cobaltstrike | d097440e3e9e2c0077985e090caa8829aabf62eb5c8168fa129b23138ee48e1a

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

fe0925495b088bff9bfa46822b0425c5
SHA1

511ca18f8e4c574720ae33605f7103f40ab2edd8
SHA256

d097440e3e9e2c0077985e090caa8829aabf62eb5c8168fa129b23138ee48e1a
SHA512

6f47288e4837a001631e22da833f414287431890164af01e31e9a7a7504aae9bba23b7d7b259bd9a3ba9ff57617ff17be31628bd94327fd94f9a492034bd2eef
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUM:T+q56utgpPF8u/7M

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001225f-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015fe0-8.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000161fb-12.dat	cobalt_reflective_dll
behavioral1/files/0x000a0000000163b8-16.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000164b1-26.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001653a-30.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016be6-45.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016e1d-58.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017349-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017420-100.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018617-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018636-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001919c-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ad-160.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019080-151.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001907c-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018741-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018634-131.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017520-120.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017467-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017447-110.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017429-105.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173ab-95.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173a3-90.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739f-85.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017355-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017342-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f45-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d71-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d5a-50.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000169f5-41.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001678f-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral1/memory/2368-0-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x000c00000001225f-3.dat	xmrig
behavioral1/files/0x0008000000015fe0-8.dat	xmrig
behavioral1/files/0x00080000000161fb-12.dat	xmrig
behavioral1/files/0x000a0000000163b8-16.dat	xmrig
behavioral1/files/0x00070000000164b1-26.dat	xmrig
behavioral1/files/0x000700000001653a-30.dat	xmrig
behavioral1/files/0x0008000000016be6-45.dat	xmrig
behavioral1/files/0x0006000000016e1d-58.dat	xmrig
behavioral1/files/0x0006000000017349-75.dat	xmrig
behavioral1/files/0x0006000000017420-100.dat	xmrig
behavioral1/files/0x0009000000018617-125.dat	xmrig
behavioral1/files/0x0005000000018636-134.dat	xmrig
behavioral1/files/0x000500000001919c-155.dat	xmrig
behavioral1/memory/2500-2385-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/872-2302-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2368-2419-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2572-2418-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2368-3320-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2368-3439-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2368-3501-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2532-2117-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/3068-2007-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/1728-2001-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/files/0x00050000000191ad-160.dat	xmrig
behavioral1/files/0x0006000000019080-151.dat	xmrig
behavioral1/files/0x000600000001907c-145.dat	xmrig
behavioral1/files/0x0005000000018741-140.dat	xmrig
behavioral1/files/0x0005000000018634-131.dat	xmrig
behavioral1/files/0x0006000000017520-120.dat	xmrig
behavioral1/files/0x0006000000017467-115.dat	xmrig
behavioral1/files/0x0006000000017447-110.dat	xmrig
behavioral1/files/0x0006000000017429-105.dat	xmrig
behavioral1/files/0x00060000000173ab-95.dat	xmrig
behavioral1/files/0x00060000000173a3-90.dat	xmrig
behavioral1/files/0x000600000001739f-85.dat	xmrig
behavioral1/files/0x0006000000017355-80.dat	xmrig
behavioral1/files/0x0006000000017342-70.dat	xmrig
behavioral1/files/0x0006000000016f45-65.dat	xmrig
behavioral1/files/0x0006000000016d71-55.dat	xmrig
behavioral1/files/0x0006000000016d5a-50.dat	xmrig
behavioral1/files/0x00080000000169f5-41.dat	xmrig
behavioral1/files/0x000700000001678f-36.dat	xmrig
behavioral1/memory/3068-3975-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2572-3976-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/872-3977-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2500-3978-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2532-3979-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1728	iLJyeBu.exe
3068	LihDPID.exe
2532	OyAdeAQ.exe
872	BEqmrPf.exe
2500	tZKVvsK.exe
2572	YNOYalJ.exe
2708	nLEIQsj.exe
2796	FFgcBKa.exe
2848	axVFtnT.exe
1204	aruoWus.exe
2724	VRaXYPy.exe
2628	BRXWbQE.exe
772	ESAmSSy.exe
2712	ttmRbLV.exe
2596	WcKPTXF.exe
2672	yPsuPVZ.exe
976	ivstlOI.exe
2768	zgaxCwC.exe
2908	IcnFYKp.exe
1964	ggeMCiW.exe
2968	uUWItZq.exe
2668	CCvnkWD.exe
2688	fwNNODG.exe
2972	ujFkfjf.exe
1188	BHfqDhI.exe
3012	xiyCkVm.exe
2332	hSBJhCF.exe
2640	IrcQJdl.exe
2540	VdJMvlt.exe
2560	FdfhVJu.exe
2220	GMcsgHd.exe
440	cgrwMTQ.exe
2060	GxdgBVx.exe
660	EAhoEbO.exe
1244	SjswXOr.exe
956	KZHiCZu.exe
1176	oqbGifZ.exe
1752	wUhRKrK.exe
1692	LUMDXvN.exe
2580	gxjiMVw.exe
1640	yyiwRHu.exe
832	FVvRRMw.exe
1208	nKYkLZc.exe
564	AxqtbTg.exe
2112	EKfQDok.exe
1680	mzoTxcc.exe
1500	AORFScx.exe
572	uoWWENE.exe
2416	mSpnUaf.exe
2428	RiSIkee.exe
2144	yOgiehf.exe
1240	tvFJDVl.exe
1876	udIFqjn.exe
1424	nrspEUb.exe
2384	VDFIovr.exe
2388	VfXLSSj.exe
1520	tPywnAr.exe
1852	QSnuHNQ.exe
1412	TFTLFux.exe
1844	IvqWJDW.exe
2692	JxoXAiN.exe
2704	VIxgrbP.exe
2844	nXZiLlh.exe
2716	HpOCXmC.exe

