cobaltstrike | 0279122b184d72b209af7dad1040e015e32150e0653ab23d2f635ff42b6f6992

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22/12/2024, 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

51731b7ad3e86f49ad6d3386f5a6a040
SHA1

f6d27739dcd11005a0cbceb70098850a527fc8cf
SHA256

0279122b184d72b209af7dad1040e015e32150e0653ab23d2f635ff42b6f6992
SHA512

9f39f61c05a4ef5d80f4767055767262dbf8c68d93f5a1a0db5836953cf7e724301bac4d4ecba314233bbeeea6780b0b05aa6d0cd09de10e1107cd61b95d02f4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUY:T+q56utgpPF8u/7Y

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-6.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001686c-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c73-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c95-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ce1-26.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017403-40.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018696-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-163.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-115.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-110.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-80.dat	cobalt_reflective_dll
behavioral1/files/0x0015000000018676-70.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001757f-65.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174c3-60.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a6-55.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001746a-45.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d47-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0d-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 46 IoCs

miner

resource	yara_rule
behavioral1/memory/2244-0-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-6.dat	xmrig
behavioral1/files/0x000800000001686c-8.dat	xmrig
behavioral1/files/0x0008000000016c73-16.dat	xmrig
behavioral1/files/0x0007000000016c95-21.dat	xmrig
behavioral1/files/0x0007000000016ce1-26.dat	xmrig
behavioral1/files/0x0008000000017403-40.dat	xmrig
behavioral1/files/0x0006000000017488-50.dat	xmrig
behavioral1/files/0x0005000000018696-76.dat	xmrig
behavioral1/files/0x0006000000018f65-100.dat	xmrig
behavioral1/memory/2244-1779-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
behavioral1/files/0x0005000000019365-160.dat	xmrig
behavioral1/files/0x0005000000019278-152.dat	xmrig
behavioral1/files/0x000500000001929a-149.dat	xmrig
behavioral1/files/0x000500000001926c-144.dat	xmrig
behavioral1/files/0x0005000000019275-142.dat	xmrig
behavioral1/files/0x0005000000019268-135.dat	xmrig
behavioral1/files/0x0005000000019240-128.dat	xmrig
behavioral1/files/0x0005000000019377-163.dat	xmrig
behavioral1/files/0x00050000000191f6-120.dat	xmrig
behavioral1/files/0x0005000000019319-156.dat	xmrig
behavioral1/files/0x0005000000019259-133.dat	xmrig
behavioral1/files/0x0005000000019217-125.dat	xmrig
behavioral1/files/0x00050000000191d2-115.dat	xmrig
behavioral1/files/0x00060000000190e1-110.dat	xmrig
behavioral1/files/0x000600000001904c-105.dat	xmrig
behavioral1/files/0x0006000000018c44-95.dat	xmrig
behavioral1/files/0x0006000000018c34-90.dat	xmrig
behavioral1/files/0x00050000000187a2-85.dat	xmrig
behavioral1/files/0x0005000000018697-80.dat	xmrig
behavioral1/files/0x0015000000018676-70.dat	xmrig
behavioral1/files/0x000600000001757f-65.dat	xmrig
behavioral1/files/0x00060000000174c3-60.dat	xmrig
behavioral1/files/0x00060000000174a6-55.dat	xmrig
behavioral1/files/0x000600000001746a-45.dat	xmrig
behavioral1/files/0x0009000000016d47-36.dat	xmrig
behavioral1/files/0x0007000000016d0d-30.dat	xmrig
behavioral1/memory/2432-2007-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2580-2438-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2100-2601-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2080-2603-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2580-3835-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2080-3834-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2432-3836-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2244-3837-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2100-3838-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2080	RHRkFHO.exe
2432	pJRgfAp.exe
2580	AChIvzI.exe
2100	KAWLcni.exe
2940	XwddPYW.exe
2996	tuVUzjm.exe
2248	fMLZfuA.exe
2184	GljqnBz.exe
2136	ALWVprt.exe
3048	qcWsVjc.exe
2604	dNCtfWh.exe
2728	nEZEUgw.exe
2768	dcrJrfP.exe
2900	RZTyyUu.exe
2736	negjImd.exe
2656	xfKzrOW.exe
2820	Lzjmjkd.exe
2664	GIHKGil.exe
2500	TPOdohJ.exe
2556	ntdFHoC.exe
3016	HwyjqtN.exe
2988	OWGewvt.exe
1432	hlkHCnC.exe
324	tCwMBaY.exe
2016	JIdMlmC.exe
1736	kvrPrTE.exe
1960	vFSFrBs.exe
2484	XpQVNVa.exe
2864	OyuBnjG.exe
2392	cTflLOn.exe
1704	lcaenmC.exe
1668	SpGkIXN.exe
1964	hBMYKLf.exe
1772	Ogxpvqa.exe
1696	blAJWyC.exe
1664	VLbfUoi.exe
1980	cVqfzXS.exe
1620	zwzyKHh.exe
1260	FxbzvgE.exe
1852	BXikkfr.exe
2884	ClYdWmy.exe
1320	qPwmCRZ.exe
1092	ehkMyWv.exe
2256	XatcIwi.exe
1000	DPpKttt.exe
1872	rTAGrlb.exe
1516	sGYLvoO.exe
1052	wWXHkms.exe
832	bpTPVDu.exe
1548	gbKtROz.exe
2332	zGFXklV.exe
2008	tkhMSye.exe
2056	zunUzKL.exe
1640	hKplFwP.exe
2416	FTdhplo.exe
2348	iOZEIuw.exe
1604	SxvEKDQ.exe
2144	BRgHFEP.exe
3068	uaKbtLy.exe
2304	OApkvII.exe
2116	kWekcUP.exe
2084	aYjTSBB.exe
2128	JtyJCWH.exe
3000	pFezhcw.exe

