVi.exe
  C:\Windows\System\xgKiMVi.exe
  2⤵
  PID:9144
- C:\Windows\System\UaWuJXN.exe
  C:\Windows\System\UaWuJXN.exe
  2⤵
  PID:9184
- C:\Windows\System\zNYEkTZ.exe
  C:\Windows\System\zNYEkTZ.exe
  2⤵
  PID:8316
- C:\Windows\System\CWnycSh.exe
  C:\Windows\System\CWnycSh.exe
  2⤵
  PID:8784
- C:\Windows\System\pKzlDEf.exe
  C:\Windows\System\pKzlDEf.exe
  2⤵
  PID:8456
- C:\Windows\System\jbSMnTj.exe
  C:\Windows\System\jbSMnTj.exe
  2⤵
  PID:8032
- C:\Windows\System\MHRwRXo.exe
  C:\Windows\System\MHRwRXo.exe
  2⤵
  PID:8436
- C:\Windows\System\IXoSTKd.exe
  C:\Windows\System\IXoSTKd.exe
  2⤵
  PID:8884
- C:\Windows\System\FyswHfY.exe
  C:\Windows\System\FyswHfY.exe
  2⤵
  PID:9092
- C:\Windows\System\RCPsBhK.exe
  C:\Windows\System\RCPsBhK.exe
  2⤵
  PID:8612
- C:\Windows\System\NAtufaz.exe
  C:\Windows\System\NAtufaz.exe
  2⤵
  PID:7652
- C:\Windows\System\DzzYwVo.exe
  C:\Windows\System\DzzYwVo.exe
  2⤵
  PID:8728
- C:\Windows\System\INfPgKD.exe
  C:\Windows\System\INfPgKD.exe
  2⤵
  PID:9080
- C:\Windows\System\GCgYKFF.exe
  C:\Windows\System\GCgYKFF.exe
  2⤵
  PID:9028
- C:\Windows\System\xetwSEL.exe
  C:\Windows\System\xetwSEL.exe
  2⤵
  PID:2456
- C:\Windows\System\gSBiXMU.exe
  C:\Windows\System\gSBiXMU.exe
  2⤵
  PID:1476
- C:\Windows\System\yMYRFrS.exe
  C:\Windows\System\yMYRFrS.exe
  2⤵
  PID:7888
- C:\Windows\System\btBYUOW.exe
  C:\Windows\System\btBYUOW.exe
  2⤵
  PID:7336
- C:\Windows\System\BqMYYoQ.exe
  C:\Windows\System\BqMYYoQ.exe
  2⤵
  PID:9176
- C:\Windows\System\OjgjIyW.exe
  C:\Windows\System\OjgjIyW.exe
  2⤵
  PID:8336
- C:\Windows\System\GPnRzML.exe
  C:\Windows\System\GPnRzML.exe
  2⤵
  PID:9172
- C:\Windows\System\gyHTQwm.exe
  C:\Windows\System\gyHTQwm.exe
  2⤵
  PID:8676
- C:\Windows\System\yDRDALZ.exe
  C:\Windows\System\yDRDALZ.exe
  2⤵
  PID:8320
- C:\Windows\System\hDodDAG.exe
  C:\Windows\System\hDodDAG.exe
  2⤵
  PID:9132
- C:\Windows\System\jgBvPmm.exe
  C:\Windows\System\jgBvPmm.exe
  2⤵
  PID:9196
- C:\Windows\System\fscIWAV.exe
  C:\Windows\System\fscIWAV.exe
  2⤵
  PID:7996
- C:\Windows\System\rdEhiWI.exe
  C:\Windows\System\rdEhiWI.exe
  2⤵
  PID:8872
- C:\Windows\System\ZQtINKW.exe
  C:\Windows\System\ZQtINKW.exe
  2⤵
  PID:8764
- C:\Windows\System\gNPzRzD.exe
  C:\Windows\System\gNPzRzD.exe
  2⤵
  PID:8008
- C:\Windows\System\pWDauub.exe
  C:\Windows\System\pWDauub.exe
  2⤵
  PID:9232
- C:\Windows\System\GJOVste.exe
  C:\Windows\System\GJOVste.exe
  2⤵
  PID:9248
- C:\Windows\System\OTtOrAL.exe
  C:\Windows\System\OTtOrAL.exe
  2⤵
  PID:9272
- C:\Windows\System\MXmEsxz.exe
  C:\Windows\System\MXmEsxz.exe
  2⤵
  PID:9292
- C:\Windows\System\RqxtyVw.exe
  C:\Windows\System\RqxtyVw.exe
  2⤵
  PID:9316
- C:\Windows\System\XQsjAUs.exe
  C:\Windows\System\XQsjAUs.exe
  2⤵
  PID:9336
- C:\Windows\System\oefSTMr.exe
  C:\Windows\System\oefSTMr.exe
  2⤵
  PID:9352
- C:\Windows\System\WLEVGjf.exe
  C:\Windows\System\WLEVGjf.exe
  2⤵
  PID:9372
- C:\Windows\System\fToCrtZ.exe
  C:\Windows\System\fToCrtZ.exe
  2⤵
  PID:9392
- C:\Windows\System\IohQgQi.exe
  C:\Windows\System\IohQgQi.exe
  2⤵
  PID:9416
- C:\Windows\System\eknmDEw.exe
  C:\Windows\System\eknmDEw.exe
  2⤵
  PID:9436
- C:\Windows\System\XeSUmCE.exe
  C:\Windows\System\XeSUmCE.exe
  2⤵
  PID:9460
- C:\Windows\System\UpgVzwb.exe
  C:\Windows\System\UpgVzwb.exe
  2⤵
  PID:9476
- C:\Windows\System\CytttmM.exe
