cobaltstrike | c68c9bac4345b19ee118dae44eb71922c116d208f9d592a0d9ba58b630417cdf

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/12/2024, 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

5077d3683600ea4006ab5f2abf84ea56
SHA1

027e4fbd51e49fe33f9893cec757ad5f9168739c
SHA256

c68c9bac4345b19ee118dae44eb71922c116d208f9d592a0d9ba58b630417cdf
SHA512

ff76d1c4a5df0cca9b27baba8b80a9cf6d7f77ff62e70472fe039eb984e39c7475b65623d5e3d756b822ec20163817cb93cdca03dc70d617757ce63023296a96
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUg:eOl56utgpPF8u/7g

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001707f-11.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174b4-15.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175f1-26.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175f7-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018697-41.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939f-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019428-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e1-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019520-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952e-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019535-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952b-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019543-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019518-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019508-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019510-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c3-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d5-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f9-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193dc-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d0-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-55.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-50.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018706-45.dat	cobalt_reflective_dll
behavioral1/files/0x000e000000018683-36.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174f8-21.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 44 IoCs

miner

resource	yara_rule
behavioral1/memory/1860-0-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x000800000001707f-11.dat	xmrig
behavioral1/files/0x00080000000174b4-15.dat	xmrig
behavioral1/files/0x00070000000175f1-26.dat	xmrig
behavioral1/files/0x00070000000175f7-30.dat	xmrig
behavioral1/files/0x0007000000018697-41.dat	xmrig
behavioral1/files/0x0005000000019358-60.dat	xmrig
behavioral1/files/0x000500000001939f-70.dat	xmrig
behavioral1/files/0x00050000000193cc-75.dat	xmrig
behavioral1/files/0x0005000000019428-100.dat	xmrig
behavioral1/files/0x00050000000194e1-120.dat	xmrig
behavioral1/files/0x0005000000019520-144.dat	xmrig
behavioral1/files/0x000500000001952e-157.dat	xmrig
behavioral1/files/0x0005000000019535-155.dat	xmrig
behavioral1/files/0x000500000001952b-150.dat	xmrig
behavioral1/files/0x0005000000019543-160.dat	xmrig
behavioral1/files/0x0005000000019518-140.dat	xmrig
behavioral1/files/0x0005000000019508-130.dat	xmrig
behavioral1/files/0x0005000000019510-134.dat	xmrig
behavioral1/files/0x00050000000194c3-110.dat	xmrig
behavioral1/files/0x0005000000019502-125.dat	xmrig
behavioral1/files/0x00050000000194d5-115.dat	xmrig
behavioral1/files/0x00050000000194ad-105.dat	xmrig
behavioral1/files/0x0005000000019426-95.dat	xmrig
behavioral1/files/0x00050000000193f9-90.dat	xmrig
behavioral1/files/0x00050000000193dc-85.dat	xmrig
behavioral1/files/0x00050000000193d0-80.dat	xmrig
behavioral1/files/0x000500000001938e-65.dat	xmrig
behavioral1/files/0x0005000000019354-55.dat	xmrig
behavioral1/files/0x00050000000192a1-50.dat	xmrig
behavioral1/files/0x0007000000018706-45.dat	xmrig
behavioral1/files/0x000e000000018683-36.dat	xmrig
behavioral1/files/0x00080000000174f8-21.dat	xmrig
behavioral1/memory/3012-1891-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2540-2043-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2660-2516-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2564-2546-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/1304-2584-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/1860-3308-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/1860-3420-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/3012-3887-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/1304-3889-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2660-4040-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3012	cfWBAsi.exe
2540	cysYvhx.exe
2660	rUKoPOs.exe
2564	usqCnPW.exe
1304	NlotLYi.exe
2636	ufhIqdJ.exe
2788	zApUjAq.exe
2452	XmpECen.exe
2684	vXNhvRf.exe
2424	CTNsvkJ.exe
2488	gJbrUxs.exe
2896	kUGamSP.exe
2208	lYMeuNV.exe
776	OLWZIhk.exe
864	CnJipEU.exe
1792	kUyMBxA.exe
2152	AYmpaEI.exe
1616	fcefVet.exe
2336	xCjvhtt.exe
1032	JqrmBjX.exe
1160	hXElCtw.exe
2316	kxNrDHM.exe
820	tVHLeWo.exe
480	izuesZL.exe
2796	MmrerIh.exe
3020	aYUhwEI.exe
2268	zSJmffe.exe
2016	hnHyGhl.exe
2472	jsuQObM.exe
1052	QOoxKTd.exe
1380	LeNJIoo.exe
916	RxaHabj.exe
1868	kwIddfk.exe
1752	DRJISxj.exe
2956	TZjjljX.exe
1104	JISHPVK.exe
1768	dLHrckI.exe
688	OxXmIMT.exe
264	euzHRDb.exe
2140	cexpXDh.exe
2124	jNDIuuF.exe
1508	mXTxYTC.exe
1528	rjmECUn.exe
2088	gfcAPwm.exe
1724	rsGMoGL.exe
2764	ctVlUdz.exe
692	SbruZjM.exe
568	SCNILOy.exe
1736	wkJaBrj.exe
1648	RkkpZnH.exe
1732	COBwddB.exe
2828	oQkerwE.exe
1700	xYAdvIJ.exe
1556	AjzYnsB.exe
1692	ggZbEEY.exe
3040	bWYvilb.exe
2832	xIKgFQk.exe
2572	FoexmvJ.exe
2536	dzTvVHE.exe
2460	CQKOGMn.exe
2600	zdPfpCi.exe
2200	WhWPFaz.exe
2476	plweYJT.exe
576	SPtAkoc.exe