Loads dropped DLL 64 IoCs

pid	Process
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 45 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2244-0-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x0007000000012118-6.dat	upx
behavioral1/files/0x000800000001686c-8.dat	upx
behavioral1/files/0x0008000000016c73-16.dat	upx
behavioral1/files/0x0007000000016c95-21.dat	upx
behavioral1/files/0x0007000000016ce1-26.dat	upx
behavioral1/files/0x0008000000017403-40.dat	upx
behavioral1/files/0x0006000000017488-50.dat	upx
behavioral1/files/0x0005000000018696-76.dat	upx
behavioral1/files/0x0006000000018f65-100.dat	upx
behavioral1/files/0x0005000000019365-160.dat	upx
behavioral1/files/0x0005000000019278-152.dat	upx
behavioral1/files/0x000500000001929a-149.dat	upx
behavioral1/files/0x000500000001926c-144.dat	upx
behavioral1/files/0x0005000000019275-142.dat	upx
behavioral1/files/0x0005000000019268-135.dat	upx
behavioral1/files/0x0005000000019240-128.dat	upx
behavioral1/files/0x0005000000019377-163.dat	upx
behavioral1/files/0x00050000000191f6-120.dat	upx
behavioral1/files/0x0005000000019319-156.dat	upx
behavioral1/files/0x0005000000019259-133.dat	upx
behavioral1/files/0x0005000000019217-125.dat	upx
behavioral1/files/0x00050000000191d2-115.dat	upx
behavioral1/files/0x00060000000190e1-110.dat	upx
behavioral1/files/0x000600000001904c-105.dat	upx
behavioral1/files/0x0006000000018c44-95.dat	upx
behavioral1/files/0x0006000000018c34-90.dat	upx
behavioral1/files/0x00050000000187a2-85.dat	upx
behavioral1/files/0x0005000000018697-80.dat	upx
behavioral1/files/0x0015000000018676-70.dat	upx
behavioral1/files/0x000600000001757f-65.dat	upx
behavioral1/files/0x00060000000174c3-60.dat	upx
behavioral1/files/0x00060000000174a6-55.dat	upx
behavioral1/files/0x000600000001746a-45.dat	upx
behavioral1/files/0x0009000000016d47-36.dat	upx
behavioral1/files/0x0007000000016d0d-30.dat	upx
behavioral1/memory/2432-2007-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2580-2438-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2100-2601-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2080-2603-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2580-3835-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2080-3834-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2432-3836-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2244-3837-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2100-3838-0x000000013FF00000-0x0000000140254000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nhGwFXs.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lcaenmC.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cTZtAZr.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ODVNKOY.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHvkKFC.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ScCsLtE.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tsrhQDs.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\irOvQbx.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sOualgM.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yXXoHpc.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QrQMjqT.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RYsukZB.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zWKyAUm.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FzOFRJs.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bbZMIHr.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QqdWOIs.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qxrwkhU.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpMjlUE.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTrbaxe.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LQJoDEj.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TGJNFgO.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMvwKYZ.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sGYkytp.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rsuLOSG.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rwboBag.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLTnrjE.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhaFaMf.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QkpNUxp.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kyJqjaa.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWgedWv.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OuaRDRH.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\knKuhrQ.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OsFOVdJ.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HQSXXmy.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LQMbZBp.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dpzkcpB.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cjfKeWe.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MoeOiGn.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yrsgPgA.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nyCRPnW.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbYXftg.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zwzyKHh.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tZIAwBz.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPJAMsD.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uDIMDfk.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eFRQYOR.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PhmZnEv.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PxCwzsz.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YCbLIxW.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aryYExy.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TMmobjZ.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\koccxPP.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ogxpvqa.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJOeGcP.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rrOcxjE.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kNpVoge.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fnQBHOg.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LLgEcPZ.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iLNiwld.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oCdpiao.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SyOloTy.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nPKaBHj.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mKGcXHg.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jERnbKo.exe	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2080	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2244 wrote to memory of 2080	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2244 wrote to memory of 2080	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2244 wrote to memory of 2432	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2244 wrote to memory of 2432	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2244 wrote to memory of 2432	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2244 wrote to memory of 2580	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2244 wrote to memory of 2580	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2244 wrote to memory of 2580	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2244 wrote to memory of 2100	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2244 wrote to memory of 2100	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2244 wrote to memory of 2100	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2244 wrote to memory of 2940	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2244 wrote to memory of 2940	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2244 wrote to memory of 2940	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2244 wrote to memory of 2996	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2244 wrote to memory of 2996	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2244 wrote to memory of 2996	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2244 wrote to memory of 2248	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2244 wrote to memory of 2248	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2244 wrote to memory of 2248	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2244 wrote to memory of 2184	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2244 wrote to memory of 2184	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2244 wrote to memory of 2184	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2244 wrote to memory of 2136	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2244 wrote to memory of 2136	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2244 wrote to memory of 2136	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2244 wrote to memory of 3048	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2244 wrote to memory of 3048	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2244 wrote to memory of 3048	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2244 wrote to memory of 2604	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2244 wrote to memory of 2604	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2244 wrote to memory of 2604	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2244 wrote to memory of 2728	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2244 wrote to memory of 2728	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2244 wrote to memory of 2728	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2244 wrote to memory of 2768	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2244 wrote to memory of 2768	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2244 wrote to memory of 2768	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2244 wrote to memory of 2900	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2244 wrote to memory of 2900	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2244 wrote to memory of 2900	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2244 wrote to memory of 2736	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2244 wrote to memory of 2736	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2244 wrote to memory of 2736	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2244 wrote to memory of 2656	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2244 wrote to memory of 2656	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2244 wrote to memory of 2656	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2244 wrote to memory of 2820	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2244 wrote to memory of 2820	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2244 wrote to memory of 2820	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2244 wrote to memory of 2664	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2244 wrote to memory of 2664	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2244 wrote to memory of 2664	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2244 wrote to memory of 2500	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2244 wrote to memory of 2500	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2244 wrote to memory of 2500	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2244 wrote to memory of 2556	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2244 wrote to memory of 2556	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2244 wrote to memory of 2556	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2244 wrote to memory of 3016	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2244 wrote to memory of 3016	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2244 wrote to memory of 3016	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2244 wrote to memory of 2988	2244	2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-22_51731b7ad3e86f49ad6d3386f5a6a040_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Windows\System\RHRkFHO.exe
  C:\Windows\System\RHRkFHO.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\pJRgfAp.exe
  C:\Windows\System\pJRgfAp.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\AChIvzI.exe
  C:\Windows\System\AChIvzI.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\KAWLcni.exe
  C:\Windows\System\KAWLcni.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\XwddPYW.exe
  C:\Windows\System\XwddPYW.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\tuVUzjm.exe
  C:\Windows\System\tuVUzjm.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\fMLZfuA.exe
  C:\Windows\System\fMLZfuA.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\GljqnBz.exe
  C:\Windows\System\GljqnBz.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\ALWVprt.exe
  C:\Windows\System\ALWVprt.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\qcWsVjc.exe
  C:\Windows\System\qcWsVjc.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\dNCtfWh.exe
  C:\Windows\System\dNCtfWh.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\nEZEUgw.exe
  C:\Windows\System\nEZEUgw.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\dcrJrfP.exe
  C:\Windows\System\dcrJrfP.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\RZTyyUu.exe
  C:\Windows\System\RZTyyUu.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\negjImd.exe
  C:\Windows\System\negjImd.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\xfKzrOW.exe
  C:\Windows\System\xfKzrOW.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\Lzjmjkd.exe
  C:\Windows\System\Lzjmjkd.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\GIHKGil.exe
  C:\Windows\System\GIHKGil.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\TPOdohJ.exe
  C:\Windows\System\TPOdohJ.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\ntdFHoC.exe
  C:\Windows\System\ntdFHoC.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\HwyjqtN.exe
  C:\Windows\System\HwyjqtN.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\OWGewvt.exe
  C:\Windows\System\OWGewvt.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\hlkHCnC.exe
  C:\Windows\System\hlkHCnC.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\tCwMBaY.exe
  C:\Windows\System\tCwMBaY.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\JIdMlmC.exe
  C:\Windows\System\JIdMlmC.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\lcaenmC.exe
  C:\Windows\System\lcaenmC.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\kvrPrTE.exe
  C:\Windows\System\kvrPrTE.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\hBMYKLf.exe
  C:\Windows\System\hBMYKLf.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\vFSFrBs.exe
  C:\Windows\System\vFSFrBs.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\Ogxpvqa.exe
  C:\Windows\System\Ogxpvqa.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\XpQVNVa.exe
  C:\Windows\System\XpQVNVa.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\cVqfzXS.exe
  C:\Windows\System\cVqfzXS.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\OyuBnjG.exe
  C:\Windows\System\OyuBnjG.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\BXikkfr.exe
  C:\Windows\System\BXikkfr.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\cTflLOn.exe
  C:\Windows\System\cTflLOn.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\ClYdWmy.exe
  C:\Windows\System\ClYdWmy.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\SpGkIXN.exe
  C:\Windows\System\SpGkIXN.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\ehkMyWv.exe
  C:\Windows\System\ehkMyWv.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\blAJWyC.exe
  C:\Windows\System\blAJWyC.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\XatcIwi.exe
  C:\Windows\System\XatcIwi.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\VLbfUoi.exe
  C:\Windows\System\VLbfUoi.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\DPpKttt.exe
  C:\Windows\System\DPpKttt.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\zwzyKHh.exe
  C:\Windows\System\zwzyKHh.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\rTAGrlb.exe