  C:\Windows\System\CytttmM.exe
  2⤵
  PID:9500
- C:\Windows\System\rdRlgfh.exe
  C:\Windows\System\rdRlgfh.exe
  2⤵
  PID:9520
- C:\Windows\System\JidbwFO.exe
  C:\Windows\System\JidbwFO.exe
  2⤵
  PID:9536
- C:\Windows\System\uMcsYpw.exe
  C:\Windows\System\uMcsYpw.exe
  2⤵
  PID:9560
- C:\Windows\System\YDDATNs.exe
  C:\Windows\System\YDDATNs.exe
  2⤵
  PID:9576
- C:\Windows\System\otZOudy.exe
  C:\Windows\System\otZOudy.exe
  2⤵
  PID:9592
- C:\Windows\System\YKVbavd.exe
  C:\Windows\System\YKVbavd.exe
  2⤵
  PID:9616
- C:\Windows\System\ERQDvhf.exe
  C:\Windows\System\ERQDvhf.exe
  2⤵
  PID:9636
- C:\Windows\System\nBCkkuO.exe
  C:\Windows\System\nBCkkuO.exe
  2⤵
  PID:9656
- C:\Windows\System\USXvCTL.exe
  C:\Windows\System\USXvCTL.exe
  2⤵
  PID:9676
- C:\Windows\System\jydGJTs.exe
  C:\Windows\System\jydGJTs.exe
  2⤵
  PID:9692
- C:\Windows\System\PdlOZJd.exe
  C:\Windows\System\PdlOZJd.exe
  2⤵
  PID:9716
- C:\Windows\System\FXecIhx.exe
  C:\Windows\System\FXecIhx.exe
  2⤵
  PID:9732
- C:\Windows\System\MMlHvBu.exe
  C:\Windows\System\MMlHvBu.exe
  2⤵
  PID:9760
- C:\Windows\System\thcRzYA.exe
  C:\Windows\System\thcRzYA.exe
  2⤵
  PID:9780
- C:\Windows\System\WpYAVvw.exe
  C:\Windows\System\WpYAVvw.exe
  2⤵
  PID:9800
- C:\Windows\System\mQhLDRj.exe
  C:\Windows\System\mQhLDRj.exe
  2⤵
  PID:9820
- C:\Windows\System\QylEfkQ.exe
  C:\Windows\System\QylEfkQ.exe
  2⤵
  PID:9836
- C:\Windows\System\cgpAPiS.exe
  C:\Windows\System\cgpAPiS.exe
  2⤵
  PID:9852
- C:\Windows\System\qrpPqRj.exe
  C:\Windows\System\qrpPqRj.exe
  2⤵
  PID:9868
- C:\Windows\System\RNIJTOP.exe
  C:\Windows\System\RNIJTOP.exe
  2⤵
  PID:9884
- C:\Windows\System\TBPjuOb.exe
  C:\Windows\System\TBPjuOb.exe
  2⤵
  PID:9900
- C:\Windows\System\CGGmPHs.exe
  C:\Windows\System\CGGmPHs.exe
  2⤵
  PID:9916
- C:\Windows\System\hKRMWls.exe
  C:\Windows\System\hKRMWls.exe
  2⤵
  PID:9936
- C:\Windows\System\uVMHTZg.exe
  C:\Windows\System\uVMHTZg.exe
  2⤵
  PID:9952
- C:\Windows\System\zWuNdyg.exe
  C:\Windows\System\zWuNdyg.exe
  2⤵
  PID:9968
- C:\Windows\System\diQbsua.exe
  C:\Windows\System\diQbsua.exe
  2⤵
  PID:9984
- C:\Windows\System\oUyIIaX.exe
  C:\Windows\System\oUyIIaX.exe
  2⤵
  PID:10000
- C:\Windows\System\JXvrnuH.exe
  C:\Windows\System\JXvrnuH.exe
  2⤵
  PID:10016
- C:\Windows\System\PreVGzH.exe
  C:\Windows\System\PreVGzH.exe
  2⤵
  PID:10040
- C:\Windows\System\WzBBxlM.exe
  C:\Windows\System\WzBBxlM.exe
  2⤵
  PID:10056
- C:\Windows\System\hfVaLRY.exe
  C:\Windows\System\hfVaLRY.exe
  2⤵
  PID:10072
- C:\Windows\System\AdnGYuA.exe
  C:\Windows\System\AdnGYuA.exe
  2⤵
  PID:10100
- C:\Windows\System\WQQKQPW.exe
  C:\Windows\System\WQQKQPW.exe
  2⤵
  PID:10120
- C:\Windows\System\JSLpMdq.exe
  C:\Windows\System\JSLpMdq.exe
  2⤵
  PID:10136
- C:\Windows\System\DNPgKTM.exe
  C:\Windows\System\DNPgKTM.exe
  2⤵
  PID:10156
- C:\Windows\System\uGDdjdD.exe
  C:\Windows\System\uGDdjdD.exe
  2⤵
  PID:10176
- C:\Windows\System\QfvuyQV.exe
  C:\Windows\System\QfvuyQV.exe
  2⤵
  PID:10196
- C:\Windows\System\fPkDNZT.exe
  C:\Windows\System\fPkDNZT.exe
  2⤵
  PID:10216
- C:\Windows\System\KzEhPFD.exe
  C:\Windows\System\KzEhPFD.exe
  2⤵
  PID:10232
- C:\Windows\System\qjWgZBC.exe
  C:\Windows\System\qjWgZBC.exe
  2⤵
  PID:9240
- C:\Windows\System\ejjDssy.exe
  C:\Windows\System\ejjDssy.exe
  2⤵
  PID:9256
- C:\Windows\System\NpEWbLD.exe
  C:\Windows\System\NpEWbLD.exe
