cobaltstrike | 493ab6d8b21e1cb281dc7a48c22c1a28727e2d0795077f2009a5c681afe0ca33

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-12-2024 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0811681651d6060077371a409ca4b3a1
SHA1

83b8706af25b8202cc6b0f97b66061a1bf19d2aa
SHA256

493ab6d8b21e1cb281dc7a48c22c1a28727e2d0795077f2009a5c681afe0ca33
SHA512

110b201130162c042ed044b8d2720255e4cc09d3bbf4481902ee7647256cea535a67d6fb7613885b0b08abee5087df1fda3e6982ad2662f2e71209b1f16197a6
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUb:T+q56utgpPF8u/7b

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000016d3e-12.dat	cobalt_reflective_dll
behavioral1/files/0x000a00000001225c-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ea4-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dd1-31.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d46-19.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019423-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a5-161.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cfc-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019397-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936b-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019353-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019256-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-140.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-137.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-104.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-58.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018687-38.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016dd7-24.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019356-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001928c-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-88.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-87.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018792-55.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 51 IoCs

miner

resource	yara_rule
behavioral1/memory/2528-0-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2996-11-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2376-15-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d3e-12.dat	xmrig
behavioral1/files/0x000a00000001225c-3.dat	xmrig
behavioral1/memory/2284-37-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/files/0x0008000000016ea4-32.dat	xmrig
behavioral1/files/0x0007000000016dd1-31.dat	xmrig
behavioral1/memory/2772-30-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d46-19.dat	xmrig
behavioral1/files/0x00060000000190ce-65.dat	xmrig
behavioral1/memory/2772-567-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2756-1137-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2760-926-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2528-232-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019423-165.dat	xmrig
behavioral1/files/0x00050000000193a5-161.dat	xmrig
behavioral1/files/0x0009000000016cfc-157.dat	xmrig
behavioral1/files/0x0005000000019397-154.dat	xmrig
behavioral1/files/0x000500000001936b-146.dat	xmrig
behavioral1/files/0x000500000001937b-149.dat	xmrig
behavioral1/files/0x0005000000019353-145.dat	xmrig
behavioral1/files/0x0005000000019284-144.dat	xmrig
behavioral1/files/0x0005000000019263-143.dat	xmrig
behavioral1/files/0x0005000000019256-142.dat	xmrig
behavioral1/files/0x000500000001922c-141.dat	xmrig
behavioral1/files/0x00050000000191d4-140.dat	xmrig
behavioral1/files/0x0006000000018f53-137.dat	xmrig
behavioral1/files/0x0006000000018c1a-136.dat	xmrig
behavioral1/memory/2212-117-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2756-115-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x0005000000019259-105.dat	xmrig
behavioral1/files/0x0005000000019244-104.dat	xmrig
behavioral1/memory/2528-96-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2704-94-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2760-78-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018c26-58.dat	xmrig
behavioral1/memory/2528-40-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2808-39-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x0006000000018687-38.dat	xmrig
behavioral1/files/0x0009000000016dd7-24.dat	xmrig
behavioral1/files/0x0005000000019356-131.dat	xmrig
behavioral1/files/0x000500000001928c-130.dat	xmrig
behavioral1/files/0x0005000000019266-120.dat	xmrig
behavioral1/files/0x00050000000191ff-88.dat	xmrig
behavioral1/files/0x00060000000190e0-87.dat	xmrig
behavioral1/memory/2908-74-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x000600000001903b-72.dat	xmrig
behavioral1/files/0x0005000000018792-55.dat	xmrig
behavioral1/memory/2772-3975-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2760-3973-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2996	uFOuFxZ.exe
2376	EglRaiP.exe
2772	TJBEiHZ.exe
2284	FsDFhSC.exe
2808	lotxXuY.exe
2704	vfBBrSt.exe
2908	CrKPfxh.exe
2760	nAlegij.exe
2756	jsIplJf.exe
2212	lqFGTki.exe
1924	QEeEALF.exe
2020	sInGIhK.exe
1640	gzYSvTI.exe
1388	sJwolvW.exe
760	GnzfPZL.exe
2732	OxiZlLQ.exe
2692	ScFSuAs.exe
2620	yVAXwpm.exe
2752	BWwUgRB.exe
2604	gzHkaoC.exe
2652	lvNFsMk.exe
2008	bqiDZOu.exe
1908	GJGUvwP.exe
1704	sgdgEgZ.exe
2484	zzmsTec.exe
2356	zOUQfha.exe
2416	fPQCJpC.exe
1968	XNsOmnr.exe
1080	LNUIkJf.exe
2976	ZFICTCe.exe
1848	unjqgaV.exe
668	wVEDhsa.exe
1732	ymcSbHH.exe
2480	XAeEhle.exe
1612	ujZhCJE.exe
1604	HmhrsqJ.exe
1940	gPSGsea.exe
828	QxhnJmK.exe
896	ttitgjP.exe
820	HmmnGaJ.exe
2064	eCBwIPU.exe
2148	zlNrUUK.exe
1684	WZaseIk.exe
3028	pToxCgW.exe
1064	MWCvsDs.exe
2120	MkgBrqP.exe
1756	GaFnTpK.exe
1452	kXapSGw.exe
2308	haURNWF.exe
1324	dTRDozc.exe
3040	kmkBCBX.exe
1660	IyeHTdF.exe
2288	xpMPPUU.exe
1416	RDMfnxn.exe
1040	mEseWPu.exe
2296	XRiyPEO.exe
2024	lAIbOhH.exe
2512	JZrlrgp.exe
3052	iLZEOBF.exe
1712	DdKlCOg.exe
2496	xasyUNR.exe
2680	NoWUlVz.exe
2740	xdnnhZA.exe
2796	bfwpEzU.exe