Loads dropped DLL 64 IoCs

pid	Process
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 45 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2368-0-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x000c00000001225f-3.dat	upx
behavioral1/files/0x0008000000015fe0-8.dat	upx
behavioral1/files/0x00080000000161fb-12.dat	upx
behavioral1/files/0x000a0000000163b8-16.dat	upx
behavioral1/files/0x00070000000164b1-26.dat	upx
behavioral1/files/0x000700000001653a-30.dat	upx
behavioral1/files/0x0008000000016be6-45.dat	upx
behavioral1/files/0x0006000000016e1d-58.dat	upx
behavioral1/files/0x0006000000017349-75.dat	upx
behavioral1/files/0x0006000000017420-100.dat	upx
behavioral1/files/0x0009000000018617-125.dat	upx
behavioral1/files/0x0005000000018636-134.dat	upx
behavioral1/files/0x000500000001919c-155.dat	upx
behavioral1/memory/2500-2385-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/872-2302-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2572-2418-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2368-3320-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2532-2117-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/3068-2007-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/1728-2001-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/files/0x00050000000191ad-160.dat	upx
behavioral1/files/0x0006000000019080-151.dat	upx
behavioral1/files/0x000600000001907c-145.dat	upx
behavioral1/files/0x0005000000018741-140.dat	upx
behavioral1/files/0x0005000000018634-131.dat	upx
behavioral1/files/0x0006000000017520-120.dat	upx
behavioral1/files/0x0006000000017467-115.dat	upx
behavioral1/files/0x0006000000017447-110.dat	upx
behavioral1/files/0x0006000000017429-105.dat	upx
behavioral1/files/0x00060000000173ab-95.dat	upx
behavioral1/files/0x00060000000173a3-90.dat	upx
behavioral1/files/0x000600000001739f-85.dat	upx
behavioral1/files/0x0006000000017355-80.dat	upx
behavioral1/files/0x0006000000017342-70.dat	upx
behavioral1/files/0x0006000000016f45-65.dat	upx
behavioral1/files/0x0006000000016d71-55.dat	upx
behavioral1/files/0x0006000000016d5a-50.dat	upx
behavioral1/files/0x00080000000169f5-41.dat	upx
behavioral1/files/0x000700000001678f-36.dat	upx
behavioral1/memory/3068-3975-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2572-3976-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/872-3977-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2500-3978-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2532-3979-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NAJPZbw.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UZQuhoN.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MURLHcN.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XWDYAzL.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ueXNFqs.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRhIfhJ.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yErWsLC.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hkiLFiv.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RJNnKtR.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mKkElEq.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qBdEPZD.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SWBxXdq.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ELtPVAS.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NfRmnvH.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tzvrprU.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEzbOHc.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lVtSdeD.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gKjaCcF.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BOCJpZk.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SZmDTDU.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wYcMgNZ.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dKkLdXz.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wnsdWtd.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TIfNBCL.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzQQtil.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FFSoAKz.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QMGszDV.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nXZiLlh.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ROkeMSl.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eDkseam.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ORYnYWs.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UtqoKER.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hTgNPQZ.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pvmwwqZ.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\waIpJPS.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGKeSYd.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DkgDhQQ.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYFwdRc.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LfGTnOo.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xOhDZuA.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\juKrKVD.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvYOZof.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pFaqamA.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UWfnMrn.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eqZcdnd.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yqXuRiP.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LOyHHyX.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iAWiGeC.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xgUAtPX.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eyFgThb.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xCjLIZA.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLhbNzU.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mCDhcRr.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EzjJRMv.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjsnfIm.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SEYnFZl.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sAdjEFR.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAQMuYP.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ctlcRDv.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pHRLosE.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gDlfyEz.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lFiZHzx.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BhASuVB.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wpzomZa.exe	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 1728	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2368 wrote to memory of 1728	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2368 wrote to memory of 1728	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2368 wrote to memory of 3068	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2368 wrote to memory of 3068	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2368 wrote to memory of 3068	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2368 wrote to memory of 2532	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2368 wrote to memory of 2532	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2368 wrote to memory of 2532	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2368 wrote to memory of 872	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2368 wrote to memory of 872	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2368 wrote to memory of 872	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2368 wrote to memory of 2500	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2368 wrote to memory of 2500	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2368 wrote to memory of 2500	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2368 wrote to memory of 2572	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2368 wrote to memory of 2572	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2368 wrote to memory of 2572	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2368 wrote to memory of 2708	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2368 wrote to memory of 2708	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2368 wrote to memory of 2708	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2368 wrote to memory of 2796	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2368 wrote to memory of 2796	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2368 wrote to memory of 2796	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2368 wrote to memory of 2848	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2368 wrote to memory of 2848	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2368 wrote to memory of 2848	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2368 wrote to memory of 1204	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2368 wrote to memory of 1204	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2368 wrote to memory of 1204	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2368 wrote to memory of 2724	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2368 wrote to memory of 2724	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2368 wrote to memory of 2724	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2368 wrote to memory of 2628	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2368 wrote to memory of 2628	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2368 wrote to memory of 2628	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2368 wrote to memory of 772	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2368 wrote to memory of 772	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2368 wrote to memory of 772	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2368 wrote to memory of 2712	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2368 wrote to memory of 2712	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2368 wrote to memory of 2712	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2368 wrote to memory of 2596	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2368 wrote to memory of 2596	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2368 wrote to memory of 2596	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2368 wrote to memory of 2672	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2368 wrote to memory of 2672	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2368 wrote to memory of 2672	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2368 wrote to memory of 976	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2368 wrote to memory of 976	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2368 wrote to memory of 976	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2368 wrote to memory of 2768	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2368 wrote to memory of 2768	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2368 wrote to memory of 2768	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2368 wrote to memory of 2908	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2368 wrote to memory of 2908	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2368 wrote to memory of 2908	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2368 wrote to memory of 1964	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2368 wrote to memory of 1964	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2368 wrote to memory of 1964	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2368 wrote to memory of 2968	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2368 wrote to memory of 2968	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2368 wrote to memory of 2968	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2368 wrote to memory of 2668	2368	2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_fe0925495b088bff9bfa46822b0425c5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\System\iLJyeBu.exe
  C:\Windows\System\iLJyeBu.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\LihDPID.exe
  C:\Windows\System\LihDPID.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\OyAdeAQ.exe
  C:\Windows\System\OyAdeAQ.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\BEqmrPf.exe
  C:\Windows\System\BEqmrPf.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\tZKVvsK.exe
  C:\Windows\System\tZKVvsK.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\YNOYalJ.exe
  C:\Windows\System\YNOYalJ.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\nLEIQsj.exe
  C:\Windows\System\nLEIQsj.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\FFgcBKa.exe
  C:\Windows\System\FFgcBKa.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\axVFtnT.exe
  C:\Windows\System\axVFtnT.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\aruoWus.exe
  C:\Windows\System\aruoWus.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\VRaXYPy.exe
  C:\Windows\System\VRaXYPy.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\BRXWbQE.exe
  C:\Windows\System\BRXWbQE.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\ESAmSSy.exe
  C:\Windows\System\ESAmSSy.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\ttmRbLV.exe
  C:\Windows\System\ttmRbLV.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\WcKPTXF.exe
  C:\Windows\System\WcKPTXF.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\yPsuPVZ.exe
  C:\Windows\System\yPsuPVZ.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\ivstlOI.exe
  C:\Windows\System\ivstlOI.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\zgaxCwC.exe
  C:\Windows\System\zgaxCwC.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\IcnFYKp.exe
  C:\Windows\System\IcnFYKp.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\ggeMCiW.exe
  C:\Windows\System\ggeMCiW.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\uUWItZq.exe
  C:\Windows\System\uUWItZq.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\CCvnkWD.exe
  C:\Windows\System\CCvnkWD.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\fwNNODG.exe
  C:\Windows\System\fwNNODG.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\ujFkfjf.exe
  C:\Windows\System\ujFkfjf.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\BHfqDhI.exe
  C:\Windows\System\BHfqDhI.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\xiyCkVm.exe
  C:\Windows\System\xiyCkVm.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\hSBJhCF.exe
  C:\Windows\System\hSBJhCF.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\IrcQJdl.exe
  C:\Windows\System\IrcQJdl.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\VdJMvlt.exe
  C:\Windows\System\VdJMvlt.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\FdfhVJu.exe
  C:\Windows\System\FdfhVJu.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\GMcsgHd.exe
  C:\Windows\System\GMcsgHd.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\cgrwMTQ.exe
  C:\Windows\System\cgrwMTQ.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\GxdgBVx.exe
  C:\Windows\System\GxdgBVx.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\EAhoEbO.exe
  C:\Windows\System\EAhoEbO.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\SjswXOr.exe
  C:\Windows\System\SjswXOr.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\KZHiCZu.exe
  C:\Windows\System\KZHiCZu.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\oqbGifZ.exe
  C:\Windows\System\oqbGifZ.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\wUhRKrK.exe
  C:\Windows\System\wUhRKrK.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\LUMDXvN.exe
  C:\Windows\System\LUMDXvN.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\gxjiMVw.exe
  C:\Windows\System\gxjiMVw.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\yyiwRHu.exe
  C:\Windows\System\yyiwRHu.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\FVvRRMw.exe
  C:\Windows\System\FVvRRMw.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\nKYkLZc.exe
  C:\Windows\System\nKYkLZc.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\AxqtbTg.exe