  2⤵
  PID:9284
- C:\Windows\System\maIjaQU.exe
  C:\Windows\System\maIjaQU.exe
  2⤵
  PID:9288
- C:\Windows\System\DsHEzei.exe
  C:\Windows\System\DsHEzei.exe
  2⤵
  PID:9332
- C:\Windows\System\oaAjMcR.exe
  C:\Windows\System\oaAjMcR.exe
  2⤵
  PID:9388
- C:\Windows\System\ceXuGQN.exe
  C:\Windows\System\ceXuGQN.exe
  2⤵
  PID:9424
- C:\Windows\System\QDNUNFI.exe
  C:\Windows\System\QDNUNFI.exe
  2⤵
  PID:9456
- C:\Windows\System\TSXRgwn.exe
  C:\Windows\System\TSXRgwn.exe
  2⤵
  PID:9472
- C:\Windows\System\TFivpbZ.exe
  C:\Windows\System\TFivpbZ.exe
  2⤵
  PID:9508
- C:\Windows\System\uBtVugE.exe
  C:\Windows\System\uBtVugE.exe
  2⤵
  PID:9532
- C:\Windows\System\lVGJxFn.exe
  C:\Windows\System\lVGJxFn.exe
  2⤵
  PID:9552
- C:\Windows\System\ShwrsQT.exe
  C:\Windows\System\ShwrsQT.exe
  2⤵
  PID:9612
- C:\Windows\System\bRRukwP.exe
  C:\Windows\System\bRRukwP.exe
  2⤵
  PID:9604
- C:\Windows\System\mpKpJYy.exe
  C:\Windows\System\mpKpJYy.exe
  2⤵
  PID:9668
- C:\Windows\System\wqxXCzL.exe
  C:\Windows\System\wqxXCzL.exe
  2⤵
  PID:9688
- C:\Windows\System\vwzOoSL.exe
  C:\Windows\System\vwzOoSL.exe
  2⤵
  PID:9712
- C:\Windows\System\RscosuB.exe
  C:\Windows\System\RscosuB.exe
  2⤵
  PID:9768
- C:\Windows\System\ejTiYJy.exe
  C:\Windows\System\ejTiYJy.exe
  2⤵
  PID:9880
- C:\Windows\System\nhFYDRf.exe
  C:\Windows\System\nhFYDRf.exe
  2⤵
  PID:10048
- C:\Windows\System\fUOkJFe.exe
  C:\Windows\System\fUOkJFe.exe
  2⤵
  PID:9980
- C:\Windows\System\vpqKmUr.exe
  C:\Windows\System\vpqKmUr.exe
  2⤵
  PID:10128
- C:\Windows\System\QwRQAnX.exe
  C:\Windows\System\QwRQAnX.exe
  2⤵
  PID:9928
- C:\Windows\System\DhcOZEf.exe
  C:\Windows\System\DhcOZEf.exe
  2⤵
  PID:10036
- C:\Windows\System\AxsTlEH.exe
  C:\Windows\System\AxsTlEH.exe
  2⤵
  PID:9864
- C:\Windows\System\fquTCyb.exe
  C:\Windows\System\fquTCyb.exe
  2⤵
  PID:9964
- C:\Windows\System\oYeawmL.exe
  C:\Windows\System\oYeawmL.exe
  2⤵
  PID:9324
- C:\Windows\System\wPCDsQf.exe
  C:\Windows\System\wPCDsQf.exe
  2⤵
  PID:10116
- C:\Windows\System\cFHwccP.exe
  C:\Windows\System\cFHwccP.exe
  2⤵
  PID:9408
- C:\Windows\System\YpldGNL.exe
  C:\Windows\System\YpldGNL.exe
  2⤵
  PID:10224
- C:\Windows\System\OxNSQKe.exe
  C:\Windows\System\OxNSQKe.exe
  2⤵
  PID:9244
- C:\Windows\System\twilYVS.exe
  C:\Windows\System\twilYVS.exe
  2⤵
  PID:9572
- C:\Windows\System\khDcCDo.exe
  C:\Windows\System\khDcCDo.exe
  2⤵
  PID:9724
- C:\Windows\System\EwglCIG.exe
  C:\Windows\System\EwglCIG.exe
  2⤵
  PID:9304
- C:\Windows\System\GYBiiiz.exe
  C:\Windows\System\GYBiiiz.exe
  2⤵
  PID:9648
- C:\Windows\System\vmcECkU.exe
  C:\Windows\System\vmcECkU.exe
  2⤵
  PID:9368
- C:\Windows\System\PsgFhxq.exe
  C:\Windows\System\PsgFhxq.exe
  2⤵
  PID:9496
- C:\Windows\System\xhxLWij.exe
  C:\Windows\System\xhxLWij.exe
  2⤵
  PID:9684
- C:\Windows\System\KKVvrlp.exe
  C:\Windows\System\KKVvrlp.exe
  2⤵
  PID:9788
- C:\Windows\System\RnqOMbK.exe
  C:\Windows\System\RnqOMbK.exe
  2⤵
  PID:10012
- C:\Windows\System\QeydNdc.exe
  C:\Windows\System\QeydNdc.exe
  2⤵
  PID:9844
- C:\Windows\System\jjKtpKc.exe
  C:\Windows\System\jjKtpKc.exe
  2⤵
  PID:9432
- C:\Windows\System\MRfPfex.exe
  C:\Windows\System\MRfPfex.exe
  2⤵
  PID:9828
- C:\Windows\System\rkvJXdf.exe
  C:\Windows\System\rkvJXdf.exe
  2⤵
  PID:9860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CtZdyVM.exe

