cobaltstrike | 0f89483e9769e8f6b2e419acf63a5907ce2f082cfbf148b9cc85c763ec18c87e

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-12-2024 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

c12cc8135d4442bbe19204c3227cf73b
SHA1

c72dcca7c48631c6d66898eeaa8917ec6e4dca32
SHA256

0f89483e9769e8f6b2e419acf63a5907ce2f082cfbf148b9cc85c763ec18c87e
SHA512

019a79439415457313c509da1195cd0a568c9ea63ebfb1f24dc173fd7023ce519d380113d6d44857fffffc3b751db361045dabfa501397d8c345e85fc3cae3d6
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUn:eOl56utgpPF8u/7n

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012116-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186ee-10.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186fd-14.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018728-18.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001873d-22.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000187a5-31.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001925e-37.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-41.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-73.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197f8-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019838-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001977d-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196b1-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196af-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-98.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-62.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-57.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-49.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-46.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878f-30.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018784-25.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 54 IoCs

miner

resource	yara_rule
behavioral1/memory/2444-0-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012116-3.dat	xmrig
behavioral1/files/0x00070000000186ee-10.dat	xmrig
behavioral1/files/0x00070000000186fd-14.dat	xmrig
behavioral1/files/0x0007000000018728-18.dat	xmrig
behavioral1/files/0x000600000001873d-22.dat	xmrig
behavioral1/files/0x00060000000187a5-31.dat	xmrig
behavioral1/files/0x000800000001925e-37.dat	xmrig
behavioral1/files/0x00050000000195c5-41.dat	xmrig
behavioral1/files/0x000500000001960d-54.dat	xmrig
behavioral1/files/0x0005000000019613-65.dat	xmrig
behavioral1/files/0x0005000000019617-73.dat	xmrig
behavioral1/files/0x000500000001961f-89.dat	xmrig
behavioral1/files/0x0005000000019625-105.dat	xmrig
behavioral1/files/0x00050000000197f8-125.dat	xmrig
behavioral1/memory/2444-754-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2568-1327-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2552-1260-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2316-1101-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/1700-1405-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019838-129.dat	xmrig
behavioral1/files/0x000500000001977d-121.dat	xmrig
behavioral1/files/0x00050000000196b1-117.dat	xmrig
behavioral1/files/0x00050000000196af-113.dat	xmrig
behavioral1/files/0x0005000000019667-109.dat	xmrig
behavioral1/files/0x0005000000019623-101.dat	xmrig
behavioral1/files/0x0005000000019622-98.dat	xmrig
behavioral1/files/0x0005000000019621-94.dat	xmrig
behavioral1/files/0x000500000001961d-86.dat	xmrig
behavioral1/files/0x000500000001961b-81.dat	xmrig
behavioral1/files/0x0005000000019619-80.dat	xmrig
behavioral1/files/0x0005000000019615-72.dat	xmrig
behavioral1/files/0x0005000000019611-62.dat	xmrig
behavioral1/files/0x000500000001960f-57.dat	xmrig
behavioral1/files/0x000500000001960b-49.dat	xmrig
behavioral1/files/0x0005000000019609-46.dat	xmrig
behavioral1/files/0x000600000001878f-30.dat	xmrig
behavioral1/files/0x0006000000018784-25.dat	xmrig
behavioral1/memory/2100-1449-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2392-1762-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2728-1881-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2780-2234-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2920-2337-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2552-3962-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2316-3977-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/1700-3980-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2728-3981-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2568-3982-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2392-3979-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2920-3984-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2100-3983-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2780-3978-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2444-3985-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2444-3995-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2300	ifUrgfR.exe
2316	seEqxND.exe
2552	pbGufSI.exe
2568	UeDLiyP.exe
1700	UYqweXf.exe
2100	BKTPdQf.exe
2392	amHVKhb.exe
2728	hHynvzg.exe
2780	QDxnOfq.exe
2920	LfnyLdX.exe
2776	WRyMcoC.exe
2968	lHwIOJS.exe
2804	SumxzgK.exe
1348	YzPkgBY.exe
2644	sNRraHB.exe
2636	lBIvIwr.exe
840	lpKHtJS.exe
1464	pJOaOCU.exe
2036	GBxAgJU.exe
692	ZwfTEJH.exe
2352	CwhgZkk.exe
2840	ozUnhmC.exe
2720	rnEASgA.exe
2824	OCwDhHu.exe
3004	ueruzxl.exe
3016	YaXqPnK.exe
1500	jHUbxBj.exe
1416	zsENcoh.exe
800	TezfJYS.exe
2432	dQiYRCA.exe
2172	ZSCGbxV.exe
1940	yItUPnG.exe
1152	AOMexCF.exe
1888	SrSSexg.exe
2360	ztmSHUp.exe
340	faCuNeg.exe
2096	JMgotTp.exe
1532	oOwswlW.exe
1460	UJbVTTz.exe
708	jdzEWzy.exe
3068	dlCnxsP.exe
2272	QGlmAUv.exe
1516	IFmwcDu.exe
956	PfRrdag.exe
2424	VLzqrHW.exe
1816	XxTqHwC.exe
1696	bRAmOeE.exe
296	fVjGJny.exe
2288	xCqFlPu.exe
1876	edzPUGl.exe
1612	ovyuyoC.exe
1536	YJVfrtS.exe
1680	KceeSeq.exe
1644	zQlectg.exe
1900	osKLIym.exe
3060	bzYgeDR.exe
2084	khACRwf.exe
1904	AvqChgy.exe
2076	sMJHjLb.exe
752	mIBtCLE.exe
1360	RHjJCbK.exe
2456	HpxTZQs.exe
1616	xsBCrWY.exe
1756	Uytvfpm.exe