  C:\Windows\System\AxqtbTg.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\EKfQDok.exe
  C:\Windows\System\EKfQDok.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\mzoTxcc.exe
  C:\Windows\System\mzoTxcc.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\AORFScx.exe
  C:\Windows\System\AORFScx.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\uoWWENE.exe
  C:\Windows\System\uoWWENE.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\mSpnUaf.exe
  C:\Windows\System\mSpnUaf.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\RiSIkee.exe
  C:\Windows\System\RiSIkee.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\yOgiehf.exe
  C:\Windows\System\yOgiehf.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\tvFJDVl.exe
  C:\Windows\System\tvFJDVl.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\udIFqjn.exe
  C:\Windows\System\udIFqjn.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\nrspEUb.exe
  C:\Windows\System\nrspEUb.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\VDFIovr.exe
  C:\Windows\System\VDFIovr.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\VfXLSSj.exe
  C:\Windows\System\VfXLSSj.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\tPywnAr.exe
  C:\Windows\System\tPywnAr.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\QSnuHNQ.exe
  C:\Windows\System\QSnuHNQ.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\TFTLFux.exe
  C:\Windows\System\TFTLFux.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\IvqWJDW.exe
  C:\Windows\System\IvqWJDW.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\JxoXAiN.exe
  C:\Windows\System\JxoXAiN.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\VIxgrbP.exe
  C:\Windows\System\VIxgrbP.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\nXZiLlh.exe
  C:\Windows\System\nXZiLlh.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\HpOCXmC.exe
  C:\Windows\System\HpOCXmC.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\TWUDMDE.exe
  C:\Windows\System\TWUDMDE.exe
  2⤵
  PID:2904
- C:\Windows\System\TTStbmV.exe
  C:\Windows\System\TTStbmV.exe
  2⤵
  PID:2764
- C:\Windows\System\gAZHCsC.exe
  C:\Windows\System\gAZHCsC.exe
  2⤵
  PID:2600
- C:\Windows\System\PdbySxQ.exe
  C:\Windows\System\PdbySxQ.exe
  2⤵
  PID:2440
- C:\Windows\System\qDHdhxT.exe
  C:\Windows\System\qDHdhxT.exe
  2⤵
  PID:1536
- C:\Windows\System\VPMMnqv.exe
  C:\Windows\System\VPMMnqv.exe
  2⤵
  PID:2976
- C:\Windows\System\igsFrfP.exe
  C:\Windows\System\igsFrfP.exe
  2⤵
  PID:2992
- C:\Windows\System\hLcEmPy.exe
  C:\Windows\System\hLcEmPy.exe
  2⤵
  PID:2996
- C:\Windows\System\feXpDuy.exe
  C:\Windows\System\feXpDuy.exe
  2⤵
  PID:1120
- C:\Windows\System\VhteNXF.exe
  C:\Windows\System\VhteNXF.exe
  2⤵
  PID:1956
- C:\Windows\System\kXmAuzy.exe
  C:\Windows\System\kXmAuzy.exe
  2⤵
  PID:1848
- C:\Windows\System\MjAFciL.exe
  C:\Windows\System\MjAFciL.exe
  2⤵
  PID:640
- C:\Windows\System\hYmlKFO.exe
  C:\Windows\System\hYmlKFO.exe
  2⤵
  PID:1012
- C:\Windows\System\FEzbOHc.exe
  C:\Windows\System\FEzbOHc.exe
  2⤵
  PID:1136
- C:\Windows\System\wJvlwRE.exe
  C:\Windows\System\wJvlwRE.exe
  2⤵
  PID:1456
- C:\Windows\System\dbgDjrQ.exe
  C:\Windows\System\dbgDjrQ.exe
  2⤵
  PID:1944
- C:\Windows\System\RWwVVyL.exe
  C:\Windows\System\RWwVVyL.exe
  2⤵
  PID:2564
- C:\Windows\System\dwloMGB.exe
  C:\Windows\System\dwloMGB.exe
  2⤵
  PID:1632
- C:\Windows\System\mCDhcRr.exe
  C:\Windows\System\mCDhcRr.exe
  2⤵
  PID:952
- C:\Windows\System\JXadeUu.exe
  C:\Windows\System\JXadeUu.exe
  2⤵
  PID:1684
- C:\Windows\System\IUPslOv.exe
  C:\Windows\System\IUPslOv.exe
  2⤵
  PID:2056
- C:\Windows\System\pwiJHFn.exe
  C:\Windows\System\pwiJHFn.exe
  2⤵
  PID:1008
- C:\Windows\System\NWLxolo.exe
  C:\Windows\System\NWLxolo.exe
  2⤵
  PID:980
- C:\Windows\System\wMyVPhQ.exe
  C:\Windows\System\wMyVPhQ.exe
  2⤵
  PID:2032
- C:\Windows\System\xRAygTl.exe
  C:\Windows\System\xRAygTl.exe
  2⤵
  PID:1972
- C:\Windows\System\jbkFbQq.exe
  C:\Windows\System\jbkFbQq.exe
  2⤵
  PID:868
- C:\Windows\System\TXOlqjv.exe
  C:\Windows\System\TXOlqjv.exe
  2⤵
  PID:2068
- C:\Windows\System\JqsmkzP.exe
  C:\Windows\System\JqsmkzP.exe
  2⤵
  PID:2472
- C:\Windows\System\ghIfMBH.exe
  C:\Windows\System\ghIfMBH.exe
  2⤵
  PID:2548
- C:\Windows\System\wFCWYtf.exe
  C:\Windows\System\wFCWYtf.exe
  2⤵
  PID:1840
- C:\Windows\System\lpesaAF.exe
  C:\Windows\System\lpesaAF.exe
  2⤵
  PID:2408
- C:\Windows\System\xeMdegE.exe
  C:\Windows\System\xeMdegE.exe
  2⤵
  PID:2732
- C:\Windows\System\xCYMZFP.exe
  C:\Windows\System\xCYMZFP.exe
  2⤵
  PID:2860
- C:\Windows\System\SgYJTIx.exe
  C:\Windows\System\SgYJTIx.exe
  2⤵
  PID:2604
- C:\Windows\System\WrNtSyX.exe
  C:\Windows\System\WrNtSyX.exe
  2⤵
  PID:3052
- C:\Windows\System\pQPoHBD.exe
  C:\Windows\System\pQPoHBD.exe
  2⤵
  PID:2024
- C:\Windows\System\QVJfRdk.exe
  C:\Windows\System\QVJfRdk.exe
  2⤵
  PID:3000
- C:\Windows\System\jkfINmd.exe
  C:\Windows\System\jkfINmd.exe
  2⤵
  PID:2776
- C:\Windows\System\ClmouPP.exe
  C:\Windows\System\ClmouPP.exe
  2⤵
  PID:2188
- C:\Windows\System\Whbdglq.exe
  C:\Windows\System\Whbdglq.exe
  2⤵
  PID:300
- C:\Windows\System\SHytDOD.exe
  C:\Windows\System\SHytDOD.exe
  2⤵
  PID:940
- C:\Windows\System\gclINvN.exe
  C:\Windows\System\gclINvN.exe
  2⤵
  PID:824
- C:\Windows\System\OxCLtXn.exe
  C:\Windows\System\OxCLtXn.exe
  2⤵
  PID:1644
- C:\Windows\System\WTVYgVK.exe
  C:\Windows\System\WTVYgVK.exe
  2⤵
  PID:1548
- C:\Windows\System\rKZpBXB.exe
  C:\Windows\System\rKZpBXB.exe
  2⤵
  PID:2152
- C:\Windows\System\VtWZRll.exe
  C:\Windows\System\VtWZRll.exe
  2⤵
  PID:2392
- C:\Windows\System\CoaVJNd.exe
  C:\Windows\System\CoaVJNd.exe
  2⤵
  PID:2508
- C:\Windows\System\ORUZRxi.exe
  C:\Windows\System\ORUZRxi.exe
  2⤵
  PID:1528
- C:\Windows\System\OnhtWNK.exe
  C:\Windows\System\OnhtWNK.exe
  2⤵
  PID:2244
- C:\Windows\System\INOuocX.exe
  C:\Windows\System\INOuocX.exe
  2⤵
  PID:340
- C:\Windows\System\aytGmTO.exe
  C:\Windows\System\aytGmTO.exe
  2⤵
  PID:2608
- C:\Windows\System\wYcMgNZ.exe
  C:\Windows\System\wYcMgNZ.exe
  2⤵
  PID:2300
- C:\Windows\System\ExfSXFI.exe
  C:\Windows\System\ExfSXFI.exe
  2⤵
  PID:2720
- C:\Windows\System\nyKhdpE.exe
  C:\Windows\System\nyKhdpE.exe
  2⤵
  PID:2940
- C:\Windows\System\XhoIuCb.exe
  C:\Windows\System\XhoIuCb.exe
  2⤵
  PID:3088
- C:\Windows\System\xyAusPa.exe
  C:\Windows\System\xyAusPa.exe
  2⤵
  PID:3108
- C:\Windows\System\ssorAyv.exe
  C:\Windows\System\ssorAyv.exe
  2⤵
  PID:3128
- C:\Windows\System\OIvjTqo.exe
  C:\Windows\System\OIvjTqo.exe
  2⤵
  PID:3148
- C:\Windows\System\xPzHztr.exe
  C:\Windows\System\xPzHztr.exe
  2⤵
  PID:3168
- C:\Windows\System\QiWYlNa.exe
  C:\Windows\System\QiWYlNa.exe
  2⤵
  PID:3188
- C:\Windows\System\ezHVEpM.exe
  C:\Windows\System\ezHVEpM.exe
  2⤵
  PID:3204
- C:\Windows\System\WjttNPD.exe
  C:\Windows\System\WjttNPD.exe
  2⤵
  PID:3228
- C:\Windows\System\btGYHAN.exe
  C:\Windows\System\btGYHAN.exe
  2⤵
  PID:3248
- C:\Windows\System\bXhgKaJ.exe
  C:\Windows\System\bXhgKaJ.exe
  2⤵
  PID:3268
- C:\Windows\System\qhrBKtS.exe
  C:\Windows\System\qhrBKtS.exe
  2⤵
  PID:3288
- C:\Windows\System\SuxpAea.exe
  C:\Windows\System\SuxpAea.exe
  2⤵
  PID:3312
- C:\Windows\System\yXavAXo.exe
  C:\Windows\System\yXavAXo.exe
  2⤵
  PID:3332
- C:\Windows\System\vquPRfm.exe
  C:\Windows\System\vquPRfm.exe
  2⤵
  PID:3352
- C:\Windows\System\PrHfaJm.exe
  C:\Windows\System\PrHfaJm.exe
  2⤵
  PID:3372
- C:\Windows\System\xcxYUMb.exe
  C:\Windows\System\xcxYUMb.exe
  2⤵
  PID:3392
- C:\Windows\System\wkqTJEr.exe
  C:\Windows\System\wkqTJEr.exe
  2⤵
  PID:3412
- C:\Windows\System\xOhDZuA.exe
  C:\Windows\System\xOhDZuA.exe
  2⤵
  PID:3432
- C:\Windows\System\uHxaNpy.exe
  C:\Windows\System\uHxaNpy.exe
  2⤵
  PID:3452
- C:\Windows\System\UtVumzO.exe
  C:\Windows\System\UtVumzO.exe
  2⤵
  PID:3472
- C:\Windows\System\PfGsVhQ.exe
  C:\Windows\System\PfGsVhQ.exe
  2⤵
  PID:3492
- C:\Windows\System\shscExw.exe
  C:\Windows\System\shscExw.exe
  2⤵
  PID:3512
- C:\Windows\System\pCcJyQp.exe
  C:\Windows\System\pCcJyQp.exe
  2⤵
  PID:3532
- C:\Windows\System\jiCNddk.exe
  C:\Windows\System\jiCNddk.exe
  2⤵
  PID:3552
- C:\Windows\System\jsGDcNP.exe
  C:\Windows\System\jsGDcNP.exe
  2⤵
  PID:3572
- C:\Windows\System\xJePRcq.exe
  C:\Windows\System\xJePRcq.exe
  2⤵
  PID:3592
- C:\Windows\System\NBPAdDT.exe
  C:\Windows\System\NBPAdDT.exe
  2⤵
  PID:3612
- C:\Windows\System\ikoFszI.exe
  C:\Windows\System\ikoFszI.exe
  2⤵
  PID:3632
- C:\Windows\System\AiIsvLs.exe
  C:\Windows\System\AiIsvLs.exe
  2⤵
  PID:3652
- C:\Windows\System\AOQatHz.exe
  C:\Windows\System\AOQatHz.exe
  2⤵
  PID:3672
- C:\Windows\System\hAANPCa.exe
  C:\Windows\System\hAANPCa.exe
  2⤵
  PID:3692
- C:\Windows\System\mZowhND.exe
  C:\Windows\System\mZowhND.exe
  2⤵
  PID:3712
- C:\Windows\System\ZrPBRdH.exe
  C:\Windows\System\ZrPBRdH.exe
  2⤵
  PID:3728
- C:\Windows\System\XhzsMdc.exe
  C:\Windows\System\XhzsMdc.exe
  2⤵
  PID:3752
- C:\Windows\System\uSrRcFD.exe
  C:\Windows\System\uSrRcFD.exe
  2⤵
  PID:3772
- C:\Windows\System\JeeLbnJ.exe
  C:\Windows\System\JeeLbnJ.exe
  2⤵
  PID:3792
- C:\Windows\System\xeRyhgE.exe
  C:\Windows\System\xeRyhgE.exe
  2⤵
  PID:3808
- C:\Windows\System\EZJwPJm.exe
  C:\Windows\System\EZJwPJm.exe
  2⤵
  PID:3832
- C:\Windows\System\KCcELoo.exe
  C:\Windows\System\KCcELoo.exe
  2⤵
  PID:3848
- C:\Windows\System\ckOXuOR.exe
  C:\Windows\System\ckOXuOR.exe
  2⤵
  PID:3872
- C:\Windows\System\lAiUxNa.exe
  C:\Windows\System\lAiUxNa.exe
  2⤵
  PID:3888
- C:\Windows\System\xclFCyS.exe
  C:\Windows\System\xclFCyS.exe
  2⤵
  PID:3912
- C:\Windows\System\tTNHxnO.exe
  C:\Windows\System\tTNHxnO.exe
  2⤵
  PID:3928
- C:\Windows\System\vFiRyIn.exe
  C:\Windows\System\vFiRyIn.exe
  2⤵
  PID:3952
- C:\Windows\System\KtPpLVh.exe
  C:\Windows\System\KtPpLVh.exe
  2⤵
  PID:3968
- C:\Windows\System\ZCezsbN.exe
  C:\Windows\System\ZCezsbN.exe
  2⤵
  PID:3988
- C:\Windows\System\dxIqibi.exe
  C:\Windows\System\dxIqibi.exe
  2⤵
  PID:4008
- C:\Windows\System\jTbmjrZ.exe
  C:\Windows\System\jTbmjrZ.exe
  2⤵
  PID:4032
- C:\Windows\System\mIpNVha.exe
  C:\Windows\System\mIpNVha.exe
  2⤵
  PID:4052
- C:\Windows\System\wPMStFe.exe
  C:\Windows\System\wPMStFe.exe
  2⤵
  PID:4068
- C:\Windows\System\XPhNRvJ.exe
  C:\Windows\System\XPhNRvJ.exe
  2⤵
  PID:4092
- C:\Windows\System\OErNTds.exe
  C:\Windows\System\OErNTds.exe
  2⤵
  PID:1448
- C:\Windows\System\NtxwFTA.exe
  C:\Windows\System\NtxwFTA.exe
  2⤵
  PID:1688
- C:\Windows\System\qVaocJR.exe
  C:\Windows\System\qVaocJR.exe
  2⤵
  PID:2412
- C:\Windows\System\BkkVFJO.exe
  C:\Windows\System\BkkVFJO.exe
  2⤵
  PID:2464
- C:\Windows\System\SznrgcL.exe
  C:\Windows\System\SznrgcL.exe
  2⤵
  PID:1668
- C:\Windows\System\ipshTzJ.exe
  C:\Windows\System\ipshTzJ.exe
  2⤵
  PID:272
- C:\Windows\System\hLIywoz.exe
  C:\Windows\System\hLIywoz.exe
  2⤵
  PID:2404
- C:\Windows\System\PzrufUa.exe
  C:\Windows\System\PzrufUa.exe
  2⤵
  PID:1612
- C:\Windows\System\zsJNzcT.exe
  C:\Windows\System\zsJNzcT.exe
  2⤵
  PID:264
- C:\Windows\System\VIiQbQB.exe
  C:\Windows\System\VIiQbQB.exe
  2⤵
  PID:2736
- C:\Windows\System\rEGTQfy.exe
  C:\Windows\System\rEGTQfy.exe
  2⤵
  PID:3076
- C:\Windows\System\tSatVvr.exe
  C:\Windows\System\tSatVvr.exe
  2⤵
  PID:3116
- C:\Windows\System\YhblBEt.exe
  C:\Windows\System\YhblBEt.exe
  2⤵
  PID:3144
- C:\Windows\System\dhGcbjE.exe
  C:\Windows\System\dhGcbjE.exe
  2⤵
  PID:3160
- C:\Windows\System\FdicEDb.exe
  C:\Windows\System\FdicEDb.exe
  2⤵
  PID:3196
- C:\Windows\System\MBAXBlT.exe
  C:\Windows\System\MBAXBlT.exe
  2⤵
  PID:3256
- C:\Windows\System\wrLKoGW.exe
  C:\Windows\System\wrLKoGW.exe
  2⤵
  PID:3280
- C:\Windows\System\jbYZeTf.exe
  C:\Windows\System\jbYZeTf.exe
  2⤵
  PID:3340
- C:\Windows\System\mMluPcb.exe
  C:\Windows\System\mMluPcb.exe
  2⤵
  PID:3388
- C:\Windows\System\qnTdmAK.exe
  C:\Windows\System\qnTdmAK.exe
  2⤵
  PID:3384
- C:\Windows\System\hKXubBv.exe
  C:\Windows\System\hKXubBv.exe
  2⤵
  PID:3404
- C:\Windows\System\ceBejUP.exe
  C:\Windows\System\ceBejUP.exe
  2⤵
  PID:3468
- C:\Windows\System\ziFsmkW.exe
  C:\Windows\System\ziFsmkW.exe
  2⤵
  PID:3500
- C:\Windows\System\XvgDMRp.exe
  C:\Windows\System\XvgDMRp.exe
  2⤵
  PID:3548
- C:\Windows\System\MlILDpp.exe
  C:\Windows\System\MlILDpp.exe
  2⤵
  PID:3560
- C:\Windows\System\jgklnmL.exe
  C:\Windows\System\jgklnmL.exe
  2⤵
  PID:3600
- C:\Windows\System\MehMYzY.exe
  C:\Windows\System\MehMYzY.exe
  2⤵
  PID:3624
- C:\Windows\System\HbBQvID.exe
  C:\Windows\System\HbBQvID.exe
  2⤵
  PID:3668
- C:\Windows\System\uplZwbT.exe
  C:\Windows\System\uplZwbT.exe
  2⤵
  PID:3736
- C:\Windows\System\XbXgMOA.exe
  C:\Windows\System\XbXgMOA.exe
  2⤵
  PID:3684
- C:\Windows\System\JqufZRl.exe
  C:\Windows\System\JqufZRl.exe
  2⤵
  PID:3788
- C:\Windows\System\qOdieWG.exe
  C:\Windows\System\qOdieWG.exe
  2⤵
  PID:3760
- C:\Windows\System\DRilhvw.exe
  C:\Windows\System\DRilhvw.exe
  2⤵
  PID:3860
- C:\Windows\System\SHLSCXh.exe
  C:\Windows\System\SHLSCXh.exe
  2⤵
  PID:3896
- C:\Windows\System\WyjTERh.exe
  C:\Windows\System\WyjTERh.exe
  2⤵
  PID:3844
- C:\Windows\System\SeDQYBX.exe
  C:\Windows\System\SeDQYBX.exe
  2⤵
  PID:3948
- C:\Windows\System\iDEvokQ.exe
  C:\Windows\System\iDEvokQ.exe
  2⤵
  PID:3924
- C:\Windows\System\TbYFwdE.exe
  C:\Windows\System\TbYFwdE.exe
  2⤵
  PID:4020
- C:\Windows\System\YDARNwK.exe
  C:\Windows\System\YDARNwK.exe
  2⤵
  PID:2944
- C:\Windows\System\QWhQBpn.exe
  C:\Windows\System\QWhQBpn.exe
  2⤵
  PID:4040
- C:\Windows\System\WaVXJrB.exe
  C:\Windows\System\WaVXJrB.exe
  2⤵
  PID:1292
- C:\Windows\System\lmJVKEI.exe
  C:\Windows\System\lmJVKEI.exe
  2⤵
  PID:1696
- C:\Windows\System\NfRTPvw.exe
  C:\Windows\System\NfRTPvw.exe
  2⤵
  PID:3020
- C:\Windows\System\OSBRaMw.exe
  C:\Windows\System\OSBRaMw.exe
  2⤵
  PID:1232
- C:\Windows\System\ZeAGcLk.exe
  C:\Windows\System\ZeAGcLk.exe
  2⤵
  PID:1656
- C:\Windows\System\XnhiCry.exe
  C:\Windows\System\XnhiCry.exe
  2⤵
  PID:1224
- C:\Windows\System\YXeZygf.exe
  C:\Windows\System\YXeZygf.exe
  2⤵
  PID:304
- C:\Windows\System\piRoRuJ.exe
  C:\Windows\System\piRoRuJ.exe
  2⤵
  PID:3084
- C:\Windows\System\yFsPpoe.exe
  C:\Windows\System\yFsPpoe.exe
  2⤵
  PID:3156
- C:\Windows\System\vWwNlbb.exe
  C:\Windows\System\vWwNlbb.exe
  2⤵
  PID:3284
- C:\Windows\System\RGOGKkd.exe
  C:\Windows\System\RGOGKkd.exe
  2⤵
  PID:3236
- C:\Windows\System\FcJcMeP.exe
  C:\Windows\System\FcJcMeP.exe
  2⤵
  PID:3344
- C:\Windows\System\eamdYcQ.exe
  C:\Windows\System\eamdYcQ.exe
  2⤵
  PID:3400
- C:\Windows\System\fflFuYb.exe
  C:\Windows\System\fflFuYb.exe
  2⤵
  PID:3484
- C:\Windows\System\JIfOTSv.exe
  C:\Windows\System\JIfOTSv.exe
  2⤵
  PID:3504
- C:\Windows\System\uuCDodh.exe
  C:\Windows\System\uuCDodh.exe
  2⤵
  PID:3628
- C:\Windows\System\fnCewfU.exe
  C:\Windows\System\fnCewfU.exe
  2⤵
  PID:3568
- C:\Windows\System\BACqdKW.exe
  C:\Windows\System\BACqdKW.exe
  2⤵
  PID:3644
- C:\Windows\System\jUnqIhD.exe
  C:\Windows\System\jUnqIhD.exe
  2⤵
  PID:3720
- C:\Windows\System\dKkLdXz.exe
  C:\Windows\System\dKkLdXz.exe
  2⤵
  PID:3856
- C:\Windows\System\lOWQdZB.exe
  C:\Windows\System\lOWQdZB.exe
  2⤵
  PID:3800
- C:\Windows\System\EzgDnzJ.exe
  C:\Windows\System\EzgDnzJ.exe
  2⤵
  PID:3976
- C:\Windows\System\lZJGQHM.exe
  C:\Windows\System\lZJGQHM.exe
  2⤵
  PID:3880
- C:\Windows\System\SaaxOAM.exe
  C:\Windows\System\SaaxOAM.exe
  2⤵
  PID:4064
- C:\Windows\System\FdSlyKu.exe
  C:\Windows\System\FdSlyKu.exe
  2⤵
  PID:4000
- C:\Windows\System\bSYXLeN.exe
  C:\Windows\System\bSYXLeN.exe
  2⤵
  PID:676
- C:\Windows\System\nZXfbJk.exe
  C:\Windows\System\nZXfbJk.exe
  2⤵
  PID:1828
- C:\Windows\System\PajrWKx.exe