  C:\Windows\System\rTAGrlb.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\FxbzvgE.exe
  C:\Windows\System\FxbzvgE.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\sGYLvoO.exe
  C:\Windows\System\sGYLvoO.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\qPwmCRZ.exe
  C:\Windows\System\qPwmCRZ.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\wWXHkms.exe
  C:\Windows\System\wWXHkms.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\bpTPVDu.exe
  C:\Windows\System\bpTPVDu.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\tkhMSye.exe
  C:\Windows\System\tkhMSye.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\gbKtROz.exe
  C:\Windows\System\gbKtROz.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\iOZEIuw.exe
  C:\Windows\System\iOZEIuw.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\zGFXklV.exe
  C:\Windows\System\zGFXklV.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\BRgHFEP.exe
  C:\Windows\System\BRgHFEP.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\zunUzKL.exe
  C:\Windows\System\zunUzKL.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\uaKbtLy.exe
  C:\Windows\System\uaKbtLy.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\hKplFwP.exe
  C:\Windows\System\hKplFwP.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\OApkvII.exe
  C:\Windows\System\OApkvII.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\FTdhplo.exe
  C:\Windows\System\FTdhplo.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\kWekcUP.exe
  C:\Windows\System\kWekcUP.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\SxvEKDQ.exe
  C:\Windows\System\SxvEKDQ.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\aYjTSBB.exe
  C:\Windows\System\aYjTSBB.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\JtyJCWH.exe
  C:\Windows\System\JtyJCWH.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\TfhfiAk.exe
  C:\Windows\System\TfhfiAk.exe
  2⤵
  PID:2228
- C:\Windows\System\pFezhcw.exe
  C:\Windows\System\pFezhcw.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\pTuUIfw.exe
  C:\Windows\System\pTuUIfw.exe
  2⤵
  PID:2060
- C:\Windows\System\MGcCfck.exe
  C:\Windows\System\MGcCfck.exe
  2⤵
  PID:2588
- C:\Windows\System\sFDsjSJ.exe
  C:\Windows\System\sFDsjSJ.exe
  2⤵
  PID:2188
- C:\Windows\System\TKtarpB.exe
  C:\Windows\System\TKtarpB.exe
  2⤵
  PID:2600
- C:\Windows\System\BcavLXv.exe
  C:\Windows\System\BcavLXv.exe
  2⤵
  PID:2708
- C:\Windows\System\FRfZgeB.exe
  C:\Windows\System\FRfZgeB.exe
  2⤵
  PID:2776
- C:\Windows\System\lXfnACb.exe
  C:\Windows\System\lXfnACb.exe
  2⤵
  PID:2668
- C:\Windows\System\HYkjVQl.exe
  C:\Windows\System\HYkjVQl.exe
  2⤵
  PID:2512
- C:\Windows\System\wFaMmUf.exe
  C:\Windows\System\wFaMmUf.exe
  2⤵
  PID:2692
- C:\Windows\System\uAyLrQj.exe
  C:\Windows\System\uAyLrQj.exe
  2⤵
  PID:1804
- C:\Windows\System\BNccgOb.exe
  C:\Windows\System\BNccgOb.exe
  2⤵
  PID:1920
- C:\Windows\System\cwikqRQ.exe
  C:\Windows\System\cwikqRQ.exe
  2⤵
  PID:2564
- C:\Windows\System\bLsXYzt.exe
  C:\Windows\System\bLsXYzt.exe
  2⤵
  PID:2352
- C:\Windows\System\WtvoGUC.exe
  C:\Windows\System\WtvoGUC.exe
  2⤵
  PID:2672
- C:\Windows\System\fxYjjjm.exe
  C:\Windows\System\fxYjjjm.exe
  2⤵
  PID:2324
- C:\Windows\System\ztPjMJj.exe
  C:\Windows\System\ztPjMJj.exe
  2⤵
  PID:868
- C:\Windows\System\GQILhpc.exe
  C:\Windows\System\GQILhpc.exe
  2⤵
  PID:716
- C:\Windows\System\GXXOvlj.exe
  C:\Windows\System\GXXOvlj.exe
  2⤵
  PID:1288
- C:\Windows\System\LNjTgAX.exe
  C:\Windows\System\LNjTgAX.exe
  2⤵
  PID:920
- C:\Windows\System\aQogaaU.exe
  C:\Windows\System\aQogaaU.exe
  2⤵
  PID:2796
- C:\Windows\System\qlDbUyt.exe
  C:\Windows\System\qlDbUyt.exe
  2⤵
  PID:792
- C:\Windows\System\xDMTlwr.exe
  C:\Windows\System\xDMTlwr.exe
  2⤵
  PID:1036
- C:\Windows\System\xDzGysk.exe
  C:\Windows\System\xDzGysk.exe
  2⤵
  PID:2384
- C:\Windows\System\MCjiTCK.exe
  C:\Windows\System\MCjiTCK.exe
  2⤵
  PID:788
- C:\Windows\System\JIiUKpP.exe
  C:\Windows\System\JIiUKpP.exe
  2⤵
  PID:1508
- C:\Windows\System\baLjRwv.exe
  C:\Windows\System\baLjRwv.exe
  2⤵
  PID:1596
- C:\Windows\System\UjXTLZL.exe
  C:\Windows\System\UjXTLZL.exe
  2⤵
  PID:1384
- C:\Windows\System\jkguXYp.exe
  C:\Windows\System\jkguXYp.exe
  2⤵
  PID:580
- C:\Windows\System\lDGKKMK.exe
  C:\Windows\System\lDGKKMK.exe
  2⤵
  PID:1608
- C:\Windows\System\GkuhHWy.exe
  C:\Windows\System\GkuhHWy.exe
  2⤵
  PID:2156
- C:\Windows\System\xiuivUV.exe
  C:\Windows\System\xiuivUV.exe
  2⤵
  PID:2904
- C:\Windows\System\TeNzbIc.exe
  C:\Windows\System\TeNzbIc.exe
  2⤵
  PID:3056
- C:\Windows\System\fItktiM.exe
  C:\Windows\System\fItktiM.exe
  2⤵
  PID:1636
- C:\Windows\System\TLYwXDZ.exe
  C:\Windows\System\TLYwXDZ.exe
  2⤵
  PID:900
- C:\Windows\System\KRtpYZX.exe
  C:\Windows\System\KRtpYZX.exe
  2⤵
  PID:2192
- C:\Windows\System\qBdblng.exe
  C:\Windows\System\qBdblng.exe
  2⤵
  PID:1768
- C:\Windows\System\kLSHUuS.exe
  C:\Windows\System\kLSHUuS.exe
  2⤵
  PID:2892
- C:\Windows\System\RbvyAQq.exe
  C:\Windows\System\RbvyAQq.exe
  2⤵
  PID:2236
- C:\Windows\System\xAdldmp.exe
  C:\Windows\System\xAdldmp.exe
  2⤵
  PID:1364
- C:\Windows\System\clkmhfB.exe
  C:\Windows\System\clkmhfB.exe
  2⤵
  PID:2712
- C:\Windows\System\yKscLYh.exe
  C:\Windows\System\yKscLYh.exe
  2⤵
  PID:2896
- C:\Windows\System\MoCqUJf.exe
  C:\Windows\System\MoCqUJf.exe
  2⤵
  PID:2560
- C:\Windows\System\RMRejIp.exe
  C:\Windows\System\RMRejIp.exe
  2⤵
  PID:2596
- C:\Windows\System\OwnWyOL.exe
  C:\Windows\System\OwnWyOL.exe
  2⤵
  PID:940
- C:\Windows\System\NcnyNQw.exe
  C:\Windows\System\NcnyNQw.exe
  2⤵
  PID:2292
- C:\Windows\System\ngimPCv.exe
  C:\Windows\System\ngimPCv.exe
  2⤵
  PID:2336
- C:\Windows\System\CXgYGVl.exe
  C:\Windows\System\CXgYGVl.exe
  2⤵
  PID:1556
- C:\Windows\System\gqYEFbQ.exe
  C:\Windows\System\gqYEFbQ.exe
  2⤵
  PID:1544
- C:\Windows\System\oszVJqv.exe
  C:\Windows\System\oszVJqv.exe
  2⤵
  PID:1724
- C:\Windows\System\lXBqHmg.exe
  C:\Windows\System\lXBqHmg.exe
  2⤵
  PID:2956
- C:\Windows\System\YpElQyW.exe
  C:\Windows\System\YpElQyW.exe
  2⤵
  PID:408
- C:\Windows\System\uMXmttk.exe
  C:\Windows\System\uMXmttk.exe
  2⤵
  PID:1752
- C:\Windows\System\vPZfIvZ.exe
  C:\Windows\System\vPZfIvZ.exe
  2⤵
  PID:2908
- C:\Windows\System\mlhFHkU.exe
  C:\Windows\System\mlhFHkU.exe
  2⤵
  PID:296
- C:\Windows\System\oWuGTdV.exe
  C:\Windows\System\oWuGTdV.exe
  2⤵
  PID:1500
- C:\Windows\System\IhiQDqj.exe
  C:\Windows\System\IhiQDqj.exe
  2⤵
  PID:2616
- C:\Windows\System\mGpQEBx.exe
  C:\Windows\System\mGpQEBx.exe
  2⤵
  PID:384
- C:\Windows\System\MTNDeZb.exe
  C:\Windows\System\MTNDeZb.exe
  2⤵
  PID:2520
- C:\Windows\System\PMDgNcH.exe
  C:\Windows\System\PMDgNcH.exe
  2⤵
  PID:3084
- C:\Windows\System\IbXlzPj.exe
  C:\Windows\System\IbXlzPj.exe
  2⤵
  PID:3104
- C:\Windows\System\xkPxewo.exe
  C:\Windows\System\xkPxewo.exe
  2⤵
  PID:3120
- C:\Windows\System\uWgQsTJ.exe
  C:\Windows\System\uWgQsTJ.exe
  2⤵
  PID:3140
- C:\Windows\System\ptFdfTg.exe
  C:\Windows\System\ptFdfTg.exe
  2⤵
  PID:3156
- C:\Windows\System\AbxBwBQ.exe
  C:\Windows\System\AbxBwBQ.exe
  2⤵
  PID:3180
- C:\Windows\System\WXaYGqT.exe
  C:\Windows\System\WXaYGqT.exe
  2⤵
  PID:3200
- C:\Windows\System\yNKJaSd.exe
  C:\Windows\System\yNKJaSd.exe
  2⤵
  PID:3220
- C:\Windows\System\CYJbbZL.exe
  C:\Windows\System\CYJbbZL.exe
  2⤵
  PID:3240
- C:\Windows\System\EsrjyPK.exe
  C:\Windows\System\EsrjyPK.exe
  2⤵
  PID:3260
- C:\Windows\System\xksoVav.exe
  C:\Windows\System\xksoVav.exe
  2⤵
  PID:3276
- C:\Windows\System\LPowLCI.exe
  C:\Windows\System\LPowLCI.exe
  2⤵
  PID:3300
- C:\Windows\System\qwcpkAT.exe
  C:\Windows\System\qwcpkAT.exe
  2⤵
  PID:3316
- C:\Windows\System\VTHLmgk.exe
  C:\Windows\System\VTHLmgk.exe
  2⤵
  PID:3336
- C:\Windows\System\Ixxhudk.exe
  C:\Windows\System\Ixxhudk.exe
  2⤵
  PID:3352
- C:\Windows\System\ERwdAol.exe
  C:\Windows\System\ERwdAol.exe
  2⤵
  PID:3372
- C:\Windows\System\znzpUXN.exe
  C:\Windows\System\znzpUXN.exe
  2⤵
  PID:3392
- C:\Windows\System\MXLcOMq.exe
  C:\Windows\System\MXLcOMq.exe
  2⤵
  PID:3408
- C:\Windows\System\UxRbHAe.exe
  C:\Windows\System\UxRbHAe.exe
  2⤵
  PID:3428
- C:\Windows\System\VNKMacm.exe
  C:\Windows\System\VNKMacm.exe
  2⤵
  PID:3448
- C:\Windows\System\ufciOcH.exe
  C:\Windows\System\ufciOcH.exe
  2⤵
  PID:3464
- C:\Windows\System\WEJLrIi.exe
  C:\Windows\System\WEJLrIi.exe
  2⤵
  PID:3480
- C:\Windows\System\PfbgTOX.exe
  C:\Windows\System\PfbgTOX.exe
  2⤵
  PID:3500
- C:\Windows\System\SnbwBSa.exe
  C:\Windows\System\SnbwBSa.exe
  2⤵
  PID:3520
- C:\Windows\System\KGRWWkD.exe
  C:\Windows\System\KGRWWkD.exe
  2⤵
  PID:3536
- C:\Windows\System\vLiphZn.exe
  C:\Windows\System\vLiphZn.exe
  2⤵
  PID:3560
- C:\Windows\System\WNoficR.exe
  C:\Windows\System\WNoficR.exe
  2⤵
  PID:3576
- C:\Windows\System\QDdxpnX.exe
  C:\Windows\System\QDdxpnX.exe
  2⤵
  PID:3632
- C:\Windows\System\ubYhkXU.exe
  C:\Windows\System\ubYhkXU.exe
  2⤵
  PID:3652
- C:\Windows\System\vWyKdyC.exe
  C:\Windows\System\vWyKdyC.exe
  2⤵
  PID:3672
- C:\Windows\System\uYNTdBk.exe
  C:\Windows\System\uYNTdBk.exe
  2⤵
  PID:3692
- C:\Windows\System\mnmPDff.exe
  C:\Windows\System\mnmPDff.exe
  2⤵
  PID:3708
- C:\Windows\System\LOiwlyq.exe
  C:\Windows\System\LOiwlyq.exe
  2⤵
  PID:3732
- C:\Windows\System\nylygAz.exe
  C:\Windows\System\nylygAz.exe
  2⤵
  PID:3752
- C:\Windows\System\rbQtHlQ.exe
  C:\Windows\System\rbQtHlQ.exe
  2⤵
  PID:3768
- C:\Windows\System\tkcDAFS.exe
  C:\Windows\System\tkcDAFS.exe
  2⤵
  PID:3792
- C:\Windows\System\YtpCmal.exe
  C:\Windows\System\YtpCmal.exe
  2⤵
  PID:3812
- C:\Windows\System\EYzgUES.exe
  C:\Windows\System\EYzgUES.exe
  2⤵
  PID:3832
- C:\Windows\System\HIiweOO.exe
  C:\Windows\System\HIiweOO.exe
  2⤵
  PID:3852
- C:\Windows\System\gNPuyyM.exe
  C:\Windows\System\gNPuyyM.exe
  2⤵
  PID:3876
- C:\Windows\System\lKzzDje.exe
  C:\Windows\System\lKzzDje.exe
  2⤵
  PID:3896
- C:\Windows\System\QsTeiPd.exe
  C:\Windows\System\QsTeiPd.exe
  2⤵
  PID:3912
- C:\Windows\System\FZEnIJL.exe
  C:\Windows\System\FZEnIJL.exe
  2⤵
  PID:3932
- C:\Windows\System\DZemQdk.exe
  C:\Windows\System\DZemQdk.exe
  2⤵
  PID:3952
- C:\Windows\System\cBUPFQD.exe
  C:\Windows\System\cBUPFQD.exe
  2⤵
  PID:3972
- C:\Windows\System\dMFXPcj.exe
  C:\Windows\System\dMFXPcj.exe
  2⤵
  PID:3988
- C:\Windows\System\njpaysC.exe
  C:\Windows\System\njpaysC.exe
  2⤵
  PID:4016
- C:\Windows\System\DLgmWXO.exe
  C:\Windows\System\DLgmWXO.exe
  2⤵
  PID:4036
- C:\Windows\System\PDXtsrX.exe
  C:\Windows\System\PDXtsrX.exe
  2⤵
  PID:4056
- C:\Windows\System\iTuSFqH.exe
  C:\Windows\System\iTuSFqH.exe
  2⤵
  PID:4076
- C:\Windows\System\LHjaijE.exe
  C:\Windows\System\LHjaijE.exe
  2⤵
  PID:2592
- C:\Windows\System\bCNpOvx.exe
  C:\Windows\System\bCNpOvx.exe
  2⤵
  PID:2800
- C:\Windows\System\WOfFndK.exe
  C:\Windows\System\WOfFndK.exe
  2⤵
  PID:2480
- C:\Windows\System\RPGGzCV.exe
  C:\Windows\System\RPGGzCV.exe
  2⤵
  PID:3052
- C:\Windows\System\AfUijjt.exe
  C:\Windows\System\AfUijjt.exe
  2⤵
  PID:2688
- C:\Windows\System\UvufpAx.exe
  C:\Windows\System\UvufpAx.exe
  2⤵
  PID:848
- C:\Windows\System\xEfjyxz.exe
  C:\Windows\System\xEfjyxz.exe
  2⤵
  PID:764
- C:\Windows\System\wlkhqiD.exe
  C:\Windows\System\wlkhqiD.exe
  2⤵
  PID:2528
- C:\Windows\System\xRjidEJ.exe
  C:\Windows\System\xRjidEJ.exe
  2⤵
  PID:3112
- C:\Windows\System\tZIAwBz.exe
  C:\Windows\System\tZIAwBz.exe
  2⤵
  PID:3196
- C:\Windows\System\AyhodtH.exe
  C:\Windows\System\AyhodtH.exe
  2⤵
  PID:3268
- C:\Windows\System\ryfRXDu.exe
  C:\Windows\System\ryfRXDu.exe
  2⤵
  PID:3348
- C:\Windows\System\wrjMQku.exe
  C:\Windows\System\wrjMQku.exe
  2⤵
  PID:340
- C:\Windows\System\RiPpWST.exe
  C:\Windows\System\RiPpWST.exe
  2⤵
  PID:1740
- C:\Windows\System\iYNCkSB.exe
  C:\Windows\System\iYNCkSB.exe
  2⤵
  PID:3416
- C:\Windows\System\QQFGyYP.exe
  C:\Windows\System\QQFGyYP.exe
  2⤵
  PID:316
- C:\Windows\System\fwSRvHR.exe
  C:\Windows\System\fwSRvHR.exe
  2⤵
  PID:1800
- C:\Windows\System\LteVLKp.exe
  C:\Windows\System\LteVLKp.exe
  2⤵
  PID:2932
- C:\Windows\System\ZyrSYAI.exe
  C:\Windows\System\ZyrSYAI.exe
  2⤵
  PID:3168
- C:\Windows\System\DHkAQBS.exe
  C:\Windows\System\DHkAQBS.exe
  2⤵
  PID:3128
- C:\Windows\System\QrQMjqT.exe
  C:\Windows\System\QrQMjqT.exe
  2⤵
  PID:3568
- C:\Windows\System\tbPnBFK.exe
  C:\Windows\System\tbPnBFK.exe
  2⤵
  PID:3288
- C:\Windows\System\rwboBag.exe
  C:\Windows\System\rwboBag.exe
  2⤵
  PID:3444
- C:\Windows\System\GEsAtPz.exe
  C:\Windows\System\GEsAtPz.exe
  2⤵
  PID:3552
- C:\Windows\System\dpzkcpB.exe
  C:\Windows\System\dpzkcpB.exe
  2⤵
  PID:3476
- C:\Windows\System\pexRvFu.exe
  C:\Windows\System\pexRvFu.exe
  2⤵
  PID:3400
- C:\Windows\System\QpBnhKM.exe
  C:\Windows\System\QpBnhKM.exe
  2⤵
  PID:3284
- C:\Windows\System\iCGCRXR.exe
  C:\Windows\System\iCGCRXR.exe
  2⤵
  PID:3588
- C:\Windows\System\SEqFaYc.exe
  C:\Windows\System\SEqFaYc.exe
  2⤵
  PID:3608
- C:\Windows\System\YexXzBR.exe
  C:\Windows\System\YexXzBR.exe
  2⤵
  PID:3624
- C:\Windows\System\JGbBzsC.exe
  C:\Windows\System\JGbBzsC.exe
  2⤵
  PID:3716
- C:\Windows\System\vtbAcEQ.exe
  C:\Windows\System\vtbAcEQ.exe
  2⤵
  PID:3664
- C:\Windows\System\hhbksUG.exe
  C:\Windows\System\hhbksUG.exe
  2⤵
  PID:3764
- C:\Windows\System\zapVLwc.exe
  C:\Windows\System\zapVLwc.exe
  2⤵
  PID:3748
- C:\Windows\System\vgiapzl.exe
  C:\Windows\System\vgiapzl.exe
  2⤵
  PID:3844
- C:\Windows\System\tsrhQDs.exe
  C:\Windows\System\tsrhQDs.exe
  2⤵
  PID:3860
- C:\Windows\System\WqxFlsM.exe
  C:\Windows\System\WqxFlsM.exe
  2⤵
  PID:3868
- C:\Windows\System\syNFPxN.exe
  C:\Windows\System\syNFPxN.exe
  2⤵
  PID:3904
- C:\Windows\System\JYMsfKJ.exe
  C:\Windows\System\JYMsfKJ.exe
  2⤵
  PID:3964
- C:\Windows\System\RBBqUYb.exe
  C:\Windows\System\RBBqUYb.exe
  2⤵
  PID:3940
- C:\Windows\System\RrGdNFj.exe
  C:\Windows\System\RrGdNFj.exe
  2⤵
  PID:4012
- C:\Windows\System\jLTFPeq.exe
  C:\Windows\System\jLTFPeq.exe
  2⤵
  PID:4052
- C:\Windows\System\FCIAJbm.exe
  C:\Windows\System\FCIAJbm.exe
  2⤵
  PID:4084
- C:\Windows\System\hbloWZr.exe
  C:\Windows\System\hbloWZr.exe
  2⤵
  PID:2240
- C:\Windows\System\JWrBDKC.exe
  C:\Windows\System\JWrBDKC.exe
  2⤵
  PID:2828
- C:\Windows\System\oHjgFys.exe
  C:\Windows\System\oHjgFys.exe
  2⤵
  PID:3024
- C:\Windows\System\xHPvFan.exe
  C:\Windows\System\xHPvFan.exe
  2⤵
  PID:996
- C:\Windows\System\mLVTvpN.exe
  C:\Windows\System\mLVTvpN.exe
  2⤵
  PID:3076
- C:\Windows\System\FcqSuqU.exe
  C:\Windows\System\FcqSuqU.exe
  2⤵
  PID:3236
- C:\Windows\System\gtnAWYE.exe
  C:\Windows\System\gtnAWYE.exe
  2⤵
  PID:2836
- C:\Windows\System\YAONNNO.exe
  C:\Windows\System\YAONNNO.exe
  2⤵
  PID:2168
- C:\Windows\System\dePCPsi.exe
  C:\Windows\System\dePCPsi.exe
  2⤵
  PID:3488
- C:\Windows\System\NTxJbLs.exe
  C:\Windows\System\NTxJbLs.exe
  2⤵
  PID:3496
- C:\Windows\System\irNkpNf.exe
  C:\Windows\System\irNkpNf.exe
  2⤵
  PID:3136
- C:\Windows\System\sttLIgo.exe
  C:\Windows\System\sttLIgo.exe
  2⤵
  PID:3528
- C:\Windows\System\rePtDte.exe
  C:\Windows\System\rePtDte.exe
  2⤵
  PID:3212
- C:\Windows\System\HpzKuHO.exe
  C:\Windows\System\HpzKuHO.exe
  2⤵
  PID:3508
- C:\Windows\System\JRVgBCd.exe
  C:\Windows\System\JRVgBCd.exe
  2⤵
  PID:3360
- C:\Windows\System\uYGNuDL.exe
  C:\Windows\System\uYGNuDL.exe
  2⤵
  PID:3604
- C:\Windows\System\nBuTbJX.exe
  C:\Windows\System\nBuTbJX.exe
  2⤵
  PID:3644
- C:\Windows\System\lreRUiD.exe
  C:\Windows\System\lreRUiD.exe
  2⤵
  PID:3684
- C:\Windows\System\EpsnwDG.exe
  C:\Windows\System\EpsnwDG.exe
  2⤵
  PID:3760
- C:\Windows\System\EzlVsVq.exe
  C:\Windows\System\EzlVsVq.exe
  2⤵
  PID:3840
- C:\Windows\System\TJrCcTM.exe