Loads dropped DLL 64 IoCs

pid	Process
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 43 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1860-0-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x000800000001707f-11.dat	upx
behavioral1/files/0x00080000000174b4-15.dat	upx
behavioral1/files/0x00070000000175f1-26.dat	upx
behavioral1/files/0x00070000000175f7-30.dat	upx
behavioral1/files/0x0007000000018697-41.dat	upx
behavioral1/files/0x0005000000019358-60.dat	upx
behavioral1/files/0x000500000001939f-70.dat	upx
behavioral1/files/0x00050000000193cc-75.dat	upx
behavioral1/files/0x0005000000019428-100.dat	upx
behavioral1/files/0x00050000000194e1-120.dat	upx
behavioral1/files/0x0005000000019520-144.dat	upx
behavioral1/files/0x000500000001952e-157.dat	upx
behavioral1/files/0x0005000000019535-155.dat	upx
behavioral1/files/0x000500000001952b-150.dat	upx
behavioral1/files/0x0005000000019543-160.dat	upx
behavioral1/files/0x0005000000019518-140.dat	upx
behavioral1/files/0x0005000000019508-130.dat	upx
behavioral1/files/0x0005000000019510-134.dat	upx
behavioral1/files/0x00050000000194c3-110.dat	upx
behavioral1/files/0x0005000000019502-125.dat	upx
behavioral1/files/0x00050000000194d5-115.dat	upx
behavioral1/files/0x00050000000194ad-105.dat	upx
behavioral1/files/0x0005000000019426-95.dat	upx
behavioral1/files/0x00050000000193f9-90.dat	upx
behavioral1/files/0x00050000000193dc-85.dat	upx
behavioral1/files/0x00050000000193d0-80.dat	upx
behavioral1/files/0x000500000001938e-65.dat	upx
behavioral1/files/0x0005000000019354-55.dat	upx
behavioral1/files/0x00050000000192a1-50.dat	upx
behavioral1/files/0x0007000000018706-45.dat	upx
behavioral1/files/0x000e000000018683-36.dat	upx
behavioral1/files/0x00080000000174f8-21.dat	upx
behavioral1/memory/3012-1891-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2540-2043-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2660-2516-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2564-2546-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/1304-2584-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/1860-3308-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/3012-3887-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/1304-3889-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2660-4040-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ExXNeLS.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nyzWBrC.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkyBHxi.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mtJXjSF.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AhybJgR.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SbruZjM.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\trdeiXm.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aolcwUB.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hjdCpgj.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\COBwddB.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uGAzbJL.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NduEzFn.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iiInSel.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vbJRXoy.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lKDJJXq.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tZOTrDU.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INRIhpc.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oZFcJfF.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VNJnssf.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\loJwQMp.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QqxuMMB.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpVqULK.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpMMllr.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\drsQGNh.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wEieXNe.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pcaPMSO.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BZOQgRc.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fenwKCu.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iVImGBa.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\smfcRBm.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\McVFCUl.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MRYpRHe.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PdGfDMi.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZZqtYsO.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bfRoLrs.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\apIooPu.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sPjjKPR.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KPYmuPd.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mwcvLqT.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnHgvOh.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BLBvlos.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGPlIzg.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hAKJMGV.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rOnOgKh.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\srdzKbz.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wAYmWWr.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kMIGciK.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kwIddfk.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zMGBSUL.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KxyEpCR.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NCmzBwr.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wkJaBrj.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\geHBhrG.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPotxYs.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KOwyNJq.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqhDiAA.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BjZPcEF.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\teSDphU.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VFilesX.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\suruHxt.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QSrbwPC.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QcVlfoH.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VeyUKIK.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gUAGCaq.exe	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 3012	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1860 wrote to memory of 3012	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1860 wrote to memory of 3012	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1860 wrote to memory of 2540	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1860 wrote to memory of 2540	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1860 wrote to memory of 2540	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1860 wrote to memory of 2660	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1860 wrote to memory of 2660	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1860 wrote to memory of 2660	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1860 wrote to memory of 2564	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1860 wrote to memory of 2564	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1860 wrote to memory of 2564	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1860 wrote to memory of 1304	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1860 wrote to memory of 1304	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1860 wrote to memory of 1304	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1860 wrote to memory of 2636	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1860 wrote to memory of 2636	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1860 wrote to memory of 2636	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1860 wrote to memory of 2788	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1860 wrote to memory of 2788	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1860 wrote to memory of 2788	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1860 wrote to memory of 2452	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1860 wrote to memory of 2452	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1860 wrote to memory of 2452	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1860 wrote to memory of 2684	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1860 wrote to memory of 2684	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1860 wrote to memory of 2684	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1860 wrote to memory of 2424	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1860 wrote to memory of 2424	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1860 wrote to memory of 2424	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1860 wrote to memory of 2488	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1860 wrote to memory of 2488	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1860 wrote to memory of 2488	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1860 wrote to memory of 2896	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1860 wrote to memory of 2896	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1860 wrote to memory of 2896	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1860 wrote to memory of 2208	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1860 wrote to memory of 2208	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1860 wrote to memory of 2208	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1860 wrote to memory of 776	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1860 wrote to memory of 776	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1860 wrote to memory of 776	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1860 wrote to memory of 864	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1860 wrote to memory of 864	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1860 wrote to memory of 864	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1860 wrote to memory of 1792	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1860 wrote to memory of 1792	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1860 wrote to memory of 1792	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1860 wrote to memory of 2152	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1860 wrote to memory of 2152	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1860 wrote to memory of 2152	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1860 wrote to memory of 1616	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1860 wrote to memory of 1616	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1860 wrote to memory of 1616	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1860 wrote to memory of 2336	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1860 wrote to memory of 2336	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1860 wrote to memory of 2336	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1860 wrote to memory of 1032	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1860 wrote to memory of 1032	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1860 wrote to memory of 1032	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1860 wrote to memory of 1160	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1860 wrote to memory of 1160	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1860 wrote to memory of 1160	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1860 wrote to memory of 2316	1860	2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-30_5077d3683600ea4006ab5f2abf84ea56_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Windows\System\cfWBAsi.exe
  C:\Windows\System\cfWBAsi.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\cysYvhx.exe
  C:\Windows\System\cysYvhx.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\rUKoPOs.exe
  C:\Windows\System\rUKoPOs.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\usqCnPW.exe
  C:\Windows\System\usqCnPW.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\NlotLYi.exe
  C:\Windows\System\NlotLYi.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\ufhIqdJ.exe
  C:\Windows\System\ufhIqdJ.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\zApUjAq.exe
  C:\Windows\System\zApUjAq.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\XmpECen.exe
  C:\Windows\System\XmpECen.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\vXNhvRf.exe
  C:\Windows\System\vXNhvRf.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\CTNsvkJ.exe
  C:\Windows\System\CTNsvkJ.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\gJbrUxs.exe
  C:\Windows\System\gJbrUxs.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\kUGamSP.exe
  C:\Windows\System\kUGamSP.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\lYMeuNV.exe
  C:\Windows\System\lYMeuNV.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\OLWZIhk.exe
  C:\Windows\System\OLWZIhk.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\CnJipEU.exe
  C:\Windows\System\CnJipEU.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\kUyMBxA.exe
  C:\Windows\System\kUyMBxA.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\AYmpaEI.exe
  C:\Windows\System\AYmpaEI.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\fcefVet.exe
  C:\Windows\System\fcefVet.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\xCjvhtt.exe
  C:\Windows\System\xCjvhtt.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\JqrmBjX.exe
  C:\Windows\System\JqrmBjX.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\hXElCtw.exe
  C:\Windows\System\hXElCtw.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\kxNrDHM.exe
  C:\Windows\System\kxNrDHM.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\tVHLeWo.exe
  C:\Windows\System\tVHLeWo.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\izuesZL.exe
  C:\Windows\System\izuesZL.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\MmrerIh.exe
  C:\Windows\System\MmrerIh.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\aYUhwEI.exe
  C:\Windows\System\aYUhwEI.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\zSJmffe.exe
  C:\Windows\System\zSJmffe.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\hnHyGhl.exe
  C:\Windows\System\hnHyGhl.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\jsuQObM.exe
  C:\Windows\System\jsuQObM.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\QOoxKTd.exe
  C:\Windows\System\QOoxKTd.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\LeNJIoo.exe
  C:\Windows\System\LeNJIoo.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\kwIddfk.exe
  C:\Windows\System\kwIddfk.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\RxaHabj.exe
  C:\Windows\System\RxaHabj.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\DRJISxj.exe
  C:\Windows\System\DRJISxj.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\TZjjljX.exe
  C:\Windows\System\TZjjljX.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\dLHrckI.exe
  C:\Windows\System\dLHrckI.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\JISHPVK.exe
  C:\Windows\System\JISHPVK.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\euzHRDb.exe
  C:\Windows\System\euzHRDb.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\OxXmIMT.exe
  C:\Windows\System\OxXmIMT.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\cexpXDh.exe
  C:\Windows\System\cexpXDh.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\jNDIuuF.exe
  C:\Windows\System\jNDIuuF.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\mXTxYTC.exe
  C:\Windows\System\mXTxYTC.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\rjmECUn.exe
  C:\Windows\System\rjmECUn.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\gfcAPwm.exe
  C:\Windows\System\gfcAPwm.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\rsGMoGL.exe