  C:\Windows\System\PajrWKx.exe
  2⤵
  PID:2792
- C:\Windows\System\woGhOfi.exe
  C:\Windows\System\woGhOfi.exe
  2⤵
  PID:3100
- C:\Windows\System\PSKhZPp.exe
  C:\Windows\System\PSKhZPp.exe
  2⤵
  PID:3120
- C:\Windows\System\omgZIiX.exe
  C:\Windows\System\omgZIiX.exe
  2⤵
  PID:3220
- C:\Windows\System\iWIwNJG.exe
  C:\Windows\System\iWIwNJG.exe
  2⤵
  PID:3408
- C:\Windows\System\VoqXWgB.exe
  C:\Windows\System\VoqXWgB.exe
  2⤵
  PID:3460
- C:\Windows\System\VzrMJtd.exe
  C:\Windows\System\VzrMJtd.exe
  2⤵
  PID:3524
- C:\Windows\System\ZTiSJmU.exe
  C:\Windows\System\ZTiSJmU.exe
  2⤵
  PID:3724
- C:\Windows\System\GYqWhDo.exe
  C:\Windows\System\GYqWhDo.exe
  2⤵
  PID:3660
- C:\Windows\System\fLTqtsi.exe
  C:\Windows\System\fLTqtsi.exe
  2⤵
  PID:3820
- C:\Windows\System\ORqhMFl.exe
  C:\Windows\System\ORqhMFl.exe
  2⤵
  PID:4044
- C:\Windows\System\gaJwaOE.exe
  C:\Windows\System\gaJwaOE.exe
  2⤵
  PID:3900
- C:\Windows\System\ddbOwSP.exe
  C:\Windows\System\ddbOwSP.exe
  2⤵
  PID:908
- C:\Windows\System\ZccWnJD.exe
  C:\Windows\System\ZccWnJD.exe
  2⤵
  PID:4100
- C:\Windows\System\YzROHkS.exe
  C:\Windows\System\YzROHkS.exe
  2⤵
  PID:4120
- C:\Windows\System\xpjoSwE.exe
  C:\Windows\System\xpjoSwE.exe
  2⤵
  PID:4140
- C:\Windows\System\GbAPGaP.exe
  C:\Windows\System\GbAPGaP.exe
  2⤵
  PID:4160
- C:\Windows\System\SPYDYMM.exe
  C:\Windows\System\SPYDYMM.exe
  2⤵
  PID:4180
- C:\Windows\System\rKwErms.exe
  C:\Windows\System\rKwErms.exe
  2⤵
  PID:4200
- C:\Windows\System\TidzQuH.exe
  C:\Windows\System\TidzQuH.exe
  2⤵
  PID:4220
- C:\Windows\System\ykPARqR.exe
  C:\Windows\System\ykPARqR.exe
  2⤵
  PID:4240
- C:\Windows\System\jqEkvAv.exe
  C:\Windows\System\jqEkvAv.exe
  2⤵
  PID:4260
- C:\Windows\System\ghjukra.exe
  C:\Windows\System\ghjukra.exe
  2⤵
  PID:4276
- C:\Windows\System\rhNVKEP.exe
  C:\Windows\System\rhNVKEP.exe
  2⤵
  PID:4300
- C:\Windows\System\qNnyrqz.exe
  C:\Windows\System\qNnyrqz.exe
  2⤵
  PID:4320
- C:\Windows\System\wNzpvcg.exe
  C:\Windows\System\wNzpvcg.exe
  2⤵
  PID:4340
- C:\Windows\System\AhXdyht.exe
  C:\Windows\System\AhXdyht.exe
  2⤵
  PID:4360
- C:\Windows\System\xsbKXrt.exe
  C:\Windows\System\xsbKXrt.exe
  2⤵
  PID:4380
- C:\Windows\System\oNYznsL.exe
  C:\Windows\System\oNYznsL.exe
  2⤵
  PID:4400
- C:\Windows\System\xWXZlpO.exe
  C:\Windows\System\xWXZlpO.exe
  2⤵
  PID:4420
- C:\Windows\System\EtcKsQU.exe
  C:\Windows\System\EtcKsQU.exe
  2⤵
  PID:4440
- C:\Windows\System\SGxjPeX.exe
  C:\Windows\System\SGxjPeX.exe
  2⤵
  PID:4460
- C:\Windows\System\CfHNUGD.exe
  C:\Windows\System\CfHNUGD.exe
  2⤵
  PID:4480
- C:\Windows\System\HUIVPFp.exe
  C:\Windows\System\HUIVPFp.exe
  2⤵
  PID:4500
- C:\Windows\System\tpJsYbp.exe
  C:\Windows\System\tpJsYbp.exe
  2⤵
  PID:4520
- C:\Windows\System\iHmpCYd.exe
  C:\Windows\System\iHmpCYd.exe
  2⤵
  PID:4540
- C:\Windows\System\THNIcMP.exe
  C:\Windows\System\THNIcMP.exe
  2⤵
  PID:4560
- C:\Windows\System\HFRQgrw.exe
  C:\Windows\System\HFRQgrw.exe
  2⤵
  PID:4580
- C:\Windows\System\CwPsoce.exe
  C:\Windows\System\CwPsoce.exe
  2⤵
  PID:4600
- C:\Windows\System\PYoERIy.exe
  C:\Windows\System\PYoERIy.exe
  2⤵
  PID:4620
- C:\Windows\System\flErLOB.exe
  C:\Windows\System\flErLOB.exe
  2⤵
  PID:4636
- C:\Windows\System\ZJvRRNG.exe
  C:\Windows\System\ZJvRRNG.exe
  2⤵
  PID:4660
- C:\Windows\System\eGvibth.exe
  C:\Windows\System\eGvibth.exe
  2⤵
  PID:4680
- C:\Windows\System\OHQQLXd.exe
  C:\Windows\System\OHQQLXd.exe
  2⤵
  PID:4700
- C:\Windows\System\NKZEMrw.exe
  C:\Windows\System\NKZEMrw.exe
  2⤵
  PID:4720
- C:\Windows\System\HGPlRsr.exe
  C:\Windows\System\HGPlRsr.exe
  2⤵
  PID:4740
- C:\Windows\System\MDLbnai.exe
  C:\Windows\System\MDLbnai.exe
  2⤵
  PID:4760
- C:\Windows\System\vvpxQpF.exe
  C:\Windows\System\vvpxQpF.exe
  2⤵
  PID:4780
- C:\Windows\System\ybedSAp.exe
  C:\Windows\System\ybedSAp.exe
  2⤵
  PID:4800
- C:\Windows\System\hXcyRYT.exe
  C:\Windows\System\hXcyRYT.exe
  2⤵
  PID:4820
- C:\Windows\System\PMmxMxd.exe
  C:\Windows\System\PMmxMxd.exe
  2⤵
  PID:4840
- C:\Windows\System\VpeKaFC.exe
  C:\Windows\System\VpeKaFC.exe
  2⤵
  PID:4860
- C:\Windows\System\WtkHvdp.exe
  C:\Windows\System\WtkHvdp.exe
  2⤵
  PID:4880
- C:\Windows\System\LWKFrZD.exe
  C:\Windows\System\LWKFrZD.exe
  2⤵
  PID:4900
- C:\Windows\System\krpVJTi.exe
  C:\Windows\System\krpVJTi.exe
  2⤵
  PID:4920
- C:\Windows\System\PAnRgMP.exe
  C:\Windows\System\PAnRgMP.exe
  2⤵
  PID:4940
- C:\Windows\System\cIVHFrj.exe
  C:\Windows\System\cIVHFrj.exe
  2⤵
  PID:4956
- C:\Windows\System\UjsnfIm.exe
  C:\Windows\System\UjsnfIm.exe
  2⤵
  PID:4980
- C:\Windows\System\rJNcsLt.exe
  C:\Windows\System\rJNcsLt.exe
  2⤵
  PID:5004
- C:\Windows\System\XxXLtcB.exe
  C:\Windows\System\XxXLtcB.exe
  2⤵
  PID:5024
- C:\Windows\System\DIuCOmL.exe
  C:\Windows\System\DIuCOmL.exe
  2⤵
  PID:5044
- C:\Windows\System\GLBCnCj.exe
  C:\Windows\System\GLBCnCj.exe
  2⤵
  PID:5064
- C:\Windows\System\VsEcmxg.exe
  C:\Windows\System\VsEcmxg.exe
  2⤵
  PID:5084
- C:\Windows\System\xNZefjY.exe
  C:\Windows\System\xNZefjY.exe
  2⤵
  PID:5104
- C:\Windows\System\tVsqYyq.exe
  C:\Windows\System\tVsqYyq.exe
  2⤵
  PID:1140
- C:\Windows\System\ggHcpct.exe
  C:\Windows\System\ggHcpct.exe
  2⤵
  PID:3304
- C:\Windows\System\mVatujC.exe
  C:\Windows\System\mVatujC.exe
  2⤵
  PID:1524
- C:\Windows\System\WyVaiXh.exe
  C:\Windows\System\WyVaiXh.exe
  2⤵
  PID:3528
- C:\Windows\System\zxIyCrj.exe
  C:\Windows\System\zxIyCrj.exe
  2⤵
  PID:3480
- C:\Windows\System\zdvnwXa.exe
  C:\Windows\System\zdvnwXa.exe
  2⤵
  PID:3824
- C:\Windows\System\PjleOJB.exe
  C:\Windows\System\PjleOJB.exe
  2⤵
  PID:3936
- C:\Windows\System\wNQldpO.exe
  C:\Windows\System\wNQldpO.exe
  2⤵
  PID:3964
- C:\Windows\System\eoGpPaU.exe
  C:\Windows\System\eoGpPaU.exe
  2⤵
  PID:4080
- C:\Windows\System\coNvMlo.exe
  C:\Windows\System\coNvMlo.exe
  2⤵
  PID:4116
- C:\Windows\System\sfsZADX.exe
  C:\Windows\System\sfsZADX.exe
  2⤵
  PID:4152
- C:\Windows\System\EhsOJAW.exe
  C:\Windows\System\EhsOJAW.exe
  2⤵
  PID:4196
- C:\Windows\System\MEJKoop.exe
  C:\Windows\System\MEJKoop.exe
  2⤵
  PID:4252
- C:\Windows\System\NheJXDW.exe
  C:\Windows\System\NheJXDW.exe
  2⤵
  PID:4284
- C:\Windows\System\BpzIycH.exe
  C:\Windows\System\BpzIycH.exe
  2⤵
  PID:4292
- C:\Windows\System\eZPzYBe.exe
  C:\Windows\System\eZPzYBe.exe
  2⤵
  PID:4312
- C:\Windows\System\KFNkrXa.exe
  C:\Windows\System\KFNkrXa.exe
  2⤵
  PID:4356
- C:\Windows\System\QwnhKwZ.exe
  C:\Windows\System\QwnhKwZ.exe
  2⤵
  PID:4416
- C:\Windows\System\nxMvOhv.exe
  C:\Windows\System\nxMvOhv.exe
  2⤵
  PID:4436
- C:\Windows\System\aIansvN.exe
  C:\Windows\System\aIansvN.exe
  2⤵
  PID:4488
- C:\Windows\System\eghqKQR.exe
  C:\Windows\System\eghqKQR.exe
  2⤵
  PID:4472
- C:\Windows\System\lwASVJk.exe
  C:\Windows\System\lwASVJk.exe
  2⤵
  PID:4536
- C:\Windows\System\BXCBjfb.exe
  C:\Windows\System\BXCBjfb.exe
  2⤵
  PID:4572
- C:\Windows\System\rfNDsWG.exe
  C:\Windows\System\rfNDsWG.exe
  2⤵
  PID:4612
- C:\Windows\System\aPNeYXC.exe
  C:\Windows\System\aPNeYXC.exe
  2⤵
  PID:4648
- C:\Windows\System\hIoKXdh.exe
  C:\Windows\System\hIoKXdh.exe
  2⤵
  PID:4668
- C:\Windows\System\auFrvpA.exe
  C:\Windows\System\auFrvpA.exe
  2⤵
  PID:4672
- C:\Windows\System\ImSiKEQ.exe
  C:\Windows\System\ImSiKEQ.exe
  2⤵
  PID:4712
- C:\Windows\System\rzVXszw.exe
  C:\Windows\System\rzVXszw.exe
  2⤵
  PID:4772
- C:\Windows\System\ixgcHbW.exe
  C:\Windows\System\ixgcHbW.exe
  2⤵
  PID:4796
- C:\Windows\System\KMScUsS.exe
  C:\Windows\System\KMScUsS.exe
  2⤵
  PID:4848
- C:\Windows\System\wlNOWdd.exe
  C:\Windows\System\wlNOWdd.exe
  2⤵
  PID:4868
- C:\Windows\System\FNIQGia.exe
  C:\Windows\System\FNIQGia.exe
  2⤵
  PID:4892
- C:\Windows\System\mrXwheH.exe
  C:\Windows\System\mrXwheH.exe
  2⤵
  PID:4912
- C:\Windows\System\luUyTGm.exe
  C:\Windows\System\luUyTGm.exe
  2⤵
  PID:4972
- C:\Windows\System\soJjpbD.exe
  C:\Windows\System\soJjpbD.exe
  2⤵
  PID:4992
- C:\Windows\System\FvQImZx.exe
  C:\Windows\System\FvQImZx.exe
  2⤵
  PID:5040
- C:\Windows\System\WxHHgJL.exe
  C:\Windows\System\WxHHgJL.exe
  2⤵
  PID:5100
- C:\Windows\System\PKZhzny.exe
  C:\Windows\System\PKZhzny.exe
  2⤵
  PID:5112
- C:\Windows\System\vMmxrup.exe
  C:\Windows\System\vMmxrup.exe
  2⤵
  PID:5116
- C:\Windows\System\HlKTxnl.exe
  C:\Windows\System\HlKTxnl.exe
  2⤵
  PID:3428
- C:\Windows\System\aopAuJk.exe
  C:\Windows\System\aopAuJk.exe
  2⤵
  PID:3488
- C:\Windows\System\Lgfzkkq.exe
  C:\Windows\System\Lgfzkkq.exe
  2⤵
  PID:3980
- C:\Windows\System\CEMJptZ.exe
  C:\Windows\System\CEMJptZ.exe
  2⤵
  PID:1400
- C:\Windows\System\zcYoUhw.exe
  C:\Windows\System\zcYoUhw.exe
  2⤵
  PID:4168
- C:\Windows\System\EMjJekZ.exe
  C:\Windows\System\EMjJekZ.exe
  2⤵
  PID:4148
- C:\Windows\System\RNkyLkC.exe
  C:\Windows\System\RNkyLkC.exe
  2⤵
  PID:4232
- C:\Windows\System\LjKXGzZ.exe
  C:\Windows\System\LjKXGzZ.exe
  2⤵
  PID:4328
- C:\Windows\System\cXDsmpe.exe
  C:\Windows\System\cXDsmpe.exe
  2⤵
  PID:4372
- C:\Windows\System\mHxHyEX.exe
  C:\Windows\System\mHxHyEX.exe
  2⤵
  PID:4428
- C:\Windows\System\MliRFOM.exe
  C:\Windows\System\MliRFOM.exe
  2⤵
  PID:4492
- C:\Windows\System\sfdoOnI.exe
  C:\Windows\System\sfdoOnI.exe
  2⤵
  PID:4516
- C:\Windows\System\TGyvaxd.exe
  C:\Windows\System\TGyvaxd.exe
  2⤵
  PID:4616
- C:\Windows\System\XCunwaB.exe
  C:\Windows\System\XCunwaB.exe
  2⤵
  PID:4644
- C:\Windows\System\XEsbXHR.exe
  C:\Windows\System\XEsbXHR.exe
  2⤵
  PID:4696
- C:\Windows\System\YgGNAtW.exe
  C:\Windows\System\YgGNAtW.exe
  2⤵
  PID:4808
- C:\Windows\System\bXGsjKF.exe
  C:\Windows\System\bXGsjKF.exe
  2⤵
  PID:4792
- C:\Windows\System\RLoukAU.exe
  C:\Windows\System\RLoukAU.exe
  2⤵
  PID:4812
- C:\Windows\System\wWMuaHV.exe
  C:\Windows\System\wWMuaHV.exe
  2⤵
  PID:4896
- C:\Windows\System\YOaHnpd.exe
  C:\Windows\System\YOaHnpd.exe
  2⤵
  PID:4952
- C:\Windows\System\NJkDzin.exe
  C:\Windows\System\NJkDzin.exe
  2⤵
  PID:5036
- C:\Windows\System\wSpySlT.exe
  C:\Windows\System\wSpySlT.exe
  2⤵
  PID:5076
- C:\Windows\System\PDEXzjt.exe
  C:\Windows\System\PDEXzjt.exe
  2⤵
  PID:2528
- C:\Windows\System\pzfydCF.exe
  C:\Windows\System\pzfydCF.exe
  2⤵
  PID:3364
- C:\Windows\System\yOcZJuK.exe
  C:\Windows\System\yOcZJuK.exe
  2⤵
  PID:3688
- C:\Windows\System\hvUSWWZ.exe
  C:\Windows\System\hvUSWWZ.exe
  2⤵
  PID:4208
- C:\Windows\System\XYFqzZg.exe
  C:\Windows\System\XYFqzZg.exe
  2⤵
  PID:4296
- C:\Windows\System\AwSJivO.exe
  C:\Windows\System\AwSJivO.exe
  2⤵
  PID:4396
- C:\Windows\System\VmSMKGd.exe
  C:\Windows\System\VmSMKGd.exe
  2⤵
  PID:4456
- C:\Windows\System\BItFrFK.exe
  C:\Windows\System\BItFrFK.exe
  2⤵
  PID:4452
- C:\Windows\System\aJsGsvH.exe
  C:\Windows\System\aJsGsvH.exe
  2⤵
  PID:4652
- C:\Windows\System\pvmwwqZ.exe
  C:\Windows\System\pvmwwqZ.exe
  2⤵
  PID:4716
- C:\Windows\System\uoseKxX.exe
  C:\Windows\System\uoseKxX.exe
  2⤵
  PID:4832
- C:\Windows\System\zAObjgj.exe
  C:\Windows\System\zAObjgj.exe
  2⤵
  PID:4928
- C:\Windows\System\HZJKVbC.exe
  C:\Windows\System\HZJKVbC.exe
  2⤵
  PID:5132
- C:\Windows\System\GkcbKeI.exe
  C:\Windows\System\GkcbKeI.exe
  2⤵
  PID:5152
- C:\Windows\System\dCNVPnj.exe
  C:\Windows\System\dCNVPnj.exe
  2⤵
  PID:5172
- C:\Windows\System\SvITVEs.exe
  C:\Windows\System\SvITVEs.exe
  2⤵
  PID:5192
- C:\Windows\System\yDaZqAf.exe
  C:\Windows\System\yDaZqAf.exe
  2⤵
  PID:5212
- C:\Windows\System\hBmFajl.exe
  C:\Windows\System\hBmFajl.exe
  2⤵
  PID:5228
- C:\Windows\System\BYXryoY.exe
  C:\Windows\System\BYXryoY.exe
  2⤵
  PID:5252
- C:\Windows\System\ksZWKFv.exe
  C:\Windows\System\ksZWKFv.exe
  2⤵
  PID:5272
- C:\Windows\System\BUEBBkG.exe
  C:\Windows\System\BUEBBkG.exe
  2⤵
  PID:5292
- C:\Windows\System\tvYyZbD.exe
  C:\Windows\System\tvYyZbD.exe
  2⤵
  PID:5312
- C:\Windows\System\oHGIeny.exe
  C:\Windows\System\oHGIeny.exe
  2⤵
  PID:5332
- C:\Windows\System\amtTYen.exe
  C:\Windows\System\amtTYen.exe
  2⤵
  PID:5352
- C:\Windows\System\VbqBnzD.exe
  C:\Windows\System\VbqBnzD.exe
  2⤵
  PID:5372
- C:\Windows\System\GwDIpVi.exe
  C:\Windows\System\GwDIpVi.exe
  2⤵
  PID:5396
- C:\Windows\System\VnRZrzX.exe
  C:\Windows\System\VnRZrzX.exe
  2⤵
  PID:5416
- C:\Windows\System\SSUHeLX.exe
  C:\Windows\System\SSUHeLX.exe
  2⤵
  PID:5436
- C:\Windows\System\WfydwGy.exe
  C:\Windows\System\WfydwGy.exe
  2⤵
  PID:5456
- C:\Windows\System\SKRlLQN.exe
  C:\Windows\System\SKRlLQN.exe
  2⤵
  PID:5476
- C:\Windows\System\RjBYYXq.exe
  C:\Windows\System\RjBYYXq.exe
  2⤵
  PID:5496
- C:\Windows\System\QtfMrYN.exe
  C:\Windows\System\QtfMrYN.exe
  2⤵
  PID:5516
- C:\Windows\System\gglsmoj.exe
  C:\Windows\System\gglsmoj.exe
  2⤵
  PID:5536
- C:\Windows\System\PDjOBck.exe
  C:\Windows\System\PDjOBck.exe
  2⤵
  PID:5556
- C:\Windows\System\EglRpRb.exe
  C:\Windows\System\EglRpRb.exe
  2⤵
  PID:5576
- C:\Windows\System\aOVyCod.exe
  C:\Windows\System\aOVyCod.exe
  2⤵
  PID:5596
- C:\Windows\System\HqCVKqs.exe
  C:\Windows\System\HqCVKqs.exe
  2⤵
  PID:5616
- C:\Windows\System\aepgeET.exe
  C:\Windows\System\aepgeET.exe
  2⤵
  PID:5636
- C:\Windows\System\YCtUBOL.exe
  C:\Windows\System\YCtUBOL.exe
  2⤵
  PID:5656
- C:\Windows\System\OmltGTj.exe
  C:\Windows\System\OmltGTj.exe
  2⤵
  PID:5676
- C:\Windows\System\HqRMAFC.exe
  C:\Windows\System\HqRMAFC.exe
  2⤵
  PID:5696
- C:\Windows\System\dPvfQyk.exe
  C:\Windows\System\dPvfQyk.exe
  2⤵
  PID:5716
- C:\Windows\System\vSmtRfX.exe
  C:\Windows\System\vSmtRfX.exe
  2⤵
  PID:5736
- C:\Windows\System\teJenao.exe
  C:\Windows\System\teJenao.exe
  2⤵
  PID:5756
- C:\Windows\System\JxZMAZb.exe
  C:\Windows\System\JxZMAZb.exe
  2⤵
  PID:5776
- C:\Windows\System\HVkEYiT.exe
  C:\Windows\System\HVkEYiT.exe
  2⤵
  PID:5796
- C:\Windows\System\LCdHjIw.exe
  C:\Windows\System\LCdHjIw.exe
  2⤵
  PID:5816
- C:\Windows\System\cTgzNjL.exe
  C:\Windows\System\cTgzNjL.exe
  2⤵
  PID:5836
- C:\Windows\System\BsZsgxi.exe
  C:\Windows\System\BsZsgxi.exe
  2⤵
  PID:5856
- C:\Windows\System\AGryAta.exe
  C:\Windows\System\AGryAta.exe
  2⤵
  PID:5876
- C:\Windows\System\FkqmMQR.exe
  C:\Windows\System\FkqmMQR.exe
  2⤵
  PID:5896
- C:\Windows\System\ZzwNjqL.exe
  C:\Windows\System\ZzwNjqL.exe
  2⤵
  PID:5916
- C:\Windows\System\nZRKuEX.exe
  C:\Windows\System\nZRKuEX.exe
  2⤵
  PID:5936
- C:\Windows\System\DyJfUhZ.exe
  C:\Windows\System\DyJfUhZ.exe
  2⤵
  PID:5952
- C:\Windows\System\BnqLwzi.exe
  C:\Windows\System\BnqLwzi.exe
  2⤵
  PID:5972
- C:\Windows\System\mUYHqeJ.exe
  C:\Windows\System\mUYHqeJ.exe
  2⤵
  PID:5996
- C:\Windows\System\dykDGeG.exe
  C:\Windows\System\dykDGeG.exe
  2⤵
  PID:6012
- C:\Windows\System\fWbIfvD.exe
  C:\Windows\System\fWbIfvD.exe
  2⤵
  PID:6036
- C:\Windows\System\aXTMPAK.exe
  C:\Windows\System\aXTMPAK.exe
  2⤵
  PID:6056
- C:\Windows\System\czPpxxS.exe
  C:\Windows\System\czPpxxS.exe
  2⤵
  PID:6076
- C:\Windows\System\bSaEGxC.exe
  C:\Windows\System\bSaEGxC.exe
  2⤵
  PID:6096
- C:\Windows\System\sABFbFr.exe
  C:\Windows\System\sABFbFr.exe
  2⤵
  PID:6116
- C:\Windows\System\JaCobnv.exe
  C:\Windows\System\JaCobnv.exe
  2⤵
  PID:6136
- C:\Windows\System\dqxvqMh.exe
  C:\Windows\System\dqxvqMh.exe
  2⤵
  PID:5032
- C:\Windows\System\YcZAuTJ.exe
  C:\Windows\System\YcZAuTJ.exe
  2⤵
  PID:5060
- C:\Windows\System\fJqJECa.exe
  C:\Windows\System\fJqJECa.exe
  2⤵
  PID:4188
- C:\Windows\System\fUqBnEh.exe
  C:\Windows\System\fUqBnEh.exe
  2⤵
  PID:3700
- C:\Windows\System\ghrJcFm.exe
  C:\Windows\System\ghrJcFm.exe
  2⤵
  PID:4216
- C:\Windows\System\tWazszr.exe
  C:\Windows\System\tWazszr.exe
  2⤵
  PID:4468
- C:\Windows\System\KisrTel.exe
  C:\Windows\System\KisrTel.exe
  2⤵
  PID:4548
- C:\Windows\System\hTnWmqP.exe
  C:\Windows\System\hTnWmqP.exe
  2⤵
  PID:4576
- C:\Windows\System\msXVEmA.exe