  C:\Windows\System\TJrCcTM.exe
  2⤵
  PID:3740
- C:\Windows\System\AoTtvFM.exe
  C:\Windows\System\AoTtvFM.exe
  2⤵
  PID:3888
- C:\Windows\System\oCdpiao.exe
  C:\Windows\System\oCdpiao.exe
  2⤵
  PID:3960
- C:\Windows\System\Idhrsmb.exe
  C:\Windows\System\Idhrsmb.exe
  2⤵
  PID:4024
- C:\Windows\System\maRHyoV.exe
  C:\Windows\System\maRHyoV.exe
  2⤵
  PID:4032
- C:\Windows\System\uNvnVWn.exe
  C:\Windows\System\uNvnVWn.exe
  2⤵
  PID:536
- C:\Windows\System\xpJFDLu.exe
  C:\Windows\System\xpJFDLu.exe
  2⤵
  PID:1244
- C:\Windows\System\ShWEprz.exe
  C:\Windows\System\ShWEprz.exe
  2⤵
  PID:2620
- C:\Windows\System\SAzIncQ.exe
  C:\Windows\System\SAzIncQ.exe
  2⤵
  PID:1764
- C:\Windows\System\KVdoDZB.exe
  C:\Windows\System\KVdoDZB.exe
  2⤵
  PID:3308
- C:\Windows\System\wNINuyI.exe
  C:\Windows\System\wNINuyI.exe
  2⤵
  PID:3456
- C:\Windows\System\tBGnltn.exe
  C:\Windows\System\tBGnltn.exe
  2⤵
  PID:3176
- C:\Windows\System\JPJAMsD.exe
  C:\Windows\System\JPJAMsD.exe
  2⤵
  PID:3368
- C:\Windows\System\wnkZUAt.exe
  C:\Windows\System\wnkZUAt.exe
  2⤵
  PID:3404
- C:\Windows\System\DQHXZgg.exe
  C:\Windows\System\DQHXZgg.exe
  2⤵
  PID:3248
- C:\Windows\System\sJfTJsx.exe
  C:\Windows\System\sJfTJsx.exe
  2⤵
  PID:3648
- C:\Windows\System\FFGHyqs.exe
  C:\Windows\System\FFGHyqs.exe
  2⤵
  PID:3848
- C:\Windows\System\tOjjiJh.exe
  C:\Windows\System\tOjjiJh.exe
  2⤵
  PID:3788
- C:\Windows\System\vFBYksp.exe
  C:\Windows\System\vFBYksp.exe
  2⤵
  PID:3920
- C:\Windows\System\OjPoxxp.exe
  C:\Windows\System\OjPoxxp.exe
  2⤵
  PID:3980
- C:\Windows\System\uwfaWkQ.exe
  C:\Windows\System\uwfaWkQ.exe
  2⤵
  PID:4088
- C:\Windows\System\gOZBPIA.exe
  C:\Windows\System\gOZBPIA.exe
  2⤵
  PID:2644
- C:\Windows\System\eoCqQKw.exe
  C:\Windows\System\eoCqQKw.exe
  2⤵
  PID:3188
- C:\Windows\System\EtCDRjH.exe
  C:\Windows\System\EtCDRjH.exe
  2⤵
  PID:1924
- C:\Windows\System\rgMpUHk.exe
  C:\Windows\System\rgMpUHk.exe
  2⤵
  PID:2412
- C:\Windows\System\APKFQmq.exe
  C:\Windows\System\APKFQmq.exe
  2⤵
  PID:3516
- C:\Windows\System\bijXGnC.exe
  C:\Windows\System\bijXGnC.exe
  2⤵
  PID:4116
- C:\Windows\System\EkURkWi.exe
  C:\Windows\System\EkURkWi.exe
  2⤵
  PID:4140
- C:\Windows\System\PrSKOBh.exe
  C:\Windows\System\PrSKOBh.exe
  2⤵
  PID:4156
- C:\Windows\System\FaBKuUG.exe
  C:\Windows\System\FaBKuUG.exe
  2⤵
  PID:4180
- C:\Windows\System\WBAtbsR.exe
  C:\Windows\System\WBAtbsR.exe
  2⤵
  PID:4196
- C:\Windows\System\aeYHXrN.exe
  C:\Windows\System\aeYHXrN.exe
  2⤵
  PID:4216
- C:\Windows\System\CeqEnlv.exe
  C:\Windows\System\CeqEnlv.exe
  2⤵
  PID:4240
- C:\Windows\System\yKeoPUh.exe
  C:\Windows\System\yKeoPUh.exe
  2⤵
  PID:4260
- C:\Windows\System\ZUyZucR.exe
  C:\Windows\System\ZUyZucR.exe
  2⤵
  PID:4280
- C:\Windows\System\BcgJIzX.exe
  C:\Windows\System\BcgJIzX.exe
  2⤵
  PID:4296
- C:\Windows\System\zVudWxV.exe
  C:\Windows\System\zVudWxV.exe
  2⤵
  PID:4316
- C:\Windows\System\jfurKGQ.exe
  C:\Windows\System\jfurKGQ.exe
  2⤵
  PID:4332
- C:\Windows\System\YsivhsB.exe
  C:\Windows\System\YsivhsB.exe
  2⤵
  PID:4360
- C:\Windows\System\QXwcxYN.exe
  C:\Windows\System\QXwcxYN.exe
  2⤵
  PID:4376
- C:\Windows\System\leoHDdE.exe
  C:\Windows\System\leoHDdE.exe
  2⤵
  PID:4396
- C:\Windows\System\Yhcdmdj.exe
  C:\Windows\System\Yhcdmdj.exe
  2⤵
  PID:4416
- C:\Windows\System\hUFgCQf.exe
  C:\Windows\System\hUFgCQf.exe
  2⤵
  PID:4436
- C:\Windows\System\FlTXKMM.exe
  C:\Windows\System\FlTXKMM.exe
  2⤵
  PID:4456
- C:\Windows\System\rNlwsHE.exe
  C:\Windows\System\rNlwsHE.exe
  2⤵
  PID:4476
- C:\Windows\System\eovcssx.exe
  C:\Windows\System\eovcssx.exe
  2⤵
  PID:4500
- C:\Windows\System\nTjEWKJ.exe
  C:\Windows\System\nTjEWKJ.exe
  2⤵
  PID:4516
- C:\Windows\System\rULBiFT.exe
  C:\Windows\System\rULBiFT.exe
  2⤵
  PID:4536
- C:\Windows\System\yrsgPgA.exe
  C:\Windows\System\yrsgPgA.exe
  2⤵
  PID:4560
- C:\Windows\System\PmlxWJg.exe
  C:\Windows\System\PmlxWJg.exe
  2⤵
  PID:4576
- C:\Windows\System\GomWJic.exe
  C:\Windows\System\GomWJic.exe
  2⤵
  PID:4600
- C:\Windows\System\OuaRDRH.exe
  C:\Windows\System\OuaRDRH.exe
  2⤵
  PID:4616
- C:\Windows\System\JZTbMjE.exe
  C:\Windows\System\JZTbMjE.exe
  2⤵
  PID:4640
- C:\Windows\System\AOcpIFv.exe
  C:\Windows\System\AOcpIFv.exe
  2⤵
  PID:4660
- C:\Windows\System\SvqPLGX.exe
  C:\Windows\System\SvqPLGX.exe
  2⤵
  PID:4684
- C:\Windows\System\rswZWQc.exe
  C:\Windows\System\rswZWQc.exe
  2⤵
  PID:4700
- C:\Windows\System\UnqgQIo.exe
  C:\Windows\System\UnqgQIo.exe
  2⤵
  PID:4720
- C:\Windows\System\MlnCSod.exe
  C:\Windows\System\MlnCSod.exe
  2⤵
  PID:4744
- C:\Windows\System\euNQEth.exe
  C:\Windows\System\euNQEth.exe
  2⤵
  PID:4764
- C:\Windows\System\MbvzpYH.exe
  C:\Windows\System\MbvzpYH.exe
  2⤵
  PID:4784
- C:\Windows\System\IqJBtli.exe
  C:\Windows\System\IqJBtli.exe
  2⤵
  PID:4800
- C:\Windows\System\FzxLtsF.exe
  C:\Windows\System\FzxLtsF.exe
  2⤵
  PID:4820
- C:\Windows\System\OrWHxgu.exe
  C:\Windows\System\OrWHxgu.exe
  2⤵
  PID:4836
- C:\Windows\System\RQUoAOh.exe
  C:\Windows\System\RQUoAOh.exe
  2⤵
  PID:4852
- C:\Windows\System\BhQaqsF.exe
  C:\Windows\System\BhQaqsF.exe
  2⤵
  PID:4880
- C:\Windows\System\NtgVXyC.exe
  C:\Windows\System\NtgVXyC.exe
  2⤵
  PID:4904
- C:\Windows\System\gzugIVn.exe
  C:\Windows\System\gzugIVn.exe
  2⤵
  PID:4924
- C:\Windows\System\vKSdcxy.exe
  C:\Windows\System\vKSdcxy.exe
  2⤵
  PID:4944
- C:\Windows\System\GacXzuz.exe
  C:\Windows\System\GacXzuz.exe
  2⤵
  PID:4964
- C:\Windows\System\xaRwiFT.exe
  C:\Windows\System\xaRwiFT.exe
  2⤵
  PID:4984
- C:\Windows\System\fOHnJLo.exe
  C:\Windows\System\fOHnJLo.exe
  2⤵
  PID:5000
- C:\Windows\System\HXfTaEN.exe
  C:\Windows\System\HXfTaEN.exe
  2⤵
  PID:5024
- C:\Windows\System\zrcTEfN.exe
  C:\Windows\System\zrcTEfN.exe
  2⤵
  PID:5040
- C:\Windows\System\XCAnzFj.exe
  C:\Windows\System\XCAnzFj.exe
  2⤵
  PID:5064
- C:\Windows\System\msdNDFR.exe
  C:\Windows\System\msdNDFR.exe
  2⤵
  PID:5080
- C:\Windows\System\RGPOyPf.exe
  C:\Windows\System\RGPOyPf.exe
  2⤵
  PID:5104
- C:\Windows\System\niDhzjX.exe
  C:\Windows\System\niDhzjX.exe
  2⤵
  PID:3640
- C:\Windows\System\maEJkhc.exe
  C:\Windows\System\maEJkhc.exe
  2⤵
  PID:3728
- C:\Windows\System\DpHqYzC.exe
  C:\Windows\System\DpHqYzC.exe
  2⤵
  PID:3884
- C:\Windows\System\OweVvtE.exe
  C:\Windows\System\OweVvtE.exe
  2⤵
  PID:3924
- C:\Windows\System\QkeQRhF.exe
  C:\Windows\System\QkeQRhF.exe
  2⤵
  PID:3152
- C:\Windows\System\fFovrKU.exe
  C:\Windows\System\fFovrKU.exe
  2⤵
  PID:3344
- C:\Windows\System\nydJGuH.exe
  C:\Windows\System\nydJGuH.exe
  2⤵
  PID:3252
- C:\Windows\System\QSSlBcL.exe
  C:\Windows\System\QSSlBcL.exe
  2⤵
  PID:4124
- C:\Windows\System\gOwNxLz.exe
  C:\Windows\System\gOwNxLz.exe
  2⤵
  PID:4136
- C:\Windows\System\iglxgDJ.exe
  C:\Windows\System\iglxgDJ.exe
  2⤵
  PID:4172
- C:\Windows\System\pskhnTm.exe
  C:\Windows\System\pskhnTm.exe
  2⤵
  PID:4192
- C:\Windows\System\RHdNGnd.exe
  C:\Windows\System\RHdNGnd.exe
  2⤵
  PID:4236
- C:\Windows\System\RLyjXkS.exe
  C:\Windows\System\RLyjXkS.exe
  2⤵
  PID:1968
- C:\Windows\System\nyCRPnW.exe
  C:\Windows\System\nyCRPnW.exe
  2⤵
  PID:4272
- C:\Windows\System\wvVgloa.exe
  C:\Windows\System\wvVgloa.exe
  2⤵
  PID:4308
- C:\Windows\System\irOvQbx.exe
  C:\Windows\System\irOvQbx.exe
  2⤵
  PID:4404
- C:\Windows\System\wVjdkXv.exe
  C:\Windows\System\wVjdkXv.exe
  2⤵
  PID:4384
- C:\Windows\System\OPEWaKA.exe
  C:\Windows\System\OPEWaKA.exe
  2⤵
  PID:4424
- C:\Windows\System\FEygKbG.exe
  C:\Windows\System\FEygKbG.exe
  2⤵
  PID:4492
- C:\Windows\System\OElPopn.exe
  C:\Windows\System\OElPopn.exe
  2⤵
  PID:4464
- C:\Windows\System\UCcEBYm.exe
  C:\Windows\System\UCcEBYm.exe
  2⤵
  PID:4572
- C:\Windows\System\fQJubjC.exe
  C:\Windows\System\fQJubjC.exe
  2⤵
  PID:4556
- C:\Windows\System\TXiPHqd.exe
  C:\Windows\System\TXiPHqd.exe
  2⤵
  PID:4596
- C:\Windows\System\xHbNWQR.exe
  C:\Windows\System\xHbNWQR.exe
  2⤵
  PID:4636
- C:\Windows\System\lrpPiCN.exe
  C:\Windows\System\lrpPiCN.exe
  2⤵
  PID:4732
- C:\Windows\System\pktMnGS.exe
  C:\Windows\System\pktMnGS.exe
  2⤵
  PID:4680
- C:\Windows\System\FFKcudF.exe
  C:\Windows\System\FFKcudF.exe
  2⤵
  PID:4716
- C:\Windows\System\iEVSMld.exe
  C:\Windows\System\iEVSMld.exe
  2⤵
  PID:4756
- C:\Windows\System\qzxVVXl.exe
  C:\Windows\System\qzxVVXl.exe
  2⤵
  PID:4844
- C:\Windows\System\XFvAFQj.exe
  C:\Windows\System\XFvAFQj.exe
  2⤵
  PID:4868
- C:\Windows\System\zvzggBP.exe
  C:\Windows\System\zvzggBP.exe
  2⤵
  PID:4796
- C:\Windows\System\vqpmaay.exe
  C:\Windows\System\vqpmaay.exe
  2⤵
  PID:4912
- C:\Windows\System\dtCeswr.exe
  C:\Windows\System\dtCeswr.exe
  2⤵
  PID:4920
- C:\Windows\System\cdWKmUs.exe
  C:\Windows\System\cdWKmUs.exe
  2⤵
  PID:5008
- C:\Windows\System\PxCwzsz.exe
  C:\Windows\System\PxCwzsz.exe
  2⤵
  PID:4992
- C:\Windows\System\gThItnx.exe
  C:\Windows\System\gThItnx.exe
  2⤵
  PID:5060
- C:\Windows\System\QqdWOIs.exe
  C:\Windows\System\QqdWOIs.exe
  2⤵
  PID:5100
- C:\Windows\System\dmsynQJ.exe
  C:\Windows\System\dmsynQJ.exe
  2⤵
  PID:3724
- C:\Windows\System\PbGWmHM.exe
  C:\Windows\System\PbGWmHM.exe
  2⤵
  PID:3948
- C:\Windows\System\BflpOKp.exe
  C:\Windows\System\BflpOKp.exe
  2⤵
  PID:2792
- C:\Windows\System\duXKCgV.exe
  C:\Windows\System\duXKCgV.exe
  2⤵
  PID:892
- C:\Windows\System\cTZtAZr.exe
  C:\Windows\System\cTZtAZr.exe
  2⤵
  PID:1692
- C:\Windows\System\gvFSOow.exe
  C:\Windows\System\gvFSOow.exe
  2⤵
  PID:4176
- C:\Windows\System\ZtceOoT.exe
  C:\Windows\System\ZtceOoT.exe
  2⤵
  PID:4232
- C:\Windows\System\vTIUMYu.exe
  C:\Windows\System\vTIUMYu.exe
  2⤵
  PID:4204
- C:\Windows\System\sjPtrUi.exe
  C:\Windows\System\sjPtrUi.exe
  2⤵
  PID:4288
- C:\Windows\System\ngaetAQ.exe
  C:\Windows\System\ngaetAQ.exe
  2⤵
  PID:4340
- C:\Windows\System\tyOJklH.exe
  C:\Windows\System\tyOJklH.exe
  2⤵
  PID:4448
- C:\Windows\System\MtIcUEg.exe
  C:\Windows\System\MtIcUEg.exe
  2⤵
  PID:4428
- C:\Windows\System\vFiinIr.exe
  C:\Windows\System\vFiinIr.exe
  2⤵
  PID:4528
- C:\Windows\System\GfUjahn.exe
  C:\Windows\System\GfUjahn.exe
  2⤵
  PID:4512
- C:\Windows\System\uCfdPym.exe
  C:\Windows\System\uCfdPym.exe
  2⤵
  PID:4648
- C:\Windows\System\mVieMfn.exe
  C:\Windows\System\mVieMfn.exe
  2⤵
  PID:4736
- C:\Windows\System\dUGMgyy.exe
  C:\Windows\System\dUGMgyy.exe
  2⤵
  PID:4712
- C:\Windows\System\LMDFrHo.exe
  C:\Windows\System\LMDFrHo.exe
  2⤵
  PID:4832
- C:\Windows\System\cTFmssp.exe
  C:\Windows\System\cTFmssp.exe
  2⤵
  PID:4872
- C:\Windows\System\CbrcuSI.exe
  C:\Windows\System\CbrcuSI.exe
  2⤵
  PID:4936
- C:\Windows\System\aOeubSG.exe
  C:\Windows\System\aOeubSG.exe
  2⤵
  PID:4972
- C:\Windows\System\jDsseFb.exe
  C:\Windows\System\jDsseFb.exe
  2⤵
  PID:4960
- C:\Windows\System\fKTYUNG.exe
  C:\Windows\System\fKTYUNG.exe
  2⤵
  PID:3596
- C:\Windows\System\RZhrwHW.exe
  C:\Windows\System\RZhrwHW.exe
  2⤵
  PID:5076
- C:\Windows\System\ngvcFcP.exe
  C:\Windows\System\ngvcFcP.exe
  2⤵
  PID:3784
- C:\Windows\System\knKuhrQ.exe
  C:\Windows\System\knKuhrQ.exe
  2⤵
  PID:4112
- C:\Windows\System\ODVNKOY.exe
  C:\Windows\System\ODVNKOY.exe
  2⤵
  PID:4228
- C:\Windows\System\JuuQXWh.exe
  C:\Windows\System\JuuQXWh.exe
  2⤵
  PID:4208
- C:\Windows\System\xYKirKP.exe
  C:\Windows\System\xYKirKP.exe
  2⤵
  PID:4348
- C:\Windows\System\UNdMjrw.exe
  C:\Windows\System\UNdMjrw.exe
  2⤵
  PID:4444
- C:\Windows\System\DPGmbNK.exe
  C:\Windows\System\DPGmbNK.exe
  2⤵
  PID:4312
- C:\Windows\System\JnYJgRr.exe
  C:\Windows\System\JnYJgRr.exe
  2⤵
  PID:4568
- C:\Windows\System\AdGGyiJ.exe
  C:\Windows\System\AdGGyiJ.exe
  2⤵
  PID:4624
- C:\Windows\System\boJRmqf.exe
  C:\Windows\System\boJRmqf.exe
  2⤵
  PID:4812
- C:\Windows\System\NRwTBUh.exe
  C:\Windows\System\NRwTBUh.exe
  2⤵
  PID:4980
- C:\Windows\System\qltrece.exe
  C:\Windows\System\qltrece.exe
  2⤵
  PID:4828
- C:\Windows\System\Gdrigrz.exe
  C:\Windows\System\Gdrigrz.exe
  2⤵
  PID:5020
- C:\Windows\System\acRrJRh.exe
  C:\Windows\System\acRrJRh.exe
  2⤵
  PID:3824
- C:\Windows\System\hqpQZqV.exe
  C:\Windows\System\hqpQZqV.exe
  2⤵
  PID:4188
- C:\Windows\System\kUzwFDB.exe
  C:\Windows\System\kUzwFDB.exe
  2⤵
  PID:5140
- C:\Windows\System\xLTnrjE.exe
  C:\Windows\System\xLTnrjE.exe
  2⤵
  PID:5164
- C:\Windows\System\kukbzxv.exe
  C:\Windows\System\kukbzxv.exe
  2⤵
  PID:5180
- C:\Windows\System\ZkHBHFM.exe
  C:\Windows\System\ZkHBHFM.exe
  2⤵
  PID:5204
- C:\Windows\System\dosCIvE.exe
  C:\Windows\System\dosCIvE.exe
  2⤵
  PID:5220
- C:\Windows\System\YnsHBET.exe
  C:\Windows\System\YnsHBET.exe
  2⤵
  PID:5244
- C:\Windows\System\mSbOVnD.exe
  C:\Windows\System\mSbOVnD.exe
  2⤵
  PID:5264
- C:\Windows\System\LiDxkzz.exe
  C:\Windows\System\LiDxkzz.exe
  2⤵
  PID:5284
- C:\Windows\System\LqAlSzy.exe
  C:\Windows\System\LqAlSzy.exe
  2⤵
  PID:5300
- C:\Windows\System\LzBlNNS.exe
  C:\Windows\System\LzBlNNS.exe
  2⤵
  PID:5316
- C:\Windows\System\YDILFrf.exe
  C:\Windows\System\YDILFrf.exe
  2⤵
  PID:5340
- C:\Windows\System\zyqNASR.exe
  C:\Windows\System\zyqNASR.exe
  2⤵
  PID:5368
- C:\Windows\System\bTxYTGX.exe
  C:\Windows\System\bTxYTGX.exe
  2⤵
  PID:5388
- C:\Windows\System\pknyooY.exe
  C:\Windows\System\pknyooY.exe
  2⤵
  PID:5408
- C:\Windows\System\zVsCrfO.exe
  C:\Windows\System\zVsCrfO.exe
  2⤵
  PID:5428
- C:\Windows\System\QJOeGcP.exe
  C:\Windows\System\QJOeGcP.exe
  2⤵
  PID:5444
- C:\Windows\System\RDImTtf.exe
  C:\Windows\System\RDImTtf.exe
  2⤵
  PID:5460
- C:\Windows\System\RJTgNDN.exe
  C:\Windows\System\RJTgNDN.exe
  2⤵
  PID:5488
- C:\Windows\System\sTDbSFV.exe
  C:\Windows\System\sTDbSFV.exe
  2⤵
  PID:5504
- C:\Windows\System\rGZpqKF.exe
  C:\Windows\System\rGZpqKF.exe
  2⤵
  PID:5524
- C:\Windows\System\WxLzxER.exe
  C:\Windows\System\WxLzxER.exe
  2⤵
  PID:5540
- C:\Windows\System\QpgpjwU.exe
  C:\Windows\System\QpgpjwU.exe
  2⤵
  PID:5568
- C:\Windows\System\WLnVIrp.exe
  C:\Windows\System\WLnVIrp.exe
  2⤵
  PID:5588
- C:\Windows\System\KnbmyBX.exe
  C:\Windows\System\KnbmyBX.exe
  2⤵
  PID:5604
- C:\Windows\System\LUJrcAw.exe
  C:\Windows\System\LUJrcAw.exe
  2⤵
  PID:5628
- C:\Windows\System\iOQiehW.exe
  C:\Windows\System\iOQiehW.exe
  2⤵
  PID:5648
- C:\Windows\System\ZIjZVzK.exe
  C:\Windows\System\ZIjZVzK.exe
  2⤵
  PID:5668
- C:\Windows\System\brGBbUv.exe
  C:\Windows\System\brGBbUv.exe
  2⤵
  PID:5684
- C:\Windows\System\JIEGqZt.exe
  C:\Windows\System\JIEGqZt.exe
  2⤵
  PID:5704
- C:\Windows\System\roUmLNv.exe
  C:\Windows\System\roUmLNv.exe
  2⤵
  PID:5728
- C:\Windows\System\POHVDrJ.exe
  C:\Windows\System\POHVDrJ.exe
  2⤵
  PID:5748
- C:\Windows\System\bqAgYyV.exe
  C:\Windows\System\bqAgYyV.exe
  2⤵
  PID:5768
- C:\Windows\System\IacTAZZ.exe
  C:\Windows\System\IacTAZZ.exe
  2⤵
  PID:5788
- C:\Windows\System\ICAuyDF.exe
  C:\Windows\System\ICAuyDF.exe
  2⤵
  PID:5808
- C:\Windows\System\QzsCzSh.exe
  C:\Windows\System\QzsCzSh.exe
  2⤵
  PID:5828
- C:\Windows\System\HXIvXsp.exe
  C:\Windows\System\HXIvXsp.exe
  2⤵
  PID:5848
- C:\Windows\System\lwLaNic.exe
  C:\Windows\System\lwLaNic.exe
  2⤵
  PID:5868
- C:\Windows\System\SHSZoZq.exe
  C:\Windows\System\SHSZoZq.exe
  2⤵
  PID:5884
- C:\Windows\System\QiMISkR.exe
  C:\Windows\System\QiMISkR.exe
  2⤵
  PID:5904
- C:\Windows\System\GBTdrVu.exe
  C:\Windows\System\GBTdrVu.exe
  2⤵
  PID:5924
- C:\Windows\System\zYkfxDt.exe
  C:\Windows\System\zYkfxDt.exe
  2⤵
  PID:5948
- C:\Windows\System\xEQZreF.exe
  C:\Windows\System\xEQZreF.exe
  2⤵
  PID:5968
- C:\Windows\System\fjVAVsr.exe
  C:\Windows\System\fjVAVsr.exe
  2⤵
  PID:5984
- C:\Windows\System\TzXkkJk.exe
  C:\Windows\System\TzXkkJk.exe
  2⤵
  PID:6000
- C:\Windows\System\lRYXKKD.exe
  C:\Windows\System\lRYXKKD.exe
  2⤵
  PID:6020
- C:\Windows\System\pJNXHsD.exe