Loads dropped DLL 64 IoCs

pid	Process
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 53 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2444-0-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x0007000000012116-3.dat	upx
behavioral1/files/0x00070000000186ee-10.dat	upx
behavioral1/files/0x00070000000186fd-14.dat	upx
behavioral1/files/0x0007000000018728-18.dat	upx
behavioral1/files/0x000600000001873d-22.dat	upx
behavioral1/files/0x00060000000187a5-31.dat	upx
behavioral1/files/0x000800000001925e-37.dat	upx
behavioral1/files/0x00050000000195c5-41.dat	upx
behavioral1/files/0x000500000001960d-54.dat	upx
behavioral1/files/0x0005000000019613-65.dat	upx
behavioral1/files/0x0005000000019617-73.dat	upx
behavioral1/files/0x000500000001961f-89.dat	upx
behavioral1/files/0x0005000000019625-105.dat	upx
behavioral1/files/0x00050000000197f8-125.dat	upx
behavioral1/memory/2444-754-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2568-1327-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2552-1260-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2316-1101-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/1700-1405-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x0005000000019838-129.dat	upx
behavioral1/files/0x000500000001977d-121.dat	upx
behavioral1/files/0x00050000000196b1-117.dat	upx
behavioral1/files/0x00050000000196af-113.dat	upx
behavioral1/files/0x0005000000019667-109.dat	upx
behavioral1/files/0x0005000000019623-101.dat	upx
behavioral1/files/0x0005000000019622-98.dat	upx
behavioral1/files/0x0005000000019621-94.dat	upx
behavioral1/files/0x000500000001961d-86.dat	upx
behavioral1/files/0x000500000001961b-81.dat	upx
behavioral1/files/0x0005000000019619-80.dat	upx
behavioral1/files/0x0005000000019615-72.dat	upx
behavioral1/files/0x0005000000019611-62.dat	upx
behavioral1/files/0x000500000001960f-57.dat	upx
behavioral1/files/0x000500000001960b-49.dat	upx
behavioral1/files/0x0005000000019609-46.dat	upx
behavioral1/files/0x000600000001878f-30.dat	upx
behavioral1/files/0x0006000000018784-25.dat	upx
behavioral1/memory/2100-1449-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2392-1762-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2728-1881-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2780-2234-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2920-2337-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2552-3962-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2316-3977-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/1700-3980-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2728-3981-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2568-3982-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2392-3979-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2920-3984-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2100-3983-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2780-3978-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2444-3985-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jLlTvVz.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jKBIjfk.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xmWfusG.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qcYlYtO.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gsEUxrk.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QYiAIBy.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\deRiRji.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tavRCxA.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KeYdQtp.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TIKWsyw.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NqTkGXv.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dGVIENx.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAJaGPW.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GspiMow.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BMaXFIh.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VUubyjp.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XVCRGKS.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZgTRcxP.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XeKqPvT.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WuBYyEq.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jdOoGyU.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WVJSfHf.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpCOEaL.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpLgfnl.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IOEsVfF.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qizAwDn.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdnRtRf.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eyuSGfx.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nQuWcpp.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XBNSezX.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKhImUd.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YiqeLVJ.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BBFHEBg.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DSkwcsg.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MfMnmQh.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZvkbOXU.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RLldZgP.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fBEstSe.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GoFioLQ.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iwOSBAH.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MQRLTAt.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XmiDZtq.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNRraHB.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GGEHEDz.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLYvAJS.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXvPUFk.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mjAOvDW.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OqrWJsK.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vdkxfzJ.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XPJNpeV.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GVuLXPa.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cBOceBT.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UgvGvRS.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RJQvcPT.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Bkydjwy.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YQeejXN.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gEnGmxU.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IOkrQuY.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dQiYRCA.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EZaXJpp.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QSBsHQD.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\azmjbBO.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vfXLOmz.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ovyuyoC.exe	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2300	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2444 wrote to memory of 2300	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2444 wrote to memory of 2300	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2444 wrote to memory of 2316	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2444 wrote to memory of 2316	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2444 wrote to memory of 2316	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2444 wrote to memory of 2552	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2444 wrote to memory of 2552	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2444 wrote to memory of 2552	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2444 wrote to memory of 2568	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2444 wrote to memory of 2568	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2444 wrote to memory of 2568	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2444 wrote to memory of 1700	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2444 wrote to memory of 1700	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2444 wrote to memory of 1700	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2444 wrote to memory of 2100	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2444 wrote to memory of 2100	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2444 wrote to memory of 2100	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2444 wrote to memory of 2392	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2444 wrote to memory of 2392	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2444 wrote to memory of 2392	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2444 wrote to memory of 2728	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2444 wrote to memory of 2728	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2444 wrote to memory of 2728	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2444 wrote to memory of 2780	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2444 wrote to memory of 2780	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2444 wrote to memory of 2780	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2444 wrote to memory of 2920	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2444 wrote to memory of 2920	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2444 wrote to memory of 2920	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2444 wrote to memory of 2776	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2444 wrote to memory of 2776	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2444 wrote to memory of 2776	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2444 wrote to memory of 2968	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2444 wrote to memory of 2968	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2444 wrote to memory of 2968	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2444 wrote to memory of 2804	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2444 wrote to memory of 2804	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2444 wrote to memory of 2804	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2444 wrote to memory of 1348	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2444 wrote to memory of 1348	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2444 wrote to memory of 1348	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2444 wrote to memory of 2644	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2444 wrote to memory of 2644	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2444 wrote to memory of 2644	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2444 wrote to memory of 2636	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2444 wrote to memory of 2636	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2444 wrote to memory of 2636	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2444 wrote to memory of 840	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2444 wrote to memory of 840	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2444 wrote to memory of 840	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2444 wrote to memory of 1464	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2444 wrote to memory of 1464	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2444 wrote to memory of 1464	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2444 wrote to memory of 2036	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2444 wrote to memory of 2036	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2444 wrote to memory of 2036	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2444 wrote to memory of 692	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2444 wrote to memory of 692	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2444 wrote to memory of 692	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2444 wrote to memory of 2352	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2444 wrote to memory of 2352	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2444 wrote to memory of 2352	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2444 wrote to memory of 2840	2444	2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-30_c12cc8135d4442bbe19204c3227cf73b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Windows\System\ifUrgfR.exe
  C:\Windows\System\ifUrgfR.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\seEqxND.exe
  C:\Windows\System\seEqxND.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\pbGufSI.exe
  C:\Windows\System\pbGufSI.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\UeDLiyP.exe
  C:\Windows\System\UeDLiyP.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\UYqweXf.exe
  C:\Windows\System\UYqweXf.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\BKTPdQf.exe
  C:\Windows\System\BKTPdQf.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\amHVKhb.exe
  C:\Windows\System\amHVKhb.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\hHynvzg.exe
  C:\Windows\System\hHynvzg.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\QDxnOfq.exe
  C:\Windows\System\QDxnOfq.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\LfnyLdX.exe
  C:\Windows\System\LfnyLdX.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\WRyMcoC.exe
  C:\Windows\System\WRyMcoC.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\lHwIOJS.exe
  C:\Windows\System\lHwIOJS.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\SumxzgK.exe
  C:\Windows\System\SumxzgK.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\YzPkgBY.exe
  C:\Windows\System\YzPkgBY.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\sNRraHB.exe
  C:\Windows\System\sNRraHB.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\lBIvIwr.exe
  C:\Windows\System\lBIvIwr.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\lpKHtJS.exe
  C:\Windows\System\lpKHtJS.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\pJOaOCU.exe
  C:\Windows\System\pJOaOCU.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\GBxAgJU.exe
  C:\Windows\System\GBxAgJU.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\ZwfTEJH.exe
  C:\Windows\System\ZwfTEJH.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\CwhgZkk.exe
  C:\Windows\System\CwhgZkk.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\ozUnhmC.exe
  C:\Windows\System\ozUnhmC.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\rnEASgA.exe
  C:\Windows\System\rnEASgA.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\OCwDhHu.exe
  C:\Windows\System\OCwDhHu.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\ueruzxl.exe
  C:\Windows\System\ueruzxl.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\YaXqPnK.exe
  C:\Windows\System\YaXqPnK.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\jHUbxBj.exe
  C:\Windows\System\jHUbxBj.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\zsENcoh.exe
  C:\Windows\System\zsENcoh.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\TezfJYS.exe
  C:\Windows\System\TezfJYS.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\dQiYRCA.exe
  C:\Windows\System\dQiYRCA.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\ZSCGbxV.exe
  C:\Windows\System\ZSCGbxV.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\yItUPnG.exe
  C:\Windows\System\yItUPnG.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\AOMexCF.exe
  C:\Windows\System\AOMexCF.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\SrSSexg.exe
  C:\Windows\System\SrSSexg.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\ztmSHUp.exe
  C:\Windows\System\ztmSHUp.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\JMgotTp.exe
  C:\Windows\System\JMgotTp.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\faCuNeg.exe
  C:\Windows\System\faCuNeg.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\oOwswlW.exe
  C:\Windows\System\oOwswlW.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\UJbVTTz.exe