Filesize
6.0MB

MD5
d84b2b3773eb304195f9123dc62ae6e2

SHA1
8b681c18b93516b91a5c0d0b0df26a31c7d5f352

SHA256
36f1300f4f32299cfdde79d1d1ef85aea60a5eceed8081bff2d495daa825060a

SHA512
aec91ae60771a01e0125852f4cb41f392d66f2e4cabdb8852039ecd3db19573970d3cce8c561c41a85f49908ce932cfea1826a32b58f8593b03b2ebf02648bd5

Download Submit
C:\Windows\system\DBdhWEW.exe

Filesize
6.0MB

MD5
658a173c88ffd8384acd90f7b8206273

SHA1
60e2ba937c42e674e0e08eee1f84ef0968278128

SHA256
63ec9a272ae78b05d492fbd65646cdc077859ff8024db296d3f0c2b4dc6bba24

SHA512
cd87fc9a1e1e4ad2ff716e61cfe9aa2675de95f65b0398f71be998af795b2ccb0a423aa03fe1f34dd20004ff30e93735ce1a2985649e6bafe0e914534b0895e5

Download Submit
C:\Windows\system\DUFezxy.exe

Filesize
6.0MB

MD5
d177c5ab37f6792305964728b2201dbb

SHA1
c9784e5ccb22cf817b997b011b4a85cd8371cf56

SHA256
ad3a1bb21a4863bb0dc90bb6a281d68c374bf00cb49ad573f56e78e5f49e62f6

SHA512
b5cc7f18e0eabebce237d97ce210e9ec10920084027002c203ff3cb0f8fd06930e97dd5fb53dddc836d47a02f07f457182c005f53c581805fd70648ce7468cc3