  C:\Windows\System\pJNXHsD.exe
  2⤵
  PID:6048
- C:\Windows\System\xKcaLXP.exe
  C:\Windows\System\xKcaLXP.exe
  2⤵
  PID:6068
- C:\Windows\System\zmVToQt.exe
  C:\Windows\System\zmVToQt.exe
  2⤵
  PID:6088
- C:\Windows\System\hTMuPdQ.exe
  C:\Windows\System\hTMuPdQ.exe
  2⤵
  PID:6108
- C:\Windows\System\gPXvkmX.exe
  C:\Windows\System\gPXvkmX.exe
  2⤵
  PID:6124
- C:\Windows\System\ZjTKIJC.exe
  C:\Windows\System\ZjTKIJC.exe
  2⤵
  PID:2496
- C:\Windows\System\cDTZGKK.exe
  C:\Windows\System\cDTZGKK.exe
  2⤵
  PID:4368
- C:\Windows\System\WjOuiQi.exe
  C:\Windows\System\WjOuiQi.exe
  2⤵
  PID:4372
- C:\Windows\System\VmzHCKb.exe
  C:\Windows\System\VmzHCKb.exe
  2⤵
  PID:4652
- C:\Windows\System\jgdPBgn.exe
  C:\Windows\System\jgdPBgn.exe
  2⤵
  PID:4708
- C:\Windows\System\wTmAZkD.exe
  C:\Windows\System\wTmAZkD.exe
  2⤵
  PID:4816
- C:\Windows\System\DZRzimW.exe
  C:\Windows\System\DZRzimW.exe
  2⤵
  PID:4108
- C:\Windows\System\RawOCZd.exe
  C:\Windows\System\RawOCZd.exe
  2⤵
  PID:4940
- C:\Windows\System\ajKDoyn.exe
  C:\Windows\System\ajKDoyn.exe
  2⤵
  PID:5132
- C:\Windows\System\zipRlhk.exe
  C:\Windows\System\zipRlhk.exe
  2⤵
  PID:5188
- C:\Windows\System\DqejpUT.exe
  C:\Windows\System\DqejpUT.exe
  2⤵
  PID:5176
- C:\Windows\System\XdUSLIu.exe
  C:\Windows\System\XdUSLIu.exe
  2⤵
  PID:5236
- C:\Windows\System\EOAaapo.exe
  C:\Windows\System\EOAaapo.exe
  2⤵
  PID:5260
- C:\Windows\System\sOualgM.exe
  C:\Windows\System\sOualgM.exe
  2⤵
  PID:5296
- C:\Windows\System\thLeevQ.exe
  C:\Windows\System\thLeevQ.exe
  2⤵
  PID:5332
- C:\Windows\System\DkcXQKh.exe
  C:\Windows\System\DkcXQKh.exe
  2⤵
  PID:5356
- C:\Windows\System\FVAEioQ.exe
  C:\Windows\System\FVAEioQ.exe
  2⤵
  PID:5404
- C:\Windows\System\CJSDatv.exe
  C:\Windows\System\CJSDatv.exe
  2⤵
  PID:5440
- C:\Windows\System\loSJmTM.exe
  C:\Windows\System\loSJmTM.exe
  2⤵
  PID:5452
- C:\Windows\System\ousgvTq.exe
  C:\Windows\System\ousgvTq.exe
  2⤵
  PID:5496
- C:\Windows\System\JzSNnBV.exe
  C:\Windows\System\JzSNnBV.exe
  2⤵
  PID:5552
- C:\Windows\System\TGJNFgO.exe
  C:\Windows\System\TGJNFgO.exe
  2⤵
  PID:5596
- C:\Windows\System\HAWxcQT.exe
  C:\Windows\System\HAWxcQT.exe
  2⤵
  PID:5612
- C:\Windows\System\ncSvcmI.exe
  C:\Windows\System\ncSvcmI.exe
  2⤵
  PID:5624
- C:\Windows\System\xlqtNcw.exe
  C:\Windows\System\xlqtNcw.exe
  2⤵
  PID:5660
- C:\Windows\System\mHbddBc.exe
  C:\Windows\System\mHbddBc.exe
  2⤵
  PID:5692
- C:\Windows\System\oYemyFk.exe
  C:\Windows\System\oYemyFk.exe
  2⤵
  PID:5744
- C:\Windows\System\HfMLBqz.exe
  C:\Windows\System\HfMLBqz.exe
  2⤵
  PID:5796
- C:\Windows\System\oEZUAZc.exe
  C:\Windows\System\oEZUAZc.exe
  2⤵
  PID:5800
- C:\Windows\System\yYYgEvQ.exe
  C:\Windows\System\yYYgEvQ.exe
  2⤵
  PID:5820
- C:\Windows\System\pVPQpNW.exe
  C:\Windows\System\pVPQpNW.exe
  2⤵
  PID:5856
- C:\Windows\System\XvHvvpN.exe
  C:\Windows\System\XvHvvpN.exe
  2⤵
  PID:5916
- C:\Windows\System\ukjLrkW.exe
  C:\Windows\System\ukjLrkW.exe
  2⤵
  PID:5896
- C:\Windows\System\giociSZ.exe
  C:\Windows\System\giociSZ.exe
  2⤵
  PID:5996
- C:\Windows\System\zOFlEQV.exe
  C:\Windows\System\zOFlEQV.exe
  2⤵
  PID:6040
- C:\Windows\System\tQUMPqt.exe
  C:\Windows\System\tQUMPqt.exe
  2⤵
  PID:6008
- C:\Windows\System\lQPisOs.exe
  C:\Windows\System\lQPisOs.exe
  2⤵
  PID:5976
- C:\Windows\System\vcZKkdu.exe
  C:\Windows\System\vcZKkdu.exe
  2⤵
  PID:6116
- C:\Windows\System\QVPcWCp.exe
  C:\Windows\System\QVPcWCp.exe
  2⤵
  PID:2788
- C:\Windows\System\OEpvXOx.exe
  C:\Windows\System\OEpvXOx.exe
  2⤵
  PID:4472
- C:\Windows\System\GWkeZPe.exe
  C:\Windows\System\GWkeZPe.exe
  2⤵
  PID:4524
- C:\Windows\System\FCedlwu.exe
  C:\Windows\System\FCedlwu.exe
  2⤵
  PID:4268
- C:\Windows\System\cbeBkJQ.exe
  C:\Windows\System\cbeBkJQ.exe
  2⤵
  PID:5048
- C:\Windows\System\jEvbLLE.exe
  C:\Windows\System\jEvbLLE.exe
  2⤵
  PID:3544
- C:\Windows\System\AIvwJPv.exe
  C:\Windows\System\AIvwJPv.exe
  2⤵
  PID:5160
- C:\Windows\System\tNppHQl.exe
  C:\Windows\System\tNppHQl.exe
  2⤵
  PID:5240
- C:\Windows\System\aJrjTLF.exe
  C:\Windows\System\aJrjTLF.exe
  2⤵
  PID:5312
- C:\Windows\System\ISitCuU.exe
  C:\Windows\System\ISitCuU.exe
  2⤵
  PID:5360
- C:\Windows\System\MTKMjfs.exe
  C:\Windows\System\MTKMjfs.exe
  2⤵
  PID:5424
- C:\Windows\System\DXkdSwP.exe
  C:\Windows\System\DXkdSwP.exe
  2⤵
  PID:5480
- C:\Windows\System\ZZbmXDb.exe
  C:\Windows\System\ZZbmXDb.exe
  2⤵
  PID:5516
- C:\Windows\System\zsRoErG.exe
  C:\Windows\System\zsRoErG.exe
  2⤵
  PID:5556
- C:\Windows\System\zhaFaMf.exe
  C:\Windows\System\zhaFaMf.exe
  2⤵
  PID:5616
- C:\Windows\System\xxYSRkc.exe
  C:\Windows\System\xxYSRkc.exe
  2⤵
  PID:5720
- C:\Windows\System\bOUnuMw.exe
  C:\Windows\System\bOUnuMw.exe
  2⤵
  PID:5700
- C:\Windows\System\koDkHMv.exe
  C:\Windows\System\koDkHMv.exe
  2⤵
  PID:5716
- C:\Windows\System\lfzavkd.exe
  C:\Windows\System\lfzavkd.exe
  2⤵
  PID:5816
- C:\Windows\System\PurvrHh.exe
  C:\Windows\System\PurvrHh.exe
  2⤵
  PID:5776
- C:\Windows\System\QkpNUxp.exe
  C:\Windows\System\QkpNUxp.exe
  2⤵
  PID:5960
- C:\Windows\System\pwzNQGY.exe
  C:\Windows\System\pwzNQGY.exe
  2⤵
  PID:6084
- C:\Windows\System\UtywLOb.exe
  C:\Windows\System\UtywLOb.exe
  2⤵
  PID:5940
- C:\Windows\System\CnnBCqv.exe
  C:\Windows\System\CnnBCqv.exe
  2⤵
  PID:5980
- C:\Windows\System\uPJSHTL.exe
  C:\Windows\System\uPJSHTL.exe
  2⤵
  PID:6120
- C:\Windows\System\XkwdwDE.exe
  C:\Windows\System\XkwdwDE.exe
  2⤵
  PID:6140
- C:\Windows\System\CwxkKqK.exe
  C:\Windows\System\CwxkKqK.exe
  2⤵
  PID:6136
- C:\Windows\System\kWLkebI.exe
  C:\Windows\System\kWLkebI.exe
  2⤵
  PID:4752
- C:\Windows\System\LBGNWtK.exe
  C:\Windows\System\LBGNWtK.exe
  2⤵
  PID:5200
- C:\Windows\System\oXKsQyY.exe
  C:\Windows\System\oXKsQyY.exe
  2⤵
  PID:5348
- C:\Windows\System\kyJqjaa.exe
  C:\Windows\System\kyJqjaa.exe
  2⤵
  PID:5400
- C:\Windows\System\FxzJseK.exe
  C:\Windows\System\FxzJseK.exe
  2⤵
  PID:5436
- C:\Windows\System\ziFwExV.exe
  C:\Windows\System\ziFwExV.exe
  2⤵
  PID:4728
- C:\Windows\System\psTxfgH.exe
  C:\Windows\System\psTxfgH.exe
  2⤵
  PID:5512
- C:\Windows\System\InIKXpJ.exe
  C:\Windows\System\InIKXpJ.exe
  2⤵
  PID:5364
- C:\Windows\System\ubgvQfL.exe
  C:\Windows\System\ubgvQfL.exe
  2⤵
  PID:5676
- C:\Windows\System\snEJloH.exe
  C:\Windows\System\snEJloH.exe
  2⤵
  PID:5664
- C:\Windows\System\uwEXqOh.exe
  C:\Windows\System\uwEXqOh.exe
  2⤵
  PID:6036
- C:\Windows\System\bwiJXKl.exe
  C:\Windows\System\bwiJXKl.exe
  2⤵
  PID:6056
- C:\Windows\System\AgnysqC.exe
  C:\Windows\System\AgnysqC.exe
  2⤵
  PID:2260
- C:\Windows\System\kZZEfAE.exe
  C:\Windows\System\kZZEfAE.exe
  2⤵
  PID:6060
- C:\Windows\System\hXGdzoJ.exe
  C:\Windows\System\hXGdzoJ.exe
  2⤵
  PID:4780
- C:\Windows\System\ZqVwaiW.exe
  C:\Windows\System\ZqVwaiW.exe
  2⤵
  PID:4776
- C:\Windows\System\VZzqAxf.exe
  C:\Windows\System\VZzqAxf.exe
  2⤵
  PID:2464
- C:\Windows\System\QqMetem.exe
  C:\Windows\System\QqMetem.exe
  2⤵
  PID:5384
- C:\Windows\System\ipKFeUa.exe
  C:\Windows\System\ipKFeUa.exe
  2⤵
  PID:5396
- C:\Windows\System\RckwJDL.exe
  C:\Windows\System\RckwJDL.exe
  2⤵
  PID:5560
- C:\Windows\System\CToTPos.exe
  C:\Windows\System\CToTPos.exe
  2⤵
  PID:5548
- C:\Windows\System\yegaJhU.exe
  C:\Windows\System\yegaJhU.exe
  2⤵
  PID:5804
- C:\Windows\System\WlzMSmR.exe
  C:\Windows\System\WlzMSmR.exe
  2⤵
  PID:5992
- C:\Windows\System\abdyfgn.exe
  C:\Windows\System\abdyfgn.exe
  2⤵
  PID:2964
- C:\Windows\System\zMrdWVJ.exe
  C:\Windows\System\zMrdWVJ.exe
  2⤵
  PID:2224
- C:\Windows\System\tBbXfor.exe
  C:\Windows\System\tBbXfor.exe
  2⤵
  PID:4356
- C:\Windows\System\SNbtVNC.exe
  C:\Windows\System\SNbtVNC.exe
  2⤵
  PID:648
- C:\Windows\System\qWEKsma.exe
  C:\Windows\System\qWEKsma.exe
  2⤵
  PID:5172
- C:\Windows\System\PXKwdVn.exe
  C:\Windows\System\PXKwdVn.exe
  2⤵
  PID:2516
- C:\Windows\System\UfsOKLh.exe
  C:\Windows\System\UfsOKLh.exe
  2⤵
  PID:5420
- C:\Windows\System\VKULHFI.exe
  C:\Windows\System\VKULHFI.exe
  2⤵
  PID:3040
- C:\Windows\System\DOTKNyO.exe
  C:\Windows\System\DOTKNyO.exe
  2⤵
  PID:1948
- C:\Windows\System\LBZYJUB.exe
  C:\Windows\System\LBZYJUB.exe
  2⤵
  PID:5880
- C:\Windows\System\QZAuVqM.exe
  C:\Windows\System\QZAuVqM.exe
  2⤵
  PID:564
- C:\Windows\System\YCbLIxW.exe
  C:\Windows\System\YCbLIxW.exe
  2⤵
  PID:6160
- C:\Windows\System\nYKbYvE.exe
  C:\Windows\System\nYKbYvE.exe
  2⤵
  PID:6180
- C:\Windows\System\jOQnMxt.exe
  C:\Windows\System\jOQnMxt.exe
  2⤵
  PID:6200
- C:\Windows\System\riQSMNC.exe
  C:\Windows\System\riQSMNC.exe
  2⤵
  PID:6220
- C:\Windows\System\uzunKev.exe
  C:\Windows\System\uzunKev.exe
  2⤵
  PID:6240
- C:\Windows\System\iUyFrBB.exe
  C:\Windows\System\iUyFrBB.exe
  2⤵
  PID:6260
- C:\Windows\System\CxwhGIa.exe
  C:\Windows\System\CxwhGIa.exe
  2⤵
  PID:6280
- C:\Windows\System\XTFrrQd.exe
  C:\Windows\System\XTFrrQd.exe
  2⤵
  PID:6300
- C:\Windows\System\sGYkytp.exe
  C:\Windows\System\sGYkytp.exe
  2⤵
  PID:6320
- C:\Windows\System\WxPTWtp.exe
  C:\Windows\System\WxPTWtp.exe
  2⤵
  PID:6340
- C:\Windows\System\qxrwkhU.exe
  C:\Windows\System\qxrwkhU.exe
  2⤵
  PID:6360
- C:\Windows\System\pzJTGvR.exe
  C:\Windows\System\pzJTGvR.exe
  2⤵
  PID:6380
- C:\Windows\System\kLQqwLk.exe
  C:\Windows\System\kLQqwLk.exe
  2⤵
  PID:6400
- C:\Windows\System\rAxMMXe.exe
  C:\Windows\System\rAxMMXe.exe
  2⤵
  PID:6420
- C:\Windows\System\YjfEIpx.exe
  C:\Windows\System\YjfEIpx.exe
  2⤵
  PID:6440
- C:\Windows\System\QPUQnDV.exe
  C:\Windows\System\QPUQnDV.exe
  2⤵
  PID:6460
- C:\Windows\System\dwDPYuq.exe
  C:\Windows\System\dwDPYuq.exe
  2⤵
  PID:6480
- C:\Windows\System\cjfKeWe.exe
  C:\Windows\System\cjfKeWe.exe
  2⤵
  PID:6500
- C:\Windows\System\NqpdsBx.exe
  C:\Windows\System\NqpdsBx.exe
  2⤵
  PID:6520
- C:\Windows\System\gUOEzfM.exe
  C:\Windows\System\gUOEzfM.exe
  2⤵
  PID:6540
- C:\Windows\System\rSKxZCH.exe
  C:\Windows\System\rSKxZCH.exe
  2⤵
  PID:6560
- C:\Windows\System\YoyVQni.exe
  C:\Windows\System\YoyVQni.exe
  2⤵
  PID:6580
- C:\Windows\System\VsGhqVS.exe
  C:\Windows\System\VsGhqVS.exe
  2⤵
  PID:6600
- C:\Windows\System\jUGFnPG.exe
  C:\Windows\System\jUGFnPG.exe
  2⤵
  PID:6620
- C:\Windows\System\XuEnAiR.exe
  C:\Windows\System\XuEnAiR.exe
  2⤵
  PID:6640
- C:\Windows\System\pvvzbjT.exe
  C:\Windows\System\pvvzbjT.exe
  2⤵
  PID:6660
- C:\Windows\System\FxyExYI.exe
  C:\Windows\System\FxyExYI.exe
  2⤵
  PID:6680
- C:\Windows\System\laNWarb.exe
  C:\Windows\System\laNWarb.exe
  2⤵
  PID:6700
- C:\Windows\System\nNBJzwZ.exe
  C:\Windows\System\nNBJzwZ.exe
  2⤵
  PID:6724
- C:\Windows\System\fzwfZaV.exe
  C:\Windows\System\fzwfZaV.exe
  2⤵
  PID:6744
- C:\Windows\System\SVeLBJO.exe
  C:\Windows\System\SVeLBJO.exe
  2⤵
  PID:6764
- C:\Windows\System\HArHbRU.exe
  C:\Windows\System\HArHbRU.exe
  2⤵
  PID:6784
- C:\Windows\System\EmxRmXK.exe
  C:\Windows\System\EmxRmXK.exe
  2⤵
  PID:6804
- C:\Windows\System\eAKVVWK.exe
  C:\Windows\System\eAKVVWK.exe
  2⤵
  PID:6820
- C:\Windows\System\lfBolXP.exe
  C:\Windows\System\lfBolXP.exe
  2⤵
  PID:6836
- C:\Windows\System\FKLOaox.exe
  C:\Windows\System\FKLOaox.exe
  2⤵
  PID:6884
- C:\Windows\System\JbbmDts.exe
  C:\Windows\System\JbbmDts.exe
  2⤵
  PID:6904
- C:\Windows\System\zNSUsDF.exe
  C:\Windows\System\zNSUsDF.exe
  2⤵
  PID:6920
- C:\Windows\System\bjqOuOX.exe
  C:\Windows\System\bjqOuOX.exe
  2⤵
  PID:6936
- C:\Windows\System\laHRvDF.exe
  C:\Windows\System\laHRvDF.exe
  2⤵
  PID:6952
- C:\Windows\System\WLOwBht.exe
  C:\Windows\System\WLOwBht.exe
  2⤵
  PID:6968
- C:\Windows\System\wMudgkN.exe
  C:\Windows\System\wMudgkN.exe
  2⤵
  PID:6984
- C:\Windows\System\zmRgvyO.exe
  C:\Windows\System\zmRgvyO.exe
  2⤵
  PID:7000
- C:\Windows\System\lxKFgBt.exe
  C:\Windows\System\lxKFgBt.exe
  2⤵
  PID:7016
- C:\Windows\System\ymIhwJT.exe
  C:\Windows\System\ymIhwJT.exe
  2⤵
  PID:7032
- C:\Windows\System\oculRoQ.exe
  C:\Windows\System\oculRoQ.exe
  2⤵
  PID:7052
- C:\Windows\System\xYMoOvQ.exe
  C:\Windows\System\xYMoOvQ.exe
  2⤵
  PID:7068
- C:\Windows\System\McTZOXn.exe
  C:\Windows\System\McTZOXn.exe
  2⤵
  PID:7116
- C:\Windows\System\JCTaIJX.exe
  C:\Windows\System\JCTaIJX.exe
  2⤵
  PID:7164
- C:\Windows\System\mvEPGPn.exe
  C:\Windows\System\mvEPGPn.exe
  2⤵
  PID:5052
- C:\Windows\System\FtAAzDo.exe
  C:\Windows\System\FtAAzDo.exe
  2⤵
  PID:1952
- C:\Windows\System\SjkmpIK.exe
  C:\Windows\System\SjkmpIK.exe
  2⤵
  PID:2732
- C:\Windows\System\RYsukZB.exe
  C:\Windows\System\RYsukZB.exe
  2⤵
  PID:5580
- C:\Windows\System\GPwAGCG.exe
  C:\Windows\System\GPwAGCG.exe
  2⤵
  PID:2444
- C:\Windows\System\yLNJLzy.exe
  C:\Windows\System\yLNJLzy.exe
  2⤵
  PID:6152
- C:\Windows\System\OsFOVdJ.exe
  C:\Windows\System\OsFOVdJ.exe
  2⤵
  PID:6168
- C:\Windows\System\mOJXcSS.exe
  C:\Windows\System\mOJXcSS.exe
  2⤵
  PID:6192
- C:\Windows\System\GsKFoPB.exe
  C:\Windows\System\GsKFoPB.exe
  2⤵
  PID:6208
- C:\Windows\System\MktfrTx.exe
  C:\Windows\System\MktfrTx.exe
  2⤵
  PID:6248
- C:\Windows\System\jEXYupU.exe
  C:\Windows\System\jEXYupU.exe
  2⤵
  PID:6256
- C:\Windows\System\aqSisxa.exe
  C:\Windows\System\aqSisxa.exe
  2⤵
  PID:6356
- C:\Windows\System\bpMjlUE.exe
  C:\Windows\System\bpMjlUE.exe
  2⤵
  PID:6368
- C:\Windows\System\IvtzsnS.exe
  C:\Windows\System\IvtzsnS.exe
  2⤵
  PID:6372
- C:\Windows\System\IBbofky.exe
  C:\Windows\System\IBbofky.exe
  2⤵
  PID:6408
- C:\Windows\System\hgEWrNE.exe
  C:\Windows\System\hgEWrNE.exe
  2⤵
  PID:6432
- C:\Windows\System\yXXoHpc.exe
  C:\Windows\System\yXXoHpc.exe
  2⤵
  PID:6456
- C:\Windows\System\bhUfOcS.exe
  C:\Windows\System\bhUfOcS.exe
  2⤵
  PID:6516
- C:\Windows\System\zqIgKBI.exe
  C:\Windows\System\zqIgKBI.exe
  2⤵
  PID:6512
- C:\Windows\System\KystCVn.exe
  C:\Windows\System\KystCVn.exe
  2⤵
  PID:6556
- C:\Windows\System\OQQanDj.exe
  C:\Windows\System\OQQanDj.exe
  2⤵
  PID:6568
- C:\Windows\System\QixJSye.exe
  C:\Windows\System\QixJSye.exe
  2⤵
  PID:6572
- C:\Windows\System\RgcCzTE.exe
  C:\Windows\System\RgcCzTE.exe
  2⤵
  PID:6612
- C:\Windows\System\vILZMZb.exe
  C:\Windows\System\vILZMZb.exe
  2⤵
  PID:2272
- C:\Windows\System\mNwqLHV.exe
  C:\Windows\System\mNwqLHV.exe
  2⤵
  PID:6648
- C:\Windows\System\DGBRuRG.exe
  C:\Windows\System\DGBRuRG.exe
  2⤵
  PID:2544
- C:\Windows\System\CXJThbC.exe
  C:\Windows\System\CXJThbC.exe
  2⤵
  PID:6720
- C:\Windows\System\nxWqwMc.exe
  C:\Windows\System\nxWqwMc.exe
  2⤵
  PID:6692
- C:\Windows\System\XukjgKD.exe
  C:\Windows\System\XukjgKD.exe
  2⤵
  PID:6740
- C:\Windows\System\PNxiyDg.exe
  C:\Windows\System\PNxiyDg.exe
  2⤵
  PID:6796
- C:\Windows\System\DaeFpfB.exe
  C:\Windows\System\DaeFpfB.exe
  2⤵
  PID:956
- C:\Windows\System\ifbmQmP.exe
  C:\Windows\System\ifbmQmP.exe
  2⤵
  PID:6860
- C:\Windows\System\PgvnGIV.exe
  C:\Windows\System\PgvnGIV.exe
  2⤵
  PID:2200
- C:\Windows\System\ktvLluh.exe
  C:\Windows\System\ktvLluh.exe
  2⤵
  PID:6896
- C:\Windows\System\XMQxnqY.exe
  C:\Windows\System\XMQxnqY.exe
  2⤵
  PID:6992
- C:\Windows\System\SyOloTy.exe
  C:\Windows\System\SyOloTy.exe
  2⤵
  PID:6960
- C:\Windows\System\azWaqxm.exe
  C:\Windows\System\azWaqxm.exe
  2⤵
  PID:7064
- C:\Windows\System\EVknQpT.exe
  C:\Windows\System\EVknQpT.exe
  2⤵
  PID:7048
- C:\Windows\System\KCpmtol.exe
  C:\Windows\System\KCpmtol.exe
  2⤵
  PID:7084
- C:\Windows\System\fSrJbnU.exe
  C:\Windows\System\fSrJbnU.exe
  2⤵
  PID:7100
- C:\Windows\System\kcyZzVt.exe
  C:\Windows\System\kcyZzVt.exe
  2⤵
  PID:7160
- C:\Windows\System\kUdJqhX.exe
  C:\Windows\System\kUdJqhX.exe
  2⤵
  PID:2848
- C:\Windows\System\etEugQH.exe
  C:\Windows\System\etEugQH.exe
  2⤵
  PID:772
- C:\Windows\System\qcLvrfQ.exe
  C:\Windows\System\qcLvrfQ.exe
  2⤵
  PID:6212
- C:\Windows\System\TnsxVtS.exe