  C:\Windows\System\rsGMoGL.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\ctVlUdz.exe
  C:\Windows\System\ctVlUdz.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\SbruZjM.exe
  C:\Windows\System\SbruZjM.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\SCNILOy.exe
  C:\Windows\System\SCNILOy.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\wkJaBrj.exe
  C:\Windows\System\wkJaBrj.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\COBwddB.exe
  C:\Windows\System\COBwddB.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\RkkpZnH.exe
  C:\Windows\System\RkkpZnH.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\oQkerwE.exe
  C:\Windows\System\oQkerwE.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\xYAdvIJ.exe
  C:\Windows\System\xYAdvIJ.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\AjzYnsB.exe
  C:\Windows\System\AjzYnsB.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\ggZbEEY.exe
  C:\Windows\System\ggZbEEY.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\bWYvilb.exe
  C:\Windows\System\bWYvilb.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\xIKgFQk.exe
  C:\Windows\System\xIKgFQk.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\dzTvVHE.exe
  C:\Windows\System\dzTvVHE.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\FoexmvJ.exe
  C:\Windows\System\FoexmvJ.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\zdPfpCi.exe
  C:\Windows\System\zdPfpCi.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\CQKOGMn.exe
  C:\Windows\System\CQKOGMn.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\plweYJT.exe
  C:\Windows\System\plweYJT.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\WhWPFaz.exe
  C:\Windows\System\WhWPFaz.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\SPtAkoc.exe
  C:\Windows\System\SPtAkoc.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\VtJwCSN.exe
  C:\Windows\System\VtJwCSN.exe
  2⤵
  PID:1620
- C:\Windows\System\UrkPpRt.exe
  C:\Windows\System\UrkPpRt.exe
  2⤵
  PID:1048
- C:\Windows\System\HizpQzG.exe
  C:\Windows\System\HizpQzG.exe
  2⤵
  PID:1312
- C:\Windows\System\zMGBSUL.exe
  C:\Windows\System\zMGBSUL.exe
  2⤵
  PID:2192
- C:\Windows\System\bqwHiaV.exe
  C:\Windows\System\bqwHiaV.exe
  2⤵
  PID:1444
- C:\Windows\System\qllLbbf.exe
  C:\Windows\System\qllLbbf.exe
  2⤵
  PID:2324
- C:\Windows\System\LcoeevN.exe
  C:\Windows\System\LcoeevN.exe
  2⤵
  PID:444
- C:\Windows\System\AbJqOtC.exe
  C:\Windows\System\AbJqOtC.exe
  2⤵
  PID:2624
- C:\Windows\System\eMBxgXZ.exe
  C:\Windows\System\eMBxgXZ.exe
  2⤵
  PID:1512
- C:\Windows\System\xvsqtPE.exe
  C:\Windows\System\xvsqtPE.exe
  2⤵
  PID:2364
- C:\Windows\System\joPMgvV.exe
  C:\Windows\System\joPMgvV.exe
  2⤵
  PID:956
- C:\Windows\System\KEFKknf.exe
  C:\Windows\System\KEFKknf.exe
  2⤵
  PID:1532
- C:\Windows\System\gBSnDWt.exe
  C:\Windows\System\gBSnDWt.exe
  2⤵
  PID:1132
- C:\Windows\System\ejhgflU.exe
  C:\Windows\System\ejhgflU.exe
  2⤵
  PID:600
- C:\Windows\System\WECvhEg.exe
  C:\Windows\System\WECvhEg.exe
  2⤵
  PID:572
- C:\Windows\System\yEfALzK.exe
  C:\Windows\System\yEfALzK.exe
  2⤵
  PID:2952
- C:\Windows\System\qZWcGAC.exe
  C:\Windows\System\qZWcGAC.exe
  2⤵
  PID:1680
- C:\Windows\System\RyoSgjH.exe
  C:\Windows\System\RyoSgjH.exe
  2⤵
  PID:1328
- C:\Windows\System\pzVGIyo.exe
  C:\Windows\System\pzVGIyo.exe
  2⤵
  PID:2244
- C:\Windows\System\EMlGhGl.exe
  C:\Windows\System\EMlGhGl.exe
  2⤵
  PID:1740
- C:\Windows\System\MwCJBnD.exe
  C:\Windows\System\MwCJBnD.exe
  2⤵
  PID:2948
- C:\Windows\System\QvyBHJR.exe
  C:\Windows\System\QvyBHJR.exe
  2⤵
  PID:2264
- C:\Windows\System\bKruMSr.exe
  C:\Windows\System\bKruMSr.exe
  2⤵
  PID:1572
- C:\Windows\System\ilczItb.exe
  C:\Windows\System\ilczItb.exe
  2⤵
  PID:2504
- C:\Windows\System\cDkKLjU.exe
  C:\Windows\System\cDkKLjU.exe
  2⤵
  PID:1720
- C:\Windows\System\xlubRFg.exe
  C:\Windows\System\xlubRFg.exe
  2⤵
  PID:2792
- C:\Windows\System\lntUpDN.exe
  C:\Windows\System\lntUpDN.exe
  2⤵
  PID:2416
- C:\Windows\System\EgzvzIl.exe
  C:\Windows\System\EgzvzIl.exe
  2⤵
  PID:2824
- C:\Windows\System\ouXMpyB.exe
  C:\Windows\System\ouXMpyB.exe
  2⤵
  PID:1856
- C:\Windows\System\hbNAJlJ.exe
  C:\Windows\System\hbNAJlJ.exe
  2⤵
  PID:2384
- C:\Windows\System\gniMyQb.exe
  C:\Windows\System\gniMyQb.exe
  2⤵
  PID:1964
- C:\Windows\System\oMPoeRX.exe
  C:\Windows\System\oMPoeRX.exe
  2⤵
  PID:2164
- C:\Windows\System\pgQXftK.exe
  C:\Windows\System\pgQXftK.exe
  2⤵
  PID:3036
- C:\Windows\System\vNkoQtr.exe
  C:\Windows\System\vNkoQtr.exe
  2⤵
  PID:2332
- C:\Windows\System\KGNqmUm.exe
  C:\Windows\System\KGNqmUm.exe
  2⤵
  PID:1796
- C:\Windows\System\XBBCqQN.exe
  C:\Windows\System\XBBCqQN.exe
  2⤵
  PID:2804
- C:\Windows\System\oCEBEdQ.exe
  C:\Windows\System\oCEBEdQ.exe
  2⤵
  PID:1268
- C:\Windows\System\MmTCizh.exe
  C:\Windows\System\MmTCizh.exe
  2⤵
  PID:616
- C:\Windows\System\fRrSUwv.exe
  C:\Windows\System\fRrSUwv.exe
  2⤵
  PID:2992
- C:\Windows\System\wyATilc.exe
  C:\Windows\System\wyATilc.exe
  2⤵
  PID:2128
- C:\Windows\System\uirKwot.exe
  C:\Windows\System\uirKwot.exe
  2⤵
  PID:2960
- C:\Windows\System\SwjWwAH.exe
  C:\Windows\System\SwjWwAH.exe
  2⤵
  PID:1192
- C:\Windows\System\DXMFENi.exe
  C:\Windows\System\DXMFENi.exe
  2⤵
  PID:888
- C:\Windows\System\KvwfxCQ.exe
  C:\Windows\System\KvwfxCQ.exe
  2⤵
  PID:1980
- C:\Windows\System\Gcrqmzc.exe
  C:\Windows\System\Gcrqmzc.exe
  2⤵
  PID:672
- C:\Windows\System\QJqashJ.exe
  C:\Windows\System\QJqashJ.exe
  2⤵
  PID:1664
- C:\Windows\System\syKzUqY.exe
  C:\Windows\System\syKzUqY.exe
  2⤵
  PID:2868
- C:\Windows\System\RSDLXln.exe
  C:\Windows\System\RSDLXln.exe
  2⤵
  PID:848
- C:\Windows\System\kDQyflh.exe
  C:\Windows\System\kDQyflh.exe
  2⤵
  PID:3084
- C:\Windows\System\gPPxsSj.exe
  C:\Windows\System\gPPxsSj.exe
  2⤵
  PID:3104
- C:\Windows\System\ljylBDO.exe
  C:\Windows\System\ljylBDO.exe
  2⤵
  PID:3120
- C:\Windows\System\pEkqquG.exe
  C:\Windows\System\pEkqquG.exe
  2⤵
  PID:3136
- C:\Windows\System\VpLFYby.exe
  C:\Windows\System\VpLFYby.exe
  2⤵
  PID:3152
- C:\Windows\System\JzizaJh.exe
  C:\Windows\System\JzizaJh.exe
  2⤵
  PID:3168
- C:\Windows\System\VRVTrpU.exe
  C:\Windows\System\VRVTrpU.exe
  2⤵
  PID:3184
- C:\Windows\System\GnCqSFX.exe
  C:\Windows\System\GnCqSFX.exe
  2⤵
  PID:3204
- C:\Windows\System\NZQeKNZ.exe
  C:\Windows\System\NZQeKNZ.exe
  2⤵
  PID:3264
- C:\Windows\System\tKzNDiw.exe
  C:\Windows\System\tKzNDiw.exe
  2⤵
  PID:3280
- C:\Windows\System\shEeShT.exe
  C:\Windows\System\shEeShT.exe
  2⤵
  PID:3296
- C:\Windows\System\GeDaXOv.exe
  C:\Windows\System\GeDaXOv.exe
  2⤵
  PID:3316
- C:\Windows\System\eEjcVKJ.exe
  C:\Windows\System\eEjcVKJ.exe
  2⤵
  PID:3332
- C:\Windows\System\nStrHjx.exe
  C:\Windows\System\nStrHjx.exe
  2⤵
  PID:3348
- C:\Windows\System\loBfumh.exe
  C:\Windows\System\loBfumh.exe
  2⤵
  PID:3364
- C:\Windows\System\mbRJDQp.exe
  C:\Windows\System\mbRJDQp.exe
  2⤵
  PID:3384
- C:\Windows\System\XWCdFrw.exe
  C:\Windows\System\XWCdFrw.exe
  2⤵
  PID:3400
- C:\Windows\System\aeeRbYq.exe
  C:\Windows\System\aeeRbYq.exe
  2⤵
  PID:3416
- C:\Windows\System\KqAtEtu.exe
  C:\Windows\System\KqAtEtu.exe
  2⤵
  PID:3432
- C:\Windows\System\HIzNzfk.exe
  C:\Windows\System\HIzNzfk.exe
  2⤵
  PID:3448
- C:\Windows\System\yJsQNzp.exe
  C:\Windows\System\yJsQNzp.exe
  2⤵
  PID:3464
- C:\Windows\System\qXDACzZ.exe
  C:\Windows\System\qXDACzZ.exe
  2⤵
  PID:3480
- C:\Windows\System\wgAcGAb.exe
  C:\Windows\System\wgAcGAb.exe
  2⤵
  PID:3496
- C:\Windows\System\QKICNUx.exe
  C:\Windows\System\QKICNUx.exe
  2⤵
  PID:3512
- C:\Windows\System\yMqOieP.exe
  C:\Windows\System\yMqOieP.exe
  2⤵
  PID:3528
- C:\Windows\System\OlaCnVw.exe
  C:\Windows\System\OlaCnVw.exe
  2⤵
  PID:3544
- C:\Windows\System\UcegYhr.exe
  C:\Windows\System\UcegYhr.exe
  2⤵
  PID:3568
- C:\Windows\System\QUpkjCS.exe
  C:\Windows\System\QUpkjCS.exe
  2⤵
  PID:3584
- C:\Windows\System\NrXrVPC.exe
  C:\Windows\System\NrXrVPC.exe
  2⤵
  PID:3600
- C:\Windows\System\vfGXsWg.exe
  C:\Windows\System\vfGXsWg.exe
  2⤵
  PID:3616
- C:\Windows\System\vdooGuL.exe
  C:\Windows\System\vdooGuL.exe
  2⤵
  PID:3652
- C:\Windows\System\mdeiQYS.exe
  C:\Windows\System\mdeiQYS.exe
  2⤵
  PID:3668
- C:\Windows\System\fKvzYZY.exe
  C:\Windows\System\fKvzYZY.exe
  2⤵
  PID:3684
- C:\Windows\System\yhGQDDx.exe
  C:\Windows\System\yhGQDDx.exe
  2⤵
  PID:3700
- C:\Windows\System\EhzUPzf.exe
  C:\Windows\System\EhzUPzf.exe
  2⤵
  PID:3716
- C:\Windows\System\ztUjuPW.exe
  C:\Windows\System\ztUjuPW.exe
  2⤵
  PID:3740
- C:\Windows\System\hnfpAEr.exe
  C:\Windows\System\hnfpAEr.exe
  2⤵
  PID:3756
- C:\Windows\System\wFUpZFp.exe
  C:\Windows\System\wFUpZFp.exe
  2⤵
  PID:3772
- C:\Windows\System\MrkAQJQ.exe
  C:\Windows\System\MrkAQJQ.exe
  2⤵
  PID:3788
- C:\Windows\System\Qsqrppg.exe
  C:\Windows\System\Qsqrppg.exe
  2⤵
  PID:3804
- C:\Windows\System\MweTpwi.exe
  C:\Windows\System\MweTpwi.exe
  2⤵
  PID:3820
- C:\Windows\System\uVAEhlD.exe
  C:\Windows\System\uVAEhlD.exe
  2⤵
  PID:3836
- C:\Windows\System\pABNzfS.exe
  C:\Windows\System\pABNzfS.exe
  2⤵
  PID:3852
- C:\Windows\System\vJQdmgc.exe
  C:\Windows\System\vJQdmgc.exe
  2⤵
  PID:3868
- C:\Windows\System\UpaIYkX.exe
  C:\Windows\System\UpaIYkX.exe
  2⤵
  PID:3884
- C:\Windows\System\LDzfizp.exe
  C:\Windows\System\LDzfizp.exe
  2⤵
  PID:3900
- C:\Windows\System\skosHLE.exe
  C:\Windows\System\skosHLE.exe
  2⤵
  PID:3916
- C:\Windows\System\eoIkbqb.exe
  C:\Windows\System\eoIkbqb.exe
  2⤵
  PID:3944
- C:\Windows\System\ZnrgRkQ.exe
  C:\Windows\System\ZnrgRkQ.exe
  2⤵
  PID:3984
- C:\Windows\System\AjSAKMx.exe
  C:\Windows\System\AjSAKMx.exe
  2⤵
  PID:4080
- C:\Windows\System\XVtvaST.exe
  C:\Windows\System\XVtvaST.exe
  2⤵
  PID:2100
- C:\Windows\System\iugWKBh.exe
  C:\Windows\System\iugWKBh.exe
  2⤵
  PID:1400
- C:\Windows\System\ROQgtgy.exe
  C:\Windows\System\ROQgtgy.exe
  2⤵
  PID:2780
- C:\Windows\System\CmvbsZe.exe
  C:\Windows\System\CmvbsZe.exe
  2⤵
  PID:3096
- C:\Windows\System\kFnXpyf.exe
  C:\Windows\System\kFnXpyf.exe
  2⤵
  PID:3192
- C:\Windows\System\LrXNGYh.exe
  C:\Windows\System\LrXNGYh.exe
  2⤵
  PID:3304
- C:\Windows\System\alAJnVl.exe
  C:\Windows\System\alAJnVl.exe
  2⤵
  PID:3344
- C:\Windows\System\AfbmosR.exe
  C:\Windows\System\AfbmosR.exe
  2⤵
  PID:3440
- C:\Windows\System\hEFlzxP.exe
  C:\Windows\System\hEFlzxP.exe
  2⤵
  PID:3504
- C:\Windows\System\QmhiaFB.exe
  C:\Windows\System\QmhiaFB.exe
  2⤵
  PID:3576
- C:\Windows\System\eZsfAkF.exe
  C:\Windows\System\eZsfAkF.exe
  2⤵
  PID:3660
- C:\Windows\System\RYvgLLO.exe
  C:\Windows\System\RYvgLLO.exe
  2⤵
  PID:3724
- C:\Windows\System\DNzUYDi.exe
  C:\Windows\System\DNzUYDi.exe
  2⤵
  PID:3764
- C:\Windows\System\KEoYmEa.exe
  C:\Windows\System\KEoYmEa.exe
  2⤵
  PID:2000
- C:\Windows\System\AuDdgBi.exe
  C:\Windows\System\AuDdgBi.exe
  2⤵
  PID:2724
- C:\Windows\System\slAHDum.exe
  C:\Windows\System\slAHDum.exe
  2⤵
  PID:2184
- C:\Windows\System\HYvsEIW.exe
  C:\Windows\System\HYvsEIW.exe
  2⤵
  PID:1584
- C:\Windows\System\lLOfOVD.exe
  C:\Windows\System\lLOfOVD.exe
  2⤵
  PID:1364
- C:\Windows\System\MUeglTt.exe
  C:\Windows\System\MUeglTt.exe
  2⤵
  PID:3892
- C:\Windows\System\zXvWzvp.exe
  C:\Windows\System\zXvWzvp.exe
  2⤵
  PID:3180
- C:\Windows\System\LKrcsYD.exe
  C:\Windows\System\LKrcsYD.exe
  2⤵
  PID:3148
- C:\Windows\System\DhUvzwB.exe
  C:\Windows\System\DhUvzwB.exe
  2⤵
  PID:3076
- C:\Windows\System\mmyRpCk.exe
  C:\Windows\System\mmyRpCk.exe
  2⤵
  PID:2160
- C:\Windows\System\XmydqEk.exe
  C:\Windows\System\XmydqEk.exe
  2⤵
  PID:3240
- C:\Windows\System\RooaCHq.exe
  C:\Windows\System\RooaCHq.exe
  2⤵
  PID:3256
- C:\Windows\System\Zzpqjzo.exe
  C:\Windows\System\Zzpqjzo.exe
  2⤵
  PID:3940
- C:\Windows\System\heSwQIv.exe
  C:\Windows\System\heSwQIv.exe
  2⤵
  PID:3632
- C:\Windows\System\hyMFtel.exe
  C:\Windows\System\hyMFtel.exe
  2⤵
  PID:3908
- C:\Windows\System\rLizxnK.exe
  C:\Windows\System\rLizxnK.exe
  2⤵
  PID:3876
- C:\Windows\System\JYsdvno.exe
  C:\Windows\System\JYsdvno.exe
  2⤵
  PID:3812
- C:\Windows\System\ZzcKOpG.exe
  C:\Windows\System\ZzcKOpG.exe
  2⤵
  PID:3708
- C:\Windows\System\DzglGzF.exe
  C:\Windows\System\DzglGzF.exe
  2⤵
  PID:3596
- C:\Windows\System\uckUQGQ.exe
  C:\Windows\System\uckUQGQ.exe
  2⤵
  PID:3520
- C:\Windows\System\kLUBaiv.exe
  C:\Windows\System\kLUBaiv.exe
  2⤵
  PID:3428
- C:\Windows\System\gKyfgoP.exe
  C:\Windows\System\gKyfgoP.exe
  2⤵
  PID:3360
- C:\Windows\System\eUiQggN.exe
  C:\Windows\System\eUiQggN.exe
  2⤵
  PID:3968
- C:\Windows\System\RwpvlbP.exe
  C:\Windows\System\RwpvlbP.exe
  2⤵
  PID:3992
- C:\Windows\System\uiagtuS.exe
  C:\Windows\System\uiagtuS.exe
  2⤵
  PID:4016
- C:\Windows\System\pzvjKXU.exe
  C:\Windows\System\pzvjKXU.exe
  2⤵
  PID:4036
- C:\Windows\System\txaxaIw.exe
  C:\Windows\System\txaxaIw.exe
  2⤵
  PID:4052
- C:\Windows\System\iytHgDi.exe
  C:\Windows\System\iytHgDi.exe
  2⤵
  PID:4072
- C:\Windows\System\ajmyleE.exe
  C:\Windows\System\ajmyleE.exe
  2⤵
  PID:2012
- C:\Windows\System\lzPpvYk.exe
  C:\Windows\System\lzPpvYk.exe
  2⤵
  PID:2292
- C:\Windows\System\MqwbYZy.exe
  C:\Windows\System\MqwbYZy.exe
  2⤵
  PID:3164
- C:\Windows\System\IhjdSWB.exe
  C:\Windows\System\IhjdSWB.exe
  2⤵
  PID:3408
- C:\Windows\System\oMtWKtj.exe
  C:\Windows\System\oMtWKtj.exe
  2⤵
  PID:3540
- C:\Windows\System\dnNAsDp.exe
  C:\Windows\System\dnNAsDp.exe
  2⤵
  PID:3476
- C:\Windows\System\VqCgOrV.exe
  C:\Windows\System\VqCgOrV.exe
  2⤵
  PID:936
- C:\Windows\System\FxfQjDv.exe
  C:\Windows\System\FxfQjDv.exe
  2⤵
  PID:2052
- C:\Windows\System\xaAEyJr.exe
  C:\Windows\System\xaAEyJr.exe
  2⤵
  PID:2508
- C:\Windows\System\hDryflF.exe
  C:\Windows\System\hDryflF.exe
  2⤵
  PID:2808
- C:\Windows\System\UGPgBnM.exe
  C:\Windows\System\UGPgBnM.exe
  2⤵
  PID:2092
- C:\Windows\System\mUHIKlB.exe
  C:\Windows\System\mUHIKlB.exe
  2⤵
  PID:3116
- C:\Windows\System\YZHtyUe.exe
  C:\Windows\System\YZHtyUe.exe
  2⤵
  PID:3220
- C:\Windows\System\RZddZPX.exe
  C:\Windows\System\RZddZPX.exe
  2⤵
  PID:1612
- C:\Windows\System\UGBkdZe.exe
  C:\Windows\System\UGBkdZe.exe
  2⤵
  PID:3924
- C:\Windows\System\EUToZPn.exe
  C:\Windows\System\EUToZPn.exe
  2⤵
  PID:3248
- C:\Windows\System\CdXzHGi.exe
  C:\Windows\System\CdXzHGi.exe
  2⤵
  PID:3644
- C:\Windows\System\updqHaa.exe
  C:\Windows\System\updqHaa.exe
  2⤵
  PID:3960
- C:\Windows\System\JryEBUn.exe
  C:\Windows\System\JryEBUn.exe
  2⤵
  PID:3624
- C:\Windows\System\tgbhFLJ.exe
  C:\Windows\System\tgbhFLJ.exe
  2⤵
  PID:3488
- C:\Windows\System\hOBYNrs.exe
  C:\Windows\System\hOBYNrs.exe
  2⤵
  PID:3552
- C:\Windows\System\lawNBhO.exe
  C:\Windows\System\lawNBhO.exe
  2⤵
  PID:3324
- C:\Windows\System\zuLlxXw.exe
  C:\Windows\System\zuLlxXw.exe
  2⤵
  PID:4012
- C:\Windows\System\mtJXjSF.exe
  C:\Windows\System\mtJXjSF.exe
  2⤵
  PID:4060
- C:\Windows\System\pTYKoQo.exe
  C:\Windows\System\pTYKoQo.exe
  2⤵
  PID:4088
- C:\Windows\System\cAkXbHO.exe
  C:\Windows\System\cAkXbHO.exe
  2⤵
  PID:2996
- C:\Windows\System\gJwwJZK.exe
  C:\Windows\System\gJwwJZK.exe
  2⤵
  PID:3160
- C:\Windows\System\hZFNdWN.exe
  C:\Windows\System\hZFNdWN.exe
  2⤵
  PID:3272
- C:\Windows\System\kbZRiKW.exe
  C:\Windows\System\kbZRiKW.exe
  2⤵
  PID:3800
- C:\Windows\System\RtjNADH.exe
  C:\Windows\System\RtjNADH.exe
  2⤵
  PID:1716
- C:\Windows\System\pnFwFMd.exe
  C:\Windows\System\pnFwFMd.exe
  2⤵
  PID:1544
- C:\Windows\System\BLBvlos.exe
  C:\Windows\System\BLBvlos.exe
  2⤵
  PID:3896
- C:\Windows\System\aCyWdGd.exe
  C:\Windows\System\aCyWdGd.exe
  2⤵
  PID:3236
- C:\Windows\System\xQMCegw.exe
  C:\Windows\System\xQMCegw.exe
  2⤵
  PID:3112
- C:\Windows\System\GjduXzK.exe
  C:\Windows\System\GjduXzK.exe