Download Submit
C:\Windows\system\DjgQyuo.exe

Filesize
6.0MB

MD5
fb844254fb3c0a78ce445bbb0fa60a87

SHA1
5324d1ea212173358167258c0865dfab7121e820

SHA256
af7e44098d0ebd6c44cffb32f116cc61f39c9c742df52d1c2d0a3a02c84f7a24

SHA512
5199ce5c973ebcf5d6c813f3544b8c0e3dcc8c883bcd281c7a66e975cd05028bc9ac67f74cb81560b0ce2ee681139a6b816bf078644f3e90a1a574c9e093f825

Download Submit
C:\Windows\system\DmEqWKx.exe

Filesize
6.0MB

MD5
504f2b6dcbc96fca49f48bd23b0262dc

SHA1
5090bdc7b721750588b78ca9c4337b6e2d97c06c

SHA256
ed3c264dfc31de4bafbda5d652b9bd3982bef7fe32f5a0605859d8af956bed59

SHA512
a75c0edbd47f13f334cbf16bc97f2b46f78fb3f9dccc56a5120e5ccb2d807deece396b041eab235760a5036b3b9286b7528e98a01377f67a0e1368d64bd18ec8

Download Submit
C:\Windows\system\KdTaJmw.exe

Filesize
6.0MB

MD5
e06695e0464e5b4a90f88dc316b0d5ff

SHA1
3b957a00029fbe674f842051ca425dcbf2353452

SHA256
cb040b60cb001c536a83babaaa59b0dc3684f4f2a6808536ad0902f68dc972c9

SHA512
9e7b59d7664c7edef0ff0594b3ff705c1b3edc5ba81830922e3282f47f906c3ebd469c5bcf81213e396c270c20d547063ac5efc43f4716258ecc27d86b397dc1

Download Submit
C:\Windows\system\QuVwcZS.exe

Filesize
6.0MB

MD5
ee88d71c4b212456e41d94c8384f3fc0

SHA1
9df3793c110631030f81e287df9466461856d52d

SHA256
dd27695acc5d42b1ae7b8cbc7e0712d62776eabfd44398efe110a3a0ae89e7db

SHA512
d36248f64bcc1bfcf2074382e798fe6d2d1aa98e40ec00989e5c3ac547cca4f986a128588b9dc425595674492d22f254daf5063572c47aff422e984a60541f4e

Download Submit
C:\Windows\system\RQetiSL.exe

Filesize
6.0MB

MD5
930be37dbd1b2e6042c9006ddd72e6ee

SHA1
7c8ddad75e6a06ffe92a56170025bfff3f95edd4

SHA256
7e9269fe59b20e9609d500071d8dec9e4d1ad07efa40ab7227f6bd3ff355e1b5

SHA512
4af56bc243a17b73e4dce37f04110faa184aee8e58460d0a1d9bc4a619b78b8db6811cf4a4b0760929d45b33aea482ad4a7df6827112a46c3383e3d1afe1c4a3

Download Submit
C:\Windows\system\VEYysHE.exe

Filesize
6.0MB

MD5
e29f8d9645af170dfdb015e5638e32f8

SHA1
33bf896514d62944604c80241315456b8602c47a

SHA256
b222079cd2d8a9b390eca7b616af769872aa164ae48b3bffa8595398236a91be

SHA512
582e97dbd3397fb8ceda547b21d88a140e1bd1155a51f1093d85b0e69e532de08731ad8217e95750f95b2e08daf0903f609e1dbb8f427593a44fe4df6cdb9b3c

Download Submit
C:\Windows\system\VgDnJss.exe

Filesize
6.0MB

MD5
515926d806d6a7485e1f829441735f5c

SHA1
462543d899e60e0e46ef0916a26edbe6978123cb

SHA256
81bce323aaa5411ac19afdf51d5f95106a04ae7a51db1ea458deec94a91d8d22

SHA512
678cd17d83db20b12d7c5e02fb9a682e04ea2221863fbe8eb795bd3af2b6cd77db26c118e67682554f1cde453850047ca2b5b63d5e2f3f18d9f30376ca6142b3

Download Submit
C:\Windows\system\YGGYGgk.exe

Filesize
6.0MB

MD5
e8c53cff732ddb16be60e80e8ac42658

SHA1
7c518b0e5d22dca6e310a714ebf46d24a788b295

SHA256
0fee30bde38e88bac88124f12c861e76ccf7d511df3e2a7f3a177dcb0fbffa36

SHA512
ddc2dbe7286e8c1157f61b60e88959fa50132852d8676ca6f18be9fa52119f0a8dec3904fd592e8a77f33751f487b47df4bb041f149d4a805f8bb461d08c8f81