  C:\Windows\System\msXVEmA.exe
  2⤵
  PID:4788
- C:\Windows\System\sHDYXRT.exe
  C:\Windows\System\sHDYXRT.exe
  2⤵
  PID:5124
- C:\Windows\System\nDiMXoR.exe
  C:\Windows\System\nDiMXoR.exe
  2⤵
  PID:5188
- C:\Windows\System\WahVrzE.exe
  C:\Windows\System\WahVrzE.exe
  2⤵
  PID:5200
- C:\Windows\System\zMGYevS.exe
  C:\Windows\System\zMGYevS.exe
  2⤵
  PID:5248
- C:\Windows\System\YiFnwAJ.exe
  C:\Windows\System\YiFnwAJ.exe
  2⤵
  PID:5308
- C:\Windows\System\pMQNUuA.exe
  C:\Windows\System\pMQNUuA.exe
  2⤵
  PID:5320
- C:\Windows\System\cDcZGux.exe
  C:\Windows\System\cDcZGux.exe
  2⤵
  PID:5344
- C:\Windows\System\ebrKREp.exe
  C:\Windows\System\ebrKREp.exe
  2⤵
  PID:5392
- C:\Windows\System\abNIkLq.exe
  C:\Windows\System\abNIkLq.exe
  2⤵
  PID:5412
- C:\Windows\System\ZEEsruQ.exe
  C:\Windows\System\ZEEsruQ.exe
  2⤵
  PID:5448
- C:\Windows\System\McGXuPw.exe
  C:\Windows\System\McGXuPw.exe
  2⤵
  PID:5512
- C:\Windows\System\ZnhQPbq.exe
  C:\Windows\System\ZnhQPbq.exe
  2⤵
  PID:5524
- C:\Windows\System\lhtsfJN.exe
  C:\Windows\System\lhtsfJN.exe
  2⤵
  PID:5552
- C:\Windows\System\UeqTwmP.exe
  C:\Windows\System\UeqTwmP.exe
  2⤵
  PID:5568
- C:\Windows\System\TWGiqcD.exe
  C:\Windows\System\TWGiqcD.exe
  2⤵
  PID:5628
- C:\Windows\System\rSjaGqh.exe
  C:\Windows\System\rSjaGqh.exe
  2⤵
  PID:5672
- C:\Windows\System\lHXQxmd.exe
  C:\Windows\System\lHXQxmd.exe
  2⤵
  PID:5712
- C:\Windows\System\BwwxyVf.exe
  C:\Windows\System\BwwxyVf.exe
  2⤵
  PID:5708
- C:\Windows\System\voxifHb.exe
  C:\Windows\System\voxifHb.exe
  2⤵
  PID:5728
- C:\Windows\System\azaIcnx.exe
  C:\Windows\System\azaIcnx.exe
  2⤵
  PID:5768
- C:\Windows\System\ELtPVAS.exe
  C:\Windows\System\ELtPVAS.exe
  2⤵
  PID:5828
- C:\Windows\System\FOsSODY.exe
  C:\Windows\System\FOsSODY.exe
  2⤵
  PID:5844
- C:\Windows\System\wPzBIAR.exe
  C:\Windows\System\wPzBIAR.exe
  2⤵
  PID:5904
- C:\Windows\System\AuJjYUm.exe
  C:\Windows\System\AuJjYUm.exe
  2⤵
  PID:5944
- C:\Windows\System\JFBnNWj.exe
  C:\Windows\System\JFBnNWj.exe
  2⤵
  PID:5980
- C:\Windows\System\TRYZbdz.exe
  C:\Windows\System\TRYZbdz.exe
  2⤵
  PID:5964
- C:\Windows\System\HkrIKXP.exe
  C:\Windows\System\HkrIKXP.exe
  2⤵
  PID:6024
- C:\Windows\System\wkthYAo.exe
  C:\Windows\System\wkthYAo.exe
  2⤵
  PID:6072
- C:\Windows\System\qWHXkUz.exe
  C:\Windows\System\qWHXkUz.exe
  2⤵
  PID:6104
- C:\Windows\System\cpdWEFe.exe
  C:\Windows\System\cpdWEFe.exe
  2⤵
  PID:4968
- C:\Windows\System\dcCYnNx.exe
  C:\Windows\System\dcCYnNx.exe
  2⤵
  PID:4976
- C:\Windows\System\JMsAFTj.exe
  C:\Windows\System\JMsAFTj.exe
  2⤵
  PID:5072
- C:\Windows\System\vzgmubQ.exe
  C:\Windows\System\vzgmubQ.exe
  2⤵
  PID:3884
- C:\Windows\System\YBeAdSA.exe
  C:\Windows\System\YBeAdSA.exe
  2⤵
  PID:4512
- C:\Windows\System\SUqZjrD.exe
  C:\Windows\System\SUqZjrD.exe
  2⤵
  PID:4836
- C:\Windows\System\mbwRQoT.exe
  C:\Windows\System\mbwRQoT.exe
  2⤵
  PID:5140
- C:\Windows\System\ZOqNDqE.exe
  C:\Windows\System\ZOqNDqE.exe
  2⤵
  PID:5148
- C:\Windows\System\bMZmtup.exe
  C:\Windows\System\bMZmtup.exe
  2⤵
  PID:5220
- C:\Windows\System\UXufNxZ.exe
  C:\Windows\System\UXufNxZ.exe
  2⤵
  PID:5260
- C:\Windows\System\gDlfyEz.exe
  C:\Windows\System\gDlfyEz.exe
  2⤵
  PID:5340
- C:\Windows\System\VMWQXZE.exe
  C:\Windows\System\VMWQXZE.exe
  2⤵
  PID:5404
- C:\Windows\System\XFuNBtU.exe
  C:\Windows\System\XFuNBtU.exe
  2⤵
  PID:5492
- C:\Windows\System\NfRmnvH.exe
  C:\Windows\System\NfRmnvH.exe
  2⤵
  PID:5484
- C:\Windows\System\lpOTPZQ.exe
  C:\Windows\System\lpOTPZQ.exe
  2⤵
  PID:5564
- C:\Windows\System\PwKbOEr.exe
  C:\Windows\System\PwKbOEr.exe
  2⤵
  PID:5664
- C:\Windows\System\JnGJAGR.exe
  C:\Windows\System\JnGJAGR.exe
  2⤵
  PID:5688
- C:\Windows\System\xHVPWKs.exe
  C:\Windows\System\xHVPWKs.exe
  2⤵
  PID:5764
- C:\Windows\System\ZGaIWKp.exe
  C:\Windows\System\ZGaIWKp.exe
  2⤵
  PID:5808
- C:\Windows\System\HGZtGtN.exe
  C:\Windows\System\HGZtGtN.exe
  2⤵
  PID:5864
- C:\Windows\System\gsPgqdQ.exe
  C:\Windows\System\gsPgqdQ.exe
  2⤵
  PID:5884
- C:\Windows\System\ExZWEZF.exe
  C:\Windows\System\ExZWEZF.exe
  2⤵
  PID:5932
- C:\Windows\System\QBMYVTx.exe
  C:\Windows\System\QBMYVTx.exe
  2⤵
  PID:6032
- C:\Windows\System\MlnSDcY.exe
  C:\Windows\System\MlnSDcY.exe
  2⤵
  PID:6088
- C:\Windows\System\EIxdtoU.exe
  C:\Windows\System\EIxdtoU.exe
  2⤵
  PID:3212
- C:\Windows\System\zJGlWMw.exe
  C:\Windows\System\zJGlWMw.exe
  2⤵
  PID:6132
- C:\Windows\System\eszLYFZ.exe
  C:\Windows\System\eszLYFZ.exe
  2⤵
  PID:4692
- C:\Windows\System\BtXomDc.exe
  C:\Windows\System\BtXomDc.exe
  2⤵
  PID:4736
- C:\Windows\System\bithuoE.exe
  C:\Windows\System\bithuoE.exe
  2⤵
  PID:5168
- C:\Windows\System\wWYvKSD.exe
  C:\Windows\System\wWYvKSD.exe
  2⤵
  PID:5288
- C:\Windows\System\BOkDpFT.exe
  C:\Windows\System\BOkDpFT.exe
  2⤵
  PID:5304
- C:\Windows\System\JSKXkPS.exe
  C:\Windows\System\JSKXkPS.exe
  2⤵
  PID:5584
- C:\Windows\System\Hmbeypn.exe
  C:\Windows\System\Hmbeypn.exe
  2⤵
  PID:5604
- C:\Windows\System\XmyYqbK.exe
  C:\Windows\System\XmyYqbK.exe
  2⤵
  PID:5608
- C:\Windows\System\HhecCuk.exe
  C:\Windows\System\HhecCuk.exe
  2⤵
  PID:5744
- C:\Windows\System\NWDlUuT.exe
  C:\Windows\System\NWDlUuT.exe
  2⤵
  PID:5908
- C:\Windows\System\DfQvaTd.exe
  C:\Windows\System\DfQvaTd.exe
  2⤵
  PID:6008
- C:\Windows\System\tYceyIs.exe
  C:\Windows\System\tYceyIs.exe
  2⤵
  PID:5960
- C:\Windows\System\wmcBgnO.exe
  C:\Windows\System\wmcBgnO.exe
  2⤵
  PID:4528
- C:\Windows\System\beEkILh.exe
  C:\Windows\System\beEkILh.exe
  2⤵
  PID:3584
- C:\Windows\System\ruZWgGG.exe
  C:\Windows\System\ruZWgGG.exe
  2⤵
  PID:6148
- C:\Windows\System\EYyZFsM.exe
  C:\Windows\System\EYyZFsM.exe
  2⤵
  PID:6164
- C:\Windows\System\BAGTOgk.exe
  C:\Windows\System\BAGTOgk.exe
  2⤵
  PID:6188
- C:\Windows\System\OEtNMQE.exe
  C:\Windows\System\OEtNMQE.exe
  2⤵
  PID:6208
- C:\Windows\System\vRcbErk.exe
  C:\Windows\System\vRcbErk.exe
  2⤵
  PID:6228
- C:\Windows\System\WlRSYpg.exe
  C:\Windows\System\WlRSYpg.exe
  2⤵
  PID:6244
- C:\Windows\System\shFCjHN.exe
  C:\Windows\System\shFCjHN.exe
  2⤵
  PID:6264
- C:\Windows\System\KueHVIK.exe
  C:\Windows\System\KueHVIK.exe
  2⤵
  PID:6288
- C:\Windows\System\yjBOoIq.exe
  C:\Windows\System\yjBOoIq.exe
  2⤵
  PID:6308
- C:\Windows\System\wnsdWtd.exe
  C:\Windows\System\wnsdWtd.exe
  2⤵
  PID:6328
- C:\Windows\System\kUJHoth.exe
  C:\Windows\System\kUJHoth.exe
  2⤵
  PID:6348
- C:\Windows\System\RNwtlbi.exe
  C:\Windows\System\RNwtlbi.exe
  2⤵
  PID:6368
- C:\Windows\System\DnvPjrd.exe
  C:\Windows\System\DnvPjrd.exe
  2⤵
  PID:6388
- C:\Windows\System\dOZwNqO.exe
  C:\Windows\System\dOZwNqO.exe
  2⤵
  PID:6408
- C:\Windows\System\rrPRzMs.exe
  C:\Windows\System\rrPRzMs.exe
  2⤵
  PID:6428
- C:\Windows\System\DpEptQW.exe
  C:\Windows\System\DpEptQW.exe
  2⤵
  PID:6448
- C:\Windows\System\SkkFWGH.exe
  C:\Windows\System\SkkFWGH.exe
  2⤵
  PID:6464
- C:\Windows\System\kXkCHHh.exe
  C:\Windows\System\kXkCHHh.exe
  2⤵
  PID:6484
- C:\Windows\System\BwpAjHm.exe
  C:\Windows\System\BwpAjHm.exe
  2⤵
  PID:6508
- C:\Windows\System\CzBXOfR.exe
  C:\Windows\System\CzBXOfR.exe
  2⤵
  PID:6528
- C:\Windows\System\GZgNFXn.exe
  C:\Windows\System\GZgNFXn.exe
  2⤵
  PID:6548
- C:\Windows\System\dOBZoki.exe
  C:\Windows\System\dOBZoki.exe
  2⤵
  PID:6564
- C:\Windows\System\gkQMxhb.exe
  C:\Windows\System\gkQMxhb.exe
  2⤵
  PID:6588
- C:\Windows\System\iAWiGeC.exe
  C:\Windows\System\iAWiGeC.exe
  2⤵
  PID:6604
- C:\Windows\System\JluHYlr.exe
  C:\Windows\System\JluHYlr.exe
  2⤵
  PID:6628
- C:\Windows\System\zuYYEJI.exe
  C:\Windows\System\zuYYEJI.exe
  2⤵
  PID:6648
- C:\Windows\System\oMXFjvl.exe
  C:\Windows\System\oMXFjvl.exe
  2⤵
  PID:6668
- C:\Windows\System\HVxZiAQ.exe
  C:\Windows\System\HVxZiAQ.exe
  2⤵
  PID:6688
- C:\Windows\System\kiEaWog.exe
  C:\Windows\System\kiEaWog.exe
  2⤵
  PID:6704
- C:\Windows\System\WTbcKhr.exe
  C:\Windows\System\WTbcKhr.exe
  2⤵
  PID:6724
- C:\Windows\System\NfVJErj.exe
  C:\Windows\System\NfVJErj.exe
  2⤵
  PID:6744
- C:\Windows\System\zRmOuhf.exe
  C:\Windows\System\zRmOuhf.exe
  2⤵
  PID:6764
- C:\Windows\System\zUmhURp.exe
  C:\Windows\System\zUmhURp.exe
  2⤵
  PID:6784
- C:\Windows\System\TeoHcTr.exe
  C:\Windows\System\TeoHcTr.exe
  2⤵
  PID:6804
- C:\Windows\System\vkGqwxF.exe
  C:\Windows\System\vkGqwxF.exe
  2⤵
  PID:6828
- C:\Windows\System\BusaXgF.exe
  C:\Windows\System\BusaXgF.exe
  2⤵
  PID:6848
- C:\Windows\System\oynPqWi.exe
  C:\Windows\System\oynPqWi.exe
  2⤵
  PID:6868
- C:\Windows\System\yDMcEZn.exe
  C:\Windows\System\yDMcEZn.exe
  2⤵
  PID:6888
- C:\Windows\System\fXyNzFO.exe
  C:\Windows\System\fXyNzFO.exe
  2⤵
  PID:6908
- C:\Windows\System\tWysiYA.exe
  C:\Windows\System\tWysiYA.exe
  2⤵
  PID:6928
- C:\Windows\System\TIfNBCL.exe
  C:\Windows\System\TIfNBCL.exe
  2⤵
  PID:6948
- C:\Windows\System\vKizHKm.exe
  C:\Windows\System\vKizHKm.exe
  2⤵
  PID:6964
- C:\Windows\System\kqIMEAW.exe
  C:\Windows\System\kqIMEAW.exe
  2⤵
  PID:6988
- C:\Windows\System\IivppKf.exe
  C:\Windows\System\IivppKf.exe
  2⤵
  PID:7008
- C:\Windows\System\yxundFh.exe
  C:\Windows\System\yxundFh.exe
  2⤵
  PID:7028
- C:\Windows\System\CzwyixL.exe
  C:\Windows\System\CzwyixL.exe
  2⤵
  PID:7052
- C:\Windows\System\qbUDtqc.exe
  C:\Windows\System\qbUDtqc.exe
  2⤵
  PID:7072
- C:\Windows\System\KfHAnAf.exe
  C:\Windows\System\KfHAnAf.exe
  2⤵
  PID:7092
- C:\Windows\System\AMBHUus.exe
  C:\Windows\System\AMBHUus.exe
  2⤵
  PID:7112
- C:\Windows\System\asMKZja.exe
  C:\Windows\System\asMKZja.exe
  2⤵
  PID:7132
- C:\Windows\System\WuZFUGh.exe
  C:\Windows\System\WuZFUGh.exe
  2⤵
  PID:7152
- C:\Windows\System\yMpZQqN.exe
  C:\Windows\System\yMpZQqN.exe
  2⤵
  PID:5424
- C:\Windows\System\omuJUqK.exe
  C:\Windows\System\omuJUqK.exe
  2⤵
  PID:5224
- C:\Windows\System\UWfnMrn.exe
  C:\Windows\System\UWfnMrn.exe
  2⤵
  PID:5364
- C:\Windows\System\QHseauJ.exe
  C:\Windows\System\QHseauJ.exe
  2⤵
  PID:5532
- C:\Windows\System\iyMcIgJ.exe
  C:\Windows\System\iyMcIgJ.exe
  2⤵
  PID:5692
- C:\Windows\System\IuKIXDU.exe
  C:\Windows\System\IuKIXDU.exe
  2⤵
  PID:5648
- C:\Windows\System\ONYnRCV.exe
  C:\Windows\System\ONYnRCV.exe
  2⤵
  PID:5984
- C:\Windows\System\XOCAuyU.exe
  C:\Windows\System\XOCAuyU.exe
  2⤵
  PID:6124
- C:\Windows\System\XrMbTXV.exe
  C:\Windows\System\XrMbTXV.exe
  2⤵
  PID:6180
- C:\Windows\System\gqeDBHG.exe
  C:\Windows\System\gqeDBHG.exe
  2⤵
  PID:6176
- C:\Windows\System\EUreyob.exe
  C:\Windows\System\EUreyob.exe
  2⤵
  PID:6252
- C:\Windows\System\oYhfmBr.exe
  C:\Windows\System\oYhfmBr.exe
  2⤵
  PID:6276
- C:\Windows\System\IJxxHOp.exe
  C:\Windows\System\IJxxHOp.exe
  2⤵
  PID:6304
- C:\Windows\System\sIvQZsE.exe
  C:\Windows\System\sIvQZsE.exe
  2⤵
  PID:6336
- C:\Windows\System\FLKpPuA.exe
  C:\Windows\System\FLKpPuA.exe
  2⤵
  PID:6380
- C:\Windows\System\FFGLFGe.exe
  C:\Windows\System\FFGLFGe.exe
  2⤵
  PID:6360
- C:\Windows\System\SSdAFFI.exe
  C:\Windows\System\SSdAFFI.exe
  2⤵
  PID:6400
- C:\Windows\System\LSbSVIh.exe
  C:\Windows\System\LSbSVIh.exe
  2⤵
  PID:6460
- C:\Windows\System\kflPkrl.exe
  C:\Windows\System\kflPkrl.exe
  2⤵
  PID:6504
- C:\Windows\System\piTUPPF.exe
  C:\Windows\System\piTUPPF.exe
  2⤵
  PID:6540
- C:\Windows\System\lmBSzvu.exe
  C:\Windows\System\lmBSzvu.exe
  2⤵
  PID:6520
- C:\Windows\System\QdoHqSz.exe
  C:\Windows\System\QdoHqSz.exe
  2⤵
  PID:6616
- C:\Windows\System\vIYXZkU.exe
  C:\Windows\System\vIYXZkU.exe
  2⤵
  PID:6664
- C:\Windows\System\dqESBPQ.exe
  C:\Windows\System\dqESBPQ.exe
  2⤵
  PID:6660
- C:\Windows\System\soOcmYi.exe
  C:\Windows\System\soOcmYi.exe
  2⤵
  PID:6676
- C:\Windows\System\SWBxXdq.exe
  C:\Windows\System\SWBxXdq.exe
  2⤵
  PID:6736
- C:\Windows\System\bputsbn.exe
  C:\Windows\System\bputsbn.exe
  2⤵
  PID:6720
- C:\Windows\System\mayGgio.exe
  C:\Windows\System\mayGgio.exe
  2⤵
  PID:6812
- C:\Windows\System\cncTNYP.exe
  C:\Windows\System\cncTNYP.exe
  2⤵
  PID:6856
- C:\Windows\System\oDBaMzg.exe
  C:\Windows\System\oDBaMzg.exe
  2⤵
  PID:6836
- C:\Windows\System\ytQbuGp.exe
  C:\Windows\System\ytQbuGp.exe
  2⤵
  PID:6840
- C:\Windows\System\JrZDHeh.exe
  C:\Windows\System\JrZDHeh.exe
  2⤵
  PID:6880
- C:\Windows\System\uGRaZIp.exe
  C:\Windows\System\uGRaZIp.exe
  2⤵
  PID:6944
- C:\Windows\System\adHdOtE.exe
  C:\Windows\System\adHdOtE.exe
  2⤵
  PID:6980
- C:\Windows\System\zQEBwNc.exe
  C:\Windows\System\zQEBwNc.exe
  2⤵
  PID:7020
- C:\Windows\System\tENXNCj.exe
  C:\Windows\System\tENXNCj.exe
  2⤵
  PID:7064
- C:\Windows\System\pSYNMym.exe
  C:\Windows\System\pSYNMym.exe
  2⤵
  PID:6996
- C:\Windows\System\yWUlBVz.exe
  C:\Windows\System\yWUlBVz.exe
  2⤵
  PID:7080
- C:\Windows\System\nCSdJao.exe
  C:\Windows\System\nCSdJao.exe
  2⤵
  PID:7144
- C:\Windows\System\WEzRSWq.exe
  C:\Windows\System\WEzRSWq.exe
  2⤵
  PID:5428
- C:\Windows\System\ioiLEDY.exe
  C:\Windows\System\ioiLEDY.exe
  2⤵
  PID:7120
- C:\Windows\System\fGJwenp.exe
  C:\Windows\System\fGJwenp.exe
  2⤵
  PID:6044
- C:\Windows\System\IvYYPfJ.exe
  C:\Windows\System\IvYYPfJ.exe
  2⤵
  PID:6300
- C:\Windows\System\NaJcQPQ.exe
  C:\Windows\System\NaJcQPQ.exe
  2⤵
  PID:5824
- C:\Windows\System\SEYnFZl.exe
  C:\Windows\System\SEYnFZl.exe
  2⤵
  PID:6364
- C:\Windows\System\eysTcDb.exe
  C:\Windows\System\eysTcDb.exe
  2⤵
  PID:4272
- C:\Windows\System\jpiAepN.exe
  C:\Windows\System\jpiAepN.exe
  2⤵
  PID:6420
- C:\Windows\System\KnRyYhv.exe
  C:\Windows\System\KnRyYhv.exe
  2⤵
  PID:6296
- C:\Windows\System\oMHCFLA.exe
  C:\Windows\System\oMHCFLA.exe
  2⤵
  PID:6444
- C:\Windows\System\KGHumZR.exe
  C:\Windows\System\KGHumZR.exe
  2⤵
  PID:6440
- C:\Windows\System\eDkseam.exe
  C:\Windows\System\eDkseam.exe
  2⤵
  PID:6620
- C:\Windows\System\rchDWWU.exe
  C:\Windows\System\rchDWWU.exe
  2⤵
  PID:6680
- C:\Windows\System\hkoxdeF.exe
  C:\Windows\System\hkoxdeF.exe
  2⤵
  PID:6776
- C:\Windows\System\dvNsMhT.exe
  C:\Windows\System\dvNsMhT.exe
  2⤵
  PID:6572
- C:\Windows\System\bAiEoLV.exe
  C:\Windows\System\bAiEoLV.exe
  2⤵
  PID:6972
- C:\Windows\System\ufPuryn.exe
  C:\Windows\System\ufPuryn.exe
  2⤵
  PID:6560
- C:\Windows\System\drNHJjE.exe
  C:\Windows\System\drNHJjE.exe
  2⤵
  PID:6716
- C:\Windows\System\KhDzPnA.exe
  C:\Windows\System\KhDzPnA.exe
  2⤵
  PID:5284
- C:\Windows\System\ovwkHIf.exe
  C:\Windows\System\ovwkHIf.exe
  2⤵
  PID:6752
- C:\Windows\System\CIPSpzA.exe
  C:\Windows\System\CIPSpzA.exe
  2⤵
  PID:6844
- C:\Windows\System\llRCbdy.exe
  C:\Windows\System\llRCbdy.exe
  2⤵
  PID:6920
- C:\Windows\System\TxrXlPS.exe
  C:\Windows\System\TxrXlPS.exe
  2⤵
  PID:7040
- C:\Windows\System\ryVXsXw.exe
  C:\Windows\System\ryVXsXw.exe
  2⤵
  PID:6240
- C:\Windows\System\SyXpdOf.exe
  C:\Windows\System\SyXpdOf.exe
  2⤵
  PID:6600
- C:\Windows\System\KkMpPkB.exe
  C:\Windows\System\KkMpPkB.exe
  2⤵
  PID:6516
- C:\Windows\System\HyulxFB.exe
  C:\Windows\System\HyulxFB.exe
  2⤵
  PID:5928
- C:\Windows\System\EnqaOHd.exe
  C:\Windows\System\EnqaOHd.exe
  2⤵
  PID:7016
- C:\Windows\System\neTdCFX.exe
  C:\Windows\System\neTdCFX.exe
  2⤵
  PID:6976
- C:\Windows\System\BNpxPam.exe
  C:\Windows\System\BNpxPam.exe
  2⤵
  PID:6256
- C:\Windows\System\BseclTH.exe
  C:\Windows\System\BseclTH.exe
  2⤵
  PID:7044
- C:\Windows\System\jbptwZl.exe
  C:\Windows\System\jbptwZl.exe
  2⤵
  PID:6376
- C:\Windows\System\MeGPsMi.exe
  C:\Windows\System\MeGPsMi.exe
  2⤵
  PID:6864
- C:\Windows\System\sRFwTKx.exe
  C:\Windows\System\sRFwTKx.exe
  2⤵
  PID:7024
- C:\Windows\System\IbOjrxb.exe
  C:\Windows\System\IbOjrxb.exe
  2⤵
  PID:6316
- C:\Windows\System\SZmDTDU.exe
  C:\Windows\System\SZmDTDU.exe
  2⤵
  PID:6396
- C:\Windows\System\NYIUQYQ.exe
  C:\Windows\System\NYIUQYQ.exe
  2⤵
  PID:6876
- C:\Windows\System\mbZzGyz.exe