Loads dropped DLL 64 IoCs

pid	Process
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 49 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2528-0-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2996-11-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2376-15-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/files/0x0008000000016d3e-12.dat	upx
behavioral1/files/0x000a00000001225c-3.dat	upx
behavioral1/memory/2284-37-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x0008000000016ea4-32.dat	upx
behavioral1/files/0x0007000000016dd1-31.dat	upx
behavioral1/memory/2772-30-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x0008000000016d46-19.dat	upx
behavioral1/files/0x00060000000190ce-65.dat	upx
behavioral1/memory/2772-567-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2756-1137-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2760-926-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2528-232-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x0005000000019423-165.dat	upx
behavioral1/files/0x00050000000193a5-161.dat	upx
behavioral1/files/0x0009000000016cfc-157.dat	upx
behavioral1/files/0x0005000000019397-154.dat	upx
behavioral1/files/0x000500000001936b-146.dat	upx
behavioral1/files/0x000500000001937b-149.dat	upx
behavioral1/files/0x0005000000019353-145.dat	upx
behavioral1/files/0x0005000000019284-144.dat	upx
behavioral1/files/0x0005000000019263-143.dat	upx
behavioral1/files/0x0005000000019256-142.dat	upx
behavioral1/files/0x000500000001922c-141.dat	upx
behavioral1/files/0x00050000000191d4-140.dat	upx
behavioral1/files/0x0006000000018f53-137.dat	upx
behavioral1/files/0x0006000000018c1a-136.dat	upx
behavioral1/memory/2212-117-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2756-115-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x0005000000019259-105.dat	upx
behavioral1/files/0x0005000000019244-104.dat	upx
behavioral1/memory/2704-94-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2760-78-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x0006000000018c26-58.dat	upx
behavioral1/memory/2808-39-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x0006000000018687-38.dat	upx
behavioral1/files/0x0009000000016dd7-24.dat	upx
behavioral1/files/0x0005000000019356-131.dat	upx
behavioral1/files/0x000500000001928c-130.dat	upx
behavioral1/files/0x0005000000019266-120.dat	upx
behavioral1/files/0x00050000000191ff-88.dat	upx
behavioral1/files/0x00060000000190e0-87.dat	upx
behavioral1/memory/2908-74-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x000600000001903b-72.dat	upx
behavioral1/files/0x0005000000018792-55.dat	upx
behavioral1/memory/2772-3975-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2760-3973-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CFypsyO.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nebtFRU.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FJQBEpp.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YFTULuD.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YEWBxqD.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tYOToFN.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VsLGdlD.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AukJdBW.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IZOVKuT.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JUSEoYU.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XsrVbnz.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EPdqvom.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\opxayjX.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XwmaiYo.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AhBzsUn.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\shvArRD.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wOTyRCm.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gFDbRTJ.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VMZPflv.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\spclRFa.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YfOoCIW.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\STNdwuE.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pvCzUiQ.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WiWicIT.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HdZSLPb.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BKdQuiE.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JcTtAUx.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KKeGDNp.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EtPFplB.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SrKOWmC.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JKpRFeV.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SYfYjFF.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUQawPV.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XpmqFRN.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\klgcOuE.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hURQtwU.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oizNjsy.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VQTSzpt.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tKGNPvu.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHUnPcB.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JCNaQYK.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FpGLOpW.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YQrdQzM.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BJodvJd.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTxfrDt.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YdxKrwQ.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NgwcJSK.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gvMRJbl.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jkyOLkx.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VDEkPNt.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Eqsjahv.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SLedLiy.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\omafkIY.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eQZWjYH.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QByuKwB.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gVsdjCv.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VUmjLzs.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TNEngNG.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VWXaMQx.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whkprUV.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnQHbaW.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nAlegij.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eCBwIPU.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vWClFwE.exe	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 2996	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2528 wrote to memory of 2996	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2528 wrote to memory of 2996	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2528 wrote to memory of 2376	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2528 wrote to memory of 2376	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2528 wrote to memory of 2376	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2528 wrote to memory of 2772	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2528 wrote to memory of 2772	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2528 wrote to memory of 2772	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2528 wrote to memory of 2284	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2528 wrote to memory of 2284	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2528 wrote to memory of 2284	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2528 wrote to memory of 2732	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2528 wrote to memory of 2732	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2528 wrote to memory of 2732	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2528 wrote to memory of 2808	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2528 wrote to memory of 2808	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2528 wrote to memory of 2808	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2528 wrote to memory of 2692	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2528 wrote to memory of 2692	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2528 wrote to memory of 2692	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2528 wrote to memory of 2704	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2528 wrote to memory of 2704	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2528 wrote to memory of 2704	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2528 wrote to memory of 2620	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2528 wrote to memory of 2620	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2528 wrote to memory of 2620	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2528 wrote to memory of 2908	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2528 wrote to memory of 2908	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2528 wrote to memory of 2908	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2528 wrote to memory of 2752	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2528 wrote to memory of 2752	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2528 wrote to memory of 2752	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2528 wrote to memory of 2760	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2528 wrote to memory of 2760	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2528 wrote to memory of 2760	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2528 wrote to memory of 2604	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2528 wrote to memory of 2604	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2528 wrote to memory of 2604	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2528 wrote to memory of 2756	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2528 wrote to memory of 2756	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2528 wrote to memory of 2756	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2528 wrote to memory of 2652	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2528 wrote to memory of 2652	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2528 wrote to memory of 2652	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2528 wrote to memory of 2212	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2528 wrote to memory of 2212	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2528 wrote to memory of 2212	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2528 wrote to memory of 2008	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2528 wrote to memory of 2008	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2528 wrote to memory of 2008	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2528 wrote to memory of 1924	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2528 wrote to memory of 1924	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2528 wrote to memory of 1924	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2528 wrote to memory of 1908	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2528 wrote to memory of 1908	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2528 wrote to memory of 1908	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2528 wrote to memory of 2020	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2528 wrote to memory of 2020	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2528 wrote to memory of 2020	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2528 wrote to memory of 1704	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2528 wrote to memory of 1704	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2528 wrote to memory of 1704	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2528 wrote to memory of 1640	2528	2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-27_0811681651d6060077371a409ca4b3a1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Windows\System\uFOuFxZ.exe
  C:\Windows\System\uFOuFxZ.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\EglRaiP.exe
  C:\Windows\System\EglRaiP.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\TJBEiHZ.exe
  C:\Windows\System\TJBEiHZ.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\FsDFhSC.exe
  C:\Windows\System\FsDFhSC.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\OxiZlLQ.exe
  C:\Windows\System\OxiZlLQ.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\lotxXuY.exe
  C:\Windows\System\lotxXuY.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\ScFSuAs.exe
  C:\Windows\System\ScFSuAs.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\vfBBrSt.exe
  C:\Windows\System\vfBBrSt.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\yVAXwpm.exe
  C:\Windows\System\yVAXwpm.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\CrKPfxh.exe
  C:\Windows\System\CrKPfxh.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\BWwUgRB.exe
  C:\Windows\System\BWwUgRB.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\nAlegij.exe
  C:\Windows\System\nAlegij.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\gzHkaoC.exe
  C:\Windows\System\gzHkaoC.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\jsIplJf.exe
  C:\Windows\System\jsIplJf.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\lvNFsMk.exe
  C:\Windows\System\lvNFsMk.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\lqFGTki.exe
  C:\Windows\System\lqFGTki.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\bqiDZOu.exe
  C:\Windows\System\bqiDZOu.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\QEeEALF.exe
  C:\Windows\System\QEeEALF.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\GJGUvwP.exe
  C:\Windows\System\GJGUvwP.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\sInGIhK.exe
  C:\Windows\System\sInGIhK.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\sgdgEgZ.exe
  C:\Windows\System\sgdgEgZ.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\gzYSvTI.exe
  C:\Windows\System\gzYSvTI.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\zzmsTec.exe
  C:\Windows\System\zzmsTec.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\sJwolvW.exe
  C:\Windows\System\sJwolvW.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\zOUQfha.exe
  C:\Windows\System\zOUQfha.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\GnzfPZL.exe
  C:\Windows\System\GnzfPZL.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\fPQCJpC.exe
  C:\Windows\System\fPQCJpC.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\XNsOmnr.exe
  C:\Windows\System\XNsOmnr.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\LNUIkJf.exe
  C:\Windows\System\LNUIkJf.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\ZFICTCe.exe
  C:\Windows\System\ZFICTCe.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\unjqgaV.exe
  C:\Windows\System\unjqgaV.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\wVEDhsa.exe
  C:\Windows\System\wVEDhsa.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\ymcSbHH.exe
  C:\Windows\System\ymcSbHH.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\XAeEhle.exe
  C:\Windows\System\XAeEhle.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\ujZhCJE.exe
  C:\Windows\System\ujZhCJE.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\HmhrsqJ.exe
  C:\Windows\System\HmhrsqJ.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\gPSGsea.exe
  C:\Windows\System\gPSGsea.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\QxhnJmK.exe
  C:\Windows\System\QxhnJmK.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\ttitgjP.exe
  C:\Windows\System\ttitgjP.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\HmmnGaJ.exe
  C:\Windows\System\HmmnGaJ.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\eCBwIPU.exe