  C:\Windows\System\UJbVTTz.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\jdzEWzy.exe
  C:\Windows\System\jdzEWzy.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\dlCnxsP.exe
  C:\Windows\System\dlCnxsP.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\QGlmAUv.exe
  C:\Windows\System\QGlmAUv.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\IFmwcDu.exe
  C:\Windows\System\IFmwcDu.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\PfRrdag.exe
  C:\Windows\System\PfRrdag.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\VLzqrHW.exe
  C:\Windows\System\VLzqrHW.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\XxTqHwC.exe
  C:\Windows\System\XxTqHwC.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\bRAmOeE.exe
  C:\Windows\System\bRAmOeE.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\fVjGJny.exe
  C:\Windows\System\fVjGJny.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\xCqFlPu.exe
  C:\Windows\System\xCqFlPu.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\edzPUGl.exe
  C:\Windows\System\edzPUGl.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\ovyuyoC.exe
  C:\Windows\System\ovyuyoC.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\YJVfrtS.exe
  C:\Windows\System\YJVfrtS.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\KceeSeq.exe
  C:\Windows\System\KceeSeq.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\zQlectg.exe
  C:\Windows\System\zQlectg.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\osKLIym.exe
  C:\Windows\System\osKLIym.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\bzYgeDR.exe
  C:\Windows\System\bzYgeDR.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\khACRwf.exe
  C:\Windows\System\khACRwf.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\AvqChgy.exe
  C:\Windows\System\AvqChgy.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\sMJHjLb.exe
  C:\Windows\System\sMJHjLb.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\mIBtCLE.exe
  C:\Windows\System\mIBtCLE.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\RHjJCbK.exe
  C:\Windows\System\RHjJCbK.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\HpxTZQs.exe
  C:\Windows\System\HpxTZQs.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\xsBCrWY.exe
  C:\Windows\System\xsBCrWY.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\Uytvfpm.exe
  C:\Windows\System\Uytvfpm.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\tBpiBcm.exe
  C:\Windows\System\tBpiBcm.exe
  2⤵
  PID:564
- C:\Windows\System\vTcuTWW.exe
  C:\Windows\System\vTcuTWW.exe
  2⤵
  PID:668
- C:\Windows\System\snqwyDo.exe
  C:\Windows\System\snqwyDo.exe
  2⤵
  PID:1872
- C:\Windows\System\dCEnDpf.exe
  C:\Windows\System\dCEnDpf.exe
  2⤵
  PID:2252
- C:\Windows\System\YBBpKNI.exe
  C:\Windows\System\YBBpKNI.exe
  2⤵
  PID:2192
- C:\Windows\System\RSCSPQl.exe
  C:\Windows\System\RSCSPQl.exe
  2⤵
  PID:1796
- C:\Windows\System\TevBuLG.exe
  C:\Windows\System\TevBuLG.exe
  2⤵
  PID:2168
- C:\Windows\System\FkrdniI.exe
  C:\Windows\System\FkrdniI.exe
  2⤵
  PID:2164
- C:\Windows\System\SRgcQVi.exe
  C:\Windows\System\SRgcQVi.exe
  2⤵
  PID:1628
- C:\Windows\System\EZaXJpp.exe
  C:\Windows\System\EZaXJpp.exe
  2⤵
  PID:1044
- C:\Windows\System\XeKqPvT.exe
  C:\Windows\System\XeKqPvT.exe
  2⤵
  PID:2764
- C:\Windows\System\ufSCyFy.exe
  C:\Windows\System\ufSCyFy.exe
  2⤵
  PID:2956
- C:\Windows\System\vbAamDP.exe
  C:\Windows\System\vbAamDP.exe
  2⤵
  PID:1048
- C:\Windows\System\SlgMbGx.exe
  C:\Windows\System\SlgMbGx.exe
  2⤵
  PID:2692
- C:\Windows\System\vHyjMNG.exe
  C:\Windows\System\vHyjMNG.exe
  2⤵
  PID:2868
- C:\Windows\System\lxnUrXj.exe
  C:\Windows\System\lxnUrXj.exe
  2⤵
  PID:980
- C:\Windows\System\ZkHYyVk.exe
  C:\Windows\System\ZkHYyVk.exe
  2⤵
  PID:1484
- C:\Windows\System\QtfGVNo.exe
  C:\Windows\System\QtfGVNo.exe
  2⤵
  PID:576
- C:\Windows\System\HCpoNKH.exe
  C:\Windows\System\HCpoNKH.exe
  2⤵
  PID:2952
- C:\Windows\System\QcoiTOm.exe
  C:\Windows\System\QcoiTOm.exe
  2⤵
  PID:2856
- C:\Windows\System\xQAQsrS.exe
  C:\Windows\System\xQAQsrS.exe
  2⤵
  PID:2000
- C:\Windows\System\XEwDQJR.exe
  C:\Windows\System\XEwDQJR.exe
  2⤵
  PID:2264
- C:\Windows\System\ZROenLW.exe
  C:\Windows\System\ZROenLW.exe
  2⤵
  PID:1912
- C:\Windows\System\emWsGQU.exe
  C:\Windows\System\emWsGQU.exe
  2⤵
  PID:2344
- C:\Windows\System\ICtKGgb.exe
  C:\Windows\System\ICtKGgb.exe
  2⤵
  PID:2140
- C:\Windows\System\eJMEqCa.exe
  C:\Windows\System\eJMEqCa.exe
  2⤵
  PID:2496
- C:\Windows\System\uFLuyzC.exe
  C:\Windows\System\uFLuyzC.exe
  2⤵
  PID:496
- C:\Windows\System\RqoCtlo.exe
  C:\Windows\System\RqoCtlo.exe
  2⤵
  PID:2428
- C:\Windows\System\IjaXJdm.exe
  C:\Windows\System\IjaXJdm.exe
  2⤵
  PID:856
- C:\Windows\System\HRSuMLH.exe
  C:\Windows\System\HRSuMLH.exe
  2⤵
  PID:1088
- C:\Windows\System\bVALyWL.exe
  C:\Windows\System\bVALyWL.exe
  2⤵
  PID:1144
- C:\Windows\System\hStUVHu.exe
  C:\Windows\System\hStUVHu.exe
  2⤵
  PID:1660
- C:\Windows\System\FIRuNQm.exe
  C:\Windows\System\FIRuNQm.exe
  2⤵
  PID:912
- C:\Windows\System\wpKwooc.exe
  C:\Windows\System\wpKwooc.exe
  2⤵
  PID:2136
- C:\Windows\System\oyHRdLr.exe
  C:\Windows\System\oyHRdLr.exe
  2⤵
  PID:1468
- C:\Windows\System\rIBxdfZ.exe
  C:\Windows\System\rIBxdfZ.exe
  2⤵
  PID:2964
- C:\Windows\System\LSvuOzN.exe
  C:\Windows\System\LSvuOzN.exe
  2⤵
  PID:1172
- C:\Windows\System\JNDrVGZ.exe
  C:\Windows\System\JNDrVGZ.exe
  2⤵
  PID:2060
- C:\Windows\System\BGWAfNN.exe
  C:\Windows\System\BGWAfNN.exe
  2⤵
  PID:1892
- C:\Windows\System\tDRjacY.exe
  C:\Windows\System\tDRjacY.exe
  2⤵
  PID:1692
- C:\Windows\System\iiojEVe.exe
  C:\Windows\System\iiojEVe.exe
  2⤵
  PID:2412
- C:\Windows\System\MfMnmQh.exe
  C:\Windows\System\MfMnmQh.exe
  2⤵
  PID:1588
- C:\Windows\System\FcGuYXP.exe
  C:\Windows\System\FcGuYXP.exe
  2⤵
  PID:2280
- C:\Windows\System\vNFQBhw.exe
  C:\Windows\System\vNFQBhw.exe
  2⤵
  PID:1748
- C:\Windows\System\Iquwxol.exe
  C:\Windows\System\Iquwxol.exe
  2⤵
  PID:2912
- C:\Windows\System\gqiUqrK.exe
  C:\Windows\System\gqiUqrK.exe
  2⤵
  PID:2888
- C:\Windows\System\DTenXJy.exe
  C:\Windows\System\DTenXJy.exe
  2⤵
  PID:2668
- C:\Windows\System\osFfBOx.exe
  C:\Windows\System\osFfBOx.exe
  2⤵
  PID:1992
- C:\Windows\System\hZPBIkc.exe
  C:\Windows\System\hZPBIkc.exe
  2⤵
  PID:2832
- C:\Windows\System\QSBsHQD.exe
  C:\Windows\System\QSBsHQD.exe
  2⤵
  PID:2180
- C:\Windows\System\wqummjH.exe
  C:\Windows\System\wqummjH.exe
  2⤵
  PID:1916
- C:\Windows\System\gIEHNfN.exe
  C:\Windows\System\gIEHNfN.exe
  2⤵
  PID:1184
- C:\Windows\System\NXvOHBk.exe
  C:\Windows\System\NXvOHBk.exe
  2⤵
  PID:292
- C:\Windows\System\olJuVJl.exe
  C:\Windows\System\olJuVJl.exe
  2⤵
  PID:1712
- C:\Windows\System\uDCvFEH.exe
  C:\Windows\System\uDCvFEH.exe
  2⤵
  PID:1528
- C:\Windows\System\lcrneqA.exe
  C:\Windows\System\lcrneqA.exe
  2⤵
  PID:596
- C:\Windows\System\ifYdFWT.exe
  C:\Windows\System\ifYdFWT.exe
  2⤵
  PID:1072
- C:\Windows\System\CxGERHj.exe
  C:\Windows\System\CxGERHj.exe
  2⤵
  PID:592
- C:\Windows\System\zdnRtRf.exe
  C:\Windows\System\zdnRtRf.exe
  2⤵
  PID:3080
- C:\Windows\System\HYrkbqC.exe
  C:\Windows\System\HYrkbqC.exe
  2⤵
  PID:3096
- C:\Windows\System\MsYrdWw.exe
  C:\Windows\System\MsYrdWw.exe
  2⤵
  PID:3112
- C:\Windows\System\JcuglYW.exe
  C:\Windows\System\JcuglYW.exe
  2⤵
  PID:3128
- C:\Windows\System\sebcItz.exe
  C:\Windows\System\sebcItz.exe
  2⤵
  PID:3144
- C:\Windows\System\QbAiOxS.exe
  C:\Windows\System\QbAiOxS.exe
  2⤵
  PID:3160
- C:\Windows\System\zvNaXSj.exe
  C:\Windows\System\zvNaXSj.exe
  2⤵
  PID:3176
- C:\Windows\System\YqlcoUD.exe
  C:\Windows\System\YqlcoUD.exe
  2⤵
  PID:3192
- C:\Windows\System\PMnonYv.exe
  C:\Windows\System\PMnonYv.exe
  2⤵
  PID:3208
- C:\Windows\System\YKhQZjA.exe
  C:\Windows\System\YKhQZjA.exe
  2⤵
  PID:3224
- C:\Windows\System\sJVRsCR.exe
  C:\Windows\System\sJVRsCR.exe
  2⤵
  PID:3240
- C:\Windows\System\cpZVWOl.exe
  C:\Windows\System\cpZVWOl.exe
  2⤵
  PID:3256
- C:\Windows\System\gZLiCcb.exe
  C:\Windows\System\gZLiCcb.exe
  2⤵
  PID:3272
- C:\Windows\System\tmxyGtg.exe
  C:\Windows\System\tmxyGtg.exe
  2⤵
  PID:3288
- C:\Windows\System\TfQbPxv.exe
  C:\Windows\System\TfQbPxv.exe
  2⤵
  PID:3304
- C:\Windows\System\pRHUUlC.exe
  C:\Windows\System\pRHUUlC.exe
  2⤵
  PID:3320
- C:\Windows\System\VZRghyD.exe
  C:\Windows\System\VZRghyD.exe
  2⤵
  PID:3336
- C:\Windows\System\OffdiPY.exe
  C:\Windows\System\OffdiPY.exe
  2⤵
  PID:3352
- C:\Windows\System\UjEOcqM.exe
  C:\Windows\System\UjEOcqM.exe
  2⤵
  PID:3368
- C:\Windows\System\SQNdiQP.exe
  C:\Windows\System\SQNdiQP.exe
  2⤵
  PID:3384
- C:\Windows\System\rBHFvlg.exe
  C:\Windows\System\rBHFvlg.exe
  2⤵
  PID:3400
- C:\Windows\System\aGFcYXu.exe
  C:\Windows\System\aGFcYXu.exe
  2⤵
  PID:3416
- C:\Windows\System\SEMRcsD.exe
  C:\Windows\System\SEMRcsD.exe
  2⤵
  PID:3432
- C:\Windows\System\BkiMepo.exe
  C:\Windows\System\BkiMepo.exe
  2⤵
  PID:3448
- C:\Windows\System\pBlWtzi.exe
  C:\Windows\System\pBlWtzi.exe
  2⤵
  PID:3464
- C:\Windows\System\pLHyXBv.exe
  C:\Windows\System\pLHyXBv.exe
  2⤵
  PID:3480
- C:\Windows\System\ZuEvqSc.exe
  C:\Windows\System\ZuEvqSc.exe
  2⤵
  PID:3496
- C:\Windows\System\yQgPzqD.exe
  C:\Windows\System\yQgPzqD.exe
  2⤵
  PID:3512
- C:\Windows\System\qaPVkEd.exe
  C:\Windows\System\qaPVkEd.exe
  2⤵
  PID:3528
- C:\Windows\System\zEJBdyi.exe
  C:\Windows\System\zEJBdyi.exe
  2⤵
  PID:3544
- C:\Windows\System\yfCrORz.exe
  C:\Windows\System\yfCrORz.exe
  2⤵
  PID:3560
- C:\Windows\System\kqEmTVj.exe
  C:\Windows\System\kqEmTVj.exe
  2⤵
  PID:3576
- C:\Windows\System\tIIcxei.exe
  C:\Windows\System\tIIcxei.exe
  2⤵
  PID:3592
- C:\Windows\System\loLXGId.exe
  C:\Windows\System\loLXGId.exe
  2⤵
  PID:3608
- C:\Windows\System\uSsjXOk.exe
  C:\Windows\System\uSsjXOk.exe
  2⤵
  PID:3624
- C:\Windows\System\wKARsqw.exe
  C:\Windows\System\wKARsqw.exe
  2⤵
  PID:3640
- C:\Windows\System\ksmqluT.exe
  C:\Windows\System\ksmqluT.exe
  2⤵
  PID:3656
- C:\Windows\System\xmWfusG.exe
  C:\Windows\System\xmWfusG.exe
  2⤵
  PID:3672
- C:\Windows\System\lSJvJEd.exe
  C:\Windows\System\lSJvJEd.exe
  2⤵
  PID:3688
- C:\Windows\System\qpdUUoX.exe
  C:\Windows\System\qpdUUoX.exe
  2⤵
  PID:3704
- C:\Windows\System\ydRPRuk.exe
  C:\Windows\System\ydRPRuk.exe
  2⤵
  PID:3720
- C:\Windows\System\kJBfFVP.exe
  C:\Windows\System\kJBfFVP.exe
  2⤵
  PID:3736
- C:\Windows\System\wJaCRVh.exe
  C:\Windows\System\wJaCRVh.exe
  2⤵
  PID:3752
- C:\Windows\System\lJeDDZO.exe
  C:\Windows\System\lJeDDZO.exe
  2⤵
  PID:3768
- C:\Windows\System\wUXTDxd.exe
  C:\Windows\System\wUXTDxd.exe
  2⤵
  PID:3788
- C:\Windows\System\fGQOYpi.exe
  C:\Windows\System\fGQOYpi.exe
  2⤵
  PID:3804
- C:\Windows\System\uiRcTFK.exe
  C:\Windows\System\uiRcTFK.exe
  2⤵
  PID:3820
- C:\Windows\System\avfYPsG.exe
  C:\Windows\System\avfYPsG.exe
  2⤵
  PID:3836
- C:\Windows\System\rCPvTGz.exe
  C:\Windows\System\rCPvTGz.exe
  2⤵
  PID:3852
- C:\Windows\System\WPcFafd.exe
  C:\Windows\System\WPcFafd.exe
  2⤵
  PID:3868
- C:\Windows\System\oWDeOpA.exe
  C:\Windows\System\oWDeOpA.exe
  2⤵
  PID:3884
- C:\Windows\System\QzxvKcX.exe
  C:\Windows\System\QzxvKcX.exe
  2⤵
  PID:3900
- C:\Windows\System\FpnJwKF.exe
  C:\Windows\System\FpnJwKF.exe
  2⤵
  PID:3916
- C:\Windows\System\REJKYuc.exe
  C:\Windows\System\REJKYuc.exe
  2⤵
  PID:3932
- C:\Windows\System\wwMAlks.exe
  C:\Windows\System\wwMAlks.exe
  2⤵
  PID:3948
- C:\Windows\System\PpptThk.exe
  C:\Windows\System\PpptThk.exe
  2⤵
  PID:3964
- C:\Windows\System\caHmBOQ.exe
  C:\Windows\System\caHmBOQ.exe
  2⤵
  PID:3980
- C:\Windows\System\PQgQLzX.exe
  C:\Windows\System\PQgQLzX.exe
  2⤵
  PID:3996
- C:\Windows\System\dEfgeES.exe
  C:\Windows\System\dEfgeES.exe
  2⤵
  PID:4012
- C:\Windows\System\UyojWYL.exe
  C:\Windows\System\UyojWYL.exe
  2⤵
  PID:4028
- C:\Windows\System\aPCBXsp.exe
  C:\Windows\System\aPCBXsp.exe
  2⤵
  PID:4044
- C:\Windows\System\ovwGomA.exe
  C:\Windows\System\ovwGomA.exe
  2⤵
  PID:4060
- C:\Windows\System\HKbchee.exe
  C:\Windows\System\HKbchee.exe
  2⤵
  PID:4076
- C:\Windows\System\pABdoub.exe
  C:\Windows\System\pABdoub.exe
  2⤵
  PID:4092
- C:\Windows\System\PnejOcG.exe
  C:\Windows\System\PnejOcG.exe
  2⤵
  PID:1960
- C:\Windows\System\PMETRkx.exe
  C:\Windows\System\PMETRkx.exe
  2⤵
  PID:2556
- C:\Windows\System\shOFflA.exe
  C:\Windows\System\shOFflA.exe
  2⤵
  PID:2908
- C:\Windows\System\VneWSuR.exe
  C:\Windows\System\VneWSuR.exe
  2⤵
  PID:1668
- C:\Windows\System\qdFzFyj.exe
  C:\Windows\System\qdFzFyj.exe
  2⤵
  PID:768
- C:\Windows\System\QOkdpGm.exe
  C:\Windows\System\QOkdpGm.exe
  2⤵
  PID:2380
- C:\Windows\System\otgESUW.exe
  C:\Windows\System\otgESUW.exe
  2⤵
  PID:2596
- C:\Windows\System\MWxzTps.exe
  C:\Windows\System\MWxzTps.exe
  2⤵
  PID:916
- C:\Windows\System\UUqYzKa.exe
  C:\Windows\System\UUqYzKa.exe
  2⤵
  PID:1784
- C:\Windows\System\fvtmcuv.exe
  C:\Windows\System\fvtmcuv.exe
  2⤵
  PID:3088
- C:\Windows\System\RSTQlkO.exe
  C:\Windows\System\RSTQlkO.exe
  2⤵
  PID:3108
- C:\Windows\System\RVjCOaD.exe
  C:\Windows\System\RVjCOaD.exe
  2⤵
  PID:3140
- C:\Windows\System\HFuQSHB.exe
  C:\Windows\System\HFuQSHB.exe
  2⤵
  PID:3172
- C:\Windows\System\ODtWXpr.exe
  C:\Windows\System\ODtWXpr.exe
  2⤵
  PID:3216
- C:\Windows\System\majbGYK.exe
  C:\Windows\System\majbGYK.exe
  2⤵
  PID:3248
- C:\Windows\System\jLlTvVz.exe
  C:\Windows\System\jLlTvVz.exe
  2⤵
  PID:3268
- C:\Windows\System\YNYcZmr.exe
  C:\Windows\System\YNYcZmr.exe
  2⤵
  PID:3312
- C:\Windows\System\ETApfwE.exe
  C:\Windows\System\ETApfwE.exe
  2⤵
  PID:3344
- C:\Windows\System\nwWNkxV.exe
  C:\Windows\System\nwWNkxV.exe
  2⤵
  PID:3376
- C:\Windows\System\NnprtgD.exe
  C:\Windows\System\NnprtgD.exe
  2⤵
  PID:3408
- C:\Windows\System\DDInyno.exe
  C:\Windows\System\DDInyno.exe
  2⤵
  PID:3440
- C:\Windows\System\XWvcYek.exe
  C:\Windows\System\XWvcYek.exe
  2⤵
  PID:3460
- C:\Windows\System\DXhUbMX.exe
  C:\Windows\System\DXhUbMX.exe
  2⤵
  PID:3504
- C:\Windows\System\CsOKWkH.exe
  C:\Windows\System\CsOKWkH.exe
  2⤵
  PID:3536
- C:\Windows\System\HjwLngF.exe
  C:\Windows\System\HjwLngF.exe
  2⤵
  PID:3568
- C:\Windows\System\dyjcIqZ.exe
  C:\Windows\System\dyjcIqZ.exe
  2⤵
  PID:3600
- C:\Windows\System\RqbVqJh.exe
  C:\Windows\System\RqbVqJh.exe
  2⤵
  PID:3632
- C:\Windows\System\OpzlTOe.exe
  C:\Windows\System\OpzlTOe.exe
  2⤵
  PID:3652
- C:\Windows\System\CAJaGPW.exe
  C:\Windows\System\CAJaGPW.exe
  2⤵
  PID:3696
- C:\Windows\System\MwapXbj.exe
  C:\Windows\System\MwapXbj.exe
  2⤵
  PID:3728
- C:\Windows\System\GzvZacg.exe
  C:\Windows\System\GzvZacg.exe
  2⤵
  PID:3760
- C:\Windows\System\rJtWLgz.exe
  C:\Windows\System\rJtWLgz.exe
  2⤵
  PID:3796
- C:\Windows\System\xVuanwM.exe
  C:\Windows\System\xVuanwM.exe
  2⤵
  PID:3828
- C:\Windows\System\QWyNAxz.exe
  C:\Windows\System\QWyNAxz.exe
  2⤵
  PID:3860
- C:\Windows\System\wPDvsHH.exe
  C:\Windows\System\wPDvsHH.exe
  2⤵
  PID:3892
- C:\Windows\System\IPzhlfO.exe
  C:\Windows\System\IPzhlfO.exe
  2⤵
  PID:3924
- C:\Windows\System\DHodQkA.exe
  C:\Windows\System\DHodQkA.exe
  2⤵
  PID:3956
- C:\Windows\System\Bkedegi.exe
  C:\Windows\System\Bkedegi.exe
  2⤵
  PID:3988
- C:\Windows\System\bpstiSR.exe
  C:\Windows\System\bpstiSR.exe
  2⤵
  PID:4020
- C:\Windows\System\qbVgeXz.exe
  C:\Windows\System\qbVgeXz.exe
  2⤵
  PID:4056
- C:\Windows\System\gClgceY.exe
  C:\Windows\System\gClgceY.exe
  2⤵
  PID:4088
- C:\Windows\System\odNWyqj.exe
  C:\Windows\System\odNWyqj.exe
  2⤵
  PID:2564
- C:\Windows\System\xGTJrwi.exe
  C:\Windows\System\xGTJrwi.exe
  2⤵
  PID:2984
- C:\Windows\System\AxIctOI.exe
  C:\Windows\System\AxIctOI.exe
  2⤵
  PID:2104
- C:\Windows\System\vdVoQCK.exe
  C:\Windows\System\vdVoQCK.exe
  2⤵
  PID:2156
- C:\Windows\System\DocXAnb.exe
  C:\Windows\System\DocXAnb.exe
  2⤵
  PID:3076