  C:\Windows\System\mbZzGyz.exe
  2⤵
  PID:6824
- C:\Windows\System\OEpVhqM.exe
  C:\Windows\System\OEpVhqM.exe
  2⤵
  PID:6936
- C:\Windows\System\haEuQRp.exe
  C:\Windows\System\haEuQRp.exe
  2⤵
  PID:6712
- C:\Windows\System\bQDsOYX.exe
  C:\Windows\System\bQDsOYX.exe
  2⤵
  PID:6760
- C:\Windows\System\tliVwZK.exe
  C:\Windows\System\tliVwZK.exe
  2⤵
  PID:6156
- C:\Windows\System\waIpJPS.exe
  C:\Windows\System\waIpJPS.exe
  2⤵
  PID:6272
- C:\Windows\System\mnyeBIm.exe
  C:\Windows\System\mnyeBIm.exe
  2⤵
  PID:5472
- C:\Windows\System\AXXmmlG.exe
  C:\Windows\System\AXXmmlG.exe
  2⤵
  PID:5872
- C:\Windows\System\BUHBdPM.exe
  C:\Windows\System\BUHBdPM.exe
  2⤵
  PID:7188
- C:\Windows\System\NcQPOev.exe
  C:\Windows\System\NcQPOev.exe
  2⤵
  PID:7208
- C:\Windows\System\PXQWQwn.exe
  C:\Windows\System\PXQWQwn.exe
  2⤵
  PID:7272
- C:\Windows\System\FtrPHtS.exe
  C:\Windows\System\FtrPHtS.exe
  2⤵
  PID:7292
- C:\Windows\System\TcIxhRk.exe
  C:\Windows\System\TcIxhRk.exe
  2⤵
  PID:7308
- C:\Windows\System\yMFfTth.exe
  C:\Windows\System\yMFfTth.exe
  2⤵
  PID:7332
- C:\Windows\System\NxARSgn.exe
  C:\Windows\System\NxARSgn.exe
  2⤵
  PID:7348
- C:\Windows\System\ylcTOJV.exe
  C:\Windows\System\ylcTOJV.exe
  2⤵
  PID:7364
- C:\Windows\System\aoolxqw.exe
  C:\Windows\System\aoolxqw.exe
  2⤵
  PID:7388
- C:\Windows\System\FnaqcAj.exe
  C:\Windows\System\FnaqcAj.exe
  2⤵
  PID:7404
- C:\Windows\System\uCXxdHJ.exe
  C:\Windows\System\uCXxdHJ.exe
  2⤵
  PID:7460
- C:\Windows\System\NfaYBHG.exe
  C:\Windows\System\NfaYBHG.exe
  2⤵
  PID:7476
- C:\Windows\System\CWCDlYh.exe
  C:\Windows\System\CWCDlYh.exe
  2⤵
  PID:7492
- C:\Windows\System\nUgVcWm.exe
  C:\Windows\System\nUgVcWm.exe
  2⤵
  PID:7512
- C:\Windows\System\xIIzSYM.exe
  C:\Windows\System\xIIzSYM.exe
  2⤵
  PID:7528
- C:\Windows\System\sMCaRxc.exe
  C:\Windows\System\sMCaRxc.exe
  2⤵
  PID:7548
- C:\Windows\System\VqBchaj.exe
  C:\Windows\System\VqBchaj.exe
  2⤵
  PID:7564
- C:\Windows\System\CpCukrG.exe
  C:\Windows\System\CpCukrG.exe
  2⤵
  PID:7580
- C:\Windows\System\NdiZGcV.exe
  C:\Windows\System\NdiZGcV.exe
  2⤵
  PID:7600
- C:\Windows\System\QSMHuEZ.exe
  C:\Windows\System\QSMHuEZ.exe
  2⤵
  PID:7616
- C:\Windows\System\cBHvjyi.exe
  C:\Windows\System\cBHvjyi.exe
  2⤵
  PID:7632
- C:\Windows\System\zZMdqiD.exe
  C:\Windows\System\zZMdqiD.exe
  2⤵
  PID:7648
- C:\Windows\System\HFizifN.exe
  C:\Windows\System\HFizifN.exe
  2⤵
  PID:7668
- C:\Windows\System\vsQzngO.exe
  C:\Windows\System\vsQzngO.exe
  2⤵
  PID:7684
- C:\Windows\System\zeKkUud.exe
  C:\Windows\System\zeKkUud.exe
  2⤵
  PID:7700
- C:\Windows\System\uYCPCNl.exe
  C:\Windows\System\uYCPCNl.exe
  2⤵
  PID:7720
- C:\Windows\System\pwiATZw.exe
  C:\Windows\System\pwiATZw.exe
  2⤵
  PID:7776
- C:\Windows\System\pKIZZxL.exe
  C:\Windows\System\pKIZZxL.exe
  2⤵
  PID:7796
- C:\Windows\System\vUzJBYG.exe
  C:\Windows\System\vUzJBYG.exe
  2⤵
  PID:7820
- C:\Windows\System\eGKeSYd.exe
  C:\Windows\System\eGKeSYd.exe
  2⤵
  PID:7836
- C:\Windows\System\pdNCrXY.exe
  C:\Windows\System\pdNCrXY.exe
  2⤵
  PID:7852
- C:\Windows\System\EzjJRMv.exe
  C:\Windows\System\EzjJRMv.exe
  2⤵
  PID:7868
- C:\Windows\System\WQtWxtn.exe
  C:\Windows\System\WQtWxtn.exe
  2⤵
  PID:7888
- C:\Windows\System\ievUIfH.exe
  C:\Windows\System\ievUIfH.exe
  2⤵
  PID:7912
- C:\Windows\System\YahMVBl.exe
  C:\Windows\System\YahMVBl.exe
  2⤵
  PID:7932
- C:\Windows\System\oxLXMra.exe
  C:\Windows\System\oxLXMra.exe
  2⤵
  PID:7956
- C:\Windows\System\KWEbGeE.exe
  C:\Windows\System\KWEbGeE.exe
  2⤵
  PID:7972
- C:\Windows\System\LBTXkFP.exe
  C:\Windows\System\LBTXkFP.exe
  2⤵
  PID:7996
- C:\Windows\System\xgUAtPX.exe
  C:\Windows\System\xgUAtPX.exe
  2⤵
  PID:8012
- C:\Windows\System\rslywgd.exe
  C:\Windows\System\rslywgd.exe
  2⤵
  PID:8028
- C:\Windows\System\ruZBCTB.exe
  C:\Windows\System\ruZBCTB.exe
  2⤵
  PID:8048
- C:\Windows\System\OcsanDX.exe
  C:\Windows\System\OcsanDX.exe
  2⤵
  PID:8064
- C:\Windows\System\eyFgThb.exe
  C:\Windows\System\eyFgThb.exe
  2⤵
  PID:8084
- C:\Windows\System\iXCHoFn.exe
  C:\Windows\System\iXCHoFn.exe
  2⤵
  PID:8100
- C:\Windows\System\ORYnYWs.exe
  C:\Windows\System\ORYnYWs.exe
  2⤵
  PID:8140
- C:\Windows\System\nYpVuGl.exe
  C:\Windows\System\nYpVuGl.exe
  2⤵
  PID:8160
- C:\Windows\System\LOyHHyX.exe
  C:\Windows\System\LOyHHyX.exe
  2⤵
  PID:6320
- C:\Windows\System\dtxZWgG.exe
  C:\Windows\System\dtxZWgG.exe
  2⤵
  PID:7196
- C:\Windows\System\ecpuexj.exe
  C:\Windows\System\ecpuexj.exe
  2⤵
  PID:3060
- C:\Windows\System\FnXFNrh.exe
  C:\Windows\System\FnXFNrh.exe
  2⤵
  PID:5888
- C:\Windows\System\tgQMfSK.exe
  C:\Windows\System\tgQMfSK.exe
  2⤵
  PID:6476
- C:\Windows\System\TKfADWr.exe
  C:\Windows\System\TKfADWr.exe
  2⤵
  PID:7200
- C:\Windows\System\IgnvhwA.exe
  C:\Windows\System\IgnvhwA.exe
  2⤵
  PID:7216
- C:\Windows\System\JwsTgrh.exe
  C:\Windows\System\JwsTgrh.exe
  2⤵
  PID:2752
- C:\Windows\System\hHnbDJA.exe
  C:\Windows\System\hHnbDJA.exe
  2⤵
  PID:7280
- C:\Windows\System\fYCVNsy.exe
  C:\Windows\System\fYCVNsy.exe
  2⤵
  PID:7320
- C:\Windows\System\FBnIIwc.exe
  C:\Windows\System\FBnIIwc.exe
  2⤵
  PID:2864
- C:\Windows\System\eBoIFfW.exe
  C:\Windows\System\eBoIFfW.exe
  2⤵
  PID:7396
- C:\Windows\System\lPiGKKy.exe
  C:\Windows\System\lPiGKKy.exe
  2⤵
  PID:7420
- C:\Windows\System\mIIMYIO.exe
  C:\Windows\System\mIIMYIO.exe
  2⤵
  PID:1540
- C:\Windows\System\glEpoIj.exe
  C:\Windows\System\glEpoIj.exe
  2⤵
  PID:7472
- C:\Windows\System\rlZgRvE.exe
  C:\Windows\System\rlZgRvE.exe
  2⤵
  PID:7436
- C:\Windows\System\THPjUkZ.exe
  C:\Windows\System\THPjUkZ.exe
  2⤵
  PID:2588
- C:\Windows\System\IuOYpcz.exe
  C:\Windows\System\IuOYpcz.exe
  2⤵
  PID:7644
- C:\Windows\System\wHnoKFC.exe
  C:\Windows\System\wHnoKFC.exe
  2⤵
  PID:7676
- C:\Windows\System\HldsrGW.exe
  C:\Windows\System\HldsrGW.exe
  2⤵
  PID:7592
- C:\Windows\System\haigfJb.exe
  C:\Windows\System\haigfJb.exe
  2⤵
  PID:7692
- C:\Windows\System\waHGjlO.exe
  C:\Windows\System\waHGjlO.exe
  2⤵
  PID:7736
- C:\Windows\System\RNfthwF.exe
  C:\Windows\System\RNfthwF.exe
  2⤵
  PID:7764
- C:\Windows\System\tkptfaU.exe
  C:\Windows\System\tkptfaU.exe
  2⤵
  PID:7804
- C:\Windows\System\aWbqVgG.exe
  C:\Windows\System\aWbqVgG.exe
  2⤵
  PID:7544
- C:\Windows\System\YiFJTFC.exe
  C:\Windows\System\YiFJTFC.exe
  2⤵
  PID:7844
- C:\Windows\System\qtmokle.exe
  C:\Windows\System\qtmokle.exe
  2⤵
  PID:7880
- C:\Windows\System\mMwTZch.exe
  C:\Windows\System\mMwTZch.exe
  2⤵
  PID:2348
- C:\Windows\System\LXcyTZS.exe
  C:\Windows\System\LXcyTZS.exe
  2⤵
  PID:7952
- C:\Windows\System\wAvPlIW.exe
  C:\Windows\System\wAvPlIW.exe
  2⤵
  PID:8008
- C:\Windows\System\ekYFTPr.exe
  C:\Windows\System\ekYFTPr.exe
  2⤵
  PID:8036
- C:\Windows\System\iaAKQfc.exe
  C:\Windows\System\iaAKQfc.exe
  2⤵
  PID:8076
- C:\Windows\System\aZoCtLm.exe
  C:\Windows\System\aZoCtLm.exe
  2⤵
  PID:2636
- C:\Windows\System\saklhhh.exe
  C:\Windows\System\saklhhh.exe
  2⤵
  PID:8024
- C:\Windows\System\yqITGME.exe
  C:\Windows\System\yqITGME.exe
  2⤵
  PID:8096
- C:\Windows\System\msdRdgr.exe
  C:\Windows\System\msdRdgr.exe
  2⤵
  PID:8168
- C:\Windows\System\UgYGbXW.exe
  C:\Windows\System\UgYGbXW.exe
  2⤵
  PID:8180
- C:\Windows\System\qRJOkVP.exe
  C:\Windows\System\qRJOkVP.exe
  2⤵
  PID:5184
- C:\Windows\System\zWZJMkO.exe
  C:\Windows\System\zWZJMkO.exe
  2⤵
  PID:7048
- C:\Windows\System\hcqbNDd.exe
  C:\Windows\System\hcqbNDd.exe
  2⤵
  PID:6424
- C:\Windows\System\JMRTeDI.exe
  C:\Windows\System\JMRTeDI.exe
  2⤵
  PID:7184
- C:\Windows\System\mNRXiLA.exe
  C:\Windows\System\mNRXiLA.exe
  2⤵
  PID:1780
- C:\Windows\System\drZiCIh.exe
  C:\Windows\System\drZiCIh.exe
  2⤵
  PID:2632
- C:\Windows\System\cTJZihM.exe
  C:\Windows\System\cTJZihM.exe
  2⤵
  PID:2240
- C:\Windows\System\txNowan.exe
  C:\Windows\System\txNowan.exe
  2⤵
  PID:7344
- C:\Windows\System\XXviQbt.exe
  C:\Windows\System\XXviQbt.exe
  2⤵
  PID:7372
- C:\Windows\System\CVLxCJn.exe
  C:\Windows\System\CVLxCJn.exe
  2⤵
  PID:7500
- C:\Windows\System\otUpysF.exe
  C:\Windows\System\otUpysF.exe
  2⤵
  PID:7656
- C:\Windows\System\gEqSwWU.exe
  C:\Windows\System\gEqSwWU.exe
  2⤵
  PID:7560
- C:\Windows\System\LmcTUvy.exe
  C:\Windows\System\LmcTUvy.exe
  2⤵
  PID:7728
- C:\Windows\System\Fgdjrph.exe
  C:\Windows\System\Fgdjrph.exe
  2⤵
  PID:7756
- C:\Windows\System\TvqmakY.exe
  C:\Windows\System\TvqmakY.exe
  2⤵
  PID:7732
- C:\Windows\System\iOWpZVJ.exe
  C:\Windows\System\iOWpZVJ.exe
  2⤵
  PID:7540
- C:\Windows\System\VwfBDPH.exe
  C:\Windows\System\VwfBDPH.exe
  2⤵
  PID:2276
- C:\Windows\System\SeDKWZi.exe
  C:\Windows\System\SeDKWZi.exe
  2⤵
  PID:7832
- C:\Windows\System\iraDmMa.exe
  C:\Windows\System\iraDmMa.exe
  2⤵
  PID:7940
- C:\Windows\System\WFZWVwV.exe
  C:\Windows\System\WFZWVwV.exe
  2⤵
  PID:7928
- C:\Windows\System\mDllfDu.exe
  C:\Windows\System\mDllfDu.exe
  2⤵
  PID:7984
- C:\Windows\System\SVlbhXR.exe
  C:\Windows\System\SVlbhXR.exe
  2⤵
  PID:7908
- C:\Windows\System\FcfeDeu.exe
  C:\Windows\System\FcfeDeu.exe
  2⤵
  PID:2212
- C:\Windows\System\mTjipXD.exe
  C:\Windows\System\mTjipXD.exe
  2⤵
  PID:7988
- C:\Windows\System\dpOAsjS.exe
  C:\Windows\System\dpOAsjS.exe
  2⤵
  PID:8188
- C:\Windows\System\xHsvLiF.exe
  C:\Windows\System\xHsvLiF.exe
  2⤵
  PID:7948
- C:\Windows\System\BhimLIR.exe
  C:\Windows\System\BhimLIR.exe
  2⤵
  PID:5792
- C:\Windows\System\aBGxJoy.exe
  C:\Windows\System\aBGxJoy.exe
  2⤵
  PID:7204
- C:\Windows\System\ArBgCtu.exe
  C:\Windows\System\ArBgCtu.exe
  2⤵
  PID:2956
- C:\Windows\System\ldEkhOw.exe
  C:\Windows\System\ldEkhOw.exe
  2⤵
  PID:7748
- C:\Windows\System\xzglvWK.exe
  C:\Windows\System\xzglvWK.exe
  2⤵
  PID:7484
- C:\Windows\System\CJuHVfc.exe
  C:\Windows\System\CJuHVfc.exe
  2⤵
  PID:7608
- C:\Windows\System\XLhDQCa.exe
  C:\Windows\System\XLhDQCa.exe
  2⤵
  PID:7708
- C:\Windows\System\coOMJam.exe
  C:\Windows\System\coOMJam.exe
  2⤵
  PID:7876
- C:\Windows\System\PcxraLQ.exe
  C:\Windows\System\PcxraLQ.exe
  2⤵
  PID:1960
- C:\Windows\System\yWAhYKf.exe
  C:\Windows\System\yWAhYKf.exe
  2⤵
  PID:6740
- C:\Windows\System\HXXjalw.exe
  C:\Windows\System\HXXjalw.exe
  2⤵
  PID:2948
- C:\Windows\System\bpUeKjb.exe
  C:\Windows\System\bpUeKjb.exe
  2⤵
  PID:6052
- C:\Windows\System\rrrVgXr.exe
  C:\Windows\System\rrrVgXr.exe
  2⤵
  PID:2116
- C:\Windows\System\QQirPnU.exe
  C:\Windows\System\QQirPnU.exe
  2⤵
  PID:7860
- C:\Windows\System\AeKWIAw.exe
  C:\Windows\System\AeKWIAw.exe
  2⤵
  PID:7992
- C:\Windows\System\ebGWGaf.exe
  C:\Windows\System\ebGWGaf.exe
  2⤵
  PID:7744
- C:\Windows\System\TUbsAUr.exe
  C:\Windows\System\TUbsAUr.exe
  2⤵
  PID:7508
- C:\Windows\System\wJQvIva.exe
  C:\Windows\System\wJQvIva.exe
  2⤵
  PID:7556
- C:\Windows\System\plsuvMR.exe
  C:\Windows\System\plsuvMR.exe
  2⤵
  PID:1704
- C:\Windows\System\XEDTGTV.exe
  C:\Windows\System\XEDTGTV.exe
  2⤵
  PID:7964
- C:\Windows\System\juKrKVD.exe
  C:\Windows\System\juKrKVD.exe
  2⤵
  PID:7220
- C:\Windows\System\csurdSk.exe
  C:\Windows\System\csurdSk.exe
  2⤵
  PID:2000
- C:\Windows\System\ATsfgMZ.exe
  C:\Windows\System\ATsfgMZ.exe
  2⤵
  PID:7904
- C:\Windows\System\bcrqvik.exe
  C:\Windows\System\bcrqvik.exe
  2⤵
  PID:7176
- C:\Windows\System\AkyzOEg.exe
  C:\Windows\System\AkyzOEg.exe
  2⤵
  PID:2896
- C:\Windows\System\adKVljL.exe
  C:\Windows\System\adKVljL.exe
  2⤵
  PID:596
- C:\Windows\System\crYyEiD.exe
  C:\Windows\System\crYyEiD.exe
  2⤵
  PID:7576
- C:\Windows\System\gouqfNw.exe
  C:\Windows\System\gouqfNw.exe
  2⤵
  PID:7784
- C:\Windows\System\umfXsXC.exe
  C:\Windows\System\umfXsXC.exe
  2⤵
  PID:6612
- C:\Windows\System\CKzwpIY.exe
  C:\Windows\System\CKzwpIY.exe
  2⤵
  PID:8176
- C:\Windows\System\jbZpSXw.exe
  C:\Windows\System\jbZpSXw.exe
  2⤵
  PID:8080
- C:\Windows\System\hXDeHpv.exe
  C:\Windows\System\hXDeHpv.exe
  2⤵
  PID:7624
- C:\Windows\System\bnaCJha.exe
  C:\Windows\System\bnaCJha.exe
  2⤵
  PID:884
- C:\Windows\System\rWBIylz.exe
  C:\Windows\System\rWBIylz.exe
  2⤵
  PID:7468
- C:\Windows\System\uvWxhmP.exe
  C:\Windows\System\uvWxhmP.exe
  2⤵
  PID:2832
- C:\Windows\System\NRZrHnW.exe
  C:\Windows\System\NRZrHnW.exe
  2⤵
  PID:2740
- C:\Windows\System\yJkOHBr.exe
  C:\Windows\System\yJkOHBr.exe
  2⤵
  PID:7900
- C:\Windows\System\JelDLTr.exe
  C:\Windows\System\JelDLTr.exe
  2⤵
  PID:1492
- C:\Windows\System\nBXAMZP.exe
  C:\Windows\System\nBXAMZP.exe
  2⤵
  PID:8196
- C:\Windows\System\dlgpOFN.exe
  C:\Windows\System\dlgpOFN.exe
  2⤵
  PID:8212
- C:\Windows\System\IumGhCY.exe
  C:\Windows\System\IumGhCY.exe
  2⤵
  PID:8228
- C:\Windows\System\mbUSUWi.exe
  C:\Windows\System\mbUSUWi.exe
  2⤵
  PID:8272
- C:\Windows\System\XGlShWD.exe
  C:\Windows\System\XGlShWD.exe
  2⤵
  PID:8292
- C:\Windows\System\KrUDofW.exe
  C:\Windows\System\KrUDofW.exe
  2⤵
  PID:8312
- C:\Windows\System\nUFJrVn.exe
  C:\Windows\System\nUFJrVn.exe
  2⤵
  PID:8328
- C:\Windows\System\GlKRtoj.exe
  C:\Windows\System\GlKRtoj.exe
  2⤵
  PID:8344
- C:\Windows\System\BFPpVMe.exe
  C:\Windows\System\BFPpVMe.exe
  2⤵
  PID:8360
- C:\Windows\System\UXvcFBm.exe
  C:\Windows\System\UXvcFBm.exe
  2⤵
  PID:8404
- C:\Windows\System\rWgEVyu.exe
  C:\Windows\System\rWgEVyu.exe
  2⤵
  PID:8420
- C:\Windows\System\rMkJUFr.exe
  C:\Windows\System\rMkJUFr.exe
  2⤵
  PID:8436
- C:\Windows\System\XhXpqAi.exe
  C:\Windows\System\XhXpqAi.exe
  2⤵
  PID:8452
- C:\Windows\System\KiogamU.exe
  C:\Windows\System\KiogamU.exe
  2⤵
  PID:8468
- C:\Windows\System\TJmDOYh.exe
  C:\Windows\System\TJmDOYh.exe
  2⤵
  PID:8484
- C:\Windows\System\fxaWthW.exe
  C:\Windows\System\fxaWthW.exe
  2⤵
  PID:8500
- C:\Windows\System\TYIdHWz.exe
  C:\Windows\System\TYIdHWz.exe
  2⤵
  PID:8520
- C:\Windows\System\ujfanXf.exe
  C:\Windows\System\ujfanXf.exe
  2⤵
  PID:8536
- C:\Windows\System\LkPbrpK.exe
  C:\Windows\System\LkPbrpK.exe
  2⤵
  PID:8552
- C:\Windows\System\qReLCxd.exe
  C:\Windows\System\qReLCxd.exe
  2⤵
  PID:8568
- C:\Windows\System\eSfBOjo.exe
  C:\Windows\System\eSfBOjo.exe
  2⤵
  PID:8584
- C:\Windows\System\yErWsLC.exe
  C:\Windows\System\yErWsLC.exe
  2⤵
  PID:8600
- C:\Windows\System\blutZZB.exe
  C:\Windows\System\blutZZB.exe
  2⤵
  PID:8628
- C:\Windows\System\MOMjeav.exe
  C:\Windows\System\MOMjeav.exe
  2⤵
  PID:8644
- C:\Windows\System\oIqGGAo.exe
  C:\Windows\System\oIqGGAo.exe
  2⤵
  PID:8660
- C:\Windows\System\oqxNzKZ.exe
  C:\Windows\System\oqxNzKZ.exe
  2⤵
  PID:8676
- C:\Windows\System\dCBKzbq.exe
  C:\Windows\System\dCBKzbq.exe
  2⤵
  PID:8696
- C:\Windows\System\FtEWpxt.exe
  C:\Windows\System\FtEWpxt.exe
  2⤵
  PID:8716
- C:\Windows\System\poPbNiq.exe
  C:\Windows\System\poPbNiq.exe
  2⤵
  PID:8732
- C:\Windows\System\NONRnTS.exe
  C:\Windows\System\NONRnTS.exe
  2⤵
  PID:8748
- C:\Windows\System\UtqoKER.exe
  C:\Windows\System\UtqoKER.exe
  2⤵
  PID:8772
- C:\Windows\System\PgraHWe.exe
  C:\Windows\System\PgraHWe.exe
  2⤵
  PID:8788
- C:\Windows\System\meTAfOI.exe
  C:\Windows\System\meTAfOI.exe
  2⤵
  PID:8804
- C:\Windows\System\UxlHmHr.exe
  C:\Windows\System\UxlHmHr.exe
  2⤵
  PID:8820
- C:\Windows\System\rwxzWIX.exe
  C:\Windows\System\rwxzWIX.exe
  2⤵
  PID:8836
- C:\Windows\System\gXBFLzY.exe
  C:\Windows\System\gXBFLzY.exe
  2⤵
  PID:8856
- C:\Windows\System\hlWxqXI.exe
  C:\Windows\System\hlWxqXI.exe
  2⤵
  PID:8940
- C:\Windows\System\CtYrrvq.exe
  C:\Windows\System\CtYrrvq.exe
  2⤵
  PID:8960
- C:\Windows\System\XWDYAzL.exe
  C:\Windows\System\XWDYAzL.exe
  2⤵
  PID:8992
- C:\Windows\System\UUAvDma.exe
  C:\Windows\System\UUAvDma.exe
  2⤵
  PID:9008
- C:\Windows\System\mIEOezo.exe
  C:\Windows\System\mIEOezo.exe
  2⤵
  PID:9024
- C:\Windows\System\UNFeuIy.exe
  C:\Windows\System\UNFeuIy.exe
  2⤵
  PID:9040