Download Submit
C:\Windows\system\btBRJru.exe

Filesize
6.0MB

MD5
899bdd9788d4765164326bb65a41b864

SHA1
6c00918cc812ee9b3a750dd2d8ad5044f2409a6a

SHA256
75b4131a5f22204b48e6c4a36f7c1d3ad9a161b9e50032d45a1dbbda1f249649

SHA512
d27f4e6c9c2423ef984207cf4943c31c7a536269e70a674a0cb09f622d841d82e7c09fbff4a8842c554cbc713d65de6b0e2fbd32b03b5aab304b13de1aeaba3b

Download Submit
C:\Windows\system\cEDbYFB.exe

Filesize
6.0MB

MD5
73fe444e1854a5119952a128ebc50805

SHA1
6381f5bc522f877b95be700498c26a1669417482

SHA256
4f61b84a72b770b3a5e668af21049439edfa5abb612d406bc84e8017c02c851f

SHA512
e95fe98cf0850c72ea74fe74dc261c51f11acf392f3bbb3ced0a5f5e6ae4325851339b190b596d160a9507b6ebb744acbbddc533d0a65f5f099e1313bddba0a6

Download Submit
C:\Windows\system\cLSWFxu.exe

Filesize
6.0MB

MD5
678009aa16016668fbd3967442e73062

SHA1
380df120bf53e6999dca2eae92026753d44b72d7

SHA256
b05d39c2f320f27e0c1440eff4f192aee440a77cb2ea6fa3a96e203c615ff85d

SHA512
18e5040818a767142c523cd4968cf42475f96eee3dc9c1d7d0454751f46b6813ce38ba187c98814cdc84f46f722500bf2430a2e00424630bf13d118a411c034b

Download Submit
C:\Windows\system\fiAjZwx.exe

Filesize
6.0MB

MD5
61227b486ff1c7bb129a11397a207b19

SHA1
4dac9544b11ff362d14c4783537662e71e242d66

SHA256
e51cc050448b4b2909edb1cb975e5e668f39108a50ae6cdb8baea9f834a805fa

SHA512
e8160709095c0937b6fe24d49618dbece28c9e8490c71c7a7bd3a2825e3c68e852313749d6028a8dc4cd35f654a4c81c3ad3e9c6678817e9c725914768543785

Download Submit
C:\Windows\system\hJJwLaZ.exe

Filesize
6.0MB

MD5
3118409180e4e04bb1dbd50fc7f159f8

SHA1
318462824f55d0991e020cb12c714ee25465048a

SHA256
3956b6be8939f11dfdbd5332cfdf3b96b2825cd0540d8010a27bc5df428b7136

SHA512
66bc284d94fb9d953e2ddb1f338423e14f61879843c0237f45f8adcdfe3a2204246ab06818a8c9d688ef43814f23ba974da88c23c77eaa7223a10177f37228d4

Download Submit
C:\Windows\system\iKekzjz.exe

Filesize
6.0MB

MD5
329a69a6a23d4e4104c02bdda7c87193

SHA1
86eac698cb483d11e81dc09d062b9bec3389aef1

SHA256
8c8adfdf8a326e97e7daa60d46b1b05eccaed4c42fed5885c03d4907061df1e0

SHA512
4af9c01826f27de0722b54ac837a1dbe2bab050f1ce5f7b9c9729366921ba429931aae8391c81151654e31e6548bb52145bf3c77ae91cdda9091792e20620f3c

Download Submit
C:\Windows\system\jknpmXe.exe

Filesize
6.0MB

MD5
6389f64ac0170c675e998a2ab2df5cb2

SHA1
9190a88a842ffc3120c001656ae54ae1632eef4e

SHA256
0724075f67260c5dc32e444643f664a81e65bae4c754629369659ddcb11f6a24

SHA512
104f11f3b6930064489af37584d9d1f9be532043b5a80be55cdcd66dc8f37f65de94632f1ddbf9b43f1d270f0cabfe309df0960f60d8230ccc1086fe7b2900cb

Download Submit
C:\Windows\system\mIFODhd.exe

Filesize
6.0MB

MD5
e509f062b7d4f3d337b20728cd88c444

SHA1
a82ad9d4aeb535a667bf737f97332ae6c52099cc

SHA256
91072b114db8264456086d288ffaed0b55c3775d1f8bbabc86ed8ffefd5e5dc6

SHA512
bef1774a073fdc60bf1bd24cf5703856ede06d408c450415705cdbd54a288e49bfcd0e7668422f2bbb79fad64bc6946a60b0ee7ddae923acba448384bebe5fc3