- C:\Windows\System\RnmrynD.exe
  C:\Windows\System\RnmrynD.exe
  2⤵
  PID:3152
- C:\Windows\System\YANLLEP.exe
  C:\Windows\System\YANLLEP.exe
  2⤵
  PID:3204
- C:\Windows\System\WeBjlKD.exe
  C:\Windows\System\WeBjlKD.exe
  2⤵
  PID:3280
- C:\Windows\System\cJjMzGT.exe
  C:\Windows\System\cJjMzGT.exe
  2⤵
  PID:3332
- C:\Windows\System\JhmTWGT.exe
  C:\Windows\System\JhmTWGT.exe
  2⤵
  PID:3396
- C:\Windows\System\yInoOIS.exe
  C:\Windows\System\yInoOIS.exe
  2⤵
  PID:3472
- C:\Windows\System\STjAeNq.exe
  C:\Windows\System\STjAeNq.exe
  2⤵
  PID:3524
- C:\Windows\System\GjjxlJu.exe
  C:\Windows\System\GjjxlJu.exe
  2⤵
  PID:3588
- C:\Windows\System\mUUrWVh.exe
  C:\Windows\System\mUUrWVh.exe
  2⤵
  PID:3664
- C:\Windows\System\iPqITOB.exe
  C:\Windows\System\iPqITOB.exe
  2⤵
  PID:3716
- C:\Windows\System\cIPZvdh.exe
  C:\Windows\System\cIPZvdh.exe
  2⤵
  PID:3784
- C:\Windows\System\oXjSChq.exe
  C:\Windows\System\oXjSChq.exe
  2⤵
  PID:3848
- C:\Windows\System\NPsmAnT.exe
  C:\Windows\System\NPsmAnT.exe
  2⤵
  PID:3912
- C:\Windows\System\qenalgH.exe
  C:\Windows\System\qenalgH.exe
  2⤵
  PID:3976
- C:\Windows\System\NKxElaV.exe
  C:\Windows\System\NKxElaV.exe
  2⤵
  PID:4040
- C:\Windows\System\PsGTGVn.exe
  C:\Windows\System\PsGTGVn.exe
  2⤵
  PID:1584
- C:\Windows\System\isWZWoS.exe
  C:\Windows\System\isWZWoS.exe
  2⤵
  PID:2820
- C:\Windows\System\gOUxBqS.exe
  C:\Windows\System\gOUxBqS.exe
  2⤵
  PID:992
- C:\Windows\System\zPQoteF.exe
  C:\Windows\System\zPQoteF.exe
  2⤵
  PID:4108
- C:\Windows\System\RdZoMRe.exe
  C:\Windows\System\RdZoMRe.exe
  2⤵
  PID:4124
- C:\Windows\System\NTWBvhZ.exe
  C:\Windows\System\NTWBvhZ.exe
  2⤵
  PID:4140
- C:\Windows\System\YSmITyK.exe
  C:\Windows\System\YSmITyK.exe
  2⤵
  PID:4156
- C:\Windows\System\TYOnngh.exe
  C:\Windows\System\TYOnngh.exe
  2⤵
  PID:4172
- C:\Windows\System\RHOSirp.exe
  C:\Windows\System\RHOSirp.exe
  2⤵
  PID:4188
- C:\Windows\System\kQgKxrz.exe
  C:\Windows\System\kQgKxrz.exe
  2⤵
  PID:4204
- C:\Windows\System\ultIVOd.exe
  C:\Windows\System\ultIVOd.exe
  2⤵
  PID:4220
- C:\Windows\System\cuvCFLw.exe
  C:\Windows\System\cuvCFLw.exe
  2⤵
  PID:4236
- C:\Windows\System\IvZdzUn.exe
  C:\Windows\System\IvZdzUn.exe
  2⤵
  PID:4252
- C:\Windows\System\vmOzQvu.exe
  C:\Windows\System\vmOzQvu.exe
  2⤵
  PID:4268
- C:\Windows\System\xVZjbAe.exe
  C:\Windows\System\xVZjbAe.exe
  2⤵
  PID:4284
- C:\Windows\System\EVqfkTG.exe
  C:\Windows\System\EVqfkTG.exe
  2⤵
  PID:4300
- C:\Windows\System\QliZvUa.exe
  C:\Windows\System\QliZvUa.exe
  2⤵
  PID:4316
- C:\Windows\System\kkdwSxq.exe
  C:\Windows\System\kkdwSxq.exe
  2⤵
  PID:4332
- C:\Windows\System\JUWuwxo.exe
  C:\Windows\System\JUWuwxo.exe
  2⤵
  PID:4348
- C:\Windows\System\nQuUkez.exe
  C:\Windows\System\nQuUkez.exe
  2⤵
  PID:4364
- C:\Windows\System\hLNiRLG.exe
  C:\Windows\System\hLNiRLG.exe
  2⤵
  PID:4380
- C:\Windows\System\WgBMvVl.exe
  C:\Windows\System\WgBMvVl.exe
  2⤵
  PID:4396
- C:\Windows\System\eyuSGfx.exe
  C:\Windows\System\eyuSGfx.exe
  2⤵
  PID:4412
- C:\Windows\System\BRkGaLq.exe
  C:\Windows\System\BRkGaLq.exe
  2⤵
  PID:4428
- C:\Windows\System\RbAOXWC.exe
  C:\Windows\System\RbAOXWC.exe
  2⤵
  PID:4444
- C:\Windows\System\OqVgerm.exe
  C:\Windows\System\OqVgerm.exe
  2⤵
  PID:4460
- C:\Windows\System\cKVHpce.exe
  C:\Windows\System\cKVHpce.exe
  2⤵
  PID:4476
- C:\Windows\System\meYYMis.exe
  C:\Windows\System\meYYMis.exe
  2⤵
  PID:4492
- C:\Windows\System\sGZfONF.exe
  C:\Windows\System\sGZfONF.exe
  2⤵
  PID:4508
- C:\Windows\System\yYaeNEK.exe
  C:\Windows\System\yYaeNEK.exe
  2⤵
  PID:4524
- C:\Windows\System\mSeIMPq.exe
  C:\Windows\System\mSeIMPq.exe
  2⤵
  PID:4540
- C:\Windows\System\YSenAck.exe
  C:\Windows\System\YSenAck.exe
  2⤵
  PID:4556
- C:\Windows\System\JGRAghc.exe
  C:\Windows\System\JGRAghc.exe
  2⤵
  PID:4572
- C:\Windows\System\gMTkbVb.exe
  C:\Windows\System\gMTkbVb.exe
  2⤵
  PID:4592
- C:\Windows\System\HpHyOPq.exe
  C:\Windows\System\HpHyOPq.exe
  2⤵
  PID:4608
- C:\Windows\System\NlaHwzr.exe
  C:\Windows\System\NlaHwzr.exe
  2⤵
  PID:4624
- C:\Windows\System\moVNvAf.exe
  C:\Windows\System\moVNvAf.exe
  2⤵
  PID:4640
- C:\Windows\System\LDkpwVt.exe
  C:\Windows\System\LDkpwVt.exe
  2⤵
  PID:4656
- C:\Windows\System\KotXfCO.exe
  C:\Windows\System\KotXfCO.exe
  2⤵
  PID:4672
- C:\Windows\System\ZmZKUPX.exe
  C:\Windows\System\ZmZKUPX.exe
  2⤵
  PID:4688
- C:\Windows\System\nQuWcpp.exe
  C:\Windows\System\nQuWcpp.exe
  2⤵
  PID:4704
- C:\Windows\System\LPDonmu.exe
  C:\Windows\System\LPDonmu.exe
  2⤵
  PID:4720
- C:\Windows\System\SfiyULJ.exe
  C:\Windows\System\SfiyULJ.exe
  2⤵
  PID:4736
- C:\Windows\System\MVucGBR.exe
  C:\Windows\System\MVucGBR.exe
  2⤵
  PID:4752
- C:\Windows\System\CWtyjNM.exe
  C:\Windows\System\CWtyjNM.exe
  2⤵
  PID:4768
- C:\Windows\System\vQBiAyy.exe
  C:\Windows\System\vQBiAyy.exe
  2⤵
  PID:4784
- C:\Windows\System\FVyngJM.exe
  C:\Windows\System\FVyngJM.exe
  2⤵
  PID:4800
- C:\Windows\System\HLKBOOh.exe
  C:\Windows\System\HLKBOOh.exe
  2⤵
  PID:4816
- C:\Windows\System\XkTEYEE.exe
  C:\Windows\System\XkTEYEE.exe
  2⤵
  PID:4832
- C:\Windows\System\yrCyTaO.exe
  C:\Windows\System\yrCyTaO.exe
  2⤵
  PID:4848
- C:\Windows\System\DbgpJlL.exe
  C:\Windows\System\DbgpJlL.exe
  2⤵
  PID:4864
- C:\Windows\System\GUunhtb.exe
  C:\Windows\System\GUunhtb.exe
  2⤵
  PID:4880
- C:\Windows\System\UomclYn.exe
  C:\Windows\System\UomclYn.exe
  2⤵
  PID:4896
- C:\Windows\System\aqWLAcZ.exe
  C:\Windows\System\aqWLAcZ.exe
  2⤵
  PID:4912
- C:\Windows\System\axRRuae.exe
  C:\Windows\System\axRRuae.exe
  2⤵
  PID:4928
- C:\Windows\System\lxDsASE.exe
  C:\Windows\System\lxDsASE.exe
  2⤵
  PID:4944
- C:\Windows\System\sYqzVpY.exe
  C:\Windows\System\sYqzVpY.exe
  2⤵
  PID:4960
- C:\Windows\System\yXgzzpI.exe
  C:\Windows\System\yXgzzpI.exe
  2⤵
  PID:4976
- C:\Windows\System\WGxnRsm.exe
  C:\Windows\System\WGxnRsm.exe
  2⤵
  PID:4992
- C:\Windows\System\KFDfXZh.exe
  C:\Windows\System\KFDfXZh.exe
  2⤵
  PID:5008
- C:\Windows\System\EjSRqmH.exe
  C:\Windows\System\EjSRqmH.exe
  2⤵
  PID:5024
- C:\Windows\System\mheCoXs.exe
  C:\Windows\System\mheCoXs.exe
  2⤵
  PID:5040
- C:\Windows\System\zjaRMTg.exe
  C:\Windows\System\zjaRMTg.exe
  2⤵
  PID:5056
- C:\Windows\System\qucEMyy.exe
  C:\Windows\System\qucEMyy.exe
  2⤵
  PID:5072
- C:\Windows\System\zPNAKRK.exe
  C:\Windows\System\zPNAKRK.exe
  2⤵
  PID:5088
- C:\Windows\System\AbQGnAD.exe
  C:\Windows\System\AbQGnAD.exe
  2⤵
  PID:5104
- C:\Windows\System\YaWgBxq.exe
  C:\Windows\System\YaWgBxq.exe
  2⤵
  PID:3120
- C:\Windows\System\HOyxLND.exe
  C:\Windows\System\HOyxLND.exe
  2⤵
  PID:3264
- C:\Windows\System\CphPzDN.exe
  C:\Windows\System\CphPzDN.exe
  2⤵
  PID:3456
- C:\Windows\System\KLsZysR.exe
  C:\Windows\System\KLsZysR.exe
  2⤵
  PID:3520
- C:\Windows\System\lZmctoF.exe
  C:\Windows\System\lZmctoF.exe
  2⤵
  PID:3620
- C:\Windows\System\iLHtFRF.exe
  C:\Windows\System\iLHtFRF.exe
  2⤵
  PID:3776
- C:\Windows\System\aLanpYE.exe
  C:\Windows\System\aLanpYE.exe
  2⤵
  PID:3908
- C:\Windows\System\OqrWJsK.exe
  C:\Windows\System\OqrWJsK.exe
  2⤵
  PID:4072
- C:\Windows\System\kyscqgu.exe
  C:\Windows\System\kyscqgu.exe
  2⤵
  PID:2184
- C:\Windows\System\WuBYyEq.exe
  C:\Windows\System\WuBYyEq.exe
  2⤵
  PID:4104
- C:\Windows\System\bExaTQm.exe
  C:\Windows\System\bExaTQm.exe
  2⤵
  PID:4136
- C:\Windows\System\hYrwWRN.exe
  C:\Windows\System\hYrwWRN.exe
  2⤵
  PID:4168
- C:\Windows\System\wtuqAIX.exe
  C:\Windows\System\wtuqAIX.exe
  2⤵
  PID:4200
- C:\Windows\System\EFYfOuD.exe
  C:\Windows\System\EFYfOuD.exe
  2⤵
  PID:4232
- C:\Windows\System\eKhImUd.exe
  C:\Windows\System\eKhImUd.exe
  2⤵
  PID:4264
- C:\Windows\System\MbnWTQs.exe
  C:\Windows\System\MbnWTQs.exe
  2⤵
  PID:4296
- C:\Windows\System\AikAQSQ.exe
  C:\Windows\System\AikAQSQ.exe
  2⤵
  PID:4328
- C:\Windows\System\PplHllK.exe
  C:\Windows\System\PplHllK.exe
  2⤵
  PID:4360
- C:\Windows\System\NndZrzB.exe
  C:\Windows\System\NndZrzB.exe
  2⤵
  PID:4392
- C:\Windows\System\daytFoR.exe
  C:\Windows\System\daytFoR.exe
  2⤵
  PID:4424
- C:\Windows\System\ydpuDIA.exe
  C:\Windows\System\ydpuDIA.exe
  2⤵
  PID:4468
- C:\Windows\System\anorryh.exe
  C:\Windows\System\anorryh.exe
  2⤵
  PID:4500
- C:\Windows\System\QHCnsao.exe
  C:\Windows\System\QHCnsao.exe
  2⤵
  PID:4532
- C:\Windows\System\feJteMh.exe
  C:\Windows\System\feJteMh.exe
  2⤵
  PID:4564
- C:\Windows\System\afMXqzM.exe
  C:\Windows\System\afMXqzM.exe
  2⤵
  PID:4600
- C:\Windows\System\iMZXADC.exe
  C:\Windows\System\iMZXADC.exe
  2⤵
  PID:4632
- C:\Windows\System\RJQvcPT.exe
  C:\Windows\System\RJQvcPT.exe
  2⤵
  PID:4664
- C:\Windows\System\rdQGjjj.exe
  C:\Windows\System\rdQGjjj.exe
  2⤵
  PID:4696
- C:\Windows\System\AjgwxHl.exe
  C:\Windows\System\AjgwxHl.exe
  2⤵
  PID:4728
- C:\Windows\System\JQLFPUN.exe
  C:\Windows\System\JQLFPUN.exe
  2⤵
  PID:4748
- C:\Windows\System\kKOmPeB.exe
  C:\Windows\System\kKOmPeB.exe
  2⤵
  PID:4792
- C:\Windows\System\yhfAlFr.exe
  C:\Windows\System\yhfAlFr.exe
  2⤵
  PID:5376
- C:\Windows\System\vdkxfzJ.exe
  C:\Windows\System\vdkxfzJ.exe
  2⤵
  PID:5932
- C:\Windows\System\qSkSHqt.exe
  C:\Windows\System\qSkSHqt.exe
  2⤵
  PID:5952
- C:\Windows\System\uTjCHBQ.exe
  C:\Windows\System\uTjCHBQ.exe
  2⤵
  PID:5968
- C:\Windows\System\vsmauWL.exe
  C:\Windows\System\vsmauWL.exe
  2⤵
  PID:5984
- C:\Windows\System\OhHhdrk.exe
  C:\Windows\System\OhHhdrk.exe
  2⤵
  PID:6016
- C:\Windows\System\tBOsBdc.exe
  C:\Windows\System\tBOsBdc.exe
  2⤵
  PID:6036
- C:\Windows\System\srZOVyY.exe
  C:\Windows\System\srZOVyY.exe
  2⤵
  PID:6064
- C:\Windows\System\fqistpi.exe
  C:\Windows\System\fqistpi.exe
  2⤵
  PID:6084
- C:\Windows\System\mhKEwKM.exe
  C:\Windows\System\mhKEwKM.exe
  2⤵
  PID:6104
- C:\Windows\System\bqpLWJJ.exe
  C:\Windows\System\bqpLWJJ.exe
  2⤵
  PID:6120
- C:\Windows\System\HKVvSGb.exe
  C:\Windows\System\HKVvSGb.exe
  2⤵
  PID:6140
- C:\Windows\System\xhZLHQt.exe
  C:\Windows\System\xhZLHQt.exe
  2⤵
  PID:4516
- C:\Windows\System\RFbWHyO.exe
  C:\Windows\System\RFbWHyO.exe
  2⤵
  PID:4648
- C:\Windows\System\HlWQYIl.exe
  C:\Windows\System\HlWQYIl.exe
  2⤵
  PID:4780
- C:\Windows\System\jdOoGyU.exe
  C:\Windows\System\jdOoGyU.exe
  2⤵
  PID:4292
- C:\Windows\System\qwueXwr.exe
  C:\Windows\System\qwueXwr.exe
  2⤵
  PID:4472
- C:\Windows\System\aNxjOdj.exe
  C:\Windows\System\aNxjOdj.exe
  2⤵
  PID:4620
- C:\Windows\System\qcYlYtO.exe
  C:\Windows\System\qcYlYtO.exe
  2⤵
  PID:4744
- C:\Windows\System\fCoVfMJ.exe
  C:\Windows\System\fCoVfMJ.exe
  2⤵
  PID:4904
- C:\Windows\System\YYQOthS.exe
  C:\Windows\System\YYQOthS.exe
  2⤵
  PID:4936
- C:\Windows\System\ijTonVM.exe
  C:\Windows\System\ijTonVM.exe
  2⤵
  PID:4984
- C:\Windows\System\fDvRnuE.exe
  C:\Windows\System\fDvRnuE.exe
  2⤵
  PID:5020
- C:\Windows\System\PzzADtC.exe
  C:\Windows\System\PzzADtC.exe
  2⤵
  PID:5064
- C:\Windows\System\BbYQlbR.exe
  C:\Windows\System\BbYQlbR.exe
  2⤵
  PID:5112
- C:\Windows\System\fQWcReu.exe
  C:\Windows\System\fQWcReu.exe
  2⤵
  PID:3300
- C:\Windows\System\cUmYuMx.exe
  C:\Windows\System\cUmYuMx.exe
  2⤵
  PID:3648
- C:\Windows\System\PywKOkV.exe
  C:\Windows\System\PywKOkV.exe
  2⤵
  PID:4008
- C:\Windows\System\EYribqI.exe
  C:\Windows\System\EYribqI.exe
  2⤵
  PID:4132
- C:\Windows\System\CVMqvUj.exe
  C:\Windows\System\CVMqvUj.exe
  2⤵
  PID:5124
- C:\Windows\System\ryWBTFB.exe
  C:\Windows\System\ryWBTFB.exe
  2⤵
  PID:5144
- C:\Windows\System\EsjTshU.exe
  C:\Windows\System\EsjTshU.exe
  2⤵
  PID:5164
- C:\Windows\System\ZSaZlTG.exe
  C:\Windows\System\ZSaZlTG.exe
  2⤵
  PID:5184
- C:\Windows\System\UgRrktd.exe
  C:\Windows\System\UgRrktd.exe
  2⤵
  PID:5204
- C:\Windows\System\lnvczwt.exe
  C:\Windows\System\lnvczwt.exe
  2⤵
  PID:5220
- C:\Windows\System\qltmzvJ.exe
  C:\Windows\System\qltmzvJ.exe
  2⤵
  PID:5240
- C:\Windows\System\UZPcIIA.exe
  C:\Windows\System\UZPcIIA.exe
  2⤵
  PID:5256
- C:\Windows\System\Bkydjwy.exe
  C:\Windows\System\Bkydjwy.exe
  2⤵
  PID:5280
- C:\Windows\System\LHEvwYy.exe
  C:\Windows\System\LHEvwYy.exe
  2⤵
  PID:5292
- C:\Windows\System\scXbLdf.exe
  C:\Windows\System\scXbLdf.exe
  2⤵
  PID:5316
- C:\Windows\System\updGtUy.exe
  C:\Windows\System\updGtUy.exe
  2⤵
  PID:5336
- C:\Windows\System\HNovpue.exe
  C:\Windows\System\HNovpue.exe
  2⤵
  PID:5356
- C:\Windows\System\okhdWyM.exe
  C:\Windows\System\okhdWyM.exe
  2⤵
  PID:5372
- C:\Windows\System\eBcELWt.exe
  C:\Windows\System\eBcELWt.exe
  2⤵
  PID:5400
- C:\Windows\System\YEaNDbh.exe
  C:\Windows\System\YEaNDbh.exe
  2⤵
  PID:5420
- C:\Windows\System\thYaOfh.exe
  C:\Windows\System\thYaOfh.exe
  2⤵
  PID:5440
- C:\Windows\System\HpfkUbn.exe
  C:\Windows\System\HpfkUbn.exe
  2⤵
  PID:5460
- C:\Windows\System\BFGZrfX.exe
  C:\Windows\System\BFGZrfX.exe
  2⤵
  PID:5480
- C:\Windows\System\cSVFYEb.exe
  C:\Windows\System\cSVFYEb.exe
  2⤵
  PID:5500
- C:\Windows\System\YLTxyOY.exe
  C:\Windows\System\YLTxyOY.exe
  2⤵
  PID:5520
- C:\Windows\System\DBetWRh.exe
  C:\Windows\System\DBetWRh.exe
  2⤵
  PID:5540
- C:\Windows\System\bAdAmSB.exe
  C:\Windows\System\bAdAmSB.exe
  2⤵
  PID:5560
- C:\Windows\System\NWZatkN.exe
  C:\Windows\System\NWZatkN.exe
  2⤵
  PID:5584
- C:\Windows\System\ZdBjYXp.exe
  C:\Windows\System\ZdBjYXp.exe
  2⤵
  PID:5604
- C:\Windows\System\ZZohACS.exe
  C:\Windows\System\ZZohACS.exe
  2⤵
  PID:5620
- C:\Windows\System\vhdwECm.exe
  C:\Windows\System\vhdwECm.exe
  2⤵
  PID:5648
- C:\Windows\System\UVNXqTr.exe
  C:\Windows\System\UVNXqTr.exe
  2⤵
  PID:5668
- C:\Windows\System\hyWeabb.exe
  C:\Windows\System\hyWeabb.exe
  2⤵
  PID:5940
- C:\Windows\System\icpWKJn.exe
  C:\Windows\System\icpWKJn.exe
  2⤵
  PID:5696
- C:\Windows\System\dhCjSKq.exe
  C:\Windows\System\dhCjSKq.exe
  2⤵
  PID:5716
- C:\Windows\System\RPDSMXb.exe
  C:\Windows\System\RPDSMXb.exe
  2⤵
  PID:5740
- C:\Windows\System\VsKajBY.exe
  C:\Windows\System\VsKajBY.exe
  2⤵
  PID:5756
- C:\Windows\System\sCfxbdW.exe
  C:\Windows\System\sCfxbdW.exe
  2⤵
  PID:5780
- C:\Windows\System\LtAjFch.exe
  C:\Windows\System\LtAjFch.exe
  2⤵
  PID:5800
- C:\Windows\System\CuPSjON.exe
  C:\Windows\System\CuPSjON.exe
  2⤵
  PID:5824
- C:\Windows\System\zmemzKI.exe
  C:\Windows\System\zmemzKI.exe
  2⤵
  PID:5840
- C:\Windows\System\XSvRxwv.exe
  C:\Windows\System\XSvRxwv.exe
  2⤵
  PID:5860
- C:\Windows\System\JtpLzhH.exe
  C:\Windows\System\JtpLzhH.exe
  2⤵
  PID:5884
- C:\Windows\System\jESXnIw.exe
  C:\Windows\System\jESXnIw.exe
  2⤵
  PID:5900
- C:\Windows\System\aPwRLvH.exe
  C:\Windows\System\aPwRLvH.exe
  2⤵
  PID:5920
- C:\Windows\System\wECHjKG.exe
  C:\Windows\System\wECHjKG.exe
  2⤵
  PID:6028
- C:\Windows\System\jzdVIXm.exe
  C:\Windows\System\jzdVIXm.exe
  2⤵
  PID:6112
- C:\Windows\System\NIMpAxT.exe
  C:\Windows\System\NIMpAxT.exe
  2⤵
  PID:4452
- C:\Windows\System\flepKWC.exe
  C:\Windows\System\flepKWC.exe
  2⤵
  PID:6004
- C:\Windows\System\sBmSxUc.exe
  C:\Windows\System\sBmSxUc.exe
  2⤵
  PID:6056
- C:\Windows\System\ProZEtg.exe
  C:\Windows\System\ProZEtg.exe
  2⤵
  PID:6128
- C:\Windows\System\QwKQVXA.exe
  C:\Windows\System\QwKQVXA.exe
  2⤵
  PID:4420
- C:\Windows\System\nhkjfOR.exe
  C:\Windows\System\nhkjfOR.exe
  2⤵
  PID:4808
- C:\Windows\System\FTeMKQn.exe
  C:\Windows\System\FTeMKQn.exe
  2⤵
  PID:4216
- C:\Windows\System\wpcDSoF.exe
  C:\Windows\System\wpcDSoF.exe
  2⤵
  PID:5004
- C:\Windows\System\JhFsZAN.exe
  C:\Windows\System\JhFsZAN.exe
  2⤵
  PID:5084
- C:\Windows\System\elbDCqf.exe
  C:\Windows\System\elbDCqf.exe
  2⤵
  PID:4892
- C:\Windows\System\PXrXuRA.exe
  C:\Windows\System\PXrXuRA.exe
  2⤵
  PID:3492
- C:\Windows\System\xlibSix.exe
  C:\Windows\System\xlibSix.exe
  2⤵
  PID:5052
- C:\Windows\System\qlThxLI.exe
  C:\Windows\System\qlThxLI.exe
  2⤵
  PID:5140
- C:\Windows\System\gsEUxrk.exe
  C:\Windows\System\gsEUxrk.exe
  2⤵
  PID:3880