  C:\Windows\System\eCBwIPU.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\zlNrUUK.exe
  C:\Windows\System\zlNrUUK.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\WZaseIk.exe
  C:\Windows\System\WZaseIk.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\pToxCgW.exe
  C:\Windows\System\pToxCgW.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\MWCvsDs.exe
  C:\Windows\System\MWCvsDs.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\MkgBrqP.exe
  C:\Windows\System\MkgBrqP.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\GaFnTpK.exe
  C:\Windows\System\GaFnTpK.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\kXapSGw.exe
  C:\Windows\System\kXapSGw.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\haURNWF.exe
  C:\Windows\System\haURNWF.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\dTRDozc.exe
  C:\Windows\System\dTRDozc.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\kmkBCBX.exe
  C:\Windows\System\kmkBCBX.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\IyeHTdF.exe
  C:\Windows\System\IyeHTdF.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\xpMPPUU.exe
  C:\Windows\System\xpMPPUU.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\RDMfnxn.exe
  C:\Windows\System\RDMfnxn.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\mEseWPu.exe
  C:\Windows\System\mEseWPu.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\XRiyPEO.exe
  C:\Windows\System\XRiyPEO.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\lAIbOhH.exe
  C:\Windows\System\lAIbOhH.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\JZrlrgp.exe
  C:\Windows\System\JZrlrgp.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\iLZEOBF.exe
  C:\Windows\System\iLZEOBF.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\DdKlCOg.exe
  C:\Windows\System\DdKlCOg.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\xasyUNR.exe
  C:\Windows\System\xasyUNR.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\NoWUlVz.exe
  C:\Windows\System\NoWUlVz.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\xdnnhZA.exe
  C:\Windows\System\xdnnhZA.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\bfwpEzU.exe
  C:\Windows\System\bfwpEzU.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\efOuumM.exe
  C:\Windows\System\efOuumM.exe
  2⤵
  PID:2580
- C:\Windows\System\jyEzwvB.exe
  C:\Windows\System\jyEzwvB.exe
  2⤵
  PID:1656
- C:\Windows\System\uGhlnTz.exe
  C:\Windows\System\uGhlnTz.exe
  2⤵
  PID:1868
- C:\Windows\System\hHbeJIR.exe
  C:\Windows\System\hHbeJIR.exe
  2⤵
  PID:2164
- C:\Windows\System\NagtfQz.exe
  C:\Windows\System\NagtfQz.exe
  2⤵
  PID:2940
- C:\Windows\System\boNDPfI.exe
  C:\Windows\System\boNDPfI.exe
  2⤵
  PID:2820
- C:\Windows\System\vxxIPRF.exe
  C:\Windows\System\vxxIPRF.exe
  2⤵
  PID:2948
- C:\Windows\System\nwJLWMU.exe
  C:\Windows\System\nwJLWMU.exe
  2⤵
  PID:2660
- C:\Windows\System\XaJszhM.exe
  C:\Windows\System\XaJszhM.exe
  2⤵
  PID:1636
- C:\Windows\System\HFlrHkV.exe
  C:\Windows\System\HFlrHkV.exe
  2⤵
  PID:2488
- C:\Windows\System\jtMvdSL.exe
  C:\Windows\System\jtMvdSL.exe
  2⤵
  PID:1816
- C:\Windows\System\rvhQMvP.exe
  C:\Windows\System\rvhQMvP.exe
  2⤵
  PID:2236
- C:\Windows\System\lmMdHaL.exe
  C:\Windows\System\lmMdHaL.exe
  2⤵
  PID:1432
- C:\Windows\System\ifZDvpt.exe
  C:\Windows\System\ifZDvpt.exe
  2⤵
  PID:1776
- C:\Windows\System\lawdlmW.exe
  C:\Windows\System\lawdlmW.exe
  2⤵
  PID:788
- C:\Windows\System\ODgQwlX.exe
  C:\Windows\System\ODgQwlX.exe
  2⤵
  PID:1900
- C:\Windows\System\sgjqEez.exe
  C:\Windows\System\sgjqEez.exe
  2⤵
  PID:540
- C:\Windows\System\hdSDodp.exe
  C:\Windows\System\hdSDodp.exe
  2⤵
  PID:1448
- C:\Windows\System\JOZccDp.exe
  C:\Windows\System\JOZccDp.exe
  2⤵
  PID:1208
- C:\Windows\System\btCwBvV.exe
  C:\Windows\System\btCwBvV.exe
  2⤵
  PID:572
- C:\Windows\System\ovDnINU.exe
  C:\Windows\System\ovDnINU.exe
  2⤵
  PID:2132
- C:\Windows\System\gjuaKzN.exe
  C:\Windows\System\gjuaKzN.exe
  2⤵
  PID:2248
- C:\Windows\System\bBrFbGW.exe
  C:\Windows\System\bBrFbGW.exe
  2⤵
  PID:2264
- C:\Windows\System\GvlzuCn.exe
  C:\Windows\System\GvlzuCn.exe
  2⤵
  PID:2464
- C:\Windows\System\qNPJdkK.exe
  C:\Windows\System\qNPJdkK.exe
  2⤵
  PID:876
- C:\Windows\System\hHjpzaK.exe
  C:\Windows\System\hHjpzaK.exe
  2⤵
  PID:1932
- C:\Windows\System\fKzudZy.exe
  C:\Windows\System\fKzudZy.exe
  2⤵
  PID:2424
- C:\Windows\System\lkVfYHC.exe
  C:\Windows\System\lkVfYHC.exe
  2⤵
  PID:1628
- C:\Windows\System\KuySELe.exe
  C:\Windows\System\KuySELe.exe
  2⤵
  PID:2256
- C:\Windows\System\aVaWPBf.exe
  C:\Windows\System\aVaWPBf.exe
  2⤵
  PID:2252
- C:\Windows\System\ASPQiSE.exe
  C:\Windows\System\ASPQiSE.exe
  2⤵
  PID:2108
- C:\Windows\System\yTbtThf.exe
  C:\Windows\System\yTbtThf.exe
  2⤵
  PID:3084
- C:\Windows\System\yeksaay.exe
  C:\Windows\System\yeksaay.exe
  2⤵
  PID:3100
- C:\Windows\System\oJSWmdW.exe
  C:\Windows\System\oJSWmdW.exe
  2⤵
  PID:3116
- C:\Windows\System\SetluQP.exe
  C:\Windows\System\SetluQP.exe
  2⤵
  PID:3132
- C:\Windows\System\YTxfrDt.exe
  C:\Windows\System\YTxfrDt.exe
  2⤵
  PID:3152
- C:\Windows\System\LGdfvdw.exe
  C:\Windows\System\LGdfvdw.exe
  2⤵
  PID:3200
- C:\Windows\System\HaNDXqy.exe
  C:\Windows\System\HaNDXqy.exe
  2⤵
  PID:3252
- C:\Windows\System\Vabjiwe.exe
  C:\Windows\System\Vabjiwe.exe
  2⤵
  PID:3316
- C:\Windows\System\xFGwcki.exe
  C:\Windows\System\xFGwcki.exe
  2⤵
  PID:3364
- C:\Windows\System\CzbmrQp.exe
  C:\Windows\System\CzbmrQp.exe
  2⤵
  PID:3404
- C:\Windows\System\UKRYZRZ.exe
  C:\Windows\System\UKRYZRZ.exe
  2⤵
  PID:3452
- C:\Windows\System\othpMXZ.exe
  C:\Windows\System\othpMXZ.exe
  2⤵
  PID:3672
- C:\Windows\System\LUsbZRU.exe
  C:\Windows\System\LUsbZRU.exe
  2⤵
  PID:3688
- C:\Windows\System\gszHPce.exe
  C:\Windows\System\gszHPce.exe
  2⤵
  PID:3712
- C:\Windows\System\uzGuwag.exe
  C:\Windows\System\uzGuwag.exe
  2⤵
  PID:3728
- C:\Windows\System\rCvGmOI.exe
  C:\Windows\System\rCvGmOI.exe
  2⤵
  PID:3748
- C:\Windows\System\xhcYYBQ.exe
  C:\Windows\System\xhcYYBQ.exe
  2⤵
  PID:3768
- C:\Windows\System\GSoSiwK.exe
  C:\Windows\System\GSoSiwK.exe
  2⤵
  PID:3788
- C:\Windows\System\keZxbdF.exe
  C:\Windows\System\keZxbdF.exe
  2⤵
  PID:3808
- C:\Windows\System\YqDVvLG.exe
  C:\Windows\System\YqDVvLG.exe
  2⤵
  PID:3828
- C:\Windows\System\BBEjxNY.exe
  C:\Windows\System\BBEjxNY.exe
  2⤵
  PID:3852
- C:\Windows\System\ukQMcDG.exe
  C:\Windows\System\ukQMcDG.exe
  2⤵
  PID:3868
- C:\Windows\System\NspEHMR.exe
  C:\Windows\System\NspEHMR.exe
  2⤵
  PID:3888
- C:\Windows\System\BxXvGcr.exe
  C:\Windows\System\BxXvGcr.exe
  2⤵
  PID:3908
- C:\Windows\System\emQcPPt.exe
  C:\Windows\System\emQcPPt.exe
  2⤵
  PID:3928
- C:\Windows\System\bHUnPcB.exe
  C:\Windows\System\bHUnPcB.exe
  2⤵
  PID:3948
- C:\Windows\System\BqKgHzO.exe
  C:\Windows\System\BqKgHzO.exe
  2⤵
  PID:3964
- C:\Windows\System\OPimnWp.exe
  C:\Windows\System\OPimnWp.exe
  2⤵
  PID:3988
- C:\Windows\System\MDUyoKt.exe
  C:\Windows\System\MDUyoKt.exe
  2⤵
  PID:4004
- C:\Windows\System\iSrqSzV.exe
  C:\Windows\System\iSrqSzV.exe
  2⤵
  PID:4028
- C:\Windows\System\OPGVdVa.exe
  C:\Windows\System\OPGVdVa.exe
  2⤵
  PID:4044
- C:\Windows\System\XVKnhbj.exe
  C:\Windows\System\XVKnhbj.exe
  2⤵
  PID:4064
- C:\Windows\System\lmCbfSl.exe
  C:\Windows\System\lmCbfSl.exe
  2⤵
  PID:4092
- C:\Windows\System\XUNrHYk.exe
  C:\Windows\System\XUNrHYk.exe
  2⤵
  PID:2836
- C:\Windows\System\lVMoQnC.exe
  C:\Windows\System\lVMoQnC.exe
  2⤵
  PID:2656
- C:\Windows\System\gkJtbGY.exe
  C:\Windows\System\gkJtbGY.exe
  2⤵
  PID:1936
- C:\Windows\System\Ppukxfe.exe
  C:\Windows\System\Ppukxfe.exe
  2⤵
  PID:1012
- C:\Windows\System\tFSgvtY.exe
  C:\Windows\System\tFSgvtY.exe
  2⤵
  PID:1484
- C:\Windows\System\XjRAgCI.exe
  C:\Windows\System\XjRAgCI.exe
  2⤵
  PID:2208
- C:\Windows\System\WNLaYTi.exe
  C:\Windows\System\WNLaYTi.exe
  2⤵
  PID:2788
- C:\Windows\System\SVSrvZm.exe
  C:\Windows\System\SVSrvZm.exe
  2⤵
  PID:2116
- C:\Windows\System\SvBtpmv.exe
  C:\Windows\System\SvBtpmv.exe
  2⤵
  PID:3096
- C:\Windows\System\zXgehjD.exe
  C:\Windows\System\zXgehjD.exe
  2⤵
  PID:3176
- C:\Windows\System\sCNBwbT.exe
  C:\Windows\System\sCNBwbT.exe
  2⤵
  PID:3192
- C:\Windows\System\jkyOLkx.exe
  C:\Windows\System\jkyOLkx.exe
  2⤵
  PID:2556
- C:\Windows\System\vyGopDu.exe
  C:\Windows\System\vyGopDu.exe
  2⤵
  PID:324
- C:\Windows\System\ulsUvVw.exe
  C:\Windows\System\ulsUvVw.exe
  2⤵
  PID:3268
- C:\Windows\System\IYNWBhQ.exe
  C:\Windows\System\IYNWBhQ.exe
  2⤵
  PID:3284
- C:\Windows\System\eRUMCuG.exe
  C:\Windows\System\eRUMCuG.exe
  2⤵
  PID:3308
- C:\Windows\System\XVqATOv.exe
  C:\Windows\System\XVqATOv.exe
  2⤵
  PID:3388
- C:\Windows\System\CzLgKyc.exe
  C:\Windows\System\CzLgKyc.exe
  2⤵
  PID:1352
- C:\Windows\System\fhwaklW.exe
  C:\Windows\System\fhwaklW.exe
  2⤵
  PID:3108
- C:\Windows\System\pJIRBfN.exe
  C:\Windows\System\pJIRBfN.exe
  2⤵
  PID:3208
- C:\Windows\System\hXxpilS.exe
  C:\Windows\System\hXxpilS.exe
  2⤵
  PID:3220
- C:\Windows\System\JCNaQYK.exe
  C:\Windows\System\JCNaQYK.exe
  2⤵
  PID:3244
- C:\Windows\System\EuvODfO.exe
  C:\Windows\System\EuvODfO.exe
  2⤵
  PID:3336
- C:\Windows\System\zfzMGoj.exe
  C:\Windows\System\zfzMGoj.exe
  2⤵
  PID:3352
- C:\Windows\System\HWoBixQ.exe
  C:\Windows\System\HWoBixQ.exe
  2⤵
  PID:3448
- C:\Windows\System\pxEREev.exe
  C:\Windows\System\pxEREev.exe
  2⤵
  PID:3476
- C:\Windows\System\TWetjzF.exe
  C:\Windows\System\TWetjzF.exe
  2⤵
  PID:3500
- C:\Windows\System\IicsqjB.exe
  C:\Windows\System\IicsqjB.exe
  2⤵
  PID:3516
- C:\Windows\System\CBKBVJb.exe
  C:\Windows\System\CBKBVJb.exe
  2⤵
  PID:3540
- C:\Windows\System\NEHXHRk.exe
  C:\Windows\System\NEHXHRk.exe
  2⤵
  PID:3564
- C:\Windows\System\DHErxHv.exe
  C:\Windows\System\DHErxHv.exe
  2⤵
  PID:3580
- C:\Windows\System\IKHwHib.exe
  C:\Windows\System\IKHwHib.exe
  2⤵
  PID:3608
- C:\Windows\System\cdufNnG.exe
  C:\Windows\System\cdufNnG.exe
  2⤵
  PID:3628
- C:\Windows\System\ofiJIJo.exe
  C:\Windows\System\ofiJIJo.exe
  2⤵
  PID:3648
- C:\Windows\System\WrRMMLu.exe
  C:\Windows\System\WrRMMLu.exe
  2⤵
  PID:3664
- C:\Windows\System\TfMqtwO.exe
  C:\Windows\System\TfMqtwO.exe
  2⤵
  PID:3736
- C:\Windows\System\WBeioHg.exe
  C:\Windows\System\WBeioHg.exe
  2⤵
  PID:3784
- C:\Windows\System\YPMDBwj.exe
  C:\Windows\System\YPMDBwj.exe
  2⤵
  PID:3724
- C:\Windows\System\aNKBuel.exe
  C:\Windows\System\aNKBuel.exe
  2⤵
  PID:3820
- C:\Windows\System\ixUbgce.exe
  C:\Windows\System\ixUbgce.exe
  2⤵
  PID:3836
- C:\Windows\System\zsEbReS.exe
  C:\Windows\System\zsEbReS.exe
  2⤵
  PID:3896
- C:\Windows\System\shvArRD.exe
  C:\Windows\System\shvArRD.exe
  2⤵
  PID:3880
- C:\Windows\System\NWJPUug.exe
  C:\Windows\System\NWJPUug.exe
  2⤵
  PID:3972
- C:\Windows\System\nRXRcjE.exe
  C:\Windows\System\nRXRcjE.exe
  2⤵
  PID:4016
- C:\Windows\System\jqFwBBb.exe
  C:\Windows\System\jqFwBBb.exe
  2⤵
  PID:3960
- C:\Windows\System\pUDsZnd.exe
  C:\Windows\System\pUDsZnd.exe
  2⤵
  PID:4060
- C:\Windows\System\OOQpkrX.exe
  C:\Windows\System\OOQpkrX.exe
  2⤵
  PID:4040
- C:\Windows\System\hPasLgu.exe
  C:\Windows\System\hPasLgu.exe
  2⤵
  PID:2972
- C:\Windows\System\mAmafnP.exe
  C:\Windows\System\mAmafnP.exe
  2⤵
  PID:4088
- C:\Windows\System\rSWlEZJ.exe
  C:\Windows\System\rSWlEZJ.exe
  2⤵
  PID:2344
- C:\Windows\System\InnqZEI.exe
  C:\Windows\System\InnqZEI.exe
  2⤵
  PID:628
- C:\Windows\System\XqWPXTI.exe
  C:\Windows\System\XqWPXTI.exe
  2⤵
  PID:2532
- C:\Windows\System\aVQPiNf.exe
  C:\Windows\System\aVQPiNf.exe
  2⤵
  PID:1560
- C:\Windows\System\YpsmjMH.exe
  C:\Windows\System\YpsmjMH.exe
  2⤵
  PID:3164
- C:\Windows\System\NOsAWZB.exe
  C:\Windows\System\NOsAWZB.exe
  2⤵
  PID:1916
- C:\Windows\System\NxTXtkW.exe
  C:\Windows\System\NxTXtkW.exe
  2⤵
  PID:3280
- C:\Windows\System\fMrTdVF.exe
  C:\Windows\System\fMrTdVF.exe
  2⤵
  PID:3260
- C:\Windows\System\wMWhFgD.exe
  C:\Windows\System\wMWhFgD.exe
  2⤵
  PID:3304
- C:\Windows\System\WrTOqCn.exe
  C:\Windows\System\WrTOqCn.exe
  2⤵
  PID:3076
- C:\Windows\System\uVhHKfi.exe
  C:\Windows\System\uVhHKfi.exe
  2⤵
  PID:3224
- C:\Windows\System\YHutqxv.exe
  C:\Windows\System\YHutqxv.exe
  2⤵
  PID:3232
- C:\Windows\System\Haollat.exe
  C:\Windows\System\Haollat.exe
  2⤵
  PID:3416
- C:\Windows\System\MgXAGDz.exe
  C:\Windows\System\MgXAGDz.exe
  2⤵
  PID:3496
- C:\Windows\System\yGcDIQk.exe
  C:\Windows\System\yGcDIQk.exe
  2⤵
  PID:3528
- C:\Windows\System\OwqQjkU.exe
  C:\Windows\System\OwqQjkU.exe
  2⤵
  PID:3572
- C:\Windows\System\UqIfOXu.exe
  C:\Windows\System\UqIfOXu.exe
  2⤵
  PID:3556
- C:\Windows\System\KbqjXgM.exe
  C:\Windows\System\KbqjXgM.exe
  2⤵
  PID:3596
- C:\Windows\System\rvwGljP.exe
  C:\Windows\System\rvwGljP.exe
  2⤵
  PID:3600
- C:\Windows\System\nxJwxok.exe
  C:\Windows\System\nxJwxok.exe
  2⤵
  PID:3640
- C:\Windows\System\duWmniW.exe
  C:\Windows\System\duWmniW.exe
  2⤵
  PID:3700
- C:\Windows\System\GokgsCs.exe
  C:\Windows\System\GokgsCs.exe
  2⤵
  PID:3764
- C:\Windows\System\JckFZhX.exe
  C:\Windows\System\JckFZhX.exe
  2⤵
  PID:3844
- C:\Windows\System\ujIzPIO.exe
  C:\Windows\System\ujIzPIO.exe
  2⤵
  PID:3940
- C:\Windows\System\HejKAol.exe
  C:\Windows\System\HejKAol.exe
  2⤵
  PID:3876
- C:\Windows\System\pfvUwHa.exe
  C:\Windows\System\pfvUwHa.exe
  2⤵
  PID:4076
- C:\Windows\System\eQrFKre.exe
  C:\Windows\System\eQrFKre.exe
  2⤵
  PID:2352
- C:\Windows\System\ggxUFnk.exe
  C:\Windows\System\ggxUFnk.exe
  2⤵
  PID:2192
- C:\Windows\System\ZPGqIvo.exe
  C:\Windows\System\ZPGqIvo.exe
  2⤵
  PID:3168
- C:\Windows\System\IwBiRMI.exe
  C:\Windows\System\IwBiRMI.exe
  2⤵
  PID:3092
- C:\Windows\System\SsJmCGU.exe
  C:\Windows\System\SsJmCGU.exe
  2⤵
  PID:2744
- C:\Windows\System\npkzhYh.exe
  C:\Windows\System\npkzhYh.exe
  2⤵
  PID:1768
- C:\Windows\System\OtYPSel.exe
  C:\Windows\System\OtYPSel.exe
  2⤵
  PID:1460
- C:\Windows\System\UwAjNmN.exe
  C:\Windows\System\UwAjNmN.exe
  2⤵
  PID:3328
- C:\Windows\System\bwpjIXB.exe
  C:\Windows\System\bwpjIXB.exe
  2⤵
  PID:3144
- C:\Windows\System\spclRFa.exe
  C:\Windows\System\spclRFa.exe
  2⤵
  PID:3216
- C:\Windows\System\EtwOGXl.exe
  C:\Windows\System\EtwOGXl.exe
  2⤵
  PID:3464
- C:\Windows\System\PeOnuJy.exe
  C:\Windows\System\PeOnuJy.exe
  2⤵
  PID:3592
- C:\Windows\System\kkWnCZZ.exe
  C:\Windows\System\kkWnCZZ.exe
  2⤵
  PID:3636
- C:\Windows\System\qXsWPSF.exe
  C:\Windows\System\qXsWPSF.exe
  2⤵
  PID:3668
- C:\Windows\System\AHCYPRL.exe
  C:\Windows\System\AHCYPRL.exe
  2⤵
  PID:3884
- C:\Windows\System\brqWbZu.exe
  C:\Windows\System\brqWbZu.exe
  2⤵
  PID:4108
- C:\Windows\System\ZnSBkNl.exe
  C:\Windows\System\ZnSBkNl.exe
  2⤵
  PID:4124
- C:\Windows\System\RcdGPuy.exe
  C:\Windows\System\RcdGPuy.exe
  2⤵
  PID:4140
- C:\Windows\System\JCPUSDa.exe
  C:\Windows\System\JCPUSDa.exe
  2⤵
  PID:4164
- C:\Windows\System\RwRKvpb.exe
  C:\Windows\System\RwRKvpb.exe
  2⤵
  PID:4184
- C:\Windows\System\dmcNAGS.exe
  C:\Windows\System\dmcNAGS.exe
  2⤵
  PID:4204
- C:\Windows\System\gbqhvFf.exe
  C:\Windows\System\gbqhvFf.exe
  2⤵
  PID:4224
- C:\Windows\System\omafkIY.exe
  C:\Windows\System\omafkIY.exe
  2⤵
  PID:4244
- C:\Windows\System\mZvhApL.exe
  C:\Windows\System\mZvhApL.exe
  2⤵
  PID:4268
- C:\Windows\System\fVZaKfL.exe
  C:\Windows\System\fVZaKfL.exe
  2⤵
  PID:4284
- C:\Windows\System\JeXMKov.exe
  C:\Windows\System\JeXMKov.exe
  2⤵
  PID:4308
- C:\Windows\System\evVPzax.exe
  C:\Windows\System\evVPzax.exe
  2⤵
  PID:4324
- C:\Windows\System\FgIHfyZ.exe
  C:\Windows\System\FgIHfyZ.exe
  2⤵
  PID:4344
- C:\Windows\System\vWClFwE.exe
  C:\Windows\System\vWClFwE.exe
  2⤵
  PID:4364
- C:\Windows\System\yjYAPhk.exe
  C:\Windows\System\yjYAPhk.exe
  2⤵
  PID:4384
- C:\Windows\System\YdxKrwQ.exe
  C:\Windows\System\YdxKrwQ.exe
  2⤵
  PID:4404