- C:\Windows\System\FVFTwym.exe
  C:\Windows\System\FVFTwym.exe
  2⤵
  PID:9056
- C:\Windows\System\BjLMuBW.exe
  C:\Windows\System\BjLMuBW.exe
  2⤵
  PID:9072
- C:\Windows\System\RWYBVdb.exe
  C:\Windows\System\RWYBVdb.exe
  2⤵
  PID:9088
- C:\Windows\System\xEkKyLg.exe
  C:\Windows\System\xEkKyLg.exe
  2⤵
  PID:9104
- C:\Windows\System\sRoNqKD.exe
  C:\Windows\System\sRoNqKD.exe
  2⤵
  PID:9120
- C:\Windows\System\RJFKjqt.exe
  C:\Windows\System\RJFKjqt.exe
  2⤵
  PID:9136
- C:\Windows\System\nSZTDbD.exe
  C:\Windows\System\nSZTDbD.exe
  2⤵
  PID:9152
- C:\Windows\System\FbTKbIa.exe
  C:\Windows\System\FbTKbIa.exe
  2⤵
  PID:9168
- C:\Windows\System\ynvNJTg.exe
  C:\Windows\System\ynvNJTg.exe
  2⤵
  PID:9184
- C:\Windows\System\zUZbvtr.exe
  C:\Windows\System\zUZbvtr.exe
  2⤵
  PID:9200
- C:\Windows\System\xbGwsxZ.exe
  C:\Windows\System\xbGwsxZ.exe
  2⤵
  PID:2236
- C:\Windows\System\QGalVWg.exe
  C:\Windows\System\QGalVWg.exe
  2⤵
  PID:2924
- C:\Windows\System\uOSodFq.exe
  C:\Windows\System\uOSodFq.exe
  2⤵
  PID:7864
- C:\Windows\System\vZSRGkj.exe
  C:\Windows\System\vZSRGkj.exe
  2⤵
  PID:8340
- C:\Windows\System\CzQQtil.exe
  C:\Windows\System\CzQQtil.exe
  2⤵
  PID:8368
- C:\Windows\System\AuGWEaO.exe
  C:\Windows\System\AuGWEaO.exe
  2⤵
  PID:8372
- C:\Windows\System\ubrCtEq.exe
  C:\Windows\System\ubrCtEq.exe
  2⤵
  PID:8388
- C:\Windows\System\wVucNaf.exe
  C:\Windows\System\wVucNaf.exe
  2⤵
  PID:8396
- C:\Windows\System\iEGUoBW.exe
  C:\Windows\System\iEGUoBW.exe
  2⤵
  PID:3008
- C:\Windows\System\Cbyizzx.exe
  C:\Windows\System\Cbyizzx.exe
  2⤵
  PID:8444
- C:\Windows\System\hTgNPQZ.exe
  C:\Windows\System\hTgNPQZ.exe
  2⤵
  PID:8464
- C:\Windows\System\AzxAnQS.exe
  C:\Windows\System\AzxAnQS.exe
  2⤵
  PID:8532
- C:\Windows\System\EiBsdRD.exe
  C:\Windows\System\EiBsdRD.exe
  2⤵
  PID:8616
- C:\Windows\System\qgozqGL.exe
  C:\Windows\System\qgozqGL.exe
  2⤵
  PID:8624
- C:\Windows\System\NHRMrhk.exe
  C:\Windows\System\NHRMrhk.exe
  2⤵
  PID:8668
- C:\Windows\System\XskfIEv.exe
  C:\Windows\System\XskfIEv.exe
  2⤵
  PID:8672
- C:\Windows\System\WhAenHu.exe
  C:\Windows\System\WhAenHu.exe
  2⤵
  PID:8728
- C:\Windows\System\LuYNVIX.exe
  C:\Windows\System\LuYNVIX.exe
  2⤵
  PID:8764
- C:\Windows\System\EqmPqIE.exe
  C:\Windows\System\EqmPqIE.exe
  2⤵
  PID:8852
- C:\Windows\System\hZeyxEU.exe
  C:\Windows\System\hZeyxEU.exe
  2⤵
  PID:8740
- C:\Windows\System\yQIavdu.exe
  C:\Windows\System\yQIavdu.exe
  2⤵
  PID:8784
- C:\Windows\System\yugoWjM.exe
  C:\Windows\System\yugoWjM.exe
  2⤵
  PID:8876
- C:\Windows\System\wnGYEFP.exe
  C:\Windows\System\wnGYEFP.exe
  2⤵
  PID:8916
- C:\Windows\System\ueXNFqs.exe
  C:\Windows\System\ueXNFqs.exe
  2⤵
  PID:8896
- C:\Windows\System\JakAIir.exe
  C:\Windows\System\JakAIir.exe
  2⤵
  PID:8984
- C:\Windows\System\UARucVU.exe
  C:\Windows\System\UARucVU.exe
  2⤵
  PID:9004
- C:\Windows\System\soqKLcw.exe
  C:\Windows\System\soqKLcw.exe
  2⤵
  PID:9068
- C:\Windows\System\NAJPZbw.exe
  C:\Windows\System\NAJPZbw.exe
  2⤵
  PID:9132
- C:\Windows\System\TlmQgIC.exe
  C:\Windows\System\TlmQgIC.exe
  2⤵
  PID:8208
- C:\Windows\System\xpURdwi.exe
  C:\Windows\System\xpURdwi.exe
  2⤵
  PID:9116
- C:\Windows\System\FFSoAKz.exe
  C:\Windows\System\FFSoAKz.exe
  2⤵
  PID:9048
- C:\Windows\System\fpwlNhU.exe
  C:\Windows\System\fpwlNhU.exe
  2⤵
  PID:9192
- C:\Windows\System\YToJwsv.exe
  C:\Windows\System\YToJwsv.exe
  2⤵
  PID:8092
- C:\Windows\System\UqnUaxU.exe
  C:\Windows\System\UqnUaxU.exe
  2⤵
  PID:8220
- C:\Windows\System\tnVJIWh.exe
  C:\Windows\System\tnVJIWh.exe
  2⤵
  PID:8244
- C:\Windows\System\zsoRYvY.exe
  C:\Windows\System\zsoRYvY.exe
  2⤵
  PID:7432
- C:\Windows\System\awjHOxw.exe
  C:\Windows\System\awjHOxw.exe
  2⤵
  PID:8380
- C:\Windows\System\vPypJAT.exe
  C:\Windows\System\vPypJAT.exe
  2⤵
  PID:8428
- C:\Windows\System\yCgXzSs.exe
  C:\Windows\System\yCgXzSs.exe
  2⤵
  PID:2232
- C:\Windows\System\PXpNqya.exe
  C:\Windows\System\PXpNqya.exe
  2⤵
  PID:8476
- C:\Windows\System\wAFzYJH.exe
  C:\Windows\System\wAFzYJH.exe
  2⤵
  PID:8596
- C:\Windows\System\eRIuVSd.exe
  C:\Windows\System\eRIuVSd.exe
  2⤵
  PID:8548
- C:\Windows\System\vHEYHJz.exe
  C:\Windows\System\vHEYHJz.exe
  2⤵
  PID:8620
- C:\Windows\System\neCZpqg.exe
  C:\Windows\System\neCZpqg.exe
  2⤵
  PID:8768
- C:\Windows\System\oxyjTNg.exe
  C:\Windows\System\oxyjTNg.exe
  2⤵
  PID:8848
- C:\Windows\System\kztsRuG.exe
  C:\Windows\System\kztsRuG.exe
  2⤵
  PID:8392
- C:\Windows\System\RmLwPur.exe
  C:\Windows\System\RmLwPur.exe
  2⤵
  PID:8932
- C:\Windows\System\twXnbOP.exe
  C:\Windows\System\twXnbOP.exe
  2⤵
  PID:8844
- C:\Windows\System\NCsyrSP.exe
  C:\Windows\System\NCsyrSP.exe
  2⤵
  PID:8900
- C:\Windows\System\uzyZtXN.exe
  C:\Windows\System\uzyZtXN.exe
  2⤵
  PID:8936
- C:\Windows\System\DicBeFJ.exe
  C:\Windows\System\DicBeFJ.exe
  2⤵
  PID:9064
- C:\Windows\System\anGcAyF.exe
  C:\Windows\System\anGcAyF.exe
  2⤵
  PID:9128
- C:\Windows\System\ffXYBZj.exe
  C:\Windows\System\ffXYBZj.exe
  2⤵
  PID:9052
- C:\Windows\System\mBRXMMn.exe
  C:\Windows\System\mBRXMMn.exe
  2⤵
  PID:8980
- C:\Windows\System\NllnqtW.exe
  C:\Windows\System\NllnqtW.exe
  2⤵
  PID:8288
- C:\Windows\System\lfukWuF.exe
  C:\Windows\System\lfukWuF.exe
  2⤵
  PID:8260
- C:\Windows\System\xLHvfvu.exe
  C:\Windows\System\xLHvfvu.exe
  2⤵
  PID:8308
- C:\Windows\System\AnBiagI.exe
  C:\Windows\System\AnBiagI.exe
  2⤵
  PID:8284
- C:\Windows\System\HUvhZTN.exe
  C:\Windows\System\HUvhZTN.exe
  2⤵
  PID:7428
- C:\Windows\System\cuPBwqq.exe
  C:\Windows\System\cuPBwqq.exe
  2⤵
  PID:8496
- C:\Windows\System\NuvFrtb.exe
  C:\Windows\System\NuvFrtb.exe
  2⤵
  PID:8580
- C:\Windows\System\rvoIgkD.exe
  C:\Windows\System\rvoIgkD.exe
  2⤵
  PID:8816
- C:\Windows\System\ZVyDDrC.exe
  C:\Windows\System\ZVyDDrC.exe
  2⤵
  PID:8652
- C:\Windows\System\uNqKfDF.exe
  C:\Windows\System\uNqKfDF.exe
  2⤵
  PID:9020
- C:\Windows\System\ISvOkgc.exe
  C:\Windows\System\ISvOkgc.exe
  2⤵
  PID:9000
- C:\Windows\System\lQAkXMP.exe
  C:\Windows\System\lQAkXMP.exe
  2⤵
  PID:8592
- C:\Windows\System\CCyQzKM.exe
  C:\Windows\System\CCyQzKM.exe
  2⤵
  PID:8884
- C:\Windows\System\JXeLfNu.exe
  C:\Windows\System\JXeLfNu.exe
  2⤵
  PID:3048
- C:\Windows\System\IHjSWMl.exe
  C:\Windows\System\IHjSWMl.exe
  2⤵
  PID:8280
- C:\Windows\System\izyHnSQ.exe
  C:\Windows\System\izyHnSQ.exe
  2⤵
  PID:8640
- C:\Windows\System\SuzLstB.exe
  C:\Windows\System\SuzLstB.exe
  2⤵
  PID:8336
- C:\Windows\System\keVOxaW.exe
  C:\Windows\System\keVOxaW.exe
  2⤵
  PID:9148
- C:\Windows\System\HPYkCAR.exe
  C:\Windows\System\HPYkCAR.exe
  2⤵
  PID:8688
- C:\Windows\System\hIderQY.exe
  C:\Windows\System\hIderQY.exe
  2⤵
  PID:8300
- C:\Windows\System\QytbZnW.exe
  C:\Windows\System\QytbZnW.exe
  2⤵
  PID:9224
- C:\Windows\System\oLAVmHd.exe
  C:\Windows\System\oLAVmHd.exe
  2⤵
  PID:9240
- C:\Windows\System\oswyIfY.exe
  C:\Windows\System\oswyIfY.exe
  2⤵
  PID:9256
- C:\Windows\System\cpcXMRD.exe
  C:\Windows\System\cpcXMRD.exe
  2⤵
  PID:9272
- C:\Windows\System\PeTmSxQ.exe
  C:\Windows\System\PeTmSxQ.exe
  2⤵
  PID:9288
- C:\Windows\System\UGwqFBO.exe
  C:\Windows\System\UGwqFBO.exe
  2⤵
  PID:9312
- C:\Windows\System\KIZCJhm.exe
  C:\Windows\System\KIZCJhm.exe
  2⤵
  PID:9328
- C:\Windows\System\fEAXKBt.exe
  C:\Windows\System\fEAXKBt.exe
  2⤵
  PID:9344
- C:\Windows\System\akbfreI.exe
  C:\Windows\System\akbfreI.exe
  2⤵
  PID:9360
- C:\Windows\System\eLwCmQl.exe
  C:\Windows\System\eLwCmQl.exe
  2⤵
  PID:9376
- C:\Windows\System\AYuBHxQ.exe
  C:\Windows\System\AYuBHxQ.exe
  2⤵
  PID:9392
- C:\Windows\System\ryOXghw.exe
  C:\Windows\System\ryOXghw.exe
  2⤵
  PID:9408
- C:\Windows\System\nngPfMJ.exe
  C:\Windows\System\nngPfMJ.exe
  2⤵
  PID:9428
- C:\Windows\System\QMGszDV.exe
  C:\Windows\System\QMGszDV.exe
  2⤵
  PID:9452
- C:\Windows\System\piFDaQw.exe
  C:\Windows\System\piFDaQw.exe
  2⤵
  PID:9472
- C:\Windows\System\MRsHeQo.exe
  C:\Windows\System\MRsHeQo.exe
  2⤵
  PID:9492
- C:\Windows\System\bsPjGyi.exe
  C:\Windows\System\bsPjGyi.exe
  2⤵
  PID:9512
- C:\Windows\System\suaYMCu.exe
  C:\Windows\System\suaYMCu.exe
  2⤵
  PID:9536
- C:\Windows\System\AEcpMJg.exe
  C:\Windows\System\AEcpMJg.exe
  2⤵
  PID:9556
- C:\Windows\System\xERiVgo.exe
  C:\Windows\System\xERiVgo.exe
  2⤵
  PID:9576
- C:\Windows\System\hZRQIxY.exe
  C:\Windows\System\hZRQIxY.exe
  2⤵
  PID:9608
- C:\Windows\System\OyrepUe.exe
  C:\Windows\System\OyrepUe.exe
  2⤵
  PID:9628
- C:\Windows\System\EswQmOe.exe
  C:\Windows\System\EswQmOe.exe
  2⤵
  PID:9664
- C:\Windows\System\QzTDAsK.exe
  C:\Windows\System\QzTDAsK.exe
  2⤵
  PID:9692
- C:\Windows\System\eqZcdnd.exe
  C:\Windows\System\eqZcdnd.exe
  2⤵
  PID:9756
- C:\Windows\System\sxGzZFt.exe
  C:\Windows\System\sxGzZFt.exe
  2⤵
  PID:9772
- C:\Windows\System\QBFOXUo.exe
  C:\Windows\System\QBFOXUo.exe
  2⤵
  PID:9788
- C:\Windows\System\uksHhGA.exe
  C:\Windows\System\uksHhGA.exe
  2⤵
  PID:9804
- C:\Windows\System\ZBlrCsy.exe
  C:\Windows\System\ZBlrCsy.exe
  2⤵
  PID:9820
- C:\Windows\System\BGcfddK.exe
  C:\Windows\System\BGcfddK.exe
  2⤵
  PID:9836
- C:\Windows\System\oXZXntQ.exe
  C:\Windows\System\oXZXntQ.exe
  2⤵
  PID:9852
- C:\Windows\System\NYHQndx.exe
  C:\Windows\System\NYHQndx.exe
  2⤵
  PID:9868
- C:\Windows\System\yqXuRiP.exe
  C:\Windows\System\yqXuRiP.exe
  2⤵
  PID:9884
- C:\Windows\System\sMIkuPH.exe
  C:\Windows\System\sMIkuPH.exe
  2⤵
  PID:9900
- C:\Windows\System\vuVwZTD.exe
  C:\Windows\System\vuVwZTD.exe
  2⤵
  PID:9916
- C:\Windows\System\TGhLWpP.exe
  C:\Windows\System\TGhLWpP.exe
  2⤵
  PID:9932
- C:\Windows\System\UUgEzJs.exe
  C:\Windows\System\UUgEzJs.exe
  2⤵
  PID:9948
- C:\Windows\System\dHWzhhK.exe
  C:\Windows\System\dHWzhhK.exe
  2⤵
  PID:9968
- C:\Windows\System\eTYYGnA.exe
  C:\Windows\System\eTYYGnA.exe
  2⤵
  PID:9984
- C:\Windows\System\JFzvlqq.exe
  C:\Windows\System\JFzvlqq.exe
  2⤵
  PID:10000
- C:\Windows\System\uAyFpHm.exe
  C:\Windows\System\uAyFpHm.exe
  2⤵
  PID:10016
- C:\Windows\System\lFiZHzx.exe
  C:\Windows\System\lFiZHzx.exe
  2⤵
  PID:10032
- C:\Windows\System\AAvYOnt.exe
  C:\Windows\System\AAvYOnt.exe
  2⤵
  PID:10048
- C:\Windows\System\DexfvAj.exe
  C:\Windows\System\DexfvAj.exe
  2⤵
  PID:10064
- C:\Windows\System\ypDmJCq.exe
  C:\Windows\System\ypDmJCq.exe
  2⤵
  PID:10080
- C:\Windows\System\VoVNbOL.exe
  C:\Windows\System\VoVNbOL.exe
  2⤵
  PID:10096
- C:\Windows\System\wbJShqi.exe
  C:\Windows\System\wbJShqi.exe
  2⤵
  PID:10112
- C:\Windows\System\xSEuaeB.exe
  C:\Windows\System\xSEuaeB.exe
  2⤵
  PID:10128
- C:\Windows\System\PBmrMAa.exe
  C:\Windows\System\PBmrMAa.exe
  2⤵
  PID:10144
- C:\Windows\System\pRQQVjp.exe
  C:\Windows\System\pRQQVjp.exe
  2⤵
  PID:10176
- C:\Windows\System\LXKYuqZ.exe
  C:\Windows\System\LXKYuqZ.exe
  2⤵
  PID:10192
- C:\Windows\System\ThGAzkC.exe
  C:\Windows\System\ThGAzkC.exe
  2⤵
  PID:10208
- C:\Windows\System\uvYOZof.exe
  C:\Windows\System\uvYOZof.exe
  2⤵
  PID:10224
- C:\Windows\System\ODLUkPO.exe
  C:\Windows\System\ODLUkPO.exe
  2⤵
  PID:8904
- C:\Windows\System\IsyYglE.exe
  C:\Windows\System\IsyYglE.exe
  2⤵
  PID:8516
- C:\Windows\System\DkgDhQQ.exe
  C:\Windows\System\DkgDhQQ.exe
  2⤵
  PID:9016
- C:\Windows\System\pgvqriA.exe
  C:\Windows\System\pgvqriA.exe
  2⤵
  PID:9220
- C:\Windows\System\pwChILS.exe
  C:\Windows\System\pwChILS.exe
  2⤵
  PID:9284
- C:\Windows\System\WxTuQBs.exe
  C:\Windows\System\WxTuQBs.exe
  2⤵
  PID:9356
- C:\Windows\System\FVWOnZE.exe
  C:\Windows\System\FVWOnZE.exe
  2⤵
  PID:9420
- C:\Windows\System\TVVIkvW.exe
  C:\Windows\System\TVVIkvW.exe
  2⤵
  PID:8576
- C:\Windows\System\DrXyPNr.exe
  C:\Windows\System\DrXyPNr.exe
  2⤵
  PID:9468
- C:\Windows\System\uGOrpVh.exe
  C:\Windows\System\uGOrpVh.exe
  2⤵
  PID:9508
- C:\Windows\System\ZISxqOE.exe
  C:\Windows\System\ZISxqOE.exe
  2⤵
  PID:9268
- C:\Windows\System\qObOIJa.exe
  C:\Windows\System\qObOIJa.exe
  2⤵
  PID:9372
- C:\Windows\System\yiBaJjU.exe
  C:\Windows\System\yiBaJjU.exe
  2⤵
  PID:9440
- C:\Windows\System\IvIThVh.exe
  C:\Windows\System\IvIThVh.exe
  2⤵
  PID:9236
- C:\Windows\System\xDkBbXO.exe
  C:\Windows\System\xDkBbXO.exe
  2⤵
  PID:9340
- C:\Windows\System\nmDdknl.exe
  C:\Windows\System\nmDdknl.exe
  2⤵
  PID:9484
- C:\Windows\System\xttMnZb.exe
  C:\Windows\System\xttMnZb.exe
  2⤵
  PID:9528
- C:\Windows\System\saNaiUn.exe
  C:\Windows\System\saNaiUn.exe
  2⤵
  PID:9572
- C:\Windows\System\MSmtzwE.exe
  C:\Windows\System\MSmtzwE.exe
  2⤵
  PID:9584
- C:\Windows\System\TMQutze.exe
  C:\Windows\System\TMQutze.exe
  2⤵
  PID:9676
- C:\Windows\System\ItOvNqr.exe
  C:\Windows\System\ItOvNqr.exe
  2⤵
  PID:9716
- C:\Windows\System\UZQuhoN.exe
  C:\Windows\System\UZQuhoN.exe
  2⤵
  PID:9732
- C:\Windows\System\AjFIELb.exe
  C:\Windows\System\AjFIELb.exe
  2⤵
  PID:9752
- C:\Windows\System\jDvXxNs.exe
  C:\Windows\System\jDvXxNs.exe
  2⤵
  PID:9832
- C:\Windows\System\hgKdvTX.exe
  C:\Windows\System\hgKdvTX.exe
  2⤵
  PID:9928
- C:\Windows\System\SmoNvoy.exe
  C:\Windows\System\SmoNvoy.exe
  2⤵
  PID:9796
- C:\Windows\System\hhKhTxp.exe
  C:\Windows\System\hhKhTxp.exe
  2⤵
  PID:9992
- C:\Windows\System\TaMCLUC.exe
  C:\Windows\System\TaMCLUC.exe
  2⤵
  PID:9912
- C:\Windows\System\tntFrik.exe
  C:\Windows\System\tntFrik.exe
  2⤵
  PID:9976
- C:\Windows\System\cXzkpCk.exe
  C:\Windows\System\cXzkpCk.exe
  2⤵
  PID:9876
- C:\Windows\System\rEzVXnN.exe
  C:\Windows\System\rEzVXnN.exe
  2⤵
  PID:9848
- C:\Windows\System\zIepEZe.exe
  C:\Windows\System\zIepEZe.exe
  2⤵
  PID:10108
- C:\Windows\System\yciJDiK.exe
  C:\Windows\System\yciJDiK.exe
  2⤵
  PID:10140
- C:\Windows\System\ZLHsbVS.exe
  C:\Windows\System\ZLHsbVS.exe
  2⤵
  PID:10124
- C:\Windows\System\yXMuCYd.exe
  C:\Windows\System\yXMuCYd.exe
  2⤵
  PID:10060
- C:\Windows\System\XWeRgTL.exe
  C:\Windows\System\XWeRgTL.exe
  2⤵
  PID:10168
- C:\Windows\System\TWvdNrX.exe
  C:\Windows\System\TWvdNrX.exe
  2⤵
  PID:10220
- C:\Windows\System\ifvSurJ.exe
  C:\Windows\System\ifvSurJ.exe
  2⤵
  PID:10200
- C:\Windows\System\bnrcmzg.exe
  C:\Windows\System\bnrcmzg.exe
  2⤵
  PID:10204
- C:\Windows\System\Rvoclyp.exe
  C:\Windows\System\Rvoclyp.exe
  2⤵
  PID:8724
- C:\Windows\System\bZLGqME.exe
  C:\Windows\System\bZLGqME.exe
  2⤵
  PID:9264
- C:\Windows\System\ShnOJav.exe
  C:\Windows\System\ShnOJav.exe
  2⤵
  PID:9416
- C:\Windows\System\SyUGoKx.exe
  C:\Windows\System\SyUGoKx.exe
  2⤵
  PID:8780
- C:\Windows\System\wrfHldP.exe
  C:\Windows\System\wrfHldP.exe
  2⤵
  PID:8908
- C:\Windows\System\eBAPDlL.exe
  C:\Windows\System\eBAPDlL.exe
  2⤵
  PID:9304
- C:\Windows\System\sAdjEFR.exe
  C:\Windows\System\sAdjEFR.exe
  2⤵
  PID:9564
- C:\Windows\System\VTaVULw.exe
  C:\Windows\System\VTaVULw.exe
  2⤵
  PID:9648
- C:\Windows\System\Rwglzxt.exe
  C:\Windows\System\Rwglzxt.exe
  2⤵
  PID:9800
- C:\Windows\System\iChJcbf.exe
  C:\Windows\System\iChJcbf.exe
  2⤵
  PID:9704
- C:\Windows\System\gKjaCcF.exe
  C:\Windows\System\gKjaCcF.exe
  2⤵
  PID:9896
- C:\Windows\System\omSVutr.exe
  C:\Windows\System\omSVutr.exe
  2⤵
  PID:10012
- C:\Windows\System\RGACujq.exe
  C:\Windows\System\RGACujq.exe
  2⤵
  PID:9784
- C:\Windows\System\vjgeXRl.exe
  C:\Windows\System\vjgeXRl.exe
  2⤵
  PID:9844
- C:\Windows\System\ZyvvQfd.exe
  C:\Windows\System\ZyvvQfd.exe
  2⤵
  PID:10164
- C:\Windows\System\gvyZfSF.exe
  C:\Windows\System\gvyZfSF.exe
  2⤵
  PID:10172
- C:\Windows\System\VcgejLX.exe
  C:\Windows\System\VcgejLX.exe
  2⤵
  PID:8252
- C:\Windows\System\EiihaCT.exe
  C:\Windows\System\EiihaCT.exe
  2⤵
  PID:9780
- C:\Windows\System\QWpRSGq.exe
  C:\Windows\System\QWpRSGq.exe
  2⤵
  PID:10160
- C:\Windows\System\DnJlVVa.exe
  C:\Windows\System\DnJlVVa.exe
  2⤵
  PID:8320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BHfqDhI.exe