  2⤵
  PID:3932
- C:\Windows\System\xrEGjxo.exe
  C:\Windows\System\xrEGjxo.exe
  2⤵
  PID:3956
- C:\Windows\System\Bglsuvd.exe
  C:\Windows\System\Bglsuvd.exe
  2⤵
  PID:4004
- C:\Windows\System\INISnzn.exe
  C:\Windows\System\INISnzn.exe
  2⤵
  PID:4028
- C:\Windows\System\GRgZjWD.exe
  C:\Windows\System\GRgZjWD.exe
  2⤵
  PID:4032
- C:\Windows\System\LbHOsXD.exe
  C:\Windows\System\LbHOsXD.exe
  2⤵
  PID:2676
- C:\Windows\System\yyUJZrv.exe
  C:\Windows\System\yyUJZrv.exe
  2⤵
  PID:3696
- C:\Windows\System\slAFuBJ.exe
  C:\Windows\System\slAFuBJ.exe
  2⤵
  PID:4112
- C:\Windows\System\tqhDiAA.exe
  C:\Windows\System\tqhDiAA.exe
  2⤵
  PID:4132
- C:\Windows\System\duimfpx.exe
  C:\Windows\System\duimfpx.exe
  2⤵
  PID:4148
- C:\Windows\System\qkFuojj.exe
  C:\Windows\System\qkFuojj.exe
  2⤵
  PID:4168
- C:\Windows\System\XWuFWeK.exe
  C:\Windows\System\XWuFWeK.exe
  2⤵
  PID:4188
- C:\Windows\System\XMUEgSu.exe
  C:\Windows\System\XMUEgSu.exe
  2⤵
  PID:4208
- C:\Windows\System\VIwZOsO.exe
  C:\Windows\System\VIwZOsO.exe
  2⤵
  PID:4232
- C:\Windows\System\UPcqBlL.exe
  C:\Windows\System\UPcqBlL.exe
  2⤵
  PID:4252
- C:\Windows\System\uGAzbJL.exe
  C:\Windows\System\uGAzbJL.exe
  2⤵
  PID:4272
- C:\Windows\System\eGDPpMV.exe
  C:\Windows\System\eGDPpMV.exe
  2⤵
  PID:4292
- C:\Windows\System\StkJGWe.exe
  C:\Windows\System\StkJGWe.exe
  2⤵
  PID:4312
- C:\Windows\System\Crvwypj.exe
  C:\Windows\System\Crvwypj.exe
  2⤵
  PID:4328
- C:\Windows\System\DzbfOlz.exe
  C:\Windows\System\DzbfOlz.exe
  2⤵
  PID:4348
- C:\Windows\System\xBlYESM.exe
  C:\Windows\System\xBlYESM.exe
  2⤵
  PID:4368
- C:\Windows\System\QPjldDe.exe
  C:\Windows\System\QPjldDe.exe
  2⤵
  PID:4392
- C:\Windows\System\BmvtcwG.exe
  C:\Windows\System\BmvtcwG.exe
  2⤵
  PID:4408
- C:\Windows\System\gIgQMZF.exe
  C:\Windows\System\gIgQMZF.exe
  2⤵
  PID:4424
- C:\Windows\System\KJySzOs.exe
  C:\Windows\System\KJySzOs.exe
  2⤵
  PID:4444
- C:\Windows\System\aILTOjn.exe
  C:\Windows\System\aILTOjn.exe
  2⤵
  PID:4464
- C:\Windows\System\NgwGpYQ.exe
  C:\Windows\System\NgwGpYQ.exe
  2⤵
  PID:4488
- C:\Windows\System\puSlRqJ.exe
  C:\Windows\System\puSlRqJ.exe
  2⤵
  PID:4508
- C:\Windows\System\DKuHYRW.exe
  C:\Windows\System\DKuHYRW.exe
  2⤵
  PID:4528
- C:\Windows\System\LOPoNti.exe
  C:\Windows\System\LOPoNti.exe
  2⤵
  PID:4552
- C:\Windows\System\cCJQBRa.exe
  C:\Windows\System\cCJQBRa.exe
  2⤵
  PID:4568
- C:\Windows\System\etemtpU.exe
  C:\Windows\System\etemtpU.exe
  2⤵
  PID:4592
- C:\Windows\System\EtPIKeA.exe
  C:\Windows\System\EtPIKeA.exe
  2⤵
  PID:4612
- C:\Windows\System\QSrbwPC.exe
  C:\Windows\System\QSrbwPC.exe
  2⤵
  PID:4628
- C:\Windows\System\JIzObqs.exe
  C:\Windows\System\JIzObqs.exe
  2⤵
  PID:4652
- C:\Windows\System\XsAsKrE.exe
  C:\Windows\System\XsAsKrE.exe
  2⤵
  PID:4668
- C:\Windows\System\CZuWdiG.exe
  C:\Windows\System\CZuWdiG.exe
  2⤵
  PID:4692
- C:\Windows\System\YmnDaqx.exe
  C:\Windows\System\YmnDaqx.exe
  2⤵
  PID:4708
- C:\Windows\System\Aztmghy.exe
  C:\Windows\System\Aztmghy.exe
  2⤵
  PID:4732
- C:\Windows\System\iYvXGyD.exe
  C:\Windows\System\iYvXGyD.exe
  2⤵
  PID:4752
- C:\Windows\System\QTvRfif.exe
  C:\Windows\System\QTvRfif.exe
  2⤵
  PID:4772
- C:\Windows\System\MYGoiqV.exe
  C:\Windows\System\MYGoiqV.exe
  2⤵
  PID:4792
- C:\Windows\System\KPYmuPd.exe
  C:\Windows\System\KPYmuPd.exe
  2⤵
  PID:4812
- C:\Windows\System\edtjPbf.exe
  C:\Windows\System\edtjPbf.exe
  2⤵
  PID:4828
- C:\Windows\System\tUImyNS.exe
  C:\Windows\System\tUImyNS.exe
  2⤵
  PID:4848
- C:\Windows\System\YtYWwHR.exe
  C:\Windows\System\YtYWwHR.exe
  2⤵
  PID:4868
- C:\Windows\System\FtaVCVn.exe
  C:\Windows\System\FtaVCVn.exe
  2⤵
  PID:4892
- C:\Windows\System\mPzKaPH.exe
  C:\Windows\System\mPzKaPH.exe
  2⤵
  PID:4908
- C:\Windows\System\iHaguuM.exe
  C:\Windows\System\iHaguuM.exe
  2⤵
  PID:4928
- C:\Windows\System\WAgylox.exe
  C:\Windows\System\WAgylox.exe
  2⤵
  PID:4948
- C:\Windows\System\LmtBXzG.exe
  C:\Windows\System\LmtBXzG.exe
  2⤵
  PID:4972
- C:\Windows\System\JMVzMQO.exe
  C:\Windows\System\JMVzMQO.exe
  2⤵
  PID:4992
- C:\Windows\System\xHoKfNN.exe
  C:\Windows\System\xHoKfNN.exe
  2⤵
  PID:5012
- C:\Windows\System\YTreXvf.exe
  C:\Windows\System\YTreXvf.exe
  2⤵
  PID:5028
- C:\Windows\System\cUOnlQa.exe
  C:\Windows\System\cUOnlQa.exe
  2⤵
  PID:5048
- C:\Windows\System\dDQocKn.exe
  C:\Windows\System\dDQocKn.exe
  2⤵
  PID:5072
- C:\Windows\System\qkLhvXZ.exe
  C:\Windows\System\qkLhvXZ.exe
  2⤵
  PID:5092
- C:\Windows\System\mwcvLqT.exe
  C:\Windows\System\mwcvLqT.exe
  2⤵
  PID:5112
- C:\Windows\System\HwyPiIM.exe
  C:\Windows\System\HwyPiIM.exe
  2⤵
  PID:2084
- C:\Windows\System\hAKJMGV.exe
  C:\Windows\System\hAKJMGV.exe
  2⤵
  PID:2528
- C:\Windows\System\bpeFVch.exe
  C:\Windows\System\bpeFVch.exe
  2⤵
  PID:3640
- C:\Windows\System\jrZkfsb.exe
  C:\Windows\System\jrZkfsb.exe
  2⤵
  PID:3456
- C:\Windows\System\MlFPphY.exe
  C:\Windows\System\MlFPphY.exe
  2⤵
  PID:3628
- C:\Windows\System\BZOQgRc.exe
  C:\Windows\System\BZOQgRc.exe
  2⤵
  PID:3676
- C:\Windows\System\vOFVWRZ.exe
  C:\Windows\System\vOFVWRZ.exe
  2⤵
  PID:3748
- C:\Windows\System\olPpIBJ.exe
  C:\Windows\System\olPpIBJ.exe
  2⤵
  PID:4068
- C:\Windows\System\XZFraJN.exe
  C:\Windows\System\XZFraJN.exe
  2⤵
  PID:4120
- C:\Windows\System\UXinYCK.exe
  C:\Windows\System\UXinYCK.exe
  2⤵
  PID:4156
- C:\Windows\System\qajtKVk.exe
  C:\Windows\System\qajtKVk.exe
  2⤵
  PID:4196
- C:\Windows\System\lDziHbt.exe
  C:\Windows\System\lDziHbt.exe
  2⤵
  PID:4184
- C:\Windows\System\PNMreJy.exe
  C:\Windows\System\PNMreJy.exe
  2⤵
  PID:4224
- C:\Windows\System\fktMrEP.exe
  C:\Windows\System\fktMrEP.exe
  2⤵
  PID:4280
- C:\Windows\System\UJMrTJe.exe
  C:\Windows\System\UJMrTJe.exe
  2⤵
  PID:4300
- C:\Windows\System\DGqtIPX.exe
  C:\Windows\System\DGqtIPX.exe
  2⤵
  PID:4336
- C:\Windows\System\sdAcpGz.exe
  C:\Windows\System\sdAcpGz.exe
  2⤵
  PID:4376
- C:\Windows\System\rOSCFTs.exe
  C:\Windows\System\rOSCFTs.exe
  2⤵
  PID:4432
- C:\Windows\System\pzVKbjl.exe
  C:\Windows\System\pzVKbjl.exe
  2⤵
  PID:4480
- C:\Windows\System\eqrizKP.exe
  C:\Windows\System\eqrizKP.exe
  2⤵
  PID:4452
- C:\Windows\System\zflHaKG.exe
  C:\Windows\System\zflHaKG.exe
  2⤵
  PID:4520
- C:\Windows\System\KWSReSl.exe
  C:\Windows\System\KWSReSl.exe
  2⤵
  PID:4540
- C:\Windows\System\AaEzsWA.exe
  C:\Windows\System\AaEzsWA.exe
  2⤵
  PID:4600
- C:\Windows\System\RjzSGOK.exe
  C:\Windows\System\RjzSGOK.exe
  2⤵
  PID:4588
- C:\Windows\System\dospSIc.exe
  C:\Windows\System\dospSIc.exe
  2⤵
  PID:4620
- C:\Windows\System\tojukeb.exe
  C:\Windows\System\tojukeb.exe
  2⤵
  PID:4676
- C:\Windows\System\ORlOuQR.exe
  C:\Windows\System\ORlOuQR.exe
  2⤵
  PID:4704
- C:\Windows\System\JnRxWvJ.exe
  C:\Windows\System\JnRxWvJ.exe
  2⤵
  PID:4740
- C:\Windows\System\OEDDXDU.exe
  C:\Windows\System\OEDDXDU.exe
  2⤵
  PID:4780
- C:\Windows\System\rUEZjNE.exe
  C:\Windows\System\rUEZjNE.exe
  2⤵
  PID:4804
- C:\Windows\System\OOLXRTb.exe
  C:\Windows\System\OOLXRTb.exe
  2⤵
  PID:4840
- C:\Windows\System\PzLcFlT.exe
  C:\Windows\System\PzLcFlT.exe
  2⤵
  PID:4860
- C:\Windows\System\zocVdRj.exe
  C:\Windows\System\zocVdRj.exe
  2⤵
  PID:4916
- C:\Windows\System\FlOsuHs.exe
  C:\Windows\System\FlOsuHs.exe
  2⤵
  PID:4960
- C:\Windows\System\uJVTTfO.exe
  C:\Windows\System\uJVTTfO.exe
  2⤵
  PID:4980
- C:\Windows\System\DfEUhir.exe
  C:\Windows\System\DfEUhir.exe
  2⤵
  PID:5004
- C:\Windows\System\ehQTXMy.exe
  C:\Windows\System\ehQTXMy.exe
  2⤵
  PID:5044
- C:\Windows\System\yQoNPhs.exe
  C:\Windows\System\yQoNPhs.exe
  2⤵
  PID:5068
- C:\Windows\System\NPflJwV.exe
  C:\Windows\System\NPflJwV.exe
  2⤵
  PID:5100
- C:\Windows\System\dNYqUxn.exe
  C:\Windows\System\dNYqUxn.exe
  2⤵
  PID:2648
- C:\Windows\System\batIBaj.exe
  C:\Windows\System\batIBaj.exe
  2⤵
  PID:3732
- C:\Windows\System\xMNSSpX.exe
  C:\Windows\System\xMNSSpX.exe
  2⤵
  PID:3712
- C:\Windows\System\ddsYxKo.exe
  C:\Windows\System\ddsYxKo.exe
  2⤵
  PID:3752
- C:\Windows\System\dqexudQ.exe
  C:\Windows\System\dqexudQ.exe
  2⤵
  PID:4100
- C:\Windows\System\DkswUXF.exe
  C:\Windows\System\DkswUXF.exe
  2⤵
  PID:4140
- C:\Windows\System\CEteSuH.exe
  C:\Windows\System\CEteSuH.exe
  2⤵
  PID:4220
- C:\Windows\System\YQpOvjE.exe
  C:\Windows\System\YQpOvjE.exe
  2⤵
  PID:4288
- C:\Windows\System\LczNtBk.exe
  C:\Windows\System\LczNtBk.exe
  2⤵
  PID:4260
- C:\Windows\System\LPLhbdi.exe
  C:\Windows\System\LPLhbdi.exe
  2⤵
  PID:4356
- C:\Windows\System\jFOqbpa.exe
  C:\Windows\System\jFOqbpa.exe
  2⤵
  PID:4524
- C:\Windows\System\ZVjXHFH.exe
  C:\Windows\System\ZVjXHFH.exe
  2⤵
  PID:4416
- C:\Windows\System\nTtbSCx.exe
  C:\Windows\System\nTtbSCx.exe
  2⤵
  PID:4564
- C:\Windows\System\BsjtESk.exe
  C:\Windows\System\BsjtESk.exe
  2⤵
  PID:4536
- C:\Windows\System\kPotxYs.exe
  C:\Windows\System\kPotxYs.exe
  2⤵
  PID:4604
- C:\Windows\System\pmMGOhN.exe
  C:\Windows\System\pmMGOhN.exe
  2⤵
  PID:4764
- C:\Windows\System\vwlADTA.exe
  C:\Windows\System\vwlADTA.exe
  2⤵
  PID:4720
- C:\Windows\System\jgQqgTZ.exe
  C:\Windows\System\jgQqgTZ.exe
  2⤵
  PID:4844
- C:\Windows\System\JesapEO.exe
  C:\Windows\System\JesapEO.exe
  2⤵
  PID:4888
- C:\Windows\System\oebteLe.exe
  C:\Windows\System\oebteLe.exe
  2⤵
  PID:4904
- C:\Windows\System\YjVXMjf.exe
  C:\Windows\System\YjVXMjf.exe
  2⤵
  PID:4924
- C:\Windows\System\jEUZnGI.exe
  C:\Windows\System\jEUZnGI.exe
  2⤵
  PID:4984
- C:\Windows\System\EUWIJwl.exe
  C:\Windows\System\EUWIJwl.exe
  2⤵
  PID:1308
- C:\Windows\System\dXrowqn.exe
  C:\Windows\System\dXrowqn.exe
  2⤵
  PID:5104
- C:\Windows\System\zvcKrFb.exe
  C:\Windows\System\zvcKrFb.exe
  2⤵
  PID:3380
- C:\Windows\System\kqqIilY.exe
  C:\Windows\System\kqqIilY.exe
  2⤵
  PID:3392
- C:\Windows\System\NnKaebe.exe
  C:\Windows\System\NnKaebe.exe
  2⤵
  PID:3008
- C:\Windows\System\wdzdmvP.exe
  C:\Windows\System\wdzdmvP.exe
  2⤵
  PID:4216
- C:\Windows\System\rdnvGXX.exe
  C:\Windows\System\rdnvGXX.exe
  2⤵
  PID:4284
- C:\Windows\System\mXBFUey.exe
  C:\Windows\System\mXBFUey.exe
  2⤵
  PID:4460
- C:\Windows\System\UDgZOpZ.exe
  C:\Windows\System\UDgZOpZ.exe
  2⤵
  PID:4504
- C:\Windows\System\QcVlfoH.exe
  C:\Windows\System\QcVlfoH.exe
  2⤵
  PID:4476
- C:\Windows\System\zTXgPzM.exe
  C:\Windows\System\zTXgPzM.exe
  2⤵
  PID:4760
- C:\Windows\System\CcDERvz.exe
  C:\Windows\System\CcDERvz.exe
  2⤵
  PID:4824
- C:\Windows\System\sJZlIaB.exe
  C:\Windows\System\sJZlIaB.exe
  2⤵
  PID:4788
- C:\Windows\System\wdVDJoX.exe
  C:\Windows\System\wdVDJoX.exe
  2⤵
  PID:4856
- C:\Windows\System\tNFxvqM.exe
  C:\Windows\System\tNFxvqM.exe
  2⤵
  PID:5000
- C:\Windows\System\ovZexOw.exe
  C:\Windows\System\ovZexOw.exe
  2⤵
  PID:5060
- C:\Windows\System\wkZrhSZ.exe
  C:\Windows\System\wkZrhSZ.exe
  2⤵
  PID:2248
- C:\Windows\System\mQUtThr.exe
  C:\Windows\System\mQUtThr.exe
  2⤵
  PID:4164
- C:\Windows\System\KWjoYrP.exe
  C:\Windows\System\KWjoYrP.exe
  2⤵
  PID:4364
- C:\Windows\System\PYXZygc.exe
  C:\Windows\System\PYXZygc.exe
  2⤵
  PID:4360
- C:\Windows\System\AlMPKBR.exe
  C:\Windows\System\AlMPKBR.exe
  2⤵
  PID:4388
- C:\Windows\System\NYmGylx.exe
  C:\Windows\System\NYmGylx.exe
  2⤵
  PID:5132
- C:\Windows\System\KVZSTeN.exe
  C:\Windows\System\KVZSTeN.exe
  2⤵
  PID:5152
- C:\Windows\System\WKCdIzY.exe
  C:\Windows\System\WKCdIzY.exe
  2⤵
  PID:5168
- C:\Windows\System\LhHWtLP.exe
  C:\Windows\System\LhHWtLP.exe
  2⤵
  PID:5192
- C:\Windows\System\zZyOELy.exe
  C:\Windows\System\zZyOELy.exe
  2⤵
  PID:5212
- C:\Windows\System\Uwbxrck.exe
  C:\Windows\System\Uwbxrck.exe
  2⤵
  PID:5232
- C:\Windows\System\yCBVKOO.exe
  C:\Windows\System\yCBVKOO.exe
  2⤵
  PID:5252
- C:\Windows\System\jjUdMpv.exe
  C:\Windows\System\jjUdMpv.exe
  2⤵
  PID:5272
- C:\Windows\System\cOIORuj.exe
  C:\Windows\System\cOIORuj.exe
  2⤵
  PID:5288
- C:\Windows\System\AOfYSjG.exe
  C:\Windows\System\AOfYSjG.exe
  2⤵
  PID:5312
- C:\Windows\System\bDFlVIZ.exe
  C:\Windows\System\bDFlVIZ.exe
  2⤵
  PID:5332
- C:\Windows\System\viMIHZJ.exe
  C:\Windows\System\viMIHZJ.exe
  2⤵
  PID:5348
- C:\Windows\System\ijSqJUx.exe
  C:\Windows\System\ijSqJUx.exe
  2⤵
  PID:5368
- C:\Windows\System\UFPxmkJ.exe
  C:\Windows\System\UFPxmkJ.exe
  2⤵
  PID:5388
- C:\Windows\System\HdgkdSv.exe
  C:\Windows\System\HdgkdSv.exe
  2⤵
  PID:5412
- C:\Windows\System\VYTDhpj.exe
  C:\Windows\System\VYTDhpj.exe
  2⤵
  PID:5428
- C:\Windows\System\QRkWagi.exe
  C:\Windows\System\QRkWagi.exe
  2⤵
  PID:5452
- C:\Windows\System\QKIruyu.exe
  C:\Windows\System\QKIruyu.exe
  2⤵
  PID:5472
- C:\Windows\System\EPxTvBe.exe
  C:\Windows\System\EPxTvBe.exe
  2⤵
  PID:5492
- C:\Windows\System\AhybJgR.exe
  C:\Windows\System\AhybJgR.exe
  2⤵
  PID:5508
- C:\Windows\System\vRALzwB.exe
  C:\Windows\System\vRALzwB.exe
  2⤵
  PID:5532
- C:\Windows\System\GVPKOuC.exe
  C:\Windows\System\GVPKOuC.exe
  2⤵
  PID:5548
- C:\Windows\System\YOtYDSz.exe
  C:\Windows\System\YOtYDSz.exe
  2⤵
  PID:5572
- C:\Windows\System\UbmcNpx.exe
  C:\Windows\System\UbmcNpx.exe
  2⤵
  PID:5588
- C:\Windows\System\GfeUgMn.exe
  C:\Windows\System\GfeUgMn.exe
  2⤵
  PID:5612
- C:\Windows\System\giAFiob.exe
  C:\Windows\System\giAFiob.exe
  2⤵
  PID:5628
- C:\Windows\System\qUnHuCr.exe
  C:\Windows\System\qUnHuCr.exe
  2⤵
  PID:5648
- C:\Windows\System\EVPzVOU.exe
  C:\Windows\System\EVPzVOU.exe
  2⤵
  PID:5672
- C:\Windows\System\VAYEmJl.exe
  C:\Windows\System\VAYEmJl.exe
  2⤵
  PID:5688
- C:\Windows\System\ZMIeJCe.exe
  C:\Windows\System\ZMIeJCe.exe
  2⤵
  PID:5708
- C:\Windows\System\VhJIhPj.exe
  C:\Windows\System\VhJIhPj.exe
  2⤵
  PID:5732
- C:\Windows\System\EUkRCYA.exe
  C:\Windows\System\EUkRCYA.exe
  2⤵
  PID:5752
- C:\Windows\System\KilvAsm.exe
  C:\Windows\System\KilvAsm.exe
  2⤵
  PID:5768
- C:\Windows\System\gwBKRcK.exe
  C:\Windows\System\gwBKRcK.exe
  2⤵
  PID:5788
- C:\Windows\System\okhZnhX.exe
  C:\Windows\System\okhZnhX.exe
  2⤵
  PID:5812
- C:\Windows\System\VNJnssf.exe
  C:\Windows\System\VNJnssf.exe
  2⤵
  PID:5828
- C:\Windows\System\zhCQbDl.exe
  C:\Windows\System\zhCQbDl.exe
  2⤵
  PID:5848
- C:\Windows\System\cjYHoYW.exe
  C:\Windows\System\cjYHoYW.exe
  2⤵
  PID:5872
- C:\Windows\System\xjKlajh.exe
  C:\Windows\System\xjKlajh.exe
  2⤵
  PID:5892
- C:\Windows\System\FIgBgCR.exe
  C:\Windows\System\FIgBgCR.exe
  2⤵
  PID:5908
- C:\Windows\System\iyeiARs.exe
  C:\Windows\System\iyeiARs.exe
  2⤵
  PID:5932
- C:\Windows\System\lwSTtPU.exe
  C:\Windows\System\lwSTtPU.exe
  2⤵
  PID:5948
- C:\Windows\System\mAEjoiU.exe
  C:\Windows\System\mAEjoiU.exe
  2⤵
  PID:5968
- C:\Windows\System\qmzajSs.exe
  C:\Windows\System\qmzajSs.exe
  2⤵
  PID:5992
- C:\Windows\System\nlIqfDw.exe
  C:\Windows\System\nlIqfDw.exe
  2⤵
  PID:6008
- C:\Windows\System\QCtVlJH.exe
  C:\Windows\System\QCtVlJH.exe
  2⤵
  PID:6028
- C:\Windows\System\bmdUKCx.exe
  C:\Windows\System\bmdUKCx.exe
  2⤵
  PID:6052
- C:\Windows\System\xhgfWuu.exe
  C:\Windows\System\xhgfWuu.exe
  2⤵
  PID:6068
- C:\Windows\System\fOTvTWO.exe
  C:\Windows\System\fOTvTWO.exe
  2⤵
  PID:6092
- C:\Windows\System\JxFFZJk.exe
  C:\Windows\System\JxFFZJk.exe
  2⤵
  PID:6108
- C:\Windows\System\ZxmPmMP.exe
  C:\Windows\System\ZxmPmMP.exe
  2⤵
  PID:6132
- C:\Windows\System\lXFYMgr.exe
  C:\Windows\System\lXFYMgr.exe
  2⤵
  PID:4724
- C:\Windows\System\BqfdecJ.exe
  C:\Windows\System\BqfdecJ.exe
  2⤵
  PID:4640
- C:\Windows\System\mgUMICH.exe
  C:\Windows\System\mgUMICH.exe
  2⤵
  PID:5036
- C:\Windows\System\gMVAtBl.exe
  C:\Windows\System\gMVAtBl.exe
  2⤵
  PID:4968
- C:\Windows\System\YLlfxgC.exe
  C:\Windows\System\YLlfxgC.exe
  2⤵
  PID:1996
- C:\Windows\System\geHBhrG.exe
  C:\Windows\System\geHBhrG.exe
  2⤵
  PID:4108
- C:\Windows\System\bBXKnFZ.exe