- C:\Windows\System\ykxIdLP.exe
  C:\Windows\System\ykxIdLP.exe
  2⤵
  PID:4420
- C:\Windows\System\MFpUbiU.exe
  C:\Windows\System\MFpUbiU.exe
  2⤵
  PID:4440
- C:\Windows\System\myEQchm.exe
  C:\Windows\System\myEQchm.exe
  2⤵
  PID:4460
- C:\Windows\System\upGCZqn.exe
  C:\Windows\System\upGCZqn.exe
  2⤵
  PID:4488
- C:\Windows\System\bEDTGxu.exe
  C:\Windows\System\bEDTGxu.exe
  2⤵
  PID:4508
- C:\Windows\System\VzpbTBM.exe
  C:\Windows\System\VzpbTBM.exe
  2⤵
  PID:4528
- C:\Windows\System\XezfPIR.exe
  C:\Windows\System\XezfPIR.exe
  2⤵
  PID:4544
- C:\Windows\System\JbQLLZn.exe
  C:\Windows\System\JbQLLZn.exe
  2⤵
  PID:4564
- C:\Windows\System\EtPFplB.exe
  C:\Windows\System\EtPFplB.exe
  2⤵
  PID:4588
- C:\Windows\System\iXiDFSQ.exe
  C:\Windows\System\iXiDFSQ.exe
  2⤵
  PID:4608
- C:\Windows\System\xTtselj.exe
  C:\Windows\System\xTtselj.exe
  2⤵
  PID:4632
- C:\Windows\System\QlKwLlF.exe
  C:\Windows\System\QlKwLlF.exe
  2⤵
  PID:4652
- C:\Windows\System\CtgFRkr.exe
  C:\Windows\System\CtgFRkr.exe
  2⤵
  PID:4672
- C:\Windows\System\AMKRxtC.exe
  C:\Windows\System\AMKRxtC.exe
  2⤵
  PID:4688
- C:\Windows\System\MEYYpAJ.exe
  C:\Windows\System\MEYYpAJ.exe
  2⤵
  PID:4704
- C:\Windows\System\nfOhBxa.exe
  C:\Windows\System\nfOhBxa.exe
  2⤵
  PID:4728
- C:\Windows\System\eUFsmZo.exe
  C:\Windows\System\eUFsmZo.exe
  2⤵
  PID:4744
- C:\Windows\System\hBkhwyl.exe
  C:\Windows\System\hBkhwyl.exe
  2⤵
  PID:4768
- C:\Windows\System\UxGNnFI.exe
  C:\Windows\System\UxGNnFI.exe
  2⤵
  PID:4784
- C:\Windows\System\TfJicAR.exe
  C:\Windows\System\TfJicAR.exe
  2⤵
  PID:4800
- C:\Windows\System\WSDxKIE.exe
  C:\Windows\System\WSDxKIE.exe
  2⤵
  PID:4824
- C:\Windows\System\zvjeqCq.exe
  C:\Windows\System\zvjeqCq.exe
  2⤵
  PID:4844
- C:\Windows\System\ykmQzoR.exe
  C:\Windows\System\ykmQzoR.exe
  2⤵
  PID:4864
- C:\Windows\System\mfxrFFY.exe
  C:\Windows\System\mfxrFFY.exe
  2⤵
  PID:4884
- C:\Windows\System\zfLfmie.exe
  C:\Windows\System\zfLfmie.exe
  2⤵
  PID:4912
- C:\Windows\System\sTlgYkg.exe
  C:\Windows\System\sTlgYkg.exe
  2⤵
  PID:4928
- C:\Windows\System\qKouIDS.exe
  C:\Windows\System\qKouIDS.exe
  2⤵
  PID:4952
- C:\Windows\System\cETUzwU.exe
  C:\Windows\System\cETUzwU.exe
  2⤵
  PID:4968
- C:\Windows\System\wOTyRCm.exe
  C:\Windows\System\wOTyRCm.exe
  2⤵
  PID:4988
- C:\Windows\System\zsmeRAX.exe
  C:\Windows\System\zsmeRAX.exe
  2⤵
  PID:5012
- C:\Windows\System\TDhUxkv.exe
  C:\Windows\System\TDhUxkv.exe
  2⤵
  PID:5032
- C:\Windows\System\nebtFRU.exe
  C:\Windows\System\nebtFRU.exe
  2⤵
  PID:5048
- C:\Windows\System\yqxmuWP.exe
  C:\Windows\System\yqxmuWP.exe
  2⤵
  PID:5068
- C:\Windows\System\qkuHlCV.exe
  C:\Windows\System\qkuHlCV.exe
  2⤵
  PID:5088
- C:\Windows\System\JykTPmR.exe
  C:\Windows\System\JykTPmR.exe
  2⤵
  PID:5108
- C:\Windows\System\sPDIkmQ.exe
  C:\Windows\System\sPDIkmQ.exe
  2⤵
  PID:3984
- C:\Windows\System\dgnzhRX.exe
  C:\Windows\System\dgnzhRX.exe
  2⤵
  PID:3916
- C:\Windows\System\mgqarpR.exe
  C:\Windows\System\mgqarpR.exe
  2⤵
  PID:4020
- C:\Windows\System\pMEWXvj.exe
  C:\Windows\System\pMEWXvj.exe
  2⤵
  PID:3004
- C:\Windows\System\SdGNTFF.exe
  C:\Windows\System\SdGNTFF.exe
  2⤵
  PID:2084
- C:\Windows\System\iFFKEuz.exe
  C:\Windows\System\iFFKEuz.exe
  2⤵
  PID:3300
- C:\Windows\System\AWMhgxJ.exe
  C:\Windows\System\AWMhgxJ.exe
  2⤵
  PID:3488
- C:\Windows\System\szwDdje.exe
  C:\Windows\System\szwDdje.exe
  2⤵
  PID:3412
- C:\Windows\System\RmNqzOw.exe
  C:\Windows\System\RmNqzOw.exe
  2⤵
  PID:3656
- C:\Windows\System\vdroNpK.exe
  C:\Windows\System\vdroNpK.exe
  2⤵
  PID:3240
- C:\Windows\System\ZCyElJn.exe
  C:\Windows\System\ZCyElJn.exe
  2⤵
  PID:3560
- C:\Windows\System\mnHqcZs.exe
  C:\Windows\System\mnHqcZs.exe
  2⤵
  PID:3824
- C:\Windows\System\yXMwTMR.exe
  C:\Windows\System\yXMwTMR.exe
  2⤵
  PID:4116
- C:\Windows\System\XFKpsKi.exe
  C:\Windows\System\XFKpsKi.exe
  2⤵
  PID:4156
- C:\Windows\System\DHfeOUR.exe
  C:\Windows\System\DHfeOUR.exe
  2⤵
  PID:4260
- C:\Windows\System\PNKuHac.exe
  C:\Windows\System\PNKuHac.exe
  2⤵
  PID:4160
- C:\Windows\System\XTFVqds.exe
  C:\Windows\System\XTFVqds.exe
  2⤵
  PID:4340
- C:\Windows\System\cMYhdso.exe
  C:\Windows\System\cMYhdso.exe
  2⤵
  PID:4240
- C:\Windows\System\FntRLsb.exe
  C:\Windows\System\FntRLsb.exe
  2⤵
  PID:4372
- C:\Windows\System\hURQtwU.exe
  C:\Windows\System\hURQtwU.exe
  2⤵
  PID:4448
- C:\Windows\System\QiHTOas.exe
  C:\Windows\System\QiHTOas.exe
  2⤵
  PID:4360
- C:\Windows\System\NgwcJSK.exe
  C:\Windows\System\NgwcJSK.exe
  2⤵
  PID:4428
- C:\Windows\System\trAvgDt.exe
  C:\Windows\System\trAvgDt.exe
  2⤵
  PID:4472
- C:\Windows\System\TbRbqsh.exe
  C:\Windows\System\TbRbqsh.exe
  2⤵
  PID:4536
- C:\Windows\System\yXJjUKP.exe
  C:\Windows\System\yXJjUKP.exe
  2⤵
  PID:4576
- C:\Windows\System\eapJjyO.exe
  C:\Windows\System\eapJjyO.exe
  2⤵
  PID:4628
- C:\Windows\System\nYRwwfl.exe
  C:\Windows\System\nYRwwfl.exe
  2⤵
  PID:4560
- C:\Windows\System\CWeytZe.exe
  C:\Windows\System\CWeytZe.exe
  2⤵
  PID:4604
- C:\Windows\System\oejGFCz.exe
  C:\Windows\System\oejGFCz.exe
  2⤵
  PID:4644
- C:\Windows\System\eQZWjYH.exe
  C:\Windows\System\eQZWjYH.exe
  2⤵
  PID:4740
- C:\Windows\System\vYdOqbB.exe
  C:\Windows\System\vYdOqbB.exe
  2⤵
  PID:4712
- C:\Windows\System\AzgOYYs.exe
  C:\Windows\System\AzgOYYs.exe
  2⤵
  PID:4752
- C:\Windows\System\gBQUNJe.exe
  C:\Windows\System\gBQUNJe.exe
  2⤵
  PID:4764
- C:\Windows\System\RuhKstm.exe
  C:\Windows\System\RuhKstm.exe
  2⤵
  PID:4900
- C:\Windows\System\ZzIYuaE.exe
  C:\Windows\System\ZzIYuaE.exe
  2⤵
  PID:4944
- C:\Windows\System\FfbYutz.exe
  C:\Windows\System\FfbYutz.exe
  2⤵
  PID:4792
- C:\Windows\System\uirYPEI.exe
  C:\Windows\System\uirYPEI.exe
  2⤵
  PID:4920
- C:\Windows\System\vswXSls.exe
  C:\Windows\System\vswXSls.exe
  2⤵
  PID:5024
- C:\Windows\System\siQrajB.exe
  C:\Windows\System\siQrajB.exe
  2⤵
  PID:5064
- C:\Windows\System\UFPXrBe.exe
  C:\Windows\System\UFPXrBe.exe
  2⤵
  PID:5096
- C:\Windows\System\BoqWybx.exe
  C:\Windows\System\BoqWybx.exe
  2⤵
  PID:5044
- C:\Windows\System\tUKyAIW.exe
  C:\Windows\System\tUKyAIW.exe
  2⤵
  PID:5084
- C:\Windows\System\KlGJecA.exe
  C:\Windows\System\KlGJecA.exe
  2⤵
  PID:1888
- C:\Windows\System\XsUlivW.exe
  C:\Windows\System\XsUlivW.exe
  2⤵
  PID:1780
- C:\Windows\System\djSKqtA.exe
  C:\Windows\System\djSKqtA.exe
  2⤵
  PID:1280
- C:\Windows\System\ZLogEnj.exe
  C:\Windows\System\ZLogEnj.exe
  2⤵
  PID:3472
- C:\Windows\System\CFGWZtv.exe
  C:\Windows\System\CFGWZtv.exe
  2⤵
  PID:4100
- C:\Windows\System\lgXsiNU.exe
  C:\Windows\System\lgXsiNU.exe
  2⤵
  PID:3620
- C:\Windows\System\wAknzTK.exe
  C:\Windows\System\wAknzTK.exe
  2⤵
  PID:4220
- C:\Windows\System\ewxmJRR.exe
  C:\Windows\System\ewxmJRR.exe
  2⤵
  PID:4152
- C:\Windows\System\MRDSNCL.exe
  C:\Windows\System\MRDSNCL.exe
  2⤵
  PID:4304
- C:\Windows\System\MzEJbyj.exe
  C:\Windows\System\MzEJbyj.exe
  2⤵
  PID:4412
- C:\Windows\System\vOWKVPt.exe
  C:\Windows\System\vOWKVPt.exe
  2⤵
  PID:4332
- C:\Windows\System\IZOVKuT.exe
  C:\Windows\System\IZOVKuT.exe
  2⤵
  PID:4504
- C:\Windows\System\myomnLu.exe
  C:\Windows\System\myomnLu.exe
  2⤵
  PID:4356
- C:\Windows\System\QwMXphQ.exe
  C:\Windows\System\QwMXphQ.exe
  2⤵
  PID:4624
- C:\Windows\System\ZUaqKCi.exe
  C:\Windows\System\ZUaqKCi.exe
  2⤵
  PID:4468
- C:\Windows\System\wAmsAjR.exe
  C:\Windows\System\wAmsAjR.exe
  2⤵
  PID:4584
- C:\Windows\System\CoVQXHt.exe
  C:\Windows\System\CoVQXHt.exe
  2⤵
  PID:4640
- C:\Windows\System\ThkyewD.exe
  C:\Windows\System\ThkyewD.exe
  2⤵
  PID:4556
- C:\Windows\System\KEoCsBD.exe
  C:\Windows\System\KEoCsBD.exe
  2⤵
  PID:4812
- C:\Windows\System\WykhlIn.exe
  C:\Windows\System\WykhlIn.exe
  2⤵
  PID:4872
- C:\Windows\System\DWslHjs.exe
  C:\Windows\System\DWslHjs.exe
  2⤵
  PID:2300
- C:\Windows\System\xyQguBI.exe
  C:\Windows\System\xyQguBI.exe
  2⤵
  PID:4964
- C:\Windows\System\qeiKwbl.exe
  C:\Windows\System\qeiKwbl.exe
  2⤵
  PID:4936
- C:\Windows\System\UgosZXc.exe
  C:\Windows\System\UgosZXc.exe
  2⤵
  PID:4960
- C:\Windows\System\mNIMajU.exe
  C:\Windows\System\mNIMajU.exe
  2⤵
  PID:3800
- C:\Windows\System\gvMRJbl.exe
  C:\Windows\System\gvMRJbl.exe
  2⤵
  PID:3492
- C:\Windows\System\uStoSgD.exe
  C:\Windows\System\uStoSgD.exe
  2⤵
  PID:3980
- C:\Windows\System\LOGqgZM.exe
  C:\Windows\System\LOGqgZM.exe
  2⤵
  PID:3332
- C:\Windows\System\mDGMfUr.exe
  C:\Windows\System\mDGMfUr.exe
  2⤵
  PID:3508
- C:\Windows\System\juQLElz.exe
  C:\Windows\System\juQLElz.exe
  2⤵
  PID:3760
- C:\Windows\System\bTdiQjv.exe
  C:\Windows\System\bTdiQjv.exe
  2⤵
  PID:4320
- C:\Windows\System\VPWiEZf.exe
  C:\Windows\System\VPWiEZf.exe
  2⤵
  PID:4296
- C:\Windows\System\JVeXVwa.exe
  C:\Windows\System\JVeXVwa.exe
  2⤵
  PID:4480
- C:\Windows\System\kqcfMBP.exe
  C:\Windows\System\kqcfMBP.exe
  2⤵
  PID:4680
- C:\Windows\System\AYDXdZq.exe
  C:\Windows\System\AYDXdZq.exe
  2⤵
  PID:4452
- C:\Windows\System\usPLbel.exe
  C:\Windows\System\usPLbel.exe
  2⤵
  PID:4840
- C:\Windows\System\bHqEDYX.exe
  C:\Windows\System\bHqEDYX.exe
  2⤵
  PID:4816
- C:\Windows\System\hLTDRWN.exe
  C:\Windows\System\hLTDRWN.exe
  2⤵
  PID:5004
- C:\Windows\System\LDKegkb.exe
  C:\Windows\System\LDKegkb.exe
  2⤵
  PID:5000
- C:\Windows\System\YfOoCIW.exe
  C:\Windows\System\YfOoCIW.exe
  2⤵
  PID:3684
- C:\Windows\System\KqDyYSv.exe
  C:\Windows\System\KqDyYSv.exe
  2⤵
  PID:3384
- C:\Windows\System\skfbKZi.exe
  C:\Windows\System\skfbKZi.exe
  2⤵
  PID:5040
- C:\Windows\System\sfpJafm.exe
  C:\Windows\System\sfpJafm.exe
  2⤵
  PID:3776
- C:\Windows\System\YMXCUWE.exe
  C:\Windows\System\YMXCUWE.exe
  2⤵
  PID:4280
- C:\Windows\System\AcPzEAj.exe
  C:\Windows\System\AcPzEAj.exe
  2⤵
  PID:4580
- C:\Windows\System\lOLJIkK.exe
  C:\Windows\System\lOLJIkK.exe
  2⤵
  PID:5124
- C:\Windows\System\gFDbRTJ.exe
  C:\Windows\System\gFDbRTJ.exe
  2⤵
  PID:5144
- C:\Windows\System\dHxrKAb.exe
  C:\Windows\System\dHxrKAb.exe
  2⤵
  PID:5164
- C:\Windows\System\foAShNU.exe
  C:\Windows\System\foAShNU.exe
  2⤵
  PID:5184
- C:\Windows\System\dAHoeaW.exe
  C:\Windows\System\dAHoeaW.exe
  2⤵
  PID:5208
- C:\Windows\System\TAigdQA.exe
  C:\Windows\System\TAigdQA.exe
  2⤵
  PID:5228
- C:\Windows\System\eUSjAAm.exe
  C:\Windows\System\eUSjAAm.exe
  2⤵
  PID:5244
- C:\Windows\System\vCEBQgS.exe
  C:\Windows\System\vCEBQgS.exe
  2⤵
  PID:5268
- C:\Windows\System\OJIiWaA.exe
  C:\Windows\System\OJIiWaA.exe
  2⤵
  PID:5292
- C:\Windows\System\gUtypmZ.exe
  C:\Windows\System\gUtypmZ.exe
  2⤵
  PID:5308
- C:\Windows\System\hKSZNhj.exe
  C:\Windows\System\hKSZNhj.exe
  2⤵
  PID:5328
- C:\Windows\System\UBgMGle.exe
  C:\Windows\System\UBgMGle.exe
  2⤵
  PID:5348
- C:\Windows\System\hHqBOMW.exe
  C:\Windows\System\hHqBOMW.exe
  2⤵
  PID:5368
- C:\Windows\System\MJFCpuw.exe
  C:\Windows\System\MJFCpuw.exe
  2⤵
  PID:5388
- C:\Windows\System\pQefCEi.exe
  C:\Windows\System\pQefCEi.exe
  2⤵
  PID:5408
- C:\Windows\System\zdpTSYS.exe
  C:\Windows\System\zdpTSYS.exe
  2⤵
  PID:5428
- C:\Windows\System\XayoOpf.exe
  C:\Windows\System\XayoOpf.exe
  2⤵
  PID:5448
- C:\Windows\System\kWJkhKU.exe
  C:\Windows\System\kWJkhKU.exe
  2⤵
  PID:5468
- C:\Windows\System\CurXWRu.exe
  C:\Windows\System\CurXWRu.exe
  2⤵
  PID:5488
- C:\Windows\System\sSGYJHt.exe
  C:\Windows\System\sSGYJHt.exe
  2⤵
  PID:5508
- C:\Windows\System\YqTBqfz.exe
  C:\Windows\System\YqTBqfz.exe
  2⤵
  PID:5528
- C:\Windows\System\LVsqZko.exe
  C:\Windows\System\LVsqZko.exe
  2⤵
  PID:5548
- C:\Windows\System\snbuAFx.exe
  C:\Windows\System\snbuAFx.exe
  2⤵
  PID:5568
- C:\Windows\System\pofPOin.exe
  C:\Windows\System\pofPOin.exe
  2⤵
  PID:5588
- C:\Windows\System\NhkQzMS.exe
  C:\Windows\System\NhkQzMS.exe
  2⤵
  PID:5608
- C:\Windows\System\yciEFbL.exe
  C:\Windows\System\yciEFbL.exe
  2⤵
  PID:5628
- C:\Windows\System\rMaXEwv.exe
  C:\Windows\System\rMaXEwv.exe
  2⤵
  PID:5644
- C:\Windows\System\IMjNTJe.exe
  C:\Windows\System\IMjNTJe.exe
  2⤵
  PID:5664
- C:\Windows\System\YoWWyZt.exe
  C:\Windows\System\YoWWyZt.exe
  2⤵
  PID:5688
- C:\Windows\System\VKcrvDs.exe
  C:\Windows\System\VKcrvDs.exe
  2⤵
  PID:5704
- C:\Windows\System\hwQijuv.exe
  C:\Windows\System\hwQijuv.exe
  2⤵
  PID:5728
- C:\Windows\System\vZyoCDt.exe
  C:\Windows\System\vZyoCDt.exe
  2⤵
  PID:5752
- C:\Windows\System\KAtRLKH.exe
  C:\Windows\System\KAtRLKH.exe
  2⤵
  PID:5772
- C:\Windows\System\ggAxRWx.exe
  C:\Windows\System\ggAxRWx.exe
  2⤵
  PID:5792
- C:\Windows\System\tYOToFN.exe
  C:\Windows\System\tYOToFN.exe
  2⤵
  PID:5808
- C:\Windows\System\sWtdWtG.exe
  C:\Windows\System\sWtdWtG.exe
  2⤵
  PID:5828
- C:\Windows\System\EaCwPKV.exe
  C:\Windows\System\EaCwPKV.exe
  2⤵
  PID:5852
- C:\Windows\System\RnuJovX.exe
  C:\Windows\System\RnuJovX.exe
  2⤵
  PID:5868
- C:\Windows\System\KLofWaO.exe
  C:\Windows\System\KLofWaO.exe
  2⤵
  PID:5888
- C:\Windows\System\XAIwxBz.exe
  C:\Windows\System\XAIwxBz.exe
  2⤵
  PID:5908
- C:\Windows\System\BWEofuy.exe
  C:\Windows\System\BWEofuy.exe
  2⤵
  PID:5932
- C:\Windows\System\xpEUfIe.exe
  C:\Windows\System\xpEUfIe.exe
  2⤵
  PID:5948
- C:\Windows\System\BSglErp.exe
  C:\Windows\System\BSglErp.exe
  2⤵
  PID:5972
- C:\Windows\System\VfqYnAe.exe
  C:\Windows\System\VfqYnAe.exe
  2⤵
  PID:5992
- C:\Windows\System\tohEyoN.exe
  C:\Windows\System\tohEyoN.exe
  2⤵
  PID:6008
- C:\Windows\System\VYkaHVE.exe
  C:\Windows\System\VYkaHVE.exe
  2⤵
  PID:6028
- C:\Windows\System\HJYJOUL.exe
  C:\Windows\System\HJYJOUL.exe
  2⤵
  PID:6052
- C:\Windows\System\esKiVvQ.exe
  C:\Windows\System\esKiVvQ.exe
  2⤵
  PID:6068
- C:\Windows\System\RrldjtM.exe
  C:\Windows\System\RrldjtM.exe
  2⤵
  PID:6088
- C:\Windows\System\byfupYs.exe
  C:\Windows\System\byfupYs.exe
  2⤵
  PID:6112
- C:\Windows\System\pAtvGrt.exe
  C:\Windows\System\pAtvGrt.exe
  2⤵
  PID:6128
- C:\Windows\System\FtzovmN.exe
  C:\Windows\System\FtzovmN.exe
  2⤵
  PID:4600
- C:\Windows\System\joQgwSW.exe
  C:\Windows\System\joQgwSW.exe
  2⤵
  PID:4880
- C:\Windows\System\SanrZad.exe
  C:\Windows\System\SanrZad.exe
  2⤵
  PID:4052
- C:\Windows\System\pUhaIpu.exe
  C:\Windows\System\pUhaIpu.exe
  2⤵
  PID:4700
- C:\Windows\System\BlAhsuI.exe
  C:\Windows\System\BlAhsuI.exe
  2⤵
  PID:2728
- C:\Windows\System\LWwHAox.exe
  C:\Windows\System\LWwHAox.exe
  2⤵
  PID:4760
- C:\Windows\System\Rydryhu.exe
  C:\Windows\System\Rydryhu.exe
  2⤵
  PID:5080
- C:\Windows\System\utDfbmk.exe
  C:\Windows\System\utDfbmk.exe
  2⤵
  PID:5204
- C:\Windows\System\yKKSKPl.exe
  C:\Windows\System\yKKSKPl.exe
  2⤵
  PID:3512
- C:\Windows\System\YTkPLyY.exe
  C:\Windows\System\YTkPLyY.exe
  2⤵
  PID:5240
- C:\Windows\System\fdAZHDz.exe
  C:\Windows\System\fdAZHDz.exe
  2⤵
  PID:5284
- C:\Windows\System\ulqZgNx.exe
  C:\Windows\System\ulqZgNx.exe
  2⤵
  PID:5172
- C:\Windows\System\ZUcbByn.exe
  C:\Windows\System\ZUcbByn.exe
  2⤵
  PID:5364
- C:\Windows\System\DymVXSl.exe
  C:\Windows\System\DymVXSl.exe
  2⤵
  PID:5396
- C:\Windows\System\svsrVdd.exe
  C:\Windows\System\svsrVdd.exe
  2⤵
  PID:5264
- C:\Windows\System\xTrSpPZ.exe
  C:\Windows\System\xTrSpPZ.exe
  2⤵
  PID:5444
- C:\Windows\System\PEEyDiO.exe
  C:\Windows\System\PEEyDiO.exe
  2⤵
  PID:5440
- C:\Windows\System\QByuKwB.exe
  C:\Windows\System\QByuKwB.exe
  2⤵
  PID:5480
- C:\Windows\System\xbWkSUA.exe
  C:\Windows\System\xbWkSUA.exe
  2⤵
  PID:5420
- C:\Windows\System\iiouFmo.exe
  C:\Windows\System\iiouFmo.exe
  2⤵
  PID:5456
- C:\Windows\System\NIiDJbk.exe
  C:\Windows\System\NIiDJbk.exe
  2⤵
  PID:5500
- C:\Windows\System\UxtsKrI.exe
  C:\Windows\System\UxtsKrI.exe
  2⤵
  PID:5604
- C:\Windows\System\aaoYwoU.exe
  C:\Windows\System\aaoYwoU.exe
  2⤵
  PID:5580
- C:\Windows\System\vaRZuPg.exe
  C:\Windows\System\vaRZuPg.exe
  2⤵
  PID:5684
- C:\Windows\System\PoBtfoX.exe