- C:\Windows\System\YhWjPXa.exe
  C:\Windows\System\YhWjPXa.exe
  2⤵
  PID:2204
- C:\Windows\System\fYBANtj.exe
  C:\Windows\System\fYBANtj.exe
  2⤵
  PID:4248
- C:\Windows\System\DKLjoTH.exe
  C:\Windows\System\DKLjoTH.exe
  2⤵
  PID:1124
- C:\Windows\System\soEtAsK.exe
  C:\Windows\System\soEtAsK.exe
  2⤵
  PID:5364
- C:\Windows\System\iEmYkEM.exe
  C:\Windows\System\iEmYkEM.exe
  2⤵
  PID:5408
- C:\Windows\System\IyyjzFB.exe
  C:\Windows\System\IyyjzFB.exe
  2⤵
  PID:5264
- C:\Windows\System\OKMNlNA.exe
  C:\Windows\System\OKMNlNA.exe
  2⤵
  PID:5300
- C:\Windows\System\oOCUXzs.exe
  C:\Windows\System\oOCUXzs.exe
  2⤵
  PID:5456
- C:\Windows\System\ZGwbPlF.exe
  C:\Windows\System\ZGwbPlF.exe
  2⤵
  PID:5492
- C:\Windows\System\BkqqSQK.exe
  C:\Windows\System\BkqqSQK.exe
  2⤵
  PID:5352
- C:\Windows\System\INDBsjb.exe
  C:\Windows\System\INDBsjb.exe
  2⤵
  PID:5396
- C:\Windows\System\RJiAhMD.exe
  C:\Windows\System\RJiAhMD.exe
  2⤵
  PID:5472
- C:\Windows\System\WVJSfHf.exe
  C:\Windows\System\WVJSfHf.exe
  2⤵
  PID:5508
- C:\Windows\System\kudafyf.exe
  C:\Windows\System\kudafyf.exe
  2⤵
  PID:5548
- C:\Windows\System\LiYeUff.exe
  C:\Windows\System\LiYeUff.exe
  2⤵
  PID:5664
- C:\Windows\System\oEhkeHE.exe
  C:\Windows\System\oEhkeHE.exe
  2⤵
  PID:5676
- C:\Windows\System\EmQjwVJ.exe
  C:\Windows\System\EmQjwVJ.exe
  2⤵
  PID:5704
- C:\Windows\System\HwqtgKh.exe
  C:\Windows\System\HwqtgKh.exe
  2⤵
  PID:5808
- C:\Windows\System\VwTkKNo.exe
  C:\Windows\System\VwTkKNo.exe
  2⤵
  PID:5856
- C:\Windows\System\azFqzgu.exe
  C:\Windows\System\azFqzgu.exe
  2⤵
  PID:5892
- C:\Windows\System\vNPlYoR.exe
  C:\Windows\System\vNPlYoR.exe
  2⤵
  PID:5792
- C:\Windows\System\PGrKlmP.exe
  C:\Windows\System\PGrKlmP.exe
  2⤵
  PID:5868
- C:\Windows\System\TuuUmmA.exe
  C:\Windows\System\TuuUmmA.exe
  2⤵
  PID:6024
- C:\Windows\System\ZVkzsXt.exe
  C:\Windows\System\ZVkzsXt.exe
  2⤵
  PID:5960
- C:\Windows\System\lpdPbrQ.exe
  C:\Windows\System\lpdPbrQ.exe
  2⤵
  PID:6000
- C:\Windows\System\RucaLfd.exe
  C:\Windows\System\RucaLfd.exe
  2⤵
  PID:6092
- C:\Windows\System\aBLBOwl.exe
  C:\Windows\System\aBLBOwl.exe
  2⤵
  PID:4924
- C:\Windows\System\MKMBPbA.exe
  C:\Windows\System\MKMBPbA.exe
  2⤵
  PID:4684
- C:\Windows\System\guQbhdU.exe
  C:\Windows\System\guQbhdU.exe
  2⤵
  PID:4548
- C:\Windows\System\clplhro.exe
  C:\Windows\System\clplhro.exe
  2⤵
  PID:4972
- C:\Windows\System\GspiMow.exe
  C:\Windows\System\GspiMow.exe
  2⤵
  PID:3236
- C:\Windows\System\mAcyWIU.exe
  C:\Windows\System\mAcyWIU.exe
  2⤵
  PID:4552
- C:\Windows\System\DEbMeps.exe
  C:\Windows\System\DEbMeps.exe
  2⤵
  PID:4876
- C:\Windows\System\DFnYuOT.exe
  C:\Windows\System\DFnYuOT.exe
  2⤵
  PID:5176
- C:\Windows\System\zdkmnUq.exe
  C:\Windows\System\zdkmnUq.exe
  2⤵
  PID:5192
- C:\Windows\System\gCRlknc.exe
  C:\Windows\System\gCRlknc.exe
  2⤵
  PID:4196
- C:\Windows\System\jKBIjfk.exe
  C:\Windows\System\jKBIjfk.exe
  2⤵
  PID:5332
- C:\Windows\System\IVYeOwa.exe
  C:\Windows\System\IVYeOwa.exe
  2⤵
  PID:5232
- C:\Windows\System\UEooDqj.exe
  C:\Windows\System\UEooDqj.exe
  2⤵
  PID:5312
- C:\Windows\System\IBMgpNe.exe
  C:\Windows\System\IBMgpNe.exe
  2⤵
  PID:5392
- C:\Windows\System\mEHOfVq.exe
  C:\Windows\System\mEHOfVq.exe
  2⤵
  PID:5436
- C:\Windows\System\CSEXuaN.exe
  C:\Windows\System\CSEXuaN.exe
  2⤵
  PID:5572
- C:\Windows\System\wHKMmOt.exe
  C:\Windows\System\wHKMmOt.exe
  2⤵
  PID:5944
- C:\Windows\System\NhNvCGe.exe
  C:\Windows\System\NhNvCGe.exe
  2⤵
  PID:2744
- C:\Windows\System\mwsXlLU.exe
  C:\Windows\System\mwsXlLU.exe
  2⤵
  PID:4812
- C:\Windows\System\HcyGTSw.exe
  C:\Windows\System\HcyGTSw.exe
  2⤵
  PID:2944
- C:\Windows\System\YpIWTax.exe
  C:\Windows\System\YpIWTax.exe
  2⤵
  PID:3040
- C:\Windows\System\oQVKbAU.exe
  C:\Windows\System\oQVKbAU.exe
  2⤵
  PID:2652
- C:\Windows\System\GMuPNoS.exe
  C:\Windows\System\GMuPNoS.exe
  2⤵
  PID:2852
- C:\Windows\System\KerYmUA.exe
  C:\Windows\System\KerYmUA.exe
  2⤵
  PID:5928
- C:\Windows\System\NrOcPgB.exe
  C:\Windows\System\NrOcPgB.exe
  2⤵
  PID:6100
- C:\Windows\System\pbNpnqX.exe
  C:\Windows\System\pbNpnqX.exe
  2⤵
  PID:2836
- C:\Windows\System\ZzYIncD.exe
  C:\Windows\System\ZzYIncD.exe
  2⤵
  PID:1776
- C:\Windows\System\dQGwMey.exe
  C:\Windows\System\dQGwMey.exe
  2⤵
  PID:1880
- C:\Windows\System\wJFvmZX.exe
  C:\Windows\System\wJFvmZX.exe
  2⤵
  PID:2680
- C:\Windows\System\URlAsnu.exe
  C:\Windows\System\URlAsnu.exe
  2⤵
  PID:2788
- C:\Windows\System\uJydCeX.exe
  C:\Windows\System\uJydCeX.exe
  2⤵
  PID:2012
- C:\Windows\System\mwHVxKs.exe
  C:\Windows\System\mwHVxKs.exe
  2⤵
  PID:3044
- C:\Windows\System\ySxnPqZ.exe
  C:\Windows\System\ySxnPqZ.exe
  2⤵
  PID:5728
- C:\Windows\System\KXPLUCG.exe
  C:\Windows\System\KXPLUCG.exe
  2⤵
  PID:5768
- C:\Windows\System\IDZQmlL.exe
  C:\Windows\System\IDZQmlL.exe
  2⤵
  PID:5908
- C:\Windows\System\xfLGqKe.exe
  C:\Windows\System\xfLGqKe.exe
  2⤵
  PID:6012
- C:\Windows\System\thkyrlh.exe
  C:\Windows\System\thkyrlh.exe
  2⤵
  PID:5820
- C:\Windows\System\heNpgvt.exe
  C:\Windows\System\heNpgvt.exe
  2⤵
  PID:872
- C:\Windows\System\TcSezDR.exe
  C:\Windows\System\TcSezDR.exe
  2⤵
  PID:1884
- C:\Windows\System\PzdLUxM.exe
  C:\Windows\System\PzdLUxM.exe
  2⤵
  PID:3556
- C:\Windows\System\LmSnMlr.exe
  C:\Windows\System\LmSnMlr.exe
  2⤵
  PID:4616
- C:\Windows\System\mWUVGSF.exe
  C:\Windows\System\mWUVGSF.exe
  2⤵
  PID:5276
- C:\Windows\System\JvQooIb.exe
  C:\Windows\System\JvQooIb.exe
  2⤵
  PID:4100
- C:\Windows\System\MSsmFTe.exe
  C:\Windows\System\MSsmFTe.exe
  2⤵
  PID:5304
- C:\Windows\System\BBYnlJc.exe
  C:\Windows\System\BBYnlJc.exe
  2⤵
  PID:1728
- C:\Windows\System\lbAOYgG.exe
  C:\Windows\System\lbAOYgG.exe
  2⤵
  PID:1664
- C:\Windows\System\HfSqDYQ.exe
  C:\Windows\System\HfSqDYQ.exe
  2⤵
  PID:2904
- C:\Windows\System\bWmUdkQ.exe
  C:\Windows\System\bWmUdkQ.exe
  2⤵
  PID:5388
- C:\Windows\System\WwgmruG.exe
  C:\Windows\System\WwgmruG.exe
  2⤵
  PID:5644
- C:\Windows\System\vjQthcV.exe
  C:\Windows\System\vjQthcV.exe
  2⤵
  PID:2716
- C:\Windows\System\xOYkMKw.exe
  C:\Windows\System\xOYkMKw.exe
  2⤵
  PID:2400
- C:\Windows\System\BnZAQCr.exe
  C:\Windows\System\BnZAQCr.exe
  2⤵
  PID:5848
- C:\Windows\System\GVuLXPa.exe
  C:\Windows\System\GVuLXPa.exe
  2⤵
  PID:4388
- C:\Windows\System\ZvkbOXU.exe
  C:\Windows\System\ZvkbOXU.exe
  2⤵
  PID:6048
- C:\Windows\System\HGYDVRa.exe
  C:\Windows\System\HGYDVRa.exe
  2⤵
  PID:5344
- C:\Windows\System\qFPYvfr.exe
  C:\Windows\System\qFPYvfr.exe
  2⤵
  PID:5632
- C:\Windows\System\XnJLPVP.exe
  C:\Windows\System\XnJLPVP.exe
  2⤵
  PID:1640
- C:\Windows\System\qapQHqF.exe
  C:\Windows\System\qapQHqF.exe
  2⤵
  PID:5736
- C:\Windows\System\ynWspOa.exe
  C:\Windows\System\ynWspOa.exe
  2⤵
  PID:5836
- C:\Windows\System\WruWOki.exe
  C:\Windows\System\WruWOki.exe
  2⤵
  PID:4956
- C:\Windows\System\nGoHkYa.exe
  C:\Windows\System\nGoHkYa.exe
  2⤵
  PID:1332
- C:\Windows\System\DpBFrOr.exe
  C:\Windows\System\DpBFrOr.exe
  2⤵
  PID:5976
- C:\Windows\System\JZeqjMW.exe
  C:\Windows\System\JZeqjMW.exe
  2⤵
  PID:6080
- C:\Windows\System\dtAFdvf.exe
  C:\Windows\System\dtAFdvf.exe
  2⤵
  PID:5036
- C:\Windows\System\mgweMRM.exe
  C:\Windows\System\mgweMRM.exe
  2⤵
  PID:1148
- C:\Windows\System\BrbhKsH.exe
  C:\Windows\System\BrbhKsH.exe
  2⤵
  PID:5512
- C:\Windows\System\qKkLaJm.exe
  C:\Windows\System\qKkLaJm.exe
  2⤵
  PID:5536
- C:\Windows\System\AVgnZLc.exe
  C:\Windows\System\AVgnZLc.exe
  2⤵
  PID:5600
- C:\Windows\System\IoDhyPG.exe
  C:\Windows\System\IoDhyPG.exe
  2⤵
  PID:5876
- C:\Windows\System\isStdTc.exe
  C:\Windows\System\isStdTc.exe
  2⤵
  PID:5712
- C:\Windows\System\oGGIhCg.exe
  C:\Windows\System\oGGIhCg.exe
  2⤵
  PID:5348
- C:\Windows\System\DwuiDOY.exe
  C:\Windows\System\DwuiDOY.exe
  2⤵
  PID:5000
- C:\Windows\System\YVWmhTr.exe
  C:\Windows\System\YVWmhTr.exe
  2⤵
  PID:1544
- C:\Windows\System\BFxKqXe.exe
  C:\Windows\System\BFxKqXe.exe
  2⤵
  PID:4584
- C:\Windows\System\ZuAprcx.exe
  C:\Windows\System\ZuAprcx.exe
  2⤵
  PID:2884
- C:\Windows\System\VpFJeXp.exe
  C:\Windows\System\VpFJeXp.exe
  2⤵
  PID:1764
- C:\Windows\System\PzueMqS.exe
  C:\Windows\System\PzueMqS.exe
  2⤵
  PID:6148
- C:\Windows\System\ODxzQrh.exe
  C:\Windows\System\ODxzQrh.exe
  2⤵
  PID:6168
- C:\Windows\System\LauEoXf.exe
  C:\Windows\System\LauEoXf.exe
  2⤵
  PID:6216
- C:\Windows\System\vIxvJQA.exe
  C:\Windows\System\vIxvJQA.exe
  2⤵
  PID:6232
- C:\Windows\System\RohYqQG.exe
  C:\Windows\System\RohYqQG.exe
  2⤵
  PID:6248
- C:\Windows\System\LbGfLCM.exe
  C:\Windows\System\LbGfLCM.exe
  2⤵
  PID:6264
- C:\Windows\System\QIigsrd.exe
  C:\Windows\System\QIigsrd.exe
  2⤵
  PID:6280
- C:\Windows\System\vDkCcSe.exe
  C:\Windows\System\vDkCcSe.exe
  2⤵
  PID:6296
- C:\Windows\System\WxDlpUG.exe
  C:\Windows\System\WxDlpUG.exe
  2⤵
  PID:6312
- C:\Windows\System\IWdLnsv.exe
  C:\Windows\System\IWdLnsv.exe
  2⤵
  PID:6328
- C:\Windows\System\qHuMwQf.exe
  C:\Windows\System\qHuMwQf.exe
  2⤵
  PID:6344
- C:\Windows\System\ZLWVLqG.exe
  C:\Windows\System\ZLWVLqG.exe
  2⤵
  PID:6364
- C:\Windows\System\ISIXTpB.exe
  C:\Windows\System\ISIXTpB.exe
  2⤵
  PID:6384
- C:\Windows\System\XoxlXeU.exe
  C:\Windows\System\XoxlXeU.exe
  2⤵
  PID:6408
- C:\Windows\System\mCIwHwe.exe
  C:\Windows\System\mCIwHwe.exe
  2⤵
  PID:6424
- C:\Windows\System\yNJZMVO.exe
  C:\Windows\System\yNJZMVO.exe
  2⤵
  PID:6440
- C:\Windows\System\hhOJtoV.exe
  C:\Windows\System\hhOJtoV.exe
  2⤵
  PID:6456
- C:\Windows\System\smxXtjl.exe
  C:\Windows\System\smxXtjl.exe
  2⤵
  PID:6476
- C:\Windows\System\VUubyjp.exe
  C:\Windows\System\VUubyjp.exe
  2⤵
  PID:6496
- C:\Windows\System\BIMuTYM.exe
  C:\Windows\System\BIMuTYM.exe
  2⤵
  PID:6516
- C:\Windows\System\OjIXeLj.exe
  C:\Windows\System\OjIXeLj.exe
  2⤵
  PID:6532
- C:\Windows\System\zXwWVTR.exe
  C:\Windows\System\zXwWVTR.exe
  2⤵
  PID:6548
- C:\Windows\System\CuQEBxd.exe
  C:\Windows\System\CuQEBxd.exe
  2⤵
  PID:6564
- C:\Windows\System\sqUXPYl.exe
  C:\Windows\System\sqUXPYl.exe
  2⤵
  PID:6580
- C:\Windows\System\ZOLDUHt.exe
  C:\Windows\System\ZOLDUHt.exe
  2⤵
  PID:6600
- C:\Windows\System\gHFDTak.exe
  C:\Windows\System\gHFDTak.exe
  2⤵
  PID:6620
- C:\Windows\System\hfsvAVG.exe
  C:\Windows\System\hfsvAVG.exe
  2⤵
  PID:6636
- C:\Windows\System\gEvhbyV.exe
  C:\Windows\System\gEvhbyV.exe
  2⤵
  PID:6656
- C:\Windows\System\yWNMACZ.exe
  C:\Windows\System\yWNMACZ.exe
  2⤵
  PID:6676
- C:\Windows\System\wyRUXUJ.exe
  C:\Windows\System\wyRUXUJ.exe
  2⤵
  PID:6696
- C:\Windows\System\lkXKfoS.exe
  C:\Windows\System\lkXKfoS.exe
  2⤵
  PID:6712
- C:\Windows\System\SmlqXwe.exe
  C:\Windows\System\SmlqXwe.exe
  2⤵
  PID:6732
- C:\Windows\System\NvNAghL.exe
  C:\Windows\System\NvNAghL.exe
  2⤵
  PID:6752
- C:\Windows\System\YQlKaju.exe
  C:\Windows\System\YQlKaju.exe
  2⤵
  PID:6768
- C:\Windows\System\rzIHdpP.exe
  C:\Windows\System\rzIHdpP.exe
  2⤵
  PID:6788
- C:\Windows\System\yJkxUYZ.exe
  C:\Windows\System\yJkxUYZ.exe
  2⤵
  PID:6808
- C:\Windows\System\OPJYjTG.exe
  C:\Windows\System\OPJYjTG.exe
  2⤵
  PID:6908
- C:\Windows\System\tQsosED.exe
  C:\Windows\System\tQsosED.exe
  2⤵
  PID:6924
- C:\Windows\System\sxCNJVh.exe
  C:\Windows\System\sxCNJVh.exe
  2⤵
  PID:6940
- C:\Windows\System\pMLGFxM.exe
  C:\Windows\System\pMLGFxM.exe
  2⤵
  PID:6960
- C:\Windows\System\WCCsczF.exe
  C:\Windows\System\WCCsczF.exe
  2⤵
  PID:6980
- C:\Windows\System\NfCfuSB.exe
  C:\Windows\System\NfCfuSB.exe
  2⤵
  PID:6996
- C:\Windows\System\UlYxCCU.exe
  C:\Windows\System\UlYxCCU.exe
  2⤵
  PID:7012
- C:\Windows\System\udJJekM.exe
  C:\Windows\System\udJJekM.exe
  2⤵
  PID:7028
- C:\Windows\System\gqPvOLo.exe
  C:\Windows\System\gqPvOLo.exe
  2⤵
  PID:7048
- C:\Windows\System\DISsvYQ.exe
  C:\Windows\System\DISsvYQ.exe
  2⤵
  PID:7064
- C:\Windows\System\OoWHosX.exe
  C:\Windows\System\OoWHosX.exe
  2⤵
  PID:7104
- C:\Windows\System\oMsjtsq.exe
  C:\Windows\System\oMsjtsq.exe
  2⤵
  PID:7120
- C:\Windows\System\chrhpjw.exe
  C:\Windows\System\chrhpjw.exe
  2⤵
  PID:7140
- C:\Windows\System\sGxtuau.exe
  C:\Windows\System\sGxtuau.exe
  2⤵
  PID:7160
- C:\Windows\System\HyEXXLz.exe
  C:\Windows\System\HyEXXLz.exe
  2⤵
  PID:5412
- C:\Windows\System\hLKAbvM.exe
  C:\Windows\System\hLKAbvM.exe
  2⤵
  PID:5580
- C:\Windows\System\hIQdvos.exe
  C:\Windows\System\hIQdvos.exe
  2⤵
  PID:2068
- C:\Windows\System\aCjrpRh.exe
  C:\Windows\System\aCjrpRh.exe
  2⤵
  PID:5832
- C:\Windows\System\snOCOyY.exe
  C:\Windows\System\snOCOyY.exe
  2⤵
  PID:2784
- C:\Windows\System\WWjWGsl.exe
  C:\Windows\System\WWjWGsl.exe
  2⤵
  PID:6136
- C:\Windows\System\mCPTygV.exe
  C:\Windows\System\mCPTygV.exe
  2⤵
  PID:6160
- C:\Windows\System\NohmxMa.exe
  C:\Windows\System\NohmxMa.exe
  2⤵
  PID:6288
- C:\Windows\System\LFMlctW.exe
  C:\Windows\System\LFMlctW.exe
  2⤵
  PID:6352
- C:\Windows\System\QACMrHE.exe
  C:\Windows\System\QACMrHE.exe
  2⤵
  PID:6396
- C:\Windows\System\slpjjIR.exe
  C:\Windows\System\slpjjIR.exe
  2⤵
  PID:6436
- C:\Windows\System\ZiczhHG.exe
  C:\Windows\System\ZiczhHG.exe
  2⤵
  PID:6508
- C:\Windows\System\roMlJWC.exe
  C:\Windows\System\roMlJWC.exe
  2⤵
  PID:6576
- C:\Windows\System\ldDFeNp.exe
  C:\Windows\System\ldDFeNp.exe
  2⤵
  PID:4280
- C:\Windows\System\fvizcmW.exe
  C:\Windows\System\fvizcmW.exe
  2⤵
  PID:6608
- C:\Windows\System\jsqAIrG.exe
  C:\Windows\System\jsqAIrG.exe
  2⤵
  PID:5048
- C:\Windows\System\CRWzhfJ.exe
  C:\Windows\System\CRWzhfJ.exe
  2⤵
  PID:6652
- C:\Windows\System\cNoJfGT.exe
  C:\Windows\System\cNoJfGT.exe
  2⤵
  PID:6720
- C:\Windows\System\NpYwOLl.exe
  C:\Windows\System\NpYwOLl.exe
  2⤵
  PID:6764
- C:\Windows\System\WWtzzmq.exe
  C:\Windows\System\WWtzzmq.exe
  2⤵
  PID:6800
- C:\Windows\System\oemROae.exe
  C:\Windows\System\oemROae.exe
  2⤵
  PID:6200
- C:\Windows\System\GCwICAW.exe
  C:\Windows\System\GCwICAW.exe
  2⤵
  PID:6776
- C:\Windows\System\cfoHSey.exe
  C:\Windows\System\cfoHSey.exe
  2⤵
  PID:6244
- C:\Windows\System\sQOmbiH.exe
  C:\Windows\System\sQOmbiH.exe
  2⤵
  PID:6308
- C:\Windows\System\ZDZHPTW.exe
  C:\Windows\System\ZDZHPTW.exe
  2⤵
  PID:6376
- C:\Windows\System\tZbuPjL.exe
  C:\Windows\System\tZbuPjL.exe
  2⤵
  PID:6448
- C:\Windows\System\qBFYIbP.exe
  C:\Windows\System\qBFYIbP.exe
  2⤵
  PID:6492
- C:\Windows\System\emfjirV.exe
  C:\Windows\System\emfjirV.exe
  2⤵
  PID:6588
- C:\Windows\System\hEFcmsE.exe
  C:\Windows\System\hEFcmsE.exe
  2⤵
  PID:6664
- C:\Windows\System\ZaruRGf.exe
  C:\Windows\System\ZaruRGf.exe
  2⤵
  PID:6708
- C:\Windows\System\OGMjjPD.exe
  C:\Windows\System\OGMjjPD.exe
  2⤵
  PID:6784
- C:\Windows\System\GmxPvRN.exe
  C:\Windows\System\GmxPvRN.exe
  2⤵
  PID:6844
- C:\Windows\System\jeZqLBQ.exe
  C:\Windows\System\jeZqLBQ.exe
  2⤵
  PID:6920
- C:\Windows\System\EWersyb.exe
  C:\Windows\System\EWersyb.exe
  2⤵
  PID:6864
- C:\Windows\System\otmgFFa.exe
  C:\Windows\System\otmgFFa.exe
  2⤵
  PID:6880
- C:\Windows\System\NJbMBIE.exe
  C:\Windows\System\NJbMBIE.exe
  2⤵
  PID:6896
- C:\Windows\System\dSQDGGS.exe
  C:\Windows\System\dSQDGGS.exe
  2⤵
  PID:6952
- C:\Windows\System\GZRckpZ.exe
  C:\Windows\System\GZRckpZ.exe
  2⤵
  PID:7024
- C:\Windows\System\VNPWHxN.exe
  C:\Windows\System\VNPWHxN.exe
  2⤵
  PID:6936
- C:\Windows\System\qFVmnSF.exe
  C:\Windows\System\qFVmnSF.exe
  2⤵
  PID:7008
- C:\Windows\System\SdSxNxM.exe
  C:\Windows\System\SdSxNxM.exe
  2⤵
  PID:7080
- C:\Windows\System\dTWLACh.exe
  C:\Windows\System\dTWLACh.exe
  2⤵
  PID:7112
- C:\Windows\System\TCbZEcE.exe
  C:\Windows\System\TCbZEcE.exe
  2⤵
  PID:7100
- C:\Windows\System\kwNWOWj.exe
  C:\Windows\System\kwNWOWj.exe
  2⤵
  PID:7128
- C:\Windows\System\CwwIgMc.exe
  C:\Windows\System\CwwIgMc.exe
  2⤵
  PID:5612
- C:\Windows\System\jKeTynD.exe
  C:\Windows\System\jKeTynD.exe
  2⤵
  PID:6176