Download Submit
C:\Windows\system\msKuYvq.exe

Filesize
6.0MB

MD5
d7343c0e07c46cadaf830cd05f40bec9

SHA1
01f28dd244f5baa589eb0509c7a73cd06b08c63e

SHA256
6849e637c326fe3a1d996d061ede4ce1a6abd28e2810ef0133c61ad36f60f277

SHA512
2bd4897cbe43c345e2e3d02b22d999ac595c491d08d6f223fe8dd72ffb210465c88aee9f2ebebc49b1dd6852cb2778eead8e5904707cea57a3152299b3c70929

Download Submit
C:\Windows\system\nYamAlr.exe

Filesize
6.0MB

MD5
0fee723b63a9259beb91f92d56b5cf35

SHA1
fabd5b6ba27a902f2bbaf4172bb8635fdd85c1ad

SHA256
f9da3b9ef91cf9a9b5aa05e86762a633bcede78d6b7768df212653e13b0aeb2c

SHA512
2620dd2109acd13b5a0fdbdfb79e39ca51ad2c399b7997687c05b6182e7f44f90afdbbacbcbb8900f872cdb0801327c85f34b833eb399a278852f17792d16d78

Download Submit
C:\Windows\system\qnJozrw.exe

Filesize
6.0MB

MD5
0a360107a36c124a3a1f5529bfcd8b5b

SHA1
ae5151d1fb151cb22d28bd88b05ae37ff0f99756

SHA256
8dc006b8c1bc87ee8cd757eaf23861e2916cd35f98c1cd41a69a6b9e1a6fba20

SHA512
1f7954826e64624562b2b8db700b9a94ec61da3e67e1382e6d84c32b37519834cfd97b3e73a24c0ab9d05c8d648d0a393a209a98aae0874475c40c1fec5006d8

Download Submit
C:\Windows\system\sBRAiDV.exe

Filesize
6.0MB

MD5
944f060899c641ea9a69374be5e4c41d

SHA1
28959689feee8e6867f9dc49348629f999afcfe8

SHA256
4f7198436622a2b3c1ef4e5969dfb2b1c18bb2dd0617b3820bfe40f025d2ef6e

SHA512
eae9a472d5c15dcf0f9310b619283eba216b99f0f8f681acfa3b2eefd74f20328b068040764dc6447c94a9b7fd234f85d6c4394e0332519e0456f1ecd760cded

Download Submit
C:\Windows\system\tTcWQKk.exe

Filesize
6.0MB

MD5
77daa6808e91d6a7c8e18e0fad6903f5

SHA1
0a20423c60ed9880d19f0e912f338d90725bda35

SHA256
cd3d86cc407ea860ef77e7345781a8dd65058b2a64783ed6dc9cc9ac310072dd

SHA512
299a4b748201ac40d657e7260fb954eef8432f65639d90947b5c787ebd427cd70c1e7354e7a3fcf032bbef7fa63ebf8dc69be7e0826c92205f951213330dee3d

Download Submit
C:\Windows\system\tnhESGC.exe

Filesize
6.0MB

MD5
a26e9a2feab55cab498fc90453b0657d

SHA1
4098541fd97e2da4e632a50d10010c853a879cf3

SHA256
dea6b217d59453e6c19148656c07abe357a505475a7defce04baa202348d67ff

SHA512
14ab06c20ec818924bef5536a09a0fb6f4f4340f6ef06486e98009aeaed91bb8f445aa744d4c195fa7a1bc393036fb46cb7a8551f0344d39578507587fd82c16

Download Submit
C:\Windows\system\vCmXdcU.exe

Filesize
6.0MB

MD5
d0ae06de717e776831b3fba37f135300

SHA1
e57791242408aa1233af1f4ea48c5f7506c30c93

SHA256
2abf453c2976fa5637ab601e61f3f8147e93a3cab02e3ea2244d4ff582ece6af

SHA512
6bfcf99d7b78461986a737ca42e69baef83622fb7e48abeb5c27bbebf1862fa4f3cd677eb62fc8cf788809eefd9e3b4764b0469335994a736c85feec8b36938f

Download Submit
C:\Windows\system\vPcnJtg.exe

Filesize
6.0MB

MD5
7a6351960bc0e928ccf9fff594b31725

SHA1
852b987b0715dc1686cfd710d4441d81068176b5

SHA256
b96ed76e42060fa80980259fa4503f868cfe548664df0ed6914ed98efc603519

SHA512
467b493376c1e1780dcf882402bb01ab689cfbee180d658f1261c9e7de1db691b5bb86fd84bb8a91726082ea05ed037587bcadd51c7841d87a626a674b1a6b1a