  C:\Windows\System\bBXKnFZ.exe
  2⤵
  PID:4324
- C:\Windows\System\mRHJOEp.exe
  C:\Windows\System\mRHJOEp.exe
  2⤵
  PID:5128
- C:\Windows\System\ryMAaAk.exe
  C:\Windows\System\ryMAaAk.exe
  2⤵
  PID:5200
- C:\Windows\System\UqFzwyr.exe
  C:\Windows\System\UqFzwyr.exe
  2⤵
  PID:5188
- C:\Windows\System\IKGDqpj.exe
  C:\Windows\System\IKGDqpj.exe
  2⤵
  PID:5248
- C:\Windows\System\ZpFNvee.exe
  C:\Windows\System\ZpFNvee.exe
  2⤵
  PID:5284
- C:\Windows\System\pxLoOJA.exe
  C:\Windows\System\pxLoOJA.exe
  2⤵
  PID:5320
- C:\Windows\System\bjFhJZC.exe
  C:\Windows\System\bjFhJZC.exe
  2⤵
  PID:5328
- C:\Windows\System\AGPlIzg.exe
  C:\Windows\System\AGPlIzg.exe
  2⤵
  PID:5344
- C:\Windows\System\WhYfJHh.exe
  C:\Windows\System\WhYfJHh.exe
  2⤵
  PID:5400
- C:\Windows\System\aNmZFoG.exe
  C:\Windows\System\aNmZFoG.exe
  2⤵
  PID:5444
- C:\Windows\System\hIBfaFE.exe
  C:\Windows\System\hIBfaFE.exe
  2⤵
  PID:5488
- C:\Windows\System\LdgkPoW.exe
  C:\Windows\System\LdgkPoW.exe
  2⤵
  PID:5500
- C:\Windows\System\JWYTGvl.exe
  C:\Windows\System\JWYTGvl.exe
  2⤵
  PID:2700
- C:\Windows\System\ajKYRyx.exe
  C:\Windows\System\ajKYRyx.exe
  2⤵
  PID:5560
- C:\Windows\System\ZZqtYsO.exe
  C:\Windows\System\ZZqtYsO.exe
  2⤵
  PID:5604
- C:\Windows\System\VCvBXHv.exe
  C:\Windows\System\VCvBXHv.exe
  2⤵
  PID:5636
- C:\Windows\System\YMbroaZ.exe
  C:\Windows\System\YMbroaZ.exe
  2⤵
  PID:5660
- C:\Windows\System\VJbFmdb.exe
  C:\Windows\System\VJbFmdb.exe
  2⤵
  PID:5696
- C:\Windows\System\vbJRXoy.exe
  C:\Windows\System\vbJRXoy.exe
  2⤵
  PID:5704
- C:\Windows\System\egRndVe.exe
  C:\Windows\System\egRndVe.exe
  2⤵
  PID:5744
- C:\Windows\System\qQfZBrl.exe
  C:\Windows\System\qQfZBrl.exe
  2⤵
  PID:5808
- C:\Windows\System\diZPWAU.exe
  C:\Windows\System\diZPWAU.exe
  2⤵
  PID:5844
- C:\Windows\System\ALdoJtD.exe
  C:\Windows\System\ALdoJtD.exe
  2⤵
  PID:5880
- C:\Windows\System\nCjYuzl.exe
  C:\Windows\System\nCjYuzl.exe
  2⤵
  PID:5888
- C:\Windows\System\vxycpgd.exe
  C:\Windows\System\vxycpgd.exe
  2⤵
  PID:5904
- C:\Windows\System\gQfwUEI.exe
  C:\Windows\System\gQfwUEI.exe
  2⤵
  PID:5944
- C:\Windows\System\sLiujxY.exe
  C:\Windows\System\sLiujxY.exe
  2⤵
  PID:6000
- C:\Windows\System\fgWauEB.exe
  C:\Windows\System\fgWauEB.exe
  2⤵
  PID:6040
- C:\Windows\System\XvQPRJN.exe
  C:\Windows\System\XvQPRJN.exe
  2⤵
  PID:6044
- C:\Windows\System\WPVrVuL.exe
  C:\Windows\System\WPVrVuL.exe
  2⤵
  PID:6088
- C:\Windows\System\CSTukHc.exe
  C:\Windows\System\CSTukHc.exe
  2⤵
  PID:6124
- C:\Windows\System\hhFUGzA.exe
  C:\Windows\System\hhFUGzA.exe
  2⤵
  PID:4664
- C:\Windows\System\uvQPaHw.exe
  C:\Windows\System\uvQPaHw.exe
  2⤵
  PID:4880
- C:\Windows\System\YzEURqu.exe
  C:\Windows\System\YzEURqu.exe
  2⤵
  PID:2004
- C:\Windows\System\RobiSNQ.exe
  C:\Windows\System\RobiSNQ.exe
  2⤵
  PID:2704
- C:\Windows\System\Hjfskxn.exe
  C:\Windows\System\Hjfskxn.exe
  2⤵
  PID:4384
- C:\Windows\System\KMLMyhe.exe
  C:\Windows\System\KMLMyhe.exe
  2⤵
  PID:5140
- C:\Windows\System\JPwFqZZ.exe
  C:\Windows\System\JPwFqZZ.exe
  2⤵
  PID:5220
- C:\Windows\System\hCyBZyy.exe
  C:\Windows\System\hCyBZyy.exe
  2⤵
  PID:5240
- C:\Windows\System\mywYkGT.exe
  C:\Windows\System\mywYkGT.exe
  2⤵
  PID:5300
- C:\Windows\System\QXcddBW.exe
  C:\Windows\System\QXcddBW.exe
  2⤵
  PID:5384
- C:\Windows\System\HoszgZn.exe
  C:\Windows\System\HoszgZn.exe
  2⤵
  PID:5440
- C:\Windows\System\NIiLeGL.exe
  C:\Windows\System\NIiLeGL.exe
  2⤵
  PID:5468
- C:\Windows\System\FuHCrKQ.exe
  C:\Windows\System\FuHCrKQ.exe
  2⤵
  PID:2680
- C:\Windows\System\GAHnQmn.exe
  C:\Windows\System\GAHnQmn.exe
  2⤵
  PID:5544
- C:\Windows\System\GBwBtiv.exe
  C:\Windows\System\GBwBtiv.exe
  2⤵
  PID:5620
- C:\Windows\System\GQUDDGc.exe
  C:\Windows\System\GQUDDGc.exe
  2⤵
  PID:5800
- C:\Windows\System\dXiBiqH.exe
  C:\Windows\System\dXiBiqH.exe
  2⤵
  PID:5724
- C:\Windows\System\lvdiSDo.exe
  C:\Windows\System\lvdiSDo.exe
  2⤵
  PID:2500
- C:\Windows\System\FiAHVDJ.exe
  C:\Windows\System\FiAHVDJ.exe
  2⤵
  PID:5784
- C:\Windows\System\WbKOMhF.exe
  C:\Windows\System\WbKOMhF.exe
  2⤵
  PID:5960
- C:\Windows\System\iYfBdzW.exe
  C:\Windows\System\iYfBdzW.exe
  2⤵
  PID:5956
- C:\Windows\System\oUAeLWv.exe
  C:\Windows\System\oUAeLWv.exe
  2⤵
  PID:6024
- C:\Windows\System\NvLawnx.exe
  C:\Windows\System\NvLawnx.exe
  2⤵
  PID:2412
- C:\Windows\System\AZKwEEu.exe
  C:\Windows\System\AZKwEEu.exe
  2⤵
  PID:6080
- C:\Windows\System\OGNpvLu.exe
  C:\Windows\System\OGNpvLu.exe
  2⤵
  PID:3276
- C:\Windows\System\TjFKpHT.exe
  C:\Windows\System\TjFKpHT.exe
  2⤵
  PID:4956
- C:\Windows\System\MYRHTPO.exe
  C:\Windows\System\MYRHTPO.exe
  2⤵
  PID:2820
- C:\Windows\System\XUKKnnR.exe
  C:\Windows\System\XUKKnnR.exe
  2⤵
  PID:5184
- C:\Windows\System\OZGkvXR.exe
  C:\Windows\System\OZGkvXR.exe
  2⤵
  PID:2664
- C:\Windows\System\YTyCNOd.exe
  C:\Windows\System\YTyCNOd.exe
  2⤵
  PID:5264
- C:\Windows\System\FIyGxAH.exe
  C:\Windows\System\FIyGxAH.exe
  2⤵
  PID:1872
- C:\Windows\System\ikjtlJr.exe
  C:\Windows\System\ikjtlJr.exe
  2⤵
  PID:5424
- C:\Windows\System\rSYKDje.exe
  C:\Windows\System\rSYKDje.exe
  2⤵
  PID:5520
- C:\Windows\System\DOmlZHO.exe
  C:\Windows\System\DOmlZHO.exe
  2⤵
  PID:5596
- C:\Windows\System\IhGfsFF.exe
  C:\Windows\System\IhGfsFF.exe
  2⤵
  PID:5584
- C:\Windows\System\DIrhMRq.exe
  C:\Windows\System\DIrhMRq.exe
  2⤵
  PID:5748
- C:\Windows\System\upNzlMe.exe
  C:\Windows\System\upNzlMe.exe
  2⤵
  PID:5836
- C:\Windows\System\NbHvlzV.exe
  C:\Windows\System\NbHvlzV.exe
  2⤵
  PID:5776
- C:\Windows\System\HXzPTvP.exe
  C:\Windows\System\HXzPTvP.exe
  2⤵
  PID:5868
- C:\Windows\System\YvIrESU.exe
  C:\Windows\System\YvIrESU.exe
  2⤵
  PID:6036
- C:\Windows\System\gBrmJjc.exe
  C:\Windows\System\gBrmJjc.exe
  2⤵
  PID:6120
- C:\Windows\System\NIwqQYZ.exe
  C:\Windows\System\NIwqQYZ.exe
  2⤵
  PID:4700
- C:\Windows\System\IHZeIgO.exe
  C:\Windows\System\IHZeIgO.exe
  2⤵
  PID:5180
- C:\Windows\System\jmtUbps.exe
  C:\Windows\System\jmtUbps.exe
  2⤵
  PID:5144
- C:\Windows\System\CmazQtr.exe
  C:\Windows\System\CmazQtr.exe
  2⤵
  PID:5408
- C:\Windows\System\GQbUOIZ.exe
  C:\Windows\System\GQbUOIZ.exe
  2⤵
  PID:5464
- C:\Windows\System\gCKoGEL.exe
  C:\Windows\System\gCKoGEL.exe
  2⤵
  PID:2340
- C:\Windows\System\cCjXqdu.exe
  C:\Windows\System\cCjXqdu.exe
  2⤵
  PID:5716
- C:\Windows\System\svzdNGS.exe
  C:\Windows\System\svzdNGS.exe
  2⤵
  PID:5920
- C:\Windows\System\KuGLmrd.exe
  C:\Windows\System\KuGLmrd.exe
  2⤵
  PID:2024
- C:\Windows\System\uiJCyAW.exe
  C:\Windows\System\uiJCyAW.exe
  2⤵
  PID:5988
- C:\Windows\System\YymJPlC.exe
  C:\Windows\System\YymJPlC.exe
  2⤵
  PID:6164
- C:\Windows\System\HunReoz.exe
  C:\Windows\System\HunReoz.exe
  2⤵
  PID:6184
- C:\Windows\System\KNNlCDb.exe
  C:\Windows\System\KNNlCDb.exe
  2⤵
  PID:6204
- C:\Windows\System\yoRfdxp.exe
  C:\Windows\System\yoRfdxp.exe
  2⤵
  PID:6224
- C:\Windows\System\qrFcQla.exe
  C:\Windows\System\qrFcQla.exe
  2⤵
  PID:6244
- C:\Windows\System\ZoBsbLi.exe
  C:\Windows\System\ZoBsbLi.exe
  2⤵
  PID:6264
- C:\Windows\System\aDJtBZz.exe
  C:\Windows\System\aDJtBZz.exe
  2⤵
  PID:6284
- C:\Windows\System\iUeDeDk.exe
  C:\Windows\System\iUeDeDk.exe
  2⤵
  PID:6304
- C:\Windows\System\tISVVoS.exe
  C:\Windows\System\tISVVoS.exe
  2⤵
  PID:6328
- C:\Windows\System\JmTTMzS.exe
  C:\Windows\System\JmTTMzS.exe
  2⤵
  PID:6348
- C:\Windows\System\vaXhnAr.exe
  C:\Windows\System\vaXhnAr.exe
  2⤵
  PID:6368
- C:\Windows\System\NmJCYUH.exe
  C:\Windows\System\NmJCYUH.exe
  2⤵
  PID:6388
- C:\Windows\System\DMnccNN.exe
  C:\Windows\System\DMnccNN.exe
  2⤵
  PID:6408
- C:\Windows\System\xNeimpK.exe
  C:\Windows\System\xNeimpK.exe
  2⤵
  PID:6428
- C:\Windows\System\pHCYcxI.exe
  C:\Windows\System\pHCYcxI.exe
  2⤵
  PID:6448
- C:\Windows\System\iIfHVRV.exe
  C:\Windows\System\iIfHVRV.exe
  2⤵
  PID:6468
- C:\Windows\System\mEYZRGT.exe
  C:\Windows\System\mEYZRGT.exe
  2⤵
  PID:6488
- C:\Windows\System\ySzuVFb.exe
  C:\Windows\System\ySzuVFb.exe
  2⤵
  PID:6508
- C:\Windows\System\RBMwPWl.exe
  C:\Windows\System\RBMwPWl.exe
  2⤵
  PID:6528
- C:\Windows\System\WuUWVAC.exe
  C:\Windows\System\WuUWVAC.exe
  2⤵
  PID:6548
- C:\Windows\System\DfamGQu.exe
  C:\Windows\System\DfamGQu.exe
  2⤵
  PID:6568
- C:\Windows\System\HByYXgS.exe
  C:\Windows\System\HByYXgS.exe
  2⤵
  PID:6588
- C:\Windows\System\PBwSdbH.exe
  C:\Windows\System\PBwSdbH.exe
  2⤵
  PID:6608
- C:\Windows\System\cwnOXNg.exe
  C:\Windows\System\cwnOXNg.exe
  2⤵
  PID:6628
- C:\Windows\System\rOnOgKh.exe
  C:\Windows\System\rOnOgKh.exe
  2⤵
  PID:6648
- C:\Windows\System\GtAyQmY.exe
  C:\Windows\System\GtAyQmY.exe
  2⤵
  PID:6668
- C:\Windows\System\wGcvOlC.exe
  C:\Windows\System\wGcvOlC.exe
  2⤵
  PID:6688
- C:\Windows\System\GWKpIfE.exe
  C:\Windows\System\GWKpIfE.exe
  2⤵
  PID:6708
- C:\Windows\System\ETEiKPZ.exe
  C:\Windows\System\ETEiKPZ.exe
  2⤵
  PID:6728
- C:\Windows\System\vntXDeS.exe
  C:\Windows\System\vntXDeS.exe
  2⤵
  PID:6748
- C:\Windows\System\JXvZDeH.exe
  C:\Windows\System\JXvZDeH.exe
  2⤵
  PID:6768
- C:\Windows\System\rkDmGIu.exe
  C:\Windows\System\rkDmGIu.exe
  2⤵
  PID:6788
- C:\Windows\System\gsFSzVE.exe
  C:\Windows\System\gsFSzVE.exe
  2⤵
  PID:6808
- C:\Windows\System\jZGmfPM.exe
  C:\Windows\System\jZGmfPM.exe
  2⤵
  PID:6828
- C:\Windows\System\HLZHvbC.exe
  C:\Windows\System\HLZHvbC.exe
  2⤵
  PID:6848
- C:\Windows\System\qsPYAJj.exe
  C:\Windows\System\qsPYAJj.exe
  2⤵
  PID:6868
- C:\Windows\System\TFYXpbj.exe
  C:\Windows\System\TFYXpbj.exe
  2⤵
  PID:6888
- C:\Windows\System\khlVOtJ.exe
  C:\Windows\System\khlVOtJ.exe
  2⤵
  PID:6908
- C:\Windows\System\OogJiVX.exe
  C:\Windows\System\OogJiVX.exe
  2⤵
  PID:6928
- C:\Windows\System\RItHKCe.exe
  C:\Windows\System\RItHKCe.exe
  2⤵
  PID:6948
- C:\Windows\System\QNCDCOd.exe
  C:\Windows\System\QNCDCOd.exe
  2⤵
  PID:6968
- C:\Windows\System\RpdJFFf.exe
  C:\Windows\System\RpdJFFf.exe
  2⤵
  PID:6988
- C:\Windows\System\uyiDqLK.exe
  C:\Windows\System\uyiDqLK.exe
  2⤵
  PID:7008
- C:\Windows\System\hsAyyyj.exe
  C:\Windows\System\hsAyyyj.exe
  2⤵
  PID:7028
- C:\Windows\System\zsPLZrZ.exe
  C:\Windows\System\zsPLZrZ.exe
  2⤵
  PID:7048
- C:\Windows\System\qtktjRh.exe
  C:\Windows\System\qtktjRh.exe
  2⤵
  PID:7068
- C:\Windows\System\wEieXNe.exe
  C:\Windows\System\wEieXNe.exe
  2⤵
  PID:7088
- C:\Windows\System\LCMdWOP.exe
  C:\Windows\System\LCMdWOP.exe
  2⤵
  PID:7104
- C:\Windows\System\yxadZtY.exe
  C:\Windows\System\yxadZtY.exe
  2⤵
  PID:7128
- C:\Windows\System\tHmIzdP.exe
  C:\Windows\System\tHmIzdP.exe
  2⤵
  PID:7148
- C:\Windows\System\fznDaBy.exe
  C:\Windows\System\fznDaBy.exe
  2⤵
  PID:1036
- C:\Windows\System\kCEaLXN.exe
  C:\Windows\System\kCEaLXN.exe
  2⤵
  PID:4884
- C:\Windows\System\udeXjCE.exe
  C:\Windows\System\udeXjCE.exe
  2⤵
  PID:2944
- C:\Windows\System\mNPWuOy.exe
  C:\Windows\System\mNPWuOy.exe
  2⤵
  PID:1788
- C:\Windows\System\BCsaNXE.exe
  C:\Windows\System\BCsaNXE.exe
  2⤵
  PID:5356
- C:\Windows\System\sfnDIDg.exe
  C:\Windows\System\sfnDIDg.exe
  2⤵
  PID:5796
- C:\Windows\System\uQOVCyT.exe
  C:\Windows\System\uQOVCyT.exe
  2⤵
  PID:5916
- C:\Windows\System\SeyHsEj.exe
  C:\Windows\System\SeyHsEj.exe
  2⤵
  PID:5760
- C:\Windows\System\eTpsyVO.exe
  C:\Windows\System\eTpsyVO.exe
  2⤵
  PID:2556
- C:\Windows\System\nYeNAAc.exe
  C:\Windows\System\nYeNAAc.exe
  2⤵
  PID:6180
- C:\Windows\System\JEYjFqP.exe
  C:\Windows\System\JEYjFqP.exe
  2⤵
  PID:6212
- C:\Windows\System\NPljWFO.exe
  C:\Windows\System\NPljWFO.exe
  2⤵
  PID:6252
- C:\Windows\System\LTHuCgn.exe
  C:\Windows\System\LTHuCgn.exe
  2⤵
  PID:6260
- C:\Windows\System\loSZSHe.exe
  C:\Windows\System\loSZSHe.exe
  2⤵
  PID:2448
- C:\Windows\System\YmPpdIx.exe
  C:\Windows\System\YmPpdIx.exe
  2⤵
  PID:6300
- C:\Windows\System\hzDcxMi.exe
  C:\Windows\System\hzDcxMi.exe
  2⤵
  PID:6356
- C:\Windows\System\EnWjyzX.exe
  C:\Windows\System\EnWjyzX.exe
  2⤵
  PID:6376
- C:\Windows\System\ONNkegp.exe
  C:\Windows\System\ONNkegp.exe
  2⤵
  PID:6384
- C:\Windows\System\CcFTPZJ.exe
  C:\Windows\System\CcFTPZJ.exe
  2⤵
  PID:6416
- C:\Windows\System\sUGTgaM.exe
  C:\Windows\System\sUGTgaM.exe
  2⤵
  PID:6444
- C:\Windows\System\UQBSsHg.exe
  C:\Windows\System\UQBSsHg.exe
  2⤵
  PID:6456
- C:\Windows\System\mOFVRpp.exe
  C:\Windows\System\mOFVRpp.exe
  2⤵
  PID:6460
- C:\Windows\System\PxGluZD.exe
  C:\Windows\System\PxGluZD.exe
  2⤵
  PID:6560
- C:\Windows\System\CpkYsZD.exe
  C:\Windows\System\CpkYsZD.exe
  2⤵
  PID:6604
- C:\Windows\System\CHdZlfu.exe
  C:\Windows\System\CHdZlfu.exe
  2⤵
  PID:6616
- C:\Windows\System\DIRSgRD.exe
  C:\Windows\System\DIRSgRD.exe
  2⤵
  PID:2524
- C:\Windows\System\nqjbIuA.exe
  C:\Windows\System\nqjbIuA.exe
  2⤵
  PID:2548
- C:\Windows\System\raFeGfN.exe
  C:\Windows\System\raFeGfN.exe
  2⤵
  PID:6660
- C:\Windows\System\BhYJNGr.exe
  C:\Windows\System\BhYJNGr.exe
  2⤵
  PID:6720
- C:\Windows\System\CRSAYsJ.exe
  C:\Windows\System\CRSAYsJ.exe
  2⤵
  PID:6764
- C:\Windows\System\fbSZlCp.exe
  C:\Windows\System\fbSZlCp.exe
  2⤵
  PID:2432
- C:\Windows\System\oEciIej.exe
  C:\Windows\System\oEciIej.exe
  2⤵
  PID:6784
- C:\Windows\System\ecoOFPu.exe
  C:\Windows\System\ecoOFPu.exe
  2⤵
  PID:6820
- C:\Windows\System\ogmDpkK.exe
  C:\Windows\System\ogmDpkK.exe
  2⤵
  PID:6884
- C:\Windows\System\iSqpvSY.exe
  C:\Windows\System\iSqpvSY.exe
  2⤵
  PID:2692
- C:\Windows\System\fenwKCu.exe
  C:\Windows\System\fenwKCu.exe
  2⤵
  PID:6920
- C:\Windows\System\bfRoLrs.exe
  C:\Windows\System\bfRoLrs.exe
  2⤵
  PID:6956
- C:\Windows\System\POckPge.exe
  C:\Windows\System\POckPge.exe
  2⤵
  PID:6940
- C:\Windows\System\aIRuAsS.exe
  C:\Windows\System\aIRuAsS.exe
  2⤵
  PID:1028
- C:\Windows\System\IfWXHEE.exe
  C:\Windows\System\IfWXHEE.exe
  2⤵
  PID:6984
- C:\Windows\System\AurjZkJ.exe
  C:\Windows\System\AurjZkJ.exe
  2⤵
  PID:7040
- C:\Windows\System\HiSztNB.exe
  C:\Windows\System\HiSztNB.exe
  2⤵
  PID:7076
- C:\Windows\System\AlYfpEC.exe
  C:\Windows\System\AlYfpEC.exe
  2⤵
  PID:7064
- C:\Windows\System\zinyQgi.exe
  C:\Windows\System\zinyQgi.exe
  2⤵
  PID:7116
- C:\Windows\System\FxKGKOt.exe
  C:\Windows\System\FxKGKOt.exe
  2⤵
  PID:2348
- C:\Windows\System\nHCFols.exe
  C:\Windows\System\nHCFols.exe
  2⤵
  PID:7164
- C:\Windows\System\XWRTFiX.exe
  C:\Windows\System\XWRTFiX.exe
  2⤵
  PID:2148
- C:\Windows\System\pPGIIcB.exe
  C:\Windows\System\pPGIIcB.exe
  2⤵
  PID:3536
- C:\Windows\System\pcaPMSO.exe
  C:\Windows\System\pcaPMSO.exe
  2⤵
  PID:5124
- C:\Windows\System\qZYYSgt.exe
  C:\Windows\System\qZYYSgt.exe
  2⤵
  PID:2204
- C:\Windows\System\McVFCUl.exe
  C:\Windows\System\McVFCUl.exe
  2⤵
  PID:2156
- C:\Windows\System\pZsWtqi.exe
  C:\Windows\System\pZsWtqi.exe
  2⤵
  PID:1520
- C:\Windows\System\NpsJKYN.exe
  C:\Windows\System\NpsJKYN.exe
  2⤵
  PID:5664
- C:\Windows\System\EMHOUcr.exe
  C:\Windows\System\EMHOUcr.exe
  2⤵
  PID:6172
- C:\Windows\System\iGXVLMM.exe
  C:\Windows\System\iGXVLMM.exe
  2⤵
  PID:6240
- C:\Windows\System\MFZnwFH.exe
  C:\Windows\System\MFZnwFH.exe
  2⤵
  PID:6292
- C:\Windows\System\CYmXiUU.exe
  C:\Windows\System\CYmXiUU.exe
  2⤵
  PID:6272
- C:\Windows\System\iVImGBa.exe
  C:\Windows\System\iVImGBa.exe
  2⤵
  PID:6420
- C:\Windows\System\GmeUtUw.exe
  C:\Windows\System\GmeUtUw.exe
  2⤵
  PID:2480
- C:\Windows\System\jVbjfvk.exe
  C:\Windows\System\jVbjfvk.exe
  2⤵
  PID:6340
- C:\Windows\System\yEgfeUc.exe
  C:\Windows\System\yEgfeUc.exe
  2⤵
  PID:2028
- C:\Windows\System\UxMSAKN.exe
  C:\Windows\System\UxMSAKN.exe
  2⤵
  PID:6500
- C:\Windows\System\lKDJJXq.exe
  C:\Windows\System\lKDJJXq.exe
  2⤵
  PID:6624
- C:\Windows\System\oaXqDsg.exe
  C:\Windows\System\oaXqDsg.exe
  2⤵