  C:\Windows\System\TnsxVtS.exe
  2⤵
  PID:6148
- C:\Windows\System\xGzjvBe.exe
  C:\Windows\System\xGzjvBe.exe
  2⤵
  PID:6288
- C:\Windows\System\bQdzOgJ.exe
  C:\Windows\System\bQdzOgJ.exe
  2⤵
  PID:3008
- C:\Windows\System\xNZfIGw.exe
  C:\Windows\System\xNZfIGw.exe
  2⤵
  PID:6328
- C:\Windows\System\ONTkKWr.exe
  C:\Windows\System\ONTkKWr.exe
  2⤵
  PID:6596
- C:\Windows\System\xrPlTkc.exe
  C:\Windows\System\xrPlTkc.exe
  2⤵
  PID:6416
- C:\Windows\System\AVMnztJ.exe
  C:\Windows\System\AVMnztJ.exe
  2⤵
  PID:1760
- C:\Windows\System\dgTEoGA.exe
  C:\Windows\System\dgTEoGA.exe
  2⤵
  PID:6352
- C:\Windows\System\pbJUuIA.exe
  C:\Windows\System\pbJUuIA.exe
  2⤵
  PID:6448
- C:\Windows\System\KyGcpiQ.exe
  C:\Windows\System\KyGcpiQ.exe
  2⤵
  PID:6628
- C:\Windows\System\lNiUHoG.exe
  C:\Windows\System\lNiUHoG.exe
  2⤵
  PID:2628
- C:\Windows\System\QQDpLxd.exe
  C:\Windows\System\QQDpLxd.exe
  2⤵
  PID:6632
- C:\Windows\System\HARolzj.exe
  C:\Windows\System\HARolzj.exe
  2⤵
  PID:6832
- C:\Windows\System\FmrQNWt.exe
  C:\Windows\System\FmrQNWt.exe
  2⤵
  PID:6812
- C:\Windows\System\bDybxJG.exe
  C:\Windows\System\bDybxJG.exe
  2⤵
  PID:6776
- C:\Windows\System\XbLwKhj.exe
  C:\Windows\System\XbLwKhj.exe
  2⤵
  PID:6800
- C:\Windows\System\DrbddVk.exe
  C:\Windows\System\DrbddVk.exe
  2⤵
  PID:2840
- C:\Windows\System\TmvXktu.exe
  C:\Windows\System\TmvXktu.exe
  2⤵
  PID:6816
- C:\Windows\System\HUfbBYH.exe
  C:\Windows\System\HUfbBYH.exe
  2⤵
  PID:6876
- C:\Windows\System\SbaclUg.exe
  C:\Windows\System\SbaclUg.exe
  2⤵
  PID:6944
- C:\Windows\System\KNoqMoe.exe
  C:\Windows\System\KNoqMoe.exe
  2⤵
  PID:6996
- C:\Windows\System\oEYONdD.exe
  C:\Windows\System\oEYONdD.exe
  2⤵
  PID:7104
- C:\Windows\System\rvKLFot.exe
  C:\Windows\System\rvKLFot.exe
  2⤵
  PID:5328
- C:\Windows\System\LQTOVcv.exe
  C:\Windows\System\LQTOVcv.exe
  2⤵
  PID:7096
- C:\Windows\System\CUMhrQC.exe
  C:\Windows\System\CUMhrQC.exe
  2⤵
  PID:2508
- C:\Windows\System\aCuijxs.exe
  C:\Windows\System\aCuijxs.exe
  2⤵
  PID:6472
- C:\Windows\System\iEwSRyK.exe
  C:\Windows\System\iEwSRyK.exe
  2⤵
  PID:5584
- C:\Windows\System\dyVVUrC.exe
  C:\Windows\System\dyVVUrC.exe
  2⤵
  PID:6232
- C:\Windows\System\vEjfDVF.exe
  C:\Windows\System\vEjfDVF.exe
  2⤵
  PID:6608
- C:\Windows\System\pWponTF.exe
  C:\Windows\System\pWponTF.exe
  2⤵
  PID:6732
- C:\Windows\System\hEFmbId.exe
  C:\Windows\System\hEFmbId.exe
  2⤵
  PID:6844
- C:\Windows\System\nPcjzMn.exe
  C:\Windows\System\nPcjzMn.exe
  2⤵
  PID:6980
- C:\Windows\System\XVqCGIx.exe
  C:\Windows\System\XVqCGIx.exe
  2⤵
  PID:7184
- C:\Windows\System\WncnfzQ.exe
  C:\Windows\System\WncnfzQ.exe
  2⤵
  PID:7200
- C:\Windows\System\MKfJXBi.exe
  C:\Windows\System\MKfJXBi.exe
  2⤵
  PID:7216
- C:\Windows\System\HkMCfWq.exe
  C:\Windows\System\HkMCfWq.exe
  2⤵
  PID:7232
- C:\Windows\System\nVnJOFB.exe
  C:\Windows\System\nVnJOFB.exe
  2⤵
  PID:7248
- C:\Windows\System\zCNhdWp.exe
  C:\Windows\System\zCNhdWp.exe
  2⤵
  PID:7264
- C:\Windows\System\hQOxLjb.exe
  C:\Windows\System\hQOxLjb.exe
  2⤵
  PID:7280
- C:\Windows\System\KbXBMvK.exe
  C:\Windows\System\KbXBMvK.exe
  2⤵
  PID:7296
- C:\Windows\System\GKTFwrI.exe
  C:\Windows\System\GKTFwrI.exe
  2⤵
  PID:7312
- C:\Windows\System\DXFOaFT.exe
  C:\Windows\System\DXFOaFT.exe
  2⤵
  PID:7332
- C:\Windows\System\nSHHGwj.exe
  C:\Windows\System\nSHHGwj.exe
  2⤵
  PID:7352
- C:\Windows\System\QqhOCqm.exe
  C:\Windows\System\QqhOCqm.exe
  2⤵
  PID:7368
- C:\Windows\System\QdFiTXM.exe
  C:\Windows\System\QdFiTXM.exe
  2⤵
  PID:7384
- C:\Windows\System\jVEMKou.exe
  C:\Windows\System\jVEMKou.exe
  2⤵
  PID:7416
- C:\Windows\System\tbYXftg.exe
  C:\Windows\System\tbYXftg.exe
  2⤵
  PID:7440
- C:\Windows\System\upqflMi.exe
  C:\Windows\System\upqflMi.exe
  2⤵
  PID:7456
- C:\Windows\System\eKsTEYX.exe
  C:\Windows\System\eKsTEYX.exe
  2⤵
  PID:7480
- C:\Windows\System\IfBFPeU.exe
  C:\Windows\System\IfBFPeU.exe
  2⤵
  PID:7520
- C:\Windows\System\imAjMpI.exe
  C:\Windows\System\imAjMpI.exe
  2⤵
  PID:7536
- C:\Windows\System\zhtqbjB.exe
  C:\Windows\System\zhtqbjB.exe
  2⤵
  PID:7564
- C:\Windows\System\zMaEdjq.exe
  C:\Windows\System\zMaEdjq.exe
  2⤵
  PID:7588
- C:\Windows\System\uhSKoJf.exe
  C:\Windows\System\uhSKoJf.exe
  2⤵
  PID:7604
- C:\Windows\System\LEYdTDV.exe
  C:\Windows\System\LEYdTDV.exe
  2⤵
  PID:7624
- C:\Windows\System\xKPaqvI.exe
  C:\Windows\System\xKPaqvI.exe
  2⤵
  PID:7644
- C:\Windows\System\MeKWCzI.exe
  C:\Windows\System\MeKWCzI.exe
  2⤵
  PID:7660
- C:\Windows\System\RuQWbrF.exe
  C:\Windows\System\RuQWbrF.exe
  2⤵
  PID:7680
- C:\Windows\System\HobmXwX.exe
  C:\Windows\System\HobmXwX.exe
  2⤵
  PID:7696
- C:\Windows\System\AadDmim.exe
  C:\Windows\System\AadDmim.exe
  2⤵
  PID:7712
- C:\Windows\System\cEoDCYr.exe
  C:\Windows\System\cEoDCYr.exe
  2⤵
  PID:7820
- C:\Windows\System\eZBlBlx.exe
  C:\Windows\System\eZBlBlx.exe
  2⤵
  PID:7840
- C:\Windows\System\cyKiSeL.exe
  C:\Windows\System\cyKiSeL.exe
  2⤵
  PID:7856
- C:\Windows\System\gvtLQWa.exe
  C:\Windows\System\gvtLQWa.exe
  2⤵
  PID:7872
- C:\Windows\System\zfcevHS.exe
  C:\Windows\System\zfcevHS.exe
  2⤵
  PID:7888
- C:\Windows\System\eTrbaxe.exe
  C:\Windows\System\eTrbaxe.exe
  2⤵
  PID:7904
- C:\Windows\System\vKHILGZ.exe
  C:\Windows\System\vKHILGZ.exe
  2⤵
  PID:7920
- C:\Windows\System\YvhEZhW.exe
  C:\Windows\System\YvhEZhW.exe
  2⤵
  PID:7936
- C:\Windows\System\QgSnbUE.exe
  C:\Windows\System\QgSnbUE.exe
  2⤵
  PID:7952
- C:\Windows\System\lweMLLT.exe
  C:\Windows\System\lweMLLT.exe
  2⤵
  PID:7968
- C:\Windows\System\oDUZwvK.exe
  C:\Windows\System\oDUZwvK.exe
  2⤵
  PID:7992
- C:\Windows\System\kNkVGhi.exe
  C:\Windows\System\kNkVGhi.exe
  2⤵
  PID:8012
- C:\Windows\System\mngeSgi.exe
  C:\Windows\System\mngeSgi.exe
  2⤵
  PID:8028
- C:\Windows\System\LANXzXh.exe
  C:\Windows\System\LANXzXh.exe
  2⤵
  PID:8044
- C:\Windows\System\JquIkRm.exe
  C:\Windows\System\JquIkRm.exe
  2⤵
  PID:8060
- C:\Windows\System\UdiidvK.exe
  C:\Windows\System\UdiidvK.exe
  2⤵
  PID:8076
- C:\Windows\System\wnfPtrh.exe
  C:\Windows\System\wnfPtrh.exe
  2⤵
  PID:8092
- C:\Windows\System\ELOizQm.exe
  C:\Windows\System\ELOizQm.exe
  2⤵
  PID:8116
- C:\Windows\System\mAECRpI.exe
  C:\Windows\System\mAECRpI.exe
  2⤵
  PID:8136
- C:\Windows\System\nlvkWUr.exe
  C:\Windows\System\nlvkWUr.exe
  2⤵
  PID:8152
- C:\Windows\System\WvCuahz.exe
  C:\Windows\System\WvCuahz.exe
  2⤵
  PID:8172
- C:\Windows\System\qIEtxpo.exe
  C:\Windows\System\qIEtxpo.exe
  2⤵
  PID:8188
- C:\Windows\System\xVvetxp.exe
  C:\Windows\System\xVvetxp.exe
  2⤵
  PID:2456
- C:\Windows\System\FvYReIC.exe
  C:\Windows\System\FvYReIC.exe
  2⤵
  PID:7176
- C:\Windows\System\vXpFYyj.exe
  C:\Windows\System\vXpFYyj.exe
  2⤵
  PID:7244
- C:\Windows\System\bYFXkmd.exe
  C:\Windows\System\bYFXkmd.exe
  2⤵
  PID:7472
- C:\Windows\System\eGDQFRs.exe
  C:\Windows\System\eGDQFRs.exe
  2⤵
  PID:7308
- C:\Windows\System\mwOlLlA.exe
  C:\Windows\System\mwOlLlA.exe
  2⤵
  PID:7344
- C:\Windows\System\GStzetO.exe
  C:\Windows\System\GStzetO.exe
  2⤵
  PID:7728
- C:\Windows\System\gkCmTBS.exe
  C:\Windows\System\gkCmTBS.exe
  2⤵
  PID:7448
- C:\Windows\System\WJfprNN.exe
  C:\Windows\System\WJfprNN.exe
  2⤵
  PID:6376
- C:\Windows\System\FCRTnuk.exe
  C:\Windows\System\FCRTnuk.exe
  2⤵
  PID:2608
- C:\Windows\System\KIeOisl.exe
  C:\Windows\System\KIeOisl.exe
  2⤵
  PID:6772
- C:\Windows\System\pBFKkWQ.exe
  C:\Windows\System\pBFKkWQ.exe
  2⤵
  PID:1632
- C:\Windows\System\YwSgPVm.exe
  C:\Windows\System\YwSgPVm.exe
  2⤵
  PID:7040
- C:\Windows\System\XJvyXrG.exe
  C:\Windows\System\XJvyXrG.exe
  2⤵
  PID:7596
- C:\Windows\System\TmlfVkc.exe
  C:\Windows\System\TmlfVkc.exe
  2⤵
  PID:6488
- C:\Windows\System\CIBvhUq.exe
  C:\Windows\System\CIBvhUq.exe
  2⤵
  PID:6760
- C:\Windows\System\wIgMdtd.exe
  C:\Windows\System\wIgMdtd.exe
  2⤵
  PID:7288
- C:\Windows\System\rcfxeQR.exe
  C:\Windows\System\rcfxeQR.exe
  2⤵
  PID:7360
- C:\Windows\System\FvhGtpP.exe
  C:\Windows\System\FvhGtpP.exe
  2⤵
  PID:7400
- C:\Windows\System\GrKuejk.exe
  C:\Windows\System\GrKuejk.exe
  2⤵
  PID:7488
- C:\Windows\System\FubPPxK.exe
  C:\Windows\System\FubPPxK.exe
  2⤵
  PID:7512
- C:\Windows\System\VumbHUs.exe
  C:\Windows\System\VumbHUs.exe
  2⤵
  PID:7556
- C:\Windows\System\tIjGDPz.exe
  C:\Windows\System\tIjGDPz.exe
  2⤵
  PID:7636
- C:\Windows\System\NXDiylx.exe
  C:\Windows\System\NXDiylx.exe
  2⤵
  PID:7676
- C:\Windows\System\xKQTmBM.exe
  C:\Windows\System\xKQTmBM.exe
  2⤵
  PID:7748
- C:\Windows\System\WmenAcN.exe
  C:\Windows\System\WmenAcN.exe
  2⤵
  PID:7764
- C:\Windows\System\PDgVbHl.exe
  C:\Windows\System\PDgVbHl.exe
  2⤵
  PID:7780
- C:\Windows\System\HUzhACJ.exe
  C:\Windows\System\HUzhACJ.exe
  2⤵
  PID:7796
- C:\Windows\System\COtLJgy.exe
  C:\Windows\System\COtLJgy.exe
  2⤵
  PID:7816
- C:\Windows\System\gpmTQjL.exe
  C:\Windows\System\gpmTQjL.exe
  2⤵
  PID:7852
- C:\Windows\System\MSlWzCp.exe
  C:\Windows\System\MSlWzCp.exe
  2⤵
  PID:7916
- C:\Windows\System\eccssjl.exe
  C:\Windows\System\eccssjl.exe
  2⤵
  PID:7980
- C:\Windows\System\BHSwZXO.exe
  C:\Windows\System\BHSwZXO.exe
  2⤵
  PID:8024
- C:\Windows\System\bDHhSWL.exe
  C:\Windows\System\bDHhSWL.exe
  2⤵
  PID:8088
- C:\Windows\System\hrXVPsW.exe
  C:\Windows\System\hrXVPsW.exe
  2⤵
  PID:7868
- C:\Windows\System\ZRNoMcA.exe
  C:\Windows\System\ZRNoMcA.exe
  2⤵
  PID:7932
- C:\Windows\System\JCOajkS.exe
  C:\Windows\System\JCOajkS.exe
  2⤵
  PID:8132
- C:\Windows\System\PHImIiM.exe
  C:\Windows\System\PHImIiM.exe
  2⤵
  PID:1576
- C:\Windows\System\BXDsnjE.exe
  C:\Windows\System\BXDsnjE.exe
  2⤵
  PID:2808
- C:\Windows\System\IhrYsFA.exe
  C:\Windows\System\IhrYsFA.exe
  2⤵
  PID:8100
- C:\Windows\System\VEfssjY.exe
  C:\Windows\System\VEfssjY.exe
  2⤵
  PID:7436
- C:\Windows\System\DVFNxxq.exe
  C:\Windows\System\DVFNxxq.exe
  2⤵
  PID:7376
- C:\Windows\System\tcZaVEN.exe
  C:\Windows\System\tcZaVEN.exe
  2⤵
  PID:8008
- C:\Windows\System\EfhPhoF.exe
  C:\Windows\System\EfhPhoF.exe
  2⤵
  PID:8072
- C:\Windows\System\QjyCABR.exe
  C:\Windows\System\QjyCABR.exe
  2⤵
  PID:8148
- C:\Windows\System\bMIRIze.exe
  C:\Windows\System\bMIRIze.exe
  2⤵
  PID:7208
- C:\Windows\System\bNFcfAZ.exe
  C:\Windows\System\bNFcfAZ.exe
  2⤵
  PID:7276
- C:\Windows\System\ZylfIrC.exe
  C:\Windows\System\ZylfIrC.exe
  2⤵
  PID:7576
- C:\Windows\System\KkSRdQb.exe
  C:\Windows\System\KkSRdQb.exe
  2⤵
  PID:7616
- C:\Windows\System\hVjlGGS.exe
  C:\Windows\System\hVjlGGS.exe
  2⤵
  PID:7688
- C:\Windows\System\XHkOwzq.exe
  C:\Windows\System\XHkOwzq.exe
  2⤵
  PID:7736
- C:\Windows\System\oSNqZOs.exe
  C:\Windows\System\oSNqZOs.exe
  2⤵
  PID:6864
- C:\Windows\System\rJqvJSo.exe
  C:\Windows\System\rJqvJSo.exe
  2⤵
  PID:2404
- C:\Windows\System\LQJoDEj.exe
  C:\Windows\System\LQJoDEj.exe
  2⤵
  PID:1656
- C:\Windows\System\kMgTsgS.exe
  C:\Windows\System\kMgTsgS.exe
  2⤵
  PID:6308
- C:\Windows\System\RavxFiz.exe
  C:\Windows\System\RavxFiz.exe
  2⤵
  PID:7256
- C:\Windows\System\wwjXzpc.exe
  C:\Windows\System\wwjXzpc.exe
  2⤵
  PID:5656
- C:\Windows\System\VZQYPhw.exe
  C:\Windows\System\VZQYPhw.exe
  2⤵
  PID:7544
- C:\Windows\System\iBrLZUE.exe
  C:\Windows\System\iBrLZUE.exe
  2⤵
  PID:7412
- C:\Windows\System\OhiKUye.exe
  C:\Windows\System\OhiKUye.exe
  2⤵
  PID:7392
- C:\Windows\System\YVoQYSC.exe
  C:\Windows\System\YVoQYSC.exe
  2⤵
  PID:7760
- C:\Windows\System\fIXbUfN.exe
  C:\Windows\System\fIXbUfN.exe
  2⤵
  PID:7848
- C:\Windows\System\JgRChcx.exe
  C:\Windows\System\JgRChcx.exe
  2⤵
  PID:7500
- C:\Windows\System\nIEcKiX.exe
  C:\Windows\System\nIEcKiX.exe
  2⤵
  PID:7804
- C:\Windows\System\AiUkTQa.exe
  C:\Windows\System\AiUkTQa.exe
  2⤵
  PID:7708
- C:\Windows\System\FaFDLtM.exe
  C:\Windows\System\FaFDLtM.exe
  2⤵
  PID:7912
- C:\Windows\System\ZMGVpdg.exe
  C:\Windows\System\ZMGVpdg.exe
  2⤵
  PID:7976
- C:\Windows\System\ZJPatDt.exe
  C:\Windows\System\ZJPatDt.exe
  2⤵
  PID:8168
- C:\Windows\System\vofxNQY.exe
  C:\Windows\System\vofxNQY.exe
  2⤵
  PID:7864
- C:\Windows\System\Yqxteac.exe
  C:\Windows\System\Yqxteac.exe
  2⤵
  PID:8068
- C:\Windows\System\VBGYmxc.exe
  C:\Windows\System\VBGYmxc.exe
  2⤵
  PID:7532
- C:\Windows\System\gxcTzeu.exe
  C:\Windows\System\gxcTzeu.exe
  2⤵
  PID:6272
- C:\Windows\System\BXrnKgf.exe
  C:\Windows\System\BXrnKgf.exe
  2⤵
  PID:8004
- C:\Windows\System\GUqelCh.exe
  C:\Windows\System\GUqelCh.exe
  2⤵
  PID:7304
- C:\Windows\System\WvYEdpe.exe
  C:\Windows\System\WvYEdpe.exe
  2⤵
  PID:6928
- C:\Windows\System\BVenPtO.exe
  C:\Windows\System\BVenPtO.exe
  2⤵
  PID:6916
- C:\Windows\System\lixqGaU.exe
  C:\Windows\System\lixqGaU.exe
  2⤵
  PID:7652
- C:\Windows\System\foyXBkX.exe
  C:\Windows\System\foyXBkX.exe
  2⤵
  PID:7228
- C:\Windows\System\OVQvRji.exe
  C:\Windows\System\OVQvRji.exe
  2⤵
  PID:2936
- C:\Windows\System\fvBXaCh.exe
  C:\Windows\System\fvBXaCh.exe
  2⤵
  PID:7756
- C:\Windows\System\jLVVYsK.exe
  C:\Windows\System\jLVVYsK.exe
  2⤵
  PID:7792
- C:\Windows\System\BmgptLZ.exe
  C:\Windows\System\BmgptLZ.exe
  2⤵
  PID:7776
- C:\Windows\System\FjaQAGx.exe
  C:\Windows\System\FjaQAGx.exe
  2⤵
  PID:8084
- C:\Windows\System\xGTMsTE.exe
  C:\Windows\System\xGTMsTE.exe
  2⤵
  PID:7964
- C:\Windows\System\ybqVQBa.exe
  C:\Windows\System\ybqVQBa.exe
  2⤵
  PID:6792
- C:\Windows\System\UxmDcxo.exe
  C:\Windows\System\UxmDcxo.exe
  2⤵
  PID:7328
- C:\Windows\System\lbcZsaY.exe
  C:\Windows\System\lbcZsaY.exe
  2⤵
  PID:7468
- C:\Windows\System\XdoXmyH.exe
  C:\Windows\System\XdoXmyH.exe
  2⤵
  PID:8196
- C:\Windows\System\KCJQTwf.exe
  C:\Windows\System\KCJQTwf.exe
  2⤵
  PID:8212
- C:\Windows\System\fhJMiDN.exe
  C:\Windows\System\fhJMiDN.exe
  2⤵
  PID:8228
- C:\Windows\System\olVdiJu.exe
  C:\Windows\System\olVdiJu.exe
  2⤵
  PID:8244
- C:\Windows\System\HkLpTUW.exe
  C:\Windows\System\HkLpTUW.exe
  2⤵
  PID:8260
- C:\Windows\System\oIZzrkF.exe
  C:\Windows\System\oIZzrkF.exe
  2⤵
  PID:8276
- C:\Windows\System\aryYExy.exe
  C:\Windows\System\aryYExy.exe
  2⤵
  PID:8292
- C:\Windows\System\HQSXXmy.exe
  C:\Windows\System\HQSXXmy.exe
  2⤵
  PID:8308
- C:\Windows\System\yIurxsm.exe
  C:\Windows\System\yIurxsm.exe
  2⤵
  PID:8332
- C:\Windows\System\zWKyAUm.exe
  C:\Windows\System\zWKyAUm.exe
  2⤵
  PID:8348
- C:\Windows\System\cLztFJK.exe
  C:\Windows\System\cLztFJK.exe
  2⤵
  PID:8364
- C:\Windows\System\AFijJCA.exe
  C:\Windows\System\AFijJCA.exe
  2⤵
  PID:8380
- C:\Windows\System\rTNsWOo.exe
  C:\Windows\System\rTNsWOo.exe
  2⤵
  PID:8396
- C:\Windows\System\AEzjefI.exe
  C:\Windows\System\AEzjefI.exe
  2⤵
  PID:8412
- C:\Windows\System\wSmjZMr.exe
  C:\Windows\System\wSmjZMr.exe
  2⤵
  PID:8432
- C:\Windows\System\OklsWTw.exe
  C:\Windows\System\OklsWTw.exe
  2⤵
  PID:8448
- C:\Windows\System\IspXWAL.exe
  C:\Windows\System\IspXWAL.exe
  2⤵
  PID:8464
- C:\Windows\System\aFLgeVT.exe
  C:\Windows\System\aFLgeVT.exe
  2⤵
  PID:8480
- C:\Windows\System\TzgELNy.exe
  C:\Windows\System\TzgELNy.exe
  2⤵
  PID:8496
- C:\Windows\System\BGkATRk.exe
  C:\Windows\System\BGkATRk.exe
  2⤵
  PID:8512
- C:\Windows\System\uRbrruk.exe
  C:\Windows\System\uRbrruk.exe
  2⤵
  PID:8528
- C:\Windows\System\WHljCFb.exe
  C:\Windows\System\WHljCFb.exe
  2⤵
  PID:8548
- C:\Windows\System\AyIJJkR.exe
  C:\Windows\System\AyIJJkR.exe
  2⤵
  PID:8564
- C:\Windows\System\WcaIMYD.exe
  C:\Windows\System\WcaIMYD.exe
  2⤵
  PID:8580
- C:\Windows\System\pdjTlyX.exe
  C:\Windows\System\pdjTlyX.exe
  2⤵
  PID:8596
- C:\Windows\System\toxbhEY.exe
  C:\Windows\System\toxbhEY.exe
  2⤵
  PID:8612
- C:\Windows\System\bxvfrAO.exe
  C:\Windows\System\bxvfrAO.exe
  2⤵
  PID:8628
- C:\Windows\System\ERoykjV.exe
  C:\Windows\System\ERoykjV.exe
  2⤵
  PID:8644
- C:\Windows\System\GNtZQow.exe