Filesize
6.0MB

MD5
2934ece622d9426e08799f3125ad2228

SHA1
792d6e1abcdbec4ee9ea87e0c4a69fa806a6eba1

SHA256
2b0daeffee9fb1ce5983fcd7386f11f061cf7c66c08266bbe28c9d07aebd1225

SHA512
dd2b2a2bfe4d672eacbae0881ce98e136e25da0bb45de0b8800e8b7c4f4ea19b3bab51d14fd48594e4960f0539a98ab5a2729eff1ed5587db0958aa17520ce3e

Download Submit
C:\Windows\system\CCvnkWD.exe

Filesize
6.0MB

MD5
b7e7eeed7a53d519666d853a6d5c5397

SHA1
7123fc7ff641e3810bf05dfd0a660012035dfc41

SHA256
a67e1ece9f5cf69c1fd8d395967576f208f5645a684557c5ee66a8b02fa276f3

SHA512
64ba8449a69d9a816120627641bbba7e6554a6e1011dc576edf3824b6bdaec9570518f1ae55b50900b689d034d6a00dae37246719865e2a091c4ae9b44521a40

Download Submit
C:\Windows\system\ESAmSSy.exe

Filesize
6.0MB

MD5
fbee3dcb5f73bfa068a8ce0c3fbeceec

SHA1
a165a9daac318de88d88d43bc5e30a7954198afc

SHA256
3c60117ea745c230e59c78996b48a30d072a3ee546dff918f14cbee5fb3219e0

SHA512
3d5802caef2fb8f2fe8e1a24758666b97c508b127862a0478f4088dc2ec1c66d877857ee6a5e42533a168697aacce90502ba4dc231a8c32beb90ce7759b84912

Download Submit
C:\Windows\system\FFgcBKa.exe

Filesize
6.0MB

MD5
2b9e7c355cb33c741abd0986baea2ea9

SHA1
b65bef680c93f16aa48927487df3d81f4e181e64

SHA256
731d5386bb16a07d8200c746fa9c2ae4ebb0ad3eb271ea29154b4f22c524395e

SHA512
bc8cafff18b4f7939443bd6411947c441cbf34f81b86cff3805c8396735cf7c3ddb0c5c56957980340667d6e56ef72137a4b68dba9c65eba4d98c57c44711c6f

Download Submit
C:\Windows\system\FdfhVJu.exe

Filesize
6.0MB

MD5
4ac63fe3c00b897045d631ac3203406d

SHA1
b61118eaca2f0641ff523ebce37cd269f16302a6

SHA256
e7e8d384df75d7550b4769c904a771120a0dd59528d341a0bd554afcb6fb73dc

SHA512
8a928a1c216a4f9aac814367bf4e52af796874c5f8af45af107bb46844f3567154930669b2359a02588d657638c0cb2cfce1a0788cd377bc9108e95c5f6e4bd2

Download Submit
C:\Windows\system\GMcsgHd.exe

Filesize
6.0MB

MD5
67a491e1252cdd02ac15f4a7eb3de527

SHA1
cfa6ad11dcaa3b4c0fd4468dc0c77506507017fd

SHA256
abc471690a4723b1bcb2dac161248476bdefe9b2a137561b63b67c3f3367895b

SHA512
12923b82e9d77d81d5bb64a9c2c0bc7aa48e49dc238a60bbe200e0835902a7b128efbd9e76a5ceffa294facbdbf13bc32fdc7eb2c461e94014c5d47a7cbfcce2

Download Submit
C:\Windows\system\IcnFYKp.exe

Filesize
6.0MB

MD5
5d77db9d85c26fe28d4ad370ce6bfc45

SHA1
96d447883895142ab784f4bd23e0b7f473ff608a

SHA256
6cadb65ed9c68a237dd79dff0dbd6660746ad9e8c85f8019289b36766979797d

SHA512
87d2b856864097073164f04f3d447c0afc5e1f9644ad9a230d13adc9c3d0bc03e4abda84acea40b3742a7676f052e62c59043a579ec75a6f7bb6a004e37bfc69

Download Submit
C:\Windows\system\IrcQJdl.exe

Filesize
6.0MB

MD5
69ca3d915500839fae9089fa07cf606b

SHA1
461e7b879298ff593aff4ea32a06ec42244739d0

SHA256
8415a6c87e06655028047fbdf014f5bb9c27ceab1feb46d8654e4e1d87220f09

SHA512
d7a7a0164630ed6b5bf7eb49aeedb6046269a24bd4fb3ba24b9ad34cc00325b2a3dfca73b4b16b8d8de9e58e1b6672528596fdd45f247cf965fc699ebecdc3f0

Download Submit
C:\Windows\system\VRaXYPy.exe

Filesize
6.0MB

MD5
29837bebbd71d6e00b7bf2ea062d09f4

SHA1
53eda871242f367c789ab98e0559ae6be7b32d9e

SHA256
374f7d71cd46fc40e0bba72eb51df214a30e1e5cdcfc25ed9aff0f8d42c88c17

SHA512
c7e060a053d66b97552122124f68f93d82a1c9fa556257fe97f2a650891f1420ceaa652d61cc93298d599d7a2d998421c99c1ed0a4dd044a64f554c4baa0cd9a

Download Submit
C:\Windows\system\VdJMvlt.exe

Filesize
6.0MB

MD5
fb6f5af086da675f58a6927436bcaa05

SHA1
8e387c084c6db5c72c6ba8c72ee48d2e23b286ff

SHA256
6d8603700f0b2d5cdd58b80410e8bfd9cb0c745e7591bc22a3fd184fdc523511

SHA512
6cf4e2af4a6933d93340fc41f938746b8dcfdcc28014e297368e11add3f2d29c4383f89831fa5041e7650d39d088df6a356cb95379cdd3312c6942cae60fcdf9

Download Submit
C:\Windows\system\WcKPTXF.exe

Filesize
6.0MB

MD5
09bf23e498197f30b143eac26e65c05c

SHA1
e5f28513cfbac41b18f98d28c53534d2b904b563

SHA256
569c96bcc277200a99a80b6efd6484d1416bb27e80de1fd2a963aff041715cc8

SHA512
9a18ceae19adc631cfaede460bce9dea5a346654c1ce2cb30a03a74e5c8190440ec51cfc2359c645c84a01fcd2d5052435d0ab3be086650a6eff4e031b017a6d

Download Submit
C:\Windows\system\YNOYalJ.exe

Filesize
6.0MB

MD5
d9e03eb1a839f954963e42ab03f869c9

SHA1
474a196eb21a8a84cd52651b9c36f29d31262d04

SHA256
6e2b0e2cc8ebf31eb9774a2ce84fcef559a01e7990377f0ba3d33c066cb305bd

SHA512
1fe6723d081cb8a80d1207b03a1461a50288a7de90835dde5547acf075d2d5ab55a2d05c806211879d52b45e6de5c94d65d0ca07ebe94a00ec364a0821c26450

Download Submit
C:\Windows\system\aruoWus.exe

Filesize
6.0MB

MD5
53f0236cacf8e8579509e74b4065784a

SHA1
26f1f32eee939008e8089c684a96929817416b2a

SHA256
88fba8fbe47ca3c6ec6f5c7dcb4152a26aa1a9a4a63a6e00e9aefb632b1f362e

SHA512
4c179876b6018f5209be8d976b2631c2edc44bc722f23dc3129e1c0b024123f8664022beff3add8e66f63f4faf677411575c8f7c09362b4ffc723a3df08ace57

Download Submit
C:\Windows\system\axVFtnT.exe

Filesize
6.0MB

MD5
08b9bce2647bcc5843566bfe6089257e

SHA1
fcdc889b10f99030a52984e22719759adf3564a2

SHA256
25573bae674d7d80cf7657bcc20c7f08d4ec16533bae94a55d9bd89cb1a39abf

SHA512
ad60e97a9050da23b2aeb448f9bac0f60dbffecae03a141c20014964396a883dfbce58370cca969e56b05b15f6677bad81fde7def1d7a289191d92a338f23390

Download Submit
C:\Windows\system\cgrwMTQ.exe

Filesize
6.0MB

MD5
481029984505f302c10a247486af91bb

SHA1
ffd24d3815e5aeb3691a6ea162bdeee0c3ed9338

SHA256
9355798da65f6051cffa9f4c5dd93565bf966e461470e248691ff27d7b8a3eec

SHA512
642dd7105dc90ae24bc712b530b2fe7cd51f956649e74a1d0adbfa4b30fa38dc55f06548978c414251eda05c98ade5fa7ea486d697b3c398e9632055f4b8af1d

Download Submit
C:\Windows\system\fwNNODG.exe

Filesize
6.0MB

MD5
d3af2c64aac8cc8187b68231e34a1661

SHA1
a5355c2ffa14c2c68d5e9481f7c4273ef16528c7

SHA256
0c39cf12a8cc2e1519cbb606b0275180d5b92d69e5a1b0790c7af47ae0db4dbd

SHA512
ca28d68fefc3d83eb960ca32db6823535b8241846dc4abb0add0dce0cfae957652d0e0c4e6241511aee69768221092bdb0e9322788d60e5ed1b53a21ab4079bd

Download Submit
C:\Windows\system\ggeMCiW.exe

Filesize
6.0MB

MD5
d9d8dda43843a665fcb00c487b12c778

SHA1
96b45ae40b5b49e72955206089a0ebeea2e30779

SHA256
de31f5ae1fd9e052721a7efb5e81fddc62b25e600db1058d02754cd541d4e0cb

SHA512
ff93c757a1f9516386a75d0aaa873235b86bd8dbabcc726e5cef40561d6580a6ada3f012f22bb1274a56e424ec74237ea9c6151d1b8426789898a97f640484a6

Download Submit
C:\Windows\system\hSBJhCF.exe

Filesize
6.0MB

MD5
c260fcb227510e43ad1b2608de87bd60

SHA1
03f708fa27f15195c3c97cb40b1cd3af07f4951c

SHA256
169fe4ece45deb5d106280a4e81264a07dfafdcce75ce0bceca89dbd7ec372d5

SHA512
c9ad2934bdcdd06a2d808845c2f088309d79434372a380b836f7c3ed5bd1c4cc6c5eb3897a908ccc085b4d6473476a0aa8e042af1b99506e649c7245d991f446

Download Submit
C:\Windows\system\ivstlOI.exe

Filesize
6.0MB

MD5
2007c1745ec5b45b9b8e36568cf5aaed

SHA1
1be5041632586314f01afdb305cb066b320cec6b

SHA256
33c8afc71d3cee6938e2bde6680a3889c45149f714b73ba51b74d2f88d758e3c

SHA512
56c92f67c34017a6ddf32ab503d4a58d27bdf24771016a0c99585ef5ddcc8d98e29f1f52fafa6b30727137e5b856bdfd5fc57b8e6691c44371c6d26d6f2df7f7

Download Submit
C:\Windows\system\nLEIQsj.exe

Filesize
6.0MB

MD5
c4628ee1e93356c011d28b88e3434241

SHA1
97c8a2ae88db2689dbc24611dc2bd7ce9a1837d8

SHA256
7d0ff9a05d65328515c3a6ca05ce56a057eb6f452e14c2b2bb3c1e5f7b8a0bae

SHA512
cfee4856906b517ca1b319397f93f9850d366cfe85947bd3c783ce76440ee5b1bc26c70d7b5deb4412111dd9e3bc49006a88a8f94ed6c8cc64c5458a4e9242b6

Download Submit
C:\Windows\system\tZKVvsK.exe

Filesize
6.0MB

MD5
20a03833f672d91f105052bd244a6eaf

SHA1
1ce7de3135f149c6be8ca3dec87bca7b8b2e8acc

SHA256
ed0f0b2b58c6abfd0da39dac37bf179e13ca7a99d6b0c5fc58111d1a12d8334a

SHA512
f2294dbbed10b18452cf0026b7df63d6bdff9a975b37db891b35a7acd19187bab91e99d70d432277e9c94d97c4dbc91bf9fef4eb2a6f347db6f1333a1e4ba319

Download Submit
C:\Windows\system\ttmRbLV.exe

Filesize
6.0MB

MD5
ca5d770c069fc4862a08a86511b51862

SHA1
9f4bbcafa0a4391a59c36e61597c842ad26178a6

SHA256
968d560c134133ffb73f03b81f06c62413e2b9dccf1b5c0e9e907d140507a23d

SHA512
cefcdbc99fa7b3038febbd009939ebd8d1f696ff5fc4339b6003fa87f421f624cfeb20ca909f7501a2a1d84a152a18b9d7a64c6ee42f7bd0fd09e7092636814c

Download Submit
C:\Windows\system\uUWItZq.exe

Filesize
6.0MB

MD5
caa531a8c01f2e3a5cd67d9289f37473

SHA1
281d1885abd02f752e35c34d7bdf35d133e68992

SHA256
e4fc6bb1de8bf9d54da6b213d28a4ab62b69933b86ef1794a4f54be7770bbd88

SHA512
6dadae1937c5af62da59d5ccdbc33bb611d34f81eb1051cd0039b7d84b6bd992b7911e6b1ecf7d84455b0c0a076213620c6747399c980f77cf227badffbda12e

Download Submit
C:\Windows\system\ujFkfjf.exe

Filesize
6.0MB

MD5
5d9a69a6b63e96943cca2bffc6f42340

SHA1
f4fdb8c4171f173ba3c4b0fde9fdd1ad010fe532

SHA256
36f680e86605db3433ed77520e62596dd72c063f98332df5b270383ac3d5f2b5

SHA512
85c8ce6293fe25ed1986054a9e867fbcc57405957829dcf49adf8d9a870ad3986bc82af873cfa9c97479d48f8ae54204536184cc7bf0e8c717a67b331ba48eee

Download Submit
C:\Windows\system\xiyCkVm.exe

Filesize
6.0MB

MD5
a3adf8836fad9638c2c4123996c085b6

SHA1
1344f770166a9b0cc67ebd148c5971913a93b32c

SHA256
be6ec5d8d2ccdc7c3c27d2cfafdc2a30439b778294d72d04311d7766cc3377e4

SHA512
202ebc9266f3e445315516510040c3a4c9fe64cd73e4341c4ad7563206355227ce9286a3e14b313ac36a488768be10beb4a1f2f9d3513c5d61b5016b0173ccf7

Download Submit
C:\Windows\system\yPsuPVZ.exe

Filesize
6.0MB

MD5
f2535213ebfc07e0b1a81952aa6309df

SHA1
8b1308afc2582bed3ab848f58a1e37a0d6af6408

SHA256
de105b04527ae3f3f773548653a258a8bda8e30f9c9d7a5b9b594495eb4a16bd

SHA512
a640b61f4582b1b259acbd80bc86da1312718c6e83cd91e470f0dac702631db7381a039b80a07bc8eddb5c3f8c3b20026cf259774d5b6255b2d96c5b822e7fd0

Download Submit
C:\Windows\system\zgaxCwC.exe

Filesize
6.0MB

MD5
740c46010fadbd082c12a7441e629816

SHA1
085bd62222e582ab0626f7402f7ea366a3406d50

SHA256
40a90505ec85bb01af0e9e72b35ccaff5afdb9dc404b3e8e876625a76f35b0b6

SHA512
087dfcd72bab279e6b3ce8425104ec5e4ef7d47b36b0ba377c3de46c7151af4192bb4d02a2ae5e11b083800384acdb50252eeb6644e94c517953dc210cd98c14

Download Submit
\Windows\system\BEqmrPf.exe

Filesize
6.0MB

MD5
e99c879759b9f7d80a41d23144775510

SHA1
22f4c25f0ac41fa805c4c96af91c8c460d6bdd47

SHA256
e4e12d2d75f6ea87e31502c6d3d1bee1f67c4ed94e1058690162641bdb719a8e

SHA512
454eea19d2c8c8ff42f969e14fbe8001b036a28f149285de192fdcfeacc54afc44950d82869076e492d5d516a97033d7985dca928e65f36e1237f71279143712

Download Submit
\Windows\system\BRXWbQE.exe

Filesize
6.0MB

MD5
455ec44b03fe915e83ea59a5b64bbeb2

SHA1
6480dc332b7e42650bf0f3dc61069ed1c9704742

SHA256
d96da22a9ca759708103ccfdfd81575e08818a81bb5e35d8d2904581a4d6c0cf

SHA512
8466aa6e0236688dff696230d2536e3e7c9937e0d71dadfc51dd6946adbf83afa2af5b7e219282a574b7cf1eb8adbe6215d13819e5278a4e39c89d95309b475a

Download Submit
\Windows\system\LihDPID.exe

Filesize
6.0MB

MD5
b9dc7a1e617b24bcfcbdf237f27bd00b

SHA1
0dcb08f69edfb323116291bb4b56d27b67854a7c

SHA256
3fd074cc9148a1264e7eec239cf4ae62aa526ad9fa1ec521216b981a1e577b3b

SHA512
612a3c0995168cc5b9128c0c8fe9d70325746ecbb6b64887e7a6b4a0b8ec4ec3760257737d591e3d29ae5ee11876cbef92d7845609b82ec68d15877bdd54ceec

Download Submit
\Windows\system\OyAdeAQ.exe

Filesize
6.0MB

MD5
b83e6c029e5c20cff65bb4667880bf61

SHA1
3cf4c5a42f779b1d95400c21ab004d5aa8bcf6d7

SHA256
fd257f4c294ac9a811c42f751d4c36695cc95a9b1f8b0faf4613afa03996dd7e

SHA512
bd2d803015cb5c0657c0927f2f406d50a8367bde156c192ee6d90e72815e1b588295b3b6d53af33f0fb8e3e52c08dbdb6becd287c485d94866f121648598bbb3

Download Submit
\Windows\system\iLJyeBu.exe

Filesize
6.0MB

MD5
6099a64e24716113c91c3f1e38395703

SHA1
6667724e657a94186d8ad4a4ddb62ab462f21f72

SHA256
c750379a3b4cf411fc566dc7176a51395c62a7afd317917816e7411b2702cb7f

SHA512
d9fb2be12bc8992fef1a667d3300b4b95f55ae6175da3e7ce6c3214745a9917092e933c870740e36efaa0050e87a7ea54e011fb8670b5e460d40b33880d2b954

Download Submit
memory/872-3977-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/872-2302-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1728-2001-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2368-2419-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2368-2458-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-3320-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-3439-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-3321-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-0-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-3456-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2368-3501-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-2308-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-2008-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-3526-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2368-2124-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2368-3598-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2500-2385-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2500-3978-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-2117-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-3979-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2418-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2572-3976-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/3068-2007-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/3068-3975-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download