  PID:6760
- C:\Windows\System\ToyfEdL.exe
  C:\Windows\System\ToyfEdL.exe
  2⤵
  PID:6856
- C:\Windows\System\GsvxNoP.exe
  C:\Windows\System\GsvxNoP.exe
  2⤵
  PID:6944
- C:\Windows\System\nFXOqmM.exe
  C:\Windows\System\nFXOqmM.exe
  2⤵
  PID:7020
- C:\Windows\System\uPlJLiw.exe
  C:\Windows\System\uPlJLiw.exe
  2⤵
  PID:7112
- C:\Windows\System\lQuyYbH.exe
  C:\Windows\System\lQuyYbH.exe
  2⤵
  PID:2940
- C:\Windows\System\JUVeIbf.exe
  C:\Windows\System\JUVeIbf.exe
  2⤵
  PID:2580
- C:\Windows\System\sixbTdy.exe
  C:\Windows\System\sixbTdy.exe
  2⤵
  PID:1832
- C:\Windows\System\VeyUKIK.exe
  C:\Windows\System\VeyUKIK.exe
  2⤵
  PID:1632
- C:\Windows\System\HoGTKpU.exe
  C:\Windows\System\HoGTKpU.exe
  2⤵
  PID:6152
- C:\Windows\System\CfYqoKH.exe
  C:\Windows\System\CfYqoKH.exe
  2⤵
  PID:6824
- C:\Windows\System\YsDiYqS.exe
  C:\Windows\System\YsDiYqS.exe
  2⤵
  PID:6904
- C:\Windows\System\IkvQHnT.exe
  C:\Windows\System\IkvQHnT.exe
  2⤵
  PID:7044
- C:\Windows\System\BjZPcEF.exe
  C:\Windows\System\BjZPcEF.exe
  2⤵
  PID:7100
- C:\Windows\System\xsXKudX.exe
  C:\Windows\System\xsXKudX.exe
  2⤵
  PID:3004
- C:\Windows\System\JoqKCQn.exe
  C:\Windows\System\JoqKCQn.exe
  2⤵
  PID:2288
- C:\Windows\System\PsQgXex.exe
  C:\Windows\System\PsQgXex.exe
  2⤵
  PID:1684
- C:\Windows\System\NbCEPzv.exe
  C:\Windows\System\NbCEPzv.exe
  2⤵
  PID:2456
- C:\Windows\System\WibWpxs.exe
  C:\Windows\System\WibWpxs.exe
  2⤵
  PID:2188
- C:\Windows\System\QLUwaFu.exe
  C:\Windows\System\QLUwaFu.exe
  2⤵
  PID:6276
- C:\Windows\System\mBPMZxb.exe
  C:\Windows\System\mBPMZxb.exe
  2⤵
  PID:2352
- C:\Windows\System\fFOpcjU.exe
  C:\Windows\System\fFOpcjU.exe
  2⤵
  PID:6520
- C:\Windows\System\sanKsHT.exe
  C:\Windows\System\sanKsHT.exe
  2⤵
  PID:6564
- C:\Windows\System\wiURIzr.exe
  C:\Windows\System\wiURIzr.exe
  2⤵
  PID:6196
- C:\Windows\System\QGrOLcX.exe
  C:\Windows\System\QGrOLcX.exe
  2⤵
  PID:6664
- C:\Windows\System\zpdYItr.exe
  C:\Windows\System\zpdYItr.exe
  2⤵
  PID:6924
- C:\Windows\System\CebaLnl.exe
  C:\Windows\System\CebaLnl.exe
  2⤵
  PID:6916
- C:\Windows\System\YLFOsAj.exe
  C:\Windows\System\YLFOsAj.exe
  2⤵
  PID:2176
- C:\Windows\System\aaYszUO.exe
  C:\Windows\System\aaYszUO.exe
  2⤵
  PID:5108
- C:\Windows\System\oosmXHd.exe
  C:\Windows\System\oosmXHd.exe
  2⤵
  PID:6816
- C:\Windows\System\hRtINWL.exe
  C:\Windows\System\hRtINWL.exe
  2⤵
  PID:2720
- C:\Windows\System\AyVRkey.exe
  C:\Windows\System\AyVRkey.exe
  2⤵
  PID:6860
- C:\Windows\System\zDuplax.exe
  C:\Windows\System\zDuplax.exe
  2⤵
  PID:3016
- C:\Windows\System\BgHurzQ.exe
  C:\Windows\System\BgHurzQ.exe
  2⤵
  PID:5556
- C:\Windows\System\RiFpMik.exe
  C:\Windows\System\RiFpMik.exe
  2⤵
  PID:7096
- C:\Windows\System\ImcbkIb.exe
  C:\Windows\System\ImcbkIb.exe
  2⤵
  PID:6404
- C:\Windows\System\kBXRtng.exe
  C:\Windows\System\kBXRtng.exe
  2⤵
  PID:6744
- C:\Windows\System\LdQrPsE.exe
  C:\Windows\System\LdQrPsE.exe
  2⤵
  PID:6796
- C:\Windows\System\ASlUvHq.exe
  C:\Windows\System\ASlUvHq.exe
  2⤵
  PID:6200
- C:\Windows\System\VSIiiIb.exe
  C:\Windows\System\VSIiiIb.exe
  2⤵
  PID:1552
- C:\Windows\System\hVFUIDO.exe
  C:\Windows\System\hVFUIDO.exe
  2⤵
  PID:7036
- C:\Windows\System\zgOozOW.exe
  C:\Windows\System\zgOozOW.exe
  2⤵
  PID:404
- C:\Windows\System\oOOwwyY.exe
  C:\Windows\System\oOOwwyY.exe
  2⤵
  PID:7024
- C:\Windows\System\GfgDEId.exe
  C:\Windows\System\GfgDEId.exe
  2⤵
  PID:6524
- C:\Windows\System\aBRRarc.exe
  C:\Windows\System\aBRRarc.exe
  2⤵
  PID:7144
- C:\Windows\System\csuSzQK.exe
  C:\Windows\System\csuSzQK.exe
  2⤵
  PID:6756
- C:\Windows\System\dYUxOlI.exe
  C:\Windows\System\dYUxOlI.exe
  2⤵
  PID:6696
- C:\Windows\System\euGUQyp.exe
  C:\Windows\System\euGUQyp.exe
  2⤵
  PID:7172
- C:\Windows\System\fUMaLKO.exe
  C:\Windows\System\fUMaLKO.exe
  2⤵
  PID:7188
- C:\Windows\System\NXyJMiz.exe
  C:\Windows\System\NXyJMiz.exe
  2⤵
  PID:7204
- C:\Windows\System\nCCMvqh.exe
  C:\Windows\System\nCCMvqh.exe
  2⤵
  PID:7220
- C:\Windows\System\XThekSQ.exe
  C:\Windows\System\XThekSQ.exe
  2⤵
  PID:7236
- C:\Windows\System\goejAbD.exe
  C:\Windows\System\goejAbD.exe
  2⤵
  PID:7256
- C:\Windows\System\AiKSHAP.exe
  C:\Windows\System\AiKSHAP.exe
  2⤵
  PID:7272
- C:\Windows\System\mjVkDSq.exe
  C:\Windows\System\mjVkDSq.exe
  2⤵
  PID:7288
- C:\Windows\System\jyBMjLC.exe
  C:\Windows\System\jyBMjLC.exe
  2⤵
  PID:7304
- C:\Windows\System\ExXNeLS.exe
  C:\Windows\System\ExXNeLS.exe
  2⤵
  PID:7320
- C:\Windows\System\EroxiMr.exe
  C:\Windows\System\EroxiMr.exe
  2⤵
  PID:7336
- C:\Windows\System\XNILoqk.exe
  C:\Windows\System\XNILoqk.exe
  2⤵
  PID:7352
- C:\Windows\System\eNUkVNc.exe
  C:\Windows\System\eNUkVNc.exe
  2⤵
  PID:7368
- C:\Windows\System\RQNTQAR.exe
  C:\Windows\System\RQNTQAR.exe
  2⤵
  PID:7384
- C:\Windows\System\AVixYcO.exe
  C:\Windows\System\AVixYcO.exe
  2⤵
  PID:7400
- C:\Windows\System\cVMainR.exe
  C:\Windows\System\cVMainR.exe
  2⤵
  PID:7416
- C:\Windows\System\IKRtfLO.exe
  C:\Windows\System\IKRtfLO.exe
  2⤵
  PID:7432
- C:\Windows\System\Tniohsx.exe
  C:\Windows\System\Tniohsx.exe
  2⤵
  PID:7448
- C:\Windows\System\NrdddeF.exe
  C:\Windows\System\NrdddeF.exe
  2⤵
  PID:7464
- C:\Windows\System\veiFBvP.exe
  C:\Windows\System\veiFBvP.exe
  2⤵
  PID:7480
- C:\Windows\System\qeLXpBm.exe
  C:\Windows\System\qeLXpBm.exe
  2⤵
  PID:7496
- C:\Windows\System\EPLywVY.exe
  C:\Windows\System\EPLywVY.exe
  2⤵
  PID:7512
- C:\Windows\System\VKRPhFU.exe
  C:\Windows\System\VKRPhFU.exe
  2⤵
  PID:7528
- C:\Windows\System\lOpLwRv.exe
  C:\Windows\System\lOpLwRv.exe
  2⤵
  PID:7544
- C:\Windows\System\HbUymGw.exe
  C:\Windows\System\HbUymGw.exe
  2⤵
  PID:7560
- C:\Windows\System\JWMCCKE.exe
  C:\Windows\System\JWMCCKE.exe
  2⤵
  PID:7576
- C:\Windows\System\XiOEzSL.exe
  C:\Windows\System\XiOEzSL.exe
  2⤵
  PID:7592
- C:\Windows\System\lJfkWFe.exe
  C:\Windows\System\lJfkWFe.exe
  2⤵
  PID:7608
- C:\Windows\System\qKqfjuF.exe
  C:\Windows\System\qKqfjuF.exe
  2⤵
  PID:7624
- C:\Windows\System\NuEgBWd.exe
  C:\Windows\System\NuEgBWd.exe
  2⤵
  PID:7640
- C:\Windows\System\HrfwAJB.exe
  C:\Windows\System\HrfwAJB.exe
  2⤵
  PID:7656
- C:\Windows\System\AqGSOvV.exe
  C:\Windows\System\AqGSOvV.exe
  2⤵
  PID:7688
- C:\Windows\System\aTSkIiA.exe
  C:\Windows\System\aTSkIiA.exe
  2⤵
  PID:7704
- C:\Windows\System\NduEzFn.exe
  C:\Windows\System\NduEzFn.exe
  2⤵
  PID:7732
- C:\Windows\System\IcpHMet.exe
  C:\Windows\System\IcpHMet.exe
  2⤵
  PID:7752
- C:\Windows\System\HmixPjW.exe
  C:\Windows\System\HmixPjW.exe
  2⤵
  PID:7772
- C:\Windows\System\coJkOcg.exe
  C:\Windows\System\coJkOcg.exe
  2⤵
  PID:7788
- C:\Windows\System\OcCcncH.exe
  C:\Windows\System\OcCcncH.exe
  2⤵
  PID:7804
- C:\Windows\System\atwwTkn.exe
  C:\Windows\System\atwwTkn.exe
  2⤵
  PID:7820
- C:\Windows\System\tTMRrxO.exe
  C:\Windows\System\tTMRrxO.exe
  2⤵
  PID:7836
- C:\Windows\System\muHukvz.exe
  C:\Windows\System\muHukvz.exe
  2⤵
  PID:7852
- C:\Windows\System\xIHBYkO.exe
  C:\Windows\System\xIHBYkO.exe
  2⤵
  PID:7872
- C:\Windows\System\nJJCyDh.exe
  C:\Windows\System\nJJCyDh.exe
  2⤵
  PID:7888
- C:\Windows\System\xEKPgOH.exe
  C:\Windows\System\xEKPgOH.exe
  2⤵
  PID:7904
- C:\Windows\System\EVmjUdY.exe
  C:\Windows\System\EVmjUdY.exe
  2⤵
  PID:7920
- C:\Windows\System\MLqmbdP.exe
  C:\Windows\System\MLqmbdP.exe
  2⤵
  PID:7936
- C:\Windows\System\ECdQMfT.exe
  C:\Windows\System\ECdQMfT.exe
  2⤵
  PID:7952
- C:\Windows\System\xiyzVkd.exe
  C:\Windows\System\xiyzVkd.exe
  2⤵
  PID:7968
- C:\Windows\System\lkZGNBG.exe
  C:\Windows\System\lkZGNBG.exe
  2⤵
  PID:7984
- C:\Windows\System\SwKqkfv.exe
  C:\Windows\System\SwKqkfv.exe
  2⤵
  PID:8000
- C:\Windows\System\qWtiYwP.exe
  C:\Windows\System\qWtiYwP.exe
  2⤵
  PID:8016
- C:\Windows\System\DDpHNua.exe
  C:\Windows\System\DDpHNua.exe
  2⤵
  PID:8032
- C:\Windows\System\sgykWBf.exe
  C:\Windows\System\sgykWBf.exe
  2⤵
  PID:8048
- C:\Windows\System\rReekoC.exe
  C:\Windows\System\rReekoC.exe
  2⤵
  PID:8064
- C:\Windows\System\zyDSpnf.exe
  C:\Windows\System\zyDSpnf.exe
  2⤵
  PID:8080
- C:\Windows\System\DgpLTaK.exe
  C:\Windows\System\DgpLTaK.exe
  2⤵
  PID:8096
- C:\Windows\System\nrAjuZC.exe
  C:\Windows\System\nrAjuZC.exe
  2⤵
  PID:8112
- C:\Windows\System\nySCvUI.exe
  C:\Windows\System\nySCvUI.exe
  2⤵
  PID:8128
- C:\Windows\System\QvrheAI.exe
  C:\Windows\System\QvrheAI.exe
  2⤵
  PID:8144
- C:\Windows\System\laDDWcX.exe
  C:\Windows\System\laDDWcX.exe
  2⤵
  PID:8160
- C:\Windows\System\HgCanQB.exe
  C:\Windows\System\HgCanQB.exe
  2⤵
  PID:8176
- C:\Windows\System\GLNCXwL.exe
  C:\Windows\System\GLNCXwL.exe
  2⤵
  PID:6600
- C:\Windows\System\MOwwfMS.exe
  C:\Windows\System\MOwwfMS.exe
  2⤵
  PID:7212
- C:\Windows\System\tWZtNJZ.exe
  C:\Windows\System\tWZtNJZ.exe
  2⤵
  PID:7252
- C:\Windows\System\trdeiXm.exe
  C:\Windows\System\trdeiXm.exe
  2⤵
  PID:7316
- C:\Windows\System\NEfErnB.exe
  C:\Windows\System\NEfErnB.exe
  2⤵
  PID:7376
- C:\Windows\System\KHJiVxp.exe
  C:\Windows\System\KHJiVxp.exe
  2⤵
  PID:7440
- C:\Windows\System\bzJQJFp.exe
  C:\Windows\System\bzJQJFp.exe
  2⤵
  PID:7504
- C:\Windows\System\ABJKtvJ.exe
  C:\Windows\System\ABJKtvJ.exe
  2⤵
  PID:7540
- C:\Windows\System\kPTagMu.exe
  C:\Windows\System\kPTagMu.exe
  2⤵
  PID:7488
- C:\Windows\System\raJjDGQ.exe
  C:\Windows\System\raJjDGQ.exe
  2⤵
  PID:7200
- C:\Windows\System\tahFewe.exe
  C:\Windows\System\tahFewe.exe
  2⤵
  PID:7140
- C:\Windows\System\JalfYsH.exe
  C:\Windows\System\JalfYsH.exe
  2⤵
  PID:7296
- C:\Windows\System\EsxQBKN.exe
  C:\Windows\System\EsxQBKN.exe
  2⤵
  PID:7360
- C:\Windows\System\kMCWjDr.exe
  C:\Windows\System\kMCWjDr.exe
  2⤵
  PID:7228
- C:\Windows\System\kMKYsoh.exe
  C:\Windows\System\kMKYsoh.exe
  2⤵
  PID:7572
- C:\Windows\System\lqFrxCW.exe
  C:\Windows\System\lqFrxCW.exe
  2⤵
  PID:7600
- C:\Windows\System\SnmNkRL.exe
  C:\Windows\System\SnmNkRL.exe
  2⤵
  PID:812
- C:\Windows\System\iICMUKz.exe
  C:\Windows\System\iICMUKz.exe
  2⤵
  PID:7680
- C:\Windows\System\BjfMcuK.exe
  C:\Windows\System\BjfMcuK.exe
  2⤵
  PID:7620
- C:\Windows\System\rzziHca.exe
  C:\Windows\System\rzziHca.exe
  2⤵
  PID:7700
- C:\Windows\System\OdCPiaw.exe
  C:\Windows\System\OdCPiaw.exe
  2⤵
  PID:7744
- C:\Windows\System\ZsilHdR.exe
  C:\Windows\System\ZsilHdR.exe
  2⤵
  PID:7768
- C:\Windows\System\NzfOrnC.exe
  C:\Windows\System\NzfOrnC.exe
  2⤵
  PID:7812
- C:\Windows\System\WJmvlgo.exe
  C:\Windows\System\WJmvlgo.exe
  2⤵
  PID:7860
- C:\Windows\System\xkwJlDx.exe
  C:\Windows\System\xkwJlDx.exe
  2⤵
  PID:7848
- C:\Windows\System\pzZUwdF.exe
  C:\Windows\System\pzZUwdF.exe
  2⤵
  PID:7900
- C:\Windows\System\vjYPUUA.exe
  C:\Windows\System\vjYPUUA.exe
  2⤵
  PID:7964
- C:\Windows\System\Gcpybkl.exe
  C:\Windows\System\Gcpybkl.exe
  2⤵
  PID:7996
- C:\Windows\System\dFLkhaa.exe
  C:\Windows\System\dFLkhaa.exe
  2⤵
  PID:7980
- C:\Windows\System\pOhLAZE.exe
  C:\Windows\System\pOhLAZE.exe
  2⤵
  PID:8040
- C:\Windows\System\ounnDGw.exe
  C:\Windows\System\ounnDGw.exe
  2⤵
  PID:8060
- C:\Windows\System\llMXjOS.exe
  C:\Windows\System\llMXjOS.exe
  2⤵
  PID:8120
- C:\Windows\System\lWgKyXs.exe
  C:\Windows\System\lWgKyXs.exe
  2⤵
  PID:5564
- C:\Windows\System\svXOrXd.exe
  C:\Windows\System\svXOrXd.exe
  2⤵
  PID:7472
- C:\Windows\System\hVRJClY.exe
  C:\Windows\System\hVRJClY.exe
  2⤵
  PID:8108
- C:\Windows\System\nRXqpOl.exe
  C:\Windows\System\nRXqpOl.exe
  2⤵
  PID:8168
- C:\Windows\System\LmZtEzA.exe
  C:\Windows\System\LmZtEzA.exe
  2⤵
  PID:6156
- C:\Windows\System\dXAKExQ.exe
  C:\Windows\System\dXAKExQ.exe
  2⤵
  PID:7184
- C:\Windows\System\srdzKbz.exe
  C:\Windows\System\srdzKbz.exe
  2⤵
  PID:6684
- C:\Windows\System\XCWLlnn.exe
  C:\Windows\System\XCWLlnn.exe
  2⤵
  PID:7328
- C:\Windows\System\EFZKong.exe
  C:\Windows\System\EFZKong.exe
  2⤵
  PID:7264
- C:\Windows\System\FZYHQvS.exe
  C:\Windows\System\FZYHQvS.exe
  2⤵
  PID:7632
- C:\Windows\System\nSIPKjG.exe
  C:\Windows\System\nSIPKjG.exe
  2⤵
  PID:7676
- C:\Windows\System\QObgTla.exe
  C:\Windows\System\QObgTla.exe
  2⤵
  PID:7728
- C:\Windows\System\bdokHig.exe
  C:\Windows\System\bdokHig.exe
  2⤵
  PID:7784
- C:\Windows\System\IuYKpBD.exe
  C:\Windows\System\IuYKpBD.exe
  2⤵
  PID:7932
- C:\Windows\System\gOTNbwg.exe
  C:\Windows\System\gOTNbwg.exe
  2⤵
  PID:8024
- C:\Windows\System\CgrrkZe.exe
  C:\Windows\System\CgrrkZe.exe
  2⤵
  PID:7944
- C:\Windows\System\kdimEqC.exe
  C:\Windows\System\kdimEqC.exe
  2⤵
  PID:7780
- C:\Windows\System\AUcjXET.exe
  C:\Windows\System\AUcjXET.exe
  2⤵
  PID:7880
- C:\Windows\System\UtuEhCF.exe
  C:\Windows\System\UtuEhCF.exe
  2⤵
  PID:8072
- C:\Windows\System\mmnDIhV.exe
  C:\Windows\System\mmnDIhV.exe
  2⤵
  PID:8104
- C:\Windows\System\teSDphU.exe
  C:\Windows\System\teSDphU.exe
  2⤵
  PID:7392
- C:\Windows\System\udGvSXv.exe
  C:\Windows\System\udGvSXv.exe
  2⤵
  PID:340
- C:\Windows\System\pQqqobj.exe
  C:\Windows\System\pQqqobj.exe
  2⤵
  PID:7588
- C:\Windows\System\KQjfzKR.exe
  C:\Windows\System\KQjfzKR.exe
  2⤵
  PID:7796
- C:\Windows\System\tnxtjAV.exe
  C:\Windows\System\tnxtjAV.exe
  2⤵
  PID:7828
- C:\Windows\System\DHsiaTZ.exe
  C:\Windows\System\DHsiaTZ.exe
  2⤵
  PID:7992
- C:\Windows\System\obEMHcf.exe
  C:\Windows\System\obEMHcf.exe
  2⤵
  PID:8188
- C:\Windows\System\isNFcgM.exe
  C:\Windows\System\isNFcgM.exe
  2⤵
  PID:7232
- C:\Windows\System\lXfsIfp.exe
  C:\Windows\System\lXfsIfp.exe
  2⤵
  PID:7816
- C:\Windows\System\XkYfIlX.exe
  C:\Windows\System\XkYfIlX.exe
  2⤵
  PID:7948
- C:\Windows\System\ehCKibM.exe
  C:\Windows\System\ehCKibM.exe
  2⤵
  PID:8212
- C:\Windows\System\tCPPyvy.exe
  C:\Windows\System\tCPPyvy.exe
  2⤵
  PID:8240
- C:\Windows\System\JGRRRyu.exe
  C:\Windows\System\JGRRRyu.exe
  2⤵
  PID:8256
- C:\Windows\System\wUmOMxe.exe
  C:\Windows\System\wUmOMxe.exe
  2⤵
  PID:8272
- C:\Windows\System\nWZDzUX.exe
  C:\Windows\System\nWZDzUX.exe
  2⤵
  PID:8292
- C:\Windows\System\EnhVhhS.exe
  C:\Windows\System\EnhVhhS.exe
  2⤵
  PID:8308
- C:\Windows\System\HhOHiRc.exe
  C:\Windows\System\HhOHiRc.exe
  2⤵
  PID:8324
- C:\Windows\System\uJDySjF.exe
  C:\Windows\System\uJDySjF.exe
  2⤵
  PID:8340
- C:\Windows\System\YXuuiFY.exe
  C:\Windows\System\YXuuiFY.exe
  2⤵
  PID:8356
- C:\Windows\System\sQTPDDa.exe
  C:\Windows\System\sQTPDDa.exe
  2⤵
  PID:8372
- C:\Windows\System\fBvcDMB.exe
  C:\Windows\System\fBvcDMB.exe
  2⤵
  PID:8388
- C:\Windows\System\eCdhdeo.exe
  C:\Windows\System\eCdhdeo.exe
  2⤵
  PID:8404
- C:\Windows\System\fYxMJBO.exe
  C:\Windows\System\fYxMJBO.exe
  2⤵
  PID:8420
- C:\Windows\System\fGBLcmz.exe
  C:\Windows\System\fGBLcmz.exe
  2⤵
  PID:8436
- C:\Windows\System\UDRoTbH.exe
  C:\Windows\System\UDRoTbH.exe
  2⤵
  PID:8452
- C:\Windows\System\COqeUrp.exe
  C:\Windows\System\COqeUrp.exe
  2⤵
  PID:8468
- C:\Windows\System\NwVCmYe.exe
  C:\Windows\System\NwVCmYe.exe
  2⤵
  PID:8484
- C:\Windows\System\GARwqqU.exe
  C:\Windows\System\GARwqqU.exe
  2⤵
  PID:8500
- C:\Windows\System\lVTblJG.exe
  C:\Windows\System\lVTblJG.exe
  2⤵
  PID:8516
- C:\Windows\System\QErLeyn.exe
  C:\Windows\System\QErLeyn.exe
  2⤵
  PID:8532
- C:\Windows\System\NvxJfOB.exe
  C:\Windows\System\NvxJfOB.exe
  2⤵
  PID:8548
- C:\Windows\System\SLjodXt.exe
  C:\Windows\System\SLjodXt.exe
  2⤵
  PID:8564
- C:\Windows\System\BifKkVG.exe
  C:\Windows\System\BifKkVG.exe
  2⤵
  PID:8580
- C:\Windows\System\wKnwFFK.exe
  C:\Windows\System\wKnwFFK.exe
  2⤵
  PID:8600
- C:\Windows\System\jkgknZR.exe
  C:\Windows\System\jkgknZR.exe
  2⤵
  PID:8616
- C:\Windows\System\RhMaZyc.exe
  C:\Windows\System\RhMaZyc.exe
  2⤵
  PID:8632
- C:\Windows\System\LvUMXFz.exe
  C:\Windows\System\LvUMXFz.exe
  2⤵
  PID:8648
- C:\Windows\System\hzaymuR.exe