  C:\Windows\System\PoBtfoX.exe
  2⤵
  PID:5712
- C:\Windows\System\DOfqhHy.exe
  C:\Windows\System\DOfqhHy.exe
  2⤵
  PID:5656
- C:\Windows\System\JWlvFvK.exe
  C:\Windows\System\JWlvFvK.exe
  2⤵
  PID:2600
- C:\Windows\System\QCYhWSP.exe
  C:\Windows\System\QCYhWSP.exe
  2⤵
  PID:5804
- C:\Windows\System\zPdEDCl.exe
  C:\Windows\System\zPdEDCl.exe
  2⤵
  PID:5780
- C:\Windows\System\CfpnDTe.exe
  C:\Windows\System\CfpnDTe.exe
  2⤵
  PID:5880
- C:\Windows\System\lXjzPCd.exe
  C:\Windows\System\lXjzPCd.exe
  2⤵
  PID:5820
- C:\Windows\System\BPrFIbS.exe
  C:\Windows\System\BPrFIbS.exe
  2⤵
  PID:5928
- C:\Windows\System\WFfAuxB.exe
  C:\Windows\System\WFfAuxB.exe
  2⤵
  PID:5860
- C:\Windows\System\uYwyilp.exe
  C:\Windows\System\uYwyilp.exe
  2⤵
  PID:5904
- C:\Windows\System\ZXajpqD.exe
  C:\Windows\System\ZXajpqD.exe
  2⤵
  PID:6036
- C:\Windows\System\fAAClGN.exe
  C:\Windows\System\fAAClGN.exe
  2⤵
  PID:5980
- C:\Windows\System\SuyNvgn.exe
  C:\Windows\System\SuyNvgn.exe
  2⤵
  PID:6084
- C:\Windows\System\RaeTNaS.exe
  C:\Windows\System\RaeTNaS.exe
  2⤵
  PID:6024
- C:\Windows\System\ajPxrAl.exe
  C:\Windows\System\ajPxrAl.exe
  2⤵
  PID:6064
- C:\Windows\System\WUSIfwd.exe
  C:\Windows\System\WUSIfwd.exe
  2⤵
  PID:6100
- C:\Windows\System\AkEOWsk.exe
  C:\Windows\System\AkEOWsk.exe
  2⤵
  PID:6140
- C:\Windows\System\NNdcNMQ.exe
  C:\Windows\System\NNdcNMQ.exe
  2⤵
  PID:1520
- C:\Windows\System\KWjLDDa.exe
  C:\Windows\System\KWjLDDa.exe
  2⤵
  PID:3392
- C:\Windows\System\VDEkPNt.exe
  C:\Windows\System\VDEkPNt.exe
  2⤵
  PID:4484
- C:\Windows\System\hjWHgvg.exe
  C:\Windows\System\hjWHgvg.exe
  2⤵
  PID:4856
- C:\Windows\System\LASaQSK.exe
  C:\Windows\System\LASaQSK.exe
  2⤵
  PID:3704
- C:\Windows\System\AbULzmR.exe
  C:\Windows\System\AbULzmR.exe
  2⤵
  PID:5324
- C:\Windows\System\cMaVPNZ.exe
  C:\Windows\System\cMaVPNZ.exe
  2⤵
  PID:5224
- C:\Windows\System\VyxUbVN.exe
  C:\Windows\System\VyxUbVN.exe
  2⤵
  PID:5356
- C:\Windows\System\yzjqkFj.exe
  C:\Windows\System\yzjqkFj.exe
  2⤵
  PID:5256
- C:\Windows\System\Eqsjahv.exe
  C:\Windows\System\Eqsjahv.exe
  2⤵
  PID:5416
- C:\Windows\System\KZQjxyL.exe
  C:\Windows\System\KZQjxyL.exe
  2⤵
  PID:5596
- C:\Windows\System\jJXnGcv.exe
  C:\Windows\System\jJXnGcv.exe
  2⤵
  PID:5680
- C:\Windows\System\MItVmne.exe
  C:\Windows\System\MItVmne.exe
  2⤵
  PID:5800
- C:\Windows\System\VrsOaTY.exe
  C:\Windows\System\VrsOaTY.exe
  2⤵
  PID:5740
- C:\Windows\System\PLHzHfa.exe
  C:\Windows\System\PLHzHfa.exe
  2⤵
  PID:5720
- C:\Windows\System\rXxOWxy.exe
  C:\Windows\System\rXxOWxy.exe
  2⤵
  PID:5840
- C:\Windows\System\sJSjjGl.exe
  C:\Windows\System\sJSjjGl.exe
  2⤵
  PID:5964
- C:\Windows\System\EzIZRSE.exe
  C:\Windows\System\EzIZRSE.exe
  2⤵
  PID:6120
- C:\Windows\System\rlmSSRd.exe
  C:\Windows\System\rlmSSRd.exe
  2⤵
  PID:5816
- C:\Windows\System\HHBETkb.exe
  C:\Windows\System\HHBETkb.exe
  2⤵
  PID:6124
- C:\Windows\System\sRqRBFj.exe
  C:\Windows\System\sRqRBFj.exe
  2⤵
  PID:5940
- C:\Windows\System\RtUbJHR.exe
  C:\Windows\System\RtUbJHR.exe
  2⤵
  PID:5008
- C:\Windows\System\axqwQaX.exe
  C:\Windows\System\axqwQaX.exe
  2⤵
  PID:4820
- C:\Windows\System\sDUPGwi.exe
  C:\Windows\System\sDUPGwi.exe
  2⤵
  PID:5216
- C:\Windows\System\oizNjsy.exe
  C:\Windows\System\oizNjsy.exe
  2⤵
  PID:5156
- C:\Windows\System\IFrOSGA.exe
  C:\Windows\System\IFrOSGA.exe
  2⤵
  PID:5476
- C:\Windows\System\XVXrevK.exe
  C:\Windows\System\XVXrevK.exe
  2⤵
  PID:4572
- C:\Windows\System\YnZrwkz.exe
  C:\Windows\System\YnZrwkz.exe
  2⤵
  PID:5180
- C:\Windows\System\hqytRhD.exe
  C:\Windows\System\hqytRhD.exe
  2⤵
  PID:5524
- C:\Windows\System\olkIcrP.exe
  C:\Windows\System\olkIcrP.exe
  2⤵
  PID:5340
- C:\Windows\System\WiWicIT.exe
  C:\Windows\System\WiWicIT.exe
  2⤵
  PID:5696
- C:\Windows\System\VOFIePe.exe
  C:\Windows\System\VOFIePe.exe
  2⤵
  PID:1892
- C:\Windows\System\iaLKYAv.exe
  C:\Windows\System\iaLKYAv.exe
  2⤵
  PID:5876
- C:\Windows\System\lNjwRDW.exe
  C:\Windows\System\lNjwRDW.exe
  2⤵
  PID:5844
- C:\Windows\System\AHeuKAN.exe
  C:\Windows\System\AHeuKAN.exe
  2⤵
  PID:6156
- C:\Windows\System\ggIURpW.exe
  C:\Windows\System\ggIURpW.exe
  2⤵
  PID:6176
- C:\Windows\System\czhaAAS.exe
  C:\Windows\System\czhaAAS.exe
  2⤵
  PID:6200
- C:\Windows\System\RbcUdol.exe
  C:\Windows\System\RbcUdol.exe
  2⤵
  PID:6220
- C:\Windows\System\TLzsMHI.exe
  C:\Windows\System\TLzsMHI.exe
  2⤵
  PID:6236
- C:\Windows\System\iygoTCD.exe
  C:\Windows\System\iygoTCD.exe
  2⤵
  PID:6260
- C:\Windows\System\WxVkDXe.exe
  C:\Windows\System\WxVkDXe.exe
  2⤵
  PID:6280
- C:\Windows\System\coDSUUf.exe
  C:\Windows\System\coDSUUf.exe
  2⤵
  PID:6300
- C:\Windows\System\xsPDNsZ.exe
  C:\Windows\System\xsPDNsZ.exe
  2⤵
  PID:6316
- C:\Windows\System\BUKqHOa.exe
  C:\Windows\System\BUKqHOa.exe
  2⤵
  PID:6340
- C:\Windows\System\KNOlXrR.exe
  C:\Windows\System\KNOlXrR.exe
  2⤵
  PID:6360
- C:\Windows\System\ePyWjvp.exe
  C:\Windows\System\ePyWjvp.exe
  2⤵
  PID:6376
- C:\Windows\System\mpCAqyy.exe
  C:\Windows\System\mpCAqyy.exe
  2⤵
  PID:6400
- C:\Windows\System\RgHEaKX.exe
  C:\Windows\System\RgHEaKX.exe
  2⤵
  PID:6416
- C:\Windows\System\SwHIfoK.exe
  C:\Windows\System\SwHIfoK.exe
  2⤵
  PID:6440
- C:\Windows\System\RwBOajb.exe
  C:\Windows\System\RwBOajb.exe
  2⤵
  PID:6460
- C:\Windows\System\GULxlzW.exe
  C:\Windows\System\GULxlzW.exe
  2⤵
  PID:6476
- C:\Windows\System\RoDcLOM.exe
  C:\Windows\System\RoDcLOM.exe
  2⤵
  PID:6500
- C:\Windows\System\cVEgpwx.exe
  C:\Windows\System\cVEgpwx.exe
  2⤵
  PID:6520
- C:\Windows\System\rEnZBcC.exe
  C:\Windows\System\rEnZBcC.exe
  2⤵
  PID:6540
- C:\Windows\System\pfFiCye.exe
  C:\Windows\System\pfFiCye.exe
  2⤵
  PID:6556
- C:\Windows\System\bpJqsCn.exe
  C:\Windows\System\bpJqsCn.exe
  2⤵
  PID:6576
- C:\Windows\System\eZErZLD.exe
  C:\Windows\System\eZErZLD.exe
  2⤵
  PID:6600
- C:\Windows\System\uDALPgE.exe
  C:\Windows\System\uDALPgE.exe
  2⤵
  PID:6616
- C:\Windows\System\FJQBEpp.exe
  C:\Windows\System\FJQBEpp.exe
  2⤵
  PID:6636
- C:\Windows\System\sfsDLvQ.exe
  C:\Windows\System\sfsDLvQ.exe
  2⤵
  PID:6656
- C:\Windows\System\Ultkdfy.exe
  C:\Windows\System\Ultkdfy.exe
  2⤵
  PID:6676
- C:\Windows\System\EBfKxaH.exe
  C:\Windows\System\EBfKxaH.exe
  2⤵
  PID:6696
- C:\Windows\System\vCldmFI.exe
  C:\Windows\System\vCldmFI.exe
  2⤵
  PID:6720
- C:\Windows\System\zNlFKus.exe
  C:\Windows\System\zNlFKus.exe
  2⤵
  PID:6736
- C:\Windows\System\gVsdjCv.exe
  C:\Windows\System\gVsdjCv.exe
  2⤵
  PID:6756
- C:\Windows\System\eIuMViP.exe
  C:\Windows\System\eIuMViP.exe
  2⤵
  PID:6776
- C:\Windows\System\VYokPzF.exe
  C:\Windows\System\VYokPzF.exe
  2⤵
  PID:6796
- C:\Windows\System\okpxuRs.exe
  C:\Windows\System\okpxuRs.exe
  2⤵
  PID:6816
- C:\Windows\System\MiodJhH.exe
  C:\Windows\System\MiodJhH.exe
  2⤵
  PID:6832
- C:\Windows\System\eabapIt.exe
  C:\Windows\System\eabapIt.exe
  2⤵
  PID:6852
- C:\Windows\System\dvoIFBS.exe
  C:\Windows\System\dvoIFBS.exe
  2⤵
  PID:6876
- C:\Windows\System\Keedqhf.exe
  C:\Windows\System\Keedqhf.exe
  2⤵
  PID:6892
- C:\Windows\System\nzLcohG.exe
  C:\Windows\System\nzLcohG.exe
  2⤵
  PID:6916
- C:\Windows\System\OLGKNnR.exe
  C:\Windows\System\OLGKNnR.exe
  2⤵
  PID:6936
- C:\Windows\System\VcpVxaP.exe
  C:\Windows\System\VcpVxaP.exe
  2⤵
  PID:6960
- C:\Windows\System\ixoNvEg.exe
  C:\Windows\System\ixoNvEg.exe
  2⤵
  PID:6976
- C:\Windows\System\wrDAufd.exe
  C:\Windows\System\wrDAufd.exe
  2⤵
  PID:6992
- C:\Windows\System\jnXMdqH.exe
  C:\Windows\System\jnXMdqH.exe
  2⤵
  PID:7012
- C:\Windows\System\XEccloY.exe
  C:\Windows\System\XEccloY.exe
  2⤵
  PID:7036
- C:\Windows\System\WzFLikR.exe
  C:\Windows\System\WzFLikR.exe
  2⤵
  PID:7056
- C:\Windows\System\YhpDrtt.exe
  C:\Windows\System\YhpDrtt.exe
  2⤵
  PID:7076
- C:\Windows\System\eohPhSq.exe
  C:\Windows\System\eohPhSq.exe
  2⤵
  PID:7096
- C:\Windows\System\vaCRDyJ.exe
  C:\Windows\System\vaCRDyJ.exe
  2⤵
  PID:7116
- C:\Windows\System\eaHHlfO.exe
  C:\Windows\System\eaHHlfO.exe
  2⤵
  PID:7136
- C:\Windows\System\yrkYkEU.exe
  C:\Windows\System\yrkYkEU.exe
  2⤵
  PID:7156
- C:\Windows\System\ETsLtXK.exe
  C:\Windows\System\ETsLtXK.exe
  2⤵
  PID:5192
- C:\Windows\System\dNtuyxW.exe
  C:\Windows\System\dNtuyxW.exe
  2⤵
  PID:5896
- C:\Windows\System\DJGhfgx.exe
  C:\Windows\System\DJGhfgx.exe
  2⤵
  PID:5236
- C:\Windows\System\nmsKafj.exe
  C:\Windows\System\nmsKafj.exe
  2⤵
  PID:5300
- C:\Windows\System\ZJUTJJt.exe
  C:\Windows\System\ZJUTJJt.exe
  2⤵
  PID:2736
- C:\Windows\System\pcyrxsZ.exe
  C:\Windows\System\pcyrxsZ.exe
  2⤵
  PID:5252
- C:\Windows\System\xEkhAHa.exe
  C:\Windows\System\xEkhAHa.exe
  2⤵
  PID:2520
- C:\Windows\System\STNdwuE.exe
  C:\Windows\System\STNdwuE.exe
  2⤵
  PID:5496
- C:\Windows\System\MCMpCSv.exe
  C:\Windows\System\MCMpCSv.exe
  2⤵
  PID:5616
- C:\Windows\System\MeTmoMa.exe
  C:\Windows\System\MeTmoMa.exe
  2⤵
  PID:5920
- C:\Windows\System\RUREjfS.exe
  C:\Windows\System\RUREjfS.exe
  2⤵
  PID:6164
- C:\Windows\System\OrAFIcT.exe
  C:\Windows\System\OrAFIcT.exe
  2⤵
  PID:6232
- C:\Windows\System\IlucuFQ.exe
  C:\Windows\System\IlucuFQ.exe
  2⤵
  PID:6268
- C:\Windows\System\CaqWaZv.exe
  C:\Windows\System\CaqWaZv.exe
  2⤵
  PID:6252
- C:\Windows\System\wuyIJmX.exe
  C:\Windows\System\wuyIJmX.exe
  2⤵
  PID:6348
- C:\Windows\System\xRiOzda.exe
  C:\Windows\System\xRiOzda.exe
  2⤵
  PID:6328
- C:\Windows\System\LvGwxRl.exe
  C:\Windows\System\LvGwxRl.exe
  2⤵
  PID:6396
- C:\Windows\System\WxaTPkv.exe
  C:\Windows\System\WxaTPkv.exe
  2⤵
  PID:6436
- C:\Windows\System\hlloAuq.exe
  C:\Windows\System\hlloAuq.exe
  2⤵
  PID:6412
- C:\Windows\System\ZctCjAL.exe
  C:\Windows\System\ZctCjAL.exe
  2⤵
  PID:6512
- C:\Windows\System\qRgilmF.exe
  C:\Windows\System\qRgilmF.exe
  2⤵
  PID:6484
- C:\Windows\System\sYyyetM.exe
  C:\Windows\System\sYyyetM.exe
  2⤵
  PID:6592
- C:\Windows\System\yDpdMzl.exe
  C:\Windows\System\yDpdMzl.exe
  2⤵
  PID:6536
- C:\Windows\System\rbYXCfW.exe
  C:\Windows\System\rbYXCfW.exe
  2⤵
  PID:6632
- C:\Windows\System\rYygVDO.exe
  C:\Windows\System\rYygVDO.exe
  2⤵
  PID:6704
- C:\Windows\System\XPnvfyZ.exe
  C:\Windows\System\XPnvfyZ.exe
  2⤵
  PID:868
- C:\Windows\System\QNEqfft.exe
  C:\Windows\System\QNEqfft.exe
  2⤵
  PID:6644
- C:\Windows\System\XCpllWb.exe
  C:\Windows\System\XCpllWb.exe
  2⤵
  PID:1108
- C:\Windows\System\lHujoyP.exe
  C:\Windows\System\lHujoyP.exe
  2⤵
  PID:6788
- C:\Windows\System\XomLRPv.exe
  C:\Windows\System\XomLRPv.exe
  2⤵
  PID:6688
- C:\Windows\System\BIEtyHL.exe
  C:\Windows\System\BIEtyHL.exe
  2⤵
  PID:2856
- C:\Windows\System\hklYVlW.exe
  C:\Windows\System\hklYVlW.exe
  2⤵
  PID:6824
- C:\Windows\System\jzicDew.exe
  C:\Windows\System\jzicDew.exe
  2⤵
  PID:6860
- C:\Windows\System\LiqQfLI.exe
  C:\Windows\System\LiqQfLI.exe
  2⤵
  PID:6808
- C:\Windows\System\UuHfkWE.exe
  C:\Windows\System\UuHfkWE.exe
  2⤵
  PID:6848
- C:\Windows\System\DJyRgXS.exe
  C:\Windows\System\DJyRgXS.exe
  2⤵
  PID:6844
- C:\Windows\System\nArFnEY.exe
  C:\Windows\System\nArFnEY.exe
  2⤵
  PID:6984
- C:\Windows\System\zpRqBsK.exe
  C:\Windows\System\zpRqBsK.exe
  2⤵
  PID:6924
- C:\Windows\System\kQtxfbV.exe
  C:\Windows\System\kQtxfbV.exe
  2⤵
  PID:6972
- C:\Windows\System\TZkLKHE.exe
  C:\Windows\System\TZkLKHE.exe
  2⤵
  PID:7008
- C:\Windows\System\cShwDCK.exe
  C:\Windows\System\cShwDCK.exe
  2⤵
  PID:7104
- C:\Windows\System\pEeTAsg.exe
  C:\Windows\System\pEeTAsg.exe
  2⤵
  PID:7092
- C:\Windows\System\GsnOhmv.exe
  C:\Windows\System\GsnOhmv.exe
  2⤵
  PID:7148
- C:\Windows\System\wwtiGoj.exe
  C:\Windows\System\wwtiGoj.exe
  2⤵
  PID:6076
- C:\Windows\System\OMHHwca.exe
  C:\Windows\System\OMHHwca.exe
  2⤵
  PID:5944
- C:\Windows\System\QCYzKoB.exe
  C:\Windows\System\QCYzKoB.exe
  2⤵
  PID:5160
- C:\Windows\System\lAHIwcN.exe
  C:\Windows\System\lAHIwcN.exe
  2⤵
  PID:5436
- C:\Windows\System\hcuyRDm.exe
  C:\Windows\System\hcuyRDm.exe
  2⤵
  PID:6108
- C:\Windows\System\xLRASPK.exe
  C:\Windows\System\xLRASPK.exe
  2⤵
  PID:5620
- C:\Windows\System\TpEGwHU.exe
  C:\Windows\System\TpEGwHU.exe
  2⤵
  PID:6172
- C:\Windows\System\rjLsOIA.exe
  C:\Windows\System\rjLsOIA.exe
  2⤵
  PID:6256
- C:\Windows\System\hZNagGV.exe
  C:\Windows\System\hZNagGV.exe
  2⤵
  PID:6352
- C:\Windows\System\cZWPSnu.exe
  C:\Windows\System\cZWPSnu.exe
  2⤵
  PID:6288
- C:\Windows\System\PVCRDEV.exe
  C:\Windows\System\PVCRDEV.exe
  2⤵
  PID:6392
- C:\Windows\System\WgVAEqy.exe
  C:\Windows\System\WgVAEqy.exe
  2⤵
  PID:6508
- C:\Windows\System\KnxuAib.exe
  C:\Windows\System\KnxuAib.exe
  2⤵
  PID:6596
- C:\Windows\System\nHxeLrq.exe
  C:\Windows\System\nHxeLrq.exe
  2⤵
  PID:6568
- C:\Windows\System\BnbmvXr.exe
  C:\Windows\System\BnbmvXr.exe
  2⤵
  PID:6716
- C:\Windows\System\HdZSLPb.exe
  C:\Windows\System\HdZSLPb.exe
  2⤵
  PID:6668
- C:\Windows\System\qQfCnSW.exe
  C:\Windows\System\qQfCnSW.exe
  2⤵
  PID:2592
- C:\Windows\System\oZqnjIX.exe
  C:\Windows\System\oZqnjIX.exe
  2⤵
  PID:2360
- C:\Windows\System\mFhqeGc.exe
  C:\Windows\System\mFhqeGc.exe
  2⤵
  PID:2860
- C:\Windows\System\fIjiDmK.exe
  C:\Windows\System\fIjiDmK.exe
  2⤵
  PID:6764
- C:\Windows\System\ffbAxOl.exe
  C:\Windows\System\ffbAxOl.exe
  2⤵
  PID:6904
- C:\Windows\System\JUSEoYU.exe
  C:\Windows\System\JUSEoYU.exe
  2⤵
  PID:6908
- C:\Windows\System\qDIwriG.exe
  C:\Windows\System\qDIwriG.exe
  2⤵
  PID:6948
- C:\Windows\System\OFldSso.exe
  C:\Windows\System\OFldSso.exe
  2⤵
  PID:6968
- C:\Windows\System\feLLNst.exe
  C:\Windows\System\feLLNst.exe
  2⤵
  PID:7044
- C:\Windows\System\CLKStnM.exe
  C:\Windows\System\CLKStnM.exe
  2⤵
  PID:6040
- C:\Windows\System\jcyNbpe.exe
  C:\Windows\System\jcyNbpe.exe
  2⤵
  PID:4896
- C:\Windows\System\gUmHIIF.exe
  C:\Windows\System\gUmHIIF.exe
  2⤵
  PID:6048
- C:\Windows\System\flRjIWb.exe
  C:\Windows\System\flRjIWb.exe
  2⤵
  PID:6148
- C:\Windows\System\ODcrzOx.exe
  C:\Windows\System\ODcrzOx.exe
  2⤵
  PID:6188
- C:\Windows\System\nlUpEZO.exe
  C:\Windows\System\nlUpEZO.exe
  2⤵
  PID:6244
- C:\Windows\System\XXZqmZU.exe
  C:\Windows\System\XXZqmZU.exe
  2⤵
  PID:6428
- C:\Windows\System\TIpRoZH.exe
  C:\Windows\System\TIpRoZH.exe
  2⤵
  PID:6368
- C:\Windows\System\mXXugzY.exe
  C:\Windows\System\mXXugzY.exe
  2⤵
  PID:6552
- C:\Windows\System\HjfcryU.exe
  C:\Windows\System\HjfcryU.exe
  2⤵
  PID:6456
- C:\Windows\System\SQzFEHg.exe
  C:\Windows\System\SQzFEHg.exe
  2⤵
  PID:6672
- C:\Windows\System\RoyBPkZ.exe
  C:\Windows\System\RoyBPkZ.exe
  2⤵
  PID:1860
- C:\Windows\System\DqPJYyH.exe
  C:\Windows\System\DqPJYyH.exe
  2⤵
  PID:6804
- C:\Windows\System\PboGFeH.exe
  C:\Windows\System\PboGFeH.exe
  2⤵
  PID:1944
- C:\Windows\System\stLSvUk.exe
  C:\Windows\System\stLSvUk.exe
  2⤵
  PID:6912
- C:\Windows\System\KqZAGiA.exe
  C:\Windows\System\KqZAGiA.exe
  2⤵
  PID:7000
- C:\Windows\System\XgJdmgx.exe
  C:\Windows\System\XgJdmgx.exe
  2⤵
  PID:7164
- C:\Windows\System\TBebtuO.exe
  C:\Windows\System\TBebtuO.exe
  2⤵
  PID:2076
- C:\Windows\System\xCPkgVl.exe
  C:\Windows\System\xCPkgVl.exe
  2⤵
  PID:4620
- C:\Windows\System\TNPYrRF.exe
  C:\Windows\System\TNPYrRF.exe
  2⤵
  PID:7184
- C:\Windows\System\VjdLrpr.exe
  C:\Windows\System\VjdLrpr.exe
  2⤵
  PID:7204
- C:\Windows\System\ZEKHqLM.exe
  C:\Windows\System\ZEKHqLM.exe
  2⤵
  PID:7224
- C:\Windows\System\FXnGSbW.exe
  C:\Windows\System\FXnGSbW.exe
  2⤵
  PID:7244
- C:\Windows\System\qKmbjdQ.exe
  C:\Windows\System\qKmbjdQ.exe
  2⤵
  PID:7264
- C:\Windows\System\hrMWFwJ.exe
  C:\Windows\System\hrMWFwJ.exe
  2⤵
  PID:7288
- C:\Windows\System\BRanjrA.exe
  C:\Windows\System\BRanjrA.exe
  2⤵
  PID:7308
- C:\Windows\System\OgIZmYH.exe
  C:\Windows\System\OgIZmYH.exe
  2⤵
  PID:7328
- C:\Windows\System\jBWJPcl.exe
  C:\Windows\System\jBWJPcl.exe
  2⤵
  PID:7348