- C:\Windows\System\NDkRdlq.exe
  C:\Windows\System\NDkRdlq.exe
  2⤵
  PID:6360
- C:\Windows\System\eaGkswk.exe
  C:\Windows\System\eaGkswk.exe
  2⤵
  PID:4356
- C:\Windows\System\lYQIaEt.exe
  C:\Windows\System\lYQIaEt.exe
  2⤵
  PID:5248
- C:\Windows\System\FHcdRRK.exe
  C:\Windows\System\FHcdRRK.exe
  2⤵
  PID:6504
- C:\Windows\System\dfOErmr.exe
  C:\Windows\System\dfOErmr.exe
  2⤵
  PID:3844
- C:\Windows\System\cqtDtwF.exe
  C:\Windows\System\cqtDtwF.exe
  2⤵
  PID:6324
- C:\Windows\System\YvFoYVV.exe
  C:\Windows\System\YvFoYVV.exe
  2⤵
  PID:6544
- C:\Windows\System\fpCOEaL.exe
  C:\Windows\System\fpCOEaL.exe
  2⤵
  PID:6472
- C:\Windows\System\TEUvMHb.exe
  C:\Windows\System\TEUvMHb.exe
  2⤵
  PID:6616
- C:\Windows\System\YboJPrQ.exe
  C:\Windows\System\YboJPrQ.exe
  2⤵
  PID:6832
- C:\Windows\System\ZFLAzyQ.exe
  C:\Windows\System\ZFLAzyQ.exe
  2⤵
  PID:6956
- C:\Windows\System\XvMROWO.exe
  C:\Windows\System\XvMROWO.exe
  2⤵
  PID:7156
- C:\Windows\System\rtUlBPr.exe
  C:\Windows\System\rtUlBPr.exe
  2⤵
  PID:5896
- C:\Windows\System\ETsYkiz.exe
  C:\Windows\System\ETsYkiz.exe
  2⤵
  PID:264
- C:\Windows\System\jGRwzKD.exe
  C:\Windows\System\jGRwzKD.exe
  2⤵
  PID:6032
- C:\Windows\System\lheCUbV.exe
  C:\Windows\System\lheCUbV.exe
  2⤵
  PID:2980
- C:\Windows\System\thZSAOu.exe
  C:\Windows\System\thZSAOu.exe
  2⤵
  PID:6432
- C:\Windows\System\sCVdjpf.exe
  C:\Windows\System\sCVdjpf.exe
  2⤵
  PID:6180
- C:\Windows\System\daxNUtY.exe
  C:\Windows\System\daxNUtY.exe
  2⤵
  PID:6596
- C:\Windows\System\PChaacE.exe
  C:\Windows\System\PChaacE.exe
  2⤵
  PID:6728
- C:\Windows\System\TTpkjKC.exe
  C:\Windows\System\TTpkjKC.exe
  2⤵
  PID:6240
- C:\Windows\System\EjpNpiY.exe
  C:\Windows\System\EjpNpiY.exe
  2⤵
  PID:6488
- C:\Windows\System\XPJNpeV.exe
  C:\Windows\System\XPJNpeV.exe
  2⤵
  PID:6828
- C:\Windows\System\HXGeLLU.exe
  C:\Windows\System\HXGeLLU.exe
  2⤵
  PID:6704
- C:\Windows\System\YTcINkH.exe
  C:\Windows\System\YTcINkH.exe
  2⤵
  PID:6888
- C:\Windows\System\WYvstft.exe
  C:\Windows\System\WYvstft.exe
  2⤵
  PID:6860
- C:\Windows\System\pUiLwmd.exe
  C:\Windows\System\pUiLwmd.exe
  2⤵
  PID:7056
- C:\Windows\System\KWQZVXo.exe
  C:\Windows\System\KWQZVXo.exe
  2⤵
  PID:6748
- C:\Windows\System\PBHOmUJ.exe
  C:\Windows\System\PBHOmUJ.exe
  2⤵
  PID:6876
- C:\Windows\System\HuoSYcH.exe
  C:\Windows\System\HuoSYcH.exe
  2⤵
  PID:7044
- C:\Windows\System\BQusOFW.exe
  C:\Windows\System\BQusOFW.exe
  2⤵
  PID:6156
- C:\Windows\System\HlviDBX.exe
  C:\Windows\System\HlviDBX.exe
  2⤵
  PID:6644
- C:\Windows\System\jyPqzWk.exe
  C:\Windows\System\jyPqzWk.exe
  2⤵
  PID:6648
- C:\Windows\System\aCfqQmg.exe
  C:\Windows\System\aCfqQmg.exe
  2⤵
  PID:6744
- C:\Windows\System\YLYvAJS.exe
  C:\Windows\System\YLYvAJS.exe
  2⤵
  PID:6820
- C:\Windows\System\VkpjPQW.exe
  C:\Windows\System\VkpjPQW.exe
  2⤵
  PID:6304
- C:\Windows\System\zPeerFt.exe
  C:\Windows\System\zPeerFt.exe
  2⤵
  PID:6976
- C:\Windows\System\dMdxZWv.exe
  C:\Windows\System\dMdxZWv.exe
  2⤵
  PID:6672
- C:\Windows\System\QLMECBa.exe
  C:\Windows\System\QLMECBa.exe
  2⤵
  PID:7176
- C:\Windows\System\LBxWBIQ.exe
  C:\Windows\System\LBxWBIQ.exe
  2⤵
  PID:7192
- C:\Windows\System\fLiQtky.exe
  C:\Windows\System\fLiQtky.exe
  2⤵
  PID:7208
- C:\Windows\System\BlRjBCx.exe
  C:\Windows\System\BlRjBCx.exe
  2⤵
  PID:7224
- C:\Windows\System\LHYqLrb.exe
  C:\Windows\System\LHYqLrb.exe
  2⤵
  PID:7248
- C:\Windows\System\SeROZcM.exe
  C:\Windows\System\SeROZcM.exe
  2⤵
  PID:7264
- C:\Windows\System\iwOSBAH.exe
  C:\Windows\System\iwOSBAH.exe
  2⤵
  PID:7280
- C:\Windows\System\uvaUnjG.exe
  C:\Windows\System\uvaUnjG.exe
  2⤵
  PID:7296
- C:\Windows\System\QMRTzUy.exe
  C:\Windows\System\QMRTzUy.exe
  2⤵
  PID:7312
- C:\Windows\System\XUcVeue.exe
  C:\Windows\System\XUcVeue.exe
  2⤵
  PID:7328
- C:\Windows\System\XmAUkKF.exe
  C:\Windows\System\XmAUkKF.exe
  2⤵
  PID:7344
- C:\Windows\System\bbYIGki.exe
  C:\Windows\System\bbYIGki.exe
  2⤵
  PID:7360
- C:\Windows\System\IpfXgyU.exe
  C:\Windows\System\IpfXgyU.exe
  2⤵
  PID:7376
- C:\Windows\System\XzyOXwR.exe
  C:\Windows\System\XzyOXwR.exe
  2⤵
  PID:7392
- C:\Windows\System\RKEGZCL.exe
  C:\Windows\System\RKEGZCL.exe
  2⤵
  PID:7408
- C:\Windows\System\oVYtzFy.exe
  C:\Windows\System\oVYtzFy.exe
  2⤵
  PID:7428
- C:\Windows\System\klOhemr.exe
  C:\Windows\System\klOhemr.exe
  2⤵
  PID:7444
- C:\Windows\System\uwdbpnn.exe
  C:\Windows\System\uwdbpnn.exe
  2⤵
  PID:7460
- C:\Windows\System\OjxdWHh.exe
  C:\Windows\System\OjxdWHh.exe
  2⤵
  PID:7476
- C:\Windows\System\irpbTMj.exe
  C:\Windows\System\irpbTMj.exe
  2⤵
  PID:7492
- C:\Windows\System\JowXoPN.exe
  C:\Windows\System\JowXoPN.exe
  2⤵
  PID:7508
- C:\Windows\System\HpLgfnl.exe
  C:\Windows\System\HpLgfnl.exe
  2⤵
  PID:7524
- C:\Windows\System\kmppCdR.exe
  C:\Windows\System\kmppCdR.exe
  2⤵
  PID:7540
- C:\Windows\System\ToZDDUu.exe
  C:\Windows\System\ToZDDUu.exe
  2⤵
  PID:7556
- C:\Windows\System\fRuxQoK.exe
  C:\Windows\System\fRuxQoK.exe
  2⤵
  PID:7572
- C:\Windows\System\zTqlWwF.exe
  C:\Windows\System\zTqlWwF.exe
  2⤵
  PID:7588
- C:\Windows\System\uFIMWRk.exe
  C:\Windows\System\uFIMWRk.exe
  2⤵
  PID:7608
- C:\Windows\System\DQiCukf.exe
  C:\Windows\System\DQiCukf.exe
  2⤵
  PID:7624
- C:\Windows\System\fElDpdE.exe
  C:\Windows\System\fElDpdE.exe
  2⤵
  PID:7640
- C:\Windows\System\xHNoBFa.exe
  C:\Windows\System\xHNoBFa.exe
  2⤵
  PID:7656
- C:\Windows\System\DOacUTP.exe
  C:\Windows\System\DOacUTP.exe
  2⤵
  PID:7672
- C:\Windows\System\cjhltgK.exe
  C:\Windows\System\cjhltgK.exe
  2⤵
  PID:7688
- C:\Windows\System\EiVnKkl.exe
  C:\Windows\System\EiVnKkl.exe
  2⤵
  PID:7704
- C:\Windows\System\kKQTOBv.exe
  C:\Windows\System\kKQTOBv.exe
  2⤵
  PID:7860
- C:\Windows\System\kOjSjUU.exe
  C:\Windows\System\kOjSjUU.exe
  2⤵
  PID:7876
- C:\Windows\System\tHSLQOd.exe
  C:\Windows\System\tHSLQOd.exe
  2⤵
  PID:7892
- C:\Windows\System\MhucSTu.exe
  C:\Windows\System\MhucSTu.exe
  2⤵
  PID:7908
- C:\Windows\System\wPOsxTe.exe
  C:\Windows\System\wPOsxTe.exe
  2⤵
  PID:7924
- C:\Windows\System\hwdLMtH.exe
  C:\Windows\System\hwdLMtH.exe
  2⤵
  PID:7940
- C:\Windows\System\mpkLlBl.exe
  C:\Windows\System\mpkLlBl.exe
  2⤵
  PID:7956
- C:\Windows\System\IPJJfYD.exe
  C:\Windows\System\IPJJfYD.exe
  2⤵
  PID:7972
- C:\Windows\System\wqzxjDc.exe
  C:\Windows\System\wqzxjDc.exe
  2⤵
  PID:7988
- C:\Windows\System\PczPOZw.exe
  C:\Windows\System\PczPOZw.exe
  2⤵
  PID:8004
- C:\Windows\System\ObYXkaK.exe
  C:\Windows\System\ObYXkaK.exe
  2⤵
  PID:8020
- C:\Windows\System\lrFIqNQ.exe
  C:\Windows\System\lrFIqNQ.exe
  2⤵
  PID:8036
- C:\Windows\System\BMaXFIh.exe
  C:\Windows\System\BMaXFIh.exe
  2⤵
  PID:8060
- C:\Windows\System\frdhjBS.exe
  C:\Windows\System\frdhjBS.exe
  2⤵
  PID:8076
- C:\Windows\System\HeBdBbK.exe
  C:\Windows\System\HeBdBbK.exe
  2⤵
  PID:8092
- C:\Windows\System\jFqjOeS.exe
  C:\Windows\System\jFqjOeS.exe
  2⤵
  PID:8108
- C:\Windows\System\uQALxVl.exe
  C:\Windows\System\uQALxVl.exe
  2⤵
  PID:8124
- C:\Windows\System\kdepukg.exe
  C:\Windows\System\kdepukg.exe
  2⤵
  PID:8140
- C:\Windows\System\ucAfxlG.exe
  C:\Windows\System\ucAfxlG.exe
  2⤵
  PID:8156
- C:\Windows\System\yLoeIha.exe
  C:\Windows\System\yLoeIha.exe
  2⤵
  PID:8172
- C:\Windows\System\AzUaWIc.exe
  C:\Windows\System\AzUaWIc.exe
  2⤵
  PID:1808
- C:\Windows\System\VaMdyen.exe
  C:\Windows\System\VaMdyen.exe
  2⤵
  PID:5980
- C:\Windows\System\RLldZgP.exe
  C:\Windows\System\RLldZgP.exe
  2⤵
  PID:6916
- C:\Windows\System\deRiRji.exe
  C:\Windows\System\deRiRji.exe
  2⤵
  PID:7096
- C:\Windows\System\kukJFTS.exe
  C:\Windows\System\kukJFTS.exe
  2⤵
  PID:7220
- C:\Windows\System\cvaJpur.exe
  C:\Windows\System\cvaJpur.exe
  2⤵
  PID:6796
- C:\Windows\System\MQnsFaI.exe
  C:\Windows\System\MQnsFaI.exe
  2⤵
  PID:7200
- C:\Windows\System\xWzMWlI.exe
  C:\Windows\System\xWzMWlI.exe
  2⤵
  PID:7256
- C:\Windows\System\DdLcqfU.exe
  C:\Windows\System\DdLcqfU.exe
  2⤵
  PID:7272
- C:\Windows\System\IwgtYqD.exe
  C:\Windows\System\IwgtYqD.exe
  2⤵
  PID:7324
- C:\Windows\System\lwDXKio.exe
  C:\Windows\System\lwDXKio.exe
  2⤵
  PID:7372
- C:\Windows\System\RZDGxFC.exe
  C:\Windows\System\RZDGxFC.exe
  2⤵
  PID:7388
- C:\Windows\System\gghdYCH.exe
  C:\Windows\System\gghdYCH.exe
  2⤵
  PID:7420
- C:\Windows\System\SlKwfCW.exe
  C:\Windows\System\SlKwfCW.exe
  2⤵
  PID:7488
- C:\Windows\System\ebRoiAo.exe
  C:\Windows\System\ebRoiAo.exe
  2⤵
  PID:7472
- C:\Windows\System\HTXnHup.exe
  C:\Windows\System\HTXnHup.exe
  2⤵
  PID:7504
- C:\Windows\System\IFqJdWo.exe
  C:\Windows\System\IFqJdWo.exe
  2⤵
  PID:7568
- C:\Windows\System\KMjBqkE.exe
  C:\Windows\System\KMjBqkE.exe
  2⤵
  PID:6992
- C:\Windows\System\CafhGHe.exe
  C:\Windows\System\CafhGHe.exe
  2⤵
  PID:7684
- C:\Windows\System\PqFtDoU.exe
  C:\Windows\System\PqFtDoU.exe
  2⤵
  PID:7632
- C:\Windows\System\wdCZIHL.exe
  C:\Windows\System\wdCZIHL.exe
  2⤵
  PID:7700
- C:\Windows\System\azmjbBO.exe
  C:\Windows\System\azmjbBO.exe
  2⤵
  PID:7732
- C:\Windows\System\fEgyFLW.exe
  C:\Windows\System\fEgyFLW.exe
  2⤵
  PID:7748
- C:\Windows\System\bMOAGJf.exe
  C:\Windows\System\bMOAGJf.exe
  2⤵
  PID:7764
- C:\Windows\System\MlwxYPP.exe
  C:\Windows\System\MlwxYPP.exe
  2⤵
  PID:7780
- C:\Windows\System\NgGZqgq.exe
  C:\Windows\System\NgGZqgq.exe
  2⤵
  PID:7804
- C:\Windows\System\bLThoTs.exe
  C:\Windows\System\bLThoTs.exe
  2⤵
  PID:7820
- C:\Windows\System\wKumhzI.exe
  C:\Windows\System\wKumhzI.exe
  2⤵
  PID:988
- C:\Windows\System\FPZGIEP.exe
  C:\Windows\System\FPZGIEP.exe
  2⤵
  PID:7984
- C:\Windows\System\wrYjSeR.exe
  C:\Windows\System\wrYjSeR.exe
  2⤵
  PID:8032
- C:\Windows\System\FhIkotD.exe
  C:\Windows\System\FhIkotD.exe
  2⤵
  PID:8072
- C:\Windows\System\LDaTWrS.exe
  C:\Windows\System\LDaTWrS.exe
  2⤵
  PID:1396
- C:\Windows\System\OMOXanU.exe
  C:\Windows\System\OMOXanU.exe
  2⤵
  PID:7320
- C:\Windows\System\uPOhQrz.exe
  C:\Windows\System\uPOhQrz.exe
  2⤵
  PID:8116
- C:\Windows\System\EyMAIjw.exe
  C:\Windows\System\EyMAIjw.exe
  2⤵
  PID:6856
- C:\Windows\System\UAjlroQ.exe
  C:\Windows\System\UAjlroQ.exe
  2⤵
  PID:7172
- C:\Windows\System\CHnIKXB.exe
  C:\Windows\System\CHnIKXB.exe
  2⤵
  PID:7368
- C:\Windows\System\ThqDMNX.exe
  C:\Windows\System\ThqDMNX.exe
  2⤵
  PID:7416
- C:\Windows\System\GKyJqhA.exe
  C:\Windows\System\GKyJqhA.exe
  2⤵
  PID:7484
- C:\Windows\System\PhJPkVt.exe
  C:\Windows\System\PhJPkVt.exe
  2⤵
  PID:7652
- C:\Windows\System\dKZLnBH.exe
  C:\Windows\System\dKZLnBH.exe
  2⤵
  PID:7744
- C:\Windows\System\buBGeeb.exe
  C:\Windows\System\buBGeeb.exe
  2⤵
  PID:7616
- C:\Windows\System\AeNGzcX.exe
  C:\Windows\System\AeNGzcX.exe
  2⤵
  PID:7796
- C:\Windows\System\BPTBych.exe
  C:\Windows\System\BPTBych.exe
  2⤵
  PID:7760
- C:\Windows\System\HXKBOCR.exe
  C:\Windows\System\HXKBOCR.exe
  2⤵
  PID:7816
- C:\Windows\System\eNgYBIK.exe
  C:\Windows\System\eNgYBIK.exe
  2⤵
  PID:7852
- C:\Windows\System\lzbDKPn.exe
  C:\Windows\System\lzbDKPn.exe
  2⤵
  PID:7888
- C:\Windows\System\ppUSEPF.exe
  C:\Windows\System\ppUSEPF.exe
  2⤵
  PID:8044
- C:\Windows\System\aBxfLRb.exe
  C:\Windows\System\aBxfLRb.exe
  2⤵
  PID:7844
- C:\Windows\System\tHFSwVF.exe
  C:\Windows\System\tHFSwVF.exe
  2⤵
  PID:7900
- C:\Windows\System\dhauUDT.exe
  C:\Windows\System\dhauUDT.exe
  2⤵
  PID:7948
- C:\Windows\System\WuqJnGu.exe
  C:\Windows\System\WuqJnGu.exe
  2⤵
  PID:8104
- C:\Windows\System\OgcZgiG.exe
  C:\Windows\System\OgcZgiG.exe
  2⤵
  PID:8132
- C:\Windows\System\mUAeuot.exe
  C:\Windows\System\mUAeuot.exe
  2⤵
  PID:7236
- C:\Windows\System\rsLVFdu.exe
  C:\Windows\System\rsLVFdu.exe
  2⤵
  PID:7040
- C:\Windows\System\bAZAwiB.exe
  C:\Windows\System\bAZAwiB.exe
  2⤵
  PID:8180
- C:\Windows\System\PnkrSkF.exe
  C:\Windows\System\PnkrSkF.exe
  2⤵
  PID:7216
- C:\Windows\System\GGEHEDz.exe
  C:\Windows\System\GGEHEDz.exe
  2⤵
  PID:7664
- C:\Windows\System\uEOlncX.exe
  C:\Windows\System\uEOlncX.exe
  2⤵
  PID:7952
- C:\Windows\System\fhZIyPb.exe
  C:\Windows\System\fhZIyPb.exe
  2⤵
  PID:8164
- C:\Windows\System\hONRMlM.exe
  C:\Windows\System\hONRMlM.exe
  2⤵
  PID:8188
- C:\Windows\System\gCroqQu.exe
  C:\Windows\System\gCroqQu.exe
  2⤵
  PID:7340
- C:\Windows\System\MQRLTAt.exe
  C:\Windows\System\MQRLTAt.exe
  2⤵
  PID:7516
- C:\Windows\System\xuJLNiV.exe
  C:\Windows\System\xuJLNiV.exe
  2⤵
  PID:7548
- C:\Windows\System\PGNVOlb.exe
  C:\Windows\System\PGNVOlb.exe
  2⤵
  PID:7840
- C:\Windows\System\xieyqJa.exe
  C:\Windows\System\xieyqJa.exe
  2⤵
  PID:7772
- C:\Windows\System\IOwrEJL.exe
  C:\Windows\System\IOwrEJL.exe
  2⤵
  PID:8016
- C:\Windows\System\VjmUfpt.exe
  C:\Windows\System\VjmUfpt.exe
  2⤵
  PID:6824
- C:\Windows\System\MefpUbT.exe
  C:\Windows\System\MefpUbT.exe
  2⤵
  PID:8148
- C:\Windows\System\KLXgtid.exe
  C:\Windows\System\KLXgtid.exe
  2⤵
  PID:8068
- C:\Windows\System\dCnoTVu.exe
  C:\Windows\System\dCnoTVu.exe
  2⤵
  PID:7776
- C:\Windows\System\kNlSefT.exe
  C:\Windows\System\kNlSefT.exe
  2⤵
  PID:8028
- C:\Windows\System\mQXswRq.exe
  C:\Windows\System\mQXswRq.exe
  2⤵
  PID:7756
- C:\Windows\System\AiVViEP.exe
  C:\Windows\System\AiVViEP.exe
  2⤵
  PID:8208
- C:\Windows\System\FyzPqPd.exe
  C:\Windows\System\FyzPqPd.exe
  2⤵
  PID:8224
- C:\Windows\System\mtEYvEO.exe
  C:\Windows\System\mtEYvEO.exe
  2⤵
  PID:8240
- C:\Windows\System\yvAeYak.exe
  C:\Windows\System\yvAeYak.exe
  2⤵
  PID:8256
- C:\Windows\System\aVcYAFd.exe
  C:\Windows\System\aVcYAFd.exe
  2⤵
  PID:8272
- C:\Windows\System\dWwmJgZ.exe
  C:\Windows\System\dWwmJgZ.exe
  2⤵
  PID:8288
- C:\Windows\System\CzltpLh.exe
  C:\Windows\System\CzltpLh.exe
  2⤵
  PID:8308
- C:\Windows\System\Cvfjksd.exe
  C:\Windows\System\Cvfjksd.exe
  2⤵
  PID:8324
- C:\Windows\System\XzLFddC.exe
  C:\Windows\System\XzLFddC.exe
  2⤵
  PID:8340
- C:\Windows\System\fnCllAO.exe
  C:\Windows\System\fnCllAO.exe
  2⤵
  PID:8356
- C:\Windows\System\XukDGtN.exe
  C:\Windows\System\XukDGtN.exe
  2⤵
  PID:8372
- C:\Windows\System\HLamvXl.exe
  C:\Windows\System\HLamvXl.exe
  2⤵
  PID:8388
- C:\Windows\System\MjRORob.exe
  C:\Windows\System\MjRORob.exe
  2⤵
  PID:8404
- C:\Windows\System\hBWFAPT.exe
  C:\Windows\System\hBWFAPT.exe
  2⤵
  PID:8420
- C:\Windows\System\xqIzMOH.exe
  C:\Windows\System\xqIzMOH.exe
  2⤵
  PID:8436
- C:\Windows\System\AGHmpxx.exe
  C:\Windows\System\AGHmpxx.exe
  2⤵
  PID:8452
- C:\Windows\System\HOrOnNO.exe
  C:\Windows\System\HOrOnNO.exe
  2⤵
  PID:8468
- C:\Windows\System\iQndzct.exe
  C:\Windows\System\iQndzct.exe
  2⤵
  PID:8484
- C:\Windows\System\ExvbizN.exe
  C:\Windows\System\ExvbizN.exe
  2⤵
  PID:8500
- C:\Windows\System\qnVHnbc.exe
  C:\Windows\System\qnVHnbc.exe
  2⤵
  PID:8516
- C:\Windows\System\WIRMaMg.exe
  C:\Windows\System\WIRMaMg.exe
  2⤵
  PID:8532
- C:\Windows\System\XTjvyYk.exe
  C:\Windows\System\XTjvyYk.exe
  2⤵
  PID:8548
- C:\Windows\System\rKrMqaq.exe
  C:\Windows\System\rKrMqaq.exe
  2⤵
  PID:8564
- C:\Windows\System\VCmODgb.exe
  C:\Windows\System\VCmODgb.exe
  2⤵
  PID:8580
- C:\Windows\System\sTDyick.exe
  C:\Windows\System\sTDyick.exe
  2⤵
  PID:8600
- C:\Windows\System\tXsbTyl.exe
  C:\Windows\System\tXsbTyl.exe
  2⤵
  PID:8616
- C:\Windows\System\nSEcJxR.exe
  C:\Windows\System\nSEcJxR.exe
  2⤵
  PID:8632
- C:\Windows\System\DkasHwb.exe
  C:\Windows\System\DkasHwb.exe
  2⤵
  PID:8648
- C:\Windows\System\tYqsSFA.exe
  C:\Windows\System\tYqsSFA.exe
  2⤵
  PID:8664
- C:\Windows\System\wACmady.exe
  C:\Windows\System\wACmady.exe
  2⤵
  PID:8680
- C:\Windows\System\VWdgwez.exe
  C:\Windows\System\VWdgwez.exe
  2⤵
  PID:8696
- C:\Windows\System\Cqhcwiu.exe
  C:\Windows\System\Cqhcwiu.exe
  2⤵
  PID:8712
- C:\Windows\System\SNUYxXS.exe
  C:\Windows\System\SNUYxXS.exe
  2⤵
  PID:8728
- C:\Windows\System\xnAuwJb.exe
  C:\Windows\System\xnAuwJb.exe
  2⤵
  PID:8744