  C:\Windows\System\hzaymuR.exe
  2⤵
  PID:8664
- C:\Windows\System\bdLisqW.exe
  C:\Windows\System\bdLisqW.exe
  2⤵
  PID:8680
- C:\Windows\System\FRfOuEl.exe
  C:\Windows\System\FRfOuEl.exe
  2⤵
  PID:8696
- C:\Windows\System\kYjSVjW.exe
  C:\Windows\System\kYjSVjW.exe
  2⤵
  PID:8716
- C:\Windows\System\Zcslwgm.exe
  C:\Windows\System\Zcslwgm.exe
  2⤵
  PID:8732
- C:\Windows\System\XjkGuQW.exe
  C:\Windows\System\XjkGuQW.exe
  2⤵
  PID:8748
- C:\Windows\System\bOVOahL.exe
  C:\Windows\System\bOVOahL.exe
  2⤵
  PID:8764
- C:\Windows\System\ywHLMlF.exe
  C:\Windows\System\ywHLMlF.exe
  2⤵
  PID:8788
- C:\Windows\System\OTIgnLs.exe
  C:\Windows\System\OTIgnLs.exe
  2⤵
  PID:8808
- C:\Windows\System\pSvefSt.exe
  C:\Windows\System\pSvefSt.exe
  2⤵
  PID:8824
- C:\Windows\System\JnFlzfl.exe
  C:\Windows\System\JnFlzfl.exe
  2⤵
  PID:8840
- C:\Windows\System\dyWTYRU.exe
  C:\Windows\System\dyWTYRU.exe
  2⤵
  PID:8856
- C:\Windows\System\gIJDZcs.exe
  C:\Windows\System\gIJDZcs.exe
  2⤵
  PID:8872
- C:\Windows\System\FmSbQkb.exe
  C:\Windows\System\FmSbQkb.exe
  2⤵
  PID:8892
- C:\Windows\System\biGQpdD.exe
  C:\Windows\System\biGQpdD.exe
  2⤵
  PID:8908
- C:\Windows\System\wDDHpVK.exe
  C:\Windows\System\wDDHpVK.exe
  2⤵
  PID:8924
- C:\Windows\System\JRAPXcX.exe
  C:\Windows\System\JRAPXcX.exe
  2⤵
  PID:8940
- C:\Windows\System\EKMfBUf.exe
  C:\Windows\System\EKMfBUf.exe
  2⤵
  PID:8956
- C:\Windows\System\aNsGUAH.exe
  C:\Windows\System\aNsGUAH.exe
  2⤵
  PID:8972
- C:\Windows\System\FGukrGt.exe
  C:\Windows\System\FGukrGt.exe
  2⤵
  PID:8988
- C:\Windows\System\vmrlcmr.exe
  C:\Windows\System\vmrlcmr.exe
  2⤵
  PID:9008
- C:\Windows\System\rHIoBmQ.exe
  C:\Windows\System\rHIoBmQ.exe
  2⤵
  PID:9024
- C:\Windows\System\GmbhRZF.exe
  C:\Windows\System\GmbhRZF.exe
  2⤵
  PID:9044
- C:\Windows\System\KxyEpCR.exe
  C:\Windows\System\KxyEpCR.exe
  2⤵
  PID:9176
- C:\Windows\System\cNzvcOn.exe
  C:\Windows\System\cNzvcOn.exe
  2⤵
  PID:9208
- C:\Windows\System\IpiwJXm.exe
  C:\Windows\System\IpiwJXm.exe
  2⤵
  PID:8204
- C:\Windows\System\XghxSLQ.exe
  C:\Windows\System\XghxSLQ.exe
  2⤵
  PID:7832
- C:\Windows\System\MbotFVU.exe
  C:\Windows\System\MbotFVU.exe
  2⤵
  PID:7720
- C:\Windows\System\DGGIQvZ.exe
  C:\Windows\System\DGGIQvZ.exe
  2⤵
  PID:7460
- C:\Windows\System\HtQySSb.exe
  C:\Windows\System\HtQySSb.exe
  2⤵
  PID:7524
- C:\Windows\System\yRaNhSz.exe
  C:\Windows\System\yRaNhSz.exe
  2⤵
  PID:8248
- C:\Windows\System\YPqebQK.exe
  C:\Windows\System\YPqebQK.exe
  2⤵
  PID:8556
- C:\Windows\System\QYtqEhj.exe
  C:\Windows\System\QYtqEhj.exe
  2⤵
  PID:8712
- C:\Windows\System\bAaFjuG.exe
  C:\Windows\System\bAaFjuG.exe
  2⤵
  PID:8776
- C:\Windows\System\xMXAMpy.exe
  C:\Windows\System\xMXAMpy.exe
  2⤵
  PID:8852
- C:\Windows\System\XUqLELl.exe
  C:\Windows\System\XUqLELl.exe
  2⤵
  PID:8592
- C:\Windows\System\caItDeT.exe
  C:\Windows\System\caItDeT.exe
  2⤵
  PID:9156
- C:\Windows\System\ncFxjVt.exe
  C:\Windows\System\ncFxjVt.exe
  2⤵
  PID:8320
- C:\Windows\System\iiInSel.exe
  C:\Windows\System\iiInSel.exe
  2⤵
  PID:8540
- C:\Windows\System\durQfDn.exe
  C:\Windows\System\durQfDn.exe
  2⤵
  PID:8796
- C:\Windows\System\QxqJYEo.exe
  C:\Windows\System\QxqJYEo.exe
  2⤵
  PID:8660
- C:\Windows\System\HApHFXW.exe
  C:\Windows\System\HApHFXW.exe
  2⤵
  PID:8656
- C:\Windows\System\UuJAvpt.exe
  C:\Windows\System\UuJAvpt.exe
  2⤵
  PID:8952
- C:\Windows\System\Jtjbrwi.exe
  C:\Windows\System\Jtjbrwi.exe
  2⤵
  PID:9064
- C:\Windows\System\ksQcbSJ.exe
  C:\Windows\System\ksQcbSJ.exe
  2⤵
  PID:8932
- C:\Windows\System\BqHodbi.exe
  C:\Windows\System\BqHodbi.exe
  2⤵
  PID:9016
- C:\Windows\System\loJwQMp.exe
  C:\Windows\System\loJwQMp.exe
  2⤵
  PID:9080
- C:\Windows\System\ZQHkvYu.exe
  C:\Windows\System\ZQHkvYu.exe
  2⤵
  PID:9092
- C:\Windows\System\NCmzBwr.exe
  C:\Windows\System\NCmzBwr.exe
  2⤵
  PID:9116
- C:\Windows\System\TjQeoOs.exe
  C:\Windows\System\TjQeoOs.exe
  2⤵
  PID:9136
- C:\Windows\System\JRbsOLa.exe
  C:\Windows\System\JRbsOLa.exe
  2⤵
  PID:8904
- C:\Windows\System\cqJwDiY.exe
  C:\Windows\System\cqJwDiY.exe
  2⤵
  PID:8348
- C:\Windows\System\TuCAZmH.exe
  C:\Windows\System\TuCAZmH.exe
  2⤵
  PID:8156
- C:\Windows\System\iehpfqN.exe
  C:\Windows\System\iehpfqN.exe
  2⤵
  PID:9204
- C:\Windows\System\VwMrWuI.exe
  C:\Windows\System\VwMrWuI.exe
  2⤵
  PID:8140
- C:\Windows\System\fImOChL.exe
  C:\Windows\System\fImOChL.exe
  2⤵
  PID:7672
- C:\Windows\System\GDhPScT.exe
  C:\Windows\System\GDhPScT.exe
  2⤵
  PID:8268
- C:\Windows\System\fEaAppI.exe
  C:\Windows\System\fEaAppI.exe
  2⤵
  PID:8384
- C:\Windows\System\lCkKCIn.exe
  C:\Windows\System\lCkKCIn.exe
  2⤵
  PID:8480
- C:\Windows\System\IbxGgKQ.exe
  C:\Windows\System\IbxGgKQ.exe
  2⤵
  PID:8416
- C:\Windows\System\YSTezgc.exe
  C:\Windows\System\YSTezgc.exe
  2⤵
  PID:8432
- C:\Windows\System\BEjWxVv.exe
  C:\Windows\System\BEjWxVv.exe
  2⤵
  PID:8612
- C:\Windows\System\jraboZB.exe
  C:\Windows\System\jraboZB.exe
  2⤵
  PID:8640
- C:\Windows\System\ITTJUnK.exe
  C:\Windows\System\ITTJUnK.exe
  2⤵
  PID:8704
- C:\Windows\System\aQNJtxc.exe
  C:\Windows\System\aQNJtxc.exe
  2⤵
  PID:8588
- C:\Windows\System\aolcwUB.exe
  C:\Windows\System\aolcwUB.exe
  2⤵
  PID:8864
- C:\Windows\System\wJePbRA.exe
  C:\Windows\System\wJePbRA.exe
  2⤵
  PID:8888
- C:\Windows\System\svkiMSG.exe
  C:\Windows\System\svkiMSG.exe
  2⤵
  PID:8692
- C:\Windows\System\bHxeRjQ.exe
  C:\Windows\System\bHxeRjQ.exe
  2⤵
  PID:8916
- C:\Windows\System\WImGrAy.exe
  C:\Windows\System\WImGrAy.exe
  2⤵
  PID:8352
- C:\Windows\System\iQhbSEq.exe
  C:\Windows\System\iQhbSEq.exe
  2⤵
  PID:9200
- C:\Windows\System\GnajSWK.exe
  C:\Windows\System\GnajSWK.exe
  2⤵
  PID:8280
- C:\Windows\System\dCbDuhm.exe
  C:\Windows\System\dCbDuhm.exe
  2⤵
  PID:9068
- C:\Windows\System\KJHCXHW.exe
  C:\Windows\System\KJHCXHW.exe
  2⤵
  PID:8228
- C:\Windows\System\yIZpMyD.exe
  C:\Windows\System\yIZpMyD.exe
  2⤵
  PID:9128
- C:\Windows\System\flHJWaw.exe
  C:\Windows\System\flHJWaw.exe
  2⤵
  PID:7568
- C:\Windows\System\hmayvqJ.exe
  C:\Windows\System\hmayvqJ.exe
  2⤵
  PID:8364
- C:\Windows\System\SWoLYHL.exe
  C:\Windows\System\SWoLYHL.exe
  2⤵
  PID:8448
- C:\Windows\System\OzqcVXs.exe
  C:\Windows\System\OzqcVXs.exe
  2⤵
  PID:8492
- C:\Windows\System\KHQzryR.exe
  C:\Windows\System\KHQzryR.exe
  2⤵
  PID:8832
- C:\Windows\System\cAWEYKM.exe
  C:\Windows\System\cAWEYKM.exe
  2⤵
  PID:8984
- C:\Windows\System\jIWLMAu.exe
  C:\Windows\System\jIWLMAu.exe
  2⤵
  PID:8724
- C:\Windows\System\cJaJDxA.exe
  C:\Windows\System\cJaJDxA.exe
  2⤵
  PID:8868
- C:\Windows\System\rSOkKXu.exe
  C:\Windows\System\rSOkKXu.exe
  2⤵
  PID:9088
- C:\Windows\System\dmkLbjA.exe
  C:\Windows\System\dmkLbjA.exe
  2⤵
  PID:9120
- C:\Windows\System\yDnzobD.exe
  C:\Windows\System\yDnzobD.exe
  2⤵
  PID:8076
- C:\Windows\System\UQimFJJ.exe
  C:\Windows\System\UQimFJJ.exe
  2⤵
  PID:8300
- C:\Windows\System\CPBldOi.exe
  C:\Windows\System\CPBldOi.exe
  2⤵
  PID:7912
- C:\Windows\System\QSTbTCS.exe
  C:\Windows\System\QSTbTCS.exe
  2⤵
  PID:8496
- C:\Windows\System\jLsvWoH.exe
  C:\Windows\System\jLsvWoH.exe
  2⤵
  PID:8676
- C:\Windows\System\gRxIJCV.exe
  C:\Windows\System\gRxIJCV.exe
  2⤵
  PID:8920
- C:\Windows\System\wHzXCDb.exe
  C:\Windows\System\wHzXCDb.exe
  2⤵
  PID:9188
- C:\Windows\System\zJmjaWX.exe
  C:\Windows\System\zJmjaWX.exe
  2⤵
  PID:8196
- C:\Windows\System\ZiAvlGz.exe
  C:\Windows\System\ZiAvlGz.exe
  2⤵
  PID:8596
- C:\Windows\System\cktyLer.exe
  C:\Windows\System\cktyLer.exe
  2⤵
  PID:9000
- C:\Windows\System\OUnzrfM.exe
  C:\Windows\System\OUnzrfM.exe
  2⤵
  PID:8336
- C:\Windows\System\EIontJv.exe
  C:\Windows\System\EIontJv.exe
  2⤵
  PID:8444
- C:\Windows\System\sWTXfIy.exe
  C:\Windows\System\sWTXfIy.exe
  2⤵
  PID:8804
- C:\Windows\System\YwvDnfW.exe
  C:\Windows\System\YwvDnfW.exe
  2⤵
  PID:9112
- C:\Windows\System\FIJPRhw.exe
  C:\Windows\System\FIJPRhw.exe
  2⤵
  PID:9220
- C:\Windows\System\XCbdCLd.exe
  C:\Windows\System\XCbdCLd.exe
  2⤵
  PID:9236
- C:\Windows\System\UPepbIR.exe
  C:\Windows\System\UPepbIR.exe
  2⤵
  PID:9296
- C:\Windows\System\EfnWhdk.exe
  C:\Windows\System\EfnWhdk.exe
  2⤵
  PID:9312
- C:\Windows\System\UAhABwa.exe
  C:\Windows\System\UAhABwa.exe
  2⤵
  PID:9328
- C:\Windows\System\smfcRBm.exe
  C:\Windows\System\smfcRBm.exe
  2⤵
  PID:9348
- C:\Windows\System\ZzTzoOC.exe
  C:\Windows\System\ZzTzoOC.exe
  2⤵
  PID:9372
- C:\Windows\System\XZjkvnX.exe
  C:\Windows\System\XZjkvnX.exe
  2⤵
  PID:9388
- C:\Windows\System\bIhQWmS.exe
  C:\Windows\System\bIhQWmS.exe
  2⤵
  PID:9404
- C:\Windows\System\khsFcsr.exe
  C:\Windows\System\khsFcsr.exe
  2⤵
  PID:9420
- C:\Windows\System\KeimRvj.exe
  C:\Windows\System\KeimRvj.exe
  2⤵
  PID:9436
- C:\Windows\System\BzdfCUl.exe
  C:\Windows\System\BzdfCUl.exe
  2⤵
  PID:9452
- C:\Windows\System\wohnOoQ.exe
  C:\Windows\System\wohnOoQ.exe
  2⤵
  PID:9496
- C:\Windows\System\NFgGXjp.exe
  C:\Windows\System\NFgGXjp.exe
  2⤵
  PID:9516
- C:\Windows\System\hYSyQSH.exe
  C:\Windows\System\hYSyQSH.exe
  2⤵
  PID:9544
- C:\Windows\System\rMiJKUp.exe
  C:\Windows\System\rMiJKUp.exe
  2⤵
  PID:9560
- C:\Windows\System\YAHRxCY.exe
  C:\Windows\System\YAHRxCY.exe
  2⤵
  PID:9580
- C:\Windows\System\iXttSgj.exe
  C:\Windows\System\iXttSgj.exe
  2⤵
  PID:9608
- C:\Windows\System\YlCBhVo.exe
  C:\Windows\System\YlCBhVo.exe
  2⤵
  PID:9624
- C:\Windows\System\HmLGvSg.exe
  C:\Windows\System\HmLGvSg.exe
  2⤵
  PID:9640
- C:\Windows\System\uIllrJs.exe
  C:\Windows\System\uIllrJs.exe
  2⤵
  PID:9664
- C:\Windows\System\YmkHQrt.exe
  C:\Windows\System\YmkHQrt.exe
  2⤵
  PID:9680
- C:\Windows\System\OzmGgsg.exe
  C:\Windows\System\OzmGgsg.exe
  2⤵
  PID:9696
- C:\Windows\System\ZtXdwuA.exe
  C:\Windows\System\ZtXdwuA.exe
  2⤵
  PID:9712
- C:\Windows\System\zXkfTRw.exe
  C:\Windows\System\zXkfTRw.exe
  2⤵
  PID:9728
- C:\Windows\System\bnyfyfb.exe
  C:\Windows\System\bnyfyfb.exe
  2⤵
  PID:9744
- C:\Windows\System\TNjJZGv.exe
  C:\Windows\System\TNjJZGv.exe
  2⤵
  PID:9760
- C:\Windows\System\ebSHQWX.exe
  C:\Windows\System\ebSHQWX.exe
  2⤵
  PID:9776
- C:\Windows\System\PZSUCBq.exe
  C:\Windows\System\PZSUCBq.exe
  2⤵
  PID:9792
- C:\Windows\System\iksAfxi.exe
  C:\Windows\System\iksAfxi.exe
  2⤵
  PID:9812
- C:\Windows\System\yyVcwBB.exe
  C:\Windows\System\yyVcwBB.exe
  2⤵
  PID:9828
- C:\Windows\System\zVOQbEu.exe
  C:\Windows\System\zVOQbEu.exe
  2⤵
  PID:9844
- C:\Windows\System\xNiWIjR.exe
  C:\Windows\System\xNiWIjR.exe
  2⤵
  PID:9876
- C:\Windows\System\LwOaeio.exe
  C:\Windows\System\LwOaeio.exe
  2⤵
  PID:9900
- C:\Windows\System\ZQSrFCR.exe
  C:\Windows\System\ZQSrFCR.exe
  2⤵
  PID:9924
- C:\Windows\System\wFEHtOC.exe
  C:\Windows\System\wFEHtOC.exe
  2⤵
  PID:9940
- C:\Windows\System\EFDlgOh.exe
  C:\Windows\System\EFDlgOh.exe
  2⤵
  PID:9960
- C:\Windows\System\XJSjaFD.exe
  C:\Windows\System\XJSjaFD.exe
  2⤵
  PID:9976
- C:\Windows\System\ZRnpkUF.exe
  C:\Windows\System\ZRnpkUF.exe
  2⤵
  PID:9992
- C:\Windows\System\PRJtbrd.exe
  C:\Windows\System\PRJtbrd.exe
  2⤵
  PID:10008
- C:\Windows\System\KZWcGAm.exe
  C:\Windows\System\KZWcGAm.exe
  2⤵
  PID:10024
- C:\Windows\System\wuKUgHD.exe
  C:\Windows\System\wuKUgHD.exe
  2⤵
  PID:10040
- C:\Windows\System\bJgYWcB.exe
  C:\Windows\System\bJgYWcB.exe
  2⤵
  PID:10056
- C:\Windows\System\riEeNpj.exe
  C:\Windows\System\riEeNpj.exe
  2⤵
  PID:10072
- C:\Windows\System\mkgZtkK.exe
  C:\Windows\System\mkgZtkK.exe
  2⤵
  PID:10088
- C:\Windows\System\AbUOzuI.exe
  C:\Windows\System\AbUOzuI.exe
  2⤵
  PID:10104
- C:\Windows\System\ooAknNh.exe
  C:\Windows\System\ooAknNh.exe
  2⤵
  PID:10120
- C:\Windows\System\uPWwcsY.exe
  C:\Windows\System\uPWwcsY.exe
  2⤵
  PID:10140
- C:\Windows\System\VCyhQex.exe
  C:\Windows\System\VCyhQex.exe
  2⤵
  PID:10156
- C:\Windows\System\pZgjKXj.exe
  C:\Windows\System\pZgjKXj.exe
  2⤵
  PID:10184
- C:\Windows\System\isqiddl.exe
  C:\Windows\System\isqiddl.exe
  2⤵
  PID:10208
- C:\Windows\System\NFXmCwS.exe
  C:\Windows\System\NFXmCwS.exe
  2⤵
  PID:10228
- C:\Windows\System\JrkdaiY.exe
  C:\Windows\System\JrkdaiY.exe
  2⤵
  PID:8728
- C:\Windows\System\JnhUwkk.exe
  C:\Windows\System\JnhUwkk.exe
  2⤵
  PID:8816
- C:\Windows\System\sXaEfgi.exe
  C:\Windows\System\sXaEfgi.exe
  2⤵
  PID:9232
- C:\Windows\System\OWCzLfi.exe
  C:\Windows\System\OWCzLfi.exe
  2⤵
  PID:9264
- C:\Windows\System\brryiTl.exe
  C:\Windows\System\brryiTl.exe
  2⤵
  PID:9320
- C:\Windows\System\hlAtZor.exe
  C:\Windows\System\hlAtZor.exe
  2⤵
  PID:9400
- C:\Windows\System\fmcsycJ.exe
  C:\Windows\System\fmcsycJ.exe
  2⤵
  PID:9468
- C:\Windows\System\QgUdlWD.exe
  C:\Windows\System\QgUdlWD.exe
  2⤵
  PID:9416
- C:\Windows\System\CvrySHC.exe
  C:\Windows\System\CvrySHC.exe
  2⤵
  PID:9484
- C:\Windows\System\wcgIbaj.exe
  C:\Windows\System\wcgIbaj.exe
  2⤵
  PID:9512
- C:\Windows\System\YagdEdn.exe
  C:\Windows\System\YagdEdn.exe
  2⤵
  PID:9556
- C:\Windows\System\AQnCnji.exe
  C:\Windows\System\AQnCnji.exe
  2⤵
  PID:9588
- C:\Windows\System\DYWzdMn.exe
  C:\Windows\System\DYWzdMn.exe
  2⤵
  PID:9672
- C:\Windows\System\YYGgVUL.exe
  C:\Windows\System\YYGgVUL.exe
  2⤵
  PID:9660
- C:\Windows\System\uhgqFQI.exe
  C:\Windows\System\uhgqFQI.exe
  2⤵
  PID:9752
- C:\Windows\System\NiSrNzB.exe
  C:\Windows\System\NiSrNzB.exe
  2⤵
  PID:9800
- C:\Windows\System\tQSczsJ.exe
  C:\Windows\System\tQSczsJ.exe
  2⤵
  PID:9852
- C:\Windows\System\pmEENzC.exe
  C:\Windows\System\pmEENzC.exe
  2⤵
  PID:9888
- C:\Windows\System\WAspHlT.exe
  C:\Windows\System\WAspHlT.exe
  2⤵
  PID:9920
- C:\Windows\System\LYCABWx.exe
  C:\Windows\System\LYCABWx.exe
  2⤵
  PID:10016
- C:\Windows\System\efABLMG.exe
  C:\Windows\System\efABLMG.exe
  2⤵
  PID:10080
- C:\Windows\System\PIDIOla.exe
  C:\Windows\System\PIDIOla.exe
  2⤵
  PID:10148
- C:\Windows\System\nIOlwBD.exe
  C:\Windows\System\nIOlwBD.exe
  2⤵
  PID:10200
- C:\Windows\System\XyFdoXq.exe
  C:\Windows\System\XyFdoXq.exe
  2⤵
  PID:9708
- C:\Windows\System\lzzAaLH.exe
  C:\Windows\System\lzzAaLH.exe
  2⤵
  PID:10100
- C:\Windows\System\knjmLQr.exe
  C:\Windows\System\knjmLQr.exe
  2⤵
  PID:9972
- C:\Windows\System\BmvJLzw.exe
  C:\Windows\System\BmvJLzw.exe
  2⤵
  PID:10036
- C:\Windows\System\KSmbwoi.exe
  C:\Windows\System\KSmbwoi.exe
  2⤵
  PID:10136
- C:\Windows\System\gmeyWkb.exe
  C:\Windows\System\gmeyWkb.exe
  2⤵
  PID:10176
- C:\Windows\System\yintLDU.exe
  C:\Windows\System\yintLDU.exe
  2⤵
  PID:10224
- C:\Windows\System\tLYRJqm.exe
  C:\Windows\System\tLYRJqm.exe
  2⤵
  PID:8572
- C:\Windows\System\ipAOfty.exe
  C:\Windows\System\ipAOfty.exe
  2⤵
  PID:8820
- C:\Windows\System\TCqiEky.exe
  C:\Windows\System\TCqiEky.exe
  2⤵
  PID:9272
- C:\Windows\System\apIooPu.exe
  C:\Windows\System\apIooPu.exe
  2⤵
  PID:9288
- C:\Windows\System\FTVHCyS.exe
  C:\Windows\System\FTVHCyS.exe
  2⤵
  PID:9356
- C:\Windows\System\MMGdZRw.exe
  C:\Windows\System\MMGdZRw.exe
  2⤵
  PID:9364
- C:\Windows\System\TvFMkxE.exe
  C:\Windows\System\TvFMkxE.exe
  2⤵
  PID:9384
- C:\Windows\System\AKwqcyT.exe
  C:\Windows\System\AKwqcyT.exe
  2⤵
  PID:9448
- C:\Windows\System\dwEEwlH.exe
  C:\Windows\System\dwEEwlH.exe
  2⤵
  PID:9528
- C:\Windows\System\HESBkEP.exe
  C:\Windows\System\HESBkEP.exe
  2⤵
  PID:9604
- C:\Windows\System\oxrrYOE.exe
  C:\Windows\System\oxrrYOE.exe
  2⤵
  PID:9636
- C:\Windows\System\jQBcXMz.exe
  C:\Windows\System\jQBcXMz.exe
  2⤵
  PID:9656
- C:\Windows\System\lIlSJyP.exe
  C:\Windows\System\lIlSJyP.exe
  2⤵
  PID:9820
- C:\Windows\System\uAvWYxD.exe
  C:\Windows\System\uAvWYxD.exe
  2⤵
  PID:9860
- C:\Windows\System\NmVqHpf.exe
  C:\Windows\System\NmVqHpf.exe
  2⤵
  PID:10048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AYmpaEI.exe