  C:\Windows\System\GNtZQow.exe
  2⤵
  PID:8660
- C:\Windows\System\rRTpJOC.exe
  C:\Windows\System\rRTpJOC.exe
  2⤵
  PID:8676
- C:\Windows\System\eMPaYqr.exe
  C:\Windows\System\eMPaYqr.exe
  2⤵
  PID:8696
- C:\Windows\System\QeBBzOl.exe
  C:\Windows\System\QeBBzOl.exe
  2⤵
  PID:8712
- C:\Windows\System\weroCKN.exe
  C:\Windows\System\weroCKN.exe
  2⤵
  PID:8728
- C:\Windows\System\vLQvLVJ.exe
  C:\Windows\System\vLQvLVJ.exe
  2⤵
  PID:8744
- C:\Windows\System\wQZlUZe.exe
  C:\Windows\System\wQZlUZe.exe
  2⤵
  PID:8760
- C:\Windows\System\GGancTb.exe
  C:\Windows\System\GGancTb.exe
  2⤵
  PID:8776
- C:\Windows\System\roWdKbV.exe
  C:\Windows\System\roWdKbV.exe
  2⤵
  PID:8792
- C:\Windows\System\vNAmgZB.exe
  C:\Windows\System\vNAmgZB.exe
  2⤵
  PID:8808
- C:\Windows\System\DcQvjUC.exe
  C:\Windows\System\DcQvjUC.exe
  2⤵
  PID:8824
- C:\Windows\System\LHgoyap.exe
  C:\Windows\System\LHgoyap.exe
  2⤵
  PID:8840
- C:\Windows\System\GIvDeMW.exe
  C:\Windows\System\GIvDeMW.exe
  2⤵
  PID:8856
- C:\Windows\System\pVivCup.exe
  C:\Windows\System\pVivCup.exe
  2⤵
  PID:8872
- C:\Windows\System\PgMgYXv.exe
  C:\Windows\System\PgMgYXv.exe
  2⤵
  PID:8888
- C:\Windows\System\uDhwdym.exe
  C:\Windows\System\uDhwdym.exe
  2⤵
  PID:8904
- C:\Windows\System\eUlbQyo.exe
  C:\Windows\System\eUlbQyo.exe
  2⤵
  PID:8920
- C:\Windows\System\tWSaYLo.exe
  C:\Windows\System\tWSaYLo.exe
  2⤵
  PID:8936
- C:\Windows\System\BNWQARS.exe
  C:\Windows\System\BNWQARS.exe
  2⤵
  PID:8952
- C:\Windows\System\QlwzrFc.exe
  C:\Windows\System\QlwzrFc.exe
  2⤵
  PID:8968
- C:\Windows\System\VJZsSAR.exe
  C:\Windows\System\VJZsSAR.exe
  2⤵
  PID:8984
- C:\Windows\System\QvHyTKE.exe
  C:\Windows\System\QvHyTKE.exe
  2⤵
  PID:9000
- C:\Windows\System\iarMrvo.exe
  C:\Windows\System\iarMrvo.exe
  2⤵
  PID:9016
- C:\Windows\System\hNlTjfM.exe
  C:\Windows\System\hNlTjfM.exe
  2⤵
  PID:9032
- C:\Windows\System\ojXCUjz.exe
  C:\Windows\System\ojXCUjz.exe
  2⤵
  PID:9052
- C:\Windows\System\bHvkKFC.exe
  C:\Windows\System\bHvkKFC.exe
  2⤵
  PID:9068
- C:\Windows\System\vlamBsA.exe
  C:\Windows\System\vlamBsA.exe
  2⤵
  PID:9088
- C:\Windows\System\dovIcVr.exe
  C:\Windows\System\dovIcVr.exe
  2⤵
  PID:9104
- C:\Windows\System\KdzTUpp.exe
  C:\Windows\System\KdzTUpp.exe
  2⤵
  PID:9120
- C:\Windows\System\iDHlVuW.exe
  C:\Windows\System\iDHlVuW.exe
  2⤵
  PID:9136
- C:\Windows\System\MAQNXgp.exe
  C:\Windows\System\MAQNXgp.exe
  2⤵
  PID:9152
- C:\Windows\System\nvulKNY.exe
  C:\Windows\System\nvulKNY.exe
  2⤵
  PID:9168
- C:\Windows\System\QFeFgXc.exe
  C:\Windows\System\QFeFgXc.exe
  2⤵
  PID:9184
- C:\Windows\System\BXwYcRH.exe
  C:\Windows\System\BXwYcRH.exe
  2⤵
  PID:9200
- C:\Windows\System\qlalboP.exe
  C:\Windows\System\qlalboP.exe
  2⤵
  PID:7612
- C:\Windows\System\zcZLiIB.exe
  C:\Windows\System\zcZLiIB.exe
  2⤵
  PID:8020
- C:\Windows\System\UrAohka.exe
  C:\Windows\System\UrAohka.exe
  2⤵
  PID:8388
- C:\Windows\System\TMmobjZ.exe
  C:\Windows\System\TMmobjZ.exe
  2⤵
  PID:8456
- C:\Windows\System\cIzufQm.exe
  C:\Windows\System\cIzufQm.exe
  2⤵
  PID:8376
- C:\Windows\System\fxCFOAA.exe
  C:\Windows\System\fxCFOAA.exe
  2⤵
  PID:8560
- C:\Windows\System\CyMaokC.exe
  C:\Windows\System\CyMaokC.exe
  2⤵
  PID:8620
- C:\Windows\System\oOocQRc.exe
  C:\Windows\System\oOocQRc.exe
  2⤵
  PID:8688
- C:\Windows\System\ntEsmGY.exe
  C:\Windows\System\ntEsmGY.exe
  2⤵
  PID:8752
- C:\Windows\System\pnoeoql.exe
  C:\Windows\System\pnoeoql.exe
  2⤵
  PID:8788
- C:\Windows\System\nPKaBHj.exe
  C:\Windows\System\nPKaBHj.exe
  2⤵
  PID:8852
- C:\Windows\System\oBxbgLN.exe
  C:\Windows\System\oBxbgLN.exe
  2⤵
  PID:8472
- C:\Windows\System\GvFVrOd.exe
  C:\Windows\System\GvFVrOd.exe
  2⤵
  PID:8504
- C:\Windows\System\pHxkfRm.exe
  C:\Windows\System\pHxkfRm.exe
  2⤵
  PID:8672
- C:\Windows\System\saOaRja.exe
  C:\Windows\System\saOaRja.exe
  2⤵
  PID:8800
- C:\Windows\System\mJnBBHf.exe
  C:\Windows\System\mJnBBHf.exe
  2⤵
  PID:8992
- C:\Windows\System\OJpLvVZ.exe
  C:\Windows\System\OJpLvVZ.exe
  2⤵
  PID:9012
- C:\Windows\System\SrXCiqa.exe
  C:\Windows\System\SrXCiqa.exe
  2⤵
  PID:9080
- C:\Windows\System\emxCHdr.exe
  C:\Windows\System\emxCHdr.exe
  2⤵
  PID:9144
- C:\Windows\System\viUDtDF.exe
  C:\Windows\System\viUDtDF.exe
  2⤵
  PID:9132
- C:\Windows\System\JNiyBjv.exe
  C:\Windows\System\JNiyBjv.exe
  2⤵
  PID:9196
- C:\Windows\System\mQOHZLk.exe
  C:\Windows\System\mQOHZLk.exe
  2⤵
  PID:8684
- C:\Windows\System\vFsZezq.exe
  C:\Windows\System\vFsZezq.exe
  2⤵
  PID:6508
- C:\Windows\System\JCOrTCN.exe
  C:\Windows\System\JCOrTCN.exe
  2⤵
  PID:8252
- C:\Windows\System\Otlnfwr.exe
  C:\Windows\System\Otlnfwr.exe
  2⤵
  PID:7396
- C:\Windows\System\IFMXPkH.exe
  C:\Windows\System\IFMXPkH.exe
  2⤵
  PID:8236
- C:\Windows\System\LruTSBR.exe
  C:\Windows\System\LruTSBR.exe
  2⤵
  PID:8524
- C:\Windows\System\QZZfPwz.exe
  C:\Windows\System\QZZfPwz.exe
  2⤵
  PID:8640
- C:\Windows\System\jAbFrzy.exe
  C:\Windows\System\jAbFrzy.exe
  2⤵
  PID:9116
- C:\Windows\System\iPrFUwM.exe
  C:\Windows\System\iPrFUwM.exe
  2⤵
  PID:2552
- C:\Windows\System\BSWPlQX.exe
  C:\Windows\System\BSWPlQX.exe
  2⤵
  PID:9044
- C:\Windows\System\wVWgUHF.exe
  C:\Windows\System\wVWgUHF.exe
  2⤵
  PID:9064
- C:\Windows\System\EFWVYvp.exe
  C:\Windows\System\EFWVYvp.exe
  2⤵
  PID:8536
- C:\Windows\System\ZBeeEcn.exe
  C:\Windows\System\ZBeeEcn.exe
  2⤵
  PID:7552
- C:\Windows\System\WquPTSR.exe
  C:\Windows\System\WquPTSR.exe
  2⤵
  PID:8204
- C:\Windows\System\uPqCdDc.exe
  C:\Windows\System\uPqCdDc.exe
  2⤵
  PID:8284
- C:\Windows\System\kSMzhiB.exe
  C:\Windows\System\kSMzhiB.exe
  2⤵
  PID:8404
- C:\Windows\System\TLYXHqn.exe
  C:\Windows\System\TLYXHqn.exe
  2⤵
  PID:8340
- C:\Windows\System\wwjxGbS.exe
  C:\Windows\System\wwjxGbS.exe
  2⤵
  PID:8492
- C:\Windows\System\DsKdvYF.exe
  C:\Windows\System\DsKdvYF.exe
  2⤵
  PID:8424
- C:\Windows\System\bSmCoVJ.exe
  C:\Windows\System\bSmCoVJ.exe
  2⤵
  PID:8848
- C:\Windows\System\AukIZbr.exe
  C:\Windows\System\AukIZbr.exe
  2⤵
  PID:8636
- C:\Windows\System\GWZCuTi.exe
  C:\Windows\System\GWZCuTi.exe
  2⤵
  PID:8604
- C:\Windows\System\nVMxTcc.exe
  C:\Windows\System\nVMxTcc.exe
  2⤵
  PID:8896
- C:\Windows\System\mheOECX.exe
  C:\Windows\System\mheOECX.exe
  2⤵
  PID:8960
- C:\Windows\System\LqykVXg.exe
  C:\Windows\System\LqykVXg.exe
  2⤵
  PID:9040
- C:\Windows\System\wvUCQhh.exe
  C:\Windows\System\wvUCQhh.exe
  2⤵
  PID:9028
- C:\Windows\System\lSTnirt.exe
  C:\Windows\System\lSTnirt.exe
  2⤵
  PID:7076
- C:\Windows\System\maDJuYb.exe
  C:\Windows\System\maDJuYb.exe
  2⤵
  PID:7508
- C:\Windows\System\mKGcXHg.exe
  C:\Windows\System\mKGcXHg.exe
  2⤵
  PID:8576
- C:\Windows\System\DRJxNLO.exe
  C:\Windows\System\DRJxNLO.exe
  2⤵
  PID:8772
- C:\Windows\System\zbkPVzr.exe
  C:\Windows\System\zbkPVzr.exe
  2⤵
  PID:8440
- C:\Windows\System\XDGTlxH.exe
  C:\Windows\System\XDGTlxH.exe
  2⤵
  PID:7192
- C:\Windows\System\UKECtJS.exe
  C:\Windows\System\UKECtJS.exe
  2⤵
  PID:8360
- C:\Windows\System\Dlyniju.exe
  C:\Windows\System\Dlyniju.exe
  2⤵
  PID:9176
- C:\Windows\System\LQMbZBp.exe
  C:\Windows\System\LQMbZBp.exe
  2⤵
  PID:8724
- C:\Windows\System\CWfsCUX.exe
  C:\Windows\System\CWfsCUX.exe
  2⤵
  PID:8444
- C:\Windows\System\oVgsfCS.exe
  C:\Windows\System\oVgsfCS.exe
  2⤵
  PID:6332
- C:\Windows\System\DrErduZ.exe
  C:\Windows\System\DrErduZ.exe
  2⤵
  PID:8320
- C:\Windows\System\UcFOrHt.exe
  C:\Windows\System\UcFOrHt.exe
  2⤵
  PID:8656
- C:\Windows\System\RtzkFBi.exe
  C:\Windows\System\RtzkFBi.exe
  2⤵
  PID:8476
- C:\Windows\System\qNcrbJP.exe
  C:\Windows\System\qNcrbJP.exe
  2⤵
  PID:9212
- C:\Windows\System\GmJDCZu.exe
  C:\Windows\System\GmJDCZu.exe
  2⤵
  PID:8864
- C:\Windows\System\hrVKDnI.exe
  C:\Windows\System\hrVKDnI.exe
  2⤵
  PID:8820
- C:\Windows\System\wDDprXY.exe
  C:\Windows\System\wDDprXY.exe
  2⤵
  PID:9076
- C:\Windows\System\VFSyuxo.exe
  C:\Windows\System\VFSyuxo.exe
  2⤵
  PID:8980
- C:\Windows\System\mkOdYEx.exe
  C:\Windows\System\mkOdYEx.exe
  2⤵
  PID:6576
- C:\Windows\System\kTwuQNK.exe
  C:\Windows\System\kTwuQNK.exe
  2⤵
  PID:8256
- C:\Windows\System\fVAvvxT.exe
  C:\Windows\System\fVAvvxT.exe
  2⤵
  PID:8836
- C:\Windows\System\bZMMkQq.exe
  C:\Windows\System\bZMMkQq.exe
  2⤵
  PID:8944
- C:\Windows\System\RRNWfoN.exe
  C:\Windows\System\RRNWfoN.exe
  2⤵
  PID:9228
- C:\Windows\System\telttHM.exe
  C:\Windows\System\telttHM.exe
  2⤵
  PID:9248
- C:\Windows\System\ZdqiiSY.exe
  C:\Windows\System\ZdqiiSY.exe
  2⤵
  PID:9272
- C:\Windows\System\evCvrlv.exe
  C:\Windows\System\evCvrlv.exe
  2⤵
  PID:9292
- C:\Windows\System\GlgtRmK.exe
  C:\Windows\System\GlgtRmK.exe
  2⤵
  PID:9312
- C:\Windows\System\aSOWujS.exe
  C:\Windows\System\aSOWujS.exe
  2⤵
  PID:9340
- C:\Windows\System\XOLYtsp.exe
  C:\Windows\System\XOLYtsp.exe
  2⤵
  PID:9368
- C:\Windows\System\YbmaVtA.exe
  C:\Windows\System\YbmaVtA.exe
  2⤵
  PID:9388
- C:\Windows\System\BiTCKEv.exe
  C:\Windows\System\BiTCKEv.exe
  2⤵
  PID:9408
- C:\Windows\System\gFVeUkO.exe
  C:\Windows\System\gFVeUkO.exe
  2⤵
  PID:9428
- C:\Windows\System\iOklveZ.exe
  C:\Windows\System\iOklveZ.exe
  2⤵
  PID:9444
- C:\Windows\System\vniOpoe.exe
  C:\Windows\System\vniOpoe.exe
  2⤵
  PID:9468
- C:\Windows\System\hyghzyw.exe
  C:\Windows\System\hyghzyw.exe
  2⤵
  PID:9484
- C:\Windows\System\gFdjncJ.exe
  C:\Windows\System\gFdjncJ.exe
  2⤵
  PID:9504
- C:\Windows\System\ZlCtPWs.exe
  C:\Windows\System\ZlCtPWs.exe
  2⤵
  PID:9524
- C:\Windows\System\QUTuXOp.exe
  C:\Windows\System\QUTuXOp.exe
  2⤵
  PID:9548
- C:\Windows\System\oKTZbzO.exe
  C:\Windows\System\oKTZbzO.exe
  2⤵
  PID:9564
- C:\Windows\System\ScCsLtE.exe
  C:\Windows\System\ScCsLtE.exe
  2⤵
  PID:9580
- C:\Windows\System\jlmozjj.exe
  C:\Windows\System\jlmozjj.exe
  2⤵
  PID:9596
- C:\Windows\System\LiHXUWd.exe
  C:\Windows\System\LiHXUWd.exe
  2⤵
  PID:9612
- C:\Windows\System\jERnbKo.exe
  C:\Windows\System\jERnbKo.exe
  2⤵
  PID:9628
- C:\Windows\System\CfSpmfB.exe
  C:\Windows\System\CfSpmfB.exe
  2⤵
  PID:9644
- C:\Windows\System\tvYTXXg.exe
  C:\Windows\System\tvYTXXg.exe
  2⤵
  PID:9664
- C:\Windows\System\WHxJrOj.exe
  C:\Windows\System\WHxJrOj.exe
  2⤵
  PID:9680
- C:\Windows\System\DvDeXkV.exe
  C:\Windows\System\DvDeXkV.exe
  2⤵
  PID:9696
- C:\Windows\System\ncYaoBA.exe
  C:\Windows\System\ncYaoBA.exe
  2⤵
  PID:9712
- C:\Windows\System\KrJWZcC.exe
  C:\Windows\System\KrJWZcC.exe
  2⤵
  PID:9728
- C:\Windows\System\VxsEfRv.exe
  C:\Windows\System\VxsEfRv.exe
  2⤵
  PID:9744
- C:\Windows\System\pADufgA.exe
  C:\Windows\System\pADufgA.exe
  2⤵
  PID:9760
- C:\Windows\System\VRdbtkb.exe
  C:\Windows\System\VRdbtkb.exe
  2⤵
  PID:9776
- C:\Windows\System\yPKUmEF.exe
  C:\Windows\System\yPKUmEF.exe
  2⤵
  PID:9796
- C:\Windows\System\maseGvk.exe
  C:\Windows\System\maseGvk.exe
  2⤵
  PID:9812
- C:\Windows\System\hNZksGK.exe
  C:\Windows\System\hNZksGK.exe
  2⤵
  PID:9828
- C:\Windows\System\Ftezpxh.exe
  C:\Windows\System\Ftezpxh.exe
  2⤵
  PID:9844
- C:\Windows\System\KscDHdD.exe
  C:\Windows\System\KscDHdD.exe
  2⤵
  PID:9860
- C:\Windows\System\CrhCREB.exe
  C:\Windows\System\CrhCREB.exe
  2⤵
  PID:9876
- C:\Windows\System\QElSaMe.exe
  C:\Windows\System\QElSaMe.exe
  2⤵
  PID:9892
- C:\Windows\System\sPHVaUc.exe
  C:\Windows\System\sPHVaUc.exe
  2⤵
  PID:9908
- C:\Windows\System\LZbMYDL.exe
  C:\Windows\System\LZbMYDL.exe
  2⤵
  PID:9924
- C:\Windows\System\nUnrcBX.exe
  C:\Windows\System\nUnrcBX.exe
  2⤵
  PID:9940
- C:\Windows\System\JofHubt.exe
  C:\Windows\System\JofHubt.exe
  2⤵
  PID:9956
- C:\Windows\System\rqyhlFX.exe
  C:\Windows\System\rqyhlFX.exe
  2⤵
  PID:9972
- C:\Windows\System\nfsgPGn.exe
  C:\Windows\System\nfsgPGn.exe
  2⤵
  PID:9988
- C:\Windows\System\wdhzoFG.exe
  C:\Windows\System\wdhzoFG.exe
  2⤵
  PID:10004
- C:\Windows\System\IPnGHfa.exe
  C:\Windows\System\IPnGHfa.exe
  2⤵
  PID:10020
- C:\Windows\System\ZRyTBcR.exe
  C:\Windows\System\ZRyTBcR.exe
  2⤵
  PID:10036
- C:\Windows\System\BPPpCdz.exe
  C:\Windows\System\BPPpCdz.exe
  2⤵
  PID:10056
- C:\Windows\System\ymiJXlB.exe
  C:\Windows\System\ymiJXlB.exe
  2⤵
  PID:10072
- C:\Windows\System\qBMKWXf.exe
  C:\Windows\System\qBMKWXf.exe
  2⤵
  PID:10088
- C:\Windows\System\dkTiPeE.exe
  C:\Windows\System\dkTiPeE.exe
  2⤵
  PID:10104
- C:\Windows\System\lhkjNKc.exe
  C:\Windows\System\lhkjNKc.exe
  2⤵
  PID:10120
- C:\Windows\System\GPVFdqw.exe
  C:\Windows\System\GPVFdqw.exe
  2⤵
  PID:10136
- C:\Windows\System\BfcLpra.exe
  C:\Windows\System\BfcLpra.exe
  2⤵
  PID:10152
- C:\Windows\System\SbMhfTy.exe
  C:\Windows\System\SbMhfTy.exe
  2⤵
  PID:10168
- C:\Windows\System\spYYjEP.exe
  C:\Windows\System\spYYjEP.exe
  2⤵
  PID:10188
- C:\Windows\System\zjBcMVY.exe
  C:\Windows\System\zjBcMVY.exe
  2⤵
  PID:10208
- C:\Windows\System\koccxPP.exe
  C:\Windows\System\koccxPP.exe
  2⤵
  PID:10224
- C:\Windows\System\bdgoyeC.exe
  C:\Windows\System\bdgoyeC.exe
  2⤵
  PID:9220
- C:\Windows\System\idtINFQ.exe
  C:\Windows\System\idtINFQ.exe
  2⤵
  PID:9240
- C:\Windows\System\bENknax.exe
  C:\Windows\System\bENknax.exe
  2⤵
  PID:9288
- C:\Windows\System\iBzqyYq.exe
  C:\Windows\System\iBzqyYq.exe
  2⤵
  PID:9320
- C:\Windows\System\gubWGaS.exe
  C:\Windows\System\gubWGaS.exe
  2⤵
  PID:9348
- C:\Windows\System\UqndorB.exe
  C:\Windows\System\UqndorB.exe
  2⤵
  PID:9384
- C:\Windows\System\VEGFPBN.exe
  C:\Windows\System\VEGFPBN.exe
  2⤵
  PID:9416
- C:\Windows\System\ApbMLSK.exe
  C:\Windows\System\ApbMLSK.exe
  2⤵
  PID:9440
- C:\Windows\System\cClFBCZ.exe
  C:\Windows\System\cClFBCZ.exe
  2⤵
  PID:9492
- C:\Windows\System\tikOLiU.exe
  C:\Windows\System\tikOLiU.exe
  2⤵
  PID:9512
- C:\Windows\System\vMdSYns.exe
  C:\Windows\System\vMdSYns.exe
  2⤵
  PID:9544
- C:\Windows\System\rrOcxjE.exe
  C:\Windows\System\rrOcxjE.exe
  2⤵
  PID:9576
- C:\Windows\System\yMvLVli.exe
  C:\Windows\System\yMvLVli.exe
  2⤵
  PID:9640
- C:\Windows\System\EsaErrK.exe
  C:\Windows\System\EsaErrK.exe
  2⤵
  PID:9708
- C:\Windows\System\UzpUSKD.exe
  C:\Windows\System\UzpUSKD.exe
  2⤵
  PID:9804
- C:\Windows\System\CwMkhXi.exe
  C:\Windows\System\CwMkhXi.exe
  2⤵
  PID:9868
- C:\Windows\System\hUuHSaC.exe
  C:\Windows\System\hUuHSaC.exe
  2⤵
  PID:9936
- C:\Windows\System\LgMpgGo.exe
  C:\Windows\System\LgMpgGo.exe
  2⤵
  PID:10000
- C:\Windows\System\GkhowpS.exe
  C:\Windows\System\GkhowpS.exe
  2⤵
  PID:10256
- C:\Windows\System\DiKYkFJ.exe
  C:\Windows\System\DiKYkFJ.exe
  2⤵
  PID:10272
- C:\Windows\System\IqLSKgI.exe
  C:\Windows\System\IqLSKgI.exe
  2⤵
  PID:10288
- C:\Windows\System\jBRYsae.exe
  C:\Windows\System\jBRYsae.exe
  2⤵
  PID:10304
- C:\Windows\System\lYyVoXK.exe
  C:\Windows\System\lYyVoXK.exe
  2⤵
  PID:10320
- C:\Windows\System\IcKTeTp.exe
  C:\Windows\System\IcKTeTp.exe
  2⤵
  PID:10336
- C:\Windows\System\kmgtYQE.exe
  C:\Windows\System\kmgtYQE.exe
  2⤵
  PID:10352
- C:\Windows\System\oKnyVNq.exe
  C:\Windows\System\oKnyVNq.exe
  2⤵
  PID:10368
- C:\Windows\System\BQaqqoz.exe
  C:\Windows\System\BQaqqoz.exe
  2⤵
  PID:10384
- C:\Windows\System\wkyDIlD.exe
  C:\Windows\System\wkyDIlD.exe
  2⤵
  PID:10400
- C:\Windows\System\EmriPNS.exe
  C:\Windows\System\EmriPNS.exe
  2⤵
  PID:10416
- C:\Windows\System\otpVmAR.exe
  C:\Windows\System\otpVmAR.exe
  2⤵
  PID:10432
- C:\Windows\System\UeBVOis.exe
  C:\Windows\System\UeBVOis.exe
  2⤵
  PID:10448
- C:\Windows\System\dStoPcF.exe
  C:\Windows\System\dStoPcF.exe
  2⤵
  PID:10464
- C:\Windows\System\EWRxjhh.exe
  C:\Windows\System\EWRxjhh.exe
  2⤵
  PID:10480
- C:\Windows\System\nORKYjx.exe
  C:\Windows\System\nORKYjx.exe
  2⤵
  PID:10496
- C:\Windows\System\hSPRbYm.exe
  C:\Windows\System\hSPRbYm.exe
  2⤵
  PID:10512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AChIvzI.exe