- C:\Windows\System\zzPbdDh.exe
  C:\Windows\System\zzPbdDh.exe
  2⤵
  PID:8760
- C:\Windows\System\xIcAmmd.exe
  C:\Windows\System\xIcAmmd.exe
  2⤵
  PID:8776
- C:\Windows\System\UWfARpH.exe
  C:\Windows\System\UWfARpH.exe
  2⤵
  PID:8792
- C:\Windows\System\PPYQFmn.exe
  C:\Windows\System\PPYQFmn.exe
  2⤵
  PID:8808
- C:\Windows\System\lNmQQxy.exe
  C:\Windows\System\lNmQQxy.exe
  2⤵
  PID:8824
- C:\Windows\System\MOhRwfi.exe
  C:\Windows\System\MOhRwfi.exe
  2⤵
  PID:8840
- C:\Windows\System\kDBnFzY.exe
  C:\Windows\System\kDBnFzY.exe
  2⤵
  PID:8860
- C:\Windows\System\EXRHdid.exe
  C:\Windows\System\EXRHdid.exe
  2⤵
  PID:8876
- C:\Windows\System\IzKXpFF.exe
  C:\Windows\System\IzKXpFF.exe
  2⤵
  PID:8892
- C:\Windows\System\TFFzhLt.exe
  C:\Windows\System\TFFzhLt.exe
  2⤵
  PID:8908
- C:\Windows\System\hXGwtEd.exe
  C:\Windows\System\hXGwtEd.exe
  2⤵
  PID:8924
- C:\Windows\System\WBVBPXY.exe
  C:\Windows\System\WBVBPXY.exe
  2⤵
  PID:8940
- C:\Windows\System\sQlhvSc.exe
  C:\Windows\System\sQlhvSc.exe
  2⤵
  PID:8956
- C:\Windows\System\fBkKdFB.exe
  C:\Windows\System\fBkKdFB.exe
  2⤵
  PID:8972
- C:\Windows\System\caLSiHW.exe
  C:\Windows\System\caLSiHW.exe
  2⤵
  PID:8988
- C:\Windows\System\WvVYgSd.exe
  C:\Windows\System\WvVYgSd.exe
  2⤵
  PID:9036
- C:\Windows\System\QHxYNAj.exe
  C:\Windows\System\QHxYNAj.exe
  2⤵
  PID:9052
- C:\Windows\System\VPvRrKQ.exe
  C:\Windows\System\VPvRrKQ.exe
  2⤵
  PID:9068
- C:\Windows\System\YJNLtVr.exe
  C:\Windows\System\YJNLtVr.exe
  2⤵
  PID:9084
- C:\Windows\System\CIWUdKl.exe
  C:\Windows\System\CIWUdKl.exe
  2⤵
  PID:9100
- C:\Windows\System\fxyYnmN.exe
  C:\Windows\System\fxyYnmN.exe
  2⤵
  PID:9116
- C:\Windows\System\XeMzYeS.exe
  C:\Windows\System\XeMzYeS.exe
  2⤵
  PID:9132
- C:\Windows\System\PbrMLnX.exe
  C:\Windows\System\PbrMLnX.exe
  2⤵
  PID:9148
- C:\Windows\System\LQBYTpH.exe
  C:\Windows\System\LQBYTpH.exe
  2⤵
  PID:9164
- C:\Windows\System\BVJNsUQ.exe
  C:\Windows\System\BVJNsUQ.exe
  2⤵
  PID:9180
- C:\Windows\System\iPPaniB.exe
  C:\Windows\System\iPPaniB.exe
  2⤵
  PID:9196
- C:\Windows\System\lYWlMeq.exe
  C:\Windows\System\lYWlMeq.exe
  2⤵
  PID:9212
- C:\Windows\System\wcuFdKx.exe
  C:\Windows\System\wcuFdKx.exe
  2⤵
  PID:7964
- C:\Windows\System\mcOeWAo.exe
  C:\Windows\System\mcOeWAo.exe
  2⤵
  PID:7232
- C:\Windows\System\tuofowA.exe
  C:\Windows\System\tuofowA.exe
  2⤵
  PID:8220
- C:\Windows\System\usubRQo.exe
  C:\Windows\System\usubRQo.exe
  2⤵
  PID:8320
- C:\Windows\System\yOknZfh.exe
  C:\Windows\System\yOknZfh.exe
  2⤵
  PID:7584
- C:\Windows\System\oovVbYd.exe
  C:\Windows\System\oovVbYd.exe
  2⤵
  PID:8204
- C:\Windows\System\ASYIwBb.exe
  C:\Windows\System\ASYIwBb.exe
  2⤵
  PID:7828
- C:\Windows\System\PgwGDzg.exe
  C:\Windows\System\PgwGDzg.exe
  2⤵
  PID:8352
- C:\Windows\System\TIKWsyw.exe
  C:\Windows\System\TIKWsyw.exe
  2⤵
  PID:8444
- C:\Windows\System\vfXLOmz.exe
  C:\Windows\System\vfXLOmz.exe
  2⤵
  PID:8364
- C:\Windows\System\cGnEWCw.exe
  C:\Windows\System\cGnEWCw.exe
  2⤵
  PID:8232
- C:\Windows\System\svbukwb.exe
  C:\Windows\System\svbukwb.exe
  2⤵
  PID:8332
- C:\Windows\System\waOYmJV.exe
  C:\Windows\System\waOYmJV.exe
  2⤵
  PID:8464
- C:\Windows\System\YkUHzRe.exe
  C:\Windows\System\YkUHzRe.exe
  2⤵
  PID:8540
- C:\Windows\System\hUPoWNl.exe
  C:\Windows\System\hUPoWNl.exe
  2⤵
  PID:8608
- C:\Windows\System\YteMZrD.exe
  C:\Windows\System\YteMZrD.exe
  2⤵
  PID:8396
- C:\Windows\System\uGVdRxi.exe
  C:\Windows\System\uGVdRxi.exe
  2⤵
  PID:8676
- C:\Windows\System\xlxfgkU.exe
  C:\Windows\System\xlxfgkU.exe
  2⤵
  PID:8496
- C:\Windows\System\axgLIsj.exe
  C:\Windows\System\axgLIsj.exe
  2⤵
  PID:8524
- C:\Windows\System\MnwrJMs.exe
  C:\Windows\System\MnwrJMs.exe
  2⤵
  PID:8528
- C:\Windows\System\bagrxVm.exe
  C:\Windows\System\bagrxVm.exe
  2⤵
  PID:8772
- C:\Windows\System\Rqeiecx.exe
  C:\Windows\System\Rqeiecx.exe
  2⤵
  PID:8628
- C:\Windows\System\WqsJWID.exe
  C:\Windows\System\WqsJWID.exe
  2⤵
  PID:8752
- C:\Windows\System\NIYAQbm.exe
  C:\Windows\System\NIYAQbm.exe
  2⤵
  PID:8836
- C:\Windows\System\YOqvQYo.exe
  C:\Windows\System\YOqvQYo.exe
  2⤵
  PID:8856
- C:\Windows\System\iqsnamT.exe
  C:\Windows\System\iqsnamT.exe
  2⤵
  PID:8888
- C:\Windows\System\VyEcSti.exe
  C:\Windows\System\VyEcSti.exe
  2⤵
  PID:8936
- C:\Windows\System\QYgkJHh.exe
  C:\Windows\System\QYgkJHh.exe
  2⤵
  PID:9044
- C:\Windows\System\amBqAEH.exe
  C:\Windows\System\amBqAEH.exe
  2⤵
  PID:9004
- C:\Windows\System\iKgSZVy.exe
  C:\Windows\System\iKgSZVy.exe
  2⤵
  PID:9080
- C:\Windows\System\CgSZUMS.exe
  C:\Windows\System\CgSZUMS.exe
  2⤵
  PID:9064
- C:\Windows\System\UAnxeZu.exe
  C:\Windows\System\UAnxeZu.exe
  2⤵
  PID:9176
- C:\Windows\System\VGZTivG.exe
  C:\Windows\System\VGZTivG.exe
  2⤵
  PID:7452
- C:\Windows\System\SjVeYBD.exe
  C:\Windows\System\SjVeYBD.exe
  2⤵
  PID:9156
- C:\Windows\System\UkPFgLy.exe
  C:\Windows\System\UkPFgLy.exe
  2⤵
  PID:8216
- C:\Windows\System\EhbsQze.exe
  C:\Windows\System\EhbsQze.exe
  2⤵
  PID:8384
- C:\Windows\System\aakJshv.exe
  C:\Windows\System\aakJshv.exe
  2⤵
  PID:9192
- C:\Windows\System\NBMjWfg.exe
  C:\Windows\System\NBMjWfg.exe
  2⤵
  PID:8268
- C:\Windows\System\GKdFPPK.exe
  C:\Windows\System\GKdFPPK.exe
  2⤵
  PID:8508
- C:\Windows\System\TKnkLNv.exe
  C:\Windows\System\TKnkLNv.exe
  2⤵
  PID:8740
- C:\Windows\System\ksoKhIM.exe
  C:\Windows\System\ksoKhIM.exe
  2⤵
  PID:8624
- C:\Windows\System\QdEzcFo.exe
  C:\Windows\System\QdEzcFo.exe
  2⤵
  PID:8852
- C:\Windows\System\vksVHpi.exe
  C:\Windows\System\vksVHpi.exe
  2⤵
  PID:8900
- C:\Windows\System\mrVdqYF.exe
  C:\Windows\System\mrVdqYF.exe
  2⤵
  PID:9000
- C:\Windows\System\cLibOpG.exe
  C:\Windows\System\cLibOpG.exe
  2⤵
  PID:9024
- C:\Windows\System\vzqVRfA.exe
  C:\Windows\System\vzqVRfA.exe
  2⤵
  PID:9112
- C:\Windows\System\ybttKeO.exe
  C:\Windows\System\ybttKeO.exe
  2⤵
  PID:7148
- C:\Windows\System\VYliHba.exe
  C:\Windows\System\VYliHba.exe
  2⤵
  PID:8492
- C:\Windows\System\gqkWOiz.exe
  C:\Windows\System\gqkWOiz.exe
  2⤵
  PID:8692
- C:\Windows\System\QqEUykM.exe
  C:\Windows\System\QqEUykM.exe
  2⤵
  PID:8872
- C:\Windows\System\PtKNgqE.exe
  C:\Windows\System\PtKNgqE.exe
  2⤵
  PID:8576
- C:\Windows\System\UOKmgBT.exe
  C:\Windows\System\UOKmgBT.exe
  2⤵
  PID:9144
- C:\Windows\System\jRBaDry.exe
  C:\Windows\System\jRBaDry.exe
  2⤵
  PID:8316
- C:\Windows\System\lrLvCxv.exe
  C:\Windows\System\lrLvCxv.exe
  2⤵
  PID:8284
- C:\Windows\System\NQYlHWx.exe
  C:\Windows\System\NQYlHWx.exe
  2⤵
  PID:8428
- C:\Windows\System\NasJmij.exe
  C:\Windows\System\NasJmij.exe
  2⤵
  PID:8596
- C:\Windows\System\VAaPLib.exe
  C:\Windows\System\VAaPLib.exe
  2⤵
  PID:8656
- C:\Windows\System\HofjRjv.exe
  C:\Windows\System\HofjRjv.exe
  2⤵
  PID:7456
- C:\Windows\System\vtxNZLE.exe
  C:\Windows\System\vtxNZLE.exe
  2⤵
  PID:8572
- C:\Windows\System\AzvXVPG.exe
  C:\Windows\System\AzvXVPG.exe
  2⤵
  PID:8820
- C:\Windows\System\nscAwua.exe
  C:\Windows\System\nscAwua.exe
  2⤵
  PID:9076
- C:\Windows\System\HqRcHiG.exe
  C:\Windows\System\HqRcHiG.exe
  2⤵
  PID:9108
- C:\Windows\System\XMmPiyx.exe
  C:\Windows\System\XMmPiyx.exe
  2⤵
  PID:7812
- C:\Windows\System\sASJdvf.exe
  C:\Windows\System\sASJdvf.exe
  2⤵
  PID:8476
- C:\Windows\System\myRMwtu.exe
  C:\Windows\System\myRMwtu.exe
  2⤵
  PID:8672
- C:\Windows\System\GLQTmur.exe
  C:\Windows\System\GLQTmur.exe
  2⤵
  PID:8088
- C:\Windows\System\BlbVLfV.exe
  C:\Windows\System\BlbVLfV.exe
  2⤵
  PID:9016
- C:\Windows\System\jGzhcHP.exe
  C:\Windows\System\jGzhcHP.exe
  2⤵
  PID:8512
- C:\Windows\System\wozmlUt.exe
  C:\Windows\System\wozmlUt.exe
  2⤵
  PID:9228
- C:\Windows\System\vVTlGcU.exe
  C:\Windows\System\vVTlGcU.exe
  2⤵
  PID:9244
- C:\Windows\System\ImnbVVz.exe
  C:\Windows\System\ImnbVVz.exe
  2⤵
  PID:9268
- C:\Windows\System\IoVUBuW.exe
  C:\Windows\System\IoVUBuW.exe
  2⤵
  PID:9288
- C:\Windows\System\nKlywCo.exe
  C:\Windows\System\nKlywCo.exe
  2⤵
  PID:9308
- C:\Windows\System\LEpjtnu.exe
  C:\Windows\System\LEpjtnu.exe
  2⤵
  PID:9352
- C:\Windows\System\cgUQjUM.exe
  C:\Windows\System\cgUQjUM.exe
  2⤵
  PID:9372
- C:\Windows\System\CmOAQaB.exe
  C:\Windows\System\CmOAQaB.exe
  2⤵
  PID:9392
- C:\Windows\System\enIiFuk.exe
  C:\Windows\System\enIiFuk.exe
  2⤵
  PID:9408
- C:\Windows\System\eoVDjqz.exe
  C:\Windows\System\eoVDjqz.exe
  2⤵
  PID:9424
- C:\Windows\System\WWTviFL.exe
  C:\Windows\System\WWTviFL.exe
  2⤵
  PID:9440
- C:\Windows\System\YhIFwfY.exe
  C:\Windows\System\YhIFwfY.exe
  2⤵
  PID:9608
- C:\Windows\System\ZDPTely.exe
  C:\Windows\System\ZDPTely.exe
  2⤵
  PID:9624
- C:\Windows\System\lRCUvKz.exe
  C:\Windows\System\lRCUvKz.exe
  2⤵
  PID:9648
- C:\Windows\System\gqHrRXo.exe
  C:\Windows\System\gqHrRXo.exe
  2⤵
  PID:9664
- C:\Windows\System\vpRWLhr.exe
  C:\Windows\System\vpRWLhr.exe
  2⤵
  PID:9680
- C:\Windows\System\oHMxqLX.exe
  C:\Windows\System\oHMxqLX.exe
  2⤵
  PID:9696
- C:\Windows\System\TVTNgtB.exe
  C:\Windows\System\TVTNgtB.exe
  2⤵
  PID:9712
- C:\Windows\System\NqTkGXv.exe
  C:\Windows\System\NqTkGXv.exe
  2⤵
  PID:9728
- C:\Windows\System\dGVIENx.exe
  C:\Windows\System\dGVIENx.exe
  2⤵
  PID:9744
- C:\Windows\System\zwsErvk.exe
  C:\Windows\System\zwsErvk.exe
  2⤵
  PID:9760
- C:\Windows\System\MlASuFx.exe
  C:\Windows\System\MlASuFx.exe
  2⤵
  PID:9776
- C:\Windows\System\hQTRUew.exe
  C:\Windows\System\hQTRUew.exe
  2⤵
  PID:9792
- C:\Windows\System\mxgoNgN.exe
  C:\Windows\System\mxgoNgN.exe
  2⤵
  PID:9808
- C:\Windows\System\pKtEhjw.exe
  C:\Windows\System\pKtEhjw.exe
  2⤵
  PID:9824
- C:\Windows\System\NrRzPqi.exe
  C:\Windows\System\NrRzPqi.exe
  2⤵
  PID:9840
- C:\Windows\System\AFBEOxz.exe
  C:\Windows\System\AFBEOxz.exe
  2⤵
  PID:9856
- C:\Windows\System\HXmNRCj.exe
  C:\Windows\System\HXmNRCj.exe
  2⤵
  PID:9872
- C:\Windows\System\MAIiTbk.exe
  C:\Windows\System\MAIiTbk.exe
  2⤵
  PID:9888
- C:\Windows\System\mQEddTV.exe
  C:\Windows\System\mQEddTV.exe
  2⤵
  PID:9908
- C:\Windows\System\GVzwGwx.exe
  C:\Windows\System\GVzwGwx.exe
  2⤵
  PID:9928
- C:\Windows\System\ktmRXEg.exe
  C:\Windows\System\ktmRXEg.exe
  2⤵
  PID:9944
- C:\Windows\System\czWMOCz.exe
  C:\Windows\System\czWMOCz.exe
  2⤵
  PID:9960
- C:\Windows\System\UAbaLne.exe
  C:\Windows\System\UAbaLne.exe
  2⤵
  PID:9976
- C:\Windows\System\FrdWUnx.exe
  C:\Windows\System\FrdWUnx.exe
  2⤵
  PID:9992
- C:\Windows\System\bflXkmU.exe
  C:\Windows\System\bflXkmU.exe
  2⤵
  PID:10012
- C:\Windows\System\EQYxhPE.exe
  C:\Windows\System\EQYxhPE.exe
  2⤵
  PID:10032
- C:\Windows\System\hKlElnM.exe
  C:\Windows\System\hKlElnM.exe
  2⤵
  PID:10048
- C:\Windows\System\bZrhhnB.exe
  C:\Windows\System\bZrhhnB.exe
  2⤵
  PID:10064
- C:\Windows\System\CqkMkmU.exe
  C:\Windows\System\CqkMkmU.exe
  2⤵
  PID:10080
- C:\Windows\System\IOdrYLL.exe
  C:\Windows\System\IOdrYLL.exe
  2⤵
  PID:10096
- C:\Windows\System\DsRCRCi.exe
  C:\Windows\System\DsRCRCi.exe
  2⤵
  PID:10112
- C:\Windows\System\QRZZkbA.exe
  C:\Windows\System\QRZZkbA.exe
  2⤵
  PID:10128
- C:\Windows\System\VLTjXnd.exe
  C:\Windows\System\VLTjXnd.exe
  2⤵
  PID:10152
- C:\Windows\System\BriwFPN.exe
  C:\Windows\System\BriwFPN.exe
  2⤵
  PID:10168
- C:\Windows\System\nbbziku.exe
  C:\Windows\System\nbbziku.exe
  2⤵
  PID:10192
- C:\Windows\System\zbdKdff.exe
  C:\Windows\System\zbdKdff.exe
  2⤵
  PID:10208
- C:\Windows\System\LipfTNB.exe
  C:\Windows\System\LipfTNB.exe
  2⤵
  PID:10224
- C:\Windows\System\clrTxda.exe
  C:\Windows\System\clrTxda.exe
  2⤵
  PID:8984
- C:\Windows\System\XVCRGKS.exe
  C:\Windows\System\XVCRGKS.exe
  2⤵
  PID:9236
- C:\Windows\System\PukDAYB.exe
  C:\Windows\System\PukDAYB.exe
  2⤵
  PID:7800
- C:\Windows\System\bpFVKWj.exe
  C:\Windows\System\bpFVKWj.exe
  2⤵
  PID:7832
- C:\Windows\System\wJiaqIn.exe
  C:\Windows\System\wJiaqIn.exe
  2⤵
  PID:9264
- C:\Windows\System\WkjzwDa.exe
  C:\Windows\System\WkjzwDa.exe
  2⤵
  PID:9284
- C:\Windows\System\kynqQgy.exe
  C:\Windows\System\kynqQgy.exe
  2⤵
  PID:9304
- C:\Windows\System\UwHLDtG.exe
  C:\Windows\System\UwHLDtG.exe
  2⤵
  PID:9332
- C:\Windows\System\TlYcrHM.exe
  C:\Windows\System\TlYcrHM.exe
  2⤵
  PID:9420
- C:\Windows\System\tJzHNZx.exe
  C:\Windows\System\tJzHNZx.exe
  2⤵
  PID:9464
- C:\Windows\System\OtZvXZH.exe
  C:\Windows\System\OtZvXZH.exe
  2⤵
  PID:9480
- C:\Windows\System\HNPRZHY.exe
  C:\Windows\System\HNPRZHY.exe
  2⤵
  PID:9404
- C:\Windows\System\ycwzoqs.exe
  C:\Windows\System\ycwzoqs.exe
  2⤵
  PID:9364
- C:\Windows\System\WCNIETz.exe
  C:\Windows\System\WCNIETz.exe
  2⤵
  PID:9500
- C:\Windows\System\mPQzBOa.exe
  C:\Windows\System\mPQzBOa.exe
  2⤵
  PID:9508
- C:\Windows\System\isTpsfA.exe
  C:\Windows\System\isTpsfA.exe
  2⤵
  PID:9524
- C:\Windows\System\CQwUdcQ.exe
  C:\Windows\System\CQwUdcQ.exe
  2⤵
  PID:9540
- C:\Windows\System\CgpIQEW.exe
  C:\Windows\System\CgpIQEW.exe
  2⤵
  PID:9560
- C:\Windows\System\CCRLnsk.exe
  C:\Windows\System\CCRLnsk.exe
  2⤵
  PID:9576
- C:\Windows\System\OvbQhhs.exe
  C:\Windows\System\OvbQhhs.exe
  2⤵
  PID:9592
- C:\Windows\System\GxTIsFm.exe
  C:\Windows\System\GxTIsFm.exe
  2⤵
  PID:9616
- C:\Windows\System\iguFkOz.exe
  C:\Windows\System\iguFkOz.exe
  2⤵
  PID:9620
- C:\Windows\System\gLPUeyv.exe
  C:\Windows\System\gLPUeyv.exe
  2⤵
  PID:9692
- C:\Windows\System\UCBfQNo.exe
  C:\Windows\System\UCBfQNo.exe
  2⤵
  PID:9756
- C:\Windows\System\RyHnPqL.exe
  C:\Windows\System\RyHnPqL.exe
  2⤵
  PID:9880
- C:\Windows\System\QGhhuDH.exe
  C:\Windows\System\QGhhuDH.exe
  2⤵
  PID:9708
- C:\Windows\System\xwzXqze.exe
  C:\Windows\System\xwzXqze.exe
  2⤵
  PID:9956
- C:\Windows\System\NXgaqer.exe
  C:\Windows\System\NXgaqer.exe
  2⤵
  PID:9864
- C:\Windows\System\DwcyMUA.exe
  C:\Windows\System\DwcyMUA.exe
  2⤵
  PID:9904
- C:\Windows\System\OcrKIhI.exe
  C:\Windows\System\OcrKIhI.exe
  2⤵
  PID:9968
- C:\Windows\System\PtPOBKd.exe
  C:\Windows\System\PtPOBKd.exe
  2⤵
  PID:10040
- C:\Windows\System\CHJGqgE.exe
  C:\Windows\System\CHJGqgE.exe
  2⤵
  PID:10024
- C:\Windows\System\FqltBhL.exe
  C:\Windows\System\FqltBhL.exe
  2⤵
  PID:10088
- C:\Windows\System\trZfWKA.exe
  C:\Windows\System\trZfWKA.exe
  2⤵
  PID:9008
- C:\Windows\System\OpVBXot.exe
  C:\Windows\System\OpVBXot.exe
  2⤵
  PID:10204
- C:\Windows\System\VujWbkn.exe
  C:\Windows\System\VujWbkn.exe
  2⤵
  PID:10176
- C:\Windows\System\oTiOGAT.exe
  C:\Windows\System\oTiOGAT.exe
  2⤵
  PID:10148
- C:\Windows\System\dsoSYia.exe
  C:\Windows\System\dsoSYia.exe
  2⤵
  PID:10184
- C:\Windows\System\WMlqtrO.exe
  C:\Windows\System\WMlqtrO.exe
  2⤵
  PID:9220
- C:\Windows\System\jWAxmPy.exe
  C:\Windows\System\jWAxmPy.exe
  2⤵
  PID:9240
- C:\Windows\System\XRJNLiY.exe
  C:\Windows\System\XRJNLiY.exe
  2⤵
  PID:9328
- C:\Windows\System\FvksYnq.exe
  C:\Windows\System\FvksYnq.exe
  2⤵
  PID:9300
- C:\Windows\System\NWrPkJO.exe
  C:\Windows\System\NWrPkJO.exe
  2⤵
  PID:9456
- C:\Windows\System\fDGQueX.exe
  C:\Windows\System\fDGQueX.exe
  2⤵
  PID:9472
- C:\Windows\System\JiumJRz.exe
  C:\Windows\System\JiumJRz.exe
  2⤵
  PID:9436
- C:\Windows\System\hZyVSPg.exe
  C:\Windows\System\hZyVSPg.exe
  2⤵
  PID:9516
- C:\Windows\System\JHlLzdn.exe
  C:\Windows\System\JHlLzdn.exe
  2⤵
  PID:9520
- C:\Windows\System\rtcPkQT.exe
  C:\Windows\System\rtcPkQT.exe
  2⤵
  PID:9556
- C:\Windows\System\nPtxvfS.exe
  C:\Windows\System\nPtxvfS.exe
  2⤵
  PID:9660
- C:\Windows\System\EuoNBXY.exe
  C:\Windows\System\EuoNBXY.exe
  2⤵
  PID:9672
- C:\Windows\System\rRmgGAZ.exe
  C:\Windows\System\rRmgGAZ.exe
  2⤵
  PID:9816
- C:\Windows\System\bnwiILr.exe
  C:\Windows\System\bnwiILr.exe
  2⤵
  PID:9852
- C:\Windows\System\SNkWlRo.exe
  C:\Windows\System\SNkWlRo.exe
  2⤵
  PID:9924
- C:\Windows\System\dOaeKXu.exe
  C:\Windows\System\dOaeKXu.exe
  2⤵
  PID:9952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BKTPdQf.exe