- C:\Windows\System\JCUjQmS.exe
  C:\Windows\System\JCUjQmS.exe
  2⤵
  PID:7364
- C:\Windows\System\WweeEoy.exe
  C:\Windows\System\WweeEoy.exe
  2⤵
  PID:7388
- C:\Windows\System\cMeCZKE.exe
  C:\Windows\System\cMeCZKE.exe
  2⤵
  PID:7408
- C:\Windows\System\rwLOyMi.exe
  C:\Windows\System\rwLOyMi.exe
  2⤵
  PID:7428
- C:\Windows\System\gOjhcMz.exe
  C:\Windows\System\gOjhcMz.exe
  2⤵
  PID:7448
- C:\Windows\System\YFTULuD.exe
  C:\Windows\System\YFTULuD.exe
  2⤵
  PID:7468
- C:\Windows\System\hjUbqQb.exe
  C:\Windows\System\hjUbqQb.exe
  2⤵
  PID:7488
- C:\Windows\System\ZxggBus.exe
  C:\Windows\System\ZxggBus.exe
  2⤵
  PID:7508
- C:\Windows\System\NSNdYKq.exe
  C:\Windows\System\NSNdYKq.exe
  2⤵
  PID:7528
- C:\Windows\System\RxJQpLQ.exe
  C:\Windows\System\RxJQpLQ.exe
  2⤵
  PID:7548
- C:\Windows\System\VjuhUWZ.exe
  C:\Windows\System\VjuhUWZ.exe
  2⤵
  PID:7568
- C:\Windows\System\GbkoXLX.exe
  C:\Windows\System\GbkoXLX.exe
  2⤵
  PID:7588
- C:\Windows\System\OkzZJlw.exe
  C:\Windows\System\OkzZJlw.exe
  2⤵
  PID:7608
- C:\Windows\System\XNeYGUX.exe
  C:\Windows\System\XNeYGUX.exe
  2⤵
  PID:7628
- C:\Windows\System\wDrnloO.exe
  C:\Windows\System\wDrnloO.exe
  2⤵
  PID:7648
- C:\Windows\System\BwVtqRY.exe
  C:\Windows\System\BwVtqRY.exe
  2⤵
  PID:7668
- C:\Windows\System\mjpDADk.exe
  C:\Windows\System\mjpDADk.exe
  2⤵
  PID:7688
- C:\Windows\System\PybxGWC.exe
  C:\Windows\System\PybxGWC.exe
  2⤵
  PID:7708
- C:\Windows\System\LaltwqT.exe
  C:\Windows\System\LaltwqT.exe
  2⤵
  PID:7728
- C:\Windows\System\MzBRzcl.exe
  C:\Windows\System\MzBRzcl.exe
  2⤵
  PID:7748
- C:\Windows\System\dZCfByt.exe
  C:\Windows\System\dZCfByt.exe
  2⤵
  PID:7768
- C:\Windows\System\WOEEbmi.exe
  C:\Windows\System\WOEEbmi.exe
  2⤵
  PID:7788
- C:\Windows\System\gKPvYUc.exe
  C:\Windows\System\gKPvYUc.exe
  2⤵
  PID:7808
- C:\Windows\System\RQUaQwf.exe
  C:\Windows\System\RQUaQwf.exe
  2⤵
  PID:7828
- C:\Windows\System\pORBFtq.exe
  C:\Windows\System\pORBFtq.exe
  2⤵
  PID:7848
- C:\Windows\System\MuKTpbT.exe
  C:\Windows\System\MuKTpbT.exe
  2⤵
  PID:7868
- C:\Windows\System\RkWWSgD.exe
  C:\Windows\System\RkWWSgD.exe
  2⤵
  PID:7888
- C:\Windows\System\BWzOXjo.exe
  C:\Windows\System\BWzOXjo.exe
  2⤵
  PID:7908
- C:\Windows\System\mwgtqae.exe
  C:\Windows\System\mwgtqae.exe
  2⤵
  PID:7928
- C:\Windows\System\asaOrtG.exe
  C:\Windows\System\asaOrtG.exe
  2⤵
  PID:7948
- C:\Windows\System\FQGUcSK.exe
  C:\Windows\System\FQGUcSK.exe
  2⤵
  PID:7968
- C:\Windows\System\sYynHLH.exe
  C:\Windows\System\sYynHLH.exe
  2⤵
  PID:7988
- C:\Windows\System\XsrVbnz.exe
  C:\Windows\System\XsrVbnz.exe
  2⤵
  PID:8004
- C:\Windows\System\ElFyEce.exe
  C:\Windows\System\ElFyEce.exe
  2⤵
  PID:8028
- C:\Windows\System\AtciSPp.exe
  C:\Windows\System\AtciSPp.exe
  2⤵
  PID:8048
- C:\Windows\System\lImJzhv.exe
  C:\Windows\System\lImJzhv.exe
  2⤵
  PID:8068
- C:\Windows\System\utQXPQW.exe
  C:\Windows\System\utQXPQW.exe
  2⤵
  PID:8088
- C:\Windows\System\IgiRmEu.exe
  C:\Windows\System\IgiRmEu.exe
  2⤵
  PID:8108
- C:\Windows\System\kDzBbaC.exe
  C:\Windows\System\kDzBbaC.exe
  2⤵
  PID:8128
- C:\Windows\System\nVdLOxZ.exe
  C:\Windows\System\nVdLOxZ.exe
  2⤵
  PID:8148
- C:\Windows\System\WfqUwfX.exe
  C:\Windows\System\WfqUwfX.exe
  2⤵
  PID:8164
- C:\Windows\System\HgrVkXn.exe
  C:\Windows\System\HgrVkXn.exe
  2⤵
  PID:8184
- C:\Windows\System\SXunXvZ.exe
  C:\Windows\System\SXunXvZ.exe
  2⤵
  PID:5744
- C:\Windows\System\OEsUAHE.exe
  C:\Windows\System\OEsUAHE.exe
  2⤵
  PID:6292
- C:\Windows\System\TyEbzsz.exe
  C:\Windows\System\TyEbzsz.exe
  2⤵
  PID:6496
- C:\Windows\System\MdIIWtH.exe
  C:\Windows\System\MdIIWtH.exe
  2⤵
  PID:6752
- C:\Windows\System\CwyyzOl.exe
  C:\Windows\System\CwyyzOl.exe
  2⤵
  PID:1648
- C:\Windows\System\FYMBtDf.exe
  C:\Windows\System\FYMBtDf.exe
  2⤵
  PID:7028
- C:\Windows\System\VQTSzpt.exe
  C:\Windows\System\VQTSzpt.exe
  2⤵
  PID:6956
- C:\Windows\System\WzNdyCD.exe
  C:\Windows\System\WzNdyCD.exe
  2⤵
  PID:6932
- C:\Windows\System\iWqKgek.exe
  C:\Windows\System\iWqKgek.exe
  2⤵
  PID:7180
- C:\Windows\System\wMffmYL.exe
  C:\Windows\System\wMffmYL.exe
  2⤵
  PID:7200
- C:\Windows\System\lAUeKFI.exe
  C:\Windows\System\lAUeKFI.exe
  2⤵
  PID:7232
- C:\Windows\System\dfKHVJa.exe
  C:\Windows\System\dfKHVJa.exe
  2⤵
  PID:7236
- C:\Windows\System\SgTLIYm.exe
  C:\Windows\System\SgTLIYm.exe
  2⤵
  PID:7300
- C:\Windows\System\fderVby.exe
  C:\Windows\System\fderVby.exe
  2⤵
  PID:7324
- C:\Windows\System\ayPlZfO.exe
  C:\Windows\System\ayPlZfO.exe
  2⤵
  PID:7380
- C:\Windows\System\ltHzmFk.exe
  C:\Windows\System\ltHzmFk.exe
  2⤵
  PID:7416
- C:\Windows\System\XDCDGyS.exe
  C:\Windows\System\XDCDGyS.exe
  2⤵
  PID:7436
- C:\Windows\System\OCFopte.exe
  C:\Windows\System\OCFopte.exe
  2⤵
  PID:7460
- C:\Windows\System\xEebLGO.exe
  C:\Windows\System\xEebLGO.exe
  2⤵
  PID:7504
- C:\Windows\System\lDHCSRT.exe
  C:\Windows\System\lDHCSRT.exe
  2⤵
  PID:7516
- C:\Windows\System\mWaaMrM.exe
  C:\Windows\System\mWaaMrM.exe
  2⤵
  PID:7576
- C:\Windows\System\wyrVGTT.exe
  C:\Windows\System\wyrVGTT.exe
  2⤵
  PID:7580
- C:\Windows\System\wcAyNTF.exe
  C:\Windows\System\wcAyNTF.exe
  2⤵
  PID:7620
- C:\Windows\System\zKMUtHM.exe
  C:\Windows\System\zKMUtHM.exe
  2⤵
  PID:7664
- C:\Windows\System\ssergAS.exe
  C:\Windows\System\ssergAS.exe
  2⤵
  PID:7684
- C:\Windows\System\PufvgmH.exe
  C:\Windows\System\PufvgmH.exe
  2⤵
  PID:7720
- C:\Windows\System\gNcXjyV.exe
  C:\Windows\System\gNcXjyV.exe
  2⤵
  PID:7784
- C:\Windows\System\tKGNPvu.exe
  C:\Windows\System\tKGNPvu.exe
  2⤵
  PID:7796
- C:\Windows\System\sWyJlGN.exe
  C:\Windows\System\sWyJlGN.exe
  2⤵
  PID:7836
- C:\Windows\System\PDkjyRQ.exe
  C:\Windows\System\PDkjyRQ.exe
  2⤵
  PID:7840
- C:\Windows\System\ndFzwoD.exe
  C:\Windows\System\ndFzwoD.exe
  2⤵
  PID:7904
- C:\Windows\System\WNcejUl.exe
  C:\Windows\System\WNcejUl.exe
  2⤵
  PID:7920
- C:\Windows\System\fMuOKVR.exe
  C:\Windows\System\fMuOKVR.exe
  2⤵
  PID:7976
- C:\Windows\System\KkfeZbB.exe
  C:\Windows\System\KkfeZbB.exe
  2⤵
  PID:3588
- C:\Windows\System\xtMVrac.exe
  C:\Windows\System\xtMVrac.exe
  2⤵
  PID:8024
- C:\Windows\System\ihjvMrQ.exe
  C:\Windows\System\ihjvMrQ.exe
  2⤵
  PID:8060
- C:\Windows\System\NdeiGFU.exe
  C:\Windows\System\NdeiGFU.exe
  2⤵
  PID:8084
- C:\Windows\System\lFdnkFB.exe
  C:\Windows\System\lFdnkFB.exe
  2⤵
  PID:8116
- C:\Windows\System\lbUisca.exe
  C:\Windows\System\lbUisca.exe
  2⤵
  PID:8120
- C:\Windows\System\QyNMfKM.exe
  C:\Windows\System\QyNMfKM.exe
  2⤵
  PID:8156
- C:\Windows\System\DNQNLDJ.exe
  C:\Windows\System\DNQNLDJ.exe
  2⤵
  PID:6312
- C:\Windows\System\dgFLufR.exe
  C:\Windows\System\dgFLufR.exe
  2⤵
  PID:6196
- C:\Windows\System\iZadNdP.exe
  C:\Windows\System\iZadNdP.exe
  2⤵
  PID:6648
- C:\Windows\System\UxnowLO.exe
  C:\Windows\System\UxnowLO.exe
  2⤵
  PID:6664
- C:\Windows\System\brZKgky.exe
  C:\Windows\System\brZKgky.exe
  2⤵
  PID:7152
- C:\Windows\System\TrEbpJa.exe
  C:\Windows\System\TrEbpJa.exe
  2⤵
  PID:7144
- C:\Windows\System\QRcEasK.exe
  C:\Windows\System\QRcEasK.exe
  2⤵
  PID:7240
- C:\Windows\System\twvNGTn.exe
  C:\Windows\System\twvNGTn.exe
  2⤵
  PID:7336
- C:\Windows\System\WMQdHde.exe
  C:\Windows\System\WMQdHde.exe
  2⤵
  PID:7304
- C:\Windows\System\SrKOWmC.exe
  C:\Windows\System\SrKOWmC.exe
  2⤵
  PID:7376
- C:\Windows\System\XjWeDgM.exe
  C:\Windows\System\XjWeDgM.exe
  2⤵
  PID:7340
- C:\Windows\System\kMnPRrS.exe
  C:\Windows\System\kMnPRrS.exe
  2⤵
  PID:7420
- C:\Windows\System\NETnkYT.exe
  C:\Windows\System\NETnkYT.exe
  2⤵
  PID:7496
- C:\Windows\System\djOYQMF.exe
  C:\Windows\System\djOYQMF.exe
  2⤵
  PID:7556
- C:\Windows\System\PQTKKye.exe
  C:\Windows\System\PQTKKye.exe
  2⤵
  PID:7604
- C:\Windows\System\wWooAIj.exe
  C:\Windows\System\wWooAIj.exe
  2⤵
  PID:7704
- C:\Windows\System\eTEWMFc.exe
  C:\Windows\System\eTEWMFc.exe
  2⤵
  PID:7740
- C:\Windows\System\BufalgS.exe
  C:\Windows\System\BufalgS.exe
  2⤵
  PID:7776
- C:\Windows\System\WFbaTkb.exe
  C:\Windows\System\WFbaTkb.exe
  2⤵
  PID:7820
- C:\Windows\System\ZKjnajo.exe
  C:\Windows\System\ZKjnajo.exe
  2⤵
  PID:7876
- C:\Windows\System\FpGLOpW.exe
  C:\Windows\System\FpGLOpW.exe
  2⤵
  PID:7936
- C:\Windows\System\jtuZGnN.exe
  C:\Windows\System\jtuZGnN.exe
  2⤵
  PID:7964
- C:\Windows\System\wSKuEBO.exe
  C:\Windows\System\wSKuEBO.exe
  2⤵
  PID:8000
- C:\Windows\System\WGYZrGo.exe
  C:\Windows\System\WGYZrGo.exe
  2⤵
  PID:8020
- C:\Windows\System\kJMNhzh.exe
  C:\Windows\System\kJMNhzh.exe
  2⤵
  PID:8104
- C:\Windows\System\yDZgDyG.exe
  C:\Windows\System\yDZgDyG.exe
  2⤵
  PID:3016
- C:\Windows\System\YaVuccF.exe
  C:\Windows\System\YaVuccF.exe
  2⤵
  PID:2784
- C:\Windows\System\JXXiPMZ.exe
  C:\Windows\System\JXXiPMZ.exe
  2⤵
  PID:6768
- C:\Windows\System\rAlbRCb.exe
  C:\Windows\System\rAlbRCb.exe
  2⤵
  PID:6152
- C:\Windows\System\pmOXUSL.exe
  C:\Windows\System\pmOXUSL.exe
  2⤵
  PID:6532
- C:\Windows\System\pFNDyIf.exe
  C:\Windows\System\pFNDyIf.exe
  2⤵
  PID:7108
- C:\Windows\System\qDYcMWE.exe
  C:\Windows\System\qDYcMWE.exe
  2⤵
  PID:2052
- C:\Windows\System\nQFtabw.exe
  C:\Windows\System\nQFtabw.exe
  2⤵
  PID:7316
- C:\Windows\System\QpvdJEJ.exe
  C:\Windows\System\QpvdJEJ.exe
  2⤵
  PID:7256
- C:\Windows\System\OgGcbpB.exe
  C:\Windows\System\OgGcbpB.exe
  2⤵
  PID:7272
- C:\Windows\System\OifYjQt.exe
  C:\Windows\System\OifYjQt.exe
  2⤵
  PID:7344
- C:\Windows\System\oZaKwoD.exe
  C:\Windows\System\oZaKwoD.exe
  2⤵
  PID:7520
- C:\Windows\System\DqWYBTS.exe
  C:\Windows\System\DqWYBTS.exe
  2⤵
  PID:7640
- C:\Windows\System\YDPEWrE.exe
  C:\Windows\System\YDPEWrE.exe
  2⤵
  PID:7724
- C:\Windows\System\PYwOxBw.exe
  C:\Windows\System\PYwOxBw.exe
  2⤵
  PID:1248
- C:\Windows\System\sbOPfZo.exe
  C:\Windows\System\sbOPfZo.exe
  2⤵
  PID:1284
- C:\Windows\System\wBkaSSR.exe
  C:\Windows\System\wBkaSSR.exe
  2⤵
  PID:2228
- C:\Windows\System\YOtCifx.exe
  C:\Windows\System\YOtCifx.exe
  2⤵
  PID:1836
- C:\Windows\System\GKwyPzE.exe
  C:\Windows\System\GKwyPzE.exe
  2⤵
  PID:2504
- C:\Windows\System\agXfbnl.exe
  C:\Windows\System\agXfbnl.exe
  2⤵
  PID:8012
- C:\Windows\System\QFavvBI.exe
  C:\Windows\System\QFavvBI.exe
  2⤵
  PID:2224
- C:\Windows\System\FNTBqpB.exe
  C:\Windows\System\FNTBqpB.exe
  2⤵
  PID:7400
- C:\Windows\System\eSNuBff.exe
  C:\Windows\System\eSNuBff.exe
  2⤵
  PID:7800
- C:\Windows\System\YEWBxqD.exe
  C:\Windows\System\YEWBxqD.exe
  2⤵
  PID:2848
- C:\Windows\System\mIpVWhc.exe
  C:\Windows\System\mIpVWhc.exe
  2⤵
  PID:756
- C:\Windows\System\klxYkoR.exe
  C:\Windows\System\klxYkoR.exe
  2⤵
  PID:1528
- C:\Windows\System\OBNIoow.exe
  C:\Windows\System\OBNIoow.exe
  2⤵
  PID:7444
- C:\Windows\System\tfevAal.exe
  C:\Windows\System\tfevAal.exe
  2⤵
  PID:2776
- C:\Windows\System\NzNhwSK.exe
  C:\Windows\System\NzNhwSK.exe
  2⤵
  PID:7956
- C:\Windows\System\YQrdQzM.exe
  C:\Windows\System\YQrdQzM.exe
  2⤵
  PID:2588
- C:\Windows\System\JxMssRT.exe
  C:\Windows\System\JxMssRT.exe
  2⤵
  PID:2176
- C:\Windows\System\RmueREA.exe
  C:\Windows\System\RmueREA.exe
  2⤵
  PID:6884
- C:\Windows\System\jtcICJH.exe
  C:\Windows\System\jtcICJH.exe
  2⤵
  PID:7600
- C:\Windows\System\YgSDzxj.exe
  C:\Windows\System\YgSDzxj.exe
  2⤵
  PID:2568
- C:\Windows\System\pPmILxP.exe
  C:\Windows\System\pPmILxP.exe
  2⤵
  PID:2852
- C:\Windows\System\LibVCor.exe
  C:\Windows\System\LibVCor.exe
  2⤵
  PID:7844
- C:\Windows\System\wHGethh.exe
  C:\Windows\System\wHGethh.exe
  2⤵
  PID:7940
- C:\Windows\System\JKpRFeV.exe
  C:\Windows\System\JKpRFeV.exe
  2⤵
  PID:316
- C:\Windows\System\vKmLwvQ.exe
  C:\Windows\System\vKmLwvQ.exe
  2⤵
  PID:1292
- C:\Windows\System\LmPGEQF.exe
  C:\Windows\System\LmPGEQF.exe
  2⤵
  PID:7864
- C:\Windows\System\sNXStID.exe
  C:\Windows\System\sNXStID.exe
  2⤵
  PID:7696
- C:\Windows\System\LqcVrmQ.exe
  C:\Windows\System\LqcVrmQ.exe
  2⤵
  PID:4696
- C:\Windows\System\VUmjLzs.exe
  C:\Windows\System\VUmjLzs.exe
  2⤵
  PID:1428
- C:\Windows\System\UMdSYVa.exe
  C:\Windows\System\UMdSYVa.exe
  2⤵
  PID:944
- C:\Windows\System\taQPXFI.exe
  C:\Windows\System\taQPXFI.exe
  2⤵
  PID:8056
- C:\Windows\System\ZCWCgQI.exe
  C:\Windows\System\ZCWCgQI.exe
  2⤵
  PID:2268
- C:\Windows\System\INOzjlf.exe
  C:\Windows\System\INOzjlf.exe
  2⤵
  PID:7736
- C:\Windows\System\bFiSeVM.exe
  C:\Windows\System\bFiSeVM.exe
  2⤵
  PID:2160
- C:\Windows\System\lfTZJSt.exe
  C:\Windows\System\lfTZJSt.exe
  2⤵
  PID:8212
- C:\Windows\System\cAJgpMl.exe
  C:\Windows\System\cAJgpMl.exe
  2⤵
  PID:8232
- C:\Windows\System\CysHJAN.exe
  C:\Windows\System\CysHJAN.exe
  2⤵
  PID:8252
- C:\Windows\System\uTUKRWd.exe
  C:\Windows\System\uTUKRWd.exe
  2⤵
  PID:8308
- C:\Windows\System\luCflTd.exe
  C:\Windows\System\luCflTd.exe
  2⤵
  PID:8328
- C:\Windows\System\FuVLEnW.exe
  C:\Windows\System\FuVLEnW.exe
  2⤵
  PID:8344
- C:\Windows\System\JOSKYAJ.exe
  C:\Windows\System\JOSKYAJ.exe
  2⤵
  PID:8360
- C:\Windows\System\HSIQDKi.exe
  C:\Windows\System\HSIQDKi.exe
  2⤵
  PID:8376
- C:\Windows\System\iXaYnTt.exe
  C:\Windows\System\iXaYnTt.exe
  2⤵
  PID:8392
- C:\Windows\System\NZOchri.exe
  C:\Windows\System\NZOchri.exe
  2⤵
  PID:8408
- C:\Windows\System\Vlgrklp.exe
  C:\Windows\System\Vlgrklp.exe
  2⤵
  PID:8424
- C:\Windows\System\RiPFIpg.exe
  C:\Windows\System\RiPFIpg.exe
  2⤵
  PID:8444
- C:\Windows\System\qTzKrcd.exe
  C:\Windows\System\qTzKrcd.exe
  2⤵
  PID:8464
- C:\Windows\System\HwxUkJB.exe
  C:\Windows\System\HwxUkJB.exe
  2⤵
  PID:8480
- C:\Windows\System\diEQBqO.exe
  C:\Windows\System\diEQBqO.exe
  2⤵
  PID:8496
- C:\Windows\System\aPOVpbT.exe
  C:\Windows\System\aPOVpbT.exe
  2⤵
  PID:8512
- C:\Windows\System\kdpweWQ.exe
  C:\Windows\System\kdpweWQ.exe
  2⤵
  PID:8532
- C:\Windows\System\hjnXXru.exe
  C:\Windows\System\hjnXXru.exe
  2⤵
  PID:8552
- C:\Windows\System\lLtuJGV.exe
  C:\Windows\System\lLtuJGV.exe
  2⤵
  PID:8568
- C:\Windows\System\aXdMkby.exe
  C:\Windows\System\aXdMkby.exe
  2⤵
  PID:8584
- C:\Windows\System\sNYYdrG.exe
  C:\Windows\System\sNYYdrG.exe
  2⤵
  PID:8612
- C:\Windows\System\eRGQUFa.exe
  C:\Windows\System\eRGQUFa.exe
  2⤵
  PID:8628
- C:\Windows\System\oWefBgi.exe
  C:\Windows\System\oWefBgi.exe
  2⤵
  PID:8644
- C:\Windows\System\JrUVmnx.exe
  C:\Windows\System\JrUVmnx.exe
  2⤵
  PID:8660
- C:\Windows\System\SYfYjFF.exe
  C:\Windows\System\SYfYjFF.exe
  2⤵
  PID:8676
- C:\Windows\System\uSCpGsV.exe
  C:\Windows\System\uSCpGsV.exe
  2⤵
  PID:8692
- C:\Windows\System\QvNsTRH.exe
  C:\Windows\System\QvNsTRH.exe
  2⤵
  PID:8708
- C:\Windows\System\UZXRbpA.exe
  C:\Windows\System\UZXRbpA.exe
  2⤵
  PID:8724
- C:\Windows\System\XwyXfLp.exe
  C:\Windows\System\XwyXfLp.exe
  2⤵
  PID:8740
- C:\Windows\System\XwGfvDg.exe
  C:\Windows\System\XwGfvDg.exe
  2⤵
  PID:8756
- C:\Windows\System\KKeGDNp.exe
  C:\Windows\System\KKeGDNp.exe
  2⤵
  PID:8772
- C:\Windows\System\oFPdrul.exe
  C:\Windows\System\oFPdrul.exe
  2⤵
  PID:8788
- C:\Windows\System\cPNQntY.exe
  C:\Windows\System\cPNQntY.exe
  2⤵
  PID:8804
- C:\Windows\System\vVADMjz.exe
  C:\Windows\System\vVADMjz.exe
  2⤵
  PID:8820
- C:\Windows\System\aKKpyfd.exe
  C:\Windows\System\aKKpyfd.exe
  2⤵
  PID:8836
- C:\Windows\System\ksWtNof.exe
  C:\Windows\System\ksWtNof.exe
  2⤵
  PID:8852
- C:\Windows\System\MVoHOyM.exe
  C:\Windows\System\MVoHOyM.exe
  2⤵
  PID:8868
- C:\Windows\System\zVEcWIB.exe
  C:\Windows\System\zVEcWIB.exe
  2⤵
  PID:8884
- C:\Windows\System\eOQwhLz.exe
  C:\Windows\System\eOQwhLz.exe
  2⤵
  PID:8900
- C:\Windows\System\zOTLPiO.exe
  C:\Windows\System\zOTLPiO.exe
  2⤵
  PID:8916
- C:\Windows\System\KUKTwaF.exe
  C:\Windows\System\KUKTwaF.exe
  2⤵
  PID:8932
- C:\Windows\System\rqWuepD.exe
  C:\Windows\System\rqWuepD.exe
  2⤵
  PID:8948
- C:\Windows\System\SkZZHDk.exe
  C:\Windows\System\SkZZHDk.exe