Filesize
6.0MB

MD5
eafec2f2b56a459d54b7a56523a3bcd8

SHA1
a3d6053bfe5cc53107c2a3a2405595961f7c734b

SHA256
03b5a61211a370b31c6f3f4647e6bb6f27f634552fb11385e96115395549316f

SHA512
6104ad75b51ff6e1172b6f1889265628c3bf7ee0ff812b5eec701befd99c28899d76d326bf33f4e7ae9e8962b25601499344fb6ed8584f284e08ff6db2f3c2fe

Download Submit
C:\Windows\system\CTNsvkJ.exe

Filesize
6.0MB

MD5
928fb7e794a791deaf7d577cd6ded550

SHA1
aa6f9b01b306a4fca4b3251c697a855dca8314b5

SHA256
73204100f1d55f35d563816b7ebc34cae727b2ab6bc46fb3773bf4fee2eeb676

SHA512
b4cab739849114a686f47fe70d5736d022172a1527cc591d9ffb9532642765f5bd52018613613162196fc207c0c481b020b8276e3d3c09395d7a2229d63d976b

Download Submit
C:\Windows\system\CnJipEU.exe

Filesize
6.0MB

MD5
c5055dfba0475740095413df1a50e275

SHA1
7018d8ea3efd8fc05f744c33a94cd255ff5726e3

SHA256
4ed0743fd8fda080472163671395e82e6038f724a86ad37bc0df3f8a97867e6c

SHA512
126a6809e12cfeab746aeb2ed11235a6e4fe3eb774facc6ea6c87cbe92083b61e76f25c4733c31af80731a804faaf9d0ef8120c7c8ceb052a56ca5c7b1b1df3f

Download Submit
C:\Windows\system\JqrmBjX.exe

Filesize
6.0MB

MD5
ad05fb24c6007f7785befc033071940c

SHA1
13cbe22dc57a5834bec32d294104bff9b6c6f613

SHA256
6b5219d8371f6c8d0c0f44396c8ca852e96ddb20b8e15d3254ecb3754f53340f

SHA512
28ddcdab6ae95e85e3d09980846ad767e9bcef04ec3950476d44bca7f10593712ff8ef7aeac8f51bd9b2f3fad20e5c6e7c589c5926cc9625efd13919bef21ca4

Download Submit
C:\Windows\system\LeNJIoo.exe

Filesize
6.0MB

MD5
31e10f4aaa2fb783e8b622ead8cea275

SHA1
eca6a2ec96c7b0132c009e233ec71384c2818e45

SHA256
68ce0e31faa1c5c37f37b5d2c3c7ce9689c79c7fabad78a4a79af0630931a7c9

SHA512
997ba696f9abaec82f349bab06ec47e27bf2b2974dd100019ceea09d3f8be300b5862aaa16fa483509c689a87973c8427a91830eea3991d24ed006722d2adf01

Download Submit
C:\Windows\system\MmrerIh.exe

Filesize
6.0MB

MD5
2c95e8851543db0930a35f7898038809

SHA1
e571b824581d8a149415623a52dc148f90234389

SHA256
a96cb93c5e7a3e0ee2d9edb66bb266f78731629f7b2d2ef0800f4177ef1b7394

SHA512
b12e91d7db4ba460f3941108ab2b03b3042c1cc46fc6ebf9c22b6ec29fef57f7f1b34e5939f6239053f8aa281ab9734e9ce9f587743f831161b31f799678c139

Download Submit
C:\Windows\system\NlotLYi.exe

Filesize
6.0MB

MD5
53f0eab38b0396ace24e3a31938dd8ca

SHA1
1120b228c1c3837451907622c7ad3607bef8dd30

SHA256
66c8f806f3ee3f78d5c85c1d0c160dd6af2ed17fd037238d469d4ddb7a87f8b7

SHA512
b51dd453367a0c8d7d7a26f9097fa86d44ee52b2f454438d7c59b87a554359742ea0573ec0c7674ea26133ec64dfa65e614ee0ef8edc982aa3ac45ccb61547fd

Download Submit
C:\Windows\system\OLWZIhk.exe

Filesize
6.0MB

MD5
8a732e6f14e9570fdd4ae5790284cc10

SHA1
9a6814a0808307893255b31a4e4f42e61c7c42d6

SHA256
f59b9f6c05475ae1620fa9eece35ec4961f40334481107f1252e09ace19c801c

SHA512
7ec994fcb9beedcd693907159c35509121b5307d60e6831a62ba079c87944b9e54040f025ecf6f31105fb5a256380d0481d00fd27014535652b8a69c79c52120

Download Submit
C:\Windows\system\QOoxKTd.exe

Filesize
6.0MB

MD5
fb317ad0fadf8a3527f26e7f81ffef1f

SHA1
a1f3dad509af889dd055c837bfdafc54006b97b9

SHA256
b68691702fa86f0512a6d9cf225a9520457f6e7fdfd3a362b02658a2cad459ff

SHA512
11a8ffcbf426f08c8b1a1752bcc99fde6726fb6fe4eeb96b9b7e0f82ca2c5537b27e9631f8e55fef9adada3f31e2380b15fe83fcb2634a03647bf59d8f947d63

Download Submit
C:\Windows\system\XmpECen.exe

Filesize
6.0MB

MD5
7387957e0d4971fd7c57ba2d0ae3985b

SHA1
f5b2e69c14be8e6150f82411b45ae223634a719b

SHA256
7882ee8a766ae3ee673c136ad1a72dec68fdea876b83c5372e0cc638bd774fa1

SHA512
004a83e555bb69efc196b23d71e00a6ecebd75ff19828916b7aa8603c79d3e74fbcae9fee63060e40262fed47ddd8ebbae118dc03b0b27814e61fe2ec007299c

Download Submit
C:\Windows\system\aYUhwEI.exe

Filesize
6.0MB

MD5
ef14d7182489efe7fb95fe2b320d42f3

SHA1
b455444392984915108aee58d9b2023fda7072fe

SHA256
22c16b5519ed5469391e04436fe8299a895473ef3c18badbc7f3a2b7e97445e2

SHA512
30f44b6493a38ae458e23add1a089bad42b4a41091de26f20a990ea8439074850a46bdcee7e8abc1c4bab970f46f566b931024b101bd0ba24aa7d76581bba461

Download Submit
C:\Windows\system\cfWBAsi.exe

Filesize
6.0MB

MD5
c4a6ac75f063a006843b3b6089c412ed

SHA1
71d1ee7c834f632112b21d04fe76031d51502e4c

SHA256
95deaa0ffd439099b1564c84f65a940788ed2af29d9be62a3228b31371882a07

SHA512
764a069d9b1b7531c05aeeb77c1d49595a65bf0feca7e082b37a30bccaa2666df18e8b5fe247325b4912a853a22268e8b053e95d673773b55e42ef64f01009bc

Download Submit
C:\Windows\system\cysYvhx.exe

Filesize
6.0MB

MD5
663b357c795331a18f2e2cf3d003a830

SHA1
f8e9f0d9a33fd2f2d9cc52df6b87f49297a4c852

SHA256
80f252fb1c7efe266fd24065a073797ac3838c5172c5a381874306314b8ca974

SHA512
452f38f9181fe87bab66bef07b45786818ed48b51b59f896e723dfde0a2b37157b7d96d03766d3b9d750c32273b8a9d959d3c414b718c5c32002f0e1c6063465

Download Submit
C:\Windows\system\fcefVet.exe

Filesize
6.0MB

MD5
50ec3fdad1d63664025d8b33f54048ef

SHA1
025932f88b924c6fe824355380673370285431d6

SHA256
6f6c1212286c07b8bf53d6eff9a808889af694a68bd033be59be92944551d381

SHA512
dcce69b995e82e5dd5beacc118084e82c9f268c1d9fcb0e16feca295275dd2f7dffc08b6085fdd5cae21ccaa076f381345a69f45523f23df55f40423fdfacbb8

Download Submit
C:\Windows\system\gJbrUxs.exe

Filesize
6.0MB

MD5
84fd95df2ec9f25c492fb3978a3a18a5

SHA1
1bee8b11946c69c579fd6468dd656ec25efe62d7

SHA256
6a534954044b518ba4ba80c85e9b846fa31e48a0627eb41efc2067d8a5303a0b

SHA512
7d9d7326c113988b4cf96e210435192e70e5616b7fc4fc397002cbfb595e7a39274a8f1770b143a7af90c0c97209f29676c3d99f665032fadeaf6cfa7e7de3f2

Download Submit
C:\Windows\system\hXElCtw.exe

Filesize
6.0MB

MD5
dc768baee3a8cae51876db1d7ee4c14f

SHA1
1062a1f741396b2aeab099a9d55987486bb0b4b8

SHA256
64ec850917aa76373fd35ea25a60ef6f87595453afb4b09d9955dcdfb2be39d2

SHA512
d7ec4d81e37e3034175827671617d9566865b63ab07c69b35472782c7f252ea1e35627a007d7a5149f5791c67559f5ae9a811f70bd596b2181ffdc2127ed709f

Download Submit
C:\Windows\system\hnHyGhl.exe

Filesize
6.0MB

MD5
8f5b2b8f90848139cdc5826037792937

SHA1
14162d120d5a73971878ae23735a69486068bb60

SHA256
170bed98aae410d578f8b140c472c4bdc78c66c6827b9a15c9f81b02204d80fe

SHA512
eacff7c4587a9a8b00d91caf0c41e1785bba723369b04e1e38674d02887ebbee0de8bf2931920508d25acf70ccd2d99ee68cdd5628c1fa2ec5518f216088bc13

Download Submit
C:\Windows\system\izuesZL.exe

Filesize
6.0MB

MD5
7a7abd0f9b254f33a9e815379b8e04f4

SHA1
f54e8a0451f9f25404f513e233d78cfc576d06f8

SHA256
416125043b409d6201b85e79ba57e966a4d8ec26f48f3b472273f1c26a6cc99f

SHA512
439b850bc233f7775d8a70ab42f7b0600d66226e6f986cdddcc0dce5bc491c5f16ad8fb654d1be51fa7f2eb6fe4bd8469d2ab9a2cbd949a5ccd0102442140314

Download Submit
C:\Windows\system\jsuQObM.exe

Filesize
6.0MB

MD5
82ab745f27c61b10e623a1f9cb708b59

SHA1
852fe80583f076a2c001a784a580e5f38b65d8ab

SHA256
7844ae09e9105c8d1033816d61da122883d6bbcc380f6bd003215d485f4c1da0

SHA512
b42eb0d8fd9b1f642c0b6aca76c23d7af9fb3ccf5bbb32385567640d073efbe83b82578aa201e7f427d2903cd97187517069e293d5d4a764c8e6f0fe600b7f94

Download Submit
C:\Windows\system\kUGamSP.exe

Filesize
6.0MB

MD5
7f8173dffced2ce0b39794dd69cea142

SHA1
8d3036ab15f7e95686735066d1ed7f559a4a2002

SHA256
551f3911ed8cdb858cb24d968508f0ab655772af1c44d2364c59474a5635e8bd

SHA512
c364583f96682347f4aff3a59be0cf5e171de05636e46d1eb4d71d5647a60efc928548b841b4c339e0d4ffa05e8223ad4879ba6d5a1d49104326847cb06c8441

Download Submit
C:\Windows\system\kUyMBxA.exe

Filesize
6.0MB

MD5
92cde8ead9fc5fcc0ba6f36079b66468

SHA1
d3fb1844d7408e02a7bea54ce8e9de7ea520a1d9

SHA256
c5471d70fe2d1b7ef1ba8698cde498dd02a3e5c54fb0b9f0f8145524e87d5cf7

SHA512
be8213d4332948409951ae3268a65d0c0a53373bbed54d4e80f5ccd8ab7bf250685e8c0130b4d6fdccb7f0e0d60eb6939adcaefff2bce61c7afe3d60ddf4eaf0

Download Submit
C:\Windows\system\kxNrDHM.exe

Filesize
6.0MB

MD5
aedf435be8f478fd82ce37bdb22f7993

SHA1
43781c17557b291e13fffd0642516cd53bff0a67

SHA256
a769455c49a247978df0f04359a9108756afde4db12eb78cce39ccb39f80aec2

SHA512
13e2e47845b7883e2fe6985c6d5e1ad6e3b0408208f710d0ae01633cf93c01f9cb71d16bcb244f82fc01fd475df342c4c912b4043a55296cab22fc641de6b0ac

Download Submit
C:\Windows\system\lYMeuNV.exe

Filesize
6.0MB

MD5
4116e06b1a56ba08823874c37856c514

SHA1
eaf70272a5358b17ddd543faf8b433cdc37cd8ab

SHA256
8070ca58b7febe50f130acf91f18a1fae0af0ac8dcf0324bd9c68f891be01051

SHA512
8f16f82f1d44540cc3cab8b98ad77ce6d69f5fcf3a96f00fd026d9be4bdffdd67db6bb2a5e3f05b7a3bac138ced30ad4c98d39633ffdc6dd304e0044b303a45e

Download Submit
C:\Windows\system\rUKoPOs.exe

Filesize
6.0MB

MD5
b3b382205266d330905b6114c3136da4

SHA1
d43bf0c5e2af8d9a0cb433240cf62ced2bd0bece

SHA256
f67843488083539fcb1cfcfeb42069e0d2b4f070fe7ee62467b99d3660597699

SHA512
c829b2908fb4795e4ddee70edc5f104ce508520c98edbb44ebd0ed3cfcbded9cc00d1f8ce9029cb4d467e6e56353445c83a21f4d4b7bf48430b762f4e884679e

Download Submit
C:\Windows\system\tVHLeWo.exe

Filesize
6.0MB

MD5
ac1001f06c0f793e6657f0827ff72849

SHA1
eaad2c0749551ad934d9d076d7ca3ded14bcc087

SHA256
c89c7854a742252740caa4b094303cdb4a4ebe92379153eeeaecf4e1a13200b6

SHA512
e0767a83b6f464cfbcc29d9d4215ea1989e2626fa2a5a4faa331fcc6cf2ca0627e6c870d4acf096b738b37eee64873ed1c856843424f157a49fa4056b617e162

Download Submit
C:\Windows\system\ufhIqdJ.exe

Filesize
6.0MB

MD5
8ec5573e03c63bec5f8ff85082590a5a

SHA1
6bf84a55cfce66c86933b10375f86e5c14746a02

SHA256
8ce5c391c48a95f7e65f178f4e9848bc8fa14ffe82782d1ec07a3c523667d5c3

SHA512
919f610d08c90b4f0c3618059839e7b25fd35393d39d3e631bcdebb99d93c8dbe60ecdbd4da94e9de5df95b8ffe723b46caba40c3f4d2e75b220cda03adab5c8

Download Submit
C:\Windows\system\usqCnPW.exe

Filesize
6.0MB

MD5
41cf82908d48b095d7aef3d0e396d61a

SHA1
cb608195cab30f44d533a76571fd9d040de837e5

SHA256
20d219624f5909f472719e9e0ed2eb544e6fafbfb43902741d526d2a281bc915

SHA512
2707732eb6c870ebb310b3748a143e7406a895b262cbdeacf9b15319361ce2e28dcaebfbacff19f4f2858175fe8ab2cc19239eb52d8ac394bec3702b8c04f147

Download Submit
C:\Windows\system\vXNhvRf.exe

Filesize
6.0MB

MD5
a27b02225203e8e9b9213246e8b176e2

SHA1
86cce7d170f6d3b8ae896caefccde53bebdbaad6

SHA256
f389b5b79e7e6e950d3ca422b71376bc61f507ba0a10eb749c922213e4ee18aa

SHA512
84aff3a2f4955821e34d717f58541cd9bd20bf859495474c16953e40b163ab46670a878435e024aaa8f3caf2e6e9cf5a792b53579062b94a6ebb697a0fcc348c

Download Submit
C:\Windows\system\xCjvhtt.exe

Filesize
6.0MB

MD5
f3dc5475fff48c72ac81f7b1d322bebd

SHA1
5a5194c8d9494f5e224d3bb263a65aef0b7ab21a

SHA256
d9241a21a08e388be15d270ae831ead510415f696011b00b6df6fc318f0f1473

SHA512
97dfe085ee880f9194491ea585124fbefa7f7cb60071848d6a08d9c78fa86c7b5c84f231c9ce33b0a5a02b16027e5a43e070575635088b2a232cd6b81b514cde

Download Submit
C:\Windows\system\zApUjAq.exe

Filesize
6.0MB

MD5
9cf5303d794e07889912563dbffb412f

SHA1
feb87e0df2f046142d68b5accd28d3ed37ba4a4a

SHA256
f7b268090fb42aa4c10969b8d274030518864899e25b38d9040f97b4cf8ef732

SHA512
2c0a265048fdad3b9eba93fffae81f405be93766d00e6520fbaa9cc66a4c40aa55442d0dbbe8486729aada3b5c62070cd1416ec406aafc3d94299fb980b6acff

Download Submit
C:\Windows\system\zSJmffe.exe

Filesize
6.0MB

MD5
c021971f86fef26fb6e159f1b4f94a53

SHA1
dd14356b97a1239114544723798e7cf2e69f341c

SHA256
e3417dba397b7f2dca11984195d49c39f451ac76b1203de4fe075dcbc83b1065

SHA512
760b562946258baf5be48cdc36eb84442bebc730085d00db2e0071a6b9ffe9b44b71f813e1101cdcad287a966bac5d1f7624fe81e4b2c4728ad00e25ebcca072

Download Submit
\Windows\system\RxaHabj.exe

Filesize
6.0MB

MD5
a0c2f70309a438c9841736de6634bbd0

SHA1
2c8a8d2609a74df94a2665072ed2b085652cc625

SHA256
552148e94e77cc8f21135c4ce78211462191f63f6fe4600b883519dcea5936c9

SHA512
c403a79717e44324b8d96edc5114291211151c4bca6583950c801c163eb93d5fa69dbc5d588855029c638f2c87cedb665d44abc9bea64c51b5305e13c8e77b44

Download Submit
\Windows\system\kwIddfk.exe

Filesize
6.0MB

MD5
92c84bb04578136c3387249593c21a41

SHA1
4470b2acf819a279aa5c77d39a0bf2e76f15ce94

SHA256
5eec35b2de4a9d48d38e6d45ee83061ac230cd709662e2d796ca98c36a0c05c8

SHA512
a98d5c8622127d9bed198ff608f90a6169117fb372709989a997031d4d8b2113c919203f06438339f20179f533b7917f9d7ec96203a6169a0f2828b43e2c94f1

Download Submit
memory/1304-2584-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1304-3889-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-3308-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-3420-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-2489-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1860-2521-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-0-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-3413-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1860-2547-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-2588-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1860-3431-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-3314-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1860-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1860-3436-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2540-2043-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-2546-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-2516-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2660-4040-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/3012-1891-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/3012-3887-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download