Filesize
6.0MB

MD5
6301d582f03b248046ad5618c4968bc8

SHA1
1c8d1b3e121c281eecbfba322d33ae4697b5e91c

SHA256
c3620f415b6b8ad2933c46f19436590670e643efd1a8985d95aa3fd531a97a8e

SHA512
45adbccd9b3119c54a24daa4dd1af5525521f0e70ae438f13aad2860ab22bda43a95001d250ba5d1804bf2254a4304c611eff561b7a1270dd6dbb61a604a305e

Download Submit
C:\Windows\system\CwhgZkk.exe

Filesize
6.0MB

MD5
02dab8f9c58f221f83fdb0999ae65445

SHA1
e50169de3e102f57d92c30a5e6adbde113985f28

SHA256
3ddbed4c955fb3c87e8403f0129a56d3a0e12c7943c8d4edc6d0a35b2c05da64

SHA512
745360bc62a89ff5fdbb91a48c17365fb1ccff72190de25d4db9a9209b29e8d029d09f24dc99383b97231260dd8223c8706280fbe792d20c81a3d5ad6752b529

Download Submit
C:\Windows\system\GBxAgJU.exe

Filesize
6.0MB

MD5
9fea9a0f82a136fefdf9a915965d25aa

SHA1
033dac9fa82127dab4c8ee28fe9cb8e1b383223d

SHA256
6d9c6ae5a5f0e67a2f3b801d70ce2145f710e11431545d467404de3d4fd5ba18

SHA512
66cafb19c9d9e3ba7790b880ccbfac71572b9708bd47e2a729d84a71ad0410efe21d0ae3f42e2cba109ec4e32321ea9f9c93d909ce17c1912b7c57bc9054ace2

Download Submit
C:\Windows\system\LfnyLdX.exe

Filesize
6.0MB

MD5
fc206188b2b83d1cef2b6c5fce8ed009

SHA1
a33fc2ddf4d545b0535d5491f6e71a85d426ca69

SHA256
9e6bbd29721f4c63c91b12c3a6f15fbdee7a830e5b69f1687822937aa79f0f8e

SHA512
a6638c414caaa5430b43175faf3279956626c8bd483e2383cd7e761ceb5e5186c0b3efaa0e7d3515425baef7ef759e84bf08986a7ee5260ab612fcad988c134c

Download Submit
C:\Windows\system\OCwDhHu.exe

Filesize
6.0MB

MD5
bf2134871eebcd57896c897d037092c4

SHA1
9183fbb18776c467cefc612707160e7bfbdcca2a

SHA256
92ddf8345081310cc126b8f28a79c4746f8dc9bee11ecb0be3491c8d22c900a3

SHA512
84610977dc6787122dcbf883fcc76aa3a142da8a1337405238598b79051891d695c7a641681acb2c6aa3d11adbf35b7af5cf43458095c91f4a184c96faa0619f

Download Submit
C:\Windows\system\QDxnOfq.exe

Filesize
6.0MB

MD5
414a4a6029cdbfbc126fd4d074675c54

SHA1
78de92793eb1579916ab51e6a3f83bd2fba233c3

SHA256
73b8f4611e794edf4ef76981adbb06d779f1a654fc699812652dce995ff09c5c

SHA512
a8f3c25bcebb53a890e04dd50fb54ab7a359be337bcff1cd75de5d2700f5e0ed95cc1a86c82c7277d6d62c6b7da498bfec5dc7cb84c996bad5e89042bb098617

Download Submit
C:\Windows\system\SumxzgK.exe

Filesize
6.0MB

MD5
2b26af23dc9403024ce463da2e1a4424

SHA1
1ef09216d8d97ea690d500ddae76d494919191c9

SHA256
efb8813584f40f6e791c105335c4ab15b4f537667d631c0ea67ebd3a91107715

SHA512
fdd72255d968e15971754074648dcb5effdcf2a4d9470e7a18849255880c6d27e82f0bc40bcae049e2211c4595813722ecf40f6ded1452028b58958ee40f650f

Download Submit
C:\Windows\system\TezfJYS.exe

Filesize
6.0MB

MD5
f8829503e408b5bca81e2b42ad062390

SHA1
c0e79f580b3bb7eef2350608d2bee58d29681e1e

SHA256
70d87c392d61dd8158a416c87f5092097508df2e9299a7b0d64cfeaa86f6f57f

SHA512
e13decbc10df38484cc69ef5f7d8c9409dc22f6572327c03ab90b08426c4fa560d2cb15e94337ab5efa9614769ba21c3dd2a22a391c90309478829bf36628d97

Download Submit
C:\Windows\system\UYqweXf.exe

Filesize
6.0MB

MD5
2d09904df7d826f64726e159cd1fcaac

SHA1
c42aea40d7aa344bc6fbce49079d331f83508efd

SHA256
b4fbec69cfffbf935bdcce040d0e9d6a494b96ff5b38c71838822bfccc17d109

SHA512
ed04441471d5aad986be7856d3735b31ebe8fa12e9d482f79566bf41138af0a3b051b67fc74e60d900844fb88f4753c9ccbaf5b96caea1024401c61dc9a88870

Download Submit
C:\Windows\system\UeDLiyP.exe

Filesize
6.0MB

MD5
c3cd6c7eb055270f86a3c4e22e163b42

SHA1
5ed2e749b2536f15f347e9a308ab178dcf65a464

SHA256
f18d4b0797006a463f4a926f87b347e11b0e49a2d1cec323c314f33d0f556c75

SHA512
84762415f812b5348d6b89c35a3ca28346563f0fba4298c97070bd9b300af39d7f839603fcb7be65eba60fb8289eabaee0151c4f00629a9265b075d87df45468

Download Submit
C:\Windows\system\WRyMcoC.exe

Filesize
6.0MB

MD5
cfd36e6d7414681ade84ec32bfac7d6c

SHA1
26480e53e8e130fe7ef433848f8919f0b06ab6f9

SHA256
a0e7a32303a8aa4129bdc82476fd263d1dc8f9c3471405a148307d08ec414c1a

SHA512
d04c1fe55c7180e357313fac0bf170b1788d325421b822e6615ef516c87b71a5fb34ac1b58a1f7dd346f42a7cff260cf51e29aa20789af9285df941f3c73055a

Download Submit
C:\Windows\system\YaXqPnK.exe

Filesize
6.0MB

MD5
f4c5d55f7fa74834fea22718267774ea

SHA1
dba049893c1ae1ac16443a57e306ff737bcd61a1

SHA256
2ce8d8d5dd8ce598d5ad56588a1aea6d085cc86440f9637d03470a30be5ae416

SHA512
3b48ef1b1080699e6969224a5b0da2b8ee3f2d447245dd8726a743b1cd926dfa50afa129bf980b8bed994c20a8695dbbe6036162705c89714722f1f14cf6e90c

Download Submit
C:\Windows\system\YzPkgBY.exe

Filesize
6.0MB

MD5
a3270e85e8ec6dd7c82583fa6a049650

SHA1
317a5eecc9b1d684368182ca1a0cff4a8002da7b

SHA256
b784e6b22de2ac40559a97454261c056d89adad9ad388bf82c3c0565b54f7529

SHA512
9f5302fd15a2a93dbfa9222914ebd888c081f317442f0146af883c3efe0c34f0fa1fb02dbe2bd4692425893eb7d67f133e0fbb453f96eb00725a9260010efb75

Download Submit
C:\Windows\system\ZSCGbxV.exe

Filesize
6.0MB

MD5
809e1e83c778b86853aa9c11bb27412f

SHA1
07573d3ea49bc002bf2b4d1c57c590b2b8e3d21f

SHA256
42f176562712822c4500662d3fe210ce35d4fd0b0ba54ad3d47bdc964d51c0dd

SHA512
d0a8fbcdfaf0acb194f67271584304ddb771f165a287da95f2e8cb9ae35b5de8ccb34326cc2b874afcd2b576436bd3180e979c36f71b1cd30a254f09661a7c0a

Download Submit
C:\Windows\system\ZwfTEJH.exe

Filesize
6.0MB

MD5
b29babd538d03b520d9c00772bf570f3

SHA1
b1528d20d984b212b27be6aeb20d2406f262b6cd

SHA256
60c6bcb6f5e226f708ef3ec4d2b9bd288c27c14259c7845a189b365d6bac6868

SHA512
644ee67d2465608b6b4ec200ebf8c43c1abeab0b0f7d43a8129c5237b8c912ab60771ea7ae5340760e99c73cec29336e6c3aced37d1f0788f6306a43d07ac1a1

Download Submit
C:\Windows\system\amHVKhb.exe

Filesize
6.0MB

MD5
045e05a3363cf946ce6856b13d16d5f9

SHA1
d9d7f7827c26660eeecd8370716ce3388965c9ad

SHA256
d3df4558cb75344a0a2b69472946cfc08dbd4b6f6245b79b01a3a2cc9a13b6e0

SHA512
cb83bc59ae370272b525fa19f96595d88ae11e0bc83f211d4652ce94e272268372c1366e3c70e4c2e6f9bcc0bd8f3b04d4c42daf2bbbc874ad2e83b49ee26cc6

Download Submit
C:\Windows\system\dQiYRCA.exe

Filesize
6.0MB

MD5
1a55b47f68c80b26e1fcb45297c5a248

SHA1
69b0c8f7bca4d9d668f754d5580a1b5653387e82

SHA256
5f5391633139abf5ded07994f1cc721abc9fdba30233849af55b471a21f462e2

SHA512
fbd861d14334cd3e37526b6b1489c07b62b0d6ad25b2b233283cfe31d8005c613bd6c4eee1846cc6660242e53473ece867a5438892490f361e6202453eef1b31

Download Submit
C:\Windows\system\jHUbxBj.exe

Filesize
6.0MB

MD5
288b4a3d58d8201eadc93bc7673d909c

SHA1
24dd9d3ec1fa3990fd7e7b2ff419b947f86c8e58

SHA256
7c7308a9200226ef6b236fd12fbcea286d84e1b0adc8ffe2dbeaaffca181296e

SHA512
28e9f0b0fab8cb1bece85e6c6a7b67c6d8fcc6922a748a0ed53e636bbc5fbc3093c30cd786e120c2d5687c9fa490fa5e6ca80ea8b1f0d458cbbe76704002a70e

Download Submit
C:\Windows\system\lBIvIwr.exe

Filesize
6.0MB

MD5
172403381138b4012870b1343178dffd

SHA1
fa475409f43d7b9c5cf62f3d6cf856daa26bb146

SHA256
c712264c73456bc585d41a972da2c01a1953d7e52447e75fea30422c7af4dab5

SHA512
e842019502c45d44176444f3fa7add2c090063afc2f37c564f341d278293226d76ad60aee838adbb53bcd017b8aa122f2a028b911f80092e325d139ab3e0a993

Download Submit
C:\Windows\system\lHwIOJS.exe

Filesize
6.0MB

MD5
8b67d2b5adc39501075b5c12844e6ffd

SHA1
8c5985f1a132fd332c1381c4ce902b9d7d808d01

SHA256
d9d65f8ce2d4f305cc284b3fbfc65121343a4708c064437c867517cfc72e6f79

SHA512
e6dfda7cfb7b751b1daf4d682730be2def95ab468e3728b25582d909930c7733896379303d38f8238b031e864a39a8ced9fdd5abe2fc4020e7238179b485965d

Download Submit
C:\Windows\system\lpKHtJS.exe

Filesize
6.0MB

MD5
8f9038ff9d05bef6bf900f406d6019b4

SHA1
09862481d0a018f52b15d65585ba95397ef4d2f9

SHA256
3aa59cd5c1440dfa0c3f52cf1a59d34ad158f30504936f49f7f5c25e59a36cd6

SHA512
5a9829e9fc74c4157af5b3ca0eea22002a7218452197c4c9b0b70d9035afe5642b75e1d9e6c1265369a4f7331f65831ddf9302b2337948205b3b75e7dbfc9c3a

Download Submit
C:\Windows\system\ozUnhmC.exe

Filesize
6.0MB

MD5
4eba21977c12565bf415bab9b5773b3b

SHA1
638258ebb6cc7cd59335f0721aeb338d55474002

SHA256
dfb548a4692a554b7dced6d2d1fd1a44769bfcb13ca2ad9504493c935a451264

SHA512
e9be7bce40932fbb2ba0b2b0df5170a7c997c90b6b149dd6a83b0fc504fd4a9f4c089461d7fabff7df02c6385deef9a2b604165c1ad7ee19a0c6f0e8d4ad4894

Download Submit
C:\Windows\system\pJOaOCU.exe

Filesize
6.0MB

MD5
9219e20e63c0a5e40d604a8f9237e10d

SHA1
c03741e34f25df2f7a8b54aa7c186865567b998a

SHA256
113e1fc1f90265d0b2df0b23eaa6ac5dcf9ee57c9b05a5a0f00b33f580812bf8

SHA512
d6c47075201c4c3193abe9fcad7f18904d76882a353d6696d353c3fc31d7af788534ebb77535dc849a828723fc1331c56a64e0d017da61ae5a8473b4a6a7aba1

Download Submit
C:\Windows\system\pbGufSI.exe

Filesize
6.0MB

MD5
1e42f8acf2675136d0c6a470ca418324

SHA1
589a133048a03194cbb4142767b8f2e2ab62001e

SHA256
9c24e85859728a249131a80e1bb9f8f41ee497c3f2c736d074d3ee7b23160327

SHA512
9fb67fe48c0434856d86fc1f5de2c716fa557a2b66fc5de4580fb23cb79d15ad3dc4720f76489bbe66b636015a7f966ea07c42ce31ac51f77d06597609765e68

Download Submit
C:\Windows\system\rnEASgA.exe

Filesize
6.0MB

MD5
3a1403479cd20e8c8102ed6cf8e940c1

SHA1
62a774fb77e1453d156183b5b959e6d3a4b4d921

SHA256
af7526a58101a33baccf04d2cf58ce7647b20889d6f988090567e72935e8f1bc

SHA512
ff1e3c516ca1bb6ebd8084e00a50f457d3b690680dcf0349141fa74294c8a11b48345392ea73d22a23a07f608a9df82d55ac2c812ba41a57bc1e1747bcf1a70e

Download Submit
C:\Windows\system\sNRraHB.exe

Filesize
6.0MB

MD5
32ef0e3abd010cd146b4b69153d96ef4

SHA1
6a9950b9045d959348bbe2e4e623b097a7ab5592

SHA256
ae02c4c2861979392fbb36045313ac0996f90db0cb8b6d42d1de1bc53cfc3064

SHA512
9c44af2518f3d6cdd7d5e0be70482bc162454fe7415cfc4c813f3fb00ed7462f82ea594bf0cc871d05956798ab10712507cb0c640f698bad71a1a17cab4314fa

Download Submit
C:\Windows\system\seEqxND.exe

Filesize
6.0MB

MD5
4d68c2ca13622ef64a2cf3f6d85cb7e5

SHA1
3ddf91493253cfdf227c29d2421467691dd070a2

SHA256
77d64b4074070fb362bb23e303ce1e9d5629c8ec2391699bee6f40c8dd747f2c

SHA512
2deb4cac1516ad4435a4e37eb2ab2dbf2bd08b08310496de5d8c7d344f29d9a18b0bbf3b7375ecb3e2a0d76f0defa94c91e328984011751aaa0be62c72e4c419

Download Submit
C:\Windows\system\ueruzxl.exe

Filesize
6.0MB

MD5
013e3df9589d09ddd5c657827d5a0f91

SHA1
3dd2fb5304354d19a887f9409e25f6f8be6aae0c

SHA256
e0739472e14b9c5516a141773977919ca3a59c24234ce4cd6ddc65962ee8834b

SHA512
03824dcd240aaff0ba6c64f943abac00ac978a1964513d97d5f23ad5000a66aeb5f122b31e071c73396b3240ba9240f2abb41c930bc772a77e61cd68bc1408a7

Download Submit
C:\Windows\system\yItUPnG.exe

Filesize
6.0MB

MD5
646cf1ba91ae3a16c7e6b680dc1be3db

SHA1
de7b4bafef7f055d2007ea8d5d20235f9cc5cbab

SHA256
f7474ab6d8084cc9e3d9ff750568c0e34e98727b75cfe1b6a31ff3d3f209539b

SHA512
14ad1aa5b97625812431167485793051a584e61d37cc25cad670f7fb7e14ed5ce0044c28bd1b0e592277c108a4ca81a81209167741c28a3677b1bb46efce8ee8

Download Submit
C:\Windows\system\zsENcoh.exe

Filesize
6.0MB

MD5
572f5ed7582ce95b51d4c4757020725c

SHA1
129003241c3b807103cd46e975316fd2cf6772f8

SHA256
dec70d76b4e548d12914e0f83fff8639f44b47d11cf94dcb34b45d0b4e08ef46

SHA512
d44e631d3f6f734b4c0a6b122920a9ee44d0c30c9760a61d94c69ac529cb02ac28b4b25bd63dd1cbb12f2d59eed8870a01326641bb55f9007db658640b89be0c

Download Submit
\Windows\system\hHynvzg.exe

Filesize
6.0MB

MD5
0596438971a7356ceab32f7c4a25e662

SHA1
eaa849be8aaafb830b12b9246338125c8c019671

SHA256
2382e2d45cf6fe5106f44c87efbad3f4f6995c92e186851fd36d101c10eb3c69

SHA512
94feab8d8f7e080247cf971a3409a6c46456c9c9d33a6840a4d4a5cffa9335e49285b5be9cd4787f61fc141dbfb84faa2f74e2f9962e30557f337bd9add788cb

Download Submit
\Windows\system\ifUrgfR.exe

Filesize
6.0MB

MD5
9bca81b26530da2a4e20fb37a877b78d

SHA1
bf3713bbb6e347b2a2681d1a74dff0b802b15dcd

SHA256
2df7aed0e87148041afe5d5b1ecc7ab66ecb8dc362b73b8bbe95ab1f69dea755

SHA512
c584b5b4fa1d79631e7e10bf4c465a8575f96f51030ed8f595e04eaefecdad17e1ed4e0ba8516a730c9ecca214e59890a809acca8d02b1c8afee63e331f687d1

Download Submit
memory/1700-1405-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1700-3980-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-1449-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-3983-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-3977-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2316-1101-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2392-3979-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1762-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-1328-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-3987-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2444-1102-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2444-3995-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2444-1469-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2444-1264-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2444-1764-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2444-3994-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2444-3993-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2444-2127-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2444-3992-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2444-2240-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2444-3991-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2444-2338-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2444-3990-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-0-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-754-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2444-3988-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2444-3989-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2444-755-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2444-1406-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2444-3986-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2444-3985-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-3962-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2552-1260-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3982-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-1327-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3981-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2728-1881-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3978-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2780-2234-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2920-3984-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2337-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download