  2⤵
  PID:8964
- C:\Windows\System\ngVyWyU.exe
  C:\Windows\System\ngVyWyU.exe
  2⤵
  PID:8980
- C:\Windows\System\THzMQjy.exe
  C:\Windows\System\THzMQjy.exe
  2⤵
  PID:9000
- C:\Windows\System\OCnnEbl.exe
  C:\Windows\System\OCnnEbl.exe
  2⤵
  PID:9016
- C:\Windows\System\SbIuUsN.exe
  C:\Windows\System\SbIuUsN.exe
  2⤵
  PID:9032
- C:\Windows\System\yZeoGdm.exe
  C:\Windows\System\yZeoGdm.exe
  2⤵
  PID:9048
- C:\Windows\System\aMTmKgB.exe
  C:\Windows\System\aMTmKgB.exe
  2⤵
  PID:9064
- C:\Windows\System\XQxTRsJ.exe
  C:\Windows\System\XQxTRsJ.exe
  2⤵
  PID:9080
- C:\Windows\System\TZhDUjJ.exe
  C:\Windows\System\TZhDUjJ.exe
  2⤵
  PID:9096
- C:\Windows\System\eLzYqbi.exe
  C:\Windows\System\eLzYqbi.exe
  2⤵
  PID:9112
- C:\Windows\System\fKvUXYf.exe
  C:\Windows\System\fKvUXYf.exe
  2⤵
  PID:9128
- C:\Windows\System\PDaUtJc.exe
  C:\Windows\System\PDaUtJc.exe
  2⤵
  PID:9144
- C:\Windows\System\wEpPlpI.exe
  C:\Windows\System\wEpPlpI.exe
  2⤵
  PID:9160
- C:\Windows\System\iAjyfjk.exe
  C:\Windows\System\iAjyfjk.exe
  2⤵
  PID:9176
- C:\Windows\System\lATojlE.exe
  C:\Windows\System\lATojlE.exe
  2⤵
  PID:9192
- C:\Windows\System\TBZTfPf.exe
  C:\Windows\System\TBZTfPf.exe
  2⤵
  PID:9212
- C:\Windows\System\aZerjmR.exe
  C:\Windows\System\aZerjmR.exe
  2⤵
  PID:6468
- C:\Windows\System\rEYtzmq.exe
  C:\Windows\System\rEYtzmq.exe
  2⤵
  PID:7676
- C:\Windows\System\GDVZgJc.exe
  C:\Windows\System\GDVZgJc.exe
  2⤵
  PID:8180
- C:\Windows\System\ramFUpd.exe
  C:\Windows\System\ramFUpd.exe
  2⤵
  PID:2720
- C:\Windows\System\kVkNvAJ.exe
  C:\Windows\System\kVkNvAJ.exe
  2⤵
  PID:7192
- C:\Windows\System\HPZdisc.exe
  C:\Windows\System\HPZdisc.exe
  2⤵
  PID:2000
- C:\Windows\System\dPjRzTt.exe
  C:\Windows\System\dPjRzTt.exe
  2⤵
  PID:8076
- C:\Windows\System\sOhMtTA.exe
  C:\Windows\System\sOhMtTA.exe
  2⤵
  PID:2152
- C:\Windows\System\YdzQmgz.exe
  C:\Windows\System\YdzQmgz.exe
  2⤵
  PID:8208
- C:\Windows\System\FqyqkSX.exe
  C:\Windows\System\FqyqkSX.exe
  2⤵
  PID:8244
- C:\Windows\System\pusoByk.exe
  C:\Windows\System\pusoByk.exe
  2⤵
  PID:8316
- C:\Windows\System\EgCUiUb.exe
  C:\Windows\System\EgCUiUb.exe
  2⤵
  PID:8284
- C:\Windows\System\MOfooVn.exe
  C:\Windows\System\MOfooVn.exe
  2⤵
  PID:8268
- C:\Windows\System\oSBYEuH.exe
  C:\Windows\System\oSBYEuH.exe
  2⤵
  PID:8288
- C:\Windows\System\BDRiksp.exe
  C:\Windows\System\BDRiksp.exe
  2⤵
  PID:8304
- C:\Windows\System\pvCzUiQ.exe
  C:\Windows\System\pvCzUiQ.exe
  2⤵
  PID:8384
- C:\Windows\System\RlOdEmt.exe
  C:\Windows\System\RlOdEmt.exe
  2⤵
  PID:8432
- C:\Windows\System\muIYqqC.exe
  C:\Windows\System\muIYqqC.exe
  2⤵
  PID:8488
- C:\Windows\System\SSNICYW.exe
  C:\Windows\System\SSNICYW.exe
  2⤵
  PID:8560
- C:\Windows\System\IhnKkpV.exe
  C:\Windows\System\IhnKkpV.exe
  2⤵
  PID:8452
- C:\Windows\System\PeHZEfg.exe
  C:\Windows\System\PeHZEfg.exe
  2⤵
  PID:8564
- C:\Windows\System\LXJYrKg.exe
  C:\Windows\System\LXJYrKg.exe
  2⤵
  PID:8608
- C:\Windows\System\EWIgMjD.exe
  C:\Windows\System\EWIgMjD.exe
  2⤵
  PID:8544
- C:\Windows\System\NJuyMBV.exe
  C:\Windows\System\NJuyMBV.exe
  2⤵
  PID:8620
- C:\Windows\System\doVkFPN.exe
  C:\Windows\System\doVkFPN.exe
  2⤵
  PID:8636
- C:\Windows\System\jtNtxZC.exe
  C:\Windows\System\jtNtxZC.exe
  2⤵
  PID:8832
- C:\Windows\System\fgYmkfX.exe
  C:\Windows\System\fgYmkfX.exe
  2⤵
  PID:8892
- C:\Windows\System\sIlhGfO.exe
  C:\Windows\System\sIlhGfO.exe
  2⤵
  PID:8880
- C:\Windows\System\rkaSBmQ.exe
  C:\Windows\System\rkaSBmQ.exe
  2⤵
  PID:8944
- C:\Windows\System\KQdMvSS.exe
  C:\Windows\System\KQdMvSS.exe
  2⤵
  PID:8976
- C:\Windows\System\dHNndXN.exe
  C:\Windows\System\dHNndXN.exe
  2⤵
  PID:8752
- C:\Windows\System\WWWgyaA.exe
  C:\Windows\System\WWWgyaA.exe
  2⤵
  PID:8720
- C:\Windows\System\JcndEuv.exe
  C:\Windows\System\JcndEuv.exe
  2⤵
  PID:9072
- C:\Windows\System\lQPVaIT.exe
  C:\Windows\System\lQPVaIT.exe
  2⤵
  PID:9136
- C:\Windows\System\KzEcyqT.exe
  C:\Windows\System\KzEcyqT.exe
  2⤵
  PID:8768
- C:\Windows\System\kgfqsFU.exe
  C:\Windows\System\kgfqsFU.exe
  2⤵
  PID:9024
- C:\Windows\System\zskyuzT.exe
  C:\Windows\System\zskyuzT.exe
  2⤵
  PID:9184
- C:\Windows\System\kUQawPV.exe
  C:\Windows\System\kUQawPV.exe
  2⤵
  PID:8700
- C:\Windows\System\pQgSfww.exe
  C:\Windows\System\pQgSfww.exe
  2⤵
  PID:9088
- C:\Windows\System\FawHOtg.exe
  C:\Windows\System\FawHOtg.exe
  2⤵
  PID:9124
- C:\Windows\System\OLpROzU.exe
  C:\Windows\System\OLpROzU.exe
  2⤵
  PID:9204
- C:\Windows\System\MIwqTzC.exe
  C:\Windows\System\MIwqTzC.exe
  2⤵
  PID:2624
- C:\Windows\System\wOQdyuy.exe
  C:\Windows\System\wOQdyuy.exe
  2⤵
  PID:1172
- C:\Windows\System\EMsvVca.exe
  C:\Windows\System\EMsvVca.exe
  2⤵
  PID:8240
- C:\Windows\System\cZWepNk.exe
  C:\Windows\System\cZWepNk.exe
  2⤵
  PID:8276
- C:\Windows\System\aQYefaw.exe
  C:\Windows\System\aQYefaw.exe
  2⤵
  PID:8440
- C:\Windows\System\jAyhtrw.exe
  C:\Windows\System\jAyhtrw.exe
  2⤵
  PID:8596
- C:\Windows\System\yxdXyxx.exe
  C:\Windows\System\yxdXyxx.exe
  2⤵
  PID:8176
- C:\Windows\System\SpRhYWP.exe
  C:\Windows\System\SpRhYWP.exe
  2⤵
  PID:8224
- C:\Windows\System\jcLIIwB.exe
  C:\Windows\System\jcLIIwB.exe
  2⤵
  PID:1872
- C:\Windows\System\cMxOqLZ.exe
  C:\Windows\System\cMxOqLZ.exe
  2⤵
  PID:8300
- C:\Windows\System\VaOlEMT.exe
  C:\Windows\System\VaOlEMT.exe
  2⤵
  PID:8520
- C:\Windows\System\ksmIUsY.exe
  C:\Windows\System\ksmIUsY.exe
  2⤵
  PID:8508
- C:\Windows\System\TNEngNG.exe
  C:\Windows\System\TNEngNG.exe
  2⤵
  PID:8652
- C:\Windows\System\HDtwfzM.exe
  C:\Windows\System\HDtwfzM.exe
  2⤵
  PID:8864
- C:\Windows\System\BMQNgKB.exe
  C:\Windows\System\BMQNgKB.exe
  2⤵
  PID:8876
- C:\Windows\System\UVlozIB.exe
  C:\Windows\System\UVlozIB.exe
  2⤵
  PID:8912
- C:\Windows\System\UuuTOAC.exe
  C:\Windows\System\UuuTOAC.exe
  2⤵
  PID:8960
- C:\Windows\System\uvQzmiv.exe
  C:\Windows\System\uvQzmiv.exe
  2⤵
  PID:8688
- C:\Windows\System\KskHsik.exe
  C:\Windows\System\KskHsik.exe
  2⤵
  PID:9108
- C:\Windows\System\CyuWKMY.exe
  C:\Windows\System\CyuWKMY.exe
  2⤵
  PID:8796
- C:\Windows\System\JbswnWG.exe
  C:\Windows\System\JbswnWG.exe
  2⤵
  PID:9172
- C:\Windows\System\febbRAz.exe
  C:\Windows\System\febbRAz.exe
  2⤵
  PID:8340
- C:\Windows\System\vBEHILJ.exe
  C:\Windows\System\vBEHILJ.exe
  2⤵
  PID:5672
- C:\Windows\System\vjjGNsB.exe
  C:\Windows\System\vjjGNsB.exe
  2⤵
  PID:8576
- C:\Windows\System\PuVhmNm.exe
  C:\Windows\System\PuVhmNm.exe
  2⤵
  PID:9220
- C:\Windows\System\HUepSDa.exe
  C:\Windows\System\HUepSDa.exe
  2⤵
  PID:9236
- C:\Windows\System\nGBYBQA.exe
  C:\Windows\System\nGBYBQA.exe
  2⤵
  PID:9252
- C:\Windows\System\VMZPflv.exe
  C:\Windows\System\VMZPflv.exe
  2⤵
  PID:9268
- C:\Windows\System\rXEbITP.exe
  C:\Windows\System\rXEbITP.exe
  2⤵
  PID:9284
- C:\Windows\System\XpmqFRN.exe
  C:\Windows\System\XpmqFRN.exe
  2⤵
  PID:9300
- C:\Windows\System\sptPDOq.exe
  C:\Windows\System\sptPDOq.exe
  2⤵
  PID:9316
- C:\Windows\System\yZFURIb.exe
  C:\Windows\System\yZFURIb.exe
  2⤵
  PID:9332
- C:\Windows\System\SPABUni.exe
  C:\Windows\System\SPABUni.exe
  2⤵
  PID:9348
- C:\Windows\System\dUBHFgd.exe
  C:\Windows\System\dUBHFgd.exe
  2⤵
  PID:9364
- C:\Windows\System\ZMNNUzE.exe
  C:\Windows\System\ZMNNUzE.exe
  2⤵
  PID:9380
- C:\Windows\System\JMKHXsC.exe
  C:\Windows\System\JMKHXsC.exe
  2⤵
  PID:9396
- C:\Windows\System\VkPvHqK.exe
  C:\Windows\System\VkPvHqK.exe
  2⤵
  PID:9412
- C:\Windows\System\JzBzZSt.exe
  C:\Windows\System\JzBzZSt.exe
  2⤵
  PID:9428
- C:\Windows\System\QWfxQjZ.exe
  C:\Windows\System\QWfxQjZ.exe
  2⤵
  PID:9444
- C:\Windows\System\VfptaqL.exe
  C:\Windows\System\VfptaqL.exe
  2⤵
  PID:9460
- C:\Windows\System\VWXaMQx.exe
  C:\Windows\System\VWXaMQx.exe
  2⤵
  PID:9476
- C:\Windows\System\geoFinj.exe
  C:\Windows\System\geoFinj.exe
  2⤵
  PID:9492
- C:\Windows\System\utUsPzt.exe
  C:\Windows\System\utUsPzt.exe
  2⤵
  PID:9508
- C:\Windows\System\OFVJCOf.exe
  C:\Windows\System\OFVJCOf.exe
  2⤵
  PID:9524
- C:\Windows\System\wHxRiYT.exe
  C:\Windows\System\wHxRiYT.exe
  2⤵
  PID:9540
- C:\Windows\System\xPOYmlC.exe
  C:\Windows\System\xPOYmlC.exe
  2⤵
  PID:9556
- C:\Windows\System\iVirmyO.exe
  C:\Windows\System\iVirmyO.exe
  2⤵
  PID:9572
- C:\Windows\System\ImZkiwq.exe
  C:\Windows\System\ImZkiwq.exe
  2⤵
  PID:9588
- C:\Windows\System\BufODcW.exe
  C:\Windows\System\BufODcW.exe
  2⤵
  PID:9604
- C:\Windows\System\xxUPcPn.exe
  C:\Windows\System\xxUPcPn.exe
  2⤵
  PID:9620
- C:\Windows\System\lbvbAWu.exe
  C:\Windows\System\lbvbAWu.exe
  2⤵
  PID:9636
- C:\Windows\System\IJVqGeL.exe
  C:\Windows\System\IJVqGeL.exe
  2⤵
  PID:9652
- C:\Windows\System\ntJVich.exe
  C:\Windows\System\ntJVich.exe
  2⤵
  PID:9668
- C:\Windows\System\WRZyrHW.exe
  C:\Windows\System\WRZyrHW.exe
  2⤵
  PID:9688
- C:\Windows\System\CWnNYsh.exe
  C:\Windows\System\CWnNYsh.exe
  2⤵
  PID:9704
- C:\Windows\System\SLedLiy.exe
  C:\Windows\System\SLedLiy.exe
  2⤵
  PID:9720
- C:\Windows\System\USexdrJ.exe
  C:\Windows\System\USexdrJ.exe
  2⤵
  PID:9736
- C:\Windows\System\hXpTzIT.exe
  C:\Windows\System\hXpTzIT.exe
  2⤵
  PID:9752
- C:\Windows\System\nzrpYAd.exe
  C:\Windows\System\nzrpYAd.exe
  2⤵
  PID:9768
- C:\Windows\System\ShIjkyR.exe
  C:\Windows\System\ShIjkyR.exe
  2⤵
  PID:9784
- C:\Windows\System\cIpUiTH.exe
  C:\Windows\System\cIpUiTH.exe
  2⤵
  PID:9800
- C:\Windows\System\MwKwDVx.exe
  C:\Windows\System\MwKwDVx.exe
  2⤵
  PID:9816
- C:\Windows\System\zgMFHYX.exe
  C:\Windows\System\zgMFHYX.exe
  2⤵
  PID:9832
- C:\Windows\System\laAYwmp.exe
  C:\Windows\System\laAYwmp.exe
  2⤵
  PID:9848
- C:\Windows\System\OnRDAWZ.exe
  C:\Windows\System\OnRDAWZ.exe
  2⤵
  PID:9864
- C:\Windows\System\skoJMGW.exe
  C:\Windows\System\skoJMGW.exe
  2⤵
  PID:9884
- C:\Windows\System\JmHWFBw.exe
  C:\Windows\System\JmHWFBw.exe
  2⤵
  PID:9900
- C:\Windows\System\cfrBwVZ.exe
  C:\Windows\System\cfrBwVZ.exe
  2⤵
  PID:9916
- C:\Windows\System\VEKvgNJ.exe
  C:\Windows\System\VEKvgNJ.exe
  2⤵
  PID:9932
- C:\Windows\System\uvkqdCH.exe
  C:\Windows\System\uvkqdCH.exe
  2⤵
  PID:9948
- C:\Windows\System\pQcNzAw.exe
  C:\Windows\System\pQcNzAw.exe
  2⤵
  PID:9964
- C:\Windows\System\iDummLY.exe
  C:\Windows\System\iDummLY.exe
  2⤵
  PID:9980
- C:\Windows\System\YPvXufC.exe
  C:\Windows\System\YPvXufC.exe
  2⤵
  PID:9996
- C:\Windows\System\AvgSlSz.exe
  C:\Windows\System\AvgSlSz.exe
  2⤵
  PID:10012
- C:\Windows\System\iGkjHeO.exe
  C:\Windows\System\iGkjHeO.exe
  2⤵
  PID:10028
- C:\Windows\System\ANbaodH.exe
  C:\Windows\System\ANbaodH.exe
  2⤵
  PID:10044
- C:\Windows\System\UuhRUBB.exe
  C:\Windows\System\UuhRUBB.exe
  2⤵
  PID:10060
- C:\Windows\System\xVyySAo.exe
  C:\Windows\System\xVyySAo.exe
  2⤵
  PID:10076
- C:\Windows\System\jeQVVSE.exe
  C:\Windows\System\jeQVVSE.exe
  2⤵
  PID:10092
- C:\Windows\System\ppdwHTw.exe
  C:\Windows\System\ppdwHTw.exe
  2⤵
  PID:10108
- C:\Windows\System\yNnXRxq.exe
  C:\Windows\System\yNnXRxq.exe
  2⤵
  PID:10124
- C:\Windows\System\ZMOFTnj.exe
  C:\Windows\System\ZMOFTnj.exe
  2⤵
  PID:10140
- C:\Windows\System\EMmzonV.exe
  C:\Windows\System\EMmzonV.exe
  2⤵
  PID:10156
- C:\Windows\System\ymfpqxC.exe
  C:\Windows\System\ymfpqxC.exe
  2⤵
  PID:10172
- C:\Windows\System\jTNjNbi.exe
  C:\Windows\System\jTNjNbi.exe
  2⤵
  PID:10188
- C:\Windows\System\WkEajEW.exe
  C:\Windows\System\WkEajEW.exe
  2⤵
  PID:10204
- C:\Windows\System\HpbJDCe.exe
  C:\Windows\System\HpbJDCe.exe
  2⤵
  PID:10220
- C:\Windows\System\gOMThaj.exe
  C:\Windows\System\gOMThaj.exe
  2⤵
  PID:10236
- C:\Windows\System\BMFkoKg.exe
  C:\Windows\System\BMFkoKg.exe
  2⤵
  PID:8780
- C:\Windows\System\zbowlxA.exe
  C:\Windows\System\zbowlxA.exe
  2⤵
  PID:1912
- C:\Windows\System\hBWwRXT.exe
  C:\Windows\System\hBWwRXT.exe
  2⤵
  PID:8704
- C:\Windows\System\hDtlneB.exe
  C:\Windows\System\hDtlneB.exe
  2⤵
  PID:8416
- C:\Windows\System\vLMirAw.exe
  C:\Windows\System\vLMirAw.exe
  2⤵
  PID:7396
- C:\Windows\System\HLQGfgm.exe
  C:\Windows\System\HLQGfgm.exe
  2⤵
  PID:8296
- C:\Windows\System\wNKwarz.exe
  C:\Windows\System\wNKwarz.exe
  2⤵
  PID:9260
- C:\Windows\System\zuFyaCm.exe
  C:\Windows\System\zuFyaCm.exe
  2⤵
  PID:9012
- C:\Windows\System\QYwYPdq.exe
  C:\Windows\System\QYwYPdq.exe
  2⤵
  PID:8816
- C:\Windows\System\MjMAcQp.exe
  C:\Windows\System\MjMAcQp.exe
  2⤵
  PID:9356
- C:\Windows\System\EAHLVDy.exe
  C:\Windows\System\EAHLVDy.exe
  2⤵
  PID:9308
- C:\Windows\System\TpoVSwN.exe
  C:\Windows\System\TpoVSwN.exe
  2⤵
  PID:9312
- C:\Windows\System\dmGfLoE.exe
  C:\Windows\System\dmGfLoE.exe
  2⤵
  PID:9436
- C:\Windows\System\XVlZhBv.exe
  C:\Windows\System\XVlZhBv.exe
  2⤵
  PID:9536
- C:\Windows\System\uioYOYg.exe
  C:\Windows\System\uioYOYg.exe
  2⤵
  PID:9664
- C:\Windows\System\tFZsVVo.exe
  C:\Windows\System\tFZsVVo.exe
  2⤵
  PID:9728
- C:\Windows\System\hQUViPc.exe
  C:\Windows\System\hQUViPc.exe
  2⤵
  PID:9452
- C:\Windows\System\vTTkEOq.exe
  C:\Windows\System\vTTkEOq.exe
  2⤵
  PID:9516
- C:\Windows\System\GBbeGWq.exe
  C:\Windows\System\GBbeGWq.exe
  2⤵
  PID:9552
- C:\Windows\System\DftdkhX.exe
  C:\Windows\System\DftdkhX.exe
  2⤵
  PID:9648
- C:\Windows\System\kVZorJR.exe
  C:\Windows\System\kVZorJR.exe
  2⤵
  PID:9716
- C:\Windows\System\kiGJUVW.exe
  C:\Windows\System\kiGJUVW.exe
  2⤵
  PID:9844
- C:\Windows\System\lpKuBnX.exe
  C:\Windows\System\lpKuBnX.exe
  2⤵
  PID:9908
- C:\Windows\System\DGVjVLr.exe
  C:\Windows\System\DGVjVLr.exe
  2⤵
  PID:9860
- C:\Windows\System\xOUUMIW.exe
  C:\Windows\System\xOUUMIW.exe
  2⤵
  PID:9928
- C:\Windows\System\QjgqmZy.exe
  C:\Windows\System\QjgqmZy.exe
  2⤵
  PID:9812
- C:\Windows\System\LQQElif.exe
  C:\Windows\System\LQQElif.exe
  2⤵
  PID:10008
- C:\Windows\System\HNLZFvf.exe
  C:\Windows\System\HNLZFvf.exe
  2⤵
  PID:9956
- C:\Windows\System\nsnkLFX.exe
  C:\Windows\System\nsnkLFX.exe
  2⤵
  PID:10020
- C:\Windows\System\UmsNcnj.exe
  C:\Windows\System\UmsNcnj.exe
  2⤵
  PID:10036
- C:\Windows\System\NLIFIkt.exe
  C:\Windows\System\NLIFIkt.exe
  2⤵
  PID:10100
- C:\Windows\System\SelDvBY.exe
  C:\Windows\System\SelDvBY.exe
  2⤵
  PID:10120
- C:\Windows\System\lArUrQJ.exe
  C:\Windows\System\lArUrQJ.exe
  2⤵
  PID:10088
- C:\Windows\System\rVgUVKS.exe
  C:\Windows\System\rVgUVKS.exe
  2⤵
  PID:10180
- C:\Windows\System\zCiAMoK.exe
  C:\Windows\System\zCiAMoK.exe
  2⤵
  PID:10164
- C:\Windows\System\qpbXhVQ.exe
  C:\Windows\System\qpbXhVQ.exe
  2⤵
  PID:10200
- C:\Windows\System\klgcOuE.exe
  C:\Windows\System\klgcOuE.exe
  2⤵
  PID:9168
- C:\Windows\System\QzXeqTa.exe
  C:\Windows\System\QzXeqTa.exe
  2⤵
  PID:8940
- C:\Windows\System\cCeEttF.exe
  C:\Windows\System\cCeEttF.exe
  2⤵
  PID:8200
- C:\Windows\System\whkprUV.exe
  C:\Windows\System\whkprUV.exe
  2⤵
  PID:9676
- C:\Windows\System\JZAJBbt.exe
  C:\Windows\System\JZAJBbt.exe
  2⤵
  PID:9292
- C:\Windows\System\zYVYfki.exe
  C:\Windows\System\zYVYfki.exe
  2⤵
  PID:6684
- C:\Windows\System\RDJOoQa.exe
  C:\Windows\System\RDJOoQa.exe
  2⤵
  PID:9280
- C:\Windows\System\xEqDrpb.exe
  C:\Windows\System\xEqDrpb.exe
  2⤵
  PID:8748
- C:\Windows\System\TRFPgLM.exe
  C:\Windows\System\TRFPgLM.exe
  2⤵
  PID:9392
- C:\Windows\System\nRJRehm.exe
  C:\Windows\System\nRJRehm.exe
  2⤵
  PID:9500
- C:\Windows\System\vpnqGzT.exe
  C:\Windows\System\vpnqGzT.exe
  2⤵
  PID:9596
- C:\Windows\System\BqcyKcR.exe
  C:\Windows\System\BqcyKcR.exe
  2⤵
  PID:9660
- C:\Windows\System\vpKKTLw.exe
  C:\Windows\System\vpKKTLw.exe
  2⤵
  PID:9420
- C:\Windows\System\JasESsv.exe
  C:\Windows\System\JasESsv.exe
  2⤵
  PID:9840
- C:\Windows\System\pVwdFRG.exe
  C:\Windows\System\pVwdFRG.exe
  2⤵
  PID:9880
- C:\Windows\System\eBilIrD.exe
  C:\Windows\System\eBilIrD.exe
  2⤵
  PID:10004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BWwUgRB.exe