Filesize
6.0MB

MD5
cea98b59fe52baee203a2ab018220268

SHA1
6a816997b7b8f584b0ab2ff36e6e2892036479e5

SHA256
6ce16de507a9887ce903c887946c0fa10a1b1185bdc2e5ec587ccfca3716bf04

SHA512
cc45c4ce3dfe28ae27d60b0764a6fb447cebde05fd3c5e8e999197de71a2a5a6b0bfc8d80eca409830aec5cdcc4db61802138ab0eebe7dd023ae54c49383c235

Download Submit
C:\Windows\system\ALWVprt.exe

Filesize
6.0MB

MD5
805e6f65401d52be8cf01e07a7ead64d

SHA1
5176f46e8a3df024847790b1a63da867a75c47eb

SHA256
05c60a0ffb3a2bf97aeb18057409a33a804f6b290d930b366d6c34c24d2be900

SHA512
d4da47c841728ca7e4e189eef50534c465b49233021c186a550117358e6a1c82715133e51a06bf6009faa63ae4076bfa6c6b17de1d186ecb7f06e012c3754875

Download Submit
C:\Windows\system\GIHKGil.exe

Filesize
6.0MB

MD5
b764042925f013a131dcc604a92e3d92

SHA1
29fb0c09da86285238f842e553a40f43760bb966

SHA256
44a80ba126e284203efc41ff6663b61d022690909a2cfe5e4af95f9f07ffd425

SHA512
a44431cede0142796206767685dbf329da2954ebc373795aed8ff251b6cbe1fdfaca535a6d073af04c5a4bb99887a7fc36fdf845443a1bbe6f23be16b149119d

Download Submit
C:\Windows\system\GljqnBz.exe

Filesize
6.0MB

MD5
77bc945b19925fa526ac4800c9e07d72

SHA1
c331028a28dd85062c2d16d6a4943a5adaaf3513

SHA256
538e673e78364b760f86fc414e1881866c4c2368651927351f8774774d7f7fa5

SHA512
738a206282318884d7a538ed1fb32d62a47356637c77b9402387adc678f397d5256bd146617a329f892e2c0d10f992a839e2e5f6951d1fb067431fece410bf2e

Download Submit
C:\Windows\system\HwyjqtN.exe

Filesize
6.0MB

MD5
b53a6f575006c194198fe3d666a00ac1

SHA1
feb9e081ec7d82777cb67762895d3792e04dfa08

SHA256
a09c2597c07b6a59c1ee3f8c6a94d26a169967f7efbf170fabf1770db9deb4a4

SHA512
b7b31db297150c3b1e0dad31902b82bcb70a83a682eca040544572f8d7d5cc8cf38f85b0444df6f4fc40d4f14d04efa6f10d9434ba09e5b31f5ef19b33021aed

Download Submit
C:\Windows\system\JIdMlmC.exe

Filesize
6.0MB

MD5
fb1801190822186b726ca98c4af4cebb

SHA1
bce4175784b224390ee5e1b8cd4d59af9cc82339

SHA256
44ac64f93eedaa9bd55d8dfd9567b3350f021ceba5e337c2f39cb130b0c0cb58

SHA512
d742c590dfcb7a535e85420c1e687cfbf1fe2be560aa78b592aeda7af34b5dce7889507b1513c69262844a1d696023c8fc5124c0dbf93c7d6532e9bda8308317

Download Submit
C:\Windows\system\KAWLcni.exe

Filesize
6.0MB

MD5
bd74d49a15fbc92d145becf0dc10d7a0

SHA1
507cb9bf69c696cb0703e821bd04955ec53577b3

SHA256
6d3bbf4d66dd8435e4c3b94ea22028ad418330471d26229aeb4cac9f3ed8ecc6

SHA512
9632e186437c88eb5fca9caaa0df751ca67886dc0f670213f9da83aef8893dc2c7c55c1c95904523ea988a745b14a74bb59ed58672e4eb899f949b8a426301cf

Download Submit
C:\Windows\system\Lzjmjkd.exe

Filesize
6.0MB

MD5
fd7b8ea1a86e4f9a9c45b023327160b3

SHA1
399352d5a469cae96fbaa2e1cbea777176a9ab74

SHA256
77aac4c4d2f6a8082f9e68c2eec7ebf6435a9967bc83e55a6748e731a7e5ea5c

SHA512
07623de1011352e541b339f8f8efab253a4c5f19f4ce159c5299645b2d6d6def9c0607eeb745ad459f3cad3f4d527823d0682a492c1dae0417f16ae019c6a55c

Download Submit
C:\Windows\system\OWGewvt.exe

Filesize
6.0MB

MD5
a85d681b3c8302a6e14f22ca1e879af8

SHA1
81919a4376fd35f4cfe3c9f804052a78c7aa1de3

SHA256
0888543af3da16437c64400f846eba0510506f31e361e926da5d63ee26ef9182

SHA512
9891a137935f5ed7e47daccbd3e24ce7834b6cd692f93aec9f269ceaab1b4eed087a0eaefdd6ffd317d6a2af754507ea42be34080b28689e497d22163240ea21

Download Submit
C:\Windows\system\OyuBnjG.exe

Filesize
6.0MB

MD5
de1c54e96589c80ffa009d144962d11d

SHA1
f4baba2735de65bc74dec365491b614ad991da4e

SHA256
503bf15449d779665a6835891fc0964f56751940edd4f84c019679ad1f055dfa

SHA512
1660c2bdf78f999cdb862249c3f816adb612583db66359acaba645898aa50682a8f84d98075a263641f8a81ff54a0ff71540414f60d38ebdd937ff4fe5ea3969

Download Submit
C:\Windows\system\RHRkFHO.exe

Filesize
6.0MB

MD5
f6663026f0c3fadc0516481e84f5dae9

SHA1
55b12ec63b58979e635ec22d5e4b3f527db74e7c

SHA256
4b1a07e529df0bffe9768771fe14f30eca1479b8dc4612849ec30334c35d6faf

SHA512
e6225e87c9de7d0e5f4a3c892d7a64c6917eca86960147b18d43ca10bdfed2032931304937b8a4aeca591eed75d4950212a3013a80270614be3860881d6715f2

Download Submit
C:\Windows\system\RZTyyUu.exe

Filesize
6.0MB

MD5
e0fc159e35bf235f001fca01ee2b9057

SHA1
3268f44b5755a13ed80f0ab152cf2b117524c84d

SHA256
c5bc46361f32d4ea841c8815a1cfe2a467b95e01ad81255fe47aa674c62d25ed

SHA512
b782aaa7a16f35b56f8f7b8dc46b06bc4f81a25d22c95b8719a228ac22ec7d7c666e2f3d3562948735597e40e864024df9e192969ea8043676a6fc3e25be5e50

Download Submit
C:\Windows\system\TPOdohJ.exe

Filesize
6.0MB

MD5
612157ecc7bbb1c0c72bb2efbd57e7e0

SHA1
13971231f6bd1adbfc5a6a5a8c720094a4dbab24

SHA256
34bd02f771644594f97ed9ce2c147d253b899b37e5d71e1b12ea23c40e5509d8

SHA512
9caabd638edaea224147a2281288f5f71c0667f60a96e607ec2718d5a364f16f2459557f83a158ccca828cdc35d26eb1325caa80df047051b62dae0a2bc70c78

Download Submit
C:\Windows\system\XpQVNVa.exe

Filesize
6.0MB

MD5
2d6ae771d0295c9236ded73ef1b7e1fa

SHA1
9b858078e1f1af273c2d3b77f00e9cf9c557b671

SHA256
6da55b77f9b66cfa1a73a4a2dd571fc049f94fc6fa27e27c35e3a3836ceb945f

SHA512
84b5d37a862903847f0897b6f0e2bf6e069ce900208ff8c1b7ca00c012adde754790d88ebed7546e7e6c3c810ad8a469c1367385a76c2f176947de3d95b29d09

Download Submit
C:\Windows\system\XwddPYW.exe

Filesize
6.0MB

MD5
776d81665e30124b6f0441f47b0ac28f

SHA1
ee88b589e76f1a24417cca6114fc0984e0171827

SHA256
154a2838d63aff0fc270a8b640cf36e6785c32881cc7e4727e39b0a195cb65a7

SHA512
ac6e6b208d020c2958036cdd839c776c3f2be864028a9e92417f31e0c3b5d88ed261c6a7680e535e1a8105b4f8e55474340fcf24f2616281cd79156588bf567c

Download Submit
C:\Windows\system\dNCtfWh.exe

Filesize
6.0MB

MD5
f49ea6347d7f5ed5ab3a79a55cbb08ad

SHA1
830805a2097b7f9d2b14b5d16e44462f4ecdfaf4

SHA256
28d97c1cd65df5744109bcd42e1fbf681d4384a36d3937b0c91611a0eeb192ad

SHA512
6ead4fdc9fb1f942d845c44139766dce1412fc4f82aac5aa7d71518142384b65f8a92bfa10cdb70ac401e4d8c6ed832474f0dd2d4efdb1bc8cbe96d4aa0e1ad6

Download Submit
C:\Windows\system\dcrJrfP.exe

Filesize
6.0MB

MD5
dca84f35e89bbc9bfe5727cc5bcdc37d

SHA1
e93518633f617c41b89e637b7cb957287f9495f0

SHA256
86cc32eb9048e11d210fe25420c2882b1aa05a13d52f9d53df6fadf1f9581c2d

SHA512
3a089f59753456719e6b52b8d7c64aa431ef5ce0321f580bf2ea4e989895691ab8c540b442a18af4f819e6501cdd05b801951517552a6b91a4650ca408fb567e

Download Submit
C:\Windows\system\fMLZfuA.exe

Filesize
6.0MB

MD5
6435de63a5b0b5437269f4851c3a8001

SHA1
8050c038d0dc96bcc2bce5b1b1bc324191ed3bee

SHA256
6a76b37563753764c068de64d21ac3a72c0c24ac549283509c4a9a0d2c67e64a

SHA512
24d2beaf56048cc7262a40db2bfd3da26eef4f599616913b4f21e29a05371a712abb7b7546824e79e522aaea3530d95cdb51ec33336e844b7d24b41d1adf9913

Download Submit
C:\Windows\system\hlkHCnC.exe

Filesize
6.0MB

MD5
8b3dd7993b24a97c57704d71964d4c10

SHA1
4e1eb8e504630f8ff54d862f407f4bd119434504

SHA256
a7e550ab8e97add0e6b0464c3a9dec0ff303e6f86ae0b7682dff5d0c467ecd12

SHA512
8ce76ee57633a19ef1676d2e2f262dfbe1387e1a2afa535d55d48e6e20840e8c761b50b5bfbe87ddfe379930c82b6b5c10c26b76e2657489f98889396d8de7d9

Download Submit
C:\Windows\system\kvrPrTE.exe

Filesize
6.0MB

MD5
1df667d5dcc385cc0f37b7c9ce74fb4b

SHA1
51abcb4d925e54685c0c87c36f6ffd7aa763ecb7

SHA256
2288d53d24b52bfbf73cfb8a9b35f49fe965485d7f69937b584edf565fe4bbef

SHA512
4909eac6f8bf436b25c98929af1f33ca28f3cc8268e4b6b16ae2f86a7a47479a6a7e797d744ec4edf55f930757263edcf5fcca72913f52da15994b5bfb182da4

Download Submit
C:\Windows\system\nEZEUgw.exe

Filesize
6.0MB

MD5
4b812d39c2846e5f13452776369fd75f

SHA1
2dcce7bd1f069c11c82ac4e9e4f1b8a4549fdb91

SHA256
23a82b949bb0ad2f5a84e7bc23b62d3022be1cc7f917311bf77cfe35c6dab2a4

SHA512
045a1aac1230651eed19ffdb4b3285c36fd02011a12428c794604ed2f5e8607a36a3a6fe1de7fbf3ac572ac868824152ac777b926290c86417d7d2822d5a2c6c

Download Submit
C:\Windows\system\negjImd.exe

Filesize
6.0MB

MD5
7ea4d5289ba97793874165783e468c0b

SHA1
7b6d6e1d6ba101a3eab5b1516b287e6c4cd39ab8

SHA256
67f0a0b7608bc4ef82e09681ee5a73768c06696c64867f6348b7c0c145256449

SHA512
556415ba33433ded18013894ec0a4d5f6b59a4db8c7acc3598cd861440f74ef80d9fb50d3bfdf781ebaaecd94b9ce76e734721581bfae91aec0a2609e69959e3

Download Submit
C:\Windows\system\ntdFHoC.exe

Filesize
6.0MB

MD5
ad441c51bd6e589cecf96a32280669e3

SHA1
68c6b62dc4ba691a25c6479f6142da866ff0165d

SHA256
f0d37a1e236e5c61c5e68976dafa797e58723589dead86e3e18aaeaae305bc5a

SHA512
665f3dbf3d213181a3ec74499e98f95a1bc9aee7ecdf1b1eba393fd9b8d87021263bf731874d117c86a39dc4c5eae1b91389b0e28a309d7340a3da574f4d3a9b

Download Submit
C:\Windows\system\qcWsVjc.exe

Filesize
6.0MB

MD5
503c657eb924e80792d3621fa93646ea

SHA1
6e49302f2bea5c4ff87a220c93b8c6edb3b775a0

SHA256
de4a683815fc9a4774072cd53bf084c6503ce681248ca159286934cbcbee53e2

SHA512
e83f73faec66e435fda11cbb05074eba7114181ea1c9df22df9f3b75aba85f92b4f082fa2c21b588fcb1f11375efada6ff2d257e450857b14ab66270e36834c2

Download Submit
C:\Windows\system\tCwMBaY.exe

Filesize
6.0MB

MD5
70a4520cfcc0a7462a464a20b756c508

SHA1
e34ec26d7f22ae60d372fef44d9e5c83c5b546fe

SHA256
e2c37444cc2c067084eba6b46c1ec33289bf4d13eb4cdca18facd5a9e38e2594

SHA512
9291bd535500bcf7a0a1b784e7614f06ea578dc70962b5b5362fb2e1cc1b5aa168860c2fd69b19d7fae8ccf620a306ffddb26de1afff4fa6009694f96bb49cb4

Download Submit
C:\Windows\system\tuVUzjm.exe

Filesize
6.0MB

MD5
46d64b9e79f80a7237b8cac38d31ca6c

SHA1
58ba92bb8b6261020d650548b47b55f6d5171811

SHA256
dae6ae407beebf364cf2f37f54b5a8891eb2eb8963123742bf58f9afb4e515b8

SHA512
c56411f56389b0aace1e9f8cbadeae962e5ceabf9e1289e79092246b0e4aa6edf1f088c448422d0bb5a5b3fb0cb20f38252217099dd75225f5a14568f82f9bfa

Download Submit
C:\Windows\system\vFSFrBs.exe

Filesize
6.0MB

MD5
de85e474c3d6a2da2ad2aabd7415ab71

SHA1
c0b59ac6bfbb552dd0e9e70542a66e11a40d4e06

SHA256
9c730a2a139b612165f50bed64d37dbe7ce267f65b4cec94f615536176ec85db

SHA512
5128862d124d3b540770b6f59fdf420f92d47afd3be8e7c8e75bdccadda3bb8f5784291e07b56e169c082d8426dd3255eba210bea262dd2dfa16af3a411504fc

Download Submit
C:\Windows\system\xfKzrOW.exe

Filesize
6.0MB

MD5
85cb7598053cf95d07e12af9c8b5c7b3

SHA1
a57e4d27720fd54d55b2cddd71f4428044b2442f

SHA256
9c6a8f1742e3bef8e06c8b833e7ec0ac9b2413e816a27e56636bce9545c159d1

SHA512
af127a750b49b1cd9c0b3846fee95760915af998a4c64dfd2501269c1f11a729d28cc609b8335a5d7f37a5ee26b59a879020943dc9ac0f76e7768d74e2098d0b

Download Submit
\Windows\system\BXikkfr.exe

Filesize
6.0MB

MD5
1f6b49c83bd67b6d15a97561e859c560

SHA1
5ea3a6fe5043d972a17348ebbc3d03565a2a4cd3

SHA256
53491f6346e6b2ea8dec76a305221536fac0d12762dec647c80bb5168abb6b66

SHA512
e7d6c6b7729c7cd65c41353dc7e0c5a38f5d7afb16975865cacbcb3f2c0093c567b51243e58a3225bb5d14118ec5246b3daeb8709bc2df0e38f7e309188208b4

Download Submit
\Windows\system\Ogxpvqa.exe

Filesize
6.0MB

MD5
35c74ab4f81e0b6cc5eaeba6b4516d21

SHA1
83d860b0c017ede1b0473d2a6ffcbbd36eb5f845

SHA256
d034e878a05b2933011892ed7931f09c61dcc4a99e1899fa25c4a1b8b0c21d02

SHA512
28da6456962035311b02bcf2b97b6471f13a251f700ee47b13c069a3f804ae976d21166cf396647b91af95bdb9639130a335e6251c995aa4f98fdd9cda8f6cb7

Download Submit
\Windows\system\cTflLOn.exe

Filesize
6.0MB

MD5
915aa2f40ce83be9de7fd137df391d46

SHA1
8a9a4a664d255e5a03850d305ec7001f0db11024

SHA256
e429b79e6485ac6ad836516976e2ca349c7acf94f2520e7cd63e719446ce1ede

SHA512
3aaceea32030a7e4e68e685b9399142b5ab7e8193e967571bfac0475bd3f6c3961ae1132478beb5bb244a28313e53b9e63c676d4707e50c617e76c99b90a7a37

Download Submit
\Windows\system\cVqfzXS.exe

Filesize
6.0MB

MD5
9c14d36a92f7b3e521c5887baebd3121

SHA1
b232dff5c0d79d277fe76b01663a822e19c8e80a

SHA256
25c22bbac155e7586922055ba9905ee894473127f74abc7506e759df9623cbe3

SHA512
c550589f89cf462fed6a862c92dbaaec73c67494e4e1e41c2fcd5204291090ab755188d7ec238bc916313d6317295fa5682adf9be5bcfe89219f9d3c2d85b411

Download Submit
\Windows\system\hBMYKLf.exe

Filesize
6.0MB

MD5
b77061e96338a7c3288e123c13755d6d

SHA1
043a59d39a0ba5f37587da23b88bdcce2a30eb86

SHA256
f61631bfc7953db1a6807431e01320e5e7d22259484428e8f95e5b4bb8424fba

SHA512
680b76d300806ca7e24be9a37be3172978f0b3c2a2dc9c97da92ed828382f91f38c6bcc2b2216e9ca7b05f017162231435a7400dd420e1ba1c1ef4fe7b8c1863

Download Submit
\Windows\system\lcaenmC.exe

Filesize
6.0MB

MD5
c016be3be979493fa311937098baebfe

SHA1
7bfb3973b750321cec98aca5a57a7f66135ee780

SHA256
bafab3a0194cd77f94e672a408825914a8768111af1025ebae57f2d38dcc2bc3

SHA512
1cdc948bc7e24959068e58076430d0bd9848523ee9bf8332173beff35786f91cdfd61221540e082f786c5b69668a09f310ed8aea01d714c503fc7398ef174cbf

Download Submit
\Windows\system\pJRgfAp.exe

Filesize
6.0MB

MD5
d9fed0d63b371c510c0d33e5c36a3d65

SHA1
6f756a88ad1c093977498bad70be9aa5855060e3

SHA256
cd0fc3ca2ba069bfbd19e3e805f22867b7578a162e5aa9c3b3e875a3bf50534b

SHA512
1344714d1370530a6cad7d11080ec356e5439e0d3274acd3005cd4b5ee4322b44bac19e596501bde0876b192491aa436423ae498a9f01bacea38b4753158fcc1

Download Submit
memory/2080-3834-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2603-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-2601-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2100-3838-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2244-1780-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2244-2010-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2244-2600-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2244-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2244-1779-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2244-3837-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2244-0-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2432-2007-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2432-3836-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2580-2438-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3835-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download