Download Submit
C:\Windows\system\yJFOstk.exe

Filesize
6.0MB

MD5
cc019c928d2cf642e5799baa8a02d9a6

SHA1
56bc410e3dc9a2011bf5f71acdd8665d9546fed1

SHA256
4a0aedd7f7bd98462b7df8f1076e4d06a6e50759d7f1c6020d872cb9cf2cf537

SHA512
d68277820ece730848c7f0d127efe2ba2902969792c8b385a3fd3688ed76793e41c57685b48e10073493576f28aa9feead926523db3a24b65d12465099de5317

Download Submit
\Windows\system\EfXVdds.exe

Filesize
6.0MB

MD5
9f43bf1df3be7460978978cc4c291ec0

SHA1
0bc105f72d8582f3614fa99586160479559b9394

SHA256
0391981d4b6ed3549c94f1f9c7c9355a3a10a553850a4fd99c650d69967e4b76

SHA512
3be49d97c6ece3645dd1f34ba7252173feb804b57aa3016e9fc1f2060598ba380e314f8423e549708cfa93e985480a67e78cb67b6b0c6335970b434ff4a3c7eb

Download Submit
\Windows\system\RiqxLMs.exe

Filesize
6.0MB

MD5
0a05fe05904870ded71d1d5bccf2e375

SHA1
683ceb03a4dfdcd3d1a28621b26b836b8dc27c09

SHA256
af7a2b3c7235a9171403ccf669ebf46d3f7efd032e71cc043a858562cf9729b3

SHA512
b8749badc96f599c1f81395126025388b653db4e8418b7ec2712dc3e6222d1a577d824eaad10becb42b7689c60e6d0ab083e060d643128706171e6d7b51fae34

Download Submit
\Windows\system\SogWtmI.exe

Filesize
6.0MB

MD5
c8e5482d7aa5c65ba99467c4a4cbda46

SHA1
023ad179740027e77ff473e6b51cdc65dd285c48

SHA256
2c6f75e1697afa5fb7dac9f074c333d8e7e61b19a9982ed31c5d1810aa8fbfb6

SHA512
0bae2314ec2c16968080dafcf8d60e5fed0664d4c7cd26ef63f2159b661ba3cef9c9c9dbb8c690e5c4bcf816c0483cd25019dcf20030eb7d3ef8b4de4aa42877

Download Submit
\Windows\system\TcUbTVs.exe

Filesize
6.0MB

MD5
c3453ac9566199265342eb7011ef1246

SHA1
d92b8eed427e332af7a1c5eec53c4d20bdc09e40

SHA256
39f0707ca72ff7fbe264b422e6d286bbf5dae0a5ac50f3f34e191f28cb8b354c

SHA512
05770c82872d4f3a4e506b0b7e1ffdfeddd31e545ec6f60d852da5c64eb5caad9728c757d7298647fbe80e48e05a33f920ea5dacc5fd653d3656012006c2cfe9

Download Submit
\Windows\system\elIQCBb.exe

Filesize
6.0MB

MD5
8e7644ca942783010cb893b0817a2372

SHA1
2c40c9407b466c2515d5c39164c7daf30ce247d0

SHA256
e83f98bc8cb76a2039f1bb4d13a77550c01272470ec95fb50e7c2cf94121f947

SHA512
7dbc4a1ad8d2c567fed4dec8571e28668873a1d8efb4a622e881c8d8510905c0b6ae4cebe5287e55c27d1202ab684fbacde84d47dd277841d1a79bb8804e17a2

Download Submit
\Windows\system\tRqjBbx.exe

Filesize
6.0MB

MD5
a6e0152030902dc07b8d6fb1c0e91a30

SHA1
5693a6820cbc264610de1b55eb91e04ddbd52d06

SHA256
afd4359aea0d3fe47f3fe7ca3a800407f32935ceb0fba8199f4c84892d70fb76

SHA512
bce35141fba04bb5ae50f77b30af836eeb3980b2e13bec3287364bfc0f3340338d9de96851b0d332d91d162cf299ac9cd94cd655c74c93a48b733491f932c9f6

Download Submit
\Windows\system\uXEDGeK.exe

Filesize
6.0MB

MD5
a74580414711b219df1eaadaf7878ef2

SHA1
a5200682311717d133da33bdb53b1fe1e2c115d3

SHA256
4c66b8ead1d54d8372cf7065c92cbd737e65002bb12e2c144f528257ca467b7e

SHA512
ec55c4b76bf4d4c4b0a137a281d6915cbf44ad24b02eceb1e8be64f8fef15a77b15cc5a54eab10cda96fbd2be734245e1a698c7bec0bc63ab81f4f15c96e7b07

Download Submit
memory/1564-3993-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-3994-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-2477-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-3990-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-2584-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-2352-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3995-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2496-2067-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3193-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-2579-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-0-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3048-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3050-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3167-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-2367-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3170-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3216-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-2066-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2496-14-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3992-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2219-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download