Filesize
6.0MB

MD5
1bf686d75ebedbbe4438a152a581baad

SHA1
7f059156cd73caf890ca0bd20fd54c240540bd52

SHA256
c03a48539ee9589b7d872a11f2d42458bc8a5e57f915a17fc54c3ca971569b99

SHA512
6a6950308406dc909bc0626748f24f12ff66adf3e04f46f4ef46ea2f29358a6568d96c3351b3778bda0e608005de65e2f86c8c08153fee164400e9a911d96579

Download Submit
C:\Windows\system\CrKPfxh.exe

Filesize
6.0MB

MD5
bac3ff5cf0d876b2ef14dd1fc526bdc4

SHA1
dd30563b8aa36fc8b1d057b082916dad2a5e7280

SHA256
27df5466b963333d0f55b274124fb277e24fe92770bc3db0ebc3053ea7d656ca

SHA512
2d512c503bd0bc949125770771b14eccb1bd477e1400c39d714fa778f9a9b56a37b09dcc178affd393ab8944aa9c35ef0ed6ccd47f10f9cdc43ff1aaa5ddb103

Download Submit
C:\Windows\system\EglRaiP.exe

Filesize
6.0MB

MD5
7e79eff25eb9013583b15649378cb691

SHA1
37ab3ed4f6aa286637e9906b44e23e0af94c0401

SHA256
4969981d871f2aed5506a274f60cf1c8a165c4dd859ea2e1adf9e3732ec4d1cb

SHA512
9bc1621b543afd141e321c55ec98005db7a12b1832fe1e92109a71606a6f7ec4317ccdd4936d41d3a4f6088cba7c82d2c4b88420c5fd6a2cd810b23d7480ae80

Download Submit
C:\Windows\system\FsDFhSC.exe

Filesize
6.0MB

MD5
3f9daf2b4b6769eaadbfcbbf8495f897

SHA1
ae8ac2225a86d3e84fba9c25d87a9b93cf61731c

SHA256
33c4a6fa08d4e6e9d5380cc07ce213551b6cb6bd51068df0b67be26abcc622d1

SHA512
8bc785279ebfffb44b654d4bd4035bb5e85066131436c20a38256609bb0764e8d5ccd2154662dbf808539a4b889e3280e194a879a5e6063f3a593c694b585cc4

Download Submit
C:\Windows\system\GJGUvwP.exe

Filesize
6.0MB

MD5
42afdb13e156878444ba9b183afb2d1c

SHA1
63055b3d16b4c1b89481b3a56df7212edc6837c7

SHA256
a01a0606ba1f9e2ea8d7ad0db7403792b1afc8b3b8090fd24e2dfc8d8cdc4b2e

SHA512
fed853e513497d648780ddc5fd702d6a655d421442f977a03759d43513fc6dc437768fbac522cb592e60d49f2862c4510d88472d9a50ba62eef5f2c8ecb88911

Download Submit
C:\Windows\system\GnzfPZL.exe

Filesize
6.0MB

MD5
4014dbc57131fc462554270a5628e4fa

SHA1
89e0a8fc1e6952d48e9c2c40178426f37ed26d32

SHA256
9330abcf90d363ea38248befcdbef43137bf3a4af2a1680d0cea30de854f98cb

SHA512
a635880276525a58aa8f0f32772f74898fd04833a4401f871b36f850026bbdda850652bee29d063bc63e6c2e2f0f17e7a49cddbea1715e97a8db8a679d611d5f

Download Submit
C:\Windows\system\LNUIkJf.exe

Filesize
6.0MB

MD5
69c304b508f9d0218226378453230700

SHA1
7127dacd3aa7e14b532b8ecc6188ec2ca65588a8

SHA256
58931ad3301faf70639bab326f39cddcd624264efef787d9b0b4597f3f52e960

SHA512
9fb6058a82a2af6a36b02d677c08f2f3a24665bbc8f4f89c680052587666834cc3dedd9468ecb56d2cdfb3e9b63606de45fcd78e7e50ca28a6911b9f33dd0135

Download Submit
C:\Windows\system\QEeEALF.exe

Filesize
6.0MB

MD5
e04a328bd0b0740ddce909526e317f45

SHA1
cff2db5cc8064b92eb8f48f339d33bd613652aae

SHA256
03610cbd4aee252396d0eb27f219cc1aa59465a3f469b7cf7873fce4f500c679

SHA512
edd134a98aeb51e8dc95356e2d83eb9f9a7e418f7f3bfb9c68e8c3806e6345bcf81265d38bbd9cad39f26fa25502e7990e59cf0c83452c9af91615ac0c5e505a

Download Submit
C:\Windows\system\TJBEiHZ.exe

Filesize
6.0MB

MD5
3ae929ed39934fcd62ac5faa59cf8d28

SHA1
d2ebfecf541ae005bae35c6be160ff3077556e78

SHA256
8252fcf8af350b72ca1e66e2bba7c4e5a52fda63bbb8b9876bd758f431774551

SHA512
1c0ba96b0a09337c3f9f4188f580bee2d692ccdaac4759a2ef9f8a1045e1065d73f74eec100cc73d78065665490062d1c3dd4adad8f3b8c5c19bc535b00646f0

Download Submit
C:\Windows\system\XNsOmnr.exe

Filesize
6.0MB

MD5
2debf93b404c3b5238bd937ad2b7113b

SHA1
54bcff7d25e8ddee126a29404ca8b2044a48079d

SHA256
9f31fd09542e4b84eeb649736e785727cea289d95ff23ad0bc5a1efbab11f84d

SHA512
074735ee62a5fa053a100efd34b0ca292ad597da2a576239e2e1f40266aba1ec3f4d5a7ff229939ae9d6073b464a87f83e0c149e2725e860b6f0da3b1ea9a447

Download Submit
C:\Windows\system\ZFICTCe.exe

Filesize
6.0MB

MD5
3a766eb8c0597b7fdc919f96d8e17ee2

SHA1
4715f0c8005564d464743fa6023d90f34a778433

SHA256
95de369e102524f4518cf0131401879b42fb253005adcb81c30c37ed7e981cf7

SHA512
b621a4a794ee99131026b14332f4d5d75d0a539de4c657d7939edb8f95591fc7a3dd8b8c042400e6c2ad063742c7d742b7c8454606662914b9402ad2cf560251

Download Submit
C:\Windows\system\bqiDZOu.exe

Filesize
6.0MB

MD5
d511dea76c4643ccf88cba640e3e7b56

SHA1
1fee4982a07dade35d2664f274ad537eadc70d81

SHA256
c3c74636c0d401fa43029d1e43816b40bc79d0e10b80c45690d44efb58c66e46

SHA512
33215dbfa29e68e1fb98ed8bbe0a335fe6b7ec854fa8816ae6ffaa33229bf6539182a4eda3b3a28a5b4bb8d171f8e20b8b2851f2dc31f9bea4352e2c8ea78bbc

Download Submit
C:\Windows\system\fPQCJpC.exe

Filesize
6.0MB

MD5
733e456999f11ba980dfec6a0dc3c6de

SHA1
d4e7fc0ef93532bbaea7100d6a1e3af9a7c2275b

SHA256
0b5089964601fb1a5b637cf5d8571961738cdf3e96144fa536daecc8c8b34a04

SHA512
7a152c8e6d1a3cacf50b74428923fb72934d24f1d4c21a4995b1e8178627743a91648346345569462ac5d7de749f21655297b198d6f1b4c5ad073c2af8bec8a1

Download Submit
C:\Windows\system\gzYSvTI.exe

Filesize
6.0MB

MD5
dc671bf683bd90d876bf2f77cf7b08b8

SHA1
2ddcb3c2e712d25f0d9f9d39eba894ab7c47dbce

SHA256
128228f428d7a35430b13bd69e2342f5b1dab9f910b49ac7f1dc4f86eecdaf7b

SHA512
a121dba0d04723fc5590c5e71486e5c640fc00efb50fa1cb19d6ee3f986b970f960d60dba520848c8b120b2b39409cd84084876c50b8cc5491a6ca8d258dd770

Download Submit
C:\Windows\system\jsIplJf.exe

Filesize
6.0MB

MD5
9f2e91c838952a56f3076babb58801ca

SHA1
2d7916ced64c9e89d320a6f41985220f544224a1

SHA256
17c0c3870f4e0ae2f44bddd57f29fbc4ed2e9f0e0b24305e08b7eb9bd72b6ff3

SHA512
0646da9480961a108e81e203bd31fe4fc208ca13b59d7b5a7f7f3e890a34b99c8a7e8bb3d12e38044b94b7aadffd2ad5b6ffb252d9d0f1a8773d7e46ab0ba106

Download Submit
C:\Windows\system\lotxXuY.exe

Filesize
6.0MB

MD5
1083fa2172fb8996e2e0368f59fb93dc

SHA1
35f81c0d5aa364f5682a7e06e4374fee7e5a8643

SHA256
2a6278e2c8359e014ac47a45e10f0b7688f90659afdabb1c4766823c08f45932

SHA512
33bc1409929ae77af95857ce0ae3c6eb2cc4169ea4465bfc25323142497fdbef0bec941d54e3aaefaf4b5a4818e3996f11df4373425e5f676937e91f34cd81e4

Download Submit
C:\Windows\system\lqFGTki.exe

Filesize
6.0MB

MD5
4059409385bd75ea41749e4414886ef4

SHA1
91066b2115ba2cce7af7d5a98d30316758f7a169

SHA256
4598bdf2586578deff29aca138bd9cdc39725708c37c73b62ad00b2b2dd203c9

SHA512
8e0f78ed287a7fb3e1825be27f1529d6d4b2b5c4a1a193cb18e7f475a67b3284733e063ae3570332fe4579534c293fe62fb481df5326a7949de678f7ec1cb15e

Download Submit
C:\Windows\system\lvNFsMk.exe

Filesize
6.0MB

MD5
22c8e6749d6314a01080382fcc3f2609

SHA1
c6030829b0c3723f580a14f67344e3fc457bd1a5

SHA256
d1e5b1e30b6fcfb2329d504ee0fe111e1d22aeadfda234a9c39e598886bdd9a7

SHA512
1e1d6736c0517b51413fb407f59d5c5dbd0a0b7ce3e6bc1b461b396d858628575d71354034de6c65b3b96165cf4b333d63b66608f739c7836fa023972c9bdd62

Download Submit
C:\Windows\system\nAlegij.exe

Filesize
6.0MB

MD5
d09025de34c74a859629cdca8b14409e

SHA1
fde32e415b6a7e38cc8d79089ebb26b687f82077

SHA256
ef46794ca1fc2e1edeb3b8cdeff4ce1b278ed4ed3f9eacb6e5858b6f279c63ab

SHA512
c7c72370c20ee8530b7ca9dc0b8f7f3da40f6609f52f9228e769d0916e732bb3f2ec75b2faf99d65c7fd6282eb1ef8cb4d89199442945926ff8a1b89ffd6be93

Download Submit
C:\Windows\system\sInGIhK.exe

Filesize
6.0MB

MD5
6d12a3af443e52852d75e3f5912d478f

SHA1
899d1fc281307e27f5d5d7ae58c7ae41594a3de9

SHA256
3c291cdf7c8ae54f2f9b55de8ef85a3a78f1aa08ff3d6484e540f4db305eba70

SHA512
52a39faa7e3a0b09e5c5d2d0c7cc53f76b69b2d6bb32c041d253f2480298797eae76e706cd1e74d6a73ee0abbf73844bd72b5d47b4027c438e2ad4675a8cce02

Download Submit
C:\Windows\system\sJwolvW.exe

Filesize
6.0MB

MD5
440798667e456550afbe754d4ab5aa43

SHA1
2524388163178aa62690fdcefc77215112604503

SHA256
12f0dd70b318a898bec4fb469ae5bb32da08d4e315dd264ab4d875c59f9a220b

SHA512
e0ca1f734b0f2e18697fc1c4051a65d3601a0c8744de4fe19c9963379267b7d0b895ab160e6ec30ba166fd9590a6ce48632f1fe6394f55de7f3dc2f4758aaad8

Download Submit
C:\Windows\system\sgdgEgZ.exe

Filesize
6.0MB

MD5
c770dbc288a7fdd55d0ad60979f843fe

SHA1
719a4ff14348c30ffb030be2c20785979b8748f6

SHA256
e1adbc6da9779af78463fcad9dcebe4674b9fcc1071bb944d59022eaa6d6c7cd

SHA512
5f64c62f0d35f435d87aae888c107e22c5646c08b73a4f7b83f56e32061fdda5da5901bb10fca62989ca89d5215374e22bdda370b0615a0deafa5f239cbc42b3

Download Submit
C:\Windows\system\unjqgaV.exe

Filesize
6.0MB

MD5
f42d923ca0d0c2bc6bd036bcdabdd9cd

SHA1
5dfeebfaf211e9ca06c8757fc7654dcda52f52e3

SHA256
94883ba3ce11e7122a2eef93f28862863abaf83869ebd5ed770071fcb4b48623

SHA512
53bc6af0aaa1139c3f648e7627aa63fc969ca7ba1e140bcbafc65b1381e47cc65b39575d97abd71685d5026d9239e9253613cc73d7c6b7296c99878cf10775eb

Download Submit
C:\Windows\system\vfBBrSt.exe

Filesize
6.0MB

MD5
0b62c63c53bf9b6dce2a33249812c3bf

SHA1
89191fb383c192c185896e8a3826874f354c97e0

SHA256
7fc00943d7bd60432f868ac24333e4e68bf66dd5c1ef3a7f53f6f0132e9a3c0d

SHA512
48211a770d1fda3221b005ce99ea51504b39e6a6b6bdb7685a6251188904a093d8164ff21c7068dbe2e2d87a2e1bcd032458cd4dfa170426ca82f8702e13849d

Download Submit
C:\Windows\system\wVEDhsa.exe

Filesize
6.0MB

MD5
1828b3ae4430982d59cab72f4120156f

SHA1
71c9bc14b53b3ab3a5be7acab772a52455fd9667

SHA256
d11c8fe26aba42909519c35e9a599d8b0c3437766db5b4a20041777114ff9ce4

SHA512
1c8f85d630a686c5d17767bf178e1a500d5a409b0c20311d70a9c6285a8a02760b44ea7cf8991e7942630eb4abb61c14250885a605f7b7325730e7310b1c35e4

Download Submit
C:\Windows\system\yVAXwpm.exe

Filesize
6.0MB

MD5
904f4ce7d4952e18d43a584fbdb6c0d7

SHA1
f2052b2a31af933d79ca35d17b48a83f74851837

SHA256
974496f86921c72570552c546cd496acca8a2918a70621b987dcc84f15a49de6

SHA512
cea40d35c14330035095d6fe2d4e35e51df9e9485cec97d6c2183c483499de0485501593927c371641dae522255a8163194f97c260901f74f298f98e03cd140c

Download Submit
C:\Windows\system\zOUQfha.exe

Filesize
6.0MB

MD5
075dd0afcdd42816b817a0c8dfa074cf

SHA1
0eb3c580b3b07b910e4a68f5a2511d88cba8167c

SHA256
4af7f7dd714cd7cf1524a1ef07c3383096f225b23610d38de64a0b7d9b81545f

SHA512
4775c733abd88feb45665ef93760c7308a59c95d7e22f39eeb953bbbf5fc8381b628103ac5a9487488f807a61326c38f89f78df4be4ada427f333cda93904580

Download Submit
C:\Windows\system\zzmsTec.exe

Filesize
6.0MB

MD5
306cd56e5da398f41b49676dfcddcfed

SHA1
b775f2b537f4e12c96d3dc646c7eecc73f7fa1b5

SHA256
d707fa4a76602413b5d6a9f26806aa4f844150c841a75053e9265e3462fe0d30

SHA512
4b7b0a81cd051a8bb5b29f9a9ea53e9bc87f23525f426cb3be673a181c91998c319cf17322a7f98c5255b8fae8fd4790943b6fc79823f90e13c77c3819297144

Download Submit
\Windows\system\OxiZlLQ.exe

Filesize
6.0MB

MD5
823d38fa2ee71a8a0a118175d4433da4

SHA1
33fd596f538f63d10308b3f8dca297dc4c5bcf51

SHA256
5b3d17c5d0cf7c56379f4fe1608c02dcb9491e55d2fa5ab6ef3b9d14d8c29431

SHA512
383f36bd3f0d4c4ad7efb13a45053c6f4a9e82ee426ebc2160c1a2b0b9b6e93f38667170d7082458c154e3de43c65d2444618816ceb318208600a1cf7145b6ed

Download Submit
\Windows\system\ScFSuAs.exe

Filesize
6.0MB

MD5
25d3b219f14093952ef14ff3db785b5d

SHA1
07cf56adfbd92c6812bac0bc0c0e6bd2e2a5fd44

SHA256
3c2e75ca4d1ff6c0c20d694374daecefc766c190c865b39af6701ebf7df45852

SHA512
e9903c8c1f2e7d8f290411bd2976b560d5f597608d0c6d51e0865e111ecd96f74ddee7c73c94c24ee8c217d80325cff47d31285cb7c879206b979a99f8fc3d17

Download Submit
\Windows\system\gzHkaoC.exe

Filesize
6.0MB

MD5
fd54f966c2c151fe5fc7c1e4172e73ea

SHA1
11ad0b2409718d6f497c8c605d7f1c7bee52468d

SHA256
7f06e832df750a9e337e50f4475ddb90fa09f83665c9fd0aff282c71355b968c

SHA512
048a712ef86ec0c0be8465bc41d16bdf04f1c0bdbe5098eca8513f42d4db134a6c24b736098e8d57c92bda50c000196f844c71bad0544b9b9ee7cefb66ba7696

Download Submit
\Windows\system\uFOuFxZ.exe

Filesize
6.0MB

MD5
2683f8f2015ee35a3e9f7c346e843671

SHA1
a08eda0a3c0b4c1452ad01b5d1063d1f29d3a0cf

SHA256
ff06393fee68c11976ff1e904b161d214a956e65201698d1b2140d5c2e55d656

SHA512
2b9f914942d250023516aadd6603c91f3ace597a4b13414f95bc84d1223df24dfb7c1fc6d30315f41ba44c6559f9f62cf455e70712d1e1a913175528a7e8c65d

Download Submit
memory/2212-117-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2284-37-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2376-15-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2528-1134-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-111-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2528-126-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2528-810-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2528-47-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2528-108-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2528-107-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2528-106-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2528-925-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2528-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2528-96-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-64-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2528-14-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2528-69-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2528-0-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-51-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2528-43-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2528-40-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2528-36-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2528-1135-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2528-100-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2528-232-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-23-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-122-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2704-94-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1137-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2756-115-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2760-78-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-926-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3973-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-30-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-567-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3975-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-39-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2908-74-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2996-11-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download